This blog is totally independent, unpaid and has only three major objectives.
The first is to inform readers of news and happenings in the e-Health domain, both here in Australia and world-wide.
The second is to provide commentary on e-Health in Australia and to foster improvement where I can.
The third is to encourage discussion of the matters raised in the blog so hopefully readers can get a balanced view of what is really happening and what successes are being achieved.
Quote Of The Year
Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"
or
H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."
Addressing concerns raised by an audit that
had asked the agency to create a risk management plan as well as remind users
of My Health Record of how the emergency access function should be used.
The system administrator of Australia's oft-criticised
My Health Record has agreed to a number of recommendations made by the Joint
Committee of Public Accounts and Audit as part of its probe into the security
resilience of the online medical file.
The committee in 2019 scrutinised a report
from the Australian National Audit Office (ANAO) which pointed out a number of security issues
concerning the Australian Digital Health Agency's (ADHA) My Health Record
implementation that otherwise widely gave ADHA the tick as "largely
effective".
In a response
[PDF] to the committee, ADHA provided an update to its ANAO My Health Record
Performance Audit Implementation Plan, which was developed in February 2020.
One of the recommendations made by ANAO was
that ADHA conduct an end-to-end privacy risk assessment of the operation of the
My Health Record system under the opt-out model, including shared risks and
mitigation controls. It also recommended for the agency to incorporate the
results of this assessment into the risk management framework for the My Health
Record system.
The
agency said it would work with public and private sector healthcare providers,
professional associations, consumer groups, and medical indemnity insurers on
an "overarching privacy risk assessment", and incorporate results
into the risk management plan for My Health Record.
With
a privacy risk assessment completed in September, and initial risk register
updates flagged as done as of February, the ADHA has given itself until
November to complete the risk management work.
Another
recommendation was that the ADHA, with the Department of Health and in
consultation with the Information Commissioner, review the adequacy of its
approach and procedures for monitoring use of the emergency access function
within the online medical file.
After
delivering a compliance framework and an emergency access compliance plan in
February, the ADHA said it will continue to monitor emergency access and engage
with system participants to "promote a sound understanding of the
legislative provision and relevant reporting arrangements, so that unauthorised
use is recognised and reported to the Information Commissioner, as
required".
It
also flagged November as completion date for this work.
ADHA
was also asked by ANAO to develop an assurance framework for third party
software connecting to the My Health Record system, including clinical software
and mobile applications, in accordance with the federal government's
Information Security Manual.
"An
assurance framework exists for systems (including clinical software and mobile
applications) connecting to the Healthcare Identifiers Service and the My
Health Record system, including processes to confirm conformance," ADHA
said in response to the recommendation.
What strikes me about this is the
totally relaxed way the security holes in the access mechanisms are being
addressed. The Audit itself was conducted in 2019 and the ADHA are no planning
to have the various remediations partially finalized by late 2021. One would
have expected a little more urgency!
Of note also is that in the response
linked above it seems most of the work in keeping things secure is being
shifted back to the myHR stakeholders
Here is the latter part of the
advice!
Changes to be undertaken by My Health Record
stakeholders
In
addition to the ongoing activities outlined above, there are a number of
activities that My Health Record stakeholders will need to undertake,
including:
•
Working with the Agency on an ongoing basis to ensure shared privacy risks are
identified and appropriately managed.
•
Distributing guidance materials and other resources related to shared privacy
risks and legislative requirements to healthcare providers, as appropriate.
•
Healthcare Provider Organisations to ensure appropriate use of Emergency Access
within their healthcare facilities, as outlined in section 64 of the My
Health Records Act 2012 and adherence to notification provisions outlined
under section 75 of the Act.
•
System Participants to implement and maintain a policy addressing security and
access requirements outlined in Parts 4 & 5 of the My Health Records
Rule 2016; and provide a copy of the relevant policy, where requested by
the System Operator.
•
Software developers to undertake a conformance process for the new Security
Requirements for Connecting Systems, when requested by the System Operator.
Executive Minute on Joint Committee of
Public Accounts and Audit Report 485: Cyber Resilience
Inquiry into Auditor-General Reports 1 and 13 (2019-20)
10
June 2021 v1.0
OFFICIAL
Overall I really do not feel the
ADHA has a solution to protecting the #myHR System from access by bad actors
and is doing its best to shift any blame for issues to the legitimate users. I
find it hard to discern just what real progress has been made with these vulnerabilities
in the 2 years since the ANAO recognized them. It is hard to read all this any
other way I believe.
I am not at all sure it is reasonable to suggest that everything is under control!
Note: Each
link is followed by a title and few paragraphs. For the full article click on
the link above title of the article. Note also that full access to some links
may require site registration or subscription payment.
June 18, 2021
- In a public
notice, the Federal Communications Commission (FCC) concluded its
assessment on the widespread adoption of the Hospital Robocall Protection
Group’s (HRPG) best practices. The FCC concluded that education and outreach
are the most effective ways to encourage hospitals to adopt the best practices.
Under the
TRACED Act, the FCC also was required to assess “how the voluntary adoption by
hospitals and other stakeholders of the best practices issued by the Hospital
Robocall Protection Group can be facilitated to protect hospitals and other
institutions from unlawful robocalls.”
In
the public notice, the FCC concluded that expanding awareness and providing
forums to encourage adoption are essential to hospitals voluntarily
following the best practices, and industry leaders have a responsibility to
promote the best practices.
NHS Digital launches its Terminology Server to help boost data sharing
A solution
which has been designed to allow healthcare IT systems to speak the same
language is now live.
Hanna Crouch
15 June, 2021
NHS Digital’s
Terminology Server, which is FHIR conformant, transforms the way in
which data is captured, shared and analysed across the health and care system.
At the heart
of the solution is the ability to translate items into a common ‘language of
health’ when professionals describe something using different terms. For
example, a symptom could be described as “back-ache” or equally referred to as
“lower lumbar pain”. When such information is recorded and shared across
the health and care system the Terminology Server can be used to match the
disparate descriptions so that all the organisations and software involved in a
patient’s journey can ‘talk’ to each other and the patient data can be
reconciled and compared effectively.
This means
organisations from across the system can rapidly receive national code sets and
updates, such as SNOMED CT, clinicians can code in the same language and input
the data easier, researchers can use the improved coded data to facilitate
better research and organisations can innovate and create new apps without the
need to maintain large code sets, through a single API.
“This Is Foundational”: Removing the Biggest Barriers to the Digital Front
Door
Most
people are familiar with the term shopping cart abandonment; the process in
which a consumer adds an item or service to the cart but leaves the site
without completing a purchase. What many don’t realize is that this phenomenon
has hit healthcare. And while it may have a minimal effect on retail giants
like Amazon and Walmart, the impact on hospitals — which often have limited
budgets but unlimited competition — is being felt.
“It’s
one of the biggest worries I have; when people reach a certain level of
frustration over trying to book an appointment or get a service, and they just
quit,” said Richard Vaughn, MD, Medical Director of Digital Health at SSM
Health. “We can’t afford that.”
It’s
an issue that is affecting most, if not all, healthcare organizations. At
Ballad Health, analysts calculated that around 4,000 physician searches are
conducted every week in a region that serves 1.2 million people. “We feel like
there’s a lot of opportunity there,” said Taylor Hamilton, who serves as Chief
Consumer Officer.
And
it’s not just about revenue. Physicians like Vaughn spend “a tremendous amount
of time trying to convince patients to get care,” he said. “We don’t want that
to get thrown away because they’re having a bad experience trying to make a
connection.”
Researchers flag privacy risks with de-identified health data
Hospitals
and other covered entities are striking a growing number of agreements to use
de-identified patient data for research or to develop AI tools. But they should
carefully weigh the risks of sharing this data, experts said.
A growing
number of hospitals are banding together with tech companies to create
analytics businesses, or develop predictive algorithms.
These efforts
are fueled by de-identified data, which gives hospitals and other covered
entities the ability to share patient data without specifically asking for
their consent. Patients’ names, addresses, and other potentially identifying information
are removed from these datasets, which can then be shared freely under current
regulations.
Even if the
privacy risks to patients in sharing de-identified data might seem minute or
distant, hospitals should carefully consider them when they strike data-sharing
agreements, researchers wrote in an article recently published in the New England
Journal of Medicine. They advocated for specific protections for patients,
including seeking patients’ consent, stepping up security measures for
de-identified data, and additional legislation that would protect patients in
the event of a breach.
“I think the
challenge in medicine is everything is benefit-risk. It’s really easy for people
to imagine the benefits, and really difficult to imagine the risks,” said Eric
Perakslis, chief science and digital officer at the Duke Clinical Research
Institute, and co-author of the article. “Precisely what benefit is being
returned to the patients from the centers that are selling their data? If the
benefit is 0, then there needs to be 0 risk.”
Patients are looking to go back to brick-and-mortar post pandemic
New data from
HIMSS' State of Healthcare survey reveals that the bulk of patients are looking
to return to in-person care. However, younger generations are more likely to
continue on telehealth.
While
half of patients have experienced a telehealth visit in the last year, the bulk
of them say they want to get back to normal in-person visits, according to new research conducted by
HIMSS. In fact, HIMSS' State of Healthcare report found that 60% of
patients want to return to their pre-pandemic experiences.
"The desire to
go back to normal is an overarching sentiment. There is a pandemic fatigue and
they want to go back to normal in many facets of their life," Lauren
Goodman, director of market intelligence at HIMSS, said during the State of
Health event this afternoon. "This data is a snapshot in our current
state, and it could shift. These metrics will be interesting to watch overtime."
The new research
included 2,062 participants and was conducted during March and April 2021. In
order to be included, participants had to have at least one medical visit
within the last 12 months.
The research found
that Gen Z and Millennials were the most likely to be open to telehealth, with
47% of millennials saying they would prefer telehealth over in-person visits
once the pandemic has ended. Nearly three-quarters of younger generations
reported that one reason they prefer telehealth is convenience.
June 17, 2021
- It may be easier consumers to find their perfect pair of sneakers online
than it is for primary care providers to access the data necessary for clinical
decision support, according to Regenstrief Institute researchers. A new study
revealed that PCPs experience EHR usability challenges, signaling the need for
user-centered design.
The study,
published in the Human Factors and Ergonomics Society’s journal Human Factors,
reviewed and analyzed research about PCP EHR use conducted from 2012 through
2020.
Regenstrief
and IUPUI researchers found that study designs were mostly noninterventional;
studies described problems related to EHR
usability, workflow, and communication. PCPs often described EHR data as
incomplete, untimely, or irrelevant.
The
researchers mapped their review’s findings onto a three-level framework to
measure PCP situation awareness (SA), which refers to a provider’s
understanding of her environment. Level one indicates basic perception, two
indicates comprehension, and three signals projection.
June 17, 2021
- More work needs to be done before chatbots can be used effectively for
patient engagement and patient education, according to research published in the Journal
of Medical Internet Research, which looked at chatbot efficacy among dementia
patients and their caregivers.
This comes as
healthcare continues to look at the role chatbots and artificial intelligence
(AI) can play in patient engagement. Chatbots
have become commonplace in general customer service, as well as in healthcare,
to help keep consumers informed. In the case of medicine, and especially during
the pandemic, organizations tapped chatbots to share information quickly and
easily and in some cases check and triage patient symptoms.
"Artificial
intelligence chatbots have great potential to improve the communication between
patients and the healthcare system, given the shortage of healthcare staff and
the complexity of the patient needs,” Vagelis Hristidis, computer science
professor at the University of California Riverside’s Marlan and Rosemary
Bourns College of Engineer, founder of SmartBot360, and the study’s corresponding
author, said in a public statement.
This
is especially important for dementia patients and caregivers, who keep
increasing as the population ages, and face care challenges daily,” Hristidis
continued.
Cyberattacks
targeting the healthcare sector have surged because of the COVID-19 pandemic
and the resulting rush to enable remote delivery of healthcare services.
Security vendors and researchers tracking the industry have reported a major
increase in phishing
attacks, ransomware,
web application attacks, and other threats targeting healthcare providers.
The trend has
put enormous strain on healthcare security organizations that already had their
hands full dealing with the usual volume of threats before the pandemic. “The
healthcare industry is under siege from a range of complex security
risks," says Terry Ray, senior vice president and fellow at Imperva.
Cybercriminals are hunting for the sensitive and valuable data that
healthcare has access to, both patient data and corporate data, he says.
Many organizations are struggling to meet the challenge because they are
under-resourced and rely on vulnerable systems, third-party applications, and
APIs to deliver services.
Ray and other
security experts identified multiple issues that present major threats to
healthcare organizations. Here are five of them:
The
good news: It’s uncommon for physicians to be targeted with pharmaceutical
marketing when they are using electronic health record (EHR) systems and there
is no evidence that avenue to reach prescribers is gaining in popularity, says
an AMA
Board of Trustees report adopted at the June 2021 AMA
Special Meeting.
The
top five EHR systems—which account for 85% of the market share—do not appear to
have advertisements featured on the platforms, according the board report. A
small portion of the other 15% may generate revenue through ads, but only a
handful offer partnerships with pharmaceutical companies. Still, that means
some EHRs and e-prescribing programs may present opportunities for advertisers
to reach doctors at that crucial point of care—and that shouldn’t be allowed to
happen.
Research
cited in the AMA board report shows that exposure to physician-directed
advertising is associated with less effective, lower-quality prescribing
decisions and that exposure to pharmaceutical company-provided information
leads to higher prescribing frequency and higher costs.
Though
Waikato DHB has restored some of its foundational services in the past week,
Chief Executive Dr Kevin Snee said in a statement yesterday that there remains
"a great deal of work to be done across the DHB which will take
time".
The
restored services include diagnostics from laboratory and radiology services,
recording and tracking patients as they move through the DHB's hospitals, and
clinician access to patients’ full medical information.
Dr
Graham Mills, Medical Director of Medical Services, mentioned that the
restoration of these core services has changed the way clinical staff
are now able to work, although they are "not yet operating with
their full functionality".
Radiation
therapy was resumed last week with the service being expected to
operate at near normal capacity next week.
Providing
reminders around medication, transcribing patient conversations, controlling
surgical devices: these are some of the new ways voice interactions are
entering medicine. People who have gotten used to talking to their cell
phones–or through agents such as Alexa, to their TVs and microwave stoves and
cars–will expect simple voice interactions in their medical encounters.
I
talked to Bruce Ryan, director of engineering for HARMAN Embedded Audio, to find out how
audio capabilities are evolving and what his company is doing to provide them
in health care.
The
parent company HARMAN, which operated independently from 1953 to 2017 and is
now a part of Samsung, is a premier company for audio around the world. The
international reach has helped them be more inclusive, because they can do
voice recognition in every major language and are continually expanding their
list of supported languages. HARMAN Embedded Audio itself is not limited to
audio; it also produces a range of embedded devices.
My
conversation with Ryan touched on audio devices in three areas: the home, the
clinical encounter, and the operating room.
The FDA
outlined its medical device cybersecurity goals in response to NIST’s call for
position papers to fulfill President Biden’s executive order signed in May.
On May 12th,
President Biden signed an executive order on improving the nation’s
cybersecurity, and called on NIST to establish “new standards, tools, and best
practices.”
The executive
order stated that “the guidelines shall include criteria that can be used to
evaluate software security, include criteria to evaluate the security practices
of the developers and suppliers themselves, and identify innovative tools or
methods to demonstrate conformance with secure practices.”
Mayo Clinic joins Apple Health Records initiative: 4 things to know
Jackie Drees
– 15 June, 2021
Rochester,
Minn.-based Mayo Clinic is the latest health system to join Apple's Health Records project, which gives patients
access to their medical records directly from their iPhone, according to a June
15 news release.
Four
things to know:
1.
Mayo Clinic patients who have an online patient portal account can now use
Apple's Health Records app, which lets users view their health data from
multiple providers on a single platform.
2.
Use of the Health Records feature in iPhone's Health app is optional and will
not affect the user's patient portal account.
Hospitals held for ransom by flood of robocalls: 5 details
Hannah
Mitchell – 15 June, 2021
Robocalls
are the No. 1 consumer complaint filed with the Federal Communications
Commission, and robocalls to hospitals are a significant portion of the
problem, creating a new type of ransomware attack on hospitals and a threat to
public safety.
The
illegal calls flood hospital networks and are often perpetuating fraud. The
nonstop flow of calls undermines hospitals' ability to perform patient care by
keeping staff on phone lines unnecessarily and impairing operational capacity,
according to a June 11 FCC news release.
Five
details:
Robocallers often use spoofed caller
ID to trick hospital staff into thinking it's a real patient. Some
robocalls attempt to trick hospital staff into giving up the insurance or
financial information of a staff member. Hospitals have been falling
victim to the intentional flooding of phone networks with multiple
simultaneous calls, demanding a ransom payment in exchange for stopping
the attack.
The flow of calls can clog phone
lines and make it difficult for patient calls to get through. One hospital
received 4,500 robocalls in two hours in 2018. Another hospital had 6,500
calls with spoofed caller ID to look like internal calls and tied up 65
hours of response time of hospital staff over 90 days. This hospital also
received 300 robocalls spoofing numbers affiliated with the Justice
Department in an attempt to extract sensitive information from
physicians.
Many
healthcare breaches can be traced to misconfigured databases, servers and other
IT, and some breaches involving misconfigurations have resulted in massive
amounts of data being exposed online. (Eric Glenn/Shutterstock.com)
More than
one billion search records belonging to CVS Health were accidentally
posted online and accessible to the public earlier this year.
The database
belonging to the healthcare and retail giant, which was not password
protected, was discovered at the end of March by independent cybersecurity researcher
Jeremiah Fowler, according to a report
published by Website Planet, which conducts research into unsecured
internet data.
The database,
which was approximately 204 gigabytes in size and totaled 1.1 billion
records, had no form of authentication in place to prevent unauthorized entry,
the researchers said.
June 16, 2021
- The American Medical Association has adopted
policies that take yet another hard stance against medical racism. The policies
set to guide healthcare organizations in tamping down on discrimination, bias
and abuse, and prejudice or microaggressions, the organization announced at its
Special Meeting of the AMA House of Delegates.
AMA said
healthcare organizations should create policies that would facilitate openness,
inclusion, and diversity. Additionally, individual organizational policies
should address incidents of racism in medicine.
That will
include clearly defining racism or implicit bias in medicine and making those
policies clear to all staff and patients. Organizations should also define its
own practice or hospital commitment to anti-racism in medicine, establish
cultural competency and anti-racism training for staff, and create a formal
protocol for both reporting and corrective action in incidents of medical
racism.
“Systemic
racism in medicine is the most serious barrier to the advancement of health
equity and appropriate medical care,” Willarda V. Edwards, MD, MBA, an AMA
board member, said in a statement. “Today’s actions by the House of Delegates
will inform the AMA’s active work to proactively identify, prevent, and
eliminate racism and will help the AMA guide health care organizations in
efforts to adopt workplace policies that promote positive cultural
transformation and address the root cause of racial health inequities.”
At a meeting
this week, the American Medical Association’s delegates adopted new
policies specifically targeting peer-to-peer review of prior authorization
decisions and the particular burden of prior authorization during a public
health emergency. Getty/wmiami)
The country’s
largest physician organization is taking steps to rein in bureaucratic prior
authorization requirements that can lead to delayed and disruptive treatment
for patients.
At a meeting
this week, the American Medical Association’s (AMA's) delegates adopted
new policies specifically targeting peer-to-peer (P2P) review of prior
authorization decisions and the particular burden of prior authorization during
a public health emergency.
"P2P
reviews are another burdensome layer insurers are increasingly using without
justification, and the peer reviewers are often unqualified to assess the need
for services for a patient for whom they have minimal information and to whom
they have never spoken or evaluated," said AMA President Susan Bailey,
M.D., in a statement.
The
U.S. Office of the National Coordinator for Health Information Technology has
partnered with standards development organizations and other experts to release
the Project US@ Draft Technical Specification Version 1.0 for public comment.
The
draft specification is aimed at standardizing patient
addresses across healthcare to improve patient matching, which in turn supports
safety, privacy and security, care coordination, and interoperability.
"Together,
we hope to establish a lasting, industry-wide approach to representing patient addresses
that is consistent across a spectrum of clinical and administrative
transactions," wrote the team in the draft specification.
WHY IT MATTERS
Momentum
around standardizing addresses to improve patient matching has been building
over the past year, with ONC announcing its Project US@ initiative in December
2020.
Objectives To investigate
whether and what user data are collected by health related mobile applications
(mHealth apps), to characterise the privacy conduct of all the available
mHealth apps on Google Play, and to gauge the associated risks to privacy.
Design Cross sectional study
Setting Health related apps developed
for the Android mobile platform, available in the Google Play store in
Australia and belonging to the medical and health and fitness categories.
Participants Users of 20 991
mHealth apps (8074 medical and 12 917 health and fitness found in the Google
Play store: in-depth analysis was done on 15 838 apps that did not require a
download or subscription fee compared with 8468 baseline non-mHealth apps.
Main outcome measures Primary
outcomes were characterisation of the data collection operations in the apps
code and of the data transmissions in the apps traffic; analysis of the primary
recipients for each type of user data; presence of adverts and trackers in the
app traffic; audit of the app privacy policy and compliance of the privacy
conduct with the policy; and analysis of complaints in negative app reviews.
Results 88.0% (n=18 472) of
mHealth apps included code that could potentially collect user data. 3.9%
(n=616) of apps transmitted user information in their traffic. Most data
collection operations in apps code and data transmissions in apps traffic
involved external service providers (third parties). The top 50 third parties
were responsible for most of the data collection operations in app code and
data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of
user data transmissions occurred on insecure communication protocols. 28.1%
(5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data
transmissions complied with the privacy policy. 1.3% (3609) of user reviews
raised concerns about privacy.
Conclusions This analysis
found serious problems with privacy and inconsistent privacy practices in
mHealth apps. Clinicians should be aware of these and articulate them to
patients when determining the benefits and risks of mHealth apps.
Covid-19
has thrown a spotlight on digital maturity. As Vivienne Raper reports, many
trusts last year have changed priorities or continued to widen the scope of existing
electronic document management plans.
In March last
year, Jamie Hall, head of sales at IMMJ Systems found a missed phone call and a
text message from London North-West University Healthcare NHS Trust. He
remembers it reading: “Jamie, can you call me urgently?”
The call was
from Sonia Patel, former CIO at the trust, who asked him how quickly he could
deploy an Electronic Document Management System (EDMS) to support virtual
outpatients.
“It was right
at the height of stuff getting scary. Lockdown was looming and we all thought
we were going to die,” he reports. “She put me on the spot about how fast I
could go live, and I said 72 hours – it was a gut instinct.”
To fulfill AI's potential, healthcare orgs must enact safeguards
In a preview
of his HIMSS21 presentation, Muhammad Babur, IT-program manager at Mayo Clinic,
says artificial intelligence can enhance care delivery – but also cause
potential harm.
Artificial
intelligence and machine learning have the power to spur enormous change in the
healthcare industry.
At
the same time, experts caution that it could pose a threat to the privacy of
patient data – as well as possibly reproducing bias and inequity.
"We
know the application of artificial intelligence has tremendous potential as a
tool for improving safety standards, creating robust clinical decision support
systems and helping in establishing a fair clinical governance system,"
said Muhammad Babur, IT-program manager at Mayo Clinic.
Still,
Babur said, "Healthcare organizations need to have an adequate governance
structure around AI applications" in order to safeguard patient data and
ensure equitable results.
So,
after investing what feels like infinite levels of effort, patient medical
records are digitized across nearly all hospitals in the US, according to a new
ONC
Data Brief. Great.
However,
at least when this data was collected in 2019, hospitals were still playing
their little passive-aggressive game where they make the data available to
patients but hard to get to colleagues and competitors.
To
me, this suggests that even with Information Blocking rules firmly in place
now, hospitals are likely to find ways to impede the provider-to-provider data
sharing process. We are talking about a 10-year tantrum even ONC won’t be able
to calm down completely.
It’s
not that the health information sharing process isn’t maturing. Things are
indeed changing for the better. For example, the data gathered by ONC shows
that in 2019, 70% of hospitals let inpatients access their health information
using a mobile software application, up almost 50% from 2018. This is nothing
to be sneezed at.
Only
15 months ago — March 13, 2020 — COVID-19 became a national emergency in the
United States. My assumption at the time was that COVID lockdowns could extend
as long as five years, the previous speed record for modern vaccine development,
with many millions of deaths — a generational cataclysm.
While
COVID certainly has been plenty devastating in the U.S. and around the world,
with 600,000 Americans dead of and with COVID, and with shockingly broad
destruction of American small businesses, it has not been nearly as destructive
as it could have been. We are coming out of COVID years early, with many
livelihoods and businesses preserved, compared to what we had any right to
expect. And overwhelming credit goes to our spectacular technology industry.
The
most amazing COVID technology story has to be the vaccines. Moderna, a product
of the American venture capital system, created the first mRNA COVID vaccine
within two days of receiving the genetic code for COVID by email. It’s hard to overstate
the tremendous advance in both speed and effectiveness of this new
technological platform — and now that we know how well mRNA vaccines work, we
can look forward to decades of new vaccines both for potential COVID variants
and for many other health threats. We now have the technological tools to quite
literally code nature, and the payoff to human flourishing will be profound.
Sky Lakes Medical: A First-Hand Look at Fall Ransomware Attack, Recovery
Sky Lakes
Medical Center was among the dozen healthcare providers caught up in the wave
of ransomware attacks last fall. Its analyst shares a first-hand account of the
incident and recovery.
June 14, 2021
- The FBI began investigating
a wave of targeted ransomware attacks against at least a dozen US hospitals,
health systems, and healthcare providers in October 2020. Sky Lakes Medical
Center in Oregon was among the victims driven into EHR downtime procedures.
The attack
against Sky
Lakes Medical was claimed by Ryuk ransomware threat actors: a group
notorious for effectively and continuously evolving their attack methods to
ensure the greatest impact.
The group
launched the massive attack on Universal
Health Services, which struck around the same period as the Sky Lakes Medical
incident.
From worming
capabilities to exploiting vulnerable remote desktop protocols
(RDPs), Ryuk is among the most destructive ransomware variants that has relentlessly
targeted healthcare providers despite the ongoing pandemic.
Once a breach
occurs, you’ll want to identify what the attackers accessed and how they
accessed the data. This information helps you identify if you need to notify
users that their data has been breached and learn how to protect yourself from
the next attack.
First, make
sure you have the necessary resources and preparations in place to investigate.
The process of identifying how an attacker entered the network is often based
on the evidence and timeline analysis. Knowing how best to handle the evidence
and having a plan in place before an intrusion occurs are key to properly
handling the investigation. The Cybersecurity Unit for the US Department of
Justice has several resources to help with planning ahead.
This
task checklist will make it easier to respond to a data breach or limit its
damage:
Amazon's HealthLake can predict patient mortality: 4 details
Hannah
Mitchell - Friday, June 11th, 2021
Amazon
launched a service for hospitals that aggregates information into a data lake
and standardizes it with machine learning. Now, HealthLake can offer patient
outcome predictions, like mortality, based on stored data, according to a June
10 blog post by Amazon.
Four
details:
1.
Amazon HealthLake, which was launched
in December, is HIPAA-eligible and hosts the deidentified health-related data
of more than 40,000 patients who have stayed in critical care units. The data
stores information such as demographics, vital signs, lab test results,
medication, imaging reports, provider notes and more.
2.
Healthcare providers can use the data to spot trends and find anomalies to make
predictions about the progression of disease, clinical trial efficacy and accuracy
of insurance premiums.
DOD's electronic health records rollout hits 30% completion
By Lauren C. Williams
·Jun 13, 2021
The
Defense Department's rollout of the Cerner commercial electronic health records
system is nearly a third complete, with 42,000 active users across more than a
dozen states, officials told reporters on a press call on June 10.
Holly
Joers, the acting program executive officer for Defense Healthcare Management
Systems, said the latest deployment, Wave Carson Plus, of MHS Genesis wrapped
April 24, marking 30% completion of the systems rollout across military
treatment facilities.
That
deployment was the largest to date, extending across 11 states and 20 military
installations, adding about 10,000 active users to the system.
Joers
said the progress to date means that DOD is on schedule for completion at the
end of 2023 with the next 'go live" deployment called Wave Tripler
scheduled for in Hawaii at the end of September.
"As
of this summer we will have about 12 waves in flight," Joers told
reporters June 10.
Healthcare
cooperative ProCare Health has teamed up with the University of Auckland and
the University of Otago to conduct a long-term study to determine the impact of
multiple morbidities on the risk of hospitalisation or death from
cardiovascular diseases.
Funded
by the Health Research Council of New Zealand, the three-year study commenced
in January. The 2014 ProCare Adult Cohort Study involves patients over the age
of 18 who are enrolled in a ProCare practice since the first quarter of 2014.
It
anonymises patient data of over 550,000 people; these data are linked with the
TestSafe repository of blood test results and national health databases on
hospitalisations, deaths and community pharmacy dispensing.
The
data set will enable researchers to anonymously track patients over time and
look back between five and 10 years for history of long-term conditions.
Several
electronic health records over the past week have announced that their
customers can enable greater patient control over record-sharing via the Apple
Health app.
Cerner,
Meditech Expanse, Allscripts, athenahealth and DrChrono are all among the
companies that are working with Apple to facilitate more seamless data
exchange.
"For
too long our industry has worked in silos, and patients have been left out of
the decision as to who has access to their health records and when," said
Meditech Executive Vice President Helen Waters in a statement.
"Patient
empowerment is an important element to any successful interoperability
strategy," she said.
