Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Battling the Barriers in EP/Cath Labs

Posted on December 5, 2018 I Written By

The following is a guest blog post by Tom Downes, CEO of Quail Digital.

Clear and unambiguous communication between team members is an essential component of any surgical environment. It’s particularly important – and indeed particularly challenging – in cath labs and electrophysiology (EP) labs where physicians and clinical staff in interventional cardiovascular and other minimally-invasive therapeutics are typically spread across multiple rooms and physically separated by lead-lined doors.

But as patient demand continues to rapidly grow, the inherent complexities of the surgical environment are presenting significant communication challenges between the surgeons, clinicians and nurses. These restrictions are creating great stressors for the whole operating team as they strive to continue to deliver a proficient patient service.

Creating Clear Communication

Stress amongst hospital staff is not just a recognised problem, it’s an escalating one. A study evaluating burnout among surgeons has found that 80% of surgeons agree burnout and stress are issues they should be monitored for. In light of this, it’s clear that maintaining the well-being of healthcare professionals is a challenge, and one that needs to be addressed quickly.

Previous studies have revealed that a number of potential stressors can compromise performance in the OR, including team interaction and extreme noise. It is therefore clear that problems with communication is one of the main barriers that needs to be broken down in order to achieve a tranquil, organized environment that will alleviate pressure in the operating room. The chatter of workmates, the hum of the air conditioning and the relentless drone of essential technology, combines to create a high-stress clinical environment where the multidisciplinary teams’ need for serenity is commonly confounded by practical necessities they cannot change.

Implementing clear and immediate communication will be a positive step towards reducing the complexities of the clinical space. Failure to do this risks squandering the undoubted benefits of surgical innovation; the patient implications of an avoidable clinical error due to miscommunication could, in the worst extremes, be catastrophic. Fortunately, communication technology has evolved to present a simple, affordable solution.

Adopting a Wireless Approach

Traditionally, facilities have adopted primitive measures to deliver communication between the OR and the monitoring suite, including basic hand gestures and microphones in each room. But this approach comes with challenges, for example, the likelihood of mishearing and misreading a fellow surgeon, or instruction, is naturally increased which could then delay the procedure and cause frustration. Another thing to consider is that all the medical team will be equipped with masks, making it difficult to hear and see dated visual and auditory clues.

By adopting wireless headset technology, physicians can transform the OR, EP and cath lab experience, as well as the working environment for the whole team involved in the procedure. The technology, which operates on high quality digital frequencies and is encrypted to avoid interference from other devices or emissions in the OR, enables multidisciplinary teams to collaborate and communicate – hands-free – in the interventional OR or hybrid suite, at monitoring stations, through adjacent control rooms and ancillary areas. A lack of clarity can create stress and blame amongst the operating team, but with the ability to hear instructions clearly in every clinical environment this ambiguity can be avoided. Additionally, the pressures placed upon surgeons will be drastically reduced as they have the confidence of knowing that every member of staff is able to perform their role in a more assured manner.

And as it has been suggested that high-quality teamwork among operating room professionals is key to efficient and safe practice, implementing a system that initiates better communication between staff will be extremely beneficial to the clinical environment. Creating a more attentive, focused team will also be vital to reducing significant stress-levels and enabling greater levels of workflow. Associate Professor and Director of the Robotic and Minimally Invasive Cardiac Surgery program at the University of Chicago Medicine, Dr Husam H Balkhy, has first hand experience of using wireless headsets in a surgical setting, he comments, “My ability to communicate quickly and effectively with other members of the robotic team including the table-side first assistant, the anaesthesiologist, the perfusionist and nursing staff, has led to increased efficacy and patient safety in these complex procedure.”

Balkhy isn’t the only one to have benefitted from these tools, Dr Ziv Tsafrir, a Fellow in Minimally Invasive Gynecology at Henry Ford, adds: “Using wireless headsets during robotic procedures certainly contributed to better patient outcomes by creating a calmer environment for clinicians and staff.”

The Next Steps

As patient demand grows, and the global use of EP and robotics surgery increases, wireless headset technology will be an essential companion to ensure optimal, efficacious and cost-effective communications. Combine this communication tool with the below practices and clinicians will be able to further enhance the surgical environment to not only create more effective workflows and treatment, but to increase positive patient outcomes.

  • Ensuring the surgical team have a focused team discussion prior to surgery to assign roles, establish expectations and anticipate outcomes, will enable each member of the team to be prepared for any scenario that may play out. This will be beneficial to the patient’s experience and will reduce the level of stress to a minimum.
  • Whilst a briefing before the operation is an extremely important part of the medical process, a debriefing post-op is just as vital. This discussion gives the whole team the opportunity to explore the problems that occurred during the procedure and how these can be overcome before the next operation.
  • Good communication is also vital outside the cath / EP lab and amongst the rest of the hospital staff. Lack of clarity about responsibility for care and decision-making is a major contributor to medical errors and could have an extremely negative impact on the operating room.
  • In a medical setting, the person who is supposed to act on information isn’t always clearly identified. Therefore, team members should communicate clearly, both at the beginning and throughout the operation, who this person is.

By working together and communicating clearly to one another before, during and after the procedure,  the stress levels of the entire surgical team and the patient can be significantly reduced.

About Tom Downes
Tom Downes founded Quail Digital in 1995 to design headset systems for ‘team’ communication. The philosophy being that the easier and more freely a team can speak with each other in the workplace, the better their outcomes, wellbeing and productivity. Quail Digital designs and manufactures systems for the healthcare, retail and hospitality sectors, and has offices in Dallas, TX and London UK. Quail Digital is the leading provider of communications systems in the OR, and a sponsor of Healthcare Scene.

Combatting Communication Problems in Community Healthcare Clinics

Posted on November 7, 2018 I Written By

The following is a guest blog post by Tom Downes, CEO of Quail Digital.

The notion of a community healthcare clinic is constantly evolving from the traditional model of a local clinic staffed by general practitioners and nurses, serving mainly rural populations. There is now a renewed interest in these organisations and their potential to deliver a more integrated care service within the community. However, in order to successfully make this transition, there is a need to better equip these clinics with the tools to ensure they’re able to cope with the extra demand and the ever-evolving medical treatments that are being practised.

With an estimated 33 million people visiting community healthcare clinics each year, these organisations are an essential part of the healthcare system. Whilst they are investing vital time into evolving their structure and delivering a focused range of medical services, without the right technology in place staff productivity will suffer, hindering their ability to make the most out of not only the current resources available, but any new, innovative resources they decide to invest in.

A collaborative approach

To foster a more productive, collaborative environment, communication should be implemented across the entire team. From diagnostics to preventive treatment, clinical procedure and rehabilitation, delivering a diverse set of services can create a stressful environment, if the team, from receptionist to clinicians, are wasting valuable time trying, without success, to communicate. But as services expand, enabling staff to speak easily with one another to seek answers to questions, locate the right individual and better manage the flow of patients through the appointments process, has become even more important.

Community healthcare clinics traditionally rely on telephones to communicate internally, but these can often go unanswered. Additionally, this device commonly only works when just two people want to communicate with each other, restricting the ability to send messages, updates and instructions to the whole team. Naturally, therefore, the likelihood of missing key information or mishearing a fellow colleague is increased, creating unnecessary stress and delays.

And this dated communication tool will not be able to facilitate the growing numbers of staff working in these clinics. As nearly 62 percent of all community healthcare clinics are in an urban setting they are providing services for extremely dense populations, therefore they require a greater amount of staff to help accommodate this demand. Team this up with the intense competition these urban clinics have with multiple clinics and medical centres serving the same geographic, and the need for a better communication tool that will help them provide a positive experience is even more important.

Clear Communication

Providing clear, discrete communication to all members at reception and in the clinics will have an extremely positive impact on the running of the community healthcare clinic. Lightweight headset technology will help the team working in these clinics to reduce unwanted hold-ups, improve workflow and offer a much improved experience for each of those patients who walk through the door. And with the ability to coordinate easily with one another, the team can become more productive and efficient to ensure they’re prepared for the demands felt by this expanding healthcare system.

Critically, in this most challenging of jobs, adopting a headset system that operates on a single channel will ensure all members of staff are in permanent communication. This way, doctors, nurses or receptionists are able to approach their colleagues who are working in another part of the clinic with any urgent query or question they may have. This immediate and non-obtrusive communication method is particularly important during times of expansion and innovation, as every team member will be learning and adopting new methods and structures.

Conclusion

Community healthcare clinics are evolving and there is now a growing need to implement digital solutions to provide staff with the ability to hear everything clearly, at all times. There are also other daily practices that can help facilitate a more tranquil environment. Along with headset technology, eliminating unnecessary, frantic noise across the clinic will drastically reduce the distractions all doctors, nurses and receptionists have to face. Not only will this have a positive impact on stress-levels, but it will also make it a lot easier to communicate effectively amongst the team. Daily team meetings are also vital for every member of staff in a community healthcare clinic. With a better understanding of everyone’s workload for that day the team will have greater visibility of who is available to assist with other tasks and enquiries.

By implementing communication tools and ensuring greater visibility across the team clinical operational efficiencies will be increased while staff stress levels will be reduced and their wellbeing improved.

About Tom Downes
Tom Downes founded Quail Digital in 1995 to design headset systems for ‘team’ communication. The philosophy being that the easier and more freely a team can speak with each other in the workplace, the better their outcomes, wellbeing and productivity. Quail Digital designs and manufactures systems for the healthcare, retail and hospitality sectors, and has offices in Dallas, TX and London UK. Quail Digital is the leading provider of communications systems in the OR, and a sponsor of Healthcare Scene.

Being Honest About Your Reasons For Cybersecurity Decisions

Posted on August 16, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

This week, a team of McAfee researchers released a paper outlining a terrifying exploit. The paper describes, in great technical detail, how a malicious attacker could flip a cardiac rhythm display from 80 beats per minute to zero within less than five seconds.

This might not lead to severe harm or death, but it’s possible that other very negative outcomes could occur, notes Shaun Nordeck, MD, who’s quoted in the report. “Fictitious cardiac rhythms, even intermittent, could lead to extended hospitalization, additional testing, and side effects from medications prescribed to control heart rhythm and/or prevent clots,” he notes.

The paper does point out that if the bedside monitor is working normally, nurses have access to other accurate data, which could diminish the impact of such disruptions to some extent. However, the potential for adverse events is clearly higher than normal if someone scrambles a patient’s vitals.

Unfortunately, this is far from the only attack which wasn’t possible before connected devices became the norm. At various points, we’ve seen that pacemakers, insulin pumps and even MRIs can be hacked externally, particularly if their operating systems aren’t patched as required or haven’t put even basic security protections in place. (Think using “password” as a password.)

But while these vulnerabilities are largely known at this point, some healthcare organizations haven’t begun to tackle them. Solving these problems takes work, and costs money, The best-intentioned CIO might not get the budget to fix these problems if their CEO doesn’t see them as urgent.

Or let’s say the budget is available to begin the counterattack. Even if everyone agrees to tackle connected device vulnerabilities, where do we begin the counterattack? Which of these new connected health vulnerabilities are the most critical?  On the one hand, hacking individual pacemakers doesn’t seem profitable enough to attract many cybercriminals. On the other, if I were a crook I might see the threat of meddling with a hospitals’ worth of patient monitors to be a great source of ransom money.

And this brings us to some tough ethical questions. Should we evaluate these threats by how many patients would be affected, or how many of the sickest patients?  How do we calculate the clinical impact of vital signs hacking vs. generating inaccurate MRI results? To what extent should the administrative impact of these attacks be a factor in deciding how to defeat these challenges, if at all?

I know you’re going to tell me that this isn’t an all or nothing proposition, and that to some extent standard network intrusion detection techniques and tools will work. I’m not disputing this. However, I think we need to admit out loud that these kinds of attacks threaten individual lives in a way that traditional cyberattacks do not. For that reason, we need to get honest about who we need to protect — and why.

MD Anderson Fined $4.3 Million For HIPAA Violations

Posted on June 21, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

An administrative law judge has ruled that MD Anderson Cancer Center must pay $4.3 million to the HHS Office of Civil Rights due to multiple HIPAA violations. This is the fourth largest penalty ever awarded to OCR.

OCR kicked off an investigation of MD Anderson in the wake of three separate data breach reports in 2012 and 2013. One of the breaches sprung from the theft of an unencrypted laptop from the home of an MD Anderson employee. The other two involved the loss of unencrypted USB thumb drives which held protected health information on over 33,500 patients.

Maybe — just maybe — MD Anderson could’ve gotten away with this or paid a much smaller fine. But given the circumstances, it was not going to get away that easily.

OCR found that while the organization had written encryption policies going back to 2006, it wasn’t following them that closely. What’s more, MD Anderson’s own risk analyses had found that a lack of device-level encryption could threaten the security of ePHI.

Adding insult to injury, MD Anderson didn’t begin to adopt enterprise-wide security technology until 2011. Also, it didn’t take action to encrypt data on its devices containing ePHI during the period between March 2011 and January 2013.

In defending itself, the organization argued that it was not obligated to encrypt data on its devices. It also claimed that the ePHI which was breached was for research, which meant that it was not subject to HIPAA penalties. In addition, its attorneys argued that the penalties accrued to OCR were unreasonable.

The administrative law judge wasn’t buying it. In fact, the judge took an axe to its arguments, saying that MD Anderson’s “dilatory conduct is shocking given the high risk to its patients resulting from the unauthorized disclosure of ePHI,” noting that its leaders “not only recognized, but [also] restated many times.” That’s strong language, the like of which I’ve never seen in HIPAA cases before.

You won’t be surprised to learn that the administrative law judge agreed to OCR’s sanctions, which included penalties for each day of MD Anderson’s lack of HIPAA compliance and for each record of individuals breached.

All I can say is wow. Could the Cancer Center’s leaders possibly have more chutzpah? It’s bad enough to have patient data breached three times. Defending yourself by essentially saying it was no big deal is even worse. If I were the judge I would’ve thrown the book at them too.

Privacy Fears May Be Holding Back Digital Therapeutics Adoption

Posted on May 3, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Consumers were already afraid that their providers might not be able to protect the privacy of their health data. Given the daily news coverage of large data breaches and since the Facebook data scandal blew up, consumers may be even less likely try out new digital health approaches.

For example, a new study by innovation consultancy Enspektos has concluded that patients may be afraid to adopt digital therapeutics options. Many fear that the data might be compromised or the technology may subject them to unwanted personal surveillance.

Without a doubt, digital therapeutics could have a great future. Possibilities include technologies such as prescription drugs with embedded sensors tracking medication compliance, as well as mobile apps that could potentially replace drugs. However, consumers’ appetite for such innovations may be diminishing as consumer fears over data privacy grow.

The research, which was done in collaboration with Savvy Cooperative, found that one-third of respondents fear that such devices will be used to track their behavior in invasive ways or that the data might be sold to a third party without the permission. As the research authors note, it’s hard to argue that the Facebook affair has ratcheted up these concerns.

Other research by Enspektos includes some related points:

  • Machine-aided diagnosis is growing as AI, wearables and data analytics are combined to predict and treat diseases
  • The deployment of end-to-end digital services is increasing as healthcare organizations work to create comprehensive platforms that embrace a wide range of conditions

It’s worth noting that It’s not just consumers who are worried about new forms of hacker intrusions. Industry CIOs have been fretting as it’s become more common for cybercriminals to attack healthcare organizations specifically. In fact, just last month Symantec identified a group known as Orangeworm that is breaking into x-ray, MRI and other medical equipment.

If groups like Orangeworm have begun to attack medical devices — something cybersecurity experts have predicted for years — we’re looking at a new phase in the battle to protect hospital devices and data. If one cybercriminal decides to focus on healthcare specifically, it’s likely that others will as well.

It’s bad enough that people are worried about the downsides of digital therapeutics. If they really knew how insecure their overall medical data could be going forward, they might be afraid to even sign in to their portal again.

A Whole New Way of Being Old: Book Review of The New Mobile Age

Posted on March 15, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The recently released overview of health care for the aging by Dr. Joseph Kvedar and his collaborators, The New Mobile Age: How Technology Will Extend the Healthspan and Optimize the Lifespan, is aimed at a wide audience of people who can potentially benefit: health care professionals and those who manage their clinics and hospitals, technologists interested in succeeding in this field, and policy makers. Your reaction to this book may depend on how well you have asserted the impact of your prefrontal cortex over your amygdala before reading the text–if your mood is calm you can see numerous possibilities and bright spots, whereas if you’re agitated you will latch onto the hefty barriers in the way.

Kvedar highlights, as foremost among the culture changes needed to handle aging well, is a view of aging as a positive and productive stage of life. Second to that comes design challenges: technologists must make devices and computer interfaces that handle affect, adapt smoothly to different individuals and their attitudes, and ultimately know both when to intervene and how to present healthy options. As an example, Chapter 8 presents two types of robots, one of which was accepted more by patients when it was “serious” and the other when it was “playful.” The nuances of interface design are bewildering.

The logical argument in The New Mobile Age proceeds somewhat like this:

  1. Wholesome and satisfying aging is possible, but particularly where chronic conditions are involved, it involves maintaining a healthful and balanced lifestyle, not just fixing disease.

  2. Support for health, particularly in old age, thus involves public health and socio-economic issues such as food, exercise, and especially social contacts.

  3. Each person requires tailored interventions, because his or her needs and desires are unique.

  4. Connected technology can help, but must adapt to the conditions and needs of the individual.

The challenges of health care technology emerged in my mind, during the reading of this book, as a whole new stage of design. Suppose we broadly and crudely characterize the first 35 years of computer design as number-crunching, and the next 35 years–after the spread of the personal computer–as one of augmenting human intellect (a phrase popularized by pioneer Douglas Engelbart).

We have recently entered a new era where computers use artificial intelligence for decision-making and predictions, going beyond what humans can anticipate or understand. (For instance, when I pulled up The New Mobile Age on Amazon.com, why did it suggest I check out a book about business and technology that I have already read, Machine, Platform, Crowd? There is probably no human at Amazon.com or elsewhere who could explain the algorithm that made the connection.)

So I am suggesting that an equally momentous shift will be required to fulfill Kvedar’s mandate. In addition to the previous tasks of number-crunching, augmenting human intellect, and predictive analytics, computers will need to integrate with human life in incredibly supple, subtle ways.

The task reminds me of self-driving cars, which business and tech observers assure us will replace human drivers in a foreseeable time span. As I write this paragraph, snow from a nor’easter is furiously swirling through the air. It is hard to imagine that any intelligence, whether human, AI, or alien, can safely navigate a car in that mess. Self-driving cars won’t catch on until computers can instantly handle real-world conditions perfectly–and that applies to technology for the aging too.

This challenge applies to physical services as well as emotional ones. For instance, Kvedar suggests in Chapter 8 that a robot could lift a person from a bed to a wheelchair. That’s obviously riskier and more nuanced than carting goods around a warehouse. And that robot is supposed to provide encouragement, bolster the spirits of the patient, and guide the patient toward healthful behavior as well.

Although I have no illusions about the difficulty of the tasks set before computers in health care, I believe the technologies offer enormous potential and cheer on the examples provided by Kvedar in his book. It’s important to note that the authors, while delineating the different aspects of conveying care to the aging, always start with a problem and a context, taking the interests of the individual into account, and then move to the technical parts of the solution.

Therefore, Kvedar brings us face to face with issues we cannot shut our eyes to, such as the widening gap between the increasing number of elderly people in the world and the decreasing number of young people who can care for them or pay for such care. A number of other themes appear that will be familiar to people following the health care field: the dominance of lifestyle-related chronic conditions among our diseases, the clunkiness and unfriendliness of most health-related systems (most notoriously the electronic health record systems used by doctors), the importance of understanding the impact of behavior and phenotypical data on health, but also the promise of genetic sequencing, and the importance of respecting the dignity and privacy of the people whose behavior we want to change.

And that last point applies to many aspects of accommodating diverse populations. Although this book is about the elderly, it’s not only they who are easily infantilized, dismissed, ignored, or treated inappropriately in the health care system: the same goes for the mentally ill, the disabled, LGBTQ people, youth, and many other types of patients.

The New Mobile Age highlights exemplary efforts by companies and agencies to use technology to meet the human needs of the aging. Kvedar’s own funder, Partners Healthcare, can afford to push innovation in this area because it is the dominant health care provider in the Boston area (where I live) and is flush with cash. When will every institution do these same things? The New Mobile Age helps to explain what we need in order to get to that point.

Nokia May Exit Digital Health Business

Posted on March 2, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The digital health market has become phenomenally competitive over the last few years, with giants like Google and Apple duking it out with smaller, fast-moving startups over the choicest opportunities in the sector.

Even with a behemoth like Google, you expect to see some stumbles, and the Internet giant has taken a few. But seldom have we seen a billion-dollar company walk away from the digital health market, which arguably stands to grow far more. Still, according to a recent news report, that’s just what Nokia may be doing.

A story published in The Verge reports that the Finnish telecom giant has launched a strategic review of its health division. While Nokia apparently isn’t spilling the beans on its plans, the news site got a look at an internal company memo which suggests that its digital health business is indeed in trouble.

In the memo, The Verge says, Nokia chief strategy officer Kathrin Buvac wrote that “our digital health business has struggled to scale and meet its growth expectations… [And] currently, we don’t see a path for [the digital health business] to become a meaningful part of a company as large as Nokia.”

While it’s hard to tell much from a press release, it notes that Nokia’s digital health division makes and sells an ecosystem of hybrid smart watches, scales and digital health devices to consumers and enterprises. Its digital health history includes the acquisition of Withings, a French startup with a sexy line up of connected health-focused digital health devices.

This may be in part because it just hasn’t been aggressive enough or offered anything unique. In the wake of the Withings acquisition, Nokia doesn’t seem to have done much to build on Withings’ product line. Though much of the success in this market depends on execution, its current roster of products doesn’t sound like anything too exciting or differentiated.

It’s interesting to note that Buvac blames at least part of the failure of its digital health excursion on Nokia’s size. That doesn’t seem to be a problem for industry-leading companies like Apple, which seems to be carving out its digital health footprint one launch at a time and cultivating health leaders along the way. For example, Apple recently partnered with Stanford Medicine launch an app using its smartwatch to collect data on irregular heart rhythms. Arguably, this is the way to win markets and influence people — slow and steady.

In the end, though, Buvac is probably right about is digital health prospects. Nokia’s seeming failure may indeed be attributed to its sprawling portfolio, and probably an inflexible internal culture as well. The moral of the story may be that winning at the digital health game has far more to do with understanding the market than it does with having very deep pockets.

Nearly 6 Million Patient Records Breached In 2017

Posted on February 1, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Just how bad a year was 2017 for health data? According to one study, it was 5.6 million patient records bad.

According to health data security firm Protenus, which partnered with DataBreaches.net to conduct its research, last year saw an average of at least one health data breach per day. The researchers based their analysis on 477 health data breaches reported to the public last year.

While Protenus only had 407 such incidents, those alone affected 5,579,438 patient records. The gross number of exposed records fell dramatically from 2016, which saw 27.3 million records compromised by breaches. However, the large number of records exposed in 2016 stems from the fact that there were a few massive incidents that year.

According to researchers, the largest breach reported in 2017 stemmed from a rogue insider, a hospital employee who inappropriately accessed billing information on 697,800 patients. The rest of the top 10 largest data breaches sprung from insider errors, hacking, and one other incident involving insider wrongdoing.

Insider wrongdoing seems to be a particular problem, accounting for 37% of the total number of breaches last year. These insider incidents affected 30% of compromised patient data, or more than 1.7 million records.

As bad as those stats may be, however, ransomware and malware seem to be even bigger threats. As the study notes, last year a tidal wave of hacking incidents involving malware and ransomware hit healthcare organizations.

Not surprisingly, last year’s wave of attacks seems to be part of a larger trend. According to a Malwarebytes report, ransomware attacks on businesses overall increased 90 percent last year, led by GlobeImposter and WannaCry incidents.

That being said, healthcare appears to be a particularly popular target for cybercriminals. In 2016, healthcare organizations reported 30 incidents of ransomware and malware attacks, and last year, 64 organizations reported attacks of this kind. While the increase in ransomware reports could be due to organizations being more careful about reporting such incidents, researchers warn that the volume of such attacks may be growing.

So what does this suggest about the threat landscape going forward?  In short, it doesn’t seem likely the situation will improve much over the next 12 months. The report suggests that last year’s trend of one breach per day should continue this year. Moreover, we may see a growth in the number of incidents reported to HHS, though again, this could be because the industry is getting better at breach detection.

If nothing else, one might hope that healthcare organizations get better at detecting attacks quickly. Researchers noted that of the 144 healthcare data breaches for which they have data, it took an average of 308 days for the organization to find out about the breach. Surely we can do better than this.

Hospitals Still Lagging On Mobile

Posted on January 18, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

One would think that these days, when the desktop computer is an extension of mobile devices rather than the other way around, hospitals would have well-defined, mature plans in place for managing mobile technology. But according to one survey, that’s definitely not the case.

In a study sponsored by Spok, which provides clinical communication services, many healthcare providers are still in the early years of developing a mobile strategy.

The study, which drew on contacts with more than 300 healthcare professionals in the US, found that 21% had had a mobile strategy in place for less than one year, 40% for one to three years,14% for 3 to 5 years and 25% for more than five years. In other words, while one-quarter of organizations had settled in and developed a mobile approach, an almost equal amount were just getting their feet wet.

Not only that, many of those who do have a mobile strategy in place may be shooting from the hip. While 65% of those surveyed had a documented mobility strategy in place, 35% didn’t.

That being said, it seems that organizations that have engaged with mobile are working hard to tweak their strategy regularly. According to Spok, their reasons for updating the strategy include:

* Shifting mobile needs of end-users (44%)
* The availability of new mobile devices (35%)
* New capabilities from the EHR vendor (26%)
* Changes in goals of mobile strategy (23%)
* Challenges in implementing the strategy (21%)
* Changes in hospital leadership (16%)

(Seven percent said their mobile strategy had not changed since inception, and 23% weren’t sure what changes had been made.)

Nonetheless, other data suggest there has been little progress in integrating mobile strategy with broader hospital goals.

For example, while 53% wanted to improve physician-to-physician communications, only 19% had integrated mobile strategy with this goal. Fifty-three percent saw nurse-to-physician communications as a key goal, but only 18% had integrated this goal with their mobile plans. The gaps between other top strategies and integration with mobile plans were similar across the strategic spectrum.

Ultimately, it’s likely that it will take a team approach to bring these objectives together, but that’s not happening in the near future. According to respondents, the IT department will implement mobile in 82% of institutions surveyed, 60% clinical leadership, 37% doctors, 34% telecom department, 27% nurses and 22% outside help from consultants and vendors. (Another 16% didn’t plan to have a dedicated team in place.)

The whole picture suggests that while the hospital industry is gradually moving towards integrating mobile into its long-term thinking, it has a ways to go. Given the potential benefits of smart mobile use, let’s hope providers catch up quickly.

Key Articles in Health IT from 2017 (Part 2 of 2)

Posted on January 4, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The first part of this article set a general context for health IT in 2017 and started through the year with a review of interesting articles and studies. We’ll finish the review here.

A thoughtful article suggests a positive approach toward health care quality. The author stresses the value of organic change, although using data for accountability has value too.

An article extolling digital payments actually said more about the out-of-control complexity of the US reimbursement system. It may or not be coincidental that her article appeared one day after the CommonWell Health Alliance announced an API whose main purpose seems to be to facilitate payment and other data exchanges related to law and regulation.

A survey by KLAS asked health care providers what they want in connected apps. Most apps currently just display data from a health record.

A controlled study revived the concept of Health Information Exchanges as stand-alone institutions, examining the effects of emergency departments using one HIE in New York State.

In contrast to many leaders in the new Administration, Dr. Donald Rucker received positive comments upon acceding to the position of National Coordinator. More alarm was raised about the appointment of Scott Gottlieb as head of the FDA, but a later assessment gave him high marks for his first few months.

Before Dr. Gottlieb got there, the FDA was already loosening up. The 21st Century Cures Act instructed it to keep its hands off many health-related digital technologies. After kneecapping consumer access to genetic testing and then allowing it back into the ring in 2015, the FDA advanced consumer genetics another step this year with approval for 23andMe tests about risks for seven diseases. A close look at another DNA site’s privacy policy, meanwhile, warns that their use of data exploits loopholes in the laws and could end up hurting consumers. Another critique of the Genetic Information Nondiscrimination Act has been written by Dr. Deborah Peel of Patient Privacy Rights.

Little noticed was a bill authorizing the FDA to be more flexible in its regulation of digital apps. Shortly after, the FDA announced its principles for approving digital apps, stressing good software development practices over clinical trials.

No improvement has been seen in the regard clinicians have for electronic records. Subjective reports condemned the notorious number of clicks required. A study showed they spend as much time on computer work as they do seeing patients. Another study found the ratio to be even worse. Shoving the job onto scribes may introduce inaccuracies.

The time spent might actually pay off if the resulting data could generate new treatments, increase personalized care, and lower costs. But the analytics that are critical to these advances have stumbled in health care institutions, in large part because of the perennial barrier of interoperability. But analytics are showing scattered successes, being used to:

Deloitte published a guide to implementing health care analytics. And finally, a clarion signal that analytics in health care has arrived: WIRED covers it.

A government cybersecurity report warns that health technology will likely soon contribute to the stream of breaches in health care.

Dr. Joseph Kvedar identified fruitful areas for applying digital technology to clinical research.

The Government Accountability Office, terror of many US bureaucracies, cam out with a report criticizing the sloppiness of quality measures at the VA.

A report by leaders of the SMART platform listed barriers to interoperability and the use of analytics to change health care.

To improve the lower outcomes seen by marginalized communities, the NIH is recruiting people from those populations to trust the government with their health data. A policy analyst calls on digital health companies to diversify their staff as well. Google’s parent company, Alphabet, is also getting into the act.

Specific technologies

Digital apps are part of most modern health efforts, of course. A few articles focused on the apps themselves. One study found that digital apps can improve depression. Another found that an app can improve ADHD.

Lots of intriguing devices are being developed:

Remote monitoring and telehealth have also been in the news.

Natural language processing and voice interfaces are becoming a critical part of spreading health care:

Facial recognition is another potentially useful technology. It can replace passwords or devices to enable quick access to medical records.

Virtual reality and augmented reality seem to have some limited applications to health care. They are useful foremost in education, but also for pain management, physical therapy, and relaxation.

A number of articles hold out the tantalizing promise that interoperability headaches can be cured through blockchain, the newest hot application of cryptography. But one analysis warned that blockchain will be difficult and expensive to adopt.

3D printing can be used to produce models for training purposes as well as surgical tools and implants customized to the patient.

A number of other interesting companies in digital health can be found in a Fortune article.

We’ll end the year with a news item similar to one that began the article: serious good news about the ability of Accountable Care Organizations (ACOs) to save money. I would also like to mention three major articles of my own:

I hope this review of the year’s articles and studies in health IT has helped you recall key advances or challenges, and perhaps flagged some valuable topics for you to follow. 2018 will continue to be a year of adjustment to new reimbursement realities touched off by the tax bill, so health IT may once again languish somewhat.