HealthTech Magazine - Technology Solutions That Drive Healthcare en Bottom Line: For Healthcare Organizations, Security Is Everyone’s Responsibility <span>Bottom Line: For Healthcare Organizations, Security Is Everyone’s Responsibility</span> <span><span lang="" about="/user/26806" typeof="schema:Person" property="schema:name" datatype="">daniel.bowman_26806</span></span> <span>Mon, 01/14/2019 - 12:41</span> <div><p>Cyberattacks and security measures, no doubt, can have a tremendous impact on any organization’s bottom line. The <strong><a href="" target="_blank">average cost of a data breach</a> in the U.S. is $7.91 million</strong>, according to the Ponemon Institute. That figure includes detection, notification costs and redress activities, as well as lost business.</p> <p>Healthcare, in particular, has the highest per capita data breach cost — $408 — out of all industries. Even scarier: <strong>More than 90 percent of healthcare organizations have reported data breaches</strong> since the third quarter of 2016, <a href="" target="_blank">according to</a> Black Book Research.</p> <p><strong><a href=""><em>MORE FROM HEALTHTECH:</em></a></strong><a href=""><em> What providers can do in the wake of a cyberattack.</em></a></p> <h2>Providers Fight an Uphill Battle for Protection</h2> <p>To make matters worse, a majority of providers likely are fighting an uphill battle to keep top security talent, <a href="">according to</a> Partners HealthCare CISO Jigar Kadakia. At the joint HIMSS-College of Healthcare Information Management Executives cybersecurity forum last year, Kadakia said that the best information security professionals often command higher salaries in other sectors. Cybersecurity spending in the industry is low and stagnant, with <strong>providers allocating only 3 percent of their overall IT budgets to security since 2016</strong>, according to Black Book — far less than what other industries spend.</p> <p>So, what can healthcare IT executives do to reduce risk and mitigate the costs associated with a breach?</p> <h2>Cybersecurity Frameworks and Assessments Are Critical</h2> <p>For starters, organizations should review their baseline device and IT environments. <strong>Providers typically use a mix of old and new equipment</strong>, including multiple disparate networks, hardware and applications, as well as homegrown and custom equipment and software. A detailed accounting of such tools and systems is an essential first step on the path to a healthier environment.</p> <p>Adding a cybersecurity framework — a set of policies, procedures, best practices and governance — is also a good idea. Examples include the National Institute of Standards and Technology Cybersecurity Framework and the Health Information Trust Alliance’s Cybersecurity Framework. Today, <strong>many healthcare organizations have adopted such a framework, and 40 percent are using more than one</strong>, <a href="" target="_blank">according to</a> Symantec.</p> <p>What’s more, <strong>providers must conduct security risk assessments, including penetration tests and simulated phishing, at least once a year</strong> to ferret out points of entry and weaknesses in their IT infrastructures. All the various assessments and frameworks won’t matter, however, without proper training and insider threat management programs.</p> <h2>Healthcare Organizations Must Emphasize Security Education</h2> <p>IT must emphasize end-user education, especially considering the constant dangers looming in email. A 2018 <a href="" target="_blank">survey</a> from Mimecast and HIMSS Analytics found that <strong>a majority of responding CIOs and IT directors believe email was the most likely source of a breach</strong> in their organization. Phishing, in particular, is a serious problem, according to another HIMSS <a href="" target="_blank">report</a>.</p> <p>“Users are really scared to use email today,” Randall Frietzsche, CISO and privacy officer for Denver Health, <a href="">told <em>HealthTech</em></a>. “They get email that they’re afraid to click on and they hear all the horror stories.”</p> <p>Cybersecurity hygiene is everyone’s responsibility. Dedicating more time to frequent personal development and security training for those already on staff is a relatively inexpensive and easy way to take steps in the right direction. What’s more, it <strong>helps to ensure security is top of mind for executives</strong> as more resources are needed.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="" /></a></p> </div> <div> <div class="field-author"><a href="/author/christine-holloway" hreflang="en">Christine Holloway</a></div> </div> Mon, 14 Jan 2019 17:41:09 +0000 daniel.bowman_26806 41976 at Q&A: Lucile Packard Children's Hospital CIO Ed Kopetsky on Embracing Health IT Innovation <span>Q&amp;A: Lucile Packard Children&#039;s Hospital CIO Ed Kopetsky on Embracing Health IT Innovation</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 01/11/2019 - 10:27</span> <div><p>When it comes to health IT, Ed Kopetsky has seen it all. The current CIO of <a href="" target="_blank">Lucile Packard Children’s Hospital Stanford</a> and <a href="" target="_blank">Stanford Children’s Health</a> has most recently been instrumental in innovative upgrades, such as the move to <a href="">improve the flow of communication</a> by integrating nurse central stations with patient monitors, the nurse call system and the medical staff’s <a href="" target="_blank">iPhones</a>. Kopetsky has held this position for about a decade, and has worked at several other prominent health systems as well as in the commercial sector over the course of his long career.</p> <div style="padding: 5px; width: 299px; color: rgb(236, 236, 236); margin-bottom: 10px; margin-left: 15px; float: right; background-color: rgb(51, 51, 51);"><img alt="" data-entity-type="" data-entity-uuid="" hoffman="" src="/sites/" style="width: 299px; height: 382px;" title="“Dan" /><p style="font-size: 18px;">Ed Kopetsky, CIO of Lucile Packard Children’s Hospital Stanford and Stanford Children’s Health. Photo courtesy of Stanford.</p> </div> <p>Fresh off a win as the <a href="" target="_blank">Healthcare Information and Management Systems Society</a> CIO of the year, Kopetsky spoke with <em>HealthTech</em> to discuss his greatest challenges, achievements and what he’s learned in his years of work with healthcare IT.</p> <p><em><a href=""><strong>MORE FROM HEALTHTECH:</strong> See how Lucile Packard Children’s Hospital has tapped VR to reduce anxiety in young patients.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What would you say you’ve learned about working in health IT over the course of your career?</h2> <p><strong>Kopetsky:</strong> It’s really not about the technology alone; to be successful, it has to be about significant change to improve healthcare services and patient outcomes. As such, IT needs to be deeply partnered with organizational leadership and operations.</p> <p>It has worked best to have <strong>significant involvement from executives</strong>, clinicians and end users from the start of redesign through implementation, optimization and evolution. Because of the opportunity for improving care and business processes, it’s ideal when clinical or business leaders chair the change initiatives, with support and co-leadership from IT.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What was the greatest health IT challenge of your career?</h2> <p><strong>Kopetsky:</strong> One of my first, and greatest, health IT challenges was the first time I attempted to automate clinical orders and results in our outpatient clinics. Because the nature of outpatient mobility, location options and timing allowed for follow-up tests, the system we deployed became overloaded with pending orders. We had to <strong>back out of the system and redesign it completely</strong>. I’m glad that, together with our physicians, we faced the issue quickly and were successful after the redesign.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What about your greatest achievement?</h2> <p><strong>Kopetsky:</strong> Our goal at Stanford Children’s Health is to <strong>improve healthcare and medicine for children and expectant mothers</strong>.</p> <p>Over the years we have worked in several way to use innovative technology to improve implementation strategies, workflow design, adherence to best practices and patient engagement at Stanford with the aim of achieving those goals. Three such instances include safety interventions for medication administration, the prevention of nephrotoxic acute kidney injury in hospitalized children, and improved care for patients with congenital heart disease through the clinical effectiveness program.</p> <p>These were three case studies Chief Medical Information Officer Natalie Pageler and I presented to HIMSS for consideration as part of its Davies Award in 2017 — an award given to organizations that demonstrate outstanding achievement in using health IT to improve patient outcomes. Winning was international recognition that we had achieved our goals to improve care for children and expectant mothers. It also attested to why, as an engineer, I chose healthcare as my focus.</p> <p><em><a href="" target="_blank"><strong>DOWNLOAD:</strong> Learn more about what next-generation technology will mean for patient engagement — and outcomes.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What do you see as some of the greatest challenges facing healthcare IT leaders at the moment?</h2> <p><strong>Kopetsky: </strong>Following the massive deployment of electronic medical record systems across the country, there is now an unprecedented level of support and integration with clinical operations. It’s also added a burden to our clinicians. We are <strong>still learning how to support and optimize clinical workflows</strong>, and the budgets supporting IT — not to mention the level of talent required — are a struggle for our health systems.</p> <p>At the same time, the role of IT in development of new knowledge and the transformation of healthcare to be more accessible and ultimately virtual will significantly increase demand for IT and presents a much broader scope in both executing and developing new strategies. As IT changes, the CIO title and role, along with the scope of IT responsibility, will certainly continue to evolve and grow.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How can healthcare IT leaders effectively engage with each other and other business leaders to address these challenges?</h2> <p><strong>Kopetsky: </strong>The best way to engage other business leaders is through <strong>collaborative planning and governance</strong>. It is essential for IT leadership to partner with clinical and business leaders to clarify needs and IT requirements. In addition, predictable processes are needed to assure common understanding and full transparency. It’s also key for healthcare leaders outside IT to advance their own understanding of IT, in the same way they do with finance, human resources and physician relations.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How can IT leaders best engage with their own IT teams to push innovation throughout an organization, much as you have done?</h2> <p>Kopetsky: First and foremost, the IT organization must be driven by patient care and the business. We have found tremendous value in leveraging <a href="">Lean principles for continuous improvement</a>, especially those that deal with leadership development, rapid communication, transparency and <a href="">being in gemba</a>, where the real value is produced.</p> <p>Our deployment of <strong>dedicated IT service area leaders for every major part of our business</strong> has been a differentiator because it maximized understanding of needs and a trusted partnership with IT. As a result, we are innovating together with our clinical and business partners throughout the enterprise.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What technologies are you most excited about watching and implementing in coming years?</h2> <p><strong>Kopetsky: </strong>Virtual care, including telehealth visits, remote monitoring and emerging sensing technologies will <strong>expand greatly in the next five years</strong>, and could significantly reduce in-person visits and office overhead costs. At Stanford Children’s Health, we are pursuing innovations in home monitoring programs and wearables, and many of our patients are benefitting from improved access and timely clinical intervention regardless of their location.  </p> <p>Another area to watch is how consumerism and related technologies will alter healthcare and drastically improve access to care and health information. People with long-term needs will be connected continuously to promote proactive care and interventions. With the current FHIR [Fast Healthcare Interoperability Resources] standard, patients at Stanford Children’s can download their electronic medical record to any health app they use.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> If you had a magic wand and could change one thing about health IT today, what would it be?</h2> <p><strong>Kopetsky:</strong> I’ve long been an advocate for a <strong>universal patient ID</strong>, which would let us positively identify patients and share vital patient data regardless of where their care is provided.</p> <p>I also believe we need to restructure our privacy laws to allow easier sharing of critical patient data. This is particularly a barrier and risk to patients afflicted with complex needs, mental health issues and addiction. I would love to see fully connected acute, outpatient and community health services all able to share patient data to support the long-term needs of the patient.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Fri, 11 Jan 2019 15:27:03 +0000 juliet.vanwagenen_22746 41971 at Thinking of an OS Upgrade? Healthcare IT Leaders Should Consider These Factors First <span>Thinking of an OS Upgrade? Healthcare IT Leaders Should Consider These Factors First</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 01/10/2019 - 09:30</span> <div><p>The <a href="" target="_blank">end of support for Windows 7</a> is fast approaching.</p> <p><a href="" target="_blank">Extended support is set to end in January 2020</a>, and while <a href="" target="_blank">Microsoft</a> Corporate Vice President for Office and Windows Jared Spataro announced in a <a href="" target="_blank">blog post</a> that the company also will offer extended, per-device security updates for a fee through January 2023, for many healthcare organizations, if the process hasn’t already started, the time to transition to a new OS is now.</p> <p>Such an effort is one providers must not take lightly; after all, everyone from front-office staff to clinicians will need to use the OS for years to come.</p> <p>To that end, here are three factors healthcare IT leaders must consider when choosing the right system for their organization.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2>3 Considerations for a Healthcare OS Upgrade</h2> <p><strong>1. Security:</strong> Cybersecurity continues to dominate conversations for all health IT executives and other stakeholders. Case in point: the Department of Health and Human Services recently published a voluntary <a href="" target="_blank">best-practices guide</a> for the industry, with HHS Acting CISO Janet Vogel calling cybersecurity “everyone’s responsibility” in a <a href="" target="_blank">statement</a>. Choosing the right OS for your organization goes a long way toward helping to create a secure environment for all IT users, especially as the desire for new capabilities, including <a href="">multifactor authentication</a>, grows.</p> <p><strong>2. Ease of use:</strong> Ease of workflow can make or break a healthcare organization. To make an appropriate decision, first evaluate the needs of all of your end users. What are the application preferences of your staff? Do many of your users rely on mobile access? What are your current communication challenges? Answering these kinds of questions up front can help to save a lot of time and money on the back end.</p> <p><strong>3. Payment structure:</strong> While security and ease of use are major aspects when it comes to OS selection and deployment, cost is also a key consideration. Healthcare is an industry with razor-thin margins. A <a href="" target="_blank">study</a> published last summer by Navigant, for instance, found that from fiscal year 2015 to fiscal year 2017, average hospital operating margins fell by roughly <strong>39 percent</strong>; for <strong>65 percent</strong> of health systems analyzed, total income declined by <strong>$6.8 billion</strong>. With that in mind, provider organizations must also work within their budgets to determine a feasible payment structure, whether that means annual, semiannual or quarterly payments. Know your flexibility threshold before you start your evaluations.</p> <p>Whether you’re in the market for a new OS now, or will be a few years down the road, keeping these considerations top of mind is a must to ensure you meet the needs of your organization.</p> <p><em>This article is part of </em>HealthTech<em>’s <a href="">MonITor blog series</a>. Please join the discussion on Twitter by using <a href="">#WellnessIT</a>.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="MonITor_logo_sized.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></em></p> </div> <div> <div class="field-author"><a href="/author/tom-maloney" hreflang="en">Tom Maloney</a></div> </div> Thu, 10 Jan 2019 14:30:23 +0000 juliet.vanwagenen_22746 41966 at Professionals and Patients Grow More Comfortable with Wearable Health Data <span>Professionals and Patients Grow More Comfortable with Wearable Health Data</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 01/09/2019 - 11:59</span> <div><p>Wearable fitness trackers are here to stay, and so is the data they generate. In fact, 27 percent of consumers already use fitness wearables, <a href="" target="_blank">according to data by Morning Consult</a>. But it’s not just consumers that want to peek into the stats generated by these devices: <a href="" target="_blank">A new survey by the Healthcare Information and Management Systems Society (HIMSS) </a>and sponsored by <a href=";searchscope=all&amp;sr=1" target="_blank">Fitbit</a> shows that many healthcare professionals want to make use of that patient generated health data order to improve patient care.</p> <p>According to the report, <strong>79 percent</strong> of the 101 respondents — a mix of clinicians, healthcare IT and business professionals — noted they would like to have more information about patients between office visits, a gap that wearable data can fill. Meanwhile, <strong>72 percent</strong> reported that they need PGHD in order to “make good decisions on chronic disease management.”</p> <p>“It’s encouraging news,” said John Sharpe, senior manager of the Personal Connected Health Alliance at HIMSS, in the report. “We are learning to trust the data. Furthermore, we’re learning how to make actual wearables and activity monitors more effective tools in both preventing disease and managing chronic disease.”</p> <p><em><a href="" target="_blank"><strong>MORE FROM HEALTHTECH:</strong> Wearables and digital tools can advance value-based care.</a></em></p> <h2>Chronic Disease Care Benefits from Wearable Data</h2> <p>Chronic disease management is an area where many professionals believe wearable data truly has the ability to make an impact. According to the survey, <strong>90 percent</strong> of healthcare professionals already incorporating wearables and data into their workflow see it as a way to positively impact care management for diseases like Type 2 diabetes, obesity, hypertension and smoking addiction.</p> <p>This is because managing these types of chronic diseases hinges on <strong>significant lifestyle changes from patients</strong>, such as exercise and diet, which occur outside of clinical control. “These conditions lend themselves well to the value of wearable devices and PGHD because individuals need more constant guidance and self-reflection to succeed than can be provided with sporadic office visits,” says Dr. John Moore, medical director at Fitbit, in the report.</p> <p>Other chronic diseases can also benefit from the use of wearable data. Los Angeles-based <a href="" target="_blank">Cedars-Sinai medical center</a>, for example, has seen success in <strong>monitoring the quality of life of advanced cancer patients </strong>via Fitbit data. The study, which was <a href="" target="_blank">published in npj Digital Medicine</a>, tapped wearable data as a way to obtain an accurate assessment of a patient’s activity level, which is often a marker of their health.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2>Coaching and Wearables Together Improve Outcomes</h2> <p>Interest in PGHD, from both wearables and apps, is ballooning in recent years as <strong>patients seek to be more active in their own healthcare</strong>, David Betts, principal and national leader for customer transformation in healthcare for Deloitte Consulting, <a href="">tells <em>HealthTech</em></a>.</p> <p>“We're seeing a real interest in accessing that data more proactively than we've seen in the past few years, and in really beginning to experiment with what is possible with respect to that patient-generated data,” says Betts. </p> <p>This could be because several facets of healthcare can benefit from the insight that wearable data has to offer. Ongoing studies are <a href="" target="_blank">testing the tech’s ability to monitor sleep</a>, and at the University of California, San Francisco Medical Center in San Francisco, <a href="">wearables are being used in conjunction with an algorithm to identify atrial fibrillation</a>.</p> <p>And even for everyday consumers, coaching in conjunction with health data can have long-term health benefits that may be otherwise difficult to cultivate, Rob Havasy, senior director of Health Information Systems at HIMSS, says in the recent report.</p> <p>“Driving long-term behavior change is difficult, but health coaches as <strong>individuals can do what machines can’t yet do</strong>. They can intuitively understand what matters to a particular individual and build a coaching program around it,” says Havasy. “The combination of wearables and health coaching allows for the blend of immediate feedback, timely interventions, accountability and support that people need to succeed in health behavior change.”</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Wed, 09 Jan 2019 16:59:59 +0000 juliet.vanwagenen_22746 41961 at Q&A: Jennings Aske Details How Visualization Can Step Up Healthcare's Security Game <span>Q&amp;A: Jennings Aske Details How Visualization Can Step Up Healthcare&#039;s Security Game</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 01/08/2019 - 13:08</span> <div><p>When it comes to tapping technology to improve operations, there’s no doubt that NewYork-Presbyterian Hospital is an industry leader. Just last year, the hospital was named one of the top <a href="" target="_blank">10 World’s Most Innovative Companies</a> in artificial intelligence by <em>Fast Company</em> for its use of AI and telemedicine.</p> <div style="padding: 5px; width: 200px; color: rgb(236, 236, 236); margin-bottom: 10px; margin-left: 15px; float: right; background-color: rgb(51, 51, 51);"><img alt="" data-entity-type="" data-entity-uuid="" hoffman="" src="/sites/" style="width: 200px; height: 230px;" title="“Dan" /><p>Jennings Aske, senior vice president and chief information security officer for NewYork-Presbyterian Hospital. Photo courtesy of NewYork-Presbyterian Hospital.</p> </div> <p>Another place where the hospital leads is in its cybersecurity initiatives. In an effort to tighten security, the organization recently tapped <a href="" target="_blank">Splunk’s IT Service Intelligence platform</a>, which allows the security team and other staff members to better visualize data and spot threats.</p> <p>Tools are a major element of <strong>strengthening the organization’s defenses</strong>, in conjunction with a <strong>strong cybersecurity culture</strong>, says Jennings Aske, senior vice president and chief information security officer for <a href="" target="_blank">NewYork-Presbyterian Hospital</a>. Aske recently spoke with<em> HealthTech </em>about the organization’s ongoing efforts to keep cyberthreats at bay.</p> <p><em><a href="" target="_blank"><strong>MORE FROM HEALTHTECH:</strong> These organizations saw performance and scalability boosts from </a></em><a href=""><em>hyperconvergence</em></a><em><a href="">.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How would you assess current security threats for healthcare organizations?</h2> <p><strong>ASKE:</strong> Part of the reason that security has lagged in healthcare and made it now one of the most targeted industries is that people in the industry thought security in this vertical was different than in other sectors. That is simply not true. Many leaders in the sector thought they only had to <a href="">comply with HIPAA</a> and not look at cyber risks. They thought they were immune from some of the threats attacking other industries. That made healthcare susceptible to the types of attacks that have been striking other organizations.</p> <p>For example, the WannaCry ransomware attacks impacted healthcare along with every industry vertical. But every vertical, whether through neglect or shortcomings in processes, has not implemented protection against what’s known as EternalBlue, the security vulnerability derived from technology stolen from the U.S. National Security Agency and which provided underpinnings for WannaCry. <a href="" target="_blank">Microsoft</a> released a patch for that in early 2017, and in May, the WannaCry outbreak impacted every industry vertical.</p> <p>People in healthcare need to understand <strong>they will see zero-day attacks</strong>, advanced persistent threats and all the other threats seen by the bank, defense and retail industries. We need to implement the same controls and technologies seen in verticals that have been dealing with this more proactively for some time.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> Do you find that peers in healthcare are beginning to get the message about security?</h2> <p><strong>ASKE:</strong> Absolutely. At NewYork-Presbyterian, I meet with the CEO, the chief operating officer, general counsel and CIO every <strong>two to three weeks </strong>to brief them on the security program. Additionally, I present to the board of trustees and their subcommittees quarterly. In fact, because of my role in the organization and the importance of cybersecurity, I’m now responsible for enterprise risk management.</p> <p>Meanwhile, I’ve noticed that many of my peer institutions are <strong>ratcheting up their spending </strong><strong>for</strong><strong> security </strong>and elevating the profiles of security leaders in their organizations. Many of us now view information security as a patient-safety risk.</p> <p>But we’re not where we need to be. It takes years to build mature programs. And it’s still a cat-and-mouse game with attackers; often, they’re able to target specific vulnerabilities and exploit them, such as those present in medical devices.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> Why did you decide to implement Splunk’s IT Service Intelligence platform for cybersecurity?</h2> <p><strong>ASKE:</strong> My director of operations and I needed a solution to help us handle the Big Data problem in security. There are many technology systems that contribute to our security posture — firewalls, intrusion prevention systems, endpoint security, directory services — and they all generate alerts or logs that need to be analyzed or correlated with other data points in order to understand where potential risks exist. Human beings cannot do that alone; there is too much data.</p> <p>Already, we are ingesting about <strong>1.5 terabytes of log data daily</strong>, and that number is just growing and growing. With an application like Splunk, we were able to find the needle in the haystack by correlating diverse log sources to identify anomalous behavior.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How are you applying data visualization to do that?</h2> <p><strong>ASKE:</strong> We’re now building out a security operations center. We have a dedicated team responsible for ensuring the security of our organization, five analysts and a manager continually looking at correlated data. <strong>The team doesn’t work 24/7, but the service does</strong>. At any point, they might receive an alert derived from the correlated data that identifies a potential problem — perhaps someone clicked a link they shouldn’t have clicked. Splunk provides the pane of glass that helps them sift through all the data.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How else will you be using the platform?</h2> <p><strong>ASKE:</strong> We’re extending this platform to identify opioid diversions. Instead of teaching our pharmacy leaders how to write structured queries that comb through logs of data, we’re using the solution to provide a simple set of dashboards that help them better visualize and manage important info on controlled substances.</p> <p>For example, a pharmacy leader will receive an alert via the dashboard if an employee’s account is being used to prescribe Oxycontin while the employee is on vacation. Or, we can establish profiles of how often a pharmacy tech interacts with a pharmacy cabinet and investigate if a threshold is exceeded. We’re close to finalizing a set of about <strong>15 use cases.</strong></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> You’re also developing use cases for ensuring patient privacy. Where does that effort stand at this point?</h2> <p><strong>ASKE:</strong> NewYork-Presbyterian is partners with <a href="" target="_blank">Columbia University Irving Medical Center</a>, <a href="" target="_blank">ColumbiaDoctors</a>, and <a href="" target="_blank">Weill Cornell Medicine</a>. While we’re jointly deploying a hosted Epic electronic health records system, we all had different approaches to privacy auditing capabilities. We needed a common approach.</p> <p>After a market review, we felt it might be best to build what we wanted with Splunk in order to gain the scalability and rich visualization we were seeking.</p> <p>At the moment, we’re building a data model, a graphical user interface and dashboards with data visualization and alerting for the purpose of improving patient privacy — something our privacy officers embraced during demonstrations. Next, Splunk will begin sharing this work with some of their other healthcare customers for additional feedback, and we’ll seek to integrate it with our Epic EHR.</p> <p>We’re <strong>tackling real-life privacy use cases</strong> with the tech. One powerful use case arose when I was at a previous hospital and we received victims of a bombing attack. Unfortunately, we had curious employees who looked at medical records even though they weren’t part of the care team. We wanted to create tools so that, when situations like that arise, we’ll know the medical record number of the affected individuals and we can proactively look for employees who are accessing records they’re not authorized to see.</p> <p>These types of powerful use cases will be game-changers in terms of enforcing patient privacy.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What advice would you offer peers seeking to make use of data visualization effectively?</h2> <p><strong>ASKE:</strong> First,<strong> understand your data sources </strong>so you can ensure they’re capable of providing information in the formats required to perform visualizations. We require our vendors to produce logging in a format such as syslog so we can consume it in Splunk and use it for our various purposes.</p> <p>Second, set realistic expectations. Organizations can’t implement a data-visualization tool overnight. It takes time. We’ve been ingesting logs for a while, but building out the dashboards and the playbooks takes time and expertise.</p> <p>Third, if you don’t have internal experts in this area, hire a third party to help. IT consultants have helped us set up a server to route logs to a forwarder, for example. This area is complex, and many healthcare institutions don’t have experience in it or haven’t done it at the scale that we’re trying to achieve.</p> <p>The reality is that, if you need assistance, you shouldn’t be afraid to ask. <strong>Security takes a collaborative effort</strong>, so getting feedback from others is always a good thing.</p> </div> <div> <div class="field-author"><a href="/author/alan-joch" hreflang="en">Alan Joch</a></div> </div> Tue, 08 Jan 2019 18:08:07 +0000 juliet.vanwagenen_22746 41956 at Review: The Cisco Meraki MS120-24 Switch Connects Care Campuses <span>Review: The Cisco Meraki MS120-24 Switch Connects Care Campuses</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 01/04/2019 - 11:23</span> <div><p>Healthcare is unique in that many of its large enterprise networks are different from the more homogeneous corporate behemoths found in other industries. Within a single hospital, <strong>the network often breaks down into smaller components</strong> that serve specialists, clinicians, administrators and sometimes even the public. Healthcare systems add clinics and remote facilities to that list, and sometimes even multiple hospitals.</p> <p>The <a href="" target="_blank">Cisco Meraki MS120 24-port cloud-managed switch</a> is designed with that kind of environment in mind. It’s a <strong>Layer 2 switch </strong>that is no more difficult to set up than a simple hub, and multiple units can be managed from one location or by remote administrators.</p> <p>Configuration on a test network took less than five minutes; most of that time was spent plugging it in and attaching various devices.</p> <p>Once connected, the MS120 is managed through a <strong>user-friendly interface</strong> that rejects overly complicated command lines in favor of a more commonsense approach that makes setting policies and pushing them out to switches very easy. If multiple Cisco Meraki switches are present in a network, they can easily be managed all at once, or configured as groups that need to behave differently, such as those serving the public versus those that serve clinicians.</p> <p><em><a href="" target="_blank"><strong>MORE FROM HEALTHTECH: </strong>Arm yourself with the right info to stay HIPAA-compliant in the cloud.</a></em></p> <h2 id="toc_0">A Strong and Secure Switch for Hospitals</h2> <p>That simple interface is still quite powerful. The <a href="" target="_blank">Cisco</a> graphical user interface displays all of the information gathered by the Layer 2 switch, including data about the application, OS, client and hostnames of everything using the device to communicate. Even Media Access Control addresses can be used to configure where to forward frames moving through the MS120.</p> <p>The MS120 is also equipped with a <strong>full toolset for diagnosing network problems remotely</strong>. This includes the ability to fully capture live packets streaming through the switch for analysis, and to push out new rules and configurations automatically or as needed.</p> <p><img alt="Cisco Meraki MS120-24" data-entity-type="" data-entity-uuid="" src="/sites/" /></p> <p>Because the MS120 is managed through the cloud, it’s <strong>always ready to receive the latest firmware updates</strong>. Cisco can deliver those updates on a set schedule, or they can be installed automatically without disrupting communications.</p> <p>By combining intelligent hardware with an intuitive interface that can be accessed through the cloud, Cisco has created a new kind of switch that could be the cure for managing the increasingly complex network environment of healthcare organizations and systems.</p> <h2 id="toc_1">Cisco's MS120: A Mission to Protect and Serve</h2> <p>Cisco has designed an <strong>efficient switch for the healthcare field</strong>. With zero-touch deployment and the ability to centrally manage and troubleshoot devices through the cloud, it will save a lot of hours for overworked IT teams. But putting all the eggs in one basket means that the basket had better be secure.</p> <p>In other words, administrators need to know that only authorized users can log in to the Cisco Meraki MS120-24 switches. Thankfully, there is an <strong>army of security protocols</strong> embedded inside each Meraki switch.</p> <p>For starters, <a href="">two-factor authentication</a> is the default for administrators accessing the dashboard. The switch also supports role-based access control that can be specifically configured by device; for example, granting only certain administrators access to switches on the clinical network, or separating admins by department. That can be a good way to <strong>ensure that the entire healthcare system cannot be compromised </strong>by the actions of one administrator.</p> <p>In fact, the MS120 switch even allows security to be configured down to the port, by enabling MAC whitelisting and denying everything else. Even if attackers were able to defeat every other form of security, they would still need a specifically authorized device before making any changes.</p> <p>The switch can also recognize Dynamic Host Configuration Protocol snooping, which might indicate an attacker’s reconnaissance on a network, and it can block such activities automatically by policy.</p> <p>Of course, it has all the basic security one would expect from a switch, such as the ability to use a RADIUS server for authentication. But it goes the extra mile to layer on additional protections, which is prudent for a device designed to help keep information legally protected by HIPAA away from unauthorized eyes.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> </div> <div> <div class="field-author"><a href="/author/john-breeden-ii" hreflang="en">John Breeden II</a></div> </div> Fri, 04 Jan 2019 16:23:58 +0000 juliet.vanwagenen_22746 41951 at HHS Unveils Voluntary Healthcare Cybersecurity Guidance <span>HHS Unveils Voluntary Healthcare Cybersecurity Guidance</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 01/03/2019 - 16:04</span> <div><p>In the last few days of 2018, the Health and Human Services Department released a new voluntary cybersecurity guidance for healthcare organizations. The publication, entitled “<a href="" target="_blank">Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients</a>,” aims to "provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems," <a href="" target="_blank">according to a press release from HHS</a>. </p> <p>The document, released on Dec. 28, fulfills a mandate set out by the <a href="" target="_blank">Cybersecurity Act of 2015</a>, which called for industry and government to develop guidelines that could "<strong>cost-effectively reduce cybersecurity risks</strong> for the healthcare industry," the press release notes. The guidelines are a result of a two-year effort that aims to arm healthcare organizations with the knowledge necessary to protect life-saving technologies and patient data from intrusion or attack.</p> <p>“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that <strong>providers need actionable and practical advice</strong>, tailored to their needs, to manage modern cyber threats," said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine in the HHS press release. "That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.”</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Thu, 03 Jan 2019 21:04:47 +0000 juliet.vanwagenen_22746 41946 at OnePoint Patient Care Taps Hyperconvergence to Boost Reliability and Scalability <span>OnePoint Patient Care Taps Hyperconvergence to Boost Reliability and Scalability</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 01/03/2019 - 11:15</span> <div><p>A few years ago, <a href="" target="_blank">OnePoint Patient Care</a>, a national, hospice-focused pharmacy that offers delivery, mail-order and pharmacy benefit management services, was fed up with its 3-2-1 networking solution. The organization, which has 10 pharmacies throughout the country, serves <strong>20,000 patients a day</strong> and fills roughly 160,000 prescriptions a month, was nearing end-of-life for its current solution and needed a change that would prepare it for the future.</p> <p>“We just weren’t getting the efficiency, performance or even the scalability that we needed at that time,” says CIO Jason Polonus. “We knew that we needed a long-term plan for virtualization and that was where we were headed.”</p> <p>Equally important was the desire for the IT staff to focus its efforts elsewhere.</p> <p>“Underlying infrastructure should not be a constant worry — it should enable us to do the work we need to do,” says Polonus.</p> <p><em><a href=""><strong>MORE FROM HEALTHTECH:</strong> These organizations saw performance and scalability boosts from </a></em><a href=""><em>hyperconvergence</em></a><em><a href="">.</a></em></p> <h2>Hyperconvergence Buoys Uptime and Security for OnePoint</h2> <p>In order to obtain the <strong>reliability, flexibility </strong><strong>and</strong><strong> scalability</strong> the organization was looking for, it tapped <a href="" target="_blank">Nutanix</a>’s hyperconvergence solution.</p> <p>“We had <strong>chronic issues with our old system</strong>, whether about running out of space for storage, losing a form or something like that,” says Polonus. “We don’t have those issues with the new hyperconverged system, and it <strong>saves time and gives us the ability to scale however we need</strong>.”</p> <p>Moreover, it streamlined and unified the underlying IT infrastructure.</p> <p>“Hyperconvergence can really simplify the IT infrastructure, particularly the storage, networking and computing that all of our healthcare customers frequently use to run their most critical applications in order to modernize their data center environment,” says Nutanix Chief Marketing Officer Ben Gibson.</p> <p>This provided several advantages for OnePoint, including an <strong>easy implementation</strong>.</p> <p>“We were amazed at how quickly we could bring up a hyperconverged environment,” says Polonus. “When you use a 3-2-1 infrastructure there’s so much timing involved, making sure that all the vendor companies are aligned. But with a hyperconverged infrastructure, we literally had it up and running within a day.”</p> <p>The streamlined infrastructure also means it’s easier to oversee security guidelines.</p> <p>“Because everything is unified, we can create security standards that allow us to address new cybersecurity concerns,” says Polonus.</p> <p>Moreover, the system has <strong>improved reliability</strong>, which means the pharmacy can provide consistent service to its patients and clients.</p> <p>“Our <strong>uptime availability has gone up dramatically</strong>. Previously we were around the 92 percent mark, and now we’re closer to <strong>97 or 98 percent</strong>,” says Polonus. “It’s so important; any delay or outage means that our patients aren’t getting what they need.”</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Thu, 03 Jan 2019 16:15:56 +0000 juliet.vanwagenen_22746 41941 at 4 Tips for a Balanced Healthcare Mobile Device Management Rollout <span>4 Tips for a Balanced Healthcare Mobile Device Management Rollout</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 01/02/2019 - 11:33</span> <div><p>For healthcare organizations, deploying mobile devices is a balancing act. On one hand, such tools must <strong>seamlessly integrate into the workflow of busy staff and clinicians</strong>, making it easier to deliver care where and when patients need it most. On the other, security must be a top priority, especially as hackers c­ontinue to target the healthcare industry and sensitive patient data.</p> <p>Management and protection of these devices should include implementation of a mobile device management toolkit. <strong>Here’s</strong><strong> four ways healthcare organizations can get the most out of such deployments</strong>.</p> <p><a href="" target="_blank"><em><strong>READ MORE:</strong> MDM tools can help you and your clinicians get the most out of your mobile strategy.</em></a></p> <h2 id="toc_0">1. Narrow Your Mobile Device Choices</h2> <p>The goal should be to have a device go from <strong>first boot to fully enrolled in your MDM without any IT intervention</strong>; end users should be able to drive the process with their username and password, and it should all be done over the air. By working with the device vendor or distributor directly, out-of-the-box devices can phone home, download configurations, update themselves and enroll in your MDM automatically.</p> <h2 id="toc_1">2. Be Mindful of Usability for Healthcare Staff</h2> <p>Select devices that work for healthcare. Gloved hands and masked faces make fingerprint readers and facial recognition difficult. Finding tools that have iris scans, for instance, can <strong>speed the unlock process</strong>. If you can flow biometric authentication through from device unlock to application authentication using standards such as Fast IDentity Online, that’s even better for end users — and eliminates the need for passwords, which can be easily stolen.</p> <h2 id="toc_2">3. Ensure MDM Configuration Features</h2> <p>Basic device configuration enforced by MDM should <strong>include these five features</strong>:</p> <ul><li>Application store choice (only from authorized stores)</li> <li>Block lists of applications that cannot be installed for security or policy reasons </li> <li>Regular software check-ins and updates for both operating systems and installed applications</li> <li>Enabled remote device wipe capabilities</li> <li>And device unlock authentication controls (which require authentication to unlock, and lock automatically when idle).</li> </ul><h2 id="toc_3">4. Shore Up Mobile Endpoint Security</h2> <p>The jury is still out on whether <strong>built-in endpoint security</strong> is required for mobile devices, especially because MDM offers many of the same controls. If you can’t mandate a device platform that has built-in containerization (which keeps personal and work worlds from colliding on a device), add on an endpoint security solution that has containerization and ensure that it’s required by MDM policy.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> </div> <div> <div class="field-author"><a href="/author/joel-snyder" hreflang="en">Joel Snyder</a></div> </div> Wed, 02 Jan 2019 16:33:54 +0000 juliet.vanwagenen_22746 41936 at The Benefits of Multifactor Authentication in Healthcare <span>The Benefits of Multifactor Authentication in Healthcare</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 12/20/2018 - 22:35</span> <div><p dir="ltr">Data breaches aren’t just headaches for provider organizations, they’re expensive as well. In IBM’s<a href="" target="_blank"> 2018 Cost of a Data Breach Report</a> by the Ponemon Institute, released earlier this year, the cost of a breach for any industry was set at <strong>$408 per record</strong>, with the average cost coming in at <strong>$3.86 million</strong> for an organization, a <strong>6.4 percent spike </strong>from last year.</p> <p dir="ltr">Pair this with the fact that healthcare records<a href="" target="_blank"> often fetch more on the black market</a> than other forms of data, making healthcare organizations a profitable target for hackers. Cyberthreats are proving to be immensely costly for providers everywhere.</p> <p dir="ltr">As data breaches in healthcare persist, multifactor authentication — which relies on multiple factors to prove identity — could help close the gaps in security, shoring up defenses and preventing breaches,<a href=""> alongside other cyber security best practices</a>.</p> <p dir="ltr">In fact,<a href="" target="_blank"> according to the Annual Report to Congress on the Federal Information Security Management Act</a>, up to <strong>65 percent</strong> of cybersecurity incidents could have been prevented with strong MFA.</p> <p dir="ltr"><em><a href="" target="_blank"><strong>MORE FROM HEALTHTECH: </strong>Arm yourself with the right info to stay HIPAA-compliant in the cloud.</a></em></p> <h2 dir="ltr">What Is Multifactor Authentication?</h2> <p dir="ltr">Passwords can be an easy target for hackers, particularly as new methods such as<a href="" target="_blank"> password spray attacks</a> and phishing, which involve social engineering to exploit loopholes in security systems, emerge. This is where multifactor authentication methods can step in to provide an extra level of identification security.</p> <p dir="ltr">“MFA requires users to submit a combination of factors — at least two — to authenticate their identity and gain access to a computer or device,” explains Wes Wright, CTO at security provider<a href=";ctlgfilter=&amp;searchscope=all&amp;sr=1" target="_blank"> Imprivata</a>. “The factors fall into three categories: something you are (like a fingerprint biometric), something you have (a mobile device) and something you know (a username and password).”</p> <p dir="ltr">A typical two-factor authentication combination would be a username and password from the user, as well as a token code generated by the user’s smartphone, Wright explains. Many solutions also employ <a href="">biometric tools</a>, which sense unique physical characteristics, such as <strong>fingerprint or retina scanners</strong>.</p> <h2 dir="ltr">What Are the Benefits of Multifactor Authentication?</h2> <p dir="ltr">The main benefit of MFA methods is that they decrease reliance on passwords, which can be a relatively hackable form of identification when used alone. Moreover, <strong>phishing attacks are still one of the top threat actors</strong> for healthcare organizations, according to a <a href="" target="_blank">survey released by HIMSS earlier this year</a>, making the push away from passwords more pressing.</p> <p dir="ltr">“MFA tremendously improves security which is why you see a huge push to make sure that all elevated privilege accounts are not accessible without using some type of MFA,” says Wright.</p> <p dir="ltr">But improved security isn’t the only benefit of MFA. Along with improved security, the technology can also have benefits for staff, particularly when it comes to improving clinician workflow. For example, in 2014, Evanston, Ill.-based <a href="" target="_blank">NorthShore University HealthSystem</a> deployed<a href="" target="_blank"> Imprivata’s Confirm ID</a> MFA solution, which uses a fingerprint reader integrated with the electronic health record, for<a href=""> electronic prescribing of controlled substances</a> and saw an enthusiastic response from staff.</p> <p dir="ltr">“Doctors were excited about this project because it <strong>makes their workflow easier</strong> and makes things easier for patients,” Meredith Sefa, NorthShore’s assistant vice president for application services,<a href=""> tells <em>HealthTech</em></a>.</p> <p dir="ltr">Moreover, MFA can even be a window to the world of <strong>password-free authentication</strong>. Already,<a href="" target="_blank"> Microsoft</a> has been able to<a href="" target="_blank"> achieve a pseudo-passwordless state for its users</a> by deploying many of its own MFA solutions internally.</p> <p><a data-entity-type="" data-entity-uuid="" href="" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="/sites/" /></a></p> <h2 dir="ltr">Key Considerations for an MFA Solution</h2> <p dir="ltr">While MFA certainly improves security and workflow, authentication itself, while necessary, can sometimes prove burdensome for clinicians and staff.</p> <p dir="ltr">“Within EpicCare alone, there are more than <strong>40 clinical workflows</strong> that may require users to authenticate,” explains Wright. “These include witnessing medication wasting, blood administration, anesthesia attestation and others.”</p> <p dir="ltr">For this reason, adding layers of security could potentially create inefficiencies, Wright explains, noting that there are a number of factors providers should consider to ensure the solution doesn’t “frustrate users, impede workflow or create barriers to patient care.”</p> <p dir="ltr">He lays out the factors below as key considerations:</p> <ul><li>Extensibility to meet all present and future authentication needs, inside and outside the hospital</li> <li>Security balanced with convenience to enable — not impede — patient care through: <ul><li>Embedded authentication workflows that tightly integrate with the EHR and other applications, medical devices, remote access gateways, virtual desktop platforms, and other systems</li> <li>Flexible, comprehensive portfolio of authentication methods</li> </ul></li> <li>Compliance with the highest standards regulating care, such as the DEA requirements for electronic prescriptions for controlled substances</li> <li>A platform built specifically for healthcare and its unique workflow needs</li> </ul><p><a data-entity-type="" data-entity-uuid="" href="" target="_blank"><img alt="Modern-Workforce_the-office.jpg" data-entity-type="" data-entity-uuid="" src="" /></a></p> <h2 dir="ltr">How to Overcome Cultural Barriers to an MFA Implementation</h2> <p dir="ltr">While MFA systems are simple enough to integrate from an IT perspective, Wright notes that, as with many IT implementations, the culture is “where the hard work starts.”</p> <p dir="ltr">“Unless you choose your MFA system wisely, you will be adding an additional step to the login process which your clinical and business partners won’t be thrilled with. Therefore, as an IT professional, it’s up to us to <strong>communicate the “why” of using MFA</strong>,” says Wright.</p> <p dir="ltr">When seeking to communicate the importance of these systems, it helps to point to many of the recent breaches that have affected healthcare organizations and the impact these breaches have on the organizations themselves.</p> <p dir="ltr">What’s most important, however, is that the implementation is seen as a collaboration between IT and staff in order to create a more secure healthcare environment.</p> <p dir="ltr">“Your clinical and business partners should feel as if they’re making the MFA journey with the IT organization, not having something, once again, done to them by IT.”</p> <p dir="ltr">As providers begin to overcome cultural barriers, eventually MFA will likely become the norm when it comes to healthcare authentication.</p> <p dir="ltr">“Going forward, you’ll see 2FA and MFA playing the same role they play today: moving toward a password-free environment. The difference being,<strong> the lack of 2FA and MFA will be the exception</strong>, whereas today, those with 2FA and MFA are the exception,” says Wright.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Fri, 21 Dec 2018 03:35:26 +0000 juliet.vanwagenen_22746 41931 at