Saturday, April 29, 2017

Bill would permit use of telehealth treatment for veterans across state lines

A bill that seeks to eliminate current restrictions by permitting VA clinicians to treat veterans through telehealth treatment, regardless of location, is gaining momentum in Congress.

Under the present law, VA physicians can just waive state licensing requirements and give telehealth treatment across state lines if both the veteran and the doctor are situated in a federally owned facility. Although, the Veterans E-Health & Telemedicine Support (VETS) Act of 2017 removes these obstacles and would permit VA health professionals to practice telehealth across state lines, as long as they are qualified and practice within the significance of their authorized federal duties.

Additionally, under provisions of the VETS Act, veterans would no longer be needed to travel to a VA facility and rather could get telemedicine treatment from any location, involving their home or a community center.

The bill was launched this week in the House of Representatives by Reps. Julia Brownley (D-Calif.) and Glenn Thompson (R-Penn.). A companion bill was introduced in the Senate by Sens. Joni Ernst (R-Iowa) and Mazie Hirono (D-Hawaii).

“The VA has seen huge growth and interest in telehealth treatment, and we should continue to seek new ways to link veterans with the providers that they need, no matter their physical location,” stated Brownley in a written statement. “The VETS Act will boost veterans with more options and greater access to the care that they have earned and deserve.”

The proposed legislation has got support from industry groups, involving the American Telemedicine Association and Health IT Now.

“The VETS Act takes commonsense steps to eliminating artificial barriers standing in the way of veterans’ access to healthcare,” stated Joel White, executive director of Health IT Now. “Reps. Thompson and Brownley and Senators Hirono and Ernst rightly identify how technology and telehealth can alleviate geographic burdens on both sufferers and providers.”

For its part, ATA sent a letter in late March to VETS Act co-sponsor Senator Ernst, expressing the strong support of group for the bill, which—among other provisions—would develop a state licensure exemption to permit VA-credentialed healthcare experts to work across state lines to perform telemedicine without having to gain a new license in that state.

“This will permit a VA health professional to serve a veteran with a single state license,” wrote Jonathan Linkous, the ATA’s chief executive officer. “In the year of 2011, Congress, without opposition, provided comparable statutory authority to the Department of Defense for health providers and sufferers. We supported that legislation and have supported comparable authority for the Department of Veterans Affairs and other federal healthcare since then.”

 

Friday, April 28, 2017

Approximately 90% of agencies struck by a data breach

Hackers sustain to gain the upper hand in the war for data breach, with an astounding 87% of agencies saying they were the victims of cyberattacks in the past twelve months.

That is one of the findings in the new research “Threats Below the Surface Report,” which surveyed more than 3,000 Information Technology (IT) experts on the security risks, priorities and capabilities that are top-of-mind. The research also discovered that one in three agencies reported that they had been hacked more than 5 times in the last 12 months, double the rate of 2014.

One of the leading causes of the rise in data breach risks is the rapid adoption of cloud computing, the study demonstrates.

“Enterprise cloud apps lack critical controls for data security that could primarily decrease the threat of a breach,” stated Nat Kausik, chief executive officer at Bitglass, which co-produced the study along with the CyberEdge Group and Information Security Community. “While few agencies can recognize potential leaks after the fact, some organizations can remediate threats in real time.”

Kausik shared several dramatic statistics regarding data breaches and cyber preparedness:

  • 54% of organizations hit with a ransonware attack were capable to recover without paying up.

  • 52% of organizations hope to increase their overall information security budgets.

  • 39% of agencies in retail and 36% in technology are spending a larger portion of their budgets on information security than in other vertical markets.

  • 37% said phishing is a top security concern, followed by insider threats (cited by 33%) and malware (32%)

  • 36% of agencies monitor mobile devices

  • 24% of organizations monitor SaaS and IaaS apps for security risks


The research also discovered that 62% of organizations that have adopted the cloud say improved threat detection is the most critical threat management capability. Other capabilities most in demand involve data encryption (cited by 72%), traffic encryption (cited by 60%) and access controls (cited by 56%).

As for cloud-specific concerns, the problems that organizations are struggling with the most include data leakage (cited by 57%), data privacy (cited by 49%), confidentiality (cited by 47%) and compliance (cited by 36%).

Thursday, April 27, 2017

Western Health Screening breach impacts the 15,326 sufferers

Western Health Screening, which gives onsite blood screening services at health fairs across the region of Colorado Western Slope, is providing 15,326 affected people protective services following a data breach.

Much of the at-risk patient information isn’t largely sensitive—data on the drive included names, addresses and phone numbers, but few Social Security numbers also might have been compromised, claimed the healthcare agency.

The breach happened when a car owned by Western Health Screening was stolen; a flash drive with the protected health information was in the car. The drive was password protected but not encrypted; it hasn’t been recovered.

Data on the flash drive can be accessed merely by using a unique password, and to date, there is no proof of data misuse, in accordance to Western Health Screening.

Still, the agency is offering 3 tiers of protective services from Kroll to affected people. The services being administered by Kroll involve credit monitoring, identity theft restoration and fraud consultation, a service that other healthcare agencies have rarely provided after a breach tragedy.

Western Health Screening didn’t respond to a request for data on the decision-making process they followed in making protective services to affected people.

Robert Belfort, a HIPAA attorney at the law firm Manatt, Phelps & Phillips, points out that if Social Security numbers were potentially compromised, the offer of multiple protections doesn’t seem like overkill. “If SSNs weren’t involved, the offer would appear to be very generous, however in my experience, there is a broad variation in how healthcare agencies treat these matters,” he adds.

 

ONC reviews the Healthcare interoperability standards measurement framework

The Office of the National Coordinator for Health Information Technology is seeking public comments on a proposed industry-wide measurement framework developed to assess the execution and utilization of healthcare interoperability standards measurement framework.

“The current capabilities of stakeholders to measure healthcare interoperability standards vary primarily across the health IT ecosystem,” claims the document. “This framework aims to assist health IT developers, health information exchange agencies and healthcare providers shift towards a set of uniform measures to assess interoperability progress.”

ONC asserts that this measurement is crucial to better understanding the variability in how standards are executed in the field, involving where this variability is occurring and possibly impeding interoperability. The aim is to reach consensus on industry-wide measures to assess the implementation and use of healthcare interoperability standards.

“Precise measurement will need powerful support and participation from several health IT stakeholders,” writes Steve Posnack, director of ONC’s Office of Standards and Technology, in an April 26 blog. “Feedback will assist us to engage and coordinate with stakeholders, specifically those who might be in the best position to contribute data toward industry-wide measures.”

Among the queries ONC is searching to answer: Is a voluntary, industry-based measure reporting system the best means to execute this framework? And what obstacles might exist to a voluntary, industry-based measure reporting system, and what mechanisms or approaches could be considered to increase this system’s value to stakeholders?

For 3 years, ONC has released its Interoperability Standards Advisory (ISA), giving the healthcare industry with a listing of healthcare interoperability standards and implementation specifications meant to increase the flow of electronic health information.

While the ISA seeks to offer some guidance on standards measurement by estimating a implementation of standards and use in the field, Posnack appreciates that quantifiable data regarding the implementation and use of standards today is mostly not readily available or regularly tracked.

“Finally, a finalized measurement framework would enable aggregate, industry-wide statistics that could be utilized as a resource by all stakeholders to inform business decisions, enrich policy deliberations and enhance the precision of the guidance given by the ISA,” summarizes Posnack.

ONC is accepting comments on the framework until 5 p.m. ET on July 31. The agency points out that comments and suggestions submitted as part of this procedure will be made public.

Wednesday, April 26, 2017

Ransomware epidemic will sustain to devastate healthcare industry

There is a ransomware epidemic prevailing across the industry of healthcare that indicates no signs of slowing down, in accordance to GreyCastle Security CEO Reg Harnish.

He asserts that healthcare is not any more susceptible to ransomware epidemic than other industries. But Harnish analyzes that—given the value of patient data and medical records—providers are the focus of cyber criminals who are aiming them with file-encrypting malware.

“You take their information away, and it usually threatens lives, patient safety and patient care, so they are much more likely to pay a ransom,” he adds.

Business is booming at GreyCastle, which is faing triple-digit growth year over year. The Troy, N.Y.-based consultancy has merely been in operation for 6 years, but Harnish asserts that his company is considered to be one of the largest cybersecurity risk assessment, advisory, and mitigation firms in the country.

“We’ve a very deep practice in healthcare, involving incident response where we have been addressing ransomware,” claims Harnish. “It is everywhere. This issue is not going away.”

When it comes to prevention, Harnish considers that healthcare agencies must conduct regular and systematic assessments to recognize, prioritize and measure cybersecurity risk. He points out that most ransomware epidemic cases appear “because an end user on the clinical staff or administration falls victim to a social engineering attack.”

To stop these kinds of breaches, Harnish suggests healthcare agencies adopt a heightened sense of awareness that comes from training end users on emerging cyber threats and what to do about them. “An effective awareness program that assists their employees and contractors to be capable to identify a social engineering attack and then report it is job No. 1,” he contends.

He says that Locky and Sage ransomware epidemic sustain to appear on the phishing threat landscape in the year of 2017. “The reality is that our adversaries are getting better faster,” in accordance to Harnish, who says ransomware is evolving in terms of ease-of-use, features, and functionality.

“They are selling this stuff merely like Microsoft,” he adds. “They are in business to sell software or, in their case, malware. All of them today are undergoing a similar ype of evolution to (what we saw with) Microsoft Office. Cyber criminals aren’t a bunch of teenagers wearing hoodies. It is very organized and sophisticated.”

Harnish recommends that agencies have a response capability, which he analyzes as being critical for handling, coordinating and monitoring a cybersecurity tragedy from initial discovery through resolution. “They require having a response plan so if and when it happens, they can respond very rapidly,” he summarizes.

On the query of whether or not agencies should give in to the demands of cyber criminals using ransomware, Harnish claims that GreyCastle never suggests paying a ransom. “There is no guarantee that the ransom will work,” he cautions. “If you pay the ransom, you might not get decryption keys. And even if you do get decryption keys, they may not be the right ones.”

Moreover, Harnish warns that those agencies that pay a ransom then get put on a list of victims who’ve complied with ransomware demands. As an outcome, he says they are much more likely to be targeted again as a “paying” customer. “None of our customers have ever paid a ransom,” he adds.

 

Tuesday, April 25, 2017

Cardiology vendor pays $2.5M Fine for HIPAA violation

CardioNet, a cardiology vendor of ambulatory cardiac monitoring products, has paid a fine of $2.5 million and will execute a two-year corrective action plan under a settlement agreement with the Office for Civil Rights of the Department of Health and Human Services, which implements the HIPAA privacy and security rules.

The sanction follows the 2012 theft of a laptop from a worker’s car that compromised the security of electronic protected health information for 1,391 people.

OCR’s inquiry, in accordance to the agency, discovered that Cardiology vendor had poor risk analysis and risk management procedures in place at the time of the theft; policies and procedures to comply with the security rule still were in draft form and hadn’t been implemented, the enforcement agency asserts.

In its inquiry, OCR further learned that CardioNet, now a part of BioTelemetry, had no final policies or procedures to execute safeguards for protected information, involving those for mobile devices.

“CardioNet failed to enforce the specifications needed to develop a security management process to stop, detect, contain and correct security violations,” OCR pointed out in the resolution agreement.

The company, OCR added, didn’t have procedures governing receipt and removal of media containing electronic protected health information, encryption and movement of these items within its facilities until the year of March 2015. That means CardioNet didn’t take action until it was in trouble, a situation that is usually happening when OCR investigates breaches.

Representatives of CardioNet or BioTelemetry didn’t respond to a request for extra information. The corrective action plan is available here.

 

Monday, April 24, 2017

EHR information indicates reduction in opioids prescription by doctors

As the opioid issues reaches epidemic proportions, latest electronic heath record data show that physicians are giving opioids prescription to fewer sufferers, and they are also being stingy when it comes to prescribing drugs to treat opioid dependence.

Athenahealth, a cloud-based electronic health record (EHR) vendor, observed data from more than 2 million sufferer visits from the first quarter of 2014 to the first quarter of 2017 year.

While the misuse of opioids prescription has emerged as an urgent public health crisis, what researchers discovered is that opioids prescription have been steadily reducing over that time period.

“We have seen doctor prescribing patterns decreasing,” claims Josh Gray, vice president of athenaResearch. “It is been specifically notable, for instance, that orthopedic surgeons and primary care physicians have seen decline.”

Based on the EHR data, both orthopedic surgeons and primary care physicians are prescribing opioids to fewer patients.

At the similar time, Gray points out that more sufferers have opioid addictions but there has only been a slight increase in providers prescribing drugs to treat opioid dependence, which he observes as a troubling development.

“If you are a doctor and you are reducing the frequency with which you give patients opioids prescription, some of those sufferers might be dependent,” observes Gray. “You would like to think that at least the healthcare system would be giving medication-assisted treatment to patients that are addressing with dependence or active addiction.”

He adds that the proportion of doctors in athenaResearch’s dataset that prescribe buprenorphine, a medication that decreases or eliminates withdrawal symptoms linked with opioid dependence, has “barely nudged up” which Gray explains as a “terrible” trend.

“Doctors are being much more parsimonious in terms of opioids perscription, but the accessibility to medication-assisted treatment—such as buprenorphine and similar pharmaceutical compounds—is not increasing,” in accordance to Gray. “I am not a physician, but that might be one of the reasons we are seeing continued immensely high levels, if not increases, in overdose deaths. It is not that difficult to procure opioids illegally. So, sufferers who are dependent that cannot get medication to treat their dependence then go to other sources that are not medically supervised, which is highly dangerous.”

Since the year of 2000, more than 300,000 Americans have lost their lives to an overdose from either prescription or illicit opioids, in accordance to the Centers for Disease Control and Prevention. The CDC has been working to make better the opioid prescribing to reduce unessential exposure to opioids and stop addiction.

In the month of December 2016, President Obama signed the 21st Century Cures Act which provides $1 billion in new funding to combat the opioid crisis. Previous week, Health and Human Services Secretary Tom Price, MD, announced that HHS will soon give $485 million in grants to assist states and territories target opioid addiction—the first of two rounds provided for in the Cures Act.

HHS has prioritized 5 particular areas: strengthening public health surveillance, advancing the practice of pain management, making better access to treatment and recovery services, targeting availability and distribution of overdose-reversing drugs, and supporting cutting-edge research.

 

Saturday, April 22, 2017

Allscripts Professional EHR to deliver completely certified 2015 edition technology with Drummond Group LLC

Allscripts Professional EHR is the first solution of industry certified to enable clinicians to meet the needs of the EHR incentive program as well as the QPP (Quality Payment Program). The solution offers all eligible clinicians the relevant workflows and technology they require meeting Meaningful Use 3 (MU3) and Merit-based Incentive Payment System (MIPS) requirements.

Through its compliance with Drummond Group LLC, the latest version of Professional EHR is now certified for Modified Meaningful Use (MU) Stage 2, Meaningful Use Stage 3, Advancing Care Information (ACI) and ACI transition requirements. The certification is depicted on the Office of the National Coordinator for Health Information Technology (ONC-HIT) Certified Health IT Product List (CHPL).

Allscripts Professional EHR assists to make better clinical, operational and financial outcomes. The solution determines clinicians to streamline administrative and clinical workflows, simplify daily procedures, document care rapidly, improve patient engagement, education and communication and attain better insights from analytics.

“Drummond Group is pleased to serve as both the Accredited Test Lab (ATL) and the Authorized Certification Body (ACB) for Allscripts in gaining this substantial milestone. Our personal touch, responsiveness and years of experience with the ONC have firmly developed Drummond Group as the preferred ATL/ACB in the healthcare industry,” stated Dave Dolan, President of Drummond Group. “We’re delighted to release this certification to Allscripts and appreciate their foresight and leadership in recognizing the importance this certification represents to its customers and the industry. I am proud of the Drummond team’s devotion to give the continuous pre-test support that enabled Allscripts to become one of the first to be completely certified against the 2015 Edition criteria.”

 

mHealth Apps for Cancer Survivors Are not Effective as they Sould be

Mobile health apps developed for cancer survivors are not the meeting the requirements, in accordance to the Cancer Prevention Institute of California.

A 2016 analysis of dozens of mHealth apps by researchers from CPIC and Stanford University discovered that some “executed empowerment elements, underwent rigorous design approaches or included assessment of use in the cancer survivor population.” The analysis was reflected in the March 24 issue of the Journal for Cancer Survivorship.

“This diminishes the worth for the cancer survivor population but could be conveniently dealt through standardized development and testing processes,” Sharon Watkins Davis of CPIC and Ingrid Oakley-Girvan, of the Stanford Cancer Institute and Canary Center at Stanford for Cancer Early Detection, summarized.

mHealth apps for cancer survivors are an increasing niche in the digital health space, giving online resources for physical and mental health problems, information on side effects, medication adherence and care management information and tools to trace activity, exercise, diet and nutrition, even moods.

With somewhere between 350,000 and 300,000 mHealth apps now available in key app stores, the issue for both healthcare providers and consumers lies in finding the app that works best for them. Clinicians have been historically reluctant to accept or suggest apps that they do not trust, and attempts to curate and evaluate apps are merely now gaining momentum.

Previous summer, a study out of the University of California at San Francisco discovered that few of the most famous mHealth apps are failing because they are too complex to use. Other studies have pointed to uncertainties about privacy and security.

Watkins Davis and Oakley-Girvan say the apps they’re studied were not planned out rightly.

In their research, Watkins Davis and Oakley-Girvan say companies developed apps for cancer survivors are skipping developmental and testing steps in case to rush their product to market – involving collaborating with cancer survivors. They end up missing or overlooking aspects of an app that could prove injurious to cancer survivors or make the app unattractive.

They suggest app developers follow these guidelines:

  • Conduct a needs assessment with cancer survivors and healthcare practitioners;

  • Include healthcare practitioners and staff throughout the app development procedure;

  • Give potential users with a chance to verify the user interface;

  • Tailor apps to survivors’ treatment history, stage of readiness to change, exercise ability, age, cognitive capabilities and individual health aims;

  • Plan for suitable infrastructure involving IT support, secure data transmission protocols, adequate bandwidth to decrease or eradicate downtime and adoption of legal and privacy requirements like HIPAA; and

  • Measure impact over a longer period of time.


“There is huge potential for mobile health apps to make better the long-term health results among cancer survivors, but the field of mobile health research is in its infancy,” Lorene Nelson, an associate professor of health research and policy at the institute of Stanford University School of Medicine, claimed in a press release released by CPIC after the study was issued.

 

Thursday, April 20, 2017

Modern technology could change how pathologists examine tissue samples

The days of pathologists viewing tissue samples on glass slides under a microscope might be drawing to an end. New technology granted marketing rights on the day of April 12 by the Food and Drug Administration enables the review and interpretation of digital surgical pathology slides prepared from biopsied tissue.

Philips Medical Systems got the FDA approval for its Philips IntelliSite Pathology Solution, or PIPS.

“The system enables pathologists to view and read tissue samples digitally in case to make diagnoses, instead of looking directly at a tissue sample mounted on a glass slide under a conventional light microscope,” Albert Gutierrez, director of FDA’s Office of In Vitro Diagnostics and Radiological Health stated.

The approach has the possibility to bring efficiencies to healthcare agencies by digitizing pathology procedures that have relied extensively on physical storage of specimens.

“Because the system digitizes slides that would otherwise be stored in physical files, it also gives a streamlined slide storage and retrieval system that may finally assist to make critical health information available to pathologists, other healthcare professionals and sufferers faster,” Gutierrez states.

Pathologists are scientists practicing the research of disease and making diagnoses by viewing tissues, organs, body fluids and autopsies. In contrast to the present practice of mounting tissue on a slide and applying stain to ease viewing and evaluation, PIPS scans and digitizes conventional slides with resolution of as much as 400 times magnification.

By utilizing PIPS, pathologists yet must put a tissue sample on a slide, but then a digital image is taken, enabling the corresponding increase in resolution.

When slides are digitized, they are available for query in a database, as opposed to current practices of slides placed in a physical filing system that the pathologist thumbs through to find the right slide.

Readings, the FDA warns, do not change because the tissue samples are on a digital platform.

In clearing PIPS to enter the market, FDA utilized a recently adopted accelerated review and decision procedure that quickens approval of new low or moderate risk innovations not substantially equivalent to already-marketed devices in an effort to speed medical innovation.

FDA approval came after the organization evaluated data from about 2,000 pathology cases using tissues from several parts of the body. Results discovered that diagnoses made using PIPS images were comparable to findings using glass slides. Risks of utilizing PIPS are similar to those of traditional microscope findings.

 

Wednesday, April 19, 2017

Study asserts Hospital Compare errs on AMI mortality amounts at certain facilities

The Hospital Compare website, operated by the CMS (Centers for Medicare and Medicaid Services), is meant to assist people learn about the quality of hospitals, but a recent study emphasizes that the statistical methodology utilized by Hospital Compare underestimates heart attack or Acute Myocardial Infarction or AMI mortality amounts for small hospitals.

“The underestimation of AMI mortality amounts at small hospitals, as seen in Hospital Compare, contradicts initially established research and consistent findings that mortality rates are generally higher at low-volume hospitals,” stated Jeffrey Silber, MD, co-author of the study, professor of pediatrics at the Children's Hospital of Philadelphia and professor of health care management at The Wharton School.

The website is intended to assist sufferers and their families make decisions about providers by giving a side-by-side comparison between facilities in their place.

The study, released in the Journal of the American Statistical Association, makes the case that Hospital Compare’s statistical methodology—the random effects logit model—really shrinks mortality rates from small hospitals to resemble the national average.

“Hospital Compare’s finding of average risk at small facilities is a mistake because the current model isn’t precisely calibrated,” stated Edward George, professor of statistics at the University of Pennsylvania’s Wharton School and co-author of the study. “It is an error that has implications for sufferers.”

CMS officials weren’t immediately available for comment about the findings of the research.

Nevertheless, previous year, the agency released a statement saying it “designed the methodology to be inclusive of as many hospitals and as several measures as possible,” which “stops the methodology from limiting star rating calculations to certain types of hospitals based on characteristic or size.” Although, at the same time, CMS noted that it’ll “continue to re-evaluate and make any needed modifications to the methodology over time.”

“As a model for AMI hospital mortality amounts, we’ve discovered the hierarchical random effect logit model used by Hospital Compare to be inadequate, compared to alternatives that model hospital effects as a functions of hospital attributes,” summarize the authors, who add that “sufferers deserve to have the most accurate information available so they can make well-informed healthcare decisions.”

 

Siemens Healthineers expands its population health management product line

Siemens Healthineers is expanding its range of population health management product line with a pending acquisition of radiology vendor Medicalis for an unveiled sum.

Imaging workflow software is being sold by Medicalis, a referral management platform to assist integrated delivery systems reduce consumer leakage to another healthcare system, and radiology clinical decision support software.

“The acquisition of Medicalis will permit us to offer healthcare providers a strong solution to define, execute, monitor and evolve their own standard of care for the diagnostic service line,” claims Robert Taylor, head of digital services population health management at Siemens Healthineers.

The tools, Taylor adds, will develop standardized diagnostic pathways to improve outcomes, control charges and improve the patient experience.

The workflow software helps in ensuring the right specialist is in place with the right tools to complete a timely radiology read while also stopping gaps in care. The referral management software involves simple appointment scheduling tools to enable sufferers to schedule examinations in their provider network.

The clinical decision support system directs and guides physicians through procedures mandated under the Protecting Access to Medicare Act of 2014 to ensure the appropriateness of imaging orders as well as appropriate use criteria deployed on evidence-based best practices.

The law, effective in the year of January 2018, further mandates consultation of the appropriateness of clinical decision support at the point of order for few advanced imaging tests.

 

Tuesday, April 18, 2017

Medical devices security sustains to be critical question in buying decision

Healthcare agencies searching to purchase medical devices are doing their homework and initiating to inquire manufacturers more queries about security than in the past, claims George Gray, chief technology officer and vice president of software and information systems at Ivenix, a manufacturer of infusion pumps. Medical devices security sustains to be critical question in buying decision.

That is a good start, in accordance to Gray. But, several potential buyers are not aware that pumps are small computers and prospective customers should be asking the similar questions they would inquire when assessing any other kind of information system.

They requirement to challenge vendor assertions that their pumps and other devices are secure by inquiring what kinds of vulnerabilities the devices have as well as the plan and schedule for decreasing the vulnerabilities. Because pumps are small computers confronting all the threats that other computers face, providers must not tolerate hedging by vendors on security answers, Gray suggests. Medical devices security sustains to be critical question in buying decision.

Prospective customers should hope vendors to come clean on any current susceptibilities and resolution plans. In specific, buyers should inquire if they can handle user access, roles, credential and permissions on a device, which offers the user more control over security. Also, they should ask if the vendor contracts with ethical hackers to assess vulnerabilities as its products are being built; the hired help will find vulnerabilities the vendor never knew, Gray contends.

Vendors might say their pumps cannot be hacked because they are running on a proprietary operating system and not Linux or Windows. Although, Gray claims the pumps remain vulnerable because whatever operating system is being used still can be struck by a denial of service attack where a ping, or message, is sent to a device or web site inquiring permission to enter and the pings just keep coming until the device is overwhelmed. “A proprietary operating system can be hacked as conveniently as any other operating systems,” he further adds.

Additionally, vendors should be asked if they can make sure that patient data is locked down and encrypted when being sent as a message or being stored. Gray suggests asking what the vendor will do the day it is hacked and to elaborate the resources it has to identify and fix issues, and processes to rapidly get the fix out to customers. Moreover, he advises asking if a vendor can download software to the customer on a daily basis merely as Microsoft can. Medical devices security sustains to be critical question in buying decision.

“At this stage of the game it is significant to have a straight talk and lay cards on the table,” Gray recommends.

He analyzes that customers often are coming in with a series of questions ready and vendors might be more focused on answering the queries in a way to secure the sales position with the customer, which can turn into a heated discussion with the customer initiating to distrust the vendor.

If a vendor’s present product is not as up to speed on security as it should be, the vendor should be candid with the customer and also giving few options, like falling back on use of a private network until the new product comes out, Gray adds.

 

 

Monday, April 17, 2017

NextGen Healthcare purchases Entrada in move to empower efficiency of users

NextGen Healthcare is buying Entrada, a mobile app vendor that gives applications that enable physicians to utilize dictation to add notes to several vendors’ electronic health records (EHRs) systems.

Industry observers believe the purchase could be the first of various similar acquisitions by electronic health records (EHRs) vendors that sell products in the ambulatory care space, as they attempt to deal the requirement to ease physicians’ documentation burdens.

NextGen Healthcare declared the Entrada acquisition last week. Under terms of the purchase, NextGen Healthcare will pay about $34 million for Entrada. That is about 3 times its 2016 revenues of $12 million; the company reported a $2 million loss in the year ended on the day of December 31.

The mobile app of Entrada integrates with clinical platforms and all major electronic health records (EHRs). It enables a doctor to dictate clinical data into a smartphone and then edit it. The physician can send documentation straightly into an EHR or securely send it to Entrada’s transcription team to complete all required documentation and related tasks. This saves time for the physician and obviates the requirement for either in-house transcriptionists or transcription services.

The purchase brings various benefits to NextGen, contends John Osberg, managing partner at Informed Partners, a consulting firm specializing in the ambulatory care space.

With the acquisition, NextGen Healthcare gets advanced documentation software to make physicians’ lives simpler and a new marketing channel to cross-sell its several product lines—which involve electronic health records (EHRs), practice management, revenue cycle, population health, interoperability, analytics and cloud services—to Entrada customers, specifically those who work in specialty practices.

The addition of Entrada gets NextGen into health information management, Osberg claims. “This is an all-document workflow play. The doctor dictates, (and) the documentation is transcribed and fed into the EHR,” he elaborates. “NextGen gets deeper core competencies in cloud and mobile services.”

The purchase affirms the future that NextGen considers mobility solutions will play in future use of EHR solutions, claims Rusty Frantz, NextGen’s president and CEO. “Mobile health solutions in the palm of the provider are rapidly becoming some of the most valuable real estate in healthcare,” he states.

"Entrada is concentrated on improving clinical workflows and developing opportunities for extra provider and patient engagement for the next generation of care delivery," pointed out Bill Brown, CEO of Entrada. "With NextGen Healthcare’s resources, we can accelerate unlocking the productivity potential for caregivers, finally assisting them gain time to focus on their patients."

NextGen didn’t respond to a request for an interview to discuss the acquisition.

Entrada, Osberg considers, could lose few of its current clients who are ambulatory software rivals to NextGen. For instance, Entrada has a marketing relationship with ambulatory vendor Greenway Health, which also operates a health information technology marketplace where vendors offer their own products, and Greenway could decide to terminate the Entrada relationship.

This kind of acquisition will not be the last, Osberg further predicts. There are competitors to Entrada who now are becoming more appealing to other vendors in the ambulatory software space that are seeking to add operational efficiencies to their product offerings.

 

Sunday, April 16, 2017

How hospital database controls can decrease the susceptibility to hacking?

As hackers increasingly target healthcare industry to gain access to information, hospitals require improving efforts to secure patient information, mostly stored in several places throughout their systems. Hospitals have hundreds if not thousands of hospital database controls and most of them can serve as a launch pad for hackers, asserts Bill Fox, vice president of healthcare and life sciences at MarkLogic, a vendor that gives enterprise database technology.

Too often, workers and clinicians have unlimited access to data, he claims, and that access should be limited on a need-to-know basis; and after a task is done, that access should be eradicated to decrease the chance for accidental exposure.

“Hackers can do many things at even the lowest hospital database controls level,” Fox emphasizes. “They can go in the database and use it to get to another database, not merely using that second database as a hijacking device, but using it to get to the motherlode.”

Fox was an ex-deputy chief of economic and cyber crime at the Philadelphia District Attorney’s Office, where he inquired and prosecuted hackers targeting healthcare agencies and other industries. In one case, hackers sat in a car in the parking lot of a large retail chain and used the inventory mainframe to access other information systems, eventually stealing information on 5,000 people.

Hackers do not just come from the outside; in several cases, they work inside an agency and, as several providers have learned over the years, they are just as dangerous, Fox says. Too many providers aren’t monitoring worker activity when simple analytics could rapidly spot an offender. Using business intelligence tools to observe an organization’s network activity might identify workers accessing parts of hospital database controls that they have never used before.

Developing formal separation of duties among worker will lessen accessibility to information that they do not need, so healthcare agencies should give pieces of documentation and limit authorized information systems access, with everyone merely having the information they require, he counsels.

“You actually need to make sure that the capability to roam all over the network is immensely limited. Teach and enforce rules, involving rules on clinicians who did not go to school to become security experts but to be doctors and nurses, and only now are catching up to the requirement for security to become a priority. Some 73% of healthcare users are security novices—there is your attack surface for a hacker.”

 

Saturday, April 15, 2017

ONC declares Five pilot sites that have been opted for Sync for Genes program

The Office of the National Coordinator for Health IT has declared five pilot sites that have been chosen for their engagement with different facets of genomic data as part of the recently launched ONC-funded Sync for Genes program designed to assist bring clinical genomics to the point of care.

The five Sync for Genes pilot agencies and their respective focuses are:

  • Counsyl with Intermountain Healthcare (Family Health History Genetics)



  • The Food and Drug Administration (Sequencing Quality and Regulatory Genomics)



  • Foundation Medicine with Vanderbilt University Medical Center (Somatic/Tumor Testing)



  • Illumina (Next Generation Sequencing Solutions)



  • The National Marrow Donor Program/Be The Match (Tissue Matching)


Gil Alterovitz, who leads the Sync for Genes effort and is a professor at the institute of Harvard Medical School’s Computational Health Informatics Program/Boston Children’s Hospital, claims each of the five pilot sites represent distinct use cases in precision medicine.

“We have made incredible development just in the last few months,” adds Alterovitz. “It is actually wonderful to be capable to move forward and gather these precious insights from real-life settings. As ONC’s Jon White has called the pilot groups, these are the ‘real heavyweights’ in this field.”

“Feedback from the five pilot sites will be utilized by Sync for Genes to ensure the development of open source validation scripts and implementation guidance documents to support requirements in the field of genomics for others to utilize,” states an April 11 ONC blog.

Previously this year, ONC inaugurated Sync for Genes in partnership with the National Institutes of Health to support NIH’s Precision Medicine Initiative. Specifically, S4Genes is supporting the PMI national cohort of 1 million or more Americans—the All of Us research program—who will contribute their physical, genomic, and electronic health record-based clinical information to the landmark study.

For its part, Sync4Genes is meant to make better the genomic information sharing—involving information from next generation sequencing (NGS) laboratories—in a consistent and usable way through point-of-care applications as well as “create a foundation for widespread use of genomic information to be shared in the All of Us research program and future studies,” in accordance to ONC.

“Sync for Genes is our 1st step towards integrating clinical genomics and clinical genomics testing into the point of care by expediting the utilization of standards like HL7’s (Fast Healthcare Interoperability Resources),” claims Acting National Coordinator Jon White, MD. “It is meant to enable and improve patients’ capabilities to seamlessly share their genomic information…we are going to take those standards that we have been working on and we are going to be pilot testing them.”

 

Friday, April 14, 2017

Feds punishes Metro community provider network with $400,000 Fine for HIPAA violations

Unsuccessful to undertook a risk analysis and establish a risk management plan as required under the HIPAA privacy and security rules has landed a provider agency in trouble with the HHS Office for Civil Rights, leading to a $400,000 fine and imposition of a 3-year corrective action plan. Metro Community Provider Network is a huge federally qualified health center with 21 clinics serving 43,000 primarily poor sufferers in 5 counties throughout the Denver region. Its services involve primary care, pharmacy, dental, social work and behavioral health.

In the month of January 2012, Metro Community Provider Network informed OCR that a hacker accessed workers’ email accounts through a phishing attack and gained electronic protected health information on 3,200 people. “OCR’s investigation disclosed that MCPN took important corrective action related to the phishing tragedy; although, the investigation also unveiled that MCPN failed to conduct a risk analysis until the year of mid-February 2012,” the agency asserts in a statement.

When MCPN ultimately conducted a risk analysis, it and subsequent risk analyses weren’t enough to meet HIPAA security rule requirements, in accordance to OCR.

OCR has now levied huge sanctions against almost 50 HIPAA covered entities. Although, starting in the year of 2016, OCR has ramped up HIPAA enforcement actions and is levying considerably higher fines, concentrating on covered entities’ requirement to have viable risk assessment programs in place. Fines levied against providers in the year of 2016 and 2017 have ranged from $2.14 million to $5.55 million.

However, in the declaration of sanctions against Metro Community Provider Network, OCR appeared to provide the organization a financial break due to the nature of the work it does. “With this settlement amount, OCR considered MCPN’s status as a federally qualified health center when balancing the importance of the violation with MCPN’s capability to maintain sufficient financial standing to make sure the provision of ongoing care.”

In response to an appeal for comment, Metro Community Provider Network released the following statement:

“In the year of 2011, Metro Community Provider Network (MCPN) had a phishing tragedy which was reported to Health and Human Services and the Office for Civil Rights. Since that time, the agency has worked with these entities to assure HIPAA compliance, involving reaching an agreed upon settlement of $400,000. MCPN is happy with the work that has been done and continues to assure that sufferer privacy is protected.”

The resolution agreement and corrective action plan are available here.

Thursday, April 13, 2017

Why pressure will increase for agencies to handle data lakes?

Data lakes are becoming the preferred platform for advancing the data settings, but several agencies sustain to struggle with managing them.

Rising issues in managing a swelling tide of information for several organizations is resulting in something more closely resembling a data swamp in contrast to a data lake, several data experts believe.

An increasing number of agencies are using data lakes to either augment data warehouses or to serve as the enterprise data hub, claims Ben Sharma, chief executive officer at Zaloni, a data management company based in Durham, NC.

“Unmanaged, poorly thought via data lakes are generally data swamps, and their usefulness decays over time,” Sharma asserts.

“Organizations are realizing that they require more agile data platforms and deeper analytical capabilities to compete effectively in their market,” Sharma claims. “The huge trend we see is agencies moving from sandbox or single-purpose big data applications to enterprise wide governed data lake implementations.”

Numerous other trends are emerging in various data-intensive industries, Sharma adds.

“The Internet of Things (IoT) is a big topic. Machine learning is also on everyone’s list. It is early stage, but as an industry, we’re all searching for ways to leverage automated algorithms to make better our understanding of our data and to get faster insight,” Sharma states.

“We’re also seeing a real emergence of IT in the big data landscape,” he adds. “As data lakes become more mission critical, organizations are looking to IT to give the governance, security and automation needed for these applications.”

Perhaps the greatest challenge agencies are facing is “finding, rationalizing and curating the data from across an enterprise for analytics solutions,” Sharma elaborates. “The capability to easily access data, refine data and collaborate on data needs sustains to be a large roadblock for many analytic applications.”

The requirement for improved analytics is increasing within several industries, involving healthcare, and that will force improvements in data management capabilities.

“While there are increasingly strong and effective analytics applications, the data management, integration and governance activities sustain to be a key hurdle in rapidly making effective use of scale out architectures. For this reason, several agencies are still slow to adopt big data technologies in a production capacity,” Sharma states.

 

Wednesday, April 12, 2017

Virus hits system at Erie County Medical Center

The Erie County Medical Center, a 550-bed hospital in Buffalo, N.Y., has been struck by a computer virus and in response has shut down the email, electronic health record (EHR) system and website of facility as a precautionary measure. ECMC’s Terrace View long-term care facility has also been impacted.

A virus was traced early Sunday morning at Erie County Medical Center, which is the key teaching hospital for the University at Buffalo, in accordance to Peter Cutler, vice president of communications and external affairs.

According to organizational protocols, Cutler claims that the IT team of hospital “shut our system down” and that as of Tuesday afternoon, he stated that it remained out of commission.

“The electronic health record (EHR) system isn’t running but it hasn’t been affected as far as we can tell,” he adds. Deployed on an assessment of its EHR, Cutler asserts that “at this stage we have not detected that there is been any compromise of patient health information.” At the similar time, he pointed out that all medical records are backed up and as an outcome are protected from being lost. For the time being, Cutler claims ECMC staff is using paper records.

“We are absolutely operational. It develops few challenges, of course. Individuals are working longer shifts,” he analyzes. “It has not had an effect on our ability to function.”

Cutler claims the hospital is expecting to restore systems as soon as possible; however he could not estimate how long it would take to restore all functionality. “We are in response and recovery mode. It is an around-the-clock operation right now.”

In accordance to Cutler, the FBI and New York State Police have been called in to inquire the incident. When inquired if ECMC had been hit with ransomware, he wouldn’t comment other than to say “what we know is that there was something that came into the system.”

As part of the ongoing investigation, the hospital is working with consultant GreyCastle Security in addition to federal and state law enforcement organizations to “evaluate the origin of this thing,” Cutler summarizes.

 

Tuesday, April 11, 2017

HHS data indicates 1,800 huge data breaches since the year of 2009

Almost 1,800 huge data breaches including patient information have occurred since the year of 2009, in accordance to an analysis of publicly available data from the Department of Health and Human Services.

Researchers analyzed HHS data for the period from the day of Oct. 21, 2009, through Dec. 31, 2016. What they discovered is that providers reported more than 1,200 of the reported huge data breaches, while business associates, health plans and healthcare clearinghouses reported the left over breaches.

Additionally, 257 huge data breaches during that time period were reported by 216 hospitals, with 33 suffering more than one breach—several of which were large, significant teaching hospitals.

Results from the retrospective data analysis were recently published in the journal JAMA Internal Medicine.

Although, Ge Bai, lead author of the research and assistant professor at The Johns Hopkins Carey Business School, points out that under HIPAA regulations covered entities are needed to notify HHS of any breach affecting 500 or more people within sixty days from the discovery of the breach.

“With smaller breaches, there is no requirement to report,” claims Bai. As a result, she asserts that the HHS data doesn’t rightly depict the total number of breaches, which might be significantly higher. “We do not know how many breaches really happened in terms of the smaller ones,” in accordance to Bai.

John Suit, chief technology officer at data security vendor Trivalent, claims the study indicates that data protection technology has not been capable to keep up with the digitization of healthcare.

“The result is an extreme risk for sufferers who put their trust in healthcare agencies to deal their medical concerns, but also secure their sensitive and personal information,” says Suit. “To deal this, hospitals, pharmacies, assisted living facilities, insurance providers, and research institutions must reinforce their security strategy and adopt a defense-in-depth approach with multiple layers of protection.”

Suit also notes that traditional encryption is no longer enough to thwart the increasing number of cyber threats. He emphasizes that the healthcare industry “must turn to next generation solutions to secure data at the file level with encryption, shredding and secure storage, which renders personal sufferer data useless to unauthorized parties.”

Nevertheless, Bai makes the case that a fundamental trade-off exists between data security and data access and that “100% zero breaches” with “absolutely no breaches at all” is an unrealistic expectation. “All you can do is handle the risk, not eliminate it,” she summarizes.

 

Monday, April 10, 2017

Patient-centered care & Interoperability expected to help telemedicine services

Telemedicine services executives claim that they are optimistic about the future of the industry and are planning near-term investments to keep pace with quick transformation and growth.

The findings of survey indicate that 83% of respondents to a survey sponsored by the American Telemedicine Association say they are planning to invest in telehealth services.

Although, top issues still remain for the technology, which has been attempting to achieve widespread adoption within healthcare for twenty years. Respondents noted reimbursement and licensure remain top obstacles to increased telemedicine services adoption.

However, advances in patient-centered healthcare and improved interoperability of electronic health records (EHRs) are advancing acceptance of the technology, respondents claim.

The report from the ATA’s executive leadership survey is deployed on 171 respondents in executive leadership roles representing telehealth service providers, healthcare practices and hospital systems.

“This executive leadership survey assures undeniably today’s leaders view telemedicine as a key driver in transforming healthcare,” stated Jonathan Linkous, CEO, American Telemedicine Association. “I anticipate remarkable progress in the market as we sustain to move toward more patient-centered solutions.”

Other significant findings involve:

  • 88% of respondents plan to invest in technology related to telehealth this year.

  • 98% of leaders say they consider telehealth services develop a competitive advantage over other agencies that don’t offer it.

  • 84% of respondents believe offering telehealth services strongly expand an organization’s coverage and reach.

  • About half of respondents consider increasing consumer demand will be the key trend that will propel the progress of the telehealth market in the next 3 years.


 

Sunday, April 9, 2017

Data center services’ reduction to empower hybrid computing model

The development of cloud computing and “industrialized” services, like virtualization and other automation technologies, and the reduction of conventional data center outsourcing demonstrate a massive shift toward a hybrid computing model, in accordance to a new study from Gartner.

"As the claim for agility and flexibility grows, agencies will shift toward more industrialized, less-tailored options," stated D.D. Mishra, research director at Gartner. "Agencies that adopt hybrid infrastructure will optimize charges and increase efficiency. Although, it increases the complexity of selecting the right toolset to deliver end-to-end services in a multi-sourced environment."

Gartner assumes that by the year of 2020, 90% of agencies will adopt hybrid computing model management capabilities, which involve both cloud and on-premise computing services.

The traditional data center outsourcing (DCO) market is shrinking. Worldwide conventional DCO spending is hoped to decline from $55.1 billion in 2016 to $45.2 billion in the year of 2020, the report said. Cloud computing services, on the other hand, are forecast to increase from $23.3 billion in the year of 2016 to reach $68.4 billion in 2020.

Spending on colocation and hosting is also anticipated to increase, from $53.9 billion in 2016 to $74.5 billion in the year of 2020. Infrastructure utility services (IUS) will grow from $21.3 billion in 2016 to $37 billion in the year of 2020, and storage-as-a-service will increase from $1.7 billion in 2016 to $2.7 billion in 2020.

In 2016, conventional worldwide DCO and IUS together represented 49% of the $154 billion total data center services market worldwide, containing DCO/IUS, hosting and cloud infrastructure as a service (IaaS).

Gartner hopes this to tilt further toward cloud IaaS and hosting, and by 2020, DCO/IUS will be about 35% of the expected $228 billion worldwide data center services market.

 

Saturday, April 8, 2017

Texas gets ready for further local transmission of Zika virus

The state now suggests that all pregnant females in 6 South Texas counties — presently in their first and second trimester — should be tested for the Zika virus.

The Texas Department of State Health Services is expanding their instruction for Zika Virus prevention for the 2017 mosquito season, as they prepare for further local transmission of the Zika virus, meaning individuals who’ve not recently traveled getting bitten by a mosquito and then infected. Most Texas cases, although, are travel-related.

Cameron, Hidalgo, Starr, Webb, Willacy and Zapata counties are involved in the new guidance. In addition to females in their first or second trimester, any pregnant female who has a rash and at least one other Zika symptom — fever, joint pain, or eye redness — should be tested as well.

For pregnant females in Texas not in the 6 listed counties, they should be tested if they have traveled to places with ongoing Zika transmission, involving any part of Mexico.

DSHS Commissioner Dr. John Hellerstedt cautioned that Zika sustains to be a significant health risk to pregnant females and their babies in Texas. “It is just a matter of time until we see further local transmission here again,” he stated.

The aim in expanding their testing recommendation is to increase their capability to find and respond to possible cases. “The Lower Rio Grande Valley remains the part of the state most at risk for ZIka transmission,” Hellerstedt continued.

Health care providers can order testing via their normal channels. “We do not need cost to stop anyone from getting tested,” Hellerstedt claimed. “If the cost of testing would be a hurdle for a patient, providers should contact their local or regional health department for information about testing through the public health system.”

Texas had 6 cases of local mosquito transmission in Brownsville in November and December 2016. The region appears to be the hardest hit in Texas, the DSHS says, due to its history of local transmission of dengue — a closely related virus — and its proximity to Mexico. For extra information on the virus visit TexasZika.org.

 

Friday, April 7, 2017

Launch of New bill would expand the access of Medicare beneficiaries to telehealth services

A bipartisan group of senators on the day of Thursday reintroduced a bill seeking to make better health outcomes for Medicare beneficiaries living with chronic diseases by, among other provisions, expanding access to telehealth services.

The Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act of 2017 was reintroduced by Senate Finance Committee Chairman Orrin Hatch (R-Utah) and Ranking Member Ron Wyden (D-Ore.), along with Senators Johnny Isakson (R-Ga.), and Mark Warner (D-Va.), co-chairs of the Finance Committee Chronic Care Working Group.

The bill (S. 870) consist of major telehealth services provisions targeted at sufferers with chronic conditions, involving expanding the capability of home dialysis beneficiaries to get required monthly clinical assessments using telehealth, beginning in the year of 2019.

Section 102 “expands the number of originating sites from which the beneficiary can have a telehealth services assessment with the nephrologist to involve freestanding dialysis facilities and the sufferer’s home; and enables these telehealth visits to be conducted from the expanded list of sites without geographic restriction.”

Under Section 305 of the bill, sufferers presenting with stroke symptoms would also see expanded access to telehealth, getting a “timely consultation to evaluate the best course of treatment” through telehealth, beginning in the year of 2019.

“Particularly, it would eradicate the geographic restriction as to permit payment to a physician furnishing the telehealth consultation service in all places of the country,” states the proposed legislation. “The hospital at which the sufferer is present and the telehealth consultation is initiated wouldn’t get a separate originating site payment.”

Section 303 of the bill would also permit a Medicare Advantage plan to give additional telehealth benefits in its yearly bid amount beyond the services that presently get payment under Part B, beginning in 2020.

“An MA plan might give basic telehealth services benefits as part of the standard benefit; for instance, telemonitoring and web-based and phone technologies can be used to give telehealth services,” states the bill. “Medicare Advantage Prescription Drug (MAPD) may select to include telehealth services as part of their plan benefits, for example, in offering medication therapy management (MTM). However, while there is nothing to preclude MA from providing telemedicine or other technologies that they consider promote efficiencies beyond what is covered in the traditional Medicare program, those services and technologies are not separately paid for by Medicare and policies must use their rebate dollars to pay for those services as a supplemental benefit.”

Additionally, under Section 304, certain accountable care organizations would be offered more flexibility to provide telehealth services.

“Medicare policy can’t stand idly by while the requirements of people in the program shift to managing multiple costly chronic ailments. This bill gives new options and tools for seniors and their doctors to coordinate care and makes it less burdensome to stay healthy,” stated Wyden in a written statement.

Morgan Reed, executive director of the App Association’s Connected Health Initiative, applauded the senators’ decision to reintroduce the CHRONIC Care Act.

“We’ve long advocated the significant role healthcare technologies can play in treating the most debilitating sicknesses in the most vulnerable populations,” stated Reed. “The reintroduction of this act is a step in the right direction to incorporate telehealth solutions into the treatment of chronic illness, particularly strokes, and assist Medicare leverage the use of innovative technologies to improve patient outcomes and lower medical costs.”

At the similar time, Reed noted that Congress “has more to do to bring the advantages of connected health technologies to more Americans, involving improving the use of remote monitoring in community health centers and rural health clinics.”

A section-by-section summary of the CHRONIC Care Act is available here.

 

Thursday, April 6, 2017

Ransomware strikes pediatric group, impacting 55,000 sufferers’ data

A four-site pediatric group serving the San Antonio metropolitan place victoriously fought off a ransomware attack, but it yet is giving 55,447 sufferers identity and credit protection services from Equifax Personal Solutions.

Before the ransomware attack, ABCD Pediatric group already had software applications that supplied network filtering and security monitoring, intrusion detection, and firewall, antivirus and password protection.

The practice became aware of the attack on the day of February 6, when a worker discovered a virus that started encrypting servers. The encryption was slowed primarily by existing antivirus software, the firm explained to sufferers in a notification letter, and the practice’s IT vendor shifted all servers and computers offline.

A practice administrator didn’t respond to a request for extra information. Ransomware strikes pediatric group which has impacted 55,000 sufferers’ data.

Potentially compromised data involved names, addresses, phone numbers, dates of birth, demographic information, Social Security numbers, insurance billing information, procedure codes, medical records and lab reports, its letter to sufferers noted.

The vendor identified the virus strain as “Dharma Ransomware,” a variant of an older virus called “CriSiS.” These strains generally don’t remove data from servers, but that couldn’t be ruled out, executives of the practice say. “Also, during the analysis of ABCD’s servers and computers, suspicious user accounts were discovered, recommending that hackers might have accessed portions of ABCD’s network,” the practice told sufferers.

After the virus and corrupt information were removed, the practice was capable to restore all affected data through secure backup files stored away from servers and computers. No ransom demands or other communications were got.

While the practice’s IT vendor discovered no evidence of data being acquired or removed, it couldn’t rule out the possibility, sufferers were told. “Significantly, ABCD can’t confirm with a high degree of likelihood that confidential information remained secure throughout this incident.”

Subsequently, the practice pointed out that no confidential or protected health information was lost and no ransom demands were made, but indications that programs or persons might have been on the server compelled notifying patients, the FBI and the HHS Office for Civil Rights.

In regard to the Equifax protective services, the practice suggested patients place a fraud alert on their credit files with credit reporting firms.

Wednesday, April 5, 2017

Handheld electroencephalography device quickly evaluate brain bleeding

A clinical trial undertook at eleven emergency departments nationwide has indicated that a handheld electroencephalography device can quickly and with 97% accuracy determine whether someone with a head injury is likely to have brain bleeding and requires further evaluation or treatment.

The Ahead 300 device, established by BrainScope Company, measures electrical activity in the brain and leverages a disposable sensor headset. The Food and Drug Administration cleared the handheld electroencephalography device for clinical use previous September.

Results of the clinical trial, published online in the peer-reviewed journal Academic Emergency Medicine, demonstrated that the device can assist with clinical decision support and triage of patients while potentially decreasing the requirement for CT scans, specifically as an adjunct to acute traumatic brain injury assessment where imaging might be unavailable.

“It is low cost, portable and gives you an objective measure of likelihood to have bleeding in the brain,” claims Daniel Hanley, MD, lead author of the study and Jeffrey and Harriet Legum Professor of Acute Care Neurological Medicine and director of the Brain Injury Outcomes Program at the Johns Hopkins University School of Medicine.

“I consider it is going to objectify head injury in a way that it has not been before,” adds Hanley, who asserts that the Ahead 300 device is “the first of its kind and is likely to change the landscape of traumatic brain injury.”

Hanley considers that the handheld electroencephalography device lends itself to use beyond emergency departments (ED) for use in urgent care and concussion clinics, as well as sports and military environments. The research was funded in part by the U.S. Army. BrainScope’s website states that the Ahead 300 was established in partnership with the Department of Defense through 6 research contracts.

In accordance to the Centers for Disease Control and Prevention, over 2.5 million Americans annually go to emergency departments with suspected head injuries. But, Hanley analyzes that the vast majority of those who present to the ED with mild symptoms following head injury receive a CT scan, however studies show that more than 90% of those scans show that patients do not have an intracranial brain injury.

“Out of an abundance of caution, you can always scan more individuals than you need to, which is what is going on now,” states Hanley, who points out that these CT scans result in needless radiation exposure and cost about $1,200 each scan.

At the similar time, Hanley asserts that the Ahead 300 device is not meant to replace CT scans for sufferers with mild head injuries, but instead gives clinicians with extra information to facilitate routine clinical decision-making. “It may be that we do fewer images” as an outcome of this study, he adds. “That will save money and make care more efficient.”

 

Tuesday, April 4, 2017

Massachusetts General Hospital, Healthwise decides partnership to support patient decisions

A major program at Massachusetts General Hospital is aiming to primarily increase the availability and quality of decision support information offered to sufferers and their families.

The hospital has partnered with decision support vendor Healthwise to develop the Informed Medical Decisions Program within the Massachusetts General Health Decisions Sciences Center, with Healthwise giving a $2 million, 3-year grant.

The program will involve research to show the value of several tools to improve patient engagement, extend the science of measuring decision quality and assess ways to make sure that patient get the information they require making the best decision for themselves.

“As medical treatments get more complex with interventions that are complicated, patients require more information on outcomes,” claims Michael Barry, MD, medical director of the Stoeckle Center for Primary Care Innovation at Massachusetts General Hospital. Barry, a primary care physician for thirty years, recently returned to the hospital from employment at Healthwise to lead the new initiative.

A sufferer diagnosed with breast cancer has several choices of treatment to talk over with the physician, like removing the breast through a mastectomy, having a lumpectomy around the area with cancer and then having radiation, or having a lumpectomy plus 6 to 8 weeks of radiation while keeping part of the breast, which would take a couple of operations and yet have a higher risk that the cancer would come back. That is a lot to sort through, Barry asserts.

Subsequently, the new program will lay out new procedures for better assisting patients make the decision right for them, supplemented with IT.

The bottom line, in accordance to Barry, is that doctors require spending more time and attention helping patients walk through treatment decisions and not just make a diagnosis and set up a treatment plan. Clinicians need to do right for the patient, but without inquiring what the patient really wants, the patient does not know if there is more than one reasonable treatment approach.

“I find myself too readily thinking sufferers will think like me,” Barry applauds. “We have learned that you have got to ask.”

To better inform sufferers, Mass Gen, working with Healthwise, will give patients information packets with decision support aids merged with the patient’s electronic health record (EHR) before they come in the office so they know what queries they want to ask. These kinds of aids also could involve links to procedure-specific websites, or a booklet or DVD.

Sufferers coming in to the office for a follow-up visit and getting a new diagnosis also can get new decision support aids. This, Barry considers, is the future of patient decision support.

In-depth information on the Informed Medical Decisions Program at Massachusetts General Hospital is available here. Barry also suggests a comprehensive decision support website for patients at Ottawa Health Research Institute in Canada, available here.

 

Monday, April 3, 2017

Access of ED to Health Information Exchange data can empower efficiency, quality

The quality and efficiency of care in hospital emergency departments (EDs) can be primarily improved when physicians utilize a health information exchange (HIE) to access other providers’ electronic medical records.

Improved access offers a more complete picture of a patient’s condition, in accordance to findings of a new study that analyzed the affect of health information exchange use in EDs. The study concentrated on lengths of stay, 30-day readmission rates, as well as the number of doctors required to examine patients.

Over a nineteen-month period, the study looked at nearly 86,000 encounters at 4 emergency departments that had the capability to access the HealthlinkNY HIE, connecting providers and sufferers in thirteen counties in the Hudson Valley, Catskills and Southern Tier of New York.

What researchers discovered was that access to patient data through the HIE decreased patient length of stay by 7%, reduced the odds of readmission by 4.5%, and lowered the number of consultations from multiple doctors by 12%.

“The outcomes of our study leave no doubt that health information exchange access improves quality of healthcare and operational efficiency,” stated study co-author Emre Demirezen, assistant professor of operations and supply chain management at the State University of New York at Binghamton. “While common sense tells us that access to the sufferer’s entire medical history would benefit both the sufferer and the healthcare provider, my co-authors and I’ve confirmed that it does by conducting one of the 1st empirical investigations into the benefits of health info exchange use at the individual patient level.”

“Now providers have the evidence they require making health information exchange use a priority for their organizations,” adds Christina Galanis, president and CEO of HealthLinkNY. “The study shows that New York State’s visionary investment in HIEs is actually paying off.”

Galanis points out that New York is the 1st large state in the nation to develop a public network of regional HIEs that are linked together through the Statewide Health Information Network of New York (SHIN-NY), enabling providers across the state to exchange patient information. HealthlinkNY is a Qualified Entity funded by the New York State Department of Health.

“We were one of the 1st HIEs in New York to establish our HIE based on a data warehouse,” she says, adding that HealthLinkNY serves as the region’s access point to SHIN-NY. “When providers need to query us, they can also query all the other HIEs in the state at the similar time. That is the new function that came out previous year, called statewide Patient Record Lookup.”

Galanis appreciates that at the time the research was conducted—covering more than 46,000 patient visits from the time period of July 1, 2012, to Jan. 31, 2014—the predecessor to HealthLinkNY had a total of five hospitals and was a small regional HIE. However, in late 2014, a merger between Southern Tier HealthLink in Binghamton and Taconic Health Information Network and Community in Fishkill, N.Y., formed HealthLinkNY, which serves 43 hospitals.

“Because we’ve so much data now, we can actually follow patients through the years,” claims Galanis, who points out that the researchers are interested in doing extra studies on the impact of HIE on patient- and provider-level outcomes. “What this study indicates is that providers not only had access to patient data, but they actually acted on it.”

 

Sunday, April 2, 2017

Malicious outsider data breaches increase almost 300 percent in the year of 2016

Cyber attackers launched 1,792 malicious outsider data breaches in the year of 2016, which led to nearly 1.4 billion data records being compromised worldwide, in accordance to the newly released Breach Level Index (BLI) report from security provider Gemalto.

Identity theft was the leading kind of malicious outsider data breaches previous year, accounting for 59% of all data breaches, the report claimed. More than half of the organizations hit with data breaches (52%) in the year of 2016 didn’t reveal the number of compromised records at the time they were reported.

The BLI is an international database that tracks data breaches and measures their severity deployed on multiple factors such as the number of records compromised, type of data, and source of the breach, how the data was utilized, and whether or not the information was encrypted.

By allocating a severity score to each breach, the BLI gives a comparative list of breaches, distinguishing data breaches that aren’t serious from those that are really impactful, Gemalto said. In accordance to the BLI, more than 7 billion data records have been exposed since the year of 2013, when the index started benchmarking publicly disclosed data breaches. That amounts to more than 3 million records compromised daily.

In the year of 2016, the top ten breaches in terms of severity accounted for more than half of all compromised records. Identity theft was the cause of 59% of all data breaches, up 5% from the year of 2015. The second most prevalent kind of breach in 2016 was account access based breaches. While the tragedy of this type of data breach reduced by 3 percent, it made up 54% of all breached records. That is an increase of 336% from the last year.

This mentions the cybercriminal trend from financial data attacks to bigger databases with large volumes of personally identifiable information, the report stated.

Malicious outsider data breaches were the leading source of data breaches, accounting for 68% of the attacks, up from 13% in 2015. The number of records breached in malicious outsider attacks increased by 286% from 2015.

"The Breach Level Index reflects 4 major cybercriminal trends over the last year. Hackers are casting a wider net and are using conveniently attainable account and identity information as a starting point for high value targets. Clearly, fraudsters are also shifting from attacks targeted at financial agencies to infiltrating large data bases like entertainment and social media sites. Lastly, fraudsters have been using encryption to make breached data unreadable, then hold it for ransom and decrypting once they are paid," stated Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.

Saturday, April 1, 2017

Phishing attacks remains to be top security challenges for healthcare industry

The healthcare industry sustains to be particularly vulnerable to top security challenges, particularly phishing attacks that fool people into clicking malicious links or opening malicious documents.

That is among the findings in the IBM X-Force Threat Intelligence Index 2017, which the company just issued to observe the top security challenges confronted by its clients.

In healthcare industry, two common types of attacks—SQLi and OS CMDi—combined for almost half of all attacks in the health sector. Healthcare records, IBM researchers contend, remain a top prize for cyber criminals and are immensely available on the DarkWeb market, on which compromised business records and other materials are bought and sold.

Other huge attack methods targeting healthcare involve manipulation of data structures and manipulation of system resources. “These attacks concentrate on known vulnerabilities within an application which, when victorious, can lead to complete system compromise,” report writers contend.

On average, clients monitored by IBM experienced 93 security tragedies during the year of 2016, a 48% drop from 2015. Although, that might not indicate a safer threat environment, the vendor asserts. “The reduction in attacks could mean attackers are depending more and more on proven attacks, hence requiring fewer attempts. Furthermore, the combination of massive record leaks and a record year of vulnerability disclosures also paint a different picture.”

“One positive development during the year of 2016 is that several companies now are using more secure hashing functions such as bycrypt to store passwords,” in accordance to IBM. This means that even after a breach, passwords might be more complex to crack.

The top types of attacks for monitored security clients in the year of 2016 were injection of malicious data (experienced by 42% of its clients), manipulation of data structures to gain unauthorized access (32%) and collection/analysis of information (9%). The complete IBM report is available here.