Tag: HITRUST

Relias Achieves HITRUST CSF Certification to Manage Risk, Improve Security Posture and Meet Compliance Requirements

Image result for relias logoRelias announces the Relias Population Health Platform has earned Certified status for information security by HITRUST.

HITRUST CSF Certified status demonstrates that the organization’s Population Health Platform has met key regulations and industry-defined requirements and is appropriately managing risk. This achievement places Relias in an elite group of organizations worldwide that have earned this certification. By including federal and state regulations, standards and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security controls.

“Organizations like ours are under great pressure to meet complex compliance requirements that include technical and process elements such as HIPAA, NIST, ISO and COBIT,” said Ben Johnson, general manager for the Relias Population Health Solution. “The HITRUST CSF is the gold-standard that needs to be met, and Relias is pleased to be able to demonstrate its commitment by achieving HITRUST CSF Certification.”

“HITRUST has been working with the industry to ensure the appropriate information protection requirements are met when sensitive information is accessed or stored in a cloud environment,” said Ken Vander Wal, chief compliance officer, HITRUST. “We are pleased that Relias has taken the steps necessary to achieve HITRUST CSF Certified status, and we expect their customers to have confidence in this designation.”

Healthcare Hacking Profitability and Prevention

By Ken Lynch, founder and CEO, Reciprocity Labs.

Ken Lynch

For decades now, hackers have been cashing in on financial data. The routine has been constant. A hacker finds their way into a site, steals financial information belonging to the site’s visitors then uses their personal information to create fake credit cards. These are then used to steal money from unsuspecting individuals. However, this trend hit a snag once financial institutions found ways of stopping such activities. This was frustrating to these intruders considering that most times, their efforts were rendered futile after the cards they made are blocked.

These people then discovered a new cash cow that allows them to reap money from insurance companies. Typically, hackers get as little as $1 for one credit card, which is a meager payment for such a dangerous job. However, healthcare information pays well in that they create counterfeit health insurance cards, then make cash claims in fabricated hospitals. Considering that the demand for this data is high, healthcare data attacks have been on the rise, targeting several hospitals, and they have managed to affect over 11 million people.

How do you keep your data safe from these online breaches?

With such high stakes, each hospital needs to come up with security measures that ensure their data is always safe. Look at some of the possible ways you can secure your information.

Asses the risks

You cannot solve a problem if you are not aware that it even exists in the first place. Check for loopholes that leave your hospital vulnerable to these attacks. For instance, a hospital with few employees leaves specific sectors such as the IT section unmanned, which makes them susceptible to being attacked. You must approach this by looking at the most sensitive areas of a company and find out the consequences that you may face if your data is stolen.

Appraise all agreement with business partners, vendors and client every year

Know the type of information that the people and entities you interact with access. Learn what your contract entails and review the speculations regularly. Long before new laws were formed, third-party companies never had any agreements with any of their partners. Whenever they got a hold of information, it was up to them to know what they wanted to do with such intel. In this era, such loopholes can lead to massive scandals, which is why you need to evaluate every past action and put stringent measures to ensure anyone who encounters sensitive information knows the implications of going against the agreement. Do not give a lot of authority to vendors and ensure that they sign privacy policies that bar them from sharing or using private data.

Continue Reading

Top 12 Disruptive Healthcare AI Technologies Announced

Partners HealthCare announced its selections for the fifth annual “Disruptive Dozen,” the 12 emerging artificial intelligence (AI) technologies with the greatest potential to impact healthcare in the next year. The technologies were featured as part of the World Medical Innovation Forum held in Boston to examine AI in clinical care including a range of diseases and health system opportunities.

Gregg Meyer, MD
Gregg Meyer, MD

“Understanding state-of-the-art medical technologies enables us to anticipate the future of clinical care,” said Gregg Meyer, MD, chief clinical officer, Partners HealthCare and 2019 World Forum co-chair. “The Disruptive Dozen technologies can offer physicians and patients a renewed sense of optimism about Artificial Intelligence and its impact on diagnosis and treatment.”

The 2019 Partners HealthCare Disruptive Dozen are:

1 Reimagining medical imaging – AI is transforming radiology and imaging, including mammography and ultrasound, to bring improvements in clinical care and diagnoses to patients worldwide. Researchers envision AI transforming mammography from one-size-fits-all to a more targeted tool for assessing breast cancer risk, and further increasing utility for ultrasound for disease detection and rapid acquisition of clinical-grade images.

2 Better prediction of suicide risk – Suicide is the 10th leading cause of death in the U.S. and the second leading cause of death among young people. AI is proving powerful in helping identify patients at risk of suicide (based on EHR data,) and also examining social media content with the goal of detecting early warning signs of suicide. These efforts toward an early warning system could help alert physicians, mental health professionals and family members when someone in their care needs help. These technologies are under development and not cleared for clinical use.

3 Streamlining diagnosis – The application of AI in clinical workflows such as imaging and pathology is ushering in a new era of AI-enabled disease diagnosis. From identifying abnormal and potentially life-threatening findings in medical imaging, to screening pathology cases according to the presence of urgent findings such as cancer cells, AI is poised to aid the diagnostic, prognostic, and treatment decisions that clinicians make while caring for patients.

4 Automated malaria detection — Nearly half a million people succumbed to malaria in 2017, with the majority being children under five. Deep learning technologies are helping automate malaria diagnosis, with software to detect and quantify malaria parasites with 90 percent accuracy and specificity. Such an automated approach to malaria detection and diagnosis could benefit millions of people worldwide by helping to deliver more accurate and timely diagnoses and could enable better monitoring of treatment efficacy.

5 Real-time monitoring and analysis of brain health – a window on the brain – A new world of real-time monitoring of the brain promises to dramatically improve patient care. By automating the manual and painstaking analysis of EEGs and other high-frequency wave forms, clinicians can rapidly detect electrical abnormalities that signal trouble.  Deep learning algorithms based on terabytes of EEG data are helping to automatically detect seizures in the critically ill, regardless of the underlying cause of illness.

6 “A-Eye”: Artificial intelligence for eye health and disease – Not only is AI is helping advance new approaches in ophthalmology, it’s demonstrating the ability of AI-enabled technologies to enhance primary care with specialty level diagnostics. In 2018, the Food and Drug Administration approved a new AI-based system for the detection of diabetic retinopathy, marking the first fully automated, AI-based diagnostic tool approved for market in the U.S. that does not require additional expert review. The technology could also play a role in low-resource settings, where access to ophthalmologic care may be limited.

7 Lighting a “FHIR” under health information exchange — A new data standard, known as the Fast Healthcare Interoperability Resources (FHIR) has become the de facto standard for sharing medical and other health-related information. With its modern, web-based approach to health information exchange, FHIR promises to enable a new world of possibilities rooted in patient-centered care. While this new world is just emerging, it promises to give patients unfettered access to their own health information — allowing them to decide what they want to share and with whom and demanding careful consideration of data privacy and security.

8 Reducing the burden of healthcare administration — use of AI to automate routine and highly repetitious administrative functions. In the U.S., more than 25 percent of healthcare expenditures are due to administrative costs, far surpassing all other developed nations. One important area where AI could have a sizeable impact is medical coding and billing, where AI can develop automated approaches. The goal is to help reduce the complexity of the coding and billing process thereby reducing the number of mistakes and minimize the need for intense regulatory oversight.

9 A revolution in acute stroke care — Stroke is a major cause of death and disability across the world and a significant source of healthcare spending. Each year in the U.S., nearly 800,000 people suffer from a stroke, with a cost of roughly $34 billion. AI tools to help automate the diagnostic journey of ischemic stroke can help determine whether there is bleeding within the brain — a crucial early insight that helps doctors select the proper treatment. These algorithms can automatically review a patient’s head CT scan to identify a cerebral hemorrhage as well as help localize its source and determine the volume of brain tissue affected.

10 The hidden signs of intimate partner violence – Researchers are working to develop AI-enabled tools that can help alert clinicians if a patient’s injuries likely stem from intimate partner violence (IPV). Through an AI-enabled system, they hope to help break the silence that surrounds IPV by empowering clinicians with powerful, data-driven tools. While screening for intimate partner violence (IPV) can help detect and prevent future violence, less than 30 percent of IPV cases seen in the ER are appropriately flagged as abuse-related. Healthcare providers are optimistic that AI tools will further complement their role as a trusted source for divulging abuse.

Continue Reading

Syapse Oncology Platform Achieves HITRUST CSF Certification

Image result for syapse logoSyapse announces that the Syapse Oncology platform has achieved certified status for information security by HITRUST. This certification audits healthcare-specific security, privacy and regulatory requirements including HIPAA, NIST, ISO and COBIT, as well as industry best practices and provides a single evaluation framework that is designed for the unique needs of Syapse’s health system customers.

“Syapse is scaling one of the largest global networks of health systems and we are committed to building secure and resilient infrastructure for powering precision medicine solutions in cancer care. Our health system partners are under immense pressure to meet complex compliance requirements and through certifications like HITRUST CSF we are helping them solve the technical and process elements of best practices in information security,” said Vinod Subramanian, senior vice president, cloud operations at Syapse. “Syapse is proud to demonstrate its deep commitment to security by achieving the high bar set through HITRUST CSF certification. It’s a validation of our team’s threat awareness and our growing investment in protecting customer data.”

The precision medicine solutions that Syapse provides to its health system customers are developed with a comprehensive understanding of the risk environment and the corresponding needs they identify. For example, every health system working with Syapse retains all access and usage rights to their organization’s data. In addition to the HITRUST CSF certification, Syapse has instituted safeguards, policies, and procedures to protect health system data in compliance with federal health laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), as well as various state data privacy laws across the country.

“The HITRUST CSF has become the information protection framework for the healthcare industry, and the CSF Assurance program is bringing a new level of effectiveness and efficiency to third-party assurance,” said Ken Vander Wal, Chief Compliance Officer, HITRUST. “The HITRUST CSF Certification is now the benchmark that organizations required to safeguard protected health information are measured against with regards to information protection.”

12 Steps For Agile Compliance Management

By Ken Lynch, founder, Reciprocity Labs.

Ken Lynch

Agile companies do things faster and efficiently. In agile development, lean startup models apply agile methods to build high-quality systems that meet any industry, regulatory and other relevant standards such as HIPAA and remain “audit ready.”

Agile companies focus on quick wins, external focus, ruthless prioritization, and continuous development. Agile development relies heavily on constant testing to ensure improvement.

Agile compliance management

Lean development refers to a set of principles that are designed to eliminate waste, build-in quality, create knowledge, deliver fast results, defer commitment, respect people and optimize the whole process. At their core, both agile and lean development focus on efficiency, sustainability, speed, quality and communication.

Companies can deliver software faster when they eliminate inefficient processes. Agile development follows the following 12 principles:

 How Agile development applies to cybersecurity

Agile development methods align well to cybersecurity because they focus on harnessing change, readjustment and reflection. You see, malicious actors (think black hat hackers) have excelled in agile development. They continuously re-adjust their attacks to maintain superiority and remain one step ahead of defensive mechanisms employed by organizations by improving the quality of their software. To combat these threats, you need to come up with a similar agile security-first approach to protect your information and systems.

What is Agile compliance?

Agile compliance also focuses on the 12 principles of agile development; however, it focuses on threat mitigation and not product development. Furthermore, agile compliance prioritizes customer data security as well as stakeholder satisfaction as the primary product as opposed to customer satisfaction, which is the main focus of agile development.

When it comes to cybersecurity governance, risk and compliance (GRC), data integrity and availability leads to customer satisfaction and confidence. With compliance’s security-first approach, you create an iterative process that includes mitigation, monitoring, and review, which is aligned with your controls and protects your data.

In cybersecurity, an agile compliance program is a security-first strategy that is put in place to protect data. This strategy focuses on your data controls’ quality and ensures that even when industry regulations and standards lag behind threat vectors, your company maintains a secure data environment. Here are the 12 principles: 

Continue Reading