Healthcare data breaches cost the industry $6.2 billion a year, while the average cost of a single data breach across all industries is $4 million, according to Protenus. Additionally, nearly 90% of healthcare organizations have reported a data breach in the past two years.
Healthcare data breaches include, but are not limited to, phishing attacks, “snooping” by employees and compromised credentials.
Protenus also detailed seven potential costs of a healthcare data beach:
- Forensics – $610,000
- Notification – $560,000
- Lawsuits – $880,000
- Lost business/revenue – $3,700,000
- Brand value – $500,00
- HIPAA fines – $1,100,000
- Post-breach costs – $440,000
The $3.7 million price tag for lost business can be attributed to the fact that nearly a quarter of patients have said they would switch providers due to a data breach, according to a 2015 survey by software advertising firm Software Advice. Patients have also said they withhold information from physicians due to fear of a breach. Beyond the loss of revenue, data breaches can also cause patients to lose trust in a hospital or healthcare organization.
The high cost of healthcare data breaches emphasizes the importance of being proactive in securing patient data and identifying potential external and internal threats. If an organization is breached, it is imperative to notify affected patients as soon as possible. Transparency after a breach can help reduce lawsuits and damage to the organization’s brand.
Telemedicine has the potential to help diverse patient groups – from nursing homes to rural communities – get better healthcare; One place where telemedicine can minimize the disruption to a patient’s life is in schools, according to a Huffington Post story.
The article gives an example of a girl who had trouble breathing at recess at a school in Maryland. The school was outfitted with telemedicine equipment about a year ago. The girl went to the nurse, who determined that the girl was having an asthma attack. The girl’s father was an hour away and there was no time to wait for him to come get his daughter. The nurse could have also called an ambulance but that would have meant the girl would miss the rest of the school day.
Luckily, the girl’s parents had has agreed to enroll their daughter in the school’s telemedicine program, allowing the nurse to set up an online video and audio link with an emergency room pediatrician at a nearby county general hospital.
The doctor confirmed the school nurse’s diagnosis, the nurse administered the necessary medicine, and the girl was breathing normally again within 10 minutes and was able to go on with her day.
According to a study in the Annals of Allergy, Asthma and Immunology, children with asthma who were given treatment via telemedicine were able to gain control over their asthma just as well as when children saw a doctor in person to address their asthma.
IBM Watson Health and the FDA are collaborating on a research initiative that aims to define a “secure, efficient and scalable exchange of health data using blockchain technology,” according to an IBM release.
The two-year initiative will initially focus on oncology-related data. Blockchain has the potential to make it easier for cancer patients to share their health data securely with providers and researchers. One barrier to cancer research is the lack of a national infrastructure to which patients can contribute their data. To remedy that issue, the Cancer Moonshot has called for a National Cancer Data Ecosystem. By connecting data that often exists in separate databases, cancer research can move more quickly because all of the information is available in an easily accessible and centralized location. This will then allow providers and researchers to identify new and more effective treatments.
The joint initiative will explore how blockchain can be used for health information exchange across data types such as clinical trials. Patient-generated data from wearables and other connected devices will also be analyzed for population health management. The collaboration will also explore a “secure owner-mediated data sharing ecosystem” that could improve public health and lead to new discoveries, according to the release.
The FDA and IBM Watson Health will share their initial research findings in 2017.
It turns out the transition to ICD-10 didn’t go quite as smoothly as previously thought, particularly for the small practice physicians who were most anxious about the changeover from ICD-9 on Oct. 1, 2015.
What happened apparently is that some ICD-10 medical codes used in the Physician Quality Reporting System (PQRS) were not updated in time for CMS to process data reported on certain quality measures for eligible practitioners (EP) for the fourth quarter of calendar year (CY) 2016.
As a result, CMS is waiving reimbursement penalties for physicians and group practices that were affected by the ICD-10 glitches.
According to a CMS message released Jan. 9, “CMS will not apply the 2017 or 2018 PQRS payment adjustments, as applicable, to any EP or group practice that fails to satisfactorily report for CY 2016 solely as a result of the impact of ICD-10 code updates on quality data reported for the 4th quarter of CY 2016.”
The influential American Academy of Family Physicians (AAFP) is among the groups hailing the CMS move.
“CMS is saying that while considerable work was done to incorporate ICD-10 changes into the measure specifications, there are still some problems and that work is still incomplete,” Sandy Pogones, the AAFP’s senior strategist for healthcare quality, was quoted as saying in a story on the AAFP’s web site. “Those codes have to be fully accounted for in the specifications and documented in the medical record for a physician to accurately report quality data.”
Pogones noted, however, “if a physician fails to meet reporting requirements for other reasons — say a physician just chooses not to report, or a group fails to meet the reporting threshold — then the penalty waiver doesn’t apply.”
CMS has published this FAQ to help physicians navigate PQRS requirements related to ICD-10.
As many in health IT know, the theft of patient health data has developed into an epidemic with breaches involving millions of health records in 2016, according to the Department of Health and Human Services (HHS). Among the biggest breaches were the Anthem and Premera Blue Cross hacks, and HHS even released guidance on ransomware attacks. At the same time, however, many patients are unable to get access to their own health data.
This situation has created quite a paradox, wrote Kathryn Haun, a prosecutor with the U.S. Department of Justice, and Eric Topol, a professor at the Scripps Research Institute in La Jolla, Calif., in an op-ed piece in the New York Times.
It doesn’t seem right that cybercriminals can so easily steal this private information while the person the information belongs to cannot access it.
“We need to move on from the days of health systems storing and owning all our health data,” Haun and Topol wrote. “Patients should be the owners of their own medical data. It’s an entitlement and civil right that should be recognized.”
In addition to being a civil right, Haun and Topol argue that patients owning their own data could also help quell cyber attacks.
The authors say that one solution is disaggregation, or medical data being stored in individual or family units in a personal cloud or digital wallet, as opposed to being kept in centralized databases and handled by healthcare organizations and vendors.
Haun and Topol also lauded blockchain as one possible approach to this solution.
“One approach, known as a blockchain, is an encrypted data platform that would give patients digital wallets containing all their medical data, continually updated, that they can share at will,” they wrote.
“Their business is to sell proprietary information software to health systems to create large centralized databases for such things as insurance reimbursements and patient care,” they wrote. “Their success has relied on an old, paternalistic model in medicine in which the data is generated and owned by doctors and hospitals.”
I caught up with Intermountain Healthcare CIO and vice president Marc Probst at the CHIME16 Fall CIO Forum and got a chance to ask him about Intermountain’s role in what is one of the biggest EHR implementations ever.
And no, it’s not the installation of Cerner Corp.’s Millennium EHR platform across the Salt Lake City-based health system’s 22 hospitals and nearly 200 clinics, which is about half done.
That started last year and was a coup for the Kansas City, Mo. EHR giant, as was, of course, the awarding of a more than $4 billion federal EHR contract in 2015 to Cerner and its partners. In both cases, Cerner beat out archrival Epic Systems. Corp.
This particular project, underway now, involves putting Millennium in place throughout the Department of Defense’s healthcare network, itself one of the world’s largest.
While the key players are Cerner and its systems integrator partners, Accenture and Leidos, Intermountain has more than a bit part in the undertaking.
Probst told me that Intermountain’s main role as a subcontractor to Cerner is to provide its own EHR content and workflow processes and “care process models,” (CPMs), for the building out of the military health records system.
CPMs are evidence-based guidelines summarizing clinical literature and providing expert advice for the diagnosis and management of certain diseases and conditions, including:
- Bipolar disorder
- Pediatric upper respiratory problems
“I don’t think that the DoD will adopt everything we’ve done, but they have a baseline to move from, from what we’ve developed at Intermountain Healthcare,” Probst says in part of a video interview I recorded with him in Phoenix at the annual fall meeting of the College of Healthcare Information Executives.
ONC has launched a challenge for developers, designers and health data privacy experts to create an online model privacy notice generator for health IT products that will encourage transparency and help consumers make informed choices.
The first place winner of the challenge will receive $20,000. The second and third place winners will receive $10,000 and $5,000, respectively.
The general requirements for the challenge are:
- The submission cannot use HHS or ONC logos.
- The submission must function as expressed in its description and must contain accurate and complete information.
- The submission must be free of malware, and is subject to ONC testing.
While the design of the notices is up to the submitter, the notice cannot be a static document, such as a PDF. However, the notice can be interactive and include visuals.
ONC is accepting submissions until April 10, 2017. Winners will be announced mid-2017.
The Office of the National Coordinator for Health Information Technology has released its 2017 Interoperability Standards Advisory, which expands its focus on health research interoperability, after compiling roughly six months of public feedback on the document.
The purpose of the ISA is to provide a single, public list of standards and implementation specifications that best address the needs of clinical health information interoperability. The ISA’s current focus is on information interoperability between entities, instead of users within an organization. It is also intended to inform standards and specifications, not just for electronic health records (EHR), but all forms of health IT that support interoperability needs.
Some of the updates to the ISA include:
- Discontinuing the “best available” label, as the term does not provide a specific pathway for industry input. The Health IT Standards Committee discontinued the label based on feedback that stakeholders may have different perceptions about what constitutes a “best available” interoperability standard or specification.
- Releasing a static “Reference Edition” every December that can be cited in contracts, agreements or as needed. The web-based version will be updated frequently to reflect real-time updates to interoperability standards and specifications.
- Further moving the ISA toward a web-based, interactive resource that provides transparency and encourages greater stakeholder engagement
The 2017 update also provides patient-specific assessments and recommendations based on patient data for clinical decision support, and adds remote patient monitoring for chronic condition management, as well as patient education and engagement.
In a statement released earlier this week, ONC national coordinator Vindell Washington, M.D., said, “The ISA is a key step toward achieving the goals we have outlined with our public and private sector partners in the Shared Nationwide Interoperability Roadmap, as well as the Interoperability Pledge announced earlier this year.”
The Interoperability Pledge consists of three commitments:
- Empowering patients through electronic access to health records
- Eliminating roadblocks that stand in the way of health information exchange
- Implementing national interoperability standards for EHRs
To date, companies that provide 90% of EHRs used by hospitals have taken the interoperability pledge.
Robotic process automation (RPA), a software with artificial intelligence and machine learning capabilities that essentially automates other software, has already begun to make its way into the healthcare space and it seems the use of this technology will only continue to grow in healthcare.
The RPA market is projected to reach $8.75 billion by 2024, according to a press release. RPA is already beginning to take hold in healthcare especially when it comes to processing claims and automating administrative tasks.
One health IT expert discussed the potential use cases for RPA in healthcare with SearchHealthIT. He said the main use case he sees for RPA in healthcare is when it comes to revenue cycle management and he believes RPA can provide comparative looks at medical records — analysis of the differences in medical records and analysis of what those differences are — as well.
The expert also said that RPA can be helpful in healthcare when it comes to keeping up with the licensure and certification of clinicians and ensuring they are up to date.
In addition to healthcare, the financial industry, and telecom/IT industries are all embracing this technology as well. The release said this is because these industries all handle large volumes of data entry and switching among various applications.
“Healthcare accounted for over 11% market share in 2015,” the release said. “RPA solutions are increasingly adopted in the healthcare industry as the sector requires labor-intensive activities and demands on patient rules along with ever increasing amount of data processing.”
One key player when it comes to RPA is Blue Prism, the release said. And Blue Prism has already made its way into the healthcare space.
Health data and patients’ electronic access to their own health information are real, personal issues, not just the stuff of health IT government and vendor debate.
Some 94% of respondents in a new nationwide survey of 1,000 patients sponsored by Surescripts, the national pharmacy IT network, said their medical information and records should be stored electronically in a single location, particularly for planned doctor appointments.
Look at a slideshow on the report here.
Also, 55% of those surveyed think health data sharing could both save lives and reduce healthcare costs over the next decade, the study, conducted with the Kelton Global research firm, found.
The Surescripts annual Connected Care and the Patient Experience survey came up with quite a few seemingly counter-intuitive findings, among them that Americans would like to share more general information about their health.
Most of the surveyed patients (77%) said they’d be willing to share their physiological health information. Another 69% reported they’d share their health insurance information. And 51% even indicated they’d share behavioral and mental health records.
These findings are somewhat surprising because recent big health data breaches have purportedly made many people skittish about sharing their personal information. In reality, sharing that stuff can usually get you better care, even in the behavioral and mental health realms, many patient activists and forward-looking clinicians say.
In the meantime, Surescripts, which is known, among other things, for its electronic prescribing systems, is – likely not coincidentally – promoting the National Record Locator Service health data sharing system it launched earlier in 2016.
The service has received more than 4.5 million requests for patient locations and returned more than 890,000 locations of care summaries, including more than 15 million visit locations for care delivered by 109,000 providers, according to a Dec. 14, 2016 Surescripts release.
The survey’s most notable insights, the release said, are that patients:
- “Overwhelmingly want their medical information electronically stored in a central location and easily accessed and shared
- Are increasingly dissatisfied with the amount of time and effort they’re spending on recounting medical information and waiting in doctors’ offices or pharmacies
- Increasingly prefer and expect new and innovative ways to receive care and get prescriptions.”
Other interesting, and totally understandable, findings:
Fifty percent of the survey group agreed that renewing a driver’s license would require less paperwork than seeing a physician for the first time, and 57% said they would be just as likely to be frustrated filling out paperwork at a doctor’s office as they would be buying a new car.