Financial services may have replaced healthcare as the most breached industry in 2016, but that doesn’t mean healthcare is in the all-clear.
According to a report by IBM Security, the healthcare industry suffered fewer medical record breaches in 2016 compared to the previous year. In 2015 cyberattackers leaked 100 million records. That number dropped to 12 million last year.
However, that doesn’t mean that the healthcare industry is becoming immune to medical record breaches or cyberattacks. Ransomware will continue to be a concern for the healthcare industry in 2017, and experts predict the number of attacks will double by 2018. Ransomware accounted for 85% of malicious attachments to spam email, according to the IBM Security report.
Healthcare organizations will also need to be on the lookout for insider threats. Last year, internal threats comprised 71% of attack sources, and inadvertent actors– users who were unaware that they were causing a security event– caused nearly half of those attacks. The amount of insider attacks may be due to the healthcare industry’s susceptibility to phishing attacks, the report said.
Internal threats are a common theme for many organizations. After a record-breaking month of breaches in November 2016, Protenus, which publishes a monthly data breach barometer, said “hacking pales in comparison to insider breaches.” One way to prevent medical record breaches by internal and external attackers is to implement a security awareness campaign and conduct regular employee training.
The price of telehealth services may only continue to increase in the coming years as healthcare providers and businesses are using online consultations more and more. This has not only increased the demand for telehealth services during a three year period up to 2017, according to a market research report by IBISWorld, but also caused an increase in price. IBISWorld expects the price to only increase in the coming years through 2020.
However, telehealth market competition is helping keep price growth in check since the telehealth market is highly fragmented and competitive, the report said. Although, there are a few prominent players such as Teladoc and Doctor On Demand.
“IBISWorld estimates that there are about 640 firms currently operating in the US telehealth market. Moreover, most operators are small and midsize firms that are privately owned and operated. In the next three years, market share concentration is projected to remain low as new players enter the market, warranting strong price competition,” Anna Son, procurement research analyst at IBISWorld, said in a press release.
In 2017 alone, prices of telehealth services are expected to grow 3.5%, Son said in the release. This is because more and more employers are and will be offering more telehealth services to their employees. Son said in the release that this is “to help curb skyrocketing healthcare costs related to employee sickness and absenteeism.”
Regulations contribute to price increase
In the United States today 30 states and the District of Columbia require private health insurance carriers to provide the same coverage for telehealth services as they do for in-person visits over the next three years, the release said.
Furthermore, during the three year period in which the demand for telehealth services grew, there were also a number of regulatory changes as well with more to come, the release said. Currently, there are more pending legislations that are expected to help facilitate the adoption of telehealth in the future.
“A rising number of health insurance companies are planning on expanding their coverage for telehealth services. These regulatory changes will help accelerate the integration of telehealth services in healthcare settings, thus leading to anticipated double digit sales growth and rising service rates in the coming years,” Son said.
The American Medical Association and 102 other physician groups have called on CMS and ONC to delay the use of 2015 certified EHRs beyond the current timeframe of required use starting in 2018 because they are concerned the EHR technology is not widely available yet.
“The undersigned organizations are writing to request a deferment from implementing 2015 Edition certified electronic health record technology (CEHRT) until such technology is widely available,” the letter said. “We believe that the technology will not be readily available to physicians across a wide variety of specialties and that the use of 2015 Edition CEHRT should remain voluntary.”
The letter goes on to say that few EHR vendors have fully upgraded their systems to be 2015 Edition certified. Only 54 of the over 3,700 EHR products are currently certified EHRs and posted on the Certified Health IT Product List.
The American Medical Association (AMA) and other physician groups said in the letter that requiring physicians to upgrade to the 2015 edition EHR technology by 2018 would limit the choice of EHR technologies since so few are actually certified EHRs at this time. The AMA added that keeping with the current timeline could force physicians to choose and implement a system that is ultimately not suitable for their specialty or patient population.
“This is not only contrary to the purpose of an electronic health record (EHR)—a tool to help physicians respond to patient care needs—but also jeopardizes a physician’s chance of success in the [Quality Payment Program] QPP and [Meaningful Use] MU,” the letter said. “Physicians should not be subject to financial penalties under the QPP and MU because vendors have not certified their 2015 Edition products in a timely manner.”
The letter also points out that the switch to the 2014 CEHRT created similar issues and the result was a large backlog of products. To overcome this challenge, CMS eventually had to create a hardship exemption for technology delays.
Fueled by the increased use of connected medical devices for patient care, the number of remotely monitored patients grew 44% in 2016, according to a report by Berg Insight, a market research firm in Sweden.
With that expanded role for connected devices, some7.1 million patients were being remotely monitored worldwide as of last year, the report says. Personal health tracking devices are not included in the report.
Furthermore, Berg Insight predicts that the number of remotely monitored patients will grow to 50.2 million by 2021
Using patients’ own mobile devices is also becoming a viable remote patient monitoring strategy; Berg Insight forecasts that by 2021 that bring your own device approach will be used for remotely monitoring 22.9 million patients.
“Care delivery platforms and mHealth connectivity solutions are two of the most rapidly developing parts of the mHealth technology value chain,” the report states. “Care delivery platforms will be instrumental for engaging patients in their own care and delivering remote [patient] monitoring services to a large number of people in a cost efficient way.”
While the benefits of remote patient monitoring are clear and the adoption of these technologies continues to grow, this trend also comes with its challenges.
For one, the report mentions the strong trend towards creating more connectivity in medical devices. Although connecting medical devices has its benefits it turns out that such devices also create serious security vulnerabilities to healthcare organizations.
In fact, Karl West, CISO at Intermountain Healthcare in Salt Lake City, Utah, told SearchHealthIT last year that medical devices are the new threat landscape.
Meanwhile, the report says health-related apps and devices can generate huge amounts of data, and healthcare organizations are struggling to not only handle and store all that data but make sense of and derive value from it.
One strategy many are turning to is third party cloud technologies. When using the cloud it’s “important for end users, doctors and care giving institutions is to choose a place where as many standards as possible are followed and where it is as easy as possible to export the data,” according to the report.
Attending the 2017 HIMSS conference — my very first foray into the largest annual health IT gathering — was daunting, to say the least.
Navigating the massive Orange County Convention Center and adjoining Hyatt Regency, hundreds of exhibitor booths, as well as juggling interviews and social media, made me realize that perhaps my multitasking skills have been woefully overstated.
In tackling the CIO Forum Sunday, my S Health app alerted me that I had broken my previous record for steps with 17,838 steps. Not surprisingly, I set my previous record of 16,841 steps back at my first health IT conference, the Connected Health Symposium, in Boston in October 2016.
In the midst of the “HIMSSanity,” I gained a new appreciation for health IT and the innovations that are changing healthcare. From artificial intelligence and cognitive computing to precision medicine, the technologies on display and discussed during the sessions at the 2017 HIMSS conference have the potential to help providers improve how they deliver care and help patients take more control of their own health.
At one session, Greg Caressi, vice president of the healthcare and life sciences group at Frost & Sullivan, talked about the role of mHealth in healthcare. While mHealth allows patients to better manage their health, not all physicians think patients are capable of that task. In the U.S., 81% percent of patients said they could manage their own health, Caressi said, but only 41% of doctors agreed.
Healthcare VC year over year
That statistic seemed to be reflected in venture capital spending as well. In 2015, venture capitalist spending broke down as follows:
- Healthcare consumer engagement – $629 million
- Wearables and biosensing – $499 million
- Personal health tools and tracking – $409 million
- Payer administration – $263 million
- Telemedicine – $236 million
In comparison, in 2016, venture capital spending broke down as follows:
- Genomics and sequencing – $410 million
- Analytics/big data – $341 million
- Wearables and biosensing – $312 million
- Telemedicine – $287 million
- Digital medicine devices – $268 million
Future role of tech in health IT
One other takeaway from the 2017 HIMSS conference came during the keynote of Joel Selanikio, M.D., on the role of technology in improving care. Selanikio offered a provocative quote from digital medicine researcher Eric Topol, M.D., author of The Patient Will See You Now.
Topol said he didn’t see EHR vendors like Epic and Cerner being around in 10 years — a prognostication that seemed at odds with those giants’ unmistakable presence in the exhibition hall. Selanikio disagreed and said he thinks they will be, but maybe not in the same form in which they currently exist.
Selanikio’s advice to the audience, and one that those in health IT would be wise to heed, was: “Be adaptable.” Who knows how the 2027 HIMSS conference will look like compared to the 2017 HIMSS conference? I guess we’ll just have to wait and see.
The HIMSS 2017 conference, as usual, put up some good numbers.
This year’s edition of the country’s biggest annual gathering of the health IT tribes registered attendance of 42,286.
That crowd was enough to jam Orlando’s capacious Orange County Convention Center and signal that health IT as an industry is in robust health, even if a lot of the chronically ill patients HIMSS vendors are trying to manage are not.
The HIMSS 2017 conference was notable, among other things, for pretty much unfolding without controversy about some major government regulatory issue, such as the meaningful use and information blocking wars of recent years.
Sure, CMS and ONC were at the HIMSS 2017 conference, but their people, by their own admission, didn’t have much to say about their and their agencies’ roles under the new Trump administration.
Jean Moody-Williams, CMS chief strategy officer for the Quality Payment Program under the MACRA healthcare law, said only somewhat jokingly at a packed HIMSS session on the QPP, after being asked to comment on what to expect under the new administration: “I came up here not to say much.”
This is the first year physicians will track a range of QPP quality measures to both avoid Medicare penalties and earn bonus reimbursement. Reimbursement changes are scheduled to start in 2018.
“I do know this is pressing on everyone’s minds. Our priority right now and the direction we have been given is to implement year one policy as it was finalized,” Moody-Williams said, noting that new HHS secretary Tom Price only recently assumed his post a week before the HIMSS 2017 conference. “We are having discussions and as we move into year two and we know more then we’ll be able to give you additional information … all of which you will have the opportunity to comment on.”
One somewhat surprising development was the significant presence of medical imaging at a show that traditionally has revolved around EHRs and their adjunct software technologies.
Evidence of this was a standing room only crowd of 80-plus at a joint HIMSS-Society for Imaging Informatics in Medicine workgroup at the show, an almost unheard of level of attendance.
Monique Rasband, imaging analyst at the KLAS Enterprises health IT market research firm, who was at the meeting, told me that she sees the surge in interest in imaging at HIMSS as a distinct sign that it is becoming part of mainstream health IT.
“Now you’re seeing CIOs and CMIOs taking an active interest in enterprise imaging,” Rasband said.
HIMSS 2017 also was something of a Mecca for the health IT twitterati, with health IT blog publisher John Lynn holding a series of well-attended tweetups.
Toward the end of the frantically busy show, Lynn tweeted out a new HIMSS-related fake ICD-10 code: “HMS17.ORL32: Walked into a lamppost while double-fisting tweeting. Subsequent encounter.”
Health data breaches triggered by hacking attacks spiked by 320% in 2016 and ransomware became widespread, according to a report by a health IT cybersecurity firm.
Released the week before HIMSS 2017, the report from CynergisTek, Inc. division Redspin, said that 81% of the health data breaches were caused by hacker attacks specifically, rather than other lost or physically stolen records.
Cybersecurity of health data is expected to be a major topic at the 2017 conference and exhibition of the Healthcare Information Management Systems Society in Orlando.
(CynergisTek was acquired in 2016 by document management company Auxilio, and Redspin, a HIPAA risk assessment and penetration risk company previously acquired by Auxilio, became part of CynergisTek’s portfolio.)
The report also noted that 2016 was the first year that a hospital had been victimized by ransomware by paying a ransom to unlock its data network, and that many smaller hospitals and clinics were hit by hackers causing health data breaches, in addition to several major healthcare systems.
“Healthcare providers have become the primary targets of malicious hackers, and their attacks are becoming increasingly sophisticated and disruptive to operations,” said Dan Berger, Vice President at CynergisTek, said in a release.
Key findings of the report:
- There were 325 large health data breaches, compromising the protected health information (PHI) of 16,612,985 individual patients.
- The year’s single largest incident involved the health data breach of 3,620,000 patient records.
- Some 40% of large health data breaches involved unauthorized access or disclosure of the records.
Incidentally, SearchHealthIT will be interviewing CynergisTek CEO and co-founder Mac McMillan at HIMSS 2017 and will be sure to ask him about what health system CIOs can do to combat the hacker scourge.
Machine learning is a hot topic in healthcare right now. One health IT expert told SearchHealthIT that he predicts machine learning and artificial intelligence will move quickly in the industry and be applied to many different use cases.
And it seems cybersecurity is one strong use case. Even at the upcoming HIMSS 2017 conference in Orlando, Fla., there are multiple sessions discussing the role artificial intelligence and machine learning in healthcare cybersecurity will play.
According to a report by ABI Research, a market research company based in Oyster Bay, N.Y., predicts that this trend of AI and machine learning in healthcare cybersecurity and cybersecurity in general will also boost big data, intelligence and analytics spending to $96 billion by 2021 in every industry sector including healthcare.
The report also said that the cybersecurity industry is heavily investing in machine learning with the hope of providing a more dynamic deterrent to cyberattacks.
“We are in the midst of an artificial intelligence security revolution,” Dimitrios Pavlakis, Industry Analyst at ABI Research, said in a press release. “This will drive machine learning solutions to soon emerge as the new norm beyond Security Information and Event Management, or SIEM, and ultimately displace a large portion of traditional AV, heuristics, and signature-based systems within the next five years.”
The report predicts that IBM will be a major player in this space — especially when it comes to machine learning in healthcare cybersecurity — and will transform the way enterprises employ machine learning.
“This radical transformation is already underway and is occurring as a response to the increasingly menacing nature of unknown threats and multiplicity of threat agents,” Pavlakis said in the release.
While more than half of the country has enacted telemedicine parity laws, restrictions on the types of telemedicine technology that are covered by health insurance often prevent patients from being able to use remote services, according to the American Telemedicine Association (ATA).
Telemedicine parity means that telemedicine encounters are covered by health plans at similar rates as in-person visits. But lack of reimbursement by insurance payers — Medicare, Medicaid and commercial payers — has long been a barrier to telemedicine use. However, improvements are on the way — it is expected that Medicaid programs in all 50 states will cover some form of telemedicine in 2017.
Today, 31 states and the District of Columbia have telemedicine parity laws — up from 21 states in 2014, the first year of the ATA’s 50 State Telemedicine Gaps Analysis. Twenty-four of those states and D.C. have no restrictions on what type of technology can be used. However, 20 states either have no telemedicine parity laws or have several “artificial barriers” to parity.
Despite the ubiquity of smart phones, five states prohibit the use of “video phone” or “cell phone video” for telemedicine: Idaho, Missouri, New York, North Carolina and South Carolina. Idaho, North Carolina and South Carolina cover interactive audio-video, or videoconferencing, only. North Carolina requires a provider to be on premises with the patient and South Carolina requires a telepresenter — typically a nurse who is trained to use the technology — for all audio-video encounters. South Carolina also does not cover remote patient monitoring (RPM) for chronic disease management in the patient’s home.
“Artificial barriers” such as technology type — including RPM — are “harmful and counterproductive,” and prevent patients from being able to realize the benefits of telemedicine, the ATA said in its analysis.
You may be using your personal wearable fitness device, whether an Apple Watch or Fitbit, to simply track your fitness or how many steps you take in a day. However, it turns out that these personal wearable fitness devices are much more powerful and able to do more than most may think.
Recent research published in PLOS Biology discovered that wearables that continuously log information such as heart rate, skin temperature, and even oxygen saturation can help detect when someone is about to get sick.
Michael Snyder, a professor and chair of genetics at Stanford University and the senior author of the study published in PLOS Biology said in an article that his team was surprised that these wearable devices were effective in detecting the start of the flu or even Lyme disease.
The article explained that because these personal wearable fitness devices continuously track and monitor vital signs like heart rate it produces a dense set of data meaning that when abnormalities arise they stand out.
Over the course of two years, participants monitored their vital signs using personal wearable fitness devices, the article said, and one participant included the senior author of the study, Snyder himself.
Snyder said in the article that during that two-year period at one point the wearable device he wore detected marked changes in his heart rate and skin temperature that was different from his baseline. It turns out that after a test two weeks later he had contracted Lyme disease.
Snyder added in the article that he and his team are interested in exploring the role wearable technology can play in achieving personalized or precision medicine and genomics given its ability to detect illnesses. He pointed out that genomics and personalized medicine are really all about detecting and catching diseases early and he believes that wearable devices are set up to do just that.
Explore the aforementioned PLOS Biology research here.