NHS App’s pilot results: renewing prescriptions good, making appointments…not so much

The NHS App, announced at the end of 2017, piloted in September-December 2018. It started with one GP practice in Liverpool and grew to 34 practices across England, eventually growing to 3,200 registered patients, exceeding its target registration group by over 1,200. The NHS report was issued on 8 April.

  • Most used the app to view their patient records. Unless the patient had given prior consent to their GP to view their full patient record, only a summary was available through the app. This will revert to full patient records with the ability to add to the record as the default by April 2020.
  • For the pilot users, they reported positively on the app for prescription renewals; it was used for 662 repeat prescriptions and was found by 87 percent to be ‘easy and convenient’ as well as the app’s ‘most useful service’.
  • On booking appointments, the feedback was not so positive. Users had difficulty understanding the jargon used in booking.
  • They also found the two-factor authentication for security purposes annoying. For the full implementation, the development team is planning to add a biometric log in.

The NHS hopes to roll out the app to all English GP practices by July 2019. While the app became available in December on Google Play and the Apple App Store, patients have to wait for their GP to connect to it. Mobihealthnews, NHS report site

A counterpoint to this is the final closing of the Microsoft HealthVault later this year. Users will have until 20 November to migrate their data. HealthVault was one of the first services to allow consumers to record and share electronic health data. Microsoft has already shut down two related services, HealthVault Insights and the Health Dashboard. Most of these storage services have shut down (Revolution Health, Google Health, Google Fit, Dossia) with the surviving Apple Health Records and GetReal’s Lydia. Mobihealthnews

Rounding up mid-August: PCORI funds 16 projects with $85 million, InTouch’s Rite Aid deal, Suennen leaves GE Ventures, NHS lost 10K patient records last year

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2017/12/Lasso.jpg” thumb_width=”150″ /]Rounding up August as we wind down our last weeks of summer holidays. 

The Patient-Centered Outcomes Research Institute (PCORI) announced earlier this week that they are funding 16 studies which compare two or more approaches to improve care and outcomes for a range of conditions. Included in the $85 million funding are studies incorporating technology. One is a $13.3 million grant for a West Virginia University study utilizing telehealth to monitor patients with major depressive disorders comparing medication, cognitive behavior therapy (CBT), and medication plus remote CBT. PCORI Release

InTouch Health, an enterprise telehealth provider which most recently partnered with RPM developer Vivify Health [TTA 19 Dec] to move into in-home and post-acute settings, is now moving into retail with Rite Aid. The letter of intent is to help Rite Aid build up the technology in their existing health kiosks in pharmacies and ‘alternative care sites’. Rite Aid has had a long standing interest in kiosks, including as one of the last customers of HealthSpot. With their Albertsons merger scuttled, Rite Aid is seeking other business and interest. One of InTouch’s executives is EVP of Marketing and Consumer Solutions Steve Cashman, who founded and headed HealthSpot. InTouch is also participating in the World Telehealth Initiative, a nonprofit organization which seeks to bring telehealth expertise into worldwide communities in need. InTouch will donate devices, access to its virtual network, and access to doctors donating their time. Mobihealthnews.

Lisa Suennen, a fixture at many health tech conferences and one of the few women with both presence and clout in the funding sphere, has departed GE Ventures, GE’s VC arm. She was senior managing director focusing on healthcare companies, successfully exiting several in her portfolio to UnitedHealth and Aetna. No reason was given for her exit after a stint of under two years, other than the anodyne “find a new adventure.” GE is planning to spin off its healthcare businesses as part of its restructuring. CNBC

And the week would not be complete without a report about NHS losing nearly 10,000 patient records–paper and electronic–last year, according to information released under UK freedom of information laws. Without this information, doctors have trouble finding patient history sources and prior diagnostic records. There is also abundant opportunity for fraud, as Everything Winds Up Somewhere, and that somewhere could be criminal. Last year, Members of Parliament said the NHS had “badly failed patients” after a scandal in which at least 708,000 pieces of correspondence–including blood tests, cancer screening appointments, medication changes, and child protection notes–piled up in storerooms. Sunday Times. If paywalled, see the attached PDF.

More and more into the (data) breach: 3X more patient records in Q2, UnityPoint’s breach balloons to 1.3M

[grow_thumb image=”http://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]And we thought Healthcare Hackermania was following the Hulkster into retirement. After a quiet Q1, data breaches and hack attacks blew up both in Q2 and now in this quarter.

Data compliance analytics firm Protenus’ Breach Barometer (with DataBreaches.net) has been tracking healthcare data breaches for years. It was quiet last quarter with 1.13 million patient records affected in 110 separate health data breaches. But last quarter was a true triple threat with patient records up three times to 3.14 million, 142 separate breaches–which means more per breach on average. What is also distressing is that 29.71 percent are repeat offenses among employees, up from 21 percent in the previous quarter.

  • 36.6 percent of breaches were due to external hacking, nearly double that of Q1.
  • 30.99 percent were due to insiders, either through deliberate wrongdoing (theft) or insider error. Insider wrongdoing was led by family members snooping on other family members’ records. Not Russians, Chinese, NoKos, or Bulgarians bashing about. 
  • In contrast to Q1, where the biggest data breach was a network hack of an Oklahoma-based health network (reportedly the Oklahoma State University Center for Health Sciences), compromising nearly 280,000 records, Q2’s Big Breach was a physical burglary of the California Department of Developmental Services in Sacramento affecting over 581,000 records. After the usual ransacking and theft, the burglars started a fire before they left and the sprinklers did the rest.

It routinely takes nearly forever from when a breach occurs to when it is discovered: in Q1 244 days, in Q2 204 days. In Q2 the longest discovery time was over five years –2013 to 2018. This indicates that insiders may be good at covering their tracks, and/or IT staff don’t get around to detecting and policing breaches.

Protenus and DataBreaches.net compile incidents disclosed to HHS and reported in the media, and are now adding their own proprietary, non-public data on the status of health data breaches nationwide, including a review of tens of trillions of individual
accesses to EHRs which Protenus audits as part of their healthcare systems services. More detail in Protenus Q2 and Q1 full reports, HealthITSecurity (Q1)

Certain to lead their Q3 report is the 1.4 million patient record breach at UnityPoint Health, an Iowa-based health system. In May, a small phishing breach compromised 16,000 records. This cyberattack also started with email phishing and spread through employee networks. “The phishing campaign tricked employees into providing confidential login information, which hackers used to infiltrate email accounts and access data contained within.” Were the hackers after patient data? According to UnityPoint, “The phishing attack on UnityPoint Health was more likely focused on diverting business funds from our organization.” Healthcare Analytics News

You may not want a cyberattack, but cyberattacks and hacking want you….