HealthTech - Technology Solutions That Drive Healthcare https://healthtechmagazine.net/rss.xml en A Good, Hard Look at Cost Can Help Bolster Healthcare Cybersecurity Funding https://healthtechmagazine.net/article/2018/07/good-hard-look-cost-can-help-bolster-healthcare-cybersecurity-funding <span>A Good, Hard Look at Cost Can Help Bolster Healthcare Cybersecurity Funding</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Mon, 07/16/2018 - 12:25</span> <div><p>It is impossible to separate cybersecurity efforts from dollars-and-cents concerns. Healthcare organizations have limited resources available for technology, and at most organizations, cybersecurity only accounts for a small minority (<strong>4 to 7 percent</strong>) of total IT budgets.</p> <p>After organizations suffer a major breach, it's usually a simple task to convince executives to beef up cybersecurity solutions. But for hospitals, clinics and other healthcare providers that have escaped major incidents, it can prove difficult to persuade stakeholders outside of the IT and IS departments to <strong>view cybersecurity as a top priority</strong>. They may believe that, because patient data has remained safe thus far, the existing tools and processes must be working.</p> <p>How can IT and security professionals<strong> convince other stakeholders to improve an organization's security posture</strong> before it's too late?</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Reframe the Cybersecurity Conversation for the C-Suite</h2> <p>One way to garner C-suite buy-in on the importance of data security is to frame it as an investment rather than a cost. For instance, when the new CIO of a medium-sized academic medical center <a href="https://www.healthcarefinancenews.com/news/cybersecurity-not-cost-its-investment-experts-say" target="_blank">convinced other executive leaders of the importance of security</a>, they invested nearly <strong>$8 million</strong> on cybersecurity assessments, investments and remediation, including three new full-time staff. To convince them, he demonstrated the potential cost of a successful breach — not only fines and lawsuits, but a hit to the organization's reputation among patients and the larger community.</p> <p>As it happens, the health center suffered a small breach about six months into the new CIO's tenure. The breach, which affected about <strong>3,000 patients</strong>, was caused by an error rather than a hack. Because the organization could demonstrate its remediation plan, it suffered no fines.</p> <h2 id="toc_1">What Breaches Cost Healthcare Organizations</h2> <p>When presented with broader industry numbers about the costs of cyberbreaches, most stakeholders will be forced to acknowledge that insufficient early investment in security could be costlier in the long term. A <a href="https://netdiligence.com/wp-content/uploads/2018/04/NetDiligence_Healthcare-Study_2018-1_PUBLIC.pdf" target="_blank">report about cyber claims</a> notes that healthcare claims made up only <strong>17 percent</strong> of total cyber claims in 2017, yet those claims accounted for <strong>28 percent</strong> of total breach costs, which suggests that successful attacks on healthcare providers cost organizations more than breaches in other industries.</p> <p>According to the report, on average, <strong>1.6 million records</strong> were exposed in a healthcare breach. Breaches that exposed personally identifiable information were far more common (<strong>5.2 million records</strong>) than breaches that exposed protected health information (<strong>386,000 records</strong>).</p> <p>The industrywide numbers are even higher. In its <a href="https://documents.trendmicro.com/assets/wp/wp-cybercrime-and-other-threats-faced-by-the-healthcare-industry.pdf" target="_blank">2017 report on cybercrime in healthcare</a>, <a href="https://www.cdwg.com/content/cdwg/en/brand/trendmicro.html?enkwrd=Trend%20Micro" target="_blank">Trend Micro</a> estimates that cyberattacks against hospitals, clinics and doctors cost the U.S. healthcare industry more than <strong>$6 billion each year</strong>, with an average breach costing a hospital <strong>$2.1 million</strong>.</p> <p>Often, the headline-making dollar amount is far lower. For example, when <a href="http://www.hollywoodpresbyterian.com/" target="_blank">Hollywood Presbyterian Medical Center</a> suffered a ransomware attack in 2016, it was widely <a href="http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html" target="_blank">reported</a> that the hospital paid the equivalent of <strong>$17,000 in cryptocurrency</strong> to regain access to its data. While this number may seem manageable, it fails to consider the lost productivity of clinicians or the resulting public relations fiasco. The hospital's network was down for more than a week, <a href="https://www.csoonline.com/article/3033160/security/ransomware-takes-hollywood-hospital-offline-36m-demanded-by-attackers.html" target="_blank">according to other reports</a>. Officials struggled to maintain operations after losing access to email and some patient data, relying heavily on fax machines and telephones. The hospital transported some patients to other facilities, and the equipment necessary for such functions as CT scans, lab work and pharmacy needs was offline.</p> <p>Part of the reason healthcare organizations are such frequent targets is because many medical devices use older technologies that are more vulnerable to attacks. In 2017, one publication even <a href="https://www.wired.com/2017/03/medical-devices-next-security-nightmare/" target="_blank">dubbed medical devices “the next security nightmare.”</a></p> <p>The Trend Micro report takes an in-depth look at the factors contributing to the prevalence of attacks in the industry. It notes that hospitals and other healthcare organizations often prioritize operations and efficiency over cybersecurity, leading to a lack of safeguards protecting digital assets. Many organizations, the authors say, simply lack the proper staff to handle digital threats and implement basic protection measures, such as two-factor authentication and encryption.</p> <h2 id="toc_2">What's Behind Cybersecurity ROI?</h2> <p>Still, cost remains a concern when considering effective and meaningful cybersecurity solutions. While preventing a breach is typically more cost-effective than responding to a successful attack, the cost of effective cybersecurity systems remains a challenge.</p> <p>Jigar Kadakia, chief information security and privacy officer at <a href="https://www.partners.org/" target="_blank">Partners HealthCare</a>, <a href="https://healthtechmagazine.net/article/2018/03/himss-2018-examining-economic-aspects-cybersecurity">addressed</a> the economic challenges associated with cybersecurity at the joint HIMSS — <a href="https://chimecentral.org/" target="_blank">College of Healthcare Information Management Executives</a> (CHIME) cybersecurity forum in early 2018, saying that healthcare providers are often protecting their organizations “with fly swatters.” He pointed out that the challenge is exacerbated by the fact that talented cybersecurity professionals are frequently able to command higher salaries in other sectors, forcing the industry to groom and manage homegrown talent.</p> <p>However, Kadakia also said that healthcare organizations can be convinced to loosen their purse strings when IT leaders <strong>make a compelling business case for cybersecurity investments</strong>.</p> <p>“The financial people — the CFO and other folks — understand ROI,” he said.</p> <p>Each year, healthcare organizations collect, store and share more patient data than they did the year before — the result of evolving bedside medical devices, clinician mobility tools and emerging Internet of Things use cases. More data means more potential jackpots for hackers, whose attack methods continue to evolve.</p> <p>The cost of a data breach can be immense. Providers must alert patients and report the breach to the government, resulting in both a hit to the organization's reputation and the potential for steep fines.</p> <p>Cybersecurity initiatives are also costly. Every dollar and hour spent on protecting data must come from some department's budget. By identifying and implementing solutions that are both <strong>effective and efficient</strong>, hospitals can keep patient data safe without bursting IT budgets.</p> <p><em>Learn how to best prepare your healthcare organization for looming cyberthreats by reading the CDW white paper “<a href="https://healthtechmagazine.net/resources/white-paper/ensuring-security-patient-data" target="_blank">Ensuring the Security of Patient Data</a>.”</em></p> </div> <div> <div class="field-author"><a href="/author/calvin-hennick" hreflang="en">Calvin Hennick</a></div> </div> Mon, 16 Jul 2018 16:25:59 +0000 juliet.vanwagenen_22746 41176 at https://healthtechmagazine.net As Millennials Come to Expect Telehealth, Organizations Make the Shift Toward Virtual Care https://healthtechmagazine.net/article/2018/07/millennials-come-expect-telehealth-organizations-make-shift-toward-virtual-care <span>As Millennials Come to Expect Telehealth, Organizations Make the Shift Toward Virtual Care</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 07/12/2018 - 22:17</span> <div><p>Tech-savvy millennials are taking over: They now make up <a href="http://www.pewresearch.org/fact-tank/2017/04/27/10-demographic-trends-shaping-the-u-s-and-the-world-in-2017/" target="_blank">the largest group in the U.S. and its workforce</a>, and their demands for more tech-focused care alternatives could be changing the healthcare sector as well — in particular, when it comes to telehealth.</p> <p>While telemedicine may seem like a relatively new revolution in the healthcare sector, a <a href="https://www.ebri.org/pdf/briefspdf/EBRI_IB_444.pdf" target="_blank">survey by the Employee Benefit Research Institute</a>, conducted in fall 2017 and released in March 2018, has found that <strong>millennials prioritize telehealth above other generations</strong> and view it as a key part of their care.</p> <p>In fact, <strong>40 percent of millennials</strong> — the generation born between 1981 and 1997 — report in the survey that telehealth is an “extremely or very important option” when it comes to their care. This is a huge jump over the generations before them: Only <strong>27 percent of Gen Xers</strong> and <strong>19 percent of baby boomers</strong> ranked telemedicine equally as important.</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks</a></p> <h2 id="toc_0">Healthcare Organizations Adopt and Train Physicians for Telemedicine</h2> <p>This move toward telehealth as an important aspect of the care ecosystem is paired with <strong>millennials’ move away from more traditional medical practices</strong>, such as relationships with primary care physicians. Moreover, millennials are more likely to research plans and doctors prior to a visit or seek out alternative ways to access care.</p> <p>This generational move toward remote care is paired with a growing acceptance of telehealth across the board. While a large portion of people in the U.S. say they might not jump at the chance to schedule a virtual visit for their next consultation, <strong>57 percent</strong> of those surveyed in a recent Business Insider Intelligence Insurance Technology Study say they could be convinced.</p> <p>With attitudes changing about telehealth and future generations likely to expect the service, the question becomes not if providers should implement virtual care options, but when and how — and how they can make these services profitable.</p> <p>Several organizations have already moved to incorporate telehealth into their central services, including Penn Medicine, which offers telemedicine in several branches of care and manages it all through a central telehealth hub.</p> <p>“You can use telemedical care in post-op care; you can use it in end-of-life care,” Dr. William Hanson III, Penn Medicine’s chief medical information officer, <a href="https://healthtechmagazine.net/article/2018/06/remote-triage-penn-medicine-develops-central-telehealth-hub" target="_blank">told <em>HealthTech</em> in a previous article</a>. “There are a lot of ways in which telemedicine can really significantly change the way that we care for patients today, and <strong>the technology gets better and better every year</strong> in terms of the fidelity of transmission.”</p> <p>In preparation for this transition to more virtual care options, training in telemedicine is on the rise. <a href="https://news.aamc.org/medical-education/article/future-doctors-learn-practice-remotely/?utm_source=newsletter&amp;utm_medium=email&amp;utm_campaign=AAMCNews042518" target="_blank">According to the Association of American Medical Colleges</a>, <strong>84 medical schools included telemedicine</strong> as a topic in required or elective courses in the 2016–17 academic year, up from 57 institutions in 2013–14.</p> <p>While training and adoption are up, however, the authors of the Employee Benefit Research Institute Study warn that millennial <strong>appetites for virtual care could change</strong> along with their health needs.</p> <p>"An open question is whether the way millennials engage with the healthcare system changes as they age and as a higher percentage of them move away from being dependents on their parents' plans,” the study’s authors say, <a href="https://www.mobihealthnews.com/content/millennials-demand-telehealth-move-away-traditional-primary-care-model" target="_blank">MobiHealthNews reports</a>. “Millennials may answer questions one way today because of their current life stage, but that may change in the future."</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Fri, 13 Jul 2018 02:17:59 +0000 juliet.vanwagenen_22746 41166 at https://healthtechmagazine.net Healthcare Organizations Face an Expanded Threat Landscape https://healthtechmagazine.net/article/2018/07/healthcare-organizations-face-expanded-threat-landscape <span>Healthcare Organizations Face an Expanded Threat Landscape</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Thu, 07/12/2018 - 10:32</span> <div><p>When hackers lay their eyes on the sort of sensitive personal data collected and protected by hospitals and other healthcare organizations, they see dollar signs.</p> <p>On the black market, a single credit card number might only fetch a price of <strong>50 cents</strong> because there’s a short window of time in which to exploit the compromised data before a financial institution recognizes the breach, invalidates the account and issues the victimized customer a new payment card.</p> <p>Hospitals, however, collect information that can’t be changed: Social Security numbers, birthdates, current and past addresses, next of kin. Because of its permanent nature, criminals can continue to exploit such compromised data for years, using the information to steal victims’ identities for financial gain.</p> <p>Consequently, <strong>a single stolen record can command a price approaching $100</strong>. For obvious reasons, those circumstances mean that hospitals are a hugely attractive target for hackers.</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">The Immense Price of a Healthcare Data Breach</h2> <p>According to the <a href="http://www.himss.org/sites/himssorg/files/u132196/2018_HIMSS_Cybersecurity_Survey_Final_Report.pdf" target="_blank">2018 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey</a>, <strong>76 percent of healthcare organizations</strong> surveyed experienced a “significant security incident” in the 12 months prior — attacks that resulted from a wide variety of attack methods and motivations.</p> <p>The plurality of those incidents (<strong>38 percent</strong>) stemmed from online scam artists engaging in activities such as phishing and spear phishing. Negligent insiders — well-meaning personnel with trusted access who inadvertently trigger a data breach — accounted for <strong>21 percent of incidents</strong>.</p> <p><a data-entity-type="" data-entity-uuid="" href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html" target="_blank" title="CDW Cybersecurity Insight Report"><img alt="Cybersecurity-report_EasyTarget.jpg" data-entity-type="" data-entity-uuid="" src="/sites/biztechmagazine.com/files/uploads/Cybersecurity-report_EasyTarget.jpg" /></a></p> <p>Healthcare organizations face fines for breaches that don’t involve external actors. Most hospital breaches result from healthcare insiders looking up information about family members, friends, neighbors and acquaintances without authorization. Meanwhile, hackers were responsible for <strong>20 percent of breaches</strong>, and nation state actors, hacktivists, social engineers and malicious insiders each accounted for between <strong>2 and 5 percent of breaches</strong>. By a wide margin, email was the most common initial point of compromise for these incidents, with <strong>62 percent</strong> of breaches resulting from a phishing email or similar attack.</p> <p>Attacks are also launched via organizational or third-party websites, hardware and software preloaded with malware, infected mobile or medical devices, and compromised cloud providers — but none of those attack vectors triggered more than<strong> 3.2 percent </strong>of the total number of breaches.</p> <p>Nearly half (47 percent) of those attacks were caught within a day, while another 21 percent were sniffed out within a week. Still, roughly <strong>4 percent </strong>of attacks took between a week and a month to catch, while 5 percent took between one and three months to detect. A handful of attacks weren’t caught for four, seven or even 12 months.</p> <p>Somewhat worryingly, only <strong>41 percent </strong>of attacks were caught by organizations’ internal security teams. Most were caught by other team members and third-party vendors, and <strong>3 percent </strong>were discovered and reported by patients themselves.</p> <h2 id="toc_1">Ransomware Skyrockets for Hospitals and Care Organizations</h2> <p>Cyberattacks are such a problem for healthcare providers that the ECRI Institute ranks ransomware and other cybersecurity threats No. 1 in its “<a href="https://www.ecri.org/Resources/Whitepapers_and_reports/Haz_18.pdf" target="_blank">Top 10 Health Technology Hazards for 2018</a>,” above issues such as missed alarms, improper cleaning of equipment and radiation exposure from imaging tools.</p> <p>“In a healthcare environment, <strong>a malware attack can significantly impact care delivery</strong> by rendering health IT systems unusable, by preventing access to patient data and records, and by affecting the functionality of networked medical devices,” the report states. “Further, such attacks can disable third-party services, disrupt the supply chain for drugs and supplies, and affect building and infrastructure systems.”</p> <p>It is with good reason that the report calls out ransomware. Some experts say <a href="https://www.symantec.com/blogs/expert-perspectives/healthcare-paying-big-price-neglecting-security" target="_blank">such attacks rose by roughly 89 percent in 2017</a>, while <a href="https://www.verizonenterprise.com/verizon-insights-lab/dbir/" target="_blank">other reports</a> say it accounts for<strong> 85 percent</strong> of all malware in the healthcare industry.</p> <p>According to <a href="https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html?cm_mmc=Vanity-_-SecurityReport-_-NA-_-022017" target="_blank">CDW’s Cybersecurity Insight Report</a>, last year’s WannaCry virus, a “virulent strain of ransomware,” spread across organizations’ networks by exploiting vulnerabilities in Windows computers, causing billions of dollars in damages and “crippling” healthcare facilities throughout Britain.</p> <h2 id="toc_2">Devices and Efficiency Make Healthcare a Prime Target for Hackers</h2> <p>Part of the reason healthcare organizations are such frequent targets is because many medical devices use older technologies that are more vulnerable to attacks. In 2017, one publication even <a href="https://www.wired.com/2017/03/medical-devices-next-security-nightmare/" target="_blank">dubbed medical devices “the next security nightmare.”</a></p> <p>A <a href="https://documents.trendmicro.com/assets/wp/wp-cybercrime-and-other-threats-faced-by-the-healthcare-industry.pdf" target="_blank">report</a> on cybercrime in healthcare, also published in 2017, takes an in-depth look at the factors contributing to the prevalence of attacks in the industry. It notes that hospitals and other healthcare organizations often <strong>prioritize operations and efficiency over cybersecurity</strong>, leading to a lack of safeguards protecting digital assets.</p> <p>Many organizations, the authors say, simply lack the proper staff to handle digital threats and implement basic protection measures, such as <strong>two-factor authentication and encryption</strong>. When digital healthcare assets such as electronic health records are attainable, they prove to be irresistible to hackers due to the range of profit-making activities they enable.</p> <p><strong>Criminals can use data stolen from EHR systems</strong>, the report notes, to not only procure prescription drugs, create fake identities and obtain medical insurance, but also to create birth certificates and file fraudulent tax returns. HIPAA standards and other data safety regulations exist to help ensure organizations take steps to protect sensitive data against this growing array of cyberthreats.</p> <p>However, mere compliance is often not enough to keep patient data safe. Those standards and safety regulations should be seen as the bare minimum. To rise to the challenge of today’s threat environment, healthcare providers must evolve and mature their security postures beyond what is required by external regulators.</p> <p><em>Learn how to best prepare your healthcare organization for looming cyberthreats by reading the CDW white paper “<a href="https://healthtechmagazine.net/resources/white-paper/ensuring-security-patient-data" target="_blank">Ensuring the Security of Patient Data</a>.”</em></p> </div> <div> <div class="field-author"><a href="/author/calvin-hennick" hreflang="en">Calvin Hennick</a></div> </div> Thu, 12 Jul 2018 14:32:30 +0000 juliet.vanwagenen_22746 41161 at https://healthtechmagazine.net 6 Ways to Take Healthcare Cybersecurity to the Next Level https://healthtechmagazine.net/article/2018/07/6-ways-take-healthcare-cybersecurity-next-level <span>6 Ways to Take Healthcare Cybersecurity to the Next Level</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 07/11/2018 - 16:17</span> <div><p>To keep patient data safe without bursting IT budgets, hospitals must implement solutions that are both effective and efficient.</p> <p>The deployment of robust security solutions and services requires a thoughtful, multilayered strategy that addresses both local and remote patient environments while it also keeps up with the maturation of IT systems and cyberthreats.</p> <p>By a wide margin, email has become the most common initial point of compromise for security incidents, with <strong>62 percent</strong> of breaches resulting from a phishing email or similar attack. Attacks are also launched via organizational or third-party websites, hardware and software preloaded with malware, infected mobile or medical devices, and compromised cloud providers — but none of those attack vectors triggered more than <strong>3.2 percent</strong> of the total number of breaches, according to the <a href="https://www.himss.org/sites/himssorg/files/u132196/2018_HIMSS_Cybersecurity_Survey_Final_Report.pdf" target="_blank">2018 Healthcare Information and Management Systems Society (HIMSS) Cybersecurity Survey</a>.</p> <p>According to the survey, nearly half (<strong>47 percent</strong>) of attacks in 2017 were caught within a day, while another <strong>21 percent</strong> were sniffed out within a week. Still, roughly 4 percent of attacks took between a week and a month to catch, while <strong>5 percent</strong> took between one and three months to detect. A handful of attacks weren't caught for four, seven or even 12 months.</p> <p>Somewhat worryingly, only <strong>41 percent</strong> of attacks were caught by organizations' internal security teams. Most were caught by other team members and third-party vendors, and <strong>3 percent</strong> of significant breaches were discovered and reported by the affected patients themselves.</p> <p>Cyberattacks are such a problem for healthcare providers that the ECRI Institute ranks ransomware and other cybersecurity threats No. 1 in its “<a href="https://www.ecri.org/Resources/Whitepapers_and_reports/Haz_18.pdf" target="_blank">Top 10 Health Technology Hazards for 2018</a>”, above issues such as missed alarms, improper cleaning of equipment and radiation exposure from imaging tools.</p> <p><strong>What can providers and hospitals do to minimize risks?</strong> HIPAA standards and other data safety regulations exist to help ensure organizations take steps to protect sensitive data against this growing array of cyberthreats. However, mere compliance is often not enough to keep patient data safe. Those standards and safety regulations should be seen as the bare minimum. To rise to the challenge of today's threat environment, healthcare providers must evolve and mature their security postures beyond what is required by external regulators.</p> <p>A Robust Support Infrastructure In some instances, robust security will mean adopting new and advanced cybersecurity technologies. But healthcare organizations can often improve their security posture simply by improving processes, training users and better integrating existing technologies.</p> <p>Healthcare providers looking to safeguard patient data more effectively should consider the following actions:</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">1. Start with Strategy by Getting Back to Basics</h2> <p>Advanced cybersecurity tools are wasted in IT environments where basic blocking and tackling steps are missed. For instance, in addition to implementing detailed firewall logging, organizations must also ensure that patch management is a part of their cybersecurity strategy. <strong>Password protection and access management</strong> are also critical.</p> <p>Discussions with partners about cybersecurity strategies typically should begin with assessments of tools and tactics, such as firewalls, web and email security, and authentication controls (including two-factor authentication for remote access). Leaders must also prioritize policies around <strong>password management</strong>. When these relatively basic measures are lacking, it's nearly impossible for healthcare providers to take the next step in their cybersecurity evolution.</p> <h2 id="toc_1">2. Segment Networks for Increased PHI Security</h2> <p>Much of the challenge of safeguarding patient data is simply a matter of keeping sensitive information cordoned off from the rest of the network, making it more difficult for cyberattackers to reach it. Organizations that utilize network segmentation as a strategy deploy <strong>firewalls, routers and virtual LANs to restrict access </strong>to specific areas of their IT networks.</p> <p>Segmentation also helps ensure that only those individuals who truly need it can access the disparate networks. For instance, many health organizations segment nonmedical systems, such as financial and human resources applications, onto separate networks from those that house patient data. In some cases, such a strategy can even save institutions money, as it allows organizations to rightsize their security investments.</p> <h2 id="toc_2">3. Update Existing Cybersecurity Tools Regularly</h2> <p>It's not enough to simply have cybersecurity systems in place. Organizations must also <strong>maintain and update these tools over time</strong> and ensure they have effective processes deployed to support them. For example, if a hospital installs an endpoint security tool but doesn't update that tool for three years, it likely won't be very effective at detecting and stopping newer, more advanced attacks.</p> <p>Likewise, it's also important for hospitals to continually update processes, so when existing tools detect suspicious activities, IT employees are prepared and empowered to respond appropriately and immediately.</p> <h2 id="toc_3">4. Assess Risks and Train Staff to Defend Them</h2> <p>Most data breaches in healthcare organizations begin with attacks on email. For instance, a recent report notes that slightly more than<strong> 64,000 patient records</strong> were exposed via email breaches in 2016, while in the fourth quarter of 2017 alone, <strong>65,000 records</strong> were exposed in the same manner, a <strong>467 percent increase</strong> overall. According to the HIMSS cybersecurity report, roughly <strong>62 percent</strong> of healthcare organizations surveyed identified email as the most likely initial point of compromise.</p> <p>While email security tools are important, hospitals and clinics must also make sure that employees are trained to sniff out phishing and spear phishing attempts. Some <a href="https://www.ciosummits.com/PhishMe-Phishing-Defense-Guide_2017.pdf" target="_blank">experts estimate</a> advanced spear phishing attacks can cost businesses, on average, <strong>$140,000 per incident</strong>. Staff must learn to avoid clicking on suspicious links, inadvertently allowing malware onto the network. Phishing simulation and awareness campaigns can help healthcare cybersecurity managers better understand the current level of awareness among employees and provide targeted training as needed.</p> <p>In a phishing simulation, IT or a third party sends faux phishing emails to employees and tracks who clicks on which links. Depending on how employees perform in the assessment, they can be directed to watch on-demand training videos or undergo more extensive educational programming.</p> <h2 id="toc_4">5. Secure Productivity Tools Give Providers an Edge</h2> <p>Security and productivity have not always gone hand in hand. The thinking goes: An organization could completely protect its network by clamping down on access but destroy employee productivity in the process. Conversely, a hospital could theoretically boost productivity by offering all employees unfettered access to all systems but create a veritable feeding frenzy for malicious actors.</p> <p>However, some emerging cybersecurity tools can actually enhance clinician and staff productivity, rather than detract from it. For instance, secure messaging solutions emerged in response to clinicians sending each other text messages with patient updates using personal devices — a potential violation of HIPAA. Now that clinicians and other staff have access to secure messaging tools and services, they're using the technology to enhance communication, improve support and accelerate records access.</p> <p>Similarly, <strong>single sign-on solutions</strong> emerged as a way to control access and identity management in healthcare settings. But they also simplify workflows and increase physician and nurse face time with patients.</p> <h2 id="toc_5">6. Integrate and Improve Cybersecurity Resources</h2> <p>All too often, hospitals and other healthcare organizations have a number of effective, up-to-date cybersecurity tools at their disposal, but the systems lack integration, which hamstrings the effectiveness of the tools. This is an area where a third-party partner can help.</p> <p>In a typical engagement, hospital IT administrators might feel confident in their tools but ask a third-party solution architect to compare their cybersecurity environment to exemplary samples. During a cybersecurity gap analysis, the expert might find that existing firewall policies are not as effective as they could be or that password complexity standards should be raised.</p> <p>A <strong>third-party partner</strong> can also help busy healthcare IT managers stay abreast of evolving cybersecurity solutions and explore which emerging and next-generation tools can help strengthen the organization's security posture and keep patient data safe.</p> <p>Learn how to best prepare your healthcare organization for looming cyberthreats by reading the CDW white paper “<a href="https://healthtechmagazine.net/resources/white-paper/ensuring-security-patient-data" target="_blank">Ensuring the Security of Patient Data</a>.”</p> </div> <div> <div class="field-author"><a href="/author/calvin-hennick" hreflang="en">Calvin Hennick</a></div> </div> Wed, 11 Jul 2018 20:17:21 +0000 juliet.vanwagenen_22746 41156 at https://healthtechmagazine.net Fitbit Pushes into the Clinical Space to Make Medicine More Personal https://healthtechmagazine.net/article/2018/07/fitbit-pushes-clinical-space-make-medicine-more-personal <span>Fitbit Pushes into the Clinical Space to Make Medicine More Personal</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Wed, 07/11/2018 - 11:22</span> <div><p>As precision and personalized medicine take hold in healthcare and patients get more comfortable with taking ownership of their own health data, <a href="https://healthtechmagazine.net/article/2017/08/all-wrist-biometric-trackers-give-doctors-jump-patient-care" target="_blank">wearable biometric trackers are taking off</a>.</p> <p>And with widespread personalization in mind, the health system at large has begun to view <a href="https://www.cdwg.com/product/Fitbit-Charge-2-silver-activity-tracker-with-band-black-silver/4296299?pfm=srh" target="_blank">Fitbits</a> not just as a handy gadget for consumers, but as a clinical device that can help to collect <strong>valuable and robust data</strong> for providers and care teams.</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Fitbit Teams with Google to Deliver Data Across the Health System</h2> <p>Fitbit is embracing this change, and <a href="https://investor.fitbit.com/press/press-releases/press-release-details/2018/Fitbit-and-Google-Announce-Collaboration-to-Accelerate-Innovation-in-Digital-Health-and-Wearables/default.aspx" target="_blank">announced in April a collaboration</a> with <a href="https://www.cdwg.com/content/cdwg/en/brand/google.html?enkwrd=Google" target="_blank">Google</a> that aims to make it easier for clinicians and patients to work together. By tapping Google’s <a href="https://healthtechmagazine.net/article/2018/03/google-cloud-unveils-expanded-health-it-portfolio-himss-2018" target="_blank">new Cloud Healthcare API</a>, Fitbit aims to “integrate further into the healthcare system, such as by connecting user data with electronic medical records (EMR),” the announcement explains. By combining EMR data with Fitbit info, clinicians can help to <strong>unlock personalized care</strong>.</p> <p>“Over the past decade, we have built an incredible foundation as the leading wearables brand, helping millions of people around the world make lasting behavior changes that improve their health and wellness through fun and engaging experiences. Working with Google gives us an opportunity to transform how we scale our business, allowing us to <strong>reach more people around the world faster</strong>, while also enhancing the experience we offer to our users and the healthcare system,” says James Park, co-founder and CEO of Fitbit, in the statement. “This collaboration will <strong>accelerate the pace of innovation</strong> to define the next generation of healthcare and wearables.”</p> <p>The integration with Google will allow Fitbit to “more securely manage and transfer users’ health data across entities,” Adam Pellegrini, general manager of Fitbit Health Solutions, tells MobiHealthNews, which will in turn enable more interoperability across the healthcare sector.</p> <p>“Data exchange is one piece, but it’s the fact that we can <strong>enable doctors, care managers, dieticians, health coaches, all to work together</strong> in a care team format using this type of healthcare API; [that we can] tear down the silos of health information by bringing in [EHR] data and also bidirectional data,” Pellegrini <a href="https://www.mobihealthnews.com/content/google-fitbit-collaboration-aims-deliver-comprehensive-health-data-care-teams" target="_blank">tells MobiHealthNews</a>. “I think this will enable us to really create a fantastic healthcare professional experience, and in my mind that’s how I picture this as being different.”</p> <p>The innovation doesn’t end with interoperability, however, as the move of Fitbit’s data onto Google’s cloud platform could make predictive analytics and AI a reality for providers everywhere.</p> <p>“Really the most exciting thing to me is the leveraging of their AI and machine learning capabilities [to] do <strong>predictive analytic algorithms</strong>,” Pelligrini says. “If you think about the fact that we have some of the largest health and fitness databases ever, in history, leveraging machine learning and AI on top of data, from a healthcare perspective, we can actually predict who needs help first. You can be proactive in care, and you can be efficient in care.”</p> <h2 id="toc_1">Providers Put Fitbit’s Clinical Abilities into Practice</h2> <p>Already, healthcare organizations are using Fitbit to collect robust information on patients and populations, most keenly in research studies. The National Sleep Foundation, for example, has partnered with researchers from Indiana University’s Regenstrief Institute on a <a href="https://www.mobihealthnews.com/content/merck-national-sleep-foundation-launch-new-fitbit-powered-study" target="_blank">new insomnia study</a> that equips participants with Fitbits and uses the wearables’ data as its primary source.</p> <p><a href="https://www.regenstrief.org/article/new-study-measure-impact-sleep-tracker-data-patient-provider-communication/" target="_blank">According to a press release</a>, the study aims to provide insight into how Fitbits and other consumer wearables can <strong>monitor and deliver relevant sleep information</strong> “as a vital sign” to primary care physicians.</p> <p>“Wearable devices have revolutionized our ability to collect and monitor health data on a much larger scale and the ability to provide sleep data on a daily basis can help increase our understanding of real world sleep habits and how to improve them,” Dr. Conor Heneghan, lead sleep research scientist at Fitbit, says in the statement.</p> <p>This is certainly not the only study on how information from the wearable can be integrated into other realms of care to create a full picture of a patient’s health. A <a href="https://www.nature.com/articles/s41746-018-0032-6" target="_blank">new study released July 5</a> in <em>Nature</em> indicates that, for cancer patients, Fitbit step data — or the number of steps a patient takes per day — could help to predict hospitalization. While researchers stress the data is not yet definitive, patients that took more than <strong>1,000 steps per day</strong>, for instance, were more likely to have increased survival rates and less likely to experience an adverse event.</p> <p>"An objective evaluation of patient performance status (PS) is difficult because patients spend the majority of their time outside of the clinic, self-report to providers, and undergo dynamic changes throughout their treatment experience," researchers write in the report. "<strong>Real-time, objective activity data</strong> may allow for a more accurate assessment of PS and physical function, while reducing the subjectivity and bias associated with current assessments."</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Wed, 11 Jul 2018 15:22:16 +0000 juliet.vanwagenen_22746 41146 at https://healthtechmagazine.net Halton Healthcare Boosts Patient Satisfaction with a Communications Upgrade https://healthtechmagazine.net/article/2018/07/halton-healthcare-boosts-patient-satisfaction-communications-upgrade <span>Halton Healthcare Boosts Patient Satisfaction with a Communications Upgrade</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 07/10/2018 - 11:01</span> <div><p>When <a href="https://www.haltonhealthcare.on.ca/home.html" target="_blank">Halton Healthcare</a> set out to relocate several of its hospital facilities into tech-forward “smart” hospitals, leaders laid out a vision that would enable the <strong>three-hospital health system</strong> to keep patients, providers and community at the center of its services. This meant, above all, making sure the <strong>4,300 staff and 300 physicians</strong> could communicate effectively, even in the face of dramatic growth throughout the system.</p> <p>With Halton Healthcare’s IT team planning for a<strong> jump in facility size of four to five times</strong>, CIO Sandy Saggar and his team planned to upgrade the physical infrastructure and introduce mobile communications with the aim to ensure <strong>communication remained at the heart of everyday operations</strong>.</p> <p>“The clinical areas were designed with the patients, families and clinicians in mind. For example, the inpatient unit design is made up of 12-bed pods, which <strong>keeps the nurses closer to their patients</strong> and any other necessary resources, such as the communication station or medication room,” Saggar says.</p> <p>Moreover, every nurse was equipped with a <a href="https://www.cdwg.com/product/Cisco-IPICS-Instant-Connect-Bundle-v.-4.x-license-1-server-1-virtual/3571724?pfm=srh" target="_blank">Cisco mobile phone</a>, which aimed to <strong>enable effective communication capabilities and streamline the flow of information</strong> via alarms and alerts, says Saggar. This amounted to a deployment of more than <strong>700 IP mobile phones</strong> in Halton Healthcare’s Oakville, Milton and Georgetown locations, arming nurses with an upgraded alternative to the traditional nurse bell that could keep them more effectively clued in to the needs of their patients.</p> <p>Now, after rolling out the mobility solution, Halton Healthcare <a href="https://www.cisco.com/c/en/us/about/case-studies-customer-success-stories/halton-healthcare.html" target="_blank">reports</a> a <strong>50 percent increase in satisfaction rates from patients </strong> when it comes to nurse call bell response.</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Converged Infrastructure Makes Unified Communications a Reality</h2> <p>Rolling out hundreds of mobile devices across the hospital without overwhelming IT or nursing staff was no easy feat, however. The heart of the smart hospital and communications upgrade was a single, converged infrastructure. By tapping a <a href="https://www.cdwg.com/product/EMC-RES-FOR-VCE-VBLOCK/4926194?enkwrd=VCE+Vblock" target="_blank">VCE Vblock system</a>, which makes use of compute and networking from <a href="https://www.cdwg.com/search/?key=Cisco&amp;searchscope=all&amp;sr=1" target="_blank">Cisco</a>, storage from <a href="https://www.cdwg.com/content/cdwg/en/brand/dell-emc-interstitial.html" target="_blank">Dell EMC</a> and virtualization technologies from <a href="https://www.cdwg.com/content/cdwg/en/brand/vmware.html?enkwrd=VMware" target="_blank">VMware</a>, Halton Healthcare was able to <strong>converge and simplify its underlying infrastructure</strong>.</p> <p>“The VBlock infrastructure was critical for our data center to move from our legacy hospital to our new hospital, with a <strong>migration of more than 400 servers and no downtime</strong>,” says Saggar. “Additionally, it’s been critical in our day-to-day operations and our implementation of a disaster recovery solution.”</p> <p>From a converged network perspective, Saggar says Halton Healthcare’s IT team layered the <a href="https://www.cdwg.com/product/Cisco-Unified-Communications-Manager-Enhanced-v.-12.X-upgrade-license/5099416?pfm=srh" target="_blank">unified communications platform</a> on top of its Cisco medical-grade network.</p> <p>“This tight integration, along with critical voice and data communications, allowed for a <strong>stable and secure mobility environment</strong> which enabled successful adoption of the technology by our nurses,” says Saggar.</p> <h2 id="toc_1">Training Proves Key to Overcoming Mobility Challenges</h2> <p>Aside from getting the underlying infrastructure in place, Halton Healthcare needed to <strong>ensure the nursing staff was properly trained</strong> on the devices and that the new technology would be helpful without causing “notification fatigue,” which can result from an influx of alerts that overwhelm staff.</p> <p>“Migrating to a mobile-enabled workforce involves large change,” says Saggar. “We knew this change would be too large to deploy on the opening day of our new hospitals, especially considering there would be so many other changes taking place.”</p> <p>To help manage the change, the IT team <strong>deployed the technology several months in advance of moving</strong> to the new facilities so that both hospital and IT staff had time to learn the new systems and work out any kinks prior to opening day.</p> <p>“We deployed our Cisco mobile phones at our legacy hospital facilities to help ease the transition and manage the change. This time to <strong>ease into the solution gradually</strong> and alter any technical configurations or workflows proved to be very successful in the adoption of our mobility solution,” says Saggar.</p> <p>Moreover, the hospital trained nurses using a variety of modalities, which helped to support multiple learning styles. Saggar’s team also provided nurses with <strong>guides and tip sheets</strong> on the hospital’s intranet for ongoing education.</p> <p>And training wasn’t a once-and-done endeavor. The hospital <strong>provides ongoing security and privacy training</strong>, including mandatory annual e-learning courses that all staff must pass.</p> <p>“This <strong>reinforces that they understand the security and privacy basics</strong> as well as any ongoing threats or updates that they should be aware of,” says Saggar. “On top of this, we conduct random internal security exercises (such as phishing) and use them as education opportunities. The communication around these internal exercises is really about building awareness around cyber risk from both a personal and professional perspective.”</p> <p>Above all, when it comes to introducing a new mobility system, Saggar emphasizes that the change needs to be undertaken in collaboration with the stakeholders who will use the technology.</p> <p>“<strong>Make sure you have nurses working with you along the way</strong>,” says Saggar. “They will be using the solution every day and will be able to guide the configuration and optimization of the system to help improve patient care.”</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Tue, 10 Jul 2018 15:01:32 +0000 juliet.vanwagenen_22746 41141 at https://healthtechmagazine.net AI Makes Free, Tech-Powered Cancer Screening Possible https://healthtechmagazine.net/article/2018/07/ai-makes-free-tech-powered-cancer-screening-possible <span>AI Makes Free, Tech-Powered Cancer Screening Possible</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Fri, 07/06/2018 - 10:48</span> <div><p>Early detection can mean a world of difference for patients diagnosed with skin cancer. In fact, those lucky enough to detect skin cancer early <a href="https://www.cancer.net/cancer-types/melanoma/statistics" target="_blank">achieve a five-year survival rate of 99 percent</a>. Resource or time constraints often keep people from heading to the doctor early, however, which is why two developers decided to take the world of cancer screening into their own hands and create a <strong>free, artificial intelligence-powered screening program</strong> completely online.</p> <p>Peter Ma, an independent developer and part of the Intel Software Innovator Program, along with co-founder Mike Borozdin, has developed an AI solution that has the power to determine and classify skin cancer types with the same level of intelligence as a dermatologist. The technology, known as <a href="https://www.doctorhazel.com/" target="_blank">Doctor Hazel</a>, uses deep-learning neural networks to screen and classify skin cancer with <strong>80 percent accuracy</strong>.</p> <p>“Doctor Hazel uses real-time images from the endoscope camera, while simultaneously pulling from <strong>8,000 variables</strong> to determine four different outcomes for the mole in question: a normal mole, melanoma, another form of cancer or nothing,” says Ma.</p> <p>Moreover, it can be used by anyone, anywhere, at any time — even by those without an internet connection — thanks to the use of <a href="https://www.cdwg.com/content/cdwg/en/brand/intel-interstitial.html" target="_blank">Intel</a>’s <a href="https://www.cdwg.com/product/Intel-Movidius-Neural-Compute-Stick/4916403?enkwrd=intel+movidius+neural" target="_blank">Movidius Neural Compute Stick</a>, an <strong>edge device</strong> that's able to classify cancer images in real time and <strong>offline</strong>, making image classification much more interactive, says Ma.</p> <p>“Anyone can go to the website, upload a photo of a concerning mole, and get results within seconds. If the AI feature detects the mole is cancerous, an individual will then receive a recommendation to see a doctor for further testing,” Ma continues. “Because of the edge device running offline, we are able to <strong>use the device in places where internet access is scarce</strong>.”</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP:</strong> Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_0">Edge, Cloud Make Healthcare AI Possible</h2> <p>Doctor Hazel, which is still in beta, was inspired by the death of Ma’s close friend, who passed away in his early 30s from cancer, prompting Ma and Borozdin to dig into how they could use their skills to improve cancer prevention and screening.</p> <p>“At the time of prototype, I was learning and deploying AI on the edge. The <strong>AI is very good at classifications</strong>, and skin cancer was a perfect use case for it,” says Ma.</p> <p>The project officially began in 2017 as an idea to be presented at TechCrunch Disrupt’s hackathon, cobbled together from several different technologies. Ma and Borozdin then trained Doctor Hazel on over <strong>10,000 images</strong> on the Intel AI DevCloud, sourcing them from the <a href="https://isdis.net/isic-project/" target="_blank">International Skin Imaging Collaboration</a> project, <a href="https://uiowa.edu/" target="_blank">University of Iowa</a> and many other places, says Ma.</p> <p>“We got to around 80 percent accuracy. To increase that we would need more data,” says Ma, who has a <strong>goal of reaching 90 percent accuracy</strong>.</p> <p>Next, Ma and Borozdin are seeking to commercialize Doctor Hazel “so that initial screening can be done at either a primary care's office or at the pharmacy,” says Ma. However, the pair are facing several roadblocks in doing so, from acquiring a massive amount of data to getting Food and Drug Administration approval.</p> <p>Despite these challenges, Ma sees a bright future for the technology and AI in healthcare, particularly as technology evolves that can power AI from the cloud edge and enable classification in near real time, as with Doctor Hazel.</p> <p>“I believe the AI classification will power many other healthcare capabilities in the future, both <strong>reducing time for the physicians and improving quality of care for the patients</strong>,” says Ma.</p> </div> <div> <div class="field-author"><a href="/author/juliet-van-wagenen" hreflang="en">Juliet Van Wagenen</a></div> </div> Fri, 06 Jul 2018 14:48:21 +0000 juliet.vanwagenen_22746 41136 at https://healthtechmagazine.net Portable Ultrasound Enables Anytime, Anywhere Imaging https://healthtechmagazine.net/article/2018/07/portable-ultrasound-enables-anytime-anywhere-imaging <span>Portable Ultrasound Enables Anytime, Anywhere Imaging</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 07/03/2018 - 18:52</span> <div><p>You might call handheld ultrasounds the <strong>Swiss army knife of medical technology</strong>. They offer access to imaging in the field, where console tech isn’t available or practical. And for medical training, they bring the pages of anatomy and physiology textbooks to life.</p> <p>They’re especially handy in the emergency room, when minutes matter. And specialists — early adopters include obstetricians and cardiologists — use the technology to engage patients with real-time views when they might otherwise have to wait weeks for a traditional ultrasound appointment.</p> <p>Dr. Evan Muse, a cardiologist at the <a href="https://www.scripps.org/medical-groups/scripps-clinic" target="_blank">Scripps Clinic</a> in La Jolla, Calif., uses point-of-care ultrasound to quickly assess heart conditions and guide him during procedures, such as inserting a central venous line. But he also uses the <strong>real-time images</strong> to help his patients better understand their conditions and drive home the importance of prevention.</p> <h2 id="toc_0">Smartphone Ultrasounds Offer Cheaper, Faster Options</h2> <p>The Scripps Clinic’s <strong>point-of-care tech</strong> includes add-on apps that allow users to create custom protocols and aid in diagnostics.</p> <p>“We <strong>frequently use handheld units</strong> in the clinic, even on early consultations,” Muse says. “The process of letting a patient be a part of getting an image of their heart is really astounding. Most people have never seen that.”</p> <p>He can also show patients early signs that their body is compensating for high blood pressure, for example — even if they don’t feel any symptoms. “They’re very much engaged. They have a better understanding of what I’m looking at,” Muse says. “It helps me sell that preventative aspect a little more.”</p> <p>Muse, who’s also an assistant professor at the healthcare tech-focused <a href="https://www.stsiweb.org/" target="_blank">Scripps Translational Science Institute</a>, notes the devices are not only <strong>smaller and faster</strong>, they’re also <strong>much less expensive</strong>.</p> <p>“I think it’s wasteful,” he says of traditional sonograms, adding that the shift from volume- to value-based reimbursement, plus rising health insurance deductibles that leave patients on the hook for more of their medical costs, likely will further drive adoption.</p> <h2 id="toc_1">Portable Ultrasounds Personalize, Simplify Training</h2> <p>Recent <a href="https://www.prnewswire.com/news-releases/signify-research-reports-ultraportable-ultrasound-market-to-grow-by-40-300561462.html" target="_blank">research</a> suggests the portable <strong>ultrasound market will grow 20 percent annually through 2022</strong>, driven primarily by performance improvements and increased availability of tools. At the <a href="https://medicine.yale.edu/" target="_blank">Yale School of Medicine</a> in New Haven, Conn., medical students train on devices including an app-based ultrasound tool that comes with a transducer that can plug into any smartphone or tablet.</p> <p>Users can also take advantage of remote viewing via the app, turning their device of choice into a telehealth tool with two-way audiovisual calls and live ultrasound streaming.</p> <p>The solutions have huge potential for how providers <strong>train future doctors</strong>, both locally and globally, says Dr. Rachel Liu, an assistant professor of emergency medicine at Yale and director of point-of-care ultrasound education.</p> <p>“If a student has a question, they can call me, I can see where their probe is on the tablet and I can see their screen and they can see me,” she says. “I can see the patient, I can see how they look, I can give voice guidance. It makes everything <strong>more personal and easier to teach</strong> without requiring so many man-hours at the students’ side.”</p> <p>The solutions also serve as a recruitment tool for residency programs and healthcare organizations, Liu says.</p> <p>“I don’t know that we’ve gotten to the stage where doctors are expecting it,” she says. “But hoping for it? Definitely.”</p> </div> <div> <div class="field-author"><a href="/author/gienna-shaw" hreflang="en">Gienna Shaw</a></div> </div> Tue, 03 Jul 2018 22:52:14 +0000 juliet.vanwagenen_22746 41131 at https://healthtechmagazine.net Health Sector Prepares to Move Away from Windows 7 as Microsoft Ends Patch Support https://healthtechmagazine.net/article/2018/07/health-sector-prepares-move-away-windows-7-microsoft-ends-patch-support <span>Health Sector Prepares to Move Away from Windows 7 as Microsoft Ends Patch Support</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Tue, 07/03/2018 - 09:03</span> <div><p>Healthcare organizations still running Windows 7 on machines with older processors should beware: <a href="https://www.cdw.com/content/cdw/en/brand/microsoft.html" target="_blank">Microsoft</a> has told organizations that they should update or virtualize their older machines to continue receiving security patches.</p> <p>Although Microsoft officially will <a href="https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet" target="_blank">support</a> security updates for machines running Windows 7 until<strong> Jan. 14, 2020</strong>, it has become clear that <strong>the company will not do so for <em>all </em>such devices</strong>.</p> <p><a href="https://support.microsoft.com/en-us/help/4103718/windows-7-update-kb4103718" target="_blank">In an updated support article on its website</a> that was first widely noticed in late June, Microsoft indicated that, for older Windows 7-based PCs that do not support <strong>Streaming Single Instructions Multiple Data Extensions 2 (SSE2)</strong>, it would<strong> no longer provide security patches</strong>. SSE2 allows computer chipsets to process multimedia in parallel, which improves performance. In 2012, the feature became mandatory for processors running Windows.</p> <p>Users of such PCs, which run on now-archaic <a href="https://www.cdw.com/content/cdw/en/brand/intel-interstitial.html" target="_blank">Intel</a> processors (circa early to mid-2000s), have been experiencing a stop error. Previously, <a href="https://www.zdnet.com/article/microsoft-unexpectedly-drops-windows-7-support-for-some-ancient-cpus/" target="_blank">as ZDNet reports</a>, Microsoft said it was working on a fix for the issue. Now, it is advising users affected to either <strong>“upgrade your machines with a processor that supports SSE2 or virtualize those machines.”</strong></p> <p>It’s unclear how many healthcare organizations or machines are affected by this change in stance, which, as ZDNet notes, is allowed under Microsoft’s <a href="https://support.microsoft.com/en-us/help/14085/microsoft-business-developer-and-desktop-operating-systems-policy" target="_blank">Business, Developer </a><a class="gr-progress" href="https://support.microsoft.com/en-us/help/14085/microsoft-business-developer-and-desktop-operating-systems-policy" target="_blank">and</a><a href="https://support.microsoft.com/en-us/help/14085/microsoft-business-developer-and-desktop-operating-systems-policy" target="_blank"> Desktop Operating Systems Policy</a>. “Older products may not meet today’s more demanding security requirements,” the policy reads. “Microsoft may be unable to provide security updates for older products.”</p> <p>However, the change does <strong>provide </strong><strong>fresh</strong><strong> incentive for organizations of all kinds to update their PCs, virtualize them</strong>, or migrate from Windows 7 to <a href="https://www.cdw.com/content/cdw/en/brand/microsoft/windows-10.html" target="_blank">Windows 10</a>. Updating or virtualizing PCs can enhance an organization’s cybersecurity posture, especially by ensuring that the PCs <strong>continue to receive regular security patches</strong>.</p> <p>While some smaller organizations may be susceptible to the change, most healthcare organizations are on their way to migrating to Windows 10, says <a href="https://www.idc.com/getdoc.jsp?containerId=PRF003902" target="_blank">Linn Huang</a>, a research director at IDC, who covers PCs, thin clients and monitors.</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2>Why Some Healthcare Orgs Wait to Upgrade to Windows 10</h2> <p><a href="https://biztechmagazine.com/article/2015/10/businesses-make-move-windows-10">Three years after the debut of Windows 10</a>, Windows 7 still has more market share than the newer platform. According to data from analytics vendor <a href="https://netmarketshare.com/operating-system-market-share.aspx" target="_blank">Net Applications</a>, <a href="https://www.computerworld.com/article/3199373/windows-pcs/windows-by-the-numbers-sanity-returns-as-windows-7-sheds-user-share.html" target="_blank">cited by Computerworld</a>, in May Windows 7 accounted for<strong> 41.8 percent</strong> of the user share of all PCs and<strong> 47.3 percent </strong>of all those running Windows. Windows 10 accounted for <strong>34.7 percent of all PCs and 39.3 percent of all Windows-based PCs</strong>. (<a href="https://techcrunch.com/2018/05/07/microsoft-says-700m-devices-now-run-windows-10/" target="_blank">Microsoft announced in May</a> that nearly 700 million devices now run Windows 10, up from about 500 million in May 2017.)</p> <p>“Broadly speaking, Microsoft has always been challenged in moving the enterprise markets off of older Windows iterations to new ones for a few reasons,” says Huang.</p> <p>IT departments at larger healthcare organizations<strong> generally value stability more than new features </strong>from the latest version of operating systems, Huang says. He adds that OS migrations “can also <strong>get fairly costly</strong> for larger companies.”</p> <p>The effective end-of-support date for Windows 7 in January 2020 is “a means for Microsoft to move the last corners of the corporate world from Windows 7 to Windows 10, and allows it to focus more of its resources on Windows 10, which to its credit has been favorably received by most organizations we’ve talked to.”</p> <p>Another issue, Huang says, is Windows 7’s lack of compatibility on new chipsets, which has been causing “all sorts of driver issues” on PCs. Windows 7 was already proving problematic with Intel’s sixth-generation Skylake processors, according to Huang, but <a href="https://www.cdwg.com/shop/search/hubs/Computers/C.aspx" target="_blank">PC makers</a> built bridges to<strong> ensure their key devices for the enterprise market would be compatible with Windows 7</strong>. “This has not been the case for the subsequent two generations, so a new PC powered by Intel’s latest processors would likely have to remain Windows 10 when deployed,” he says.</p> <p>A commercial survey IDC fielded in February found that larger enterprises were <strong>49 percent through their migrations to Windows 10</strong>, and <strong>97 percent </strong>expected to be complete within <strong>the next two years</strong>, which will put their migration completions right around the time Microsoft will stop supporting Windows 7.</p> <p>In another commercial survey completed last week, according to Huang, IDC asked, “On a scale of 1 (not concerned at all) to 10 (extremely concerned), how concerning is the [end-of-life] date of Windows 7?”</p> <p>The average for large organizations was 6.5, which Huang describes as a moderate level of concern; 41 percent rated their concern levels an 8 or higher, and 14 percent rated their concerns a 3 or lower.</p> <h2>Security Concerns Drive Windows Upgrades in Healthcare</h2> <p>In short, Huang says, there is still a significant chunk of the installed base on Windows 7, "and there is legitimate concern on behalf of IT managers to get this done ahead of” the January 2020 deadline. However, it appears most organizations in general plan to complete the migration in time.</p> <p>“I believe the corporate migration to Windows 10 has occurred faster than previous iterations,” in part due to <strong>how well Windows 10 has been received by the commercial world</strong>, Huang notes.</p> <p>Importantly, the enhanced security features of Windows 10 and the need for continuous security updates likely are major drivers in the upgrades, Huang says.</p> <p>“A focus on <strong>security and on manageability</strong>, in a world where <strong>CEOs lose their jobs over breaches and the IT </strong><strong>environment</strong><strong> accelerates in its complexity</strong>, has and will continue to prove a winning formula for Microsoft and its users,” Huang says.</p> <p>“The primary challenge has been that most organizations only moved from XP to 7 as late as five years ago and were not planning and budgeting to move to the next iteration for another decade.”</p> </div> <div> <div class="field-author"><a href="/author/phil-goldstein" hreflang="en">Phil Goldstein</a></div> </div> Tue, 03 Jul 2018 13:03:53 +0000 juliet.vanwagenen_22746 41126 at https://healthtechmagazine.net 2018 HIPAA Compliance: How to Keep Your ePHI Protected https://healthtechmagazine.net/article/2018/07/2018-hipaa-compliance-how-keep-your-ephi-protected-perfcon <span>2018 HIPAA Compliance: How to Keep Your ePHI Protected</span> <span><span lang="" about="/user/22746" typeof="schema:Person" property="schema:name" datatype="" content="juliet.vanwagenen_22746">juliet.vanwage…</span></span> <span>Mon, 07/02/2018 - 12:11</span> <div><p>There has been quite a fuss lately over offering patients greater access to their health records, particularly with the <a href="https://healthtechmagazine.net/article/2018/03/apple-launches-ehr-app-39-hospitals-board">introduction of Apple’s EHR app</a>, which promises to bring electronic health records into patients’ pockets and introduce the era of <strong>bring-your-own-data</strong> in healthcare. But often that desire to bring patients into the fold gets quashed by a fear of cybersecurity and <a href="https://healthitsecurity.com/features/how-hipaa-regulations-apply-to-key-patient-data-access-situations">HIPAA compliance around health information</a>.</p> <p>Recently, for instance, a man was stopped from taking a photo of his own X-ray when a radiologist feared it might violate HIPAA regulations, which kicked off a <a href="https://twitter.com/hmkyale/status/996525312166060033" target="_blank">discussion of similar incidents on Twitter</a>. These incidents arise mainly because providers simply <strong>don’t understand the ramifications</strong> of HIPAA and other health IT laws — and where to draw the line with access.</p> <p>Indeed, understanding the nuances of these regulations is particularly difficult now that technology affects all corners of healthcare: from telemedicine to remote patient monitoring to consumer glucose monitors to smartphones with thousands of health apps. This ubiquity has created new challenges for providers and patients, particularly when it comes to ensuring the privacy and security of patients’ protected health information (PHI) in accordance with regulations, such as <strong>HIPAA and the HITECH Act</strong>.</p> <h2 id="toc_0">What Is the HITECH Act of 2009?</h2> <p>The <a href="https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html" target="_blank">Health Information Technology for Economic and Clinical Health Act</a>, better known as the HITECH Act, was signed into law in February 2009 as part of the American Recovery and Reinvestment Act, which sought to address new needs as healthcare IT infrastructure began to expand and change exponentially. In particular, this legislation incentivized providers to adopt EHR systems, as well as <strong>expanded security and compliance requirements</strong>.</p> <p>Moreover, it allowed the Health and Human Services Department to <strong>expand its enforcement of HIPAA</strong> requirements with the aim to <a href="https://wayback.archive-it.org/3926/20131018161347/http:/www.hhs.gov/news/press/2009pres/10/20091030a.html" target="_blank">increase provider vigilance</a> and consumer confidence in how patient data is handled and secured. With this in mind, it can seem understandable that the waters around patients’ access to data can be quite murky.</p> <h2 id="toc_1">New Data Privacy Challenges for Providers</h2> <p>Traditionally, healthcare <strong>providers have been held responsible</strong> for all aspects of privacy and security of patient data because they have created and controlled it. But boundaries shifted once electronic medical records came into play. The roles surrounding data privacy and ownership are now blurred.</p> <p>One of the main challenges that comes with this change in ownership involves <strong>the use of smartphones by patients</strong> — in particular, patients using those devices to capture elements of their own medical data. The story of the man who was stopped from taking a photo of his own X-ray is not unusual. Often providers are reluctant to grant certain types of access, claiming that it would violate HIPAA, but most of the time that’s not the case.</p> <p><a href="https://healthtechmagazine.net/register?newsletter" target="_blank"><strong>SIGN UP</strong>: Get more news from the <em>HealthTech</em> newsletter in your inbox every two weeks!</a></p> <h2 id="toc_2">What Are the Medical Records Release Laws?</h2> <p>In September 2015, the Office of Civil Rights, a division of HHS, <a href="https://www.hhs.gov/sites/default/files/righttoaccessmemo.pdf" target="_blank">issued guidance for consumers</a> regarding medical record release laws that sought to <strong>encompass both HIPAA and HITECH guidance</strong>.</p> <p><strong>Patients have the right to</strong>:</p> <ol><li>See and get a copy of their medical records</li> <li>Have errors and omissions in their medical records corrected (or their disagreements documented)</li> <li>Get a paper or electronic copy of their medical records</li> <li>Request the provider send their medical records to another party with permission</li> </ol><p>While there is fear from a provider’s point of view, the language in this guidance is clear and specific. It broadly provides patients access to their medical data and does not specifically limit patients’ methods of acquisition.</p> <p>Patients have the right to see any single element of their record or the entire set of data, except for the few exclusions HIPAA has set aside (these exclusions are minimal and not relevant in this discussion). Diagnoses, lab results, a picture of a cut or an X-ray image are all part of the medical record.</p> <p>If patients are <strong>legally permitted to see and obtain a copy of their records</strong> in their preferred form and format, then it follows that the patient should be able to take a picture of that information during an office visit or consultation with their provider.</p> <p>While the story of the man who was stopped from taking a photo of his X-ray garnered plenty of attention, many times doctors do allow patients to take pictures. For example, a patient in an emergency department had a gash in her hand from a dropped glass. She asked the doctor if she could take a picture of her hand while glass was being removed. The doctor said yes. The patient posted a few of the pictures on her social media site. The photos include the physician’s hands but no identification of the provider.</p> <h2 id="toc_3">Provider Concerns in the Bring-Your-Own-Data Era</h2> <p>While there is some hesitation around protecting ePHI, HIPAA is clear: <strong>Patients have the right to their own medical data</strong> in any form or format. Although the provider traditionally owns the systems that record and manage that data, they don’t own the data itself. A patient can use technology (including a smartphone) to copy that data, even if it’s on a computer screen in a physician’s office. Some providers will ask for a signed release, but that is not specifically required.</p> <p>Patients must also understand that once they are in possession of that data, whether it’s a photocopy, electronic copy or photograph, they are solely responsible for the privacy and security of that data.</p> <p>Provider concerns are twofold. First, there is a concern they will <strong>still be held accountable for the privacy and security of patient data</strong> they no longer control. Second, providers have traditionally controlled access to medical records because, as the creators of the data, they were uniquely qualified to interpret and act upon that data. With the consumerization of healthcare, many <strong>patients are taking an active and informed role in their own care</strong>. This requires access to the entire medical record, not just limited portions decided by the provider.</p> <p>Studies show that engaged and informed patients have better outcomes. Providing access to medical records through viable technologies, including web portals, apps or even smartphone cameras, is the new reality of care. Patients are now included as part of the care team and are responsible for the privacy and security of the data they handle — their own. The next step may be helping patients <strong>understand the importance of protecting that health data</strong>.</p> <p><em>Nothing in this article should be construed as legal advice. For specific guidance, contact your HIPAA privacy officer or legal representative.</em></p> </div> <div> <div class="field-author"><a href="/taxonomy/term/11646" hreflang="en">Susan Snedaker</a></div> </div> Mon, 02 Jul 2018 16:11:45 +0000 juliet.vanwagenen_22746 41121 at https://healthtechmagazine.net