HealthTech - Technology Solutions That Drive Healthcare en Q&A: Great Lakes Health’s Doug Dietzman Touts Data Sharing in Times of Crisis <span>Q&amp;A: Great Lakes Health’s Doug Dietzman Touts Data Sharing in Times of Crisis</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/09/2018 - 14:12</span> <div><p>The flow of information in a safe, secure and efficient manner is paramount to the delivery of high-quality healthcare. Grand Rapids, Mich.-based <a href="" target="_blank">Great Lakes Health Connect</a> (a health information exchange, or HIE, that counts <strong>129 hospitals</strong> across the state as participants) offers tools and services to help healthcare organizations connect and share data for both everyday patient care and broader population health efforts.</p> <p>“We want to make sure that when we as individuals move from place to place, from a healthcare standpoint, our data can follow us wherever we go,” says Doug Dietzman, executive director for GLHC, which currently holds information for<strong> 9.8 million people</strong> in its master person index.</p> <p><em>HealthTech</em> spoke to Dietzman about data security and storage, GLHC’s biggest challenges, the benefits of HIEs, and the organization’s ongoing efforts focusing on the <strong>opioid crisis and clean water.</strong></p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How are you ensuring the privacy and safety of patient data?</h2> <p>Really focusing on <a href="" target="_blank">HITRUST</a> [Health Information Trust Alliance] certification has been big for us to show our partners that privacy is top of mind for GLHC. We conduct <strong>quarterly internal security assessments</strong>. We also have our corporate and administrative domain completely separate from our healthcare domain, so if something happens on the corporate side, a hacker can’t leak over and gain access into the clinical side of the house.</p> <p>We’re also focused on deployment of electronic safeguards like <strong>firewalls, data encryption </strong><strong>and</strong><strong> monitoring solutions</strong>. Nobody is mandated to work with us, and we have to be able to demonstrate that we’re doing everything we can possibly do at the highest level to keep the information secure.</p> <h2><span style="color: #c74037;">HEALTHTECH: </span>Can you speak about the tools that enable data exchange with so many partners?</h2> <p>From a storage standpoint, we use <a href="" target="_blank">Dell EMC</a> solutions. We run on a virtual server environment with <a href="" target="_blank">Cisco UCS</a>.</p> <p>We work out of <strong>two </strong><strong>colocated</strong><strong> data centers</strong>, and our health connect platform is highly available between them; if it goes down, it’s immediately picked back up. We used a lot of Cisco networking solutions to build that out. We intentionally built the infrastructure incrementally, so we won’t have to do a big “rip and replace” in the future. We can continue to just add on other pieces as necessary.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> You recently announced a collaboration with the University of Michigan focused on the opioid crisis. What is GLHC’s role in the effort?</h2> <p>A lot of the information that’s been used to try and define where there are hot spots — where there are issues — tends to be very dated, back-end claim data or other data that has been sitting around for a while. What the university is trying to do with this project is to <strong>review more real-time data</strong>.</p> <p><img alt="Q0318-HT-QA-Bowman-Quote.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p><span style="font-size: 11px; line-height: 20.8px;">Photography by Logan Zillmer</span></p> <p>What we provide specifically is connections to many of the hospitals throughout the state. We’ve got the admissions, discharge, transfer and encounter data that’s coming out, so we’re enriching that. We’re looking for specific diagnosis codes and other information that would suggest that something is related to an opioid event, and then we’re delivering that transformed data into the <a href="" target="_blank">University of Michigan Acute Care Research Unit</a>’s repository, and also helping them with other data they receive.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> In 2016, GLHC committed $250,000 to connect all healthcare providers in Genesee County in response to the lead contamination of drinking water in Flint. What’s being done to continue to support those impacted by the water crisis?</h2> <p>A core part of our investment was to hire somebody from Flint to be on the ground to help us drive things. That person continues to work there and focus on the community. The other core part was to pay electronic health record interface costs to vendors. We’ve done dozens of those with more than <strong>100 organizations</strong> in that region.</p> <p>We’re also developing and delivering reports on a regular basis that show who visited the emergency room multiple times in the previous month, then working with providers, Medicaid health plans and others through the Greater Flint Health Coalition to try to figure out how to intervene with those patients.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What are the biggest challenges on a day-to-day basis?</h2> <p>One of the main challenges is trying to keep up with the changes in this industry from technical, regulatory and business standpoints. Another is <strong>managing through hype</strong>.</p> <p><img alt="Q0318-HT-QA-Bowman-Quote2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>There is such an interest in trying to find the shiny object or <strong>silver bullet</strong> that’s just going to make everything work. A lot of what we do is pretty boring, blocking and tackling hard connectivity work between systems, and sometimes I think that gets lost a little bit in the idea that we have standards now and so it should just all work.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> Can you speak to the importance of HIEs in connecting disparate organizations during crisis situations, such as natural disasters?</h2> <p>The use of <strong>HIEs should really be baked into emergency plans</strong>. We plan stockpiling beds, medications, gauze, but we often don’t think ahead when preparing for emergencies about the need to <strong>stockpile data</strong>.</p> <p>If and when people in our communities get spread to the wind, or even sent to other states, there is an ability to be able to have that data ready to follow them, and care for them.</p> <p>Our approach is getting the data to the right place at the right time.</p> </div> <div> <div class="field-author"><a href="/author/dan-bowman" hreflang="en">Dan Bowman</a></div> </div> Thu, 09 Aug 2018 18:12:29 +0000 juliet.vanwagenen_22746 41291 at Network Management Tools Help Providers Head Off Bottlenecks <span>Network Management Tools Help Providers Head Off Bottlenecks</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/09/2018 - 09:38</span> <div><p>As part of a recent expansion, Batesville, Ark.-based <a href="" target="_blank">White River Health System</a> upgraded its wired and wireless LANs, enhancing its ability to support more than <strong>4,000 connected devices</strong>.</p> <p>While the modernization provided WRHS clinicians a vehicle to improve patient care delivery, Director of Information Systems Jeff Reifsteck knew more work was necessary. An inability to closely monitor the organization’s entire network environment and act on problems in real time could put patient privacy and safety at risk.</p> <p>To that end, WRHS is also upgrading its network management suite with solutions from <a href="" target="_blank">Extreme Networks</a>. The setup provides Reifsteck with peace of mind that the organization can stay ahead of the curve in terms of potential bottlenecks and cyberthreats.</p> <p>“By adding new tools for gathering and analyzing network data, we have the <strong>visibility to identify problems in real time</strong>, usually before end users even report them,” he says.</p> <p>WRHS isn’t alone when it comes to making such upgrades. Hospitals throughout the country are making enhanced visibility a key consideration when revamping their networks for better performance and security, and ultimately for <strong>higher levels of patient care</strong>.</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Tap Digital Transformation with Granular View of Performance</h2> <p>Zeus Kerravala, a principal analyst at ZK Research, calls the network “<strong style="font-size: 15px;">the building block of digital transformation</strong><span style="font-size: 15px;">” in every industry, including healthcare.</span></p> <p>However, all too often, IT officials struggle to achieve full performance potential because of blurred vision. Nearly half the network managers across all sectors have no confidence that they know about all the devices connected to their networks, he says.</p> <p>“Visibility is the first step — and one of the most important ones — for network optimization,” Kerravala says.</p> <p>To gain visibility and dynamic management capabilities, WRHS’s technicians rely on the Extreme Management Center, a central console that integrates with a suite of network optimization tools. One of the most important is ExtremeControl, a network access controller, says Matt Stone, network administrator.</p> <p><img alt="Q0318-HT-Feat-Joch-quote.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p><span style="font-size: 11px; line-height: 20.8px;">Photography by Dero Sanford</span></p> <p>“That enables us to change device settings dynamically, rather than by physically touching everything,” he says. “It allows us to make adjustments a lot faster than when we had to walk or drive to the relevant closet.”</p> <p>Another component of the hospital’s setup is <a href="" target="_blank">ExtremeAnalytics</a>, which displays detailed information about network traffic patterns. Wesley Evans, a hardware solutions manager at WRHS, says the tool allows the organization’s IT team to see performance at a granular level and troubleshoot problems without having to sort through extensive log files. For instance, when the network recently experienced a communications slowdown after being flooded with <strong>4 terabytes of data</strong>, the IT team was quickly able to determine that a misconfigured software application was the culprit.</p> <p>“It gives us <strong>real-time statistics</strong> about application and network response times for a complete picture of what end users are experiencing,” he says.</p> <p>“We would not have identified that problem so quickly without analytics,” Stone adds.</p> <h2 id="toc_1">Data Throughput Gets a Boost with Wireless Upgrades</h2> <p>When IT officials at <a href="" target="_blank">Lorien Health Services</a> felt a similar drive to gain new insights into their network operations, they focused on modernizing their wireless infrastructure.</p> <p>The slowness of Lorien’s previous generation of wireless devices caused nurses and other staff to unexpectedly be dropped from the networks, leading to frustration and lost productivity, says Michael Bowman, a network engineer with the skilled nursing facility, which has <strong>14 locations</strong> throughout the Baltimore area.</p> <p>Legacy equipment wasn’t the only culprit. The brick and cement facilities also made it difficult to provide reliable Wi-Fi coverage where it was needed.</p> <p>To overcome these problems, the IT team <strong>upgraded the Wi-Fi network</strong> with <a href="" target="_blank">Aruba’s Mobile First Network suite</a>, which enhances visibility through <strong>Simple Network Management Protocol</strong> monitoring. In addition, Bowman worked with engineers from Aruba to heat map each facility and determine the optimum number and placement of access points and controllers. The upfront work paid off, as the network can now support as much as a gigabit of data throughput, triple its previous capacity.</p> <p>Just as important, <strong>Aruba RADIUS authentication</strong> provides single sign-on capabilities, which means staff no longer have to reauthenticate when they move throughout a facility and connect with different access points.</p> <p>The suite helps Bowman monitor network performance and maintain tight security.</p> <p>“We can analyze any log data or run standard reports to quickly see <strong>performance trends</strong> or areas where there may be <strong>network interference</strong>,” he says. “If there’s channel interference, the technology tells me where the problem is, down to the IP address of the individual access point and its physical location in the facility. Then, I can just switch the channel or do some other adjustment to overcome the issue.”</p> <p>The solution also sends email alerts at the first sign of suspicious activity. “If there’s a new device that’s trying to connect, we can authenticate it or decide that it should be blocked,” Bowman says.</p> <h2 id="toc_2">Better Network Management Ensures HIPAA Compliance</h2> <p>As part of its network management strategy, <a href="" target="_blank">Sentara Healthcare</a> (an integrated, not-for-profit system that operates <strong>12 hospitals and hundreds of care facilities</strong> in North Carolina and Virginia) uses a software-defined segmentation solution that not only helps it to better control its networks, but also enhances security. It allows administrators to dynamically define and apply policies as the mix of devices changes.</p> <p>“People have been talking about network segmentation for so many years, it was easy to assume that everyone was doing it,” says Daniel Bowden, vice president of information security at Sentara Healthcare. “But that’s just not the case.”</p> <p>The health system uses <a href="" target="_blank">Cisco</a> DNA Center, which includes <strong>Cisco</strong><strong> IOS XE 16</strong>. The solution provides programmable interfaces for visibility into <strong>application performance</strong> and the <strong>behavior of switches and routers</strong>.</p> <p><img alt="Q0318-HT-Feat-Joch-elpunto.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>In addition, <strong>Cisco Software-Defined Access</strong> lets Sentara administrators enforce segmentation policies, a significant change from earlier, hard-wired segmentation techniques where an individual had to manually change the IP addresses to alter segments.</p> <p>“We just create the policies and profiles and then apply them to the network,” IT Director Chad Spiers says.</p> <p>The security implications of dynamic network segmentation are significant for healthcare organizations, the Sentara executives say. If hackers successfully breach a networked medical device, for example, segmentation gives the IT staff a way to limit the outbreak to a small part of the network.</p> <p>“<a href="">Network segmentation</a> is one of the most important things you can do to mitigate risk,” Bowden says.</p> <p>WRHS’s team is also adding segmentation to its toolbox, implementing <strong>Extreme’s Information Governance Engine</strong> to analyze its networks for signs of regulatory noncompliance issues. The solution will help officials achieve the security and privacy goals that HIPAA addresses and, almost as significantly, reduce the burden of preparing for audits.</p> <p>While the improvements in network visibility may make life easier for the IT staff, the big winners ultimately are the clinicians, Reifsteck says.</p> <p>“When clinicians aren’t worrying about the performance and reliability of their networked devices and applications, they’re able to <strong>focus more on caring for patients</strong>,” he says.</p> </div> <div> <div class="field-author"><a href="/author/alan-joch" hreflang="en">Alan Joch</a></div> </div> Thu, 09 Aug 2018 13:38:27 +0000 juliet.vanwagenen_22746 41286 at Providers Need to Listen, Learn and Adapt to Change for Clinical Communication Success <span>Providers Need to Listen, Learn and Adapt to Change for Clinical Communication Success</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 08/08/2018 - 17:49</span> <div><p>Think about how clinicians and staff at your organization communicate with each other. Is it easy and efficient, or fraught with complications?</p> <p>A <a href="" target="_blank">recent survey</a> conducted by Spyglass Consulting Group finds that many clinicians today are <strong>overwhelmed by communication challenges</strong>, from outdated overhead paging and traditional pager systems to continuous device alerts and a plethora of incoming voice and text solutions. Respondents also say that EHR-based messaging tools often are poorly designed and fail to integrate within their regular workflow.</p> <p>Additionally, <a href="" target="_blank">80 percent of hospitals surveyed by technology vendor</a> Imprivata have expressed concern about the difficulties associated with communicating and working with members of multidisciplinary teams.</p> <p><a href="">Collaboration among healthcare professionals</a>, particularly as it relates to patient care, should not be this burdensome.</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2>Update Your IT Arsenal to Meet Today's Care Challenges</h2> <p>Many organizations are taking steps to avoid those pitfalls. Take <a href="" target="_blank">Parkland Health &amp; Hospital System</a> in Dallas: Following a move to an 862-bed, <strong>2.1 million-square-foot </strong>facility a few years ago, <a href="">the health system updated its arsenal of mobile tools</a>, including new hardware and cloud-based solutions.</p> <p>Meanwhile, <a href="" target="_blank">Mary Washington Healthcare</a> in Fredericksburg, Va., <strong>transitioned more than 1,000 clinicians</strong> last year to a secure text messaging platform. The move helped to streamline what previously had been a multistep communications process that was time-consuming for users. <a href="">Chief Medical Information Officer David Yi says</a> that the effort has made collaboration among his staff “much faster and more effective.”</p> <p><img alt="Q0318-HT-Voices-Halloway-pullquote.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>According to Spyglass, <strong>90 percent of the hospitals</strong> it surveyed are making “enterprisewide investments in smartphones and secure mobile communications platforms.” Seventy-three percent of respondents say they have already developed or are developing mobile-specific strategies to that end. </p> <h2>Organizations Turn to Telehealth to Improve Resources</h2> <p>Providers also increasingly are leveraging telehealth technology to optimize collaboration between clinicians and improve the timeliness and quality of care. According to a <a href="" target="_blank">survey</a> published last fall by law firm Foley &amp; Lardner, <strong>75 percent</strong> of respondents currently offer or plan to offer telehealth services. In the <a href="" target="_blank">same survey three years</a> earlier,<strong> 87 percent</strong> of respondents said they did not expect a majority of their patients would be using any of their organization’s telehealth services by 2017.</p> <p>Companies such as <a href="" target="_blank">Access Physicians</a> and <a href="" target="_blank">Avera eCARE</a> both <a href="">offer remote support to healthcare organizations</a>. Both help rural facilities care for patients, while also providing clinicians the opportunity to learn new procedures by working alongside remote specialists. They also provide intensive care unit, emergency room and hospitalist services to care organizations throughout multiple states.</p> <p>Additionally, <a href="" target="_blank">Project ECHO</a> (Extension for Community Healthcare Outcomes) <a href="">connects physicians with one another via video technologies</a> with a goal of training primary care clinicians to provide specialty care services. </p> <p>Organizations must <strong>continuously update their clinical communication strategies</strong> to optimize care delivery. </p> <h2>Constant Updates Keep Care Team Communication Fresh</h2> <p>According to <a href="" target="_blank">research published in <em>JAMA Internal Medicine</em></a>, <strong>better communication between healthcare teams</strong> could help to greatly reduce hospital readmissions.</p> <p>It all starts at the top with engaged and attentive leadership and good planning. Listen to your clinicians and staff to learn about their needs and what tools and strategies could be most effective.</p> <p>Including end users in the process of a solution deployment will likely help <strong>reduce pushback and improve uptake</strong>, and, more important, the quality of patient care.</p> </div> <div> <div class="field-author"><a href="/taxonomy/term/11526" hreflang="en">Christine Holloway</a></div> </div> Wed, 08 Aug 2018 21:49:40 +0000 juliet.vanwagenen_22746 41281 at How Healthcare Organizations Build a Foundation to Harness Healthcare Analytics <span>How Healthcare Organizations Build a Foundation to Harness Healthcare Analytics</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 08/08/2018 - 11:24</span> <div><p><a href="" target="_blank">Sanford Health</a>’s leaders have prescribed a new kind of medicine to improve patient health: advanced data analytics. The Sioux Falls, S.D.-based healthcare provider centralized its data by building a virtual data warehouse, while a team of employees worked on information governance by developing standard definitions for healthcare terms, making data from different business and clinical applications usable for analysis.</p> <p>Now Sanford Health is building algorithms that enable the <strong>44-hospital, 291-clinic health system</strong> to predict patient behavior and outcomes, such as potential appointment skipping. It’s going one step further by also deploying prescriptive analytics, which provide recommended actions, such as best practices for convincing patients to show up for appointments.</p> <p>“We needed to centralize our data to have one source of truth,” says Doug Nowak, senior executive director of enterprise data analytics at Sanford Health. “Now we’re mining that data and are able to <strong>make informed decisions versus making gut decisions</strong>.”</p> <p>More and more healthcare providers have started investing heavily in data analytics for research, as well as to gain insight into their business and clinical operations and improve patient care and population health efforts.</p> <p>Cynthia Burghard, a research director with <a href="" target="_blank">IDC Health Insights</a>, says analytics adoption is still in its early stages in healthcare, but that it’s growing rapidly because it allows organizations to provide more efficient and effective patient care, which is critical as the industry transitions from fee-for-service to value-based pricing.</p> <p>“The business model in healthcare used to be ‘I do something, I get paid for it,’” she says. “The business model now is ‘I better do the right thing; otherwise, I won’t get paid.’ The only way to know how to do the right thing now is with data.”</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Sanford Health Unifies, Virtualizes Data to Speed Access</h2> <p>Data analytics adoption has grown the past few years as electronic health record vendors have added such capabilities to their product portfolios. Stand-alone software vendors that specialize in artificial intelligence also are offering <strong>healthcare-specific analytics applications</strong>, making it easier for providers, particularly smaller hospitals, to implement analytics, Burghard says.</p> <p>Some organizations, like Sanford Health, are more do-it-yourselfers, building their own algorithms and piecing together technology, such as data warehouses and visualization tools.</p> <p>About two and a half years ago, Sanford Health CEO Kelby Krabbenhoft announced an initiative to turn the health system into a <strong>data-driven organization</strong>. Nowak oversaw the transition and spent two years building the foundation.</p> <p><img alt="Q0318-HT-Feat-Wong-Quote.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>He <strong>consolidated different data analytics teams</strong> throughout the organization into a unified, <strong>60-person team</strong>. Then, a data governance committee created uniform definitions of healthcare terms. That’s important because Sanford Health previously had, for instance, 20 different definitions for “in-patient.”</p> <p>“If someone asks for a report, we may have to get data from 15 different systems, so <strong>all the terms have to match</strong>,” Nowak says.</p> <p>He used <a href="" target="_blank">Cisco Data Virtualization</a> (now owned by TIBCO Software) to create a virtual data warehouse that links together the health system’s different applications, such as patient data from its EHR, the general ledger and other clinical systems. Sanford Health’s analysts work closely with operations staff to learn what kind of data they need, then provide it nearly instantaneously through SAP tools.</p> <p>Today, the organization’s executives and staff use <a href="" target="_blank">SAP’s Lumira</a> visualization tool to access a dashboard that provides <strong>20 views of real-time financial and operations data</strong>. The data analytics team moves information from the data warehouse into a SAP HANA database. That allows for faster access because it stores data in memory and not on hard drives.</p> <p>When users launch Lumira to view the dashboard, the tool grabs the information from HANA in <strong>3 seconds</strong>, rather than the <strong>45 to 60 seconds</strong> it would take if the data were accessed directly from the data warehouse.</p> <p>“<strong>Users get the data they need at a moment’s notice</strong>,” Nowak says.</p> <h2 id="toc_1">CHI Taps Data to Prioritize Quality and Safety</h2> <p><a href="" target="_blank">Catholic Health Initiatives</a> (CHI) in Englewood, Colo., is also using analytics to become a data-driven health system. It has improved patient outcomes at its hospitals over the past three years, including <strong>reduced mortality rates and post-surgery complications</strong>.</p> <p>CHI had a robust enterprise data warehouse when Jim Reichert, vice president of clinical analytics, moved to the corporate office in 2013 to lead the organization’s clinical analytics effort. But while CHI’s hospitals fed data into the warehouse, only small amounts were normalized, standardized and usable.</p> <p>After establishing a data governance structure and standardizing on analytics tools, Reichert and his team began providing executives and hospital leaders monthly reports that track <strong>23 metrics for quality of care</strong>, patient safety and patient engagement. They receive a score for each metric and their results are measured against national benchmarks from the <a href="" target="_blank">Centers for Disease Control and Prevention’s National Healthcare Safety Network</a> and two private firms.</p> <p>“Our overall goal is to get to the <strong>75th percentile for our quality,</strong> safety and patient experience measures against those data sources,” Reichert says.</p> <p>CHI’s efforts have worked. For example, from 2014 to March of this year, heart failure mortality at its hospitals dropped 24 percent, while post-operation complications, such as hip fractures, <strong>decreased 79 percent</strong>.</p> <h2 id="toc_2">Nationwide Children's Hospital Predicts the Future with Analytics</h2> <p>At <a href="" target="_blank">Nationwide Children’s Hospital</a> in Columbus, Ohio, a team of <strong>six data scientists</strong> works with the hospital’s <strong>25-person</strong> research information systems team to improve clinical support using analytics. The heart of its effort resides on an enterprise data warehouse built with Oracle software, says Simon Lin, the hospital’s chief research information officer.</p> <p>In one project, Nationwide Children’s Hospital is testing a homegrown algorithm that can <strong>predict which children are in danger of deteriorating fast </strong>and will need to go to the intensive care unit.</p> <p><img alt="Q0318-HT-Feat-Wong-elpunto.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>The hospital’s <strong>Vitals Risk Index</strong> uses an algorithm that takes five vital signs, (heart rate, respiratory rate, systolic blood pressure, body temperature and oxygen saturation) as well as the patient’s oxygen support level, and makes an assessment objectively through a computer model, says Tyler Gorham, the lead data scientist on the project.</p> <p>In testing, the algorithm was able to identify <strong>39 percent</strong> of patients who would require cardiopulmonary resuscitation two hours before the actual event occurred. It’s an improvement over the hospital’s existing assessment method, which requires medical staff to take children’s vital signs and make a subjective assessment; that method identified just <strong>24 percent</strong> of at-risk patients two hours before an event.</p> <p>“Right now, the stats show it’s effective,” Lin says. “We’re testing it, and if it works, we’ll explore how to replicate the success elsewhere.”</p> <div class="sidebar_wide"> <h2 id="toc_3">Hadoop Cluster Lays the Groundwork for Personalized Medicine</h2> <p>Nationwide Children’s Hospital has invested <strong>$500,000</strong> in server and storage hardware to build a Hadoop cluster that will serve as the foundation for personalized medicine, says Lin.</p> <p>It creates the <a href="" target="_blank">Genome Archiving and Communication System</a> (GACS), a first-of-its-kind data warehouse capable of housing up to one million genomes of children in the future, he says.</p> <p>Traditional relational databases are too slow, Lin says. But in future years, GACS will be able to query the database and obtain answers in milliseconds. For example, physicians today typically receive a PDF clinical summary of a patient’s genome. Soon, they’ll be able to get more granular data by searching the patient’s genome for a specific variant.</p> <p>That will allow physicians to not only uncover diseases in children, but also <strong>target the best therapies for individual patient’s genetic profiles</strong>, Lin says.</p> </div> </div> <div> <div class="field-author"><a href="/author/wylie-wong" hreflang="en">Wylie Wong</a></div> </div> Wed, 08 Aug 2018 15:24:23 +0000 juliet.vanwagenen_22746 41276 at Complementary Upgrades Help Hospitals Get the Most out of EHR Deployments <span>Complementary Upgrades Help Hospitals Get the Most out of EHR Deployments</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 08/07/2018 - 12:39</span> <div><p>When <a href="" target="_blank">MD Anderson Cancer Center</a>’s IT team researched options to replace its homegrown electronic health records system, it learned that vendors recommend virtualizing the EHR application for <strong>ease of management and performance consistency</strong>. But the provider didn’t stop there.</p> <p>“We decided if we were going to do it, we might as well get the benefits of virtualization for the entire clinical desktop,” says Chuck Suitor, associate vice president and CTO for the Houston organization, explaining that the organization deployed a <a href="" target="_blank">VMware Horizon View</a> virtual desktop infrastructure across <strong>8,000 thin clients</strong>.</p> <p>That choice — along with other upgrades and implementations to support the Epic EHR installation, including switching to all-flash storage and <a href="" target="_blank">Intel</a> servers running Linux — proved to be almost as beneficial as the EHR itself, says Suitor, who believes that hospitals embarking on similar journeys must focus on care outcomes and patient safety first and foremost.</p> <p>“Rather than just keeping costs as low as possible, our goal was a quality implementation,” he says. “You’re paying enough for EHR software; don’t go cheap on the infrastructure. Get the best deal that you can, but implement the infrastructure that you need so that patients can get the entire value from the software.”</p> <p>As hospitals around the country reap the benefits of modern EHRs, many are finding that improvements to the rest of the infrastructure can extend the reach of their new solutions and optimize overall operations.</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">MD Anderson Phases EHR Deployments</h2> <p>The most important infrastructure upgrades to support an EHR implementation, aside from the EHR itself, are those that <strong>provide staff with access to medical data anywhere</strong>, using the device of their choice, says Gregg Pessin, a research director in healthcare delivery at Gartner. That’s why, for instance, VDI and EHR projects are tied so closely to one another, he says.</p> <p>Because MD Anderson’s EHR upgrade morphed into such a comprehensive project, Suitor’s team implemented the technology in phases but went live with everything on a single day, in <strong>March 2017</strong>.</p> <p>First came the VDI project, for which it deployed both <a href="" target="_blank">VMware</a> and <a href="" target="_blank">Citrix</a> solutions, in accordance with enterprise licensing agreements, as well as <a href="" target="_blank">Cisco UCS B240 M4</a> servers and <a href=";searchscope=all&amp;sr=1&amp;w=T" target="_blank">Dell EMC XtremIO storage</a>. Monitors and keyboards were equipped with built-in fingerprint and archiving e-readers to enable ID card tap-and-go login.</p> <p>MD Anderson also purchased <a href="" target="_blank">Code CR1400</a> barcode scanners, <a href="" target="_blank">Topaz SigLite</a> card scanners, <a href="" target="_blank">Ergotron</a> carts and <a href="" target="_blank">Zebra</a> portable barcode printers. Before the upgrade, Suitor’s team didn’t receive many performance complaints, but staff expressed frustration about operational limitations because they couldn’t take advantage of modern patient safety and convenience features. That changed after the upgrade.</p> <p><img alt="Q0318-HT-Feat-Delaney-elpunto1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>For instance, barcode administration ensures that patients are being <strong>administered the right medications at the right time </strong>and dosage. “That helps prevent medication errors,” Suitor says. “That’s a major feature we didn’t have before.”</p> <p>From research to go-live, the organization collaborated with Epic and CDW, the latter of which <strong>worked with vendors to resolve issues as they arose</strong>. For instance, when MD Anderson needed more barcode readers than were available in the U.S., CDW secured extra devices from China quickly enough to <strong>keep the project on schedule</strong>.</p> <p>Most of the issues, however, had less to do with technology than with organizational change. The goal was for the upgrades to be so seamless that they simplified, rather than complicated, staff and clinician workflows.</p> <p>“We wanted to make it so the technology was a nonevent,” Suitor says, “so the staff could focus on the change necessary to modernize the operations of the institution.”</p> <h2 id="toc_1">Baptist Health Builds an EHR Foundation for the Future</h2> <p><a href="" target="_blank">Baptist Health</a> has used Cerner’s EHR for more than <strong>10 years</strong>, but originally, it was only for basic pharmacy, lab and nursing documentation, which CIO Steve Miller jokingly calls “EHR lite.”</p> <p>The Montgomery, Ala.-based hospital had ambitious plans. It began a computerized physician order entry (CPOE) utilization to improve patient care and qualify to meet <strong>federal EHR regulations</strong>, but with weekly outages, staff could barely complete basic tasks.</p> <p>The network would drop connectivity while nurses scanned patient wristbands. Nurses couldn’t even play online training videos for fear it would crash the network.</p> <p>“That’s how bad it was from a stability standpoint,” says Mallary Myers, Baptist Health’s system vice president of operational improvement and innovation.</p> <p>While stability and performance were the primary drivers behind the organization’s network infrastructure upgrade, leadership also recognized that such an installation was necessary to achieve its strategic plan — adding wireless technologies such as oximeters, IV pumps, alerting and Voice over IP.</p> <p>“We wanted to do something that not only solved the short-term pain but really set a foundation for the future,” says Miller, who’s employed by Cerner but serves as Baptist Health’s CIO.</p> <p><img alt="Q0318-HT-Feat-Delaney-Quote_0.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>The organization selected <a href="" target="_blank">Cisco</a> for the <strong>18-month</strong>, <strong>$7 million</strong> project, adding all new equipment in its facilities, including 300 <a href="" target="_blank">Nexus</a> and <a href="" target="_blank">Catalyst</a> switches, <strong>120</strong> wiring closets, <strong>1,200</strong> wireless access points and a new network with full redundancy in <strong>two data centers</strong>. It also laid new fiber optic and CAT 6e Ethernet cable.</p> <p>Baptist Health went live with the new network in 2016. It has since added new wireless tools to the infrastructure, such as pulse oximetry, smartphones, patient monitors and secure messaging.</p> <p>New technology, such as smart pump programming, infusion management, specimen collection and documentation in patient rooms with workstations on wheels, has made a profound difference in clinical workflows and patient safety. “You can’t do that if you don’t have a reliable infrastructure,” Myers says.</p> <p>And instead of three to four minutes to log in to each device, it now takes a minute and a half the first login of the day, then a <strong>few seconds</strong> on each new device.</p> <p>“When you think about going from four minutes every time you move from computer to computer to now <strong>10 seconds</strong> — that has <strong>huge</strong> impact,” Miller says. “We don’t want the technology to get in the way of care. We want clinicians to focus on patients, not worry about the wireless network.”</p> <h2 id="toc_2">Mount Sinai Taps a Strong IT Support System for EHR</h2> <p>Preparing infrastructure for an EHR rollout is always complex, but as <a href="" target="_blank">Mount Sinai Health System</a>’s Kristin Myers embarks on her<strong> fifth Epic hospital installation</strong>, she knows the drill.</p> <p>Myers, senior vice president of IT at the New York organization, undertook her first Epic implementation in 2006. After the health system’s merger with Continuum Health Partners in 2013, she has steadily added to her list of projects, including two hospitals that went live this March. Next up is Mount Sinai Brooklyn, followed by a new hospital in downtown Manhattan and New York Eye and Ear Infirmary.</p> <p>To achieve the benefits of EHRs — better <strong>care continuity, shortened hospital stays, reduced readmissions</strong> — the IT supporting the system must be stable and have near <strong>100 percent uptime</strong>. “If you deploy an EHR on existing infrastructure, you are placing your transformation project at risk,” she says.</p> <p><img alt="Q0318-HT-Feat-Delaney-elpunto2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>If a workstation loses connectivity with the wireless network, the physicians, nurses and other providers will become increasingly frustrated. “You need to make technology as efficient as possible for the physicians and nurses and not introduce barriers,” Myers says. “The adoption is impacted if the infrastructure is not completely stable and it doesn’t support the workflow.”</p> <p>Roughly <strong>15 percent</strong> of more than <strong>900 IT employees</strong> at Mount Sinai are dedicated to Epic installations and support the optimization. The first thing they do when embarking on a new rollout is a complete walk-through of the hospital. They look at network closets, workstations, scanners, existing medication carts, emergency power and clinical equipment, such as vents and monitors. They test the wireless network to ensure that it’s ubiquitous.</p> <p>The goal, Myers says, is for as much of the infrastructure as possible to meet Mount Sinai’s standards, which include Citrix to connect PCs to the EHR, Zebra barcode scanners and <a href="" target="_blank">Samsung</a> monitors for digital whiteboards.</p> <p>“There are going to be areas that need to be customized for a particular workflow at each facility, but as a general rule, we try to standardize,” she says. “It’s really important because that’s how there is a standard of care that is consistent throughout the health system, where physicians can use the system at multiple hospitals, and from a technology perspective, you are able to <strong>leverage a centralized support model</strong>.”</p> </div> <div> <div class="field-author"><a href="/author/melissa-delaney" hreflang="en">Melissa Delaney</a></div> </div> Tue, 07 Aug 2018 16:39:59 +0000 juliet.vanwagenen_22746 41271 at 5 FAQs to Fuel Provider Mobile Deployments <span>5 FAQs to Fuel Provider Mobile Deployments</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 08/07/2018 - 09:20</span> <div><p>Provider organizations increasingly turn to mobile tools to enhance staff productivity and improve the ­quality of care delivered. But such efforts <strong>involve more than just the use of smartphones or tablets</strong> by ­clinicians and staff.</p> <p>Here are answers to some common queries about deployment:</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">1. How should hospitals approach security for mobile tool deployment?</h2> <p>Federal penalties can be severe when failures occur, so make sure that<strong> security, acceptable use </strong><strong>and</strong><strong> BYOD policies</strong> are in place, along with training and policy reinforcement. Identity management solutions are also advisable, especially in a BYOD environment.</p> <h2 id="toc_1">2. How can increased mobility in healthcare organizations benefit patient engagement?</h2> <p>Enabling network access for patient devices for scheduling, facility navigation, records access, communication and web browsing can go a long way toward enhancing outcomes. The easier it is to obtain and manage healthcare information, the <strong>more engaged patients</strong> will be.</p> <h2 id="toc_2">3. What devices are best suited for different staff and caregivers?</h2> <p>In many cases, commercial, off-the-shelf devices such as smartphones, tablets and notebooks are fine. Solutions<strong> specifically designed for healthcare</strong> are also available, with the advantages of locked-down, mission-specific functionality, management and security.</p> <h2 id="toc_3">4. What are typical MDM needs for healthcare facilities?</h2> <p>Mobile device management needs include configuration optimization, system and app software updates, integrity management and backup. For full regulatory compliance, additional security provisions may be required and usually are implemented by the specific solution applied.</p> <h2 id="toc_4">5. What does increased use of mobile devices mean for a healthcare organization’s ability to utilize cloud-based services?</h2> <p>The cloud makes it easy to <strong>deploy, scale, collaborate and customize</strong> mobile functionality rapidly, reliably and anywhere it’s required.</p> </div> <div> <div class="field-author"><a href="/author/craig-j-mathias" hreflang="en">Craig J. Mathias</a></div> </div> Tue, 07 Aug 2018 13:20:30 +0000 juliet.vanwagenen_22746 41261 at How Health IT Executives Can Transform into Business Leaders <span>How Health IT Executives Can Transform into Business Leaders</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/02/2018 - 22:13</span> <div><p>Every day, healthcare grows by leaps and bounds when it comes to technology advancements. And as organizations complete the move from paper charts to electronic health records and deploy more sophisticated connected medical devices, IT leaders must <strong>ensure the correct personnel </strong><strong>are</strong><strong> in place</strong> for digital success.</p> <p>Simultaneously, however, they also must focus on the bigger picture: organizational growth, budget management and solutions vetting.</p> <p>No doubt, ensuring that technologies are HIPAA-compliant and practical for patient care are critical responsibilities. But modern technology leaders — CIOs, CISOs, IT directors and others — can’t rely on digital know-how alone; they also must <strong>blend business smarts with their enthusiasm and IT skills</strong>.</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Leverage Your Staff for Tech Expertise</h2> <p>Throughout my career, I have held many roles. Starting out as an IT technician with a few ­specific certifications, I often leaned on the solutions I knew best and was most ­comfortable with to solve problems large and small.</p> <p>But as my career has grown and I’ve transitioned from a frontline technician to an <strong>IT leader responsible for daily operations</strong>, I’ve had to step outside of my comfort zone and vet solutions based on advice from my colleagues.</p> <p>Leveraging their knowledge of specific technologies and individual areas of expertise, they often serve as advocates for bleeding-edge and emerging tools that might benefit an organization, but may not necessarily fit the budget or cater to a specific issue.</p> <p><img alt="Q0318-HT-Voices-Melwani-pullquote.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>Technology executives must learn to analyze all solutions, both those they know and those with which they are less familiar. Evaluating tools critically and working with your staff to understand implementation challenges can make or break the success of a project and, to a broader extent, your role as a leader.</p> <p>Such experience can help ensure that all solution reviews are productive, not presumptive, and that tool selection is balanced. This helps to establish that the best interests of the organization — and most important, the patient — are top of mind.</p> <h2 id="toc_1">Never Lose Sight of the Patient Perspective</h2> <p>Another way health IT executives can <strong>evolve as leaders</strong> is by putting themselves in the patient’s shoes. Think about what technology features would mean the most to you during a hospital visit: Is privacy a top concern? Easy access to information? Streamlined ­processes for registration?</p> <p>It’s not enough to merely think about how to ease your own frustrations as an employee; you must also consider how to satisfy the individuals you serve, as well as their family members. How will updates and implementations impact their experience?</p> <p>Patient safety and satisfaction should always be <strong>top priorities</strong>.</p> <h2 id="toc_2">Be Ready to Adapt to New Technology</h2> <p>Finally, IT leaders must also <strong>work closely with the user stakeholders</strong> most impacted by their decisions on the front line of patient care: the clinicians.</p> <p>Poor technology usability and workflow can create frustration for staff who work day in and day out with vulnerable patients. It’s up to us as executives to optimize productivity and minimize potential errors.</p> <p>Provider technology executives have a responsibility to critically analyze solutions and strategies that meet the patient care, operational and financial needs of their organizations, and then use that knowledge to deploy technology appropriately.</p> <p><strong>The most successful leaders are adaptable</strong>; they can adjust paths based on the factors around them, and are willing to listen to and trust their staff, colleagues and patients.</p> </div> <div> <div class="field-author"><a href="/taxonomy/term/11656" hreflang="en">Anil Melwani</a></div> </div> Fri, 03 Aug 2018 02:13:58 +0000 juliet.vanwagenen_22746 41256 at What Is Your Hospital’s Strategy for Sunsetting Legacy Systems? <span>What Is Your Hospital’s Strategy for Sunsetting Legacy Systems? </span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 08/02/2018 - 09:48</span> <div><p>Legacy systems abound in healthcare organizations. Whether it’s diverse billing technology accumulated through a series of hospital acquisitions or a nutrition management application running on a server in the basement, it’s <strong>not uncommon to find outdated and unmaintained equipment</strong> and applications running throughout the modern healthcare organization.</p> <p>All too often, those systems were designed and implemented by developers and engineers who have long since left the organization, leaving the programs to run <strong>unattended</strong> with <strong>no institutional knowledge</strong> of their structure or purpose.</p> <p>Whether these applications are actively used as a critical component of daily activity or they lurk unused behind the scenes, <strong>legacy services pose a significant cybersecurity risk</strong> and should be carefully managed to protect the confidentiality, integrity and availability of essential healthcare information systems.</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Understand the Risks of Legacy Systems on Healthcare Networks</h2> <p>Confidentiality issues vex the administrators responsible for maintaining legacy healthcare systems. Many applications were designed and built in a different era: a time before the advent of major data breaches and ubiquitous network connectivity.</p> <p>Technologists designing these applications certainly had the best interests of the patient and the organization at heart, but simply had no idea what the future would bring. Continuing to operate these systems in the modern computing environment is fraught with risk as IT teams try to bolt on modern security measures to applications that were never designed to work in that environment.</p> <p>Legacy systems are notoriously difficult to maintain. From outdated OSs to obsolete programming languages, it’s hard to find technologists with the ancient skill sets required to support these tools.</p> <p>Manufacturers no longer provide performance or security patches, meaning healthcare IT teams are left to fend for themselves with the digital equivalent of a roll of duct tape. This leads to an extremely high risk that legacy systems will experience outages that can be quite time-consuming as modern technologists struggle to isolate and correct problems.</p> <p>Healthcare organizations often struggle to apply the modern security and privacy controls required by the HIPAA Security Rule to legacy systems. Things get even more complicated when those systems contain medical and business records that may be subject to electronic discovery requirements.</p> <h2 id="toc_1">Keep an Eye on How Consolidation Impacts Security</h2> <p>Organizations seeking to remediate their legacy systems should <strong>begin by developing an inventory of the tools</strong> in use throughout the enterprise.</p> <p>Simultaneously, conduct an assessment of each system encountered, <strong>answering key questions</strong>, including:</p> <ul><li>Is this system serving a crucial business need, or is it a candidate for elimination?</li> <li>Does the system serve a redundant purpose that could be consolidated with another existing system?</li> <li>Does the system store, process or transmit sensitive information?</li> <li>Is the system subject to regulatory or electronic discovery requirements?</li> <li>What technology components does this system rely upon?</li> <li>Are each of those components supportable in a modern environment?</li> <li>Who is currently supporting each component?</li> <li>Is the system architecture well documented?</li> <li>Are those components patched to current versions?</li> </ul><p>It’s crucial to consider not only core business systems but also the many applications that may have entered the organization through <strong>mergers and acquisitions</strong> over the years. It’s even more likely that those systems have been <strong>avoided by the central IT group</strong> if they haven’t caused any problems.</p> <p>With the inventory in hand, <strong>develop a realistic, prioritized set of projects</strong> designed to remediate or replace each legacy system that poses an unacceptable level of risk.</p> <p>Ideally, each legacy system will be either upgraded or redesigned to use modern, supportable technology. Unfortunately, that approach isn’t always feasible due to time and budgetary constraints. At the very least, <strong>technologists should attempt to remediate the system in place</strong> by performing partial upgrades and enhancing security controls.</p> <p>In particularly problematic cases, <strong>insecure legacy systems</strong> may be placed on their own network segments to isolate them from internal and external threats. <a href="">Network segmentation</a> not only protects the legacy system from attack, but also can protect the rest of the computing environment should the legacy system become compromised.</p> <h2 id="toc_2">Choose Between Data Migration or Archiving</h2> <p>Inevitably, organizations will find themselves decommissioning some legacy systems, whether those were developed internally or obtained as a result of mergers and acquisitions. IT leaders eliminating these systems face a decision about the data they contain: Should they <strong>migrate</strong> it to another enterprise system or <strong>archive</strong> it for future use?</p> <p>The answer to this question <strong>depends primarily on the nature of the data</strong> and the current need for access. If the data contains recent patient records, it’s likely that business and regulatory requirements will dictate those records be migrated to other online systems. However, if the data is old or of questionable business value, the organization may decide to archive it to an online or offline storage solution.</p> <p>Archiving data is far easier than migrating it but also dramatically increases the amount of time and effort required to access those records. IT and business leaders normally must make the decision to archive or migrate data on a case-by-case basis.</p> <p>IT leaders must take the time to develop an understanding of where legacy technology exists in their environments and<strong> remediate the risks associated with operating legacy systems</strong>.</p> </div> <div> <div class="field-author"><a href="/author/mike-chapple" hreflang="en">Mike Chapple</a></div> </div> Thu, 02 Aug 2018 13:48:31 +0000 juliet.vanwagenen_22746 41251 at Vulnerability Assessments and Penetration Testing Can Bolster Healthcare Defenses <span>Vulnerability Assessments and Penetration Testing Can Bolster Healthcare Defenses</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 08/01/2018 - 15:46</span> <div><p>In today’s healthcare environment, the boundaries of the data center no longer exist — data moves in and out and across the organization. Two helpful tools for a health IT group are vulnerability assessments and penetration tests.</p> <p>Every system is vulnerable to some sort of attack. Because health IT systems undergo continuous change, their <strong>vulnerability is greater than systems in a more static environment</strong>. Each change brings the possibility of errors that open the organization to attack.</p> <p>To manage vulnerabilities, provider organizations should follow several steps.</p> <p><a href="" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Identify All of a Healthcare Organization's Assets</h2> <p>This inventory is usually created and maintained by an automated system that populates a database with the collection of IP addresses it has discovered. Be sure to <strong>include all network-connected devices</strong>, not just servers, storage and PCs.</p> <p>Personal devices and <a href="">medical devices are often overlooked</a>. The latter, in particular, can be a real challenge to inventory, so you’ll need to work with your clinical engineering team to <strong>identify network-connected devices</strong> via a noninvasive scanning method.</p> <p>Once you’ve identified assets, you should review where they’re located, how they’re used and what data they contain so you can prioritize your efforts.</p> <p>Clearly, <strong>some data types are more critical to protect</strong>. Personally identifiable information, protected health information and credit card data all must be protected by law.</p> <p>Security professionals then must determine the weaknesses of each asset.</p> <p>Vulnerabilities generally can be broken down into <strong>four areas</strong>:</p> <ol><li>Human error</li> <li>System changes</li> <li>Configuration errors</li> <li>Software (application, operating system, firmware, patches)</li> </ol><p>Rank your risks so you can focus on your biggest vulnerabilities first. Start with common ones — unpatched operating systems, weak passwords or configuration errors. These are often the most pressing concerns precisely because they are widely known. Some vulnerabilities are specific to a particular technology; for example, storage solutions. You should <strong>investigate these issues with your vendors</strong>.</p> <h2 id="toc_1">Track and Prioritize Risks and Remediation</h2> <p>Automated systems will look for unpatched systems and configuration errors, and generate a report for remediation. In today’s risk environment, it’s <strong>almost a requirement to automate this process</strong>; manual efforts are too time-consuming and error-prone.</p> <p>Use a system to track your risks and then work on your highest risks first. Track remediation efforts as well as results. There will always be open risk items; the key is to have a consistent plan. Document remediation actions and note any countermeasures adopted to prevent recurrence of an issue.</p> <p>Risk <strong>remediation is an ongoing operational duty</strong>, not an optional add-on. When your teams look at change management, vulnerability management and risk mitigation as tasks they own, you’ll have a more secure environment.</p> <p>The key to managing vulnerabilities is to be aware of what devices are in your environment and know their weaknesses. Scanning, patching and risk management processes will help you reduce your vulnerabilities consistently and methodically.</p> <h2 id="toc_2">Launch an Attack on Healthcare Security Systems</h2> <p>Penetration tests essentially <strong>determine how exposed your systems are</strong> to the exploitation of existing vulnerabilities using various attack vectors. Whether you have internal or external resources tested, it’s worth trying to attack your organization periodically so you can discover your weaknesses before the bad guys do.</p> <p>One of the challenges with penetration testing — and one of the weaknesses of relying solely on such methods as a measure of security — is that the test essentially <strong>pits an attack against a particular system</strong> or attack vector.</p> <p>Weak passwords, open ports on the firewall, URL redirects and SQL injections are security basics that can and should be tested. More sophisticated attacks depend on which systems you have in place, so <strong>hiring a third-party tester</strong> with associated credentials and experience is valuable.</p> <h2 id="toc_3">Set Boundaries for Penetration Tests</h2> <p>You must <strong>develop a clear scope document</strong> with defined goals and boundaries for penetration testing. This will serve as your tester’s legal document.</p> <p>It should give them explicit permission to attack in a specified manner, during a defined period of time and within the bounds you have agreed to. Without this document, both your organization and the tester carry legal risk. The document should be signed by an executive in your firm (or by your legal representative) and should be kept on file.</p> <p>Next, you should <strong>identify potentially sensitive systems</strong> that may be off-limits. For example, some medical devices may be negatively affected by an intrusive attack. The agreement might state that if the tester is able to access such a device, they should cease and report immediately. This way, patients and medical devices remain safe, and the issue can be addressed quickly.</p> <h2 id="toc_4">Focus on Easy Security Targets First</h2> <p>Use in-house penetration testers if you have the skill set and cost is a concern. You might begin with scattered tests across your environment.</p> <p>Focus on the easy targets first, such as systems exposed to the internet or weak passwords. The potential downside to an internal resource is that they may inadvertently use insider knowledge to attack or may lack high-end skills — thus reducing the potential effectiveness of the test — so evaluate the risks and benefits carefully.</p> <p>If you’re using an external firm, <strong>get references from other health IT departments</strong> or other IT colleagues you trust. The skills and costs can run the gamut, so starting off with a trusted provider will make things much simpler.</p> <p>Finally, be sure to inventory all findings from the penetration test and add them to your risk tracking system. Remediate them according to your risk management process. Auditors always want to know what you knew and when you knew it — so it becomes indefensible to indicate you knew about a critical risk but took no action to resolve it.</p> <p>It’s even harder to claim that you were completely unaware of a critical risk.</p> </div> <div> <div class="field-author"><a href="/taxonomy/term/11646" hreflang="en">Susan Snedaker</a></div> </div> Wed, 01 Aug 2018 19:46:17 +0000 juliet.vanwagenen_22746 41246 at Drones Revamp Healthcare Logistics and Emergency Response <span>Drones Revamp Healthcare Logistics and Emergency Response</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 07/31/2018 - 11:34</span> <div><p>It’s intriguing to think about the potential widespread impact of drone use on healthcare in the U.S.</p> <p>Drone technology is already successfully deployed abroad, <strong>delivering lifesaving drugs and blood to regional hospitals in Rwanda</strong>, <a href="" target="_blank">according to <em>The Guardian</em></a>. Now, drones are being tested in the U.S. in the hope that first responders or organizations in need will have quicker access to technology, medicine, blood and more.</p> <h2 id="toc_0">Test Pilots Make the Case for Drone-Delivered Care</h2> <p>The <a href="">Healthcare Integrated Rescue Operations</a> (HiRO) is experimenting with drone kits developed by researchers at <a href="" target="_blank">William Carey University College of Osteopathic Medicine</a> in Hattiesburg, Miss. The kits were <a href="" target="_blank">successfully tested</a> by both <strong>military and civilian first responders</strong> during the recent Patriot South exercise, a large-scale federal disaster exercise.</p> <p>The kits contain smart glasses that integrate with an augmented reality headset, as well as telehealth technology; an automated bin that allows remote doctors to unlock specific compartments storing blood, medicine or other supplies; and an electronic health record system.</p> <p>Co-developer Guy Paul Cooper Jr. calls <strong>safety and simplicity</strong> the top priorities of the kits “because we’re working to save lives in very high-stress situations.”</p> <p>Drones are used to <a href="">deliver medications and medical supplies to communities</a> in Appalachia in Virginia. They also are being tested as part of the <a href="" target="_blank">Federal Aviation Administration’s Unmanned Aircraft System Integration Pilot Program</a> to pilot similar logistic services for hospitals in need of supplies on demand, <a href="" target="_blank">according to <em>Forbes</em></a>. Organizations participating in the program include UC San Diego Health and WakeMed Health and Hospitals in North Carolina.</p> <p>“Even if we’re just talking <strong>15, 20, 30 minute savings</strong>, that could save somebodies [sic] life,” <a href="" target="_blank">North Carolina Department of Transportation</a> Public Relations Officer James Pearce <a href="" target="_blank">tells CBS 17</a>.</p> <h2 id="toc_1">In Emergencies, Medical Drones Have Life-Saving Potential</h2> <p>Researchers from the University of Colorado-Denver and the University of California-Irvine, presenting at the Hawaii International Conference on System Sciences in 2017, <a href="" target="_blank">compared</a> many of the healthcare-related drone services in use at home and abroad. Despite current privacy, regulatory and safety issues, they concluded that the <strong>tools hold much promise</strong>, particularly in extreme situations.</p> <p>“Since time is of the essence in an emergency, <strong>faster</strong><strong> response would prevent medical trauma</strong> and potentially save lives,” they report.</p> <p>They also note the advancements that enable drone use as an option for healthcare purposes. “Drone technology and its components, such as GPS and lithium batteries, are available and improving at a rapid pace,” they say.</p> <p>Matthew Parnofiello, a senior business development and public safety strategist with CDW<strong>•</strong>G<strong>, <a href="" target="_blank">pointed out in a CITizen blog post earlier this year</a> that drones played a key part in helping to </strong>survey roads and damage in areas where helicopters could not reach following Hurricane Harvey. Drones can be just as valuable from a healthcare perspective, especially as the technology continues to mature.</p> <p><em>This article is part of </em>HealthTech<em>’s <a href="">MonITor blog series</a>. Please join the discussion on Twitter by using <a href="">#WellnessIT</a>.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="MonITor_logo_sized.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></em></p> </div> <div> <div class="field-author"><a href="/author/dennis-morley" hreflang="en">Dennis Morley</a></div> </div> Tue, 31 Jul 2018 15:34:55 +0000 juliet.vanwagenen_22746 41241 at