‘KillNet’ Russian hacktivist group targeting US, UK health info in Ukraine revenge: HHS HC3 report

January 18, 2023 | by

Warnings about DDoS (distributed denial of service) ramped up at the end of last year–only three weeks ago. Here’s one reason why.KillNet” is a pro-Russian hacktivist (hackers who advance a cause) group that recently claimed responsibility for DDoS attacks as payback for US and UK military support of Ukraine. A senior member of KillNet with the nom de guerre Killmilk has threatened the US in general “with the sale of the health and personal data of the American people because of the Ukraine policy of the US Congress”. 

The US Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3)’s Analyst Note (link to PDF) gave two examples of KillNet claims:

  • A “US-based healthcare organization that supports members of the US military and claimed to possess a large amount of user data from that organization”
  • Hacking threats against the NHS, specifically ventilators in hospitals and the Ministry of Health. This was in reaction to the May 2022 arrest of a 23-year-old alleged KillNet member accused of being connected to attacks on Romanian government websites. KillNet demanded his release in return for not attacking. Daily Mail  

Other institutions are hardly exempt. In the UK, KillNet DDoS attacks in November reportedly affected Bankers Automated Clearing Service (BACS), the London Stock Exchange, and the official website of the Prince of Wales. Computer Weekly

DDoS attacks are their leading weapon. KillNet uses publicly available DDoS scripts and IP stressers for most of its operations although it has its own. Before aligning with Russian state interests, it was a hacking-for-hire operation available for $1,350 per month, including a single botnet with a capacity of 500GB per second and 15 computers. This Editor noted previously that DDoS attacks may be a convenient cover or smokescreen for other cybercrime activity. While IT goes into crisis mode over the DDoS, other attacks and information gathering on systems preparing for future attacks may be taking place. [TTA 22 Dec 22].

This updates an earlier Cybersecurity & Infrastructure Security Agency (CISA) Cybersecurity Advisory (CSA) jointly issued by the US, UK, Australia, and New Zealand (the Five Eyes group), that broadly assessed multiple threats from Russian state organizations such as the Federal Security Service (FSB) and the Foreign Intelligence Service (SVR), as well as cybercrime groups like KillNet which have aligned themselves for the duration with Russia. KillNet has grown over the past year and now has subgroups organized under Cyber Special Forces of the Russian Federation and LEGION 2.0. SOC Radar

The best defense is a good offense. HC3’s advice on preparation to mitigate a DDoS threat includes enabling web application firewalls to mitigate application-level DDoS attacks and implementing a multi-content delivery network (CDN) solution to minimize the threat of DDoS attacks by distributing and balancing web traffic across a network. The HC3 Analyst Note is heavily footnoted with other sources for additional incidents. SC Media, Cybernews

Wednesday news roundup: Oracle scrutinizing outside vendors, cloud change coming for Cerner EHRs, audio-only telehealth can continue after PHE–HHS, Proximie connected surgery raises $80M (UK)

June 15, 2022 | by

Oracle moving quickly to change Cerner’s outside vendors to Oracle products and move their EHRs to Oracle cloud services. Will this fly with health systems and providers? An immediate change that will resonate with current Cerner EHR users is Oracle’s immediate moves to replace Cerner’s current third-party vendors with Oracle services and technology. So if your Cerner EHR has something you like but it comes from a third-party vendor, enjoy it while you can. Do expect that Oracle will be selling other products like Enterprise Resource Planning Cloud, administrative systems, and supply chain into providers and health systems–hard. From the earnings call, CEO Safra Katz: “We remain confident in our ability to grow Cerner’s top line and bottom line faster than they were able to do so on their own as these changes are implemented.”

The major and quickest move specified in yesterday’s Oracle earnings call (transcript) will be to move Cerner to OCI–Oracle Cloud Infrastructure. Further down into Mr. Katz’s remarks, Cerner is expected to account for 20 points of their cloud growth in Q1 2023 (starting 1 June 2022). When Cerner has added $15.8 billion of debt to the balance sheets, it’s to be expected.  HISTalk, Becker’s

What happens to audio-only telehealth at the end of the pandemic Public Health Emergency (PHE)? HHS has just issued guidance that will permit telehealth, including audio-only, services to continue. According to the HHS release, “HIPAA covered entities can use remote communication technologies to provide telehealth services, including audio-only services, in compliance with the HIPAA Privacy Rule. ” There are specific requirements such as how the HIPAA Security Rule applies to electronic media and electronic protected health information (ePHI). The full guidance is here.

UK surgical connectivity platform Proximie raises $80 million. London-based Proximie, a system that connects surgeries with pre-operative patient information, collaborative tools, and post-operative content distribution, completed a Series C with participation from Emerson Collective – the impact investor founded by Laurene Powell Jobs, SoftBank Vision Fund 2, British Patient Capital, Mubadala Investment Company, and the Minderoo Foundation, plus previous investors. The raise is unusually large (in this Editor’s opinion) for the UK, particularly at this uncertain time. Proximie has supported over 13,000 surgeries in 100 countries, contracts with over 35 major medical device companies such as Stryker and Abbott, and has been used in 500 hospitals across 50 countries. The company is a partner with Teladoc and Vodafone Business.  Release.  

Weekend short takes: ATA, APA call for permanent in-person evaluation waiver, mental healthtech raised $5.5B in 2021, Allscripts sells hospital/large physician EHRs to Harris Group for $700M, Cognizant-Microsoft extends telehealth-RPM

March 5, 2022 | by

72 groups asking for permanent telehealth in-person evaluation waiver prior to prescribing controlled substances. The American Telemedicine Association (ATA), ATA Action, and the American Psychiatric Association (APA) plus 69 other healthcare groups have written the Drug Enforcement Administration (DEA) and the Department of Health and Human Services (HHS) to make the temporary waiver of in-person patient evaluation prior to prescribing controlled substances permanent, and to remove restrictions on patient location. The rationale is to increase access to care, specifically for mental health and substance use disorder treatment. Currently, under the soon-to-be ending COVID-19 public health emergency (PHE), mental health providers can prescribe controlled substances remotely through a telemedicine consult. The letter points out that studies confirm efficacy, clinician and dispensing would remain under current restrictions, and that DEA and HHS can work together to prevent drug diversion. Other signatories include Babylon Health, Teladoc, Zipnosis, One Medical, and Northwell Health. ATA release, ATA/APA letter.

Mental healthtech’s banner 2021 totaled $5.5 billion across 324 international deals. Industry researcher CB Insights found that:

  • Investment was up 139% versus 2020
  • Exits were also up 87% (43 versus 23). Of the 43, there were 35 M&As, five SPACs and three IPOs.
  • US companies dominated in mental health, raising $4.5 billion; EU $651 million, and Asia $289 million
  • Mega-rounds ($100 million+) totaled 15, all US and in Q4, versus four in 2020.

State of Mental Health Tech 2021 Report free download available on the CB Insights page. Mobihealthnews

Allscripts is unloading its declining hospital and large physician practice EHRs to Ottawa-based Harris Group for $700 million in a cash plus contingent deal. The Allscripts EHRs in the transaction are Sunrise, Paragon, Allscripts TouchWorks, Allscripts Opal, and dbMotion. Although the unit generated gross revenue of $928 million in 2021, its revenue was expected to decline 3-4% and EBITDA to shrink 10-15% in 2022. Allscripts is retaining Veradigm, which is growing 6-7% annually, and stated that expected after-tax proceeds of $600 million will be used for share repurchase and potential M&A related to Veradigm. Harris Group acquires and manages computer systems companies in North America, Europe, Asia, and Australia covering four sectors: public, private, healthcare, and utilities. It is owned by Toronto-based Constellation Software. HISTalk reports on the Allscripts investor call, Constellation release

Cognizant announced a collaboration with Microsoft Cloud for Healthcare to extend telehealth and remote patient monitoring (RPM) capabilities for their offerings combining remote patient monitoring and virtual health, utilizing connected devices such as smartwatches, blood pressure monitors, and glucose meters to collect and communicate patient health data to providers. Cognizant release

CMS clarifies telehealth policy expansion for Medicare in COVID-19 health emergency, including non-HIPAA compliant platforms (US)

March 18, 2020 | by

Today (17 March), the Center for Medicare and Medicaid Services (CMS) issued a Fact Sheet and FAQs explaining how the expanded telehealth provisions under the Coronavirus Preparedness and Response Supplemental Appropriations Act and the temporary 1135 waiver will work. The main change is to (again) temporarily expand real-time audio/video telehealth consults in all areas of the country and in all settings. The intent is to maintain routine care of beneficiaries (patients), curb community spread of the virus through travel and in offices, limit spread to healthcare providers, and to keep vulnerable beneficiaries, or those with mild symptoms, at home. Usage is not limited to those who suspect or already are ill with COVID-19.

Previously, only practices in designated rural health areas were eligible for telehealth services, in addition to designated medical facilities (physician office, skilled nursing facility, hospital) where a patient would be furnished with a virtual visit. 

The key features of the 1135 telehealth waiver are (starting 6 March):

  • Interactive, real-time audio/video consults between the provider’s location (termed a ‘distant site’) anywhere in the US and the beneficiary (patient) at home will now be reimbursed. The patient will not be required to go to a designated medical facility.
  • Providers include physicians and certain non-physician practitioners such as nurse practitioners, physician assistants and certified nurse-midwives. Other providers such as licensed clinical social workers (LCSW) and nutritionists may furnish services within their scope of practice and consistent with Medicare benefit rules.
  • Surprisingly, there is ‘enforcement discretion’ on the requirement existing in the waiver that there be a prior relationship with the provider. CMS will not audit for claims during the emergency. (FAQ #7)
  • Even more surprisingly, the requirement that the audio/visual platform be HIPAA-compliant, as enforced by the HHS Office of Civil Rights (OCR), is also being waived for the duration (enforcement discretion again), which enables providers to use Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, or Skype–but not public-facing platforms such as Facebook Live, Twitch, or TikTok. Telephones may be used as explicitly stated in the waiver in Section 1135(b) of the Social Security Act. (FAQ #8) More information on HHS’ emergency preparedness page and OCR’s Notification of Enforcement Discretion.
  • On reimbursement, “Medicare coinsurance and deductible would generally apply to these services. However, the HHS Office of Inspector General (OIG) is providing flexibility for healthcare providers to reduce or waive cost-sharing for telehealth visits paid by federal healthcare programs.”

Concerns for primary care practices of course are readiness for real-time audio/video consults, largely addressed by permitting telephones to be used, as well as Skype and FaceTime, and what services (routine care and COVID-19 diagnosis) will be offered to patients.

This significant expansion will remain in place until the end of the emergency (PHE) as determined by the Secretary of HHS.

In 2019, CMS also expanded telehealth in certain areas, such as Virtual Check-Ins, which are short (5-10 minute) patient-initiated communications with a healthcare practitioner which can be by phone or video/image exchange by the patient. This could be ideal for wound care where this Editor has observed, in one of her former companies, how old phones are utilized to send wound images to practices for an accurate ongoing evaluation via special software. E-Visits use online patient portals for asynchronous, non-face-to-face communications, initiated by the patient. These both require an established physician-patient relationship. Further details on both of these are in the Fact Sheet, the FAQs, and the HHS Emergency Preparedness page with links.

The American Medical Association issued a statement today approving of the policy changes, and encouraged private payers to also cover telehealth. The American Telemedicine Association didn’t expand upon its 5 March statement praising the passage of the Act but advocated for increased cross-state permission for telehealth consults.

Additional information at HISTalk today and Becker’s Hospital Review.

Google’s ‘Project Nightingale’–a de facto breach of 10 million health records, off a bridge too far?

November 14, 2019 | by

Breaking News. Has this finally blown the lid off Google’s quest for data on everyone? This week’s uncovering, whistleblowing, and general backlash on Google’s agreement with Ascension Health, the largest non-profit health system in the US and the largest Catholic health system on the Planet Earth, revealed by the Wall Street Journal (paywalled) has put a bright light exactly where Google (and Apple, Facebook, and Amazon), do not want it.

Why do these giants want your health data? It’s all about where it can be used and sold. For instance, it can be used in research studies. It can be sold for use in EHR integration. But their services and predictive data is ‘where it’s at’. With enough accumulated data on both your health records and personal life (e.g. not enough exercise, food consumption), their AI and machine learning modeling can predict your health progression (or deterioration), along with probable diagnosis, outcomes, treatment options, and your cost curve. Advertising clicks and merchandising products (baby monitors, PERS, exercise equipment) are only the beginning–health systems and insurers are the main chance. In a worst-case and misuse scenario, the data modeling can make you look like a liability to an employer or an insurer, making you both unemployable and expensively/uninsurable in a private insurance system.

In Google’s latest, their Project Nightingale business associate agreement (BAA) with Ascension Health, permissible under HIPAA, allowed them apparently to access in the initial phase at least 10 million identified health records which were transmitted to Google without patient or physician consent or knowledge, including patient name, lab results, diagnoses, hospital records, patient names and dates of birth. This transfer and the Google agreement were announced by Ascension on 11 November. Ultimately, 50 million records are planned to be transferred from Ascension in 21 states. According to a whistleblower on the project quoted in The Guardian, there are real concerns about individuals handling identified data, the depth of the records, how it’s being handled, and how Google will be using the data. Ascension doesn’t seem to share that concern, stating that their goal is to “optimize the health and wellness of individuals and communities, and deliver a comprehensive portfolio of digital capabilities that enhance the experience of Ascension consumers, patients and clinical providers across the continuum of care” which is a bit of word salad that leads right to Google’s Cloud and G Suite capabilities.

This was enough to kick off an inquiry by Health and Human Services (HHS). A spokesperson confirmed to Healthcare Dive that “HHS’ Office of Civil Rights is opening an investigation into “Project Nightingale.” The agency “would like to learn more information about this mass collection of individuals’ medical records with respect to the implications for patient privacy under HIPAA,” OCR Director Roger Severino said in an emailed statement.”

Project Nightingale cannot help but aggravate existing antitrust concerns by Congress and state attorneys general on these companies and their safeguards on privacy. An example is the pushback around Google’s $2.1 bn acquisition of Fitbit, which one observer dubbed ‘extraordinary’ given Fitbit’s recent business challenges, and data analytics company Looker. DOJ’s antitrust division has been looking into how Google’s personalized advertising transactions work and increasingly there are calls from both ends of the US political spectrum to ‘break them up.’ Yahoo News

Google and Ascension Health may very well be the ‘bridge too far’ that curbs the relentless and largely hidden appetite for personal information by Google, Amazon, Apple, and Facebook that is making their very consumers very, very nervous. Transparency, which seems to be a theme in many of these articles, isn’t a solution. Scrutiny, oversight with teeth, and restrictions are.

Also STAT News , The Verge on Google’s real ambitions in healthcare, and a tart take on Google’s recent lack of success with acquisitions in ZDNet, ‘Why everything Google touches turns to garbage’. Healthcare IT News tries to be reassuring, but the devil may be in Google’s tools not being compliant with HIPAA standards.  Further down in the article, Readers will see that HIPAA states that the agreement covers access to the PHI of the covered entity (Ascension) only to have it carry out its healthcare functions, not for the business associate’s (Google’s) independent use or purposes. 

Breached healthcare records down 72% but incident numbers steady. Then there’s MyFitnessPal’s 150 million…

April 5, 2018 | by

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]Hackermania in healthcare may be running less wild…but what about consumer health devices? Year-end and top-of-year analyses indicate that the flood of breached records may be starting to drain. A Bitglass analysis of 2017 US Department of Health and Human Services (HHS) data from its infamous ‘Wall of Shame’ is encouraging. They found that the number of breached records decreased over the 2015-2017 period by 72 percent between 2015 and 2017 and by 95 percent from 2016. The calculation excludes the huge spike in breaches due to two 2015 incidents at Anthem and Premera Blue Cross [TTA 9 Sep 15]. Numerically, the breach incident numbers decreased but are relatively steady: 2017 at 294, 2016 at 328. Data security company Protenus in its tracking found more incidents in 2017 versus 2016 (477 in 2017 v. 450 in 2016) but the same reduction in records affected, with five times fewer records in 2017 versus 2016’s 27.3 million records.

What’s been successful has been reducing mega-breaches and containment of healthcare device loss and theft through education and enforcement of employee practices. What continues is the major cause of breaches continue to be insider-related via error and wrongdoing; this includes the major annual Verizon report. Healthcare Informatics

Protenus’ February report, while continuing the reduction trend, had its share of hacking and insider incidents. Of the 39 incidents in their report affecting over 348,000 records, insider actions such as the misuse of system credentials accounted for 51 percent of breached records while hacks were 46 percent, with the majority involving ransomware or malware. Hacking as a cause hasn’t disappeared but perhaps has shifted to easier targets.

UnderArmour’s MyFitnessPal delivers another breach blow. Late last month, the company revealed that 150 million user records were hacked in February. The MyFitnessPal mobile app (more…)

Babylon Health’s ‘GP at hand’ not at hand for NHS England–yet. When will technology be? Is Carillion’s collapse a spanner in the works?

January 16, 2018 | by

NHS England won’t be rolling out the Babylon Health ‘GP at hand’ service anytime soon, despite some success in their London test with five GP practices [TTA 12 Jan]. Digital Health cites an October study by Hammersmith and Fulham CCG (Fulham being one of the test practices) that to this Editor expresses both excitement at an innovative approach but with the same easy-to-see drawback:

The GP at Hand service model represents an innovative approach to general practice that poses a number of challenges to existing NHS policy and legislation. The approach to patient registration – where a potentially large volume of patients are encouraged to register at a physical site that could be a significant distance from both their home and work address, arguably represents a distortion of the original intentions of the Choice of GP policy. (Page 12)

There are also concerns about complex needs plus other special needs patients (inequality of service), controlled drug policy, and the capacity of Babylon Health to expand the service. Since the October report, a Babylon spokesperson told Digital Health that “Commissioners have comprehensively signed off our roll-out plan and we look forward to working with them to expand GP at Hand across the country.” 

Re capitation, why ‘GP at hand’ use is tied into a mandatory change of GP practices has left this Editor puzzled. In the US, telemedicine visits, especially the ‘I’ve got the flu and can’t move’ type or to specialists (dermatology) are often (not always) separate from whomever your primary care physician is. Yes, centralizing the records winds up being mostly in the hands of US patients unless the PCP is copied or it is part of a payer/corporate health program, but this may be the only way that virtual visits can be rolled out in any volume. In the UK, is there a workaround where the patient’s electronic record can be accessed by a separate telemedicine doctor?

Another tech head-shaker: 45 percent of GPs want technology-enabled remote working. 48 percent expressed that flexible working and working from home would enable doctors to provide more personalized care. Allowing remote working to support out-of-hours care could not only free up time for thousands of patient appointments but also level out doctor capacity disparities between regions. The survey here of 100 GPs was conducted by a cloud-communications provider, Sesui. Digital Health. This is a special need that isn’t present in the US except in closed systems like the VA, which is finally addressing the problem. The wide use of clinical connectivity apps enables US doctors to split time from hospital to multiple practices–so much so on multiple devices, that app security is a concern. 

Another head-shaker. 48 percent of missed NHS hospital appointments are due to letter-related problems, such as the letter arriving too late (17 percent), not being received (17 percent) or being lost (8 percent). 68 percent prefer to manage their appointments online or via smartphone. This preference has real financial impact as the NHS estimates that 8 million appointments were missed in 2016-2017, at a cost of £1bn. Now this survey of 2,000 adults was sponsored by Healthcare Communications, a provider to 100 NHS trusts with patient communications technology, so there’s a dog in the hunt. However, they developed for Barnsley Hospital NHS Foundation Trust a digital letter technology that is claimed to reduce outpatient postal letters by 40 percent. Considering my dentist sends me three emails plus separate text messages before my twice-yearly exam…. Release (PDF).

Roy Lilley’s daily newsletter today also engages the Tech Question and the “IT desert” present in much of the daily life of the NHS. Trusts are addressing it, junior doctors are WhatsApping, and generally, clinicians are hot-wiring the system in order to get anything done. It is much like the US about five to seven years ago where US HHS had huge HIPAA concerns (more…)

Hacking, insider actions 81 percent of healthcare data breaches: Protenus

September 27, 2017 | by

Healthcare data security company Protenus’ monthly Breach Barometer always contains interesting–and somewhat discouraging–surprises. August’s report topped July’s for the number of patients affected, with 674,000 patients involved in 33 incidents. Over 54 percent of breaches (N=18) were due to hacking (five incidents were attributed to ransomware), with over 27 percent (N=9) were from insider error (the main cause) or wrongdoing–over 81 percent in total. The remainder were due to loss, theft, or ‘unknown’. Another interesting finding was that discoveries of hacking are relatively quick at an average of 26 days from start to finish, due to the disruption they create, while insider attacks can go on for months (209.8 days)–or years. Protenus’ July report highlighted a breach at Tewksbury Hospital in Massachusetts that went unreported for a record-setting 14 years–an insider action that affected 1,100 records. Reporting to HHS is improving with reporting to HHS, the media or state attorneys general on average of 53 days. Protenus crunches its data from databreaches.net. (If you look at their reporting on TheDarkOverlord (@tdo_hackers), including their recent threats on a small Montana school system, you’ll be scared indeed.) MedCityNews 25 Sept, 23 August   Hat tip to Guy Dewsbury via LinkedIn

Want to know effectiveness of telehealth, interoperability? NQF reports take their measure.

September 15, 2017 | by

There’s been an increase in doubt about the efficacy of telemedicine (virtual visits) and telehealth (vital signs monitoring) as a result of the publication of two recent long-term studies, one conducted by the University of Wisconsin and the other by CCHSC for Telemonitoring NI [TTA 13 Sep]. These follow studies that were directionally positive, and in a few cases like the VA studies conducted by Adam Darkins, very much so, but mostly flawed or incomplete (low N, short term, differing metrics). What’s missing is a framework for assessing the results of both. In an exceptionally well-timed announcement, the National Quality Forum (NQF) announced their development of a framework for assessing the quality and impact of telehealth services. 

In a wonder of clarity, the NQF defines telehealth’s scope as telemedicine (live patient-provider video), store-and-forward (e.g. radiology), remote patient monitoring (telehealth), and mobile health (smartphone apps). Measurement covers four categories: patients’ access to care, financial impact to patients and their care team, patient and clinician experience, and effectiveness of clinical and operational systems. Within these categories, NQF identified six areas as having the highest priority for measurement: travel, timeliness of care, actionable information, added value of telehealth to provide evidence-based practices, patient empowerment, and care coordination. Finally, the developing committee identified 16 measures that can be used to measure telehealth quality.

The NQF also issued a similar framework for interoperability, a bête noire that has led many a clinician and developer to the consumption of adult beverages. Again there are four categories: the exchange of electronic health information, its usability, its application, and its impact—on patient safety, costs, productivity, care coordination, processes and outcomes, and patients’ and caregivers’ experience and engagement. And it kept the committee very busy indeed with, from the release, “53 ideas for measures that would be useful in the short term (0-3 years), in the mid-term (3-5 years) and in the long-term (5+ years). It also identified 36 existing measures that serve as representative examples of these measure ideas (sic) and how they could be affected by interoperability.”

Both reports were commissioned and funded a year ago by the US Health & Human Services Department (HHS). We will see if these frameworks are extensively used by researchers.

NQF release, Creating a Framework-Telehealth (download link), Creating a Framework-Interoperability (download link), Mobihealthnews 

Virtual care stops germs dead in their tracks! (Who would have thought it?)

November 2, 2016 | by

Here at TTA we do receive and read a lot of press releases, and most are pretty meh. (We work very hard to avoid subjecting our readers to meh, as we don’t much like it either.) Now this one takes a different tack. It backs up telemedicine and telehealth technology that enables the patient to avoid the germ-filled doctor’s office and ED. According to Zipnosis citing the Infection Control and Hospital Epidemiology journal, after the standard well-child visit, there is a 3.17 percent increase in influenza-like illnesses among children and their family members within two weeks. Extrapolated, this results in more than 766,000 additional office visits for flu-like symptoms each year and nearly $492 million in annual costs. Now here is a simple, proactive improvement in outcomes that achieves savings (hear that, HHS and NHS?) facilitated by healthcare technology. (See previous article on ‘A tricorder one step closer‘)

The remainder of the release concentrates on what a bad idea it is to subject the rest of the world to your germs when down with a cold or flu. Even the CDC wants patients to stay home from work, school and errands. (That is, if you can.) The point is made that virtual care can unjam doctor offices and EDs for those less dangerous who need hands on care. The light touch of the product message is that Zipnosis provides a white-labeled virtual care platform to health systems that first uses an online adaptive interview with a patient to document the condition, provides a diagnosis and treatment plan within an hour, directing the patient to an appropriate level of care. Release.

HRSA sets $16 million fund for 4 rural telehealth grant programs (US)

August 24, 2016 | by

The Health Resources and Services Administration (HRSA), which is part of the Federal Health and Human Services (HHS) department, is making four grant programs available to support rural telehealth and quality improvement in 60 rural communities within 32 states, including a joint program with the Veterans Affairs Office of Rural Health. The four programs administered by the Federal Office of Rural Health Policy (FORHP) within HRSA are primarily three-year programs and include:

  • The largest amount, $6.3 million, will go to the Telehealth Network Grant Program: $300,000 each annually in a three-year program to 21 community health organizations for telehealth programs and networks in medically underserved areas, with a concentration on child health
  • The Flex Rural Veterans Health Access Program: $300,000 each annually in a three-year program to three organizations providing veteran mental health and other health services. This is a joint program with the VA totalling $900,000.
  • Small Health Care Provider Quality Improvement: $21 million will support 21 organizations over three years in improving care quality for populations with high rates of chronic conditions, and to support rural primary care.
  • Seven Rural Health Research Centers: $700,000 per year for four years, totalling $4.9 million, to support policy research on improving access to healthcare and population health in rural communities. (Funds that more usefully would have gone to veterans health?–Ed. Donna)

HHS releaseMobihealthnews, Healthcare IT News

The difficulty in differentiating telemedicine and telehealth

June 15, 2016 | by

Our Editors have always tried to cleanly define the differences between telemedicine, telehealth and telecare, even as they blur in industry use. (See our Definitions sidebar for the latter two.) But telemedicine, at least on this side of the Atlantic, has lost linguistic ground to telehealth, which has become the umbrella term that eHealth wanted to be only two or three years ago. Similarly, digital health, connected health and mHealth have lost ground to health tech, since most devices now connect and incorporate mobility. And there are sub-genres, such as wearables, fitness trackers and aging tech.

Poor telehealth grows ever fuzzier emanations and penumbra! Now bearing the burden of virtual visits between doctor and patient, doctor-to-doctor professional consults, video conferencing (synchronous and asynchronous), remote patient monitoring of vital signs and qualitative information (ditto), and distance health monitoring to treat patients, it also begins to embrace its data: outcome-based analytics, population health and care modeling. Eric Wicklund accumulates a pile of studies from initial-heavy organizations: WHO, HIMSS, HHS, Center for Connected Health Policy (CCHP), ATA, TRC Network. All of which shows, perhaps contrary to Mr Wicklund’s intentions, how confusing simple concepts have become. mHealth Intelligence

Ransom! (ware) strikes more hospitals and Apple (update)–Healthcare.gov’s plus trouble

March 26, 2016 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]Get out the Ransom! California hospitals appear to be Top of the Pops for ransomware attacks, which lock down and encrypt information after someone opens a malicious link in email, making it inaccessible. After the well-publicized attack on Hollywood Presbyterian in February, this week two hospitals in the Inland Empire, Chino Valley Medical Center in Chino and Desert Valley Hospital in Victorville, both owned by Prime Healthcare Management, received demands. While hacked, neither hospital paid the ransom and no patient data was compromised according to hospital spokesmen. Additional hospitals earlier this month: Methodist Hospital in Henderson, Kentucky and Ottawa Hospital in Ontario, Canada. In Ottawa, four computers were hacked but isolated and wiped. It is not known if ‘Locky’, the moniker for a new ransomware, was the Canadian culprit. FBI on the case in the US. HealthcareITNews, National Post

Update: Locky is the suspected culprit in the Prime, Hollywood Presbyterian and Kentucky ransomware attacks. On Monday, Maryland-based MedStar Health reported malware had caused a shutdown of some systems at its hospitals in Baltimore. Separately, Cisco Talos Research is claiming that a number of the attacks are exploiting a vulnerability in a network server called JBoss using a ransomware dubbed SamSam. Perhaps both are creating mischief? Ars Technica, Cisco Talos blog, BBC News, ThreatPost

More and worse attacks north of the 49th Parallel. Norfolk General Hospital in Simcoe, Ontario had a ransomware attack this week that spread to computers of staff, patients and families via the external website through the outdated content management system. According to MalwareBytes, “The particular strain of ransomware dropped here is TeslaCrypt which demands $500 to recover your personal files it has encrypted. That payment doubles after a week.”  So if you are running old Joomla! or even old WordPress, update now! Neil Versel in MedCityNews

If you’re thinking Mac Prevents Attacks, the first ransomware targeting Apple OS X hit earlier this month. Mac users who  downloaded version 2.90 of Transmission, a data transfer program using BitTorrent, were infected. KeRanger appears after three days to demand one bitcoin (about $400) to a specific address to retrieve their files. HealthcareITNews

Finally, there is the Hackermania gift that keeps on giving: Healthcare.gov. (more…)

Our wrapup of news and tart takes on HIMSS 16 (updated redux)

March 9, 2016 | by

Lions Lie Down With Lambs, and Other Miracles!

HIMSS 16’s main ‘breaking news’ centered on HIT interoperability. The lead was US Department of Health and Human Services (HHS) Secretary Sylvia Burwell’s announcement on how Lions Will Lie Down With Lambs, Or Else. 17 EHRs that cover 90 percent of electronic health records used by U.S. hospitals–including the bitterest of rivals, Epic (the EHR everyone likes to hate) and Cerner, 16 providers including the nation’s five largest private healthcare systems, and more than a dozen leading professional associations and stakeholder groups (including HIMSS) pledged to implement three core commitments that allegedly will improve the flow of health information to consumers and healthcare providers. They are consumer access, no information blocking and standards. When? Where? How? Strictly TBD. HHS release, MedCityNews, Modern Healthcare, which dubbed it ‘another year, another promise’.

Innovate or Die. For companies and providers, it’s not about compliance anymore but about improving patient outcomes due to value-based care and incentives. Providers will increasingly be responsible for patient care throughout the community to make their numbers. Having made this sound point, Dr John Halamka then proposes they will need a ‘care traffic control’ system through data aggregation, with a laundry list of ‘enablers’, directories and connectors surrounding the EHR. How this all will work together, and who will buy in already challenged practices and ACOs, plus how those 17 notoriously territorial EHRs will work with said ‘enablers’ — or complicators — is a mystery to this Editor. Pass the Advil, please. MedCityNews

Read on for more Top 10s, roundups, DOD and VA EHR news, the Super Bowl-winning quarterback tackles the closing keynote, and 10 ways you can become a HIMSS speaker! (more…)

NJ Innovation Institute gains $49 million HHS grant

October 2, 2015 | by

The New Jersey Innovation Institute (NJII), a New Jersey Institute of Technology (NJIT) corporation, has been selected as one of 39 health care collaborative networks participating in a Health and Human Services (HHS) program, the Transforming Clinical Practice Initiative. According to their announcement, NJII was selected as a Practice Transformation Network and over four years will receive up to $49.6 million for technical assistance support to help equip 11,500 clinicians in the New Jersey region with tools, information, and network support needed to improve quality of care. This is part of a $685 million HHS program awarding grants to 39 national and regional health care networks to help equip more than 140,000 clinicians with the tools and support needed to improve quality of care, increase patients’ access to information, and reduce costs. This is in addition to an $2.9 million grant from the Office of the National Coordinator for Health Information Technology (ONC-HIT) announced in August for sharing of quality data through its New Jersey Health Information Network (NJHIN). Through its Innovation Labs (iLabs), NJII brings NJIT expertise to key economic sectors, including healthcare delivery systems, bio-pharmaceutical production, civil infrastructure, defense and homeland security, and financial services. Release via Ridgewood Patch, HHS release. Hat tip to contributor Sarianne Gruber via LinkedIn.

ONC gets in study game in designing the Consumer Centered Telehealth Experience

September 23, 2015 | by

ONC (the Office of National Coordinator for Health Information Technology, HHS) in the spring conducted a design session on creating a more consumer-centered telehealth experience, commissioning the engagedIN research firm to help select a panel, run it and produce the study. The white paper focuses on how telehealth can either further fracture or integrate PHR (study pages 7-11), and what’s needed to make telehealth and telemedicine more convenient and effective for consumers. The panel avoided the big telemedicine providers (a bone that Mobihealthnews picks with the study) which typically dominate these panels–to this Editor a positive action–but included other telehealth providers like Qualcomm Life, Care Innovations and Zipnosis, as well as the US’ largest user of telehealth, VA Home Telehealth. Among the key drivers of telehealth are HHS’ and private insurers (UHC) shift to value-based payments; CMS’ target of 50 percent of Medicare value-based care is cited (page 5). There are nine principles at the end (pgs 13-16) to guide the way forward. Designing the Consumer Centered Telehealth and e-Visit Experience (PDF) (Though it is confusing why e-Visit was used rather than ‘virtual visits’ or, in fact, telemedicine.)