TTA’s Summer Windup Redux: Don’t buy that digital kit before you test your analogue (UK); Doro acquires Invicta, PillPack hits data wall, Humana and CTA, events, more!

 

 

Editor Donna feels like the hamster on the wheel–though able to capture a few more days of summer–but Editor Charles jumps on the Analogue versus Digital Soapbox.

Telecare – time to sweat the analogue assets, not dump them (Editor Charles asks that you do your homework before you cart in that shiny new digital kit and throw the old out the window)

Summer may be winding down but activity is winding up. Doro acquires Invicta, Amazon’s PillPack hits a data wall, Humana first payer to join CTA. Judge Leon finally blesses CVS-Aetna’s merger after 9 months. And events, including Digital Mental Health at the RSM 23 Sept.

News and event roundup: Amazon PillPack, Humana joins CTA, NH’s telemedicine go, Fitbit Lives Healthy in Singapore, supporting Helsinki’s older adults, events
Shock news: the CVS-Aetna merger officially approved after 9 months (Judge Leon’s Final Judgment delivered. But what about future healthcare mergers?)
Doro AB acquires Invicta Telecare from Clarion Housing, increasing to nearly 200,000 users (UK) (Consolidation continues)
Digital Mental Health for Adults – a one day conference at the RSM on 23 September 2019 in London (Sponsored by the RSM)

Being contrarian, we consider that AI and machine learning may be doing real damage both in its workings and in the quality of all that medical data being fed into it. Regrettably, telemedicine in nursing homes looks like a permanent failure. And CMS takes the lead in the PFS with three new telehealth codes on opioid treatment.

A realistic look at why telemedicine isn’t succeeding in nursing homes (It should, but it’s the economics of the business)
Are AI’s unknown workings–fed by humans–creating intellectual debt we can’t pay off? (Building dangerous error upon error with bad data, destroying theoretical thinking–and that’s for starters)
CMS’ three new proposed telehealth codes, changes on inclusions, in 2020 Medicare Physician Fee Schedule (US) (CMS takes initiative in opioid treatment)

Summer is really flying by, but the daystopper of the week is the doubling of breached patient records this year. LIVI adds a lot of patients in the UK, Allscripts settles with DOJ on compliance, and GSK IMPACT opens for UK charitable organization applications.

The Breach Barometer hits a new high for healthcare–and the year isn’t over (The geometric increase in breaches and exposed records)
LIVI telemedicine app expands availability to 1.85 million patients with GPs in Birmingham, Shropshire, Northamptonshire, Southeast (The crowded UK telemedicine field)
Allscripts reaches deal with DOJ on Practice Fusion in compliance settlement for $145 million (Bargains are never bargains)
2020 GSK IMPACT/The King’s Fund Awards now open for applications (UK) (Apply soon!)

Summer is flying by, but rural health connectivity advances at the FCC. Smartphones now set up to detect viruses. Another smartphone enabled ultrasound player–but this time in 3D. A study connects health tech to retaining LTC workers. Connected Health Summit coming up, and Vivify Health acquires a new VP.

Comings and goings, short takes, and in other news…: Vivify’s new SVP Sales, Parks’ Connected Health Summit, $35M for 3D portable ultrasound, Oxford Medical Sim new pilot (Events, products, and more)
Technology will help ease, but not replace, rising workforce demand in long-term care: UCSF study (It’s almost all about the workers and retaining them in the face of technology)
Can a smartphone camera, app, and device detect viruses at low cost? (A University of Tokyo team says yes)
FCC reforming Rural Health Care Program to improve telehealth funding in addition to Connected Care Pilot (US) (About time, but still underfunded)


Have a job to fill? Seeking a position? Free listings available to match our Readers with the right opportunities. Email Editor Donna.


Read Telehealth and Telecare Aware: http://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our present and past advertisers and supporters: Tynetec, Eldercare, UK Telehealthcare, NYeC, PCHAlliance, ATA, The King’s Fund, DHACA, HIMSS, Health 2.0 NYC, MedStartr, Parks Associates, and HealthIMPACT.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. See our advert information here. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

TTA’s Midsummer Week 6: AI and machine learning’s hidden risks and debt, the permanent fail of nursing home telehealth, and CMS’ PFS adds telehealth codes for opioids

 

It’s hard to believe, but ‘traditional summer’ is starting to wind down. Being contrarian, we consider that AI and machine learning may be doing real damage both in its workings and in the quality of all that medical data being fed into it. Regrettably, telemedicine in nursing homes looks like a permanent failure. And CMS takes the lead in the PFS with three new telehealth codes on opioid treatment.

TTA will be on holiday starting next week. There will no Alerts published on Thursday 29 August or 5 September.

A realistic look at why telemedicine isn’t succeeding in nursing homes (It should, but it’s the economics of the business)
Are AI’s unknown workings–fed by humans–creating intellectual debt we can’t pay off? (Not only that, but building dangerous error upon error with bad data and destroying theoretical thinking)
CMS’ three new proposed telehealth codes, changes on inclusions, in 2020 Medicare Physician Fee Schedule (US) (CMS takes initiative in opioid treatment)

Summer is really flying by, but the daystopper of the week is the doubling of breached patient records this year. LIVI adds a lot of patients in the UK, Allscripts settles with DOJ on compliance, and GSK IMPACT opens for UK charitable organization applications.

The Breach Barometer hits a new high for healthcare–and the year isn’t over (The geometric increase in breaches and exposed records)
LIVI telemedicine app expands availability to 1.85 million patients with GPs in Birmingham, Shropshire, Northamptonshire, Southeast (The crowded UK telemedicine field)
Allscripts reaches deal with DOJ on Practice Fusion in compliance settlement for $145 million (Bargains are never bargains)
2020 GSK IMPACT/The King’s Fund Awards now open for applications (UK) (Apply soon!)

Summer is flying by, but rural health connectivity advances at the FCC. Smartphones now set up to detect viruses. Another smartphone enabled ultrasound player–but this time in 3D. A study connects health tech to retaining LTC workers. Connected Health Summit coming up, and Vivify Health acquires a new VP.

Comings and goings, short takes, and in other news…: Vivify’s new SVP Sales, Parks’ Connected Health Summit, $35M for 3D portable ultrasound, Oxford Medical Sim new pilot (Events, products, and more)
Technology will help ease, but not replace, rising workforce demand in long-term care: UCSF study (It’s almost all about the workers and retaining them in the face of technology)
Can a smartphone camera, app, and device detect viruses at low cost? (A University of Tokyo team says yes)
FCC reforming Rural Health Care Program to improve telehealth funding in addition to Connected Care Pilot (US) (About time, but still underfunded)

A news-filled week with events, executive moves at Verily, Teladoc, and ATA, a challenging take on oral health, a dim view on AI, mall ‘medtail’, CVS’ SDH initiative, and Call9’s fan dance.

Comings and goings, short takes and upcoming events: MedStartr Wed night, Mad*Pow acquired, Teladoc’s new COO, JAMA ponders telepharmacy, NHS London anxiety apps partner (updated)
Oral health: more than a public health challenge, an opportunity for telehealth? (Two Lancet articles make the case)
News roundup: docs dim on AI without purpose, ‘medtail’ a mall trend, CVS goes SDH, Kvedar to ATA, Biden ‘moonshot’ shorts out, and Short Takes
Call9: we’ll be back — with a different model! (Not forthcoming to Crain’s on what it looks like, though)

Rock Health assesses the first half 2019 funding picture and is reassured at the pressure that investors have to exit–but we see other and somewhat cautionary things. And the hearings on the CVS-Aetna merger slump towards an exhausting close in Judge Leon’s court.

Health tech bubble watch: Rock Health’s mid-2019 funding assessment amid Big IPOs (Why the funding picture is far more interesting than Rock Health thinks)
The CVS-Aetna merger hearing draws to a dreary, weary close (But when?)

A just-published UK survey of the care tech landscape has implications in the worldwide trend of community-based wellness and disease prevention. CVS-Aetna goes another round in Judge Leon’s court, this time with five states; he should Ask Alexa as NHS patients in the UK shortly will. And did you attend DHACA’s most recent meeting on the 17th?

Care Technology Landscape Review: Socitm Advisory for Essex County Council (UK) (A UK study which has international resonance)
‘Ask Alexa’ if you’re sick, says the NHS (But what if Alexa no comprende?)
Another round this Wednesday in the CVS-Aetna merger hearings (We’ll see what happens next in the longest post-merger hearing in healthcare history)
Come and listen to Julian Hitchcock talking regulation next Wednesday 17th July! (It’s past, but keep in touch with DHACA)


Have a job to fill? Seeking a position? Free listings available to match our Readers with the right opportunities. Email Editor Donna.


Read Telehealth and Telecare Aware: http://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our present and past advertisers and supporters: Tynetec, Eldercare, UK Telehealthcare, NYeC, PCHAlliance, ATA, The King’s Fund, DHACA, HIMSS, Health 2.0 NYC, MedStartr, Parks Associates, and HealthIMPACT.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. See our advert information here. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

The Breach Barometer hits a new high for healthcare–and the year isn’t over

31.6 million healthcare breached records can’t be right? But it is, and it’s double all of 2018. Protenus’ Breach Barometer for the first six months of the year tallied over double the number of patient records breached calculated for 2018 (15.1 million). The number of breach incidents reported was smaller–285 breach incidents disclosed to the US Department of Health and Human Services or the media–compared to 503 breaches in 2018, which means that individual data breaches affected far more records.

Hackermania is running wilder than ever. Nearly half the breaches were due to hacking. The big kahuna of breaches this year was reported in May at American Medical Collection Agency, a third-party billing collections firm. This eight-month breach affected 20 to 22 million records at Quest Diagnostics, LabCorp, Opko Health, under one of its subsidiaries, BioReference Laboratories, Inc., and Clinical Pathology Laboratories [TTA 5 June] This hack also involved Optum360, a Quest contractor and part of healthcare giant Optum. In terms of PII, the records breached included SSI, DOB, and physical addresses.

 Yet insider breaches are still a significant threat at 21 percent, whether from errors without malicious intent or deliberate wrongdoing. In the report, Protenus (with DataBreaches.net) calculated that 60 of the 285 breaches were insider-related affecting 3.5 million records. 35 were insider-error incidents, with 22 additional due to wrongdoing.

When it comes to breaches, the trend is easily not healthcare organizations’ friend, as 2018 tripled 2017’s total breached records. This is despite the new emphasis on healthcare IT security and insider training. Protenus release, FierceHealthcare, Protenus first half report (PDF)

TTA’s Week: NHS loses the pagers, digital health ethical talk-talk, back to chronic condition monitoring, consumers driving health design–whatta notion!

 

 

Chronic condition telehealth monitoring is suddenly hot–again. When will digital health ethics be more than talk-talk? No more faxes, no more pagers in the NHS. Surprise! Consumer behavior should drive health tech. Plus late spring events + Connected Health Summit speaking opportunities.

And scroll below for news of The King’s Fund’s Digital Health and Care Congress, including Matt Hancock as keynote speaker on day 2. Plus 10% off registration for our Readers!

Suddenly hot: chronic condition management in telehealth initiatives at University of Virginia and Doctor on Demand (We’ve been here before)
Events, dear friends: MedTech London, Aging 2.0 Philadelphia, speakers wanted for Connected Health Summit (More for your calendar from late winter into late summer)
First they came for the fax machines….now NHS is coming for the pagers (Pretty soon it will be the stethoscopes, the furniture…)
The King’s Fund Digital Health and Care Conference announces Matt Hancock as Day 2 keynoter (He’s everywhere!)
About time: digital health grows a set of ethical guidelines (But how to put it into action beyond the nice meetings and draft principles?)
A short but canny look at consumer behavior as a driver of health technology (Design that fits into life–what a notion!)

Rounding up HIMSS and the millennial/Gen Z healthcare mindset. It’s wall-to-wall Theranos for the next few weeks. And we bid farewell to a fine (if over-parodied) actor with our video advert.

News roundup: of logos and HIMSS roundups, Rock Health’s Digital Health Consumer Adoption survey, and the millennial/Gen Z walkaway from primary care (Increasingly not trad, dad)
The Theranos Story, ch. 58: with HBO and ABC, let the mythmaking and psychiatric profiling begin! (updated) (A deluge of Theranos Analysis)
From our archives: a long buried advert (RIP Bruno Ganz) (Editors Steve and Donna salute a fine actor and fine movie–remembered, humorously)

The Topol Review’s relationship to reality explored by Roy Lilley. Robotics effects in therapy for children with autism and CP. The wind’s even more at the back of telehealth–but there are caveats. Plus Editor Charles is back with a UK digital health roundup.

Roy Lilley’s tart-to-the-max view of The Topol Review on the digital future of the NHS (This week’s Must Read)
Robots’ largely positive, somewhat equivocal role in therapy for children with autism and cerebral palsy (HIMSS)
The wind may be even stronger at the back of telehealth this year–but not without a bit of chill (VA, Virginia as indicators–and the hurdles when you get there )
A selection of short digital health items of potential interest (Editor Charles is back with views on AI and events)

The telehealth entrepreneur and the $5 million fraud = 15 years in prison. Scotland’s Current Health wins FDA clearance, Latin America telemedicine’s uncertain state, women in eHealth, and studies on digital health in health systems.

News roundup: Current Health’s Class II, Healthware Italy’s €10 million boost, the low state of Latin America telemedicine, weekend reading on digital health in health systems
Digital health versus eHealth: ‘here we go again’ with the confusion and the differences. Plus Women in eHealth (JISfTeH) (Reviving the terminology discussion)
The telehealth ‘entrepreneur’ whose $5 million funding bought stays at the Ritz and portfolios at Bottega Veneta (And 15 years in the Federal pen. Tell your mum or uncle to be wary of good stories)

Our lead this week is the sale of Tunstall’s US operation. Unicorns need to hype less and publish studies more. The King’s Fund’s two events in March and May, Bayer’s accelerator winners, and news from Apple to teledermatology for São’s spotted!

Short takes: Livongo buys myStrength, Apple Watch cozies with insurers, Lively hears telehealth and $16 million
Tunstall Americas sold to Connect America
(Tunstall conceding their business is outside the US)
Where’s the evidence? Healthcare unicorns lack the proof and credibility of peer-reviewed studies. (Unicorns need to add substance to the sparkle)
News roundup: Virginia includes RPM in telehealth, Chichester Careline changes, Sensyne AI allies with Oxford, Tunstall partners in Scotland, teledermatology in São Paolo
The King’s Fund ‘Digital Health and Care Explained’ 27 March
(Readers also get a 10% discount at the 22-23 May Congress)
Bayer’s G4A accelerator awards agreements with KinAptic, Agamon, Cyclica (DE) (A truly international accelerator program)

Latest through the revolving door is NHS’ chief digital officer, digital health may be more ‘bubbly’ than you would like, telemedicine and telehealth gain important consumer and Medicare facing ground, and fill your calendar some more!

NHS England digital head Bauer exits for Swedish medical app Kry, but not without controversy (The revolving door reveals a self-made cloud over her head)
Events, Dear Friends, Events: UK Telehealthcare, Mad*Pow HXD, dHealth Summit (Get out the calendars–and the checkbooks/app)
Telemedicine virtual visits preferred by majority in Massachusetts General Hospital survey (Over 94% loved the convenience alone)
Medicare Advantage model covering telehealth for certain in-person visits starting in 2020 (The needle moves–slowly)
It’s not a bubble, really! Or developing? Analysis of Rock Health’s verdict on 2018’s digital health funding. (‘Bubbly’ factors that may influence this year–not for the better)

We round up the Official Healthcare Circus of CES, Verily rolls along with $1 bn in investment, and Walgreens Boots finally makes an alliance splash with Microsoft

It’s Official: CES is now a health tech event (updated) (And still a circus! We round up the top coverage so you don’t have to)
News roundup: Walgreens Boots-Microsoft, TytoCare, CVS-Aetna moves along, Care Innovations exits Louisville
Verily, Google’s life sciences arm, gathers in another billion to go…where? (Updated for Study Watch clearance) (Still a mystery)


The King’s Fund’s annual Digital Health and Care Congress is back on 22-23 May. Just announced–Secretary Matt Hancock keynoting Day 2. Meet leading NHS and social care professionals and learn how data and technology can improve the health and well-being of patients plus the quality and effectiveness of the services that they use. Our Readers are eligible for a 10% discount using the link in the advert or here, plus the code Telehealth_10.


Have a job to fill? Seeking a position? Free listings available to match our Readers with the right opportunities. Email Editor Donna.


Read Telehealth and Telecare Aware: http://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our present and past advertisers and supporters: Tynetec, Eldercare, UK Telehealthcare, NYeC, PCHAlliance, ATA, The King’s Fund, HIMSS, Health 2.0 NYC, MedStartr, Parks Associates, and HealthIMPACT.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. See our advert information here. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

About time: digital health grows a set of ethical guidelines

Is there a sense of embarrassment in the background? Fortune reports that the Stanford University Libraries are taking the lead in organizing an academic/industry group to establish ethical guidelines to govern digital health. These grew out of two meetings in July and November last year with the participation of over 30 representatives from health care, pharmaceutical, and nonprofit organizations. Proteus Digital Health, the developer of a formerly creepy sensor pill system, is prominently mentioned, but attending were representatives of Aetna CVS, Otsuka Pharmaceuticals (which works with Proteus), Kaiser Permanente, Intermountain Health, Tencent, and HSBC Holdings.

Here are the 10 Guiding Principles, which concentrate on data governance and sharing, as well as the use of the products themselves. They are expanded upon in this summary PDF:

  1. The products of digital health companies should always work in patients’ interests.
  2. Sharing digital health information should always be to improve a patient’s outcomes and those of others.
  3. “Do no harm” should apply to the use and sharing of all digital health information.
  4. Patients should never be forced to use digital health products against their wishes.
  5. Patients should be able to decide whether their information is shared, and to know how a digital health company uses information to generate revenues.
  6. Digital health information should be accurate.
  7. Digital health information should be protected with strong security tools.
  8. Security violations should be reported promptly along with what is being done to fix them.
  9. Digital health products should allow patients to be more connected to their care givers.
  10. Patients should be actively engaged in the community that is shaping digital health products.

We’ve already observed that best practices in design are putting some of these principals into action. Your Editors have long advocated, to the point of tiresomeness, that data security is not notional from the smallest device to the largest health system. Our photo at left may be vintage, but if anything the threat has both grown and expanded. 2018’s ten largest breaches affected almost 7 million US patients and disrupted their organizations’ operations. Social media is also vulnerable. Parts of the US government–Congress and the FTC through a complaint filing–are also coming down hard on Facebook for sharing personal health information with advertisers. This is PHI belonging to members of closed Facebook groups meant to support those with health and mental health conditions. (HIPAA Journal).

But here is where Stanford and the conference participants get all mushy. From their press release:

“We want this first set of ten statements to spur conversations in board rooms, classrooms and community centers around the country and ultimately be refined and adopted widely.” –Michael A. Keller, Stanford’s university librarian and vice provost for teaching and learning

So everyone gets to feel good and take home a trophy? Nowhere are there next steps, corporate statements of adoption, and so on.

Let’s keep in mind that Stanford University was the nexus of the Fraud That Was Theranos, which is discreetly not mentioned. If not a shadow hovering in the background, it should be. Perhaps there is some mea culpa, mea maxima culpa here, but this Editor will wait for more concrete signs of Action.

Telemedicine virtual visits preferred by majority in Massachusetts General Hospital survey

The results are far better than parity with in-person visits for follow up. A group of 254 patients and 61 health care providers were the subject of a survey conducted by researchers at Massachusetts General Hospital, part of Partners HealthCare, and Johns Hopkins. It found that virtual video visits (VVVs) are perceived by the majority of patients as the same as or better than office visits in convenience and cost, at the same level of quality and personal connection. It measured responses from both patients and providers in the MGH TeleHealth (sic) program, in place since 2012, in follow up care from providers in psychiatry, neurology, cardiology, oncology and primary care (the last two added late in the survey).

The results were: 

  • The vast majority (94.5%) of patients preferred the travel time (minimal) and time convenience (79.5%) of the VVV
  • Most patients (62.6%) and clinicians (59.0%) reported “no difference” between VVV and office visits on “the overall quality of the visit.”
  • When rating “the personal connection felt during the visit”, over half–but more patients than clinicians–said that there was “no difference” with the VVV (patients, 59.1%; clinicians, 50.8%), although 32.7% of patients and 45.9% of clinicians reported that the “office visit is better”.
  • They were also willing to pay for it–and that increased with distance from the doctor. Among those who traveled more than 90 minutes to an office visit, 51.5% indicated they would pay a co-payment of more than $50 for a VVV compared with 30.4% of those who traveled less than 30 minutes.
  • Results graphs are here

The survey results were published in the American Journal of Managed Care. This month’s issue also examines gamification in healthcare, asynchronous communication between primary and specialty care practitioners at Geisinger, EHRs–and the relationship between data breaches and not surprisingly increased advertising expenditures after the fact to rebuild lost trust. According to this last article, breached hospitals were more likely to be large, teaching, and urban hospitals relative to the control group.

Also UPI and HealthDay.

More and more into the (data) breach: 3X more patient records in Q2, UnityPoint’s breach balloons to 1.3M

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]And we thought Healthcare Hackermania was following the Hulkster into retirement. After a quiet Q1, data breaches and hack attacks blew up both in Q2 and now in this quarter.

Data compliance analytics firm Protenus’ Breach Barometer (with DataBreaches.net) has been tracking healthcare data breaches for years. It was quiet last quarter with 1.13 million patient records affected in 110 separate health data breaches. But last quarter was a true triple threat with patient records up three times to 3.14 million, 142 separate breaches–which means more per breach on average. What is also distressing is that 29.71 percent are repeat offenses among employees, up from 21 percent in the previous quarter.

  • 36.6 percent of breaches were due to external hacking, nearly double that of Q1.
  • 30.99 percent were due to insiders, either through deliberate wrongdoing (theft) or insider error. Insider wrongdoing was led by family members snooping on other family members’ records. Not Russians, Chinese, NoKos, or Bulgarians bashing about. 
  • In contrast to Q1, where the biggest data breach was a network hack of an Oklahoma-based health network (reportedly the Oklahoma State University Center for Health Sciences), compromising nearly 280,000 records, Q2’s Big Breach was a physical burglary of the California Department of Developmental Services in Sacramento affecting over 581,000 records. After the usual ransacking and theft, the burglars started a fire before they left and the sprinklers did the rest.

It routinely takes nearly forever from when a breach occurs to when it is discovered: in Q1 244 days, in Q2 204 days. In Q2 the longest discovery time was over five years –2013 to 2018. This indicates that insiders may be good at covering their tracks, and/or IT staff don’t get around to detecting and policing breaches.

Protenus and DataBreaches.net compile incidents disclosed to HHS and reported in the media, and are now adding their own proprietary, non-public data on the status of health data breaches nationwide, including a review of tens of trillions of individual
accesses to EHRs which Protenus audits as part of their healthcare systems services. More detail in Protenus Q2 and Q1 full reports, HealthITSecurity (Q1)

Certain to lead their Q3 report is the 1.4 million patient record breach at UnityPoint Health, an Iowa-based health system. In May, a small phishing breach compromised 16,000 records. This cyberattack also started with email phishing and spread through employee networks. “The phishing campaign tricked employees into providing confidential login information, which hackers used to infiltrate email accounts and access data contained within.” Were the hackers after patient data? According to UnityPoint, “The phishing attack on UnityPoint Health was more likely focused on diverting business funds from our organization.” Healthcare Analytics News

You may not want a cyberattack, but cyberattacks and hacking want you….

Healthcare cybersecurity breaches multiply like measles as far away as Singapore. Is it a matter of time before hacking kills someone?

Even if you are the Prime Minister of Singapore, you can be hacked. Prime Minister Lee Hsien Loong joined 1.5 million of his fellow Singaporeans in what they have termed an unprecedented data breach of SingHealth, considered to be a world model. There are the usual state actor suspects: Russians, Chinese–and North Koreans–starting less than two weeks (27 June) after hosting the meeting between President Donald Trump and Maximum Leader Kim Jong Un. (That is hardly a gracious thank you if it’s them (s/o).  POLITICO Morning eHealth reported on Monday 23 July. 

What’s happened since: Singapore banks have been instructed to tighten data procedures and use additional verification methods. The government believes 1) they are next and 2) that the healthcare breach data could be used to impersonate customer identities. SingHealth records include full name, national identification number, address, gender, race, and date of birth. (ZDNet)

The National (UAE) reported that the hack specifically targeted the PM. Their angle was that Singapore has ambitions to host a ‘smart city’ as does the UAE and testing Singapore means that the UAE may be next. Singapore is covering a different angle–the ‘inside job’ one. They moved to disconnect computers from the internet at public centers which may inconvenience patients and healthcare staff but which weakens data collection for this very busy centralized system. (Reuters) Watch the government press conference here.

Will the next WannaCry or NotPetya kill someone? That is the premise in this article in ZDNet and one we’ve discussed previously. It’s not a targeted attack on a particular life, but could be an infrastructure failure–for instance, an industrial control for electricity that destroys systems including those to dependent homes or hospitals. What this article doesn’t include are all those aging hackable connected devices in operating rooms, hospital rooms, and in-hospital Wi-Fi powering tablets and other connected devices. KRACK can be very wack indeed! [TTA 18 Oct 17]

Breached healthcare records down 72% but incident numbers steady. Then there’s MyFitnessPal’s 150 million…

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]Hackermania in healthcare may be running less wild…but what about consumer health devices? Year-end and top-of-year analyses indicate that the flood of breached records may be starting to drain. A Bitglass analysis of 2017 US Department of Health and Human Services (HHS) data from its infamous ‘Wall of Shame’ is encouraging. They found that the number of breached records decreased over the 2015-2017 period by 72 percent between 2015 and 2017 and by 95 percent from 2016. The calculation excludes the huge spike in breaches due to two 2015 incidents at Anthem and Premera Blue Cross [TTA 9 Sep 15]. Numerically, the breach incident numbers decreased but are relatively steady: 2017 at 294, 2016 at 328. Data security company Protenus in its tracking found more incidents in 2017 versus 2016 (477 in 2017 v. 450 in 2016) but the same reduction in records affected, with five times fewer records in 2017 versus 2016’s 27.3 million records.

What’s been successful has been reducing mega-breaches and containment of healthcare device loss and theft through education and enforcement of employee practices. What continues is the major cause of breaches continue to be insider-related via error and wrongdoing; this includes the major annual Verizon report. Healthcare Informatics

Protenus’ February report, while continuing the reduction trend, had its share of hacking and insider incidents. Of the 39 incidents in their report affecting over 348,000 records, insider actions such as the misuse of system credentials accounted for 51 percent of breached records while hacks were 46 percent, with the majority involving ransomware or malware. Hacking as a cause hasn’t disappeared but perhaps has shifted to easier targets.

UnderArmour’s MyFitnessPal delivers another breach blow. Late last month, the company revealed that 150 million user records were hacked in February. The MyFitnessPal mobile app (more…)

MediBioSense and Blue Cedar take a new approach to secure medical wearable data (UK/US)

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2018/01/VitalPatch_Header_Photo_Tablet.jpg” thumb_width=”150″ /]Doncaster UK-based MediBioSense Ltd. has partnered with San Francisco-based Blue Cedar to protect their VitalPatch app on smartphones and tablets. MediBioSense uses VitalPatch in their MBS HealthStream system marketed in the UK in acute care and long-term care setting. Blue Cedar is securing the app through their patented code-injected technology which protects the VitalPatch-collected data from the app to the provider database. The system with Blue Cedar’s security is available directly from MediBioSense.

VitalPatch is a single-use adhesive biosensor patch applied to the patient’s chest (see left above). It monitors eight vital signs and activity signs: heart rate, respiration, ECG, heart rate variability, temperature, body posture including fall detection/severity, and steps as an indicator of activity. MediBioSense contracted with the US-based developer, VitalConnect, to sell the system in the UK. VitalPatch is US FDA-cleared (Class II) and CE Marked for the EU.

One impetus, according to the release (PDF), is the GDPR (General Data Protection Regulation), the pan-European/UK data-protection law slated to take effect in May. This not only applies to European Union citizens’ personal data but also requires reports on how organizations safeguard that data. 

Blue Cedar, which this Editor has previously profiled [TTA 3 May 17], has developed code-injection technology that secures data from the app to the provider location on their servers or in the cloud. It secures the app without the device being managed. Devices have their own vulnerabilities when it comes to apps even when secured, as 84 percent of cyberattacks happen at the application layer (SAP). Blue Cedar’s security also enables tap-and-go from an icon versus multiple security entries, thus quick downloading from app stores or websites. For companies, the secured app provides granular analytic reports about users, app usage, devices, and operating systems which are useful for GDPR requirements.

Blue Cedar’s latest release of app security is Enforce, to secure existing mobile apps using in-app embedded controls to enforce a broad range of security policies. It is sold on the Microsoft Azure cloud platform and is primarily targeted to the value-added reseller (VAR) market. 

All the more reason to use all means to secure devices and apps. When as of last week Allscripts‘ EHR for e-prescribing was hit with a ransomware attack (FierceHealthcare), yet another hospital (Hancock Regional in Indianapolis) paid $5,000 to hackers to get back online (Digital Health), and Protenus/DataBreaches.net tracks a breach a day [TTA 29 Dec 17], cybersecurity has become Job #1 for anyone in the healthcare field. (And Big Healthcare now votes for security. Protenus today announced their $11 million Series B led by Kaiser Permanente Ventures and F-Prime Capital Partners. Release.)

Rounding up the roundups in health tech and digital health for 2017; looking forward to 2018’s Nitty-Gritty

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/12/Lasso.jpg” thumb_width=”100″ /]Our Editors will be lassoing our thoughts for what happened in 2017 and looking forward to 2018 in several articles. So let’s get started! Happy Trails!

2017’s digital health M&A is well-covered by Jonah Comstock’s Mobihealthnews overview. In this aggregation, the M&A trends to be seen are 1) merging of services that are rather alike (e.g. two diabetes app/education or telehealth/telemedicine providers) to buy market share, 2) services that complement each other by being similar but with strengths in different markets or broaden capabilities (Teladoc and Best Doctors, GlobalMed and TreatMD), 3) fill a gap in a portfolio (Philips‘ various acquisitions), or 4) payers trying yet again to cement themselves into digital health, which has had a checkered record indeed. This consolidation is to be expected in a fluid and relatively early stage environment.

In this roundup, we miss the telecom moves of prior years, most of which have misfired. WebMD, once an acquirer, once on the ropes, is being acquired into a fully corporate info provider structure with its pending acquisition by KKR’s Internet Brands, an information SaaS/web hoster in multiple verticals. This points to the commodification of healthcare information. 

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/12/canary-in-the-coal-mine.jpgw595.jpeg” thumb_width=”150″ /]Love that canary! We have a paradigm breaker in the pending CVS-Aetna merger into the very structure of how healthcare can be made more convenient, delivered, billed, and paid for–if it is approved and not challenged, which is a very real possibility. Over the next two years, if this works, look for supermarkets to get into the healthcare business. Payers, drug stores, and retailers have few places to go. The worldwide wild card: Walgreens Boots. Start with our article here and move to our previous articles linked at the end.

US telehealth and telemedicine’s march towards reimbursement and parity payment continues. See our article on the CCHP roundup and policy paper (for the most stalwart of wonks only). Another major change in the US is payment for more services under Medicare, issued in early November by the Centers for Medicare and Medicaid Services (CMS) in its Final Rule for the 2018 Medicare Physician Fee Schedule. This also increases payment to nearly $60 per month for remote patient monitoring, which will help struggling RPM providers. Not quite a stride, but less of a stumble for the Grizzled Survivors. MedCityNews

In the UK, our friends at The King’s Fund have rounded up their most popular content of 2017 here. Newer models of telehealth and telemedicine such as Babylon Health and PushDoctor continue to struggle to find a place in the national structure. (Babylon’s challenge to the CQC was dropped before Christmas at their cost of £11,000 in High Court costs.) Judging from our Tender Alerts, compared to the US, telecare integration into housing is far ahead for those most in need especially in support at home. Yet there are glaring disparities due to funding–witness the national scandal of NHS Kernow withdrawing telehealth from local residents earlier this year [TTA coverage here]. This Editor is pleased to report that as of 5 December, NHS Kernow’s Governing Body has approved plans to retain and reconfigure Telehealth services, working in partnership with the provider Cornwall Partnership NHS Foundation Trust (CFT). Their notice is here.

More UK roundups are available on Digital Health News: 2017 review, most read stories, and cybersecurity predictions for 2018. David Doherty’s compiled a group of the major international health tech events for 2018 over at 3G Doctor. Which reminds this Editor to tell him to list #MedMo18 November 29-30 in NYC and that he might want to consider updating the name to 5G Doctor to mark the transition over to 5G wireless service advancing in 2018.

Data breaches continue to be a worry. The Protenus/DataBreaches.net roundup for November continues the breach a day trend. The largest breach they detected was of over 16,000 patient records at the Hackensack Sleep and Pulmonary Center in New Jersey. The monthly total was almost 84,000 records, a low compared to the prior few months, but there may be some reporting shifting into December. Protenus blog, MedCityNews

And perhaps there’s a future for wearables, in the watch form. The Apple Watch’s disconnecting from the phone (and the slowness of older models) has led to companies like AliveCor’s KardiaBand EKG (ECG) providing add-ons to the watch. Apple is trying to develop its own non-invasive blood glucose monitor, with Alphabet’s (Google) Verily Study Watch in test having sensors that can collect data on heart rate, gait and skin temperature. More here from CNBC on Big Tech and healthcare, Apple’s wearables.

Telehealth saves lives, as an Australian nurse at an isolated Coral Bay clinic found out. He hooked himself up to the ECG machine and dialed into the Emergency Telehealth Service (ETS). With assistance from volunteers, he was able to medicate himself with clotbusters until the Royal Flying Doctor Service transferred him to a Perth hospital. Now if he had a KardiaBand….WAToday.com.au  Hat tip to Mike Clark

This Editor’s parting words for 2017 will be right down to the Real Nitty-Gritty, so read on!: (more…)

Hacking, insider actions 81 percent of healthcare data breaches: Protenus

Healthcare data security company Protenus’ monthly Breach Barometer always contains interesting–and somewhat discouraging–surprises. August’s report topped July’s for the number of patients affected, with 674,000 patients involved in 33 incidents. Over 54 percent of breaches (N=18) were due to hacking (five incidents were attributed to ransomware), with over 27 percent (N=9) were from insider error (the main cause) or wrongdoing–over 81 percent in total. The remainder were due to loss, theft, or ‘unknown’. Another interesting finding was that discoveries of hacking are relatively quick at an average of 26 days from start to finish, due to the disruption they create, while insider attacks can go on for months (209.8 days)–or years. Protenus’ July report highlighted a breach at Tewksbury Hospital in Massachusetts that went unreported for a record-setting 14 years–an insider action that affected 1,100 records. Reporting to HHS is improving with reporting to HHS, the media or state attorneys general on average of 53 days. Protenus crunches its data from databreaches.net. (If you look at their reporting on TheDarkOverlord (@tdo_hackers), including their recent threats on a small Montana school system, you’ll be scared indeed.) MedCityNews 25 Sept, 23 August   Hat tip to Guy Dewsbury via LinkedIn

Hackermania meets The Dark Overlord with 2.3 million 2017 health data breaches

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]It’s a cage match! Reports are soaring, with a proliferation of data breaches year to date, after a relatively quiet period in 2016.

The Dark Overlord (TDO), in the mainstream news with dumping unseen Netflix program episodes on illegal file-sharing sites and demanding ransom (Guardian), also has been hard at work dumping PHI hacked from various clinics. DataBreaches.net tallied it at 180,000 records from at least nine medical clinics.

Health data security developer/provider Protenus, whose Breach Barometer tracks the numbers, counted 2.1 million breaches in 1st Quarter. March spiked with 700,000 coming from Commonwealth Health Corporation of Kentucky.

Our standby Privacy Rights Clearinghouse counted over 175,000 to date, but 160,000 came from MedCenter Health in Protenus’ total, so their net addition was 15,000. But PRC’s detail illustrates that ransomware is alive, well, and invading smaller healthcare organizations. Other reasons are unauthorized data server access, third-party vendors, email error, and theft.

16 or 27 million 2016 breaches, 1 in 4 Americans? Data, IoT insecurity runs wild (US/UK)

What’s better than a chilly early spring dive into the North Sea of Health Data Insecurity?

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/03/Accenture-Health-2017-Consumer-Survey.jpg” thumb_width=”150″ /]Accenture’s report released in February calculated that 26 percent of Americans had experienced a health care-related data breach. 50 percent of those were victims of medical identity theft and had to pay out an average of $2,500 in additional cost. One-third (36 percent) believed the breach took place in hospitals, followed by urgent care and pharmacies (both 22 percent). How did they find out? Credit card and insurer statements were usual, with only one-third being notified by their provider. Interestingly, a scant 12 percent of data breach victims reported the breach to the organization holding their data. (You’d think they’d be screaming?) The samples were taken between November 2016 and January 2017. Accenture has similar surveys for UK, Australia, Singapore, Brazil, Norway, and Saudi Arabia. Release  PDF of the US Digital Trust Report

So what’s 16 million breaches between friends? Or 4 million? Or 27 million?

  • That is the number (well, 15.9 million and change) of healthcare/medical records breached in 2016 in 376 breaches reported by the Identity Theft Resource Center (ITRC), a Federally/privately supported non-profit. Healthcare, no surprise, is far in the lead with 34 percent and 44 percent respectively. The 272 pages of the 2016 End of Year Report will take more than a casual read, but much of its data is outside of healthcare.
  • For a cross-reference, we look to the non-profit Privacy Rights Clearinghouse which for many years has been a go-to resource for researchers. PRC’s 2016 numbers are lower, substantially so in the number of records: 301 breaches and 4 million records.
  • HIMSS and Healthcare IT News insist that ransomware is under-reported, (more…)

Health execs’ wish list for 2017: security, analytics, pop health…and telehealth (US)

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/01/2017-upgrade-HITN-survey.jpg” thumb_width=”200″ /]Healthcare IT News published the results of their October survey of 95 healthcare executives as to their forward plans (resolutions?) for 2017. It’s unsurprisingly centered on upgrades to the following areas:

  • Data security (52 percent)–definitely making up for lost time and spending due to the obvious threats from hacking and data breaches. In November alone, nearly two incidents a day (57) and over 458,000 records were reported by healthcare entities to HHS. (Protenus Breach Barometer)
  • Data analytics (51 percent)–figuring out what to do with all that patient data generated by….
  • Patient engagement and population health (44 percent each)–demanded by quality standards in CMS’ MACRA Quality Payment Program (QPP), including the Merit-Based Incentive Payment System (MIPS) and the Advanced Alternative Payment Models (APMs)
[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/01/2017-introduce-investigate-HITN-survey.jpg” thumb_width=”200″ /]The surprises come here–the technologies they expect to introduce or investigate. Analytics and workflow correspond to the last two points above, but what is compelling is an apparent tipping point for technology which links the patient to care monitoring and access: telehealth (44 percent), smart medical devices (41 percent) and remote patient monitoring (34 percent). These overlap (as in telehealth and RPM require smart medical devices), yet these are strong numbers if they accurately reflect these execs’ actual (or eventual) spending. (Does it point to more clinically validated use of trackers like Fitbit? The Magic 8 Ball does not tell here….)

The presence of 2016-17’s ‘It Girl’, precision medicine (21 percent), which applies both data analytics and genomics to improve patient outcomes, isn’t surprising with the emphasis on quality care.

One can quibble that the sample size is small N, and the report doesn’t confirm the selection details like title, location, and type of organization, but the direction has to be cheering on many fronts. HITN’s overview, survey results (16 slides)

Summertime, and the ransomware is running wild (updated)

Mashing up our summer ‘tune’ list are the latest reports on ransomware attacks and data breaches:

  • Banner Health’s odd breach of 3.7 million records, first testing their café credit cards then entering their patient information systems, is leading to at least one class-action lawsuit. HealthITOutcomes, Becker’s Hospital Review
  • Bon Secours Health System of Maryland had a exposure of 655,000 records when a business associate of Bon Secours left patient information exposed online for four days while it adjusted its network settings. Healthcare Dive
  • The Locky ransomware has been battering hospitals since the beginning of August, with phishing emails spiking on August 11. Most of this global strike is attacking healthcare, with transportation and telecom running second; countries with the highest frequency of attacks are US, Japan, and South Korea, FireEye reports. ZDNet
  • Solutionary, now NTT Security, which specializes in cybersecurity services, reported last month that 88 percent of all ransomware detections in second quarter 2016 targeted healthcare. However, Cryptowall, not Locky, was the killer ransomware they spotted, accounting for nearly 94 percent of detections. Release
  • Can you anticipate cyber crimes like these? ID Experts has an intriguing blog post on how you can think like a cyber thief. Part One of a promised three-part series. Updated: ID Experts disclosed earlier this week that it spun off RADAR, its two-year-old IT security and compliance company, effective 2 Aug, with a $6.2 million Series A funding. It appears that the CEO wrote the check (CrunchBase).  There’s gold in dem dere cyber varmints! MedCityNews  Release
  • Scared enough? The Federal Trade Commission comes to the rescue with a half-day seminar on ransomware detection and prevention in Washington DC on September 7. The session is free and will be webcast (details to come). FTC release, event page