Guest post by Eduard Goodman, chief privacy officer, IDT911.
Eduard Goodman
Earlier this year, Centene Corporation lost six hard drives containing personal and health information of almost one million of its clients, including names, addresses, dates of birth, Social Security numbers, member identification numbers and health information. Unfortunately, Centene is only one of many healthcare organizations that recently had their sensitive patient information exposed. More than 113 million health records were breached in 2015 – which translates to one out of every three Americans being affected by a healthcare record breach last year. Medical identity theft is a disastrous trend that needs to be addressed. The good news is there are many steps healthcare organizations can take to reduce the risk of data breaches.
Electronic Health Records
As more and more healthcare organizations transition away from paper medical records and move to electronic health records, it is critical that security features are put in place to protect the vast amount of data being collected. Just as the digitally stored health information is more easily accessible for employees, it is also easier for cyber criminals to access. According to the Ponemon Institute’s The State of Cybersecurity in Healthcare Organizations in 2016 report, nearly half of those surveyed said their organizations have experienced an incident involving the loss or exposure of patient information during the last year. Strong encryption, routine vulnerability patches and multi-factor authentication are key to protect health data.
Mobile and BYOD
Greater connectivity means more convenience, but this also opens more doors for hackers to access healthcare networks. Healthcare organizations should set clear BYOD policies so employees understand what can and cannot be accessed from mobile devices, what operating systems are approved for use on the network, what security features and settings are required and what type of data can be stored on devices. While using mobile devices can significantly improve productivity, it is important to minimize security risks in order to protect sensitive data.
Internet of Things
The Internet of Things is a growing trend in the tech world that has also become popular in the healthcare industry. Now, medical devices can collect, track and share enormous amounts of data instantly through internet connectivity. As these medical devices were most likely added to pre-existing networks, they may not have the necessary security protections. Security vulnerabilities are not just limited to EHR and health networks anymore – medical devices must be thoroughly inspected as well. Just as computers and servers are patched for vulnerabilities, medical devices that connect to healthcare networks must also be regularly patched. If these IoT enabled devices do not have the necessary layers of security, they will become an easy target for hackers to access the healthcare network.
Guest post Ken Perez, vice president of healthcare policy, Omnicell.
Ken Perez
Soon after passage of the Affordable Care Act (ACA), the Congressional Budget Office, the Obama Administration and private research firms, such as Health Policy Alternatives, concluded that the health reform law would generate budget surpluses over the 10-year period of 2010-2019 of $124 billion to as much as $150 billion.
However, according to the CBO’s report, “The Budget and Economic Outlook: 2016 to 2026,” released in January of this year, the divergence between past rhetoric and current reality has widened, at least in terms of the coverage expansion initiative of health insurance exchange subsidies.
According to an April 22, 2010, memorandum from Richard S. Foster, chief actuary for the Centers for Medicare and Medicaid Services (CMS), the ACA’s health insurance exchange subsidies were projected to total $153 billion from 2014-2019. However, arguably because of the higher-risk pool of individuals participating in the exchanges, the recent CBO report projects $347 billion in federal outlays for health insurance exchange subsidies for 2014-2019, leading to a deficit just for the subsidies of $194 billion for that period, outweighing the previously projected budget surplus.
Even worse, the higher health insurance exchange subsidies aid a significantly smaller exchange enrollment population, down about 40 percent from 21 million to 13 million individuals for 2016, per the CBO. Moreover, the CBO projects exchange enrollment to peak at 16 million in the next decade, a third less than the 24 million it predicted in March 2015.
Gartner has estimated that some 6.4 billion connected things will be in use by the end of 2016, with some 5.5 million new things getting connected every day. There’s been a clear boom in health and fitness wearables, with healthcare consumers investing in tracking devices – sometimes with their employer’s encouragement – and the MedTech industry has jumped on this in a big way.
Fascinating IoT applications are being developed today, often through unlikely partnerships. For example, medical devices company Medtronic is developing an application that transmits wearables data to the IBM Watson cognitive computing and predictive analytics platform. And Swiss pharma company Novartis is joining hands with Qualcomm to develop an internet-connected inhaler that can send information to a cloud-based big data analytics platform for healthcare providers to use in treating patients. These are exciting examples of how technology and analytics can support personalized medicine.
However, there are a couple of big issues that the IoT movement has to contend with when it comes to the Medical Internet of Things (IoT). These issues concern us as consumers, and they also concern our employers and our healthcare providers equally.
Data security: The medtech industry is widely seen as unprepared for the security risk and vulnerability to hacking that their devices can cause for the rest of the healthcare system. This has immediate repercussions for consumers who may be unaware of the exposure of their personal medical information to cybercriminals. In addition, as healthcare providers start using medical information from these interconnected devices in a cloud-based environment, their enterprise IT, specifically electronic health record (EHR) systems, could be seriously compromised and vulnerable to hackers. And this brings us to the other, emerging issue that is beginning to get some attention in the exchange of IoT data.
Privacy and legal concerns: While there are undisputable benefits for healthcare consumers as physicians gain access to medical information from a range of connected devices, there is a real threat to privacy as well. We start with the question of who owns the data. State law in the U.S varies when it comes to this question, and device makers and other software providers may lay claim to the data which can be used against consumers. At the same time, collecting personal data through devices imposes a set of legal requirements on enterprises, starting with proper disclosures about the collection and use of the information.
Guest post by Michael Leonard, director of product management, healthcare, Commvault.
Michael Leonard
Once a year, the healthcare community gathers to discuss the hottest healthcare trends. This year, the event took place in Sin City, and the turnout was staggering. Topics of choice at the show ranged from EHR best practices to the rising need for telehealth services.
Now that I’ve had a chance to step back and digest, there are a few key moments that jumped out from the event. Here are my top two:
The HIMSS survey showed healthcare organizations are ready for telehealth.
During the show, HIMSS released a survey that had some exciting results around connected technology in the healthcare field. The results showed that 52 percent of hospitals are currently using three or more connected health technologies. Technologies being used by that group that stood out to me include mobile optimized patient portals (58 percent), remote patient monitoring (37 percent) and patient generated health data (32 percent). It’s fascinating to see these results, and important for healthcare and health IT professionals to know that the telehealth wave is here to stay.
The U.S. Department of Health and Human Services’ (HHS) made a key interoperability announcement.
At the show, the HHS Secretary Sylvia M. Burwell made a major announcement around interoperability that was backed by the majority of the top electronic health record (EHR) vendors and is supported by many of the leading providers. This news will enhance healthcare services and allow doctors and patients to make better informed decisions. It certainly has the potential to catapult the industry forward, allowing healthcare partners to increase accessibility by improving their clinical data management solutions.
As always, the conversation at HIMSS was engaging and educational and I left with some great takeaways and predictions for the future of health IT including:
Guest post by Charlotte Hovet, MD, MMM, and Joseph Kim, MD, MPH.
Charlotte Hovet, MD, MMM
Remember a few years ago, when online shopping was first getting started, and everyone used words like “e-tailer” to refer to companies that sold stuff on line? When was the last time you heard that used? It has become an anachronism, because almost every company is now an e-tailer. And “online shopping” has become merely shopping, because no one thinks twice about buying via the Internet.
The phrase mobile health will soon be headed for extinction in the same way as “e-tailer” because it is becoming a routine way to consult your medical practitioner. Over the next couple of years, it will become a major force in healthcare, and in five years no one will think twice about using remote communications to get medical help. We predict there will soon come a time when young people will wrinkle their noses and ask “Really? You had to drive to the doctor’s office, and sit in a waiting room and infect a bunch of other people just to get some Tamiflu? That’s insane!”
Both public and private health plans are rapidly adding coverage for e-visits. Not only are they cheaper, they are also more effective for some types of care and consumers greatly appreciate this trend. While the baby boom generation may still have some holdouts who don’t like mobile communications, the majority of people across all age groups have not only adopted mobile technology, they’ve melded with it.
Joseph Kim, MD, MPH
So the question for physicians and hospitals is not whether to adopt e-visits and mobile technology, but how to use them most effectively.
We co-hosted a webinar on the topic recently, in which we looked at mobile technology from the perspective of patients and caregivers. Both sets of stakeholders have a shared need: simplicity and ease of use. Merely making an application or function mobile isn’t enough. How mobility is integrated and used makes a big difference in the value derived.
During the webinar, we polled attendees on which mobility trends will have the biggest impact in the coming year:
47 percent think a greater use of digital communication between patients and healthcare providers will have the biggest impact.
5 percent voted for Telehealth replacing more in-person visits with healthcare providers
While 14.7 percent see increased use of medical-grade disease management mobile apps and growing adoption of health/fitness wearable devices and apps by consumers.
Improved quality and continuity of care (42 percent)
Time efficiency (41 percent)
Improved communications with patients (37 percent)
Cost efficiency (23 percent)
Patient demand (22 percent)
We think those answers underplay the importance of patient demand and leave off a very important driver of mobile technology: widespread payer adoption of reimbursement for telehealth visits.
In almost every corner of the globe, an international population continues to grow. In the
United States, there are millions of multi-ethnic members of society who still do not have health insurance. Frequently, they also forego medical consultations and treatment because they experience difficulty in communicating with medical practitioners.
The number of adult foreign language speakers in the United States and the mandates of the Affordable Care Act have now paved the way for the more active involvement of medical interpreters in the healthcare industry.
A rise in numbers
In the past, medical interpreters facilitated two-way communication between adult patients and their doctors. Today, very few children with limited English language skills are insured under the Affordable Care Act or ACA. In view of this, medical interpreters are often called to remove the language barriers for pediatric patients who have limited proficiency in the English language. Studies have shown positive results for adult Limited English Proficient (LEP) patients when their communication is facilitated by an interpreter. Likewise positive outcomes have been recorded, showing that when the language barrier between doctors and their adult patients is removed, inappropriate treatment and misdiagnosis are eliminated.
Different situation with a child patient
When the patient is a child and the parents have limited proficiency in the English language, it often leads to children staying longer in the hospital. There had been studies conducted showing that on the average, inpatients in pediatric care stay about 60 percent longer when their parents lack fluency in the English language. With the help of medical interpreters, the number of children spending longer stays in hospitals are slowly getting reduced.
Higher demand for professional interpreters and translators
According to the U.S. Bureau of Labor statistics, the demand for professional translators and interpreters in general is expected to have a 29 percent increase from 2014 until 2024. This projected average job growth for language services is faster than any other occupation. This will be driven by the larger increases in the presence of non-English speakers in the United States and increasing globalization. Likewise, the bureau also projects that the demand will be for translators and interpreters who have received certification.
Exactly how secure are the mobile health apps we use? Arxan Technologies set out to find that answer with its 5th Annual State of Application Security report. The new research assessed 71 popular mobile health apps from the US, UK, Germany, and Japan. It also examined the perception of app users and app executives in regards to the level of confidence they have in the security of their applications. Arxan discovered a huge discrepancy between consumer confidence in the level of security and the degree to which organizations address known application vulnerabilities.
Below are some of the report’s key findings:
Mobile health apps approved by regulatory/governing bodies are just as vulnerable as other mobile apps. Eighty-four percent of the US FDA-approved apps tested did not adequately address at least two of the OWASP Mobile Top 10 Risks. Similarly, 80 percent of the apps tested that were formerly approved by the UK NHS did not adequately address at least two of the OWASP Mobile Top 10 Risks.
Most of the mobile health apps were susceptible to application code tampering and reverse-engineering. Ninety-five percent of the FDA-approved apps, and 100 percent of the apps formerly approved by the NHS, lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering.
Guest post by Jennifer Holmes, chief executive officer, Central Logic.
Jennifer Holmes
Healthcare systems gather a lot of patient data as care providers, but a surprising lack of coordination too often puts patients at risk.
Tragically, that is exactly what happened to my father nine years ago. A week before his 70th birthday, he passed away due to the lack of care coordination. His risk factors were high and his care provider had all his health records and history documented in his chart. Over the course of 15 years, my father had been admitted and treated six times at the same hospital. He was an open heart surgery patient, had multiple coronary artery stents placed 10 years post surgery, and he was diagnosed with cancer eight years before his death.
His primary care physician admitted him to the Emergency Room after finding a lump on his leg. Later that evening, we learned he had Stage 4 non-Hodgkin’s Lymphoma. The coordination care breakdown started with his oncologist who, although armed with most of my father’s health information, he missed one critical piece to the puzzle. Our family later learned the physician never reached out to my father’s interventional cardiologist to better understand his percent of heart function. If he had, they would have learned his left ventricular function was only 45-percent. Due to this lack of care coordination, the wrong drug cocktail was prescribed to treat his cancer, ultimately resulting in heart failure. He was gone in six weeks.
Finding the Good in the Bad
The good news is that EHR technology adoption and compliance certifications around Meaningful Use is driving improvement for quality, safety, efficiency, and reduced health disparities. I believe these efforts to enhance care coordination will result in improved population and public health so that fewer and fewer families will experience what mine did.
According to the Health and Human Service’s Agency for Healthcare Research and Quality (AHRQ), the Institute of Medicine identifies patient centeredness as “a core component of quality health care.” The agency tracks and analyzes the number of incidences of avoidable hospital-acquired conditions along with adverse events. While progress has been made over the years, more work is necessary to improve care coordination.
To be fair, enormous demands have been placed on healthcare systems for profitability, efficiency, compliance, safety and overall excellence. However, excellent quality healthcare is inextricably connected to a patient care centered strategy. Our current systems must get back to that root focus through improved communication and sharing data transparently across all facets of the patient’s health spectrum. The key is finding user-friendly solutions to collect and analyze the right data, and warehouse and share all this data in a compliant way.
How to Engage – Transparently
Sharing all of that data sounds like a tall order and the technicalities of exactly how it gets accomplished seem daunting. We must follow patients from their first office visit to hospitalization, to discharge, to outpatient care, to patient-centered medical home (PCMH) care, and even at-home care. Lives can depend on it. The rub for patients and providers comes when collecting information becomes cumbersome, time-consuming and inefficient.
Recent tech and software solution advances portend smoother sailing ahead. Powerful tools are now available to collect, connect, communicate and share data from inside and outside a hospital’s four walls, directing real-time, actionable health decisions to improve patient-centered care. Providers realize efficiencies of scale when they use systems and software solutions that aggregate a patient’s total record. Optimal tools collect data from the patient’s complete health history and the best solutions can synthesize that data across all platforms and providers. This connected data roadmap then acts as a support and monitoring tool, as well as a yardstick to measure business intelligence goals.
What to Engage – Complete Data for Excellence
Patient-centeredness must then be a partnership among systems, practitioners, patients, and their families (when appropriate) to ensure that decisions respect the wants, needs, and preferences of patients. Such partnerships ensure patients have the education and support they need to make decisions and participate in their own care.
