Tag: HIPAA

How HIPAA Is Undermining IT and AI’s Potential To Make Healthcare Better

By John Schneider, chief technology officer, Apixio.

Apixio Executive-John
John Schneider

Signed into law nearly a quarter century ago, the Health Insurance Portability and Accountability Act (HIPAA) has not aged well in the information technology world. HIPAA itself is largely misunderstood. I don’t know how many times I’ve heard someone tell me about the “Health Information Privacy Act.” However, it’s easy to understand where the confusion comes from. Who hasn’t heard a story about a ransomware attack, data breach, or privacy violation in the news? And it’s not just happening in the healthcare domain—it’s happening everywhere.

The truth of the matter is that security and privacy breaches in healthcare and other industries are a common occurrence. This has resulted in an unhealthy preoccupation by the healthcare community with the security and privacy provisions in the HIPAA legislation that fall under Title II Administrative Simplification. This too is easy to understand—unlike other industries that seemingly get off Scot free after a breach, the healthcare industry is held to an actual standard, and there are penalties for not meeting this standard that can be reputationally and financially ruinous.

To fully understand the healthcare community’s preoccupation with the HIPAA Title II provisions, we need a little background on what HIPAA is. HIPAA has five provisions called Titles. The two key provisions are Title I, HIPAA Health Insurance Reform, and Title II, HIPAA Administrative Simplification. All of the security and privacy regulations stem from Title II, but “Administrative Simplification” doesn’t exactly shout out “security and privacy” (although the Privacy Rule and Security Rule are 2 of the 5 sections in Title II). Title II doesn’t even provide regulations—it simply hands that responsibility off to the Department of Health and Human Services (HHS) to create such regulations as it sees fit, so ultimately, these are the regulations that we’re contending with and are driving behavior that’s limiting the value of data we’re collecting in healthcare.

Let’s first look at the two types of regulations that cause the most adverse behavior.

  1. Sharing Constraints: There are a number of requirements in privacy regulations that constrain sharing, and many are common-sense business-use rules that protect patients effectively. There are also some regulations that state that covered entities (regulation-speak for providers) should only share data they have with other business associates that are directly participating in the care and management of the patient. These effectively prevent the use of healthcare data to create new and innovative products because product development isn’t related to patient care or management.
  2. Punishments for Breaches:  Breaches can be financially painful or even ruinous for a business. The penalties associated with breaches make executives think twice about the use of the data they have, even with business associates helping them manage care, because the risk to them is very real. What this means in the real world is that it can take a long time for a new business with a good idea to improve healthcare delivery to gain traction because the holders of data are reluctant to give these businesses the data they need.

These issues are real and are having negative effects in the healthcare industry. However, these same issues are not impeding innovation in other industries that have just as much (or more) private information. What gives here? Healthcare isn’t getting a fair shake.

There are a number of inequities in healthcare that we should take issue with:

There’s an uneven playing field. Think about where the data is in healthcare. It’s largely in the hands of the providers. They effectively own this data, even though technically it belongs to patients. Small startups have no access to this data. They have to hunt for providers willing to share. Often, the cost of sharing are onerous business terms. The larger the cache of data, the more advantaged you become, and in an industry like healthcare that is ostensibly rallied around social good, this should not be okay.

If you do get data, you might become a target. There are many examples where companies (for example, Google this past year) are harassed for doing innovative research for no other reason than they’re visible and have deep pockets. The problem is that we have obsolete regulations that are being used to make a point that isn’t valid in our modern context.

Most of the data we’ve accumulated isn’t used for innovation. The data outlook in healthcare has come a long way in the last ten years since the HITECH act was passed. Electronic medical records have gone from being sparsely used to nearly universal, but most of this data goes unused beyond the walled gardens of the medical record systems they live in. Artificial intelligence and machine learning applications depend on large, real-world datasets and could be put to use to build technology and resources to identify distinct risk profiles, analyze the effectiveness of treatment protocols across specific patient populations, or surface insights that can dramatically improve the speed and quality of care. But only the few commercial entities that have access to data can play in this space.

Continue Reading

Are Your Vendors Putting the PHI of Your Patients At Risk?

By Carol Amick, manager of health care services, CompliancePoint.  

Carol Amick

As healthcare providers continue to search for ways to cut costs and increase efficiency, many are outsourcing selected services.  One report indicated that 98 percent of the hospitals surveyed were either actively considering outsourcing or had already done so. [1] Outsourcing is expanding beyond non-core functions to clinical areas, as healthcare providers look for ways to decrease costs and increase quality. While outsourcing can be a cost-effective move, failure to properly assess and manage risks related to protected health information (PHI) can create legal and reputational issues for the organization.

However, outsourcing and relying on vendors to perform activities that involve access to PHI increases the risk to a covered entity. Over the past three years, the Health and Human Services Office of Civil Right (OCR) has issued approximately $6 million in financial penalties where failure to obtain a signed HIPAA compliant business associate agreement (BAA) from at least one vendor was either the sole reason for the financial penalty, or contributed the severity of the penalty.[2]

The HIMSS 2019 Cybersecurity Report noted that 30 percent of the healthcare vendor respondents had not experienced a significant security incident in the prior 12 months.[3] This means that 70 percent had experienced a significant security incident.

HIPAA requires that covered entities have a BAA with vendors that have access to PHI to perform duties on behalf of the covered entity, or if electronic PHI (ePHI) passes through their systems. The HITECH omnibus rules require that business associates comply with the security rule with regards to ePHI, report breaches of unsecured PHI to the covered entity, comply with applicable requirements of the privacy rule, and ensure their subcontractors agree to the same regulations[4].

While a BAA does provide a covered entity with some legal assurances, a BAA does not necessarily indemnify a covered entity against financial penalties for a breach if the covered entity failed to obtain “satisfactory assurances” of the vendors security.[5] Nor will a BAA won’t protect the entity’s reputation. Quest Diagnostics recently experienced a breach by one of their vendors of financial data for approximately 11.9 million patients.[6] While the breach was the fault of the vendor the media focus and public attention is on Quest Diagnostics. 

It’s important to consider if the data an organization is entrusting to a vendor is protected. What is the organization doing to ensure vendors who access ePHI understand their obligations and expectations? 

The steps below should be performed at least annually to help organizations ensure that their vendors are securing their data. Covered entities may do this internally or enlist the services of an independent agency to do the review.  

Verify the Organization Has Required BAAs

Organizations must compare their vendor master file against their BAA file. Many organizations know they set up processes to obtain BAAs when the Health Information Technology for Economic and Clinical Health (HITECH) Act, regulations related to business associates were released in 2013[7] and accounts payable has been trained not to process a check without a BAA. However, experience shows that if there is a way around those controls someone will have figured it out! Vendors can get established without BAA when you merge or acquire another provider. Vendors can get established without a BAA when an emergency purchase is made from a vendor. Vendors can change ownership without providing you with notice that you need an updated BAA.  

Reviewing the vendor master file should begin with elimination of vendors that the organization knows are not BAAs, such as utilities, employee expense reimbursement, contracted physicians, etc. The organization should then look at all remaining vendors and determine their use and access to PHI. The process can be time consuming and painful, but if this basic first step is never done, an organization will never know if they have identified the vendors that are putting the organization at risk. At the end of this process, the organization will have two lists; vendors with BAAs and vendors without BAAs.

Evaluation of Vendors

Once the organization has a list of vendors that access their PHI, they need to determine “what are these vendors doing to protect patient PHI.” Some questions organizations should ask themselves:

Evaluation can be done in a number of ways. If a vendor is audited annually to maintain their HITRUST certification, or they have a SOC II or other audit done to validate their security controls, ask for the reports. Furthermore, they should be reviewed to make sure that the controls the organization is relied upon to protect ePHI are functioning. If the vendor doesn’t have an independent review, the organization may need to do their own review.  Reach out to the vendor and talk to them about their security. Covered entities may find it helpful to survey their vendors on security.  

If a vendor doesn’t want to provide information, or can’t provide good data, the organization needs to perform a risk assessment to determine if they are willing to accept the risk presented from the lack of information. 

Update BAAs

After doing the two steps above, organizations should have listings of their vendors and their BAAs. For vendors with BAAs, review those BAAs. Have the agreements been updated to reflect the HITECH Omnibus requirements? Are the agreements complete with the names of both parties and the appropriate signatures? Is the contact information correct? If the vendor doesn’t have a BAA, it’s past time to get a BAA. If the vendor with access to PHI refuses to sign a BAA, it’s time to terminate that relationship!

Monitoring vendors for PHI security is not a “one time” review. A vendor who had a great security person who understood HIPAA and the organizations requirements, can have a financial set back and replace the experienced Security Director to save money. A vendor who assured an organization that their data was stored and processed in the US can suddenly outsource to an offshore location for processing of the account. While this monitoring can take time and resources, as many have learned in healthcare — a little prevention can often head off a major issue.  


[1] https://www.prnewswire.com/news-releases/by-2022-average-hospital-costs-must-be-reduced-by-24-to-breakeven-and-outsourcing-may-be-the-solution-says-black-book-300643743.html

[2] https://www.hipaajournal.com/hipaa-business-associate-agreement/

[3] https://www.himss.org/2019-himss-cybersecurity-survey

[4] https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/index.html

[5] https://www.hipaajournal.com/hipaa-business-associate-agreement/

[6] https://www.washingtonpost.com/business/economy/quest-diagnostics-discloses-breach-of-patient-records/2019/06/03/aa37b556-860a-11e9-a870-b9c411dc4312_story.html?utm_term=.ef131df9330b

[7] https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/business-associates/factsheet/index.html

How To Avoid Healthcare Data Hacking

Hacker, Cyber Crime, Internet, SecurityHealthcare data hacking has started occurring pretty often nowadays and most people are not even aware that their data has been stolen. Healthcare organizations are not built in a way they can identify illegal records; hence, they are unable to eliminate them.

The main problem is that people are not aware of healthcare data breach until they are sick and need treatment, which makes it the worst time to deal with problems like this. Breaching of healthcare data leads to losing insurance coverage, mixed up records, wrong diagnosis, medical harm, etc.

Thus, how do you prevent this from happening? Here are here to share some tips that will help you avoid healthcare data hacking.

5 Tips to avoid healthcare data hacking

  1.   Lexington Law. Healthcare data theft, along with Identity theft, has become a huge problem in today’s world. In order to stay protected from these things, hiring services like Lexington law can be extremely helpful.

They provide things like free credit report evaluation and attractive discounts for couples, families and active military personnel along with protecting your health care data and identity. You can go over to websites, like Crediful, to read a review about Lexington law before buying.

  1.   Do a risk assessment test. In 2003, a rule was passed by HIPAA which stated that healthcare organizations were required to take a risk assessment test. However, there was no penalty if not done, so most organizations did not do it.

Then the HITECH Act passed and it changed the law by making security risk analysis mandatory. Performing security analysis helps in identifying vulnerabilities in the security systems and identifying threats.

  1.   Always keep software up to date. Most people neglect software updates as they are busy and do not like the idea of taking the computer system offline for updates, but this is a terrible thing to do, and it puts your data on a huge risk.

The latest version of the software is mainly released to reduce any security risks, and not updating them keeps your devices vulnerable to threats and attacks. You will miss any security patch that comes with the latest updates. Criminals use this to their advantage to steal data from outdated devices. Thus, make sure you always keep all software updated.

Continue Reading

Will Connected Medical Platforms Cure Healthcare?

By David Niewolny, director of healthcare, Real-Time Innovations, Inc. (RTI).

David Niewolny

We live in a world where medical errors are the third leading cause of death behind cancer and cardiac disease, leading to more than 200,000 preventable deaths every year. We have an aging population growing at an unprecedented rate: 8.5 percent of people worldwide (617 million) are aged 65 and older, and this percentage is projected to jump to nearly 17 percent (1.6 billion) by 2050, leading to an anticipated physician shortage of more than 50,000 by 2025. On top of all of this, healthcare costs are projected to increase to over 25 percent of GDP in the United States by 2025. The convergence of these events is pushing the entire industry to begin leveraging technology more than it has in the past.

Many of these challenges can be remedied by leveraging Industrial IoT (IIoT) technology that’s been proven to solve similar challenges in other industries. Could an interoperable, connected healthcare platform that applies the principles of an IIoT connectivity architecture to share data throughout the healthcare system be the cure for our ailing healthcare system?

West Health, now the Center for Medical Interoperability, seems to think so. In 2013 they published a report showing how an interoperable, connected healthcare system could provide nearly $30 billion in industry savings while improving patient outcomes in the process. These connected healthcare platforms provide the foundation for innovation that is needed to make a meaningful data-driven change in healthcare. It’s these platforms that open the door to application developers everywhere to create modality-specific applications using artificial intelligence and machine learning.

So what exactly is a connected health platform and how does it provide a foundation for transformational change in healthcare? First, a connected health platform consists of hardware (gateways and servers) and embedded software components that are designed to take all of the data from any medical device (clinical or remote) and convert the data in a single usable format that gives providers access to a complete data set.

This connected platform will provide a variety of user interfaces, analytics and clinical applications to help users throughout the healthcare ecosystem distill value from this newly-gathered data. The applications range from the early detection of sepsis, to predicting cardiac arrest, to providing business analytics like bed and device utilization. The connected health platform will become the center of an ecosystem for further application development, similar to that of an online app store – but with built-in medical-grade safety and security. The connected health platform must ensure data security and patient privacy by aligning to guidance provided by the FDA on cybersecurity, and meeting the standards defined by HIPAA.

However, these connected health platforms are only as effective as the data they capture, which is determined by the connectivity frameworks they are built upon. Many of the currently deployed platforms are not platforms at all, but a collection of disparate systems that provide silos of individual device data.

These legacy systems have been built using internally-developed, proprietary, message-based communication technology. As the first step towards the development of a connected health platform, modern web services-based communication has been deployed on top of the legacy technology to begin integrating all of the disparate data streams via onsite data centers or the cloud. Although this is a step in the right direction, these platforms are far from complete. Because of the legacy communications infrastructure they are built upon, they are only able to aggregate a portion of the data making these systems a poor fit for true near-patient, real-time clinical decision support – the key to efficiently providing improved patient outcomes.

The Industrial Internet Consortium (IIC) recognized that the healthcare industry, along with many other “mission-critical” industries, was experiencing a similar set of connectivity and data integration challenges, and thus was not realizing the true benefit of the IIoT. In 2017, they set out to provide recommendations for the fundamental connectivity and security requirements of next generation IIoT systems. Its Industrial Internet Connectivity Framework document (IICF) recommends the Data Distribution Service (DDS) standard as the ideal framework for near patient, real-time connected health platform development. DDS provides a highly reliable, secure, real-time interoperable connectivity platform and is proven in other mission-critical environments, such as autonomous vehicles, naval ships and wind farms. These systems all rely on real-time data that allows medical device companies to design a connected health platform for today and the future without the burden of a less performant message-based architecture.

DDS provides a level of reliability, security and interoperable performance that cannot be matched with any other currently available, standards-based technology. By working with standards-based technology like DDS, healthcare developers can develop systems faster, with lower development and maintenance costs. Using an advanced connectivity software framework allows the connected healthcare platform developers to better focus their core competencies, and their customers’ requirements, clinical workflow, analytics and diagnosis.

The next 10 years will be transformational for the healthcare industry. Innovation will be moving at an unprecedented pace. Big tech, medical device vendors, payers and providers will be racing to develop or leverage new technology to better utilize data to improve patient outcomes, lower the cost of care and run more efficient operations. The connected healthcare platform is the future of the healthcare market. Those who embrace this trend and get to market first will transform the industry and establish a model for high-value, lower cost care for generations to come.

5 Ways Telemedicine App Development Upgrades Patient Services

The healthcare sphere has been transformed because of the emergence of medical apps and tech-driven platforms to provide patients with quality care at low costs. Telemedicine apps are one of the most significant clinical inventions which have made easy for medical practitioners to provide care services with much more convenience even to the patients residing in remote locations where immediate medical aid is still a fictional concept.

Healthcare organizations, doctors and clinical practices are embracing telemedicine apps in order to make the experience more interactive and fulfilling for the patients. But creating such apps is tricky. Want to know why?

Telemedicine apps deal with confidential health-related data (PHI) of the patients which makes it mandatory for custom medical software developer and app owners to integrate the best practices for providing data privacy and security provisions to keep the sensitive medical information intact.

Basically, telemedicine products have to be in compliance with HIPAA standards to ensure that the confidential PHI which they are gathering and storing will not get compromised or misused in any manner. Experienced clinical app developers can easily build intuitive telemedicine mobile solutions which are efficient as well as HIPAA-friendly.

Do you have any plan of designing such an app? If yes, please explore the article to find out any and everything you need to know about telemedicine apps. But prior to exploring the details let’s begin with the basics.

What Are Telemedicine Apps? Also, Why Do We Need Them?

It’s true that the healthcare industry has become advanced and tech-savvy but still, people residing in remote locations need to face a plethora of hurdles to get immediate medical aid. Also, the care facilities in such areas are either partially equipped or at the verge of shutting down due to negligence.

In addition to the clinical crises in the rural areas, the majority of hospital visits for follow-up checkups or prescriptions renewals are basic and can be handled easily through a call. These reasons have made medical stakeholders and developers think of building mobility solutions to help doctors in examining and treating patients via video calls by breaking all the location barriers. And, this is how telemedicine apps were born.

Telemedicine allows physicians to connect with patients in remote locations easily and help them in avoiding the possible inconveniences of a hospital visit. Also, these apps help doctors in creating a better schedule for examining more patients, save patients’ time and provide them with better access to care facilities at affordable costs.

What Are The Key Benefits Of Telemedicine Apps? And, How These Apps Help Medical Practitioners To Step Their Game Up & Provide Patients With Seamless Care Services?

As we have seen, telemedicine apps allow medical professionals to offer quality care services as well as practical guidance to remote patients by leveraging telecommunication technology which is a good cause.

But have you ever thought that remote consultations can boost patient services and be the primary driving force to overcome clinical crises? No, right? Let’s look at five crucial ways in which telemedicine apps are helping patients to create a new avenue for connecting and collaborating with experienced doctors and take charge of their health.

  1. Seamless Access To Specialists Who Can Promptly Examine Patients At Home

It’s extremely difficult for the family members of patients who are unable to walk to make frequent hospital visits. But telemedicine apps have made it easy to track the vital signs of the patients at home such as heart rate, blood pressure, breathing, etc. Once the data is captured and stored in the app it can be sent to the concerned physician for examining and prescribing treatment accordingly.

Such patients can also connect with some of the best doctors in their area via these apps over video calls. Doctor On Demand is one such telemedicine apps that allow patients to interact with doctors in case of an emergency situation. The patients can use this app to enter their symptoms, allergies, or any other medication which they are currently taking.

Especially, patients suffering from skin diseases, bruises and eye infections can send images of the affected areas and get instant medical aid. With the help of such real-time and photo-based physicians can message the treatment plan to the patients to give them instant relief.

  1. Helps In Minimizing Healthcare Costs For Financially Weak Patients

The remote patients can easily interact with specialized nurses they would not otherwise be able to afford via telemedicine apps. Also, they can get appropriate treatment prior to their disease becoming incurable.

In addition to accessibility to medical experts, telemedicine apps also help people in saving their time and energy in visiting hospitals often for getting their prescriptions renewed or follow-up checkups.

Patients can schedule an e-visit and discuss their current symptoms with the doctor. The physician will examine the symptoms and can make modifications in the prescription accordingly. Also, they can and recommend appropriate medicines or tests. Patients can either print it out or show the electronic version in the drug store to purchase the prescribed medicines.

It saves time and money for those patients which they would have spent on commuting and getting admitted. Also, it eases out the hectic schedule of the doctors as now they don’t have to treat and monitor several serious patients at the same time in the hospital wards.

  1. Provide Patients With Quality Care Services and Valuable Second Opinion On Recommended Treatment Plans

Because of lack of medical amenities hospitals in many areas aren’t capable to cater to different clinical needs of the patients. Also, such patients couldn’t get access to skilled medical practitioners because these clinical settings can’t afford them.

But telemedicine apps have made this possible for these patients to interact and take expert medical advice from specialized doctors which in turn increases the quality of care. Pingmd is a telemedicine app which helps patients to convey their symptoms to the concerned physician.

For instance, a patient has taken medication for high fever, but after having the medicine he is experiencing severe stomach ache. He might think if this ache is a side effect of the medication which he took. In such a case with the help of this app, he can ping his doctor about the stomach ache and can get the right advice.

Continue Reading

Healthcare Hacking Profitability and Prevention

By Ken Lynch, founder and CEO, Reciprocity Labs.

Ken Lynch

For decades now, hackers have been cashing in on financial data. The routine has been constant. A hacker finds their way into a site, steals financial information belonging to the site’s visitors then uses their personal information to create fake credit cards. These are then used to steal money from unsuspecting individuals. However, this trend hit a snag once financial institutions found ways of stopping such activities. This was frustrating to these intruders considering that most times, their efforts were rendered futile after the cards they made are blocked.

These people then discovered a new cash cow that allows them to reap money from insurance companies. Typically, hackers get as little as $1 for one credit card, which is a meager payment for such a dangerous job. However, healthcare information pays well in that they create counterfeit health insurance cards, then make cash claims in fabricated hospitals. Considering that the demand for this data is high, healthcare data attacks have been on the rise, targeting several hospitals, and they have managed to affect over 11 million people.

How do you keep your data safe from these online breaches?

With such high stakes, each hospital needs to come up with security measures that ensure their data is always safe. Look at some of the possible ways you can secure your information.

Asses the risks

You cannot solve a problem if you are not aware that it even exists in the first place. Check for loopholes that leave your hospital vulnerable to these attacks. For instance, a hospital with few employees leaves specific sectors such as the IT section unmanned, which makes them susceptible to being attacked. You must approach this by looking at the most sensitive areas of a company and find out the consequences that you may face if your data is stolen.

Appraise all agreement with business partners, vendors and client every year

Know the type of information that the people and entities you interact with access. Learn what your contract entails and review the speculations regularly. Long before new laws were formed, third-party companies never had any agreements with any of their partners. Whenever they got a hold of information, it was up to them to know what they wanted to do with such intel. In this era, such loopholes can lead to massive scandals, which is why you need to evaluate every past action and put stringent measures to ensure anyone who encounters sensitive information knows the implications of going against the agreement. Do not give a lot of authority to vendors and ensure that they sign privacy policies that bar them from sharing or using private data.

Continue Reading

Penalties For Violating HIPAA

By Ken Lynch, founder and CEO, Reciprocity Labs.

Ken Lynch

If your organization handles protected health information (PHI) or electronic Protected Health Information (ePHI), you should be well aware of the Healthcare Insurance Portability and Accountability Act known commonly as HIPAA. The HIPAA compliance is regulated by the federal government and failure to comply with it can attract penalties. Additionally, non-compliance may have severe consequences!

What are the penalties for HIPAA non-compliance?

Congress enacted HIPAA in 1996 with the primary intention of safeguarding sensitive information as people switched jobs. Additionally, the United States’ Department of Health and Human Services (HSS) established HIPAA Privacy Rule in 2003.

The privacy rule defines PHI as any information handled by a covered entity that concerns the health, treatment, or payment information associated with an individual. As technology related crimes increased, HIPAA focused on ePHI where they created three safeguards in 2005. They include:

Definition of covered entities and business associates

According to HIPAA, covered entities are all the bodies that are involved in the handling of a patient’s data. They include healthcare providers such as clinicians, doctors, nurses, pharmacists, dentists, and chiropractors as well as all healthcare plans providers such as the HMOs, health assurance entities, and government programs.

HIPAA also considers all healthcare clearinghouses as covered entities that should comply with its regulations. These bodies process nonstandard health-data that they obtain from the covered entities to transform it into standard data.

Business associates are all the institutions that can access the PHI or ePHI since they are contracted by the covered entities to execute specific activities on their behalf. HIPAA demands that your organization have a written contract that elaborates the responsibility of the business associates in upholding the integrity and confidentiality of the PHI that they handle.

Governing of HIPAA

The privacy and security regulations by HIPAA are enforced by the Office for Civil Rights (OCR) which serves under the Department of Health and Human Services (HSS). OCR provides a platform where you can air your complaints against covered entities as well as their business associates. If you feel that there is a data breach, you should visit the OCR website and submit your claims there for evaluation. Alternatively, you can use their portal, mail, fax, or email services.

Continue Reading

Will Connected Medical Platforms Cure Healthcare?

By David Niewolny, director of healthcare market, Real-Time Innovations, Inc. (RTI).

Network, Earth, Block Chain, GlobeWe live in a world where medical errors are the third leading cause of death behind cancer and cardiac disease, leading to more than 200,000 preventable deaths every year. We have an aging population growing at an unprecedented rate: 8.5 percent of people worldwide (617 million) are aged 65 and over, and this percentage is projected to jump to nearly 17 percent (1.6 billion) by 2050, leading to an anticipated physician shortage of more than 50,000 by 2025.

On top of all of this, healthcare costs are projected to increase to over 25 percent of GDP in the United States by 2025. The convergence of these events is pushing the entire industry to begin leveraging technology more than it has in the past.

Many of these challenges can be remedied by leveraging industrial IoT (IIoT) technology that’s been proven to solve similar challenges in other industries. Could an interoperable, connected healthcare platform that applies the principles of an IIoT connectivity architecture to share data throughout the healthcare system be the cure for our ailing healthcare system?

West Health, now the Center for Medical Interoperability, seems to think so. In 2013 they published a report showing how an interoperable, connected healthcare system could provide nearly $30 billion in industry savings while improving patient outcomes in the process. These connected healthcare platforms provide the foundation for innovation that is needed to make a meaningful data-driven change in healthcare. It’s these platforms that open the door to application developers everywhere to create modality-specific applications using artificial intelligence and machine learning.

So what exactly is a connected health platform and how does it provide a foundation for transformational change in healthcare? First, a connected health platform consists of hardware (gateways and servers) and embedded software components that are designed to take all of the data from any medical device (clinical or remote) and convert the data in a single usable format that gives providers access to a complete data set.

This connected platform will provide a variety of user interfaces, analytics and clinical applications to help users throughout the healthcare ecosystem distill value from this newly-gathered data. The applications range from the early detection of sepsis, to predicting cardiac arrest, to providing business analytics like bed and device utilization.

The connected health platform will become the center of an ecosystem for further application development, similar to that of an online app store — but with built-in medical-grade safety and security. The connected health platform must ensure data security and patient privacy by aligning to guidance provided by the FDA on cybersecurity, and meeting the standards defined by HIPAA.

However, these connected health platforms are only as effective as the data they capture, which is determined by the connectivity frameworks they are built upon. Many of the currently deployed platforms are not platforms at all, but a collection of disparate systems that provide silos of individual device data. These legacy systems have been built using internally-developed, proprietary, message-based communication technology.

As the first step towards the development of a connected health platform, modern web services-based communication has been deployed on top of the legacy technology to begin integrating all of the disparate data streams via onsite data centers or the cloud. Although this is a step in the right direction, these platforms are far from complete. Because of legacy communications infrastructure they are built upon, they are only able to aggregate a portion of the data making these systems a poor fit for true near-patient, real-time clinical decision support – the key to efficiently providing improved patient outcomes.

Continue Reading

How To Maintain Business Continuity and Compliance During An Emergency

By Paul Banco, CEO, etherFAX.

Paul Banco

Healthcare organizations know just how important it is to comply with the HIPAA Privacy Rule to protect sensitive and unstructured data such as patient records, scripts, discharge summaries, medical forms, authorizations, prescriptions, and insurance claims. However, in the event of an emergency, HIPAA compliance is usually the last thing on people’s minds. As a result, hospitals are often granted a HIPAA waiver of up to 72 hours from the time they first implement their disaster protocol. Unfortunately, without a HIPAA waiver, hospitals may face substantial liabilities and penalties for non-compliance.

Even worse, if a hospital’s network is affected by a natural disaster, cyberattack, or system outage, doctors may not be able to access medical records and patients will not receive the proper care. With any type of downtime, some disruption within a hospital is expected to occur. In some cases, these disruptions could be life-threatening. Reports have shown that more than 2,100 patient deaths are linked to hospital data breaches each year. Unfortunately, doctors are often so preoccupied with remediation activities after a breach occurs that patients no longer receive quality care.

Secure exchange network

To prevent tragedies, human errors, and system failures from occurring in the event of an emergency, healthcare organizations must utilize a HIPAA compliant, secure, and trusted network. The ideal secure exchange network will leverage hybrid cloud technology and military-grade encryption to provide 100 percent secure communications at all times. Document and fax transmissions sent via a trusted network will never traverse an external telephone network and, therefore, will remain secure between the remote client site and the secure exchange network at all times.

Disaster recovery

In addition to a secure exchange network, having a complete disaster recovery solution in place is business-critical. A disaster recovery solution works to ensure that organizations never experience downtime while inbound and outbound fax communications remain secure and protected from technical failures due to catastrophic events and natural disasters.

Continue Reading

Three Technologies Improving Mobility In Medicine

By Greg Shipmon, B2B channel development, Brother International Corporation

One of the biggest trends in healthcare has a distinctly technical focus: clinical mobility, the use of mobile devices like smartphones, tablets, laptops, and mobile printers by physicians and nurses at the point of care. According to the U.S Department of Health and Human Services, the average physician currently spends 15 hours per week on reporting measures, cumulatively costing a staggering $15.4 billion annually. Added mobility measures will be a huge relief to these healthcare heroes, who can then spend more time with patients.

The requirements for devices utilized by medical professionals are exacting and stringent because our health depends on them. Likewise, many devices must comply with the sweeping Health Insurance Portability and Accountability Act (HIPAA) regulations, along with numerous other government certifications. While there is a plethora of mobile healthcare devices on the market, a select few are worth calling out for the progress in their performance and usage. Here are three essential tools for modern practices.

Location technologies

No hospital or clinic can survive without positive patient identification (PPID) wristbands, which track patients from admission to discharge using printed labels and help improve throughput and security. Staff members scan bar codes on the bracelets to access medical history, medication lists, or allergies and then send data directly to labs or pharmacies through hospital databases. Workers can also use PPID to generate labels for everything from charts and bills to specimen containers, so important medical documents and paraphernalia stay secure.

Assisted living facilities and nursing homes that give patients more freedom benefit from PPID as well, because the technology is excellent at helping maintain the safety of residents. In many cases, family members can also access this information, and so have peace of mind.

Personal care technologies

Chatbots have revolutionized many areas of modern life, and medicine is no exception. The artificially intelligent apps handle basic but time-consuming tasks, ensuring patients take prescriptions and comply with orders. These tools will save the healthcare industry billions of dollars, so many tech companies want to get in on the action, such as by using text and voice apps to answer patient questions with natural language processing, helping medical professionals stay mobile and focused on their work.

Continue Reading