Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

Tiny Budgets Undercut Healthcare’s Cyber Security Efforts

Posted on January 4, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

This has been a lousy year for healthcare data security — so bad a year that IBM has dubbed 2015 “The Year of The Healthcare Security Breach.” In a recent report, Big Blue noted that nearly 100 million records were compromised during the first 10 months of this year.

Part of the reason for the growth in healthcare data breaches seems to be due to the growing value of Protected Health Information. PHI is worth 10x as much as credit card information these days, according to some estimates. It’s hardly surprising that cyber criminals are eager to rob PHI databases.

But another reason for the hacks may be — to my way of looking at things — an indefensible refusal to spend enough on cybersecurity. While the average healthcare organization spends about 3% of their IT budget on cybersecurity, they should really allocate 10% , according to HIMSS cybersecurity expert Lisa Gallagher.

If a healthcare organization has an anemic security budget, they may find it difficult to attract a senior healthcare security pro to join their team. Such professionals are costly to recruit, and command salaries in the $200K to $225K range. And unless you’re a high-profile institution, the competition for such seasoned pros can be fierce. In fact, even high-profile institutions have a challenge recruiting security professionals.

Still, that doesn’t let healthcare organizations off the hook. In fact, the need to tighten healthcare data security is likely to grow more urgent over time, not less. Not only are data thieves after existing PHI stores, and prepared to exploit traditional network vulnerabilities, current trends are giving them new ways to crash the gates.

After all, mobile devices are increasingly being granted access to critical data assets, including PHI. Securing the mix of corporate and personal devices that might access the data, as well as any apps an organization rolls out, is not a job for the inexperienced or the unsophisticated. It takes a well-rounded infosec pro to address not only mobile vulnerabilities, but vulnerabilities in the systems that dish data to these devices.

Not only that, hospitals need to take care to secure their networks as devices such as insulin pumps and heart rate monitors become new gateways data thieves can use to attack their networks. In fact, virtually any node on the emerging Internet of Things can easily serve as a point of compromise.

No one is suggesting that healthcare organizations don’t care about security. But as many wiser heads than mine have pointed out, too many seem to base their security budget on the hope-and-pray model — as in hoping and praying that their luck will hold.

But as a professional observer and a patient, I find such an attitude to be extremely reckless. Personally, I would be quite inclined to drop any provider that allowed my information to be compromised, regardless of excuses. And spending far less on security than is appropriate leaves the barn door wide open.

I don’t know about you, readers, but I say “Not with my horses!”

Practical Application of Watson with EHR

Posted on July 24, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Ever since Watson made its debut on Jeopardy, I haven’t been able to not check out what Watson was doing next. No doubt what Watson did on Jeopardy was impressive. However, it’s one thing to do what it did on Watson. It’s another thing to commercialize the Watson into something useful.

I’d long been hearing that Watson was going to be great for healthcare IT and that healthcare would really benefit from the technology. However, everything I saw felt very conceptual as opposed to practical and implemented. So, I was really interested in talking with Modernizing Medicine about their EHR integration with Watson.

You can find my interview with Daniel Cane and Dr. Michael Sherling, Founders of Modernizing Medicine, talking about Watson and some of the other cool ways they’re trying to help doctors make use of the data in an EHR in the video below. Plus, we even talk ICD-10 and MU 2 delay as well.

Note: Modernizing Medicine is a Healthcare Scene advertiser.

Healthcare Cloud Spending To Ramp Up Over Next Few Years

Posted on October 4, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For years, healthcare IT executives have wrestled with the idea of deploying cloud services, concerned that the cloud would not offer enough security for their data. However, a new study suggests that this trend is shifting direction.

A new study by market research firm MarketsandMarkets has concluded that the healthcare industry will invest $5.4 billion in cloud computing by 2017.  This year should see a particularly big change, with total healthcare cloud investment moving from 4 percent to 20.5 percent of the industry, according to an article in the Cloud Times.

The current US cloud market for healthcare is dominated by SaaS vendors such as CareCloud, Carestream Health and Merge Healthcare, according to MarketsandMarkets. These vendors are tapping into an overall cloud computing market which should grow at a combined annual growth rate of 20.5 percent between 2012 and 2017, the researchers say.

As the report notes, there are good reasons why healthcare IT leaders are taking a closer look at cloud computing. For example, the cloud offers easy access to high-performance computing and high-volume storage, access which would be very costly to duplicate with on-premise computing.

On the other hand, the MarketsandMarkets researchers admit, healthcare still has particularly stringent data security requirements, and a need for strict confidentiality, access control and long-term data storage. Cloud vendors will need to offer services and products which meet these unique needs, and just as importantly, change and adapt as regulatory requirements shift. And they’ll have to have an impeccable reputation.

That last item — the cloud vendor’s reputation — will play a major role in the coming shift to cloud-based deployments. If giants like AT&T, IBM and Verizon stay in the healthcare cloud business, which seems likely to me, then healthcare institutions will be able to admit that they’re engaged in cloud deployments without suffering a public black eye over potential security problems.

On the other hand, if the giants were to get cold feet, cloud adoption would probably slow substantially, and remain at the trickle it has been for several years. While vendors like Merge and Carestream may be doing well, I’d argue that the presence of the 2,000-pound gorilla vendors ultimately dictates whether a market thrives.

Watson in Healthcare, Malpractice and EHR, Orion and Amalga, and EMR Apps

Posted on October 16, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Time again for my weekly round up of healthcare IT and EMR related tweets. Plus, a few thoughts from me about the various tweets.

@Craigley
Craig Bradley
I need a Watson robot in the room to be my knowledge/evidence coach & also EMR scribe while I listen/touch/care. @SeattleMamaDoc #chc11

The good news for Craig is that I’ve seen the people from IBM that did Watson working with the people from Nuance (most famous for Dragon Naturally Speaking) working on this. I don’t think it’s that far away.

@nickgenes
borborygmi
First real recommendation: have good backup plan when #EMR goes down; one makpractice case was lost by inadequate downtime system #SA11

This was pretty interesting. I’d love to learn more details about this malpractice case. No doubt you have to work on a proper system to handle EMR down time. I’ve written before about all the ways you could have EMR down time and the cost of EHR down time. It’s not a question of IF you will have EHR down time, but WHEN.

@JBikman
Jeremy Bikman
I’m very excited to see what Orion can become w/ Amalga HIS. My hope is that they emerge as a legit EHR/EPR/HIE player globally. Very cool.

This is interesting news since Orion is focused on the Asia Pacific market. Coincidentally, I’m just finalizing the details of me attending a Healthcare Informatics Conference in Thailand in March 2012. I’m interested to learn a lot more about Asia. You can read more about the Orion Health Deal for Amalga here.

@EMRDailyNews
EMR Daily News
Over 60 EMR / #EHR Apps Now Available in the iTunes App Store su.pr/1tfhMG

64 iPhone EHR apps on the app store. In February there were only 5 EMR apps in the Android marketplace. I’m sure there are a whole lot more now. Plus, the number of apps in the app store is a bit flawed since it’s not like people purchase their EHR software on the app store. However, it’s interesting to see how many are putting it there.

IBM’s Watson Addresses Errors of Diagnosis

Posted on June 2, 2011 I Written By

I’m beginning to see a pattern here. Two weeks ago, I wrote about clinical decision support in context of Dr. Larry Weed’s new book. Two weeks before that, I commented about physicians worrying that patients would perceive them as being incompetent if they relied on CDS. Today, I’m back to the same topic.

Deny the obvious all you want, physicians, but clinical decision support is coming, and once it’s here, it’s not going away.

I just got back back from the new IBM Healthcare Innovation Lab in downtown Chicago, the company’s third such center in the U.S. and eighth worldwide. While kickoff included a “healthcare leadership exchange” with such thought leaders as HIMSS CEO Steve Lieber and Allscripts Healthcare Solutions Chief Innovation Officer Stanley Crane, the real star was not a person, but a computer. IBM’s Watson, to be specific.

People stayed after lunch mostly to see a demo of Watson processing healthcare data—and IBM Chief Medical Scientist Dr. Marty Kohn said this was the first audience to see this demo. Make no mistake, IBM is positioning Watson as a clinical decision support tool, particularly for the much-ignored area of diagnostic decision support.

Saying that perhaps 25 percent of all healthcare errors are errors of diagnosis, Kohn noted how getting the diagnosis right can prevent all kinds of unnecessary complications and spending. “Of course, if you’ve made the wrong diagnosis, picking the right course of treatment becomes a challenge,” Kohn said.

And after the diagnosis, Watson can prevent treatment errors by, say, scanning EMR data for patient allergies to recommend against a drug that might cause a harmful interaction, then suggest alternative therapies. Kohn presented the case of a 29-year-old pregnant woman who was diagnosed with Lyme disease. A common treatment is the antibiotic doxycyline, but Kohn noted that it’s contraindicated during pregnancy.

Watson, according to Kohn, draws preliminary conclusions according to presenting symptoms, then scans multiple sources of information to present recommendations. Watson does look at the notoriously incomplete and inaccurate Wikipedia, Kohn said, mostly because that user-edited site covers so many topics, but then verifies information from other sources.

Watson then displays reasons why it believes the diagnosis may be correct so the doctor can make an informed decision. “It won’t let you ignore all the possible diagnoses,” Kohn said. But it won’t actually make the final call. “Watson is going to be in a supportive role rather than actually making decisions.” Kohn added.

What the supercomputer does is process vast amounts of data in a short amount of time., something that even the sharpest human mind could never do. And that’s what clinical decision support is supposed to be all about.

Jeopardy!’s Watson Computer and Healthcare

Posted on May 25, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m sure like many of you, I was completely intrigued by the demonstration of the Watson computer competing against the best Jeopardy! stars. It was amazing to watch not only how Watson was able to come up with the answer, but also how quickly it was able to reach the correct answer.

The hype at the IBM booth at HIMSS was really strong since it had been announced that healthcare was one of the first places that IBM wanted to work on implementing the “Watson” technology (read more about the Watson Technology in Healthcare in this AP article). Although, I found the most interesting conversation about Watson in the Nuance booth when I was talking to Dr. Nick Van Terheyden. The idea of combining the Watson technology with the voice recognition and natural language processing technologies that Nuance has available makes for a really compelling product offering.

One of the keys in the AP article above and was also mentioned by Dr. Nick from Nuance was that the Watson technology in healthcare would be applied differently than it was on Jeopardy!. In healthcare it wouldn’t try and make the decision and provide the correct answer for you. Instead, the Watson technology would be about providing you a number of possible answers and the likelihood of that answer possibly being the issue.

Some of this takes me back to Neil Versel’s posts about Clinical Decision Support and doctors resistance to CDS. There’s no doubt that the Watson technology is another form of Clinical Decision Support, but there’s little about the Watson technology which takes power away from the doctor’s decision making. It certainly could have an influence on a doctor’s ability to provide care, but that’s a great thing. Not that I want doctors constantly second guessing themselves. Not that I want doctors relying solely on the information that Watson or some other related technology provides. It’s like most clinical tools. When used properly, they can provide a great benefit to the doctor using them. When used improperly, it can lead to issues. However, it’s quite clear that Watson technology does little to take away from the decision making of doctors. In fact, I’d say it empowers doctors to do what they do better.

Personally I’m very excited to see technologies like Watson implemented in healthcare. Plus, I think we’re just at the beginning of what will be possible with this type of computing.

One More Reason to Implement an EMR – Genomics

Posted on May 17, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Katherine Rourke, on my sister site EMR and EHR, wrote an interesting piece on Adding Genomic Info to the EMR. Here’s a short excerpt from the post. You should go and read the rest of the post as well.

As the author notes, some specialties have already begun to tailor drug treatments to individual patients based on their genomic profile. For example, DNA sequencing of tumors in non-Hodgkin’s and Mantle Cell lymphoma can lead to personalized cancer vaccines that can produce great results, notes writer Gerry Higgins of the NIH.

Such data can also be used for a growing number of clinical situations, such as tailoring Coumadin doses to specific patients and providing psychiatric patients with the appropriate drug.

I’d been meaning to write about genomics and EMR for a while and so I’m glad that Katherine did. In one of my more interesting discussions at HIMSS with CMO of Nuance, Dr Nick (sorry, his last name is too hard to spell), we talked about the future of EMR and the possible benefits it could provide to patient care, diagnosing, etc. Nuance had partnered with IBM’s Watson project (the famous Jeopardy Watson) to apply the Watson technology to healthcare. At its core is using technology to crunch a lot of data and provide some meaningful (sorry I had to use the word) results or information.

As this discussion progressed, I casually suggested that one day we’ll need the same sort of processing across things like a person’s genome. The genome project isn’t quite a consumer commodity, but it’s getting there. One day, it won’t be at all surprising for us to bring our PHR info along with our personal genome to the doctor’s office. The lady at the front desk will ask you for a copy of your genome. Pretty crazy to consider, but probably much closer to happening than we realize.

Imagine trying to somehow process the information found in a genome in a paper based world. Exactly! The thought is so unreasonable you have to just laugh. I don’t follow the science of using the genome in healthcare that closely, but the examples in the above article by Katherine are quite interesting.

Plus, I think we’re still in an old world mentality where the world is still flat when it comes to understanding the data that’s available in the human genome. One day some remarkable humane genome Christopher Columbus is going to discover a new world that nobody knew about before. EMR software will be the tool used by most doctors to tap into that new world of healthcare based on the human genome.

This is why I’ve argued for so long about the possible long term benefits of having an EMR. The integration of a patient’s genome into their healthcare is just one of those potential long term benefits of having an EMR in your office.