Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Cybersecurity, Telehealth and Big Tech Entrants are Top of Mind

Posted on November 22, 2018 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He is currently an independent marketing consultant working with leading healthIT companies. Colin is a member of #TheWalkingGallery. His Twitter handle is: @Colin_Hung.

Unease over cybersecurity, optimism for the future of telehealth, and worries about the entry of big tech companies (like Apple, Amazon and Google) are the top three concerns for 2019 according to a recent survey of healthcare leaders released by the Center for Connected Medicine.

The Center for Connected Medicine (CCM), which is jointly operated by GE Healthcare, Nokia and UPMC, partnered with The Health Management Academy for the Top of Mind 2019 survey. Conducted in three parts, the research started with a survey of health system information officers in May 2018 to determine the top areas of health IT for 2019.

According to the CCM, key findings include:

  • Hackers and other cyber-criminals are stepping up their attacks on the health care industry, leading 87 percent of respondents to say they expect to increase spending on cybersecurity in 2019; no health system was expecting to decrease spending.
  • Health information technology (IT) leaders overwhelmingly expect government and commercial reimbursement to provide the majority of funding for telehealth services by 2022; internal funding and patient payments are expected to provide the majority of funding for telehealth in 2019.
  • 70 percent of responding executives said they were “somewhat concerned” about big tech companies, such as Apple, Amazon and Google, disrupting the health care market; 10 percent were “very concerned.”

Cybersecurity

Cybersecurity was the top concern from the 2018 survey so it is not surprising to see it on top of the list for 2019 – especially as the number of cyberattacks continues to increase each year. What is surprising is the level of confidence that executives have in their ability to recover from an attack.

According to the report:

  • Only 20% of respondents reported being “very confident” in their organization’s IT recovery and business continuity plans
  • 70% of respondents said they were “somewhat confident” in those plans

I’m not sure I would want to be at a healthcare organization that was only “somewhat confident” it could recover from a cyber attack.

For me, the survey highlights how much work we still have to do around cybersecurity in healthcare. It’s not just a matter of hardening HealthIT systems, that is only part of the solution. Healthcare organizations also need to implement robust security processes and ensure staff are properly educated.  The latter is particularly important as Phishing and spear-phishing were cited by 80% of Top-of-Mind survey respondents as the most common types of cyberattacks.

My colleague John Lynn recently wrote an article that dives deeper into cybersecurity.

Telehealth

One of the most interesting findings in the survey was the optimism healthcare executives have for telehealth.

“Telehealth represents a low percentage of total care delivery at all responding health systems, yet executives unanimously anticipate growth in the next three years as reimbursement increases and consumer demand picks up. All responding health systems report 10% or less of their organization’s total care delivery is currently provided through telehealth. However, all health systems expect an increase over the next three years, with 45% expecting a significant increase of 10% or more.”

According to the survey the biggest barrier to telehealth adoption is not the technology, but rather the lack of reimbursement.

Part of the optimism executives feel toward telehealth may have to do with the final 2019 Physician Fee Schedule and Quality Payment Program issued early in November 2019 by The Centers for Medicare & Medicaid Services (CMS). As of 1 January 2010, CMS will reimburse a number of telehealth and communication-technology based services:

  • Brief communication technology-based service, e.g. using phone or other telecommunications device to decide whether an office visit is needed
  • Remote evaluation of recorded video and/or images submitted by an established patient
  • Remote patient monitoring (CPT codes 99453, 99454, 99457)
  • Interprofessional Internet consultations (CPT codes 99451, 99452, 99446, 99447, 99448, 99449)

It is widely expected that CMS will continue to expand the reimbursement for communication technology enabled services in future years.

Entry of Big Tech Companies

Companies like Apple, Amazon, Google and Microsoft have each made significant healthcare-related announcements this past year and continue to push into the healthcare space. Their entry has executives concerned, according to the Top-of-Mind survey results.

“The biggest threat is if these companies get between us and the end consumer,” said one CEO in a written survey comment. “If there is a platform regulated and controlled by someone other than us – that makes us nervous. There are many places where some of these new platforms and conveniences can and will likely succeed – we haven’t been good in this space.”

What this CEO is referring to is the consumer-focus that these Big Tech companies have and how relentless they are at providing superior consumer experiences based on data as well as deep analytics. That is something traditional healthcare organizations have only just woken up to realize – that patients want the consumer-friendly conveniences they have become accustomed to from other industries like retail and banking.

Top-of-Mind Conference

In a few weeks CCM will be hosting healthcare leaders from around the country at their annual Top-of-Mind conference. I’m really excited to attend the event and learn first-hand how leaders plan to address their concerns in 2019. Stay tuned.

Phishing Attack On Hospital Could Impact 1.4 Million Patients

Posted on August 3, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A hospital in West Des Moines, Iowa has entered its third month of public disclosure after experiencing a data breach which could impact 1.4 million patients.

On May 31st, UnityPoint Health discovered that a phishing attack on its business email system had created a breach. Its investigation found that the company got a series of fraudulent emails pretending to have come from an executive within UnityPoint. After contacting law enforcement and beginning to research the situation, UnityPoint disclosed the existence of the breach to the public.

The patient information exposed includes names, addresses, dates of birth, medical record numbers and insurance information. Cyber attackers may also have gotten access to patient Social Security numbers and/or drivers’ license numbers. In a limited number of cases, attackers might even have been able to access patients’ payment card or bank account numbers.

Since then, UnityPoint has continued to keep its patients aware of any news on the situation, a painful yet necessary process which can help it rebuild its credibility. After all, it’s likely that the news of UnityPoint’s breach will get consumers very upset.

In fact, a new survey by SCOUT in partnership with The Harris Poll found that 49% of America adults are extremely or very concerned about the security of their personal health information. Given the fact that they’ve been hit with news of such breaches very regularly in recent years, it’s little wonder.

It’s worth noting that many consumers aren’t using online healthcare tools very often. For example, while 39% of those aged 18 to 34 used online portals to access their health information, all told only 36% of Americans overall use this technology.

As their health information knowledge increases, though, most patients become more concerned with what providers do to protect the privacy and security of their healthcare data. They learn how valuable this data is to potential buyers, and how there’s a ready market for their data in clandestine, impossible-to-track sites on the Dark Web.

Also, as the tenor of news coverage shifts from technical terms like “data breach” to tales of what happened to specific consumers, it’s likely that consumers will develop a more realistic view of what’s at stake here. If they’re freaked out at that point, they’ve probably figured out how a breach could impact their lives.

HHS OIG Says Unplanned Hospital EMR Outages Are Fairly Common

Posted on August 24, 2016 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

More than half of U.S. hospitals responding to a new survey reported having unplanned EMR outages, according to a new report issued by the HHS Office of the Inspector General, due to a variety of common but difficult-to-predict technical problems. Some of these outages have merely been inconveniences, but some resulted in patient care problems, the OIG report said.

The agency said that it conducted this study as a follow up to its prior research, which found that both natural disasters and cyberattacks were having a major impact on EMR availability. For example, it noted, hospitals faced substantial health IT availability challenges in the wake of Superstorm Sandy, include damage to HIT systems and problems with access to patient records.

According to the survey, 59% of the hospitals reported having unplanned EMR outages. One-quarter said that the outages created delays in patient care and 15% said that the outage lead to rerouted patient care. Only 1 percent of outages were caused by hacking or breaches.

The most common causes, in order, were topped by hardware malfunctions, followed by Internet connectivity problems, power failures and natural disasters. (For more detail on the root causes of outages, see this great post by my colleague John Lynn.)

It’s worth noting that these hospitals were selected for having their act together to some degree. To conduct the study, researchers spoke with 400 hospitals which were getting Meaningful Use incentive payments for using a certified EMR system in place as of September 2014.

Nearly all of these hospitals reported having a HIPAA-required EMR contingency plan in place. Also, two thirds of the hospitals addressed the four HIPAA requirements reviewed by OIG researchers. Eighty-three percent of surveyed hospitals reported having a data backup plan, 95% had an emergency mode operations mode plan, 95% said they had a disaster recovery plan and 73% said they had testing and revision procedures in place.

Not only that, most of the hospitals contacted by the study were implementing many ONC and NIST-recommended practices for creating EMR contingency plans. Nearly all had implemented practices such as using paper records for backup and putting alternative power sources like generators in place.

Also, most hospitals said that they reviewed their EMR contingency plans regularly to stay current with system or organizational changes, and 88% said they’d reviewed such plans within the previous two years. Most responding hospitals said they regularly trained their staff on EMR outage contingency plans, though just 45% reported training staff through recommended drills on how to address EMR system downtime. And 40% of hospitals that activated contingency plans in the wake of an outage reported that they saw no disruption to patient care or adverse events.

Still, the OIG’s take on this data is that it’s time to better monitor hospitals’ ability to address EMR outages. Now more than ever, the agency would like to see the HHS Office for Civil Rights fully implement a permanent HIPAA compliance program, particularly given the mounting level of cyberattacks endured by the industry. The OIG admitted that HIPAA standards aren’t crafted specifically to address these types of outages, so it’s not clear such monitoring can solve the problem, but the agency would prefer to forge ahead with existing standards given the risks that are emerging.

Creating Alliances with Large Health IT Vendors – Benefits and Challenges

Posted on June 13, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Healthcare Scene recently sat down with Nancy Hannan, Philips Relationship Director at Augusta University Health System (formerly known as Georgia Regents) to talk about their alliance with Philips Healthcare and the impact it’s had on their healthcare organization.

Along with talking about the benefits and challenges of creating a long term contract with a healthcare IT vendor, we also dive into the details of how medical device standardization has impacted their organization. Not to be left out, we also talk about how this relationship has impacted patients and doctors. If your organization is looking at how to standardize your medical equipment, this interview will give you some insight into creating a long term alliance with your vendor.

In the second part of my interview with Nancy Hannan, Philips Relationship Director at Augusta University Health System (formerly known as Georgia Regents) we discuss how they’re taking the lessons learned from the Philips alliance and applying them to their agreement with Cerner. We also talk about how cybersecurity is better having a vendor representative on site like they have with Philips.