Will Japan’s hard lessons on an aging population include those with dementia?

Japan, with over 30 percent of its population over 60 and with no countervailing trend to stop it, is now facing the scourge of dementia. With a WHO-estimated life expectancy of 84, over 4.6 million Japanese have been diagnosed with it. The Japan Times published an estimate (unfootnoted) that 15 percent of Japan’s over-65 population has dementia to some degree. Will Japan, struggling to implement technology to better manage an aging, shrinking population [TTA 24 Oct], turn out to be a model for Western Europe, the US, and their neighbor China in treating older people with cognitive problems with respect and care –or be a cautionary tale?

Two articles in Canada’s Toronto Star and the Japan Times indicate the struggle and the pressure that dementia has placed on an aging Japanese nation. What makes headlines is an unfortunate 91-year-old man in Obu who wanders onto railway tracks (with the family handed the C$39,000 damage bill), the horrific rundown of pedestrians by a 73-year-old who despite a dementia diagnosis just had his driver’s license renewed, and the violent acts around kaigo jigoku, or “caregiver hell” by both family members and paid carers. This is not readily solvable by robots or Paro seals (although self-driving cars would be one huge help). 

Japan has pioneered innovation for a better quality of life with dementia, which as typical not all of which can translate to a larger country:

  • In 2000, Japan introduced mandatory long-term care insurance, which is paid into starting at age 40. At 65 (or earlier due to disease), you become eligible for a wide range of caring services, with a 10-20 percent service fee attached to discourage overuse. This semi-market-based approached has proven popular with 5.6 million using it in 2013.
  • Dementia daycare, which reportedly is used by 6-7 percent of the over-65 population. Healthy stimulating activities in a local home and small group setting, such as food preparation, art therapy, and storytelling can cost as little as C$10 a day.
  • Dementia search and rescue, which is organized again on a local basis. Community teams of social workers and medical professionals actively look for people with dementia in homes where, for instance, a wife is caring for a husband who is increasingly forgetful, and suggest some alternatives and respite. Sometimes the approach works, sometimes not, but it shows that the community does not forget about the person and, importantly, the caregiver.
  • Short-term stays or respite care (shokibo takino) gives a regular ‘day off’ or a stay of up to 30 days. This also appears to be organized locally.

The Japan Times/Sentaku ‘dementia time bomb’ article is nowhere near as optimistic as the Toronto Star‘s take, advocating instead: (more…)

CVS’ bid for Aetna–will it happen, and kick off a trend? (updated)

We have scant facts about the reported bid of US drugstore giant CVS to purchase insurance giant Aetna for a tidy sum of $200 per share, or $66 billion plus. This may have been in development for weeks or months, but wisely the sides are keeping mum. According to FOX Business, “an Aetna spokesperson declined to chime in on the reports, saying the company doesn’t “comment on rumors or speculation” and to Drug Store News, a CVS Health spokesperson did the same. Aetna’s current market cap is $53 billion, so it’s a great deal for shareholders if it does happen.

Both parties have sound reasons to consider a merger:

  • CVS, like all retailers, is suffering from the Amazon Effect at its retail stores
  • Retail mergers are done with the Walgreens Boots AllianceRite Aid merger going through considerable difficulties until approved last month
  • The US DOJ and Congress has signaled its disapproval of any major payer merger (see the dragged-out drama of Aetna-Humana)
  • It has reportedly had problems with its pharmacy benefit management (PBM) arm from insurers like Optum (United HealthCare), and only last week announced that it was forming a PBM with another giant, Anthem, called IngenioRx (which to Forbes is a reason why this merger won’t happen–this Editor calls it ‘hedging one’s bets’ or ‘leverage’)
  • Aetna was hard hit by the (un)Affordable Care Act (ACA), and in May announced its complete exit from individual care plans by next year. Losses were $700 million between 2014 and 2016, with over $200 million in 2017 estimated (and this is prior to the Trump Administration’s ending of subsidies).
  • It’s a neat redesign of the payer/provider system. This would create an end-to-end system: insurance coverage from Aetna, CVS’ Minute Clinics delivering care onsite, integrated PBM, retail delivery of care, pharmaceuticals, and medical supplies–plus relationships with many hospital providers (see list here)–this Editor is the first to note this CVS relationship with providers.

We will be in for more regulatory drama, of course–and plenty of competitor reaction. Can we look forward to others such as:

  • Walgreens Boots with Anthem or Cigna (currently at each others’ throats in Delaware court
  • Other specialized, Medicare Advantage/Medicare/Medicaid networks such as Humana or WellCare?
  • Will supermarkets, also big retail pharmacy providers, get into the act? Publix, Wegmans, Shop Rite or Ahold (Stop & Shop, Giant) buying regionals or specialty insurers like the above, a Blue or two, Oscar, Clover, Bright Health….or seeking alliances?
  • And then, there’s Amazon and Whole Foods….no pharmacy in-house at Whole Foods, but talk about a delivery system?

Also Chicago Tribune, MedCityNews.

UPDATED. In seeking an update for the Anthem-Cigna ‘Who Shot John’ court action about breakup fees (there isn’t yet), this Editor came across a must-read analysis in Health Affairs 

(more…)

CHC breaking news: Qualcomm on 5G’s $1T impact, Think Fast stroke VR

From the Connected Health Conference in Boston

Qualcomm announced today two releases: an analysis on the effects of 5G mobile on the healthcare sector and the Think Fast virtual reality (VR) simulation program for stroke diagnosis.

5G Mobile: Qualcomm’s study, “5G Mobile: Impact on the Health Care Sector”, found that 5G’s increased data speed, reliability, and security will have a substantial and positive impact on healthcare both in quality and financially. 

  • It will enable the ‘personalization of healthcare’ through permitting the continuous real-time gathering of healthcare data through sensors and on the back end, to process that data usefully. Qualcomm calls this the Internet of Medical Things (IoMT) which works for this Editor as long as the devices and apps are secure. (Having worked in telehealth where network drops and latency in many areas, particularly rural, often made check-in via tablet connectivity a matter of the stars aligning right, this is good news–Ed. Donna)
  • It will better support remote diagnosis and imaging, including the application of VR
  • It will facilitate distributed computing, which is data processing closer to the patient, for the greater use of predictive analytics 
  • Faster and more data will help in the transition from volume-based to value-based/outcome-based care
  • Financial impact is estimated by IHS Markit at more than $1.1 trillion in global sales in healthcare by 2035. broken down as follows:
    • $453bn in the healthcare vertical: hospitals, doctors, medical equipment, pharma
    • $409bn in supply chain and related
    • $253bn in added value sectors: payers, data analytics providers, cloud data services

The study was authored by Prof. David J. Teece, Tusher Center for Intellectual Capital, Haas School of Business, UC Berkeley, and supported by Qualcomm. Study PDFPreviously in TTA: Ericsson’s less rosy 5G international healthcare survey [TTA 13 June].

Think Fast VR: FAST–Facial drooping, arm weakness, speech difficulties and time to call emergency services–is the acronym for what to watch for when someone is having a stroke. But if you could observe it in reality, it would be far less ambiguous and more memorable. Think Fast is a VR simulation program that lets the user (a med student, nurse, healthcare educator, or average person) observe a stroke’s effects as if it was happening to them. By stepping inside a stroke victim’s world, it educates on warning signs and critical steps for care. It was designed by ForwardXP using Qualcomm’s Snapdragon VR SDK and Unity 5.6 plugin. Stroke is the fifth leading cause of death in America and a leading cause of adult disability–which can be minimized or prevented with quick response within three hours. Video below. Hat tip to Ashley Settle of Weber Shandwick

A random selection of what’s crossed my screen recently

One of the signs of autumn for this editor is the first email from Flusurvey. This is a brilliantly simple system that sends you an email every week asking if you have flu-like symptoms, then produces a map of the UK that gives advance warnings of epidemics. It costs nothing to join and is a great contribution to public health so why not sign up?. (They also have some exciting developments that may surface soon such as a small device that you blow into the connects to a smartphone and can tell almost immediately if you have flu’.)

Increasingly of concern to this editor, due to his deep involvement in digital health regulation, is who is working out how to regulate self-learning algorithms. It is therefore good to see the issue breaking cover in the general press with this article. For what it’s worth this editor’s view is that as technology begins to behave more like humans, albeit in a much faster, and narrow, way by learning as it goes along, perhaps an appropriately adapted use of the way human clinicians are examined, supervised and regulated, might be most appropriate. Sitting next to an AHSN CIO interested in the topic at a Kings Fund event last week, I was pleased to hear him offer precisely the same suggestion, so perhaps there is a little mileage in the idea. 

DHACA (disclosure: run by this editor) has just renewed its website after a long delay, and will be updating content over the next few weeks. First off is the events page advertising:

Our Digital health safety conference on 7th November at Cocoon Networks, London, is being run jointly with DigitalHealth.London – the MHRA has now confirmed they will present so we have almost all the relevant organisations and experts in the UK speaking at this event which should be essential attendance for all involved with the development and use of digital health & care. Attendance has increased substantially in the past few days so do book soon to be sure of securing a place. Much more, including an almost-finalised agenda, is here.

DHACA Day XV – we are back to our usual location at the Digital Catapult Centre on 10th January where are building an agenda of some extremely interesting speakers. To check out the agenda development and to book in advance, go here.

(more…)

Distance concierge medicine: telemedicine connects US doctors to Chinese patients

Another ‘burden shift’ in medical care. As we in the US wrestle with the issues of telemedicine, cross-state consults, and payment parity, companies are finding a niche in cross-border international virtual consults. A startup in NYC, Docflight, now connects Chinese patients to a claimed several hundred US doctors from prestigious medical centers: Dana-Farber Cancer Center, NYU Langone, Brigham and Women’s Hospital, Massachusetts General, New York-Presbyterian, and others. Founded by Sally Wang, an attorney with a MPH, she developed the idea after negotiating the US healthcare system for her mother with breast cancer and considering how difficult it would be in China to do the same.

The patients pay an upfront fee of about $2,000 in what is essentially long-distance concierge medicine. Docflight first screens the patient, then recommends an appropriate specialist. Once matched, Docflight collects the patient’s medical records (machine translated then human reviewed) and schedules the consult time. The US doctor then advises their Chinese patient on health issues and performs a virtual visit, often with an attending Chinese doctor, and offers recommendations for treatment in an average 45 minute session. The doctors cannot prescribe, perform treatments or procedures. 

China has a burgeoning middle class and an aging population, which in combination with the hospital-based system of care in China means that individual patients receive little time with a physician, don’t have a personal relationship with one or more doctors, and don’t expect much of a personal relationship with their doctor. Their government is trying to swing the balance to a primary care model, but with 1.4 bn people that will take awhile. Telehealth and remote patient monitoring is one avenue being explored [TTA 12 Oct 16] but for acute care, a different model is needed. For the Chinese middle class, Docflight is an alternative to medical tourism, a time-tested safety valve for the affluent commonplace for patients from Canada, Latin America, the Middle East, and Asia to international medical centers, though Docflight will arrange such trips to the US.

It’s reasonable that healthcare crosses borders to increase access and overcome language barriers. We’ve previously profiled Mexico’s Salud Interactiva, which provides telephonic consults within the country plus select services through partners ConsejoSano (US) and Konsulta MD (Philippines) [TTA 16 Aug]. Dictum Health, an early-stage health tech company dual-headquartered in Dubai and Oakland, Calif., provides telehealth/telemedicine services long-distance to clinics in Costa Rica, refugee camps in Jordan, and oil rigs [TTA 19 Sep]. Crossing borders to burden-shift care and using technology to facilitate it is a trend to watch for in 2018. NBC News (video)Bold Global Media (video)Crunchbase  Hat tip to reader Jeanmarie Tenuto of Healthcare Technical Solutions.

Louisville’s Thrive Center showcases senior care technologies (KY)

Louisville, Kentucky is not the place our Readers would put at the top of their minds when thinking about assistive technologies for older adults, but the debut last week of The Thrive Center may change that. It’s a public-private partnership between the Commonwealth of Kentucky and Louisville Metro with private technology and senior living companies. It showcases technologies transforming senior care on a permanent, updating basis and demonstrated in use. 

The Center includes in their 7,500 square foot setting Samsung technologies integrated into a full-size kitchen, bathroom, living room and bedroom; AppliedVR virtual reality headsets; headphones from Eversound; brain fitness software from Posit Science; and music-as-medicine solutions from SingFit and wellness apps from EVŌ. The opening theme is assistance for memory care, which implies that the exhibits will be shifted to different themes in the future.

Companies which helped to establish Thrive include CDW Healthcare (IT), Samsung, Intel, Ergotron, Lenovo, HP/Aruba, Kindred Healthcare (post-acute care) and skilled nursing provider Signature HealthCare. Kindred and Signature are located in Louisville, which is a healthcare hub of the mid-South. It is also the headquarters of Humana and an operations center for Care Innovations–both notably absent from the partner list. CDW releaseSenior Housing News, Thrive Center website, Thrive Center release.

Impact of IP telephony on UK telecare systems

The Telecare Services Association (TSA) in the UK has recently released a white paper addressing the impact of a fundamental change to the [grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/10/connecting-people-saving-lives.jpg” thumb_width=”150″ /]UK Public Switched Telephone Network (PSTN) that is now being contemplated. This change will eventually see the replacement of the current PSTN and Integrated Services Digital Network landline networks with IP telephony (the type of phone connectivity that has been commonly used in most modern office environments for some years).

Two years ago BT, who essentially owns practically the whole of the UK PSTN, proposed that the change of their network would be completed in 2025.

This has an impact on the telecare services to the extent that many telecare alarm devices in use connect to the call centres via the PSTN and hence such devices and/or the infrastructure used by suppliers of such services will need to be upgraded when the underlying network is changed. There are, according to the TSA paper, 1.7 million users of such devices in the UK.

The TSA is essentially the UK industry body for telecare and telehealth and as such it is understandably trying to raise awareness of the need for both the commissioners and suppliers of these services to prepare for the change. This paper is said to be a result of gathering views from “key stakeholders” related to this change.

The potential impact, however, seems to be somewhat exaggerated. It should be remembered that the UK very successfully underwent another major switch-over not that long ago in 2012 – from analogue to digital TV. It required every analogue TV in the country to be either fitted with a set top box or replaced with a digital TV.

TSA also suggest that this changeover be used as an opportunity to roll out more internet based digital health functionality to end users. Of course, such functionality is already widely appearing in the form of health monitors, exercise and medication reminders etc. and are not dependent on the switch over. So it is unfortunate that the paper flips between the two topics and asserts a dependence of internet based digital services on the PSTN switch-over.

The document feels more like marketing material than a white paper with about 1/3 of it taken up by irrelevant photographs of random happy smiling or laughing (mostly older) people. It reminded me of some of the material that came out the the 3 Million Lives project. If only our elderly people living alone or in our care homes were as happy as this!

The paper is available to download here.

Clacton’s mystery tack attack scuppers mobility scooters (UK)

(On the lighter, lower-tech side–there are stories that just ask for alliteration running amok, with a few bad puns in tow–Ed. Donna)

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/10/b5eb4fac95dfacc08193ff898623f190-clout-nails-roofing-felt.jpg” thumb_width=”150″ /]Who Is The Tack Saboteur? In the traditional English seaside town of Clacton-on-Sea in Essex, there are quite a few resident pensioners (US=retirees) who use mobility scooters. According to the Telegraph (PDF), Clacton, in fact, has one of the highest numbers of what are also called disability buggies. The Telegraph and the local Clacton Gazette report that someone is not tossing out welcoming rose petals on the sidewalks but new half-inch roofing tacks. This tack (not hack) attack has been keeping local repair shops in the chips repairing punctured tyre tubes, with at least 15 buggy blowouts reported in two weeks. According to a local disability campaigner, it’s revenge on scooterers, who seem to have earned a poor driving reputation on Clacton’s sidewalks. Here’s hoping the local police track down the tacky person who is doing this. On the other hand, buggy driving lessons may also be in order. Hat tip to reader John Boden of ElderIssues (FL), who is alarmed at the prospect of out-of-control buggy drivers.

Japan’s workarounds for adult care shortage: robots, exoskeletons, sensors

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/10/robear.jpg” thumb_width=”150″ /]The problem of Japan’s aging population–the oldest worldwide with 32 percent aged 60+ (2013, RFE)–and shortage of care workers has led to a variety of ‘digital health solutions’ in the past few years, some of them smart, many of them gimmicky, expensive, or non-translatable to other cultures. There have been the comfort robot semi-toys (the PARO seal, the Chapit mouse), the humanoid exercise-leading robots (Palro), and IoT gizmos. Smarter are the functional robots which can transfer a patient to/from bed and wheelchair disguised as cuddly bears (Robear, developed by Riken and Sumitomo Riko) and Panasonic’s exoskeletons for lifting assistance.

Japan’s problem: how to support more older adults in homes with increasingly less care staff, and how to pay for it. The Financial Times quotes Japan government statistics that by 2025 there will be 2.5m skilled care workers but 380,000 more are needed. The working age population is shrinking by 1 percent per year and immigration to Japan is near-nonexistent. Japan is looking to technology to do more with fewer people, for instance transferring social contact or hard, dirty work to robots. The very real challenge is to produce and support the devices at a reasonable price for both domestic use and–where the real money is–export. 

The Abe government in 2012 budgeted ¥2.39bn ($21m) for development of nursing care robots, with the Ministry for Economy, Trade and Industry tasked to find and subsidize 24 companies–not a lot of money and parceled out thinly. Five years later, the Ministry of Health, Labour and Welfare determined that “deeper work is needed on machinery and software that can either replace human care workers or increase staff efficiency.” Even Panasonic concurred that robots cannot offset the loss of human carers on quality of services. At this point. Japan leads in robots under development with SoftBank’s Pepper and NAO, with Toshiba’s ChihiraAiko ‘geisha robot’ (Guardian) debuting at CES 2015 and Toyota’s ongoing work with their Human Support Robot (HSR)–a moving article on its use with US Army CWO Romy Camargo is here. (attribution correction and addition–Ed.)

The next generation of care aids by now has moved away from comfort pets to sensors and software that anticipate care needs. Projects under development include self-driving toilets (sic) that move to the patient; mattress sensor-supplied AI which can sense toileting needs (DFree) and other bed activity; improved ‘communication robots’ which understand and deploy stored knowledge. Japan’s businesses also realize the huge potential of the $16 trillion China market–if China doesn’t get there first–and other Asian countries such as Thailand, a favored retirement spot for well-off Japanese. In Japanese discussions, ‘aging in place’ seems to be absent as an alternative, perhaps due to small families.

But Japan must move quickly, more so than the leisurely pace so far. Already Thailand is pioneering smart cities with Intel and Dell [TTA 16 Aug 16] and remote patient monitoring with Western companies such as Philips [TTA 30 Aug]. There’s the US and Western Europe, but incumbents are plentiful and the bumpy health tech ride tends not to suit Japanese companies’ deliberate style. Can they seize the day?  Financial Times (PDF here if paywalled) Hat tip to reader Susanne Woodman of BRE (Photo: Robear) 

Medtronic, American Well mega-partner for telehealth + telemedicine for chronic care

Boston-based American Well and Dublin-based Medtronic announced this week a partnership to integrate telemedicine and telehealth for chronic care management, targeting complex, chronic and co-morbid patients. Under the agreement, American Well’s telemedicine services will integrate into Medtronic Care Management Services (MCMS) video-enabled telehealth platforms for remote patient monitoring and video consults. The goal is to provide more information so that clinicians gain a more complete view of a patient’s health status when making care decisions, thus reducing the cost of care and improving patient outcomes. Care for patients with multiple chronic conditions accounts for over 70 percent of healthcare spending, according to an AHRQ study.

American Well is currently partnered with 250 healthcare partners in the US and more than 750 health systems and 975 hospitals, along with most major health plans. MCMS has two video telehealth platforms including the mobile NetResponse and the LinkView Wi-Fi tabletop. Their most recent activity is with the Midwest’s Mercy healthcare system for data sharing and analysis to gather clinical evidence for medical device innovation and patient access. MCMS platforms are also being integrated into the VA’s Home Telehealth program [TTA 6 Feb and 15 Feb]. It indicates that Medtronic is seeking to grow its telehealth device business, which has largely (except for VA) been a backwater in the immense Medtronic empire.

This is a very logical and in this Editor’s estimation, overdue type of partnership between a telehealth provider to enhance telehealth and RPM. (An easy bet: expect Teladoc to follow with another telehealth provider)

American Well/Medtronic release, Healthcare Informatics, MassDevice

Tender Alert: NHS SBS/Best Practice Case Studies

Susanne Woodman, our Eye on Tenders, alerts our Readers to a fast-closing bid. NHS Shared Business Services in Salford is looking to procure Best Practice Case Studies – Online Consultations on behalf of NHS England. Bids are due by Friday 3rd November at 10am, with clarification questions due by Wednesday 25th October 2017 noon. Base information is on UK.gov with links to MultiQuote for more information. (Now closed–but see Editor Charles’ comment below on an early closing. Is the fix in?–Ed. Donna)

NYeC’s 2017 Gala and Awards (NYC) 1 November

Wednesday, 1 November at the Edison Ballroom, NYC, 6:30pm

The New York eHealth Collaborative, which promotes healthcare in NY State and elsewhere by leading, connecting, and integrating health information exchanges in New York, will again host their annual evening Gala and Awards in NYC. This year the lead award (Transformative Leadership) will be awarded to David Blumenthal, MD, President of The Commonwealth Fund (the home of the Triple Aim). Having been to this event in the past, it is attended by the leadership of most major health organizations in New York such as New York-Presbyterian, NYU-Langone, Maimonides, and payers such as Aetna. Click here for more information and for tickets. The revenues support the work of NYeC in promoting interoperability through entities such as the Statewide Health Information Network for New York (SHIN-NY), which links New York’s eight regional health information organizations (RHIOs) or Qualified Entities (QEs) throughout the state. They also fund NYeC’s work in developing policies and standards supporting the use of health IT and EHR adoption. Hat tip to Jesse Giuliani of NYeC and Sarianne Gruber of Answers Media.

Tender Alert: advance notice for NHS England/Leeds online consultation system

Susanne Woodman, our Eye on Tenders, has offered Readers a ‘heads up’ on a future tender for NHS England in Leeds. This is for the establishment of a national dynamic purchasing system (DPS) for the procurement of online consultation systems. According to the listing on Tenders Electronic Daily–TED, the DPS will allow NHS contracting bodies (e.g. CCGs and GPs) to procure online consultation systems in a robust and compliant way on a regional/local basis. “Online consultation is also increasingly a key part of patient pathways in urgent care, and the 111 Online programme seeks to connect patients to urgent care settings following a digital triage….to bring together a seamless experience for patients bridging primary and urgent care needs.”

This initial expression of interest is to gather information on the opportunity and to give interested parties the opportunity to ask clarification questions about the process. Deadline is 19 November for this information gathering exercise. Download any associated documentation via the In-Tend e-procurement system via the following link: https://in-tendhost.co.uk/scwcsu/aspx/Home. This may be part of an eventual investment of £45 million towards the purchase of online consultation systems.

3rings goes Internet of Things with ‘Things That Care’ (UK)

3rings is launching another extension of its smart plug sensor that monitors daily use of a key appliance like a tea kettle or TV with a multi-sensor IoT system. [grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/10/3rings-IoT-hub-and-Sensors.jpeg” thumb_width=”250″ /]’Things That Care‘ uses proprietary ‘things’ (sensors) to monitor patterns of activity and the home environment to create a safety net for an older adult, perhaps growing frailer, usually living at home alone, so that family or caregivers can ‘look in’ to see if all is fine. It also integrates the Amazon Echo interactive personal assistant as announced in June [TTA 27 June].

The other 3rings development is the system’s ability to analyze data for trends and insights (screenshots below). The introduction of self-learning algorithms to detect potential changes in activity that may be early signs of a change in health is a proactive care advance similar to capabilities in the far more complex and expensive QuietCare and Healthsense (now Lively) but affordable for families. It also puts the 3rings system into the professional space for councils and sheltered housing. According to 3rings CEO Steve Purdham, “our new platform gives professionals real time information to support efficient care planning and delivery, and provides a cost effective means of managing risks and providing tailored care to people to enable them to stay independent at home.” Again, we wish 3rings the best with these new developments. Release (PDF)  

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/10/patterns.jpg” thumb_width=”200″ /]   [grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/10/trend-analysis.jpg” thumb_width=”200″ /]

KRACK is wack for Wi-Fi attack–protocol flaw exposed

What’s being called Black Monday in the security world is the discovery of a fundamental flaw with WPA2 (Wireless Protected Access v2), which secures an estimated 60 percent of the world’s Wi-Fi networks. According to all reports, the WPA2 protocol (the ‘handshake’ between the device and the router) can be manipulated into reusing encryption keys. ‘KRACK’–for Key Reinstallation Attack–threatens any Wi-Fi enabled device and all Wi-Fi networks. It was discovered by researchers at KU Leuven, a university in Flanders, Belgium. 

Threats include attacks on any sensitive information–hackermania potentially running wild. The vulnerability also permits an attacker to inject malicious information–ransomware and malware–into a Wi-Fi network. 

Security firm Varonis narrows the greatest threat down to Android users and devices that implement the WPA2 protocol very strictly. They consider Apple iOS devices and Windows PCs to be mostly (as of now) unaffected “since they don’t strictly implement the WPA2 protocol and key reinstallation.” 

This obviously affects any public networks or lightly protected networks in practices and hospitals. Varonis notes that the attack depends upon being within Wi-Fi range of the target device with the attacker sending forged data to the client. But this is difficult–it requires not only proximity but also access to a specialized networking device and to be able to code the attack manually.

Updates are allegedly on the way from Apple and Google, while Microsoft has already included it in last week’s updates for Windows 7, 8, and 10 (Telegraph). Most vulnerable devices are Android smartphones and tablets, which according to The Verge have an additional variant vulnerability affecting 41 percent of devices–and Android devices are notoriously slow to send out updates. 

Monday also marked a second threat called ROCA, an attack on public key encryption which may weaken authentication of software when installing it. This will be fixed in software updates.

Recommended protection for now, as listed in the Telegraph, is to ensure that all your Wi-Fi access is password-protected and to implement updates on networks. Don’t use public unsecured networks. Shop only on https-protected sites. Computers and devices are issuing firmware and driver updates, and a constantly updated list is published over at the wonderfully-named Bleeping Computer, but your router may not automatically update, so you will have to do some searching and consulting with your internet provider. Also Wordfence (hat tip to Founder Steve) and a second article in The Verge.

Improvements in telehealth reimbursement, interstate coverage urged in Florida

Florida is one of the 34 states (plus the District of Columbia) to have legislated telehealth commercial insurance coverage, usually termed ‘parity’, for telehealth (telemedicine) virtual visits. It’s also the headquarters of many telehealth related companies, which makes it surprising that it took till 2016 for legislation to pass. In the law was the formation of a Telehealth Advisory Council within Florida’s Agency for Health Care Administration (AHCA) to report on the actual performance of insurers in paying for telehealth services. This Advisory Council recently met to review a draft copy of a 32-page report that will be sent to Florida’s Governor and Legislature later this month. That report contained some aggressive recommendations based on their provider survey, such as:

  • Establishing a practitioner/patient relationship through telehealth alone, without a prior in-person visit
  • Real parity in insurance company payment with in-person visits–in other words, payment at the same rate, which is explicitly stated in regulations in only three of the 34 states with telehealth ‘parity’ legislation
  • Amend Medicaid rules to give provider reimbursement for more telehealth services–currently, Medicaid provides for reimbursement of live video conferencing only
  • Authorize participation in interstate “compacts” that enable cross-state licensure for telehealth services. This was in the Florida House version of the bill in 2016 but dropped from the final version approved by both chambers.

The Advisory Council’s survey prior to the draft report showed lower than the national usage of telehealth: 6 percent of practitioners versus nationally 16 percent. 45 percent of Florida hospitals used telehealth, below the 52 percent of hospitals (with another 10 percent in the process) found in a 2013 national poll. For practitioners, the key barrier was financial in three areas: required investment, adequate reimbursement for services, and a financial return.

By law, the Advisory Council must complete its report by December 1, 2018, but it appears they are well ahead of schedule. Health News Florida (WUSF). Background from law firm Foley on the original legislation 14 March 2016