Guest post by Stu Sjouwerman, founder and CEO, KnowBe4.
A story about hospital ransomware or a compromised computer seems to emerge weekly. It is no surprise that healthcare breaches have been on a steady increase for the past five years. Loss of personal health information (PHI) poses a financial risk for health care institutions, expected to cost the industry in the neighborhood of 6.2 billion dollars.
By the numbers
Despite the prevalence of cybersecurity incidents, a study by Ponemon Institute in May 2016 showed that the majority of healthcare organizations and business associates were most concerned with negligent or careless employees causing healthcare data breaches.
Sixty-nine percent of healthcare organizations believe they are more vulnerable to a data breach than other industries.
When asked what the greatest threat was to healthcare data security, the majority of healthcare organizations stated employee inaction or error (69 percent). Rounding out the top three concerns were cybercriminals at 45 percent and the use of insecure mobile devices at 36 percent.
Employee error was also the top concern for business associates (53 percent), followed by use of cloud services (46 percent) and cyberattacks (36 percent).
Ransomware is currently one of the most prevalent threats to Healthcare. A June survey done by KnowBe4 of Healthcare IT professionals shows 44 percent of healthcare organizations have been hit with ransomware, 6 percent above the national average of 38 percent. 65 percent of these IT professionals know someone personally who has been hit and another 47 percent would pay the ransom if faced with a scenario of failed backups. With some healthcare ransomware demanding five figures, this can get pretty expensive.
Why hospitals are the perfect targets
I was interviewed by WIRED magazine’s Kim Zetter. She’s written a great article that analyzes why hospitals are perfect targets for ransomware. She started out with: “Ransomware has been an internet scourge for more than a decade, but only recently has it made mainstream media headlines. That’s primarily due to a new trend in ransomware attacks: the targeting of hospitals and other healthcare facilities.”
Now, Who Else Should Be Scared?
Hospitals have shown themselves to be soft targets and are under full attack by several cybercrime gangs using different attack vectors. The SamSam ransom gang attacks server vulnerabilities in JBoss apps using an open source pentesting tool called JexBoss, so these are targeted attacks are based on scans the bad guys did. Cisco technical background:http://blog.talosintel.com/2016/03/samsam-ransomware.html
That is an exception though; the vast majority of ransomware infections are caused by phishing emails. Next are malicious links and ads leading to compromised websites with Exploit Kits causing drive-by-infections.
Guest post by Cheri Bankston, RN, MSN, director of clinical advisory services, Curaspan.
Cheri Bankston
When determining a discharge plan, hospitals must provide a list of home health agencies (HHAs) or skilled nursing facilities (SNFs) that are available to care for the patient; this comes as part of the Conditions of Participation (CoPs) for Discharge Planning. In the case of a HHA, the provider must be able to serve the patient in the area where the patient resides, or in the case of a SNF, the area requested by the patient.
Acute care providers have been struggling on how to set up a high-quality provider network to support patient choice as we move from volume to value. Provider networks aim to gather more information to assist beneficiaries with selecting a high-quality post-acute provider. CMS has not outlined any specific criterion that deems a provider “high quality,” but the end goal is to provide the patient more information on quality performance and resource use at the time they are making a decision Through the Center for Medicaid and Medicare Services’ (CMS) Star Rating program, discharge planners or case managers working for hospitals are able to highlight those provider networks that will best fit the needs of the patient. The networks are able to counsel patients about their available choices, while more importantly upholding the patient’s right to choose.
Under the Affordable Care Act’s value-based purchasing initiative, hospitals are at financial risk for the outcomes of care its patients receive from post-acute care providers, leading hospitals to work towards establishing high-quality provider networks. For many, upholding the standard of Medicare policy – patient freedom of choice – is challenged by potential financial incentives and penalties for the bottom line – the quality of care provided to the patient after discharge impacts the reimbursement levels for hospitals and ACOs. Although provider networks may appear to narrow patient choice, they actually create a set of higher quality post-acute providers that improve patient outcomes without impeding access to care.
Payers have been using “provider networks” for years, but being applied to hospitals is a brand new concept. An ACO’s success depends on using a provider network that has a demonstrated history of high quality of care outcomes. For example, SNFs that have a high rate of patients going to emergency rooms and not being admitted must be evaluated to determine the variance from other providers with the same level of care and fewer emergency room visits. Quality outcomes and patient satisfaction are going to drive the definition of provider networks.
A question that many businesses dither about is whether outsourcing their billing will be profitable to them or not. Third-party services can help make billing smoother as compared to the in-house process that involves using billing software. While some practices think outsourcing to be the right decision because that allows them to make use of the experts, their resources, and the timely manner in which the job is finished. However, others think doing it all in-house will help them maintain control over their practice. Caught in the same conundrum? Don’t worry! We can help! Here are a few reasons why outsourcing is a good idea:
In-house billing is costly
If you have been thinking that outsourcing is expensive then just try adding the expenses of in-house billing and you are in for a surprise. The expenses will include:
What you will be paying the billers
How much employee benefits will cost you
How much the technology systems will cost you
Outsourced billing is less expensive
Outsourcing seems like a good idea for startups, especially small ones, and transitioning businesses dealing with an employee who has resigned.
In-house billing comes with liabilities
A billing department is chock full of liabilities. Here are two of the sources from which said liabilities may originate:
Embezzlement
Employee neglect
Thus, they require constant and strict supervision from the manager all the time.
HFMA ANI 2016 was a very interesting conference for me, which yielded some unexpected insights. Throughout the conference and in conversations on the show floor, I heard a very strong emphasis on focusing on the consumer in healthcare. Provider organizations and the vendors that support them seem to have reached a kind of tipping point on consumerism. The once conventional wisdom that outcomes trump experiences, seems to be giving way to the realities of increasingly competitive healthcare markets. For me, this conversation was a prime example of a strange idiosyncrasy of the healthcare industry where we often shy away from talking about healthcare as a business and feel compelled to put every issue in the context of improving patient care.
I heard individuals at this year’s ANI reiterating the point that there is no data to support the idea that a better patient experience correlates with better outcomes. Healthcare leaders seem to be recognizing, though, that this fact is largely irrelevant, and does not justify negligence of the healthcare consumer experience. I heard an apt comparison to auto makers – who commands a financial commitment from their customers that can be similar to the cost of healthcare. Ford, Honda and BMW do not stop at making a safe and reliable vehicle, they work very hard to outdo their competitors in creating a complete shopping, purchasing, paying and owning experience that their customers will love. Quality care – like a safe, well running car – is clearly the most important thing, but it also just the start – the foundation for the much larger strategic play: creating a total consumer experience that attracts and retains great lifelong customers and their friends and families.
Clearly, in a world where healthcare organizations must compete for customers/patients /members, we have to take experience very seriously. Especially as organizations take on risk in managing the health of larger populations, a reputation for offering a great experience is going to be essential to attracting the right mix of patients and to engaging them in more effectively managing their own health and care. Fortunately for forward-thinking HCOs, emphasizing patient experience will set them apart from the rest of the pack in today’s market, as healthcare’s status quo for customer service is similar to that of a cable company, and a far cry from paragons like the Apples or Amazons of the world. So there is tremendous opportunity to seize and hold a competitive advantage by making healthcare brands attractive and part of a consumer identity that target customers want to be part of. The financial upside for a health system that can make being part of their community a source of pride and satisfaction for customers the way Harley Davidson has will be tremendous.
Interestingly, I found that this kind of frank business talk about and concepts like market share, customer retention and profitability, is not a comfortable thing, even at a healthcare finance conference. Healthcare leaders — be they physicians, CFOs or CEOs – do not feel safe outside of the boardroom in discussing their efforts to improve the bottom line, as necessary and natural as that is. It is an odd and anachronistic instinct we have in healthcare that is very out of sync with other industries, where we feel that we can only talk about the business of care in the context of providing better outcomes, improving access to care and reducing suffering. Even something like improving patient experience and creating happier patient populations, which should be universally commendable, requires gymnastic contortions of language to always be in the context of improving care rather than enhancing business performance.
One of the strongest impressions I came away from ANI with was that we need to give our industry permission to talk about the business of healthcare as a business, without shame or the need for double-talk. We must develop an acceptable language in which payers and providers can have business centric conversations to address these issues head on, rather than circumnavigating hard commercial conversations. The outdated idea that patient experience does not matter because it does not affect outcomes is a great example of how talking about the business of healthcare only in the context of providing great care can take even smart, sensible professionals down very counter-productive roads.
Guest post by Dean Wiech, managing director, Tools4ever.
Dean Wiech
Identity and access management (IAM) in healthcare continues to be a growing part of the industry. The management of identities, user accounts and access to both data and applications is a large task for hospitals and healthcare organizations. In the healthcare industry especially, the need to follow strict access and security rules and regulations exists, which makes IAM even more challenging. This need has led to newer solutions to meet the needs of healthcare organizations.
Here are the top four account management issues in healthcare that can be significantly improved:
Onboarding of Employees
The first issue that many healthcare organizations face is efficiently onboarding new clinicians and employees. For example, when a new doctor or nurse begins employment, they need their account created, and the correct access to the systems and applications they require in order to assist patients. The issue is, too often, new employees are waiting idle while all of their access and accounts are created.
By streamlining and automating the account management processes, this issue can be improved. Automating the process allows administrators to easily enter new employee’s information into a source system, such as the HRM system and check off which systems the employee needs access to and accounts in; and the new accounts are automatically created.
Changes to Accounts
Next, there is the issue of movement or changes to an employee account throughout their employment. Often, clinicians need to contact their manager to ask for permission for a change to or additional access, who then in turn needs to contact IT or HR to have the change carried out.
IAM software with workflow management capabilities has evolved to assist with this situation. A web portal with workflow can be set up so that employees can easily request changes to their account and then have it securely carried out.
As an example, a nurse moves to a different unit, or floor, and needs access to a different set of data or applications. A nurse can easily request the access through a portal and the request is automatically sent to the correct people for approval. Once the approval is given, the change automatically is made. If the request needs multiple levels of approval, it will move to the next person in line. In addition, all of these changes are logged so that the healthcare organization knows exactly what changes are made, when they were made and who approved them.
The healthcare industry deals with tight IT budgets and highly confidential records that require premium security, which is why desktop as a service (DaaS) is an appropriate solution. This technology allows you to focus more on your healthcare business than IT, which in the long run, cuts costs. Here are various other reasons why desktop as a service may be the right solution for your healthcare operation.
Virtual Desktops and the Cloud
When you use desktop as a service you are operating on a “virtual desktop” powered by a cloud provider. It connects everyone in your organization through one platform. Employees can then bring their own laptops or other devices to access data or communicate with other team members. This system potentially means you no longer need IT to maintain every physical desktop and server in an in-house infrastructure.
Instead of updating security on every company computer, the cloud provider handles security updates, which tend to prevent breaches better than a locally managed system, especially those that are HIPAA-compliant.
Healthcare Collaboration
Because of the growing complex nature of the healthcare industry, professionals from various specialties within the field are working together, creating a more collaborative culture. That’s another good reason to use virtual desktops, which allow for easy collaboration between even distant facilities in real time.
This team effort requires strong, decisive leadership so that staffing, ethics and communication are high quality. If this essential foundation is in place combined with desktop as a service, the result is enormous synergism for dealing with committee issues such as interdisciplinary programs, charters and training programs. Another reason for collaboration is that it helps expedite services, which can help save lives.
Strength of DaaS Security
Since all healthcare facilities must comply with strict HIPAA regulations, which require robust security to protect patient privacy, cloud solutions are becoming increasingly more appropriate than trying to run all systems on in-house architecture. As long as you make sure your cloud provider is HIPAA-compliant, you won’t have to worry much about constant security updates or data backups since the cloud provider will do that for you.
In recent years, healthcare data breaches have affected more than 30 million patients. But that was often a result of thieves stealing laptops were confidential information was stored. It raises the question: would you rather store data on multiple devices that can potentially be stolen, or in a safe cloud-based haven where only users with passwords gain access?
Guest post by Robyn Melhuish, communications manager, MedReps.com.
Robyn Melhuish
A few years ago, medical sales professionals who sold health IT and software products earned the top salaries in the field. While these professionals still earn high salaries, the 2016 MedReps Salary Survey by MedReps.com, a job board for medical sales representatives, found that they are no longer the top earners in medical sales — with an average total compensation of $149,985. This is a drop of $19,896 from 2015 and a drop of $22,906 from 2014.
While salaries for health IT sales professionals have dropped, most are still happy with their salaries. Among survey respondents, 78 percent said they were somewhat or very satisfied with their overall job, similar to the 75 percent who said they were somewhat or very satisfied with their income. Yet, more money clearly means higher job satisfaction — those who said they are very satisfied with their income earn an average of $177,319 compared with $100,903 among those who are very unsatisfied.
Luckily, it’s not just the products you sell that impact salaries in the industry — experience, job title, education, and more have an effect on pay, the report found. That means you can increase your salary if you feel you should be making more. Here are a few ways you can take home more money:
Move to management
Selling products that earn more money may sound like a good idea, but it may not be the best move. Although medical sales professionals who sell health IT and software products no longer make top dollar, they are still among the top earners in the industry. Only biotech sales professionals, surgical sales professionals, and capital equipment and durable medical equipment sales professionals earn more.
Even though there is more money to be made, selling new products is challenging. Instead, stick with what you know to gain more experience and move up to higher positions. After all, the more experience you have, the more money you make — those with 20 or more years of experience earn the highest average medical sales salary at $165,735. What’s more, sales directors and sales vice presidents report the highest salaries in medical sales, an average of $209,082.
Instead of starting all over again with a new product specialty, work toward gaining a management position with the experience you have. Talk to your supervisor about leadership opportunities, learn what you need to do to move up, take development classes, or volunteer to take on more responsibilities.
While the money may look greener on the other side, your experience is valuable, and sticking with health IT and software will pay off in the long run.
Hit the road
While traveling may decrease your work-life balance, it could increase your paycheck. In our survey, medical sales professionals who travel 50 percent of the time earn $167,061, on average. On the flip side, those who don’t travel at all for work earn significantly less — an average of $125,344.
Take the initiative and take on more travel. Let your manager know you’re interested in and willing to travel more. Volunteer to visit new territories and reach new clients.
Guest post Ken Perez, vice president of healthcare policy, Omnicell.
Ken Perez
On May 3, BMJ (formerly the British Medical Journal) published an analysis of prior research on medical errors by a team led by Dr. Martin Makary, a professor of surgery at Johns Hopkins University School of Medicine. Startlingly, the analysis concluded that more than 250,000 Americans die annually and nearly 700 perish daily from medical errors. Based on the Centers for Disease Control and Prevention’s (CDC’s) official list of the top causes of death, that figure would place medical errors as the third leading cause of death, behind only heart disease and cancer, which each took about 600,000 lives in 2014, and ahead of respiratory disease, which caused over 147,000 deaths.
The kind of medical mistakes that can be fatal range from surgical complications that go unrecognized to errors regarding the doses or types of medications administered to patients.
The Johns Hopkins analysis received widespread media coverage, with the New York Times, NBC News, NPR, Time, U.S. News & World Report and the Washington Post, among others, all reporting the study’s findings.
This is certainly not the first time that medical errors have attracted the attention of the mainstream media.
The Institute of Medicine’s landmark report, To Err is Human: Building a Safer Health System, released in November 1999, concluded that 44,000 to 98,000 Americans died each year because of preventable mistakes in hospitals. Moreover, the report estimated the annual costs of medical errors at $17 billion to $29 billion.
It was estimated that more than 100 million Americans were aware of the general conclusions of the IOM report, thanks to ample media coverage, which conveyed the idea that medical errors were more prevalent and costly than previously thought. Despite all the publicity about medical errors as a result of the IOM report, it would appear that the U.S. healthcare system is not any safer more than 16 years later.
No one knows the precise toll of medical errors, largely because the coding system used by CDC to record death certificate data does not capture items such as communication breakdowns, diagnostic errors, and poor judgment, all of which can cost lives.
In terms of the economic cost of medical errors, a study sponsored by the Society for Actuaries and conducted by Milliman in 2010 concluded that medical errors in 2008 cost the United States $19.5 billion—$17 billion (87 percent) of which was directly associated with added medical costs (inpatient care, ancillary services, prescription drug services, and outpatient care). The remainder was due to increased mortality rates and days of lost productivity from missed work, based on short-term disability claims.
Adjusting for the increase in the U.S. population from 2008 to 2016, the current year’s cost of medical errors is estimated at $20.8 billion. Continue Reading
