Friday, July 29, 2016

Small, remote and critical approach hospitals lag in interoperability

While the remote, small and critical approach hospitals are closing the proposed gap in electronic health record (EHR) adoption regarded to their higher urban counterparts, they’re lagging behind in acquiring the interoperability, in accordance to the Office of the National Coordinator for Health IT.


At the day of Wednesday’s joint meeting of the Health IT Policy and Standards Committees, ONC depicted an update on EHR adoption and interoperability deployed on an analysis of 2015 American Hospital Association Annual Survey–IT Supplement information.


The information indicates that small services are struggling when it comes to the interoperable exchange and utilization of electronic health data.


In accordance to the brief, rural hospitals have less than half the amount of engaging in all 4 domains of interoperability—electronically finding, sending, receiving and integrating data—in comparison to suburban and urban hospitals (15% vs. 34%, respectively).


Small hospitals also lag behind medium and huge hospitals in acquiring these skills (18% vs. 34%, respectively). Furthermore, CAHs had primarily lower amounts of engaging in the 4 domains of interoperability, compared with services that aren’t CAHs (17% vs. 30%, respectively).


“Among smaller, rural and critical approach hospitals, we discovered that they had primarily lower amounts of electronically sending, receiving, finding, and integrating data,” Vaishali Patel, a senior ONC advisor, informed the committees.


At the similar time, while the rate or percentage of hospitals electronically sending, receiving and finding vital clinical information grew significantly nationwide between the years of 2014 and 2015, Patel told that the electronic availability of outside data at the point of care and usage of that data for clinical decisions was very low among several rural/small hospitals and CAHs.


In accordance to Patel, from 35% to 39% of rural or small hospitals and CAHs had electronic data available from outside providers/sources vs. 46% for whole federal non-acute care hospitals. She also claimed from 41% to 46% of rural or small hospitals and CAHs basically utilized electronic information got from outside contributors or sources, compared with 53% of all federal non-acute care hospitals.


Nevertheless, Patel further added that remote or small hospitals and CAHs are closing the proposed gap in the electronic health record adoption. “There have been key increases in EHR adoption amongst these hospitals,” she stated. “For instance, critical approach hospitals’ basic EHR adoption amount has grown four-fold from the year of 2011. As it regards to the gaps in interoperability, it might be that we will have to detect this over time to see how this evolves. And, it might be that as EHR adoption increases few of these gaps might get narrow over time. But, that is something that sustains to be seen.”


 

Thursday, July 28, 2016

GOVERNEMENT TO REINFORCE ROUTINE POLIO IMMUNIZATION: SAIRA

Minister for the National Health Services, Regulations and Coordination Saira Afzal Tarar on the day of Thursday claimed that supporting routine immunization was key priority of the government.


"Strengthening of routine immunization will consider being one of the key agenda in upcoming PM Focus Group Meeting" the minister stated while dealing the participants of Inter-agency Coordination Committee (ICC) meeting.


She shared with the proposed participants that in agreement with the directives of the Prime Minister, polio infrastructure will be merged with EPI in upcoming months to reinforce routine immunization in Pakistan.


Initially, Dr. Saqlain Ahmed Gilani, National Program Manager, EPI described the ICC members over the objectives and suggestions of the Joint Appraisal Mission.


The Joint Appraisal Mission to consider and analyze the growth of Federal and Provincial EPI programs is presently visiting Pakistan. Dr. Saqlain Ahmed Gilani apprised the meeting that the primary aim of the visit was to review and recognize issues in the routine immunization program and to set suggestions for the betterment and improvement.


The mission visited entire 4 provinces and arranged meetings with all relevant stakeholders.


The Joint Appraisal Mission contained global health professionals from the development partner agencies involving GAVI, Bill and Melinda Gates Foundation, World Bank, UNICEF, WHO, USAID and DFID.


The representative of Joint Appraisal Mission acknowledged the devotion of leadership to reinforce and make better the routine immunization systems in Pakistan both at federal and provincial level.


Joint Appraisal Mission more emphasized the federal and provincial EPI departments to make and finalize yearly work plans so that to determine progress in a systemic way.


Mentioning the requirement to increase synergy between EPI and polio, joint mission suggested reinforcing the linkages and interactions between EPI and PEI program for joint planning, execution and improvement of routine immunization services in Pakistan.


Interaction with communities and context particular innovations in communities was also underscored as a priority place. Members of the Joint Mission shared their uncertainty over week surveillance network in the country and asserted on its betterment.


Requirement of trained EPI staff and human resource was also demonstrated.


During the proposed ICC meeting, provincial EPI managers also reflected their development on the PC-1 for EPI programs. EPI Manager from Baluchistan acknowledged the support and devotion of the federal government in prioritizing the requirements of the Baluchistan.


EPI Managers from the provinces of Sindh and KPK also shared status of their respective PCs-1. EPI Manager Punjab shared their whole preparedness to launch Rotavirus in the Routine Immunization this very year.


 

Wednesday, July 27, 2016

President signs order to make better the cyber attack measures

President Obama has issued the Presidential Policy Directive/PPD 41, developing rules and principles to govern responses to huge federal and private sector cyber attacks.


However not particularly focused on cyber tragedies at healthcare agencies, the directive does identify the crucial impact that such tragedies can have on “public health and safety.”


“While the major majority of cyber tragedies can be managed through existing plans, certain cyber tragedies that have key affects on an entity, our national security or the broader economy need a distinctive access to response efforts,” in accordance to the directive. “These key cyber tragedies claims unity of effort within the Federal Government and particularly close coordination between the public and private sectors.”


The plan directive observes any cyber tragedy, develops the lead federal organizations to coordinate responses, and needs the departments of Justice and Homeland Security to maintain updated contact information for public utilization to report tragedies. The Federal Bureau of Investigation also plays a vital role in responses, in accordance to the directive.


The document also explains the important cyber tragedy or a group of related incidents as those that are likely to indicate harm to national security interests, public confidence, the national economy, foreign relations, civil liberties or public health and safety.


The directive spells out 5 guiding rules covering the shared responsibility among people, the private sector and government; resource allocation deployed on threats posed by an attack; safeguarding explanations of a tragedy, privacy and civil liberties and sensitive private sector data; usually deferring to impacted entities in notifying private sector entities and the general public; coordinating among government entities to acquire optimal outcomes, and facilitating restoration and recovery.


Moreover, the government will perform investigations at impacted entity sites, give technical support to secure assets and decrease susceptibilities, collect and spread or disseminate intelligence, facilitate data sharing, and coordinate with impacted private entities to comprehend potential effects of an attack on crucial private sector infrastructure.


The directive lists particular few federal organizations as lead agencies for decreasing 3 effects of an attack: threat response activities (FBI, Justice, and National Cyber Investigative Joint Task Force), intelligence support and related tasks (Director of National Intelligence via Cyber Threat Intelligence Integration Center), and asset response activities (Homeland Security and its National Cyber security and Communications Integration Center).


Homeland Security and Justice are ordered and tasked with spreading a fact sheet to help the private sector in informing relevant federal organizations after a cyber tragedy. Various coordinating federal organizations have 180 days to execute the latest national policy in cyber response exercises.


 

Tuesday, July 26, 2016

CMS fraud prevention attempts secure $42B

The Centers for Medicare and Medicaid Services (CMS) has accepted a multifaceted, proactive access to preventing deception, utilizing a heavy contribution in analytics and enforcement agency resources to secure $42 billion in fiscal years of 2013 and 2014.

CMS mentioned the significance of the savings in preventing deception or fraud in case to make sure the sustainability of the Medicare program and making definite the beneficiaries have future access to care.

In CMS’ yearly report to Congress on the effectiveness of the Recovery Audit Program—a method to combat fraud or deception, waste and abuse at a federal level—that was released previous week, the organization reported $24.8 billion of the $42 billion recovered came from prepayment consideration or review that hired advanced analytics.

By hiring this tactic to head off questionable payments in advance, instead of a “pay-and-chase” technique, program integrity contactors are capable to flag potential cases of deception or fraud through proactive data analysis before payments are created.

The Fraud Prevention System implements predictive algorithms and advanced analytics against the Medicare fee-for-service claims.

Contractors discovered 12.7% of Medicare fee for service claims in the FY 2014 were set at an inadequate payment rate, up from 10.1% in the FY 2013. When FPS predictive models recognizes egregious, suspect or aberrant activity, the system automatically produces and prioritizes leads for more review and inquiry, which are primarily utilized by Zone Program Integrity Contractors, in accordance to the report.

The system uses data sets from called-in tips, the Fraud Investigative Database, the Compromised Numbers Checklist and nationwide claims, among other sources, which are held in the Integrated Data Repository. Analysts use historical claims from the IDR to analyze patterns and develop models for the FPS, which in turn screens the aggregated information.

In the FY 2013, recovery auditors performed prepayment reviews on claims that historically outcome in high rates of inadequate payments, in accordance to the report. 7 states—California, Florida, Louisiana, Illinois, New York, Michigan and Texas—had high tragedies of fraud and inadequate payments, while 4 states—North Carolina, Missouri, Ohio and Pennsylvania—had huge claims volumes of short inpatient hospital stays.

Instead of the huge success with the program, CMS won’t systematically extend the predictive analytics technology beyond Medicare to all Medicaid and Children's Health Insurance Program claims; in the report, CMS points out that it isn’t cost effective for every state to embrace FPS.

 

Monday, July 25, 2016

U-Miss Medical Center receives $2.75M fine for HIPAA breaches

The HHS Office for Civil Rights is continuing its frustrating attempt of sanctioning covered entities and business associates who’ve run afoul of HIPAA security principles, this time taking target at University of Mississippi Medical Center.


UMMC will pay a $2.75 million penalty and stepped into the resolution compliance and corrective action policy after an OCR inquiry determined the hospital was aware of susceptibilities to protected health data since at least the month of April 2005—the compliance information of the HIPAA Security Principle. The agency asserts that the agency took no meaningful action to reduce threat until after the theft of a laptop in the year of 2013. While the computer was password secured, it wasn’t encrypted.


OCR also referred the fact that, while the hospital gave notice of the violation on its web site and to regional media, it didn’t notify sufferers whose data was on the stolen laptop.


“OCR’s inquiry disclosed that ePHI stored on a UMMC network drive was susceptible to unauthorized approach through UMMC’s wireless network because consumers could access an active directory consisting of 67,000 files after giving a generic username and password,” in accordance to an OCR statement. “The directory involved 328 files consisting of the ePHI of an assumed 10,000 sufferers dating back to the year of 2008.”


In the resolution compliance, OCR claimed the hospital failed to execute suitable policies and procedures to comply with HIPAA and protect information. UMMC got agreed to the resolution agreement, but pointed out that the acceptance isn’t an admission of liability.


OCR charged that UMMC had not executed security steps enough decrease the threats and susceptibilities to reasonable and suitable levels; failed to execute safeguards for all workstations approaching ePHI; failed to allocate a distinctive username or number for recognizing and detecting users; permitted workers to access ePHI on a shared department network drive through a generic account that stopped tracking; and failed “to notify each person whose unprotected ePHI was reasonably considered to have been accessed, acquired, utilized or revealed as an outcome of the violation” after the discovery of the violation.


In a 3-year corrective action policy, UMMC commits to designate a qualified worker to be the internal monitor of agreement with the plan, with at least 46 particular milestones of agreement hoped to be completed.


In a statement, UMMC notes it has began substantial improvements in data security in recent years. Improvements involve encryption of entire laptops; remaking of the role and reporting relationships of the chief information security officer; and executing an external assessment and overhaul of its information technology security program.


“Our sufferers should never have to doubt that their security or privacy is a divine trust that we’re devoted to securing as part of our primary ethical values,” claims LouAnn Woodward, MD, vice chancellor for health affairs, in the statement. “We’ve learned from this experience and are working hard to make sure that our data security program meets or exceeds the largest standard.”

Friday, July 22, 2016

mHealth App Issues aim EHR Approach, Mood Measurement

mHealth app issues are entire rage these days, with separate contests seeking tools to approach health data in an EHR and stages that deal mood disorders.


The officials have disclosed their 1st-round winners in 2 challenges finding apps that contributors and sufferers can utilize to access and share health data. Meanwhile, 5 semifinalists have been chosen in the Robert Wood Johnson Foundation’s challenge, which finds ResearchKit-deployed mHealth levels that can assist customers and contributors measure moods.


ONC has selected 4 participants in the Consumer Health Data Aggregator Challenge and 4 people in the Provider User Experience Challenge. All 8 Phase I winners will gain $15,000, and they will now further establish their apps for experimenting by the month of November 7.


“It is amazing to analyze the level of innovation that is taking place in health Information Technology today,” Vindell Washington, MD, the ONC’s principal deputy national coordinator, claimed in declaring the Phase 1 winners on the day of July 18 in the city of Washington D.C. “The apps that these challenges will generate have the possibility to spur real-world betterments for people and clinicians throughout the health network.”


Declared by ONC chief Karen DeSalvo on the day of March 1 at the Health Information and Management Systems Society’s yearly conference an exhibition in the city of Las Vegas, the 2 contests challenge mHealth innovators to utilize the Fast Healthcare Interoperability Resources (FHIR) standard and start application programming interfaces (APIs) to make an application that enables clients and contributors to access and share information in an EHR.


In the time of consumer challenge, participants were ordered to make a means by which clients could conveniently and electronically approach their information from several healthcare contributors.


The consumer challenge Phase 1 winners are Green Circle Health, HealthCentrix, Medyear and MetroStar Systems. The contributor challenge Phase I winners are the PHRASE Health, Herald Health, WellSheet and a collaboration including the Duke Health System, the Intermountain Healthcare, and the University of Utah Health Care.


While the 1st phase involved designing the app, the 2nd phase will concentrate on testing that app, and will be certainly open to all participants regardless of either they were termed Phase I winners. A grand prize, 2nd place prize and “Ultimate Connector” prize will be granted in every challenge.


The RJWF challenge started its $500,000 competition in the month of April, inquiring the participants to utilize Apple’s clinical research platform to make apps that can, generally, measure moods. Contestants were order to make an mHealth platform that would observe social, economic and other elements, involving weather, diet and exercise.


The semifinalists are the Mood Circle, BiAffect, Aware Study, MoodSync and Mood Toolkit. 2 finalists will be declared in the month of October following a Virtual Accelerator to test application design, and a winner will be chosen in the month of May 2017 after the prototypes have been observed.


 

Thursday, July 21, 2016

Fed expenses for health IT services reach $6.5B in 2015 year

Expenses on IT services by federal health agencies reached $6.5 billion in the year of 2015, up primarily from $2 billion in the year of 2011, in accordance to research firm Govini.


Not astonishingly, the Department of Health and Human Services—specifically the Centers for Medicare and Medicaid Services (CMS)—led spending from the time period of 2011 to 2015 with almost $13 billion in prime contract obligations.


Govini points out that, with $6.8 billion in complete prime contract obligations, CMS accounts for over half of HHS’ expenditures on IT services during that time.


“The agency has been making preparation for advancement by making foundational contributions in call centers, IT infrastructure and data centers,” claims Govini’s report.


However, federal health IT services grew 27% yearly despite of sequestration-driven budget constraints,  in accordance to the findings of the report.


“The Department of Health and Human Services grew at 34% compound yearly growth rate and the Department of Veterans Affairs (VA) grew at 25% CAGR,” claims the report. “Defense Health Agency (DHA) expenses decreased during this period at -6% CAGR amid sequestration constraints and the reorganization of the Military Health System.”


The report of Govini also summarizes that the outlook in the Fiscal Year 2017 budget proposal of President is powerful, with technology contribution geared towards systems advancement, EHRs, networks and cybersecurity.


In specific, the firm claims VA and DHA in FY17 are “planning huge Information Technology investments that opponent HHS’s in scope.” In particular, Govini mentions that the DHA is heading towards the path in EHR advancement through its Defense Healthcare Management System Modernization (DHMSM) program. Previous year, the Pentagon granted a $4.3 billion contract award to the Leidos-Cerner team to advance the EHR system of DoD.


Nevertheless, in accordance to the report, CMS sustains to drive HHS Information Technology modernization. “Its huge initiative is to make better the usability and functionality of the Marketplace by making better the eligibility, plan management and payment functions,” asserts the firm. “In the intended FY17 budget, $333 million is committed to make advancement in the claims processing systems and call centers,” while “the department of security and network is driving the VA contribution.”


 

Wednesday, July 20, 2016

Why ransomware threats are increasing for providers

Hackers utilizing the software to block information and then demand money in return are depending on increasingly advanced techniques more commonly observed in cyber-espionage cases, the antivirus company Symantec Corp. stated.


While people are still the huge target of such ransomware attacks, accounting for over 57% of recorded victims, infections of businesses and bigger agencies are on the rise, spiking in late year of 2015, Symantec said on the day of Tuesday in its yearly “Ransomware and Businesses” report.


With international losses out-coming from ransomware attacks climbing, perpetrators have a “gold rush” thinking that is fueling latest methods and larger demands for payments.


“An increasing number of gangs are starting to focus on targeted attacks against huge agencies,” Symantec asserts. “However more complicated and time-consuming to perform, a victorious targeted attack on an agency can potentially infect thousands of computers, causing massive operational disruption and crucial destructions to revenues and repute."


Ransomware hackers gained widespread attention initially this year when they targeted Hollywood Presbyterian Medical Center’s systems in the month of February. The hospital instantly paid 40 bitcoin, the electronic currency that was worth about $17,000 at the period.


2 other California hospitals were attacked in the spring, leading to uncertainties that hospitals were becoming the aim of choice for hackers, but the Symantec report claimed healthcare "does not seem to be among the most frequently affected sectors."


The service industry and manufacturing industry were the aims of 38 and 17% of attacks on agencies from the month of January 2015 to April 2016, respectively.


Ransomware attackers can gain approach to files through items such as an attachment to a spam e-mail or a fake advertisement on a website. The attacks have been increasing every year, with the FBI getting more than 2,400 complaints in the year of 2015 for $24 million in losses, up from more than 1,800 complaints in the year of 2014.


With individuals yet the primary victims, partly because they’re less likely to have powerful security software installed on their computers, the average ransom this year through the month of April was $679.


Symantec’s report claims that significant strides in file encryption technology are one of the key drivers of growth in the ransomware business. A record figure of latest strands, or families, of ransomware were traced in the year of 2015, and about 80% of them were capable to encrypt the files of affected servers.


Microsoft Corp.’s Windows platform is aimed the most, but the 1st ransomware risk or attack on the Apple Inc. Mac’s OS X software was recorded in the month of March. Mobile phones are not still extremely attacked, the report stated.


 

Tuesday, July 19, 2016

Healthcare and pharma least ready for external cyber risks

Just 16% of healthcare and pharmaceutical agencies have a formal procedure for checking the Internet and social media for external cyber risks.


Additionally, just 26% of respondents in the healthcare and pharmaceutical industry consider they have the devices and resources to observe and understand external dangers; 29% say they have the devices and resources to reduce such threats; and 34% claims that they’ve the tools and resources to monitor these dangers.


Those are among the findings of a latest survey taken by the Ponemon Institute and sponsored by cybersecurity vendor BrandProtect. Particularly, respondents were surveyed about external cyber risks—those that arise outside an agency’s conventional firewall and security perimeter, and utilize online channels and utilize email, mobile apps, social media, or domains as their key attack technology.


“When it comes to the real capability of agencies to have the tools and resources essential to monitor, observe, and reduce these external threats, sadly healthcare trailed in every category,” claims Greg Mancusi-Ungaro, chief marketing officer at BrandProtect. “However there is awareness of this problem, the security teams across the healthcare industry are demonstrating they are behind the curve.”


The 591 information technology and IT security practitioners in the US surveyed were drawn from 6 industries—health and pharma, industrial and manufacturing, financial services, public sector, services and retail—to evaluate differences in preparedness for addressing the external cyber dangers.


In accordance to the findings, the financial services industry is most ready to monitor and mitigate external risks, and is most likely to have a formal monitoring procedure. Instances of external risks involve malware or other payloads; socially engineered attacks; brand-based attacks with ransomware, executive impersonations; rogue social domain activity; hactivism/activism; and activities that breach agreement or regulatory needs.


The frequency of these external threats and their financial prices for industry are important. Survey respondents reported that they experienced an average of 32 material cyber threats during the last 24 months, or moderately more than 1 per month, costing them an average of $3.5 million yearly.


“What this report calls attention to is the chance to genuinely become a tougher target by paying attention to these types of probing-style external threats,” summarizes Mancusi-Ungaro. “These attacks do not merely happen overnight. They are the outcome of a long procedure of reconnaissance, investigation, planning, and external task.”

Monday, July 18, 2016

2nd phase of HIPAA audits moves into high gear

The long-awaited 2nd phase of the HIPAA audit program of the HHS Office for Civil Rights is now in complete swing. In accordance to OCR, few covered entities have gained notification letters regarding their inclusion in the desk audit portion.


OCR declared that letters were delivered on the day of July 11 through email to 167 health policies, healthcare contributors and clearinghouses. The agency claimed that desk audits will investigate the selected covered entities’ HIPAA agreement.


“These entities have ten business days, until the day of July 22, 2016, to respond to the document appeals,” OCR stated in the announcement. “Desk audits of business associates will follow this fall.”


Phase Two of OCR’s audit program is significantly concentrated on desk audits of policies and processes, compared with Phase 1. OCR expects this approach will enable the agency to be more effective in audits with lesser resources than would be needed to support complete onsite audits for all agencies.


“The desk audits are focused examinations of documentation of entity agreement with some needs of the HIPAA rules,” in accordance to the declaration. “OCR chose these provisions for focus during the desk audits because our pilot audits, as well as our enforcement activities, have surfaced these provisions as frequent places of noncompliance.”


Those HIPAA needs chosen for desk audit review involve:




  • Breach Notification Rule—Timeliness of Notification, and Content of Notification.

  • Privacy Rule—Notice of Privacy Practices and Content Requirements, Provision of Notice–Electronic Notice, and Right to Access.

  • Security Rule—Security Management Process (Risk Analysis), and Security Management Process (Risk Management).


Daniel Gottlieb, a healthcare law attorney and partner at McDermott Will & Emery, asserts that the Phase Two audit program is placing more attention on places of higher threat to the security of secured health data and on pervasive non-agreement, deployed on OCR’s Phase I audit findings and observations, instead of a detailed review of all of the HIPAA standards.


“In situations where an audit unveils a serious agreement concern, OCR might initiate a compliance review of the audited agency that could lead to civil money penalties,” stated Gottlieb. “OCR’s declaration that it has introduced the Phase 2 HIPAA audit program isn’t surprising in light of recent critique of OCR’s HIPAA imposition attempts by the Office of Inspector General and following the various cyber attacks on the healthcare industry.”


Gottlieb suggests various steps that covered entities and business associates should take to make sure that they are ready for a potential Phase 2 audit, involving:




  • Confirming that the agency has recently completed a brief assessment of potential security threats and susceptibilities to the agency, in other words, perform a risk assessment.

  • Confirming that entire systems and software that transfer electronic PHI employ encryption technology or that the agency has a documented risk analysis motivating the decision not to employ encryption.

  • Making sure that the agency has executed a breach notification policy that rightly depicts the content and deadline needs for breach notification under the Breach Notification Standards.

  • Confirming that entire action items recognized in the Risk Assessment have been completed or are on a reasonable timeline to completion


In Phase Two of the audit program, covered entities will be observed for HIPAA agreement, regardless of whether a complaint has been submitted against them. When it comes to business associates, Phase Two is the 1st time that OCR’s audit program will be straight searching at business associates.


 

Friday, July 15, 2016

Imprivata to be privately held after Two years as public organization

Imprivata, a famous publicly owned vendor of user and sufferer authentication, enterprise single sign-on and protect messaging software for the healthcare sector, is becoming a privately held organization, with investment firm Thoma Bravo purchasing the company for over $554 million.


That is a hefty multiple for an industry that in the 1st quarter of the year 2016 had revenue of $31.5 million and an average loss of $6.7 million; overall, Thoma Bravo is paying almost 4 times projected yearly revenue for Imprivata.


The technology of company particularly assists healthcare contributors to secure patient data and comply with regulations, stepped into the public just 2 years ago, with an initial public offering cost for its stock of $15 a share. The stock was selling for $14.50 a share before the sale was declared, which will provide shareholders $19.25 a share in cash.


The acquisition is a strategic chance for the investment firm, claims John Osberg.


Imprivata, Osberg points out, is best-of-breed companies with products that assist hospitals to move from systems that need clinicians and workers to utilize pagers or cellphones for communication. Cell phone utilizes within hospital walls are mostly restricted because of concerns over security and medical device interference, but workers still use their phones. Pagers are inefficient devices that alerts customers to events, but only if customers have their pagers with them. Neither phones nor pagers integrate into a coherent workflow for staff.


It takes a long period for healthcare agencies to change, Osberg claims, but they’re changing now to adopt improved and more secure communication devices. “Imprivata has much intellectual property and interfaces with several IT vendors. That is worth a lot of money.”


Other reasons the purchase makes sense involve the availability of a seasoned management team and great growth prospects, he further adds. “It would seem that there is a strong pipeline of new growth and products that would enable Thoma Bravo to value the company at that premium.”


That Imprivata is losing money should not be a concern, Osberg states, because he considers management has been contributing in the company. Moreover, when the acquisition is complete, as a privately held company, Imprivata will not be restricted by the regulatory burdens that public companies confront, and that’ll save it money, Osberg notes. “It’ll be a leaner, more effective company.”


 

Thursday, July 14, 2016

Senators launch bill to provide EHR program relief

Legislation launched by 6 Senators aims to provide regulatory relief and flexibility for hospitals that are attempting to meet obligations of the federal meaningful use program.


The senators late Wednesday revealed the Electronic Health Record (EHR) Regulatory Relief Act (S. 3173), showing that they gave the bill to bring few of the relief declared for physicians to the hospital sector.


The 6 Republican senators belong to a group that released a report 3 years ago recommending changes required in federal policy strategies to victoriously adopt healthcare information technology, and are called as REBOOT members.


Sponsors of the legislation involve Lamar Alexander (R-TN), Sens. John Thune (R-SD), Mike Enzi (R-WY), Richard Burr (R-NC), Pat Roberts (R-KN) and Bill Cassidy (R-LA).


The authors of the bill claim that regulatory flexibility is required to assist hospitals and medical providers concentrate on transitioning into the patient-focused payment policies made by Congress in the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).


Those launching the bill recommended that they’ve got cooperation from the administration in crafting the bill, which targets to address near-term relief for hospitals dealing with the program.


 “I am thankful for the administration’s willingness to give constructive feedback and involve with Senate REBOOT members on this significant piece of legislation,” states Thune.


In the month of April, the senators wrote Department of Health and Human Services Secretary Sylvia Burwell and Centers for Medicare and Medicaid Services Acting Administrator Andy Slavitt to request input on a draft bill, and with the feedback they got, established the version that was launched yesterday.


The legislation “will offer hospitals the similar flexibility that Congress passed for doctors with overwhelming bipartisan support last April, and it’ll give doctors and hospitals the certainty of law that the ninety day reporting window for meaningful use earlier this month is here to stay,” claims Alexander, who is chair of the Senate health committee.


The proposed legislation would:




  • Codify the proposal by the Centers for Medicare and Medicaid Services (CMS) to set a ninety day reporting period for the year of 2016.

  • Offer flexibility in the hardship exemption that gives relief to contributors for the years of 2016 and 2017.

  • Eliminate the all-or-nothing approach to meaningful use, in which missing attainment of 1 objective results in failure to acquire incentive funding from the program.


 “One-size-fits-all regulation is jeopardizing the complete potential for electronic health records (EHRs) to improve care for North Carolinians,” Burr states. “I am happy to be working with my co-workers to advance common-sense policy that will offer flexibility and better support North Carolina’s hospitals and doctors in what is most significant—giving quality care to North Carolinians.”


“As a doctor, I know firsthand how bureaucratic obstacles can interrupt with patient care,” Cassidy further adds. “This legislation will decrease those regulatory burdens on contributors, permitting them to better serve sufferers.”


 

Wednesday, July 13, 2016

FBI observes growing cyber threats to healthcare

The Federal Bureau of Investigation observes rising pressure from hackers attempting to access patient data from contributors.


Recent occasions recommend that the pressure might be rising, as offers to sell sufferer records with protected health data on the “Dark Web” market represent a new level of threat for healthcare agency trying to protect health data.


In the month of late June, a hacker called as “The Dark Overlord” reported the theft of almost 10 million sufferer medical records from contributors and a huge insurer and put them on the Dark Web market where hackers conduct buy and sell information taken from a variation of sources. As of this writing, the records haven’t been sold, and the seller might be having trouble selling the treasure trove of protected health data.


The extent of the data theft hasn’t been verified by outside sources. But the formulation of a new market for sufferer records will only expand, cybersecurity professionals believe.


Contacted for data regarding the Dark Overlord incident, the FBI refused to comment on any ongoing inquiries, but it did release guidance for contributors on steps they should take to make better their security profile.


The FBI’s guidance on best practices for securing healthcare data re-emphasizes some famous precautions, but also involving the others that might not be widely utilized by several contributors and payers.


The FBI recommends that healthcare agencies:




  • Patch the operating system, software and firmware on devices. Entire endpoints should be patched as vulnerabilities are founded. This precaution can be made convenient through a centralized patch management system.

  • Enhance worker awareness about malware risks and train suitable individuals on data security principles and techniques.



  • Handle the utilization of privileged accounts by executing the principle of least privilege. No users should be assigned administrative approach unless absolutely required.



  • Those with a requirement for administrator accounts should merely use them when necessary; they should operate with standard user accounts at all other times.

  • Make sure the anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.



  • Configure access controls with least privilege in mind. If a user just requires reading particular files, he or she should not have “write” access to those files, directories or shares.



  • Disable macro scripts from office files transmitted through e-mail.



  • Regularly back up information and verify the integrity of those backups.

  • Execute software restriction plans or other controls to stop the execution of programs in common malware sites.



  • Protect backups and make sure that backups aren’t connected to the computers and networks they’re backing up. Instances might be securing backups in the cloud or physically storing them offline.



  • Utilize virtualized atmospheres to execute operating systems or particular programs.



  • Categorize information based on organizational value and implement physical/logical separation of networks and information for different agency units. For instance, sensitive research or business information should not reside on the similar server or network segment as an agency’s e-mail environment.

  • Execute application white listing. Only permit systems to execute programs known and allowed by security policy.



  • Need user interaction for end user applications communicating with Web sites uncategorized by the network proxy or firewall. Instances involve requiring users to type data or enter a password when their system interacts with an uncategorized Web site.


 

Tuesday, July 12, 2016

UCHealth utilizes proposed EHR for value-based care

The University of Colorado Health is the recent recipient of HIMSS Analytics’ coveted Stage 7 award in recognition of the healthcare agency’s execution and utilization of EHRs.


The proposed EHR enables both sufferers and contributors to share a detailed picture of the care being delivered and got across all UCHealth care settings, claims UCHealth’s CIO Steve Hess. Furthermore, the system is capable to leverage growingly advanced functionality, involving population health analytics, infusion pump integration, and online sufferer engagement abilities, like OpenNotes and telemedicine.


Although, UCHealth plans to utilize its information technology platform as a springboard to acquire more sufferer care capabilities.


“We have always searched at implementing EHRs as a means to an end,” states Hess, who is responsible for the management of data systems across the enterprise, involving its Epic EHR network and My Health Connection patient portal. “We are now at a point where we are capable to utilize the foundation to really make few actually dramatic changes in manner we deliver care, like telehealth, clinical decision support, population health, and advanced predictive analytics.”


“We are beginning to utilize the information and the tools to make changes in procedure,” he further adds.


UCHealth has been on its Stage 7 journey since the year of 2011, when the agency 1st executed its EHR at one of its hospitals, followed by executions of the records system at all of UCHealth’s services. “Overnight, we necessarily tripled in size,” he claims. “Frankly, it is an excellent rate of work that has been done. We knew if we did not integrate the information technology systems, it would be complicated to make economies of scale and get physician groups to collaborate.”


HIMSS Analytics recently declared that UCHealth, which involves 5 hospitals and various clinic sites throughout Colorado, southern Wyoming and western Nebraska, had got the acute care EMRAM Stage 7 Validation, and its 202 outpatient services have been identified with the HIMSS O-EMRAM Stage 7 Outpatient Validation.


In accordance to HIMSS Analytics, merely 4.3% of the more than 5,000 hospitals during the 1st quarter of the year 2016 got the Stage 7 Validation, and just 8.1% of the more than 37,000 outpatient clinics got the Stage 7 Outpatient Validation.


“We actively attracted this designation. It is not something that merely happens by tragedy,” states Hess. “We searched at HIMSS Analytics as a proxy for the maturity of our informatics and information technology solutions, and how well the agency has adopted the technology that has been executed. Meaningful Use is believed to be 1 measure and HIMSS Analytics is another.”


As an outcome, he believes that UCHealth is well positioned to handle the issues of value-based care as the healthcare industry shifts away from the fee-for-service payment settings.


“There is a ton of heavy lifting to do still,” Hess appreciates, pointing out that “we’ve 1 foot in fee-for-service and 1 foot in the value-based world.”


 

Visit the CMS eCQM Library and the eCQI Resource Center to Access the 2017 CMS HQR QRDA Implementation Guide, Schematrons, and Sample File

Visit the CMS eCQM Library and the eCQI Resource Center to Access the 2017 CMS HQR QRDA Implementation Guide, Schematrons, and Sample File


The Centers for Medicare & Medicaid Services (CMS) has published the 2017 CMS Quality Reporting Document Architecture (QRDA) Hospital Quality Reporting (HQR) Implementation Guide (IG), Schematrons, and sample file.


The 2017 IG provides technical instructions for QRDA Category I reporting for the:




  • The Hospital Inpatient Quality Reporting (IQR) Program

  • The Medicare Electronic Health Record (EHR) Incentive Program


Changes Included in the 2017 IG


The 2017 IG contains the following high-level changes related to the HQR reporting programs from the 2016 CMS QRDA Implementation Guide that pertains to HQR reporting:




  • The constraints for documentationOf/serviceEvent are updated to reflect HQR specific requirements for TIN and NPI clarity.

  • Added Section 5.3 that contains additional HQR specific validations for QRDA I.

  • CMS Certification Number is now required for the Hospital IQR and EHR Incentive Programs.


The 2017 IG provides the following additional changes that affect Eligible Hospitals and Critical Access Hospitals (CAHs):




  • The base standard for QRDA I reporting is updated to the HL7 QRDA Category I, DSTU Release 3.1 (April, 2016), instead of the HL7 QRDA Category I, DSTU Release 3. The QRDA Category I, R3.1 has incorporated updates to align with the updates made to the Quality Data Model v4.2 and C-CDA Release 2.1.

  • Sections 9 and 10 contain the updated change logs for IG changes to Base Standard and CMS IG changes from 2016 to 2017.

  • A Coordinated Universal Time (UTC time) offset should not be used anywhere in a QRDA I file or, if a UTC offset is needed anywhere, it must be specified everywhere a time field is provided.


Note: The CMS QRDA Category I and QRDA Category III implementation guidance for the Merit-Based Incentive Payment System (MIPS) and the CMS QRDA Category III implementation guidance for CPC Plus (CPC +) are not included in this 2017 CMS HQR QRDA IG, and will be released at a later date.



For More Information


Current and past QRDA Implementation Guides, Schematrons, and sample files are available in the CMS eCQM Library and the eCQI Resource Center.


 

Monday, July 11, 2016

AHA inquires Congress for modernization of rules on inducements, collusion

As hospitals and physicians growingly shift toward value-based care and take on risk in contracts, they require working together more closely.


Although, the regulatory structure in the organization has not been changed over the years to support that stage of collaboration. Present regulations are structured to stop collusion between vendors or to make sure that agencies do not offer incentives to referring clinicians to admit sufferers for care.


The way contributors presently are paid doesn’t support hospitals and physician practices in enforcing the shared electronic health record (EHR) infrastructures that are required to support coordinated care, the American Hospital Association (AHA) points out in a new report.


“Public and private payers are utilizing the financial incentives to drive behavior to acquire quality results, clinical efficiencies and cost savings—the objective of value-based models,” in accordance to AHA. “At the similar time, the legal framework controlling how, if at all, hospitals can share the threats and rewards has remained static.”


In the latest report, AHA calls for the modification of laws ruling financial collaboration to enable hospitals to subsidize start-up IT prices for the proposed physicians, to bring regulations into the line with present market realities.


3 primary laws managing fraud and abuse in the healthcare industry—The Anti-Kickback Statute, Stark Law and Civil Monetary Penalty Laws—have become significant impediments to collaboration, in accordance to AHA. These rules were made to stop financial relationships between contributors, seeking to make sure that several kinds of contributors performed sufferer care in separate, distinct and uncoordinated ways, with each contributor being paid separately deployed on services given, the report claims.


Existing laws assumed that any shared financial incentive was suspect. Now, latest alternative payment models have modernized and advanced “just because Congress authorized and the HHS Secretary has repeatedly released waivers of the abuse and fraud laws,” the hospital association asserts.


In specific, the Stark Law has become growingly unessential and an important impediment to valued-based care that Congress, Medicare, Medicaid and commercial insurers are supporting, in accordance to the report. “The threat of overutilization, which drove the passage of the Stark Law, is highly or completely eradicated in alternative payment models.”


Moreover, present oversight of compensation arrangements is for an outmoded network where physicians were self-employed, hospitals were separate entities and the payment system treated them as functioning in distinct silos. “It micromanages the situations in which a compensation arrangement is allowed, the amount paid and the way in which compensation is calculated,” in accordance to AHA.


This outmoded network also impacts the health IT initiatives to support value-based care, the association asserts.


AHA further inquires for adjustments to several other regulatory hurdles covering care teams. Those restrictions involve utilizing non-physician practitioners; offering care coordination when a sufferer leaves the hospital; helping sufferers with discharge planning; and prohibiting some kinds of financial assistance to sufferers, like transportation vouchers or in-kind contributions like a meal scale.


Friday, July 8, 2016

ONC sets 2 interoperability steps for contributors

The Office of the National Coordinator for Health IT has issued interoperability steps as needed by the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).


The intent of the measures is to fulfill the need to “acquire widespread exchange of health information through interoperable certified EHR technology nationwide” by the deadline of the day Dec. 31, 2018.


Particularly, MACRA needed the Department of Health and Human Services, in consultation with stakeholders, to make metrics for the exchange and utilization of clinical data to facilitate coordinated care and make better patient results between participants in the Medicare and Medicaid Electronic Health Record Incentive Programs and others nationwide.


The target time for developing the metrics—July 1, 2016—was met by HHS and declared by HHS in a blog written by Seth Pazinski and Talisha Searcy, both directors in the Office of Planning, Evaluation and Analysis at the ONC. In accordance to the blog of ONC, the metrics are deployed on 100 comments acquired from healthcare and health information technology agencies, as well as internal analysis.


“We’ve identified 2 measures in specific that satisfy both the feedback we got and MACRA’s particular parameters,” write Pazinski and Searcy in the blog of ONC. “Primarily, these steps don’t add to contributors’ reporting burden as part of their involvement in federal health care programs such as Medicare or Medicaid, but instead of come from existing national surveys of hospitals and office-based physicians.”



The 2 metrics are:



  • The ratio of healthcare contributors who are electronically participating in the following key domains of interoperable exchange of health data: sending; receiving; finding (querying); and integrating information got from outside or external sources.



  • The proportion of healthcare contributors who report utilizing the data they electronically get from outside contributors and sources for clinical decision making.


Section 106(b)(1)(B) of MACRA elaborates primary components of interoperability that should be measured and the population that should be the main focus of measurement, explaining the “widespread interoperability” as proposed interoperability between certified EHR technology networks that are employed by meaningful EHR users.


“However the MACRA needs for measuring interoperability highly concentrates on ‘meaningful users,’ we’re committed to advancing interoperability of health data more broadly,” claims the ONC blog. “We’ll be extending our measurement attempts to involve populations across the care continuum in the near-term, as well as an increased focus on results in the longer-term.”


Nevertheless, ONC was quick to note that the metrics are separate from the intended Quality Payment Program that is been proposed for the payment of office-based Medicare physicians.


 

Thursday, July 7, 2016

CMS recommends Ninety-day EHR reporting time in 2016

The Centers for Medicare and Medicaid Services (CMS) on the day of Wednesday declared that it is streamlining electronic health record (EHR) reporting needs for eligible experts and hospitals in the Medicare EHR Incentive Program.


“These type of changes involve a proposal for clinicians, hospitals and critical approach hospitals to utilize a 90-day EHR reporting time in  the year of 2016—down from a complete calendar year for returning participants,” claims the CMS declaration. “This increases the flexibility and mitigates the reporting burden for hospital contributors.”


In the year of 2015, the EHR reporting time for entire eligible experts, eligible hospitals and CAHs was any continuous 90-day period. What CMS is proposing in the new rule is a ninety-day EHR reporting time in the year of 2016 for all EPs, eligible hospitals and CAHs. The EHR reporting time would be any continuous ninety-day period between the time period of Jan. 1, 2016 and Dec. 31, 2016.


The latest proposed rule is an outcome of the agency’s review of the Medicare Access and CHIP Reauthorization Act of the year 2015 (MACRA).


“Initially this year, CMS performed a review of the Medicare EHR Incentive Program for clinicians as part of our execution of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), with the objective of reconsidering the program so we move closer to acquiring the complete potential health IT offers,” stated the agency. “Deployed on that review, CMS streamlined EHR reporting needs under the proposed rule to execute few provisions of MACRA to increase flexibility and motivate better sufferer outcomes.”


The College of Healthcare Information Management Executives issued its own statement in reaction to the proposed rule.


“We are happy that the Centers for Medicare and Medicaid Services (CMS) suggested a ninety day reporting time in the year of 2016 for hospitals in the Meaningful Use program,” stated the organization. “CHIME and its members have been leading advocates for a more realistic reporting time. Shortening the reporting time to ninety days from the present 365 days will permit hospitals and health networks to continue making growth in adopting technology systems that motivate latest payment and care delivery models. We are considering the proposed regulation and will have more detailed comments in the future.”


CMS also declared that it is proposing to eradicate the Clinical Decision Support and Computerized Provider Order Entry aims and steps for eligible hospitals and CAHs attesting under the Medicare EHR Incentive Program and decrease the thresholds for a subset of the remaining objectives and steps in Modified Stage 2 for the year of 2017 and Stage 3 for the years of 2017 and 2018. “These proposed changes would not apply to eligible hospitals and CAHs that attest under a state’s Medicaid EHR Incentive Program,” the agency statement stated.


Additionally, CMS proposes that EPs, eligible hospitals and CAHs that haven’t victoriously indicated meaningful use in a last year would be required to attest to Modified Stage 2 by the day of Oct. 1, 2017. “Returning EPs, eligible hospitals and CAHs will report to different systems in the year of 2017 and hence would not be impacted by this proposal,” in accordance to CMS.


When it comes to hardship exceptions, the agency is proposing that few EPs who haven't victoriously showed meaningful use in a last year, intend to attest to meaningful use for an EHR reporting period in the year of 2017, and intend to transformation to MIPS and report on measures specified for the advancing care information performance category under the MIPS as proposed in the year of 2017—can apply for a key hardship exception from the year of 2018 payment adjustment.

CMS recommends 90-day EHR reporting time in 2016

The Centers for Medicare and Medicaid Services (CMS) on the day of Wednesday declared that it is streamlining electronic health record (EHR) reporting requirements for eligible experts and hospitals in the Medicare EHR Incentive Program.


“These changes involve a proposal for clinicians, hospitals and critical access hospitals to utilize a 90-day EHR reporting time in 2016—down from a complete calendar year for returning participants,” claims the CMS declaration. “This increases flexibility and reduces the reporting burden for hospital contributors.”


In the year of 2015, the EHR reporting time for all eligible experts, eligible hospitals and CAHs was any continuous 90-day period. What CMS is proposing in the new rule is a 90-day EHR reporting time in the year of 2016 for all EPs, eligible hospitals and CAHs. The EHR reporting time would be any continuous 90-day period between the period of Jan. 1, 2016 and Dec. 31, 2016.


The new proposed rule is an outcome of the agency’s review of the Medicare Access and CHIP Reauthorization Act of the year 2015 (MACRA).


“Initially this year, CMS performed a review of the Medicare EHR Incentive Program for clinicians as part of our implementation of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), with the target of reconsidering the program so we move closer to achieving the complete potential health IT offers,” claimed the agency. “Deployed on that review, CMS streamlined EHR reporting needs under the proposed rule to execute few provisions of MACRA to increase flexibility and support better sufferer outcomes.”


The College of Healthcare Information Management Executives released its own statement in response to the proposed rule.


“We are glad that the Centers for Medicare and Medicaid Services suggested a 90-day reporting time in 2016 for hospitals in the Meaningful Use program,” stated the organization. “CHIME and its members have been leading advocates for a more realistic reporting time. Shortening the reporting time to 90-days from the present 365 days will permit hospitals and health systems to continue making growth in adopting technology systems that support latest payment and care delivery models. We are reviewing the proposed regulation and will have more detailed comments in the coming days.”


CMS also declared that it is proposing to remove the Clinical Decision Support and Computerized Provider Order Entry aims and measures for eligible hospitals and CAHs attesting under the Medicare EHR Incentive Program and reduce the thresholds for a subset of the remaining aims and measures in Modified Stage 2 for the year of 2017 and Stage 3 for the year of 2017 and 2018. “These proposed changes would not apply to eligible hospitals and CAHs that attest under a state’s Medicaid EHR Incentive Program,” the agency statement stated.


Additionally, CMS proposes that EPs, eligible hospitals and CAHs that haven’t victoriously demonstrated meaningful use in a prior year would be needed to attest to Modified Stage 2 by the day of Oct. 1, 2017. “Returning EPs, eligible hospitals and CAHs will report to different systems in the year of 2017 and hence would not be affected by this proposal,” in accordance to CMS.


When it comes to hardship exceptions, the organization is proposing that certain EPs who have not victoriously demonstrated meaningful use in a prior year, intend to attest to meaningful use for an EHR reporting period in the year of 2017, and intend to transition to MIPS and report on measures specified for the advancing care information performance category under the MIPS as proposed in the year of 2017—can apply for a key hardship exception from the year of 2018 payment adjustment.


 

Tuesday, July 5, 2016

CMS releases rule to extend access to Medicare information

The CMS (Centers for Medicare and Medicaid Services) on the day of Friday released final rules covering increased approach to analyses and information that will assist contributors, employers and others make more informed decisions about quality improvement and care delivery.


The new rules, needed as a provision of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), are meant to augment the Qualified Entity Program, proposed by the Affordable Care Act, which authorizes the qualified entities confidentially share or sell analyses of Medicare and private sector claims information to contributors, employers and other groups that can utilize the information to support better care.


For instance, CMS claims provisions of the rule enables qualified entities to perform analyses on information from chronically sick or other resource-intensive sufferer populations to increase quality and drive down healthcare prices.


Moreover, under the rules, qualified entities might offer or sell claims information to contributors and suppliers, like physicians, nurses and skilled nursing services, among others.


“Increasing approach to analyses and information that involve Medicare data will make it convenient for stakeholders throughout the healthcare system to make smarter and more informed healthcare decisions,” stated Niall Brennan, chief data officer at CMS, in a written statement.


Although, the agency points out that qualified entities must combine the Medicare information with other claims information—like private payer information—to “produce quality reports that are representative of how contributors and suppliers are performing across various payers—for instance Medicare, Medicaid or several commercial payers.”


Further, CMS forced that making sure the privacy and security of beneficiary data is of paramount significance, and that the new rules involve strict privacy and security needs for all entities that get sufferer identifiable and beneficiary de-identified analyses or information.


“For instance, if entities get patient-identifiable data or analyses, they must utilize protections that are at least as stringent as what is needed of covered entities and their business associates for protected health data under the HIPAA Privacy and Security Rules,” claimed the agency.


Although, Deborah Peel, MD, founder and president of the agency Patient Privacy Rights, asserts that this new rule is morally and ethically not right.


“CMS knows that the public has never encouraged research without meaningful consent, which breaches the Common Rule and post-World War II ethics. But worse, it is a worst decision because putting control of Medicare and Medicaid (protected health data) into the hands of close to a million hidden information brokers will make sure the greatest harms to the most vulnerable and supports present HIT giants whose technology must change to end harms to sufferers,” states Peel, an advocate for patients’ rights to control the utilization of personal health data in electronic systems.


“Paper medical records systems all required consent for any health data to be shared with any other doctor, except in rare emergencies,” she further adds. “Paper records never caused such extreme hidden harms. Government’s job is to facilitate and protect persons, not corporations. HHS has betrayed U.S. sufferers.”


In its announcement, CMS pointed out that the final rules consist of few changes from its original proposed rule and that “future rulemaking is hoped to extend the information available to qualified entities to involve standardized extracts of Medicaid information.”


To date, fifteen agencies have applied for and got approval to be a qualified entity; of those, two have completed public reporting, while the other thirteen are preparing for public reporting.


 

Monday, July 4, 2016

More than 40,000 patients in the recent cyber attack

A latest cyber attack at Stamford Podiatry Group in the state of Connecticut put protected health data of 40,491 sufferers at risk.


The agency contacted sufferers this week to inform them that their protected health data was compromised. The hack of systems by a smaller healthcare agency is a reminder that such attacks can happen to any healthcare contributor or payer agency.


The practice’s technology contractor founded the attack on the night of the day of April 14 and shut down the data systems, claims Rui DeMelo, DPM, vice president and owner. That is unlike how several agencies typically seek out that they’ve been attacked, as law enforcement organizations inquiring a cyber incident typically find other agencies that were hacked and notify them.


The following day, the practice involved Equifax for investigation and remediation tasks that involved eradicating malware and backing up information to an off-site location, states DeMelo. Remediation was completed on the day of April 29. The investigation discovered that the intruder had access to systems from the day of February 22 to April 14.


Compromised protected health data could have involved medical history and treatment information in the electronic health records (EHRs) system, names, Social Security numbers, gender, birth dates, marital status, telephone numbers, addresses, email addresses, insurance coverage data and names of treating and referring physicians.


In a notification letter to sufferers, the practice stated, “However we’ve not been capable to confirm that your personal data was accessed and copied, we’ve not been capable to rule out that possibility and motivate you to take the protective measures mentioned below.” The measures involved reviewing account statements, monitoring credit reports and agreeing to one year of free credit monitoring and recognize theft protection services from Equifax.


Stamford Podiatry has retained cybersecurity professionals and is implementing extra unspecified security steps to stop further intrusions.


 

Friday, July 1, 2016

‘Medicalized’ smartphones to put health information in hands of sufferers

The world is on the verge of a 4th industrial revolution, featured by artificial intelligence, robots, big data, and thorough learning and analytics, but medicine is yet stuck at the start of the 3rd industrial revolution, which has already brought digital abilities to billions of persons globally.


That is the contention of Eric Topol, MD, director of the Scripps Translational Science Institute and chief academic officer of Scripps Health in La Jolla, Calif., who claims that the digital revolution has been appearing since the middle of the previous century. Even so, the healthcare industry sustains to just minimally leverage IT.


Although, Topol, a practicing cardiologist at the Scripps Health observes mobile tools as the technological enabler for the “democratization” of medicine by offering sufferers control of their own health information, which has historically, been the key domain of all doctors.


Clients are “moving from passengers to co-pilots,” challenging the conventional “doctor knows best” mindset among physicians, in accordance to Topol. Initially, medicine has been reluctant to make such alterations.


Nevertheless, with more than 80% of U.S. adults owning smartphones, he considers healthcare is on the cusp of a significant shift in who controls information. That transformation of control will effectively move power from physicians to sufferers, who will play a dramatically more key role in their own care. In the future, clients armed with mobile phones will accumulate information from wearable sensors to stop or better treat health situations, Topol stated, with these tools facilitating the role of a digital medical assistant.


On-demand the medicine is the core element of the future, and face-to-face office visits are going to become the minority of physician-sufferer communication moving forward, Topol assumed. In fact, he discussed that the sufferer’s bedroom will become the hub of remote monitoring, giving continuous detecting of vital symptoms from the home, as well as virtual consultations through telehealth-enabled smartphones. “The telemedicine revolution has ultimately arrived, and it is moving towards prime time.”


In accordance to Topol, a professor of genomics, mobile health technology won’t just markedly cut healthcare prices but will put personalized medicine in the hands of sufferers by contextualizing the information they produce in their real world, not merely the office of doctor.


“In a small droplet of blood, there is much information,” Topol analyzed, which can be tested at home by clients. “It is not merely blood. It could be also the sweat, urine, and breath.” There is going to be pocketing DNA sequencers the size of a flash drive that persons will utilize immensely, he assumed. “They already exist now-a-days.”


Additionally, clients today can order a mobile tool through Amazon for $69 and conduct a cardiogram anytime they need “when they feel that is something’s not correct, when they are dizzy or when they feel their heart is racing,” he stated. An algorithm embedded in the smartphone software updates sufferers on their heart rhythm, which can “preempt having to go to an emergency room when most of the period (the condition of person) is normal.”


By wearing a small sensor on the arm or abdomen connected to a smartphone, diabetic sufferers can get glucose readings every 5 minutes, in accordance to Topol. Further, he claimed that an experimental contact lens being established by Google can painlessly measure glucose levels in tears, replacing the finger sticks that millions of persons with diabetes utilize to draw blood.


For persons with Parkinson’s disease, Topol disclosed that there is a free app that, at any moment in period, quantifies an individual’s tremor, voice, and gait to assist to evaluate whether they should take their medication and in what dose.


Additionally, ear infections are a usual reason for parents to take their kids to the pediatrician. Although, he stated that mothers and fathers can utilize their smartphones to diagnose their kid’s ear infection through the cloud with an algorithm that investigates images for the availability of fluid trapped in the middle ear.


Hospital-based sleep studies, which are believed to be among the top revenue drivers for several health networks, could also be a thing of the past in Topol’s emerging app economy. He inquired: How many persons would go to a sleep lab and pay $4,000 for a sleep research when you can take a sensor in a reusable Band-Aid that charges $1 to make and gains nearly all of the similar information?


When it comes to other modern sensor technology, Topol stated that it is now possible to observe sweat and physiologic metrics with skin sensors. “For instance, exposure to the proposed pesticides and even things such as nitric oxide which could assume an asthma attack.”


 

CMS shares information, analysis of vendor-contributor transactions

The Centers for Medicare and Medicaid Services (CMS) on the day of Thursday posted full-year 2015 financial information on its Open Payments website, made to assist clients better understand financial relationships between the proposed physicians and drug and medical device companies.


Better collection and analysis of financial transaction information by CMS sustain its program to detect trends in contributor-vendor relationships and present relevant data to the public. Instead of lauding the transparency attempts, a leading U.S. medical agency inquired the validity of the data, the attempts to observe it and its relevance for clients.


The information accumulated for 2015 involves data about 11.9 million records attributed to almost 619,000 physicians and 1,116 teaching hospitals, totaling $7.52 billion. Under the supervision of Sunshine Act, drug and device companies are needed yearly to report financial interactions with contributors to CMS, which the agency makes public through its Open Payments program.


“Transparency is motivating physicians to be purposeful about their economical relationships with companies, and there is a prominent shift towards charitable contributions and away from other interactions, like honoraria and gifts,” stated Shantanu Agrawal, MD, a CMS deputy administrator and director of the Center for Program Integrity.


Over the course of the program since the year of 2014, CMS has issued 28.22 million records, accounting for $16.77 billion in payments, and ownership and contribution interests.


Besides the 2015 Open Payments data, CMS also issued on the day of Thursday newly submitted and updated payment records for the years of 2013 and 2014 reporting times. In accordance to the agency, the year of 2015 information is the 2nd second full year of data present on the Open Payments website.


Although, the American Medical Association sustains to take problem with the Open Payments program, calling into question the precision of the published data.


However the AMA says it remains committed to transparency and the availability of data for sufferers to make informed decisions about their medical care, the physician group asserts that the Open Payments information issued by CMS must be valid, reliable, and complete—a bar that it considers remains too high for the agency.


“While we acknowledge the attempts of the CMS to verify the information submitted by industry, continued information errors and registration challenges during the last 2 years have thwarted several physicians from engaging in the review and validation procedure,” in accordance to a written statement from AMA. “The integrity objectives of the Open Payments database will not be met as long as physician review is obstructed by a registration process that is annoying, time consuming and overly burdensome.”


Additionally, the group discussed that “publishing wrong information leads to misinterpretations, ruins reputations and undermines the trust that sufferers have in their physicians,” and “it can also discourage research and care delivery improvements that give advantage to sufferers.”


AMA also stated that it powerfully condemns unsuitable, unethical interactions between physicians and industry. At the similar time, the association made the case that “not all interactions are unethical or unsuitable,” and that “there are relationships that can assist to drive innovation in patient care and offer key resources for professional medical education that finally benefits sufferers.”