Secure electronic messaging can help patients be better informed about their healthcare and improve access to healthcare providers, but the authors of a new study say more education is needed to improve the quality and efficiency of secure communication.
Researchers analyzed 1,000 threads – defined as strings of related messages – from two Department of Veterans Affairs (VA) facilities. Patients initiated an overwhelming majority of threads (90.4%), while caregivers began 4.1% of threads on behalf of a patient. Primary care team members initiated 5.5% of threads.
Patients and clinicians also used secure electronic messaging for different purposes.
Patients most often initiated messages to ask for a medication renewal or refill (47.2%). Patients also used secure messaging for scheduling requests (17.6%), medication issues (12.9%) and health issues (12.7%).
The majority of clinician-initiated threads (32.7%) were sent to report test results, followed by medication issues (21.8%), scheduling issues (18.2%) and medication renewals (16.4%).
Although some providers have expressed concern that patients would use secure electronic messaging for urgent medical issues, the researchers found that only 0.7% of patient-initiated messages contained content deemed clinically urgent.
Overall, patients viewed the use of secure messaging as an alternative to unnecessary in-person visits. It was also convenient and enabled easy, round-the-clock access to clinicians. Secure messaging also enabled patients to discuss potentially embarrassing topics.
The authors of the study, which was published in the Journal of the American Medical Informatics Association, concluded that both patients and clinicians could benefit from further education and training on the uses of secure electronics messaging. Most current guidelines for secure messaging focus on the technical and administrative areas, and not the potential use cases.
From April through mid-May 2017, HIMSS North America commissioned a survey on the topic of healthcare cybersecurity. The HIMSS cybersecurity survey received feedback from 126 information security professionals from a variety of U.S. healthcare organizations. Survey participants consisted of healthcare CISOs and HIMSS cybersecurity community members.
The survey asked participants to share information about how their healthcare organizations are allocating money to cybersecurity efforts, what security frameworks are being used, thoughts on cloud security and more.
Here are the four most interesting findings from the HIMSS cybersecurity survey:
The majority of healthcare organizations are dedicating portions of their budgets towards cybersecurity, the survey found. Of the respondents, 71% said their healthcare organization was allocating a specific amount of their budget to cybersecurity.
The survey found that 40% of respondents are allocating 1% to 2%, 32% of respondents are allocating 3% to 6%, 17% of respondents are allocating 7% to 10%, and 11% of respondents are allocating more than 10%.
Essentially, about 60% of respondents are allocating 3% or more of their budget, while 7.9% of respondents said they are not allocating any of their budget to cybersecurity.
Security frameworks are being used widely among healthcare organizations, the HIMSS cybersecurity survey found. Of the respondents, 86% said their organization uses at least one or more security framework. Respondents could choose more than one in the survey.
The top security frameworks being used by healthcare organizations include:
- NIST Cybersecurity Framework (62%)
- ISO (25%)
- HITRUST (25%)
- Critical Security Controls (22%)
- COBIT (11%)
- Other (8%)
Furthermore, 12% of respondents said their healthcare organization is not using any security framework.
Medical device security
The survey asked respondents: What is your greatest concern about medical device security at your organization?
Respondents’ top concerns included:
- Patient safety (32%)
- Data breach (26%)
- Spread of malware (20%)
- Device loss or theft (4%)
- Intellectual property theft (1%)
- Liability concerns (3%)
Patient safety is the top concern among senior information security leaders because insecure medical devices have the potential to do real harm to a patient, the survey report said.
“A hacked insulin pump may deliver a fatal bolus of insulin to a patient. A ‘connected’ pacemaker may deliver a fatal shock to a patient,” the survey report said. “The technical know-how and skill set exists among cyber adversaries to compromise these devices. Unfortunately, it is a matter of ‘when’ and not ‘if.’ This is not a theoretical problem.”
Although some experts believe the time for cloud in healthcare is now, the survey found that healthcare security experts still have some trepidation about the technology.
The top four concerns the HIMSS cybersecurity survey found include:
- Ownership of data: Healthcare security professionals are concerned about what happens to the organization’s PHI at the end of the contract or business relationship with the cloud provider.
- Lack of cybersecurity: Due to reports of breaches and cyberattacks affecting cloud service providers, as well as the concerns around insider threats and lack of transparency, security professionals at acute care providers are hesitant to move to the cloud.
- Insider threat: Whether intentional or unintentional.
- Lack of transparency: Cloud service providers are sometimes perceived as not being very transparent about their cybersecurity practices and operations.
After the passage of the HITECH Act in 2009, EHR adoption rates for eligible hospitals rose from 3.2% to 14.2% and EHR adoption rates for ineligible hospitals rose from just 0.1% to 3.3%, according to a report in the journal Health Affairs.
Unlike other incentive programs, the HITECH Act paid hospitals and physicians for having and using an infrastructure — in this case, an EHR. The authors of the report said the results suggest the HITECH Act could “serve as a model to drive the adoption of other valuable technologies.”
The authors used data from 2008 to 2015 from the Annual Health Information Technology Supplement Survey of the American Hospital Association to determine the rates of EHR adoption before and after President Obama signed the HITECH Act into law.
Prior to the HITECH Act, EHR adoption rates were low and increasing slowly, the report says.
According to a 2009 study in the New England Journal of Medicine, before the HITECH Act was passed, roughly 17% of doctors and 10% of hospitals had a basic EHR due to the cost of implementation and a perceived lack of ROI. At the time, Congress believed that health IT could improve the quality of healthcare and the efficiency of healthcare systems. The law received bipartisan support, but whether it has achieved its primary goal has yet to be seen.
The report concludes that the increase in EHR adoption can be directly attributed to the HITECH Act. The report does point out, however, that it is unclear how EHR adoption rates would have increased without the financial incentives of the HITECH Act.
However, the increase in EHR adoption rates may have had an unintended consequence. According to a study by the Mayo Clinic, EHRs could be causing physician burnout. More than half of the doctors surveyed (63%) said EHRs have failed to improve efficiency, and 41% disagreed or strongly disagreed that EHRs have improved patient care.
The U.S. Government Accountability Office (GAO) recently appointed 15 new health IT experts to the also new Health Information Technology (HIT) Advisory Committee, a press release said.
“The 21st Century Cures Act established this committee to provide recommendations to the National Coordinator for Health Information Technology on policies, standards, implementation specifications, and certification criteria relating to the implementation of a health information technology infrastructure that advances the electronic access, exchange, and use of health information,” Nikki Clowers, GAO’s managing director for Health Care, said in an email.
Clowers added that the appointed members of the committee are expected to actively participate in achieving the committee’s goals.
“The Act requires that members reflect a wide variety of experiences and expertise, including providers, consumers, health information technology developers, and others,” Clowers said.
And just by looking at the 15 new appointees, it is apparent that the U.S. GAO works to appoint members of many different backgrounds.
In the press release, the U.S. GAO listed the newly appointed members and provided brief biographies. Some of the members have a background in telehealth, such as Michael Adcock, executive director of the University of Mississippi Medical Center’s Center for Telehealth. Others come from the payer side of healthcare, such as Sheryl Turney, senior director of All-Payer Claims Database Analytics and Data Policy and Administration at Anthem Blue Cross Blue Shield. And some come from the vendor side of health IT, such as Andrew Truscott, managing director for Health and Public Service at Accenture.
“We strive to appoint members with a diversity of views, experience and expertise who, collectively, reflect the characteristics in the Act and can credibly engage on a range of health IT policy issues that come before the committee,” Clowers said.
In the press release, Gene Dodaro, comptroller general of the United States and head of the U.S. GAO, said, “It is extremely valuable to have a range of perspectives and expertise in helping the government address challenges related to health information technology,” Dodaro said. “GAO received nominations for many highly qualified individuals, and I’m pleased to announce this first round of appointments to the HIT Advisory Committee.”
The HIT Advisory Committee has not yet held its first meeting, Clowers said. The 21st Century Cures Act requires the Comptroller General of the United States to appoint at least 14 members to the HIT Advisory Committee, with 11 additional members appointed by the Secretary of Health and Human Services, the Majority and Minority leaders of the Senate, and the Speaker and Minority Leader of the House of Representatives. Not all appointments have been made, she said. This new committee replaces the HIT Policy Committee and HIT Standards Committee.
President Trump and Veterans Affairs (VA) Secretary, David Shulkin, M.D., announced telehealth initiatives that will help give access to healthcare for veterans across the country.
“This will significantly expand access to care for our veterans, especially for those who need help in the area of mental health… and also in suicide prevention,” Trump said in the release. “It will make a tremendous difference for the veterans in rural locations.”
Shulkin added that the “VA already has the largest telehealth program in the country. Last year, we had 700,000 veterans who got telehealth services through the VA.”
President Trump and Shulkin said the VA will be focusing on three specific telehealth initiatives:
- After working with the White House Office of American Innovation and the Department of Justice, Shulkin said he will be issuing a regulation that will authorize VA providers that use telehealth technologies to serve veterans no matter there that provider or the veteran patient is located in the country, a press release from the White House said. The initiative is called the “Anywhere to Anywhere VA Health Care”. Trump and Shulkin are hoping this initiative will empower the VA to hire providers in metropolitan areas with an abundance of clinical services and connect them to veteran patients in rural areas.
- The VA is also initiating a nationwide rollout of a new application called VA Video Connect which will provide secure and web-enabled video service that will make it easier to connect with providers via their mobile phones or personal computers. It is currently being used by more than 300 VA providers. It will be rolled out to VA providers and veterans across the country next year, the release said.
- There will also be a nationwide roll-out of an application to make it easier to schedule and change appointments called the Veteran Appointment Request (VAR) app, the release said. The app is currently available at several locations nationwide.
“What we’re really doing is, we’re removing regulations that have prevented us from doing this,” Shulkin said. “We’re removing geography as a barrier so that we can speed up access to veterans and really honor our commitment to them.”
The National Institutes of Health has chosen four community partners to join its All of Us precision medicine research program, which seeks to gather data from at least one million people in the United States to improve health. The program is part of the Precision Medicine Initiative created by President Barack Obama in 2015 and was formerly known as the PMI Cohort.
The partners will receive a combined $1.7 million to raise awareness about the research program among African Americans, Hispanics and Latinos, seniors and the LGBTQ communities. Researchers will use the data collected from the program to learn how individual biological, environmental and lifestyle differences influence disease and health.
Participants will be asked basic information about their health, family, home life and work. Researchers may request access to a participant’s electronic health record, and may ask participants to attend a local clinic where health information such as weight, height, blood pressure and heart rate will be collected.
Dara Richardson-Heron, chief engagement officer for All of Us, said in a release, “Medical breakthroughs have traditionally been based on findings from a limited portion of the U.S. population,” but that the hope is for “future research to include all of us.” Including diverse populations in precision medicine research enables healthcare to be tailored to individual differences, she added.
To that end, the initial group of awardees is:
- FiftyForward, which will share information about the program with economically disadvantaged older populations through lifelong learning centers and home-based centers.
- The National Alliance for Hispanic Health, which will launch bilingual local and national initiatives to promote the precision medicine research program in Hispanic communities.
- The Delta Research and Educational Foundation, in collaboration with Delta Sigma Theta Sorority and the National Council of Negro Women, which will launch a “Research Matters” health initiative to raise awareness for the program.
- The San Francisco General Hospital Foundation, which will engage gender and sexual minorities in the U.S.
Unlike many other precision medicine research programs, All of Us will not focus on one specific disease. Instead, it will act as a resource for researchers and explore ways to increase an individual’s odds of remaining healthy.
All of Us is currently in its beta testing phase and is slowly enrolling participants at different sites with the goal of expanding to at least 100 sites across the country.
“[The] American healthcare system is broken,” Robert Pearl, M.D., executive director and CEO of The Permanente Medical Group, said at the mHealth + Telehealth World Congress conference in Boston, and that includes healthcare technology systems too, he said.
In order to not be totally pessimistic, Pearl, also the president and CEO of the Mid-Atlantic Permanente Medical Group, did also talk about what certain healthcare technologies are getting right. But the overall message was that some serious work needs to be done.
Mainly, Pearl said that the approach to designing healthcare technology systems need to change. Right now, people are just building technologies and having the patient or physician adapt to the technology. Instead, Pearl said healthcare technology systems need to be designed for the specific problem it’s trying to solve. Therefore, the problem – whether it’s chronic disease or physician workflow – needs to be understood and the technology built around it.
“[EHRs do] not improve the quality of healthcare,” he said. What’s needed is a comprehensive EHR where all the information about the patient — and Pearl means all — is presented to the doctor. This means gathering information from different sources and presenting it to the patient’s physician and this requires interoperability.
Until a comprehensive EHR is created, other technologies important in healthcare will not be fully realized. One example is data analytics, Pearl said. “Data analytics is powerful,” he said, and it requires a comprehensive EHR in order to be truly effective.
What Pearl does see becoming a success is the use of video. He predicts that 30% of what doctors do in the near future will be done via video. Why isn’t video being widely used throughout healthcare today? Because it isn’t covered by insurance and therefore is not reimbursed, Pearl said.
One technology that Pearl is uncertain about in healthcare is artificial intelligence (AI). To Pearl, there are two possible use cases for AI. One is visual recognition meaning the technology would look for patterns that would ultimately lead to a diagnosis. And the second is determining the outcomes of treatment.
However, if you ask Pearl what he thinks of some of the AI technologies already out there, like IBM’s Watson and Apple’s Siri, he’ll tell you, “I believe Siri is going to be better than Watson.”
Why? Because you have Siri – and your mobile device — with you all the time.
With the efforts to repeal and replace the Affordable Care Act, many are questioning how changes in Washington, D.C., may affect the shift to value-based care.
A study commissioned by Quest Diagnostics, a company that provides clinical laboratory services, and Inovalon, a healthcare cloud vendor, surveyed physicians and health plan executives to gauge the nation’s journey to value-based care.
Here are the study’s key findings:
More tools are needed for shift to value-based care
While 53% of the health plan executive respondents said that physicians have the necessary tools to succeed in a value-based care healthcare system, only 43% of physicians said they have the necessary tools. However, this is an improvement from 2016, the study found. Last year, 44% of health plan executives said physicians had the necessary tools while only 29% of physicians said they had the necessary tools. The study points out that the gap between these perceptions decreased from 15% in 2016 to 10% in 2017, suggesting there has been progress towards alignment between health plans and physicians.
EHRs aren’t closing the gaps
Physicians and health plan executives also had differing views on the value EHRs bring to value-based care. The study found that 75% of health plan executives said EHRs have everything physicians need while only 54% of physicians thought so.
Furthermore, 70% of physician respondents said they do not see a clear link between EHRs and improved patient outcomes and 65% of physician respondents said that if they could get one key insight at the point of care via their EHR it would be information related to performance or quality measures that apply to individual patients.
Despite doubts about the value of EHRs, physicians are still investing in them and are open to their potential, the study said.
Physician respondents also said that they’d be willing to spend more time using technology if their EHRs could yield insights unique to their patients (71%). Furthermore, nine out of 10 physicians also agreed that access to quality and performance measures specific to patients is key to the shift to value-based care.
The study also found that co-investment in health IT between physicians and health plans may be the answer, with 85% of health plan executives saying co-investment in health IT would accelerate value-based care adoption.
“This finding supports other research that shows health plans experience greater benefits from the implementation of information technologies, such as EHRs, than the providers that implement them,” the study said. “Perhaps health plan executives are mindful of the significant investment required of physician practices to implement HIT solutions and the potential for co-investment to help surmount this challenge.”
In the wake of the recent WannaCry and Petya attacks that have hit healthcare organizations worldwide, a group of Boston researchers is urging the industry to consider the public health implications of cybercrime.
The researchers — two physicians and an information security professional — outlined their concerns in a perspective piece published in the New England Journal of Medicine. The group cites a Ponemon Institute survey in which nearly 90% of participating healthcare organizations said they have suffered a data breach in the past two years as proof that cyberattacks in the healthcare industry are a growing and prominent threat.
Potential threats to healthcare information security
Some of the threats to the industry include denial of service attacks and ransomware, such as the WannaCry and Petya attacks. Both forms of attacks had public health implications as they could impair a healthcare organization’s ability to deliver efficient care, the group said, but they stopped short of exposing patient data.
If patient data is exposed, however, a cyberattack becomes more worrisome. One of the major public heath implications of such an attack is that protected health information is “durable” unlike, say, a credit card number that can be changed if the card is stolen or lost. However, medical history can be used to identify a patient years after the initial data breach, the researchers said.
Attackers could also manipulate patient data, such as potassium values, which could cause serious harm to patients’ health. Similarly, attackers could manipulate clinical systems like medical devices.
How organizations can reduce risk
While the researchers acknowledged that the challenge of protecting the healthcare industry from the rising number of threats is “complex” and that although there is no “silver bullet” that can stop all attacks, there are things organizations can do to reduce their risk.
Healthcare organizations should use best practice security procedures such as software update and data encryption, as well as do frequent backups. Improving password security by requiring frequent password changes can also help keep attackers out of a hospital system.
Finally, educating healthcare professionals about how attacks occur — such as clicking a malicious link in an email — can help reduce risk as well.
The researchers’ comments echo those of the Health Care Industry Cybersecurity Task Force, which called healthcare cybersecurity a “public health concern” that required “immediate and aggressive attention.” The task force outlined six imperatives to address the public health implications of cyberthreats, including improving awareness and education and developing a workforce that prioritizes cybersecurity.
Healthcare has had its sights set on transitioning over to value-based healthcare for a while now. But moving beyond the current fee-for-service care delivery model has proven challenging. Despite these challenges, some experts believe that value-based healthcare’s reliance on data and data analytics has exciting implications for health IT. Two lawyers share their four predications for value-based healthcare and digital health technology in a Law 360 article.
1) Raw data gains value from value-based healthcare tech
What with EHRs, HIEs, clinical decision-making tools and more, healthcare is generating a massive amount of data, the article said. In order to effectively use and take advantage of these tools, raw data needs to be collected from multiple sources and analyzed in one place.
2) Focus will turn to data sharing
Data sharing will become essential to value-based healthcare, the article said. This, in turn, will motivate those who collect, de-identify, aggregate and analyze clinical data, and the providers who generate the data to further share information. The article warns healthcare vendors and providers that, although data sharing is a positive force when it comes to value-based healthcare, these stakeholders should first consider whether patient authorization is necessary (in some cases it is and in other cases, legally, it is not), whether a provider is required to modify and redistribute its notice of privacy practices, and whether business associates should be handling PHI.
3) The market will be driven by evidence-based and HIPAA compliant tech
Currently, many developers focus on creating healthcare technologies that are patient-facing and wellness-oriented, the article said. This means that the companies creating these tools can avoid regulatory scrutiny, the article explained. However, value-based healthcare may change all that, especially since population health and patient engagement are key factors to successfully achieving value-based healthcare. As providers begin to use these tools, such as an app for their patient to use to document clinical information, the vendors creating these apps and healthcare technologies will then have to ensure their product is HIPAA compliant.
4) Employers take center stage
Employers are the primary purchasers of healthcare and will continue to be, according to the article. This means that employers will also likely greatly influence the use of health IT. Employers have said they want to make telehealth services available to employees, the article said. Furthermore, employers view these wellness programs as cost saving measures and the article said that health IT will facilitate this growth.