Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.
-----
Unauthorized inside access caused SCAN Health breach
Published September 01 2016, 7:52am EDT
The cyber attack on Medicare prescription drug plan vendor SCAN Health Plan affecting 87,000 beneficiaries raises questions about how the organization didn’t know that its data was compromised for four months after its systems were breached.
The answer is not a simple one, says Dana Simberkoff, chief compliance and risk officer at AvePoint, a vendor of onsite, cloud-hosted and software security services. “I would love to say they are in the minority, but we know that’s not the case,” Simberkoff adds.
Healthcare organizations typically focus security efforts on protecting the network perimeter from an outside attack. But this breach was an inside job, at least in part, and those defenses are not being given enough security attention.
-----
End users not following all data safety rules
Published September 01 2016, 3:20pm EDT
At a time when ransomware and other attack methods that exploit insider negligence are becoming rampant, only 39 percent of end users think they take all appropriate actions to protect corporate data accessed and used in the course of their jobs, according to a new survey by the Ponemon Institute.
The survey of 1,371 end users and 1,656 IT and IT security professionals across the U.S. and Europe was conducted in April and May 2016 by Ponemon Institute, with sponsorship from security software provider Varonis Systems. It showed that 52 percent of IT respondents think policies against the misuse or unauthorized access to company data are being enforced and followed. But only 35% of end users say their organizations strictly enforce those policies.
-----
How EHR data can bolster quality improvement process review
Sep 2, 2016 11:03am
Electronic health record data can identify gaps in maps used for quality improvement for high-risk processes such as hospital discharge when using the Failure Mode and Effects Analysis (FMEA) approach, a new study has found.
FMEA uses process maps of clinical workflows for risk assessment to identify ways a particular process might fail and where those points of failure might be. It relies on topic experts and clinical representatives who map out each step and who is expected to perform it, according to the research published in the Journal of the American Medical Informatics Association.
The researchers, from Northwestern University and elsewhere, extracted data on admissions to a cardiology unit and formed a mock committee to develop a FMEA process map for patient discharge. They then compared who was expected to perform each task with what the EHR data revealed about it.
-----
Online tools help people improve their health but need more study
(Reuters Health) - Mobile apps and web-based programs do help people reach health goals like exercising more, losing weight and quitting smoking, but studies need to follow-up longer to see how sustainable these interventions are, according to a recent review of existing research.
Lifestyle choices like poor diet and smoking are a major cause of death and disease worldwide, the researchers write in the Journal of the American Heart Association, and digital tools may be a low-cost and more accessible option for people looking to improve their health.
“Our results suggest internet-based and mobile-based interventions can be effective tools for behavioral modification,” said lead author Dr. Ashkan Afshin, the Assistant Professor of Global Health at the University of Washington in Seattle.
-----
How Tech Giants Are Devising Real Ethics for Artificial Intelligence
SAN FRANCISCO — For years, science-fiction moviemakers have been making us fear the bad things that artificially intelligent machines might do to their human creators. But for the next decade or two, our biggest concern is more likely to be that robots will take away our jobs or bump into us on the highway.
Now five of the world’s largest tech companies are trying to create a standard of ethics around the creation of artificial intelligence. While science fiction has focused on the existential threat of A.I. to humans, researchers at Google’s parent company, Alphabet, and those from Amazon, Facebook, IBM and Microsoft have been meeting to discuss more tangible issues, such as the impact of A.I. on jobs, transportation and even warfare.
Tech companies have long overpromised what artificially intelligent machines can do. In recent years, however, the A.I. field has made rapid advances in a range of areas, from self-driving cars and machines that understand speech, like Amazon’s Echo device, to a new generation of weapons systems that threaten to automate combat.
-----
How precision medicine will support population health management
Published September 02 2016, 3:16pm EDT
In the world of medicine, trial and error is largely the norm today. Doctors make a "most likely" diagnosis consistent with symptoms and prescribe treatment accordingly -- treatment that might include drugs, devices or surgery. If the treatment doesn't work, the doctor most likely alters dosage or prescribes something else. This iterative cycle is repeated until the diagnosis and treatment present the desired clinical outcome.
The bad news is that this paradigm has reached a point of diminishing returns, as evidenced by the fact that most drugs prescribed in the United States today are effective in fewer than 60 percent of treated patients. The good news is that new technology could transmute trial-and-error medicine, replacing it with an evidence-driven paradigm—one where each patient receives care, medication and treatment predicated on his or her unique genomic profile.
Precision medicine is essentially the ability to tailor treatments, as well as prevention strategies, to the unique characteristics of each person. The closest real-world analogy to this process would be a recruitment system that matches a person’s job to his or her education, experience and skill sets as laid out in a profile or resume to ensure the best fit for the job.
-----
ONC Interoperability Standards Advisory: Must-have tool or academic exercise?
Sep 1, 2016 8:21am
It’s that time of year again. The Office of the National Coordinator for Health IT has published the latest version of its Interoperability Standards Advisory for public comment.
The advisory is a “key element” of ONC’s national interoperability roadmap and the agency's first deliverable for it. According to ONC’s website, the advisory process “represents the model by which [ONC] will coordinate the identification, assessment and public awareness of interoperability standards and implementation specifications that can be used by industry to fulfill specific clinical health IT interoperability needs.”
The first advisory was published in 2015, and has been updated each year. The biggest changes from the 2016 version to the 2017 draft are largely related to the Advisory’s content and framing. These include:
- The beginning of the transition of the advisory from a standalone document to an interactive,web-based resource
- Discontinued use of the label “best available” in order to be more inclusive
- Links to active projects listed in ONC’s “interoperability proving ground”
- Better representation of pairing of standards for observations (questions) and observation values (answers)
-----
How to close the disconnect between developers, users of HIT
Sep 1, 2016 11:10am
The disconnect between the developers who create health IT tools and those who use them is a roadblock to true innovation in the industry, according to a trio of health and technology experts.
The creators of apps, wearables and IT systems don’t interact often, if at all, with patients and clinicians, which can lead to little understanding for how their tools will be used and what they are needed for most, Robert S. Rudin, Ph.D., David W. Bates, M.D., and Calum MacRae, Ph.D., write in The New England Journal of Medicine.
The disconnect doesn’t end there, the authors say. Physicians also are not always able to properly express to engineers and developers what changes or additions to systems and software they need.
-----
‘Significant problems’ with data access in public health
1 September 2016
Public health services have been denied access to health data vital to doing their job, a report from the Commons health select committee says.
In the report into public health post-2013, released on Thursday, the committee argues that funding cuts to services since responsibility for public health shifted to local authorities are “a false economy, as they not only add to the future costs of health and social care but risk widening health inequalities”.
The committee says there have been real-terms cuts to public health since the transition, including a £200m reduction last year.
It also says this means there is a “a growing mismatch between spending on public health and the significance attached to prevention in the NHS ‘Five Year Forward View’ [the plan to close a £30 billion gap between funding and demand by 2020-21, issued in October 2014]”.
-----
Epic and Cerner link information exchanges
31 August 2016
Two major NHS trusts are preparing to exchange information on shared patients from their different electronic patient record systems.
West Suffolk and Cambridge University Hospitals NHS foundation trusts are in the final phases of testing to share data from their Cerner and Epic systems respectively. Two-way technical connectivity between the EPRs is already in place.
In a joint statement to Digital Health News, Afzal Chaudhry, Cambridge University Hospitals’ chief medical information officer, and Dermot O'Riordan, chief clinical information officer at West Suffolk, said: “To our knowledge this is the first working example in the UK of interoperability between two major providers using different electronic health record products.
-----
How Telemedicine Is Transforming Health Care
The revolution is finally here—raising a host of questions for regulators, providers, insurers and patients
By
Melinda Beck
June 26, 2016 10:10 p.m. ET
After years of big promises, telemedicine is finally living up to its potential.
Driven by faster internet connections, ubiquitous smartphones and changing insurance standards, more health providers are turning to electronic communications to do their jobs—and it’s upending the delivery of health care.
Doctors are linking up with patients by phone, email and webcam. They’re also consulting with each other electronically—sometimes to make split-second decisions on heart attacks and strokes. Patients, meanwhile, are using new devices to relay their blood pressure, heart rate and other vital signs to their doctors so they can manage chronic conditions at home.
Telemedicine also allows for better care in places where medical expertise is hard to come by.
Five to 10 times a day, Doctors Without Borders relays questions about tough cases from its physicians in Niger, South Sudan and elsewhere to its network of 280 experts around the world, and back again via the internet.
-----
‘Clunky’ EHRs get in the way of optimal patient care
Published August 31 2016, 6:53am EDT
Physicians are being hamstrung by the limits of current electronic health record systems, which are missing valuable opportunities to harness available data and predictive analytics to individualize treatment, while sophisticated advances in technology are going untapped.
That’s the conclusion of three Stanford University School of Medicine researchers who railed against the shortcomings of EHRs in a recent commentary in the Journal of the American Medical Association.
Although EHRs have many virtues, they contend that the systems have “not kept pace with technology widely used to track, synthesize and visualize information in many other domains of modern life.”
-----
Precision medicine gaining momentum, HIMSS Analytics says
As hospitals shift into patient risk assessment from disease prevention, the need for precision medicine will expand in the marketplace, HIMSS Analytics 2016 Essentials Brief: Precision Medicine Study found.
August 31, 2016 10:46 AM
HIMSS Analytics Director of Research Brendan FitzGerald said that precision medicine tools are being implemented throughout healthcare which is helping to bring the industry closer to more specific treatments for certain diseases.
While current implementation and adoption of precision medicine programs are limited, precision medicine is beginning to expand in the healthcare market, according to a recent HIMSS Analytics 2016 Essentials Brief: Precision Medicine Study.
Many organizations currently focusing on precision medicine are large academic medical centers or multi-system hospital health systems with both internal and external resources, as it requires a high-level of expertise.
-----
Research: Remote monitoring no better than usual care for heart failure patients
Aug 31, 2016 7:02am
Remote monitoring failed to reduce hospitalizations or death in heart failure patients with implanted electronic devices, according to two studies presented early this week at the European Society of Cardiology Congress 2016.
The Remote Management of Heart Failure Using Implantable Electronic Devices (REM-HF) trial covered 1,650 hospital patients who had cardiac implantable electronic devices.
The patients were divided into two groups: usual care, which included remote monitoring three to six times a month plus usual heart failure follow-up, or consistent remote monitoring sent to the doctor weekly. The median follow-up period lasted 2.8 years, according to an announcement.
-----
Google's DeepMind Health, radiologists to treat head, neck cancer
Aug 31, 2016 9:54am
Google aims to find out if machine learning can help radiologists better plan treatments for head and neck cancer.
The tech giant’s DeepMind Health company will work on the effort in partnership with the radiology department at University College London Hospitals NHS Foundation Trust, according to an announcement.
Cancer located in the mouth or sinuses can be difficult to treat with radiotherapy without damaging other organs or nerves, and Google wants to use artificial intelligence to create more detailed outlines of areas that need treatment.
It can take up to four hours to create such a detailed outline, but by using computers to analyze scans from hundreds of former patients, Google hopes it can reduce that process to an hour.
-----
Security Risk Assessments: Critical regardless of practice size
September 01, 2016
In small- to-medium sized practices, there are necessarily fewer resources available for implementing the policies and procedures that will insure compliance with the Health Insurance Portability and Accountability Act (HIPAA). The U.S. Department of Health and Human Services (HHS) offers resources for smaller practices, where legal counsel is unlikely to be on staff, and security experts are more likely to be contracted than employed.
In 2014, the Office of the National Coordinator for Health IT (ONC) in collaboration with HHS’ Office for Civil Rights (OCR) released a downloadable security risk assessment (SRA) tool to help guide practices through the assessment process.
Jordan Cohen, JD, an attorney with Mintz, Levin, Cohn, Ferris, Glovsky, and Popeo in New York, New York, says the HHS tool is a good first step for smaller practices that want to conduct a risk assessment. He cautions, though, that the SRA is “only one tool, and the risk assessment is only one aspect of HIPAA compliance.”
-----
Global cybercrime costs will exceed $6T annually by 2021
A recent Cybersecurity Ventures report, sponsored by security firm Herjavec Group, also found global cybersecurity defense costs will exceed $1 trillion over the next five years.
August 30, 2016 10:49 AM
The cost of cybercrime around the globe will exceed $6 trillion annually by 2021 – more than double the annual cybercrime costs of 2015, according to a recent Cybersecurity Ventures report, sponsored by security firm Herjavec Group.
These costs include data damage and destruction, stolen money, loss of productivity, intellectual property theft, personal or financial data theft, fraud, embezzlement, business disruption after the attack, investigation, restoration and deletion of hacked data and systems.
The healthcare industry topped the list of most cyber-attacked industries in 2015, followed by manufacturing, financial services, government and transportation agencies.
-----
Drug Data Standards Needed for EHR Clinical Decision Support
Supporting drug data for EHR clinical decision support could help improve patient safety.
Drug-drug interactions are an integral patient safety component to EHR clinical decision support and computerized physician order entry (CPOE) are likely to benefit from data standardization, recent research shows.
According to a new study published in the Journal of the American Medical Informatics Association, drug-drug interactions (DDIs) are the way in which two different medications combine while taken at the same time by an individual patient. DDIs often lead to adverse drug events, which are a major patient safety concern.
EHR systems, through CPOE and clinical decision support, can alert providers of potential DDIs by providing alerts. However, according to researchers, these supports aren’t always successful.
-----
ONC challenge winners weigh in on how blockchain can improve healthcare
Aug 30, 2016 11:00am
White papers on improving claims processing, patient-reported outcome measures and the doctor-patient relationship are among the winners of a national blockchain challenge.
The challenge, from the Office of the National Coordinator for Health IT and the National Institute for Standards and Technology, asked for innovative healthcare uses for the technology, the most widely known example of which is Bitcoin. Blockchain provides an easy-to-see trail of transactions, but does not require an intermediary for data exchange.
Peter Nichol, former IT chief of the Connecticut state health information exchange, has said the technology will grow in importance in the coming years because it’s difficult to hack and only points to the location of records.
-----
How to use ransomware best practices to shore up defenses
Published August 30 2016, 3:21pm EDT
An international study reports nearly 40 percent of businesses experienced a ransomware attack in the past year. Add to that a recent U.S. government interagency report indicates that, on average, nearly 4,000 daily ransomware attacks have occurred since early 2016, representing a 300 percent increase over the 1,000 daily ransomware attacks reported in 2015.
In our digital healthcare world, this extortion threat to hospitals and health systems is escalating as professional cybergangs intensify their efforts. These hackers are ever evolving creative encryption schemes to hold electronic protected health data (ePHI) hostage until a ransom is paid. Proactive security measures have never been more critical.
Before your provider organization finds itself in a position of vulnerability at a hacker’s hand, implement these three phased steps to prepare for and manage ransomware (or any malware, for that matter).
- Proactively implement ransomware attack best practices (see below).
- Activate your incident response plan to tackle the ransomware incident as it happens.
- Analyze shortcomings, post incident, spotted during the investigation to better understand and communicate the “lessons learned” and to enact new action steps in advance of future attacks. For instance, your “security awareness” team can visually demonstrate to employees how the opening of phishing email scams automatically downloads ransomware onto the server.
-----
3 Reasons for Optimism on Healthcare Data Interoperability
Scott Mace, August 30, 2016
The ability to share data among providers has been hobbled by obstacles large and small. But as technologies mature, real-world models of workable interoperability are emerging.
As the summer doldrums wind down, there are some reasons to be optimistic about the state of data interoperability in healthcare.
While no one development signals that we've turned the corner on this predominant technology shortcoming standing between healthcare providers and data-driven value-based care, when taken as a group, they are encouraging signposts.
1. The Argonaut Project's progress means more rapid interop development.
Launched in late 2014, the Argonaut Project was the unprecedented collaboration of traditional healthcare rivals Epic and Cerner, as well as many others, to develop a set of implementation guides for HL7 Fast Healthcare Interoperability Resources (FHIR), basically a series of shortcuts to allowing EHRs and other apps to interoperate between providers.
-----
Image sharing grows in importance
Published August 29 2016, 7:01am EDT
Despite the importance of developing an enterprise medical imaging approach, the strategy requires the easy exchange of images, and achieving that interoperability is a major challenge, according to results of a recent survey.
Still, more than half of 100 surveyed IT leaders in healthcare organizations say their facility has an enterprise imaging strategy—a major component supporting the move to interoperability—and 54 percent say specialists at their facility can electronically exchange images with patients, providers and referring sites.
The College of Healthcare Information Management Executives, which represents IT leaders, recently surveyed 100 executives overseeing IT departments, with 76 percent of respondents using Epic, Cerner or Meditech electronic health records.
-----
Hurdles remain to comparing EHR usability
Aug 29, 2016 12:14pm
Despite doctors’ continued concerns about the usability of their electronic health records, comparing those experiences remains a highly difficult proposition, say researchers with MedStar Health and the Georgetown University School of Medicine.
In an article published in the Journal of the American Medical Informatics Association, the researchers, led by Raj Ratwani of MedStar’s National Center for Human Factors in Healthcare, say the current federal regulatory framework and implementation process doesn’t allow for “meaningful comparison” of EHR design processes, certification testing results and usability testing by providers.
Regarding the design processes, the authors say while two EHR vendors may attest to following a specific standard, their paths for getting to that point might not be the same. For instance, one vendor might choose to conduct several iterations of early-user testing with a number of clinicians, while another might only conduct such testing once using nonmedical users.
-----
August 26, 2016
Ransomware locks experts in debate over ethics of paying
When ransomware victims pay to restore their data, it encourages cybercriminals to carry out additional attacks. But do infected organizations have much of a choice?
In yet another sign that business is booming in the underworld of ransomware, Trend Micro has reported that the number of new ransomware families it observed in the first half of 2016 has already surpassed the total number observed in 2015 by 172 percent.
Such explosive growth shows that infected individuals and organizations continue to pay up, not only making these schemes profitable, but also encouraging more criminal activity. As ransomware's extended family of malicious code continues to multiply, experts are once again debating if victimized organizations have an ethical responsibility to refuse cybercriminals' demands.
-----
Physicians rate top EHRs for use, satisfaction, vendor support
More often than not, physicians report frustration and dissatisfaction with EHRs. They indicate EHRs are challenging to use, not user-friendly, introduce extra workflows and administrative burdens into their practices and detract from patient care. A Medscape survey sought to find what physicians liked about their EHRs.
The survey gathered responses from more than 15,000 physicians across 25 specialties. It asked questions about EHR usage, specifics on platforms, vendor satisfaction and more. Ninety-one percent of respondents said they currently use an EHR, 2 percent are currently installing/implementing one, 3 percent plan to use one within the next two years and 4 percent don't use one and don't plan to use one within the next two years.
The majority of respondents (63 percent) said they work in a hospital or health system with an EHR, 33 percent work in an independent practice with its own EHR system and 5 percent work in an independent practice but use a hospital or health system's EHR.
-----
Enjoy!
David.