Quote Of The Year

Timeless Quotes - Sadly The Late Paul Shetler - "Its not Your Health Record it's a Government Record Of Your Health Information"

or

H. L. Mencken - "For every complex problem there is an answer that is clear, simple, and wrong."

Sunday, June 27, 2021

I Am Not Sure The ADHA Is Being Upfront And Honest With #myHealthRecord Security Situation Risks.

The following appeared a few days ago:

Digital Health Agency says My Health Record risk mitigation work on-track

Addressing concerns raised by an audit that had asked the agency to create a risk management plan as well as remind users of My Health Record of how the emergency access function should be used.

By Asha Barbaschow | June 21, 2021 -- 05:53 GMT (15:53 AEST) | Topic: Security

The system administrator of Australia's oft-criticised My Health Record has agreed to a number of recommendations made by the Joint Committee of Public Accounts and Audit as part of its probe into the security resilience of the online medical file.

The committee in 2019 scrutinised a report from the Australian National Audit Office (ANAO) which pointed out a number of security issues concerning the Australian Digital Health Agency's (ADHA) My Health Record implementation that otherwise widely gave ADHA the tick as "largely effective".

In a response [PDF] to the committee, ADHA provided an update to its ANAO My Health Record Performance Audit Implementation Plan, which was developed in February 2020.

One of the recommendations made by ANAO was that ADHA conduct an end-to-end privacy risk assessment of the operation of the My Health Record system under the opt-out model, including shared risks and mitigation controls. It also recommended for the agency to incorporate the results of this assessment into the risk management framework for the My Health Record system.

The agency said it would work with public and private sector healthcare providers, professional associations, consumer groups, and medical indemnity insurers on an "overarching privacy risk assessment", and incorporate results into the risk management plan for My Health Record.

With a privacy risk assessment completed in September, and initial risk register updates flagged as done as of February, the ADHA has given itself until November to complete the risk management work.

Another recommendation was that the ADHA, with the Department of Health and in consultation with the Information Commissioner, review the adequacy of its approach and procedures for monitoring use of the emergency access function within the online medical file.

After delivering a compliance framework and an emergency access compliance plan in February, the ADHA said it will continue to monitor emergency access and engage with system participants to "promote a sound understanding of the legislative provision and relevant reporting arrangements, so that unauthorised use is recognised and reported to the Information Commissioner, as required".

It also flagged November as completion date for this work.

ADHA was also asked by ANAO to develop an assurance framework for third party software connecting to the My Health Record system, including clinical software and mobile applications, in accordance with the federal government's Information Security Manual.

"An assurance framework exists for systems (including clinical software and mobile applications) connecting to the Healthcare Identifiers Service and the My Health Record system, including processes to confirm conformance," ADHA said in response to the recommendation.

More here:

https://www.zdnet.com/article/digital-health-agency-says-my-health-record-risk-mitigation-work-on-track/#ftag=RSSbaffb68

What strikes me about this is the totally relaxed way the security holes in the access mechanisms are being addressed. The Audit itself was conducted in 2019 and the ADHA are no planning to have the various remediations partially finalized by late 2021. One would have expected a little more urgency!

Of note also is that in the response linked above it seems most of the work in keeping things secure is being shifted back to the myHR stakeholders

Here is the latter part of the advice!

Changes to be undertaken by My Health Record stakeholders

In addition to the ongoing activities outlined above, there are a number of activities that My Health Record stakeholders will need to undertake, including:

• Working with the Agency on an ongoing basis to ensure shared privacy risks are identified and appropriately managed.

• Distributing guidance materials and other resources related to shared privacy risks and legislative requirements to healthcare providers, as appropriate.

• Healthcare Provider Organisations to ensure appropriate use of Emergency Access within their healthcare facilities, as outlined in section 64 of the My Health Records Act 2012 and adherence to notification provisions outlined under section 75 of the Act.

• System Participants to implement and maintain a policy addressing security and access requirements outlined in Parts 4 & 5 of the My Health Records Rule 2016; and provide a copy of the relevant policy, where requested by the System Operator.

• Software developers to undertake a conformance process for the new Security Requirements for Connecting Systems, when requested by the System Operator.

The full 4 page file can be downloaded from here:

https://www.aph.gov.au/DocumentStore.ashx?id=0f0311d5-492e-4e86-a142-e8b941e3c127

The document title is as follows:

 Executive Minute on Joint Committee of Public Accounts and Audit Report 485: Cyber Resilience

Inquiry into Auditor-General Reports 1 and 13 (2019-20)

10 June 2021 v1.0

OFFICIAL

Overall I really do not feel the ADHA has a solution to protecting the #myHR System from access by bad actors and is doing its best to shift any blame for issues to the legitimate users. I find it hard to discern just what real progress has been made with these vulnerabilities in the 2 years since the ANAO recognized them. It is hard to read all this any other way I believe.

 I am not at all sure it is reasonable to suggest that everything is under control!

David.

 

AusHealthIT Poll Number 585 – Results – 27th June, 2021.

Here are the results of the poll.

Is The ADHA Wasting Time And Money Running Sessions / Webinars Promoting The #myHealthRecord In Remote Rural Libraries Etc. Around The Country?

Yes 93% (78)

No 5% (4)

I Have No Idea 2% (2)

Total votes: 84

The overwhelming belief is that the ADHA is wasting OUR money on rubbish sessions that help nothing at all.

Any insights on the poll are welcome, as a comment, as usual!

A good number of votes with total clarity on the outcome!  

It must also have been an easy question as 2/84 readers were not sure how to respond.

Again, many, many thanks to all those who voted!  

David.

 

Saturday, June 26, 2021

Weekly Overseas Health IT Links – 26 June, 2021.

Here are a few I came across last week.

Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.

-----

https://healthitsecurity.com/news/fcc-finalizes-best-practices-to-combat-hospital-robocalls

FCC Finalizes Best Practices to Combat Hospital Robocalls

The Federal Communications Commission released a public notice on how hospitals can implement the Hospital Robocall Protection Group’s best practices.

By Jill McKeon

June 18, 2021 - In a public notice, the Federal Communications Commission (FCC) concluded its assessment on the widespread adoption of the Hospital Robocall Protection Group’s (HRPG) best practices. The FCC concluded that education and outreach are the most effective ways to encourage hospitals to adopt the best practices.

The best practices and the establishment of the HRPG were driven by the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which was signed into law in December 2019.

Under the TRACED Act, the FCC also was required to assess “how the voluntary adoption by hospitals and other stakeholders of the best practices issued by the Hospital Robocall Protection Group can be facilitated to protect hospitals and other institutions from unlawful robocalls.”

In the public notice, the FCC concluded that expanding awareness and providing forums to encourage adoption are essential to hospitals voluntarily following the best practices, and industry leaders have a responsibility to promote the best practices.

-----

https://www.digitalhealth.net/2021/06/nhs-digital-launches-its-terminology-server-to-help-boost-data-sharing/

NHS Digital launches its Terminology Server to help boost data sharing

A solution which has been designed to allow healthcare IT systems to speak the same language is now live.

Hanna Crouch 15 June, 2021

NHS Digital’s Terminology Server, which is FHIR conformant, transforms the way in which data is captured, shared and analysed across the health and care system.

At the heart of the solution is the ability to translate items into a common ‘language of health’ when professionals describe something using different terms. For example, a symptom could be described as “back-ache” or equally referred to as “lower lumbar pain”.  When such information is recorded and shared across the health and care system the Terminology Server can be used to match the disparate descriptions so that all the organisations and software involved in a patient’s journey can ‘talk’ to each other and the patient data can be reconciled and compared effectively.

This means organisations from across the system can rapidly receive national code sets and updates, such as SNOMED CT, clinicians can code in the same language and input the data easier, researchers can use the improved coded data to facilitate better research and organisations can innovate and create new apps without the need to maintain large code sets, through a single API.

-----

https://healthsystemcio.com/2021/06/16/this-is-foundational-removing-the-biggest-barriers-to-the-digital-front-door/

“This Is Foundational”: Removing the Biggest Barriers to the Digital Front Door

Most people are familiar with the term shopping cart abandonment; the process in which a consumer adds an item or service to the cart but leaves the site without completing a purchase. What many don’t realize is that this phenomenon has hit healthcare. And while it may have a minimal effect on retail giants like Amazon and Walmart, the impact on hospitals — which often have limited budgets but unlimited competition — is being felt.

“It’s one of the biggest worries I have; when people reach a certain level of frustration over trying to book an appointment or get a service, and they just quit,” said Richard Vaughn, MD, Medical Director of Digital Health at SSM Health. “We can’t afford that.”

It’s an issue that is affecting most, if not all, healthcare organizations. At Ballad Health, analysts calculated that around 4,000 physician searches are conducted every week in a region that serves 1.2 million people. “We feel like there’s a lot of opportunity there,” said Taylor Hamilton, who serves as Chief Consumer Officer.

And it’s not just about revenue. Physicians like Vaughn spend “a tremendous amount of time trying to convince patients to get care,” he said. “We don’t want that to get thrown away because they’re having a bad experience trying to make a connection.”

-----

https://medcitynews.com/2021/06/researchers-flag-privacy-risks-with-de-identified-health-data/

Researchers flag privacy risks with de-identified health data

Hospitals and other covered entities are striking a growing number of agreements to use de-identified patient data for research or to develop AI tools. But they should carefully weigh the risks of sharing this data, experts said. 

By Elise Reuter

Post a comment / Jun 17, 2021 at 1:57 PM

A growing number of hospitals are banding together with tech companies to create analytics businesses, or develop predictive algorithms.

These efforts are fueled by de-identified data, which gives hospitals and other covered entities the ability to share patient data without specifically asking for their consent. Patients’ names, addresses, and other potentially identifying information are removed from these datasets, which can then be shared freely under current regulations.

Even if the privacy risks to patients in sharing de-identified data might seem minute or distant, hospitals should carefully consider them when they strike data-sharing agreements, researchers wrote in an article recently published in the New England Journal of Medicine. They advocated for specific protections for patients, including seeking patients’ consent, stepping up security measures for de-identified data, and additional legislation that would protect patients in the event of a breach.

“I think the challenge in medicine is everything is benefit-risk. It’s really easy for people to imagine the benefits, and really difficult to imagine the risks,” said Eric Perakslis, chief science and digital officer at the Duke Clinical Research Institute, and co-author of the article. “Precisely what benefit is being returned to the patients from the centers that are selling their data? If the benefit is 0, then there needs to be 0 risk.”

-----

https://www.mobihealthnews.com/news/patients-are-looking-go-back-brick-and-mortar-post-pandemic

Patients are looking to go back to brick-and-mortar post pandemic

New data from HIMSS' State of Healthcare survey reveals that the bulk of patients are looking to return to in-person care. However, younger generations are more likely to continue on telehealth.

By Laura Lovett

June 15, 2021 03:26 pm

While half of patients have experienced a telehealth visit in the last year, the bulk of them say they want to get back to normal in-person visits, according to new research conducted by HIMSS. In fact, HIMSS' State of Healthcare report found that 60% of patients want to return to their pre-pandemic experiences.

"The desire to go back to normal is an overarching sentiment. There is a pandemic fatigue and they want to go back to normal in many facets of their life," Lauren Goodman, director of market intelligence at HIMSS, said during the State of Health event this afternoon. "This data is a snapshot in our current state, and it could shift. These metrics will be interesting to watch overtime."

The new research included 2,062 participants and was conducted during March and April 2021. In order to be included, participants had to have at least one medical visit within the last 12 months.

The research found that Gen Z and Millennials were the most likely to be open to telehealth, with 47% of millennials saying they would prefer telehealth over in-person visits once the pandemic has ended. Nearly three-quarters of younger generations reported that one reason they prefer telehealth is convenience.

-----

https://ehrintelligence.com/news/user-centered-design-key-to-ehr-usability-for-primary-care-docs

User-Centered Design Key to EHR Usability for Primary Care Docs

PCPs report EHR usability issues that affect their ability to access the data necessary for care management and clinical decision support.

By Hannah Nelson

June 17, 2021 - It may be easier consumers to find their perfect pair of sneakers online than it is for primary care providers to access the data necessary for clinical decision support, according to Regenstrief Institute researchers. A new study revealed that PCPs experience EHR usability challenges, signaling the need for user-centered design.

The study, published in the Human Factors and Ergonomics Society’s journal Human Factors, reviewed and analyzed research about PCP EHR use conducted from 2012 through 2020.

Regenstrief and IUPUI researchers found that study designs were mostly noninterventional; studies described problems related to EHR usability, workflow, and communication. PCPs often described EHR data as incomplete, untimely, or irrelevant.

The researchers mapped their review’s findings onto a three-level framework to measure PCP situation awareness (SA), which refers to a provider’s understanding of her environment. Level one indicates basic perception, two indicates comprehension, and three signals projection.

-----

https://patientengagementhit.com/news/do-ai-chatbots-fall-short-for-patient-engagement-education

Do AI Chatbots Fall Short for Patient Engagement, Education?

Researchers found that, although promising, chatbots for dementia patients fell short of patient engagement and education expectations.

By Sara Heath

June 17, 2021 - More work needs to be done before chatbots can be used effectively for patient engagement and patient education, according to research published in the Journal of Medical Internet Research, which looked at chatbot efficacy among dementia patients and their caregivers.

This comes as healthcare continues to look at the role chatbots and artificial intelligence (AI) can play in patient engagement. Chatbots have become commonplace in general customer service, as well as in healthcare, to help keep consumers informed. In the case of medicine, and especially during the pandemic, organizations tapped chatbots to share information quickly and easily and in some cases check and triage patient symptoms.

"Artificial intelligence chatbots have great potential to improve the communication between patients and the healthcare system, given the shortage of healthcare staff and the complexity of the patient needs,” Vagelis Hristidis, computer science professor at the University of California Riverside’s Marlan and Rosemary Bourns College of Engineer, founder of SmartBot360, and the study’s corresponding author, said in a public statement.

This is especially important for dementia patients and caregivers, who keep increasing as the population ages, and face care challenges daily,” Hristidis continued.

-----

https://www.csoonline.com/article/3262187/5-biggest-healthcare-security-threats-for-2018.html

5 biggest healthcare security threats for 2021

Healthcare organizations can expect ransomware, botnets, cloud misconfigurations, web application attacks, and phishing to be their top risks.

By Michael Nadeau

Senior Editor, CSO | 17 June 2021 19:00 AEST

Cyberattacks targeting the healthcare sector have surged because of the COVID-19 pandemic and the resulting rush to enable remote delivery of healthcare services. Security vendors and researchers tracking the industry have reported a major increase in phishing attacks, ransomware, web application attacks, and other threats targeting healthcare providers.

The trend has put enormous strain on healthcare security organizations that already had their hands full dealing with the usual volume of threats before the pandemic. “The healthcare industry is under siege from a range of complex security risks," says Terry Ray, senior vice president and fellow at Imperva. Cybercriminals are hunting for the sensitive and valuable data that healthcare has access to, both patient data and corporate data, he says. Many organizations are struggling to meet the challenge because they are under-resourced and rely on vulnerable systems, third-party applications, and APIs to deliver services.

Ray and other security experts identified multiple issues that present major threats to healthcare organizations. Here are five of them:

-----

https://www.ama-assn.org/practice-management/digital/keep-pharmaceutical-promotion-out-doctors-electronic-tools

Keep pharmaceutical promotion out of doctors’ electronic tools

Tanya Albert Henry

Contributing News Writer

16 June, 2021

The good news: It’s uncommon for physicians to be targeted with pharmaceutical marketing when they are using electronic health record (EHR) systems and there is no evidence that avenue to reach prescribers is gaining in popularity, says an AMA Board of Trustees report adopted at the June 2021 AMA Special Meeting.

The top five EHR systems—which account for 85% of the market share—do not appear to have advertisements featured on the platforms, according the board report. A small portion of the other 15% may generate revenue through ads, but only a handful offer partnerships with pharmaceutical companies. Still, that means some EHRs and e-prescribing programs may present opportunities for advertisers to reach doctors at that crucial point of care—and that shouldn’t be allowed to happen.

Research cited in the AMA board report shows that exposure to physician-directed advertising is associated with less effective, lower-quality prescribing decisions and that exposure to pharmaceutical company-provided information leads to higher prescribing frequency and higher costs.

-----

https://www.healthcareitnews.com/news/apac/long-way-still-go-says-waikato-dhb-0

'A long way still to go', says Waikato DHB

Manual processes that were instituted following the cyberattack are still necessary in many functions across the DHB.

By Thiru Gunasegaran

June 17, 2021 03:45 AM

Though Waikato DHB has restored some of its foundational services in the past week, Chief Executive Dr Kevin Snee said in a statement yesterday that there remains "a great deal of work to be done across the DHB which will take time".

The restored services include diagnostics from laboratory and radiology services, recording and tracking patients as they move through the DHB's hospitals, and clinician access to patients’ full medical information.

Dr Graham Mills, Medical Director of Medical Services, mentioned that the restoration of these core services has changed the way clinical staff are now able to work, although they are "not yet operating with their full functionality".

Radiation therapy was resumed last week with the service being expected to operate at near normal capacity next week.

-----

https://www.healthcareittoday.com/2021/06/17/audio-interfaces-have-a-much-wider-potential-in-health-care/

Audio Interfaces Have a Much Wider Potential in Health Care

June 17, 2021

Andy Oram

Providing reminders around medication, transcribing patient conversations, controlling surgical devices: these are some of the new ways voice interactions are entering medicine. People who have gotten used to talking to their cell phones–or through agents such as Alexa, to their TVs and microwave stoves and cars–will expect simple voice interactions in their medical encounters.

I talked to Bruce Ryan, director of engineering for HARMAN Embedded Audio, to find out how audio capabilities are evolving and what his company is doing to provide them in health care.

The parent company HARMAN, which operated independently from 1953 to 2017 and is now a part of Samsung, is a premier company for audio around the world. The international reach has helped them be more inclusive, because they can do voice recognition in every major language and are continually expanding their list of supported languages. HARMAN Embedded Audio itself is not limited to audio; it also produces a range of embedded devices.

My conversation with Ryan touched on audio devices in three areas: the home, the clinical encounter, and the operating room.

-----

https://healthitsecurity.com/news/fda-outlines-medical-device-cybersecurity-goals

FDA Outlines Medical Device Cybersecurity Goals

The FDA outlined its medical device cybersecurity goals in response to NIST’s call for position papers to fulfill President Biden’s executive order signed in May.

By Jill McKeon

June 16, 2021 - In response to the National Institute of Standards and Technology’s (NIST) workshop and call for position papers to aid them in delivering on President Biden’s cybersecurity executive order, the FDA voiced its support and concerns about medical device cybersecurity in particular, and the need for OT and IT security standards.  

On May 12th, President Biden signed an executive order on improving the nation’s cybersecurity, and called on NIST to establish “new standards, tools, and best practices.”

The executive order stated that “the guidelines shall include criteria that can be used to evaluate software security, include criteria to evaluate the security practices of the developers and suppliers themselves, and identify innovative tools or methods to demonstrate conformance with secure practices.”

The executive order came after a string of ransomware attacks on the healthcare sector over the past year, along with an attack on the Colonial Pipeline in Texas that disrupted thousands of miles of its fuel supply chain. The recently launched Ransomware and Digital Extortion Task Force aims to combat the growing cybersecurity threats, but Biden’s executive order shows that a nationwide response is needed.

-----

https://www.beckershospitalreview.com/ehrs/mayo-clinic-joins-apple-health-records-initiative-4-things-to-know.html

Mayo Clinic joins Apple Health Records initiative: 4 things to know 

Jackie Drees –

Rochester, Minn.-based Mayo Clinic is the latest health system to join Apple's Health Records project, which gives patients access to their medical records directly from their iPhone, according to a June 15 news release. 

Four things to know: 

1. Mayo Clinic patients who have an online patient portal account can now use Apple's Health Records app, which lets users view their health data from multiple providers on a single platform. 

2. Use of the Health Records feature in iPhone's Health app is optional and will not affect the user's patient portal account. 

-----

https://www.beckershospitalreview.com/cybersecurity/hospitals-held-for-ransom-by-flood-of-robocalls-5-details.html

Hospitals held for ransom by flood of robocalls: 5 details

Hannah Mitchell – 15 June, 2021

Robocalls are the No. 1 consumer complaint filed with the Federal Communications Commission, and robocalls to hospitals are a significant portion of the problem, creating a new type of ransomware attack on hospitals and a threat to public safety.

The illegal calls flood hospital networks and are often perpetuating fraud. The nonstop flow of calls undermines hospitals' ability to perform patient care by keeping staff on phone lines unnecessarily and impairing operational capacity, according to a June 11 FCC news release.

Five details:

  1. Robocallers often use spoofed caller ID to trick hospital staff into thinking it's a real patient. Some robocalls attempt to trick hospital staff into giving up the insurance or financial information of a staff member. Hospitals have been falling victim to the intentional flooding of phone networks with multiple simultaneous calls, demanding a ransom payment in exchange for stopping the attack.
  2. The flow of calls can clog phone lines and make it difficult for patient calls to get through. One hospital received 4,500 robocalls in two hours in 2018. Another hospital had 6,500 calls with spoofed caller ID to look like internal calls and tied up 65 hours of response time of hospital staff over 90 days. This hospital also received 300 robocalls spoofing numbers affiliated with the Justice Department in an attempt to extract sensitive information from physicians. 

-----

https://www.fiercehealthcare.com/tech/cvs-health-database-leak-leaves-1-billion-user-records-exposed-online

CVS Health database leak left 1B user records exposed online

by Heather Landi

Jun 16, 2021 4:09pm

Many healthcare breaches can be traced to misconfigured databases, servers and other IT, and some breaches involving misconfigurations have resulted in massive amounts of data being exposed online. (Eric Glenn/Shutterstock.com)

More than one billion search records belonging to CVS Health were accidentally posted online and accessible to the public earlier this year.

The database belonging to the healthcare and retail giant, which was not password protected, was discovered at the end of March by independent cybersecurity researcher Jeremiah Fowler, according to a report published by Website Planet, which conducts research into unsecured internet data.

The database, which was approximately 204 gigabytes in size and totaled 1.1 billion records, had no form of authentication in place to prevent unauthorized entry, the researchers said.

-----

https://patientengagementhit.com/news/ama-cracks-down-on-medical-racism-social-media-misinformation

AMA Cracks Down on Medical Racism, Social Media Misinformation

The AMA adopted policies that address both medical racism and implicit bias and that call on social media companies to address misinformation.

By Sara Heath

June 16, 2021 - The American Medical Association has adopted policies that take yet another hard stance against medical racism. The policies set to guide healthcare organizations in tamping down on discrimination, bias and abuse, and prejudice or microaggressions, the organization announced at its Special Meeting of the AMA House of Delegates.

AMA said healthcare organizations should create policies that would facilitate openness, inclusion, and diversity. Additionally, individual organizational policies should address incidents of racism in medicine.

That will include clearly defining racism or implicit bias in medicine and making those policies clear to all staff and patients. Organizations should also define its own practice or hospital commitment to anti-racism in medicine, establish cultural competency and anti-racism training for staff, and create a formal protocol for both reporting and corrective action in incidents of medical racism.

“Systemic racism in medicine is the most serious barrier to the advancement of health equity and appropriate medical care,” Willarda V. Edwards, MD, MBA, an AMA board member, said in a statement. “Today’s actions by the House of Delegates will inform the AMA’s active work to proactively identify, prevent, and eliminate racism and will help the AMA guide health care organizations in efforts to adopt workplace policies that promote positive cultural transformation and address the root cause of racial health inequities.”

-----

https://www.fiercehealthcare.com/practices/ama-adopts-policies-to-tackle-prior-authorization-burdens-digital-divide-and-rural

AMA adopts policies to advance telehealth, close digital divide and tackle prior authorization burdens

by Heather Landi

Jun 15, 2021 12:00pm

At a meeting this week, the American Medical Association’s delegates adopted new policies specifically targeting peer-to-peer review of prior authorization decisions and the particular burden of prior authorization during a public health emergency. Getty/wmiami)

The country’s largest physician organization is taking steps to rein in bureaucratic prior authorization requirements that can lead to delayed and disruptive treatment for patients.

At a meeting this week, the American Medical Association’s (AMA's) delegates adopted new policies specifically targeting peer-to-peer (P2P) review of prior authorization decisions and the particular burden of prior authorization during a public health emergency.

"P2P reviews are another burdensome layer insurers are increasingly using without justification, and the peer reviewers are often unqualified to assess the need for services for a patient for whom they have minimal information and to whom they have never spoken or evaluated," said AMA President Susan Bailey, M.D., in a statement.

-----

https://www.healthcareitnews.com/news/onc-releases-draft-address-standardization-specification

ONC releases draft of address standardization specification

The Project US@ initiative aims to support safety, privacy and interoperability by standardizing patient addresses across healthcare.

By Kat Jercich

June 16, 2021 11:49 AM

The U.S. Office of the National Coordinator for Health Information Technology has partnered with standards development organizations and other experts to release the Project US@ Draft Technical Specification Version 1.0 for public comment.

The draft specification is aimed at standardizing patient addresses across healthcare to improve patient matching, which in turn supports safety, privacy and security, care coordination, and interoperability.

"Together, we hope to establish a lasting, industry-wide approach to representing patient addresses that is consistent across a spectrum of clinical and administrative transactions," wrote the team in the draft specification. 

WHY IT MATTERS

Momentum around standardizing addresses to improve patient matching has been building over the past year, with ONC announcing its Project US@ initiative in December 2020. 

-----

https://www.bmj.com/content/373/bmj.n1248

Mobile health and privacy: cross sectional study

BMJ 2021; 373 doi: https://doi.org/10.1136/bmj.n1248 (Published 17 June 2021) Cite this as: BMJ 2021;373:n1248

1.       Gioacchino Tangari, postdoctoral research fellow1,  

2.       Muhammad Ikram , lecturer1,  

3.       Kiran Ijaz, postdoctoral research fellow2,  

4.       Mohamed Ali Kaafar, professor1,  

5.       Shlomo Berkovsky, professor2

Author affiliations

1.       Correspondence to: M Ikram muhammad.ikram@mq.edu.au (or @midkhan on Twitter)

·         Accepted 16 May 2021

Abstract

Objectives To investigate whether and what user data are collected by health related mobile applications (mHealth apps), to characterise the privacy conduct of all the available mHealth apps on Google Play, and to gauge the associated risks to privacy.

Design Cross sectional study

Setting Health related apps developed for the Android mobile platform, available in the Google Play store in Australia and belonging to the medical and health and fitness categories.

Participants Users of 20 991 mHealth apps (8074 medical and 12 917 health and fitness found in the Google Play store: in-depth analysis was done on 15 838 apps that did not require a download or subscription fee compared with 8468 baseline non-mHealth apps.

Main outcome measures Primary outcomes were characterisation of the data collection operations in the apps code and of the data transmissions in the apps traffic; analysis of the primary recipients for each type of user data; presence of adverts and trackers in the app traffic; audit of the app privacy policy and compliance of the privacy conduct with the policy; and analysis of complaints in negative app reviews.

Results 88.0% (n=18 472) of mHealth apps included code that could potentially collect user data. 3.9% (n=616) of apps transmitted user information in their traffic. Most data collection operations in apps code and data transmissions in apps traffic involved external service providers (third parties). The top 50 third parties were responsible for most of the data collection operations in app code and data transmissions in app traffic (68.0% (2140), collectively). 23.0% (724) of user data transmissions occurred on insecure communication protocols. 28.1% (5903) of apps provided no privacy policies, whereas 47.0% (1479) of user data transmissions complied with the privacy policy. 1.3% (3609) of user reviews raised concerns about privacy.

Conclusions This analysis found serious problems with privacy and inconsistent privacy practices in mHealth apps. Clinicians should be aware of these and articulate them to patients when determining the benefits and risks of mHealth apps.

-----

https://www.digitalhealth.net/2021/06/special-report-electronic-document-management-8/

Special Report: Electronic Document Management

Covid-19 has thrown a spotlight on digital maturity. As Vivienne Raper reports, many trusts last year have changed priorities or continued to widen the scope of existing electronic document management plans.

In March last year, Jamie Hall, head of sales at IMMJ Systems found a missed phone call and a text message from London North-West University Healthcare NHS Trust. He remembers it reading: “Jamie, can you call me urgently?”

The call was from Sonia Patel, former CIO at the trust, who asked him how quickly he could deploy an Electronic Document Management System (EDMS) to support virtual outpatients.

“It was right at the height of stuff getting scary. Lockdown was looming and we all thought we were going to die,” he reports. “She put me on the spot about how fast I could go live, and I said 72 hours – it was a gut instinct.”

-----

https://www.healthcareitnews.com/news/fulfill-ais-potential-healthcare-orgs-must-enact-safeguards

To fulfill AI's potential, healthcare orgs must enact safeguards

In a preview of his HIMSS21 presentation, Muhammad Babur, IT-program manager at Mayo Clinic, says artificial intelligence can enhance care delivery – but also cause potential harm.

By Kat Jercich

June 15, 2021 09:21 AM

Artificial intelligence and machine learning have the power to spur enormous change in the healthcare industry. 

At the same time, experts caution that it could pose a threat to the privacy of patient data – as well as possibly reproducing bias and inequity.

"We know the application of artificial intelligence has tremendous potential as a tool for improving safety standards, creating robust clinical decision support systems and helping in establishing a fair clinical governance system," said Muhammad Babur, IT-program manager at Mayo Clinic.  

Still, Babur said, "Healthcare organizations need to have an adequate governance structure around AI applications" in order to safeguard patient data and ensure equitable results.  

-----

https://www.healthcareittoday.com/2021/06/15/many-hospitals-still-holding-out-on-direct-health-information-sharing/

Many Hospitals Still Holding Out On Direct Health Information Sharing

June 15, 2021

Anne Zieger

So, after investing what feels like infinite levels of effort, patient medical records are digitized across nearly all hospitals in the US, according to a new ONC Data Brief. Great.

However, at least when this data was collected in 2019, hospitals were still playing their little passive-aggressive game where they make the data available to patients but hard to get to colleagues and competitors.

To me, this suggests that even with Information Blocking rules firmly in place now, hospitals are likely to find ways to impede the provider-to-provider data sharing process. We are talking about a 10-year tantrum even ONC won’t be able to calm down completely.

It’s not that the health information sharing process isn’t maturing. Things are indeed changing for the better. For example, the data gathered by ONC shows that in 2019, 70% of hospitals let inpatients access their health information using a mobile software application, up almost 50% from 2018. This is nothing to be sneezed at.

-----

https://future.a16z.com/technology-saves-the-world/

Technology Saves the World

Marc Andreessen

Only 15 months ago — March 13, 2020 — COVID-19 became a national emergency in the United States. My assumption at the time was that COVID lockdowns could extend as long as five years, the previous speed record for modern vaccine development, with many millions of deaths — a generational cataclysm.

While COVID certainly has been plenty devastating in the U.S. and around the world, with 600,000 Americans dead of and with COVID, and with shockingly broad destruction of American small businesses, it has not been nearly as destructive as it could have been. We are coming out of COVID years early, with many livelihoods and businesses preserved, compared to what we had any right to expect. And overwhelming credit goes to our spectacular technology industry.

The most amazing COVID technology story has to be the vaccines. Moderna, a product of the American venture capital system, created the first mRNA COVID vaccine within two days of receiving the genetic code for COVID by email. It’s hard to overstate the tremendous advance in both speed and effectiveness of this new technological platform — and now that we know how well mRNA vaccines work, we can look forward to decades of new vaccines both for potential COVID variants and for many other health threats. We now have the technological tools to quite literally code nature, and the payoff to human flourishing will be profound.

-----

https://healthitsecurity.com/news/sky-lakes-medical-a-first-hand-look-at-fall-ransomware-attack-recovery

Sky Lakes Medical: A First-Hand Look at Fall Ransomware Attack, Recovery

Sky Lakes Medical Center was among the dozen healthcare providers caught up in the wave of ransomware attacks last fall. Its analyst shares a first-hand account of the incident and recovery.

By Jessica Davis

June 14, 2021 - The FBI began investigating a wave of targeted ransomware attacks against at least a dozen US hospitals, health systems, and healthcare providers in October 2020. Sky Lakes Medical Center in Oregon was among the victims driven into EHR downtime procedures.

The attack against Sky Lakes Medical was claimed by Ryuk ransomware threat actors: a group notorious for effectively and continuously evolving their attack methods to ensure the greatest impact.

The group launched the massive attack on Universal Health Services, which struck around the same period as the Sky Lakes Medical incident.

From worming capabilities to exploiting vulnerable remote desktop protocols (RDPs), Ryuk is among the most destructive ransomware variants that has relentlessly targeted healthcare providers despite the ongoing pandemic.

-----

https://www.csoonline.com/article/3617910/minimizing-damage-from-a-data-breach.html

Minimizing damage from a data breach: A checklist

How you respond to a data breach and the amount of damage it causes depends on how well prepared you are. Have you done everything on this list?

By Susan Bradley

Contributing Writer, CSO | 12 May 2021 19:00 AEST

Once a breach occurs, you’ll want to identify what the attackers accessed and how they accessed the data. This information helps you identify if you need to notify users that their data has been breached and learn how to protect yourself from the next attack.

[ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ]

First, make sure you have the necessary resources and preparations in place to investigate. The process of identifying how an attacker entered the network is often based on the evidence and timeline analysis. Knowing how best to handle the evidence and having a plan in place before an intrusion occurs are key to properly handling the investigation. The Cybersecurity Unit for the US Department of Justice has several resources to help with planning ahead.

This task checklist will make it easier to respond to a data breach or limit its damage:

-----

https://www.beckershospitalreview.com/data-analytics/amazon-s-healthlake-can-predict-patient-mortality-4-details.html

Amazon's HealthLake can predict patient mortality: 4 details

Hannah Mitchell -  

Amazon launched a service for hospitals that aggregates information into a data lake and standardizes it with machine learning. Now, HealthLake can offer patient outcome predictions, like mortality, based on stored data, according to a June 10 blog post by Amazon.

Four details:

1. Amazon HealthLake, which was launched in December, is HIPAA-eligible and hosts the deidentified health-related data of more than 40,000 patients who have stayed in critical care units. The data stores information such as demographics, vital signs, lab test results, medication, imaging reports, provider notes and more. 

2. Healthcare providers can use the data to spot trends and find anomalies to make predictions about the progression of disease, clinical trial efficacy and accuracy of insurance premiums.

-----

https://fcw.com/articles/2021/06/13/mhs-genesis-30-percent-waves.aspx

DOD's electronic health records rollout hits 30% completion

  • By Lauren C. Williams

·         Jun 13, 2021

The Defense Department's rollout of the Cerner commercial electronic health records system is nearly a third complete, with 42,000 active users across more than a dozen states, officials told reporters on a press call on June 10.

Holly Joers, the acting program executive officer for Defense Healthcare Management Systems, said the latest deployment, Wave Carson Plus, of MHS Genesis wrapped April 24, marking 30% completion of the systems rollout across military treatment facilities.

That deployment was the largest to date, extending across 11 states and 20 military installations, adding about 10,000 active users to the system.

Joers said the progress to date means that DOD is on schedule for completion at the end of 2023 with the next 'go live" deployment called Wave Tripler scheduled for in Hawaii at the end of September.

"As of this summer we will have about 12 waves in flight," Joers told reporters June 10.

-----

https://www.healthcareitnews.com/node/548583

Auckland study to leverage data to assess impact of multiple morbidities

The three-year study intends to identify the "true burden" of cardiovascular diseases and other chronic health conditions in the region.

By Adam Ang

June 14, 2021 10:36 PM

Healthcare cooperative ProCare Health has teamed up with the University of Auckland and the University of Otago to conduct a long-term study to determine the impact of multiple morbidities on the risk of hospitalisation or death from cardiovascular diseases.

Funded by the Health Research Council of New Zealand, the three-year study commenced in January. The 2014 ProCare Adult Cohort Study involves patients over the age of 18 who are enrolled in a ProCare practice since the first quarter of 2014.

It anonymises patient data of over 550,000 people; these data are linked with the TestSafe repository of blood test results and national health databases on hospitalisations, deaths and community pharmacy dispensing.

The data set will enable researchers to anonymously track patients over time and look back between five and 10 years for history of long-term conditions.

-----

https://www.healthcareitnews.com/news/cerner-meditech-support-record-sharing-apple

Cerner, Meditech to support record-sharing via Apple

Allscripts, athenahealth and DrChrono have also signed on to give patients greater control over their health records.

By Kat Jercich

June 14, 2021 11:53 AM

Several electronic health records over the past week have announced that their customers can enable greater patient control over record-sharing via the Apple Health app.

Cerner, Meditech Expanse, Allscripts, athenahealth and DrChrono are all among the companies that are working with Apple to facilitate more seamless data exchange.  

"For too long our industry has worked in silos, and patients have been left out of the decision as to who has access to their health records and when," said Meditech Executive Vice President Helen Waters in a statement. 

"Patient empowerment is an important element to any successful interoperability strategy," she said.  

-----

https://histalk2.com/2021/06/11/weekender-6-11-21/

Weekly News Recap

  • Iodine Software acquires ChartWise Medical Systems.
  • Cerner eliminates 500 positions.
  • Amazon announces significant growth and external customer interest in its Amazon Care telehealth service.
  • Ciox Health announces its intent to merge with Datavant in a deal valued at $7 billion.
  • Definitive Healthcare, which acquired HIMSS Analytics in 2019, prepares to go public.
  • RCM vendor Craneware enters an agreement to acquire pharmacy software vendor Sentry Data Systems.
  • SAIC announces plans to acquire government health IT contractor Halfaker and Associates.
  • UF Health Central Florida’s two hospitals go back to paper following a May 31 ransomware attack.

-----

Enjoy!

David.