Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Nurses and Patient Loads: The Solution Lies in Process Change, Not Maximums

Posted on November 1, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Shortages of clinical staff plague communities around the world. Even my state of Massachusetts, a medical Mecca, has a shocking dearth of professionals in mental health. Health care reformers understand that shortages much be addressed through a careful and deep investigation into the hospital and clinic processes and practices. Streamlining processes through data analytics and the deft application of new technologies for monitoring and recording information will probably help.

Nurses probably experience the crunch of patient loads more than other staff. Unfortunately, some of them try to force a quick fix on their institutions through mandatory maximums. They ignore process, ignore holistic systems thinking, and ignore the potential of technology. Massachusetts is facing just such an ill-planned effort right now in a ballot question that would fix arbitrary patient loads. The public is being asked to regulate an area that can’t possibly understand. (The inscrutable text of this ballot question, number 1 on the ballot, is available about one-quarter of the way down this web page.) But Massachusetts was not the first to face this choice, and will probably not be the last.

In 2003, California passed limits on patient loads that are somewhat of a model for the Massachusetts law, and whose effects are hotly debated. Texas apparently considered a similar law, but I assume it went nowhere because I could find no other reference to it. Massachusetts has a law applying narrowly to emergency rooms, and every state has regulations for nursing homes.

Nurses don’t have it easy; that’s clear. But the solutions must be systemic. Opponents of Massachusetts ballot question 1 point to all kinds of negative effects that the proponents refuse to consider, such as the loss of non-nursing staff who are crucial to helping the nurses get their jobs done. The basic problem is that hospitals and other facilities are not making use of the computing advances, and related process improvements, available in this year 2018.

Health care giant Kaiser Permanente found that clinicians were spending 15 to 40 percent of their doing “hunting and gathering” for supplies before the company optimized its supply chains. The Boston Globe cites numerous management techniques that free up clinicians’ time, some right in Boston. A 2011 NIH report found that nurses spend only 37% of their time taking direct care of patients. Of course, other activities such as administration and documentation are important, but they are begging for process improvement. Partners Health Care has embarked on a large-scale effort to automate repetitive, “soul-crushing” work, and have found that staff are much happier and are spending more time using the skills they were trained to use in handling people issues. Currently, the effort affects HR, finance, and operations. I’m sure nursing would turn up opportunities for improvement when it comes their turn.

We shouldn’t have to spend 35% of nurses’ time on documentation, using systems that are notoriously inefficient and poorly automated. A recent survey showed that most doctors believe that automating common tasks such as documentation could improve clinicians’ efficiency. Nurses use the same systems, so their workloads could probably be reduced through similar improvements in technology.

Some nurses tell me, “Much of our job involves a human touch; it can’t be automated.” The NIH study shows that plenty of tasks that are amenable to computerization, and doing so will give nurses more time to apply their human touch–or as health care workers like to say, “work at the top of their license.”

The proponents of the Massachusetts ballot question count on a knee-jerk distrust of corporations (or at least of large health-care institutions). They have succeeded in winning over many people who call themselves political “progressives,” but a large segment of the Massachusetts public–according to polls, a slightly larger segment–intrinsically sense the ballot question’s flaws, so the polls are running against its passing.

We cannot improve health care and reduce costs if institutions take the status quo for granted. Voting “yes” on question 1 in Massachusetts would accept and perpetuate the assumptions behind our nursing practices. It’s hard to accept that profound systemic problems will take time and data to ameliorate, but the sooner we face that realization, the better we can deal with our clinical staffing problems.

AMA Releases Great Guide To Digital Health Implementation

Posted on October 25, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In the past, I’ve been pretty hard on the AMA when it comes to digital health. Last year I gave the organization a particularly hard time when it rolled out its Physician Innovation Network platform, which is designed to help physicians network directly with health tech firms, as it seemed to be breaking little to no ground.

However, to be fair the AMA has been a relatively quiet but solid presence in health IT for quite some time.  Its health IT efforts include cofounding Health2047, which brings together doctors with established health IT companies to help the companies launch services and products, serving as one of four organizations behind mHealth app standards venture Xcertia and managing a student-run biotechnology incubator in collaboration with Sling Health.

But what it hasn’t done so far, at least to date, has been to offer physicians any hands-on guidance on using emerging health IT. Now, at long last, the AMA has taken the plunge, releasing a guide focused on helping physicians roll out digital health technology in their practice. At least this time around, I have to give the organization a high five.

The new guide takes a lifecycle perspective, helping practices work through the digital health implementation process from preparations to rollout to gathering data on the impact of the new technology. In other words, it lays out the process as a feedback loop rather than a discrete event in time, which is smart. And its approach to explaining each step is concise and clean.

One section identifies six straightforward steps for choosing a digital health technology, including identifying a need, defining success early on in the process, making the case for political and financial buy-in, forming the team, evaluating the vendor and executing the vendor contract.

Along the way, it makes the important but often-neglected point that the search should begin by looking at the practice’s challenges, including inefficiencies, staff pain points or patient health and satisfaction problems. “The focus on need will help you avoid the temptation to experiment with new technologies that ultimately will result in tangible improvements,” the guide notes.

Another offers advice on tackling more immediate implementation issues, including steps like designing workflows, preparing the care team and partnering with the patient. This section of the report differs from many of its peers by offering great advice on building workflow around remote patient monitoring-specific requirements, including handling device management, overseeing patient enrollment and interactions, and assuring that coding and billing for remote patient management activities is correct and properly documented.

The guide also walks practices through the stages of final implementation, including the nature of the rollout itself, evaluating the success of the project and scaling up as appropriate. I was particularly impressed by its section on scaling up, given that most of the advice one sees on this subject is generally aimed at giant enterprises rather than typically smaller medical practices. In other words, it’s not that the section said anything astonishing, but rather that it existed at all.

All told, it’s great to see the AMA flexing some of the knowledge it’s always had, particularly given that the report is available at no cost to anyone. Let’s hope to see more of this in the future.

Execs Say Silicon Valley Has The Jump On Healthcare Innovation

Posted on September 12, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Lately, it’s begun to look as though the leading lights of Silicon Valley might bring the next wave of transformation to healthcare. But can they work big changes in the industry on their own, or are they more likely to succeed by throwing their extremely considerable muscle behind existing healthcare players? That’s one of the many questions at issue as companies like Google, Amazon (Yes, I know they’re in Seattle), and Facebook shoulder their way into the business.

According to a new survey by Reaction Data, many healthcare execs think Amazon, in particular, has the potential to change the game.  When asked which outside entrants were most likely to disrupt the healthcare industry, two-thirds of respondents said the that the online retailing giant topped the list. “Amazon is ahead of the game in many ways compared to the other companies,” a chief nursing officer told Reaction Data.

There’s little doubt that there’s an opening for a company like Amazon to solve some pressing problems. As an industry outsider – unless you count its recent big-ticket acquisition of PillPack, which happened about a minute ago – Amazon may be able to bring fresh eyes to some of healthcare’s biggest problems. For example, what health exec wouldn’t kill to benefit from the e-retailer’s immense logistics capabilities? The mind boggles.

Facebook and Google aren’t making as many healthcare headlines, but they too are moving carefully into the business. For example, consider Google’s partnership with Stanford aimed at creating digital scribes. The digital scribe initiative may not seem like much, but I wouldn’t underestimate what Google can learn from the effort and how effectively it can operationalize this knowledge. It isn’t 2010 anymore, and I think the search giant has come a long way since its Google Health PHR effort collapsed.

Facebook, too, has made some tentative steps toward building a healthcare business, such as its recent agreement to collaborate with the NYU School of Medicine on speeding up MRI scanning using AI. The social networking giant hasn’t shown itself capable of much diversification to date, but I wouldn’t count it out, if for no other reasons than the massive profits to be made. Even for Facebook, we’re talking about serious money here.

If you’re wondering what these companies hope to accomplish, it’s not surprising. There are so many possibilities. One place to start is rethinking the EHR. Maybe I’m a starry-eyed dreamer, but I agree with observers like Dale Sanders, an executive with HealthCatalyst, who argues that Silicon Valley disrupters might be poised to bring something new to the table. “I keep hoping that the Googles, Facebooks and Amazons of the world will quietly build a new generation EMR,” Sanders writes in a recent column.

EMR transformation is just one of many potential targets of opportunity for the Silicon Valley gang, though. There’s obviously a raft of other goals healthcare leaders might like to see realized, The truth is, though, that it matters less what the Silicon Valley giants do than the competitive scramble they kick off within the industry. Even if these behemoths never succeed in leading the charge, they’re likely to spur others to do so.

Is Amazon Ready To Protect Patient Data?

Posted on July 6, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Late last month, a Connecticut woman found out that a third-party Amazon vendor she had done business with had exposed her personal medical data to the world, including her medical conditions, along with her name, birthdate and emergency contact information.

The story suggests that Amazon engaged in a bit of bureaucratic foot shuffling when called on the privacy lapse. According to the woman, an Amazon call center rep told her it would investigate the issue, but a further email told her they would not be able to release the outcome of this investigation. It’s little wonder she wasn’t satisfied.

Ultimately, it appears that she was only able to get immediate action once she contacted the third-party seller, which took the photos containing the information down promptly upon her request.

Though no small matter for the woman involved, the episode means little for the future of Amazon, in and of itself. However, it does suggest that the marriage of Amazon technology and healthcare data may pose unexpected problems.

For those who have been sleeping under a rock, in late June Amazon announced that it had acquired online pharmacy PillPack for what reports say was just under $1 billion. PillPack, which competes with services delivered by giants like CVS, lets users buy their meds in pre-made doses. News stories suggest that Amazon beat out fellow retail giant Walmart in making the buy, which should close the second half of this year.

Without a doubt, this was a banner day in the history of Amazon, which has officially stamped into healthcare in 10-ton boots. The deal could not only mark the beginning of new era for the retailer, but also the healthcare industry, which hasn’t yet seen a tech company take a lead in any consumer-facing healthcare business.

That being said, perhaps a more important question for readers of this publication is how it will manage data generated by PillPack, a store likely to grow exponentially as Amazon integrates the online pharmacy into its ecosystem.

While there are obviously many good things its staggering fulfillment and logistics capabilities can bring to PillPack, Amazon’s otherwise amazing systems weren’t built to protect patient health information.

When it comes to most any other company, I’d imagine these problems could be addressed by layering HIPAA-compliant technologies and policies over its existing infrastructure. However, given the widely distributed nature of its retail network, it’s not just a matter of rethinking some architecture. Sealing off health data could require completely transforming its approach to doing business. Just about every retail transaction could prove a chink in its armor.

Since it wasn’t itself required to meet HIPAA standards in this instance, Amazon won’t get any flack from regulators over the recent PHI exposure. Still, issues like this could undercut the trust it needs to integrate PillPack into its core business successfully.

If nothing else, Amazon had better put a strong PHI protection policy in place on its retail side. Otherwise, it could undermine the business it just spent almost $1 billion to buy.

Alexa Voice Assistant Centerpiece Of Amazon Health Effort

Posted on June 1, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

I don’t know about you, but until recently I had thought of the Amazon Echo is something of a toy. From what I saw, it seemed too cute, too gimmicky and definitely too expensive for my taste. Then I had a chance to try out the Echo my mother kept in her kitchen.

It’s almost embarrassing to say how quickly I was hooked. I didn’t even use many of Alexa’s capabilities. All I had to do was command her to play some music, answer some questions and do a search on the Amazon.com site and I was convinced I needed to have one. Its $99 price suddenly seemed like a bargain.

Of course, being a health IT geek I immediately wondered how the Alexa voice assistant might play a part in applications like telemedicine, but I was spending too much time playing “Name That Song” (I’m an 80s champ) to think things through.

But I had the right instincts. It’s become increasingly clear that Amazon sees Alexa as a key channel for reaching healthcare decision-makers.

According to a story appearing on the CNBC website, Amazon has built a 12-person team within the Alexa voice-assisted division called “health & wellness” whose focus is to make Alexa more useful to healthcare patients and providers. Its first targets include diabetes management, care for mothers and infants and aging, according to people who spoke anonymously with CNBC.

Of course, this effort would involve working through HIPAA rules, but it’s hard to imagine that a company like Amazon couldn’t buy and/or cultivate that expertise.

In the piece, writers Eugene Kim and Christina Farr argue that the mere existence of the health & wellness group is a clear sign that Amazon plans to bring Alexa to healthcare. As long as the Echo can share and upload data in a secure, HIPAA-compliant fashion, the possibilities are almost endless. In addition to sharing data with patients and clinicians, this would make it possible to integrate the data with secure third-party apps.

Of course, a 12-person unit is microscopic in size within a company like Amazon, and from that standpoint, the group might seem like a one-off experiment. On the other hand, its work seems more important when you consider the steps Amazon has already taken in the healthcare space.

The most conspicuous move Amazon has made in healthcare came in early 2018, when it announced a joint initiative with Berkshire Hathaway and J.P. Morgan focused on improving healthcare services. To date, the partnership hasn’t said much about its plans, but it’s hard to argue that something huge could emerge from bringing together players of this size.

In another, less conspicuous move, Alexa took a step towards competing in the diabetes care market. In the summer of 2017, working with Merck, Amazon offered a prize to developers building Alexa “skills” which could help people with diabetes manage all aspects of their care. One might argue that this kind of project could be more important than something big and splashy.

It’s worth noting at this point that even a monster like Google still hasn’t made bold moves in healthcare (though it does have extraordinarily ambitious plans). Amazon may not find it easy to compete. Still, it will certainly do some interesting things, and I’m eager to see them play out. In fact, I’m on the edge of my seat – aren’t you?

Is Health Data Privacy On Its Way Out?

Posted on April 30, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

As healthcare providers gradually improve their HIPAA data security and privacy compliance, one might think that the odds of a breach occurring are getting lower. Maybe that’s true within the provider organizations themselves, but there are forces outside of healthcare which will make it impossible to protect personal data in the future, according to a post on Axoblog.

The piece argues that the notion of data privacy is dying. “To the extent that emails and other communications meant for designated recipients are analyzed, scraped aggregated and stored it is the opinion of this author that the protection of PHI is illusory,” the article says.

As the piece correctly notes, unscrupulous companies and can learn a great deal about consumers by analyzing their Internet search history. And of course, there are social media stalkers like Facebook, which monitors Internet activity even when the subscriber is logged off. (It’s hard to believe that other Internet companies aren’t doing the same thing in a less public manner.)

By using a rich source like Facebook user data and aggregating it with information from other social media networks, outsiders can pull together a personal profile of users. This database could easily expose medical information that should be protected under HIPAA and HITECH.

And it’s not just Facebook data that is of concern. By buying available data from all the social media networks, then matching that data with commercial databases offering details such as address, phone number and location, it’s possible to develop an astonishingly detail portrait of individuals.

So what should providers do in the age of minimum privacy? Be aware of emerging threats, the author suggests:

  • Be aware that social media outlets aren’t subject to the legal requirements providers are when compiling health information.
  • Keep your eye on data aggregators, which are selling data to everyone you can think of, plus others you wouldn’t even have considered, including marketers, advertisers and researchers.
  • The government has only now begun trying to understand how social media networks handle privacy and how well they explain their practices to consumers
  • In the wake of Facebook scandals, social media giants might develop protocols for managing sensitive data, but they may fail at doing this, in which case the government is likely to step in
  • Though Facebook has been asked by regulators how the company manages and shares data, it seems that no one’s asking about the aggregation of data and how it is stored and protected

Now, I’d like to think the article described above is a bit too pessimistic. If nothing else, I’m not sure that the aggregation of other forms of data means that medical privacy will become impossible to defend. Still, the piece makes it clear that we have a long way to go before we can sure PHI is protected by companies like Facebook.

HIMSS Study Shows IT Pay Gaps Persist Between Genders, Races

Posted on March 14, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It would be nice to think that, in a profession focusing on hard, measurable skills, that given the same experience level and skill set, HIT staffers would make more or less the same salaries. However, that doesn’t seem to be the case, according to data from the latest health IT compensation study by HIMSS.

Researchers found that as of previous years, race and gender seem to play a significant role in how much a health IT professional is paid. According to the study, females make 18% less than their male peers, and minorities make 12% less than non-minorities on average across all positions and number of years in a given position.

As the level of responsibility grows, the gap in pay seems to increase as well. The study found that women in executive roles actually face a larger salary gap versus their male counterparts than women at other levels in their organization. Moreover, that gap is growing. Meanwhile, minority females are particularly hard-hit, with the lowest average salaries of the four combinations of gender and racial groups studied, HIMSS reports.

Overall, respondents working in digital health reported being moderately satisfied with the current base salaries, while non-white respondents tended to be less satisfied than respondents who defined themselves as white.

Oddly, despite the substantial pay gap between them and their male peers, females in digital health appeared to be just as satisfied with their pay as their male peers. HIMSS researchers speculate that the reason women are satisfied with lower pay is that they simply don’t know they’re being under compensated. (Given my experience as a professional female, I’d also speculate that some women simply get tired of fighting to close the pay gap and make peace with what they’ve got.)

Having summed all of this up, HIMSS researchers made a few recommendations as to how health organizations can address pay gaps, such as accepting that these gaps exist, educating managers and why gender and racial equality is good for business and adopting strategies that help to reduce such disparities. The researchers also suggest making tools available that can help all health IT professionals understand what they’re worth and negotiate fair pay agreements.

As for me, I’d go a bit further. I’d argue that professionals whose gender and/or minority status have impacted their pay should speak out. It’s all well and good to have provider organizations recognize that their pay structure may not be fair and take action. But ultimately, drawing attention to these gaps both within and outside of the healthcare industry may have the biggest long-term effect.

Small Grounds for Celebration and Many Lurking Risks in HIMSS Survey

Posted on March 12, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

When trying to bypass the breathless enthusiasm of press releases and determine where health IT is really headed, we can benefit from a recent HIMMS survey, released around the time of their main annual conference. They managed to get responses from 224 managers of health care facilities–which range from hospitals and clinics to nursing homes–and 145 high-tech developers that fall into the large categories of “vendors” and “consultants.” What we learn is that vendors are preparing for major advances in health IT, but that clinicians are less ready for them.

On the positive side, both the clinicians and the vendors assign fairly high priority to data analytics and to human factors and design (page 7). In fact, data analytics have come to be much more appreciated by clinicians in the past year (page 9). This may reflect the astonishing successes of deep learning artificial intelligence reported recently in the general press, and herald a willingness to invest in these technologies to improve health care. As for human factors and design, the importance of these disciplines has been repeatedly shown in HxRefactored conferences.

Genomics ranks fairly low for both sides, which I think is reasonable given that there are still relatively few insights we can gain from genetics to change our treatments. Numerous studies have turned up disappointing results: genetic testing doesn’t work very well yet, and tends to lead only to temporary improvements. In fact, both clinicians and vendors show a big drop in interest in precision medicine and genetics (pages 9 and 10). The drop in precision medicine, in particular, may be related to the strong association the term has with Vice President Joe Biden in the previous administration, although NIH seems to still be committed to it. Everybody knows that these research efforts will sprout big payoffs someday–but probably not soon enough for the business models of most companies.

But much more of the HIMSS report is given over to disturbing perception gaps between the clinicians and vendors. For instance, clinicians hold patient safety in higher regard than vendors (page 7). I view this concern cynically. Privacy and safety have often been invoked to hold back data exchange. I cannot believe that vendors in the health care space treat patient safety or privacy carelessly. I think it more likely that clinicians are using it as a shield to hide their refusal to try valuable new technologies.

In turn, vendors are much more interested in data exchange and integration than clinicians (page 7). This may just reflect a different level of appreciation for the effects of technology on outcomes. That is, data exchange and integration may be complex and abstract concepts, so perhaps the vendors are in a better position to understand that it ultimately determines whether a patient gets the treatment her condition demands. But really, how difficult can it be to be to understand data exchange? It seems like the clinicians are undermining the path to better care through coordination.

I have trouble explaining the big drops in interest in care coordination and public health (pages 9 and 10), which is worrisome because these things will probably do more than anything to produce healthier populations. The problem, I think, is probably that there’s no reimbursement for taking on these big, hairy problems. HIMMS explains the drop as a shift of attention to data analytics, which should ultimately help achieve the broader goals (page 11).

HIMSS found that clinicians expect to decrease their investments in health IT over the upcoming year, or at least to keep the amount steady (page 14). I suspect this is because they realize they’ve been soaked by suppliers and vendors. Since Meaningful Use was instituted in 2009, clinicians have poured billions of dollars and countless staff time into new EHRs, reaping mostly revenue-threatening costs and physician burn-out. However, as HIMSS points out, vendors expect clinicians to increase their investments in health IT–and may be sorely disappointed, especially as they enter a robust hiring phase (page 15).

Reading the report, I come away feeling that the future of health care may be bright–but that the glow you see comes from far over the horizon.

Nearly 6 Million Patient Records Breached In 2017

Posted on February 1, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Just how bad a year was 2017 for health data? According to one study, it was 5.6 million patient records bad.

According to health data security firm Protenus, which partnered with DataBreaches.net to conduct its research, last year saw an average of at least one health data breach per day. The researchers based their analysis on 477 health data breaches reported to the public last year.

While Protenus only had 407 such incidents, those alone affected 5,579,438 patient records. The gross number of exposed records fell dramatically from 2016, which saw 27.3 million records compromised by breaches. However, the large number of records exposed in 2016 stems from the fact that there were a few massive incidents that year.

According to researchers, the largest breach reported in 2017 stemmed from a rogue insider, a hospital employee who inappropriately accessed billing information on 697,800 patients. The rest of the top 10 largest data breaches sprung from insider errors, hacking, and one other incident involving insider wrongdoing.

Insider wrongdoing seems to be a particular problem, accounting for 37% of the total number of breaches last year. These insider incidents affected 30% of compromised patient data, or more than 1.7 million records.

As bad as those stats may be, however, ransomware and malware seem to be even bigger threats. As the study notes, last year a tidal wave of hacking incidents involving malware and ransomware hit healthcare organizations.

Not surprisingly, last year’s wave of attacks seems to be part of a larger trend. According to a Malwarebytes report, ransomware attacks on businesses overall increased 90 percent last year, led by GlobeImposter and WannaCry incidents.

That being said, healthcare appears to be a particularly popular target for cybercriminals. In 2016, healthcare organizations reported 30 incidents of ransomware and malware attacks, and last year, 64 organizations reported attacks of this kind. While the increase in ransomware reports could be due to organizations being more careful about reporting such incidents, researchers warn that the volume of such attacks may be growing.

So what does this suggest about the threat landscape going forward?  In short, it doesn’t seem likely the situation will improve much over the next 12 months. The report suggests that last year’s trend of one breach per day should continue this year. Moreover, we may see a growth in the number of incidents reported to HHS, though again, this could be because the industry is getting better at breach detection.

If nothing else, one might hope that healthcare organizations get better at detecting attacks quickly. Researchers noted that of the 144 healthcare data breaches for which they have data, it took an average of 308 days for the organization to find out about the breach. Surely we can do better than this.

Change Healthcare Launch Raises Questions About Blockchain Scalability

Posted on January 12, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Healthcare technology vendor Change Healthcare has introduced a blockchain-based network focused on managing claims. Change says its Intelligent Healthcare Network is the first enterprise-scale blockchain network in healthcare.

According to the vendor, using technology will let organizations track the status of claims submission and remittance across the claims lifecycle accurately. It also contends that by using blocking technology in Intelligent Healthcare Network, companies will have a greater ability to audit trace and trust those involved in transactions.

To build out its blockchain infrastructure, Change Healthcare used Hyperledger Fabric 1.0, an open source blockchain framework hosted by The Linux Foundation.

Within the release, the company predicts that blockchain technology could ultimately offer providers a single viewpoint for accurately tracking the complete patient healthcare encounter, starting, say, when an individual arrives for a preoperative visit to the procedure care received, then later billing and payment.

All of that is well and good, but the following is more noteworthy.

In its statement, Change says its Intelligent Healthcare Network already processes more than 50 million claims and up to 550 transactions per second. It says that the capacity and speed of its network already exceeds the daily national transaction load, and that its network can scale as blockchain technology use grows.

Still, Change tells us that it will be building out its apparently massive network infrastructure “as the solution is further optimized and scaled to address demand.”  This suggests that Change may know something that we don’t about blockchain implementation. It’s not entirely clear, but I think the vendor thinks that its blockchain solution will generate significant network overhead, enough that even with its huge existing capacity, and eventually won’t be able to keep up with blockchain demands as is.

So that brings us to the real issue buried in this release. If Change needs to build out its super-high-capacity network as its blockchain customer base grows, it suggests to me that enterprise blockchain may not scale effectively overall at present.

If there is a scalability issue with Change’s blockchain service, there could be a number of reasons why. For example, it could be related to some idiosyncrasy within the company’s network architecture. Another guess is that Change is already having throughput problems it doesn’t want to discuss, and that blockchain is just adding insult to injury.

Still, one has to wonder whether the problems are inherent to blockchain itself. As far as I know, we don’t yet have much information on how blockchain solutions like Hyperledger perform in an enterprise environment. Perhaps we’ll learn something about this by keeping an eye on Change’s launch.