Healthcare and Technology news
37.9K views | +8 today
Follow
Healthcare and Technology news
Your new post is loading...
Your new post is loading...
Scoop.it!

What Obama's precision medicine plan needs to succeed

What Obama's precision medicine plan needs to succeed | Healthcare and Technology news | Scoop.it

President Obama's Precision Medicine Initiative to accelerate understanding of individual variability and its effect on disease and treatment is going to necessitate a regulatory system robust enough to facilitate big data analytics for genomics research – no small feat.


That's according to a white paper by the Center for Data Innovation and Health IT Now Coalition, in which the authors contend that to be maximally effective this initiative will require the public and private sectors to work in tandem to realize the next generation of medicine and overcome the institutional challenges that increasingly hinder progress.


Policymakers, in other words, must modernize the regulatory system. To that end, the authors recommend the following:


1. Improve interoperability and data sharing. Stronger federal requirements are needed to ensure that genomic and other health data can be retrieved and compared across health record systems


2. Engage patients. The public and private sectors share an interest in raising the tone of discourse on the role that genomics and other big-data applications might play in revolutionizing our expensive and underperforming health system


3. Re-think privacy law. The strict privacy requirements of the Health Information Portability and Accountability Act and complementary federal and state laws, including the Common Rule, present formidable obstacles to realizing the potential of genomic medicine


President Obama included $215 million in his latest budget to fund initiatives at the National Institutes of Health, the National Cancer Institute, the Food and Drug Administration, and the Office of the National Coordinator for Health Information Technology.

more...
No comment yet.
Scoop.it!

Healthcare data security is like a box of chocolates

Healthcare data security is like a box of chocolates | Healthcare and Technology news | Scoop.it

The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data by Ponemon Institute had more surprises than Forrest Gump’s box of chocolates – surprises that were far from palatable. One key finding was that criminal attacks are up 125 percent and are now the leading cause of healthcare data breaches. Other results of the study were just as unsettling:


Surprise 1: Sixty-five percent of healthcare organizations do not offer any protection services for patients whose information has been lost or stolen. With cyber threats on healthcare data mounting, this is unacceptable. Ironically, the Ponemon study also found that 65 percent of healthcare organizations—the same percentage that don’t offer protection services—believe patients whose records have been lost or stolen are more likely to become victims of medical identity theft.


According to the Ponemon Medical Identity Fraud Alliance study, 2014 Fifth Annual Study on Medical Identity Theft, medical identity theft nearly doubled in five years, from 1.4 million adult victims to over 2.3 million in 2014. Many medical identity theft victims report they have spent an average of almost $13,500 to restore their credit, reimburse their healthcare provider for fraudulent claims and correct inaccuracies in their health records. Healthcare organizations and business associates must make available medical identity monitoring and identity restoration services to patients whose healthcare records have been exposed.


On the other hand, the majority of people still don’t understand the serious risk of medical identity theft. They pay more attention to their credit score and financial information than they do their insurance EOBs or medical records. They don’t understand that while a credit card can be quickly and easily replaced, their medical identity can take years to be restored. When their records become polluted, patients can be misdiagnosed, mistreated, denied much needed medical services, or billed for services not rendered. Medical identity theft can literally kill you, as ID Experts CEO Bob Gregg has said.


Surprise 2: The average cost of a healthcare data breach has stayed fairly consistent over the past five years – $2.1 million. This is in contrast to the average total cost of data breach in general, which has risen 23 percent over the past two years to $3.79 million, according to another recent Ponemon report, 2015 Cost of Data Breach Study: Global Analysis. Cyber liability insurance to cover notification costs, better options for identity monitoring, and more privacy attorneys offering help should reduce the cost of healthcare data breaches over time.


Healthcare organizations can take proactive steps to reduce the likelihood and impact of a data breach. This means addressing the tactical issues of protecting patient data. According to Dr. Larry Ponemon, founder and chairman of Ponemon Institute, healthcare organizations face “the dual challenge of reducing both the insider risk and the malicious outsider. Both require different approaches that can tax even the most robust IT security budget.” 


According to the Ponemon report, 96 percent of healthcare organizations had a security incident involving lost or stolen devices, and employee negligence is the greatest concern among these organizations. Dr. Ponemon says healthcare providers should create “a more aggressive training and education awareness program, as well as invest in technologies that can safeguard patient data on mobile devices and prevent the exfiltration of sensitive information.”

These training and awareness programs should center around protecting PHI, especially education on how to avoid phishing emails and what to do to ensure data is not disclosed. Healthcare organizations must also collaborate with their business associates to also ensure they have similar programs in place. 


For external risks such as the growing number of criminal attacks, Dr. Ponemon says that healthcare providers must “assess what sensitive data needs to be monitored and protected, and the location of this data.” I would add that board and executive management must recognize that professional hackers are targeting health data and records and, as mentioned earlier, that such attacks are now the leading cause of data breaches in healthcare. This awareness should spur enterprise-wide alignment in addressing cyber threats.


Surprise 3: Too many healthcare organizations take an ad-hoc approach to incident risk assessment. Only 50 percent of healthcare organizations in the study performed the four-factor risk assessment following each security incident, as required by the HIPAA Final RuleOf that 50 percent, 34 percent used an ad hoc risk assessment process, and 27 percent used a manual process or tool that was developed internally.


This practice is not acceptable. Healthcare organizations now have software tools available to help automate and streamline processes such as risk assessment and data breach response. By supporting consistent and objective analysis of security incidents, providing a central repository for all incident information, and streamlining the documentation and reporting process, these tools can improve outcomes and free an organization’s privacy and security staff to spend more time on prevention.


So far, 2015 has been a bad year for protecting patients and their data. Increasing cyber attacks mean that even more patients and their data will be put in harm’s way. While nobody can escape the inevitable security incidents, it is my hope that we can all learn lessons from the Ponemon study and each other, and work more collectively so that next year will bring fewer unpleasant surprises and many more happy ones.

more...
No comment yet.
Scoop.it!

Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst

Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst | Healthcare and Technology news | Scoop.it

CareFirst, a Blue Cross Blue Shield plan, on Wednesday became the third major health insurer in the United States to disclose this year that hackers had breached its computer systems and potentially compromised some customer information.

The attack could affect as many as 1.1 million of its customers, but CareFirst said that although the hackers gained access to customer names, email addresses and birthdates, they did not obtain sensitive financial or medical information like Social Security numbers, credit card information and medical claims. The company, which has headquarters in Maryland and serves the Washington area, said the attack occurred in June and described it as “sophisticated.”

Chet Burrell, CareFirst’s chief executive, said the company contacted the Federal Bureau of Investigation, which is investigating attacks against the insurers Anthem and Premera. “They are looking into it,” he said.



While it was not clear whether the attacks were related, he said the company was under constant assault by criminals seeking access to its systems.

Federal officials have yet to label the breaches at Anthem and Premera Blue Cross as state-sponsored hackings, but the F.B.I. is effectively treating them as such, and China is believed to be the main culprit, according to several people who were briefed on the investigations but spoke on the condition of anonymity. There are indications the attacks on Anthem, Premera and now CareFirst may have some common links.

Charles Carmakal, a managing director at Mandiant, a security firm retained by all three insurers, said in an emailed statement that the hacking at CareFirst “was orchestrated by a sophisticated threat actor that we have seen specifically target the health care industry over the past year.”

The Breaches at Anthem, which is one of the nation’s largest health insurers and operates Blue Cross Blue Shield plans, and Premera Blue Cross, based in Washington State, were much larger. The one at Anthem may have compromised the personal information of 79 million customers and the one at Premera up to 11 million customers.

Anthem has said the hackers may have stolen Social Security numbers but did not get access to any medical information. Premera said it was possible that some medical and bank account information may have been pilfered.

CareFirst said it was aware of one attack last year that it did not believe was successful. But after the attacks on other insurers, Mr. Burrell said he created a task force to scrutinize the company’s vulnerabilities and asked Mandiant, a division of FireEye, to perform a forensic review of its systems. Last month, Mandiant determined a breach had occurred in June 2014.

Health insurance firms are seen as prime targets for hackers because they maintain a wealth of personal information on consumers, including medical claims records and information about credit card and bank accounts.

In recent years, the attacks have escalated, said Dr. Larry Ponemon, the chairman of Ponemon Institute, which studies security breaches in health care. He said the health care industry was particularly vulnerable and that the information it had was attractive to criminals who use the data to steal the identity of consumers.

“A lot of health care organizations have been historically laggards for security,” he said.

Insurers say they are now on guard against these attacks. But Dr. Ponemon said they had taken only small steps, not “huge leaps,” in safeguarding their systems.

The motivation of the hackers in these cases, however, is unclear — whether they are traditional criminals or groups bent on intelligence-gathering for a foreign government.

In the retail and banking industries, the hackers have been determined to get access to customer credit card information or financial data to sell on the black market to other online criminals, who then can use it to make charges or create false identities.

So far, there is scant evidence that any of the customer information that might have been taken from Anthem and Premera has made its way onto the black market. The longer that remains the case, the less likely that profit was a motive for taking the information, consultants said. That suggests that the hackers targeting the health care industry may be more interested in gathering information.

“It’s such an attractive target and it’s a soft target and one not traditionally well protected,” said Austin Berglas, head of online investigations in the United States and incident response for K2 Intelligence and a former top agent with the F.B.I. in New York. “A nation state might be looking at pulling out medical information or simply looking to get a foothold, which they can use as a testing ground for tools to infiltrate other sectors,” he said.

Paul Luehr, a managing director at Stroz Friedberg, a security consulting firm, said the health care breaches could be an entry point into other systems. “It could serve as a conduit to valuable information in other sectors because everyone is connected to health information,” he said.

Or the breaches could simply be crimes of opportunity. The hackers could be making off with information and waiting to determine what to do with it.

“We want to jump to the conclusion that there is an organized chain and command,” said Laura Galante, threat intelligence manager for FireEye, who was not commenting specifically on any particular breach. “But what could be happening here is much more chaotic. It’s simply, ‘Get whatever data you can get and figure out what to do with it later.’ ”


more...
No comment yet.
Scoop.it!

Research surgical robot hacked by computer science experts

Research surgical robot hacked by computer science experts | Healthcare and Technology news | Scoop.it

Researchers at the University of Washington in Seattle have demonstrated the ability to remotely hack a research surgical robot, the RAVEN II platform.


Before continuing, I’ll stop to clarify one thing. The RAVEN II is not a clinically used surgical robot like, say, the Da Vinci surgical robot. It’s an “open-source” surgical robot developed at the University of Washington to test and demonstrate advanced concepts in robotic surgery. We contacted Applied Dexterity which is now in charge of the RAVEN platform and according to co-founder David Drajeske,

The RAVEN II platform is not approved for use on humans. The system has been placed at 18 robotics research labs worldwide…that are using it to make advances in surgical robotics technologies…The low level software is open-source and it is designed to be “hackable” or readily reprogrammed.

Clinically used surgical robots, like the Da Vinci platform, operate on secure local networks using proprietary (i.e. not publicly available) communications protocols between the console and the robot. By contrast, RAVEN II can work on unsecured public networks and uses a publicly available communications protocol (see below). So while some have proclaimed an imminent threat to robotic surgery, that’s simply not the case.


That said, the work does have interesting implications; as pointed out by Mr. Drajeske and co-founder Blake Hannaford, RAVEN II is a great platform for testing these type of security issues. Tamara Bonaci, a graduate student at the University of Washigton, led this study to test the security vulnerabilities that could threaten surgeons using these tools and their patients. In this simulation, they aimed to recreate an environment that would be more akin to using these robots in remote areas.


They tested a series of attacks on the RAVEN II system while an operator used it to complete a simulated task – moving rubber blocks around.


They found that not only were they able to disrupt the “surgeon” by causing erratic movements of the robot, they were able to hijack the robot entirely. They also discovered they were able to easily access the video feed from the robot.


One of the main use cases highlighted for surgical robots, or any number of medical robots for that matter, is that they can function in remote, difficult to reach, and underserved areas. In those areas, some of the conditions of this study are likely to be present – like having to use a relatively unsecured data network. And for cost reasons, using a more open-source platform may be important. So this study does however raise interesting questions about the use of medical robots – it just doesn’t mean that clinically used surgical robots are under some imminent threat.


more...
No comment yet.
Scoop.it!

Healthcare cybersecurity info sharing still a work in progress

Healthcare cybersecurity info sharing still a work in progress | Healthcare and Technology news | Scoop.it

While President Barack Obama issued an executive order to use information sharing and analysis organizations (ISAOs) to boost cybersecurity awareness and coordination between private entities and the government, those efforts need more development before they provide useful information, according to an article at The Wall Street Journal.


About a dozen longstanding nonprofit Information Sharing and Analysis Centers (ISACs) serve specific sectors such as finance, healthcare and energy, and work with government on infomation sharing.


Though more narrowly focused, many ISAOs already exist, Deborah Kobza, executive director of the National Health Information Sharing and Analysis Center, told HealthcareInfoSecurity.


Executives who spoke with WSJ say large entities don't get much useful information from ISACs.


"Most of us are willing to put information into it largely because it provides good initial facilitation and informal networking opportunities," Darren Dworkin, CIO of Cedars-Sinai Medical Center and a member of the healthcare ISAC, tells the newspaper. As sharing standards are developed, he adds, "expectations will mount in terms of the kinds of specific data needed as everybody figures it out."


What's more, networking within the industry, Dworkin says, tends to provide more information about what's going on. ISACs generally are more useful to smaller organizations that lack security expertise in-house, the article adds.


The Health Information Trust Alliance (HITRUST), which quickly endorsed Obama's plan, said it is one of the ISAOs. HITRUST is working with providers to test and improve their preparedness for attacks through its CyberRX 2.0 attack simulations. The need for organizations to be more open about attacks was one of the early lessons from that program.


Participants in the recent White House Summit on Cybersecurity and Consumer Protection stressed that threat data-sharing doesn't pose the danger of exposing patients' insurance and healthcare information.


more...
11 Paths's curator insight, April 8, 2015 4:30 AM

This is a great news story

Scoop.it!

Health checks by smartphone raise privacy fears

Health checks by smartphone raise privacy fears | Healthcare and Technology news | Scoop.it

Authorities and tech developers must stop sensitive health data entered into applications on mobile phones ending up in the wrong hands, experts warn.

As wireless telecom companies gathered in Barcelona this week at the Mobile World Congress, the sector's biggest trade fair, specialists in "e-health" said healthcare is fast shifting into the connected sphere.

"It's an inexorable tide that is causing worries because people are introducing their data into the system themselves, without necessarily reading all the terms and conditions," said Vincent Genet of consultancy Alcimed.

"In a few years, new technology will be able to monitor numerous essential physiological indicators by telephone and to send alerts to patients and the specialists who look after them."

More and more patients are using smartphone apps to monitor signs such as their blood sugar and pressure.

The European Commission estimates the market for mobile health services could exceed 17.5 billion euros (19 billion euros) from 2017.

The Chinese health ministry's deputy head of "digital health", Yan Jie Gao, said at the congress on Wednesday that the ministry planned to spend tens of billions of euros (dollars) by 2025 to equip 90,000 hospitals with the means for patients to contact them online securely.

Patients are entering health indicators and even using online health services for long-distance consultations with doctors whom they do not know.

"There is a steady increase in remote consultations with medical practitioners," particularly in the United States, said Kevin Curran, a computer scientist and senior member of the Institute of Electrical and Electronics Engineers.

"Your doctor can be someone who's based in Mumbai. We have to be very careful about our data, because they're the ones who probably will end up storing your data and keeping a record of it."

- Cloud-based healthcare -

Other users are entering personal health data into applications on their smartphones.

This kind of "e-health" could save governments money and improve life expectancy, but authorities and companies are looking to strengthen security measures to protect patients' data before such services become even more widespread.

"I think tech companies are becoming more concerned with privacy and encryption now," said Curran.

"The problem quite often is that a lot of this data is stored not on the phone or the app but in the cloud," in virtual storage space provided by web companies, he added.

"We are at the mercy of who the app providers are and how well they secure the information, and they are at the mercy sometimes of the cloud providers."

Others fear that insurance companies will get hold of customers' health information and could make them pay more for coverage according to their illnesses.

Various sources alleged to AFP that health insurance companies have been buying data from supermarkets about what food customers were buying, drawn from the sales records of their loyalty cards, following media reports to that effect.

The kind of "e-health" indicator most sought after by patients is fitness-related rather than information on illnesses, however, said Vincent Bonneau of the research group Idate.

A study by Citrix Mobile, a specialist in wireless security, showed that more than three quarters of people using e-health applications were doing so for fitness reasons rather than for diagnosing illnesses.


more...
No comment yet.
Scoop.it!

Is it OK for doctors to 'google' patients?

Is it OK for doctors to 'google' patients? | Healthcare and Technology news | Scoop.it

It's something we do to job applicants, first dates, former lovers and the quiet co-worker in the next cubicle. The practice of “googling” others for professional reasons or out of personal curiosity is so ubiquitous that the name of the popular Internet search engine has turned into a verb. In healthcare, patients often head online for diagnoses, drug information and details about their doctors. But do professional standards prevent physicians from doing the same to patients?

The authors of a new paper in the Journal of General Internal Medicine write that sometimes, the practice is acceptable. Most other times, in their opinion, it isn’t. They hope their paper sparks conversation among colleagues and the American Medical Association about the possibility of guidelines for providers in the digital age, one in which most medical students can't remember a world without search engines.

“The motivation is to protect patients and prevent harm,” said Maria Baker, a Penn State Hershey Cancer Institute genetics counselor.

Her paper lists 10 situations when physicians are justified in “googling” patients – for example, when they have a duty to warn of possible harm, if patient’s story seem improbable, if information from other professionals calls a patient’s story into question, if there are suspicions of abuse or concerns of suicide risk.

“There is something worth protecting in the physician-patient relationship,” said co-author Daniel George, an assistant professor in Medical Humanities at Penn State University College of Medicine. While the AMA has issued guidelines regarding physician professionalism and social media, George calls patient-targeted web searches a “blind spot” among providers.

The authors detail actual situations at Penn State when they felt “googling” was warranted. In one case, a 26-year-old requested that both of her breasts be removed to prevent breast cancer, although she hadn’t undergone genetic testing to see if she was at risk for the disease, and didn’t want to. She reported an “almost unbelievable” family history of breast, ovarian and esophageal cancer and had sought the same surgery at other hospitals.

The genetic counselor “googled” her and found that this patient “was presenting her cancer story at lay conferences, giving newspaper interviews, and blogging about her experience as a cancer survivor. Additionally, the patient was raising funds, perhaps fraudulently, to attend a national cancer conference.”

“Armed with this information,” the authors write, “the genetic counselor informed the surgeon, who subsequently told the patient he felt uncomfortable performing the surgery in the absence of formal genetic and psychological testing.”

Conversely, the authors argue, web searches can undermine trust among patients and providers. “You have a patient wanting to adopt healthy lifestyles, and the doctor helps him on a course of exercise and non-smoking,” Baker explained. “But the doctor ‘googles’ him and sees pictures he posted on Facebook smoking a cigar.”

Mildred Solomon, president of the Garrison, New York-based bioethics institute The Hastings Center, said she applauds the authors for raising such questions, but their “acceptable” reasons for “googling” patients are far too broad.

One scenario, “incongruent statements by the patient, or between a patient and family members,” occurs too frequently in clinical settings to justify Internet searches, Solomon said. “There’s too much wiggle room,” she explained, noting that “intention” is what should matter.

“Why is the physician motivated to do this? Is it going to bring benefit to the patient, or is it something self-serving or out of personal curiosity?” Solomon asked.

A spokesperson for the AMA declined to comment to Reuters Health, citing the issue as “unresolved” by the organization.

However, a 2013 policy statement from The Federation of State Medical Boards notes that physician use of digital tools must evolve as do technology and societal trends. It acknowledges the use of “patient-targeted googling” in medical crises, such as attempts to identify unconscious patients in emergency departments. But, according to the policy: “it instead can be linked to curiosity, voyeurism and habit. Although anecdotal reports highlight some benefit (for example, intervening when a patient is blogging about suicide), real potential exists for blurring professional and personal boundaries.”

Authors say they wish only for more dialogue about this digital practice.

“I think this is just a starting point,” George said. “Every conversation has to start with something. This is the raw clay that we hope the field sculpts into set guidelines.”

The paper, which first came online in September, appears in the journal’s January print issue.


more...
No comment yet.
Scoop.it!

Health IT outsourcing poised for growth in 2015, beyond

Health IT outsourcing poised for growth in 2015, beyond | Healthcare and Technology news | Scoop.it

The market for IT outsourcing in healthcare and life sciences is expected increase at an 8.6 percent compound annual growth rate through 2019, with the adoption of cloud-based services among the major trends, according to global research firm TechNavio.

Organizations might be outsourcing just a few applications or their whole IT operations, relying on managed services to eliminate the need for an in-house IT staff. IT outsourcing helps healthcare providers to deploy business applications rapidly and focus on their core business.

Hospitals and clinics, which have difficulty keeping with up myriad changing government regulations, tend to outsource applications related to operations, finance, database management and infrastructure, according to the report. This outsourcing helps to reduce operational and maintenance costs.

The report also points to the rise in use of predictive and content analytics for clinical and operational insights.

By 2020, 80 percent of healthcare data will pass through the cloud at some point in its lifetime as providers increasingly turn to the cloud for data collection, aggregation, analytics and decision-making, IDC Health Insights recently predicted.

IDC also estimated that half of health and life science buyers by 2018 will demand substantial risk sharing with their outsourcing partners.

Hospitals increasingly plan to outsource coding efforts in the coming year, according to a survey published by Black Book Rankings, which found in a separate survey that a majority of hospital CFOs plan to either outsource or purchase new revenue cycle management software by the end of 2015.

Dick Escue, CIO of Valley View Hospital in Colorado, made the case for buying effective services, not mega-expensive hardware, in a November article published at Becker's Health IT & CIO Review.

Yet Peter Odegard, information security officer at Children's Hospitals and Clinics of Minnesota, told FierceHealthIT that it's increasingly difficult for hospitals to keep track of all the vendor partners that host, store or analyze data, adding to the complexity of security patient data.


more...
No comment yet.
Scoop.it!

Hospital employee gets indicted for fraud

Hospital employee gets indicted for fraud | Healthcare and Technology news | Scoop.it

A former employee at a major New York health system has been indicted, along with seven others, for stealing personal data of 12,000 patients, enabling more than $50,000 in fraud.


Manhattan's district attorney last week announced the indictment of Monique Walker, 32, a former assistant clerk at the eight hospital Montefiore Health System, for swiping patient data and supplying it to an identity theft ring. Walker, who had access to patient names, Social Security numbers, dates of birth, among others, reportedly printed the records of as many as 12,000 patients and supplied them to seven other individuals who used the data to make multiple purchases from department stores and retailers.


Walker, according to the New York County’s District Attorney’s office, sold the patient records for as little as $3 per record. Co-conspirators were able to open credit cards and make several unauthorized big ticket purchases at Barneys New York, Lord & Taylor and Bergdorf Goodman, among others. Defendants have been charged with grand larceny, unlawful possession of personal identification information, identity theft and criminal possession.


"In case after case, we've seen how theft by a single company insider, who is often working with identity thieves on the outside, can rapidly victimize a business and thousands of its customers," said New York County District Attorney Cyrus R. Vance Jr. in a June 18 press statement announcing the indictment. "I thank Montefiore Medical Center for taking immediate steps to alert authorities to ensure that those involved are held responsible, and moving swiftly and responsibly to notify and protect patients."

The case of insider misuse with patient data within healthcare organizations is nothing new. In fact, according toVerizon's annual data breach investigations report published this spring, security incidents caused by insider misuse – think organized crime groups and employee snooping – jumped from 15 percent last year to 20 percent in 2015.


"We're seeing organized crime groups actually position people where possible in healthcare organizations so they can steal information for tax fraud," Suzanne Windup, senior analyst on the Verizon RISK team, told Healthcare IT News this spring. "As organizations are putting in better monitoring and they're reviewing access logs, they're finding more cases of snooping."


As Cathleen A. Connolly, FBI supervisory special agent explained at Healthcare IT News' Privacy & Security Forum this past March, "your people that work for you are a very large threat," speaking in the context of combatting insider threats within healthcare.


What's more, according to data from the U.S. Department of Health and Human Services, unauthorized access or disclosure accounts for 5.3 million of the patient data compromised in HIPAA breaches. 

more...
No comment yet.
Scoop.it!

CMS gives IT entrepreneurs access to Medicare data

CMS gives IT entrepreneurs access to Medicare data | Healthcare and Technology news | Scoop.it

For the first time, the Centers for Medicare & Medicaid Services will allow innovators and entrepreneurs to access Medicare claims and other CMSdata, Acting Administrator Andy Slavitt announced Tuesday at Health Datapalooza in Washington.

These entrepreneurs will be allowed to conduct approved research aimed at developing tools and technologies to improve care and benefit consumers, say CMS officials. The data will be deidentified, but will be connected with specific providers. CMS will begin accepting innovator research requests in September 2015.

"Historically, CMS has prohibited researchers from accessing detailed CMS data if they intended to use it to develop products or tools to sell," said Niall Brennan, CMS chief data officer and director of its Office of Enterprise and DataAnalytics, in a press statement announcing the move.

"However, as the delivery system transforms from rewarding volume to value, data will play a key role," Brennan added. "We hope that this new policy will lead to additional innovation and insights from the CMS data.

The data will be accessed via the CMS Virtual Research Data Center, which provides access to granular data such as Medicare fee-for-service claims. Researchers working in the VRDC have direct access to approved privacy-protected data files and are able to conduct their analysis within a secure CMS environment, officials say.


The hope is that these data sources will help inform the development of transformative technologies, such as care management or predictive modeling tools.


Even though all data is privacy-protected, CMS emphasizes, researchers will not be allowed to remove patient-level data from the VRDC. They will only be able to download aggregated, privacy-protected reports and results to their own personal workstation.

CMS also announced Tuesday that researchers will be allowed to request data on a quarterly basis rather than the annual updates offered in the past. Platforms such as the VRDC have facilitated access to more current data without higher data costs, enabling researchers to conduct more rapid analysis of the delivery system.


"Data is the essential ingredient to building a better, smarter, healthier system," said Slavitt in a statement. "Today's announcement is aimed directly at shaking up health care innovation and setting a new standard for data transparency. We expect a stream of new tools for beneficiaries and care providers that improve care and personalize decision-making."

more...
No comment yet.
Scoop.it!

The radical potential of open source programming in healthcare

The radical potential of open source programming in healthcare | Healthcare and Technology news | Scoop.it

Everyone wants personalized healthcare. From the moment they enter their primary care clinic they have certain expectations that they want met in regards to their personalized medical care.


Most physicians are adopting a form of electronic healthcare, and patient records are being converted to a digital format. But electronic health records pose interesting problems related to sorting through vast amounts of patient data.


This is where open source programming languages come in, and they have the ability to radically change the medical landscape.

So why aren’t EHRs receiving the same care that patients expect from their doctor? There are a variety of answers, but primarily it comes down to how the software interprets certain types of data within each record. There are a variety of software languages designed to calculate and sort through large amounts of data that have been out for years, and one of the most prominent language is referred to as “R”.

What is R?

According to r-project.org “R is an integrated suite of software facilities for data manipulation, calculation, and graphical display.” Essentially this programming language has been built from the ground up to handle large statistical types of data.


Not only can R handle these large data sets, but it has the ability to be tailored to an individual patient or physician if needed. There are a variety of other languages focused on interpreting this type of data, but other languages don’t have the ability to handle it as well as R does.

How can a language like R change the way in which EHRs function?

Take, for instance, the recent debate regarding immunization registry. EHRs contain valuable patient data, including information associated with certain types of vaccine.


If you were able to cross reference every patient that had received a vaccine, and the side effects associated with said vaccine, then you could potentially sort out what caused the side effect and create prevention strategies to deter that certain scenario from happening again.


According to Victoria Wangia of the University of Cincinnati, “understanding factors that influence the use of an implemented public health information system such as an immunization registry is of great importance to those implementing the system and those interested in the positive impact of using the technology for positive public health outcomes.”


This type of system could radically change the way we categorize certain patient health information.


Programming languages like R have the ability to map areas that have been vaccinated versus those that haven’t. This would be ideal for parents who wish to send their children to a school where they know that “x” number of students have received a shot versus those that haven’t. Of course, these statistics would be anonymous, but this information might be critical for new parents who are looking for a school that fits their needs.


This technology could have much bigger implications pertaining to personalized data, specifically healthcare records. Ideally, an individual could tailor this programming language to focus on inconsistencies within patient records and find future illnesses that people are unaware of.


This has the potential to stop diseases from spreading, even before the patient is aware that they might have a life threatening illness. Although such an intervention wouldn’t necessarily stop a disease, it could be a great prevention tool that would categorize certain types of illness.

Benefits of open source

One of the more essential functions that R offers is the ability to be tailored to patient or doctor’s needs. Most information regarding patient health depends on how a physician documents the patient encounter, but R has the ability to sort through a wide variety of documentation pertaining to important statistical information that is relevant to physician needs. This is what makes open source programming languages ideal for the medical field.


One of the great components associated with open source programming languages in the medical field is the cost. R is a completely free language to start working in, and there is a large amount of great documentation available to start learning the language. The only associated cost would be paying a developer to set up, or create a program that quickly sorted through personalized information.


Essentially, if you were well rounded in this language, the only cost associated with adopting it would be the paper you would need to print information on.


Lastly, because of HIPAA, the importance of information security has been an issue, and should be a primary concern when looking at any sensitive electronic document. Cyber security is always going to be an uphill battle, and in the end if someone wants to get their hands on certain material, they probably will.


Data breaches have the ability to cost companies large amounts of money, and not even statistical data languages are safe from malicious intent. A recent issue has been the massive amount of resources that are being built in R that have been shared online. Although this is a step in the right direction for the language, people are uploading malicious code. But if you are on an encrypted machine, ideally the information stored on that machine is also encrypted. Cloud based systems like MySQL, a very secure open source server designed to evaluate data, offer great solutions to these types of problems.


These are some of the reasons why more physicians should adopt these types of languages, especially when dealing with EHRs. The benefits of implementing these types of systems will radically alter the way traditional medicine operates within the digital realm.


More statistical information about vaccinations and disease registries would greatly benefit those that are in need. The faster these types of systems are implemented, the more people we are able to help before their diseases becomes life threatening.


more...
No comment yet.
Scoop.it!

Is it unprofessional for physicians to wear Apple Watch?

Is it unprofessional for physicians to wear Apple Watch? | Healthcare and Technology news | Scoop.it

One of the trending themes of the Apple Watch reviews so far has been the gluttony of notifications the Apple Watch spews out in default mode.  The Verge highlighted this in their video review — around the 3 minute mark they show how many distractions the Apple Watch can provide when having a simple conversation with someone.

In his review, The Verge’s Nilay Patel mentions how the Apple Watch doesn’t enable you to control notifications in a very granular manner — it’s basically all or nothing.


Not only is this problematic for casual conversations, as Patel shows so well during his review, but it’s even more worrisome for physicians who want to wear the Apple Watch when caring for patients.

It’s easy to put your phone on silent and in your pocket during your clinical shift, but even if your Apple Watch is silent, it will still light up when you get a notification, similar to your iPhone. Imagine doing a physical exam on a patient and as you’re doing their abdominal exam, you get a text alert from a friend making an inside joke from the weekend — definitely not professional as your patient is in easy viewing distance of your wrist.


There is already evidence that shows smartphones themselves can create distractions during patient rounds, one can only imagine how much worse it could be with the Apple Watch.


As the study by Katz-Sidlow and colleagues showed for smartphones, I think having policies in place on how this new technology should be used in the hospital setting is something that should start being discussed.


There are definite ways the Apple Watch could be utilized for a clinical shift — I wrote an article on 10 ways the Apple Watch could be utilized in medicine recently — but its form factor makes it significantly less likely to provide anywhere close to the utility you have with your smartphone. The short of it is the Apple Watch isn’t going to have anywhere close to the same clinical utility that smartphones provided to physicians for patient care.


So then, is the Apple Watch unprofessional to wear during patient care?


Yes, especially with the lack of the ability to change notifications in a granular fashion currently.


But to get around this, Apple Watch does have an airplane mode feature, effectively turning off all notifications — but this arguably makes it worthless to wear the Apple Watch in the fist place. There is a “do not disturb” function as well, but it remains to be seen if that will prevent the backlight from turning on as well.


I do know one thing, if I see my medical students and residents wearing the Apple Watch when caring for our patients, I will definitely ask them about the notification setting they have on their Watch, as my own Apple Watch will be stuck in airplane mode for the time being.


more...
No comment yet.
Scoop.it!

Study to Probe Healthcare Cyber-Attacks

Study to Probe Healthcare Cyber-Attacks | Healthcare and Technology news | Scoop.it

In the wake of the recent hacker attacks on Anthem Inc. and Premera Blue Cross that compromised personal data on millions of individuals, the Health Information Trust Alliance is attempting to launch a study to get a better understanding of the severity and pervasiveness of cyber-attacks in the healthcare sector, as well as the attackers' methods.


HITRUST, best known for its Common Security Framework hopes to recruit hundreds of participants for its "Cyber Discovery" study. Organizations that join the study will monitor for signs of attacks for a 90-day period using data gathered with Trend Micro's threat discovery technology, which works with security information and event management systems. "It's like a big sandbox that works in a passive mode and collects everything and tries to analyze everything that comes into the sandbox," Dan Nutkis, HITRUST CEO, tells Information Security Media Group.


Participants can use the data that's collected and analyzed by the technology for their own cyber-intelligence activities. For the study, the participating organizations will provide anonymized data regularly to HITRUST for analytical purposes. "We don't have the name of the organization, just the type of organization," Nutkis says.

Security expert Mac McMillan, CEO of security consulting firm CynergisTek, says that as long as HITRUST can guarantee the data collected from healthcare organizations is anonymized, the alliance might be able to attract participants. And if there are enough participants, "a study such as this based on empirical data can paint a relevant picture with respect to the risk that healthcare entities face, and therefore, would be very valuable if done correctly," adds McMillan, chair of the HIMSS Privacy & Security Policy Task Force.

HITRUST hopes to have the necessary software and hardware installed at all the participating organizations by the end of May, Nutkis says. It will publish an initial report of findings and recommendations approximately four months from the launch of the project.

Digging In

The organization is seeking about 210 voluntary participants from the healthcare sector, including insurers, hospitals, accountable care organizations and clinics. Each will participate for 90 days or longer, Nutkis says. Participants do not have to be members of HITRUST to qualify.


Each participating healthcare organization will get free use the Trend Micro technology during the study. Trend Micro will install the appliance and train organizations how to use it and how to conduct the forensics analysis, Nutkis says.


"The goal is to understand the threat actors, the methods and their targets," he says. Among the questions to be addressed, he says, are: "Are these actors targeting health plans or are they targeting specific types of equipment or types of data? Are they after PHI or PII? What's the level of persistence? What's the duration of them trying to get in? Do they keep coming back?"


The study aims to accurately identify attack patterns as well as the magnitude and sophistication of specific threats across enterprises, he says.

Recent Attacks

When it comes to the recent attacks on Anthem and Premera, and their significance to the healthcare sector, "there's a lot speculation and conjecture about what's going on," he says. "There was a great level of concern after the Community Health System attack" last year, in which hackers compromised data of about 4.5 million individuals. Because they were reported about six weeks apart, the Anthem and Premera breaches raised concerns about whether they were related, he says. While those breach investigations are still ongoing, the healthcare sector is trying to understand who's being targeted, how and for what data, he explains.


Nutkis says HITRUST will consider whether to repeat the study annually to track emerging trends.


McMillan, the consultant, says the value of the study to the healthcare sector will ultimately depend on what is examined. "For instance, will it address social engineering or things like phishing? Phishing is a huge issue for healthcare right now and is believed to have had a role in the many of the high-profile breaches of last year."


more...
No comment yet.
Scoop.it!

'Precision Medicine': Privacy Issues

'Precision Medicine': Privacy Issues | Healthcare and Technology news | Scoop.it

Florence Comite, M.D., a pioneer in the evolving practice of "precision medicine," says extraordinary measures must be taken to protect patient privacy as more genetic and other sensitive data is collected to help personalize their care.

Precision medicine, also known as personalized medicine, involves the use of genomic, environmental, lifestyle and other personal data about patients so that clinicians can better tailor medical treatments that are potentially more effective based an individuals' characteristics.

To safeguard patients' sensitive data, Comite's New York-based endocrinology private practice had a developer build a custom electronic medical record system. The records system incorporates role-based access and encryption, as well as other features to protect patient privacy, she says in an interview with Information Security Media Group.

Comite keeps the most sensitive medical data - such as genetic data indicating that a patient potentially could develop a certain type of cancer or Alzheimer's disease - separate from other information in the patient's records, and often uses pseudonyms for patients to further protect this segregated information, she says.

Most healthcare is geared to mainstream, "one-size fits all" treatments that focus on treating illnesses rather than preventing them, the physician says. And most commercially available electronic records systems are built for those practicing this style of healthcare, she contends. "That's why I created my unique EMR, because I wanted to be able to collect data and equally be able to protect it in such a way that wouldn't undermine the kind of work we're trying to do."

Many patients are afraid of getting genetic testing done because of fear that sensitive data will be inappropriately released, she says. "That prevents a clinician from truly practicing what I see as the healthcare of the future."

In his recent State of the Union Address, President Obama unveiled a Precision Medicine Initiative. The White House calls the plan "a bold new research effort to revolutionize how we improve health and treat disease." In the Obama administration's fiscal 2016 budget, the Department of Health and Human Services is seeking a $215 million to launch the initiative.

In the interview, Comite also discusses:

  • The risks of hacker attacks targeting sensitive health information, such as genomic data;
  • The shortcomings in HIPAA privacy notices provided to patients;
  • The work that Comite's practice will be doing with employers, and how workers' health data privacy will be protected.

Comite is an endocrinologist with multidisciplinary training in internal medicine, pediatrics, gynecology and andrology. She is a graduate of Yale University School of Medicine, where she taught for 25 years as an associate clinical professor. An early practitioner in the emerging field of precision medicine, Comite has conducted clinical research at Yale and the National Institutes of Health in Reproductive Endocrinology and Metabolism. Comite maintains a private practice, ComiteMD, in New York City.


more...
No comment yet.
Scoop.it!

Big Data in Healthcare: A Cause for Concern?

Big Data in Healthcare: A Cause for Concern? | Healthcare and Technology news | Scoop.it

A federal advisory panel has kicked off discussions about the privacy and security challenges related to the use of big data in healthcare, with a goal of making policy recommendations in the coming weeks.


During the Jan. 12 meeting of the Health IT Policy Committee's Privacy and Security Workgroup - formerly called the Tiger Team - members began sorting through a number of key big data themes that emerged from two public hearings the group hosted in December. The workgroup and the committee will make recommendations to the Office of the National Coordinator for Health IT, which could ultimately lead to new policies from the Department of Health and Human Services.


Last month's hearings included testimony from a number of stakeholders from various segments of the healthcare sector. For instance, testimony highlighted that while analyzing big data can bring big potential benefits, including better treatment outcomes and lower costs, it also can bring privacy risks to individuals, says workgroup Chair Deven McGraw, an attorney at the law firm Manatt, Phelps & Phillips, LLP.

The workgroup will now help to assess whether the nation has the right policy framework in place "in order to maximize what is good about what health data presents for us, while addressing the concerns that are raised," McGraw says.

Big Data Challenges

Big data concerns that emerged from the hearings in December included whether various "tools" that are commonly used to help protect an individual's health data privacy are sufficient, given the complexities of various big data use cases, McGraw says.

Those "tools" include data de-identification methods; patient consent; transparency to patients and consumers about how their data might be used; various practices related to data collection, use and purpose; and security measures to protect data.

Other concerns arising from the testimony that the workgroup plans to dig into relate to the legal landscape, such as whether there are regulatory gaps in HIPAA and other laws regarding keeping health data used for big data analytics private.

The workgroup, which will continue its discussion on Jan. 26, will also consider the harm that could be caused if big data is not kept private, including discrimination, medical identity theft, and mistrust of the healthcare system.

In early February, however, the workgroup will temporarily shift gears to discuss ONC's 10-year interoperability roadmap, which is expected to be released in late January. The roadmap will focus on secure health data exchange.

Nevertheless, the workgroup hopes to hammer out some preliminary findings or early recommendations about protecting big data so that it can make a presentation at the March 10 meeting of the HIT Policy Committee, McGraw says.


more...
No comment yet.