New York State drafting proposed cybersecurity regulations for hospitals, allocates $500M for upgrades

New York State is imposing new regulations that would establish cybersecurity policies and procedures for hospitals in the state. According to the NYS release, “hospitals will be required to establish a cybersecurity program and take proven steps to assess internal and external cybersecurity risks, use defensive techniques and infrastructure, implement measures to protect their information systems from unauthorized access or other malicious acts, and take actions to prevent cybersecurity events before they happen.” The draft regulations, announced last week, will be published by the Department of Health on 6 December, and will complement existing Federal standards under HIPAA. 

The proposed regulations will mandate:

  • Response plans to a cybersecurity incident
  • Notification to appropriate partners
  • Testing of response plans to ensure continuity of patient care while systems are restored to normal operations
  • Written procedures, guidelines, and standards to develop secure practices for in-house applications
  • Policies and procedures for evaluating, assessing, and testing the security of externally developed applications used by the hospital
  • Multi-factor authentication (MFA) implemented to access internal networks from outside networks
  • Establishment of a Chief Information Security Officer (CISO) if one doesn’t exist presently in order to enforce the new policies, plus annual reviews and updates 

The draft regulations are scheduled to be published on 6 December with a 60-day public comment period ending on 5 February 2024. After the finalization and adoption of the new regulations, hospitals have exactly one year to comply.

Included in the state’s FY24 budget is $500 million in funding for modernization of clinical tech, cybersecurity tools, EMRs and other technological upgrades. They will be part of an upcoming statewide capital program call for applications to improve quality of care, patient experience, accessibility, and efficiency. Given the size of NY state and number of hospitals, plus the time frame, this fund may be spread thin indeed. NYS release, MedCityNews

This Editor attended the Official Cybersecurity Summit New York 2023 last Friday, with a security briefing by NY State’s deputy chief cyber officer for operations, Jesse Sloman. He described the overall strategy of the state agency, the first ever, as building a unified, resilient, and prepared cybersecurity strategy across all agencies in the state, with a single point for operations including law enforcement, military, transportation, and of course healthcare. Certainly, internally instigated breaches, ransomware attacks, DDOS, and nation-state/transnational cyberattacks by Russian ransomwareistes like CLOP are expensive. He quoted a five-year loss of $27.6 billion with 3.2 million complaints–with 2022 alone costing $10.3 billion.

What’s his biggest concern? A multi-state, multi-sector geopolitical event that threatens multiple operations.

Ericsson report: will 5G close the healthcare gap from hospitals into the home?

Ericsson, one of Europe’s leading telecom companies, earlier this month published its latest ConsumerLab report, “From Healthcare to Homecare” on the next generation of healthcare enabled by the greater speed and security of 5G–the fifth generation of wireless mobile. Their key findings among consumers and industry decision makers contained surprises:

  • Growing frustration with hospital wait times. 39 percent prefer an online consult with a doctor versus waiting for the face-to-face.
  • Wearables are perceived as better ways to monitor and even administer medication for chronic conditions–nearly two in three consumers want them. But medical grade wearables will be required.
    • Yet the current state doesn’t lend itself to these wishes. “55 percent of healthcare decision makers from regulatory bodies say these devices are not sufficiently accurate or reliable for diagnosis. In addition, for liability reasons it will be very difficult to rely on patients’ smartphones for connectivity….medical-grade wearables will be required. Such devices could also automatically dispense medicine and offer convenience to those recovering from surgery.”
  • +/- 60 percent of surveyed consumers believe that wearables will improve lifestyles, provide personalized care, and put people in control of their own health.
  • There’s real security concerns that 5G is expected to access: “61 percent of consumers say remote robotic surgery is risky as it relies on the internet….47 percent of telecom decision makers say that secure access to an online central repository [of medical records] is a key challenge and expect 5G to address this.” Surprisingly, only 46 percent of cross-industry decision makers consider data security to be an issue. Battery power is also a significant concern for over half in wearables, a problem that over 40 percent will be helped by 5G.
  • Even more surprising is the lack of desire for consumer access to their medical records–only 35 percent of consumers believe that it will help them easily manage the quality and efficiency of their care. In contrast, 45 percent of cross-industry experts consider the central repository as a breakthrough in healthcare provisioning.

Decentralizing care into the home is seen as worthwhile by a majority of industry decision makers 

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2017/06/healthcare-to-homecare-fig3_rgb.jpg” thumb_width=”250″ /] (more…)

What’s the big thing behind the Cognizant acquisition of TriZetto?

The $2.7 billion acquisition of HIT payer-provider services company TriZetto by IT/BPO outsourcer Cognizant indicates the value that large, largely offshored companies are seeing in health data. According to Fortune, “The combined company has more than $3 billion in healthcare revenue, as well as about $1.5 billion of potential revenue synergies over the next five years from which Cognizant can cull further gains.” Cognizant’s healthcare and life sciences sector is about 26 percent of their $8.84 billion total annual revenue, but what they haven’t had is the provider-payer software and TriZetto’s IP.

So why the big number (which exits the investors quite nicely) which nearly equals the value of the combined companies in healthcare? The trend this Editor has spotted (more…)

A small compendium of potentially useful info

In the process of looking for interesting items to highlight on Telehealth & Telecare Aware, occasionally we trip over info that, whilst not riveting in its own right, nevertheless may be of use to readers.  Here is a small selection of recent finds that we will add to – reader additions are most welcome too:

GP EU eHealth/telehealth penetration

The EU has recently published the results of a survey carried out last year on the penetration of eHealth & telehealth in GP surgeries across all EU countries (Croatia joined the EU during the survey) plus Iceland, Norway & Turkey. It comprises a very comprehensive executive summary, a full report, a series of individual country reports (44MB – beware) and a technical annex. Encouragingly it shows high adoption in the UK of EHRs though it’s no surprise the UK slips well down the ranks for things like telehealth adoption by GPs. (Giving extra weight to recent GPonline editorial calling for a change of culture by GPs regarding telehealth).

Reference to “N.H.S.” in the charts was (more…)

‘Game changing’ healthcare robots

Healthcare service robots have definitely gone ‘mainstream’ if two are ‘Game Changer’ winners in the industry’s Robotics Business Review. The honors go to the Aethon TUG, a laser and infrared-guided robo-deliverer for medications, lab specimens, food, blood, linens–and remover of trash and waste; and the sumo-like Hstar Technologies RoNA – Robotic Nursing Assistant System to lift extremely heavy patients and minimize nurse/aide injury. Among the finalists were the iRobot Ava using the Cisco TelePresence EX telemedicine platform and (a new one on this Editor) a physician assistant for the delicate work of scalp hair transplantation, Restoration Robotics ARTAS Robotic System. But we could also see healthcare uses for Five Elements Robotics’ Budgee personal transport carrier to assist those who cannot carry heavy loads. RBR’s full list.