Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

Tiny Budgets Undercut Healthcare’s Cyber Security Efforts

Posted on January 4, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

This has been a lousy year for healthcare data security — so bad a year that IBM has dubbed 2015 “The Year of The Healthcare Security Breach.” In a recent report, Big Blue noted that nearly 100 million records were compromised during the first 10 months of this year.

Part of the reason for the growth in healthcare data breaches seems to be due to the growing value of Protected Health Information. PHI is worth 10x as much as credit card information these days, according to some estimates. It’s hardly surprising that cyber criminals are eager to rob PHI databases.

But another reason for the hacks may be — to my way of looking at things — an indefensible refusal to spend enough on cybersecurity. While the average healthcare organization spends about 3% of their IT budget on cybersecurity, they should really allocate 10% , according to HIMSS cybersecurity expert Lisa Gallagher.

If a healthcare organization has an anemic security budget, they may find it difficult to attract a senior healthcare security pro to join their team. Such professionals are costly to recruit, and command salaries in the $200K to $225K range. And unless you’re a high-profile institution, the competition for such seasoned pros can be fierce. In fact, even high-profile institutions have a challenge recruiting security professionals.

Still, that doesn’t let healthcare organizations off the hook. In fact, the need to tighten healthcare data security is likely to grow more urgent over time, not less. Not only are data thieves after existing PHI stores, and prepared to exploit traditional network vulnerabilities, current trends are giving them new ways to crash the gates.

After all, mobile devices are increasingly being granted access to critical data assets, including PHI. Securing the mix of corporate and personal devices that might access the data, as well as any apps an organization rolls out, is not a job for the inexperienced or the unsophisticated. It takes a well-rounded infosec pro to address not only mobile vulnerabilities, but vulnerabilities in the systems that dish data to these devices.

Not only that, hospitals need to take care to secure their networks as devices such as insulin pumps and heart rate monitors become new gateways data thieves can use to attack their networks. In fact, virtually any node on the emerging Internet of Things can easily serve as a point of compromise.

No one is suggesting that healthcare organizations don’t care about security. But as many wiser heads than mine have pointed out, too many seem to base their security budget on the hope-and-pray model — as in hoping and praying that their luck will hold.

But as a professional observer and a patient, I find such an attitude to be extremely reckless. Personally, I would be quite inclined to drop any provider that allowed my information to be compromised, regardless of excuses. And spending far less on security than is appropriate leaves the barn door wide open.

I don’t know about you, readers, but I say “Not with my horses!”

Practical Application of Watson with EHR

Posted on July 24, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Ever since Watson made its debut on Jeopardy, I haven’t been able to not check out what Watson was doing next. No doubt what Watson did on Jeopardy was impressive. However, it’s one thing to do what it did on Watson. It’s another thing to commercialize the Watson into something useful.

I’d long been hearing that Watson was going to be great for healthcare IT and that healthcare would really benefit from the technology. However, everything I saw felt very conceptual as opposed to practical and implemented. So, I was really interested in talking with Modernizing Medicine about their EHR integration with Watson.

You can find my interview with Daniel Cane and Dr. Michael Sherling, Founders of Modernizing Medicine, talking about Watson and some of the other cool ways they’re trying to help doctors make use of the data in an EHR in the video below. Plus, we even talk ICD-10 and MU 2 delay as well.

Note: Modernizing Medicine is a Healthcare Scene advertiser.

Integrating Watson with EHR – Daniel Cane and Michael Sherling, MD

Posted on June 2, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

In our latest Google Plus hangout, we sat down with the founders of Modernizing Medicine, Daniel Cane and Dr. Michael Sherling to discuss their latest integration of the Modernizing Medicine EHR with IBM’s Watson. Plus, we take some time to talk about Modernizing Medicine’s unique EMA Outcomes and EMA Grand Rounds products and how they impact the way a doctor treats a patient. We finish off by dipping into the ICD-10 and Meaningful Use Stage 2 delay.

About Daniel Cane
Daniel Cane is the CEO and co-founder of Modernizing Medicine. Since founding the company in 2010, Daniel has led his team to raise a total of nearly $30M in funding and to hire almost 185 employees as he works towards his stated goal to “Modernize Medicine.” Before founding Modernizing Medicine, Daniel co-founded Blackboard Inc., raising over $100M in venture capital and in 2004 helped take the company public on the NASDAQ. In 2011, Blackboard was sold for $1.6B.

About Dr. Michael Sherling
Dr. Michael Sherling is the co-founder and Chief Medical Officer of Modernizing Medicine. A Harvard and Yale trained dermatologist, he’s led Modernizing Medicine to gain almost 25% of the US EHR market share in dermatology. Dr. Sherling is responsible for developing and designing the dermatology-based Modernizing Medicine software, and supervising the medical arm of ophthalmology, orthopedics, plastic and cosmetic surgery, otolaryngology, gastroenterology and urology software.

Healthcare Cloud Spending To Ramp Up Over Next Few Years

Posted on October 4, 2013 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For years, healthcare IT executives have wrestled with the idea of deploying cloud services, concerned that the cloud would not offer enough security for their data. However, a new study suggests that this trend is shifting direction.

A new study by market research firm MarketsandMarkets has concluded that the healthcare industry will invest $5.4 billion in cloud computing by 2017.  This year should see a particularly big change, with total healthcare cloud investment moving from 4 percent to 20.5 percent of the industry, according to an article in the Cloud Times.

The current US cloud market for healthcare is dominated by SaaS vendors such as CareCloud, Carestream Health and Merge Healthcare, according to MarketsandMarkets. These vendors are tapping into an overall cloud computing market which should grow at a combined annual growth rate of 20.5 percent between 2012 and 2017, the researchers say.

As the report notes, there are good reasons why healthcare IT leaders are taking a closer look at cloud computing. For example, the cloud offers easy access to high-performance computing and high-volume storage, access which would be very costly to duplicate with on-premise computing.

On the other hand, the MarketsandMarkets researchers admit, healthcare still has particularly stringent data security requirements, and a need for strict confidentiality, access control and long-term data storage. Cloud vendors will need to offer services and products which meet these unique needs, and just as importantly, change and adapt as regulatory requirements shift. And they’ll have to have an impeccable reputation.

That last item — the cloud vendor’s reputation — will play a major role in the coming shift to cloud-based deployments. If giants like AT&T, IBM and Verizon stay in the healthcare cloud business, which seems likely to me, then healthcare institutions will be able to admit that they’re engaged in cloud deployments without suffering a public black eye over potential security problems.

On the other hand, if the giants were to get cold feet, cloud adoption would probably slow substantially, and remain at the trickle it has been for several years. While vendors like Merge and Carestream may be doing well, I’d argue that the presence of the 2,000-pound gorilla vendors ultimately dictates whether a market thrives.

Watson in Healthcare, Malpractice and EHR, Orion and Amalga, and EMR Apps

Posted on October 16, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Time again for my weekly round up of healthcare IT and EMR related tweets. Plus, a few thoughts from me about the various tweets.

@Craigley
Craig Bradley
I need a Watson robot in the room to be my knowledge/evidence coach & also EMR scribe while I listen/touch/care. @SeattleMamaDoc #chc11

The good news for Craig is that I’ve seen the people from IBM that did Watson working with the people from Nuance (most famous for Dragon Naturally Speaking) working on this. I don’t think it’s that far away.

@nickgenes
borborygmi
First real recommendation: have good backup plan when #EMR goes down; one makpractice case was lost by inadequate downtime system #SA11

This was pretty interesting. I’d love to learn more details about this malpractice case. No doubt you have to work on a proper system to handle EMR down time. I’ve written before about all the ways you could have EMR down time and the cost of EHR down time. It’s not a question of IF you will have EHR down time, but WHEN.

@JBikman
Jeremy Bikman
I’m very excited to see what Orion can become w/ Amalga HIS. My hope is that they emerge as a legit EHR/EPR/HIE player globally. Very cool.

This is interesting news since Orion is focused on the Asia Pacific market. Coincidentally, I’m just finalizing the details of me attending a Healthcare Informatics Conference in Thailand in March 2012. I’m interested to learn a lot more about Asia. You can read more about the Orion Health Deal for Amalga here.

@EMRDailyNews
EMR Daily News
Over 60 EMR / #EHR Apps Now Available in the iTunes App Store su.pr/1tfhMG

64 iPhone EHR apps on the app store. In February there were only 5 EMR apps in the Android marketplace. I’m sure there are a whole lot more now. Plus, the number of apps in the app store is a bit flawed since it’s not like people purchase their EHR software on the app store. However, it’s interesting to see how many are putting it there.

Harnessing the Power of Electronic Medical Records with IBM

Posted on June 20, 2011 I Written By

At the heart of healthcare transformation are electronic health records, the basic building blocks of healthcare efficiency. IBM has a long history of creating and connecting systems to share patient information. When standardized and shared, electronic health records provide a powerful means of increasing accuracy and speeding the delivery of patient information to the point of care. They enable better collaboration, more complete records, and better service.

 

 

Watch the video here.

IBM’s Watson Addresses Errors of Diagnosis

Posted on June 2, 2011 I Written By

I’m beginning to see a pattern here. Two weeks ago, I wrote about clinical decision support in context of Dr. Larry Weed’s new book. Two weeks before that, I commented about physicians worrying that patients would perceive them as being incompetent if they relied on CDS. Today, I’m back to the same topic.

Deny the obvious all you want, physicians, but clinical decision support is coming, and once it’s here, it’s not going away.

I just got back back from the new IBM Healthcare Innovation Lab in downtown Chicago, the company’s third such center in the U.S. and eighth worldwide. While kickoff included a “healthcare leadership exchange” with such thought leaders as HIMSS CEO Steve Lieber and Allscripts Healthcare Solutions Chief Innovation Officer Stanley Crane, the real star was not a person, but a computer. IBM’s Watson, to be specific.

People stayed after lunch mostly to see a demo of Watson processing healthcare data—and IBM Chief Medical Scientist Dr. Marty Kohn said this was the first audience to see this demo. Make no mistake, IBM is positioning Watson as a clinical decision support tool, particularly for the much-ignored area of diagnostic decision support.

Saying that perhaps 25 percent of all healthcare errors are errors of diagnosis, Kohn noted how getting the diagnosis right can prevent all kinds of unnecessary complications and spending. “Of course, if you’ve made the wrong diagnosis, picking the right course of treatment becomes a challenge,” Kohn said.

And after the diagnosis, Watson can prevent treatment errors by, say, scanning EMR data for patient allergies to recommend against a drug that might cause a harmful interaction, then suggest alternative therapies. Kohn presented the case of a 29-year-old pregnant woman who was diagnosed with Lyme disease. A common treatment is the antibiotic doxycyline, but Kohn noted that it’s contraindicated during pregnancy.

Watson, according to Kohn, draws preliminary conclusions according to presenting symptoms, then scans multiple sources of information to present recommendations. Watson does look at the notoriously incomplete and inaccurate Wikipedia, Kohn said, mostly because that user-edited site covers so many topics, but then verifies information from other sources.

Watson then displays reasons why it believes the diagnosis may be correct so the doctor can make an informed decision. “It won’t let you ignore all the possible diagnoses,” Kohn said. But it won’t actually make the final call. “Watson is going to be in a supportive role rather than actually making decisions.” Kohn added.

What the supercomputer does is process vast amounts of data in a short amount of time., something that even the sharpest human mind could never do. And that’s what clinical decision support is supposed to be all about.

‘Watson’ Analytics to Being Used to Increase Smartphone, EHR capabilities

Posted on May 31, 2011 I Written By

I for one thought it was really cool that they developed a computer system that could outperform people on Jeopardy.  I am not ready to have my own robot at home, though that would reduce the housework I would have to do, but I love to see people trying to push their limits, and develop things that have never been done before.  That is exactly what the people at IBM are doing.

The full article can be found here, but here are some of the most amazing things that they are developing based on the “Watson” technology:

IBM has doubled the number of healthcare solution architects and technology specialists working at the Solutions Center, tasking them with helping physicians connect smartphones, tablets and other devices to EMRs while also helping healthcare providers build new solutions for remote patient monitoring.

Meanwhile, more than a quarter (27 percent) of specialists and primary care physicians use a tablet PC or similar device nowadays. As clinicians adopt smart devices at five times the rate of the general population,

Using clinical voice recognition from Nuance Communications and medical terminology management from Health Language, IBM is working to improve the mobile EMR experience through voice recognition and technology that provides understanding of medical text, similar to the way Watson analyzed hundreds of millions of pages of text from books, encyclopedias and periodicals to compete on Jeopardy!

With the rapid adoption of electronic medical records and other health IT applications, the amount of data associated with health care providers in North America is expected to reach close to 14,000 petabytes by 2015.

Now for those of you, like me, that don’t know how much a petabyte is, it is equivalent to 1024 terabytes which is equal to about 13.3 years of HDTV content.  It is incredible how fast this industry is growing.  Information has always been the source of power in healthcare, and now we are in a position to use more, and more accurate, information than ever before.  What is truly incredible is that most of it can be accessed in the palm of your hand.

Jeopardy!’s Watson Computer and Healthcare

Posted on May 25, 2011 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m sure like many of you, I was completely intrigued by the demonstration of the Watson computer competing against the best Jeopardy! stars. It was amazing to watch not only how Watson was able to come up with the answer, but also how quickly it was able to reach the correct answer.

The hype at the IBM booth at HIMSS was really strong since it had been announced that healthcare was one of the first places that IBM wanted to work on implementing the “Watson” technology (read more about the Watson Technology in Healthcare in this AP article). Although, I found the most interesting conversation about Watson in the Nuance booth when I was talking to Dr. Nick Van Terheyden. The idea of combining the Watson technology with the voice recognition and natural language processing technologies that Nuance has available makes for a really compelling product offering.

One of the keys in the AP article above and was also mentioned by Dr. Nick from Nuance was that the Watson technology in healthcare would be applied differently than it was on Jeopardy!. In healthcare it wouldn’t try and make the decision and provide the correct answer for you. Instead, the Watson technology would be about providing you a number of possible answers and the likelihood of that answer possibly being the issue.

Some of this takes me back to Neil Versel’s posts about Clinical Decision Support and doctors resistance to CDS. There’s no doubt that the Watson technology is another form of Clinical Decision Support, but there’s little about the Watson technology which takes power away from the doctor’s decision making. It certainly could have an influence on a doctor’s ability to provide care, but that’s a great thing. Not that I want doctors constantly second guessing themselves. Not that I want doctors relying solely on the information that Watson or some other related technology provides. It’s like most clinical tools. When used properly, they can provide a great benefit to the doctor using them. When used improperly, it can lead to issues. However, it’s quite clear that Watson technology does little to take away from the decision making of doctors. In fact, I’d say it empowers doctors to do what they do better.

Personally I’m very excited to see technologies like Watson implemented in healthcare. Plus, I think we’re just at the beginning of what will be possible with this type of computing.