With AI increasingly playing a role in healthcare, and the cost of insurance continuing to rise, it’s no surprise that people might be feeling a little bit disillusioned and confused as to what to expect this year. However, as the pace of technology continues to accelerate, as does the political situation, it’s all the more reason to keep a sharp focus on where the technology and healthcare in general is heading.
Last year, the new Apple Watch proved that it could potentially save lives by offering an ECG function, and Google has, of course, acquired its own technology with DeepMind. While Facebook had previously dipped its toe in the market with plans of sharing data with health organizations, it has pulled its ambitions after concerns over its use of user data.
Amazon to be involved with healthcare
We all use Amazon for last-minute Christmas presents, book wish-lists and the odd bits and bobs, and Amazon Prime has proven to be a hit among its regular customers. Citi analyst Mark Mary predicted that their subscribers will reach 275 million, up from 101 million at the end of 2017. With that in mind, it might not necessarily come as a surprise that Amazon Prime will not only continue to exist and grow in its current form, but also for healthcare. According to Anurag Gupta, a VP at tech analyst Gartner: “Amazon likes to target two kinds of industry: the first is where they see an opportunity to reform, where it’s not the most user friendly of industries, where there’s a lack of trust. In the case of healthcare, intermediaries like pharmacy benefit managers, drug wholesalers and distributors are ‘sucking a lot of money out of the system.'”
According to Gupta, the reason a lot of big tech industries have such a big focus on healthcare is because, like any commercial business, they have their eyes on any holes in the current market. Unfortunately, the current gap appears to be customer service. Giants like Amazon have experience in customer service where some healthcare brands don’t, which means they are quickly honing in on that market.
According to ZD.net, Amazon Web Services is planning on extending its Comprehend language processing service to medical records. It reported that in a blog post, Amazon Web Services claimed that it was also planning on building a new version that could account for “medical terms, anatomy, conditions, medications and various healthcare terms.” The news site also reported that Amazon had also acquired PillPack, a company that delivers medicines to people’s doors and refills their prescriptions.
Although Amazon isn’t the first to join this market, they certainly seem to be getting everything in order to correspond with their other services.
Petitions to end work-based health insurance
Although half of all Americans get their health insurance through their employers, this still leaves half of US citizens having to cover the costs themselves. Some US citizens even have to take on two or more jobs or get help from wealthier relatives to cover the cost. More than ever, people are campaigning for this to end, as it currently stands as a block (with the exclusion of the current government) to people from potentially receiving healthcare from the government. For those enjoying the benefits of full-time employment and an employer that covers them, 83 percent said their insurance was excellent or good. For those who are not sponsored by an employer for their healthcare, unexpected emergencies can be costly. Investigating alternative finance options and research may be the best option for some.
IBM continues to push Watson
IBM’s CEO Ginni Rometty announced in an interview in January that IBM Watson Health is still “a very important part” of their business. Rometty re-iterated how well their oncology software after it was seemingly being publically criticized for not being up to scratch. She insisted on Watson’s success during a Keynote speech at the Consumer Electronics Show in Las Vegas, despite turning down interviews with other magazines.
STAT news reported some alarming quotes from IBM’s health division, as well as a number of employee layoffs. A big criticism of this software that recommends cancer treatments is that it prioritizes American treatment methods. That said, IBM has reportedly said that it plans to add regional treatment guidelines as well as some expanded real-world data on patient outcomes.
Healthcare organizations face unprecedented compliance challenges when it comes to managing business associate agreements (BAAs) amid frequent data breaches, heightened federal scrutiny and anticipated privacy legislation. Actions by the Office for Civil Rights (OCR) have clearly demonstrated stricter enforcement of HIPAA rules in recent years, and the industry has already witnessed a notable uptick in public shaming and fines associated with missing just a single BAA.
In December 2018 alone, OCR announced two notable settlements. Advanced Care Hospitalists (FL) entered into a $500,000 no-fault settlement with OCR, and Pagosa Springs Medical Center (CO) agreed to pay $111,400, both for missing a single BAA.
Simply put, BAAs have become a cornerstone of OCR compliance initiatives. And the outlook is not likely to change as trends point to continued advancement of privacy laws. As of close of 2018, 12 states had already updated their privacy laws regarding notification to patients, shortening the standard 60 days from the federal guidelines to 45 days, and in some states (CO, FL), the breach notification window is down to 30 days.
Breaches involving protected health information (PHI) are typically reported publicly at the Covered Entity (CE) level. When a breach involving a third party, or Business Associate (BA), occurs, one of the first things the federal government investigates is whether a BAA is in place with the CE. If a BAA does not exist, it typically sets off a chain reaction of investigations into other areas of HIPAA compliance.
While most headlines related to BAA compliance relate to CEs, HIPAA experts predict that 2019 will usher in greater focus on BAs and their management of these agreements as well. Many believe that unprepared BAs—especially small and mid-sized companies that lack resources to address HIPAA compliance—will become targets, increasing industry concern over proper BAA compliance.
Healthcare’s BAA management conundrum
Today’s healthcare organizations are feeling the heat, yet most are challenged to effectively manage BAAs due to limited resources for reviewing and managing massive and growing numbers of these agreements—reaching upwards of several thousand in larger organizations and health systems. Exacerbating this challenge is the current consolidation trend, which creates a fragmented landscape for BAA oversight that extends across multiple departments, facilities, affiliations and a multitude of different owners.
Consequently, manual, inconsistent workflows common to BAA management in today’s organizations open the door to significant risk. In truth, the most basic information often eludes the executive suite in most CEs and BAs, including the total number of existing agreements, where they are located and the terms of each.
BAAs are also the subject of intense negotiations between CEs, BAs and other subcontractors that often result in obligations that go beyond HIPAA and HITECH, causing contractual obligations to vary significantly between agreements. Subsequently, when organizations need to know the terms of these agreements, they must manually extract the information one agreement at a time. Within a framework of manual processes, the resources required to conduct this kind of data extraction across hundreds or thousands of BAAs is simply unfeasible for many organizations.
Yet, compliance professionals need quick and easy access to this information to ensure optimal response to breaches, which have become the norm for healthcare organizations as opposed to the exception. Consider the findings of a 2018 Black Book Market Research study: 90 percent of healthcare organizations have experienced a data breach since the third quarter of 2016, and nearly 50 percent have had more than five.
By Ken Perez, vice president of healthcare policy, Omnicell.
Ken Perez
The 340B Drug Pricing Program was created in 1992 to give safety net providers — those that deliver a significant level of both healthcare and other health-related services to the uninsured, Medicaid, and other vulnerable populations — discounts on outpatient drugs to “stretch scare federal resources as far as possible, reaching more eligible patients and providing more comprehensive services.” In brief, the program requires drug makers participating in Medicaid and Medicare Part B to provide discounts on outpatient drugs to 340B providers, which include various types of hospitals and certain federal grantees, such as federally qualified health centers and comprehensive hemophilia treatment centers.
For years, the 340B program has been fraught with controversy, with concerns raised about the program’s lack of accountability and oversight, and findings of widespread diversion of benefits (discounted drugs) to ineligible patients.
The nonpartisan Medicare Payment Advisory Committee (MedPAC) found that hospitals in the 340B program receive a minimum discount of 22.5 percent of Average Sales Price (ASP) for drugs paid under the Medicare Hospital Outpatient Prospective Payment System (OPPS). The Office of the Inspector General of the U.S. Department of Health and Human Services (HHS) found that the average 340B discount was 34 percent of ASP, and at least two organizations with 340B members estimated that 340B discounts could be as high as 50 percent of ASP.
Based in part on these findings, in 2017 HHS proposed and finalized a rule implementing a sharp reduction in 340B reimbursement of hospitals by the Centers for Medicare and Medicaid Services from ASP plus 6 percent to ASP minus 22.5 percent, along with an offsetting payment rate increase for non-drug items and services. It was estimated that 85 percent of 340B hospitals would see overall net payment increases in 2018 as a result of these changes, and that 340B hospitals would continue to benefit financially from the program.
Nevertheless, the American Hospital Association (AHA), America’s Essential Hospitals, and the Association of American Medical Colleges—all non-profit hospital associations—filed suits against HHS to block the change.
On Dec. 27, 2018, Washington, D.C. federal district court judge Rudolph Contreras (a Democrat nominated by President Barack Obama), issued a 36-page ruling in favor of the AHA, et al. and struck down the 340B payment reduction, contending that HHS Secretary Alex Azar exceeded his statutory authority by issuing a policy that would “fundamentally rework the statutory scheme.”
Contreras issued a permanent injunction of the new reimbursement policy, but he did not grant the plaintiff’s request for retroactive OPPS payments based on the original reimbursement formula. (HHS is unable to come up with the monies to pay back the hospitals, as they have already been spent.) Contreras ruled that the plaintiffs “are entitled to some relief,” but, recognizing “the potentially drastic impact of …[his] decision on Medicare’s complex administration,” he ordered a supplemental briefing to come to a “proper remedy.”
With new technology comes to new terminologies, like cybersecurity. Unfortunately, this new technology also spawns the creation of new methods to bypass security measures. And while data breach may not be a new term or even a new problem, in 2019, it’s become a massive issue, particularly in the healthcare industry.
In 2015 alone, there were more than 750 cyber data breaches, with the top seven cumulatively involving 193 million personal records that were available for hackers to use for fraudulent activities and identity theft. The top three data breaches that year were all in the healthcare industry.
Healthcare records are full of highly sensitive information, from social security numbers and other personal data to medical histories and health insurance information — everything a hacker needs to steal someone’s identity. But besides the wealth of juicy details these records include, it’s the vulnerability that exists in the industry that attracts trouble.
Besides being a repository of vital information that hackers need, the healthcare industry has been particularly vulnerable because of the weak link philosophy. You’ve probably heard that a chain is only as strong as its weakest link. This is also true when it comes to cybersecurity. And it’s something hackers prey on.
According to a 2016 Healthcare Industry Cybersecurity Report, the healthcare industry had the fifth highest amount of ransomware counts of all industries. The report also stated that more than 77 percent of the entire industry was infected with malware. According to the report, the most prevalent weaknesses existed in “health treatment centers, insurance providers, manufacturers and hospitals.” In other words, everywhere.
The authors of the report mention how the industry is facing pressure from both sides ? from hackers who specifically target them and employ different methods in doing so, and from regulatory agencies who are trying to prevent this from happening.
The problem doesn’t rest with the IT departments in most cases, but rather with the employees who aren’t prioritizing, or even aware of, security issues and with those who have been tasked with training and managing them.
“The low social engineering scores,” the report states, “among a multitude of healthcare organizations show that security awareness and employee training are likely not sufficient and this poses a real risk to those organizations.” Hackers know that these employees represent low-hanging fruit. This is why they’ve become such a target.
The main risks, according to the report, are the wireless devices so prevalent in the industry and the amount of information that’s exchanged through them. While these devices are beneficial for their speed and access to information, the way in which they’ve been mishandled and implemented is resulting in added security risks.
How these breaches affect consumers
A survey by Accenture in February of 2017 revealed that healthcare security breaches affect 26 percent of U.S. consumers. And 50 percent of those had their identity stolen, resulting in an average out-of-pocket cost of $2,500 per person. That means for every eight people, one person has had their identity stolen as a result of a healthcare data breach. But perhaps the greater aspect of this problem is reach, as in nearly everyone has health records in the system.
In the largest healthcare data breach to date, Anthem Blue Cross, in January of 2015, had 78.8 million patient records stolen. This included information such as dates of birth, addresses, and social security numbers ? the information hackers most need to steal someone’s identity.
In the case of the Anthem Blue Cross breach, consumers weren’t told about the breach by law enforcement or Anthem themselves. They found out the hard way: by noticing something was wrong on their bank and credit card statements.
How healthcare companies can improve security
The need to take extra precautions when dealing with sensitive healthcare data is obvious. But if the problem was easy to solve, it wouldn’t be a problem to begin with. And unfortunately, for every zig in security measures, there are a hundred hackers ready to zag.
Assess the larger risk as it pertains to the entire system, rather than relying on specific vulnerability analyses.
Always know where your sensitive data is being stored.
Improve training across the board. Impart the risks and precautions to employees, and make certain all understand policies and procedures before handling any consumer data.
Address the issue of third-party vendors. Make sure they’re handling your sensitive data properly.
Reinforce the infrastructure, including all software, with extra cybersecurity measures.
While the theft of information that leads to someone’s identity being stolen is the main risk, it isn’t the only risk. When sensitive medical conditions are made public, it can affect a person’s ability to get or keep a job and their professional and personal relationships.
The impact on businesses and organizations is also dire when leaks occur, as their trust, credibility, and reputation suffer dramatically. They also open themselves up to the possibility of massive fines and lengthy investigations.
The FDA recently issued new guidelines for securing data in medical devices, such as smartphone apps. This is especially important, as the HIPPA (Health Insurance Portability and Accountability Act) Journal has stated that 91 percent of cyberattacks are the result of personalized phishing emails sent to employees.
While you may think of technology in terms of the CT scanner, the advancements made in recent years in cardiac monitors, portable x-ray equipment, sonography, bedside lab testing, even IV needles are all part of how tech is improving healthcare.
Just ask the medical staff of inpatient and outpatient rehab centers. Point of care testing allows blood testing to be done at the bedside. Results for electrolytes, hemoglobin and hematocrit, glucose, blood gases and several other essential blood tests can be in the doctor’s hands in the time it used to take to run the blood to the lab.
Every discipline of medicine is evolving because of the changes in technology. First, there were x-rays then CT scans and MRIs. Now PET scans routinely diagnose very early cancers because they scan the body at a cellular level, often finding tiny areas of increased activity that wouldn’t show up on a CT scan or MRI. Speaking of pets, tech has helped improve the health of our dogs and cats. Whether simply treating a constipated dog or detecting cancer in a cat, the same image scans that serve to help people are being used to help their pets. Robotic surgery sounds like science fiction, but the discipline is gaining acceptance everywhere. Very small incisions have replaced long scars as surgeons control miniaturized instruments from a monitor with magnification that enables very precise work.
Even common health problems, such as diabetes and asthma, are affected by improved technology. Advanced diabetic pumps and monitors help to control blood sugars more exactly as well as improving the quality of life for many diabetics. The newer asthma inhalers deliver a more accurate dose and are easier to use, especially for elderly and young patients.
Computers connect health care agencies and allow researchers to gather data in real time. The diagnosis of a case of influenza or meningitis can be reported to the CDC within minutes to hours, helping to stop the spread of epidemics.
Rural healthcare organizations and their patients are up against a myriad of challenges, from minimal funding and resources to limited access to care, social determinants of health, and more barriers that stand in the way of effective care delivery. Unfortunately, nearly half of rural hospitals operate at a negative margin and are struggling to survive, according to iVantage’s 2017 Rural Relevance Study.
The number of rural hospital closures has risen to 87 in the last eight years, according to the National Rural Health Association (NRHA). The closures create a large gap in healthcare resources available in rural communities, as the residents cannot always drive or fly great distances to access needed care. Virtual care technology can address gaps in care and help rural providers continue to deliver care for the vast populations and geographies they support.
Increased re-admission rates amongst rural patients are driven by inadequate care and support after the patient returns home. Home health organizations now play a critical role in helping hospitals reduce these rates by providing care to rural patients, especially during the initial thirty days after discharge. Home health organizations are actively implementing virtual care platforms to automate the post-discharge follow-up with a rural patient by sending reminders to schedule appointments for post-discharge virtual visits via the communication channel of the patient’s choice – e.g., text, SMS, email or even a phone call. Follow-up care can be provided in a cost-effective video call (for home health providers and patients) which optimizes the caregiver’s productivity by minimizing excessive transportation time, travel costs and related liabilities typically associated with driving to/from patient homes.
To help home health agencies, there has been a longstanding Medicare rural add-on for home health services. Federal add-on payments through the Center for Medicare and Medicaid Services (CMS) have been crucial to these agencies operating in rural regions of the country. The 3 percent payment modifier to reimbursements for services provided in rural and underserved areas helps these agencies which face higher overhead expenses through factors such as increased travel time between patient visits and demands for extra staff. This payment modifier is imperative so that rural agencies will be able to keep their doors open and provide necessary care to home-bound patients.
However, the Centers for Medicare & Medicaid Services (CMS) has proposed payment rules which may impact the delivery of home health care in rural communities. The shift was mandated by the Bipartisan Budget Act of 2018. Under the new methodology, CMS is varying add-on amounts depending on a rural county’s home health utilization, population density and other factors. Unlike the current standard of a 3 percent three percent rural add-on, CMS’s proposed payment rule segments counties into “high utilization,” “low population density” and “all other” categories:
High-utilization counties are “rural counties and equivalent areas in the highest quartile of all counties and equivalent areas based on the number of Medicare home health episodes furnished per 100 individuals who are entitled to, or enrolled for, benefits under part A of Medicare or enrolled for benefits under part B of Medicare only, but not enrolled in a Medicare Advantage plan under part C of Medicare.” Low population-density counties are designated due to their population density of six individuals or fewer per square mile of land. The all-other category includes counties and areas that don’t fit into either definition.
Technology advancements are helping many industries thrive in the current Computer Age. One of these is the healthcare industry. The advancement in technology within healthcare is more noticeable today especially since some technology is wearable and can be seen on many different people. Some physicians are even monitoring their patients through their patients wearables. This article takes a look at the different types of wearable technology associated with keeping people healthy and examines how people can benefit from it.
One of the most common and noticeable wearable technologies is a fitness tracker. Since the release of the first Fitbit fitness tracker in 2015, people have incorporated these devices into their everyday lives. And since then, many companies have now invested in creating their own activity monitoring wearable devices. These activity monitoring wearable devices have gotten so big that they have even become a fashion statement. The Fitbit Versa, Garmin Vivoactive series, the Nokia Steel HR, and the Apple Watch are just some of the fitness trackers that can be seen on people no matter the occasion. Fitbit has taken it a step further and plans to use Google’s Cloud Healthcare API to help physicians manage their patients remotely.
Eyeglasses for the blind
Fitness trackers are not the only healthcare related wearable technology. Eyeglasses are now being fitted with technology that can help the wearer with their day to day life. Amazon’s Echo Frame glasses feature Alexa. This is revolutionary and you can get prescription lenses for Echo glasses, so no matter what your visual needs are, this is an option for you. In another great leap for tech, Aira has created a pair of glasses to help blind people throughout their day. The Horizon is the first pair of smart glasses designed for remote visual assistance.
The Aira kit comes with a pair of glasses, a phone, and accessories to help with connectivity. The glasses have a built-in camera that is connected to an Aira agent that can help walk the user through any obstacles they need assistance with. With a touch of a button, the user will get real-time assistance as needed. When at home, Aira, can help the user do everyday tasks such as sort mail and medications, read recipes, and separate laundry. When at school, Aira can help the user get around the campus, find a seat, choose food at the cafeteria, and read the whiteboard.
While at work, Aira, can help the user operate office equipment, interpret presentation slides, and sort papers. Aira can also help users explore the world around them. Aira can help users go on a hike, sightsee a park or zoo, and even help find equipment at the gym. The Aira Horizon can help users enjoy everyday tasks with a different sense of freedom.
Breast cancer-detecting bra
The iTBra by Cyrcadia Health is more than a bra, but a piece of wearable technology that can help women detect breast cancer. Doctors advise women to have an annual mammogram, but many patients still fail to detect tumors early. The dual breast patches in the iTBra monitor circadian metabolic changes in heat, which is related to cellular activity found often in breast tumors. This data is sent to the users’ device, which can be easily shared with the users’ doctor. Cyrcadia believes that this method can help detect cancer in dense breast tissue four to six times better than mammograms. Cyrcadia believes that this can lower avoidable breast biopsies by 1.2 million.
Hip airbags for the elderly
Some companies are focusing their efforts on creating wearable technology for the elderly. Helite, the airbag technology expert, has created the Hip’Safe specifically with seniors in mind. According to the Centers for Disease Control and Prevention, over 300,000 people 65 and older are hospitalized for hip fractures. Helite’s Hip’Safe is a wearable fanny pack looking device that includes houses sensors, an air cartridge, and airbags. When the device detects the user is falling, the airbags on each side will deploy to prevent the user from a serious injury. The Hip’Safe comes at a hefty price tag of about $750, and the unnatural form factor of the product may deter some people from purchasing the product.
By Shane MacDougall, senior security engineer, Mosaic451
Shane MacDougall
The other day I was asked what is the biggest information security threat facing any company in 2019. Is it ransomware? Some AI powered malware? Overpowering DDOS attacks? I didn’t hesitate – the answer is the same as it has been since I was first asked the question over two decades ago. The biggest threat to our infrastructure remains our users.
Social engineering, an attack where hackers extract information and access, not from traditional hacking attacks, but rather by interacting with a person in conversation, remains a devastatingly effective method of gaining unauthorized information or access to a network. It’s an attack vector that rarely fails. Unlike logical attacks, social engineering leaves no log entries to trip IDS or alert security admins. As organizations invest more dollars into security appliances and next-gen blinky boxes designed to harden their perimeter, attackers are increasingly opting to target the weakest link – the end user.
Recently, I was in Canada at the Hackfest hacker conference in Quebec, as host and organizer of the second installation of its social engineering “capture the flag” competition. The three part competition had the competitors first spend a week searching for specific pieces of information (flags) about their target company, from a list of items provided by Hackfest. The flags range from information that can be used for an onsite attack (who does your document disposal, what is the pickup schedule), those that can be used for a logical attack (type of operating system, service pack level, browser and email client information), networking information which gives the attacker information about the infrastructure (wifi info, VPN access, security devices), and finally information about the employee and the work environment, which could be used to help the attacker pose as an insider.
The second portion of the competition had the contestants hop into a sound proof booth, and were given 25 minutes to call their target company in front of an audience, and to gather as many flags as possible based on their dossier information. The third and final segment had competitors randomly draw a target, then each contestant had 30 minutes to use the audience members to search the web for flags or phone numbers to create a workable dossier. Each competitor was then put back into the booth to make another 25 minutes worth of calls in hunt of flags.
The results of this year’s contest were eye opening, but sadly reminiscent of last year’s event. Of the eight companies targeted, all gave out information that would give an attacker an advantage for a remote attack, on-site attack, or both. Specific breakdowns of results include:
75 percent visited a URL provided by their attacker
100 percent gave information about what version operating system/service pack version they were running
88 percent gave detailed information on what internet browser they were using
75 percent divulged information about Wi-Fi within their network
63 percent divulged information about secure document shredding, including their provider and the schedule for disposal
63 percent divulged detailed information about their email client
75 percent gave detailed information about the internal computer network
75 percent shared personal information about themselves and their work history
With AI increasingly playing a role in healthcare, and the cost of insurance continuing to rise, it’s no surprise that people might be feeling a little bit disillusioned and confused as to what to expect this year. However, as the pace of technology continues to accelerate, as does the political situation, it’s all the more reason to keep a sharp focus on where the technology and healthcare in general is heading.
With new technology comes to new terminologies, like cybersecurity. Unfortunately, this new technology also spawns the creation of new methods to bypass security measures. And while data breach may not be a new term or even a new problem, in 2019, it’s become a massive issue, particularly in the healthcare industry.
While you may think of technology in terms of the CT scanner, the advancements made in recent years in cardiac monitors, portable x-ray equipment, sonography, bedside lab testing, even IV needles are all part of how tech is improving healthcare.
