HealthTech Magazine - Technology Solutions That Drive Healthcare https://healthtechmagazine.net/rss.xml en 4 Cybersecurity Threats Healthcare Organizations Need to Watch Out for in 2019 https://healthtechmagazine.net/article/2019/01/4-cybersecurity-threats-healthcare-organizations-need-watch-out-2019 <span>4 Cybersecurity Threats Healthcare Organizations Need to Watch Out for in 2019</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 01/18/2019 - 11:16</span> <div><p>With the new year comes new viruses threatening healthcare systems. HIMSS’ latest monthly <a href="http://file/Users/tpsullivan/Downloads/environmental-scan-brief-12-2018-volume-28-with-cover_0.pdf" target="_blank">Healthcare and Cross-Sector Cybersecurity Report</a>, unveiled just before the new year, laid out <strong>several threats that providers everywhere should be keeping an eye on</strong> as they seek to shore up cyberdefenses.</p> <h2>1. Kubernetes Hole Exploits May Appear</h2> <p>Pointing to a <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-1002105" target="_blank">recent advisory from the National Institute of Standards and Technology</a>, providers should beware of a possible Kubernetes hole in earlier versions.</p> <p>NIST warns:</p> <blockquote><p>In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.</p> </blockquote> <p>"The Kubernetes vulnerability was reported earlier this month, the vulnerability was addressed, and the talk about it died down," report author Lee Kim, director of privacy and security at HIMSS, <a href="https://www.healthcareitnews.com/news/himss-new-cybersecurity-report-christmas-virus-holes-kubernetes-and-years-worst-passwords" target="_blank">tells Healthcare IT News</a>. "But the <strong>exploits are continuing to be developed</strong>. So, that was very interesting to see." </p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="CDW Cybersecurity Insight Report " data-entity-type="" data-entity-uuid="" src="/sites/statetechmagazine.com/files/Cybersecurity_IR_stayprotected_700x220%20(2).jpg" /></a></p> <h2>2. Phishing Continues to Open Healthcare Up to Threats</h2> <p>In a <a href="https://healthitsecurity.com/news/himss-healthcare-ransomware-data-breaches-top-industry-threats" target="_blank">survey from HIMSS that came out last year</a>, respondents identified phishing attacks as one of the top threat actors. In fact, <strong>62 percent </strong>of respondents pointed to email as a point of compromise, a fact that isn’t likely to change anytime soon.</p> <p>"There has been an uptick recently in credential phishing, including those targeting popular web mail services," says Kim.</p> <p><em><a href="https://healthtechmagazine.net/article/2018/09/what-your-healthcare-organization-can-do-prevent-phishing-attacks"><strong>MORE FROM HEALTHTECH:</strong> See what you can do to combat phishing attacks.</a></em></p> <h2>3. Cryptomining Grows in Popularity for Hackers</h2> <p>Malicious cryptomining, also known as cryptojacking, allows threat actors to <strong>attack multiple devices at once</strong>, which can take a bite out of computing power. <a href="https://healthtechmagazine.net/article/2018/09/cryptojacking-rises-popularity-and-threatens-healthcare-productivity">It’s on the rise in healthcare</a>, with the report noting that “cryptomining is <strong>beating out ransomware as a top cyber threat</strong>, including in the Middle East, Turkey, and Africa.”</p> <h2>4. Terrible Passwords Still Leave Organizations Vulnerable</h2> <p>Not all threats are new, and perhaps the oldest of them all is the weak password, which can make organizations particularly vulnerable to threats like <a href="https://biztechmagazine.com/article/2018/10/why-your-business-should-be-wary-password-spray-attacks" target="_blank">password spray attacks</a>. What made the list as the most used passwords of 2018? You’ll never guess (OK, you probably will): At the top of the list was “<strong>12345</strong>,” followed by “<strong>password</strong>” at No. 2.</p> <p>“This should be no surprise, including to people who maintain lists of common credentials,” Kim notes in the report.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Fri, 18 Jan 2019 16:16:39 +0000 juliet.vanwagenen_22746 42001 at https://healthtechmagazine.net How to Get the Most Out of Your EHR Implementation https://healthtechmagazine.net/article/2019/01/how-get-most-out-your-ehr-implementation <span>How to Get the Most Out of Your EHR Implementation</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 01/17/2019 - 15:19</span> <div><p>The implementation of an electronic health record system is a massive investment for a healthcare organization, both financially and for staff and clinicians. The vetting process of EHR vendors alone can be intense and time-consuming, and that’s prior to the deployment of any tools, including the EHR itself and other peripheral IT.</p> <p>With that in mind, it’s up to health IT leaders to ensure organizations get the most out of such efforts in order to <strong>maximize both employee and patient satisfaction</strong>. A number of factors are at play for providers headed down this path.</p> <p><em><a href="https://healthtechmagazine.net/resources/white-paper/next-generation-patient-engagement-technology-enhances-patient-outcomes" target="_blank"><strong>DOWNLOAD:</strong> Learn more about what next-generation technology will mean for patient engagement — and outcomes.</a></em></p> <h2>Build Up a Proper Foundation</h2> <p>One of the biggest keys to a successful EHR deployment is ensuring your technology infrastructure is up to date. <a href="https://healthtechmagazine.net/article/2018/12/what-your-organization-needs-successful-ehr-go-live">According to</a> Sue Schade, a principal at StarBridge Advisors who previously served as CIO at both the University of Michigan Hospitals and Health Centers and <a href="https://www.brighamandwomens.org/" target="_blank">Brigham and Women’s Hospital</a> in Boston, a healthcare organization’s infrastructure must be able to support any new system at scale.</p> <p>“Conduct a thorough performance evaluation, and if you are considering a hosted solution, take support levels and overall cost into account,” Schade says. “At the same time, recognize that peripheral devices will continue to evolve, meaning <strong>new clinician end-user tools will constantly be on the horizon</strong>.”</p> <p>In looking to support its Epic EHR installation, for instance, <a href="https://www.mdanderson.org/" target="_blank">MD Anderson Cancer Center</a> in Houston deployed a virtual desktop infrastructure in addition to all-flash storage and new servers.</p> <p>“Get the best deal that you can, but implement the infrastructure that you need so that patients can get the entire value from the software,” Vice President and CTO Chuck Suitor<a href="https://healthtechmagazine.net/article/2018/08/complementary-upgrades-help-hospitals-get-most-out-ehr-deployments"> told</a> <em>HealthTech</em>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-trends.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/healthtechmagazine.net/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2>Troubleshoot and Train Healthcare Staff</h2> <p>Troubleshooting, of course, must also be <strong>prioritized to figure out where potential use pain points may exist</strong>. During an <a href="https://healthtechmagazine.net/article/2017/02/electronic-health-records-rollouts-prove-be-all-encompassing-affairs">EHR rollout at Houston Methodist</a>, the organization built simulation labs and ran a gap analysis that enabled doctors to test the system and pinpoint problems.</p> <p>Last summer, the Pew Charitable Trusts, <a href="https://www.medicalhumanfactors.net/" target="_blank">MedStar Health’s National Center for Human Factors in Healthcare</a> and the <a href="https://www.ama-assn.org/" target="_blank">American Medical Association</a> jointly published a <a href="https://www.pewtrusts.org/research-and-analysis/reports/2018/08/28/ways-to-improve-electronic-health-record-safety" target="_blank">report</a> advocating for advanced usability testing, especially around potential safety issues.</p> <p>User training is also critical to the success of an EHR deployment. A <a href="http://med.stanford.edu/content/dam/sm/ehr/documents/SM-EHR-White-Papers_v12.pdf" target="_blank">white paper</a> published by Stanford Medicine in September notes the amount of EHR training doctors get can have a positive impact on their system satisfaction. It quotes Taylor Davis, executive vice president for analysis and strategy at KLAS Enterprises, as saying that devoting higher-than-average amounts of time to physician EHR training helps users to face the realization that such tools won’t necessarily “be intuitive enough to use out of the box.”</p> <p>Schade, in her <a href="https://healthtechmagazine.net/article/2018/12/what-your-organization-needs-successful-ehr-go-live">article</a>, suggests leveraging <strong>alternatives to classroom-based training</strong>, if possible, especially since finding enough space to train all users adequately can prove challenging.</p> <h2>Continue to Optimize Your EHR Investment</h2> <p>In addition, organizations must put great emphasis on continued optimization following a deployment. This goes hand in hand with troubleshooting and training. As technological or process issues are discovered — and there are usually a few unique to every implementation — IT leaders can update workflow processes and ensure users are properly educated.</p> <p><strong>EHR deployments are very involved processes</strong>. Maximizing the investment requires a lot of patience, flexibility and a continued eye on the ultimate goal of improved patient care.</p> <p><em>This article is part of </em>HealthTech<em>’s <a href="https://healthtechmagazine.net/monitor">MonITor blog series</a>. Please join the discussion on Twitter by using <a href="http://twitter.com/hashtag/WellnessIT" target="_blank">#WellnessIT</a>.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://healthtechmagazine.net/monitor" target="_blank"><img alt="MonITor_logo_sized.jpg" data-entity-type="" data-entity-uuid="" src="/sites/healthtechmagazine.net/files/MonITor_logo_sized.jpg" /></a></em></p> </div> <div> <div class="field-author"><a href="/author/jonathan-karl" hreflang="en">Jonathan Karl</a></div> </div> Thu, 17 Jan 2019 20:19:10 +0000 juliet.vanwagenen_22746 41996 at https://healthtechmagazine.net Q&A: Hazel Health CEO Josh Golomb on How Telehealth Can Make a Difference in Schools https://healthtechmagazine.net/article/2019/01/qa-hazel-health-ceo-josh-golomb-how-telehealth-can-make-difference-schools <span>Q&amp;A: Hazel Health CEO Josh Golomb on How Telehealth Can Make a Difference in Schools</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 01/17/2019 - 12:02</span> <div><p>Getting healthcare to all children across the U.S. is a tall order — particularly when <a href="http://pnhp.org/news/20-million-children-lack-sufficient-access-to-health-care/" target="_blank">20 million children still don’t have access to sufficient care</a> — but one company is serving up a solution, with a little help from technology.</p> <div style="padding: 5px; width: 300px; color: rgb(236, 236, 236); margin-bottom: 10px; margin-left: 15px; float: right; background-color: rgb(51, 51, 51);"><img alt="" data-entity-type="" data-entity-uuid="" hoffman="" src="/sites/healthtechmagazine.net/files/BT_Josh_Golomb.jpg" style="width: 300px; height: 300px;" title="“Dan" /><p style="font-size: 18px;">Hazel Health CEO Josh Golomb. Photo courtesy of Hazel Health.</p> </div> <p>Hazel Health, a San Francisco-based healthcare company, aims to expand care access to every child in the country, regardless of insurance, immigration status or family income. The company is pursuing this goal by bringing telehealth into schools, connecting children to doctors at no cost to their families. It already serves <strong>more than 10,000 students</strong> in <strong>11 school districts </strong>and has a track record of more than <strong>8,000 telehealth visits</strong>.</p> <p>Hazel Health CEO Josh Golomb spoke with <em>HealthTech</em> to discuss how technology has offered a way into improving access to care for schoolchildren across the country.</p> <p><em><a href="https://healthtechmagazine.net/resources/white-paper/seeing-possibilities-telehealth" target="_blank"><strong>DOWNLOAD:</strong> Telehealth can improve care — here’s how.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How does bringing telemedicine to schools help to improve care?</h2> <p><strong>GOLOMB:</strong> With <a href="https://www2.ed.gov/datastory/chronicabsenteeism.html" target="_blank">poor health linked to chronic absenteeism</a>, we see investing in healthcare as a way to both improve student health and impact student performance in school and beyond. Children can only succeed if they are healthy and able to attend school regularly. With approximately <a href="http://www.nccp.org/publications/pdf/text_1195.pdf" target="_blank">21 percent of children in the United States living in families with incomes</a> below the federal poverty level, many have inadequate health insurance or limited access to healthcare, often relying on expensive <strong>emergency room visits that cost over $1,100 on average</strong>. </p> <p>Hazel Health partners with school nurses to offer virtual medical clinics in the school setting. Nurses enable students to receive immediate care by connecting with our network of doctors via video call from the nurse’s office.</p> <p>Further,<strong> 85 percent</strong> of students return to class after a visit with Hazel, which means more time spent learning in the classroom. This is also a huge relief for parents, who might otherwise have to leave work and lose income. With this model, we can leverage technology to provide great care at a far lower cost than the alternative of an urgent care or emergency room visit. </p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What's needed, in terms of coordination, to implement telemedicine in schools?</h2> <p><strong>GOLOMB:</strong> Our role is to find a way to fill in the access gaps that may exist.</p> <p>We track all of our encounters with students and their families over time via an electronic health record system, and our providers can use our technology to share this information with the students’ other providers or generate a referral to a new provider if needed. We also partner closely with many Federally Qualified Health Centers and are looking to launch formal partnerships with health plans and health systems in the coming months. </p> <p>We have seen many examples where connecting the school nurse, Hazel doctor and a local primary care provider has enabled us to develop a more robust care plan for a child that had been chronically absent, without a clear diagnosis or care plan. </p> <p><em><a href="https://healthtechmagazine.net/article/2018/11/are-telehealth-offerings-meeting-patient-expectations-infographic" target="_blank"><strong>INFOGRAPHIC:</strong> Are telehealth offerings meeting patient expectations?</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What is necessary from a technology perspective to implement this program?</h2> <p><strong>GOLOMB:</strong> Every school receives an <a href="https://www.cdw.com/content/cdw/en/brand/apple.html" target="_blank">iPad</a> to connect with Hazel providers, as well as a cart of supplies, including <strong>15 over-the-counter medications</strong> that school nurses can administer when they have an order from Hazel. The program also collaborates with schools to help manage administrative workflow by streamlining the way information is shared with parents or other care providers, as necessary.</p> <p>Hazel has also built a flexible platform that is adaptable to school districts’ existing EHR and school record keeping systems. The system includes data analytics tools, tying together school-related identifiers and student health interventions that can help to paint a picture of potentially high-risk students.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What has the benefit been so far?</h2> <p><strong>GOLOMB:</strong> We have seen a <strong>40 percent reduction in health-related absenteeism</strong> in our partner schools and know that has an impact on academic performance.</p> <p>By way of example: We recently had a fifth-grade student who was frequently missing school. After her virtual consultation with a provider, we learned that she had a pre-existing asthma diagnosis, but was no longer using her inhaler because she had not gone to a doctor for more than two years. Our virtual care services helped the student and her family get an appointment to see her doctor again for a new inhaler. Her provider also ensured the inhaler was available for her at school and that she was trained to use it. As a result, the student’s attendance improved, her parents felt reassured, and <strong>the school nurse could help administer the care the student needed</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/modern-workforce.html" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/biztechmagazine.com/files/IT%20Infrastructure_IR_2.jpg" /></a></p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Thu, 17 Jan 2019 17:02:28 +0000 juliet.vanwagenen_22746 41991 at https://healthtechmagazine.net Keep Up with Industry Trends as a HealthTech Insider https://healthtechmagazine.net/article/2019/01/keep-industry-trends-healthtech-insider <span>Keep Up with Industry Trends as a HealthTech Insider</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 01/16/2019 - 14:45</span> <div><p>As a health IT leader, you’re swamped when it comes to keeping up with the latest news and trends in healthcare technology. You can <strong>count on us to advise you</strong> on IT management and general tech know-how, but there’s so much more to sift through across social media, online searches and peer conversations. That’s why we’ve taken the time to <strong>reimagine our <em>HealthTech</em> Insider program</strong> in a way that’s smarter, more user friendly and, ultimately, <strong>more valuable</strong>.</p> <p><em>HealthTech</em> Insiders <a href="https://healthtechmagazine.net/register" target="_blank">gain access to personalized content recommendations</a> and our <strong>most in-depth, premium articles, videos and more</strong>. Insiders can unlock access to white papers, view daily fast facts, save articles to read later and weigh in on trending topics through Insider polls.</p> <p><em><a href="https://healthtechmagazine.net/register" target="_blank"><strong>GET STARTED:</strong> Register for the HealthTech Insider program today</a>.</em></p> <h2>Custom HealthTech Dashboard Gets Smarter the More You Use It </h2> <p>What I find most exciting about the new Insider content dashboard is that the more you use it, the smarter it gets. Insiders select the topics and subjects they want to learn more about or that affect their day-to-day, and <strong>receive personalized Insider updates</strong> based on those preferences. That means you can easily read what’s important to you first, when you want it, without losing time on a search or perusing nonessentials.</p> <p>When content catches your eye but you don’t have time to read it, you can tap or click a flag found on every article and video to <strong>save it in your library</strong> and quickly access it later.</p> <p>As well as having articles served up based on your personalized interests and reading habits, <em>HealthTech</em> Insider also offers users access to a growing library of exclusive content not available to the general website or print magazine audiences. You won’t want to miss out on what’s in store.</p> <p>When you <a href="https://healthtechmagazine.net/register" target="_blank">register for the Insider program</a>, you can also renew or sign up to receive a print subscription, as well as our e-newsletter, which brings must-read content to your inbox twice a month. Thank you for making <em>HealthTech</em> a part of your workday. As always, <strong>we’re here to help</strong>.</p> </div> <div> <div class="field-author"><a href="/author/ryan-petersen" hreflang="en">Ryan Petersen</a></div> </div> Wed, 16 Jan 2019 19:45:26 +0000 juliet.vanwagenen_22746 41986 at https://healthtechmagazine.net 4 Tips for Healthcare Organizations Considering SD-WAN https://healthtechmagazine.net/article/2019/01/4-tips-healthcare-organizations-considering-sd-wan <span>4 Tips for Healthcare Organizations Considering SD-WAN</span> <span><span lang="" about="/user/6191" typeof="schema:Person" property="schema:name" datatype="">phil.goldstein_6191</span></span> <span>Tue, 01/15/2019 - 14:06</span> <div><p>Software-defined networking, especially given its lower cost and flexibility, is widely viewed as a replacement for multiprotocol label-switching. For healthcare organizations and senior care communities, SDN helps IT staff be more responsive to network demands by streamlining management tasks. </p> <p>SD-WAN solutions enable multisite organizations to <strong>better monitor their WANs in real time</strong>. The appliances can be physical or virtual; the approach you choose will depend on your needs, your network’s size and how it will be used. Here are some recommendations for getting started on your SD-WAN journey.</p> <p><a href="https://healthtechmagazine.net/article/2018/10/sd-wan-helps-healthcare-orgs-improve-network-reliability-far-and-wide" target="_blank"><em><strong>MORE FROM HEALTHTECH: </strong>Find out how SD-WAN enhances healthcare providers' network </em></a><a href="https://healthtechmagazine.net/article/2018/10/sd-wan-helps-healthcare-orgs-improve-network-reliability-far-and-wide" target="_blank"><em>capabilities,</em></a><a href="https://healthtechmagazine.net/article/2018/10/sd-wan-helps-healthcare-orgs-improve-network-reliability-far-and-wide" target="_blank"><em> and improves reliability, workflow and organizational efficiencies. </em></a></p> <h2 id="toc_0">1. Keep Your Organization's Bandwidth Needs in Mind</h2> <p>SD-WAN providers ­routinely use total throughput (the combined symmetrical bandwidth) as a baseline for the type of hardware needed, as well as the software or license costs associated with that hardware. Contact your current ISP to <strong>find out how much bandwidth you’re consuming monthly</strong> to better prepare for questions from vendors.</p> <h2 id="toc_1">2. Determine the Size and Nature of Your WAN</h2> <p>Before starting your search for the right technology, also make sure you have <strong>a good understanding of exactly what your WAN looks like</strong>. You should be able to describe your physical locations, the layout of the LAN at each location, and what services you’ll need to provide.</p> <h2 id="toc_2">3. Get Details from Vendors on SD-WAN Features </h2> <p>Many vendors offer the same solutions but use different terminology. Take notes on each vendor and <strong>the specific features they offer that make sense for your organization</strong>. Also, be sure to compare quotes from each provider and learn about their different pricing structures. Don’t be afraid to ask ­questions.</p> <h2 id="toc_3">4. Test SD-WAN Solutions in Pilot Programs When Possible </h2> <p>For organizations that have the bandwidth,<strong> piloting is a good way to gauge your needs in real time</strong>. Doing so also allows IT staff to work through potential glitches, so when the time comes for the full deployment, the transition will have fewer rough patches. If you have the resources, <strong>make piloting a priority</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/hybrid-cloud-infrastructure-report.html" tabindex="-1" target="_blank"><img alt="IT%20Infrastructure_IR_1%20(2)_0.jpg" data-entity-type="" data-entity-uuid="" src="https://fedtechmagazine.com/sites/fedtechmagazine.com/files/IT%20Infrastructure_IR_1%20(2)_0.jpg" /></a></p> </div> <div> <div class="field-author"><a href="/taxonomy/term/11961" hreflang="en">Ryan Gray </a></div> </div> Tue, 15 Jan 2019 19:06:58 +0000 phil.goldstein_6191 41981 at https://healthtechmagazine.net Bottom Line: For Healthcare Organizations, Security Is Everyone’s Responsibility https://healthtechmagazine.net/article/2019/01/bottom-line-healthcare-organizations-security-everyones-responsibility <span>Bottom Line: For Healthcare Organizations, Security Is Everyone’s Responsibility</span> <span><span lang="" about="/dashboard/danielbowman26806" typeof="schema:Person" property="schema:name" datatype="">daniel.bowman_26806</span></span> <span>Mon, 01/14/2019 - 12:41</span> <div><p>Cyberattacks and security measures, no doubt, can have a tremendous impact on any organization’s bottom line. The <strong><a href="https://www.ibm.com/security/data-breach" target="_blank">average cost of a data breach</a> in the U.S. is $7.91 million</strong>, according to the Ponemon Institute. That figure includes detection, notification costs and redress activities, as well as lost business.</p> <p>Healthcare, in particular, has the highest per capita data breach cost — $408 — out of all industries. Even scarier: <strong>More than 90 percent of healthcare organizations have reported data breaches</strong> since the third quarter of 2016, <a href="https://www.newswire.com/news/black-books-annual-cybersecurity-survey-reveals-healthcare-enterprises-20476554" target="_blank">according to</a> Black Book Research.</p> <p><strong><a href="https://healthtechmagazine.net/article/2018/11/your-healthcare-organizations-been-hacked-now-what"><em>MORE FROM HEALTHTECH:</em></a></strong><a href="https://healthtechmagazine.net/article/2018/11/your-healthcare-organizations-been-hacked-now-what"><em> What providers can do in the wake of a cyberattack.</em></a></p> <h2>Providers Fight an Uphill Battle for Protection</h2> <p>To make matters worse, a majority of providers likely are fighting an uphill battle to keep top security talent, <a href="https://healthtechmagazine.net/article/2018/07/good-hard-look-cost-can-help-bolster-healthcare-cybersecurity-funding">according to</a> Partners HealthCare CISO Jigar Kadakia. At the joint HIMSS-College of Healthcare Information Management Executives cybersecurity forum last year, Kadakia said that the best information security professionals often command higher salaries in other sectors. Cybersecurity spending in the industry is low and stagnant, with <strong>providers allocating only 3 percent of their overall IT budgets to security since 2016</strong>, according to Black Book — far less than what other industries spend.</p> <p>So, what can healthcare IT executives do to reduce risk and mitigate the costs associated with a breach?</p> <h2>Cybersecurity Frameworks and Assessments Are Critical</h2> <p>For starters, organizations should review their baseline device and IT environments. <strong>Providers typically use a mix of old and new equipment</strong>, including multiple disparate networks, hardware and applications, as well as homegrown and custom equipment and software. A detailed accounting of such tools and systems is an essential first step on the path to a healthier environment.</p> <p>Adding a cybersecurity framework — a set of policies, procedures, best practices and governance — is also a good idea. Examples include the National Institute of Standards and Technology Cybersecurity Framework and the Health Information Trust Alliance’s Cybersecurity Framework. Today, <strong>many healthcare organizations have adopted such a framework, and 40 percent are using more than one</strong>, <a href="https://www.symantec.com/content/dam/symantec/docs/infographics/2018-healthcare-it-security-and-risk-management-study-infographic-en.pdf" target="_blank">according to</a> Symantec.</p> <p>What’s more, <strong>providers must conduct security risk assessments, including penetration tests and simulated phishing, at least once a year</strong> to ferret out points of entry and weaknesses in their IT infrastructures. All the various assessments and frameworks won’t matter, however, without proper training and insider threat management programs.</p> <h2>Healthcare Organizations Must Emphasize Security Education</h2> <p>IT must emphasize end-user education, especially considering the constant dangers looming in email. A 2018 <a href="https://www.mimecast.com/blog/2018/09/most-healthcare-data-breaches-now-caused-by-email/" target="_blank">survey</a> from Mimecast and HIMSS Analytics found that <strong>a majority of responding CIOs and IT directors believe email was the most likely source of a breach</strong> in their organization. Phishing, in particular, is a serious problem, according to another HIMSS <a href="https://www.himss.org/sites/himssorg/files/u132196/2018_HIMSS_Cybersecurity_Survey_Final_Report.pdf" target="_blank">report</a>.</p> <p>“Users are really scared to use email today,” Randall Frietzsche, CISO and privacy officer for Denver Health, <a href="https://healthtechmagazine.net/article/2018/10/how-healthcare-providers-can-safeguard-against-insider-misuse">told <em>HealthTech</em></a>. “They get email that they’re afraid to click on and they hear all the horror stories.”</p> <p>Cybersecurity hygiene is everyone’s responsibility. Dedicating more time to frequent personal development and security training for those already on staff is a relatively inexpensive and easy way to take steps in the right direction. What’s more, it <strong>helps to ensure security is top of mind for executives</strong> as more resources are needed.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="https://healthtechmagazine.net/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> </div> <div> <div class="field-author"><a href="/author/christine-holloway" hreflang="en">Christine Holloway</a></div> </div> Mon, 14 Jan 2019 17:41:09 +0000 daniel.bowman_26806 41976 at https://healthtechmagazine.net Q&A: Lucile Packard Children's Hospital CIO Ed Kopetsky on Embracing Health IT Innovation https://healthtechmagazine.net/article/2019/01/qa-lucile-packard-childrens-hospital-cio-ed-kopetsky-embracing-health-it-innovation <span>Q&amp;A: Lucile Packard Children&#039;s Hospital CIO Ed Kopetsky on Embracing Health IT Innovation</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 01/11/2019 - 10:27</span> <div><p>When it comes to health IT, Ed Kopetsky has seen it all. The current CIO of <a href="https://www.stanfordchildrens.org/" target="_blank">Lucile Packard Children’s Hospital Stanford</a> and <a href="https://www.stanfordchildrens.org/" target="_blank">Stanford Children’s Health</a> has most recently been instrumental in innovative upgrades, such as the move to <a href="https://healthtechmagazine.net/article/2018/11/innovative-hospitals-tap-automation-streamline-patient-care">improve the flow of communication</a> by integrating nurse central stations with patient monitors, the nurse call system and the medical staff’s <a href="https://www.cdw.com/product/Apple-iPhone-X-silver-4G-LTE-LTE-Advanced-64-GB-GSM-smartphone/4848220" target="_blank">iPhones</a>. Kopetsky has held this position for about a decade, and has worked at several other prominent health systems as well as in the commercial sector over the course of his long career.</p> <div style="padding: 5px; width: 299px; color: rgb(236, 236, 236); margin-bottom: 10px; margin-left: 15px; float: right; background-color: rgb(51, 51, 51);"><img alt="" data-entity-type="" data-entity-uuid="" hoffman="" src="/sites/healthtechmagazine.net/files/HT_Kopetsky_Headshot.jpg" style="width: 299px; height: 382px;" title="“Dan" /><p style="font-size: 18px;">Ed Kopetsky, CIO of Lucile Packard Children’s Hospital Stanford and Stanford Children’s Health. Photo courtesy of Stanford.</p> </div> <p>Fresh off a win as the <a href="https://www.himss.org/" target="_blank">Healthcare Information and Management Systems Society</a> CIO of the year, Kopetsky spoke with <em>HealthTech</em> to discuss his greatest challenges, achievements and what he’s learned in his years of work with healthcare IT.</p> <p><em><a href="https://healthtechmagazine.net/article/2018/11/vr-offers-patients-virtual-distraction-pain"><strong>MORE FROM HEALTHTECH:</strong> See how Lucile Packard Children’s Hospital has tapped VR to reduce anxiety in young patients.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What would you say you’ve learned about working in health IT over the course of your career?</h2> <p><strong>Kopetsky:</strong> It’s really not about the technology alone; to be successful, it has to be about significant change to improve healthcare services and patient outcomes. As such, IT needs to be deeply partnered with organizational leadership and operations.</p> <p>It has worked best to have <strong>significant involvement from executives</strong>, clinicians and end users from the start of redesign through implementation, optimization and evolution. Because of the opportunity for improving care and business processes, it’s ideal when clinical or business leaders chair the change initiatives, with support and co-leadership from IT.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What was the greatest health IT challenge of your career?</h2> <p><strong>Kopetsky:</strong> One of my first, and greatest, health IT challenges was the first time I attempted to automate clinical orders and results in our outpatient clinics. Because the nature of outpatient mobility, location options and timing allowed for follow-up tests, the system we deployed became overloaded with pending orders. We had to <strong>back out of the system and redesign it completely</strong>. I’m glad that, together with our physicians, we faced the issue quickly and were successful after the redesign.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What about your greatest achievement?</h2> <p><strong>Kopetsky:</strong> Our goal at Stanford Children’s Health is to <strong>improve healthcare and medicine for children and expectant mothers</strong>.</p> <p>Over the years we have worked in several way to use innovative technology to improve implementation strategies, workflow design, adherence to best practices and patient engagement at Stanford with the aim of achieving those goals. Three such instances include safety interventions for medication administration, the prevention of nephrotoxic acute kidney injury in hospitalized children, and improved care for patients with congenital heart disease through the clinical effectiveness program.</p> <p>These were three case studies Chief Medical Information Officer Natalie Pageler and I presented to HIMSS for consideration as part of its Davies Award in 2017 — an award given to organizations that demonstrate outstanding achievement in using health IT to improve patient outcomes. Winning was international recognition that we had achieved our goals to improve care for children and expectant mothers. It also attested to why, as an engineer, I chose healthcare as my focus.</p> <p><em><a href="https://healthtechmagazine.net/resources/white-paper/next-generation-patient-engagement-technology-enhances-patient-outcomes" target="_blank"><strong>DOWNLOAD:</strong> Learn more about what next-generation technology will mean for patient engagement — and outcomes.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What do you see as some of the greatest challenges facing healthcare IT leaders at the moment?</h2> <p><strong>Kopetsky: </strong>Following the massive deployment of electronic medical record systems across the country, there is now an unprecedented level of support and integration with clinical operations. It’s also added a burden to our clinicians. We are <strong>still learning how to support and optimize clinical workflows</strong>, and the budgets supporting IT — not to mention the level of talent required — are a struggle for our health systems.</p> <p>At the same time, the role of IT in development of new knowledge and the transformation of healthcare to be more accessible and ultimately virtual will significantly increase demand for IT and presents a much broader scope in both executing and developing new strategies. As IT changes, the CIO title and role, along with the scope of IT responsibility, will certainly continue to evolve and grow.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How can healthcare IT leaders effectively engage with each other and other business leaders to address these challenges?</h2> <p><strong>Kopetsky: </strong>The best way to engage other business leaders is through <strong>collaborative planning and governance</strong>. It is essential for IT leadership to partner with clinical and business leaders to clarify needs and IT requirements. In addition, predictable processes are needed to assure common understanding and full transparency. It’s also key for healthcare leaders outside IT to advance their own understanding of IT, in the same way they do with finance, human resources and physician relations.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/modern-workforce.html" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/biztechmagazine.com/files/IT%20Infrastructure_IR_2.jpg" /></a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How can IT leaders best engage with their own IT teams to push innovation throughout an organization, much as you have done?</h2> <p>Kopetsky: First and foremost, the IT organization must be driven by patient care and the business. We have found tremendous value in leveraging <a href="https://theleanway.net/The-Five-Principles-of-Lean">Lean principles for continuous improvement</a>, especially those that deal with leadership development, rapid communication, transparency and <a href="http://insights.btoes.com/resources/what-is-going-to-gemba-lean-kaizen-definition-introduction">being in gemba</a>, where the real value is produced.</p> <p>Our deployment of <strong>dedicated IT service area leaders for every major part of our business</strong> has been a differentiator because it maximized understanding of needs and a trusted partnership with IT. As a result, we are innovating together with our clinical and business partners throughout the enterprise.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What technologies are you most excited about watching and implementing in coming years?</h2> <p><strong>Kopetsky: </strong>Virtual care, including telehealth visits, remote monitoring and emerging sensing technologies will <strong>expand greatly in the next five years</strong>, and could significantly reduce in-person visits and office overhead costs. At Stanford Children’s Health, we are pursuing innovations in home monitoring programs and wearables, and many of our patients are benefitting from improved access and timely clinical intervention regardless of their location.  </p> <p>Another area to watch is how consumerism and related technologies will alter healthcare and drastically improve access to care and health information. People with long-term needs will be connected continuously to promote proactive care and interventions. With the current FHIR [Fast Healthcare Interoperability Resources] standard, patients at Stanford Children’s can download their electronic medical record to any health app they use.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> If you had a magic wand and could change one thing about health IT today, what would it be?</h2> <p><strong>Kopetsky:</strong> I’ve long been an advocate for a <strong>universal patient ID</strong>, which would let us positively identify patients and share vital patient data regardless of where their care is provided.</p> <p>I also believe we need to restructure our privacy laws to allow easier sharing of critical patient data. This is particularly a barrier and risk to patients afflicted with complex needs, mental health issues and addiction. I would love to see fully connected acute, outpatient and community health services all able to share patient data to support the long-term needs of the patient.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Fri, 11 Jan 2019 15:27:03 +0000 juliet.vanwagenen_22746 41971 at https://healthtechmagazine.net Thinking of an OS Upgrade? Healthcare IT Leaders Should Consider These Factors First https://healthtechmagazine.net/article/2019/01/thinking-os-upgrade-healthcare-it-leaders-should-consider-these-factors-first <span>Thinking of an OS Upgrade? Healthcare IT Leaders Should Consider These Factors First</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 01/10/2019 - 09:30</span> <div><p>The <a href="https://biztechmagazine.com/article/2018/07/microsoft-nixes-support-windows-7-pcs-older-processors" target="_blank">end of support for Windows 7</a> is fast approaching.</p> <p><a href="https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet" target="_blank">Extended support is set to end in January 2020</a>, and while <a href="https://www.cdw.com/content/cdw/en/brand/microsoft.html" target="_blank">Microsoft</a> Corporate Vice President for Office and Windows Jared Spataro announced in a <a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/" target="_blank">blog post</a> that the company also will offer extended, per-device security updates for a fee through January 2023, for many healthcare organizations, if the process hasn’t already started, the time to transition to a new OS is now.</p> <p>Such an effort is one providers must not take lightly; after all, everyone from front-office staff to clinicians will need to use the OS for years to come.</p> <p>To that end, here are three factors healthcare IT leaders must consider when choosing the right system for their organization.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/modern-workforce.html" target="_blank"><img alt="IT%20Infrastructure_IR_2.jpg" data-entity-type="" data-entity-uuid="" src="/sites/biztechmagazine.com/files/IT%20Infrastructure_IR_2.jpg" /></a></p> <h2>3 Considerations for a Healthcare OS Upgrade</h2> <p><strong>1. Security:</strong> Cybersecurity continues to dominate conversations for all health IT executives and other stakeholders. Case in point: the Department of Health and Human Services recently published a voluntary <a href="https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx" target="_blank">best-practices guide</a> for the industry, with HHS Acting CISO Janet Vogel calling cybersecurity “everyone’s responsibility” in a <a href="https://www.hhs.gov/about/news/2018/12/28/hhs-in-partnership-with-industry-releases-voluntary-cybersecurity-practices-for-the-health-industry.html" target="_blank">statement</a>. Choosing the right OS for your organization goes a long way toward helping to create a secure environment for all IT users, especially as the desire for new capabilities, including <a href="https://healthtechmagazine.net/article/2018/12/benefits-multifactor-authentication-healthcare-perfcon">multifactor authentication</a>, grows.</p> <p><strong>2. Ease of use:</strong> Ease of workflow can make or break a healthcare organization. To make an appropriate decision, first evaluate the needs of all of your end users. What are the application preferences of your staff? Do many of your users rely on mobile access? What are your current communication challenges? Answering these kinds of questions up front can help to save a lot of time and money on the back end.</p> <p><strong>3. Payment structure:</strong> While security and ease of use are major aspects when it comes to OS selection and deployment, cost is also a key consideration. Healthcare is an industry with razor-thin margins. A <a href="https://www.navigant.com/news/corporate-news/2018/hsom-analysis-2018" target="_blank">study</a> published last summer by Navigant, for instance, found that from fiscal year 2015 to fiscal year 2017, average hospital operating margins fell by roughly <strong>39 percent</strong>; for <strong>65 percent</strong> of health systems analyzed, total income declined by <strong>$6.8 billion</strong>. With that in mind, provider organizations must also work within their budgets to determine a feasible payment structure, whether that means annual, semiannual or quarterly payments. Know your flexibility threshold before you start your evaluations.</p> <p>Whether you’re in the market for a new OS now, or will be a few years down the road, keeping these considerations top of mind is a must to ensure you meet the needs of your organization.</p> <p><em>This article is part of </em>HealthTech<em>’s <a href="https://healthtechmagazine.net/monitor">MonITor blog series</a>. Please join the discussion on Twitter by using <a href="http://twitter.com/hashtag/WellnessIT">#WellnessIT</a>.</em></p> <p><em><a data-entity-type="" data-entity-uuid="" href="https://healthtechmagazine.net/monitor" target="_blank"><img alt="MonITor_logo_sized.jpg" data-entity-type="" data-entity-uuid="" src="/sites/healthtechmagazine.net/files/MonITor_logo_sized.jpg" /></a></em></p> </div> <div> <div class="field-author"><a href="/author/tom-maloney" hreflang="en">Tom Maloney</a></div> </div> Thu, 10 Jan 2019 14:30:23 +0000 juliet.vanwagenen_22746 41966 at https://healthtechmagazine.net Professionals and Patients Grow More Comfortable with Wearable Health Data https://healthtechmagazine.net/article/2019/01/healthcare-professionals-and-patients-grow-more-comfortable-wearable-data <span>Professionals and Patients Grow More Comfortable with Wearable Health Data</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 01/09/2019 - 11:59</span> <div><p>Wearable fitness trackers are here to stay, and so is the data they generate. In fact, 27 percent of consumers already use fitness wearables, <a href="https://morningconsult.com/2019/01/08/wearable-and-app-users-tracking-health-techs-next-step/" target="_blank">according to data by Morning Consult</a>. But it’s not just consumers that want to peek into the stats generated by these devices: <a href="https://healthsolutions.fitbit.com/wp-content/uploads/FINAL_HIMSS_FitBit_WP_10.01.20181.pdf" target="_blank">A new survey by the Healthcare Information and Management Systems Society (HIMSS) </a>and sponsored by <a href="https://www.cdw.com/search/?key=Fitbit&amp;searchscope=all&amp;sr=1" target="_blank">Fitbit</a> shows that many healthcare professionals want to make use of that patient generated health data order to improve patient care.</p> <p>According to the report, <strong>79 percent</strong> of the 101 respondents — a mix of clinicians, healthcare IT and business professionals — noted they would like to have more information about patients between office visits, a gap that wearable data can fill. Meanwhile, <strong>72 percent</strong> reported that they need PGHD in order to “make good decisions on chronic disease management.”</p> <p>“It’s encouraging news,” said John Sharpe, senior manager of the Personal Connected Health Alliance at HIMSS, in the report. “We are learning to trust the data. Furthermore, we’re learning how to make actual wearables and activity monitors more effective tools in both preventing disease and managing chronic disease.”</p> <p><em><a href="https://healthtechmagazine.net/article/2018/11/how-providers-can-tap-technology-and-mine-data-advance-value-based-care" target="_blank"><strong>MORE FROM HEALTHTECH:</strong> Wearables and digital tools can advance value-based care.</a></em></p> <h2>Chronic Disease Care Benefits from Wearable Data</h2> <p>Chronic disease management is an area where many professionals believe wearable data truly has the ability to make an impact. According to the survey, <strong>90 percent</strong> of healthcare professionals already incorporating wearables and data into their workflow see it as a way to positively impact care management for diseases like Type 2 diabetes, obesity, hypertension and smoking addiction.</p> <p>This is because managing these types of chronic diseases hinges on <strong>significant lifestyle changes from patients</strong>, such as exercise and diet, which occur outside of clinical control. “These conditions lend themselves well to the value of wearable devices and PGHD because individuals need more constant guidance and self-reflection to succeed than can be provided with sporadic office visits,” says Dr. John Moore, medical director at Fitbit, in the report.</p> <p>Other chronic diseases can also benefit from the use of wearable data. Los Angeles-based <a href="https://www.cedars-sinai.org/" target="_blank">Cedars-Sinai medical center</a>, for example, has seen success in <strong>monitoring the quality of life of advanced cancer patients </strong>via Fitbit data. The study, which was <a href="https://www.nature.com/articles/s41746-018-0032-6" target="_blank">published in npj Digital Medicine</a>, tapped wearable data as a way to obtain an accurate assessment of a patient’s activity level, which is often a marker of their health.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-trends.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/healthtechmagazine.net/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2>Coaching and Wearables Together Improve Outcomes</h2> <p>Interest in PGHD, from both wearables and apps, is ballooning in recent years as <strong>patients seek to be more active in their own healthcare</strong>, David Betts, principal and national leader for customer transformation in healthcare for Deloitte Consulting, <a href="https://healthtechmagazine.net/article/2018/11/digital-health-tools-can-pave-way-better-patient-outcomes">tells <em>HealthTech</em></a>.</p> <p>“We're seeing a real interest in accessing that data more proactively than we've seen in the past few years, and in really beginning to experiment with what is possible with respect to that patient-generated data,” says Betts. </p> <p>This could be because several facets of healthcare can benefit from the insight that wearable data has to offer. Ongoing studies are <a href="https://www.regenstrief.org/article/new-study-measure-impact-sleep-tracker-data-patient-provider-communication/" target="_blank">testing the tech’s ability to monitor sleep</a>, and at the University of California, San Francisco Medical Center in San Francisco, <a href="https://healthtechmagazine.net/article/2017/08/all-wrist-biometric-trackers-give-doctors-jump-patient-care">wearables are being used in conjunction with an algorithm to identify atrial fibrillation</a>.</p> <p>And even for everyday consumers, coaching in conjunction with health data can have long-term health benefits that may be otherwise difficult to cultivate, Rob Havasy, senior director of Health Information Systems at HIMSS, says in the recent report.</p> <p>“Driving long-term behavior change is difficult, but health coaches as <strong>individuals can do what machines can’t yet do</strong>. They can intuitively understand what matters to a particular individual and build a coaching program around it,” says Havasy. “The combination of wearables and health coaching allows for the blend of immediate feedback, timely interventions, accountability and support that people need to succeed in health behavior change.”</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Wed, 09 Jan 2019 16:59:59 +0000 juliet.vanwagenen_22746 41961 at https://healthtechmagazine.net Q&A: Jennings Aske Details How Visualization Can Step Up Healthcare's Security Game https://healthtechmagazine.net/article/2019/01/qa-jennings-aske-details-how-visualization-can-step-healthcares-security-game <span>Q&amp;A: Jennings Aske Details How Visualization Can Step Up Healthcare&#039;s Security Game</span> <span><span lang="" about="/dashboard/julietvanwagenen22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 01/08/2019 - 13:08</span> <div><p>When it comes to tapping technology to improve operations, there’s no doubt that NewYork-Presbyterian Hospital is an industry leader. Just last year, the hospital was named one of the top <a href="https://www.fastcompany.com/most-innovative-companies/2018/sectors/artificial-intelligence" target="_blank">10 World’s Most Innovative Companies</a> in artificial intelligence by <em>Fast Company</em> for its use of AI and telemedicine.</p> <div style="padding: 5px; width: 200px; color: rgb(236, 236, 236); margin-bottom: 10px; margin-left: 15px; float: right; background-color: rgb(51, 51, 51);"><img alt="" data-entity-type="" data-entity-uuid="" hoffman="" src="/sites/healthtechmagazine.net/files/JenningsAske%20(1).jpg" style="width: 200px; height: 230px;" title="“Dan" /><p>Jennings Aske, senior vice president and chief information security officer for NewYork-Presbyterian Hospital. Photo courtesy of NewYork-Presbyterian Hospital.</p> </div> <p>Another place where the hospital leads is in its cybersecurity initiatives. In an effort to tighten security, the organization recently tapped <a href="https://www.cdwg.com/product/splunk-it-service-intelligence/5107474?pfm=srh" target="_blank">Splunk’s IT Service Intelligence platform</a>, which allows the security team and other staff members to better visualize data and spot threats.</p> <p>Tools are a major element of <strong>strengthening the organization’s defenses</strong>, in conjunction with a <strong>strong cybersecurity culture</strong>, says Jennings Aske, senior vice president and chief information security officer for <a href="https://www.nyp.org/" target="_blank">NewYork-Presbyterian Hospital</a>. Aske recently spoke with<em> HealthTech </em>about the organization’s ongoing efforts to keep cyberthreats at bay.</p> <p><em><a href="https://healthtechmagazine.net/article/2018/08/hyperconvergence-improves-care-and-boosts-flexibility-healthcare-organizations" target="_blank"><strong>MORE FROM HEALTHTECH:</strong> These organizations saw performance and scalability boosts from </a></em><a href="https://healthtechmagazine.net/article/2018/08/hyperconvergence-improves-care-and-boosts-flexibility-healthcare-organizations"><em>hyperconvergence</em></a><em><a href="https://healthtechmagazine.net/article/2018/08/hyperconvergence-improves-care-and-boosts-flexibility-healthcare-organizations">.</a></em></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How would you assess current security threats for healthcare organizations?</h2> <p><strong>ASKE:</strong> Part of the reason that security has lagged in healthcare and made it now one of the most targeted industries is that people in the industry thought security in this vertical was different than in other sectors. That is simply not true. Many leaders in the sector thought they only had to <a href="https://healthtechmagazine.net/article/2018/09/hipaa-compliant-email-and-messaging-benefits-multipronged-approach-perfcon">comply with HIPAA</a> and not look at cyber risks. They thought they were immune from some of the threats attacking other industries. That made healthcare susceptible to the types of attacks that have been striking other organizations.</p> <p>For example, the WannaCry ransomware attacks impacted healthcare along with every industry vertical. But every vertical, whether through neglect or shortcomings in processes, has not implemented protection against what’s known as EternalBlue, the security vulnerability derived from technology stolen from the U.S. National Security Agency and which provided underpinnings for WannaCry. <a href="https://www.cdwg.com/content/cdwg/en/brand/microsoft-interstitial.html?enkwrd=Microsoft" target="_blank">Microsoft</a> released a patch for that in early 2017, and in May, the WannaCry outbreak impacted every industry vertical.</p> <p>People in healthcare need to understand <strong>they will see zero-day attacks</strong>, advanced persistent threats and all the other threats seen by the bank, defense and retail industries. We need to implement the same controls and technologies seen in verticals that have been dealing with this more proactively for some time.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> Do you find that peers in healthcare are beginning to get the message about security?</h2> <p><strong>ASKE:</strong> Absolutely. At NewYork-Presbyterian, I meet with the CEO, the chief operating officer, general counsel and CIO every <strong>two to three weeks </strong>to brief them on the security program. Additionally, I present to the board of trustees and their subcommittees quarterly. In fact, because of my role in the organization and the importance of cybersecurity, I’m now responsible for enterprise risk management.</p> <p>Meanwhile, I’ve noticed that many of my peer institutions are <strong>ratcheting up their spending </strong><strong>for</strong><strong> security </strong>and elevating the profiles of security leaders in their organizations. Many of us now view information security as a patient-safety risk.</p> <p>But we’re not where we need to be. It takes years to build mature programs. And it’s still a cat-and-mouse game with attackers; often, they’re able to target specific vulnerabilities and exploit them, such as those present in medical devices.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> Why did you decide to implement Splunk’s IT Service Intelligence platform for cybersecurity?</h2> <p><strong>ASKE:</strong> My director of operations and I needed a solution to help us handle the Big Data problem in security. There are many technology systems that contribute to our security posture — firewalls, intrusion prevention systems, endpoint security, directory services — and they all generate alerts or logs that need to be analyzed or correlated with other data points in order to understand where potential risks exist. Human beings cannot do that alone; there is too much data.</p> <p>Already, we are ingesting about <strong>1.5 terabytes of log data daily</strong>, and that number is just growing and growing. With an application like Splunk, we were able to find the needle in the haystack by correlating diverse log sources to identify anomalous behavior.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How are you applying data visualization to do that?</h2> <p><strong>ASKE:</strong> We’re now building out a security operations center. We have a dedicated team responsible for ensuring the security of our organization, five analysts and a manager continually looking at correlated data. <strong>The team doesn’t work 24/7, but the service does</strong>. At any point, they might receive an alert derived from the correlated data that identifies a potential problem — perhaps someone clicked a link they shouldn’t have clicked. Splunk provides the pane of glass that helps them sift through all the data.</p> <h2><span style="color: #c74037;">HEALTHTECH:</span> How else will you be using the platform?</h2> <p><strong>ASKE:</strong> We’re extending this platform to identify opioid diversions. Instead of teaching our pharmacy leaders how to write structured queries that comb through logs of data, we’re using the solution to provide a simple set of dashboards that help them better visualize and manage important info on controlled substances.</p> <p>For example, a pharmacy leader will receive an alert via the dashboard if an employee’s account is being used to prescribe Oxycontin while the employee is on vacation. Or, we can establish profiles of how often a pharmacy tech interacts with a pharmacy cabinet and investigate if a threshold is exceeded. We’re close to finalizing a set of about <strong>15 use cases.</strong></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> You’re also developing use cases for ensuring patient privacy. Where does that effort stand at this point?</h2> <p><strong>ASKE:</strong> NewYork-Presbyterian is partners with <a href="https://www.cuimc.columbia.edu/" target="_blank">Columbia University Irving Medical Center</a>, <a href="https://www.columbiadoctors.org/" target="_blank">ColumbiaDoctors</a>, and <a href="https://weill.cornell.edu/" target="_blank">Weill Cornell Medicine</a>. While we’re jointly deploying a hosted Epic electronic health records system, we all had different approaches to privacy auditing capabilities. We needed a common approach.</p> <p>After a market review, we felt it might be best to build what we wanted with Splunk in order to gain the scalability and rich visualization we were seeking.</p> <p>At the moment, we’re building a data model, a graphical user interface and dashboards with data visualization and alerting for the purpose of improving patient privacy — something our privacy officers embraced during demonstrations. Next, Splunk will begin sharing this work with some of their other healthcare customers for additional feedback, and we’ll seek to integrate it with our Epic EHR.</p> <p>We’re <strong>tackling real-life privacy use cases</strong> with the tech. One powerful use case arose when I was at a previous hospital and we received victims of a bombing attack. Unfortunately, we had curious employees who looked at medical records even though they weren’t part of the care team. We wanted to create tools so that, when situations like that arise, we’ll know the medical record number of the affected individuals and we can proactively look for employees who are accessing records they’re not authorized to see.</p> <p>These types of powerful use cases will be game-changers in terms of enforcing patient privacy.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/digital-transformation-trends.html" target="_blank"><img alt="Digital%20Transformation_IR_1.jpg" data-entity-type="" data-entity-uuid="" src="/sites/healthtechmagazine.net/files/Digital%20Transformation_IR_1.jpg" /></a></p> <h2><span style="color: #c74037;">HEALTHTECH:</span> What advice would you offer peers seeking to make use of data visualization effectively?</h2> <p><strong>ASKE:</strong> First,<strong> understand your data sources </strong>so you can ensure they’re capable of providing information in the formats required to perform visualizations. We require our vendors to produce logging in a format such as syslog so we can consume it in Splunk and use it for our various purposes.</p> <p>Second, set realistic expectations. Organizations can’t implement a data-visualization tool overnight. It takes time. We’ve been ingesting logs for a while, but building out the dashboards and the playbooks takes time and expertise.</p> <p>Third, if you don’t have internal experts in this area, hire a third party to help. IT consultants have helped us set up a server to route logs to a forwarder, for example. This area is complex, and many healthcare institutions don’t have experience in it or haven’t done it at the scale that we’re trying to achieve.</p> <p>The reality is that, if you need assistance, you shouldn’t be afraid to ask. <strong>Security takes a collaborative effort</strong>, so getting feedback from others is always a good thing.</p> </div> <div> <div class="field-author"><a href="/author/alan-joch" hreflang="en">Alan Joch</a></div> </div> Tue, 08 Jan 2019 18:08:07 +0000 juliet.vanwagenen_22746 41956 at https://healthtechmagazine.net