Posts in Category: data security

Healthcare providers tackle data security issues 

The proliferation of cyberattacks on healthcare providers is well known, with new reports continuing to highlight the problem.

More than 216 hospitals were included in 1,798 breaches between Oct. 21, 2009 and Dec. 31, 2016, according to a report last week in The Journal of the American Medical Association. Additionally, 33 hospitals, or 15 percent, reported more than one breach. Of the 141 affected acute care hospitals, 52 were major academic medical centers.

Also, about 20,000 patients were affected in 24 of the 216 breached hospitals, and six hospitals had over 60,000 breached patient records.

Another recent report found that ransomware attacks more than quadrupled in 2016, with nearly half happening in the healthcare sector. These types of attacks are projected to double again in 2017, Beazley Breach Insights reported.

Some efforts are underway to form a coordinated response to this problem.

At a hearing last week to address cyberattacks in the healthcare industry, the House Energy and Commerce Subcommittee on Oversight and Investigations, Terry Rice, VP of IT risk management and CISO at Merck, indicated cybersecurity has become a top concern for healthcare organizations.

While hundreds of millions of health records have been compromised in data breaches in recent years, the extent of the problem may be inadequately reported. “Unfortunately, I believe these incidents underrepresent the risks we are facing as an industry,” Rice said.

To fight cyberattacks, Congress should provide organizations tax breaks for Information Sharing and Analysis Centers, educate the industry on the importance of information sharing, protect data shared through ISACs and advocate for public-private partnerships, Denise Anderson, president of the National Health Information Sharing and Analysis Center told the lawmakers.

“It’s become increasingly apparent that the industry needs a government representative who understands cybersecurity issues, threats, vulnerabilities and impacts, as well as the blended threats between physical and cybersecurity,” said Anderson.

At LUMDEX, privacy, security and of course HIPAA-compliance are the essence of our software solutions. We invite you to read our Privacy and Security Policy, our Editorial and Advertising Policy, and our Terms and Conditions of Use. Feel free to browse throughout LUMEDX.com, and please read our Mission Statement in the "About Us" section of LUMEDX.com.

Latest Healthcare Cyberattack Highlights Need for Prevention 

How would you like to have to tell 34,000 patients that their data had been hacked? That’s the situation that Quest Diagnostics found itself in recently after hackers stole health information including names, birth dates, telephone numbers and lab results.

The clinical laboratory services company is just the latest victim in a long string of cyberattacks targeting protected health information. One in 13 patients stand to have their records stolen because of a healthcare provider breach, according to Accenture, an industry consulting firm. Healthcare organizations that have been the recent target of cybercriminals include:
Hollywood Presbyterian Medical Center, which paid a $17,000 ransom in bitcoin to regain control of its computer systems after a hack.
Anthem Inc., the second-largest U.S. health insurer, which had the records of nearly 80 million customers stolen.
MedStar Health, where hackers encrypted data from 10 hospitals, causing widespread confusion and delays in treatment because providers were unable to access records.
What can healthcare providers do to protect against such cyberattacks? We’ve collected a number of articles offering advice.
Tips for protecting hospitals from ransomware as cyberattacks surge
Hospitals Battle Data Breaches With a Cybersecurity SOS
Protecting a vulnerable industry against cyber attacks
5 Ways Providers Can Prevent Patient Data Breaches

What is your organization doing to protect itself from hackers? Share your strategies in our comments section below.

Clinician mobile device use increasing as healthcare organizations struggle to protect data 

The number of clinicians who use smartphones and other mobile devices on the job is rising rapidly, and so is the number of facilities that have created mobile device management strategies to cope. "Organizations with a documented mobility strategy have nearly doubled, and in-house use of pagers has increased slightly during the past two years," according to Health Data Management.

Almost 90 percent of physicians surveyed reported using smartphones, while about half of nurses and other staff members use them. In response, more than 60 percent of hospitals surveyed have a documented mobile device strategy. (The survey, by mobile messaging service vendor Spok, included responses from about 550 hospitals.)
The leading mobile devices used in hospitals are:

  • Smartphones (78 percent)
  • In-house pagers (71 percent)
  • Wi-Fi phones (69 percent)
  • Wide-area pagers (57 percent)
  • Tablets (52 percent)

Security and privacy, of course, are huge concerns for those setting mobile device policy, leading some organizations to forbid clinicians to use personal devices for work-related communication. About 80 percent of surveyed hospitals with such policies cited fear of data breaches as the reason behind their rules. 

Click here to download the survey.
What's the mobile device policy at your organization? Share your thoughts with the LUMEDX community by commenting below. 

Healthcare Cybersecurity Failings Draw the Ire of Accountability Office 

GAO Recommends Corrective Action by Department of Health and Human Services

More than 113 million electronic health records were breached in 2015, a year that saw a total of 56 cybersecurity attacks in healthcare alone. That's a 13-fold increase from 2006 to 2015.
The Government Accountability Office isn't going to let those cybersecurity failures go unremarked upon. The GAO last week came down hard on the Department of Health and Human Services, pointing out a number of weaknesses in efforts by HHS to help health plans and other providers protect data.
"HHS has established an oversight program for compliance with privacy and security regulations, but its actions did not always fully verify that the regulations were implemented," wrote the GAO in a report released Sept. 26. The report also called out HHS for giving technical assistance "that was not pertinent to identified problems" in cybersecurity, and for failing to follow up on cases it investigated. 
In short, the GAO found, loss or misuse of health information is not being adequately addressed by HHS. To help healthcare organizations comply with HIPAA and prevent further data breaches, the Office said, HHS should take the following corrective actions:

  • Update its guidance for protecting electronic health information to address key security elements.
  • Improve technical assistance it provides to covered entities.
  • Follow up on corrective actions.
  • Establish metrics for gauging the effectiveness of its audit program. 

HHS generally concurred with the recommendations and stated it would take actions to implement them.

UPDATE: On Oct. 4, HHS announced that it had awarded funding to help protect the health sector against cyber threats. Learn who received the funding, and how it is intended to help healthcare organizations.

The Best of Health IT News: Week of 4/18/16 

We've found the stories you won't want to miss!


ACA, population health will be game changers in next three years, say hospital execs

C-suite leaders predict that their most important areas of focus in the next three years will be high-value post-acute care networks and innovative approaches to care delivery, according to Premier Inc.'s spring Economic Outlook. The impact that the Affordable Care Act and population health management will have on care delivery is the reason these areas of focus will be so important, executives say. "About 95 percent said expanding high-value post-acute care networks is crucial to population health efforts," FierceHealthcare reports. "In addition, 94 percent said such networks are one of their greatest challenges."

ACC notifies 1,400 institutions of potential data breach

More than 1,000 institutions have been notified by the American College of Cardiology (ACC) that patient data from the National Cardiovascular Data Registry (NCDR) might have been breached. "After discovering the issue in December, the ACC found that four software development vendors who were testing software had access to NCDR patient data," reports Cardiovascular Business. "The data was copied between 2009 and 2010, and was included in one of more than 250 tables that software developers used in a test environment."

EHR fraud recommendations remain unimplemented, HHS Inspector General says

Warnings from the its Office of Inspector General have yet to prompt the Department of Health and Human Services to adequately address the issue of hospitals failing to employ safeguards and prevent electronic health record fraud and abuse via recommended tools already in place, according to the Inspector General. "The Inspector General's Office says that nearly all hospitals with EHRs had RTI-recommended audit functions in place, but that those functions were not being used to their full extent," FierceHealthcare reports.

The Most Innovative Trends and Technologies from ACC.16

DAIC Editor Dave Fornell takes a tour of some of the trends and interesting new technologies from the vendor booths on the expo floor at the 2016 meeting of the American College of Cardiology (ACC). 

 

 

The Best of Cardio and Health IT News: Week of 2/22/16 

Security breach, telehealth, and Obamacare

LUMEDX does the research for you! Here are some of the top stories in healthcare this week.

Security: Hospital pays ransom to get its data back from hackers

Security experts are concerned that a Southern California hospital paid a $17,000 ransom in bitcoins to hackers who infiltrated and disabled its network, saying that agreeing to the ransomers' demands could set a bad precedent. The hackers had encrypted the hospital's computer network and demanded the ransom to provide a digital decryption key to unlock it.

Healthcare could be major issue in presidential race

The future of U.S. healthcare--especially Obamacare, Medicare, and Medicaid--will be determined in this year's presidential election, and the candidates are offering starkly different visions. Democrat Hillary Clinton would uphold and expand the Affordable Health Act, while her primary opponent, Bernie Sanders, would replace it with a single-payer system. Republican Donald Trump expressed support for some facets of the ACA, while Republican Sens. Marco Rubio and Ted Cruz vow to end it.

51 hospitals settle with Justice Department in ICD case

The Department of Justice has reached settlements with 51 hospitals that allegedly improperly implanted implantable cardioverter defibrillators (ICDs) in Medicare patients. The department said it had reached settlements worth a total of more than $23 million with hospitals in 15 states for allegedly improperly implanting the cardiac devices.

Forbes blogger predicts expansion of concierge healthcare model

An opinion piece in  Forbes suggests that hospitals should consider offering concierge healthcare. The concierge model could help financially struggling providers by making them more attractive to wealthier patients who will pay for expedited access to high-caliber physician talent.

Experts call Zika 'the scariest virus since HIV'

As experts learn more about the mosquito-borne Zika virus, they are becoming more alarmed. The American Council on Science and Health referred to Zika as  "possibly the scariest virus since HIV" because it is carried by hard-to-escape mosquitoes and causes serious birth defects.

The Best of Cardio and Health IT News: Week of 2/15/16 

Don't miss out on this week's top stories


CMS and health insurers announce alignment and simplification of quality measures

The Centers for Medicare & Medicaid Services (CMS) and America's Health Insurance Plans (the health plans' trade group)  announced that they have agreed on seven sets of clinical quality measuresThe standardized measures are designed to help payers and consumers shopping for high-quality care. "These measures support multi-payer alignment, for the first time, on core measures primarily for physician quality programs," according to the CMS. This work is informing the CMS’s implementation of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).

Supreme Court: What will happen to healthcare cases after Justice Scalia's death?

A number of healthcare-related cases are in limbo following the death of conservative U.S. Supreme Court Justice Antonin Scalia, who died on Feb. 12. "The court is weighing a case about data sharing with potential implications for insurers and state healthcare reform efforts," Modern Healthcare reports. "Another case has the potential to reduce—or increase—the number of False Claims Act suits brought against healthcare providers and other companies." Also before the court is a case involving the contraception mandate in the Affordable Care Act. 

CMS anticipates giving out $7.7 billion in ACA reinsurance payouts

Healthcare insurance companies could receive as much as $7.7 billion as part of the Affordable Care Act's reinsurance program. Reflecting data from the 2015 benefit year, the payouts are to be issued this year. "The Affordable Care Act created the temporary, three-year reinsurance program to protect insurers during the early years of the new individual marketplaces," according to Modern Healthcare"Insurers pay into the reinsurance pool, and those funds are then paid out to health plans that had members with extremely high medical claims." 

Still stalled: Federal healthcare rule that ties Medicare, Medicaid payments to disaster-preparedness plans

A proposed federal rule that would require healthcare facilities and hospitals to create emergency-preparedness plans in order to receive Medicare and Medicaid funding is stalled in the Office of Management and Budget, undergoing a legally required review. It would affect more than 68,000 providers, according to a New York Times news analysis."Industry groups have been critical of the time and expense they said would be involved in steps such as test backup power generators more frequently and for longer periods, or to pay staff overtime during drills," according to FierceHealthcare.com.

Harvard researchers say PCI readmission metric could be model

A model for improving the quality and value of cardiology care may be found in a pilot program from the Centers for Medicare and Medicaid Services and the National Cardiovascular Data Registry (NCDR), according to Harvard researchers. The program evaluated and reported risk-adjusted 30-day readmission rates after PCI. "The researchers noted that preventing readmissions could improve the quality of care and reduce costs for cardiology patients," according to CardiovascularBusiness.com.

 

The Best of HealthIT News: Week of 1/25/16 

ERHs, ACOs, healthcare hackers, and more

Did you have a chance to check out the latest news from the healthIT community? Let us help keep you up to date on the stories you won't want to miss.

 

Healthcare execs advised to focus on consolidations, emergency preparedness, value-based care for 2016

Healthcare trends to watch this year include hospital consolidations and the continued shift away from fee-for-service payment models to value-based care, say hospital executives surveyed by FierceHealthcare. “'Providers will come together in a range of affiliations/partnerships as part of growth and cost reduction strategies, short of full-on mergers and acquisitions,’ according to Chris Van Gorder, CEO and president of Scripps Health in San Diego.”

Ambulatory EHRs should gain steam through 2020

There are many reasons to shift toward ambulatory inpatient electronic health records, according to a new report by Frost & Sullivan. The report predicts that low returns and on-premise EHR limitations will motivate healthcare providers to explore cloud-based, affordable products in their quest to achieve population health goals. The new records systems would benefit both patient-centered medical homes and Accountable Care Organizations as they negotiate the continuum of care for their patients. 

5 healthcare IT enemies to watch out for

A new report calls out five types of healthcare hackers and categorizes them based on their targets and other characteristics. Some are unsophisticated “script kiddies,” while others have the finesse of nation states, according to a Critical Infrastructure Technology report. They’re after everything from patient records to employee personnel files, and any records that can help them steal identities, the report says.

Out-of-network integration, interoperability among problems facing ACOs

Interoperability and integration problems plague Accountable Care Organizations (ACOs) despite the fact that many systems have made health IT a major focus, according to a survey. Integrating data from out-of-network providers is the most daunting challenge they face, according to 80 percent of ACO representatives surveyed.

Give patients control of their data, researchers argue

Hospitals should make changing to a patient-controlled records system a priority, say researchers at Boston Children's Hospital in the New England Journal of Medicine. They argue that the benefits of patient-controlled records are far-reaching, and that the technology needed to make the shift is already in place. They admit, however, that the incentives to make the change are lacking. 

Best of Health IT News: Week of 05/07/15 

Did you have a chance to check out the latest healthcare IT news stories around the Web? We’ve captured the top industry news stories from this week that you won’t want to miss.

Will Healthcare Data Analytics Suffer if DeSalvo Leaves ONC? 

According to Healthcare IT Analytics, Karen DeSalvo, MD, MPH, MSc, may soon move from her role as the head of the Office of the National Coordinator for Healthcare IT (ONC) to become the HHS Assistant Secretary for Health. In her short time at the ONC, DeSalvo has overseen early attestations for Stage 2 meaningful use while promoting interoperability, clinical analytics, and population health management. 

HHS, USDA Invest $1B in Rural Health, Care Coordination 

The Department of Health and Human Services is working with the US Department of Agriculture (USDA) to financially support rural communities as they take on health IT improvement projects including EHR adoption, health information exchange, telehealth services, and more. 

Health IT Holds the Promise to Help Improve Health

In a column for Health IT Buzz, Chief Medical Officer of Million Hearts Thomas A Mason, MD, and Executive Director Janet Wright, MD, FACC, argue that a critical component of chronic disease management is EHR integration. In order to manage conditions like high blood pressure, healthcare providers must increase their use of EHRs, clinical analytics, and population health management programs. 

43% of Orgs use Clinical Decision Support for Patient Safety 

According to a HIMSS15 survey conducted by LogicNets, 43% of healthcare organizations believe that clinical decision support technology reduces the occurrence of errors. The study also found that a third of providers who already have CDS in place believe that it improves efficiency. Additionally, a recent ONC study found that automatic medication calculators reduced dosage errors between 37-80%.

Best of Health IT News: Week of 03/12/15 

Did you have a chance to check out the latest healthcare IT news stories around the Web? We’ve captured the top industry news stories from this week that you won’t want to miss.

And if you're attending ACC.15 in San Diego this week, be sure to stop by LUMEDX Booth #523! Schedule a meeting here

ACC 2015 Scientific Sessions: Contemporary Cardiology Embellished With San Diego Sunshine 

Medscape reports on ACC.15, taking place from March 14-16, 2015 in San Diego, CA. The conference will cover the latest trials and discussions on issues facing cardiology every day, including studies exploring imaging modalities for chest pain, optimal antiplatelets post PCI and in chronic CAD, and much more. 

How CPOE Can Reduce Length of Stay 

According to Health IT News, computerized provider order entry (CPOE) can help reduce length of stay when used in conjunction with bedside bar coding and electronic health records. A study published in Applied Clinical Informatics in July 2014 found that 63% of the reduction in LOS correlated with the rise in CPOE. 

Study: Patients Would Change Healthcare Providers Over Security Concerns

A study sponsored by the Medical Identity Fraud Alliance found that 79% of respondents considered it important for providers to protect their information. 48% stated that they would consider changing healthcare providers if their medical records were stolen or lost. 

Next Generation ACO Launched by CMS, Tightens Financial Benchmarks

Healthcare Finance reports that the Centers for Medicare & Medicaid Services (CMS) has announced a new model of accountable care organization called The Next Generation ACO. Participants of this program will have more predictable financial targets as well as goals linked to patient engagement. 

Page 1 of 2 1 2 > >>
  • RSS

Statistics

  • Entries (225)
  • Comments (569)

Categories