Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Exec Tells Congress That New Health Data Threats Are Emerging

Posted on June 20, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A senior security executive with a major academic health system has told Congress that in addition to attacks by random attackers, healthcare organizations are facing new threats which are changing the health security landscape.

Erik Decker, chief security and privacy officer with the University of Chicago Medicine, testified on behalf of the Association for Executives in Healthcare Information Security in mid-June. He made his comments in support of the reauthorization of the Pandemic and All-Hazards Preparedness Act, whose purpose is to improve the U.S. public health and medical preparedness for emergencies.

In his testimony, Decker laid out how the nature of provider and public health preparedness has changed as digital health technology has become the backbone of the industry.

He described how healthcare information use has evolved, explaining to legislators how the digitization of healthcare has created a “hyper-connected” environment in which systems such as EHRs, revenue cycle platforms, imaging and ERP software are linked to specialty applications, the cloud and connected medical devices.

He also told them about the increasing need for healthcare organizations to share data smoothly, and the impact this has had on the healthcare data infrastructure. “There is increasing reliance on these data being available, and confidential, to support these nuanced clinical workflows,” he said. “With the adoption of this technology, the technical ecosystem has exploded in complexity.”

While the emergence of these complex digital health offers many advantages, it has led to a growth in the number and type of cybersecurity problems providers face, Decker noted. New threats he identified include:

* The development of underground markets and exchanges of sensitive information and services such as Hacking-as-a Service
* The emergence of sophisticated hacking groups deploying ransomware
* New cyberattacks by terrorist organizations
* Efforts by nation states to steal intellectual property to create national economic advantages

This led to the key point of his testimony: “We can no longer think of preparedness relative only to natural disasters or pandemics,” Decker said. “It’s imperative that we acknowledge the criticality of cybersecurity threats levied against the nation’s healthcare system.”

To address such problems, Decker suggests, healthcare organizations will need help from the federal government. For example, he pointed out, HHS efforts made a big difference when it jumped in quickly and worked closely with healthcare leaders responding to WannaCry attacks in mid-2017.

Meanwhile, to encourage the healthcare industry to adopt strong cybersecurity practices, it’s important to offer providers some incentives, including a financial subsidy or safe harbors from enforcement actions, he argued.

IT and Affordability, Care for the Poor, Population Health in Low-income Areas – #HITsm Chat Topic

Posted on June 19, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 6/22 at Noon ET (9 AM PT). This week’s chat will be hosted by Lenny Liebmann (@LennyLiebmann) on the topic of “IT and Affordability, Care for the Poor, Population Health in Low-income Areas.”

Technology can do a lot for healthcare delivery. But can technology—and technologists—specifically improve delivery for the economically disadvantaged and under-served? Or are the financial incentives in our industry too heavily stacked against such efforts?

Please join us this Friday, June 22 from noon to 1PM Eastern time for an interactive online discussion about the role technology can play in democratizing healthcare as costs rise and income disparity widens.

The following are the questions we’ll discuss during the hour chat:

T1: Please introduce yourself to the group and let us know if you have any particular interest in the topic of better healthcare for lower-income families. #HITsm

T2: Should health technologists purposefully prioritize initiatives that improve care for the poor—or is improved care an innate result of the improved efficiencies and efficacies generally enabled by IT? #HITsm

T3: Can you share any specific examples you’ve seen of technology specifically helping lower-income patients achieve better health outcomes? #HITsm

TQ4: Any ideas about how healthcare providers can leverage tech to improve population health in low-income neighborhoods—above and beyond better serving low-income individuals and families? #HITsm

T5: Do the economics of healthcare appropriately incentivize the use of technology to benefit the poor? Or do those economics actually disincentivize such efforts? #HITsm

Bonus: Any other thoughts about the relationship between technology innovation in healthcare and the needs of low-income citizens? #HITsm

Upcoming #HITsm Chat Schedule
6/29 – How Nursing Informatics is Changing the Healthcare Landscape
Hosted by Cathy Turner (@MEDITECH_Nurses) and Ashley Dauwer (@amariedauwer) from @MEDITECH

7/6 – What’s the Future of Patient Communication?
Hosted by Lea Chatham (@LeaChatham)

7/13 – TBD
Hosted by TBD

7/20 – TBD
Hosted by Jared Jeffery (@Jk_Jeffery)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

5 Steps to Ensure Revenue Integrity After Implementing a New EHR

Posted on June 18, 2018 I Written By

The following is a guest blog post by Lisa Eramo, a regular contributor to Kareo’s Go Practice Blog.

In the rush to implement EHRs for Meaningful Use incentives, many practices lost sight of what matters most for continued success—revenue integrity, says Joette Derricks, healthcare compliance and revenue integrity consultant in Baltimore, MD. Revenue integrity—the idea that practices must take proactive steps to capture and retain revenue—isn’t a novel concept. However, it’s becoming increasingly important for physician practices operating in a regulatory-driven environment, she adds.

Revenue integrity is also an important part of ensuring smooth cashflow during and after the transition to a new EHR, says Derricks. This is a time when revenue opportunities are easily overlooked as practices adjust to new navigation, templates, and more, she adds.

Revenue integrity is all about compliance, says Derricks. “It’s about taking a holistic approach to operational efficiency, regulatory compliance, and maximizing reimbursement,” she adds. “It’s about doing things the right way.”

Maximizing reimbursement isn’t about ‘gaming’ the system to upcode. Rather, it’s about implementing processes and procedures to ensure that practices are paid for all of the services they perform without leaving money on the table or generating revenue that payers will later recoup, she explains.

Derricks provides five simple steps practices can take to ensure revenue integrity following an EHR implementation:

1. Review EHR templates. Do templates include the most specific CPT and ICD-10-CM codes? And do physicians understand the importance of avoiding unspecified codes, when possible?

2. Examine the interface between the EHR and practice management system. Do the codes that physicians assign in the EHR feed correctly into the practice management system? For example, when a physician performs an E/M service in addition to a procedure, does the EHR map both codes to the practice management system for billing purposes? Does the practice management system correctly bundle and unbundle services, when appropriate?

3. Run your numbers frequently. Ideally, practices will perform a monthly data analysis to help gauge performance and identify potential missed revenue opportunities, says Derricks. For example, she suggests running a report of the practice’s top 20 billing codes in a particular month. Then, compare those codes with the top 20 codes the practice billed that same month in the previous year. What has changed, and why? And have these changes benefited or hurt the practice? For example, practices may see new codes in that list because they added chronic care or transitional care management, both of which provide additional revenue. Or practices may discover a system glitch that incorrectly bundled services that are separately payable, thus causing a revenue loss.

“Everybody can play the ‘I’m too busy’ game, but this is too important to fall into that trap,” says Derricks. “I applaud the office manager or practice administrator who recognizes the value of constantly being on the lookout for system-wide improvements and analyzing their own numbers.”

Some practice management systems provide robust billing analytics that can help practices identify the root cause of billing errors and omissions. Working with a consultant is another option, says Derricks. Consultants provide unbiased input regarding inefficiencies and vulnerabilities and can provide a ‘fresh set of eyes’ necessary to effect change. They also often have access to benchmarking tools and other resources that can help practices identify revenue gaps and delays, she adds.

For example, Derricks suggests performing an assessment for revenue gaps and roadblocks to reduce the workflow process errors that delay revenue. Download the assessment.

4. Provide physician training. Physicians need thorough training on how to use the EHR properly so as to avoid data omissions, says Derricks. They also need annual training on new CPT and ICD-10-CM codes as well as new documentation requirements, she adds.

5. Create an environment that promotes compliance. This requires a top-down approach from physicians and practice managers, says Derricks. “Everyone should have their eyes open and feel comfortable being able to address concerns,” she says. “It should be an open-door policy in terms of looking at processes versus putting your head down.”

About Lisa Eramo
Lisa Eramo is a regular contributor to Kareo’s Go Practice Blog, as well as other healthcare publications, websites and blogs, including the AHIMA Journal. Her focus areas are medical coding, clinical documentation improvement and healthcare quality/efficiency.  Kareo is a proud sponsor of Healthcare Scene.

Doctors at the Nurses Station – Fun Friday

Posted on June 15, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Time for a little Fun Friday as we head into the weekend. This week’s Fun Friday is a video from ZDoggMD as his alter ego, Doc Vader. In this video Doc Vader spends time at the nurses station. There’s some funny truth to the idea of doctors trying to do the work that nurses do. Always important to remember how important every person in a healthcare organization is to the success of the healthcare organization. Enjoy the video and the weekend!

Creating Provider Loyalty – And Why Communication Matters

Posted on June 14, 2018 I Written By

The following is a guest blog post by Chelsea Kimbrough from Stericycle Communication Solutions, as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms

Chelsea Kimbrough

A few months ago, I was on the hunt for the perfect healthcare provider – and my list of expectations was high. Thankfully, my extensive search paid off. I am happy to report I found an amazing physician who I fully plan on remaining loyal to for years to come! The main reason for this loyalty boils down to one common characteristic: communication. Across every step of my patient journey, I was engaged in a clear, convenient way.

Scheduling my appointment was easy. Like many patients, I enjoy the convenience of online scheduling. But as a first time patient, I opted to pick up the phone to make my appointment. The person who answered my call was friendly, focused, and efficient. I was not asked to repeat information and ended the call more quickly than I anticipated – and with more confidence that I’d made the right choice.

Before my appointment, I received a number of reminders. The first was sent via email a few days before my appointment. When I failed (read: forgot) to reply to it, I received another friendly reminder via text message. This time, I promptly confirmed my appointment. A few days before the appointment, I was invited to pre-check in online. I did this from the comfort of my home computer in just a few minutes. As a digital-minded patient, I was stoked that this was an available perk of my new doctor’s office.

When I arrived, I was thanked for already checking in. Unlike other locations where I needed to fill out additional paperwork upon arrival, I didn’t need to do this often repetitive task. This pleasant surprise allowed me to simply wait to be called back.

During my appointment, the doctor looked me in the eye, asked me genuine questions, and clearly explained anything I wanted to know more about. This level of dedicated attention made me feel genuinely cared for. What’s more, she ensured I understood what to expect after my appointment.

After my appointment, I received the communications I was advised to expect in a timely and unobtrusive manner. What’s more, I was invited to provide candid, anonymous feedback about my appointment. The survey was quick and unobtrusive, and left me feeling as if my opinion was valid and valued.

Each point of my patient journey was met with timely, convenient, and reliable engagement. As a patient, I felt confident and at ease. And as someone who works closely with healthcare communication services and solutions – both human and technology based – I was impressed. Few healthcare organizations provide patient experiences that meet patients’ traditional and digital expectations and reliably deliver on the expectations they set. Those that do, however, are sure to acquire patients like me who will stay loyal for the foreseeable future.

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality telephone answering, appointment scheduling, and automated communication services. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services. Connect with Stericycle Communication Solutions on social media: @StericycleComms

The Widening Gap in Dementia Care and One Woman’s Crusade to Address it

Posted on June 13, 2018 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He is currently an independent marketing consultant working with leading healthIT companies. Colin is a member of #TheWalkingGallery. His Twitter handle is: @Colin_Hung.

According to Alzheimer’s Disease International (ADI), someone in the world develops dementia every 3 seconds. An estimated 50 million people had dementia in 2017. That number is expected to grow to 75 million people by 2030.

In 2017, Dr. Anitha Rao, a board certified geriatric neurologist and CEO of Neurocern, published a paper that highlighted the uneven distribution of trained dementia specialists in the United States. Her paper pointed to 20 States that were “Dementia Deserts” where there was insufficient access to specialists given the number of Dementia patients. Without intervention, this gap in Dementia care will only get wider.

While practicing at UCSF’s renowned Memory & Aging Center, Rao noticed two alarming trends:

  1. The time between booking an appointment and the actual appointment continued to grow
  2. More and more undiagnosed patients were coming in to the Center

ADI estimates that only 20-50% of dementia cases are recognized and documented in primary care. With little training and few resources available to patients, primary care doctors are reticent to tell patients they may have Dementia. Read this excellent, and frightening, article by Alice Park in Time on this topic.

An unfortunate consequence of this delay in diagnosis, was that Rao often had the unenviable job of telling patients and their families that the disease had progressed beyond the early-stage interventions that might have made a difference. Worse, she found that many patients were taking medications that were ineffective or harmful given their particular type of Dementia (there are many types of Dementia including Alzheimer’s, Lewy Bodies, Vascular, Frontotemporal, etc).

It was around this time that Rao came across two siloed data sets. One was the distribution of neurologists by state. The other was a data set of Dementia patients by state by year (including future years). She mashed the data together and what resulted was an eye-opening map of Dementia Deserts. The state of Wyoming, for example, was particularly ill-prepared to handle the expected number of Dementia patients. With very few Dementia specialists practicing in the state, patients residing there would likely have poorer outcomes due to lack of access. Rao’s paper has since been used by state agencies to lobby for more training and funding for neurological resources.

Rao, however, didn’t stop at simply identifying the problem. She wanted to do something about it and Neurocern was the result. After analyzing the problem she zeroed in on two specific issues: access to care and the lack of expert Dementia advice for patients. Here’s how the system works:

  • Patients and/or family build a brain profile in the application by answering questions (think a Myers-Briggs assessment but for your brain)
  • Based on the brain profile, the system comes up with recommendations for what can be done at home to keep seniors safe
  • Recommendations include:
    • How to gently convince someone to wash themselves (patients suffering from Dementia usually refuse to bathe)
    • How to help patients not to slip in the bathroom
    • The signs to look for if the patient needs insulin. Some Dementia patients pace the room which means they burn their sugar faster than normal and if they also have Diabetes they will need insulin sooner

“Neurocern is a cross between a neurologist and a social worker,” explains Rao. “It mirrors how my sessions with patients would go. For the first hour I would sit and listen to the family’s story. I’d use that information to build a profile. In the second hour I would review a care plan with the patient and their family. I would make sure they had things they could do at home to help reduce the impact of the Dementia. For example, if a patient suffers from, hallucinations, one of the care recommendations would be to cover mirrors in the home as they are triggers for hallucinations.”

Neurocern currently is capable of generating 5,000,000 care plans based on individual attributes discerned from the brain profile. Plans can be customized by the end-user.

The application has been piloted by a provider organization and Rao is currently in pilot discussions with a number of payers. “There is definitely a financial incentive to help patients better manage Dementia,” says Rao. “Dementia patients are 20% more likely to be readmitted and they have longer than average length of stays (ALOS). Dementia patients who have suffered a stroke have, on average, 38% higher costs. It’s the same story with Dementia + diabetes or other chronic conditions. On top of this is the fact that many healthcare organizations do not have the Dementia-trained staff to care for these patients. Neurocern can help to bridge that gap.”

Dementia is quickly becoming the leading cause of death around the world. It is already #1 in England and Wales and is the top cause of death for Australian women. In many other countries Dementia trails only heart disease. Without adequate training, resources and funding, our healthcare system runs the risk of being overwhelmed. We will need products like Neurocern and people like Rao to ensure the problem gets attention and that patients as well as providers have tools at their fingertips to help mitigate Dementia’s impact.

Rao will be presenting on a panel at next week’s AHIP conference – Innovate with Purpose: Technology Tools of Change alongside 3 other healthcare entrepreneurs.

CMS Wants Interoperability. Should Patient Data Access Champions Cheer – or Not? – #HITsm Chat Topic

Posted on June 12, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re excited to share the topic and questions for this week’s #HITsm chat happening Friday, 6/15 at Noon ET (9 AM PT). This week’s chat will be hosted by Janice McCallum (@janicemccallum) on the topic of “CMS Wants Interoperability. Should Patient Data Access Champions Cheer – or Not?.”

Earlier this year at HIMSS18 and HealthDataPalooza, Seema Verma, CMS Administrator, announced the MyHealthEData initiative that places a priority on interoperability of EHRs, a long desired objective of health data enthusiasts.

The MyHealthEData initiative proposes open APIs with common data standards that will facilitate access to EHR data for software developers, although the business terms for accessing the data aren’t yet clear. In today’s #HITsm chat, I’d like to focus on how the MyHealthEData initiative will—or will not– benefit patients directly. I have more questions than answers and look forward to input from a range of healthIT and data management experts, patient data access advocates, innovation enthusiasts, and more.

First, some background materials:

This is the official announcement of MyHealthEData: https://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2018-Press-releases-items/2018-03-06.html.  Note, the initiative is not intended to give consumers direct access to their data from their healthcare providers; rather, it gives them the ability to choose a “provider that best meets their needs and then give that provider secure access to their data, leading to greater competition and reducing costs. ” In this case, “provider” means a technology provider that will likely charge an initial fee and an ongoing fee for data management.

From ONC director, Don Rucker on interoperability, transparency and an API ecosystem: https://www.healthit.gov/buzz-blog/interoperability/apis-path-putting-patients-center/

Adrian Gropper, MD, in a comment on Rucker’s post on the Health Care Blog, questions whether patient-friendly and cost-effective developers will have full access to APIs:

The issue is fairly simple and was well documented by the API Task Force: Can a small, independent startup serving patients or physicians have access to the FHIR API if the patient says it should – period? http://thehealthcareblog.com/blog/2018/04/24/apis-a-path-to-putting-patients-at-the-center/

Finally, some insights from the current state of the Apple Health app that may give us reason to question how quickly something close to full data access and ongoing data liquidity will occur: https://corepointhealth.com/apple-health-fhir

Join me for this week’s #HITsm chat. Let’s start the conversation.

T1 : Does anyone see any downside to the latest data and API standards? Is anything missing from CMS announcements and fact sheets? Or, should we all be cheering? #HITsm

T2: Health IT vendors that focus on patient engagement and patient data management should be happy about MyHealthEData. Who among the existing patient data app developers do you think will benefit most from an API ecosystem? Who might be hurt? #HITsm

T3: Do you think patient access to full health records will be more affordable due to MyHealthEData? #HITsm

T4: How long do you think it will take to make the apps useful to patients with complex conditions, given the current state of data availability via Apple Health app and early patient portals? #HITsm

T5: What’s the likely business model for the app developers? #HITsm
Here are some possibilities to discuss:
(1) app developers charge low price to patients; revenue will come from businesses that want to buy access to aggregate data.
2) Full fee paid by patients.
3) An advertising model?
4) Access to app is given as a benefit to existing customers, e.g., Google can afford to offer app for free/low cost to existing customers, because it sells other services; health insurers can subsidize costs to incentivize patients to better manage their health status via health data apps.
5) Other revenue/business models?

Bonus: How do you think healthcare providers will react to the requirement that they “ensure data sharing”? How will it affect small physician practices v. hospitals? #HITsm

Upcoming #HITsm Chat Schedule
6/22 – IT and Affordability, Care for the Poor, Population Health in Low-income Areas
Hosted by Lenny Liebmann (@LennyLiebmann)

6/29 – How Nursing Informatics is Changing the Healthcare Landscape
Hosted by Cathy Turner (@MEDITECH_Nurses) and Ashley Dauwer (@amariedauwer) from @MEDITECH

7/6 – What’s the Future of Patient Communication?
Hosted by Lea Chatham (@LeaChatham)

7/13 – TBD
Hosted by TBD

7/20 – TBD
Hosted by Jared Jeffery (@Jk_Jeffery)

We look forward to learning from the #HITsm community! As always, let us know if you’d like to host a future #HITsm chat or if you know someone you think we should invite to host.

If you’re searching for the latest #HITsm chat, you can always find the latest #HITsm chat and schedule of chats here.

Stanford Survey Generates Predictable Result: Doctors Want EHR Changes

Posted on June 11, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I know you’re going to have trouble believing this, but many PCPs think EHRs need substantial changes.

Such is the unsurprising conclusion drawn by a survey conducted by The Harris Poll on behalf of Stanford Medicine. The poll, which took place between March 2 and March 27 of this year, surveyed 521 PCPs licensed to practice in the U.S. who have been using their current EHR system for at least one month.

The physicians were recruited via snail mail from the American Medical Association Masterfile. Figures for years in practice by gender, region and primary medical specialty were weighted where necessary to bring them into line with their actual proportions in the population of PCPs in the U.S.

According to the survey, about two-thirds of PCPs think EHRs have generally improved care (63%). Two-thirds said they were at least somewhat satisfied with their current systems, though only 18% were very satisfied.

Meanwhile, a total of 34% were somewhat or very dissatisfied with their system, and 40% of PCPs said that EHRs create more challenges than benefits. Also, 49% of office-based PCPs reported that using an EHR detracts from their clinical effectiveness.  Forty-four percent of PCPs said that primary value of EHRs is data storage, while just 8% said that the biggest benefits were clinically-related.

To improve EHRs’ clinical value, it will take a lot of effort, with 51% saying they think EHRs need a complete overhaul.  Seventy-two percent of PCPs said that improving user interfaces could best address their needs in the immediate future.

Meanwhile, 67% of respondents said that solving interoperability problems should be the top priority for EHR development over the next decade, and 43% reported wanting improved predictive analytics capabilities.

Nearly all (99%) of PCPs said that EHR capabilities should include maintaining a high-quality record of patient data over time, followed closely by providing an intuitive user experience. Also, 88% said that providing clinical decision support at the moment of care was important, followed by identifying high-risk patients in their patient panel (86%).

When asked what EHR features they found most satisfying, they cited maintaining a high-quality patient record (73%), offering patients access to medical records (71%), sharing information with providers across the care continuum (65%) and supporting practice/revenue cycle management needs (60%).

However, EHRs still have a long way to go in offering other preferred capabilities, including changing and adapting in response to user feedback, improving patient-provider interaction, coordinating care for patients with complex conditions and engaging patients in prescribed care plans through mobile technologies. Vendors, you have been warned.

Health IT Leaders Fear Insider Security Threats More Than Cyberattacks

Posted on June 8, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A recently-published survey suggests that while most health IT security leaders feel confident they can handle external attacks, they worry about insider threats.

Cybersecurity vendor Imperva spoke with 102 health IT professionals at the recent HIMSS show to find out what their most pressing security concerns were and how prepared they were to address them.

The survey found that 73% of organizations had a senior information security leader such as a CISO in place. Another 14% were hoping to hire one within the next 12 months. Only 14% said they didn’t have a senior infosec pro in place and weren’t looking to hire.

Given how many organizations have or plan to have a security professional in place, it’s not surprising to read that 93% of respondents were either “very concerned” or “concerned” about a cyberattack affecting their organization. The type of cyberattacks that concerned them most included ransomware (32%), insider threats (25%), comprised applications (19%) and DDoS attacks (13%). (Eleven percent of responses fell into the “other” category.)

Despite their concerns, however, the tech pros felt they were prepared for most of these threats, with 52% that they were “very confident” or had “above average” confidence they could handle any attack, along with 32% stating that their defenses were “adequate.”  Just 9% said that their cybersecurity approach needed work, followed by 6% reporting that their defenses needed to be rebuilt.

Thirty-eight percent of the health IT pros said they’d been hit with a cyberattack during the past year, with another 4% reporting having been attacked more than a year ago.

Given the prevalence of cyberthreats, three-quarters of respondents said they had a cybersecurity incident response plan in place, with another 12% saying they planned to develop one during the next 12 months. Only 14% didn’t have a plan nor was creating one on their radar.

When it came to external threats, on the other hand, respondents seemed to be warier and less prepared. They were most worried about careless users (51%), compromised users (25%) and malicious users (24%).

Their concerns seem to be compounded by a sense that insider threats can be hard to detect. Catching insiders was difficult for a number of reasons, including having a large number of employees, contractors and business partners with access to their network (24%), more company assets on the network or in the cloud than previously (24%), lack of staff to analyze permissions data on employee access (25%) and a lack of tools to monitor insider activities (27%).

The respondents said the most time-consuming tasks involved in investigating/responding to insider threats included collecting information from diverse security tools (32%), followed by tuning security tools (26%), forensics or incident analysis (24%) and managing too many security alerts (17%).

HITExpo ThankTanks Spur Online Discussion on the Nature of EHRs, Innovation & Patient Experience

Posted on June 7, 2018 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He is currently an independent marketing consultant working with leading healthIT companies. Colin is a member of #TheWalkingGallery. His Twitter handle is: @Colin_Hung.

Last week at the inaugural 2018 Health IT Expo (#HITExpo), we kicked things off with three ThinkTank sessions:

  1. Going Beyond EHRs – https://www.youtube.com/watch?v=ULVQA4xEIRU
  2. Practical Innovation – https://www.youtube.com/watch?v=1Uc9_BCKQ84
  3. Communication & Patient Engagement – https://www.youtube.com/watch?v=60MAP04MoOw

These ThinkTanks were live-streamed via YouTube and were meant to engage members of the #HITMC, #HITsm, #hcldr and other online communities who could not be with us in person in New Orleans. Looking back over the tweets I believe it would be safe to say: mission accomplished.

The online discussion around the ThinkTanks was very rich and involved many different perspectives. During ThinkTank 1 Jim Tate had a keen bit of insight to share based on a comment made by panelist Shahid Shah of Netspective Media:

This was quickly followed by another interesting statement from Shah:

An interesting suggestion in ThinkThank 1 came from Dr. Fatima Paruk, Chief Medical Officer, Population Health at Allscripts – that it was never too late to get physicians involved in EHR optimization given that they are one of the main users of EHR systems. This was especially relevant given how much EHR frustration contributes to physician burnout.

Jeremy Coleman, one of the HITExpo’s social media ambassadors did an expert job at distilling a 5min during ThinkTank 1 into a single tweet:

The most interesting comment in ThinkTank 1 was made by Justin Campbell of Galen Healthcare. He suggested that one way to go beyond the EHR was to use the audit log information to identify workflow bottlenecks, training opportunities and UI improvements.

The second ThinkTank generated a spirited discussion amongst the panelists and with the online audience when the topic of blockchain technology was brought up. It started when John Lynn made the following statement:

Jared Jeffery from KLAS Research then immediately followed up his tweet with this humorous counter-point:

I agree with both John and Jared. The last thing we need is over-inflated hype around blockchain in healthcare. The technology itself holds promise but as an enabler of other technologies and processes. Simply slapping blockchain on existing processes is not going to yield the innovation healthcare needs. We need something more. The good news is that some pioneering organizations and HealthIT companies are experimenting with blockchain which will hopefully lead to incremental improvements.

Experimentation and the willingness to do something was on the mind of Jerry Cade – one of the panelist in ThinkTank 2. He had a poignant warning for all of us in healthcare:

In my opinion the most practical piece of advice of the day was shared by Shahid Shah during ThinkTank 2. It’s certainly something I’m going to pay more attention to in the future:

Your truly had the opportunity to moderate ThinkTank 3 and it was a blast. We had an amazing set of panelists that included nurses, HealthIT insiders, industry experts and the voice of the patient. It resulted in a robust discussion on the nature of patient experience.

Grace Jaime of Oneview Healthcare shared a keen insight which triggered a round of discussion on the need to clearly measure patient experience and communication effectiveness – If you can’t measure something, you can’t improve:

Grace Cordovano, professional patient advocate, then had this to add:

During ThinkTank 3 Sarah Bennight of Stericycle Communication Solutions made an interesting observation about patient advocacy and how it could be modeled after a legal precedent:

If you didn’t have the chance to catch the ThinkTanks live, I’d encourage you to watch the recordings (links above). The sessions were filled with valuable insights and practical advice that you can use right away. It was a lot of fun to participate in these ThinkTanks and I am definitely looking forward to doing more in the future.

In closing I think this tweet summed up the overall sentiment (from friend Ashley Dauwer at MEDITECH):