The leaky roof of healthcare data (in)security–DARPA to the rescue?

June 4, 2015 | by

This week’s priceless quote:

“A lot of the response was, ‘We live in a cornfield in the middle of Minnesota,’” he said. “’Who wants to hurt us? Who can even find us here?’”–Jim Nelms, Mayo Clinic’s first chief information security officer, 

We know where you are and what you do! The precarious state of healthcare data security at facilities and with insurers, plus increased external threats from hacking has been getting noticed by Congress–when you see it in POLITICO, you know finally it’s made it into the Rotunda. It was over the horizon late last summer with the FBI alert and legislators in high dudgeon over the Community Health Systems China hack [TTA 22 Aug 14]. It’s a roof that leaks, that costs a lot to fix, doesn’t have immediate benefit (cost avoidance never does) but when it does leak it’s disastrous.

This article rounds up much of what these pages have pointed out for several years, including the Ponemon Institute/IBM study from earlier this week, the Chinese/Russian connections behind Big Hacks not only for selling data, but also IP [TTA 26 Aug 14] and how decidedly easy it is to hack devices and equipment [TTA 10 May 14]. Acknowledgement that healthcare data security is about 20 years behind finance and defense deserves a ‘hooray!’, but when you realize that on average only 3 percent of HIT spend is on security when it should be a minimum of 10 percent (HIMSS) or higher…yet the choice may be better security or uncompensated patient care particularly in rural areas, what will it be for many healthcare organizations?

The article also doesn’t go far enough in the devil’s dilemma–that the Federal Government with Medicare, HITECH, meaningful use, rural telehealth and programs like Medicare Shared Savings demand more and more data tracking, sharing and response mechanisms, stretching HIT 15 ways from sundown. At the cutely named Health Datapalooza presently going on in Washington DC, data sharing is It for Quality Care, or else. Yet the costs to smaller healthcare providers to prevent that ER readmission scenario through new care models such as PCMHs and ACOs is stunning. And the consequences may be more consolidated, less available healthcare. We are already seeing merger rumors in the insurer area and scaledowns/shutdowns/buyouts of community health organizations including smaller hospitals and clinics. Also iHealthBeat.

DARPA to the rescue? The folks who brought you the Internet may develop a solution, but it won’t be tomorrow or even the day after. The Brandeis Program is a several stage project over 4.5 years to determine how “to enable information systems that would allow individuals, enterprises and U.S. government agencies to keep personal and/or proprietary information private.” It discards the current methodology of filtering data (de-identification) or trusting third-parties to secure. Armed With Science  FedBizOpps has the broad agency announcement in addition to vendor solicitation information.

Healthcare vulnerability in a concatenation of data breaches

June 2, 2015 | by

Concatenation is one of those lovely English words that express far more than its simpler synonyms: sequence, series or chain of events. Perhaps we have experienced that concatenation of data breaches which connect and demonstrate a critical mass that motivate healthcare organizations, including insurers, to ensure that data security and privacy gets primacy in HIT. Our Readers know we’ve been on the case since 2010; we’ve been noting Ponemon Institute and ID Experts studies since then.

While simple, straightforward theft can be the cause of smaller breaches and not part of a Big Hack, it’s not as Three Stooges or Benny Hill-esque as perhaps the JAMA study earlier this year made it out to be, especially if it’s your personal record, or your patient’s, which is breached, identity and financials damaged. (See this Security Intelligence article on a minor health breach and how it affected an individual who happens to be in IBM’s security arm.)

Just in the past few weeks, in the US we have experienced the following major and minor breaches:

  • CareFirst BlueCross BlueShield in Maryland–an insurer, not a hospital or practice–had a Big Hack of 1.1 million health records, with names, birth dates, email addresses and insurance identification numbers (but not SSI or credit card numbers) revealed.
  • Beacon Health Systems (Indiana) had a phishing attack into employee email boxes dating back to 2013. This was a Medium Hack that affected about 220,000 patients. Data taken included SSI and driver’s license. Health Data Management today.
  • Advantage Dental in Redmond, Washington had a 152,000 patient hack during three days in February.
  • Also in February, a New York City Health and Hospitals Corporation employee transferred patient files to her personal and new work email. 90,000 patients may have compromised data as a result. Becker’s

More breaches are listed today in iHealthBeat and the ever-growing list on Privacy Rights Clearinghouse.

Ponemon Institute’s 2015 Cost of a Data Breach Study: Global Analysis, with IBM, was published last week. (more…)

Good news on telemedicine from the US…and one small potentially dark cloud

May 31, 2015 | by

According to FierceHealthIT, last week three more states – Indiana, Minnesota and Nevada – enacted telemedicine parity laws, bringing the total to 27 plus the District of Columbia, to make it that much easier to provide – and to request provision – of a telemedicine service.

  • Indiana’s requires coverage of the services under private insurance through video, audio or other media. The law prohibits a provider from having to obtain written consent for use of telemedicine.
  • Minnesota’s law says health plans must cover and reimburse for telemedicine the same way and at the same cost as in-person service. Medicaid coverage, according to the law, is limited to three telehealth services per week per beneficiary.
  • Nevada’s requires coverage and reimbursement for telehealth under private insurance and Medicaid, as well as workers compensation (the first state to include this) to the same extent and at the same price as provided in person.

Meanwhile MorningStar reports that a Federal Court ruled in favor of Teladoc, blocking as illegally limiting competition  (more…)

The health disruptors, about to be themselves disrupted

May 31, 2015 | by

FierceMedicalDevices on Friday had an article on disruption of the hearing aid business that looks like it could have slipped through a time warp from a few years back – it even mentions faxing as a part of the new process.

The disruption it transpires is separating hearing test from hearing aid provision, the results of the test being sent to a provider “via fax or email”. This it seems is likely to reduce device costs (no mention of the tests costs) from $1,000-$6,000 to some $700/pair.

However, as a Royal Society of Medicine audience heard recently, (more…)

Telstra has spent $100M on telehealth

May 29, 2015 | by

Telstra Health has splashed out $100 million buying up other telehealth companies, it was revealed at a recent conference. Bronwyn Pike, former Minister of Health in Victoria and now Community Care Lead at Telstra Health, addressing the 13th National Rural Health Conference[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/04/Telstra-Health.jpg” thumb_width=”150″ /] held in Darwin from May 24th to 27th, described how Telstra Health wants to transform rural health in Australia.

“Increasing demand, rising costs and more people with chronic illness are among the challenges Australia’s health care industry is facing. Working harder can only go so far — we need to reimagine what the future could look like”, Pike wrote in her abstract.

“Helping users to do more for themselves has been a key feature of almost every other industry change of the last decade. Banking is a perfect example — where once every single interaction required your physical presence in front of a teller, now you can manage almost every aspect of your banking needs securely online.

“Health is caught in a model that is inconvenient for patients and labour intensive for health care providers. We need to tailor the model to suit the health industry and capitalise on the benefits connection can provide. Those living in rural and remote communities without regular access to all levels of care stand to benefit enormously if we can unlock the potential of ehealth”

Tunstall adds services for Australian veterans, upgrades US call centers

May 29, 2015 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2014/07/Big-T-thumb-480×294-55535.gif” thumb_width=”150″ /]Tunstall has been quiet on the newsfront lately, so these two items from Australia and the US are to be noted. In Australia, the Department of Veterans Affairs (DVA) rehabilitation appliances program (RAP), which provides subsidized personal response systems to veterans, now includes Tunstall’s PERS, iVi fall detector pendant, PIR movement sensor and GPS watch. The program requires that veterans be evaluated for need by a qualified health provider. Tunstall has participated in the RAP program since 2002. Pulse+IT (Australasia) In the US, a significant part of Tunstall’s purchase of AMAC were medical answering service operations in Long Island City, NY, Pawtucket, RI, and Newington, CT. A $10 million upgrade of their 24/7 service includes CRM for healthcare providers for after-hours, overflow support, appointment reminders, insurance verification and help desk services. Release

Telehealth reimbursement makes legislative progress in Texas, US House

May 29, 2015 | by

In Texas, telehealth reimbursement as part of the state Medicaid program passed their House resoundingly (120 to 5!) and moved to the state Senate. (In Texas, if your bill makes it through the scrum that is their House, the Senate moves expeditiously.)  HB (House Bill) 2641 would authorize Texas’ Health & Human Services Commission (HHSC) to extend reimbursement for home telemonitoring (telehealth) services under the state Medicaid program from September this year for four years. Health care providers in Medicaid would be reimbursed for review and transmission of electronic health information. The caveat of course is that it is ‘feasible and cost effective’–it is designed to be expenditure neutral. The bill also includes extensive stipulations on health information exchanges based on national standards (ANSI) as well as amending the health and safety code for immunizations and other health conditions. The ‘criminal offense’ pertains to protected health information breaches as a misdemeanor. Telehealth inclusion in Medicaid is positive as this state insurance plan serves the poorest and often sickest, as well as many federal Medicare ‘dual eligibles’. Texas, being a large state, also sets trends (including the most reluctant to adopt cross-state telemedicine licensure.)  Text of HB2641

Would that telehealth reimbursement have the same chance in that large, exceedingly deliberative body called the US House of Representatives. HR2066, the Telehealth Enhancement Act of 2015, is similar to a bill that expired in committee in the last session. It was introduced (more…)

Two telemedicine clinics open in Kenya

May 28, 2015 | by

Two telemedicine clinics have been opened in Nairobi and [grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/05/kenyatta_hospital.jpg” thumb_width=”150″ /]Machakos, 63 km from Nairobi, in Kenya, according to a report in HIT Consultant. The clinics, based at the Kenyatta National Hospital in Nairobi and the Machakos Level 5 Hospital in Machakos, will provide patients in remote areas the ability to consult cancer specialists at the Kenyatta Hospital using video conferencing.

Both hospitals are state run hospitals and the telemedicine service is being funded by Merck, the international pharmaceutical company.

Merck recently acquired remote cardiac monitoring company eCardio shortly before eCardio merged with remote monitoring device maker Preventice. Previously we reported that Merck invested heavily in WellDoc when WellDoc raised $20m of funding.

Read more about the Merck project in Kenya here.

Home telehealth now focused on the ‘superusers’ of healthcare

May 28, 2015 | by

A noticeable trend in telehealth has to do with focusing less on the generic virtues of at-home vital signs monitoring for routine patient care and more on managing specific high-cost populations to avoid or reduce costs. Some of the impetus in the US has come from new regulations by CMS (Center for Medicare and Medicaid Services) intended to move Medicare fee-for-service (FFS) patients into a reimbursed chronic care management (CCM) model. Banner Health is Arizona’s largest private employer (which does say something about Arizona as a retirement haven) and since 2006 has been experimenting with remote monitoring since 2006. Starting in 2013 Banner piloted Philips‘ post-discharge program now called ‘Hospital to Home’ as Banner iCare, combined with Philips Lifeline PERS, but made it available to those only with a stunning five+ chronic conditions–the top 5 percent that is reputed to account for 50 percent of healthcare spend. Banner combined the tech with intense support by a multi-layered care team. At ATA they announced the following results with the initial cohort of 135 patients, now up to 500:

  • 27% reduction in cost of care
  • 32% reduction in acute and long term care costs
  • 45% reduction in hospitalizations

The article in Forbes is a bit breathless in profiling the program and the ‘superusers’ of healthcare (with a windy but false analogy from John Sculley) but provides a level of detail in the program that most articles do not. One wonders how Philips makes money on supplying what is at least $2,500 worth of kit, with peripherals that must all be Bluetooth LE. It’s also not stated, but the TeleICU and TeleAcute programs also appear to be Philips’. Video

A new MSc in Data Science for Research in Health & Biomedicine at UCL

May 27, 2015 | by

Anyone interested in pursuing an education in health informatics or data science at UCL is invited to an open evening on 25th June from 4:30pm at 222 Euston Road, London. This is billed as an informal event with an opportunity to meet staff and students and to learn more about the work of the Centre for Health Informatics and Multiprofessional Education, the UCL Institute for Health Informatics and the Farr Institute.

The occasion will be the launch event for UCL’s new MSc in Data Science for Research in Health and Biomedicine. This programme is set to equip graduates for new careers in academia, healthcare organisations, pharmaceutical companies and consultancies dealing with Big Data. UCL will be working closely with NHS, research and commercial partners to deliver an innovative and practical programme that will give students real exposure to practical research in one of the top centres for data science in health and biomedicine.

Book your place here.

The potential of engaging ‘safety net’ patients via mHealth: study (US)

May 27, 2015 | by

The Commonwealth Fund‘s just-published study on mHealth usage in a national sample of urban and rural community health centers and clinics (in US termed ‘safety net providers’ for low-income and uninsured) indicates the potential of mobile health for patient engagement in care, but yet to be achieved. Their patient population has high levels of mobile phone adoption, including text and internet. About 27 percent of the 181 providers who participated currently use mHealth in care delivery, but in basic applications such as appointment reminders. The potential observed is in chronic disease management support, health education and specific programs such as smoking cessation, weight management and medication adherence. Mobile Health and Patient Engagement in the Safety Net: A Survey of Community Health Centers and Clinics    Also FierceMobileHealthcare.

Undermining the system an unintended consequence of telemedicine?

May 27, 2015 | by | 1 Comment

Telemedicine’s doctor-patient virtual consults may undermine the healthcare system, if Mass General neurologist Dr Lee Schwamm is to be believed from his comments at last week’s iHT2 Health IT Summit in Boston. Urgent care delivered by telemedicine not only commits the mortal sin of siloing data, not ‘doing an adequate job’ of passing to the primary care physician, but attracts dissatisfied doctors who want to set their own hours. And the cardinal sin: telemedicine attracts wealthier patients, paying cash, who by using these services are “…pulling dollars out of the healthcare system that are desperately needed to care for poorer patients.”

Quite a leap of logic here, when his real concern should be quick availability of patient care–not having to wait hours in a doctor’s office or ER/ED because you’re triaged as not bleeding-on-the-floor urgent. Virtual consult rates at least for now also tend to be low–$40-45 per visit–and appealing to those without insurance, not seeing a doctor on a regular basis (no chronic conditions) or anyone with a high deductible. Doctors are still also free, despite Dr Schwamm’s snark, to better utilize their time–and yes, make additional income–through signing on to telemedicine as part of their practice. So is this a lash back on a factor that’s undermining the establishment which Dr Schwamm is part of? Perhaps Dr Schwamm can explain? Stephanie Baum takes a puzzled view over at MedCityNews.

Driverless cars will cut insurance costs – is there a parallel with mHealth?

May 26, 2015 | by | 1 Comment

This article in the Telegraph last week has stimulated Prof Mike Short to ask whether if driverless cars can eliminate bad driving and so reduce insurance costs, mHealth can do the same for those with either or both life assurance and health insurance.

There’s little doubt in the mHealth community that technology will cut costs, and already there are (at least a few) solid examples. The big question is, can the insurance world – both life assurers & health insurers – be convinced? We know in the UK for example that BUPA is working hard on mHealth solutions, and that Aviva has tied up with Babylon (who recently won the recent AXA ‘Most Innovative Provider’ award)…and doubtless there is much more too. Obviously the situation is much further ahead in countries such as the US where health insurance is the norm.

Mike suggests that we run an insurance led event to look at techniques of prevention as well as cure/care. This could have an interesting policy dimension if the health insurers were willing to think about new measurement policies and indicate where they wish to go with data driven policies – eHealth as an opener for new policies and forms of funding? As he says, apps/wearables/connectivity are just enablers to this wider story, for which the insurance systems and their objectives need to be understood too.

DHACA is happy to participate, broker or organise such an event – we’d really welcome view from readers though first – would you be interested in taking an active part in what might just change the face of health insurance in the UK, and promote mHealth at the same time?

An important intervention on mHealth from the EU Data Protection Supervisor

May 25, 2015 | by

At the end of last week, the EU Data Protection Supervisor (EDPS) published an excellent document entitled Mobile Health – Reconciling technological innovation with data protection. To quote the press release:

Failure to deploy data protection safeguards will result in a critical loss of individual trust, leading to fewer opportunities for public authorities and businesses, hampering the development of the health market. To foster confidence, future policies need to encourage more accountability of service providers and their associates; place respect for the choices of individuals at their core; end the indiscriminate collection of personal information and any possible discriminatory profiling; encourage privacy by design and privacy settings by default; and enhance the security of the technologies used.

The document itself contains much of interest. To this editor, who has heard many people poo-poo the importance of wellbeing data, it was good to see:

Lifestyle and well-being data will, in general, be considered health data, when they are processed in a medical context (e.g. the app is used upon advice of a patient’s doctor) or where information regarding an individual’s health may reasonably be inferred from the data (in itself, or combined with other information), especially when the purpose of the application is to monitor the health or well-being of the individual (whether in a medical context or otherwise). (Page 5)

As someone who gets concerned at turning people off sharing their health data, it was nice to see the recognition that: (more…)

National UK Telehealthcare Awareness, KFC & Wayra – three recent items

May 25, 2015 | by

On June 3rd, UK Telehealthcare is holding their first National Telehealthcare Awareness day with events all over the country – follow the link to see what’s happening close to you!

This editor was alerted by a poster from the recently rehoused CUHTec who are supporting the  Mascot event at Merton. Other events that particularly caught this reviewer’s eye were at Welbeing/West Sussex, NEAT (remember when the N used to stand for LB Newham – now it’s Norwich) and Cair.

Next, who can resist a heading that reads KFC Tray Typer keyboard is finger clickin’ good. It turns out that KFC have created a wipe-clean tray mat that doubles as a Bluetoothed keyboard so you can continue typing without gumming up your mobile device with grease whilst enjoying their delectable fare.  Sadly these were only available in Germany, and then only for a set of new KFC openings. The plan apparently was that the mat was durable enough to get wiped down and re-used however (more…)

More evidence of confusion among clinicians over medical apps (UK) + MAUDE

May 25, 2015 | by

A paper just published in the Annals of Medicine & Surgery entitled A UK perspective on smartphone use amongst doctors within the surgical profession also sheds some interesting light on the use of mobile apps by surgeons.

Given the recent advice to members by the RCP against the use of apps that are medical devices though not CE certified, the following finding is of especial interest, as it is widely considered that many clinical calculators meet the EU legal definition of a medical device:

…when looking specifically at senior doctors, the most common type of app utilised was clinical calculators followed by reference guides/handbooks and then drug reference guides.

The paper also confirms findings by this editor and others that clinicians are confused by the wide range of apps available and lack guidance on the effectiveness & efficacy of individual apps.

The majority of participants did not have any relevant suggestions for app development, which may suggest that there is an uncertainty over the catalogue available. Given concerns voiced in both our study and the work of others questioning the reliability of available resources, a possible solution would be the creation of a UK based app directory to outline availability with verification of performance and validity. However given the complexity of this regulation, peer review specific to the UK may have to suffice.

A short & interesting read that very much supports the need for a reference source for clinician-facing apps, and an objective measure of the benefits they deliver: recommended.

Whilst writing, Prof Mike Short has also drawn my attention to a related, very short, article entitled To Be or not to Be a Medical Device: Is the Regulatory Framework a Safety Rope or a Fetter? which thankfully concludes that:

Certainly, adhering to the standards listed <in the article> massively increase administrative overhead in research and development, extend the “time to market” and causes increased costs. However, this is the price to pay for success to reach the goal: Impact on patient care. Therefore, the answer to the question in the title of this article is: Software can be a medical device and from this point of view, we have to accept administrative overheads – and the regulatory framework can be a useful guide-line.

Perhaps more interestingly though it includes reference to the FDA’s ‘Manufacturer and User Facility Device Experience (MAUDE) which records product problems (obviously in the US), including those for medical software. Wouldn’t it be great if the EU had such a database for medical apps?