5G is on its way, promising high-speed internet access to everyone, everywhere. But how will increased connectivity impact overall security? Cybersecurity companies in the healthcare industry are working to effectively secure hospital networks and medical devices against hacks and vulnerabilities, but as technology like 5G becomes ubiquitous, more and more devices will have additional — and often unnecessary — connectivity features, thus creating more potential for vulnerabilities and breaches. Taking a proactive approach to cybersecurity is the solution we need to see more of in 2020.
In 2020, I expect there to be a significant push on price transparency to help patients (and providers) align more on the actual cost of services. This will help patients know what they are getting into before services are rendered and help providers secure payment prior to any procedures being performed. There has been an upward trend on this in the urgent care space, but I expect there to be an major expansion in 2020 with many other types of healthcare providers.
The tools available in the market, which will gain great adoption in 2020, will help to not only estimate costs, but will also help provide financing options for patients. These financing options often come with high interest rates, but give patients the ability to get the services they need today. With high deductible health plans continue to gain market share, patient out of pocket costs will continue to rise in 2020. Healthcare providers can no longer afford to wait for these funds after the fact, as patients take longer than the average insurance company to pay their bill.
Therefore, providers will be eager to secure payment before services are rendered in an effort to combat this new challenge they haven’t dealt with until recent years. With higher patient responsibility these healthcare providers have seen higher bad debt write-offs than ever before. The struggle providers are facing as more and more patients can’t afford to pay their bills is battling the thought of sending patients to collections and/or firing patients from their practice.
In 2020, providers are going to have to set stricter guidelines, collect more money at the point of service, offer financing options, and give greater financial transparency to patients (and themselves) before providing services. This opportunity is ripe for more healthcare technology companies to come in with price transparency and financing technology, coupled with patient engagement tools. These tools will help providers both engage patients and secure a form of payment to limit write-offs and increase collections.
Without this, we will continue to see more patients turned over to debt collections and even more patients filing for bankruptcy, due to their healthcare care costs getting out of hand. Healthcare technology companies in this space can help alleviate this issue and reduce the burden to both healthcare providers and patients.
Artificial Intelligence (AI) and Big Data Solutions – platforms that aggregate large amounts of patient data, like EHRs/EMRs, will continue to partner with leading AI companies to combine the massive amounts of patient data with other analytics and capabilities to help monitor and treat populations. Digital health management will expand beyond chronic disease management to become a mainstay in the general population.
People will continue to adopt the right technology for their health goals and use digital health management to navigate their healthcare journey. Femtech will continue to expand aggressively as the female population looks to help manage every aspect of their health with both in-person and digital resources.
MedCrypt, a medical device cybersecurity software provider, announces a $5.3 million Series A funding round led by Section 32, with participation from Eniac Ventures and Y Combinator. MedCrypt was part of Y Combinator’s Winter 2019 batch.
“Last October, the FDA released a major update to its premarket cybersecurity guidance for medical devices, publishing guidelines that line up just about perfectly with the solution we began developing three years ago,” said MedCrypt founder and CEO, Mike Kijewski. “Internet-connected medical technology is entering the market at light speed, calling for devices to be secure by design, which leads to a heightened level of patient safety at all times. We’re thrilled to see continued support from various groups in the industry, from the government to healthcare institutions and device vendors, along with support from our partners to help us further develop our technology and expand our team.”
The HIPAA Security Rule has been in effect for 14 years, aiming to protect electronic health data, yet a new study from CynergisTek reports the healthcare industry has only managed to achieve 72% compliance with it, leaving a gap that poses a security risk for those who are not yet compliant. The study also reports healthcare is expected to suffer two to three times more cyberattacks in 2019 than other industries. This data makes patient safety a critical area of focus.
“Patient data privacy has long been a concern, but the healthcare industry is just beginning to address patient safety risks presented by internet-connected healthcare technology,” said Vidya Murthy, vice president of operations, MedCrypt. “Research shows a 13.3 percent higher mortality rate for patients experiencing a cardiac arrest whose care was delayed by four minutes. While cybersecurity attacks to a device such as a pacemaker seem more dangerous, delays to patient care because of cyberattacks are much more real and likely.”
MedCrypt will use the funds to expand its team, adding new members in sales and engineering roles, and further develop its technology. MedCrypt’s security software allows device vendors to use cryptography to secure data traveling between or stored on devices. MedCrypt then provides remote, real-time monitoring to alert medical device vendors of suspicious behavior that may yield potential security threats to their company, devices and patients.
This round brings MedCrypt’s total funds raised to $8.4 million.
Advancements in medical device technology has allowed for services, initiatives and changes in healthcare delivery to evolve at a break-neck pace. Smartphones are increasingly integrated into patient care planning, providing internet connectivity to share data to healthcare delivery organizations (HDO), doctors and researchers. It is unfortunately also true that as the medical treatment landscape has evolved, it has been challenged by cyber-attacks. While shows like Homeland have portrayed the vice president’s wireless pacemaker introducing a vulnerability that can be used in an assassination attempt, individual patient harm is not the common scenario HDOs and patients face.
Instead, as a recent report from Positive Technologies indicates, healthcare hackers seem motivated to seek sensitive information and control over a system, compared to stealing financial information, or even money. How does this motivation impact a defense strategy in the already complicated healthcare ecosystem?
Location of care delivery
Let’s begin by understanding the volume of the situation. The average hospital bed has 10 to 15 devices connected to it. With the American Hospital Association count of hospital beds above 6,000 in 2019, this is in the frame of 900,000 devices inside U.S. hospitals. These devices often have Bluetooth or wireless capabilities. An adverse player in the ecosystem can potentially exploit this connectivity with the intention to expand into the HDO network, hospital/device database or elsewhere.
Healthcare has been shifting outside of the HDO to accommodate increasing costs in care delivery, remote patient geography and to accommodate populations that are unable to access an HDO on an ongoing basis. These changes have been great for patients and providers, enabling ongoing monitoring of patients even when they’re not in the HDO. But it also means that some connected devices operate outside of the secured and monitored HDO network, while sending data back to providers within the HDO network. The introduction of these connection points also serve as the introduction of additional threat vectors that need to be managed.
Types of data available
It’s not immediately obvious what data used in clinical care could be used by hackers to elicit monetary benefit for themselves. The idea of a blood pressure or ECG reading doesn’t exactly bring dollar signs to mind.
HDOs and care providers regularly obtain patient social security numbers (SSN), which can be relevant for billing purposes, or in an attempt to share data between HDO systems. This same data can be used by a malicious actor to commit requests for loans, prescriptions or insurance claims, open bank accounts, perform online transactions and even file taxes or claim rebates. Imagine the SSNs from a pediatrician’s office being sold and the fraudulent activity going undetected for a prolonged period, or the SSN of a deceased person that can be used with zero concern for active monitoring by the individual.
Records can also include communication methods for patients, such as email and phone numbers, which can be used for spreading spam/malware with the intention of running phishing campaigns. This is to say nothing of personal distress that can be introduced if patient medical conditions are known by individuals without the patient’s best interest in mind.
Individuals who use commercial trackers to identify fitness patterns and metrics to discuss with providers have intentions of bringing more data to a potentially difficult diagnostics. However they are also capturing information that can be correlated to determine physical location. The army base location that was disclosed because of GPS-related workout data demonstrates how different types of information can appear unrelated, yet end up unintentionally giving something crucial away.
The cornucopia that is the annual HIMSS conference and tradeshow – healthcare technology’s biggest event – is behind us, but what’s left in the wake is wonderful, inspiring even, if not a bit overwhelming. The reactions to this year’s event have been overwhelmingly positive. Interoperability in the form of data sharing and a ban on patient health information blocking by CMS (through proposed rules released the first day of HIMSS) set the tone.
This was followed by CMS administrator Seema Verma taking a strong tone in all of her presentations at HIMSS, with the media and during her keynote speech. The federal body made it clear that data generated from patient care is, unequivocally, their data. While these themes heavily influenced the show, there were other takeaways.
There are many other diverse opinions about what came out at HIMSS19 and the themes that will affect healthcare in the year ahead. For some additional perspective, I turned to healthcare’s thought leaders; people who are a lot smarter than I. Their responses follow. That said, did we miss anything in the following?
Dr. Geeta Nayyar, Femwell Group Health and TopLine MD
After spending a week surrounded by some of the most intellectual and innovative minds globally in healthcare at HIMSS19, I’m even more confident that the shift toward patient engagement mass adoption is well underway and ON FHIR. The new CMS/ONC proposed law around interoperability and penalties for “information blocking,” are both touchdowns for the quarterback, which remains to be patient engagement. The robust discussions during the pre-conference HIMSS patient engagement program, reflected a move to a consumer-centric approach evidenced by the presence of Amazon, Google and Microsoft at the show. The keynote by Premier’s CEO Susan Devore shared a consumer-centered, provider led vision, “with data flowing seamlessly and being analyzed and effectively leveraged to guide decision making at the point of care.” Collaboration in healthcare is the key to everyone’s success. I was inspired to see her and so many women coming together to support each other in HIT, as Dr. Mom remains the healthcare decision maker in the households, we are all ultimately trying to reach.
Andrew Schall, Modernizing Medicine
Physician burnout continues to be a hot topic coming out of HIMSS19 and many feel that EHR platforms may be a part of the burnout epidemic. There were several sessions that focused on user-centered design at HIMSS this year including one that focused on the iterative approach to software development and user experience. First, I think that the industry is recognizing that one-size-fits doesn’t work for EHRs. Additionally, I believe that improvements will come in large part from the greater involvement of practicing physicians in designing specialty-specific EHR workflows and interfaces. A combination of powerful technology like AI and augmented intelligence, as well as well-designed EHR solutions with an intuitive user interface and user experience, will help ease the physician burden and automate time-consuming and administrative tasks like coding and billing – ultimately reducing burnout.
Shane Whitlatch, FairWarning
HIMSS 2019 showcased the ongoing digital transformation to make healthcare responsive to patients across a continuum of care. Enabling patients to be able to access, use and own their personal health data, while ensuring privacy and security was the central takeaway of this year’s HIMSS. Notable, critical moves to support this goal included: the Department of Health and Human Services announced proposed rules to enhance interoperability and data access with payor data; ongoing security and privacy efforts to ensure appropriate patient access to their data while mitigating emerging risks from items including medical devices to nation-state attackers; and artificial intelligence and machine learning initiatives to effectively manage the tsunami of data in healthcare while promoting optimal healthcare.
Tripp Peake, LRVHealth
The best part of HIMSS this year was we seemed to get away from a single buzzword. Healthcare is hard, there’s no silver bullet. The Precision Medicine Summit got into the weeds about how to really roll out a program in a provider system. The AI companies stopped talking about AI for AI sake and were more focused on ROI. Everyone seemed more balanced about VBC: yes, inevitable, but also gradual. Consumerism was probably as close to a central theme as existed. And I continue to be excited about the energy, creativity, and commitment of the entrepreneurs in this market.
Don Woodlock, InterSystems
Anytime you bring 43,000 healthcare professionals together in one location, you will never have a shortage of opinions on the future of the industry. We are at the cusp of a revolution in healthcare, driven by technological advancements. Some key trends we saw at HIMSS19 were, no surprise, around artificial intelligence, where people are trying to enhance predictive risk scoring and improve patient engagement. Additionally, there were profound announcements around mandating application programming interface (APIs) to improve the flow of healthcare data across the ecosystem. As interoperability becomes liquid, it will become the critical component of every healthcare system, driving the industry to new heights.
Paddy Padmanabhan, Damo Consulting
On day one of the conference, the HHS sucked the oxygen out of the room by dropping a proposed 800-page rule on data and interoperability. The rule aims to aggressively expand interoperability by making it mandatory for providers and health plans participating in government programs such as Medicare Advantage, CHIP and others to make patient data available to patients as a condition for business. CMS head Seema Verma and ONC Chief Don Rucker drove the message home repeatedly during the conference. Indeed, Seema Verma declared it an epic misunderstanding that patient data can belong to anyone other than the patient. A somewhat sobering counterpoint was voiced by Epic Systems CEO Judy Faulkner in a media interview where she suggested that interoperability challenges go well beyond data sharing by EHR vendors. Regardless of where it may fall, interoperability will continue to dominate healthcare IT agenda for some time to come. Related issues around new and emerging data sources, especially social determinants of health, will gain prominence in the coming months.
Erin Benson, LexisNexis Health Care
The proposed rule on interoperability of health information influenced most conversations at HIMSS. In the context of cybersecurity, the rule served as a reminder that it’s just as important to let “good guys” in quickly and seamlessly as it is to prevent unauthorized access. We want to enable value-based care and give patients the ability to manage their own health by having access to their records. We also want to keep costs low and efficiency high by enabling interoperability and giving partners, vendors and employees necessary access to systems. Therefore, a cybersecurity strategy needs to strike a balance between user engagement and data security.
Mike Morgan, Updox
The power of consumerism is really impacting healthcare and the need for patient engagement is alive and well. Providers across the board must look at new technologies and ways to redefine patient engagement to better communicate with patients and partners but do it via channels that are easy for staff and customers to use. New applications, such as telehealth and secure text messaging, have changed how healthcare communicates and consumers are demanding that immediate, convenient engagement.
Vince Vickers, KPMG
HIMSS19 seemed to have the most decision makers at the conference in five-plus years when a lot of healthcare organizations were still looking at implementing electronic health records. We might be ready for another wave of healthcare IT investment after healthcare organizations digested those investments made in electronic health records. The key is now around optimizing EHRs – interoperability, improving ease of use, enhancing analytics — or dedicating resources to enterprise resource planning (ERP) systems to make themselves more efficient in the back office. We’re also seeing healthcare organizations position themselves to be more consumer-oriented, partly to address new entries from some of the tech companies, such as Google, Amazon, Microsoft, and a multitude of others, that wanted to make a big splash at HIMSS.
“Consumer pressure is driving a disruptive technology-enabled shift in healthcare today,” said Hal Wolf, HIMSS president and CEO, in a statement about the report. “Digital health technologies are beginning to deliver on their promise to help providers understand individual consumer preferences and provide personalized care that effectively coordinates care throughout the broader health ecosystem. By fully realizing the potential of information and technology, we can create an ever-increasingly informed and empowered global community of innovators, care providers, and patients.”
Specifically, the HIMSS report addresses four key trends: digital health implications and applications, consumer impact, financial and demographic challenges, and issues of data governance and policy. “Digital health tools have been riding the peak of the hype cycle for several years now,” the report points out, “but 2019 will be the year that digital health will need to answer for the way technology will increase access to care and narrow gaps in care and coverage.”
Given these areas of focus, it’s a good bet that the upcoming HIMSS19 conference and trade show will heavily promote these ideals. Even with that, there are likely going to be many other takeaways from healthcare technology’s biggest annual event so we asked some industry insiders, experts and thought leaders what they hope become the main takeaways from the event once it has wrapped. Here’s what they said.