Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

The State Of Healthcare Cybersecurity (Part 2)

Posted on May 22, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In Part 1 of this series, which drew data from a study by Black Book Market Research, I described how insecure healthcare leaders felt their cybersecurity protections to be. I also noted that a large number of providers are struggling to recruit senior health IT experts, and as a result are basically winging it when it comes to breach protection.

Healthcare organizations’ data security problems run deeper than that, however, the study suggests. Not only are C-level execs finding security investments to be troublesome, IT managers responding to the survey admit that they, too, feel that they are not fully prepared to defend their institution’s data.

To begin with, 74% of surveyed CIOs admitted that they failed to evaluate the total cost of ownership before signing a deal with a cybersecurity solution or service provider, and 89% said they bought their cybersecurity solution to be compliant with security regs, and often, not necessarily to reduce security risks.

And the failure to protect critical information doesn’t stop there.  For example, 57% of IT managers said that they hadn’t taken stock of the full variety of cybersecurity solutions that currently exist, notably mobile security environments, intrusion detection, attack prevention, forensics and testing.

Also, many healthcare institutions seem to react only after they’ve been invaded. According to Black Book, 58% of hospitals didn’t select their current security vendor until after a data security incident, and 32% of healthcare organizations hadn’t scanned for vulnerabilities before an attack.

What’s more, 83% of healthcare organizations haven’t staged a cybersecurity drill which included an incident response process, which arguably leaves them particularly unprepared. Not only that, when an attack comes, some won’t catch it right away, as 29% said they don’t have an adequate solution to instantly detect and respond to cyberattacks.

Meanwhile, 16% of respondents reported being uncomfortable working with vendors that do a hard sell when they find security flaws and vulnerabilities. These insecurities aren’t surprising given that 60% of healthcare enterprises haven’t formally identified specific security objectives and requirements and integrated them into a strategic and tactical plan for breach prevention.

Given how unfocused many security plans are, it’s not surprising that 22% of provider organizations believe their cybersecurity position will worsen between now and the second quarter of 2019. Only 12% of hospitals and 9% of physician organizations reported that they expected to see cybersecurity improvements.

The bottom line here is that if the Black Book research is correct, many healthcare organizations are frighteningly unprepared to protect their data, much less survive a serious attack relatively unscathed. For everyone’s sake, let’s hope that providers wise up to the need for strategic, substantial investments in security technology and staff.

Why You Shouldn’t Take Calculated Risks with Security

Posted on May 9, 2018 I Written By

The following is a guest blog post by Erin Gilmer (@GilmerHealthLaw).

Calculated risks are often lauded in innovation.  However, with increasing security breaches in the tech industry, it is time to reassess the calculated risks companies take in healthcare.

Time and again, I have advised technology companies and medical practices to invest in security and yet I am often met with resistance, a culture of calculated risk prevails.  To these companies and practices, this risk may make sense to them in the short term. Resources are often limited and so they often believe that they needn’t spend the time and money in security.  However, the notion that a company or a practice can take this chance is ill advised.

As a recent study conducted by HIMSS (and reviewed by Ann Zieger here) warns, “significant security incidents are projected to continue to grow in number, complexity and impact.” Thus in taking the calculated risk not to invest in security, companies and practices are creating greater risk for in the long run, one that comes with severe consequences.

As we have seen outside of healthcare, even “simple” breaches of user names and passwords as happened to Under Armour’s MyFitnessPal app, become relatively important use cases as examples of the impact a security breach can have. While healthcare companies typically think of this in terms of HIPAA compliance and oversight by the Office for Civil Rights (OCR), the consequences reach far wider.  Beyond the fines or even jail time that the OCR can impose, what these current breaches show us is how easy it is for the public to lose trust in an entity.  For a technology company, this means losing valuation which could signal a death knell for a startup. For a practice, this may mean losing patients.  For any entity, it will likely result in substantial legal fees.

Why take the risk not to invest in security? A company may think they are saving time and money up front and the likelihood of a breach or security incident is low. But in the long run, the risk is too great – no company wants to end up with their name splashed across the headlines, spending more money on legal fees, scrambling to notify those whose information has been breached, and rebuilding lost trust.  The short term gain of saving resources is not worth this risk.

The best thing a company or practice can do to get started is to run a detailed risk assessment. This is already required under HIPAA but is not always made a priority.  As the HIMSS report also discussed, there is no one standard for risk assessment and often the OCR is flexible knowing entities may be different sizes and have different resource. While encryption standards and network security should remain a high priority with constant monitoring, there are a few standard aspects of risk assessment including:

  • Identifying information (in either physical or electronic format) that may be at risk including where it is and whether the entity created, received, and/or is storing it;
  • Categorizing the risk of each type of information in terms of high, medium, or low risk and the impact a breach would have on this information;
  • Identifying who has access to the information;
  • Developing backup systems in case information is lost, unavailable, or stolen; and
  • Assessing incidence response plans.

Additionally, it is important to ensure proper training of all staff members on HIPAA policies and procedures including roles and responsibilities, which should be detailed and kept up to date in the office.

This is merely a start and should not be the end of the security measures companies and practices take to ensure they do not become the next use case. When discussing a recent $3.5 million settlement, OCR Director Roger Severino recently emphasized that, “there is no substitute for an enterprise-wide risk analysis for a covered entity.” Further, he stressed that “Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients’ health information in accordance with the law.”

Though this may seem rudimentary, healthcare companies and medical practices are still not following simple steps to address security and are taking the calculated risk not to – which will likely be at their own peril.

About Erin Gilmer
Erin Gilmer is a health law and policy attorney and patient advocate. She writes about a range of issues on different forums including technology, disability, social justice, law, and social determinants of health. She can be found on twitter @GilmerHealthLaw or on her blog at www.healthasahumanright.wordpress.com.

Privacy Fears May Be Holding Back Digital Therapeutics Adoption

Posted on May 3, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Consumers were already afraid that their providers might not be able to protect the privacy of their health data. Given the daily news coverage of large data breaches and since the Facebook data scandal blew up, consumers may be even less likely try out new digital health approaches.

For example, a new study by innovation consultancy Enspektos has concluded that patients may be afraid to adopt digital therapeutics options. Many fear that the data might be compromised or the technology may subject them to unwanted personal surveillance.

Without a doubt, digital therapeutics could have a great future. Possibilities include technologies such as prescription drugs with embedded sensors tracking medication compliance, as well as mobile apps that could potentially replace drugs. However, consumers’ appetite for such innovations may be diminishing as consumer fears over data privacy grow.

The research, which was done in collaboration with Savvy Cooperative, found that one-third of respondents fear that such devices will be used to track their behavior in invasive ways or that the data might be sold to a third party without the permission. As the research authors note, it’s hard to argue that the Facebook affair has ratcheted up these concerns.

Other research by Enspektos includes some related points:

  • Machine-aided diagnosis is growing as AI, wearables and data analytics are combined to predict and treat diseases
  • The deployment of end-to-end digital services is increasing as healthcare organizations work to create comprehensive platforms that embrace a wide range of conditions

It’s worth noting that It’s not just consumers who are worried about new forms of hacker intrusions. Industry CIOs have been fretting as it’s become more common for cybercriminals to attack healthcare organizations specifically. In fact, just last month Symantec identified a group known as Orangeworm that is breaking into x-ray, MRI and other medical equipment.

If groups like Orangeworm have begun to attack medical devices — something cybersecurity experts have predicted for years — we’re looking at a new phase in the battle to protect hospital devices and data. If one cybercriminal decides to focus on healthcare specifically, it’s likely that others will as well.

It’s bad enough that people are worried about the downsides of digital therapeutics. If they really knew how insecure their overall medical data could be going forward, they might be afraid to even sign in to their portal again.

London Doctors Stage Protest Over Rollout Of App

Posted on April 18, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

We all know that doctors don’t take kindly to being forced to use health IT tools. Apparently, that’s particularly the case in London, where a group of general practitioners recently held a protest to highlight their problems with a telemedicine app rolled out by the National Health Service.

The doctors behind the protest are unhappy with the way the NHS structured its rollout of the smartphone app GP at Hand, which they say has created extra work and confusion among the patients.

The service, which is run by UK-based technology company Babylon Health, launched in November of last year. Using the app, patients can either have a telemedicine visit or schedule an in-person appointment with a GP’s office. Telemedicine services are available 24/7, and patients can be seen in minutes in some cases.

GP at Hand seems to be popular with British consumers. Since its launch, over 26,000 patients have registered for the service, according to the NHS.

However, to participate in the service, patients are automatically de-registered from their existing GP office when they register for GP at Hand. Many patients don’t seem to have known this. According to the doctors at the protest, they’ve been getting calls from angry former patients demanding that they be re-registered with their existing doctor’s office.

The doctors also suggest that the service gets to cherry-pick healthier, more profitable patients, which weighs down their practice. “They don’t want patients with complex mental health problems, drug problems, dementia, a learning disability or other challenging conditions,” said protest organizer Dr. Jackie Applebee. “We think that’s because these patients are expensive.” (Presumably, Babylon is paid out of a separate NHS fund than the GPs.)

Is there lessons here for US-based healthcare providers? Perhaps so.

Of course, the National Health Service model is substantially different from the way care is delivered in this country, so the administrative challenges involved in rolling out a similar service could be much different. But this news does offer some lessons to consider nonetheless.

For one thing, it reminds us that even in a system much different than ours, financing and organizing telemedicine services can be fraught with conflict. Reimbursement would be an even bigger issue than it seems to have been in the UK.

Also, it’s also of note that the NHS and Babylon Health faced a storm of patient complaints about the way the service was set up. It’s entirely possible that any US-based efforts would generate their own string of unintended consequences, the magnitude which would be multiplied by the fact that there’s no national entity coordinating such a rollout.

Of course, individual health systems are figuring out how to offer telemedicine and blend it with access to in-person care. But it’s telling that insurers with a national presence such as CIGNA or Humana aren’t plunging into telemedicine with both feet. At least none of them have seen substantial success in their efforts. Bottom line, offering telehealth is much harder than it looks.

Should Apps with Personal Health Information Be Subject to HIPAA?

Posted on April 10, 2018 I Written By

The following is a guest blog post by Erin Gilmer (@GilmerHealthLaw).

With news of Grindr’s sharing of user’s HIV status and location data, many wonder how such sensitive information could be so easily disclosed and the answer is quite simply a lack of strong privacy and security standards for apps.  The question then becomes whether apps that store personal health information should be subject to HIPAA? Should apps like Grindr have to comply with the Privacy and Security Rules as doctors, insurance companies, and other covered entities already do?

A lot of people already think this information is protected by HIPAA as they do not realize that HIPAA only applies to “covered entities” (health care providers, health plans, and health care clearininghouses) and “business associates” (companies that contract with covered entities).  Grindr is neither of these. Nor are most apps that address health issues – everything from apps with mental health tools to diet and exercise trackers. These apps can store all manner of information ranging simply from a name and birthdate to sensitive information including diagnoses and treatments.

Grindr is particularly striking because under HIPAA, there are extra protections for information including AIDS/HIV status, mental health diagnoses, genetics, and substance abuse history.  Normally, this information is highly protected and rightly so given the potential for discrimination. The privacy laws surrounding this information were hard fought by patients and advocates who often experienced discrimination themselves.

However, there is another reason this is particularly important in Grindr’s case and that’s the issue of public health.  Just a few days before it was revealed that the HIV status of users had been exposed, Grindr announced that it would push notifications through the app to remind users to get tested.  This was lauded as a positive move and added to the culture created on this app of openness. Already users disclose their HIV status, which is a benefit for public health and reducing the spread of the disease. However, if users think that this information will be shared without explicit consent, they may be less likely to disclose their status. Thus, not having privacy and security standards for apps with sensitive personal health information, means these companies can easily share this information and break the users’ trust, at the expense of public health.

Trust is one of the same reasons HIPAA itself exists.  When implemented correctly, the Privacy and Security Rules lend themselves to creating an environment of safety where individuals can disclose information that they may not want others to know.  This then allows for discussion of mental health issues, sexually transmitted diseases, substance use issues, and other difficult topics. The consequences of which both impact the treatment plan for the individual and greater population health.

It would be sensible to apply a framework like HIPAA to apps to ensure the privacy and security of user data, but certainly some would challenge the idea.  Some may make the excuse that is often already used in healthcare, that HIPAA stifles innovation undue burden on their industry and technology in general.  While untrue, this rhetoric holds sway with government entities who may oversee these companies.

To that end, there is a question of who would regulate such a framework? Would it fall to the Office for Civil Rights (OCR) where HIPAA regulation is already overseen? The OCR itself is overburdened, taking months to assess even the smallest of HIPAA complaints.  Would the FDA regulate compliance as they look to regulate more mobile apps that are tied to medical devices?  Would the FCC have a roll?  The question of who would regulate apps would be a fight in itself.

And finally, would this really increase privacy and security? HIPAA has been in effect for over two decades and yet still many covered entities fail to implement proper privacy and security protocols.  This does not necessarily mean there shouldn’t be attempts to address these serious issues, but some might question whether the HIPAA framework would be the best model.  Perhaps a new model, with new standards and consequences for noncompliance should be considered.

Regardless, it is time to start really addressing privacy and security of personal health information in apps. Last year, both Aetna and CVS Caremark violated patient privacy sending mail to patients where their HIV status could be seen through the envelope window. At present it seems these cases are under review with the OCR. But the OCR has been tough on these disclosures. In fact, in May 2017, St. Luke’s Roosevelt Hospital Center Inc. paid the OCR $387,200 in a settlement for a breach of privacy information including the HIV status of a patient. So the question is, if as a society, we recognize the serious nature of such disclosures, should we not look to prevent them in all settings – whether the information comes from a healthcare entity or an app?

With intense scrutiny of privacy and security in the media for all aspects of technology, increased regulation may be around the corner and the framework HIPAA creates may be worth applying to apps that contain personal health information.

About Erin Gilmer
Erin Gilmer is a health law and policy attorney and patient advocate. She writes about a range of issues on different forums including technology, disability, social justice, law, and social determinants of health. She can be found on twitter @GilmerHealthLaw or on her blog at www.healthasahumanright.wordpress.com.

A Whole New Way of Being Old: Book Review of The New Mobile Age

Posted on March 15, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The recently released overview of health care for the aging by Dr. Joseph Kvedar and his collaborators, The New Mobile Age: How Technology Will Extend the Healthspan and Optimize the Lifespan, is aimed at a wide audience of people who can potentially benefit: health care professionals and those who manage their clinics and hospitals, technologists interested in succeeding in this field, and policy makers. Your reaction to this book may depend on how well you have asserted the impact of your prefrontal cortex over your amygdala before reading the text–if your mood is calm you can see numerous possibilities and bright spots, whereas if you’re agitated you will latch onto the hefty barriers in the way.

Kvedar highlights, as foremost among the culture changes needed to handle aging well, is a view of aging as a positive and productive stage of life. Second to that comes design challenges: technologists must make devices and computer interfaces that handle affect, adapt smoothly to different individuals and their attitudes, and ultimately know both when to intervene and how to present healthy options. As an example, Chapter 8 presents two types of robots, one of which was accepted more by patients when it was “serious” and the other when it was “playful.” The nuances of interface design are bewildering.

The logical argument in The New Mobile Age proceeds somewhat like this:

  1. Wholesome and satisfying aging is possible, but particularly where chronic conditions are involved, it involves maintaining a healthful and balanced lifestyle, not just fixing disease.

  2. Support for health, particularly in old age, thus involves public health and socio-economic issues such as food, exercise, and especially social contacts.

  3. Each person requires tailored interventions, because his or her needs and desires are unique.

  4. Connected technology can help, but must adapt to the conditions and needs of the individual.

The challenges of health care technology emerged in my mind, during the reading of this book, as a whole new stage of design. Suppose we broadly and crudely characterize the first 35 years of computer design as number-crunching, and the next 35 years–after the spread of the personal computer–as one of augmenting human intellect (a phrase popularized by pioneer Douglas Engelbart).

We have recently entered a new era where computers use artificial intelligence for decision-making and predictions, going beyond what humans can anticipate or understand. (For instance, when I pulled up The New Mobile Age on Amazon.com, why did it suggest I check out a book about business and technology that I have already read, Machine, Platform, Crowd? There is probably no human at Amazon.com or elsewhere who could explain the algorithm that made the connection.)

So I am suggesting that an equally momentous shift will be required to fulfill Kvedar’s mandate. In addition to the previous tasks of number-crunching, augmenting human intellect, and predictive analytics, computers will need to integrate with human life in incredibly supple, subtle ways.

The task reminds me of self-driving cars, which business and tech observers assure us will replace human drivers in a foreseeable time span. As I write this paragraph, snow from a nor’easter is furiously swirling through the air. It is hard to imagine that any intelligence, whether human, AI, or alien, can safely navigate a car in that mess. Self-driving cars won’t catch on until computers can instantly handle real-world conditions perfectly–and that applies to technology for the aging too.

This challenge applies to physical services as well as emotional ones. For instance, Kvedar suggests in Chapter 8 that a robot could lift a person from a bed to a wheelchair. That’s obviously riskier and more nuanced than carting goods around a warehouse. And that robot is supposed to provide encouragement, bolster the spirits of the patient, and guide the patient toward healthful behavior as well.

Although I have no illusions about the difficulty of the tasks set before computers in health care, I believe the technologies offer enormous potential and cheer on the examples provided by Kvedar in his book. It’s important to note that the authors, while delineating the different aspects of conveying care to the aging, always start with a problem and a context, taking the interests of the individual into account, and then move to the technical parts of the solution.

Therefore, Kvedar brings us face to face with issues we cannot shut our eyes to, such as the widening gap between the increasing number of elderly people in the world and the decreasing number of young people who can care for them or pay for such care. A number of other themes appear that will be familiar to people following the health care field: the dominance of lifestyle-related chronic conditions among our diseases, the clunkiness and unfriendliness of most health-related systems (most notoriously the electronic health record systems used by doctors), the importance of understanding the impact of behavior and phenotypical data on health, but also the promise of genetic sequencing, and the importance of respecting the dignity and privacy of the people whose behavior we want to change.

And that last point applies to many aspects of accommodating diverse populations. Although this book is about the elderly, it’s not only they who are easily infantilized, dismissed, ignored, or treated inappropriately in the health care system: the same goes for the mentally ill, the disabled, LGBTQ people, youth, and many other types of patients.

The New Mobile Age highlights exemplary efforts by companies and agencies to use technology to meet the human needs of the aging. Kvedar’s own funder, Partners Healthcare, can afford to push innovation in this area because it is the dominant health care provider in the Boston area (where I live) and is flush with cash. When will every institution do these same things? The New Mobile Age helps to explain what we need in order to get to that point.

Federal Advisors Say Yes, AI Can Change Healthcare

Posted on January 26, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The use of AI in healthcare has been the subject of scores of articles and endless debate among industry professionals over its benefits. The fragile consensus seems to be that while AI certainly has the potential to accomplish great things, it’s not ready for prime time.

That being said, some well-informed healthcare observers disagree. In an ONC blog post, a collection of thought leaders from the agency, AHRQ and the Robert Wood Johnson Foundation believe that over the long-term, AI could play an important role in the future of healthcare.

The group of institutions asked JASON, an independent group of scientists and academics who advise the federal government on science and technology issues, to look at AI’s potential. JASON’s job was to look at the technical capabilities, limitations and applications for AI in healthcare over the next 10 years.

In its report, JASON concluded that AI has broad potential for sparking significant advances in the industry and that the time may be right for using AI in healthcare settings.

Why is now a good time to play AI in healthcare? JASON offers a list of reasons, including:

  • Frustration with existing medical systems
  • Universal use of network smart devices by the public
  • Acceptance of at-home services provided by companies like Amazon

But there’s more to consider. While the above conditions are necessary, they’re not enough to support an AI revolution in healthcare on their own, the researchers say. “Without access to high-quality, reliable data, the problems that AI will not be realized,” JASON’s report concludes.

The report notes that while we have access to a flood of digital health data which could fuel clinical applications, it will be important to address the quality of that data. There are also questions about how health data can be integrated into new tools. In addition, it will be important to make sure the data is accessible, and that data repositories maintain patient privacy and are protected by strong security measures, the group warns.

Going forward, JASON recommends the following steps to support AI applications:

  • Capturing health data from smartphones
  • Integrating social and environmental factors into the data mix
  • Supporting AI technology development competitions

According to the blog post, ONC and AHRQ plan to work with other agencies within HHS to identify opportunities. For example, the FDA is likely to look at ways to use AI to improve biomedical research, medical care and outcomes, as well as how it could support emerging technologies focused on precision medicine.

And in the future, the possibilities are even more exciting. If JASON is right, the more researchers study AI applications, the more worthwhile options they’ll find.

Hospitals Still Lagging On Mobile

Posted on January 18, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

One would think that these days, when the desktop computer is an extension of mobile devices rather than the other way around, hospitals would have well-defined, mature plans in place for managing mobile technology. But according to one survey, that’s definitely not the case.

In a study sponsored by Spok, which provides clinical communication services, many healthcare providers are still in the early years of developing a mobile strategy.

The study, which drew on contacts with more than 300 healthcare professionals in the US, found that 21% had had a mobile strategy in place for less than one year, 40% for one to three years,14% for 3 to 5 years and 25% for more than five years. In other words, while one-quarter of organizations had settled in and developed a mobile approach, an almost equal amount were just getting their feet wet.

Not only that, many of those who do have a mobile strategy in place may be shooting from the hip. While 65% of those surveyed had a documented mobility strategy in place, 35% didn’t.

That being said, it seems that organizations that have engaged with mobile are working hard to tweak their strategy regularly. According to Spok, their reasons for updating the strategy include:

* Shifting mobile needs of end-users (44%)
* The availability of new mobile devices (35%)
* New capabilities from the EHR vendor (26%)
* Changes in goals of mobile strategy (23%)
* Challenges in implementing the strategy (21%)
* Changes in hospital leadership (16%)

(Seven percent said their mobile strategy had not changed since inception, and 23% weren’t sure what changes had been made.)

Nonetheless, other data suggest there has been little progress in integrating mobile strategy with broader hospital goals.

For example, while 53% wanted to improve physician-to-physician communications, only 19% had integrated mobile strategy with this goal. Fifty-three percent saw nurse-to-physician communications as a key goal, but only 18% had integrated this goal with their mobile plans. The gaps between other top strategies and integration with mobile plans were similar across the strategic spectrum.

Ultimately, it’s likely that it will take a team approach to bring these objectives together, but that’s not happening in the near future. According to respondents, the IT department will implement mobile in 82% of institutions surveyed, 60% clinical leadership, 37% doctors, 34% telecom department, 27% nurses and 22% outside help from consultants and vendors. (Another 16% didn’t plan to have a dedicated team in place.)

The whole picture suggests that while the hospital industry is gradually moving towards integrating mobile into its long-term thinking, it has a ways to go. Given the potential benefits of smart mobile use, let’s hope providers catch up quickly.

Key Articles in Health IT from 2017 (Part 2 of 2)

Posted on January 4, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The first part of this article set a general context for health IT in 2017 and started through the year with a review of interesting articles and studies. We’ll finish the review here.

A thoughtful article suggests a positive approach toward health care quality. The author stresses the value of organic change, although using data for accountability has value too.

An article extolling digital payments actually said more about the out-of-control complexity of the US reimbursement system. It may or not be coincidental that her article appeared one day after the CommonWell Health Alliance announced an API whose main purpose seems to be to facilitate payment and other data exchanges related to law and regulation.

A survey by KLAS asked health care providers what they want in connected apps. Most apps currently just display data from a health record.

A controlled study revived the concept of Health Information Exchanges as stand-alone institutions, examining the effects of emergency departments using one HIE in New York State.

In contrast to many leaders in the new Administration, Dr. Donald Rucker received positive comments upon acceding to the position of National Coordinator. More alarm was raised about the appointment of Scott Gottlieb as head of the FDA, but a later assessment gave him high marks for his first few months.

Before Dr. Gottlieb got there, the FDA was already loosening up. The 21st Century Cures Act instructed it to keep its hands off many health-related digital technologies. After kneecapping consumer access to genetic testing and then allowing it back into the ring in 2015, the FDA advanced consumer genetics another step this year with approval for 23andMe tests about risks for seven diseases. A close look at another DNA site’s privacy policy, meanwhile, warns that their use of data exploits loopholes in the laws and could end up hurting consumers. Another critique of the Genetic Information Nondiscrimination Act has been written by Dr. Deborah Peel of Patient Privacy Rights.

Little noticed was a bill authorizing the FDA to be more flexible in its regulation of digital apps. Shortly after, the FDA announced its principles for approving digital apps, stressing good software development practices over clinical trials.

No improvement has been seen in the regard clinicians have for electronic records. Subjective reports condemned the notorious number of clicks required. A study showed they spend as much time on computer work as they do seeing patients. Another study found the ratio to be even worse. Shoving the job onto scribes may introduce inaccuracies.

The time spent might actually pay off if the resulting data could generate new treatments, increase personalized care, and lower costs. But the analytics that are critical to these advances have stumbled in health care institutions, in large part because of the perennial barrier of interoperability. But analytics are showing scattered successes, being used to:

Deloitte published a guide to implementing health care analytics. And finally, a clarion signal that analytics in health care has arrived: WIRED covers it.

A government cybersecurity report warns that health technology will likely soon contribute to the stream of breaches in health care.

Dr. Joseph Kvedar identified fruitful areas for applying digital technology to clinical research.

The Government Accountability Office, terror of many US bureaucracies, cam out with a report criticizing the sloppiness of quality measures at the VA.

A report by leaders of the SMART platform listed barriers to interoperability and the use of analytics to change health care.

To improve the lower outcomes seen by marginalized communities, the NIH is recruiting people from those populations to trust the government with their health data. A policy analyst calls on digital health companies to diversify their staff as well. Google’s parent company, Alphabet, is also getting into the act.

Specific technologies

Digital apps are part of most modern health efforts, of course. A few articles focused on the apps themselves. One study found that digital apps can improve depression. Another found that an app can improve ADHD.

Lots of intriguing devices are being developed:

Remote monitoring and telehealth have also been in the news.

Natural language processing and voice interfaces are becoming a critical part of spreading health care:

Facial recognition is another potentially useful technology. It can replace passwords or devices to enable quick access to medical records.

Virtual reality and augmented reality seem to have some limited applications to health care. They are useful foremost in education, but also for pain management, physical therapy, and relaxation.

A number of articles hold out the tantalizing promise that interoperability headaches can be cured through blockchain, the newest hot application of cryptography. But one analysis warned that blockchain will be difficult and expensive to adopt.

3D printing can be used to produce models for training purposes as well as surgical tools and implants customized to the patient.

A number of other interesting companies in digital health can be found in a Fortune article.

We’ll end the year with a news item similar to one that began the article: serious good news about the ability of Accountable Care Organizations (ACOs) to save money. I would also like to mention three major articles of my own:

I hope this review of the year’s articles and studies in health IT has helped you recall key advances or challenges, and perhaps flagged some valuable topics for you to follow. 2018 will continue to be a year of adjustment to new reimbursement realities touched off by the tax bill, so health IT may once again languish somewhat.

Learning More About Samsung’s Work in Healthcare and #HIMSS16

Posted on February 29, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is sponsored by Samsung Business. All thoughts and opinions are my own.

As we head into the 2016 HIMSS Annual conference, Healthcare Scene sat down with David Rhew, M.D., Chief Medical Officer and Head of Healthcare and Fitness at Samsung. In our discussion we talk about Samsung’s role in healthcare and the HIMSS16 conference. We also talk about a wide variety of topics including: the digital hospital, the connected home, BYOD, mobile device security, and wearables to name a few. No doubt Samsung is playing a bigger and bigger role in healthcare. Learn more in this video conversation embedded below:

After talking about Samsung Healthcare’s plans and expectations for the HIMSS16 conference, David Rhew, M.D. and Healthcare Scene opened up the floor for other live viewers to join the conversation in what we call the “After Party.”

In this discussion we talk about the challenge of standards and mobile device interoperability and then we were joined by Dr. James Legan and Dr. Charles Webster who share some first hand experiences and insights into how the right medical devices can dramatically change the physician and the patient healthcare experience along with Dr. Rhew sharing his experiences. Find out all the details in the video embedded below:

For more content like this, follow Samsung on Insights, Twitter, LinkedIn , YouTube and SlideShare