Advancements in medical device technology has allowed for services, initiatives and changes in healthcare delivery to evolve at a break-neck pace. Smartphones are increasingly integrated into patient care planning, providing internet connectivity to share data to healthcare delivery organizations (HDO), doctors and researchers. It is unfortunately also true that as the medical treatment landscape has evolved, it has been challenged by cyber-attacks. While shows like Homeland have portrayed the vice president’s wireless pacemaker introducing a vulnerability that can be used in an assassination attempt, individual patient harm is not the common scenario HDOs and patients face.
Instead, as a recent report from Positive Technologies indicates, healthcare hackers seem motivated to seek sensitive information and control over a system, compared to stealing financial information, or even money. How does this motivation impact a defense strategy in the already complicated healthcare ecosystem?
Location of care delivery
Let’s begin by understanding the volume of the situation. The average hospital bed has 10 to 15 devices connected to it. With the American Hospital Association count of hospital beds above 6,000 in 2019, this is in the frame of 900,000 devices inside U.S. hospitals. These devices often have Bluetooth or wireless capabilities. An adverse player in the ecosystem can potentially exploit this connectivity with the intention to expand into the HDO network, hospital/device database or elsewhere.
Healthcare has been shifting outside of the HDO to accommodate increasing costs in care delivery, remote patient geography and to accommodate populations that are unable to access an HDO on an ongoing basis. These changes have been great for patients and providers, enabling ongoing monitoring of patients even when they’re not in the HDO. But it also means that some connected devices operate outside of the secured and monitored HDO network, while sending data back to providers within the HDO network. The introduction of these connection points also serve as the introduction of additional threat vectors that need to be managed.
Types of data available
It’s not immediately obvious what data used in clinical care could be used by hackers to elicit monetary benefit for themselves. The idea of a blood pressure or ECG reading doesn’t exactly bring dollar signs to mind.
HDOs and care providers regularly obtain patient social security numbers (SSN), which can be relevant for billing purposes, or in an attempt to share data between HDO systems. This same data can be used by a malicious actor to commit requests for loans, prescriptions or insurance claims, open bank accounts, perform online transactions and even file taxes or claim rebates. Imagine the SSNs from a pediatrician’s office being sold and the fraudulent activity going undetected for a prolonged period, or the SSN of a deceased person that can be used with zero concern for active monitoring by the individual.
Records can also include communication methods for patients, such as email and phone numbers, which can be used for spreading spam/malware with the intention of running phishing campaigns. This is to say nothing of personal distress that can be introduced if patient medical conditions are known by individuals without the patient’s best interest in mind.
Individuals who use commercial trackers to identify fitness patterns and metrics to discuss with providers have intentions of bringing more data to a potentially difficult diagnostics. However they are also capturing information that can be correlated to determine physical location. The army base location that was disclosed because of GPS-related workout data demonstrates how different types of information can appear unrelated, yet end up unintentionally giving something crucial away.
By Brooke Faulkner, freelance writer; @faulknercreek.
Advancements in medical technology grant modern patients access to better care than ever before, but they also come with serious privacy concerns. Widespread data breaches in the realm of digital health records led to the implementation of the Health Insurance Portability and Accountability Act (HIPAA) in 1996, and it’s a relevant as ever in the present day.
In our current healthcare climate, patient privacy and data protection go hand in hand. HIPAA is meant to protect sensitive patient medical records while adhering to ethical principles. With the rise of alternate treatments like medical marijuana and CBD, which are illegal or regulated in many states, ensuring patient privacy is more important than ever. Here’s how patient privacy and ethics intersect in the age of technology.
Healthcare administrators, ethics and privacy
The role of the healthcare administrator is a complex one that merges patient care and bureaucratic involvement. Healthcare administrators are a major player in the front lines of HIPAA compliance. One of the biggest ethical dilemmas of the role is maintaining each patient’s right to privacy and autonomy. Administrators often play a big part in ensuring that a facility properly adheres to HIPAA and other relevant laws and regulations.
Of course, ensuring patient privacy only goes so far in certain situations. A healthcare administrator may break confidentiality under particular circumstances, such as when patients may harm themselves or others. Cultivating a thorough understanding of applicable laws and knowing when to break confidentiality is integral to maintaining a balance of patient privacy and ethics.
It may not always be easy to determine if or when confidential information should be shared. A psychiatrist in Singapore was recently fined $50,000 for breaching medical confidentiality by sharing confidential patient information with an unauthorized party. A man posing as a patient’s husband contacted the psychiatrist, claiming that his “wife” was suicidal. The psychiatrist had previously determined that his patient was at risk of self-harm, and he wrote a memo for the man that included confidential medical information. The man turned out to be the patient’s brother rather than her husband, and he did not have legal access to the patient’s medical information.
In this case, while the psychiatrist was within his rights to share information related to his patient’s potential for self-harm, he did not verify the identity of the family member who ultimately received the confidential medical information. Thus, the patient filed a complaint with the Singapore Medical Council (SMC). The SMC handed down the stiff penalty and censure as a form of “general deterrence” for similar situations in the future, and healthcare administrators should take note of the decision.
The role of the medical provider
The topics of patient privacy and ethics form the backbone of numerous industry jobs, from healthcare administrators to nurses and medical assistants. In many cases, medical assistants are directly responsible for administrative tasks, including the collecting and handling of patient data. Because of this fact, a medical assistant must ensure that he or she adheres to all pertinent privacy regulations and take the utmost care to keep patient data safe. Nurses also come in contact with sensitive patient data and should take similar precautions to avoid a potential HIPAA violation.
Ensuring patient data privacy starts at the training level for medical assistants. Best practices for maintaining electronic patient medical records is a key focus in any assistant’s education, but it’s particularly important for those interested in pharmacology. As a student, a medical assistant should be trained in HIPAA and similar regulations in order to develop a keen understanding of what’s at stake. A HIPAA breach could result in fines, but guilty parties may also be stripped of their individual licenses as well, causing many to lose their job and be barred from future employment in the healthcare industry.
While not all HIPAA violations result in termination, repercussions for individuals depend on the policy of the healthcare facility or organization and the severity of the violation. In 2018, a Texas nurse was fired after violating HIPAA regulations by posting sensitive patient data on social media. While posted information did not include a patient name, it contained specific details about the patient’s condition, and the nurse’s social media profile listed the facility in which she worked. Her employer, Texas Children’s Hospital, determined that the violation was severe enough to warrant firing her.
The threat of ransomware being used as a highly effective form of cyber terrorism has been receiving a lot of media attention lately. The story line stems from a recent Lloyds of London report that boldly states a large-scale ransomware attack could cost the global economy $193 billion and impact more than 600,000 businesses worldwide.
The report further speculates that if coordinated and executed properly, a global attack like WannaCry could cause even more severe damage and cost companies significantly more when you factor in all the business disruption and recovery related costs that would follow in the wake of a wide-scale attack.
With doomsday projections like these, it’s easy for people to become numb to the associated cyber security risks. Yet security professionals must always remain objective when assessing the scope of a threat versus the cost of implementing security measures to arrive at a risk-based recommendation.
What is ransomware terrorism?
Terrorism is broadly defined as the use or threat of violence that aims to spread fear in a population, and to advance a political, ideological or religious cause. Ransomware can be used in this context to disrupt the life of individuals and organizations, which depend on the smooth functioning of information technology to maintain operations.
While historically, the main goal of ransomware has been to extract, or extort, money or other valuable consideration from the affected party. NotPetya made us aware that there is a lot more damage an attacker could do with access to an army of computers spread across the globe than just turning them into bricks.
To prevent or avoid the consequences of an attack of terrorism, the defenders must effectively repel every single attempt to perpetrate the crime. Ultimately, the attackers only need to overcome the defenses once in any given situation to prevail.
Exploring the potential impacts of ransomware terrorism
In the proposed scenarios created by the Cyber Risk Management (CyRiM) project and Cambridge Centre for Risk Studies (CCRS), put forth in the report called, “Bashe Attack: Global infection by contagious malware,” a ransomware terrorist attack could be launched through an infected email, which once opened would be forwarded to all stored contacts.
Then within 24 hours, the malware could encrypt all data on 30 million devices worldwide. In the worst case scenario of the event, even the backups would be erased—meaning companies of all sizes would be forced to pay a ransom to decrypt their data or replace their infected devices.
It is easy to conceive that a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, inaccessible data files, IT clean-up costs, ransom payments and supply chain disruption.
The moral of the story according to Lloyds is that all businesses should pay close attention to systemic risk across all lines of business, not just within the silo of cyber and businesses should buy insurance to help protect against such catastrophic scenarios.
Non-clinical factors can account for up to 80 percent of the health outcomes for patients. Such factors, including socioeconomic conditions, healthy behaviors, and physical environment, may vary drastically for each patient and can significantly impact health outcomes such as poor medication adherence, frequent visits to the ED, and more. Thus, it is essential to consider these factors while creating care plans to ensure that the specific needs of patients are addressed.
Additionally, healthcare’s transition to value-based care is pushing organizations to lead more efficient population health management programs that address every clinical and social need of the population in which they serve. The challenge, however, is that organizations don’t usually have the means to capture the social needs of the patients or address them beyond the four walls of a hospital to ensure that no care gaps remain unplugged.
Innovaccer offers to assist healthcare organizations in a stepwise approach, starting with surveys for patients to complete in order to evaluate their social needs, such as access to food, housing situations, or economic conditions. Additionally, Innovaccer’s solution allows care teams to send as many surveys as needed with multiple language support. Based on the answers received from the survey, the solution helps care teams find suitable community resources to assign to the patient from a pre-built national database.
The solution’s AI-assisted closed-loop referral process to community resources enables care teams to ensure patient-centric care, even after an encounter is over. This closed-loop referral process gives physicians and social workers complete visibility into the social needs of their patients, which allows them to refer their patients to the most relevant community resources. In fact, patients are also kept in the loop in such a way that they can track their referrals, give feedback, and coordinate with their providers at any time, all through a single mobile application.
Innovaccer’s primary aim with this solution is to empower physicians and care teams with visibility into the social needs of their patients, right in the moment of care. The solution also triggers automated and real-time alerts to care teams if a patient’s needs are found to be urgent, such as high social risk or missed follow up. Additionally, the insights from the survey are available to the physicians right at the point of care within their EHR workflows, ensuring that they have a holistic picture of their patients.
“For organizations under value-based contracts, establishing a culture of wellness is a priority to keep their business model financially viable. Social determinants of health are a gamechanger in this regard and organizations who leverage them put themselves in the driver’s seat,” said Abhinav Shashank, CEO at Innovaccer. “We hope that our solution is instrumental to healthcare organizations as they tie their efforts to address social determinants of health and create similar strategies to maximize care and cost outcomes.”
Only recently, Innovaccer also launched its first-ever in-house research authored by Dr. David Nace, CMO at Innovaccer, around the social vulnerabilities of the population across the US. The research paper named “From Myth to Reality- Revolutionizing Healthcare with Augmented Intelligence and Social Determinants of Health” discusses a revolutionary way of leveraging advanced algorithms to determine the social vulnerability of the zip code-level population.
To learn more about Innovaccer’s SDOH Management solution, click here.
As the addiction epidemic continues to plague even the smallest of communities throughout the country, substance abuse treatment specialists from coast to coast have embarked on a unified effort to raise the tide to improve the continuum of care for individuals struggling to break the cycle.
The national interoperability committee has been making strides over the last year to ensure that regardless of a patient’s unique individual treatment history, care providers are able to efficiently receive seamless access to the complete detailed medical records necessary to begin helping create lasting and effective care.
The committee effort is spearheaded by ZenCharts co-founder Dan Callahan, a 36-year veteran of the behavioral health care industry.
“It’s not uncommon for a patient to go through rehab five or more times — I’ve seen some with over 20 — and communicating information from each of those episodes can be where things start to fall apart,” Callahan said. “Clinicians need the tools to help make the right decisions. If they have all the data, they can see what the patient went through — what was the length of detox? What things were tried, how were they tried and were they were successful?”
With the fragmentation of EHR systems across the country, and privacy laws, sharing medical records can be a significant hangup. When that happens, it puts the burden on the patient to bring a new provider up to speed.
“We’re making changes in the industry as a whole, and helping push the boundaries for how we can help these people,” Callahan said. “We need to help clinicians meet and work with patients where they currently are, and know more accurately where they’ve been.”
Protein-based drugs are a quickly growing pharmaceutical sector, providing treatments for cancer and autoimmune diseases, among others. Obviously, efficient, accurate lab results are desirable. The goal is the development of compounds that have a stability measured in years.
Though there are many factors that can negatively affect the successful development of protein drugs, it is useful to examine some of the most common. Chief among the factors affecting the stability of protein pharmaceuticals are protein aggregation, deamidation, and oxidation. What are these processes? How could they influence your results? Most importantly, how can you prevent them?
To be used in pharmaceutical drug molecules, proteins are routinely folded via van der Waals attractions as well as hydrophobic attractions. These protein protein interactions cause the amino acid chains in proteins to become attracted to themselves and fold in. Unfortunately, when these folded proteins exist in high concentrations, the same attractions can cause amino acids in neighboring proteins to attach to each other, forming protein aggregates.
Protein aggregation can increase the viscosity of the medications, as well as produce visible particles, making the final product less desirable. However, safety concerns are an even greater concern. Aggregations can result in liquids with unknown concentrations, limiting the amount of the drug that can be administered at any time. Researchers also worry about the human body developing immunity to the proteins or even an autoimmune disease.
Deamidation is a chemical reaction in which proteins lose an amide functional group. Often, unfavorable laboratory conditions cause deamidation, including high temperatures and high pH conditions. Deamidation results in the degradation of the protein because it damages the side chains that contain the amides. It is impossible to make generalizations about the effects of deamidation. Effects on protein activity range from none to decreased activity so effects must be considered on a case-by-case basis.
Deamidation affects the final product primarily because it alters the protein, resulting in a product with unknown properties. The product’s stability is affected, and the degree to which the product is effective is now an unknown. It is important to limit deamidation in the lab.
Protein oxidation is one of the main forms of degradation in protein pharmaceuticals. In oxidation, amino acid residues with high oxygen reactivity are exposed to contaminating oxidizing agents during processing and storage. Light and transition metal ions speed up oxidation, resulting in the further break down of the protein.
By Amy Perry, director of product marketing, OpenText.
The pace of digital transformation today is increasing rapidly, with more industries jumping on the bandwagon to adopt new technologies which recast workflows. New solutions powered by artificial intelligence and machine learning are enabling machines to handle processes once cumbersome to employees.
In fact, the rate of this shift is so pronounced that according to Deloitte, the average digital transformation budget has increased by 25 percent over the past year, from $11 million to $13.6 million. More than half of mid-sized and large companies are spending more than $10 million on these efforts.
While this is a trend impacting almost every industry, it presents unique challenges to the healthcare sector. One of the most important challenges digital transformation extends to healthcare professionals is in the area of interoperability. As the sheer amount of health-related data, along with the ways to transmit and store this data, continues to increase, the ability of healthcare organizations to juggle the free flow of information between the patient’s care team and the patient is becoming more vital. At the same time, healthcare providers must ensure the highest levels of patient data privacy.
Unsurprisingly, most healthcare providers are preparing for this challenge. According to a new survey of healthcare IT professionals conducted by OpenText in conjunction with IDG Research, 85 to 94 percent of healthcare organizations are either actively investing or are planning to quickly invest in interoperability infrastructure to provide more intelligent and connected healthcare. While this intent is a great starting point, the journey can still be challenging for organizations of every size.
Ensuring a more free flow of information between providers to enhance the patient experience while simultaneously adhering to HIPAA’s privacy mandates may initially seem impossible to many teams. A wider embracement of paperless fax solutions across the industry could provide a data-centric solution which allows organizations to further interoperability goals while also ensuring that patient privacy remains paramount.
Paperless fax gains momentum
The evolution to fax stems from HIPAA guidelines mandating all patient information be securely stored and communicated. Tools such as email lack essential regulatory compliance and must be shelved in favor of other forms of communication, such as secure fax. While paper-based fax has become almost obsolete in other industries, it is still heavily used in healthcare despite causing some roadblocks to efficient communication. Paper-based fax requires a labor-intensive process that results in limited access to patient information at the point of care and slower care coordination between providers. Though these shortcomings are widely recognized among healthcare professionals, nearly half of patient information is still being transmitted by paper-based fax.
Findings from the same survey confirm momentum in paperless fax technologies. According to survey respondents, 50 percent of all medical communications continues to be done via some form of fax, but paperless faxing surpasses paper-based faxing in terms of medical communications volume. Among this, a significant majority of the survey respondents showed favorability to paperless faxing because of its digital integration capabilities.
Seventy-six percent of respondents either agreed or strongly agreed with the statement that they are happy with their current paperless faxing method because it’s integrated with their electronic medical record (EMR), back-end system, or other applications. By integrating digital faxing with EMR, document management systems, and clinical applications, a paperless fax solution becomes the most connected device in an organization, optimizing patient information exchange, reducing costs, and increasing productivity.
The catalyst for future patient information exchange
In addition, a favorable attribute to paperless faxing is that it provides a much more secure form of patient information exchange and surpasses the requirements of HIPAA’s Protected Health Information privacy rule. As new interoperability tools based on standards for the secure transmission of patient records are considered across many healthcare organizations, health providers can leverage their existing paperless fax solution to transition to modern, secure, and interoperable exchanges of patient documentation that are integrated across systems and applications.
Ultimately, the study’s findings show technology has reversed the death knell many initially thought had struck the fax industry. In fact, instead of being a siloed or time-consuming way to share information, new paperless fax technologies are helping eliminate these inefficiencies by shortening the time it takes to get patient information to the right provider and facilitating faster access to critical information at the point of care. Implementing a cloud-based delivery system is an attractive step as organizations move to the adoption of digital transformation. Healthcare providers must modernize legacy systems and embrace these new technologies to stay at the forefront of the industry and meet patients’ growing expectations.
By Drew Ivan, EVP of product and strategy of Rhapsody.
It was generally recognized by 2009 that the health care industry was long overdue when it came to adopting electronic systems for storing patient data. At the time, hospital adoption of electronic health record (EHR) systems was at about 10 percent while electronic record keeping was commonplace in most other industries. EHR technology was widely available, yet doctors and hospitals were still using paper charts.
The HITECH Act of 2009 was part of a broader stimulus package that financially nudged hospitals and eligible professionals to adopt and use EHRs. The meaningful use incentive program began a national, decade-long project to adopt, implement, and optimize EHR software. The program was a huge success, judged by the most obvious metric, EHR adoption. Today, nearly 100 percent of hospitals are using electronic health records. This means that records are safe from physical damage, far easier to analyze and report on, and – in theory at least – easier to transfer from one provider to another.
However, when viewed through the lens of return on investment, the success is less impressive. The federal government has spent $36 billion to encourage providers to adopt EHR systems but the industry has spent far more than that to procure, implement and optimize the software. Yet, hospitals are seeing reduced productivity, doctors face a huge documentation burden, and interoperability remains an unsolved problem. The first two problems are the consequence of workflow changes brought on by the EHR systems, but interoperability roadblocks ought to have been eliminated by implementing EHR systems, so why is it still so difficult to transfer records from one provider to another, or from a provider to the patient?
Health IT experts generally consider three categories of obstacles to interoperability:
Business disincentives: allowing medical records to move to a different provider makes it easier for patients themselves to move to another provider, and helping customers switch health care providers is contraindicated by usual business practices (even though HIPAA states that patients are entitled to receive copies of their medical records and may direct copies of their records to be sent elsewhere.)
Technical challenges: Meaningful use set a fairly low bar for cross-organizational data exchange requirements, and it did little to ensure that EHR systems could understand data sent from another system. Although these problems are largely resolved today, there is still the impression that “interoperability is a hard technical problem”.
Network effects: point-to-point connections between providers are impractical, but the network approach also has its drawbacks. The assortment of HIEs and national interoperability initiatives is huge and confusing, and it’s not obvious which network(s) an organization should join.
There may have been an assumption that when medical records moved from paper to electronic format they would immediately become more interoperable, but by 2016, the level of interoperability was far below what patients and regulators expected. As a result, the 21st Century Cures Act of 2016 was passed by Congress and signed into law by the outgoing Obama administration. The law’s scope included a number of health care priorities, including a patch for the interoperability gap left by Meaningful Use. Cures explicitly forbids providers, technology vendors, and other organizations from engaging in “information blocking” practices.
Earlier in 2019, the Office of the National Coordinator for Health IT (ONC) issued a notice of proposed rulemaking (NPRM) that defined exactly what is (and what is not) meant by “information blocking.” Once adopted, the expectation will be that a patient’s medical records will move according to the patient’s preferences. Patients will be able to direct their data to other providers and easily obtain copies of their data in electronic format.
Inanovate, Inc., a life science company specializing in the development of blood tests for cancer and autoimmune diseases, has secured an initial closing of $3.1million on a Series C financing round.
The investment, led by South Dakota Equity Partners, Mr. T. Denny Sanford, and Sanford Frontiers, a corporate affiliate of Sanford Health, will help speed the development of Inanovate’s breast cancer blood test, which aims to identify false positives from screening mammograms and reduce costly, stressful, and unnecessary follow-up imaging.
The test is part of a larger plan from Inanovate, which also includes a second test that aims to monitor the progress of breast cancer patients through therapy and beyond, and identify a recurrence event in its earliest stage, when it may be more effectively treated and cured.
“We are excited to have secured investment that will allow our company to implement our development plan through the next 18 months,” Inanovate CEO David Ure said. “We’re pleased to have partnered with investors who share our vision for improving cancer diagnosis and treatment through technology innovation. Our partners bring both expertise and passion to our investment team as we align to the needs and goals of one of the leading hospital networks in the country.”
The most recent investment builds on a strong year for Inanovate, which included a $2 million Phase 2 SBIR grant from the National Cancer Institute, along with a licensing and collaboration agreement with Sanford Health that provides access to intellectual property relating to a set of breast cancer biomarkers, in addition to patient recruitment and sample access for Inanovate’s trials.
“Improving breast cancer care is an important goal of ours,” said Kim Patrick, chief business development officer for Sanford Health. “This protein-screening technology aims to improve the diagnosis of breast cancer and its recurrence.”
The Inanovate blood tests work by detecting antibodies in a patient’s blood that have been associated with breast cancer. Because the antibodies circulate in the blood, a simple blood draw can be evaluated to discover if the disease might be present. To analyze this blood draw, Inanovate uses their patented biomarker analysis platform: The BioID-800. The machine is compact, fully automated, fits on a bench top and uses disposable test cartridges.
“This is a highly sensitive but low-cost instrument that can recognize the presence of multiple different biomarkers from a small sample of blood in one low cost easy to use test,” Ure said.
For the third year in a row, Christiana Care Health System has earned the Most Wired designation from the College of Healthcare Information Management Executives, recognizing healthcare organizations that exemplify best practices through their adoption, implementation and use of information technology.
Christiana Care is the only healthcare organization in Delaware and one of only 5 percent of U.S. hospitals to receive this designation.
The recognition is the result of years of strategic planning with a focus on how technology can break down barriers to access and coordinate high-value care. For example, Christiana Care has introduced Health Records on iPhone, which brings together hospitals, outpatient services and the existing Apple Health app to make it easy for patients to see their available medical records from multiple providers whenever they choose.
“Technology touches every single interaction we have with our patients, and it creates an efficient way for us to connect with our neighbors and deliver the world’s best care, powered by a foundation of technology and empathy,” said Randall Gaboriault, MS, chief information officer and senior vice president of Innovation and strategic development at Christiana Care.
Christiana Care’s place on the forefront of IT trends and best practices is the result of both a long-term investment in culture and a reimagining of IT processes, creating an environment in which good ideas can rapidly progress from concept to impact.
“Our Clinical and IT teams have developed and persistently iterate a model of shared thinking, shared learning and shared working to deliver projects that expand our capabilities to serve our neighbors in ways we had hardly imagined a few years earlier,” said Lynne McCone, vice president of IT application services for Christiana Care.
Christiana Care’s use of transformational technologies to improve patient care includes:
Video monitoring to help protect hospital patients from falls.
Telemedicine advancements, including video visits.
Direct access by patients to the physician notes in their electronic health record, and the ability to contribute to their record through an online patient portal.
Online express check-in at Christiana Care’s six Medical Aid Units.
Christiana Care’s Patient Portal, already recognized as a secure way for patients to stay informed about their health records, now offers patients a chance to enter their problems, allergies, medications, immunizations and surgical history. Upon physician review, these data flow directly into their electronic health record. Anyone who’s ever forgotten to mention a health issue to their doctor or nurse can appreciate the value of a convenient way to add to their record, thereby informing their care team.