Running Wild: hacking now 98% of healthcare data breaches

[grow_thumb image=”” thumb_width=”200″ /]This recent study from Silicon Valley-based Bitglass security neatly notes that practically all healthcare data breaches–56 incidents and 111 million records last year–were due to hacking. Only in 2014, 68 percent were due to lost laptops and devices (58 percent calculated in JAMA, TTA 21 Apr 15) in 31 incidents. This corresponds to the Verizon finding of the risk level present in healthcare IT wherever health information is resident [TTA 10 Nov 15]. Certainly the huge breaches of 2015 (Anthem, Premera Blue Cross, Excellus Blue Cross, CareFirst) set the pace, but according to the Health IT Security article, even if the top six breaches were excluded, hacking would still be #1. Hat tip to Dr Stuart Hochron of PracticeUnite via LinkedIn.

Related: the full Verizon Data Breach Investigations Report (DBIR) for 2015 is available here

CONNECT bill aims to extend telehealth in Medicare, save $1.8 bn over 10 years

Can it succeed where others have stalled? The Creating Opportunities Now for Necessary and Effective Care Technologies (CONNECT) for Health Act (S. 2484–whew!), introduced last week and sponsored by Brian Schatz (D-HI) and co-sponsored by five US Senators  (split equally between Republicans and Democrats), seeks to expand Medicare coverage of telehealth, including remote patient monitoring and store-and-forward asynchronous data transfer beyond the presently limited rural health and chronic care/transitional care management codes. The main areas included are:

  • Create a program to help providers meet the goals of the Medicare Access and CHIP Reauthorization Act and the Merit-based Incentive Payment System through the use of telehealth and remote patient monitoring (RPM)
  • Expand the use of RPM for certain patients with chronic conditions
  • Increase telehealth and RPM services in community health centers and rural health clinics; and
  • Make telehealth and RPM basic benefits in Medicare Advantage.

The $1.8 bn savings over 10 years is an estimate generated by Avalere on the top three bullets alone, according to the Senators sponsoring the bill.

There is a companion House bill (HR 4442) , also with bipartisan sponsorship, sponsored by Diane Black (R-TN) and co-sponsored by Peter Welch (D-VT), and Gregg Harper (R-MS).  But this version has a full roster of support starting with the usual suspects among association (ATA and HIMSS), payers and telehealth providers, but also from other less usual supporters such as the Health Care Chaplaincy Network, Universities of Mississippi and Pittsburgh Medical Centers, the Evangelical Good Samaritan Society and the Federation of State Medical Boards (FSMB). 

Rep. Harper has also brought forth for two sessions the Telehealth Enhancement Act, which has never emerged from various committees [TTA 29 May 15]. In addition, Rep. Doris Matsui’s (D-CA) Telehealth Modernization Act of 2015 has had the same fate.

Both Senate and House bills are given by GovTrack a 1-2 percent chance of passage in an election year, so don’t bet on telehealth expansion any time soon. But the rare convergence of bipartisanship and Senate/House coordination gives one hope. HealthITOutcomes, HealthcareITNewsSen. Thune release, Sen. Schatz summary

Spuble’s near instant speech bubbles on your iPhone

[grow_thumb image=”” thumb_width=”300″ /]Your TEC ‘charmer’ to end the week–technology enabled communication. Spuble (rhymes with ‘bubble’) is a new UK-developed app that translates speech almost instantly into large, easy to read cartoon-like subtitles on an iPad or iPhone. It uses the audio mic feature to create a large type ‘speech bubble’ to show to the listener. Gary Rolf’s impetus for it was to bring his 90 year old nan, Bett, ‘back in the conversation’ after nearly 10 years of being isolated with total hearing loss. The video on their website shows Mr Rolf with Bob, his granddad, using the app which was inspired by the subtitles on television’s ‘Coronation Street’. The simplicity of use is demonstrated in that Bob, aged a lively 96 and hardly a techie, uses it quite readily to communicate with Bett. If you have a family member (as I do and have had) with hearing loss, this can be a tool to bridge the hearing gap, especially in noisy settings or when the hearing aids chew up yet another battery and become expensive earplugs. This Editor was all set to install but (for her disappointingly) it’s not available for Android yet. Both that and multiple languages on the way according to the website. You’ll also be charmed by the video with the WWII anthem ‘We’ll Meet Again’ in the background and the very lively Bett and Bob, who enjoy their Guinness, with their inventive grandson. A small quibble–can it handle more than one speaker, and how well? Also KentOnline Hat tip to Editor Emeritus and Founder Steve.

Fitness trackers, mobile apps shown to leak sensitive data

[grow_thumb image=”” thumb_width=”150″ /]An unnerving 35-page report published by Canadian nonprofit OpenEffect, assisted by the Citizen Lab at the Munk School of Global Affairs, University of Toronto, claims that leading fitness trackers and their corresponding mobile apps are veritable sieves of personal data, inviting security breaches. Where Hackermania Runs Wild starts with lack of Bluetooth LE privacy, allowing tracking via Bluetooth even when the tracker isn’t paired to a smartphone. Then many of the companion apps leaked login credentials, transmitted activity tracking information in a way that allowed interception or tampering, or allowed users (or others) to insert false activity tracking information. The trackers studied were the Basis Peak, Fitbit Charge HR, Garmin Vivosmart, Jawbone Up 2, Mio Fuse, Withings Pulse O2 and Xiaomi Mi Band. Notably the Apple Watch 2.0 was secure.  The full report is titled dramatically “Every Step you Fake: A Comparative Analysis of Fitness Tracker Privacy and Security”. Security article, study in PDF, Hat tip once again to Toni Bunting, former Northern Ireland Contributing Editor. 

Older adults anticipate their relationships with ‘helper’ robots: study

[grow_thumb image=”” thumb_width=”150″ /]How older adults (65+) respond to the idea of ‘helper robots’ which may be a part of their future lives span a wide range. The key seems to be that they are ‘most advanced, yet acceptable’ (designer Raymond Loewy’s MAYA dictum) when they perform passive ‘physical, informational and interactional’ tasks–‘helpers and butlers’ in the researchers’ terms. Robots which kick it up a notch and are more autonomous, making its own decisions without direction, are far less acceptable and perceived as ‘robot masters’. “Seniors do not mind having robots as companions, but they worry about the potential loss of control over social order to robots.” That is a leap that goes forward, in the lead researcher’s terms, to how the media has portrayed robots as shaping older adults’ perceptions. A team from Penn State University’s Media Effects Research Laboratory surveyed 45 older adults — between ages 65 and 95 years old — at a senior citizens’ center in Pennsylvania. Published in the Interaction Studies journal. Penn State News Hat tip to our former Northern Ireland Contributing Editor Toni Bunting. On the other end of the age spectrum, an earlier study by the same lead researcher noted that older people were quite concerned about the effects of robots on young people and the desire for parental controls, lest the robots might encourage laziness and dependency. Penn State News (2014)

The evolution of Facebook: implications for social health

The Telegraph’s recent retrospective on Facebook and its evolution from 2004’s ‘Thefacebook’ of Harvard University students to the Facebook that many of us use now, with Chat, timeline and a converged mobile and desktop design, led reader Mike Clark to drop Editor Charles a line about how healthcare isn’t maximizing social media and internet-based innovation. Recent studies have indicated that these social patient communities benefit their members. Agreed, but there are increasing qualifications–and qualms.

Back in 2014, Facebook made some noises on forming its own online health communities, a move that was widely derided as Facebook monetizing yet another slice of personal (health) data from users. While Charles has made the excellent point that “almost all good health apps are essentially the tailored interface to an internet service that sits behind it, a fact often forgotten by commentators”, Editor Donna on her side of the Atlantic has seen concerns mount on privacy, security and the stealthy commercialization/monetization of many popular online patient support groups (OSGs) which Carolyn Thomas (‘The Heart Sister’) skewers here, excepting those with solid non-profit firewalling (academic, government, clinical). Example she gives: Patients Like Me, which markets health data gathered from members to companies developing products to sell to patients. How many members, with a disease or chronic condition on their mind, will browse through to this page that says in part: “Except for the restricted personal information you entered when registering for the site, you should expect that every piece of information you submit (even if it is not currently displayed) may be shared with our partners and any member of PatientsLikeMe, including other patients.”

We’ve also noted that genomics data may not be sufficiently de-identified so that it can’t be matched through inference [TTA 31 Oct 15], with the potential for sale. And of course Hackermania Running Wild continues (see here).

For now general information sites like WebMD and personalized reference sites such as Medivisor feel more secure to users, as well as small non-commercialized OSGs and ‘closed’ telehealth/telemedicine systems.

Mississippi to get VA telemed pilot amid controversy

Mississippi has led the way in telemedicine projects in southern USA for some time with the University of Mississippi Medical Center’s various successful projects [grow_thumb image=”” thumb_width=”150″ /]attracting well deserved funding. Now the US Secretary of Veteran’s Affairs has announced that a new pilot programme to use telemedicine to reduce wait times for new patients at VA hospitals will take place in Mississippi.

This pilot programme comes in the wake of the highly criticised wait times reported for new patients at VA hospitals in 2014. A CNN report based on internal VA documents claimed that thousands of veterans had to wait more than three months to see a specialist.


IBM automates diagnostic image analysis

“Most smart software in use today specialises on one type of data, be that interpreting text or guessing at the content [grow_thumb image=”” thumb_width=”150″ /]of photos. Software in development at IBM has to do all that at once. It’s in training to become a radiologist’s assistant” writes Tom Simonite in MIT Technology Review.

According to Simonite, the IBM software, named Avicenna, analyses diagnostic images like CT scans and the associated data such as a patient’s medical record and suggests possible diagnoses.

An example quoted was the case of a 28-year old with shortness of breath whose pulmonary angiogram images and medical history were analysed by the software. Using a family history which showed a tendency to form blood clots the software diagnosed a pulmonary embolism which was the same diagnosis an independent radiologist reached.

Simonite reports that IBM have thus far used annonymised data and are now working on commercialising the software although an independent researcher is quoted as saying that the accuracy needs to be increased before it would be a useful diagnostic tool.

Read the full article here.

Philips, Validic partner on health data integration

[grow_thumb image=”” thumb_width=”200″ /]Earlier today, Philips and health data ‘connector’ Validic announced a partnership where Philips’ multi-part HealthSuite digital health platform will expand with Validic’s access to third-party device data. The surprise is how much data Validic now can access: a claimed 223 million people in 47 countries, which was a surprise to this Editor. Philips’ HealthSuite includes Personal Health Programs, the Lifeline PERS line, eCareCoordinator and eCareCompanion eHealth applications. Exactly how Philips will use this access is not disclosed. Philips release

Can technology help to bridge the Loneliness Factor?

The Guardian’s impassioned article on how common and harmful loneliness is among older adults led to some reflection by this Editor on how difficult and ‘multi-part’ an approach to help can be, even if you call it ‘The Campaign to End Loneliness’. “Studies have found loneliness can be more harmful than smoking 15 cigarettes a day, increases the risk of premature death by 30% and the chances of developing dementia by 64%. More than one million people aged over 65 are thought to be lonely – around 10-13% of older people.”–statistics from the article and AgeUK’s press release on their recent study, ‘ Promising approaches to reducing loneliness and isolation in later life’.  GPs see a lot of them, and some more for an ‘event of the day’ than actual medical need. Loss of hearing, sight and mobility further isolate the older person, particularly those in rural areas where everyone and everything is at a distance requiring driving, creating dependency among those who can no longer. Even among the middle-aged, loss of hearing reduces engagement in social situations. (And the article does not include the disabled.) It closes with suggestions that councils need to budget for and organize programs to reach out to lonely adults, including carers, and that not one approach can fit all, but emphasizes more personal approaches such as groups and one-on-one support. Hat tip to Malcolm Fisk via Twitter

Is a way to fight the Loneliness Factor located in technology, even remote patient monitoring? That’s been the primary reason for some systems such as GrandCare, but even in RPM, whether hub-based or smartphone/tablet based, the reminders and active clinician monitoring part of chronic care management can and do engage. Older people are using smartphones and tablets–perhaps not as fully as a 40 year old, but they are using Skype, calendaring and social media (Facebook, LinkedIn and news/opinion sites). A big help here, according to Laurie Orlov, would be voice recognition and integration into safety/alarm technologies. This Editor also sees proactive alerting to changes in condition as a still-untapped area.  There’s $279 billion of potential in ‘silvertech’ as estimated by AARP and Parks Associates–it’s a matter of getting young techies/entrepreneurs excited about it, and the Sand Hill funder crowd realizing that yes, it’s sexy too. Long Term Living

Using sensors to speed scientific experimentation

[grow_thumb image=”” thumb_width=”200″ /]A Boston-based startup with some impressive backing, Elemental Machines, is seeking to solve the variability problems that hinder scientific experimentation, particularly in drug development. Misfit and AgaMetrix founders Sonny Vu and Sridhar Iyengar join co-founders Elicia Wong and Gary Tsai in raising $2.5 million in seed funding, with investors including Founders Fund, backer of SpaceX and Lyft. The company’s purpose is to develop sensors (called “elements”) sending data interpreted by cloud-based software that will help scientists better detect and control for the most common variable factors that take place during experiments–temperature, humidity, vibration, light, instrumentation and protocols. The goal is to accelerate the experiment and research process so that drugs, devices and products make it to market (eventually) faster and less expensively. BostInno, TechCrunch

Is ‘telehealth lite’ good enough for the Spanish-speaking market? (US)

Pioneering or inadequate? Mercer LLC, a major employee benefits consulting company that is part of business consulting giant Marsh & McLennan, and digital health platform developer ConsejoSano (Health Advice) recently announced a partnership where Mercer will market the ConsejoSano platform to its large base of US employers and also to the wider US Hispanic market of 54 million with at least 22 million in the workforce. Their pitch is to the group most comfortable communicating in Spanish as a primary language. The service is via phone or mobile app, and connects employees to native Spanish-speaking doctors. However, you won’t be able to visit that doctor unless you go to Mexico; they are provided via Salud Interactiva S.A. de C.V., a Mexico City-based medical services/telehealth company. Because the doctors are ex-US, they cannot refer or write a prescription, and only address questions on general health needs, mental health, nutrition and chronic disease management. Still, ConsejoSano claims a 60 percent resolution of medical needs upon the first call.

This Editor asks: What about that other 40 percent? This conceivably is a ‘first turn’ service for that Spanish-speaking person, and after you’ve built up that trust, the consult isn’t completed. Why isn’t this built with warm transfer capability to US-based assistance which can refer the person to either local in-network doctors, a telehealth doctor in their employee insurance network or other assistive services? Is this a good-looking glass-half-full for the Spanish-primary speaking population? Mobile Strategies 360, Mercer release

Exploring how best to use telehealth to manage COPD – can you help?

Anyone working in telehealth knows that, of the principal long term conditions to which it is applied, COPD is the most problematic, with many telehealth trials showing no significant benefit. However in various meetings, Dr Julia Bott has tantalised me by suggesting that she and Dr Hilary Pinnock may know how to use telehealth more effectively.

Therefore, on 3rd March, we are holding a small, free, meeting at the Royal Society of Medicine in London from 3pm-5pm to examine how telehealth can be used to manage people with COPD better. Present will be both Dr Hilary Pinnock (University of Edinburgh) and Dr Julia Bott (University of Surrey).

So far we have senior representatives from two major telehealth organisations attending and probably need at least three more. If you are interested, please do email this editor,, explaining why you’d like to join us for what I suspect may prove to be a groundbreaking event.

The rich store of information in…human sweat

[grow_thumb image=”” thumb_width=”200″ /]’Don’t sweat it’ may in future be the wrong thing to say. University of California-Berkeley researchers have developed a prototype sensor array on a band that successfully captures readings of multiple sweat analytes and sends the information to a smartphone app for analysis, making it the first device capable of continuous, non-invasive monitoring of multiple biochemicals in perspiration. The five sensors measure metabolites glucose and lactate, the electrolytes sodium and potassium, and skin temperature, which serves to calibrate the other readings in real time. The device (left), which can be in a wristband or headband form, also contains a flexible printed circuit board that amplifies the sensor signals and sends them to the smartphone app. The Berkeley researchers look forward to commercializing the technology to capture more analyte readings, for athletic performance, medical and fitness tracking usage–and in the longer-term, population-level studies for medical applications. We wonder how long it will be before these show up in a new model Misfit, Jawbone or Fitbit. Berkeley News   Hat tip to former TTA Ireland Editor Toni Bunting

The security risks, and the promise of, the Internet of Things

Jason Hope, who back in September wrote on how one of the greatest impediments to the much-touted Internet of Things (IoT) was not security, but the lack of a standardized protocol that would enable devices to communicate, has continued to write on both this topic and IoT security. While The Gimlet Eye had great fun lampooning the very notion of Thingys Talking and Doing Things Against Their Will [TTA 22 Sept 15], and this Editor has warned of security risks in over-connectivity of home devices (see below), relentlessly we are moving towards it. The benefit in both healthcare monitoring/TECS and safely living at home for older adults is obvious, but these devices must work together easily, safely and securely. To bend the English language a bit, the goal is ‘commonplaceness’–no one thinks much about the ubiquitous ATM, yet two decades ago ‘cash machines’ were not in many banks and (in the US) divided into regional networks.

As Mr Hope put it as the fifth and final prediction in his recent article:

The IoT Will Stop Being a “Thing”
How many times in the past week have you said, “I am getting on to the World Wide Web?” Chances are, not very many. How many times have you thought about the wonder of switching on a switch and having light instantly? Probably never. Soon, the Internet of Things, and connectivity in general, is going to be so common place, we also won’t think about it. It will just be part of life and the benefits and technology that wow us right now will cease to be memorable.

This Editor continues to be concerned about how hackers can get into devices, (more…)