Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.
-----
Tool turns tables on ransomware
Published August 25 2016, 6:45am EDT
With healthcare organizations increasingly being targeted by ransomware, they need as many weapons in their cybersecurity arsenal as possible to combat the file-encrypting malware. A new tool is attempting to turn the tables on hackers.
Valuable medical data is the prize for cyber criminals, but a just-released tool from TrapX Security is designed to deceive attackers and lure them away from an organization’s critical assets. Using this “bait and switch” approach, the so-called deception technology foils ransomware by having it encrypt decoy data, while protecting the organization’s real files.
Called CryptoTrap, the tool provides organizations with the ability to detect and remediate ransomware threats before they can compromise their networks and harm real-world data.
-----
Regenstrief taps FHIR to make electronic health records more complete and accessible
Pilot tests show how doctors could have access to whole patient records, regardless of how many EHRs are involved.
August 26, 2016 11:10 AM
In pilot testing a new way to compile healthcare information electronically, researchers at the Regenstrief Center for Biomedical Informatics are using HL7's FHIR.
FHIR, or Fast Healthcare Interoperability Resources, merges data from individual electronic health records with those stored in the Indiana Network for Patient Care, the framework for the state’s health information exchange.
Titus Schleyer, a Regenstrief Institute investigator, and Clem McDonald, professor of biomedical informatics at Indiana University School of Medicine, are leading the project.
-----
Aug 25, 2016 / by
VA Researchers Testing Cheaper Clinical Trials Using Tech
Clinicians across more than 30 VA medical centers are taking part in a $10 million randomized clinical trial meant to compare two common treatments for hypertension. These doctors will not, however, noticeably change how they treat their patients or how they collect data about them.
In fact, after veterans are enrolled in the trial, they will be asked to continue managing their blood pressure using their regular doctors, unlike in the vast majority of clinical trials where new doctors treat patients and study staff oversee them.
The trial that kicked off earlier in August is a test case in an initiative that's trying to revolutionize how clinical trials are performed through the use of health information technologies, researchers told me. If successful, they could save the federal government millions of dollars on research each year and make it easier to answer long-standing questions about efficacy of certain medicines.
-----
Why matching patient IDs is a critical challenge
Published August 26 2016, 3:25pm EDT
The ability to consolidate and harmonize patient identities within and across health systems is at the core of the future of healthcare—for care quality, meaningful use, population health, precision medicine and cost management.
In fact, it is so critical that the Office of the National Coordinator for Health Information Technology (ONC) has set a new milestone for “all organizations that match electronic health information to have an internal duplicate record rate of no more than 0.5% at the end of 2020.”
But the average duplicate record rate for healthcare organizations ranges from 10 percent to 20 percent, and it’s been that high for years. Clearly, current state-of-the-art technologies and approaches are not adequate to hit this milestone.
-----
Doc adoption of EHRs almost universal; satisfaction still mixed
Aug 26, 2016 12:21pm
Almost all physicians in the United States have transitioned to electronic health records, according to a new report.
Of 15,285 doctors surveyed by Medscape across 25 specialties, more than 91 percent say that they use an EHR, up from 74 percent in 2012. Another 2 percent currently are installing a system, while 3 percent say they plan on doing so within the next two years. More than two-thirds (68 percent) use a hospital or health system EHR whether they work within the health system or are in an independent practice.
Of the EHRs used in hospitals or health system networks, Epic ranks as the top system, with Cerner ranking second.
-----
Carson Block's Attack on St. Jude Reveals a New Front in Hacking for Profit
August 26, 2016 — 3:59 AM AEST
- MedSec found cybersecurity vulnerabilities in pacemakers
- The firm’s strategy is a "watershed moment" for disclosure
When a team of hackers discovered that St. Jude Medical Inc.’s pacemakers and defibrillators had security vulnerabilities that could put lives at risk, they didn’t warn St. Jude. Instead, the hackers, who work for cybersecurity startup MedSec, e-mailed Carson Block, who runs the Muddy Waters Capital LLC investment firm, in May. They had a money-making proposal.
MedSec suggested an unprecedented partnership: The hackers would provide data proving the medical devices were life-threatening, with Block taking a short position against St. Jude. The hackers’ fee for the information increases as the price of St. Jude’s shares fall, meaning both Muddy Waters and MedSec stand to profit. If the bet doesn’t work, and the shares don’t fall, MedSec could lose money, taking into account their upfront costs, including research. St. Jude’s shares declined 4.4 percent to $77.50 at 1:40 p.m. in New York with more than 25 million shares traded.
In April, Abbott Laboratories announced a $25 billion acquisition of St. Jude, and the deal is expected to close by the end of the year. The information about the device vulnerabilities could put it in peril.
-----
http://www.healthdatamanagement.com/news/data-exchange-rises-in-importance-for-urgent-care-providers
Data exchange rises in importance for urgent care providers
Published August 25 2016, 6:40am EDT
As the healthcare industry transitions to value-based care, urgent care companies and health systems are forging formal business partnerships and then facilitating those relationships through the exchange of electronic patient data.
The partnerships have advantages for both parties. Health systems want to add urgent care to their patient care continuum, while urgent care companies want to be included in local provider networks.
As patient care is increasingly provided under risk-based contracts, urgent care centers that are not part of provider networks will “lose more and more patients because the patients are going to go places that are in their network,” explains Tom Charland, founder and CEO of Merchant Medicine, a consulting and research firm based in Shoreview, Minn.
-----
Patient PHR use up, but socioeconomic disparities persist
Aug 23, 2016 11:33am
More patients are using portals/personal health records (PHRs), but a socioeconomic “digital divide” still exists, according to a study published this month in the American Journal of Managed Care.
Patient portals/PHRs have become more available to patients because of the Meaningful Use program’s requirements to provide patients with access to their electronic records. The researchers, from Weill Cornell Medical College, conducted a four-year survey of adult New York State residents using random digit-dial telephone polls to track PHR adoption trends.
They found that the weighted proportion of New Yorkers who reported using PHRs rose from 11 percent in 2012 to 27.1 percent in 2015. Despite this “large and rapid” increase overall in the use of the portals, “a digital divide remains evident," particularly regarding low income and Hispanic individuals.
-----
London hospitals in UK-first health data exchange
23 August 2016
Two London trusts have become the first in UK to establish data sharing between their Cerner Health Information Exchanges, covering a population of 1.3 million people.
Homerton University Hospital NHS Foundation Trust and Barts Health NHS Trust went live on with the connection 12 July, with clinicians in both acute hospitals able to view a summarised care record from the other site.
The visible information for each trust includes discharge summaries, diagnosis, medications, investigations and results.
Niall Canavan, Homerton Hospital’s director of information technology, said the next step was “to open this data to any contributing partner organisation in east London”.
-----
Individual Patient Identifier live in Ireland
22 August 2016
Every patient in Ireland has been assigned unique identifying number, in an effort to improve patient safety and data quality.
The Individual Patient Identifier went live in Ireland earlier this month and is now being using in electronic referrals to hospitals.
Much like an NHS number, the IHI is a national register of all patients, linked to their basic patient information such as name, sex, and date of birth and demographics.
Initially drawn for data by the Primary Care Reimbursement Service and Department of Social Protection, the IHI will be used in both health and social care services. It will not include any clinical records.
-----
Improving EHR Adoption, Use through International Example
EHR adoption is high around the globe, but health information exchange and patient portal adoption are falling behind.
Physician-facing EHR adoption is thriving around the globe although health information exchange and patient portal adoption are low, according to a recent study in the Journal of the American Informatics Association.
The study was conducted as a part of the Organization for Economic Cooperation and Development’s information and communications technology (ICT) benchmarking pilot group. This group sought to assess how countries across the globe were adopting EHRs and other forms of health IT as a means to identify trends and contribute to benchmarks for adopting and implementing health IT.
The research team found that most countries had strong levels of EHR adoption, with most reaching at least 50 percent adoption. Twenty-nine out of the 38 countries included in the study had over 75 percent adoption.
The United States, recently touted by federal officials for its increasing levels EHR adoption, reported mature levels of adoption over 75 percent.
-----
Will Privileged User Abuse Affect Healthcare Data Security?
An increase in privileged user abuse of IT resources could prove particularly harmful in terms of healthcare data security measures.
Employee access is a key aspect of healthcare data security, and healthcare organizations of all sizes need to ensure that their administrative safeguards account for the type of information employees view, use, or transfer.
A recent Ponemon and Forcepoint study indicates that the impact of the risk caused by privileged user abuse or misuse of IT resources on access governance processes increased from 19 percent to 32 percent of respondents.
The 2016 Study on the Insecurity of Privileged Users took responses from 704 individuals who have “an in-depth knowledge of how their organizations are managing privileged users.” Privileged users include those in positions such as database administrators, network engineers, IT security practitioners and cloud custodians.
-----
ONC's Draft 2017 Interoperability Standards Advisory posted for public comment
The catalog of standards and implementation specs for data exchange is evolving away from a static PDF and toward an interactive, wiki-style platform.
August 23, 2016 04:28 PM
The Office of the National Coordinator for Health IT has made the new draft 2017 Interoperability Standards Advisory available for stakeholder feedback.
The ISA is meant as a catalog to help the industry keep tabs on the long list of standards and implementation specifications available to help meet interoperability requirements. The draft 2017 advisory features updates and improvements derived largely from public comments and the work of the Health IT Standards Committee.
Among the biggest changes between the proposed 2017 ISA and the 2016 version, according to ONC: a transition from being a stand-alone document toward an interactive online tool; links to projects listed in ONC’s Interoperability Proving Ground, showing use of an ISA-listed standard or implementation spec that can demonstrate ongoing implementations; improved clarity around of the pairing of standards for observations (so-called "questions") and standards for observation values ("answers").
-----
Editor's Corner: Patients should not be guinea pigs for a hospital's EHR beta testing
Aug 24, 2016 10:58am
Is anyone else as confused as I am about the goings on at Sonoma West Medical Center?
The hospital's former chief nursing officer and former chief financial officer are each suing the facility separately, both claiming they were wrongfully terminated for complaining about the safety of the EHR system in place.
The nursing officer claims that the EHR, called HarmoniMD, endangered patients’ lives by intermingling medical records, having trouble with tracking and displaying information, miscalculating medication schedules, and other problems.
The CFO additionally claims that the hospital was being used by the EHR developer to test his “defective” and “flawed” EHR; he also says that he was told to cook the books of the financially troubled hospital. The medical and intensive care director of the hospital, James Gude, and the president of the board of directors, Dan Smith, deny that the EHR being used by the facility is flawed, according to an article in the North Bay Business Journal.
-----
Study: Pokémon Go a step in the right direction for improving health
Aug 24, 2016 12:34pm
Can all the extra steps Pokémon Go players take in their quest to capture the likes of Charizard and Weedle translate into actual health benefits? Perhaps, according to early research conducted on data from users of AchieveMint with the help of Harvard Medical School Clinical Informatics Fellow John Torous.
For the research, information from AchieveMint, a platform designed to aggregate data from and reward users of fitness apps, was examined on members who opted to play Pokémon Go, and compared with data for those members who did not play, according to a blog post by Leslie Oley, a product lead with the company (hat tip to Politico Morning eHealth). For those who played, the researchers also compared activity 30 days before and after they said they started playing.
The research found that Pokémon Go players on average increased their step counts by 1,000 daily. It also determined that the step counts for people who reported a BMI over 30 increased twice as much as for those who said their BMI was less than 30. However, the research also found that, for players whose step counts grew significantly, the trend only lasted for two weeks after starting the game.
-----
HIT Think Why the feds are upping the ante by looking at small breaches
Published August 24 2016, 3:13pm EDT
The Office for Civil Rights (OCR) at the Department of Health and Human Services is clearly becoming dispirited and fed up with the number of data breaches in the healthcare industry.
This sentiment is made apparent by OCR’s announcement on August 18 that it, through its regional offices, will more aggressively investigate and pursue the so-called “small” breaches, which are those that impact fewer than 500 individuals.
In the announcement, OCR indicates that it wants to “more widely investigate the root causes of breaches affecting fewer than 500 individuals.” Interestingly, the agency suggests that it wants to find “entity and systemic noncompliance” related to the reported breaches.
Trying to read between the lines, the statements suggest that OCR believes there are fundamental issues regarding HIPAA compliance among entities. If that assessment is true, then it provides a clear understanding and basis for the new announcement and encouragement to more fully investigate the small breaches.
-----
CommonWell Health Alliance to open access to patient data
Cerner, athenahealth and other members of the EHR interoperability organization say members can soon self-enroll in the CommonWell network via their portals.
August 23, 2016 10:57 AM
"Far too often individuals and the people who care for them are stymied by the onerous task of accessing their health data," said Jitin Asnaani, executive director of CommonWell Health Alliance. "CommonWell and its members are dedicated to helping break down the barriers that make it difficult for patients to access that information."
Eight EHR and patient portal developers in the CommonWell Health Alliance will enable patients at their provider clients to access their health data, allowing them to self-enroll in the network, link their health records at different care providers and view their data across the network.
CommonWell officials say that ability to self-link EHRs will let patients play a role broadening the interoperability group’s reach, helping connect providers across the care continuum and enabling fast, convenient and secure access to health data.
-----
ONC releases 2017 draft Interoperability Standards Advisory
Aug 22, 2016 3:16pm
The Office of the National Coordinator for Health IT has issued its draft Interoperability Standards Advisory for 2017 for review and public comment.
The advisory represents the model by which ONC will coordinate the identification, assessment and public awareness of interoperability standards and implementation specifications that can be used by the industry. The most substantive changes between the 2016 advisory and the 2017 draft are largely related to its content and framing. They include:
- The beginning of the transition of the advisory from a standalone document to an interactive,web-based resource
- Discontinued use of the label “best available” in order to be more inclusive
- Links to active projects listed in ONC’s “interoperability proving ground”
- Better representation of pairing of standards for observations (questions) and observation values (answers)
The 2017 draft also revises the language of several of the six informative characteristics of interoperability standards (standards process maturity, implementation maturity, adoption level, federal requirement status, cost and test tool availability).
-----
Hospitals express 'grave concern' about mobile device security
Aug 23, 2016 9:53am
Hospitals are increasingly questioning their ability to keep mobile devices and patient data secure as cyberthreats evolve, with 82 percent of respondents to a recent survey saying it’s a “grave concern” for them.
In response to Spyglass Consulting Group’s Point of Care Communications for Nursing 2016 survey, respondents noted that personally-owned mobile devices used by nurses and physicians were a large security worry. The responses were collected via 100 interviews with IT and healthcare professionals working in hospital-based environments.
Personal devices could have inadequate password protection and may lack the right security levels for messaging and when being used on public Wi-Fi and cellular networks, according to an announcement on the report.
-----
Apple buys personal health record aggregator Gliimpse
Published August 23 2016, 12:25pm EDT
Apple has purchased Gliimpse, a healthcare startup that has developed a personal health record platform that enables individuals to collect their medical information and share records with medical professionals who are treating them.
Business press carried news of the acquisition today after reports on some technology news websites. On Tuesday morning, the website for Gliimpse could not be accessed, and Apple does not comment on its acquisitions, only saying through a statement that it “buys smaller technology companies from time to time, and we generally do not discuss our purpose or plans.”
-----
http://www.healthdatamanagement.com/news/how-apples-purchase-of-startup-reveals-health-data-strategy
How Apple’s purchase of startup reveals health data strategy
Published August 24 2016, 6:41am EDT
Apple’s recent acquisition of health startup Gliimpse is the latest in a long series of strategic moves by the Cupertino, Calif.-based company to capture mindshare and market share in a healthcare industry increasingly reliant on data.
News of the tech giant’s purchase of Gliimpse—a personal health record aggregator—did not come from Apple, which does not comment on its acquisitions or the strategy behind them. Reports of the acquisition first surfaced in Fast Company, a business magazine that covers the technology industry. Apple and Gliimpse executives did not immediately respond to requests for comment.
However, technology analysts were quick to speculate on the company’s rationale for the buy in light of Apple’s recent forays into the healthcare market.
-----
Why the Personal Grid may be the best way to share records
Published August 23 2016, 2:27pm EDT
All patients want their caregivers to have ready access to up-to-date and complete medical records during each encounter, irrespective of the time or place.
Yet after the investment of billions of dollars by provider organizations and government on healthcare infrastructure, most caregivers cannot access a complete medical record during patient encounters. This inability to obtain the necessary patient information leads to polypharmacy, duplicate testing, wasted resources and medical errors.
This failure to provide a complete medical record to clinicians stems from several factors:
- Lack of robust interoperability among electronic medical record systems (EMR).
- Absence of technology standards for the sharing of clinical information for use in clinically driven workflow.
- Resistance to a centralized model for medical record compilation, leading to the widespread use of a federated storage/access model.
-----
MACRA: As Physicians Prep, Hospitals, Tech May Lag
Scott Mace, August 23, 2016
There is a disconnect between the MIPS / MACRA push for physicians and what is happening on the hospital side of the equation.
Physicians might be ready for MIPS and MACRA, but are their EHRs and other technology tools up to the challenge?
It depends on who you ask.
"It's unfortunate that some physicians and hospitals have not made the investments in the tools that can improve the provision of care for patients," says Bill Kramer, MBA, executive director for national health policy at the San Francisco-based Pacific Business Group on Health.
"They were given lots of money under the meaningful use program to put those tools in place. There are many quality improvement organizations, consultants, to help providers improve the quality and efficiency of care," he says.
-----
A look inside Epic's EHR design and usability teams
Healthcare IT News traveled to Epic’s campus to learn how the company thinks about design and usability. Takeaway: Health IT is hard. One vice president even said if she wanted an easier job she could just go to Facebook.
August 22, 2016 07:28 AM
Janet Campbell is a software developer and vice president of patient engagement at Epic Systems.
In that role, she is focused on patient portals and engagement features but also on home health and telemedicine. That means working closely with the usability team as well as the standards and interoperability experts.
Campbell and other Epic developers — notably Sumit Rana, Epic’s senior vice president of R&D — work with clinicians toward the end goal of being to enable doctors and nurses to interact with patients in a way Campbell described as focused and friction-free.
Programmers doing fieldwork
“Anything and everything we now develop, whether it’s for a doctor, scheduler, caregiver, we’re always thinking how would a patient be a consumer of this information, and how would you think about that end-to-end thing,” said Rana, who in his early days at the company led the development of Epic’s MyChart patient portal.
“Anything and everything we now develop, whether it’s for a doctor, scheduler, caregiver, we’re always thinking how would a patient be a consumer of this information, and how would you think about that end-to-end thing,” said Rana, who in his early days at the company led the development of Epic’s MyChart patient portal.
-----
Duplicate EMRs cost hospitals dearly
Aug 21, 2016 3:54pm
Hospitals misidentify as many as 10 percent of incoming patients if staff performs a database search of existing electronic medical records.
These misidentifications can cost hospitals a lot of money, according to Becker's Hospital CFO. That's because duplicate EMRs wind up being created for patients, which in turn can lead to one record lacking crucial information. Up to 12 percent of medical records in an EMR system can wind up being duplicates. That's primarily due to misidentifications that occur during the admissions process. Those misidentifications are linked to up to 40 percent of all claims rejected by payers for services.
The costs mount quickly from there. Citing various sources of data, Becker's Hospital CFO noted that the cost of repeated medical care due to duplicate records can average nearly $1,100 per patient. And since insurers typically reject duplicate medical procedures, hospitals are also on the hook for those costs as well.
-----
NHS England turns to mHealth to better intregrate care into people's lives
Aug 22, 2016 9:49am
England’s National Health Service arm is setting its sights on bringing care to people that fits "in with the way they live their lives"--and that means bringing the NHS up to speed with the rise of mobile-based care, says Deborah El-Sayed, director of digital and multi-channel.
El-Sayed tells The Guardian that the organization has been behind others when it comes to technology for more than 10 years.
It's time to catch up.
One example of the country moving forward with mHealth is a project led by the west of England academic health science network in partnership with Diabetes UK. They created the Diabetes Digital Coach, which uses software to communicate with wearable sensors to help patients with diabetes manage their condition, the article notes.
-----
State of telehealth: HHS report to Congress outlines successes, challenges
Aug 22, 2016 10:32am
Value-based purchasing programs and alternative payment models, such as Accountable Care Organizations (ACOs) and bundled payments, offer opportunities to boost adoption of telehealth services, according to a report from the Office of the Assistant Secretary for Planning and Evaluation in the Department of Health and Human Services.
In an appropriations bill enacted last December, Congress directed HHS to assess and report back on current federal efforts to provide telehealth services.
The report covers an array of HHS efforts to do so. It states its largest investments pay for telehealth services through Medicare, Medicaid and the Indian Health Service
-----
New Locky ransomware variant hits healthcare hard
Published August 22 2016, 2:32pm EDT
A recent new strain of the Locky ransomware is targeting the healthcare industry, according to cyber security vendor FireEye Labs.
“From our trend analysis, Locky ransomware started being delivered via DOCM format email attachments more extensively beginning in August,” FireEye explained in a recent alert. “This marks a change from the large campaigns we observed in March, where a JavaScript-based downloader was generally being used to infect systems.”
The attacks also are hitting the telecom, transportation, manufacturing, service provider and aerospace/defense sectors severely, but nowhere near the degree that healthcare is being attacked.
-----
HIPAA turns 20: Why it’s an effective law for healthcare
Published August 22 2016, 1:24pm EDT
With all the healthcare breaches in the past few years it’s easy to blame HIPAA, the lone US healthcare data privacy regulation. I often hear complaints like “HIPAA is not specific enough” and “HHS isn’t even enforcing HIPAA.”
In light of HIPAA’s 20-year anniversary this month (to be specific, it was signed into law on Aug. 21, 1996), I’m going to share a brief history of HIPAA revisions over the years and my thoughts on the overall regulation as a useful driver for security.
If you have been following the updates to HIPAA over the past 20 years, you’ll recall that, with every revision, loopholes are closed and requirements have become increasingly strict.
-----
Enjoy!
David.