Protenus, a company that is established an analytics platform intended to stop data breaches and secure patient information, recently gained $3 million in funding from investors to advance research and product development.
Kaiser Permanente Ventures and F-Prime Capital Partners invested in Protenus in its series A funding.
Protenus collaborates with several healthcare systems and hospitals across the country, and is capable to secure data for more than 44 million patients.
“This extra funding will assist us explore the cost and benefits of different kinds of products built off of our analytics platform to understand what is most needed in healthcare and how we can help best,” claims Nick Culbertson, the company’s CEO.
Protenus utilizes artificial intelligence techniques to better understand workflows in the healthcare industry, and the approach enables it to distinguish unsuitable access to patient information.
“We develop profiles on patients based on what kind of treatment they are getting, and we build profiles based on human resources data to understand what type of employees are accessing patient data,” Culbertson states.
In the year of 2016, over 27 million patient records were breached, as reported by the Protenus Breach Barometer, and so far this year, there has been an average of at least one health data breach a day, with 40% of them a result of insider access.
“We use system access logs to explain how certain kinds of workers are accessing (records of) certain kinds of patients throughout that care workflow process. In other words, we develop the clinical workflow in a virtual environment and understand how employees are virtually passing medical records from one to another,” says Culbertson.
Protenus expects to be able to use its platform to identify other anomalies in those workflows, enabling it to catch problems such as prescription abuse, fraud or other types of medical anomalies.
“We like to consider it [Protenus] as a tool to cause cultural reform, because a lot of individuals are doing things because they do not realize it is illegal, and so when you are able to identify it early, educate them and remind them that they are abusing access to sufferer data, that is a chance to educate and stop that in the future,” says Culbertson.
Wednesday, August 2, 2017
Tuesday, August 1, 2017
CMS Reduces Burden on Meaningful Use programs for the year of 2018
The CMS has acted to substantially decrease burdens on hospitals targeting to acquire the meaningful use programs of electronic health records (EHRs).
Hospitals are being given another year to use the 2014 Edition of Certified EHR Technology (CEHRT) software. Facilities also now have the option of continuing to meet modified Stage 2 measures for meaningful use programs, instead of being required to move to Stage 3 in 2018. Under the new final rule, hospitals now are not required to meet Stage 3 until the year of 2019.
Hospitals, at their option, also can use a combination of the 2014 and 2015 editions of meaningful use software.
The revisions to meaningful use regulations were issued today in a final rule covering the Fiscal Year 2018 Inpatient Prospective Payment System, which broadly covers payments to providers under Medicare.
Moreover, hospitals will be needed to report only four electronic clinical quality measures (eCQMs) in 2017 and 2018, rather than eight measures. And, providers can select any quarter of data for eCQM reporting for both years.
Also under the final rule, CMS is developing new requirements or revising existing requirements for eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) participating in the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs.
The College of Healthcare Information Management Executives, an expert group that represents chief information officers and other healthcare IT professionals, highly praised the new policies.
“CMS took into account that both hospitals and vendors require more time to prepare for 2015 certified EHRs,” stated Liz Johnson, CHIME board chair and CIO of acute hospitals and applied clinical informatics at Tenet Healthcare. “Taken together, the common sense changes CMS made will give greater stability and certainty to hospitals, permitting them to continue to forge ahead using technology to better treat the patients they serve.”
The 2,456-page final rule, of which just a small portion addresses the meaningful use programs changes, is available here.
Hospitals are being given another year to use the 2014 Edition of Certified EHR Technology (CEHRT) software. Facilities also now have the option of continuing to meet modified Stage 2 measures for meaningful use programs, instead of being required to move to Stage 3 in 2018. Under the new final rule, hospitals now are not required to meet Stage 3 until the year of 2019.
Hospitals, at their option, also can use a combination of the 2014 and 2015 editions of meaningful use software.
The revisions to meaningful use regulations were issued today in a final rule covering the Fiscal Year 2018 Inpatient Prospective Payment System, which broadly covers payments to providers under Medicare.
Moreover, hospitals will be needed to report only four electronic clinical quality measures (eCQMs) in 2017 and 2018, rather than eight measures. And, providers can select any quarter of data for eCQM reporting for both years.
Also under the final rule, CMS is developing new requirements or revising existing requirements for eligible professionals (EPs), eligible hospitals and critical access hospitals (CAHs) participating in the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs.
The College of Healthcare Information Management Executives, an expert group that represents chief information officers and other healthcare IT professionals, highly praised the new policies.
“CMS took into account that both hospitals and vendors require more time to prepare for 2015 certified EHRs,” stated Liz Johnson, CHIME board chair and CIO of acute hospitals and applied clinical informatics at Tenet Healthcare. “Taken together, the common sense changes CMS made will give greater stability and certainty to hospitals, permitting them to continue to forge ahead using technology to better treat the patients they serve.”
The 2,456-page final rule, of which just a small portion addresses the meaningful use programs changes, is available here.
Labels:
CMS,
Fiscal Year,
Liz Johnson,
Meaningful Use
Contractor breach impacts data of 18,500 Anthem Medicare members
Only one week after Anthem accepted to pay $115 million to victims of its massive February 2015 data breach that impacted the 78.8 million people, the company confronts another data breach discovered by a contractor, this time affecting over 18,500 of Anthem Medicare members.
LaunchPoint Ventures, which gives insurance coordination services to Anthem, learned in the month of April that a worker likely was engaged in identity theft activities. The contractor then employed a forensic firm to assess suspicious incidents.
In the month of late May, LaunchPoint learned that the employee might have accessed data of other LaunchPoint customers, in addition to that of Anthem. The inquiry further determined that the worker emailed a file with information on Anthem members to his personal address in the month of July 2016; the inquiry couldn’t determine if the employee had a legitimate work-related reason for doing so.
LaunchPoint says the worker has since been terminated and is now being held by law enforcement on charges that are unrelated to the Anthem breach.
In June, LaunchPoint was capable to confirm that the Anthem data emailed by the worker contained protected health information of Anthem Medicare members. There is not yet evidence the data was misused. Compromised member information includes Medicare ID numbers including Social Security numbers, health plan ID numbers, Medicare contract numbers, dates of enrollment, and a restricted number of last names and dates of birth.
LaunchPoint is now reinforcing policies and protocols, and evaluating additional safeguards. The company is providing affected individuals 2 years of free credit monitoring and identity theft services with AllClear ID.
Anthem refused to comment on the incident, and executives didn’t say whether it will continue to use LaunchPoint’s services.
LaunchPoint Ventures, which gives insurance coordination services to Anthem, learned in the month of April that a worker likely was engaged in identity theft activities. The contractor then employed a forensic firm to assess suspicious incidents.
In the month of late May, LaunchPoint learned that the employee might have accessed data of other LaunchPoint customers, in addition to that of Anthem. The inquiry further determined that the worker emailed a file with information on Anthem members to his personal address in the month of July 2016; the inquiry couldn’t determine if the employee had a legitimate work-related reason for doing so.
LaunchPoint says the worker has since been terminated and is now being held by law enforcement on charges that are unrelated to the Anthem breach.
In June, LaunchPoint was capable to confirm that the Anthem data emailed by the worker contained protected health information of Anthem Medicare members. There is not yet evidence the data was misused. Compromised member information includes Medicare ID numbers including Social Security numbers, health plan ID numbers, Medicare contract numbers, dates of enrollment, and a restricted number of last names and dates of birth.
LaunchPoint is now reinforcing policies and protocols, and evaluating additional safeguards. The company is providing affected individuals 2 years of free credit monitoring and identity theft services with AllClear ID.
Anthem refused to comment on the incident, and executives didn’t say whether it will continue to use LaunchPoint’s services.
Labels:
Anthem Medicare,
Data Security,
Healthcare Scams,
ID,
Social Security
Monday, July 31, 2017
Attacks of Ransomware strucks South Dakota plastic surgery practice
Plastic Surgery of South Dakota is providing about 10,200 current and former patients a year of credit and identity protection services amid concerns that their information was accessed during a mid-February ransomware attack.
The agency removed the ransomware from its information systems and decrypted data, then brought in security experts to determine if any data was accessed by unauthorized users. While the majority of records were not accessed, the practice was unable to rule out whether a smaller subset of sufferer records had been breached.
To date, although, there is no proof of any actual or attempted misuse of data, the practice noted in a patient notification letter. Information that could have been compromised includes patients’ names, driver’s license numbers, Social Security numbers, state identification numbers, credit and debit card information, medical conditions and diagnosis information, lab results, addresses, dates of birth and health insurance data.
Plastic Surgery of South Dakota is further recommending a range of steps for affected individuals to take to protect themselves, including monitoring credit reports and explanations of benefits; getting free credit reports from the three major credit bureaus; placing fraud alerts on credit files and placing a security freeze on credit reports, which prohibits release of information from the reports absent consumer authorization.
The practice refused to give further details about the incident beyond a patient notification letter.
The agency removed the ransomware from its information systems and decrypted data, then brought in security experts to determine if any data was accessed by unauthorized users. While the majority of records were not accessed, the practice was unable to rule out whether a smaller subset of sufferer records had been breached.
To date, although, there is no proof of any actual or attempted misuse of data, the practice noted in a patient notification letter. Information that could have been compromised includes patients’ names, driver’s license numbers, Social Security numbers, state identification numbers, credit and debit card information, medical conditions and diagnosis information, lab results, addresses, dates of birth and health insurance data.
Plastic Surgery of South Dakota is further recommending a range of steps for affected individuals to take to protect themselves, including monitoring credit reports and explanations of benefits; getting free credit reports from the three major credit bureaus; placing fraud alerts on credit files and placing a security freeze on credit reports, which prohibits release of information from the reports absent consumer authorization.
The practice refused to give further details about the incident beyond a patient notification letter.
Labels:
Data Security,
Social Security,
South Dakota
Friday, July 28, 2017
Anthem Blue Cross selects solution to help genetic testing
Anthem Blue Cross has initiated a genetic testing solution aimed at encouraging suitable, safe, and affordable testing and counseling for patients.
The Anthem Blue Cross program is developed and administered by national specialty benefits management leader, AIM Specialty Health, which offers an automated system that guides the decision-making process.
Anthem’s Genetic Testing Solution promotes appropriate use and provides education that addresses the clinical and financial complexities of genetic testing. Through a combination of clinical review of testing requests and coordination with genetic testing laboratories, providers and members can draw upon verified resources to support clinical decision making.
Anthem’s program has been in place since the day of July 1 and is being first used with its completely insured and self-insured members; national account members will be added in the year of 2018.
“More than 70,000 genetic testing products are presently on the market, and an average of 10 new products is introduced every day,” says Razia Hashmi, MD, Anthem’s medical director for commercial business. “Stakeholders across the healthcare system are increasingly challenged to manage the pace of change.”
With an international market for such testing estimated at $10.3 billion market by the year of 2024, the healthcare insurance and the industry in general is being thrust into an ongoing debate about how to handle the increasing array of complicated and costly tests.
Anthem considers the testing solution will improve the efficiency of the healthcare system for laboratories, doctors’ offices and insurers by moving from a manual, labor-intensive and post-service process to a real-time automated system that can deliver prior authorizations to doctors as they are sitting with their patients. The company also considers it’ll decrease the likelihood of errors in filling out paperwork, which adds to labor and time.
For several tests, using the solution can cut down the average time for submitting and processing an insurance claim from days to minutes because the prior authorization review provides specific CPT code data to the insurer to facilitate the claim processing, Anthem Blue Cross and AIM Specialty say.
The Anthem Blue Cross program is developed and administered by national specialty benefits management leader, AIM Specialty Health, which offers an automated system that guides the decision-making process.
Anthem’s Genetic Testing Solution promotes appropriate use and provides education that addresses the clinical and financial complexities of genetic testing. Through a combination of clinical review of testing requests and coordination with genetic testing laboratories, providers and members can draw upon verified resources to support clinical decision making.
Anthem’s program has been in place since the day of July 1 and is being first used with its completely insured and self-insured members; national account members will be added in the year of 2018.
“More than 70,000 genetic testing products are presently on the market, and an average of 10 new products is introduced every day,” says Razia Hashmi, MD, Anthem’s medical director for commercial business. “Stakeholders across the healthcare system are increasingly challenged to manage the pace of change.”
With an international market for such testing estimated at $10.3 billion market by the year of 2024, the healthcare insurance and the industry in general is being thrust into an ongoing debate about how to handle the increasing array of complicated and costly tests.
Anthem considers the testing solution will improve the efficiency of the healthcare system for laboratories, doctors’ offices and insurers by moving from a manual, labor-intensive and post-service process to a real-time automated system that can deliver prior authorizations to doctors as they are sitting with their patients. The company also considers it’ll decrease the likelihood of errors in filling out paperwork, which adds to labor and time.
For several tests, using the solution can cut down the average time for submitting and processing an insurance claim from days to minutes because the prior authorization review provides specific CPT code data to the insurer to facilitate the claim processing, Anthem Blue Cross and AIM Specialty say.
Thursday, July 27, 2017
Web-Based tool puts cancer sufferers at the center of their care
A web-based tool designed for clinical collaboration has been shown to be beneficial in facilitating care management communication between patients with advanced cancer and their clinicians.
The internally developed platform, termed as Loop, was put to the test in a feasibility randomized controlled trial at Sinai Health System’s Temmy Latner Center for Palliative Care in Toronto and the University of Toronto’s Princess Margaret Cancer Center.
Loop, a secure web-based tool, enables sufferers and caregivers to communicate asynchronously with multiple members of the care team including physicians, nurses and allied health professionals. Particularly, it links sufferers and caregivers to providers in a virtual space where communication can be facilitated outside of appointments and across care settings.
Results of the feasibility trial involving 24 advanced-stage cancer patients, recruited to both the intervention and control arms, and their care teams were recently published in the Journal for Medical Internet Research. The study found that it was feasible to implement Loop in clinical practice and that the tool may have the potential to improve continuity of care.
“We conducted a pilot randomized controlled trial in a population of patients with advanced cancer, as prototypical of a population with complex care needs,” write the authors. “Our objective was to evaluate the feasibility of integrating a tool like Loop into current care processes and to capture preliminary measures of the effect of Loop on continuity of care, quality of care, symptom distress, and healthcare utilization.”
“It is not about the diagnosis of the patient—it’s much more about patients with complex care needs that would benefit from an intervention like this,” says Amna Husain, MD, project leader at the Temmy Latner Center for Palliative Care.
The notion behind Loop is to put patients at the center of their care, making them an integral member of their care team with better access to information, according to Husain. To facilitate this engagement, the platform was developed with an intuitive, easy-to-use web interface to enable messaging between patient, providers and caregivers on a desktop computer or mobile device after logging in with an email address and password, she notes.
Loop, web-based tool, is a communication tool meant to connect people across organizations, teams and disciplines, Husain adds. However, she is quick to add that messages can only be read and posted by care team members using the tool if they are involved in a patient’s care.
“The messages are threaded in conversations and can be searched using various filters,” states the JMIR article. “In addition to posting messages, users may label posts with user-defined ‘tags’ and an ‘Attention To’ feature that specifies individuals to be alerted to a post by a generic email.”
The research discovered that participants in the trial were able to understand and use the core functionality of Loop, namely to post and read messages.
“We further observed that sufferers viewed their Loop more often than they posted, compared with healthcare providers, who posted nearly as often as they viewed a Loop,” conclude the authors. “This could be interpreted as showing that patients were more proactive tool users, while healthcare providers are more likely to wait for notifications before logging in.”
Overall, researchers discovered that use of the platform suggests that “some coordination tasks were improved but further strategies to build collaboration among team members may be needed.”
“The power of a communication web-based tool is when you are able to enable collaboration across a team, rather than just one-on-one communication between a patient and provider or a provider and another provider,” adds Husain, who claims a larger follow-up study for Loop is planned.
The internally developed platform, termed as Loop, was put to the test in a feasibility randomized controlled trial at Sinai Health System’s Temmy Latner Center for Palliative Care in Toronto and the University of Toronto’s Princess Margaret Cancer Center.
Loop, a secure web-based tool, enables sufferers and caregivers to communicate asynchronously with multiple members of the care team including physicians, nurses and allied health professionals. Particularly, it links sufferers and caregivers to providers in a virtual space where communication can be facilitated outside of appointments and across care settings.
Results of the feasibility trial involving 24 advanced-stage cancer patients, recruited to both the intervention and control arms, and their care teams were recently published in the Journal for Medical Internet Research. The study found that it was feasible to implement Loop in clinical practice and that the tool may have the potential to improve continuity of care.
“We conducted a pilot randomized controlled trial in a population of patients with advanced cancer, as prototypical of a population with complex care needs,” write the authors. “Our objective was to evaluate the feasibility of integrating a tool like Loop into current care processes and to capture preliminary measures of the effect of Loop on continuity of care, quality of care, symptom distress, and healthcare utilization.”
“It is not about the diagnosis of the patient—it’s much more about patients with complex care needs that would benefit from an intervention like this,” says Amna Husain, MD, project leader at the Temmy Latner Center for Palliative Care.
The notion behind Loop is to put patients at the center of their care, making them an integral member of their care team with better access to information, according to Husain. To facilitate this engagement, the platform was developed with an intuitive, easy-to-use web interface to enable messaging between patient, providers and caregivers on a desktop computer or mobile device after logging in with an email address and password, she notes.
Loop, web-based tool, is a communication tool meant to connect people across organizations, teams and disciplines, Husain adds. However, she is quick to add that messages can only be read and posted by care team members using the tool if they are involved in a patient’s care.
“The messages are threaded in conversations and can be searched using various filters,” states the JMIR article. “In addition to posting messages, users may label posts with user-defined ‘tags’ and an ‘Attention To’ feature that specifies individuals to be alerted to a post by a generic email.”
The research discovered that participants in the trial were able to understand and use the core functionality of Loop, namely to post and read messages.
“We further observed that sufferers viewed their Loop more often than they posted, compared with healthcare providers, who posted nearly as often as they viewed a Loop,” conclude the authors. “This could be interpreted as showing that patients were more proactive tool users, while healthcare providers are more likely to wait for notifications before logging in.”
Overall, researchers discovered that use of the platform suggests that “some coordination tasks were improved but further strategies to build collaboration among team members may be needed.”
“The power of a communication web-based tool is when you are able to enable collaboration across a team, rather than just one-on-one communication between a patient and provider or a provider and another provider,” adds Husain, who claims a larger follow-up study for Loop is planned.
Wednesday, July 26, 2017
Sutter Health to assist small hospitals by Using virtual PCs
Sutter Health is in the initial stages of providing smaller hospitals a virtual personal computer infrastructure that will enabling an agency’s users to move from one machine to another throughout a facility, or access data from a mobile device of their choice, like a tablet.
The program, likely to be named Healthcare Workspace, is envisioned to make information more secure while enabling convenient and fast access from anywhere, with the service handling software updates and ensuring participating providers sustain to be compliant with regulations.
The hospitals would amuse the financial savings through reduced acquisition charges and use of desktop computers, while consumers would still have access to their personal computer—now mobile—anywhere and at any time.
“The virtual desktop follows you, so you do not have your own PC but a virtual PC,” elaborates Wes Wright, chief technology officer at Sutter Health. Citrix will run the virtual desktops that will operate on a Cisco network.
If a user does not use the virtual desktop for four hours, it automatically logs out. If during a shift a virtual desktop user unknowingly picked up a virus, when the shift is done the virus goes away because the virtual desktop goes away.
The target audience for virtual desktops is hospitals with 100 beds or fewer that can’t afford virtualized desktop infrastructure or find the suitable IT talent for using the technology.
Sutter Health has opted IT consulting and deployment firm Entisys 360 as the valued-added reseller that will market and run the base applications. Wright believes Citrix and Microsoft also likely will market the product, as well as some health care, operational and security consultancies.
Wright warns that much of the project sustains to be in the planning stage, although October is currently pegged as a soft launch. Sutter Health has initiated reaching out to smaller hospitals and gauging their interest, which Wright says is high.
A monthly subscription fee has yet to be evaluated; when it is set, marketing will start through Sutter’s physician services unit. As part of the package, Sutter Health also will offer virtual call centers.
The program, likely to be named Healthcare Workspace, is envisioned to make information more secure while enabling convenient and fast access from anywhere, with the service handling software updates and ensuring participating providers sustain to be compliant with regulations.
The hospitals would amuse the financial savings through reduced acquisition charges and use of desktop computers, while consumers would still have access to their personal computer—now mobile—anywhere and at any time.
“The virtual desktop follows you, so you do not have your own PC but a virtual PC,” elaborates Wes Wright, chief technology officer at Sutter Health. Citrix will run the virtual desktops that will operate on a Cisco network.
If a user does not use the virtual desktop for four hours, it automatically logs out. If during a shift a virtual desktop user unknowingly picked up a virus, when the shift is done the virus goes away because the virtual desktop goes away.
The target audience for virtual desktops is hospitals with 100 beds or fewer that can’t afford virtualized desktop infrastructure or find the suitable IT talent for using the technology.
Sutter Health has opted IT consulting and deployment firm Entisys 360 as the valued-added reseller that will market and run the base applications. Wright believes Citrix and Microsoft also likely will market the product, as well as some health care, operational and security consultancies.
Wright warns that much of the project sustains to be in the planning stage, although October is currently pegged as a soft launch. Sutter Health has initiated reaching out to smaller hospitals and gauging their interest, which Wright says is high.
A monthly subscription fee has yet to be evaluated; when it is set, marketing will start through Sutter’s physician services unit. As part of the package, Sutter Health also will offer virtual call centers.
Labels:
Health Records,
Healthcare Workspace,
IT,
PC,
Sutter Health
Tuesday, July 25, 2017
Tewksbury Hospital in Massachusetts terminates worker after long-term snooping
A worker at Tewksbury Hospital in Massachusetts was discovered to be occasionally snooping in sufferers’ electronic medical records without clinical justification.
The inappropriate access of medical records occurred from the year of 2003 until it was discovered this past spring. Now, the facility—one of four hospitals in the Massachusetts Department of Public Health serving complex chronically ill adult sufferers and psychiatric patients—has notified more than 1,100 affected people.
Tewksbury Hospital officials say they learned of the breach in April, when a former patient expressed concern that their medical record might have been inappropriately accessed. Compromised data involved names, addresses, and dates of birth, gender, diagnoses and medical treatments. Less than half of the records involved viewing of Social Security numbers, according to the hospital.
The state’s department of health has terminated the worker.
“To decrease the chance of future tragedies like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” Tewksbury executives noted in a statement. “We’re also reassessing how we review our workforce members’ use of the electronic medical records system and will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”
Tewksbury Hospital is advising affected people to notify credit reporting agencies, order a credit report and review it for signs of fraud, and request a security freeze to prevent the opening of new accounts using the compromised information.
In its notification to sufferers, Tewksbury Hospital is not offering credit monitoring or identity theft protection services. Currently, there is no indication that information has been accessed or misused, in accordance with a spokesperson for the hospital.
The hospital refused to give additional details about the incident, and did not comment on why the inappropriate access had gone undetected for fourteen years.
The inappropriate access of medical records occurred from the year of 2003 until it was discovered this past spring. Now, the facility—one of four hospitals in the Massachusetts Department of Public Health serving complex chronically ill adult sufferers and psychiatric patients—has notified more than 1,100 affected people.
Tewksbury Hospital officials say they learned of the breach in April, when a former patient expressed concern that their medical record might have been inappropriately accessed. Compromised data involved names, addresses, and dates of birth, gender, diagnoses and medical treatments. Less than half of the records involved viewing of Social Security numbers, according to the hospital.
The state’s department of health has terminated the worker.
“To decrease the chance of future tragedies like this occurring, we are reviewing our policies regarding access to the electronic medical records system,” Tewksbury executives noted in a statement. “We’re also reassessing how we review our workforce members’ use of the electronic medical records system and will be reviewing the training we provide to all workforce members regarding the privacy and security of confidential information.”
Tewksbury Hospital is advising affected people to notify credit reporting agencies, order a credit report and review it for signs of fraud, and request a security freeze to prevent the opening of new accounts using the compromised information.
In its notification to sufferers, Tewksbury Hospital is not offering credit monitoring or identity theft protection services. Currently, there is no indication that information has been accessed or misused, in accordance with a spokesperson for the hospital.
The hospital refused to give additional details about the incident, and did not comment on why the inappropriate access had gone undetected for fourteen years.
Monday, July 24, 2017
Information Technology confidence, spending up across various industries
Improvements and stability in business information technology confidence across a range of industries involving healthcare, will drive stronger IT spending growth this year, in accordance to a new study by International Data Corp.
Professional services firms, involving cloud service providers, will increase their information technology confidence spending by 6% in the year of 2017, while IT budgets in the financial services sector will rise by more than 5%, the IDC research predicts.
By the year of 2021, IT spending will reach $2.7 trillion, with the largest contributions coming from consumers, banks, manufacturers, and telecommunications providers.
Cloud service providers are anticipated to resume data center investment growth in the second half of 2017, after a brief slowdown, and this will drive server and storage spending by professional services firms to almost 9 percent growth this year.
Enterprise buyers are also poised for a server upgrade cycle this year, IDC claimed, driving positive growth in spending across vertical industries. Enterprise software spending remains strong, led by professional services (up 9%), followed by banking, securities and investment services, retail and healthcare (all up 8 percent).
Total annual software spending will surpass $600 billion by 2021, with the largest contributions coming from manufacturing, banking and professional services, the report stated.
"The banking industry indicates highly positive indicators for spending plans, with key projects focused on big data and analytics," said Jessica Goepfert, program director for customer insights and analysis at IDC. "Nearly all of the major banks around the world have highlighted that their [big data analytics] deployments are now a critical part of their competitive strategies. This is particularly the case on the retail banking side, as the banks establish their omnichannel strategies, seek to understand and respond to their customers' behavior, and build strategies for excellence in customer experience."
Professional services firms, involving cloud service providers, will increase their information technology confidence spending by 6% in the year of 2017, while IT budgets in the financial services sector will rise by more than 5%, the IDC research predicts.
By the year of 2021, IT spending will reach $2.7 trillion, with the largest contributions coming from consumers, banks, manufacturers, and telecommunications providers.
Cloud service providers are anticipated to resume data center investment growth in the second half of 2017, after a brief slowdown, and this will drive server and storage spending by professional services firms to almost 9 percent growth this year.
Enterprise buyers are also poised for a server upgrade cycle this year, IDC claimed, driving positive growth in spending across vertical industries. Enterprise software spending remains strong, led by professional services (up 9%), followed by banking, securities and investment services, retail and healthcare (all up 8 percent).
Total annual software spending will surpass $600 billion by 2021, with the largest contributions coming from manufacturing, banking and professional services, the report stated.
"The banking industry indicates highly positive indicators for spending plans, with key projects focused on big data and analytics," said Jessica Goepfert, program director for customer insights and analysis at IDC. "Nearly all of the major banks around the world have highlighted that their [big data analytics] deployments are now a critical part of their competitive strategies. This is particularly the case on the retail banking side, as the banks establish their omnichannel strategies, seek to understand and respond to their customers' behavior, and build strategies for excellence in customer experience."
Friday, July 21, 2017
ONC plan to be supported by Groups to measure interoperability
Industry groups basically support a measurement framework for healthcareinteroperability standards proposed by the Office of the National Coordinator for Health Information Technology or ONC plan, although they differ on whether a voluntary industry-based measure reporting system is the best path forward.
Release in April, ONC’s draft framework is meant to help developers, health information exchange organizations and providers move toward a set of industry-wide measures to assess the implementation and use of interoperability standards. The agency’s public comment period on the framework ended on Monday.
Both the American Medical Informatics Association and Health IT Now submitted comments to ONC plan supporting the development of a framework for reaching consensus on such measures, which they see as critical for measuring progress being made on achieving nationwide interoperability.
“We consider that several significant policy queries would be informed by data collected as part of such a measurement framework, as well as provide a window into our progress toward nationwide interoperability,” states AMIA CEO Doug Fridsma in his organization’s letter to the agency. “For example, as the industry moves from local coding for laboratory results to LOINC, away from a legacy set of standards based on the Consolidated Clinical Document Architecture (CCDA) towards a Fast Health Interoperability Resources (FHIR)-based ecosystem, it will be important to understand the details of this transition.”
Likewise, in its letter to ONC, Health IT Now points out that the Medicare Access and CHIP Reauthorization Act (MACRA) requires widespread interoperability by the day of Dec. 31, 2018.
“Measuring interoperability is essential to comprehend how much progress is being made against this goal,” writes HITN Executive Director Joel White. “Measurement can thus be a tool to help advance interoperable systems, information exchange, and the use of data in improving care.”
Presently, quantifiable data regarding the implementation and utilization of standards is often not readily available or regularly tracked. In its proposed framework, ONC identifies two key measurement areas: tracking whether interoperability standards are contained in health IT products and services, and the use of standards—including customization of the standards—by end users such as providers.
While AMIA explains the agency’s draft framework as “thoughtful” and rightly recognizing current gaps, challenges and opportunities, Fridsma in his letter underscores the need to have the “benefits of measurement outweigh the costs,” particularly with measure reporting becoming more automated.
“As the work moves forward, we emphasize ONC to be very mindful of the potential burdens associated with additional measurement and to carefully balance the burdens of measurement with expected benefits,” contends Fridsma. “As the field moves from surveys to more automated reporting, we urge ONC plan to focus on guidance to industry on what may be used in voluntary and optional automated data collection before there is any definitive shift from surveys to automated collection. It is essential that measurement not become an end in-and-of-itself and that we recognize the charges to clinicians, developers and others in developing and implementing automated solutions.”
At the same time, on the query of whether a voluntary, industry-based measure reporting system is the best means to implement ONC’s framework, Fridsma says that AMIA does not anticipate that widespread industry participation will occur based on a strictly volunteer basis.
“Ideally, the reporting system creates a high ratio of value/burden,” in accordance with the Fridsma. “Moreover, if reporting is convenient, then we expect higher rates of participation with a decreased need for strong incentives. However, if the accumulation of value is not shared among those being measured, or reporting is not easy, we anticipate that incentives will be necessary to encourage participation in the reporting system and we suggest a focus on positive incentives.”
Although, HITN’s White makes the case that a voluntary, industry-based measure reporting system is the best way to implement the framework, as opposed to a mandated reporting system, adding that the “barriers to interoperability can best be solved by private-market developed standards and initiatives” given that “government involvement in the quest to reach interoperability has mostly fallen flat and, in some cases, impeded progress.”
White also highlights the fact that—like ONC—the National Quality Forum has proposed its own interoperability measurement framework.
“ONC plan has been working to establish the Proposed Interoperability Standards Measurement Framework and the NQF’s Interoperability Committee (with funding from HHS) has been working independently to establish interoperability measurement frameworks,” he concludes. “NQF and ONC plan should clarify their roles in this process to avoid confusion about the several frameworks and their interaction moving forward.”
Release in April, ONC’s draft framework is meant to help developers, health information exchange organizations and providers move toward a set of industry-wide measures to assess the implementation and use of interoperability standards. The agency’s public comment period on the framework ended on Monday.
Both the American Medical Informatics Association and Health IT Now submitted comments to ONC plan supporting the development of a framework for reaching consensus on such measures, which they see as critical for measuring progress being made on achieving nationwide interoperability.
“We consider that several significant policy queries would be informed by data collected as part of such a measurement framework, as well as provide a window into our progress toward nationwide interoperability,” states AMIA CEO Doug Fridsma in his organization’s letter to the agency. “For example, as the industry moves from local coding for laboratory results to LOINC, away from a legacy set of standards based on the Consolidated Clinical Document Architecture (CCDA) towards a Fast Health Interoperability Resources (FHIR)-based ecosystem, it will be important to understand the details of this transition.”
Likewise, in its letter to ONC, Health IT Now points out that the Medicare Access and CHIP Reauthorization Act (MACRA) requires widespread interoperability by the day of Dec. 31, 2018.
“Measuring interoperability is essential to comprehend how much progress is being made against this goal,” writes HITN Executive Director Joel White. “Measurement can thus be a tool to help advance interoperable systems, information exchange, and the use of data in improving care.”
Presently, quantifiable data regarding the implementation and utilization of standards is often not readily available or regularly tracked. In its proposed framework, ONC identifies two key measurement areas: tracking whether interoperability standards are contained in health IT products and services, and the use of standards—including customization of the standards—by end users such as providers.
While AMIA explains the agency’s draft framework as “thoughtful” and rightly recognizing current gaps, challenges and opportunities, Fridsma in his letter underscores the need to have the “benefits of measurement outweigh the costs,” particularly with measure reporting becoming more automated.
“As the work moves forward, we emphasize ONC to be very mindful of the potential burdens associated with additional measurement and to carefully balance the burdens of measurement with expected benefits,” contends Fridsma. “As the field moves from surveys to more automated reporting, we urge ONC plan to focus on guidance to industry on what may be used in voluntary and optional automated data collection before there is any definitive shift from surveys to automated collection. It is essential that measurement not become an end in-and-of-itself and that we recognize the charges to clinicians, developers and others in developing and implementing automated solutions.”
At the same time, on the query of whether a voluntary, industry-based measure reporting system is the best means to implement ONC’s framework, Fridsma says that AMIA does not anticipate that widespread industry participation will occur based on a strictly volunteer basis.
“Ideally, the reporting system creates a high ratio of value/burden,” in accordance with the Fridsma. “Moreover, if reporting is convenient, then we expect higher rates of participation with a decreased need for strong incentives. However, if the accumulation of value is not shared among those being measured, or reporting is not easy, we anticipate that incentives will be necessary to encourage participation in the reporting system and we suggest a focus on positive incentives.”
Although, HITN’s White makes the case that a voluntary, industry-based measure reporting system is the best way to implement the framework, as opposed to a mandated reporting system, adding that the “barriers to interoperability can best be solved by private-market developed standards and initiatives” given that “government involvement in the quest to reach interoperability has mostly fallen flat and, in some cases, impeded progress.”
White also highlights the fact that—like ONC—the National Quality Forum has proposed its own interoperability measurement framework.
“ONC plan has been working to establish the Proposed Interoperability Standards Measurement Framework and the NQF’s Interoperability Committee (with funding from HHS) has been working independently to establish interoperability measurement frameworks,” he concludes. “NQF and ONC plan should clarify their roles in this process to avoid confusion about the several frameworks and their interaction moving forward.”
Labels:
Health Info Exchange,
HITN,
LOINC,
NQF,
ONC
Thursday, July 20, 2017
OIG decides to inquire $15B in meaningful use payments
The Department of Health and Human Services Office of Inspector General will analyze the accuracy of $14.6 billion in meaningful use payments made to hospitals by Medicare between 2011 and 2016. Initially this year, the OIG estimated physicians were wrongfully paid $729 million under meaningful use payments.
Medicare incentive payments were authorized over a 5-year period to hospitals that adopted electronic health record (EHR) technology. From January 1, 2011, through December 31, 2016, the Centers for Medicare and Medicaid Services made Medicare EHR incentive payments to hospitals totaling $14.6 billion, the OIG stated.
The Government Accountability Office recognized wrong incentive payments as the primary risk to the Medicare EHR incentive program. An OIG report described the obstacles that CMS faces in overseeing the Medicare EHR incentive program. In addition, previous OIG reviews of Medicaid EHR incentive payments found that state agencies overpaid hospitals by $66.7 million and would in the future overpay these hospitals an additional $13.2 million, the OIG claimed.
“These overpayments resulted from inaccuracies in the hospitals’ calculations of total incentive payments,” the OIG said. “We will review the hospitals’ incentive payment calculations to identify potential overpayments that the hospitals would have received as a result of the inaccuracies.”
On another front, the OIG will be analyzing the precision of telemedicine payments under Medicare.
Medicare Part B covers expenses for telehealth services on the telehealth list when those services are delivered via an interactive telecommunications system, provided few conditions are met. To support rural access to care, Medicare pays for telehealth services provided through live, interactive videoconferencing between a beneficiary located at a rural originating site and a practitioner situated at a distant site.
Medicare incentive payments were authorized over a 5-year period to hospitals that adopted electronic health record (EHR) technology. From January 1, 2011, through December 31, 2016, the Centers for Medicare and Medicaid Services made Medicare EHR incentive payments to hospitals totaling $14.6 billion, the OIG stated.
The Government Accountability Office recognized wrong incentive payments as the primary risk to the Medicare EHR incentive program. An OIG report described the obstacles that CMS faces in overseeing the Medicare EHR incentive program. In addition, previous OIG reviews of Medicaid EHR incentive payments found that state agencies overpaid hospitals by $66.7 million and would in the future overpay these hospitals an additional $13.2 million, the OIG claimed.
“These overpayments resulted from inaccuracies in the hospitals’ calculations of total incentive payments,” the OIG said. “We will review the hospitals’ incentive payment calculations to identify potential overpayments that the hospitals would have received as a result of the inaccuracies.”
On another front, the OIG will be analyzing the precision of telemedicine payments under Medicare.
Medicare Part B covers expenses for telehealth services on the telehealth list when those services are delivered via an interactive telecommunications system, provided few conditions are met. To support rural access to care, Medicare pays for telehealth services provided through live, interactive videoconferencing between a beneficiary located at a rural originating site and a practitioner situated at a distant site.
Labels:
CMS,
EHR,
Inspector General,
Meaningful Use,
OIG
Wednesday, July 19, 2017
Kalamazoo County looking for mosquitoes carrying Zika virus
Kalamazoo County is keeping an eye out for mosquitoes known to carry the Zika virus until the end of summer season.
The Kalamazoo County Health & Community Services Department is engaging in a mosquito surveillance program to ensure insects carrying the virus aren’t in West Michigan.
Traps were set at 5 areas throughout the county in June searching for the Asian tiger mosquito, the species most known to carry the virus.
According to a department release, southern Michigan is in the trail of potential migration of the insect. Although, none have been found to this point.
In addition to trapping the mosquitoes, County is identifying what type of insects it is capturing to the Centers for Disease Control and giving citizens information on preventing mosquito bites, diseases and habitat control.
For further information, contact the County Health & Community Services Department-Environmental Health Unite at 269.373.5210.
The Kalamazoo County Health & Community Services Department is engaging in a mosquito surveillance program to ensure insects carrying the virus aren’t in West Michigan.
Traps were set at 5 areas throughout the county in June searching for the Asian tiger mosquito, the species most known to carry the virus.
According to a department release, southern Michigan is in the trail of potential migration of the insect. Although, none have been found to this point.
In addition to trapping the mosquitoes, County is identifying what type of insects it is capturing to the Centers for Disease Control and giving citizens information on preventing mosquito bites, diseases and habitat control.
For further information, contact the County Health & Community Services Department-Environmental Health Unite at 269.373.5210.
Tuesday, July 18, 2017
IBT, Scripps Acquire $6.6 Million to Establish Pan-Ebolavirus Vaccine
A collaboration between Integrated BioTherapeutics (IBT) and The Scripps Research Institute (TSRI) has been granted a $6.6 million, 5-year grant by the National Institutes of Health’s (NIH) National Institute of Allergy and Infectious Diseases (NIAID) to develop a vaccine that secures against ebolavirus.
"This award will enable us to deal a pressing global public health need, namely a single vaccine that can secure against all ebolaviruses,” stated IBT’s CSO, M. Javad Aman, Ph.D., who is co-principal investigator for the collaboration. “To meet this challenge, we have assembled a unique team of experts in immunogen design, structural biology, vaccine development, and animal models of filovirus infection.”
Filoviruses, involving Ebolavirus, Sudan ebolavirus, Bundibugyo ebolavirus, and Marburg marburgvirus, cause hemorrhagic fever in humans, and infection is lethal in 40% to 90% of cases. The most recent Ebolavirus outbreak in West Africa was caused by the Zaire ebolavirus (EBOV) and led to 29,000 infections and more than 100,000 deaths. A single glycoprotein reflected on the filovirus surface mediates infection and is the primary target for vaccine development.
Structural differences in surface glycoproteins between viruses mean that current EBOV vaccine development programs are not generally not designed to protect against other filoviruses, but the team at IBT and TSRI has identified broadly neutralizing antibodies that may secure against all ebolaviruses.
The NIAID-funded project will use the EBOV glycoprotein as a foundation for the rational design of pan-Ebolavirus vaccine candidates that can elicit broadly protective immune responses targeting structural sites that are shared between the different viral glycoproteins. The aim is to develop and test immunogens that can be progressed into advanced preclinical studies. IBT says it then projects moving the most promising candidates into the clinic.
"A novel aspect of the program will be the use of state-of-the-art imaging and computational approaches,” stated co-principal investigator Erica Ollmann Saphire, Ph.D., at TSRI. “This design work will help us craft a vaccine to steer the immune response in the right directions."
"We’re excited to participate in this collaboration and to test novel immunogen design strategies for their ability to focus antibody responses to conserved epitopes on ebolaviruses,” added William Schief, Ph.D., who is also a TSRI co-principal investigator for the program. “This’ll be a fantastic test for structure-based vaccine design, and it may give us insights on how to make vaccines for other more variable viruses.”
The collaboration will also include investigators at the Albert Einstein College of Medicine (Bronx, NY) the US Army Medical Research Institute of Infectious Diseases (USAMIID; Frederick, MD), the Public Health Agency of Canada (Winnipeg, Manitoba), and the Sanford Burnham Prebys Medical Discovery Institute in La Jolla, CA.
IBT is concentrated on the discovery and development of vaccines and therapeutics for emerging bacterial and viral infectious diseases, including pan-filovirus immunotherapeutics and vaccines. The firm works closely with U.S. government agencies including the NIAID, National Cancer Institute, Department of Defense, and USAMRIID.
Just previous month, IBT reported that its partnership with the Albert Einstein College of Medicine received Phase II of a small business technology transfer (STTR) grant from the NIAID to continue the development of bispecific antibodies targeting multiple broadly neutralizing epitopes on filovirus glycoproteins. During Phase I of the program the partners generated a lead candidate that was shown to provide protection against Ebolavirus and Sudan ebolavirus, and neutralize all ebolaviruses. Phase II of the project will encompass antibody manufacture in CHO cells and evaluation in nonhuman primates.
In May, IBT reported publication in the journal Cell of nonhuman primate studies demonstrating the ability of an antibody candidate designated CA45 to block cells from infection by EBOV, Sudan ebolavirus, and Bundibugyo ebolavirus.
"This award will enable us to deal a pressing global public health need, namely a single vaccine that can secure against all ebolaviruses,” stated IBT’s CSO, M. Javad Aman, Ph.D., who is co-principal investigator for the collaboration. “To meet this challenge, we have assembled a unique team of experts in immunogen design, structural biology, vaccine development, and animal models of filovirus infection.”
Filoviruses, involving Ebolavirus, Sudan ebolavirus, Bundibugyo ebolavirus, and Marburg marburgvirus, cause hemorrhagic fever in humans, and infection is lethal in 40% to 90% of cases. The most recent Ebolavirus outbreak in West Africa was caused by the Zaire ebolavirus (EBOV) and led to 29,000 infections and more than 100,000 deaths. A single glycoprotein reflected on the filovirus surface mediates infection and is the primary target for vaccine development.
Structural differences in surface glycoproteins between viruses mean that current EBOV vaccine development programs are not generally not designed to protect against other filoviruses, but the team at IBT and TSRI has identified broadly neutralizing antibodies that may secure against all ebolaviruses.
The NIAID-funded project will use the EBOV glycoprotein as a foundation for the rational design of pan-Ebolavirus vaccine candidates that can elicit broadly protective immune responses targeting structural sites that are shared between the different viral glycoproteins. The aim is to develop and test immunogens that can be progressed into advanced preclinical studies. IBT says it then projects moving the most promising candidates into the clinic.
"A novel aspect of the program will be the use of state-of-the-art imaging and computational approaches,” stated co-principal investigator Erica Ollmann Saphire, Ph.D., at TSRI. “This design work will help us craft a vaccine to steer the immune response in the right directions."
"We’re excited to participate in this collaboration and to test novel immunogen design strategies for their ability to focus antibody responses to conserved epitopes on ebolaviruses,” added William Schief, Ph.D., who is also a TSRI co-principal investigator for the program. “This’ll be a fantastic test for structure-based vaccine design, and it may give us insights on how to make vaccines for other more variable viruses.”
The collaboration will also include investigators at the Albert Einstein College of Medicine (Bronx, NY) the US Army Medical Research Institute of Infectious Diseases (USAMIID; Frederick, MD), the Public Health Agency of Canada (Winnipeg, Manitoba), and the Sanford Burnham Prebys Medical Discovery Institute in La Jolla, CA.
IBT is concentrated on the discovery and development of vaccines and therapeutics for emerging bacterial and viral infectious diseases, including pan-filovirus immunotherapeutics and vaccines. The firm works closely with U.S. government agencies including the NIAID, National Cancer Institute, Department of Defense, and USAMRIID.
Just previous month, IBT reported that its partnership with the Albert Einstein College of Medicine received Phase II of a small business technology transfer (STTR) grant from the NIAID to continue the development of bispecific antibodies targeting multiple broadly neutralizing epitopes on filovirus glycoproteins. During Phase I of the program the partners generated a lead candidate that was shown to provide protection against Ebolavirus and Sudan ebolavirus, and neutralize all ebolaviruses. Phase II of the project will encompass antibody manufacture in CHO cells and evaluation in nonhuman primates.
In May, IBT reported publication in the journal Cell of nonhuman primate studies demonstrating the ability of an antibody candidate designated CA45 to block cells from infection by EBOV, Sudan ebolavirus, and Bundibugyo ebolavirus.
Labels:
EBOV,
Human and Health Services,
IBT,
Sudan,
TSRI
Monday, July 17, 2017
Drchrono evolves FHIR support into its electronic health record
EHR vendor drchrono has declared that its electronic health record (EHR), practice management and revenue cycle products now support the Fast Healthcare Interoperability Resources specification.
With FHIR, drchrono claimed that it’s enabling ten million sufferers to access to their healthcare information through the FHIR API through the company’s inpatient electronic health record.
The new application programming interface is developed to support the Precision Medicine Sync for Science Initiative and fulfills one of the requirements of Meaningful Use Stage 3 to enable a patient electronic health record API, the vendor stated.
Drchrono’s Patient API also offers users the ability to control their own data and share the data with others throughout the continuum of care. Any developer through the personal health record FHIR API can build applications on top of drchrono so researchers and other physicians with the patient’s approval can view that person’s data.
Most developers know what APIs are, they know the modern technology stacks, but they do not necessarily know what HL7 or X12 are, the company stated.
FHIR, on the other hand, enables developers to move into healthcare and start building new apps as quickly as possible using concepts from other modern technology practices, he said.
The healthcare system increasingly needs a patient to play more of a part to ensure they are getting the right care in the right setting at the right time.
“Increasingly, more of our healthcare system’s burden is on sufferers, when it comes to higher deductibles, the requirement for second opinions, the need to understand what preventive services are available to them,” said Aneesh Chopra, the former U.S. CTO and CEO of CareJourney. “That shift to more responsibility is concurrent with the need to have more information so you can get better at that step.”
With FHIR, drchrono claimed that it’s enabling ten million sufferers to access to their healthcare information through the FHIR API through the company’s inpatient electronic health record.
The new application programming interface is developed to support the Precision Medicine Sync for Science Initiative and fulfills one of the requirements of Meaningful Use Stage 3 to enable a patient electronic health record API, the vendor stated.
Drchrono’s Patient API also offers users the ability to control their own data and share the data with others throughout the continuum of care. Any developer through the personal health record FHIR API can build applications on top of drchrono so researchers and other physicians with the patient’s approval can view that person’s data.
Most developers know what APIs are, they know the modern technology stacks, but they do not necessarily know what HL7 or X12 are, the company stated.
FHIR, on the other hand, enables developers to move into healthcare and start building new apps as quickly as possible using concepts from other modern technology practices, he said.
The healthcare system increasingly needs a patient to play more of a part to ensure they are getting the right care in the right setting at the right time.
“Increasingly, more of our healthcare system’s burden is on sufferers, when it comes to higher deductibles, the requirement for second opinions, the need to understand what preventive services are available to them,” said Aneesh Chopra, the former U.S. CTO and CEO of CareJourney. “That shift to more responsibility is concurrent with the need to have more information so you can get better at that step.”
Labels:
Aneesh Chopra,
API,
CTO,
Health Records,
Meaningful Use Stage
Friday, July 14, 2017
Hospitals can anticipate financial burden from new EHRs installs
Hospitals installing new EHRs or electronic health record systems should anticipate a sizable cash drain as the procedure disrupts business and adds technology and training expense, Moody's Investors Service claimed in a report this week.
During the first year of new EHRs installations, the median decline in operating cash flow for hospital systems is 10 percent with a 6 percent falloff in days cash on hand, Moody's said after examining system installs over the past several years. EHR installations can cost anywhere from several million dollars for a small, stand-alone hospital to a half-billion dollars for larger systems.
Moody's discovered in looking at 39 recent launches that the installs can disrupt billing and patient throughput.
"Implementing new EHRs or electronic medical record systems carries significant financial risk for hospitals because the systems are vital to the provision of care and billing," the report said.
Though disruptive in the first year of execution, the damage to operating performance commonly dissipates after the first year as staff and clinicians become proficient in the technology, Moody's said.
An EHR is the electronic nervous system of a hospital or clinic, allowing staff to onboard patients, track care, view clinical workflow and bill for services. It also increasingly contains information that can help systems and hospitals gather information useful toward meeting new payment models.
Vanderbilt University Medical Center in Nashville has been preparing for more than a year for the Nov. 2 launch of its new Epic EHR across the entire academic health system.
Vanderbilt decides to have 1,000 third-party consultants and trainers on hand in the first week to minimize disruptions and help employees through the switch, Vanderbilt EHR project leader Dr. Kevin Johnson said in a May interview. He likened the transition to "changing a jet engine in midflight."
Vanderbilt has budgeted $214 million for the conversion.
UMass Memorial Health Care is going live with its own Epic rollout later this year. Already, the preparation is hitting the bottom line of the Worcester, Mass.-based system.
During the first year of new EHRs installations, the median decline in operating cash flow for hospital systems is 10 percent with a 6 percent falloff in days cash on hand, Moody's said after examining system installs over the past several years. EHR installations can cost anywhere from several million dollars for a small, stand-alone hospital to a half-billion dollars for larger systems.
Moody's discovered in looking at 39 recent launches that the installs can disrupt billing and patient throughput.
"Implementing new EHRs or electronic medical record systems carries significant financial risk for hospitals because the systems are vital to the provision of care and billing," the report said.
Though disruptive in the first year of execution, the damage to operating performance commonly dissipates after the first year as staff and clinicians become proficient in the technology, Moody's said.
An EHR is the electronic nervous system of a hospital or clinic, allowing staff to onboard patients, track care, view clinical workflow and bill for services. It also increasingly contains information that can help systems and hospitals gather information useful toward meeting new payment models.
Vanderbilt University Medical Center in Nashville has been preparing for more than a year for the Nov. 2 launch of its new Epic EHR across the entire academic health system.
Vanderbilt decides to have 1,000 third-party consultants and trainers on hand in the first week to minimize disruptions and help employees through the switch, Vanderbilt EHR project leader Dr. Kevin Johnson said in a May interview. He likened the transition to "changing a jet engine in midflight."
Vanderbilt has budgeted $214 million for the conversion.
UMass Memorial Health Care is going live with its own Epic rollout later this year. Already, the preparation is hitting the bottom line of the Worcester, Mass.-based system.
Labels:
EHR,
Health Records,
Kevin Johnson,
Moody Investors Service
Monday, July 10, 2017
Survey: Physicians are not ready for Quality Payment Program
A recent survey of 1,000 physicians discovered that most respondents aren’t ready for the Quality Payment Program (QPP).
The survey, conducted by the American Medical Association and KPMG, indicates that respondents give mixed views on their comfort level with the program, the proposed rules of which were recently issued for review by the industry.
Physicians this year are measuring and reporting certain quality measures while also indicating proficient use of electronic health records (EHRs) in the MIPS program that is part of MACRA. Physicians can acquire extra points and thus receive higher reimbursement rates beginning in the year of 2019.
Instead of entering the MIPS program, physicians can be part of an Advanced Alternative Payment Model, which will need them to take on risk and receive a 5 percent bonus for meeting certain thresholds that reward doctors for delivering high-quality and cost-efficient care.
In the AMA survey, 70% of respondents report they have started preparations to meet QPP requirements, and about 90% of those believe they will meet the 2017 reporting requirements.
Although, the survey discovered that just 51% were somewhat knowledgeable about MACRA and the Quality Payment Program, and only 8 percent reported that they were very knowledgeable about QPP.
Prior reporting experience through the PQRS and EHR meaningful use programs appears to have contributed to readiness for QPP, survey results demonstrated. However, only one in four physicians say they are well-prepared for QPP.
“Although, even those who feel prepared do not completely understand the financial ramifications of the program,” in accordance with the AMA and KPMG, which conducted the study for the AMA. “In short, they may be prepared to ‘check the box’ of reporting requirements but they lack the long-term strategic financial vision to succeed in 2018 and beyond.” Survey findings are available here.
The survey, conducted by the American Medical Association and KPMG, indicates that respondents give mixed views on their comfort level with the program, the proposed rules of which were recently issued for review by the industry.
Physicians this year are measuring and reporting certain quality measures while also indicating proficient use of electronic health records (EHRs) in the MIPS program that is part of MACRA. Physicians can acquire extra points and thus receive higher reimbursement rates beginning in the year of 2019.
Instead of entering the MIPS program, physicians can be part of an Advanced Alternative Payment Model, which will need them to take on risk and receive a 5 percent bonus for meeting certain thresholds that reward doctors for delivering high-quality and cost-efficient care.
In the AMA survey, 70% of respondents report they have started preparations to meet QPP requirements, and about 90% of those believe they will meet the 2017 reporting requirements.
Although, the survey discovered that just 51% were somewhat knowledgeable about MACRA and the Quality Payment Program, and only 8 percent reported that they were very knowledgeable about QPP.
Prior reporting experience through the PQRS and EHR meaningful use programs appears to have contributed to readiness for QPP, survey results demonstrated. However, only one in four physicians say they are well-prepared for QPP.
“Although, even those who feel prepared do not completely understand the financial ramifications of the program,” in accordance with the AMA and KPMG, which conducted the study for the AMA. “In short, they may be prepared to ‘check the box’ of reporting requirements but they lack the long-term strategic financial vision to succeed in 2018 and beyond.” Survey findings are available here.
Labels:
AMA,
EHR Incentive,
KPMG,
MACRA,
Medicare Payment Adjustments,
QPP
Sunday, July 9, 2017
Hacking of Medical devices increasing as a next huge threat
Medical devices, involving those that are implanted within patients, are increasingly likely to be targeted by hackers and could pose a nightmare scenario if providers do not take measures to improve their defenses.
“The issue with security is that hackers always follow the path of least resistance,” claims Sam Rehman, the chief technology officer at security vendor Arxan, which serves multiple industries and has a large footprint in healthcare.
Like several other security vendors, Rehman says providers require conducting a comprehensive risk assessment and fixing vulnerabilities. In healthcare, medical devices security is a hot topic and for great reason, because providers mostly have hundreds if not thousands of devices in their facilities.
But providers also require increasing security levels for devices that are implanted in patients, and that is because several of those devices have wireless capabilities that enable hackers to interfere with them, Rehman says.
For instance, physicians can utilize hand-held medical devices to wirelessly collect data and even update an implant, for example to change device settings on insulin pumps, pacemakers and other devices. Although, a hacker in a hospital can do the same thing, which represents a potential risk to patient safety, Rehman cautions.
Many hackers might not need to intentionally cause harm, but others will do what someone pays them to do, which could involve causing injury to patients. Rehman says monetary motivation, particularly through blackmail, could rise as a potential risk.
Such hacking could involve efforts to affect the share price of a device manufacturer. Rehman says stock price manipulation could provide another financial motive for hacking. For imstance, if one person can make money by paying another person to cause harm, the instigator can make money when a company’s stock price falls.
A scenario similar to this has already occurred. Previously this year, the Food and Drug Administration confirmed cybersecurity vulnerabilities in St. Jude Medical’s implantable cardiac devices and its Merlin@home transmitter. The vulnerabilities were originally declared by an investment group that threatened to make money by selling its stock short.
St. Jude Medical devices, the FDA stated, could be hacked by outsiders, leading to injury or death, and St. Jude’s share price quickly dropped by 10% as the company scrambled to make fixes. “If someone can make money, this absolutely will happen,” Rehman assumes.
“The issue with security is that hackers always follow the path of least resistance,” claims Sam Rehman, the chief technology officer at security vendor Arxan, which serves multiple industries and has a large footprint in healthcare.
Like several other security vendors, Rehman says providers require conducting a comprehensive risk assessment and fixing vulnerabilities. In healthcare, medical devices security is a hot topic and for great reason, because providers mostly have hundreds if not thousands of devices in their facilities.
But providers also require increasing security levels for devices that are implanted in patients, and that is because several of those devices have wireless capabilities that enable hackers to interfere with them, Rehman says.
For instance, physicians can utilize hand-held medical devices to wirelessly collect data and even update an implant, for example to change device settings on insulin pumps, pacemakers and other devices. Although, a hacker in a hospital can do the same thing, which represents a potential risk to patient safety, Rehman cautions.
Many hackers might not need to intentionally cause harm, but others will do what someone pays them to do, which could involve causing injury to patients. Rehman says monetary motivation, particularly through blackmail, could rise as a potential risk.
Such hacking could involve efforts to affect the share price of a device manufacturer. Rehman says stock price manipulation could provide another financial motive for hacking. For imstance, if one person can make money by paying another person to cause harm, the instigator can make money when a company’s stock price falls.
A scenario similar to this has already occurred. Previously this year, the Food and Drug Administration confirmed cybersecurity vulnerabilities in St. Jude Medical’s implantable cardiac devices and its Merlin@home transmitter. The vulnerabilities were originally declared by an investment group that threatened to make money by selling its stock short.
St. Jude Medical devices, the FDA stated, could be hacked by outsiders, leading to injury or death, and St. Jude’s share price quickly dropped by 10% as the company scrambled to make fixes. “If someone can make money, this absolutely will happen,” Rehman assumes.
Labels:
Data Security,
Drug Administration,
FDA,
Jude Medical,
Sam Rehman
Friday, July 7, 2017
Seven Regional HIEs complete data exchange contracts
Seven regional HIEs or health information exchanges in the upper Midwest are increasing the number of patient records they are sharing through a collaborative that spans 5 states.
Since last fall, the HIEs have been working to complete technical connections, as well as settling on suitable legal agreements to permit data exchange, executives claim.
Additionally, the participating agencies are working to implement a virtual integrated record that would enable physicians outside of the 5 states covered by the HIEs to access patient records. The virtual access initiative gives a model that could be replicated by other HIEs to more immensely share information that clinicians require in the course of treatment.
Participating Seven regional HIEs include:
Last October, the HIEs agreed to exchange patient data among themselves. The initiative, termed as the Heartland Project, got a $270,000 grant from the Department of Health and Human Services, with funds being shared among all seven entities; in addition, the money is assisting to develop a governance structure for the Heartland Project.
This past fall, Great Lakes Health Connect, a health information exchange in the State of Michigan since the year of 2010, was the last HIE to join the project. Since the month of April, Great Lakes has got 10,057 admit/discharge/transfer messages and has sent 57,690 such messages to partnering HIEs.
“Heartland Project is seven regional HIEs working among ourselves with the aim of broadening beyond our regions when patients go outside these areas,” says Doug Dietzman, executive director at Great Lakes Health Connect.
With the utilization of the virtual integrated patient record, if a Michigan resident receives care in another state, an admit/discharge/transfer message is transmitted to Great Lakes Health Connect, which then notifies the patient’s primary care physician. This enables better continuity of care and better communication among clinicians
With all participating seven regional HIEs now live on the system, the exchanges now are developing a query process for Continuity of Care Documents, with hopes that CCDs can be exchanged by year-end.
The new 7-HIE data exchange service has been named the Patient-Centered Data Home, which will enable data to be forwarded to a physician to support a complete medical record, Dietzman says.
As technical work progressed in recent months to link the HIEs, so did work to establish policies and methods governing the actual exchange of data across the region. It took 3 or 4 months of work to develop a trust framework for how information will be shared and how participants will manage the information once they have it, Dietzman says.
One big challenge was handling identities, which was managed by running admit/discharge/transfer messages through a master patient index (MPI), and each HIE has its own technology vendors, so they also have their own MPIs and a unique identifier for each patient.
The long-term intent of Heartland Project is to be a model for other HIE initiatives, Dietzman says, but how to do that is not yet clear, he appreciates. But the ultimate aim is quite bigger—to tie all HIEs at some point across the nation.
Since last fall, the HIEs have been working to complete technical connections, as well as settling on suitable legal agreements to permit data exchange, executives claim.
Additionally, the participating agencies are working to implement a virtual integrated record that would enable physicians outside of the 5 states covered by the HIEs to access patient records. The virtual access initiative gives a model that could be replicated by other HIEs to more immensely share information that clinicians require in the course of treatment.
Participating Seven regional HIEs include:
- Indiana Health Information Exchange, Indianapolis.
- Michiana Health Information Network, South Bend, Ind.
- HealthLINC, Bloomington, Ind.
- East Tennessee Health Information Exchange, Nashville.
- The Kentucky Health Information Exchange, Frankfort.
- The Health Collaborative, Cincinnati.
- Great Lakes Health Connect, Grand Rapids, Mich.
Last October, the HIEs agreed to exchange patient data among themselves. The initiative, termed as the Heartland Project, got a $270,000 grant from the Department of Health and Human Services, with funds being shared among all seven entities; in addition, the money is assisting to develop a governance structure for the Heartland Project.
This past fall, Great Lakes Health Connect, a health information exchange in the State of Michigan since the year of 2010, was the last HIE to join the project. Since the month of April, Great Lakes has got 10,057 admit/discharge/transfer messages and has sent 57,690 such messages to partnering HIEs.
“Heartland Project is seven regional HIEs working among ourselves with the aim of broadening beyond our regions when patients go outside these areas,” says Doug Dietzman, executive director at Great Lakes Health Connect.
With the utilization of the virtual integrated patient record, if a Michigan resident receives care in another state, an admit/discharge/transfer message is transmitted to Great Lakes Health Connect, which then notifies the patient’s primary care physician. This enables better continuity of care and better communication among clinicians
With all participating seven regional HIEs now live on the system, the exchanges now are developing a query process for Continuity of Care Documents, with hopes that CCDs can be exchanged by year-end.
The new 7-HIE data exchange service has been named the Patient-Centered Data Home, which will enable data to be forwarded to a physician to support a complete medical record, Dietzman says.
As technical work progressed in recent months to link the HIEs, so did work to establish policies and methods governing the actual exchange of data across the region. It took 3 or 4 months of work to develop a trust framework for how information will be shared and how participants will manage the information once they have it, Dietzman says.
One big challenge was handling identities, which was managed by running admit/discharge/transfer messages through a master patient index (MPI), and each HIE has its own technology vendors, so they also have their own MPIs and a unique identifier for each patient.
The long-term intent of Heartland Project is to be a model for other HIE initiatives, Dietzman says, but how to do that is not yet clear, he appreciates. But the ultimate aim is quite bigger—to tie all HIEs at some point across the nation.
Wednesday, July 5, 2017
The use of electronic health records interrupts the doctor-patient connection
The utilization of electronic health records during the patient encounters has the potential to negatively affect the doctor-patient connection, in accordance with a study that used a qualitative analysis of comments from hospital- and office-based physicians.
Researchers at the institute of Brown University and Healthcentric Advisors conducted the analysis of comments, which were submitted in response to a Rhode Island Health Information Technology Survey, conducted in 2014 by the state’s Department of Health—744 doctors gave feedback about their EHR use and how it impacts the doctor-patient connection.
“We were actually struck by the difference between how the inpatient physicians view their EHRs and how it affects their actions, in contrast with those in the office space,” claims Rebekah Gardner, MD, an associate professor of medicine at Brown University’s Warren Alpert Medical School and a senior medical scientist with Healthcentric Advisors. Result of the research was recently published in the Journal of Innovation in Health Informatics.
Researchers discovered that hospital-based physicians commented most frequently that they spend less time with sufferers because they have to spend more time on computers for documentation. By contrast, office-based physicians commented most frequently on EHRs worsening the quality of the doctor-patient connection.
“However hospital-based physicians report benefits ranging from better information access to improved patient education and communication, unintended negative consequences are more frequent themes,” the researchers wrote.
The research discovered other responses differed across settings. “When comparing themes across settings, hospital-based physicians more frequently comment on the use of EHRs to feel more prepared for the clinical encounter, while office-based physicians more frequently comment on alteration of workflow and the depersonalization of relationships.”
At the similar time, the authors point out that comments from physicians that were “generally positive and comments that detailed the sufferer’s perspective comprised the least commonly observed themes for both (hospital and office) settings.”
In accordance with the Gardner, the study demonstrates the requirement for different solutions to make better how EHRs are used in inpatient versus office-based settings, given the different ways in which doctors in those environments perform their jobs.
She points out those hospital-based physicians frequently use computers situated outside of patient rooms, while office-based physicians increasingly bring laptops into exam rooms.
Outpatient doctors “will be documenting and going through the EHR while they are sitting there talking to the sufferer, so it is literally sitting there between them, distracting the physician from making eye contact and taking their attention away from the patient,” states Gardner, who suggests that doctors “honor the golden minute” when they first enter an exam room—not turning on their computer, giving patients their undivided attention and engaging them in conversation to develop doctor-patient connection.
She also suggests that after the computer is turned on, physicians should turn the screen in such a way that patients can view it. Doctors should “narrate” what they are doing in the EHR to be more inclusive of the documentation process, in accordance with Gardner.
On the other hand, Gardner claims inpatient physicians “who take care of patients on hospital floors, in the ICU and ER, when they are in the room with a patient, the computer often is not there—they are going outside of the room and documenting later.” As an outcome, researchers report that when doctors use computers for EHR documentation in inpatient settings, it limits time spent directly interacting with patients.
“With our inpatient findings, it actually speaks to the volume of documentation that is required and clunky EHR user interfaces,” states Gardner, who calls for making these interfaces more intuitive as well as decreasing the documentation burden on physicians.
Gardner and her colleagues appreciate that one of the limitations of the survey is that it was administered in a single state. Although, they contend that the large sample size, high response rate, range of represented specialties and array of EHR vendors might reduce this limitation.
Researchers at the institute of Brown University and Healthcentric Advisors conducted the analysis of comments, which were submitted in response to a Rhode Island Health Information Technology Survey, conducted in 2014 by the state’s Department of Health—744 doctors gave feedback about their EHR use and how it impacts the doctor-patient connection.
“We were actually struck by the difference between how the inpatient physicians view their EHRs and how it affects their actions, in contrast with those in the office space,” claims Rebekah Gardner, MD, an associate professor of medicine at Brown University’s Warren Alpert Medical School and a senior medical scientist with Healthcentric Advisors. Result of the research was recently published in the Journal of Innovation in Health Informatics.
Researchers discovered that hospital-based physicians commented most frequently that they spend less time with sufferers because they have to spend more time on computers for documentation. By contrast, office-based physicians commented most frequently on EHRs worsening the quality of the doctor-patient connection.
“However hospital-based physicians report benefits ranging from better information access to improved patient education and communication, unintended negative consequences are more frequent themes,” the researchers wrote.
The research discovered other responses differed across settings. “When comparing themes across settings, hospital-based physicians more frequently comment on the use of EHRs to feel more prepared for the clinical encounter, while office-based physicians more frequently comment on alteration of workflow and the depersonalization of relationships.”
At the similar time, the authors point out that comments from physicians that were “generally positive and comments that detailed the sufferer’s perspective comprised the least commonly observed themes for both (hospital and office) settings.”
In accordance with the Gardner, the study demonstrates the requirement for different solutions to make better how EHRs are used in inpatient versus office-based settings, given the different ways in which doctors in those environments perform their jobs.
She points out those hospital-based physicians frequently use computers situated outside of patient rooms, while office-based physicians increasingly bring laptops into exam rooms.
Outpatient doctors “will be documenting and going through the EHR while they are sitting there talking to the sufferer, so it is literally sitting there between them, distracting the physician from making eye contact and taking their attention away from the patient,” states Gardner, who suggests that doctors “honor the golden minute” when they first enter an exam room—not turning on their computer, giving patients their undivided attention and engaging them in conversation to develop doctor-patient connection.
She also suggests that after the computer is turned on, physicians should turn the screen in such a way that patients can view it. Doctors should “narrate” what they are doing in the EHR to be more inclusive of the documentation process, in accordance with Gardner.
On the other hand, Gardner claims inpatient physicians “who take care of patients on hospital floors, in the ICU and ER, when they are in the room with a patient, the computer often is not there—they are going outside of the room and documenting later.” As an outcome, researchers report that when doctors use computers for EHR documentation in inpatient settings, it limits time spent directly interacting with patients.
“With our inpatient findings, it actually speaks to the volume of documentation that is required and clunky EHR user interfaces,” states Gardner, who calls for making these interfaces more intuitive as well as decreasing the documentation burden on physicians.
Gardner and her colleagues appreciate that one of the limitations of the survey is that it was administered in a single state. Although, they contend that the large sample size, high response rate, range of represented specialties and array of EHR vendors might reduce this limitation.
Tuesday, July 4, 2017
CHIME provides new certification program for industry executives
The College of Healthcare Information Management Executives (CHIME) is launching a new certification program that seeks to appreciate the expertise of executives who work for companies that give products or services to the healthcare industry.
The Ann Arbor, Mich.-based professional organization has initiated the CHIME Foundation Certified Healthcare Executive program (CFCHE) for information technology experts who are not CIOs, but are at a senior level and have other achievements in the HIT industry.
Experts who may seek the new designation may be consultants, implementers, sales representatives or in other roles, claims Keith Fraidenburg, executive vice president and COO at CHIME.
CHIME considers the new designation will facilitate interactions within the healthcare IT industry, he states. For instance, when a CIO or other technology professional discusses technology with a person with a CFCHE designation, the CIO will know the other person has passed a tough exam and has studied the challenges confronting CIOs, other healthcare leaders and payers, along with other IT experts outside a healthcare organization, Fraidenburg says.
CHIME has experience developing professional designations for the healthcare IT industry. In the year of 2009 it started a new certification program for IT executives called the Certified Healthcare CIO (CHCIO) program. Currently, more than 350 CHIME members have studied for and acquired the CHCIO title. Becoming a CHCIO is a demonstration of knowledge, skill and competency earned over various years and is the CIO equivalent of being a “black belt,” Fraidenburg asserts.
For CHIME’s newest program, after an individual has registered to participate in the CFCHE certification program, a candidate will get an extensive list of reading materials, and will take a sample exam that is not like the real exam but written in the similar way as the CIO exam to ascertain where the candidate did well and where he or she requires improving.
The Ann Arbor, Mich.-based professional organization has initiated the CHIME Foundation Certified Healthcare Executive program (CFCHE) for information technology experts who are not CIOs, but are at a senior level and have other achievements in the HIT industry.
Experts who may seek the new designation may be consultants, implementers, sales representatives or in other roles, claims Keith Fraidenburg, executive vice president and COO at CHIME.
CHIME considers the new designation will facilitate interactions within the healthcare IT industry, he states. For instance, when a CIO or other technology professional discusses technology with a person with a CFCHE designation, the CIO will know the other person has passed a tough exam and has studied the challenges confronting CIOs, other healthcare leaders and payers, along with other IT experts outside a healthcare organization, Fraidenburg says.
CHIME has experience developing professional designations for the healthcare IT industry. In the year of 2009 it started a new certification program for IT executives called the Certified Healthcare CIO (CHCIO) program. Currently, more than 350 CHIME members have studied for and acquired the CHCIO title. Becoming a CHCIO is a demonstration of knowledge, skill and competency earned over various years and is the CIO equivalent of being a “black belt,” Fraidenburg asserts.
For CHIME’s newest program, after an individual has registered to participate in the CFCHE certification program, a candidate will get an extensive list of reading materials, and will take a sample exam that is not like the real exam but written in the similar way as the CIO exam to ascertain where the candidate did well and where he or she requires improving.
Labels:
CFCHE,
CHCIO,
CHIME,
COO,
Data Security,
EHR Privacy,
Health Info Exchange
Monday, July 3, 2017
A Creative Tool assists cystic fibrosis patients to actively engage in their own care
A computerized decision-making tool has been demonstrated to be effective in assisting cystic fibrosis patients engage with clinicians as active participants in their own care.
Established by researchers at the University of Cincinnati, the shared decision-making tool takes into account sufferers’ preferences for measures of lung function and health, as well as evidence-based treatment to help cystic fibrosis patients in prioritizing home treatments.
Cystic fibrosis patients must undertake time-consuming and sometimes complex home therapies, claims Mark Eckman, MD, Posey Professor of Clinical Medicine and director of the UC Division of General Internal Medicine.
Although, by factoring personalized data into a computational framework, the tool assigns weights to patient preferences and personal aims for some of these treatments—combined with quantitative data on treatment efficacy, costs and time estimates—resulting in a score for each treatment option, he asserts.
“A personalized report is generated based on patient input, but also the model internally is informed by information from clinical trials and medical literature in terms of the efficacy of the different treatments,” stated Eckman. “That report then is utilized in a shared decision-making visit to facilitate a conversation between the patient and the clinician.”
Eckman and Patricia Joseph, MD, director of the Adult Cystic Fibrosis Program at UC Medical Center, assissted conducted a field study of 21 cystic fibrosis patients to determine the tool’s acceptability, understandability and ease of use. They and their co-authors recently issued an article in the journal Medical Decision Making Policy & Practice discussing results of the initial evaluation of the tool.
“Our field study of 21 sufferers with cystic fibrosis discovered that patients uniformly believed the shared decision-making exercise helped them establish personalized priorities for home therapies and activities,” they summarized.
“Use of the tool helped them clarify their personal values for the relative significance of home treatment goals and assisted them feel better prepared to discuss home treatment options with their doctors,” they report. “Perhaps most important, using the (CF-Shared Decision Making Tool) made them feel that they were contributing to making decisions in their care.”
Presently, the system leverages a Microsoft Excel spreadsheet based on a paper pamphlet that patients fill out, and clinicians must manually populate into a computerized model to generate a personalized report. Going forward, Eckman says researchers want to make the tool available through a computer tablet so patients can input their own data and automatically generate results. “This could also be put up on a sufferer portal,” he adds. “That is where we want to go. But, right now, the current model and interactions are a bit clunky.”
Drawing from the success of the limited field study, researchers expect to conduct a randomized clinical trial to evaluate whether the tool makes better the patient adherence to home treatments and clinical outcomes.
Established by researchers at the University of Cincinnati, the shared decision-making tool takes into account sufferers’ preferences for measures of lung function and health, as well as evidence-based treatment to help cystic fibrosis patients in prioritizing home treatments.
Cystic fibrosis patients must undertake time-consuming and sometimes complex home therapies, claims Mark Eckman, MD, Posey Professor of Clinical Medicine and director of the UC Division of General Internal Medicine.
Although, by factoring personalized data into a computational framework, the tool assigns weights to patient preferences and personal aims for some of these treatments—combined with quantitative data on treatment efficacy, costs and time estimates—resulting in a score for each treatment option, he asserts.
“A personalized report is generated based on patient input, but also the model internally is informed by information from clinical trials and medical literature in terms of the efficacy of the different treatments,” stated Eckman. “That report then is utilized in a shared decision-making visit to facilitate a conversation between the patient and the clinician.”
Eckman and Patricia Joseph, MD, director of the Adult Cystic Fibrosis Program at UC Medical Center, assissted conducted a field study of 21 cystic fibrosis patients to determine the tool’s acceptability, understandability and ease of use. They and their co-authors recently issued an article in the journal Medical Decision Making Policy & Practice discussing results of the initial evaluation of the tool.
“Our field study of 21 sufferers with cystic fibrosis discovered that patients uniformly believed the shared decision-making exercise helped them establish personalized priorities for home therapies and activities,” they summarized.
“Use of the tool helped them clarify their personal values for the relative significance of home treatment goals and assisted them feel better prepared to discuss home treatment options with their doctors,” they report. “Perhaps most important, using the (CF-Shared Decision Making Tool) made them feel that they were contributing to making decisions in their care.”
Presently, the system leverages a Microsoft Excel spreadsheet based on a paper pamphlet that patients fill out, and clinicians must manually populate into a computerized model to generate a personalized report. Going forward, Eckman says researchers want to make the tool available through a computer tablet so patients can input their own data and automatically generate results. “This could also be put up on a sufferer portal,” he adds. “That is where we want to go. But, right now, the current model and interactions are a bit clunky.”
Drawing from the success of the limited field study, researchers expect to conduct a randomized clinical trial to evaluate whether the tool makes better the patient adherence to home treatments and clinical outcomes.
Sunday, July 2, 2017
Ransomware attacks Cleveland Medical, affects info of 22,000 sufferers
Cleveland Medical Associates is providing about 22,000 sufferers identity protection services after a ransomware attack against the practice.
The five-clinician practice is giving a year of protective services through Equifax to both current and former sufferers whose information may have been affected.
Cleveland Medical Associates refused to give more details about the tragedy and also did not provide any extra statements about the attack.
The breach was discovered the morning of April 17. In response, the practice executed a new medical records system and engaged forensic specialists to verify the extent to which information was affected. The practice believes the motive for the attack was extortion and that access to patient health information wasn’t an end result of the attack.
“Based upon our inquiry, there is no evidence that your protected health information was taken from our system or misused as result of the incident,” the practice told patients in a notification letter. “Because we were not able to determine with reasonable certainty whether or not there was an unauthorized access of your information, however, we’re offering you with notification of this incident.”
Protected health information that could have been compromised involves patient names, addresses, demographics, telephone numbers, email addresses, clinical information, insurance billings and Social Security numbers.
The Equifax protection package offers credit monitoring, as much as $25,000 in identity theft insurance and automatic fraud alerts of changes to a credit report.
The five-clinician practice is giving a year of protective services through Equifax to both current and former sufferers whose information may have been affected.
Cleveland Medical Associates refused to give more details about the tragedy and also did not provide any extra statements about the attack.
The breach was discovered the morning of April 17. In response, the practice executed a new medical records system and engaged forensic specialists to verify the extent to which information was affected. The practice believes the motive for the attack was extortion and that access to patient health information wasn’t an end result of the attack.
“Based upon our inquiry, there is no evidence that your protected health information was taken from our system or misused as result of the incident,” the practice told patients in a notification letter. “Because we were not able to determine with reasonable certainty whether or not there was an unauthorized access of your information, however, we’re offering you with notification of this incident.”
Protected health information that could have been compromised involves patient names, addresses, demographics, telephone numbers, email addresses, clinical information, insurance billings and Social Security numbers.
The Equifax protection package offers credit monitoring, as much as $25,000 in identity theft insurance and automatic fraud alerts of changes to a credit report.
Thursday, June 29, 2017
Ransomware Strucks Princeton Community Hospital in West Virginia
Princeton Community Hospital in West Virginia is attempting to resolve a ransomware attack through a total rebuild of its computer network.
The reconstruction of its networks is a precaution to stop potential reinfection, and includes replacing almost 1,200 hard drives, Rose Morgan, vice president of patient care services, told MetroNews, the local newspaper.
A message on computers at the facility when they were turned on the morning of June 27 read: “If you see this text, then your files are no longer accessible because they have been encrypted,” MetroNews reported.
The rebuild started after IT staff evaluated that a ransom couldn’t be paid for reasons that were not specified, in accordance with the Wall Street Journal. The degree to which a ransom payment was considered is unclear, and the Princeton Community hospital is declining further comment.
Executives say they believe that backup records will restore patient files. There is no indication that data has been removed from the facility.
Workers were capable to get some patient data from four computers, like allergies, medications and medical history, but the hospital’s electronic health records (EHRs) system currently isn’t accessible, and the hospital has reverted to paper documentation. Complete restoration could take a week.
Workers in several departments can’t use their computers so they are ferrying physician orders and other information among hospital departments as the pneumatic tube system is not working, Morgan told the Wall Street Journal.
The reconstruction of its networks is a precaution to stop potential reinfection, and includes replacing almost 1,200 hard drives, Rose Morgan, vice president of patient care services, told MetroNews, the local newspaper.
A message on computers at the facility when they were turned on the morning of June 27 read: “If you see this text, then your files are no longer accessible because they have been encrypted,” MetroNews reported.
The rebuild started after IT staff evaluated that a ransom couldn’t be paid for reasons that were not specified, in accordance with the Wall Street Journal. The degree to which a ransom payment was considered is unclear, and the Princeton Community hospital is declining further comment.
Executives say they believe that backup records will restore patient files. There is no indication that data has been removed from the facility.
Workers were capable to get some patient data from four computers, like allergies, medications and medical history, but the hospital’s electronic health records (EHRs) system currently isn’t accessible, and the hospital has reverted to paper documentation. Complete restoration could take a week.
Workers in several departments can’t use their computers so they are ferrying physician orders and other information among hospital departments as the pneumatic tube system is not working, Morgan told the Wall Street Journal.
Wednesday, June 28, 2017
FTC closes its investigation of Texas Medical Board on telehealth
The Federal Trade Commission (FTC) has closed its inquiry of whether the Texas Medical Board violated federal antitrust law by adopting rules restricting the practice of telemedicine in the Lone Star state.
The FTC dropped its probe after Texas recently enacted a latest law that overrides the board’s restrictive telehealth regulations. Passed previous month by the state legislature and signed by Governor Greg Abbott, the law eradicates the requiremnet for an in-person consultation to develop a physician-patient relationship prior to providing telemedicine services.
Particularly, the law permits doctors to establish a relationship with a new patient through a virtual visit.
In a written statement, FTC Acting Chairman Maureen Ohlhausen commended Abbott and the Texas state legislature for expanding access to healthcare services for Texans through telehealth and telemedicine, and for dealing the competitive concerns raised by the previous rules of Texas Medical Board.
“I’ve long advocated for the expansion of telemedicine and telehealth options that enhance competition and benefit consumers, while still searing public health and safety,” said Ohlhausen.
Under the Texas law, a practitioner is allowed to use:
The enactment of the law ends a legal battle against the Texas Medical Board spearheaded by telehealth vendor Teladoc, which sued the board alleging—among other accusations—that its regulations violated antitrust law and suppressed provider competition by establishing an unimportant obstacle for telemedicine. The litigation was twice stayed to permit the opportunity for an out-for-court settlement to be worked out.
“Teladoc undertook the responsibility to preserve access to telemedicine in Texas more than 6 years ago, and we’re gratified to have been the telehealth company invited to collaborate with the Texas legislature and others in the state to accomplish this laudable goal,” claimed Teladoc CEO Jason Gorevic. “Our commitment to the state and its citizens has never wavered, and we now look forward to reactivating our industry-leading video capabilities and ending our legal dispute in the state of Texas.”
The FTC dropped its probe after Texas recently enacted a latest law that overrides the board’s restrictive telehealth regulations. Passed previous month by the state legislature and signed by Governor Greg Abbott, the law eradicates the requiremnet for an in-person consultation to develop a physician-patient relationship prior to providing telemedicine services.
Particularly, the law permits doctors to establish a relationship with a new patient through a virtual visit.
In a written statement, FTC Acting Chairman Maureen Ohlhausen commended Abbott and the Texas state legislature for expanding access to healthcare services for Texans through telehealth and telemedicine, and for dealing the competitive concerns raised by the previous rules of Texas Medical Board.
“I’ve long advocated for the expansion of telemedicine and telehealth options that enhance competition and benefit consumers, while still searing public health and safety,” said Ohlhausen.
Under the Texas law, a practitioner is allowed to use:
- Technology that gives synchronous audiovisual interaction between the practitioner and the patient.
- Asynchronous store and forward technology, involving technology that allows telephonic only interaction as long as the practitioner uses certain specified clinical information.
- Clinically relevant photographic or video images, involving diagnostic images.
- Patient’s relevant medical records, like the relevant medical history, laboratory and pathology results and prescription histories.
- Another form of audiovisual telecommunication technology that enables the practitioner to comply with the standard of care
The enactment of the law ends a legal battle against the Texas Medical Board spearheaded by telehealth vendor Teladoc, which sued the board alleging—among other accusations—that its regulations violated antitrust law and suppressed provider competition by establishing an unimportant obstacle for telemedicine. The litigation was twice stayed to permit the opportunity for an out-for-court settlement to be worked out.
“Teladoc undertook the responsibility to preserve access to telemedicine in Texas more than 6 years ago, and we’re gratified to have been the telehealth company invited to collaborate with the Texas legislature and others in the state to accomplish this laudable goal,” claimed Teladoc CEO Jason Gorevic. “Our commitment to the state and its citizens has never wavered, and we now look forward to reactivating our industry-leading video capabilities and ending our legal dispute in the state of Texas.”
Tuesday, June 27, 2017
Medicaid data not still available for system and oversight
A system developed to make better the completeness, precision and timeliness of Medicaid data is not yet getting the job done, in accordance with a new audit by the Department of Health and Human Services’ Office of Inspector General.
Information from the Transformed Medicaid Statistical Information System (T-MSIS) was supposed to assist ensures the effective administration and oversight of the Medicaid data program, involving enhancing the ability to recognize potential fraud while improving program efficiency.
Although, while the CMS (Centers for Medicare and Medicaid Services) had planned to implement T-MSIS with states on a rolling basis, with the aim of having all states submitting data monthly by July 2014, the OIG notes in its report that early implementation challenges have resulted in delays with T-MSIS.
“These delays were caused by technological issues during data testing and by competing priorities for states' IT resources,” according to the OIG’s audit. “As a result, the goal for when T-MSIS will contain data from all state Medicaid programs has been repeatedly postponed.”
Previous year, the federal government and states spent $574 billion on Medicaid, benefitting more than 74 million enrollees. But, without T-MSIS data, the ability to recognize trends or patterns demonstrating potential fraud, waste, and abuse in the program—as well as stop or mitigate the impact of these activities—is primarily diminished.
However, CMS expects that all states will be reporting to T-MSIS by the end of 2017, auditors reveal that just 21 of 53 state programs were submitting data to T-MSIS as of December 2016, and that it is unclear whether an end-of-the-year target date can be met.
“As states and CMS sustain to work together to submit Medicaid data into T-MSIS, they continue to raise concerns about the completeness and reliability of the data,” the report warns. “Particularly, states indicate that they are unable to report Medicaid data for all the T-MSIS data elements. Furthermore, even with a revised data dictionary that gives definitions for each data element, states and CMS report concerns about states’ varying interpretations of data elements. If states don’t have uniform interpretations of data elements, the data they submit for these elements won’t be consistent across states, making any analysis of national trends or patterns inherently unreliable.”
“Successfully getting all states’ data into T-MSIS needs states and CMS to prioritize T-MSIS implementation,” summarizes the report. “Because of CMS’s history of delaying target dates for execution, OIG is concerned that CMS and states will delay further instead to assign the resources required to deal the outstanding challenges.”
Auditors continue to suggest that CMS develop a deadline for when T-MSIS data will be available for program analysis and other management functions, contending that “without a fixed deadline, some states and CMS may not make the full implementation of T-MSIS a management priority.”
CMS officials weren’t immediately available for comment. However, in its written response to the OIG, the agency reported that since December 2016 more states—40 altogether—have successfully started submitting data to T-MSIS.
Nevertheless, while progress has been made on the number of states submitting data to T-MSIS, CMS concurred with OIG on the requirement for reliable data. In its written comments, the agency highlighted its ongoing work to improve data quality.
Specifically, CMS demonstrated that it has 2 major goals for T-MSIS data quality: transparency for users, and a continuous, ongoing improvement process with states to strengthen the Medicaid data quality. To realize these aims, the agency said it is undertaking a variety of actions, involving information for users on data quality, one-on-one technical assistance to states to ensure their data will be usable, as well as a post-production data quality review with a subset of states to establish an effective working process for improving data quality.
Additionally, CMS informed the OIG that it convened a Technical Evaluation Panel to gain initial feedback on data quality and usability. In accordance with the agency, the panel assessed a subset of T-MSIS data to identify anomalies in the data and potential challenges with using the data for analysis. CMS intends to use the panel’s findings to inform efforts to improve the states’ data quality.
Information from the Transformed Medicaid Statistical Information System (T-MSIS) was supposed to assist ensures the effective administration and oversight of the Medicaid data program, involving enhancing the ability to recognize potential fraud while improving program efficiency.
Although, while the CMS (Centers for Medicare and Medicaid Services) had planned to implement T-MSIS with states on a rolling basis, with the aim of having all states submitting data monthly by July 2014, the OIG notes in its report that early implementation challenges have resulted in delays with T-MSIS.
“These delays were caused by technological issues during data testing and by competing priorities for states' IT resources,” according to the OIG’s audit. “As a result, the goal for when T-MSIS will contain data from all state Medicaid programs has been repeatedly postponed.”
Previous year, the federal government and states spent $574 billion on Medicaid, benefitting more than 74 million enrollees. But, without T-MSIS data, the ability to recognize trends or patterns demonstrating potential fraud, waste, and abuse in the program—as well as stop or mitigate the impact of these activities—is primarily diminished.
However, CMS expects that all states will be reporting to T-MSIS by the end of 2017, auditors reveal that just 21 of 53 state programs were submitting data to T-MSIS as of December 2016, and that it is unclear whether an end-of-the-year target date can be met.
“As states and CMS sustain to work together to submit Medicaid data into T-MSIS, they continue to raise concerns about the completeness and reliability of the data,” the report warns. “Particularly, states indicate that they are unable to report Medicaid data for all the T-MSIS data elements. Furthermore, even with a revised data dictionary that gives definitions for each data element, states and CMS report concerns about states’ varying interpretations of data elements. If states don’t have uniform interpretations of data elements, the data they submit for these elements won’t be consistent across states, making any analysis of national trends or patterns inherently unreliable.”
“Successfully getting all states’ data into T-MSIS needs states and CMS to prioritize T-MSIS implementation,” summarizes the report. “Because of CMS’s history of delaying target dates for execution, OIG is concerned that CMS and states will delay further instead to assign the resources required to deal the outstanding challenges.”
Auditors continue to suggest that CMS develop a deadline for when T-MSIS data will be available for program analysis and other management functions, contending that “without a fixed deadline, some states and CMS may not make the full implementation of T-MSIS a management priority.”
CMS officials weren’t immediately available for comment. However, in its written response to the OIG, the agency reported that since December 2016 more states—40 altogether—have successfully started submitting data to T-MSIS.
Nevertheless, while progress has been made on the number of states submitting data to T-MSIS, CMS concurred with OIG on the requirement for reliable data. In its written comments, the agency highlighted its ongoing work to improve data quality.
Specifically, CMS demonstrated that it has 2 major goals for T-MSIS data quality: transparency for users, and a continuous, ongoing improvement process with states to strengthen the Medicaid data quality. To realize these aims, the agency said it is undertaking a variety of actions, involving information for users on data quality, one-on-one technical assistance to states to ensure their data will be usable, as well as a post-production data quality review with a subset of states to establish an effective working process for improving data quality.
Additionally, CMS informed the OIG that it convened a Technical Evaluation Panel to gain initial feedback on data quality and usability. In accordance with the agency, the panel assessed a subset of T-MSIS data to identify anomalies in the data and potential challenges with using the data for analysis. CMS intends to use the panel’s findings to inform efforts to improve the states’ data quality.
Monday, June 26, 2017
Vanderbilt University Medical Center devises a solution for ICU sufferers to digitally filter out medical alarms
As hospital intensive care units (ICU) grapple with the issue of noise pollution from medical device alarms, a research team at the institute of Vanderbilt University Medical Center has devised a solution to shield sufferers’ ears from the oppressive sounds and to develop a care environment that is more conducive to healing.
While the noise from medical device alarms has become a huge distraction for clinicians in ICUs, it also takes a toll on sufferers who are similarly bombarded with a constant barrage of alarms—most of which are false or not clinically actionable.
However, auditory medical alarms are “loud, annoying and shrill” for providers, at the similar time they pose potential hazards for patient recovery, in accordance with the Joseph Schlesinger, MD, assistant professor of anesthesia in the Division of Critical Care Medicine at Vanderbilt University Medical Center in Nashville, Tenn.
These alarms can have negative consequences for sufferers in the ICU, says Schlesinger, involving disruption of sleep as well as contributing to psychological conditions like post-traumatic stress disorder and delirium. “My approach to this was why we can’t take alarms out of the patient experience?” he adds. “Why not prevent letting patients suffer?”
To address the issue, Schlesinger’s team has established an in-ear device worn by sufferers that eliminates alarm sounds by digitally filtering sound waves while preserving their capability to hear human speech. The device has been tested in a simulated ICU environment, with results indicating clinical and statistical improvement in alarm filtering.
A paper presented last week at the 2017 International Conference on Auditory Display asserts that the device “enables sufferers to hear everything occurring around them and to communicate effectively without experiencing the negative consequences of audible alarms.”
Schlesinger points out that headphones or earplugs that block all environmental noise completely wouldn’t have been a workable solution because patients require hearing clinicians’ voices. He says a deficiency of stimulation of the auditory sense can also contribute to PTSD and delirium, so that would be counterproductive as well.
“We needed to make certain that sufferers in the hospital could communicate, not just have earplugs,” adds Schlesinger. “We wanted to make sure speech comprehension was not harmed.”
His team’s solution is a wearable device that in real time silences the frequencies corresponding to alarm noises—significantly patient monitor or red/crisis alarms—by leveraging Raspberry Pi single-board computers and digital filters, while not muffling or distorting any normal atmospheric sounds.
“This was actually a proof-of-concept to see if it could be done,” he summarizes. Ultimately, Schlesinger envisions the effort leading to the development of devices that are “comfortable, affordable and reusable—because if you had to purchase one for every patient, that could get prohibitively costly.”
While the noise from medical device alarms has become a huge distraction for clinicians in ICUs, it also takes a toll on sufferers who are similarly bombarded with a constant barrage of alarms—most of which are false or not clinically actionable.
However, auditory medical alarms are “loud, annoying and shrill” for providers, at the similar time they pose potential hazards for patient recovery, in accordance with the Joseph Schlesinger, MD, assistant professor of anesthesia in the Division of Critical Care Medicine at Vanderbilt University Medical Center in Nashville, Tenn.
These alarms can have negative consequences for sufferers in the ICU, says Schlesinger, involving disruption of sleep as well as contributing to psychological conditions like post-traumatic stress disorder and delirium. “My approach to this was why we can’t take alarms out of the patient experience?” he adds. “Why not prevent letting patients suffer?”
To address the issue, Schlesinger’s team has established an in-ear device worn by sufferers that eliminates alarm sounds by digitally filtering sound waves while preserving their capability to hear human speech. The device has been tested in a simulated ICU environment, with results indicating clinical and statistical improvement in alarm filtering.
A paper presented last week at the 2017 International Conference on Auditory Display asserts that the device “enables sufferers to hear everything occurring around them and to communicate effectively without experiencing the negative consequences of audible alarms.”
Schlesinger points out that headphones or earplugs that block all environmental noise completely wouldn’t have been a workable solution because patients require hearing clinicians’ voices. He says a deficiency of stimulation of the auditory sense can also contribute to PTSD and delirium, so that would be counterproductive as well.
“We needed to make certain that sufferers in the hospital could communicate, not just have earplugs,” adds Schlesinger. “We wanted to make sure speech comprehension was not harmed.”
His team’s solution is a wearable device that in real time silences the frequencies corresponding to alarm noises—significantly patient monitor or red/crisis alarms—by leveraging Raspberry Pi single-board computers and digital filters, while not muffling or distorting any normal atmospheric sounds.
“This was actually a proof-of-concept to see if it could be done,” he summarizes. Ultimately, Schlesinger envisions the effort leading to the development of devices that are “comfortable, affordable and reusable—because if you had to purchase one for every patient, that could get prohibitively costly.”
Labels:
Human and Health Services,
ICU,
Joseph Schlesinger,
PTSD,
Raspberry Pi
Sunday, June 25, 2017
Latest cyberattack strucks significant organizations worldwide
A latest cyberattack similar to WannaCry is spreading from the region of Europe to the U.S., hitting port operators in the New York and Rotterdam, disrupting government systems in Kiev, and disabling operations at companies involving Rosneft PJSC and advertiser WPP Plc.
More than eighty companies in the Russia and Ukraine were previously affected by the Petya virus that disabled computers Tuesday and told users to pay $300 in cryptocurrency to unlock them, in accordance with the Moscow-based cybersecurity company Group-IB. Telecommunications operators and retailers were also impacted and the virus is spreading in a similar way to the WannaCry attack in May, it said.
Rob Wainwright, executive director at Europol, said the agency is "urgently responding" to reports of the latest cyberattack. In a separate statement, Europol said it’s in talks with "member states and key industry partners to develop the complete nature of this attack at this time."
Kremlin-controlled Rosneft, Russia’s greatest crude producer, claimed in a statement that it avoided “serious consequences” from the “hacker attack” by switching to “a backup system for managing production processes.”
U.K. media company WPP Plc.’s website is down, and workers have been told to turn off their computers and not use WiFi, in accordance with a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, has been shut down, another person said. “IT systems in various WPP companies have been affected,” the company claimed in emailed statement.
The hack has rapidly spread from Russia and the Ukraine, through Europe and into the U.S. A.P. Moller-Maersk, operator of the world’s largest container line, said its customers cannot use online booking tools and its internal systems are down. The attack is affecting several sites and units, which involve a major port operator and an oil and gas producer, spokeswoman Concepcion Boo Arias said by phone.
APM Terminals, owned by Maersk, are experiencing system problems at multiple terminals, involving the Port of New York and New Jersey, the greatest port on the U.S. East Coast, and Rotterdam in The Netherlands, Europe’s largest harbor.
Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman refused to elaborate, while Mondelez International Inc. claimed was also experiencing a global IT outage and was searching into the cause. Merck & Co. Inc., based in Kenilworth, New Jersey, has also reported that its computer network was compromised due to the hack.
The strikes follow the global ransomware assault including the WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists claimed $300 in bitcoin from victims. Ransomware attacks have been soaring and the number of such tragedies increased by 50 percent in the year of 2016, according to Verizon Communications Inc.
Analysts at Symantec Corp., have said the new virus, called Petya, uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft Corp.’s Windows operating system.
The latest virus has a fake Microsoft digital signature appended to it and the attack is spreading to several countries, Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab, said on Twitter.
The latest cyberattack has hit Ukraine particularly hard. The intrusion is “the greatest in Ukraine’s history,” Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook. The goal was “the destabilization of the economic situation and in the civic consciousness of Ukraine,” though it was “disguised as an extortion attempt,” he claimed.
Kyivenergo, a Ukrainian utility, switched off all computers after the hack, while another power company, Ukrenergo, was also impacted, though “not seriously,” the Interfax news service reported.
Ukrainian delivery network Nova Poshta halted service to clients after its network was infected, the company claimed on Facebook. Ukraine’s Central Bank warned on its website that various banks had been targeted by hackers.
More than eighty companies in the Russia and Ukraine were previously affected by the Petya virus that disabled computers Tuesday and told users to pay $300 in cryptocurrency to unlock them, in accordance with the Moscow-based cybersecurity company Group-IB. Telecommunications operators and retailers were also impacted and the virus is spreading in a similar way to the WannaCry attack in May, it said.
Rob Wainwright, executive director at Europol, said the agency is "urgently responding" to reports of the latest cyberattack. In a separate statement, Europol said it’s in talks with "member states and key industry partners to develop the complete nature of this attack at this time."
Kremlin-controlled Rosneft, Russia’s greatest crude producer, claimed in a statement that it avoided “serious consequences” from the “hacker attack” by switching to “a backup system for managing production processes.”
U.K. media company WPP Plc.’s website is down, and workers have been told to turn off their computers and not use WiFi, in accordance with a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, has been shut down, another person said. “IT systems in various WPP companies have been affected,” the company claimed in emailed statement.
Global Latest Cyberattack
The hack has rapidly spread from Russia and the Ukraine, through Europe and into the U.S. A.P. Moller-Maersk, operator of the world’s largest container line, said its customers cannot use online booking tools and its internal systems are down. The attack is affecting several sites and units, which involve a major port operator and an oil and gas producer, spokeswoman Concepcion Boo Arias said by phone.
APM Terminals, owned by Maersk, are experiencing system problems at multiple terminals, involving the Port of New York and New Jersey, the greatest port on the U.S. East Coast, and Rotterdam in The Netherlands, Europe’s largest harbor.
Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman refused to elaborate, while Mondelez International Inc. claimed was also experiencing a global IT outage and was searching into the cause. Merck & Co. Inc., based in Kenilworth, New Jersey, has also reported that its computer network was compromised due to the hack.
WannaCry Warnings
The strikes follow the global ransomware assault including the WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists claimed $300 in bitcoin from victims. Ransomware attacks have been soaring and the number of such tragedies increased by 50 percent in the year of 2016, according to Verizon Communications Inc.
Analysts at Symantec Corp., have said the new virus, called Petya, uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft Corp.’s Windows operating system.
The latest virus has a fake Microsoft digital signature appended to it and the attack is spreading to several countries, Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab, said on Twitter.
The latest cyberattack has hit Ukraine particularly hard. The intrusion is “the greatest in Ukraine’s history,” Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook. The goal was “the destabilization of the economic situation and in the civic consciousness of Ukraine,” though it was “disguised as an extortion attempt,” he claimed.
Kyivenergo, a Ukrainian utility, switched off all computers after the hack, while another power company, Ukrenergo, was also impacted, though “not seriously,” the Interfax news service reported.
Ukrainian delivery network Nova Poshta halted service to clients after its network was infected, the company claimed on Facebook. Ukraine’s Central Bank warned on its website that various banks had been targeted by hackers.
Labels:
Europe,
Healthcare Scams,
IT,
Russia,
Ukraine
Friday, June 23, 2017
Health Catalyst Inaugurates product to gauge care charges
A latest suite of software from data analytics vendor Health Catalyst is developed to aid chief financial officers, physicians and clinical/financial analysts to better understand the real cost of giving care across the healthcare continuum and relate the costs to sufferer outcomes.
The CORUS Suite offers a picture of what it costs to give care down to the granular level of how many minutes a nurse spent in the operating room during a surgery, or the financial and clinical outcomes of a surgeon’s processes in contrast with those of other surgeons.
“Never in the history of U.S. healthcare has precise cost accounting been more significant than it is right now, and that significance will just grow in the coming months and years, as operating margins sustained to be squeezed,” claims Dale Sanders, executive vice president at Health Catalyst.
The suite supports integration of electronic health records (EHRs) data at patient clinical and operational levels along with departmental and equipment utilization information to give a comprehensive view of the cost of patient care.
Embedded costing information involves best practices, rules and algorithms from academic hospitals to support cost management transformation.
Moreover, the suite supports more than 160 source systems involving the EHR, claims, general ledger, payroll, supply chain and patient satisfaction metrics, according to the vendor.
CORUS has 2 integrated product lines: Activity-Based Costing and Cost Insights. Activity-Based Costing identifies activities and assigns the cost of each activity based on actual consumption of resources and materials.
Cost Insights observes and delivers actionable information through dashboards customizable to the end user role and purpose to access to the most granular level of activity and costing data for all sufferers.
Professional financial, operational and clinical consulting services also are available.
The CORUS Suite offers a picture of what it costs to give care down to the granular level of how many minutes a nurse spent in the operating room during a surgery, or the financial and clinical outcomes of a surgeon’s processes in contrast with those of other surgeons.
“Never in the history of U.S. healthcare has precise cost accounting been more significant than it is right now, and that significance will just grow in the coming months and years, as operating margins sustained to be squeezed,” claims Dale Sanders, executive vice president at Health Catalyst.
The suite supports integration of electronic health records (EHRs) data at patient clinical and operational levels along with departmental and equipment utilization information to give a comprehensive view of the cost of patient care.
Embedded costing information involves best practices, rules and algorithms from academic hospitals to support cost management transformation.
Moreover, the suite supports more than 160 source systems involving the EHR, claims, general ledger, payroll, supply chain and patient satisfaction metrics, according to the vendor.
CORUS has 2 integrated product lines: Activity-Based Costing and Cost Insights. Activity-Based Costing identifies activities and assigns the cost of each activity based on actual consumption of resources and materials.
Cost Insights observes and delivers actionable information through dashboards customizable to the end user role and purpose to access to the most granular level of activity and costing data for all sufferers.
Professional financial, operational and clinical consulting services also are available.
Wednesday, June 21, 2017
VA replacement of legacy EHR systems could charge as much as $16 Billion
The Department of Veterans Affairs requires Congress to fund IT modernization of VA to keep its legacy EHR systems from failing and to replace its decades-old electronic health records system.
VA officials this month declared that they plan to replace the Veterans Health Information Systems and Technology Architecture (VistA) with the similar commercial off-the-shelf EHR from Cerner that the Department of Defense is presently implementing
“This will finally put all sufferers data in one shared system, enabling seamless care between VA and DoD without the manual and electronic exchange and reconciliation of data that we presently do in our separate systems,” VA Secretary David Shulkin, MD, testified on the day of Wednesday before a Senate appropriations subcommittee.
Although, Shulkin conceded that the department doesn’t yet currently know how much Cerner’s Millennium EHR will cost to replace VistA. As a result, he said the VA did not include a funding request for new legacy EHR systems in the department’s Fiscal Year 2018 budget.
But, Sen. Jon Tester (D-Montana) claimed the VA’s procurement of new legacy EHR systems could cost as much as $16 billion—an estimate attributed to former VA CIO Roger Baker to replace VistA. By comparison, DoD in the year of 2015 awarded a $4.3 billion contract to a Leidos-Cerner team to modernize its EHR. He asserts that the VA’s system has the potential to cost significantly more to serve its 9 million-plus beneficiaries.
While Shulkin wouldn’t comment on Tester’s $16 billion figure nor provide his own specific cost estimates, he told lawmakers that the department “will come in the FY19 budget with firm numbers so that we can have the suitable discussion about whether this is something that you can support.”
Nevertheless, Shulkin pointed out that the VA’s FY18 budget includes $200 million to “start the procedure of change management,” adding that the majority of the cost of the commercial EHR—specifically in the first two years of the procurement—is “going to be all internal change management to get ready for the installation.”
VA officials this month declared that they plan to replace the Veterans Health Information Systems and Technology Architecture (VistA) with the similar commercial off-the-shelf EHR from Cerner that the Department of Defense is presently implementing
“This will finally put all sufferers data in one shared system, enabling seamless care between VA and DoD without the manual and electronic exchange and reconciliation of data that we presently do in our separate systems,” VA Secretary David Shulkin, MD, testified on the day of Wednesday before a Senate appropriations subcommittee.
Although, Shulkin conceded that the department doesn’t yet currently know how much Cerner’s Millennium EHR will cost to replace VistA. As a result, he said the VA did not include a funding request for new legacy EHR systems in the department’s Fiscal Year 2018 budget.
But, Sen. Jon Tester (D-Montana) claimed the VA’s procurement of new legacy EHR systems could cost as much as $16 billion—an estimate attributed to former VA CIO Roger Baker to replace VistA. By comparison, DoD in the year of 2015 awarded a $4.3 billion contract to a Leidos-Cerner team to modernize its EHR. He asserts that the VA’s system has the potential to cost significantly more to serve its 9 million-plus beneficiaries.
While Shulkin wouldn’t comment on Tester’s $16 billion figure nor provide his own specific cost estimates, he told lawmakers that the department “will come in the FY19 budget with firm numbers so that we can have the suitable discussion about whether this is something that you can support.”
Nevertheless, Shulkin pointed out that the VA’s FY18 budget includes $200 million to “start the procedure of change management,” adding that the majority of the cost of the commercial EHR—specifically in the first two years of the procurement—is “going to be all internal change management to get ready for the installation.”
Labels:
EHR,
Health Records,
IT,
VA,
Veterans Affairs
Tuesday, June 20, 2017
Washington State University experiences a major breach of PHI
The health and wellness services division of Washington State University in Seattle has faced a huge breach of protected health information, but the extent of the tragedy isn’t yet clear.
Local media, involving KUOW a National Public Radio station, have reported the breach affects 1 million people, but the HHS Office for Civil Rights, which enforces the HIPAA privacy and security rules, hasn’t publicly confirmed that number.
On the day of April 21, the Washington State University discovered that a hard drive was stolen from a locked safe. The hard drive held back-up files from a server utilized by the Social and Economic Sciences Research Center, which involved a health survey that collected PHI.
Breached data from the health and wellness services division covered data of sufferers of medical and dental clinics, vision clinics, behavioral health organizations and local pharmacies.
Compromised data included Social Security numbers, names and undisclosed personal health information. Entities giving the information included school districts and community colleges, along with other undisclosed customers.
Washington State University is providing affected individuals one year of credit monitoring and identity theft protection services. Notification letters were mailed on the day of June 9, and the university is inquiring individuals who believe they may have been affected and have not got a letter by June 30 to call a dedicated hot line.
“As president of Washington State University, I deeply regret that this tragedy occurred and am truly sorry for any concern it might cause our community,” Kirk H. Schulz claimed in the notification letters. He pledged to strengthen IT operations through a comprehensive assessment of IT practices and policies, as well as improving security awareness training of employees.
The university refused to give additional information on the incident.
Local media, involving KUOW a National Public Radio station, have reported the breach affects 1 million people, but the HHS Office for Civil Rights, which enforces the HIPAA privacy and security rules, hasn’t publicly confirmed that number.
On the day of April 21, the Washington State University discovered that a hard drive was stolen from a locked safe. The hard drive held back-up files from a server utilized by the Social and Economic Sciences Research Center, which involved a health survey that collected PHI.
Breached data from the health and wellness services division covered data of sufferers of medical and dental clinics, vision clinics, behavioral health organizations and local pharmacies.
Compromised data included Social Security numbers, names and undisclosed personal health information. Entities giving the information included school districts and community colleges, along with other undisclosed customers.
Washington State University is providing affected individuals one year of credit monitoring and identity theft protection services. Notification letters were mailed on the day of June 9, and the university is inquiring individuals who believe they may have been affected and have not got a letter by June 30 to call a dedicated hot line.
“As president of Washington State University, I deeply regret that this tragedy occurred and am truly sorry for any concern it might cause our community,” Kirk H. Schulz claimed in the notification letters. He pledged to strengthen IT operations through a comprehensive assessment of IT practices and policies, as well as improving security awareness training of employees.
The university refused to give additional information on the incident.
Monday, June 19, 2017
FCC emphasized to expand $400 Million cap for Rural Health Care Program
The Universal Service Fund of Federal Communications Commission (FCC) is playing a key role in advancing access to high-quality care in rural America through telehealth programs and technologies. Although, funding for the FCC’s Rural Health Care Program isn’t sufficient to meet growing requirements for telemedicine services.
That is the contention of Karen Rheuban, MD, director of the Center for Telehealth at the University of Virginia (UVA), which is also home to the Health Resources and Services Administration-funded Mid Atlantic Telehealth Resource Center, through which technical assistance is provided to providers and systems across eight states and the District of Columbia.
The FCC’s Rural Health Care Program gives funding to eligible providers for telecommunications and broadband services. The aim of the program is to make better the quality of care available to patients in rural communities. Funding for the Rural Health Care Program is capped at $400 million yearly.
“Telemedicine effectively reduces the significant challenges of workforce shortages and geographic disparities in access to care, supported by secure broadband communications services—a critical underpinning of any telehealth program,” claimed Rheuban, during Tuesday’s Senate subcommittee hearing on the FCC’s Universal Service Fund and the deployment of broadband in rural America.
In accordance with Rheuban, a pediatric cardiologist, the UVA telehealth program was developed more than 20 years ago and has saved Virginians “millions of miles” of travel and improved patient outcomes.
“We depend on the FCC Rural Health Care Program for connectivity between facilities. Absent the program, our capability to offer these services would be severely constrained,” she told lawmakers.
However, Rheuban pointed out that “utilization has highly increased, and recently the $400 million funding cap, developed by the Commission in 1998, was exceeded.” In addition, she said the FCC has “recently mitigated support by 7.5%, and this has created hardships for many states.”
As an outcome, Rheuban called on the FCC to expand the $400 million funding cap that it created almost two decades ago. “If this is not feasible, we urge Congress and the FCC to explore additional federal options to support costly infrastructure build-outs for rural healthcare providers,” she added.
Moreover, Rheuban suggested expanding eligible healthcare providers under the Rural Health Care Program to include emergency medical service personnel and community paramedics, consistent with the public health and public safety provisions.
“We also recommend involving wireless technologies as eligible under the Rural Health Care Program, particularly as we strive to improve chronic disease management with remote monitoring tools,” she said.
“The Rural Health Care Program is foundational to a modernized healthcare delivery system and as such—along with other efforts—must be sustained, expanded and further modernized to fulfill the promise of healthcare in the twenty-first Century,” Rheuban summarized.
That is the contention of Karen Rheuban, MD, director of the Center for Telehealth at the University of Virginia (UVA), which is also home to the Health Resources and Services Administration-funded Mid Atlantic Telehealth Resource Center, through which technical assistance is provided to providers and systems across eight states and the District of Columbia.
The FCC’s Rural Health Care Program gives funding to eligible providers for telecommunications and broadband services. The aim of the program is to make better the quality of care available to patients in rural communities. Funding for the Rural Health Care Program is capped at $400 million yearly.
“Telemedicine effectively reduces the significant challenges of workforce shortages and geographic disparities in access to care, supported by secure broadband communications services—a critical underpinning of any telehealth program,” claimed Rheuban, during Tuesday’s Senate subcommittee hearing on the FCC’s Universal Service Fund and the deployment of broadband in rural America.
In accordance with Rheuban, a pediatric cardiologist, the UVA telehealth program was developed more than 20 years ago and has saved Virginians “millions of miles” of travel and improved patient outcomes.
“We depend on the FCC Rural Health Care Program for connectivity between facilities. Absent the program, our capability to offer these services would be severely constrained,” she told lawmakers.
However, Rheuban pointed out that “utilization has highly increased, and recently the $400 million funding cap, developed by the Commission in 1998, was exceeded.” In addition, she said the FCC has “recently mitigated support by 7.5%, and this has created hardships for many states.”
As an outcome, Rheuban called on the FCC to expand the $400 million funding cap that it created almost two decades ago. “If this is not feasible, we urge Congress and the FCC to explore additional federal options to support costly infrastructure build-outs for rural healthcare providers,” she added.
Moreover, Rheuban suggested expanding eligible healthcare providers under the Rural Health Care Program to include emergency medical service personnel and community paramedics, consistent with the public health and public safety provisions.
“We also recommend involving wireless technologies as eligible under the Rural Health Care Program, particularly as we strive to improve chronic disease management with remote monitoring tools,” she said.
“The Rural Health Care Program is foundational to a modernized healthcare delivery system and as such—along with other efforts—must be sustained, expanded and further modernized to fulfill the promise of healthcare in the twenty-first Century,” Rheuban summarized.
Labels:
FCC,
Health Info Exchange,
Karen Rheuban,
Universal Service Fund,
UVA
Sunday, June 18, 2017
Feds release a critical technical alert on North Korean cyber threat
The U.S. Computer Emergency Readiness Team has released a critical technical alert on the tools and infrastructure being utilized by North Korean agents to target the media, aerospace and financial sectors of the US and elsewhere, as well as critical infrastructures that could involve the healthcare industry.
“Working with U.S. Government partners, the Department of Homeland Security and the FBI recognized Internet Protocol addresses linked with a malware variant, termed as DeltaCharlie, used to manage North Korea’s distributed denial-of-service botnet infrastructure,” in accordance with the critical technical alert from CERT.
Older and unsupported versions of Microsoft operating systems are specifically vulnerable to attack, in accordance with the alert. “These actors have also used Adobe Flash player vulnerabilities to gain entry into users’ environments.” Further, 5 applications are particularly vulnerable:
A botnet, according to TechTarget.com, “is a collection of Internet-connected devices which may involve PCs, servers, mobile devices and Internet of Things (IoT) devices that are infected and controlled by a common type of malware. Users are mostly unaware of a botnet infecting their system.” 5 applications are particularly vulnerable:
The CERT critical technical alert further walks though indicators of compromise, malware descriptions, network signatures and rules to trace North Korean cyber activity.
The government is calling the activity HIDDEN COBRA and any such activity detected should be instantly flagged and reported to the DHS National Cybersecurity Communications and Integration Center or the FBI Cyber Watch. Detection of the North Korean tools compels instant enhanced mitigation.
Other tools used by North Korean actors involve keyloggers (record key strokes to gain access to passwords); remote access tools (ability to access remote computers) and wiper malware (wipe data from hard drives and other storage units).
The U.S. CERT alert also involves links to download indicators of compromise. The complete alert is available here.
“Working with U.S. Government partners, the Department of Homeland Security and the FBI recognized Internet Protocol addresses linked with a malware variant, termed as DeltaCharlie, used to manage North Korea’s distributed denial-of-service botnet infrastructure,” in accordance with the critical technical alert from CERT.
Older and unsupported versions of Microsoft operating systems are specifically vulnerable to attack, in accordance with the alert. “These actors have also used Adobe Flash player vulnerabilities to gain entry into users’ environments.” Further, 5 applications are particularly vulnerable:
A botnet, according to TechTarget.com, “is a collection of Internet-connected devices which may involve PCs, servers, mobile devices and Internet of Things (IoT) devices that are infected and controlled by a common type of malware. Users are mostly unaware of a botnet infecting their system.” 5 applications are particularly vulnerable:
- CVE-2015-6585: Hangul Word Processor Vulnerability
- CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
- CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
- CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
- CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability
The CERT critical technical alert further walks though indicators of compromise, malware descriptions, network signatures and rules to trace North Korean cyber activity.
The government is calling the activity HIDDEN COBRA and any such activity detected should be instantly flagged and reported to the DHS National Cybersecurity Communications and Integration Center or the FBI Cyber Watch. Detection of the North Korean tools compels instant enhanced mitigation.
Other tools used by North Korean actors involve keyloggers (record key strokes to gain access to passwords); remote access tools (ability to access remote computers) and wiper malware (wipe data from hard drives and other storage units).
The U.S. CERT alert also involves links to download indicators of compromise. The complete alert is available here.
Labels:
Adobe Flash,
CERT,
HIPAA,
Internet Protocol,
North Korean
Friday, June 16, 2017
WannaCry Ransomware Attack infected more systems internationally than previously reported
The number of computer systems compromised by the international WannaCry ransomware attack previous month was grossly underestimated, a cybersecurity expert told members of Congress on the day of Thursday.
The malware, which hit computer systems worldwide, involving those of the National Health Service in the United Kingdom (UK), is now considered to have infected 5 to ten times as several systems as previously recommended.
“Based on the velocity of the attack, assumed by sampling data we collected from our infrastructure presently blocking the attack, we consider that anywhere between 1 million to 2 million systems might have been affected in the hours prior to activating the kill switch, contrary to the immensely reported—and more conservative—estimate of 200,000 systems,” testified Salim Neino, CEO of vendor Kryptos Logic, at a joint hearing of the House Oversight and Research and Technology subcommittees.
WannaCry Ransomware attack initiated appearing in Europe and Asia on May 12 and quickly spread to the rest of the globe. Neino credits an employee of Kryptos Logic in the U.K. with stopping the fast-propagating worm attack by registering a domain linked with the malware.
“While inquiring the code of WannaCry Ransomware Attack, we recognized what looked like an anti-detection mechanism, which tested for the existence of a certain random-looking domain name,” Neino informed lawmakers. “Our team proceeded to register the domain associated to this mechanism and instructed it to one of the ‘sinkholes’ controlled by and hosted on the Kryptos Logic network infrastructure. We then noticed and confirmed that the propagation of the WannaCry attack had come to a standstill due to what we refer to as its ‘kill switch’ having been activated by our domain registration.”
Now, more than a month after registering that domain, Kryptos Logic has reduced more than 60 million WannaCry infection attempts worldwide, with about seven million of those from the U.S. The vendor assumed that those infections could have affected 10 million to 15 million unique systems had they not been stopped Neino contended.
“The greatest attack we thwarted and measured to date from WannaCry was not on the day of May 12 or 13, when the attack started, but began suddenly on the day of June 8 and 9 on a well-funded hospital in the east coast of the United States (US),” Neino added. “Another hospital was also hit on May 30 in another part of the country.”
Neino didn’t identify either system in his remarks. His testimony matches information contained in a Department of Health and Human Services alert released in early June notifying the healthcare industry that the agency was aware of 2 large multi-state hospitals systems that were “continuing to face significant challenges to operations due to the WannaCry malware.”
Although WannaCry Ransomware attack disrupted hospitals, telecommunications companies and other agencies globally, the U.S. infection rate was lower than that experienced in several parts of the world, and no federal agencies were affected.
“While WannaCry failed to compromise federal government systems, it is nearly certain that outcome was due in part to a measure of chance,” claimed Lamar Smith (R-Texas), chairman of the House Science, Space and Technology Committee, during Thursday’s hearing.
“Instead of seeing this outcome as a sign of bulletproof cybersecurity defenses, we must instead increase our vigilance to better recognize constantly evolving cybersecurity threats. This is specifically true since many cyber experts predict that we will experience an attack similar to WannaCry that is more sophisticated in nature, carrying with it an even greater possibility of widespread disruption and destruction,” Smith claims.
Since the initial WannaCry Ransomware attack last month, cybercriminals have targeted Kryptos Logic in an effort to disrupt its operations, in accordance to Neino. He said the company has “been under constant attack by unidentified attackers attempting to knock our systems offline, hence disabling the kill switch and further propagating the attack.” Although, so far, they have been unsuccessful.
WannaCry has been associated to the so-called Lazarus group that is affiliated with North Korea and is responsible for, among other cyber attacks, the 2014 Sony Pictures hack and the 2016 theft of $81 million from the Bangladesh Central Bank, according to Symantec CTO Hugh Thompson.
“WannaCry was distinctive and dangerous because of how quickly it spread,” testified Thompson. “It was the 1st ransomware-as-a-worm that had such a rapid global impact. Once on a system, it propagated autonomously by exploiting vulnerability in Microsoft Windows.”
Although, Gregory Touhill, former U.S. Chief Information Security Officer, described WannaCry as a “slow-pitch softball,” but warned that the next attack is likely to be a “high and tight fastball.” Touhill claimed the creators of Wannacry “overtly placed a kill-switch instruction set in the program’s code,” which a Kryptos Logic security researcher discovered and executed quickly to interrupt the attack.
“Next time, I don’t believe we’ll be so lucky,” he concluded. “We require stepping up our game and taking immediate actions across both the public and private sectors to better handle our cyber risk before the really fast pitches come flying into our networks.”
Thompson agreed that WannaCry was stopped before it could cause major damage, specifically in the U.S., which was the outcome of “good fortune” in minimizing the impact of the malware as much as anything else. “But, we’ll not always have luck on our side.”
The malware, which hit computer systems worldwide, involving those of the National Health Service in the United Kingdom (UK), is now considered to have infected 5 to ten times as several systems as previously recommended.
“Based on the velocity of the attack, assumed by sampling data we collected from our infrastructure presently blocking the attack, we consider that anywhere between 1 million to 2 million systems might have been affected in the hours prior to activating the kill switch, contrary to the immensely reported—and more conservative—estimate of 200,000 systems,” testified Salim Neino, CEO of vendor Kryptos Logic, at a joint hearing of the House Oversight and Research and Technology subcommittees.
WannaCry Ransomware attack initiated appearing in Europe and Asia on May 12 and quickly spread to the rest of the globe. Neino credits an employee of Kryptos Logic in the U.K. with stopping the fast-propagating worm attack by registering a domain linked with the malware.
“While inquiring the code of WannaCry Ransomware Attack, we recognized what looked like an anti-detection mechanism, which tested for the existence of a certain random-looking domain name,” Neino informed lawmakers. “Our team proceeded to register the domain associated to this mechanism and instructed it to one of the ‘sinkholes’ controlled by and hosted on the Kryptos Logic network infrastructure. We then noticed and confirmed that the propagation of the WannaCry attack had come to a standstill due to what we refer to as its ‘kill switch’ having been activated by our domain registration.”
Now, more than a month after registering that domain, Kryptos Logic has reduced more than 60 million WannaCry infection attempts worldwide, with about seven million of those from the U.S. The vendor assumed that those infections could have affected 10 million to 15 million unique systems had they not been stopped Neino contended.
“The greatest attack we thwarted and measured to date from WannaCry was not on the day of May 12 or 13, when the attack started, but began suddenly on the day of June 8 and 9 on a well-funded hospital in the east coast of the United States (US),” Neino added. “Another hospital was also hit on May 30 in another part of the country.”
Neino didn’t identify either system in his remarks. His testimony matches information contained in a Department of Health and Human Services alert released in early June notifying the healthcare industry that the agency was aware of 2 large multi-state hospitals systems that were “continuing to face significant challenges to operations due to the WannaCry malware.”
Although WannaCry Ransomware attack disrupted hospitals, telecommunications companies and other agencies globally, the U.S. infection rate was lower than that experienced in several parts of the world, and no federal agencies were affected.
“While WannaCry failed to compromise federal government systems, it is nearly certain that outcome was due in part to a measure of chance,” claimed Lamar Smith (R-Texas), chairman of the House Science, Space and Technology Committee, during Thursday’s hearing.
“Instead of seeing this outcome as a sign of bulletproof cybersecurity defenses, we must instead increase our vigilance to better recognize constantly evolving cybersecurity threats. This is specifically true since many cyber experts predict that we will experience an attack similar to WannaCry that is more sophisticated in nature, carrying with it an even greater possibility of widespread disruption and destruction,” Smith claims.
Since the initial WannaCry Ransomware attack last month, cybercriminals have targeted Kryptos Logic in an effort to disrupt its operations, in accordance to Neino. He said the company has “been under constant attack by unidentified attackers attempting to knock our systems offline, hence disabling the kill switch and further propagating the attack.” Although, so far, they have been unsuccessful.
WannaCry has been associated to the so-called Lazarus group that is affiliated with North Korea and is responsible for, among other cyber attacks, the 2014 Sony Pictures hack and the 2016 theft of $81 million from the Bangladesh Central Bank, according to Symantec CTO Hugh Thompson.
“WannaCry was distinctive and dangerous because of how quickly it spread,” testified Thompson. “It was the 1st ransomware-as-a-worm that had such a rapid global impact. Once on a system, it propagated autonomously by exploiting vulnerability in Microsoft Windows.”
Although, Gregory Touhill, former U.S. Chief Information Security Officer, described WannaCry as a “slow-pitch softball,” but warned that the next attack is likely to be a “high and tight fastball.” Touhill claimed the creators of Wannacry “overtly placed a kill-switch instruction set in the program’s code,” which a Kryptos Logic security researcher discovered and executed quickly to interrupt the attack.
“Next time, I don’t believe we’ll be so lucky,” he concluded. “We require stepping up our game and taking immediate actions across both the public and private sectors to better handle our cyber risk before the really fast pitches come flying into our networks.”
Thompson agreed that WannaCry was stopped before it could cause major damage, specifically in the U.S., which was the outcome of “good fortune” in minimizing the impact of the malware as much as anything else. “But, we’ll not always have luck on our side.”
Labels:
Healthcare Scams,
Kryptos Logic,
North Korea,
Salim Neino,
Sony Pictures
Thursday, June 15, 2017
Approximately half of agencies using Internet of Things struck by breaches
Almost half of U.S.-based companies using an Internet of Things (IoT) network have been struck by a recent security breach, in accordance with a new survey data released by strategy consulting firm Altman Vilandrie & Company.
The April survey of 397 IT executives across nineteen industries showed that 48% of agencies have experienced at least one IoT security breach. It disclosed the significant financial exposure of weak IoT security for companies of all sizes, with almost half of the businesses with yearly revenues above $2 billion assumed the potential cost of one Internet of Things breach at more than $20 million.
“While traditional cyber security has grabbed the nation’s attention, Internet of Things (IoT) security has been somewhat under the radar, even for few companies that have a lot to lose through a breach,” claimed Stefan Bewley, director of Altman Vilandrie and author of the study.
“IoT attacks reveal companies to the loss of information and services and can render connected devices dangerous to customers, workers and the public at large,” Bewley said. “The potential vulnerabilities for firms of all sizes will sustain to grow as more devices become Internet dependent.”
The study demonstrated that preparedness helps. Companies that haven’t experienced a security incursion have invested 65% more on IoT security than those who have been breached. Other key findings: 68% of respondents think about IoT security as a distinct category, yet only 43% have a standalone budget.
The April survey of 397 IT executives across nineteen industries showed that 48% of agencies have experienced at least one IoT security breach. It disclosed the significant financial exposure of weak IoT security for companies of all sizes, with almost half of the businesses with yearly revenues above $2 billion assumed the potential cost of one Internet of Things breach at more than $20 million.
“While traditional cyber security has grabbed the nation’s attention, Internet of Things (IoT) security has been somewhat under the radar, even for few companies that have a lot to lose through a breach,” claimed Stefan Bewley, director of Altman Vilandrie and author of the study.
“IoT attacks reveal companies to the loss of information and services and can render connected devices dangerous to customers, workers and the public at large,” Bewley said. “The potential vulnerabilities for firms of all sizes will sustain to grow as more devices become Internet dependent.”
The study demonstrated that preparedness helps. Companies that haven’t experienced a security incursion have invested 65% more on IoT security than those who have been breached. Other key findings: 68% of respondents think about IoT security as a distinct category, yet only 43% have a standalone budget.
Labels:
Altman Vilandrie Company,
Data Security,
EHR Privacy,
IT,
Stefan Bewley
Tuesday, June 13, 2017
How Quest Diagnostics decides expansion to provide precision oncology services?
Quest Diagnostics is expanding its business line to give precision oncology services medicine diagnostics to aid oncologists in giving optimized cancer treatment and care for patients.
Madison, N.J.-based Quest is utilizing the acquisition of two lab businesses–Med Fusion and Clear Point–in Texas to form the basis for a precision oncology services center of excellence. The two labs give a complete range of diagnostic services to physicians and provider networks.
With the acquisitions, Quest will become a preferred provider of advanced oncology diagnostics for The US Oncology Network, which involves Texas Oncology. The US Oncology Network, which is supported by McKesson Specialty Health, a division of McKesson, contains more than 400 locations across the U.S. and more than 1,400 independent community-based physicians.
Quest targets to form a new precision oncology center of excellence that intends to give community oncologists with insights on tracing cancer in sufferers and managing their care.
Quest will give genomic and pathology testing, tumor sequencing and other advanced diagnostics to choose and monitor treatment and predict disease progression.
“Precision medicine is changing the way we treat cancer and offering new hope to people living with the disease, but too often, advanced diagnostics that facilitate the best possible care are out of reach of community oncologists and their sufferers,” claimed Steve Rusckowski, chairman, president and CEO, Quest Diagnostics. “By partnering with McKesson Specialty Health and The Network, we will make Quest’s state-of-the-art genomic analysis readily available to community oncologists everywhere.”
The transaction is anticipated to be completed in the third quarter of calendar year 2017, subject to the satisfaction of customary closing conditions, involving obtaining required regulatory approvals. Additional terms weren’t unveiled.
Madison, N.J.-based Quest is utilizing the acquisition of two lab businesses–Med Fusion and Clear Point–in Texas to form the basis for a precision oncology services center of excellence. The two labs give a complete range of diagnostic services to physicians and provider networks.
With the acquisitions, Quest will become a preferred provider of advanced oncology diagnostics for The US Oncology Network, which involves Texas Oncology. The US Oncology Network, which is supported by McKesson Specialty Health, a division of McKesson, contains more than 400 locations across the U.S. and more than 1,400 independent community-based physicians.
Quest targets to form a new precision oncology center of excellence that intends to give community oncologists with insights on tracing cancer in sufferers and managing their care.
Quest will give genomic and pathology testing, tumor sequencing and other advanced diagnostics to choose and monitor treatment and predict disease progression.
“Precision medicine is changing the way we treat cancer and offering new hope to people living with the disease, but too often, advanced diagnostics that facilitate the best possible care are out of reach of community oncologists and their sufferers,” claimed Steve Rusckowski, chairman, president and CEO, Quest Diagnostics. “By partnering with McKesson Specialty Health and The Network, we will make Quest’s state-of-the-art genomic analysis readily available to community oncologists everywhere.”
The transaction is anticipated to be completed in the third quarter of calendar year 2017, subject to the satisfaction of customary closing conditions, involving obtaining required regulatory approvals. Additional terms weren’t unveiled.
Two breaches Incidents Smash Beverly Hills physician practice
Two breach tragedies have compromised records at Advanced ENT Head and Neck Surgery, a Beverly Hills physician practice, Calif.-based practice with sufferers in 16 states and 4 countries.
The provider assumes that the incidents have potentially exposed the healthcare information of about 15,000 sufferers.
In one of the breaches reported to federal agencies in the month of late May, a contracted employee is considered to have taken photos of patients before and during surgeries, and copied and stolen patient records, claims Zain Kadri, MD, who leads the practice.
Data taken by the contract worker is said to involve credit and debit card information, identification documents, copies of checks, user names, passwords and recorded conversations, as well as data on the company.
Earlier in May, the practice was struck by a break-in at its facility in which paper records and data devices were taken. The loss of data and information from that first tragedy has complicated the practice’s response because it lost contact information for many of its patients, Kadri claims.
The practice is working with regional pharmacies and other companies in the medical community to locate contact information for its sufferers.
In the latest breach tragedy, the contract worker was using a corporate smartphone to acquire data; examination of the phone assisted in the discovery of the breach, law enforcement officials said.
The practice released the following information to sufferers to head off potential incidents in which callers might recognize themselves as working for the Beverly Hills physician practice provider. “If anyone contacts you, claiming to be from Advanced ENT Head & Neck Surgery, please get their name and call our main number; then, ask to speak to (that person) directly before continuing the conversation.”
The Beverly Hills physician practice also emphasized sufferers to change their credit and debit card numbers, review accounts for unauthorized transactions, notify banks if unauthorized purchases, withdrawals or cash advances are discovered, monitor credit reports and notify local law enforcement if they become a victim of fraud. The declaration of the breaches didn’t mention the offering of protective services to affected patients, and the agency didn’t respond to a request for extra information.
The provider assumes that the incidents have potentially exposed the healthcare information of about 15,000 sufferers.
In one of the breaches reported to federal agencies in the month of late May, a contracted employee is considered to have taken photos of patients before and during surgeries, and copied and stolen patient records, claims Zain Kadri, MD, who leads the practice.
Data taken by the contract worker is said to involve credit and debit card information, identification documents, copies of checks, user names, passwords and recorded conversations, as well as data on the company.
Earlier in May, the practice was struck by a break-in at its facility in which paper records and data devices were taken. The loss of data and information from that first tragedy has complicated the practice’s response because it lost contact information for many of its patients, Kadri claims.
The practice is working with regional pharmacies and other companies in the medical community to locate contact information for its sufferers.
In the latest breach tragedy, the contract worker was using a corporate smartphone to acquire data; examination of the phone assisted in the discovery of the breach, law enforcement officials said.
The practice released the following information to sufferers to head off potential incidents in which callers might recognize themselves as working for the Beverly Hills physician practice provider. “If anyone contacts you, claiming to be from Advanced ENT Head & Neck Surgery, please get their name and call our main number; then, ask to speak to (that person) directly before continuing the conversation.”
The Beverly Hills physician practice also emphasized sufferers to change their credit and debit card numbers, review accounts for unauthorized transactions, notify banks if unauthorized purchases, withdrawals or cash advances are discovered, monitor credit reports and notify local law enforcement if they become a victim of fraud. The declaration of the breaches didn’t mention the offering of protective services to affected patients, and the agency didn’t respond to a request for extra information.
Labels:
Beverly Hills,
Data Security,
Zain Kadri
Sunday, June 11, 2017
Medicaid Claim Resolution Worksheet documents with patient information found in dumpster
The North Dakota Department of Human Services has reported the breach of patient information contained on Medicaid claim resolution worksheet documents, impacting the data of almost 2,500 individuals.
The agency reported that one of its workers was supposed to have properly disposed of the forms in secure onsite receptacles that a contractor picks up for shredding. Rather, the Medicaid claim resolution worksheet documents were found on the day of May 10 in a dumpster in Bismarck by a citizen who notified the agency, which retrieved the materials.
Now, NDDHS is notifying 2,452 affected people, offering 1 year of credit and identity theft monitoring services from CSIdentity and has taken “suitable disciplinary action against the responsible workforce member,” according to the patient notification letter.
Protected information at risk was extensive but didn’t involve the most sensitive information about recipients, like addresses, financial information and Social Security numbers.
The compromised information involved recipient names, dates of birth, Medicaid provider numbers, first two characters of providers’ names, recipient Medicaid ID numbers, two-digit code of recipients’ counties, recipients’ internal NDDHS identification numbers, dates of service, amounts billed and allowed, amounts covered by insurance, diagnosis codes, HCPCS/CPT procedure codes and details on dental work.
In the sufferer letter, the agency said it has no evidence of PHI being inadequately used or revealed and believes the risk for disclosure is low.
The North Dakota Department of Human Services is emphasizing affected individuals to review credit reports, request a free fraud alert be placed on credit files and to contact the state Attorney General Office if they become a victim of identity theft.
As is common in breach notifications, the agency apologized for the tragedy and will retain workers and review policies and procedures to ignore another similar incident.
The agency reported that one of its workers was supposed to have properly disposed of the forms in secure onsite receptacles that a contractor picks up for shredding. Rather, the Medicaid claim resolution worksheet documents were found on the day of May 10 in a dumpster in Bismarck by a citizen who notified the agency, which retrieved the materials.
Now, NDDHS is notifying 2,452 affected people, offering 1 year of credit and identity theft monitoring services from CSIdentity and has taken “suitable disciplinary action against the responsible workforce member,” according to the patient notification letter.
Protected information at risk was extensive but didn’t involve the most sensitive information about recipients, like addresses, financial information and Social Security numbers.
The compromised information involved recipient names, dates of birth, Medicaid provider numbers, first two characters of providers’ names, recipient Medicaid ID numbers, two-digit code of recipients’ counties, recipients’ internal NDDHS identification numbers, dates of service, amounts billed and allowed, amounts covered by insurance, diagnosis codes, HCPCS/CPT procedure codes and details on dental work.
In the sufferer letter, the agency said it has no evidence of PHI being inadequately used or revealed and believes the risk for disclosure is low.
The North Dakota Department of Human Services is emphasizing affected individuals to review credit reports, request a free fraud alert be placed on credit files and to contact the state Attorney General Office if they become a victim of identity theft.
As is common in breach notifications, the agency apologized for the tragedy and will retain workers and review policies and procedures to ignore another similar incident.
Labels:
Attorney General Office,
Healthcare Scams,
NDDHS,
PHI,
Social Security
Subscribe to:
Posts (Atom)