Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Despite Risks, Hospitals Connecting A Growing Number Of Medical Devices

Posted on July 20, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Over the past few years, hospitals have gotten closer and closer to connecting all of their medical devices to the Internet — and more importantly, connecting them to each other and to critical health IT systems.

According to a new study by research firm Frost & Sullivan, most hospitals are working to foster interoperability between medical devices and EHRs. By doing so, they can gather, analyze and present data important to care in a more sophisticated way.

“Hospitals are developing connectivity strategies based on early warning scores, automated electronic charting, emergency alert and response, virtual intensive care units, medical device asset management and real-time location solutions,” Frost analysts said in a prepared statement.

Connecting medical devices to other hospital infrastructure has become so important to the future of healthcare that the FDA has taken notice. The agency recently issued guidance on how healthcare organizations can foster interoperability between the devices and other information systems.

Of course, while hospitals would like to see medical devices chat with their EHRs and other health IT systems, it’s just one of many important goals hospitals have for data collection and analysis. Health IT executives are up to the eyebrows supporting big data transformation, predictive analytics and ongoing EHR management, not to mention trying out soon-to-be standard technologies such as blockchain.

More importantly, few medical devices are as secure as they should be. While the average hospital room contains 15 to 20 connected devices, many of them are frighteningly vulnerable. Some of them are still running on obsolete operating systems, many of which haven’t been patched in years, or roughly 1,000 years in IT time. Other systems have embedded passwords in their code, which is one heck of a problem.

While the press plays up the possibility of a hacker stopping someone’s connected pacemaker, the reality is that an EHR hack using a hacked medical device is far more likely. When these devices are vulnerable to outside attacks, attackers are far more likely to tunnel into EHRs and steal patient health data. After all, while playing with a pacemaker might be satisfying to really mean people, thieves can get really good money for patient records on the dark web.

All this being said, connected medical devices are likely to become a key part of hospital IT infrastructure in hospitals over time as the industry solves these problems, Frost predicts that the global market for such devices will climb from $233 million to almost $1 billion by 2022.

It looks like hospital IT executives will have some hard choices to make here. Ignoring the benefits of connecting all medical devices with other data sources just won’t work, but creating thousands of security vulnerabilities isn’t wise either. Ultimately, hospital leaders must find a way to secure these devices ASAP without cratering their budget, and it won’t be easy.

Remote Release of Information: The Next Step in Secure and Compliant Exchange of Patient Health Information

Posted on July 18, 2018 I Written By

The following is a guest blog post by Patty Sheridan, MBA, RHIA, FAHIMA; SVP, Life Sciences at Ciox & Tarun Kabaria; Executive VP, Provider Operations at Ciox.

Across the industry, there is an influx of health information management (HIM) departments and medical groups moving their HIM operations from hospital main campuses and individual physician practices to centralized, offsite locations to gain efficiencies and make better use of valuable square footage in their facilities. For many organizations, this move began decades ago with the implementation of remote coding and/or the need to free up space for patient care.

These ‘virtual HIM” departments can be located at a separate facility, home-based office or remote vendor locations, and result from the continued adoption of electronic health records (EHR) and pressure to manage costs, offering HIM directors and practice administrators the opportunity to reorganize and form more efficient spaces and processes. Outsourcing functions, such as release of information (ROI), allows HIM staff to focus on other priorities of data governance while maximizing available space.

From a financial perspective, costs associated with regulations, staffing, printing, mailing and square footage are increasing; and in some instances, volumes of requests are increasing due to health plans, lawsuits and the portability of healthcare. Furthermore, allowable fees for releasing medical records are decreasing in some states. As a result of these rising financial pressures, healthcare providers are finding it more difficult to make ROI a profit center in their organizations.

HIM departments are experiencing additional pressures from rising health plan request volumes, requiring flexible operational solutions in order to meet the increasing demand. In a typical year, the volume of health plan requests tends to increase to the order of 20-30 percent, and this year those numbers are expected to triple. With such an influx of requests, moving to a virtual model allows for the onsite staff to be augmented with the remote team, fulfilling these large volume requests without impacting the core ROI and patient requests.

Another prevalent challenge is timeliness. With the advent of rebranding the Meaningful Use program to focus on promoting interoperability and the increase in various governmental and payor audits, timeliness of response to requests for medical records is critical and penalties for non-compliance are steep. As such, healthcare providers are reaching the point of diminishing returns in regards to managing the ROI function on their own, and in some cases, will not be able to meet the time deadlines imposed upon them to gain incentives, avoid penalties and takebacks.

These new industry influences create the need for even faster, more efficient, error-free fulfillment of medical record requests and pave the way for a new approach designed to help your organization meet this demand: Remote ROI.

The Remote ROI Process

The ROI process is a time-consuming administrative challenge for HIM professionals, requiring compliance expertise, secure and efficient technology, and a trained and knowledgeable staff. The Remote ROI process starts at your healthcare facility when requests for release of health information are received. From there, your chosen third party vendor, such as Ciox, receives the request from the hospital or practice via a mutually agreed upon, secure mechanism. Securely connected and able to access the hospital or practice EHR, an offsite ROI Specialist then reviews the requests for proper authorizations, identifies and captures the records to be released, and transmits the medical records from your facility’s EHR in an encrypted electronic format to the third party vendor’s ROI centralized processing center. The release is delivered to the requestor through an automatic print and mail process or electronically via a secured delivery method. Ciox’s process is computer-assisted using artificial intelligence and natural language processing thereby reducing turnaround time, improving patient satisfaction and ROI outcomes.

When creating your Remote ROI process, follow these three fundamental steps to ensure its success:

1. Determine the method of access to the Request Letter/Authorization received by the hospital or physician practice.

There are several mechanisms by which requests and authorizations are securely made available to Remote ROI Specialists for ROI processing. The most common methods include:

  • Requests/Authorizations are scanned into the EHR – Staff at the facility scans the requests/authorizations into the EHR. The Remote ROI Specialist accesses the EHR to view the information and begin the process.
  • Requests/Authorizations are faxed – Staff at the facility faxes the requests/authorizations to a fax-in queue provided by the third party vendor. The Remote ROI Specialist accesses the fax-in queue to view the information.
  • Requests/Authorizations are scanned and placed in a shared folder – Staff at your facility scans the requests/authorizations into a shared folder accessible by the Remote ROI Specialist at the third party vendor’s secure Remote ROI Processing Center.
  • Requests/Authorizations are automatically received via health data exchange or health information exchange.

2. Establish connectivity to the EHR to validate the authorization, review the medical records and process the request.

An acceptable baseline for securing the connection to your EHR system(s) must be established for Remote ROI. The appropriate connectivity scenario depends on the underlying technologies at your facility. When understanding which technologies are at your disposal and establishing connectivity, remember that security is key in this part of the process. Keep that in mind when selecting a third party vendor, as it’s paramount to select a company that makes the security of the exchange of protected health information a top priority. Furthermore, it’s of critical importance to select a vendor that has earned certified status for information security by the Health Information Trust (HITRUST) Alliance. The HITRUST CSF Certified Status ensures that key healthcare regulations and requirements for protecting and securing sensitive private healthcare information are met.

3. Ensure compliance standards to track when and who accessed protected health information.

As an added security effort, it’s crucial to follow compliance standards that allow insight as to who accessed patient health information and when it was accessed. To ensure maximum security, computers located at the third party’s Remote ROI processing facility should be secured utilizing encryption, anti-virus protection and web filters.

Passwords should be provided by the facility for access to their specific EHR and stored in an electronic password vault. The password vault should be linked to the third party’s directory that is only accessible by the ROI Specialist using their directory account. Third parties should provide complete audit trail capabilities to track personnel accessing the EHR and processing medical record requests from your applications.

By moving some or all of the onsite ROI functions to a Remote operation, you can streamline the ROI workflow, reclaim square footage for other purposes and have additional capacity available for request volume fluctuation. As an added benefit, the immediate access to requests and authorizations speeds turnaround times on processing requests, which is particularly important when considering tight timelines for meeting Meaningful Use and audit-related releases.

If you’re looking to make HIM operations more efficient and cost effective, Remote ROI can open the doors to achieving those goals.

About Ciox
Ciox is a health technology company working to solve the clinical data illiquidity challenge by providing transparency across the healthcare ecosystem and helping clients manage disparate medical records and a proud sponsor of Healthcare Scene. When stakeholders do not have timely access to the complete clinical picture of patients, critical decisions about patient care, medical outcomes research, disease prevention, reimbursement, and payments are sub-optimized. Ciox’s scale, expertise, expansive provider network and industry leading technology platform make it the most reliable clinical data company in the US. Through its standards based technology platform, HealthSource, Ciox helps clients securely and consistently solve the last mile challenges in clinical interoperability.  Learn more about Ciox’s technology and solutions by visiting www.ciox.com

Connecting the Data: Three Steps to Meet Digital Transformation Goals

Posted on July 16, 2018 I Written By

The following is a guest blog post by Gary Palgon, VP Healthcare and Life Sciences Solutions at Liaison Technologies.

A white paper published by the World Economic Forum in 2016 begins with the statement, “Few industries have the potential to be changed so profoundly by digital technology as healthcare, but the challenges facing innovators – from regulatory barriers to difficulties in digitalizing patient data – should not be underestimated.”

That was two years ago, and many of the same challenges still exist as the digital transformation of healthcare continues.

In a recent HIMSS focus group sponsored by Liaison, participants identified their major digital transformation and interoperability goals for the near future as:

  • EMR rollout and integration
  • Population health monitoring and analytics
  • Remote clinical encounters
  • Mobile clinical applications

These goals are not surprising. Although EMRs have been in place in many healthcare organizations for years, the growth of health systems as they add physicians, clinics, hospitals and diagnostic centers represents a growing need to integrate disparate systems. The continual increase in the number of mobile applications and medical devices that can be used to gather information to feed into EMR systems further exacerbates the challenge.

What is surprising is the low percentage of health systems that believe that they are very or somewhat well-prepared to handle these challenges – only 35 percent of the HIMSS/Liaison focus group members identified themselves as well-prepared.

“Chaos” was a word used by focus group participants to describe what happens in a health system when numerous players, overlapping projects, lack of a single coordinator and a tendency to find niche solutions that focus on one need rather than overall organizational needs drive digital transformation projects.

It’s easy to understand the frustration. Too few IT resources and too many needs in the pipeline lead to multiple groups of people working on projects that overlap in goals – sometimes duplicating each other’s efforts – and tax limited staff, budget and infrastructure resources. It was also interesting to see that focus group participants noted that new technologies and changing regulatory requirements keep derailing efforts over multi-year projects.

Throughout all the challenges identified by healthcare organizations, the issue of data integrity is paramount. The addition of new technologies, including mobile and AI-driven analytics, and new sources of information, increases the need to ensure that data is in a format that is accessible to all users and all applications. Otherwise, the full benefits of digital transformation will not be realized.

The lack of universal standards to enable interoperability are being addressed, but until those standards are available, healthcare organizations must evaluate other ways to integrate and harmonize data to make it available to the myriad of users and applications that can benefit from insights provided by the information. Unlocking access to previously unseen data takes resources that many health organizations have in short supply. And the truth is, we’ll never have the perfect standards as they will always continue to change, so there’s no reason to wait.

Infrastructure, however, was not the number one resource identified in the HIMSS focus group as lacking in participants’ interoperability journey. In fact, only 15 percent saw infrastructure as the missing piece, while 30 percent identified IT staffing resources and 45 percent identified the right level of expertise as the most critical needs for their organization.

As all industries focus on digital transformation, competition for expert staff to handle interoperability challenges makes it difficult for healthcare organizations to attract the talent needed. For this reason, 45 percent of healthcare organizations outsource IT data integration and management to address staffing challenges.

Health systems are also evaluating the use of managed services strategies. A managed services solution takes over the day-to-day integration and data management with the right expertise and the manpower to take on complex work and fluctuating project levels. That way in-house staff resources can focus on the innovation and efficiencies that support patient care and operations, while the operating budget covers data management fees – leaving capital dollars available for critical patient care needs.

Removing day-to-day integration responsibilities from in-house staff also provides time to look strategically at the organization’s overall interoperability needs – coordinating efforts in a holistic manner. The ability to implement solutions for current needs with an eye toward future needs future-proofs an organization’s digital investment and helps avoid the “app-trap” – a reliance on narrowly focused applications with bounded data that cannot be accessed by disparate users.

There is no one answer to healthcare’s digital transformation questions, but taking the following three steps can move an organization closer to the goal of meaningful interoperability:

  • Don’t wait for interoperability standards to be developed – find a data integration and management platform that will integrate and harmonize data from disparate sources to make the information available to all users the way they need it and when they needed.
  • Turn to a data management and integration partner who can provide the expertise required to remain up-to-date on all interoperability, security and regulatory compliance requirements and other mandatory capabilities.
  • Approach digital transformation holistically with a coordinated strategy that considers each new application or capability as data gathered for the benefit of the entire organization rather than siloed for use by a narrowly-focused group of users.

The digital transformation of healthcare and the interoperability challenges that must be overcome are not minor issues, nor are they insurmountable. It is only through the sharing of ideas, information about new technologies and best practices that healthcare organizations can maximize the insights provided by data shared across the enterprise.

About Gary Palgon
Gary Palgon is vice president of healthcare and life sciences solutions at Liaison Technologies, a proud sponsor of Healthcare Scene. In this role, Gary leverages more than two decades of product management, sales, and marketing experience to develop and expand Liaison’s data-inspired solutions for the healthcare and life sciences verticals. Gary’s unique blend of expertise bridges the gap between the technical and business aspects of healthcare, data security, and electronic commerce. As a respected thought leader in the healthcare IT industry, Gary has had numerous articles published, is a frequent speaker at conferences, and often serves as a knowledgeable resource for analysts and journalists. Gary holds a Bachelor of Science degree in Computer and Information Sciences from the University of Florida.

Important Patient Data Questions Hospitals Need To Address

Posted on July 13, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Obviously, managing and protecting patients’ personal health information is very important already.  But with high-profile incidents highlighting questionable uses of consumer data — such as the recent Facebook scandal – patients are more aware of data privacy issues than they had been in the past, says Dr. Oleg Bess, founder and CEO of clinical data exchange company 4medica.

According to Bess, hospitals should prepare to answer four key questions about personal health information that patients, the media and regulators are likely to ask. They include:

  • Who owns the patient’s medical records? While providers and EHR vendors may contend that they own patient data, it actually belongs to the patient, Bess says. What’s more, hospitals need to be sure patients should have a clear idea of what data hospitals have about them. They should also be able to access their health data regardless of where it is stored.
  • What if the patient wants his or her data deleted? Unfortunately, deleting patient data may not be possible in many cases due to legal constraints. For example, CMS demands that Medicare providers retain records for a fixed period, and many states have patient record retention laws as well, Bess notes. However, if nothing else, patients should have the ability to decline having their personally-identifiable data shared with third parties other than providers and payers, he writes.
  • Who is responsible for data integrity? Right now, problems with patient data accuracy are common. For example, particularly when patient matching tools like an enterprise master patient index aren’t in place, health data can end up being mangled. To this point, Bess cites a Black Book Research survey concluding that when records are transmitted between hospitals that don’t use these tools, they had just a 24% match rate. Hospital data stewards need to get on top of this problem, he says.
  • Without a national patient ID in place, how should hospitals verify patient identities? In addition to existing issues regarding patient safety, emerging problems such as the growing opioid abuse epidemic would be better handled with a unique patient identifier, Bess contends. According to Bess, while the federal government may not develop unique patient IDs, commercially developed master patient index technology might offer a solution.

To better address patient matching issues, Bess recommends including historical data which goes back decades in the mix if possible. A master patient index solution should also offer enterprise scalability and real-time matching, he says.

Driving Value in the Community: How Atos Invested In Hope TEC and Gained Business Value

Posted on July 12, 2018 I Written By

The following is a guest blog post by Julie Collier, Reverend Sanders, Ron Quidatano, and Heather Haugen PhD from Atos Digital Health Solutions.

Having strong technical expertise is an important competitive advantage in the field of Information Technology. While finding and retaining the right people matters for niche positions, it is also critical for entry-level IT positions.

In early 2010, Reverend (Rev.) Sanders, a senior pastor of the Hope Presbyterian Church of Chicago, met with Atos leadership (formerly ACS/Xerox), led by Chad Harris, Chad recognized the need to discuss the value of identifying resources best suited for IT training programs in the Englewood Community which was hit hard by the downturn of the economy.  With $13B of IT services, Atos deals with the impact of these resource constraints every day.  And together, Sanders and Harris discussed ways in which the tremendous resources of ATOS could be used to make a positive impact, in a community desperately in need of IT training for unemployed and underemployed residents to be lifted out of the grips of poverty.

Cook County Health & Hospitals System (CCHHS), a long-term client of Atos, was another natural partner with which to create an innovative and effective program.  Atos, CCHHS, and Hope Presbyterian Church all committed funds, resources, and leadership to the cause. They identified Chicago’s South Side as a community in need of computer and technology training for low-income residents, youth education, and job readiness preparation for adults.  In September 2010, Rev. Sanders founded Hope Technology and Education Center (Hope TEC), a not-for-profit 501(c) (3).  Atos committed funding and resources to the program, hiring Julie Collier as the Executive Director.  Julie enrolled 20 adult students in the first Beginners Computer Class; it proved to be a small start that quickly gained momentum.

Today, Hope TEC provides digital literacy, essential life skills, job readiness, job placement, and career planning for adults and youth. Julie Collier has grown the program from one Beginners Computer Class into a broad set of training programs that provide skill development from beginner to advanced levels, including Microsoft Office certifications.  The current phase of Hope TEC is leading students to job internship/job placement components. Because of the widespread success of the program, Hope TEC have a far reach and serves participants throughout the Chicagoland area.  Hope TEC serves more than 100 students annually.  Julie manages curriculum development, implementation of offerings, tracking of progress, and train-the-trainer programs. Her passion moved the program beyond just job training to job placement combined with career development, which is a unique aspect of the program.

“Hope TEC was a godsend,” says Alisha, who completed 14 weeks of training in Microsoft PowerPoint and Excel.  “Now I have the computer skills and the confidence to move forward in my job search.” Alisha earned a high score of 99 percent on the PowerPoint skills test administered by the City Colleges of Chicago, where she was hired as a Clerical Assistant.

Hope TEC has partnered with organization Easter Seals, and in the fall of 2018 will begin a partnership with Catholic Charities through their Senior Community Service Employment Program (SCSEP).  This organization provides their hired trainees with the opportunity to train and work at Hope TEC with the ultimate goal of achieving gainful employment. These senior age adults benefit from learning and teaching new technical skill sets.

Hope TEC also provides year-round youth programs for students at the kindergarten through 8th-grade levels. During the summer months, they enroll 60+ children. Hope TEC also partners with Chicago Mayor Emmanuel’s sponsored program, called One Summer Chicago. They hire, train, and mentor more than ten young people, ages 16 through 24, to work in their youth program. The majority of the children enrolled in the summer program are from families in a low-income bracket who enroll in their school’s free lunch programs, and 85% to 90% of the children live in the community. The program is operated by adults who have professional early childhood education experience and credentials. The program consists of educational learning, such as anti-bullying and self-confidence; basic computer training; robotic programming; PowerPoint presentations; 3D printing; and extracurricular programs. They culminate the summer program with a celebratory event where students give presentations to parents and sponsors about what they have learned and receive book bags and school supplies.

Hope TEC also established a partnership with Chicago State University allowing students to serve as mentors and instructors. CSU students can perform volunteer Service Learning Hours through Hope TEC.  The students assist with the Beginners Computer Class and the youth programs.

The outcomes from Hope TEC demonstrate how innovative IT retraining programs provide value in the community and to potential employers. Hope TEC educates and empowers more than 100 adults and youth each year with computer training programs, essential life skills workshops, job readiness training programs, and a host of youth enrichment programs.

Benefits for Adult Students:

  • Utilize technical skills to compete for and secure employment or to enhance existing employment status.
  • Continue education by enrolling in Junior College to pursue an undergraduate degree.
  • Empower those who are raising children to effectively utilize computer skills, assist their children with homework, extend their overall means of communication, and conduct online transactions or business.

Many of our Hope TEC students have stated that in addition to the exceptional educational program, they also enjoy Hope TEC’s safe and genuine services that lead the way to successful individual outcomes.

Benefits for Youth Students:

  • We provide a safe, educational, and engaging environment for our school-aged children
  • We equip youth with essential to advanced computer skills, including basic Windows operations, keyboarding, internet browsing, introduction to PowerPoint, 3D Printing, and more
  • We help connect youth with summer employment opportunities.
  • Our after-school homework assistance program serves as a protective function for youth who are at risk for failing school, particularly those who do not have other structured after-school activities or those whose parents do not have the education required to assist their children.
  • We educate our students with the necessary anti-bullying and other socials skills to help them use critical thinking skills so that they can diffuse delicate situations they may encounter in everyday life.
  • We provide a place where children experience how to bolster their range of coping strategies. They master the simple challenges of learning how to follow basic instructions, create things as a team, or conquer a physical team challenges.
  • Our youth demonstrate their mastery of the complex challenges associated with getting along with new groups of peers, learning how to ask for help from others, and taking manageable risks without parental guidance.
  • We broaden our children’s horizons via field trips, exposing them to the City of Chicago, including the ComEd Youth Energy Assistance Program, Chicago’s Water Taxi ride for sightseeing through the downtown Chicago Canal, Afterschool Matter Exhibits, museums, farms, and many other exciting and educational places.
  • Our program empowers youth by giving them new skills, ideas, strategies, relationships, with their peers, as well as with trusted adults. Our youth view themselves as competent and continue to be better problem-solvers in new situations long after they leave Hope TEC.

Hope TEC is making a difference by providing essential life skills, job training, professional development, and career paths to low-income youth and adults in Chicago. The partnership between Atos, Hope Presbyterian Church, and CCHHS should be a model for other communities to support, fund, and lead similar essential initiatives.  To learn more about Hope TEC, visit us at www.hopetec.org .

“I had some experience with Word, but I had no idea Word was this in-depth,” says Ken, who completed a three-part advanced study of the Microsoft application suite at Hope TEC. “This is a great benefit that’s much needed. With all that’s going on in Englewood, Hope TEC is a blessing. It’s a blessing for Englewood. It’s a blessing for Chicago, and more people need to know about it.”  After completing the Hope TEC program, Ken was hired by SCR Transportation as a desktop support analyst.

About Hope TEC
Hope TEC dedicated to serving some of the most technologically disadvantaged communities in America. They recognize the need for accessible real-life training in inner-city neighborhoods and the need to prepare its residents in the emerging global economy. Hope TEC believes in empowering people with computer training programs, educational classes, and employment opportunities. Hope TEC’s goal is to transform individual lives, enhance family lifestyles, and impact both individuals and their neighborhoods.

About the Authors:
Julie Collier is the Executive Director of Hope TEC for Atos
Reverend Sanders, Founder, and CEO of Hope TEC
Ron Quidatano is a Director with Atos Digital Health Solutions and the CCHHS Client Executive
Heather Haugen is the Chief Science Officer for Atos Digital Health Solutions
Inbal Vuletich serves as the editor for all Atos Digital Health Solution publications

Acknowledgments:
Special thanks to Chad Harris and Atos leadership for creating the vision for Hope TEC, to Cook County Health and Hospital System, and Ron Quidatano for leading the program.  We also owe our gratitude to the Board of Hope TEC.

About Atos Digital Health Solutions
Atos Digital Health Solutions helps healthcare organizations clarify business objectives while pursuing safer, more effective healthcare that manages costs and engagement across the care continuum. Our leadership team, consultants, and certified project and program managers bring years of practical and operational hospital experience to each engagement. Together, we’ll work closely with you to deliver meaningful outcomes that support your organization’s goals. Our team works shoulder-to-shoulder with your staff, sharing what we know openly. The knowledge transfer throughout the process improves skills and expertise among your team as well as ours. We support a full spectrum of products and services across the healthcare enterprise including Population Health, Value-Based Care, Security and Enterprise Business Strategy Advisory Services, Revenue Cycle Expertise, Adoption and Simulation Programs, ERP and Workforce Management, Go-Live Solutions, EHR Application Expertise, as well as Legacy and Technical Expertise. Atos is a proud sponsor of Healthcare Scene.

Rate Of Healthcare Ransomware Attacks Falls In First Half of 2018

Posted on I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Most research I’ve read lately suggests that the rate of healthcare cyberattacks is at an all-time high, and that ransomware is leading the parade.

But is that really true? Maybe not. A new security report has concluded that the rate of ransomware attacks on healthcare organizations actually fell during the first half of this year, and what’s more, that such attacks trended lower during the same period.

The study, which comes from security firm CryptoniteNXT, notes that cybercriminals target healthcare because they can fetch great prices for the data by reselling it on the dark web. Also, given the complexity of healthcare networks and the high number of vulnerabilities in those networks, thieves see providers as a fat and easy target.

However, when it comes to ransomware, the landscape may be changing. CryptoniteNXT found that the number of ransomware attacks impacting over 500 patient records dropped from 19 major data breaches in the first half of 2017 to 8 major breaches in the first half of 2018. That’s an impressive 57% decrease.

The biggest reported records IT/hacker-driven breach hit LifeBridge Health, affecting 538,127 individuals. Other organizations targeted included academic medical centers, medical practices, ambulatory surgical centers, health plans and government agencies.

Meanwhile, the rate of ransomware attacks as a percentage of IT/hacking events has fallen substantially, from 30.16% during the first half of 2017 to 13.6% during the first half of this year.

On the other hand, the volume of patients affected has climbed. Roughly 1.9 million patient records were breached in the first half of this year, compared with 1.7 million records the first half of 2017 and 1.8 million records the second half of that year, it concludes.

Also, the report notes that ransomware attackers are far from done with the industry. The authors say that ransomware will still pose a “formidable threat” to healthcare organizations and that new variants such as AI-based malware will pose a major threat to healthcare organizations for the next couple of years.

To fend off hacking attacks, CryptoniteNXT recommends adopting new best practices such as moving target cyber defense and network micro-segmentation, which can address the inherent weakness of TCP/IP networks.

The Challenge of Medical Records Requests in the Healthcare Business Office – HIM Scene

Posted on July 10, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

While at the HFMA Annual Conference (Formerly known as ANI), Healthcare Scene was able to sit down with Kim Charland, BA, RHIT, CCS, Director of Revenue Cycle Services at MRO, to talk about some unique issues with Release of Information (ROI) coming out of the healthcare business office.

This was an issue I hadn’t thought much about previously, but it makes a lot of sense that medical billing professionals probably aren’t the best people to be handling release of information to insurance companies. Billing professionals’ goal is to get paid, not ensure that they’re doing a proper release of information to payers. Plus, most of them have billing expertise, not ROI expertise. It makes a lot of sense for the business office to involve HIM professionals with release of information expertise into the process.

To learn more about this topic and what MRO is doing to help healthcare organizations address this compliance issue, watch the video interview below with Kim Charland:

If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.

Pager Breach Exposes Patient Data From Six Hospitals

Posted on July 6, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

The IT worker was shocked. All he had done was buy an antenna and try to get TV channels on his laptop computer, but to his amazement, he inadvertently intercepted a flood of unencrypted pager messages chock full of private patient data.

The pager messages flooded in from six Kansas City area hospitals, including the University of Kansas Hospital, Cass County Regional, Liberty Hospital, Children’s Mercy Hospital, St. Mary’s Medical Center and Wesley Medical Center.  All told, the man had gotten access to information on hundreds of patients, in a fusillade of potential HIPAA violations.

According to an article in the Kansas City Star, patients who learned about the breach were horrified. “Who knows what else is going on, if it’s that easy for that information to get out there?” one woman told the newspaper. “There’s a big security breach there that needs to be stopped.”

When the paper spoke to the hospitals involved, some punted and didn’t respond to questions. Others shrugged off the problem or suggested that the breach was not a big deal.

For example, the University of Kansas told the reporter that the pager vulnerability was due to “a specific vulnerability in our paging system that may allow access to certain personal health information in limited circumstances.” It seems that an apology was not forthcoming.

Another hospital, Children’s Mercy, told the Star that the IT worker was to blame for the problem, contending that the pager data was only accessible to “local hackers with specific scanning and decoding equipment —- and technical knowledge of how to use it for this specific purpose.” In other words, the breach wasn’t really its fault.

As the article points out, the IT worker could be accused of violating the Electronic Communications Protection Act, which restricts the interception of electronic communications. For that reason, the paper never identifies him. But the article strongly suggests that he was surprised to see the messages and operated in good faith.

The worker, for his part, sensibly argues that the hospitals should have realized that the messages were in the clear. “It’s security by obscurity at this point —- and that’s scary,” he told the paper. “In my line of work you see a lot of ‘Let’s hope nobody finds it,’ [or] ‘It’s hard to find, so it’s pretty secure.’ That’s not enough. We can’t just trust people won’t stumble upon it. We have to assume that they do.”

Healthcare Interoperability Insights

Posted on June 29, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I came across this great video by Diameter Health where Bonny Roberts talked with a wide variety of people at the interoperability showcase at HIMSS. If you want to get a feel for the challenges and opportunities associated with healthcare interoperability, take 5 minutes to watch this video:

What do you think of these healthcare interoperability perspectives? Does one of them stand out more than others?

I love the statement that’s on the Diameter Health website:

“We Cure Clinical Data Disorder”

What an incredible way to describe clinical data today. I’m not sure the ICD-10 code for it, but there’s definitely a lot of clinical data disorder. It takes a real professional to clean the data, organize the data, enrich the data, and know how to make that data useful to people. IT’s not a disorder that most people can treat on their own.

What’s a little bit scary is that this disorder is not going to get any easier. More data is on its way. Better to deal with your disorder now before it becomes a full on chronic condition.

Mobile App Streamlines Physician Query Process

Posted on June 28, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Most physicians would tell you that they already spend too much time on documentation and coding. Adding insult to injury, after the coding job is done we often have to explain their decisions to medical coders, a process which can take as long as 20 minutes, according to vendor Artifact Health.

Artifact hopes to take the pain out of the burdensome physician query process. It offers a mobile app allowing doctors to answer coding queries which it says allow them to resolve problems within just three clicks. Physicians can also access the platform on the desktop.

Its approach bears some relationship to a new product from vendor Change Healthcare, which has just launched RCM technology which helps doctors address claims documentation requests. Change’s Assurance Assist Module, which is part of its Assurance Reimbursement Management suite, can anticipate the documentation needs of eight payers, the company said.

I am interested in both of these approaches because I know that physicians are already struggling to manage medical coding within their own practices. Hospital queries are a challenging part of that mix and feels like a major chore for providers. In fact, if Artifact’s research is correct and each traditional query takes 20 minutes to resolve, physicians could conceivably end up a little time to do anything else.

So far, Artifact seems to be rolling along impressively. The vendor says that more than 50 hospitals have come on board with its technology, including five institutions from Johns Hopkins Medicine. According to the vendor, these hospitals solve physician response rate of almost 100% and average response time within 48 hours for all periods.

Meanwhile, the hospitals found that the time it took for claims to get paid (days in Accounts Receivable) fell substantially, Artifact reports.

Lest it sound like I’m an Artifact investor, let me raise the questions I ask every time I get a look at a new health IT startup:

  • What does the software cost?
  • How long does it usually take to go live with the platform?
  • How much man- or woman power will it take to install and maintain the software?

At the moment I don’t know. As we all know, not only the initial investment, but also implementation and maintenance can catch hospitals by surprise.

The truth is, it’s likely any vendor addressing aspects of hospital RCM will be somewhat expensive and somewhat complex to install. I wish there were workable benchmarks giving hospital leaders a preliminary sense of their potential investment.

Regardless, this is a worthwhile area for RCM vendors to attack. Even if all this technology did was give doctors some relief, it might reach ROI over time. When you consider that tools like these can help coders get clean claims out of the door, it’s even better.