AHA: ONC interoperability standards advisory requires more specific information

The American Hospital Association is emphasizing the Office of the National Coordinator for Health IT to give more particular data on the features and metrics it has utilized to assess the readiness of standards and implementation specifications in its draft 2017 Interoperability Standards Advisory. ONC interoperability standards advisory requires more specific details.

In accordance to ONC, the advisory is meant to serve as a “coordinated catalog of standards and implementation specifications” to be utilized by industry as a single, public list to meet interoperability requirements focused explicitly on clinical health information technology. Although, AHA would like to see higher detail in how ONC distinguishes mature from emerging standards.

“The consistent utilization of mature standards is necessary to solving the interoperability issues facing our nation,” wrote Ashley Thompson, AHA’s senior vice president for public policy analysis and development, to National Coordinator for Health IT Vindell Washington, MD.

In specific, AHA needs to see ONC prioritize outreach to organizations conducting maturity assessments so that upcoming versions of the ONC Interoperability Standards Advisory (ISA) can involve this reference. The association also suggests that the agency utilize the ISA to make publicly present the feedback it get on the adoption experience of standards and implementation specifications.

Moreover, AHA recommends that the 2017 ONC Interoperability Standards Advisory also involve data on actual standards use in the real world, and not merely adoption.

As an outcome, AHA asserts that the draft 2017 ISA must assess the victorious use of the included standards, not merely adoption, in case to rightly evaluate the capability of a standard to support interoperability.

Additionally, AHA suggests that ONC support the work of private-sector steps that are educating stakeholders about the availability and readiness of the proposed standards, particularly as they pertain to interoperability.

“The majority of the standards involved in the Draft 2017 ISA don’t show whether a test tool is present to determine conformance to the standard or the implementation specification,” claims the letter. “Positive outcomes from conformance testing will add confidence that a standard is all prepared to support the interoperability requirements of providers.”

An ONC spokesman stated that the agency doesn’t respond to written comments, like those from AHA, however it does review them and they will assist to inform the final advisory.

 

Ransomware and malware: The top cyber criminals exploits

When it comes to the cybersecurity, healthcare agencies are most concerned over the social engineering, information theft and internal threats. And they perceive ransomware and malware as the top ways that cyber criminals are exploiting their weaknesses. Ransomware and malware are believed to be the top cyber criminals exploits.

Those are among the findings of a new survey of almost 200 members of the Association for Executives in Healthcare Information Security (AEHIS) and College of Healthcare Information Management Executives (CHIME).

The top-ranked potential security susceptibilities in the survey that worry AEHIS and CHIME members are data exposure, security misconfiguration and worst authentication/session management. Although, they showed that the most usual security risks to their agencies are social engineering, insider threats and the IoT (internet of things). Ransomware and malware are believed to be the top cyber criminals exploits.

Asked how their agencies would perform if systems or information were compromised by a targeted attack compared with a year ago, survey respondents claimed that they are now better ready for a security tragedy by having systems in place. Furthermore, they assert that their capabilities for discovering a security tragedy and recovering from it are presently better in contrast with a year ago.

Avi Rubin, director of the Health and Medical Security Lab at Johns Hopkins University, claims that there were no surprises in the outcomes of the survey and that they were exactly what he would have hoped.

CHIME Vice President for Federal Affairs Mari Savickis presented the findings of the survey this week to the Department of Health and Human Services’ Cybersecurity Task Force, mandated by Congress to establish suggestions to counter the healthcare industry’s growing cyber threats putting patient data at risk.

While healthcare agencies stated that they require greater assistance from federal agencies to make better information sharing and threat assessments, almost 65% of survey respondents showed that they were somewhat confident or not confident at all that federal legislators understand the significance of cybersecurity enough to support primary information security initiatives.

Nevertheless, they need lawmakers to adopt incentives that will motivate greater information sharing, involving shielding agencies that voluntarily work to make better security across the delivery system from government audits and reduce the top cyber criminals exploits i.e. Ransomware and Malware.

CDC track pregnant ladies by Registries infected with Zika virus

The Centers for Disease Control and Prevention (CDC) is working hard with local, state and territorial public health departments on surveillance of pregnant ladies that have laboratory proof of potential Zika virus infection. The CDC has established the U.S. Zika Pregnancy Registry and the Zika Active Pregnancy Surveillance System in Puerto Rico to give detailed monitoring of pregnant ladies and infant outcomes. These registries will help CDC track pregnant ladies infected with Zika virus.

The registries are assisting the CDC track pregnant ladies infected with Zika Virus and to better understand the range of adverse results that appear in infants and when in pregnancy those dangers are highest for microcephaly and other extreme birth defects caused by the Zika virus.

In accordance to Margaret Honein, chief of the CDC’s Birth Defects Branch and co-lead of its Pregnancy and Birth Defects Task Force, the information collected through the registries will be utilized to update suggestions for clinical care, plan for services and support for pregnant ladies and families infected by Zika, as well as make better prevention of infection during the time of pregnancy.

Honein, an epidemiologist, notices that the Zika virus can be passed from a pregnant lady to her fetus, which can cause destructive birth defects.

As of the day October 13, Honein claims that there are 899 pregnant ladies with laboratory proof of possible Zika virus infection in the USA and District of Columbia, and 1,927 in the U.S. territories. In the U.S. and D.C., 23 live-born infants with birth defects and 5 pregnancy losses with birth defects have been reported—the figures are based on data provided to the pregnancy surveillance systems.

“How this is handled at the state and regional level varies a lot from jurisdiction to jurisdiction, but electronic health records EHRs) are being used at many sites,” in accordance to Honein.

When it comes to detecting pregnant ladies infected by Zika, the CDC in the months of August and September made awards to state, regional and territorial health departments for what Honein calls “rapid birth defects surveillance” as well as to “work on the pregnancy registries.”

Previously this month, Congress assigned $1.1 billion in supplemental funding to battle against Zika. Of that, $394 million will go to the CDC.

Zika is significantly spread by the bite of an infected Aedes species mosquito. Although, the Zika virus also can be transmitted through sex.

“It is significant to follow CDC instruction and screen all pregnant ladies for possible Zika virus exposure,” Honein summarizes. “At every prenatal visit, healthcare providers should be inquiring pregnant ladies about travel to places with active Zika virus infection or any sexual partners who might have travelled to a region with active Zika virus transmission—and then for those who’ve exposure, testing.” So, these registries will help CDC track pregnant ladies infected with Zika virus.

 

Laboratory In Multi Channel Smartphone Tracks Known Cancer Biomarker

The Washington State University’s researchers have recently established a multi channel smartphone spectrometer that tracks a known cancer biomarker, offering a laboratory-grade authenticity in the palm of the clinicians’ hands.

Portable diagnoses in the office physician, ambulance and rural places are potential uses for the mobile device, which gives the similar quality results as much more costly bio-detection technologies utilized in laboratories, but at a fraction of the price—$150 for the smartphone-based optical sensor.

“In contrast to the standard laboratory tools and instruments, the outcomes sufficiently indicated that this multi channel smartphone spectrometer can acquire the comparative analysis detection limits, precision and sensitivity,” conclude researchers in the journal Biosensors and Bioelectronics. “We envision that this multi channel smartphone optical biosensor will be helpful in high-throughput point-of-care diagnostics with its minimizing size, light weight, low-price and information transmission function.”

While other smartphone-based spectrometers can just measure a single sample at one time, the multi-channel spectrometer established with partial funding from the National Science Foundation can measure as many as 8 different samples at once utilizing a common test known as ELISA—or colorimetric test enzyme-linked immune sorbent assay—and the smartphone’s camera sensor that recognizes antibodies and color change as cancer/disease markers.

 “The spectrometer would be particularly helpful in clinics and hospitals that have a major number of samples without on-site labs, or for doctors who practice in foreign countries or in remote places,” claims Lei Li, assistant professor in WSU’s School of Mechanical and Materials Engineering. “They cannot carry the entire lab with them. They require portable and effective device.”

Despite the fact that researchers just tested the multi channel smartphone spectrometer with standard lab-controlled samples, they assert that their instrument has been up to 99% correct and are looking to determine it in real-world settings.

 

HITRUST and EHNAC ease the security certification procedures

For numerous years, the Electronic Healthcare Network Accreditation Commission (EHNAC) has accredited vendors, contributors and other stakeholders for meeting a series of best business practices, which involves privacy and security practices. Recently, HITRUST has started certifying industry stakeholders that meet a detailed set of best practices for the security and availability of healthcare information. But several stakeholders get certified under both programs and have been inquiring EHNAC and HITRUST to streamline the privacy and security certification procedures to neglect redundant assessments, extra complexities and added cost.

Now, that will happen as EHNAC will end up its privacy and security processes and will accept or adopt the HITRUST security certification procedures. The agencies mapped criteria between the 2 programs and found important overlap, claims Lee Barrett, executive director of EHNAC.

For example, if a stakeholder goes through both accreditations, it will begin with the HITRUST Common Security Framework certification, called as CSF, and would not have to do the privacy-security components of EHNAC, which would port over the HITRUST certification when the stakeholder goes through EHNAC accreditation. CSF will be the key standard for privacy and security controls, for both programs.

That means that CSF will be incorporated into entire eighteen EHNAC’s accreditation programs, according to Barrett. Moreover, EHNAC will be an assessor for HITRUST and use the CSF for its privacy and security components as security certification procedures.

In all other ways, both agencies will continue with their proprietary accreditation programs.

“This eliminates the concentric circles,” states Daniel Nutkis, CEO at HITRUST. “Agencies felt they were wasting out precious time and resources—the responsibility was on us to streamline the procedure.”

 

OSUWMC receives AHIMA Grace Award for commendable efforts

OSUWMC receives AHIMA Grace Award honoring its leadership in the sector of health information management.

At the institute of Ohio State University Wexner Medical Center (OSUWMC), compiling data into its electronic health record (EHR) is more than an exercise in documentation—it is the beginning of a procedure that has clinical relevance. In recognition of its attempts, the OSUWMC receives AHIMA Grace Award honoring its leadership in the sector of health information management.

“We actually see the utilization of the EHR as an extension of clinical practice,” claims Andrew Thomas, MD, chief medical officer of Ohio State Health System and senior associate vice president of Ohio State Health Sciences. “The EHR is a core part not just of documenting what we do but also driving decision support.”

The multidisciplinary academic medical center was presented with the award at previous week’s AHIMA yearly convention in the area of Baltimore. AHIMA’s Grace Award recognizes healthcare agencies that indicate outstanding and creative approaches to using health information management (HIM) as a path to deliver high-quality care to sufferers. That’s why. OSUWMC receives AHIMA Grace Award honoring its leadership in the sector of health information management.

“The agency’s HIM staff of the agency helped with these efforts by assisting to define information sources, and making certain identified predictors were tracked and captured in the record, and documented conditions were coded precisely,” claims the association. “By acting as the ‘interpreter’ between data analysts and clinicians, and liaisons to the leadership decision-making procedure, the OSUWMC HIM professionals finally enhanced patient care.”

In addition to AHIMA’s Grace Award, Thomas points that the medical center is also a 2-time winner of the HIMSS Davies Award.

Thomas further adds that its electronic health record system has encouraged OSUWMC to expand from information collection to analysis in case to give more effective, efficient evidence-based patient care in a timely manner by leveraging predictive modeling involving the Modified Early Warning System—a tool utilized by nurses to assist monitor sufferers and improve how rapidly a sufferer experiencing a sudden decline gets clinical care.

 

CMS selects security vendor to secure information systems

• The Centers for Medicare and Medicaid Services (CMS) will utilize software from Okta to more protectively secure information systems. The product, known as Okta Identity Cloud, reinforces and supports identity management and authorization of users of email, Salesforce, social networks, ADP and other approved applications to secure information systems. The software will integrate and interact with CMS’s current off-the-shelf commercial software for the purpose of identity and access control, enabling consumers to have one password that manages entire applications they work with to secure information systems.

• Midland Health in the region of Midland, Texas, has selected the trifecta suite of clinical, financial and population health management software from Cerner to integrate and support care across the continuum of care, make a single patient record and support patient engagement through a portal. The delivery system is anchored by the 474-bed Midland Memorial Hospital.

• 2-hospital Olathe Health System, serving 4 counties in the region of Miami, also has turned to Cerner, purchasing the Millennium Revenue Cycle software and integrating it with the vendor’s existing enterprise EHR. Oncology software of Cerner also is going in to handle complicated medication orders, and the health system further will execute RxStation, which is an automated medication dispensing tool.

• Baylor Scott & White Health in the region of Texas is live on the dbMotion interoperability software of Allscripts. The product is made to support the exchange of EHR formation across disparate EHR systems. More than 3,800 physicians serve 2.7 million sufferers in the delivery system.

• 3-hospital Inspira Health Network serving the region of southern New Jersey has initiated a store-and-forward telemedicine program utilizing technology from Zipnosis. The service, utilizing Inspira clinicians, enables consultations through smartphones, tablets or computers and treats more than a dozen usual and normal medical conditions. Customers complete a questionnaire and an Inspira physician reviews the data and gives a diagnosis and treatment plan.

 

Athenahealth modifies genomics decision support for physicians

Ambulatory software vendor Athenahealth now is providing physicians the capability to have genomics decision support at their fingertips when working in the EHRs (electronic health records system).

Athenahealth has integrated decision support software from ActX into the electronic health record workflow to instruct physicians on suitable therapies that will mesh with sufferers’ genetic makeup, making better the odds that medications and other therapies will work, and side effects can be ignored.

“We’re stepping into a new era in precision medicine, permitting doctors to tailor therapy based on molecular data, in this case, genomics,” claims Andrew Ury, founder and CEO at ActX.

For example, each prescription is monitored and checked for efficacy to assess if it’ll work with a patient’s genomics, or if a side effect could establish, or if the dosing is correct, he adds. If a problem arises, the EHR will warn the physician.

Genomics decision support software in electronic health records also can alert physicians to the potential of a risk of hereditary cancer or heart disease, which would warrant regular monitoring. 3% of patients have a high risk of hereditary cancer, Ury claims.

With the genomics decision support, athenahealth also can build genomic profiles of sufferers covering medications, dangers, current health status and the threat of passing on critical diseases to children, like cystic fibrosis, even if parents do not have the ailment but carry a variant gene, he further adds.

The integrated decision support is live and available to athenahealth’s 75,000 contributors, as well as future clients. Physicians and other providers can go to the app store on the athenahealth site, choose ActX, view a video of the app and get more data before deciding to purchase it, says Lindsey Kempton, manager of athenahealth’s More Disruption Please innovation accelerator program.

To get the genomics decision support embedded in an electronic health record, a practice registers on the website of athenahealth and the vendors will activate the service.

Sufferers generally pay for genetic testing, getting a test kit sent to their home, submitting a saliva sample and sending it to ActX. Physicians are cautioned only if serious or actual threats are discovered. The price for patients is $395.

 

HIPAA imposes fine on unprotected files for St. Joseph Health

St. Joseph Health, a 14-hospital delivery system serving parts of Texas, California and New Mexico, is the greatest agency to agree to execute a corrective action plan with the HHS Office for Civil Rights following a violation or beach of protected health information. That’s why HIPAA imposes fine on unsecured files for St. Joseph Health.

Along with the corrective actions, St. Joseph Health will pay a settlement fine of $2,140,500. The agency reported a breach in the year of February 2012 after files created for its EHR meaningful use program were approachable on the Internet for about half of that month. For this purpose, HIPAA imposes fine on unsecured files for St. Joseph Health.

“The server SJH bought to store the files involved a file sharing application whose default settings permitted anyone with an Internet connection to access them,” in accordance to an OCR statement. “Upon execution of this server and the file sharing application, SJH didn’t analyze or modify it. As an outcome, the public had unrestricted approach to PDF files containing the electronic protected health information of 31,800 people, involving sufferer names, health statuses, diagnoses and demographic data.”

 “Entities must not just perform a comprehensive risk analysis, but also must determine and deal potential security risks when implementing enterprise changes affecting ePHI,” OCR Director Jocelyn Samuels claimed in a statement. That’s why HIPAA imposes fine on unsecured files for St. Joseph Health.

The agency appreciated the settlement and released the following statement:

“St. Joseph Health is glad that we could come to a settlement on this problem and we thoroughly regret any undue concern to our sufferers. The facts to remember about this case are that information didn’t include Social Security (numbers), addresses or financial information. Furthermore, there is no indication that the data was utilized by unauthorized persons. Since the situation was discovered, we have contributed in a number of initiatives to make sure the continued security of sufferer data, involving $17 million in enhanced data security infrastructure. These steps and more are intended to provide for the safety and security of our sufferers’ information.”

The resolution agreement and corrective action plan are available here.

 

EHR systems crucial to Track Zika virus in USA

As the Zika virus outbreak continues to prevail in the continental USA and territories, electronic health records (EHRs) are going to be important to track zika virus within patient populations, in accordance to Laurie Garrett, senior fellow for global health at the Council on Foreign Relations.

“One of the major issues we’ve with Zika is that we do not have great diagnostics, and so we have to be capable to scour for aigns,” Garrett told an audience during Monday’s general session at the AHIMA conference in Baltimore. “We require certain kind of record keeping that keeps track of mobile populations that shift around from place to place.”

That is where EHRs come into play by assisting public health officials and providers recognize sufferers who might be at threat of infection, stated Garrett.

 “We’re already collaborating with our co-workers in CDC, just like we did with the virus of Ebola,” Andrew Gettinger, MD, ONC’s chief medical information officer and executive director of the Office of Clinical Quality and Safety, informed AHIMA conference attendees.

In accordance to Gettinger, the collaboration between ONC and CDC is very powerful, with the health information technology agency actively motivating CDC’s Emergency Operations Center, which is monitoring and coordinating to track Zika virus and its response.

Nevertheless, Garrett added that most individuals with the disease are asymptomatic, and even those with signs probably would not normally go to the doctor and get diagnosed because the signs can be mistaken for the flu. At the similar time, accumulating and sharing travel data in EHRs is crucial for diagnosing and tracking Zika cases.

“We desperately require being capable to track Zika virus and its outcomes of all these infections, and keep in mind we have had thousands of people exposed to Zika living in the United States of America,” she stated, noting that most of these individuals have acquired the virus during international travel. “We require tracking these people and knowing what happens to them.”

Although, Zika is spreading most rapidly in the USA. Territories where 25,955 cases have been reported. Puerto Rico in specific has been ravaged by the virus. In accordance to the CDC, if present trends continue, at least 1 in four people—involving females who become pregnant—might become infected.

Garrett asserts that with Zika in the mosquito populations and spread to more than sixty countries “we’re confronting a long-term challenge.”

Health IT grows in significance under final MACRA rule

The final MACRA rule declared on the day of Friday by the Department of Health and Human Services involves a latest Quality Payment Program tying physician payments to quality of care, which will need providers to depend heavily on healthcare IT, in accordance to CMS Acting Administrator Andy Slavitt.

Under the final MACRA rule, Slavitt asserts that the vendor community has a “key” and unprecedented opportunity to assist clinicians to make better the flow of electronic health information and increase the quality of patient care.

Slavitt claimed that several of the provisions in MACRA straightly relate to the use of certified health IT like EHRs, involving the Advancing Care Information performance category under the Quality Payment Program.

Particularly, the document mentions that the Quality Payment Program’s “paths for clinicians and groups—the Merit-based Incentive Payment System (MIPS) and the Advanced Alternate Payment Models (Advanced APMs)—require utilization of certified EHR technology to exchange data across providers and with sufferers to support improved care delivery, involving patient engagement and care coordination.”

Slavitt stated that the objectives in the Advancing Care Information performance category of MIPS assert measures that support clinical effectiveness, data security and patient safety, patient engagement, as well as health information exchange. Although, he pointed out that the final MACRA rule doesn’t need reporting on the clinical decision support and computerized physician order entry measures, while decreasing the number of measures clinicians must report to 5 measures that are contended on interoperability—down from eighteen measures in Stage 3 Meaningful Use and from eleven measures in the originally proposed rule for the Quality Payment Program.

In accordance to Slavitt, the concentration is on rewarding high-value, patient-centered care, which will be depicted in $1 billion in payments to providers in the year of 2017 for better quality healthcare. Although, at the similar time, he lamented the logic that technology doesn’t still support physicians in the way that they require.

“For physicians to be victorious in value-based care, it needs latest technology that is convenient to use, easier and more connected, less burdensome and intrusive, that supports the complication of medicine but also simplifies by delivering exactly what sufferers and doctors require when they need it—and no more,” Slavitt stated.

“Instead of prescribing innovation,” he added that vendors should be “targeting to open up the playing field to make solutions that help in value-based care easier.” Interoperability is crucial, summarized Slavitt, who asserted that industry must “launch the ecosystem so that physicians can choose applications that work seamlessly with electronic health records to deal their requirements.”

For its part, ONC’s 2015 Edition Health IT Certification Criteria issued last year will give the HIT foundation for the new Quality Payment Program, involving interoperability-focused standards for certified EHR systems. As part of the 2015 Edition, vendors will be needed to publish application programming interfaces (API) to make it more convenient for software programs like mobile apps to access data from other programs.

The fact sheet of ONC on the new Quality Payment Program and the role of health information technology can be found here.

 

Health policy professional to study electronic sharing of health info in primary care settings

The Agency for Healthcare Research and Quality has granted an honor to a health and policy management professional at the Richard M. Fairbanks School of Public Health at the institute of Indiana University-Purdue University Indianapolis to study for the 1^st time the use and effectiveness of alternative techniques of electronically sharing data in primary care settings.

The United States of America has contributed billions on interoperable health information technologies, but there is very minor proof of health information exchange's impacts on utilization and on how it is utilized in primary care settings and practice, stated Joshua Vest, an associate professor in the institute of Fairbanks School of Public Health.

In accordance to Vest, providers have approach to 2 different health information exchange approaches to meet their information requirements.

One approach is referred to as "pull," which permits providers to query communitywide, longitudinal patient records. A 2^nd approach is "push," where key data, like test results, is automatically delivered to contributors.

There is a deficiency of evidence of the effectiveness of either the "push" or "pull" approach, Vest claimed. "Moreover, which approach to sharing data best fits into primary care settings is unknown," he claimed.

One aim of the research is to determine whether primary care providers utilize "push" and "pull" as complementary or alternative approaches to health information exchange, Vest stated. The research will leverage a novel data set of individual provider and staff behavior detected within an electronic health record system, merged with detailed measures of "push" and "pull" health information exchange usage.

"This information furnish a complete, detailed temporal sequence of providers' behavior, disclosing how each approach to health information exchange is utilized during a patient visit," Vest stated.

The research will also quantify the impact of "push" and "pull" health information exchange on possibly avoidable health care utilization, he stated.

 

New guidance releases HIPAA obligations for cloud computing

The Department of Health and Human Services has released new guidance on complying with HIPAA privacy, security and breach notification principles when utilizing cloud computing technology. New guidance releases HIPAA obligations for cloud computing.

The new guidance releases HIPAA obligations will offer insights for contributors, business associates and cloud computing vendors. Few of the guidance is basic and famous to several HIPAA-covered entities. The first query, for example, considers if a HIPAA-covered agency/entity or business associate might utilize a cloud service to store or process electronic protected health information (ePHI). The answer is yes, provided the vendor steps into a business associate agreement that explains how HIPAA agreement will be maintained.

But overall, the new guidance releases HIPAA obligations will assist providers to develop a better concept of the present and ongoing security status of cloud vendors and other business associates (BAs).

“While encryption secures ePHI by importantly decreasing the threat of data being viewed by unauthorized individuals, such protections alone can’t correctly safeguard the confidentiality, integrity and presence of ePHI as needed by the Security Rule. Encryption doesn’t maintain the integrity and availability of ePHI, like ensuring that the information remains present to authorized persons even during emergency or disaster cases. Further, encryption doesn’t deal other safeguards that are also significant to maintaining confidentiality, like administrative safeguards to observe risks to the ePHI or physical safeguards for systems and servers that might house the PHI.”

The new guidance releases HIPAA obligations also reaffirms that HIPAA-covered entities (providers or business associates) can’t use a cloud service provider without first having implemented a business associate agreement (BAA), and notes a resolution compliance and corrective action plan that was enforced on a covered entity that stored ePHI of more than 3,000 individuals on a cloud server without a BAA.

“Moreover, a cloud service provider (CSP) that meets the definition of a business associate—that is a CSP that establishes, receives, maintains or transmits PHI on behalf of a covered entity or another business associate—must comply with entire applicable provisions of the HIPAA Rules, regardless of either it has executed a BAA with the entity by utilizing its services.”

Under HIPAA, cloud service providers, as well as other business associates, must report security tragedies including ePHI of a HIPAA covered entity or business associate, the HHS guidance notes. “A security tragedy means the attempted or victorious unauthorized access, use, disclosure, modification or destruction of data or interruption with system operations in an information system. Thus, a business associate CSP must execute policies and processes to deal and document security tragedies, and must report security tragedies to its covered entity or business associate customer.”

Also under HIPAA, contributors can use mobile devices to access ePHI from a cloud platform as long as suitable safeguards and BAAs are in place. Guidance on securing ePHI on mobile devices is available here.

In general, HIPAA doesn’t need cloud service providers and other business associates to maintain ePHI past the time it was utilized to serve a covered entity or business associate. Although, BAs must return or ruin all PHI at termination of the BAA. There is extra guidance for situations where return or destruction might not be feasible if other laws need the BA to retain the information.

Other parts of the guidance, available here, cover storage of ePHI outside the United States of America, auditing of cloud service providers and other business associates, and maintaining merely data that has been de-identified.

 

DoD changes schedule again for initial EHR rollout

The Defense Department has again changed its schedule for deploying a commercial-off-the-shelf initial EHR rollout from Cerner, following technical problems recognized during the time of testing.

Called Military Health System (MHS) GENESIS, the initial deployment of DoD’s latest EHR system was slated for the month of December. But, previous month, the Pentagon declared that the rollout would be delayed until the month of February to provide DoD and prime contractor Leidos extra time to resolve technical problems, involving finalizing system interfaces between Cerner’s software and legacy military health networks.

Nevertheless, DoD officials claimed on the day of Tuesday that the initial EHR rollout plan has again been modified.

In accordance to Stacy Cummings, program executive officer for Defense Healthcare Management Systems, the program schedule has been changed so that the initial EHR rollout deployment of MHS GENESIS will take place in the month of February only at Fairchild Air Force Base, near Spokane, Wash.

Although, Cummings was quick to add that deployment at the remaining inpatient services in the Pacific Northwest will start as early as the month of June and incorporate few capabilities—like blood transfusion management and voice recognition software—that were initially planned for release later in the deployment schedule. At the similar time, she asserted that the changed schedule won’t impact the previously declared full deployment target date of the 2022 year.

A 2016 audit of MHS GENESIS by DoD’s Office of the Inspector General discovered “dangers and potential delays engaged in developing and testing the interfaces required to interact with legacy systems, making sure the system is secure against the terrible cyber attacks, and making definite that the fielded system works rightly and that users are properly trained.”

Dealing these potential threats, Cummings appreciated that “we did set for ourselves a very aggressive schedule that involved important concurrency” but argued that “the time we invest in the program now will assist us to ensure success in the future and give the best possible user experience to our beneficiaries and healthcare contributors from day one—and, we won’t field a product that does not meet that standard.”

Previous year, DoD granted a $4.3 billion contract award to a Leidos-Cerner team to modernize its electronic health record system, replacing legacy military health systems and promoting higher efficiencies by leveraging the Cerner Millennium solution. Finally, the aim of MHS GENESIS is to support the presence of EHRs for more than 9.4 million DoD beneficiaries.

 

Siemens steps into key population health with IBM

Siemens Healthineers is entering into the key population health with IBM. Siemens Healthineers is entering the population health management market through a partnership with IBM.

The move comes over 2 years after Cerner gained the hospital information systems business line of Siemens Healthcare, while leaving medical imaging and diagnostic laboratories as Siemens’ primary business in the United States of America, with the name replaced and changed to Siemens Healthineers. Siemens Healthineers is stepping into the population health with IBM.

Now, IBM’s Watson Care Manager population health management suite of software and services will be sold by Siemens, as well as providing consulting services.

“We’re at an unprecedented time period in healthcare,” Deborah DiSan zo, general manager for IBM Watson Health, claims. “Mature and developing markets are immensely concentrated on how sufferer results are optimized, quality is standardized among individuals and across populations, and costs are decreased. Siemens and IBM are perfect partners to work at the forefront of this evolution and evaluate personalized healthcare in the United States of America and internationally.”

Watson Care Manager is a population health management system which is utilizing Apple apps to enable clients to gather and share information with clinicians to support patient engagement. Leveraging IBM’s acquisitions of care management vendor Phytel and population health analytics vendor Explorys, Watson Care Manager in the year of 2015 held data on ninety million lives.

Utilizing Apple HealthKit, information and data can be shifted from a device to a cloud application. Using Apple ResearchKit, contributors can better manage the signing up of sufferers for clinical trials. In total, Care Manager supports development of personalized patient engagement programs to make better the individual results, the companies claim.

Executives from both IBM and Siemens are also planning to co-develop latest population health management tools.

 

Reviewing Meaningful Use to Accelerate Success?

A research team recommends policymakers for reviewing meaningful use or transition from Stage 1 Meaningful Use to Stage 2 that facilitate a successful transition to MIPS.

To make sure the consistent clinical quality when transitioning from Stage 2 Meaningful Use to Advancing Care Information under MIPS, policymakers should consider reviewing meaningful use and the initial transition from Stage 1 to Stage 2 Meaningful use.

In a latest study published in the Journal of the American Medical Informatics Association, researchers did merely that — assessing and reviewing the consistency of clinical quality as healthcare agencies progressed through the first 2 phases of meaningful use.

The research team evaluated a longitudinal research at hospitals affiliated with Brigham and Women’s Hospital between the month of September and November 2012 and October and December 2014. These were the timeframes during which the network attested to Stage 1 and Stage 2 Meaningful Use, respectively.

During these time periods, the researchers looked at the 7 clinical quality measures that sustained consistent between the 2 stages of the program: influenza immunization, hypertension control, and counseling, tobacco use assessment, diabetes control, senior weight screening follow-up, Chlamydia screening, and adult weight screening and follow-up.

From one program stage to the next, the researchers observed betterment in hypertension control (35 to 40%), influenza immunization (63 to 68%), tobacco use assessment and counseling (86 to 96%), and diabetes control (93 to 96%).

Senior weight screening worsened from 54% in Stage 1 Meaningful Use to 49% in Stage 2 Meaningful Use. Adult weight and Chlamydia screening sustained to be consistent.

“While our research doesn’t make a causal link between the transition to MU2 and quality, it recommends that few of the elements, like electronic reporting of clinical quality measures at stricter thresholds, secure messaging, and information exchange, might have a positive impact on quality,” the researchers concluded.

While the Advancing Care Information performance category does involve several differences from meaningful use, it yet consists some of the same elements. This might be depicted in reviewing meaningful use and transition from Stage 1 to Stage 2 Meaningful Use.

“Several elements of MU2 are preserved in the proposed rule, like mandated reporting of institution-selected quality measures at stricter thresholds, secure messaging, and information exchange,” the researchers elaborated. “Hence, the affect of reviewing meaningful use and transitioning from MU1 to MU2 has significant implications for the latest policy, specifically for agencies that will be transitioning directly from MU1 to the latest program.”

Given these outcomes, the researchers recommend the following steps for the development and progress of MACRA implementation.

First, CMS should make sure that the MACRA measures are rooted in evidence that shows they will make better the outcomes. For instance, the CMS proposal to remove clinical decision support might not be effective because there is little evidence to recommend that clinical decision support limits care quality. In accordance to the researchers, most evidence proves that clinical decision support really improves quality.

However, scant evidence supports the efficiency of secure direct messaging between patient and provider. The researchers recommend CMS look at measures to make sure that they are not inquiring eligible clinicians to report measures that aren’t proven to empower care quality. Rather, CMS should conduct research to evaluate how effective this measure is.

Second, the researchers recommend CMS continue setting a high bar for providers. The heightened expectations providers were subject to in Stage 2 Meaningful Use compared to Stage 1 might have been a driving factor behind the increased care quality. Should providers be held to a lower or more stagnant standard, they may not continuously improve quality.

Third, CMS should review how providers utilize certified EHR technology for clinical quality measures reporting.

Fourth, CMS should make certain that providers can track their Advancing Care Information progress through their own EHRs. In accordance to the researchers, several providers were capable to do this during either stage of meaningful use and found it useful for their successful program attestation. Such abilities could likewise be beneficial under MACRA.

 

Many patients keenly use mobile device to send info to providers

Despite uncertainties over the potential risk to data security and privacy, customers are becoming more comfortable with the idea to keenly use mobile device for managing their health.

In accordance to an online survey of 2,000 U.S. adults, taken by communications firm Ketchum, almost six in ten Americans with a smartphone claimed that they have shared information with a medical expert through a smartphone, mobile app or wearable device.

Moreover, about half of those surveyed demonstrated that they have an app that detects fitness, working out, health or medicine, while one in 4 respondents claimed that they’ve emailed or texted a photo of a medical problem to their doctor.

 “Devices for healthcare management are increasing, and individuals are using them in new and complex ways,” claims Valerie Delva, health strategy director at Ketchum North America. “Though present attitudes toward utilizing mobile technologies for health at the individual level are quite complicated, the insights here also speak to broader trends in the health ecosystem and the potential for these technologies to assist to make better the health results.”

At the similar time, about half of Americans stated that they have a lot to learn about how to use mobile device or health technology so that they can take advantage from them. Almost one in four admit that health and fitness tracking applications have made them feel bad, and more than one in 5 of those surveyed have stopped utilizing certain applications.

And, however the majority of respondents demonstrated they have keenly use mobile device or technology to interact with a medical expert, almost two in three stated that they yet prefer face-to-face interaction with their healthcare providers.

“Even though individuals are interested and need to use mobile device or technology to interact with their healthcare providers, there is also still a powerful population that does value face-to-face interaction, and I do not think that the two are mutually exclusive,” claims Delva.

Lisa Sullivan, executive vice president and North American technology practice leader at Ketchum, recommends that one of the most astonishing findings of the survey was that two in five Americans stated that they are comfortable using artificial intelligence.

About a third of respondents showed that they are likely to utilize an AI search tool like Siri, and 31% said they would be open to an AI health tracker. Although, Americans are not amenable to the concept of using an AI medical adviser (18%) or an artificially intelligent therapist (9%).

Latest virus attacks all type of Windows-based computers

A latest kind of malware is starting to circulate and attack nationwide, in accordance to GuardiCore, a vendor of software that tracks violations and breaches in real time. And, right now, the malware can be traced by merely two anti-virus engines. These new virus has the ability to attack all type of Windows-based computers.

“This is new virus or malware capable of running on every sort of Windows-based computers or Windows version from XP through Server 2012 R2,” the agency reported in a blog. That means it runs on every single Windows version, “so 100% of your Windows endpoints are vulnerable,” claims Daniel Goldberg, a security researcher at GuardiCore. The virus has been termed as Trojan.sysscan.

The virus or malware uses brute force to find usernames and passwords that can be utilized as credentials to approach information systems as it can attack all Windows-based computers. Sometimes it does not take much time because an agency might have been breached initially, but passwords uncovered in last breaches mostly are not changed and are yet available for use. But if essential, the malware will keep attempting to get in for hours until it approached a system, in accordance to Goldberg.

While presently focused on financial credentials, the virus can steal credentials from any agency’s systems, and it is mere a matter of time before it hits other sectors. It is not still been traced on computers of healthcare agencies, but security experts should assume it might have already infiltrated few systems.

“Healthcare is equally if not potentially more vulnerable, provided the prevalence of Windows in the industry,” Goldberg points out.

Trojan.sysscan, while not still widespread, is a simple virus that can sustain to be undetected for a considerable period of time, and Goldberg recommends assuming the virus will appear in systems if modified security steps are not taken. “Individuals should not consider anti-virus as their mere line of protection.”

 

Breakfast session at AHIMA targets to blunt cyber threats

The reality of cyber threats is that a hacker can get into and stalk an agency’s network for hundreds of days without the agency knowing it, which is why healthcare contributors require detection tools to learn of silent malware within their data systems, states Mark Dill, principal consultant at security consultancy tw-Security. That’s why this Breakfast session at AHIMA  will be targeted to blunt cyber threats.

At a 7 a.m. networking Breakfast session at AHIMA on the day of October 17 during AHIMA16 in the place of Baltimore, Dill will team with 2 other consultants, Joseph Kirkpatrick of Kirkpatrick Price and Mac McMillian of CynergisTek, to blunt cyber threats and describe several faces of hacking. This involves a newer twist known as “Hactivisim,” which is taking control over an agency’s web site or private network to reflect a political or social agenda.

There also are many serial hackers that hold an agency’s information ransom until payment is made, then restore approach but keep a copy of the information with the threat to issue it to other criminals unless another payment is made.

But aside from trying to scare the audience, the speakers need to assert that “the solutions to the issues do not always cost millions of dollars,” Dill claims. “The solutions do not always have to be costly to make a distinction.”

The 3 security pros will assert the fleshing out security gaps and dealing them, and adopting suitable controls to address unreasonable risks. Other problems to be covered involve advanced persistent attacks and financial crime and espionage.

 

Information Technology budgets expected to remain flat in the year of 2017

Information Technology budgets in the year of 2017 are expected to sustain relatively flat across the state of North America, Europe, the Middle East and Africa, in accordance to a latest report from Spiceworks, an expert network for the industry.

The network’s 2017 State of information technology budgets study is deployed on a survey of 886 IT experts in those regions conducted in the month of July. The survey information was supplemented with Spiceworks network data gathered in the month of September, deployed on anonymized, aggregated deployment information from information technology professionals worldwide.

About two thirds (64%) of the respondents anticipate information technology headcount will remain flat in the year of 2017, despite an expectation that industry revenues will increase. Almost 30% of IT experts say international political and economic uncertainty directly impacts their agency’s willingness to buy IT products and services.

Moderately less than half (47%) agree that economic and political uncertainty causes their agency to reconsider in which countries they store corporate information, and 37% say it causes their agency to reconsider from which countries they buy technology products and services. “A confluence of international events, like political instability, slow economic growth and unexpected affairs, such as UK’s pending exit from the EU, have left IT experts with more queries than answers as they relate to both short-term and long-term impacts on their agency,” stated Sanjay Castelino, vice president of marketing at Spiceworks.

“We hope information technology budgets departments to take a more cautious, conservative access to IT contributions in the year of 2017 as they handle new regulations, fluctuating exchange rates, and other seen and unforeseen issues,” Castelino claimed.

 

Small contributors Might struggle as ICD-10 grace period ends up

With the Saturday enabling the 1-year anniversary of the execution of ICD-10 codes, healthcare agencies must now concentrate on some latest needs that went into effect on the day of October 1. Small contributors might struggle as ICD-10 grace period ends up.
While the transformation from ICD-9 version codes universally is believed to be an unqualified victory, the ICD-10 grace period has finished, and the Centers for Medicare and Medicaid Services (CMS) no longer will be embracing unspecified codes on Medicare fee-for-service claims. The year of coding flexibilities that CMS agreed to previous year in he collaboration with the American Medical Association (AMA) has expired and won’t be expanded.
Although, as the agency noticed in guidance released in the month of August, the end of the ICD-10 grace period should not be a huge deal for contributors, as several commercial health insurers didn’t provide contributors any coding flexibility, needing them to use particular ICD-10 codes. Besides, CMS claimed, healthcare agencies “should already be coding to the largest level of specificity” and “should code claims to the degree of specificity reinforced by the encounter and the medical documentation.”
Moreover, Sue Bowman, senior director of coding policy and agreement at the American Health Information Management Association (AHIMA), asserts that the grace period merely implemented to Medicare fee-for-service claims from physician or other practitioner claims billed under the Medicare Fee-for-Service Part B physician fee schedule.
The grace period “didn’t apply to hospitals, so it does not impact anything hospitals are doing going forward on the day of October 1, and even from the physician standpoint it was restricted in its affect because it merely applied to post-payment reviews,” claims Bowman, who adds that “most persons have been having to do the largest degree of code specificity over the last year anyhow, regardless of the flexibility.”
Beginning on the day of October 1, CMS review contractors will “utilize coding specificity as the reason for an audit for a refusal of a reviewed claim” and they will “notify contributors of coding problems they identify during review and of steps required to correct those problems,” the agency claims.
On the other hand, Debi Primeau, president of revenue cycle consultancy Primeau Consulting Group, considers that the end of the ICD-10 grace period is “not a huge deal for acute-care hospitals, which have implemented retrospective and/or concurrent audits,” but it “might be a bid matter for smaller physician groups and individual practices.”
Primeau compels that physician groups and practices “haven’t actually been aggressively auditing to recognize either their physicians are utilizing unspecified codes.” She also mentions the fact that several practices don’t have coding experts but are rather utilizing drop-down boxes in their EHR systems to select codes.
“If they’re in hurry and do not actually understand codes, these practices might be choosing unspecified codes, and because several of these agencies haven’t yet performed coding audits, they really do not know if there is an issue or not,” adds Primeau, who largely suggests coding and documentation audits. “What we are discussing about is recognizing opportunities where you can concentrate on denial prevention versus denial management.”
Overall, Bowman claims she does not hope adverse consequences as an outcome of the end of the ICD-10 grace period. Nevertheless, Mary Beth Haugen, CEO of Haugen Consulting Group, is not as optimistic.
Primeau’s worry going forward is health insurers—not merely Medicare but commercial payers, who might start to adjust medical policies deployed on the latest specificity provided by ICD-10. “They have been gathering data for a year, and now is their chance to go back and recognize where some of these unspecified codes have been utilized and to begin denying claims,” she adds. “There are many commercial payers out there, and they have been data mining. They have seen bills that have been submitted for the previous year, know what is going on, and who is and isn’t submitting unspecified codes.”
For its part, AHIMA is motivating healthcare agencies to sustain to monitor their documentation and work to make better it when essential, Bowman claims.
Furthermore, she points out that CMS has lifted the partial code freeze, and as an outcome, thousands of latest ICD-10 diagnosis and procedure codes have been added for fiscal year 2017, which start on the day of October 1.
CMS claims in its guidance that the yearly update to codes is not a new procedure, as “codes were daily updated on an annual basis until a freeze was developed to help providers and health policies to prepare for ICD-10.”