Guest post by Moshe Ben-Simon, co-founder and vice president of services and research, TrapX Security.
Moshe Ben-Simon
Healthcare is a major market in the United States with annual expenditures that consume almost 17.4 percent of the gross domestic product. Healthcare in the U.S. includes 893,851 physicians, 2,724,570 registered nurses, including physician’s assistants and administrative staff that support them. Additionally, there are approximately 5,686 hospitals that support these professionals directly. The great majority of physician practices now have electronic medical records (EMR/EHR) systems that are all interconnected with the rest of the ecosystem.
The typical hospital is replete with Internet connected systems and medical devices. These devices are also connected to EMR systems that are being deployed at a fast pace across practices and hospitals because of government incentives, such as meaningful use. This creates a highly connected community that brings the most vulnerable devices together with some of the highest value data.
Medical records = big money for organized crime
Healthcare data presents a compelling opportunity for organized crime. Cybersecurity firm Dell Secure Works notes that cyber criminals were getting paid $20 to $40 for health insurance credentials, compared with $1 to $2 for U.S. credit card numbers prior to the Target Breach. The Federal Bureau of Investigation (FBI) issued a private industry notification (PIN) report in April 2014 that noted cyber-attacks will increase against healthcare systems and medical devices because of lax cybersecurity standards and a higher financial payout for medical records in the black market.
As of Mar. 30, 2015, the Identify Theft Resource Center (ITRC) has healthcare breach incidents at 32.7 percent of all listed incidents nationwide. Per ITRC, for the first quarter of 2015, more than 99,335,375 medical records have been exposed and compromised in the United States alone.
As in other industries, the attackers in healthcare may be standalone operators or part of larger organized crime syndicates. The great majority are clearly after valuable healthcare data and economic gain. Health insurance credentials can have a value 20 times that of a credit card on the hacker black market. These attackers know that healthcare networks are more vulnerable and provide greater potential rewards. They have already determined that these vulnerabilities are so extreme as to make healthcare the easiest choice for their attack.
Despite the latest/greatest perimeter network security technology, hackers continue to get in
The risk for ongoing data exfiltration, theft and subsequent HIPAA (Health Insurance Portability and Accountability Act) violations has never been higher. Basic defense-in-depth cyber security products seem to be failing at an increasing rate. The concept of defending a perimeter around hospital networks no longer works against a variety of cyber-attack vectors. Recent studies suggest that most hospitals are unaware of active attackers likely hiding within their medical devices inside their networks already.
These medical devices have become the key pivot points for attackers within healthcare networks. They are visible points of vulnerability in the healthcare enterprise and the hardest area to remediate even when attacker compromise is identified. These persistent cyber-attacks threaten overall hospital operations and the security of patient data.
Most hospital information technology teams are managing a very heavy workload. They must deal with a multitude of vendors and supporting a diverse set of networks across the hospital. Further, they must work to be compliant with HIPAA security rules and other compliance requirements. Cyber security products issue a multitude of alerts and can overwhelm these hospital teams while real cyber security event alerts are perhaps hidden or missed.
It has only been about two generations since traveling medicine shows were common forums for medical information. Phony research and medical claims were used to back up the sale of all kinds of dubious medicines. Potential patients had no real method to determine what was true or false, let alone know what their real medical issues were.
Healthcare has come a long way since those times, but similar to the lack of knowing the compositions of past medical concoctions and what ailed them, today’s digital age patients still don’t know what is in their medical records. They need transparency, not secret hospital –vendor contracts and data blocking, like the practices being questioned by the New York Times. One patient, Regina Holliday resorts to using art to bring awareness to the lack of patient’s access to their own medical records.
There are many reasons patients want access. Second opinions, convenience, instant access in a medical emergency and right of ownership—I paid for them, I own them. Other reasons patients need to view their records is for accuracy and validity. Inaccurate record keeping has even caused the EHRI Institute to cite incorrect or missing data in EHRs and other health IT systems as the second highest safety concern in its annual survey, outlining the Top Ten Safety Concerns for Healthcare Organizations in 2015.
Healthcare system executives, from CIOs to CEOs are very aware of the increasing requirements from patients asking for their records and the various state and federal laws that come into play. However, they are also aware that by making it too easy for patients to access records they risk liability and HIPAA issues. They also don’t want to provide documents that can easily enable cost comparisons or raise questions about charges.
Consumers Uniting
Riding the wave of interest in accessing personal medical records are organizations like Get My Health Data. Org. The organization was founded in June 2015 as a collaborative effort among leading consumer organizations, healthcare experts, former policy makers and technology organizations that believe consumer access to digital health information is an essential cornerstone for better health and better care, coordinated by the National Partnership for Women & Families, a non-profit consumer organization. On July 4 it launched #DataIndependenceDay to create awareness for the HIPAA law which states that patients must be granted access to their health information with very few exceptions. An update to those laws that was finalized in 2013 extends these rights to electronic health records.
Despite the introduction of personal health records (PHRs), Blue Button technology and product introductions from blue chip technology leaders, such as Microsoft and Google, there has been no significant, unifying technology to ignite pent up demand for their medical records by consumers. This lack luster interest and ongoing interoperability issues might be the unifying force to drive many consumers to consider Personal Health Information Exchanges (PHIEs) as an alternative to EHRs and Health Information Exchanges (HIEs) that unnecessarily duplicate data and risk HIPAA violations.
Will PHIEs Ignite the Patient Record Access Movement?
Frost & Sullivan, in its research report, “Moving beyond the Limitations of Fragmented Solutions Empowering Patients with Integrated, Mobile On-Demand Access to the Health Information Continuum”, identifies personal health information exchange (PHIEs). They are described as providing individual patients, physicians, and the full spectrum of ancillary providers with immediate, real-time access to medical records regardless of where they are stored by using an open API.
The PHIE can provide access to the entirety of an individual patient record, regardless of the number of sources or EHR systems in which the patient data resides. This technology is made possible through fully interoperable integration servers that can access any EHR system with available APIs and portray the integrated data in a viewable, secure and encrypted format on a mobile device.
By leveraging the powerful simplicity of open APIs, PHIE technology can also access medical records in a way that is much more comprehensive than the closed EMR portals commonly used by doctors’ offices. Despite their pervasive use, these portals are cumbersome and expensive for patient’s use. The portals also include the same lack of interoperability that plagues hospital EHR systems.
Guest post by April Wortham Collins, manager of customer segment analysis, Decision Resources Group.
April Wortham Collins
Under the traditional fee-for-service reimbursement model, providers and payers are natural adversaries. To maintain a steady source of revenue, providers are incentivized to render as many services as possible without running afoul of controls designed by payers to keep utilization in check. When healthcare costs inevitably creep up, providers demand higher reimbursements from payers. Payers, trying to keep claim in check and health insurance premiums competitive, respond by restricting members’ access to certain providers.
It’s this tension between payers and providers that forms the backbone of the U.S. healthcare system. At least, it has until recently. Policy and political leaders have come to realize that, absent of other factors such as quality, efficiency and patient satisfaction, healthcare costs will continue to rise, creating a weight under which the system will eventually collapse.
Enter the accountable care organization, a new model for healthcare delivery and reimbursement that exemplifies the key tenants of the Affordable Care Act and the healthcare Triple Aim: improving the patient experience of care, improving the health of populations and reducing per capita costs. Unlike the fee-for-service reimbursement model that rewards providers based on volume of services, the ACO model rewards providers for achieving specified quality objectives and constraining costs.
On their face, ACOs would seem to encourage cooperation between payers and providers. After all, to improve population health, providers need claims data and the type of technology solutions that payers have been investing in for decades. And to reduce healthcare costs, payers need to partner with quality providers with proven track records for keeping patients healthy. Ask any patient who has bounced back and forth between doctors’ offices and their health insurance company trying to sort out a medical bill, and the opportunity for improving the patient experience of care is tremendous.
So far, many ACOs are doing just that. Of the nearly 1,100 ACO contracts that Decision Resources Group is tracking today, more than half are commercial agreements involving 70 private payers. The largest private-payer ACO initiative in the country is led by Cigna, whose Collaborative Accountable Care program has 124 ACO agreements in 29 states encompassing more than 24,000 primary-care physicians and 27,000 specialists.
However, other aspects of healthcare reform are adding fuel to the payer-provider fire—and ACOs are a flashpoint. To keep health insurance premiums competitive, payers are excluding high-cost providers from their networks. Many of these narrow or exclusive provider networks also function as an ACO, with attached health plan products that are proving popular in public health insurance exchanges.
Today’s physicians face an increasing array of non-clinical demands on their time, from filling out paperwork to sorting through insurance denials. As a result, the amount of time doctors have to actually see patients has been reduced.
The combination of decreasing number of physicians, increasing demand for quality care, and rising costs of healthcare has created a challenging environment for both patients and healthcare professionals.
Nearly all of us have experienced long wait times at a physician’s office, often for minor ailments or routine follow-ups. These lengthy wait times are causing more and more patients to skip follow-up visits or turn to unreliable online medical services and websites for information. This not only erodes the doctor-patient relationship, but it puts patient health at risk. Furthermore, the information is not properly shared with the patient’s actual physician.
Today’s ultra-connected world has a solution that can bring the doctor-patient relationship into the 21st century: telemedicine.
Telemedicine is a suite of technology solutions that enables doctors to communicate with and treat patients via text, video and audio – and it can be used by physicians, nurses, office staff, any healthcare professional and, of course, patients. Telemedicine allows physicians to provide more convenient, real-time interactions with their own patients, for triaging acute issues and for quick follow up visits that can save the entire health system time and money.
And it’s far from the latest medical fad. Telemedicine is already one of the fastest growing segments in healthcare. According to the American Telemedicine Association, half of all U.S. hospitals now use some form of telemedicine. Similarly, Health Affairs has predicted an increase in domestic telehealth revenue by almost 20 percent per year, to $1.9 billion by 2018.
Connecting to patients, anywhere and anytime
Clearly, these solutions have ushered in a new age of medicine. Technology can also provide real-time data on patient vital signs, blood sugars and other information to improve the monitoring of chronic conditions, reducing readmission rates and keeping our patients healthier outside of the hospital.
Factors fueling the growth of telemedicine are as follows: a shortage of physicians in rural and remote areas, the high prevalence of chronic diseases, growing elderly populations, increasing numbers of smartphone users and the need for improved quality of care.
Telemedicine solutions fall into two broad categories: remote patient monitoring and online/digital communications. Remote patient monitoring links home healthcare equipment (heart monitors, dialysis equipment, etc.) to the internet and then securely reports patient data back to a healthcare provider.
Guest post by Joyce Mullen, vice president and general manager, Dell OEM Solutions.
Joyce Mullen
Technology is rapidly transforming the healthcare industry and the way we approach patient care, as organizations adopt the latest solutions in mobility, data analytics, Internet of Things and cloud computing. From telemedicine to wearables to 3D printing to alternative communication techniques, this is truly the golden age of healthcare innovation.
Through our OEM Solutions group, we are proud to be providing the underlying technology and services that enable so many inspirational companies make a real difference in people’s lives through healthcare innovations. Two examples I am really excited about are HealthSpot, which is developing a network of private kiosks equipped with two-way, high-def video screens enabling patients to interact directly with remote physicians; and Prentke Romich, which created a revolutionary device that helps people with disabilities communicate effectively. Rooted in these innovations is IT and the need for security, efficiency and reliability.
Connecting patients with physicians … virtually
We all know that visiting the emergency room for a health issue can be a frustrating experience, with long waits and impersonal service being the norm. But HealthSpot, an Ohio-based telehealth company founded in 2010, is offering a convenient and game-changing alternative. The company has introduced the HealthSpot station, a freestanding private kiosk equipped with a two-way, high-def video screen enabling patients to interact directly with remote physicians. Patients inside the station can be weighed on a built-in scale and use a thermometer, otoscope, magnascope, blood pressure cuff, stethoscope or other medical devices, with information and images transmitted electronically and securely to the physician. Physicians can then make a diagnosis and write prescription on the spot.
So far HealthSpot has installed stations in urgent-care facilities and hospitals, along with four test markets in retail pharmacies in Ohio and are expanding rapidly. As the company continues to scale, Dell is working with them to build a well-integrated IT infrastructure that includes hardware, software and services. Plans include more than 10,000 stations across the U.S. in the next few years, so be on the lookout for a HealthSpot station near you.
Developing language through technology
Prentke Romich Company (PRC) is the worldwide leader in the development of assistive technology and augmentative communication (AAC) solutions for people with severe disabilities. The company is committed to helping individuals achieve their greatest potential by delivering intuitive communication solutions that are focused on language development.
When PRC wanted to introduce a Windows- and tablet-based AAC solution, it faced a critical challenge: finding the right technology. Children with disabilities already face perceptions and bias, and they don’t want assistive technology that makes them look even more different. In a world of iPads and other sleek devices, their products needed to be as aesthetically pleasing as possible. The product also needed to be responsive and high performing enough to handle PRC’s Unity language system.
It’s no surprise that the communication landscape is evolving. While face-to-face conversation will always be an important form of interaction, individuals are increasingly engaging in dialogue — both personal and professional — with the help of technology (Skype, Google Hangouts, FaceTime, etc.).
These technologies have influenced new programs in the healthcare industry, and telemedicine has taken flight. Through one-on-one conferencing with doctors, either over-the-phone or via video, programs like Doctor on Demand and AnywhereCare connect patients with doctors in as little as 30 minutes, diagnosing everything from the common cold to sprains.
Technology and the rise in global communication have made their impact on language services in medical facilities as well. With a non-English speaking population that represents 20 percent of the population and has grown 81 percent since 1990, healthcare interpreting — whether it occurs face-to-face, over the phone or via video — is incredibly crucial to ensure accurate patient communication and, ultimately, safe medical practices.
Interpreting in the medical industry is nothing new. Healthcare providers have long brought interpreters into their facilities to bridge conversations with patients who speak a language other than English. Title VI of the Civil Rights Act of 1964 required medical providers to use interpreters when necessary. With an increasingly diverse population, this policy was reinforced by President Clinton’s Executive Order 13166 in 2000, which sought to improve access to services for people with limited English proficiency.
While the need for interpreting in healthcare is evergreen, the language industry has more services available now than ever before. Medical interpreting has a broader set of options when it comes to communicating.
Testifying before the Senate Committee on Health, Education, Labor & Pensions (HELP), DirectTrust president and CEO David C. Kibbe, MD MBA, urged the federal government to take action to help overcome the problems impeding the sharing of health information between and among parties authorized to access electronic health data, commonly referred to as “information blocking.”
David Kibbe
“While the responsibility for assuring secure interoperable exchange resides primarily with the health care provider organizations, and not with the EHR (electronic health record) vendors nor the government, I strongly believe there is a role for government to encourage and incentivize collaborative and interoperable health information exchange,” testified Dr. Kibbe, one of the nation’s foremost authorities on health information exchange security issues. Dr. Kibbe’s organization, DirectTrust, is a health care industry alliance created by and for participants in the Direct exchange network used for secure, interoperable exchange of health information.
Dr. Kibbe testified at a full Senate HELP committee hearing titled “Achieving the Promise of Health Information Technology: Information Blocking and Potential Solutions. During his testimony, Dr. Kibbe enumerated the problems with information blocking and offered suggestions to help improve upon the current situation in the near-term. Among the many actions Dr. Kibbe suggests the government take to help overcome information blocking include:
Continue to shed light on these problems, and work with trade groups, standards and policies organizations, and others to set expectations for interoperability of EHRs and other applications certified as interoperable, especially those that have been federally subsidized within the meaningful use programs.
Bring better and improved EHR certification processes forward beyond the testing laboratory so that the utility and usability of interoperability features of ONC certified EHR products in the field becomes part of the public record, and can be used in purchasing decisions. Collaboration and partnership with non-profit trade groups to achieve this goal would be advisable.
Accelerate federal agency use of and demand for open, standards-based interoperable HIE (health information exchange) with private sector providers and provider organizations, thereby removing reliance on paper-based mail, fax, e-fax and courier for these federal programs.
Examples include Veterans Health Administration referrals to and from private sector medical practices and hospitals; Veterans Benefits Administration health information exchanges with private sector medical practices and hospitals; the use by Medicare, Medicaid, and state agencies of interoperable HIE for communications with private sector providers and provider organizations for limitation of fraud, payment adjudication, claims attachments requests, and other administrative transactions now done via fax and mail.
Continue to tie more robust ONC EHR certification and use of certified EHR technology to participation in value-based purchasing programs, wherein interoperability and collaboration across multiple organizations in multiple-vendor environments is financially rewarding to providers and their health IT vendors. Demand for collaboration and interoperability is best driven by underlying business models and business cases supported by regulation and oversight.
Guest post by Paul Smith, management consultant, North Highland.
Paul Smith
Information collaboration is not new, but there is an increasingly critical need for effective collaboration to create an efficient healthcare ecosystem. How can healthcare organizations design collaborative frameworks that allow them to successfully manage vast amounts of data and create actionable information from that data?
One of the first, and perhaps most important steps, is to understand why it’s imperative to foster an environment that encourages and promotes information collaboration. The amount of data companies use to track performance can be overwhelming, and many companies are inclined to abandon their quest to connect results across the organization, particularly when redundant data sources conspire across the enterprise to prevent a single source of truth. While it’s easy to understand why it happens, this approach can inhibit an organization’s ability to address the management of its data.
The implementation of an effective, collaborative framework is imperative. Not only does it have short-term impact, like enforcing consistent data quality and use, but it also improves business results. Active collaboration can lower management costs and enhance an organization’s ability to analyze and interpret information over the long haul and:
Improves the user experience for management, physicians, nurses, and patients
Reduces data inaccuracies and redundancies
Offers impact analysis across the organization for change requests
Enhances the organization’s ability to drive insight analysis and action creation based on a balanced information asset environment
Furthermore, if a healthcare organization chooses not to enforce a collaborative information framework, there may be financial consequences. Inconsistency in reporting can lead to noncompliance with provisions of the Affordable Care Act, which require uniform reporting and analytics.
Interoperability Accelerator
What’s really at stake? One example of the potential damage insufficient collaboration can create is evidenced in North Highland’s recent work with a healthcare organization that wanted to improve its management environment. During the onboarding process, new requirements and analytics were captured and documented. The requirements were then coded, tested and deployed prior to completion of the data loads. The missing component was an understanding of the impact that those changes had to legacy analytics in use across the client’s enterprise. As a consequence of no established metadata environment, changes made to the analytical applications impacted numerous analytics and reporting downstream- resulting in massive rework. North Highland worked to remediate data continuity throughout the effected systems and establish a scalable metadata framework to grow analytical capabilities with the future needs of the organization.
This example underscores why it is imperative to implement a model that addresses and improves interoperability, collaboration, and information knowledge, which eliminates a significant amount of risk and creates a highly effective information collaboration governance program.
One successful model that can be followed to address this issue emphasizes a business first approach and requires that there is an overall culture of collaboration both internally and externally. It is based on three fundamental disciplines and supported with metadata foundation that connects and maintains the relationships between the three disciplines. The model’s pillars include:
The Business Information Discipline (BID), which defines the data and information necessary to support the operational goals of each department, business unit or division within the organization. Roles and responsibilities within the BID vary based on the size of the organization, but certain roles are central to the discipline.
The Systems and Network Discipline (SND), which defines the system roles and network analyst roles within the information environment. This is the discipline with the largest concentration of technical resources, each having a degree of stewardship responsibility.
The Information Asset Discipline (IAD), which is responsible for creating, maintaining and delivering information asset management for the organization. IAD outlines governance implementation, stewardship roles and general management of information, enabling impact analysis across the organization.
Organizations must respond to healthcare laws and adapt business models to comply with necessary requirements, all the while continuing to monitor reform-related legislative changes and regulatory guidance. By following the outlined framework, healthcare organizations can create an unbreakable foundation that ensures consistency in data and enhances enterprise agility.
