Tag Archives: EMR

Ransomware Healthcare

4 Steps for Fighting Ransomware in Healthcare

Malware is bad news for any venture, but healthcare seems particularly vulnerable.

Due to air-tight HIPAA regulations, a data breach or data loss by a healthcare facility costs more than just the ransom or the price of restoration. The fines for HIPAA breaches, just on their own, have been rising in price every year.

Studies from Cybersecurity Ventures show that the damage caused by ransomware was estimated at $8 billion in 2018. So how does a healthcare group or facility fight this rising tide? How can a hospital protect its medical computers systems, patient data, and bottom line?

What is Ransomware?

When a virus infects a computer system and makes either the whole system or just a part of it inaccessible, that’s ransomware.

The malicious software does this by essentially encrypting a portion of the victim’s hard drive so that it becomes inaccessible to the original user. Ransomware, true to the name, usually includes a message that the malware will hold the computer or data hostage until they’ve been paid a certain sum of cash (or, more accurately, bitcoin).

A variation of the practice is sometimes called “leakware,” where instead of locking away your files and selling them back to you, the program steals sensitive information and demands money in exchange for not releasing the data out into the world.

1. Limit Exposure to Ransomware

Step 1 of fighting ransomware is to not get infected by it. Sounds easy, of course, but the internet is a minefield of malware that brooks not the slightest slip in security.

In that case, the real step 1 of limiting exposure is training healthcare employees on how to handle emails. It seems a silly thing, but a doctor, nurse, or receptionist clicking the wrong email could compromise not only their PC, but every EMR computer, medical tablet, mobile device, and internet-connected device in the entire building (or further).

The “State of the Phish,” an annual report published by Proofpoint Security, found that in 2017, over 75% percent of organizations had been targeted by email phishing attacks. Phishing is the act of sending a seemingly-legitimate email from a business partner, bank, or other organization, in an attempt to trick employees into giving up personal information of their own volition. It doesn’t require an ounce of malicious software, just a clever hacker and an untrained employee.

Clinicians must be warned about proper email etiquette. Never open an attachment, if you can help it. Consider sharing files and PDFs through the proper encrypted cloud service instead. If you must open an attachment, only do so from a trusted source, and make sure you have an anti-virus program scan any downloaded files before opening them.

Also, Hackers can break into email accounts, and even spoof email addresses to appear to be someone they aren’t. If an email with an attachment from a trusted source feels suspect, it may be wise to call or text the individual who sent it to confirm that they really did.

2. Regulate Access to Medical Computer Systems

Once employees are trained we move on to step 2: limiting access to medical computers, file systems, and EMR programs by untrained individuals. If a section of hospital staff hasn’t been trained on these procedures, and in fact shouldn’t be accessing the medical computers in the first place, a strong security policy on computer access could further prevent damage from ransomware. It also lowers any potential HIPAA violations the hospital would otherwise be courting.

Passwords alone are seldom enough — they’re often broken, given away, or written down somewhere. Instead, make sure that all medical cart computers, tablets, and medical PCs on the network are locked down with two-factor authentication. Consider all-in-one medical PCs that come with RFID, Smart Card, and barcode readers built right into them to maximize security while minimizing unnecessary and cluttery peripherals.

3. Prevent the Spread of Ransomware

The third step for hospital administrators and HIT to take is to create a system where the spread of malware is much more difficult. That way, if one computer is infected with ransomware, it can’t necessarily grab everything on the entire network.  

Instead of a single network with a hard outer shell (ie, the firewall or other exterior security measures) and an entirely unprotected internal structure, a segmented network splits everything into many individual networks that have their own security measures.

Imagine the fire doors in a hospital, hotel, or large apartment building — in the event of a fire in the building, the fire doors seal automatically to contain the blaze to the smallest area it can. A segmented medical computer network performs the same function.

Most healthcare facilities (and other industries) put all of their connected gear on the same network — it’s much easier to manage for IT. However, do the computers in the billing department really need to be on the same network as the cart computers in the ICU or the medical tablets in the maternity ward?

Instead, considering separating all of the departments into their own separate networks to prevent any one room fire from burning down the whole building, so to speak. It’s a bit more work for IT, but it could pay huge dividends in the long run.

4. Restore Data After a Ransomware Attack

This is the step no one wants to think about, but the fact remains, sometimes the hackers get through. Sometimes ransomware can infect even the most secure network — all it takes is one clinician downloading something from the wrong site or opening the wrong email.

In the case of a successful attack, much of the damage caused by ransomware can be mitigated by a strong backup strategy. In the case of “leakware,” where sensitive information is stolen and threatened with public release, an encrypted cloud backup isn’t going to do much good. But in most ransomware cases, where the data is made inaccessible, a strong, redundant back-up policy may allow your HIT department a quick escape hatch.

Instead of trying to break the malware, figure out the encryption key, or paying the ransom, the IT department can simply nuke the affected medical computers right to the ground and then reimage them in minutes. Then, once the computer is verified clean and the operating system reinstalled, they can simply access the backup storage and return the computer to its old fighting weight.

Beating Ransomware Before the Fight Even Starts

To paraphrase an old saying, the best time to create a comprehensive ransomware strategy is yesterday. The second best time is right now.

Interested in increasing the security of your medical computer systems, and learning about medical computers and tablet that come with integrated security features like biometric scanners and RFID? Contact Cybernet today to learn more.

Healthcare Interoperability

A Beginner’s Guide to Healthcare Interoperability

There’s no denying that the newest trend in healthcare is the idea of “interoperability.” It’s the headline of every news story, and it’s on everyone’s lips coming out of HIMSS. But, it’s easy to gloss over it, to think of it as a new way to say “synergy” or “Big Data.”

What is Healthcare Interoperability?

However, the truth is interoperability is more than just the newest jargon — it’s another way to say “communication.” And as all healthcare clinicians know, communication is the most important element of treatment. The communication between the patient and the doctor, the communication between nurses and doctors changing shifts, and the communication between the various healthcare providers.

So, when the smartest folks in the healthcare industry push the importance of interoperability, what they’re really talking about is a way for patients’ records to be more accurate, more compatible, and more easily accessible.

But how can healthcare providers, hospitals, and doctor’s offices implement interoperability?

Find out how artificial intelligence, legislation, medical computers, and policy changes can all cooperate to create a more transparent (and cheaper) data sharing system.

Unifying the Health Record

You may have been told in high school that something is in danger of going “on your permanent record.” Well, as it turns out, there is no permanent record. Not for copying your friend’s homework, and not for medical records, either.

Each time the third nurse you’ve seen during a single visit has asked you for the fifth time if you’re allergic to anything, you know that EMRs need a serious overhaul. Luckily, there are systems in place to do just that.

Option 1: Embracing the blockchain. Combining one buzz word with another may sound worrisome, but blockchain can actually be a great potential road towards interoperability. What’s the main hurdle of interoperability? HIPAA regulations, and the very real fear that a patient’s digital file could be swiped or cracked by malicious parties during a transfer.

One of the main issues is that many health record files are stored in “read-only” formats to prevent tampering. However, read-only formats don’t play well with databases that needed to access the original file and pull categories out. This is done for protection, but it also creates format wars AND sucks a ton of time from admin, who has to transfer many of the data fields manually.

Blockchain, on the other hand, uses a distributed ledger, spread across multiple locations, to ensure that patient records cannot be accessed or altered by anyone but those authorized to do so. The data doesn’t have to be stored in “read-only,” because every attempt at tampering is foiled by blockchain’s tracking system. The data is encrypted, and even if somehow a malicious actor was able to break in, the entire system would register that the copies on every other computer connected to the blockchain don’t have the changes, registering the transaction as both fraudulent and easily traceable.

Change Healthcare has already implemented a blockchain network designed to streamline hospital processes with the ultimate goal being a “single point of truth.”

The “single point of truth” is really just another way of saying interoperability: if everyone is pulling patient data from ONE location, there’s no need for an array of conflicting file formats and record systems.

Option 2: Using open APIs. This is more on the programmer side of things, but if you’re trying to understand how to implement interoperability better, it’s good to know what you’re looking for.

An API is an “application programming interface,” and an open API is one that is designed from the ground up to facilitate sharing. It means that the processes underpinning a program (or app) are modular, and can share an abstracted version of the data. What this means in layman’s terms is that the open-API program can still share data with other programs without “giving up its secrets,” or releasing proprietary code to an outside source.

The idea is to combine accessibility with security, another key feature of any interoperability campaign. When shopping around for EMR programs, an open API should be high up on the list of priorities.

What is Healthcare Electronic Data Interchange?

Electronic Data Interchange, often abbreviated as “EDI,” defines a set of standards, technologies, file formats, and transmissions methods for moving sensitive data from one point to another.

Healthcare EDI is referring to those methods used specifically for transfers like medical records, payments, medication information, and the like from one EMR computer, medical tablet, or even mobile phone to another. Healthcare EDI must conform to HIPAA standards, of course,

Adhering to EDI standards has proven benefits. For one, security is increased, because the EDI standards are tried-and-true, and conform to HIPAA codes. Secondly, processing documents is ultimately cheaper: studies have shown that healthcare facilities saved anywhere from $1 to $2 dollars per claim just by switching to EDI. That may not seem like a lot at first blush, but considering the thousands of claims and documents pouring through the healthcare industry at any given time, the savings are quite significant.

The last benefit is to (surprise) interoperability. EDI sets a standard, and the more healthcare providers and facilities follow those standards, the more, well, standard they become. When everyone is on the same page, the book isn’t terribly hard to read.

According to Markets and Markets, the EDI market value will increase by over 1 billion dollars by 2022. This massive market penetration should have enormous benefit to any attempts at standardization as well.

Breaking Down Interoperability

When it comes to understanding and implementing interoperability, remember the key ingredients:

  • Hardware standardization: Avoid the format wars. Install long-lasting, compatible medical PCs and medical cart computers that can talk to each other.
  • EDI: Make sure your file formats and transmissions standards all fit the EDI recommendations.
  • Blockchain: Look into distributed ledgers to maximize security and accountability.
  • Open API: Invest in programs that are designed to be compatible and future-proof.

These are just a few of the starting places, so contact Cybernet today to learn more about medical hardware, compatibility, and EMR solutions.

Top Hospitals

What Makes a Top Hospital?

The truth is, there is no perfectly objective method to determine the “best hospital.”

But, there’s no denying that the highest ranked hospitals have a few qualities in common: innovation, patient care, and communication above everything else.

But how do they do it? How can we apply those lessons to hospitals around the world?

Embracing Innovation

Unsurprisingly, innovation and a willingness to adopt new technology rank high on the list.

It isn’t always about money, either. It’s about the hospitals that aren’t afraid to shake up existing processes, to educate the staff and deploy new tools to the best possible use.

Adopting Agile Hardware

Health professionals and clinicians everywhere are on their feet for days at a time, racing from room to room. As computer systems and EHR invade every inch of medical life, there simply isn’t always time to sit at a desktop computer.

Some hospitals have embraced mobile technology like medical tablets. Modern medical tablets are small, portable, and some come with hot-swappable batteries — meaning they can be in constant operation without having to sit and charge for a portion of the day. They also can be equipped with built-in barcode, RFID, and smart card scanners, removing a lot of the peripherals clogging up computer carts.

Blockchain

One of the keys of innovation is vision — as hockey legend Wayne Gretzky put it, “don’t look where the puck is. Look where the puck is going.” When it comes to data protection sharing, the proverbial puck is heading toward distributed ledgers like blockchain.

In short, blockchain democratizes information, protecting it by sharing an encrypted version of a particular file or database across hundreds or thousands of other computers on the chain. For healthcare applications, the security and accountability of blockchain make it difficult for hackers to penetrate, or for unintentional leaks to occur.

Blockchain also has fantastic applicability in drug tracking, which is required by law after the “Drug Supply Chain Security” act of 2013. And since every transaction in the shared database is constantly checked against the same copy stored on multiple servers, illegally altering the drug inventory for nefarious purposes is basically impossible.   

Interoperability

Hospitals and healthcare are heavily burdened by the twin chains of high stakes and the ensuing regulation that comes with such an important responsibility.

But, like all complex endeavors, communication is key. And not just communication between management and staff, or staff and patients — though that’s important too — but also among the hardware and software that has become ubiquitous in medical practices.

EHR Software Blues

EHR systems don’t always play nice with others, with many software companies making it actively difficult to communicate with competitor software. This is why top hospitals, and those striving to avoid these pitfalls, embrace emergent technology.

The way forward isn’t exactly clear: even Trinity Health reported a 100 million dollar fee for switching to a more unified EHR system. However, more popular EHR systems like Epic — and the medical computers with built-in Epic compatibility — have a wider reach and more options for inter-hospital communication.

Improved Patient Outcomes

Top hospitals all have one thing in common, and it’s both the most important and least-surprising component: patient quality of care, patient satisfaction, and patient outcomes.

It’s unhelpful to say “the best hospitals are the ones that have the healthiest patients.” It’s more important to dive into why these patients go home happier and healthier.

Never Too Much Information

Top hospitals do keep a weather eye on feedback and metrics.

If patient outcomes take a dip, smart administrators will research all of the changes to the hospital up to a few months before the drop. A strong system of data — perhaps stored on the blockchain mentioned earlier and accessible by any connected medical PC — can allow admin to cross-check contributing factors like management changes, new hires, equipment installation / loss, season, new epidemics, and even economic or political changes in the area.

As Sherlock Holmes would say: “Data, data, data.” You can’t make bricks without clay.

Ask the Patients

Patient care and patient outcomes go hand-in-hand, which is why user surveys are so important to top-level hospitals.

There are three great times for administering patient satisfaction surveys: when they are discharged, on the patient portal afterward, and in-room during care. While discharge and portal surveys are best left in written or digital form, a quick in-person check can provide emotional context clues.

Some hospitals have a staff manager make a quick round with every patient, asking them something simple like “how was the food?”, “were your medications explained well?” and/or “were your needs met in a timely manner?” Consider including one of your common pain points in the survey. If your hospital has been receiving negative feedback about patients feeling like they aren’t being given options, ask the current patient if they feel that way.

This in-person survey answers can either be jotted down on a clipboard by the staff member, or inputted into a medical tablet or nearby medical computer.

Patient Engagement

Studies have shown that an engaged patient is an attentive patient, one who takes responsibility for their own healthcare.

They participate as a member of the medical team, especially when given the education and support by the hospital or healthcare provider.

Improving Patient Portals

Top hospitals and healthcare providers have online patient portals, a place for patients to make and manage appointments (at a minimum). However, top facilities push even further, creating a one-stop-shop for patient education and communication.

The best portals allow patients to pursue educational videos and programs based on their conditions — if a patient is undergoing a vasectomy, for instance, a flag in the system sends the appropriate videos, statistics, and study materials to the patient’s inbox.

Consider offering voluntary quizzes or “refreshers” where the patient can demonstrate and cement their knowledge of their condition or upcoming procedure.

The Human Touch

Engagement in person is just as important.

Clinicians need to be trained to present diagnoses and treatment options in layman’s terms, verifying every step of the way that the patient is synthesizing the information and not just nodding and smiling. Ask them what they know about their condition already, and use this opportunity to (gently) correct them if they are under false impressions.

If there are any available, accessible education videos or visual aids you could show the patient on something like a medical LCD monitor, that will only help them retain information.

In performing these “educational checks,” the top hospitals in the United States (and the world) help patients make the most of their treatment, and reduce the kind of misconceptions and errors that end up putting patients right back in the hospital.

Community Importance / Engagement

While medical care will always be of primary importance, top hospitals have expanded beyond the patient’s room and out into the community.

Food insecurity has a devastating effect on patient success and long-term health, both physically and mentally. The higher-ranking hospitals usually have some kind of food bank or pantry program to help feed underprivileged members of the community. It isn’t just about charity — though that is a noble goal — it’s a natural extension of a hospital’s function. Malnutrition — especially at a young age — can lead to a host of health problems later in life.

Hospitals that provide safe playgrounds, libraries, or indoor play-spaces for community children are most effective in low-income or high-crime areas. A study by the Department of Criminal Justice at Temple University found that crime increased markedly around parks, with some areas displaying crime statistics twice as high in the park as in surrounding environs.

And since children are the most common users of park playgrounds, well-meaning attempts to have fun and get some exercise could end up exposing the most at-risk children to unhealthy experiences. Safe and supervised hospital playground spaces mitigate that damage, providing a safe space for neighborhood children to play and thrive.

Reaching and engaging the community can provide a kind of pre-emptive healthcare, giving those in need the tools and education necessary to live a long and healthy life.

Common Factors

When it comes to examining why top hospitals are so effective and laudable, it’s a smart idea to also take a look at possible contributing factors.

While the following factors may not necessarily land on this side of the causation/correlation loop, the stats don’t lie, and these factors do seem disproportionately common in higher-scoring hospitals.

The Power of Teaching Hospitals

While many might shy away from getting their haircut at a barber college, it turns out that healthcare at a teaching hospital tends to rank higher.

They even have lower mortality rates: a study posted on PubMed found that “private teaching hospitals had a significantly lower adjusted mortality rate than private nonteaching hospitals,” with an 8-point increase in survival rates for the teaching hospitals.

Some believe that since both the teachers and students are on their best behavior, and are under such stringent regulations and supervision that their care may be similarly elevated.

More experimental or rare medical procedures are often only available at teaching hospitals, allowing student doctors to experience a wide variety of solutions like bone marrow transplants and other specialized surgeries. This could explain some of the higher patient outcomes coming out of a teaching hospital — many patients who need difficult procedures end up receiving them at these educational hospitals.  

Size Doesn’t Matter

Large hospitals may have the benefit of resources, but they don’t always score higher based off size alone.

In the 2016 “100 Great Hospitals in America” listing by Becker Hospital Review, only 15% of their top-level hospitals had over 1,000 beds. And while every other hospital on the list wasn’t necessarily a three-bed hospice, it does show that “biggest guns” may not be as important to patient outcome as one would believe at first blush.

A Pinch of Salt

Remember to take hospital ratings with a healthy dose of skepticism — hospitals are simply too complicated to be easily graded. And, doing well on reviews might mean that the hospital is just good at the paperwork required by reviewing bodies.

However, the basic tenets of patient care, innovation, and communication will always hold out over the ratings on a medical blog.

To learn more about integrating the latest medical computers and how they can streamline processes in a hospital, contact Cybernet today.

blockchain healthcare data security

Is Blockchain Right for Healthcare?

You may have heard that blockchain is “the next big thing.” And while “next big things” seem to rain from the sky in the tech world, there may be some truth in this particular case.

Blockchain came on the scene in 2008, the brainchild of a still-anonymous person or team of people called “Satoshi Nakamoto.” Despite these tantalizingly mysterious origins, blockchain is well understood and implemented as a distributed ledger to both protect and disseminate important information.

But how does this apply to healthcare?

Does blockchain really have the opportunity to upend how medical computers, EMR, and even clinical studies operate?

What is Blockchain?

The “block” portion of “blockchain” refers to encrypted vaults of information, while the “chain” refers to the connections with other, similar blocks of data.

Blockchain, at its heart, is a way to safeguard digital data by sharing it with thousands of users simultaneously.

The basic idea is that blockchain keeps data safe by keeping it encrypted and redundant, not unlike how iCloud or Dropbox protects files by storing them in multiple locations.

The data is difficult if not impossible to corrupt, because it’s being compared with the same version of the file hosted on every other computer connected to the block. And this checking occurs nonstop, confirming the authenticity of each alteration and transaction.

This is where the term “distributed ledger” comes into the equation. Since everyone can see the changes and transactions done to any data in the block — and who made those changes —  the ledger is secure. It’s like having your own team of perfect, robot accountants auditing your EMR computer hundreds of times a day.

Why is Blockchain Needed in Healthcare?

Primarily, blockchain can help healthcare providers avoid the avalanche of HIPAA violations that have fallen on the industry as of late.

The number of breaches appears to be growing, and with it the price tag of the fines being levied. In 2014, Columbia University and New York Presbyterian Hospital settled a fine for a data breach to the tune of 4.8 million dollars, which at the time was the highest fine ever handed out.

In 2017, Memorial Healthcare System, a Florida-based healthcare group, suffered a data breach that compromised over 115,000 patient and staff records. They were forced to pay a $5.5 million settlement.

But in 2018, Anthem, one of the largest healthcare groups in the world, forked over a record-obliterating 16 million dollars in fines after 78.8 million member records were compromised by hackers.

Either hackers are becoming more adept, IT systems are falling behind, or the amount of digital information in unsecured storage has increased. In all likelihood, all three of these factors are responsible for the rise in both data breaches and ensuing fines.

Since laws and regulations around the country — and indeed, around the world — are only forcing more patient data to be digitized and shared, there’s only one way to securely move forward and protect both patient information and hospital liability: an encrypted, incorruptible distributed ledger like blockchain, with access availability right on the nearest medical cart computer in any exam or patient room?

Implementing Blockchain

Integration with EMR systems and EMR computers is priority one.

As it stands, many healthcare groups are on different EMR programs and standards, making transfer of medical data difficult. This transfer is also a common breach point for hackers and data thieves.

Electronic Medical Records

Unsecured transfer of data is an easy target, which is what makes blockchain so useful. Because data is encrypted, copied, and stored on every computer in the block, there’s no transfer to scoop up. There’s no single vulnerable point that can be hit by DDoS attacks or corrupted by a virus.

The implications of a secure, incorruptible system for electronic medical records point to a potential sea-change in how data is stored. Imagine storing patient consent forms like organ donor consent, living wills, and DNR directives, all easily accessible by the authorized users. Double down on security with a medical computer equipped with two-factor authentication like a smartcard (or RFID, or biometric) scanner and a quick pin code.

That’s a one-two punch of security that can make HIPAA compliance a breeze.

Clinical Trial Data

There are other, far-reaching uses for both secure and easily-accessible data. Clinical trials and medical studies, for instance, are often made difficult by the logistical issues of having to store and collate a wealth of data. In the case of multiple parties contributing to a trial or study, the problem is only compounded.

Then add in that clinicians often to have de-identify the patients in the trials (but also have the ability to re-identify them for implementation or health reasons), and you’ve got a multi-headed hydra of potential data breaches.

Storing clinical study data on a blockchain is a perfect use of the technology and something that health giants like Pfizer and Amgen are already considering.

Blockchain for Preventing Fraud

Of course, not all theft comes in the form of hacking. Both insurance fraud and drug fraud cost hospitals (and sometimes patients) millions of dollars a year.

Preventing Health Insurance Fraud

In 2014, there were 2.3 million cases of medical identity theft, and the number has only been rising ever since.

This identity theft was usually for the purposes of either scoring prescription drugs or for using a patient’s insurance for “free” medical procedures.

This particular form of fraud is particularly devastating because it affects patients and healthcare providers alike, both of whom can have their reputations and finances irreparably damaged.

And, even worse, if the thief does receive treatment, their information (blood type, risk factors, allergies, even diagnoses) can get mingled with the actual patient. If this happens, it could cause incorrect diagnoses, medication complications, or the infusion of incorrectly-typed blood which can seriously injure or even kill someone.

There are even other potential consequences of medical identity theft: a Utah woman, Anndorie Cromar, was nearly arrested (and almost had her children taken away) when an identity thief used her insurance to pay for maternal services. The thief’s baby tested positive for drugs, and since the name on the birth certificate was “Anndorie Cromar,” police and Child Protective Services descended quickly on the wrong person.

The mix-up was eventually sorted out, but not without money, frustration, and what turned out to be the scare of Cromar’s life.

Blockchain technology can mitigate some of the issues — the patient can have an encrypted ID vault on the block, one that the provider can use to make sure that the person standing in front of them is the real policyholder (or the policy holder’s authorized dependents or partner). This ID vault could contain a picture, all ID paperwork, and even biometric data depending on consent and regulations.

Then, the clinician need only check the data against the patient in front of them to prevent most forms of health insurance fraud. They don’t even need to be sitting at a computer — they could grab a nearby medical tablet and pull up the data then and there.

Tracking Drugs and Eliminating Counterfeits

The nature of blockchain’s distributed ledger is a perfect match for inventory and drug-tracking all throughout the supply chain.

The “Drug Supply Chain Security” act, established in 2013, mandates electronic drug tracking in the United States. A secure solution like blockchain is practically custom-built for verifying drug transactions, authenticating barcodes, and keeping every step of the shipping and use chain fully recorded and protected from illegal tampering.

Medical computers with integrated barcode scanners streamline the process. If you already have a USB-powered barcode scanner, medical panel PCs are capable of powering those peripherals on their own, just from the built-in batteries of the PC itself.

Those same medical PCs can also come with built-in two-factor authentication, making them compatible with the SUPPORT bill and a vital tool in combating the opioid crisis.

Combining Blockchain and Healthcare

Blockchain isn’t a perfect panacea to cure all data security problems forever, but its secure, incorruptible nature (combined with staff education and good network hygiene) makes it an excellent solution to many of healthcare’s current data-handling issues.

To learn more about integrating blockchain with EMR and secure medical computers, contact Cybernet today.

How Technology Prevents HIPAA Violations

HIPAA violations are growing in number and cost, and have affected medical facilities of all sizes.

While training and vigilance on the part of administrators and staff is a vital component to HIPAA compliance, the right technology can turn an open book into a bank vault. From secure medical grade all-in-one computers to software to online tools, here are some of the best ways technology is making ePHI (electronic protected health information) more secure.

HIPAA violations and costly fines don’t have to be an inevitability.

How Bad is It?

HIPAA violations and fines are practically raining from the sky. 2018 saw significant data breaches, some that affected millions of patients.

In January of 2018, it was revealed that the data of 30,000 patients was stolen by hackers from Florida Medicaid when an employee fell for a phishing email.

Also in January, a medical group in New York had a record breach that had nothing to do with malicious intent. A misconfigured database with an unsecured port accidentally exposed the data of 42,000 people to anyone who stumbled across it. Social security numbers, patient notes, and even names of family members were all up for grabs.

In April, the Center of Orthopaedic Specialists in California got hit by ransomware that may have exposed 85,000 patient records to hackers. In September, three hospitals settled a $1 million dollar fine for potentially compromising patient privacy while they were filming a documentary for ABC.

And, of course, Anthem paid a record-breaking $16 million in fines and violation settlements for a breach that affected 79 million patients. They were given a hefty penalty for not only the breach itself, but for failing to implement adequate access controls, not conducting a risk analysis before it happened, and for not regularly reviewing system activity to keep an eye on red flags.

Almost all of these breaches could have been prevented or mitigated by better technology, more robust security software, and improved employee education.

Online Training Programs Can Educate Staff Members

Hacking is a multi-headed hydra that is more than just ransomware and worms. “Social engineering” describes all of the methods deployed by hackers to gain access to secure systems from regular people in an organization.

Social engineering tactics can vary wildly, from dressing like an electrician to get access to a sensitive area, to calling up an employee and pretending to be an IT tech who needs their information, or even just employing a malware program that requires a victim to click, open, download, or install something they shouldn’t have.

Consider enrolling staff members into an online HIPAA compliance course, or a general data security training program. If you’re afraid of employees falling asleep during a dry infosec video, try SecurED, a data security training course that was actually written in part by Hollywood comedy writers.

And if you want the real skinny from an expert, world-famous hacker Kevin Mitnick actually created his own security awareness training to help illuminate the best techniques for avoiding malicious software and social engineering.

Install Security Software on All Devices

Cloud storage attached to medical all-in-one computers, medical tablets, and personal devices must be encrypted. Any messages, data, or images that back up to a cloud service are just as susceptible to interception as messages sent from one user to another.

Dropbox, OneDrive, and Google Drive aren’t automatically encrypted, and expose a weak point in any system. The solution isn’t to stop using cloud services — backing up data has never been more important — but to instead use a secure cloud storage program like Sookasa to encrypt files before they enter a cloud storage folder.

It also may be wise to consider HIPAA compliance tracking software like HIPAATrek. This software, and other brands like it, create a one-stop-shop for all current HIPAA regulations, training, assessments, risk analysis surveys, checklists, and a whole host of compliance tools to keep any medical facility in the green and out of the fast-growing list of HIPAA horror stories.

Secure Accounts with Two-Factor Authentication

A single password and login for staff members aren’t sufficient for sensitive accounts. Passwords can be guessed, cracked, or collected fairly easily, especially if employees aren’t maintaining proper password etiquette.

Two-factor authentication is recommended by all security professionals at this point, and a failure to do so could have dire consequences for any organization under HIPAA authority.

Smart cards, custom RFID tags, and biometric scanners can provide the physical authentication, while a PIN or password can be used in conjunction to add an extra layer of security. Medical all-in-one computers or medical tablets with built-in RFID and biometric scanners are highly recommended for this purpose because they are far more reliable than a USB scanner plugged into an off-the-shelf office computer.

Plus, USB readers are portable and have a tendency to get lost or disappear. Misplacing an integrated medical panel PC is slightly more difficult.

Only Use Messaging Software with HIPAA Associate Agreements

Texting and easy picture-sharing have completely changed the way our society communicates, even in the workplace.

However, HIPAA’s security standards mean that doctors and nurses can’t be as free as the general populace. While texting a coworker a question might seem innocuous, it can lead to breached confidentiality and a hefty fine if it contains patient details. Ditto for sending pictures — getting a second opinion from another nurse about a suppurating wound isn’t a bad idea in theory, but may, in fact, be a violation of HIPAA standards.

For workplace communication, make sure work devices are installed with encrypted messaging software from a HIPAA associate. If your practice is using a BYOD policy, make sure those devices have the same level of encryption. Or, it may be a wise idea to abandon a BYOD policy altogether — they’ve been shown to invite massive security breaches.

A messaging app made by a business under a HIPAA associate agreement is certified to provide the necessary security to meet HIPAA standards.

There are quite a few HIPAA compliant texting apps, like TigerConnect and OhMD, that can make a major difference in cybersecurity. Many of these apps, or similar email encryption programs (like Barracuda or Virtru ) can also be installed on medical tablets and medical all-in-one computers, creating an easy, encrypted communication system for any facility.

Don’t Forget the Real World

Consider those hospitals fined for filming a documentary — not all patient confidentiality breaches come from computer hackers.

Even something as simple as the placement of a computer screen or patient monitor can have HIPAA implications. Medical all-in-one computers with built-in privacy screens can reduce the angle where a monitor is readable, while a computer on wheels can be rotated away from prying eyes.

Cameras and video recording are obviously off-limits, but sometimes staff can be tempted by the social media machine in their pocket. A perfectly harmless photo from the wrong angle can unknowingly capture sensitive information on a chart, or the face of a patient in the background.

Of course, a malicious low-tech data thief could also snap a quick picture of sensitive information while a doctor’s back is turned.

Technology can help, of course, but common sense is even more important. Keep an eye on your surroundings, especially when viewing ePHI, to maintain maximum data security.

Employ and Document Digital Security Methods Today

A three-pronged approach of education, technology, and vigilance should hopefully keep any doctor’s office, hospital, or clinic away from major HIPAA violations. Even should a lax staff member cause a breach, a thorough and documented history of implementing all of these techniques should also lower the culpability and any potential fines for the organization.

Contact Cybernet today to learn more about medical all-in-one computers and medical tablets with built-in two-factor authentication, Imprivata single-sign-on compatibility, and built-in privacy screens.

 

How Medical Computers can Help Combat the Opioid Crisis

Prescription opioids have been in the news quite a bit lately. Congress just recently passed sweeping legislation, commonly known as the SUPPORT bill, to help combat the opioid epidemic that has been on the rise the past several years. According to studies done by the National Institute on Drug Abuse, 115 people per day are dying from opioid abuse. Overdoses have been on a steady rise throughout the country the past several years.

The legislation provides funding for non-opioid painkiller research, funding for addiction treatment programs, as well as reforms for how prescriptions are given and tracked. While these measure are widely praised by medical experts, as well as both political parties as a great step in the right direction, there are still several present day challenges that need to be overcome.

Imprivata and DigiCert Lead the Charge in Electronic Prescription Technology

Because opioid painkillers are considered a controlled substance, physicians traditionally haven’t been allowed to prescribe these medications electronically unless they met certain federal guidelines. Unfortunately, paper prescriptions can be doctored and patients often engaged in “doctor shopping” to fill multiple prescriptions for the same medication. This exacerbated the opioid crisis.

In 2010 the DEA passed the Electronic Prescribing for Controlled Substances (EPCS) guidelines, which has been a game changer. Any practitioner that met EPCS guidelines could electronically prescribe opioid painkillers. What this does is help secure prescriptions, as they go directly from the doctor to the pharmacy. It also creates an audit trail of who is prescribing these medications, as well creating an audit trail for patient behavior making it more difficult for addicts to doctor shop trying to get multiple prescriptions for the same ailments.

One of the key guidelines for a healthcare practitioner to become EPCS compliant is to have two factor authentication set up in their EHR or prescription system. That’s where Imprivata and DigiCert have stepped in. Imprivata is a healthcare-focused security firm that specializes in single sign on technology for healthcare facilities. DigiCert is an SSL certificate authority. The two companies have teamed up to create an automated identity proofing process called Imprivata Confirmed ID, that makes compliance with the FDA’s EPCS program much easier to attain.

Unfortunately, Healthcare Facilities are Lagging Behind

Following the passage of EPCS, pharmacies were quick to adopt best practices in order to be compliant. According to a survey conducted by Tableau in October of 2018, 95% of commercial pharmacies nationwide are EPCS enabled. By comparison, only 30% of prescribers nationwide are EPCS enabled. This massive gap is slowing down efforts to combat the opioid epidemic.

Thankfully things are changing for the better. Currently 13 states have passed laws to mandate EPCS compliance. In addition, the SUPPORT bill mandates EPCS compliance for all Medicare Part D prescriptions by 2021. This should help close the gap between prescribers and pharmacies.

How Can Healthcare Facilities and Doctor’s Offices Gain Compliance?

Two factor authentication is the key to EPCS. Medical grade computers and medical grade tablets with integrated RFID readers, barcode scanners and smart card readers are already set up to be Imprivata certified, which is a major advantage over commercial grade computers that don’t offer these features. Because these units are already Imprivata compliant, falling in line with the Confirm ID process should be much easier. The two factor authentication ensures that only the prescribing physician can log into an approved EMR application and send an opioid prescription to a pharmacy. Without this, compliance with EPCS is impossible.

At Cybernet, all of our medical grade computers and tablets are engineered to have optional two-factor authentication features integrated directly into the device. We only use Imprivata certified components, ensuring a smooth transition to an EPCS enabled solution. For more questions, you can contact us here.

patient engagement technology and medical tablets

EHR and it’s Evolution into CHR: A Critical Look at Cutting-Edge Technology in Healthcare

Epic CEO, Judy Faulker, recently expressed her view how Electronic Health Records are evolving into Comprehensive Health Records—a term that evaluates more than just a specific window of sampling an individual’s health from doctor visits. CHR is a term that may be invented as the new EHR, incorporating more data and analysis of a patient that stems from their in-clinic or hospital visits and their time outside of a medical facility too. Foraging into a new technology frontier that implies a near-constant evaluation of a person’s well-being may sound like an answer that physicians have been looking for, but anyone who is ever a patient (all of us) could be under the scrutiny of patient tracking technology that could be always on, always tracking. Yes, the benefit is physicians can understand the entire gamut of a patient’s health by seeing comprehensive snapshots of activity from day to day, but do the costs outweigh the benefits? Are we already in the pathway of the “Big Data” steamroller? Let’s take a critical look.

Are We Already Headed Down this Path?

Many individuals are already familiar with utilizing in-home tracking devices and food intake monitoring, so the “at home” concept of tracking health isn’t new. Wearable fitness trackers coupled with diet and exercise apps are near ubiquitous in society today. There are also several medical grade devices like blood sampling devices or blood pressure monitors to see how trackable vitals are measured outside of the doctor’s office and clinics. But now that CHR is becoming a reality for EHR corporations, there are implications to consider about how this data would be collected into a central repository. If CHR will incorporate the data from consumer-grade devices into an EMR system, how will this data transfer occur? Would EHR software developers have to build integrations for the hundreds of various fitness apps and wearables that are available on the consumer market.  Would we need to entrust app developers and wearable manufacturers with the responsibility of building those integrations? We could see EHR software developers create their own consumer apps and wearables, but that raises even more questions. Would software developers even want to enter the arena of app development and medical device manufacturing? And if they did, how do get a patient to willingly utilize something they may not want to?

CHR and Big Data: How Accurate is the Information?

A patient may be under the scrutiny of a doctor for monitoring their food intake for diabetes, and it’s likely a common thing some individuals may “cheat” on their diet—maybe someone once logged a dinner of chicken and vegetables when instead they indulged a large burger and fries. That second iced mocha of the day might get “forgotten” when it comes time to update their food log. The same propensity to “cheat” when recording time spent at the gym lifting weights, or doing yoga can creep in if we are entrusting the patient to log their own activity. So manual input data needs to be examined and taken lightly if it’s to be wrapped into CHR. Plus, there’s the question of accuracy of wearable devices—many aren’t as devices used in hospitals, clinics and doctors offices. How accurate is a pedometer? How accurate is a sleep tracking device you can purchase off the shelf? Can that be incorporated into a medical health profile? And furthermore, even if the comprehensive data is used for analysis for health, can that be considered an invasion of privacy?

Is the CHR Data Secure Enough?

With potentially thousands of different devices tracking different variables such as food intake, steps taken, heart rate, and other measurable factors, there’s a concern of how all that data might be transferred to EMR systems. Since hospitals have begun implementing BYOD practices among their staff, securing has become a massive point of concern. Medical grade computers are specifically designed with a number of privacy safeguards built into them to protect patient data. Now imagine the security risks if data is being transferred from millions of unsecured consumer devices. We’ve discussed at length in the past that patient medical records are even more valuable on the black market than an individual’s financial data. Now you have to consider millions of new vulnerabilities for hackers to try and exploit. So how would a transfer happen? Wireless transfer? Patient web portals? If CHR is to incorporate an unknown breadth of data, will HIPAA laws need to be rewritten to account for vulnerabilities that can’t be controlled by a healthcare facility or a doctor’s office?

CHR Data and the Implications of Insurance

Insurance companies evaluate a patient’s medical history gauge what their premiums should be. It’s a given that if someone smokes, healthcare is more expensive for them. If we are to enter a new era of healthcare data, can insurance companies utilize more comprehensive methods of evaluating someone’s health? If a patient claims that they run three times a week, and yet their pedometer shows no activity outside of walking, will that reflect on their bill? How far does the willingness go to track aspects of someone’s life? CHR is prepped to track not only how we treat ourselves, but our social lives too. Will all these medical and social effects on our well-being be reflected in insurance companies and their premiums? While the intent of CHR would be to compile the most comprehensive view of an individuals health, the information could very easily be used to create more “high risk” pools by insurance companies, and could even price some users out of the market completely.

These are just a handful of questions to ask as the encroaching concept of CHR starts to hit EMR companies. They’re evolving, perhaps for the better of our lives and health, but there are strong implications of privacy, accuracy, security, and unfortunately impact on wallets too. For now, EMR systems have not yet seen that evolution, and quite frankly they shouldn’t until these questions are answered. We’d love to hear your thoughts as well. Please comment below and let us know what you think about CHR.


 

Electronic Medical Records (EMR) and Tablet PCs

Physicians are very busy in any healthcare setting. They go from room to room without a moment to spare. Patients can end up waiting for hours. How much of a relief would it be if they had a piece of technology that could save one hour per day amidst the chaos? Tablet PCs do that and so much more!

Electronic Medical Records (EMR) can be easily and quickly accessed with Tablet PCs. An electronic solution for physicians’ patient charts is now right at their fingertips, and the palm of their hands. Best of all, the benefits far outweigh the costs of using Tablet PCs for EMR.

Read on to find out the functions and benefits of using medical-grade Tablets PCs for EMR:

Tablet PCs are Small and Portable

Tablet PCs are light and easy to carry around. When physicians are on the run, they can simply grab the tablet and get going. Some will fit perfectly into the pocket of a lab coat. Tablet PCs come equipped with built-in wireless networking. A Tablet PC that is connected to a wireless network can send or receive date from the EMR software in real time.  In a physician office setting, the wireless network is heavily used so it is very important to pick a Tablet PC with good wireless capabilities.

Tablet PCs Have a Stylus Digitizer Pen

Tablet PCs are an all-in-one solution. They even provide a way to write your signature! Signatures that are as detailed as handwritten text are captured digitally with a special pen. Physicians can quickly and easily sign for prescriptions and other important documents on the go. In addition, handwriting can be converted into text to make documentation and note taking easy and very convenient.

Tablet PCs Provide Barcode Scanning

In hospitals, the safest way to administer medication to a patient is with barcode scanning. Ensuring the right medication is being given to the right patient and at the right time should be the goal of any hospital. One medical error could result in significant cost so even one error will easily pay for the barcode scanning solution. If a medical error is severe, a hospital stay could be necessary and cost thousands of dollars. And there’s no price tag if an error leads to the loss of someone’s life.

Tablet PCs that have barcode scanning allow physicians to quickly access medical records to find out history, allergic reactions and drug interactions. They can then scan barcodes on medications and the wristbands of patients, providing convenient and error-free care.

Tablet PCs are Hygienic

A Tablet PC that is coated with a medical-grade antimicrobial substance will minimize the spread of pathogens and make it possible to use liquid disinfectants. The Center for Disease Control and Prevention (CDC) recommends that medical facilities disinfect medical equipment, including PCs, with liquid cleaners. A medical-grade Tablet PC follows CDC guidelines, ensuring a more hygienic environment.

Tablet PCs Help Streamline Workflow

With a Tablet PC, medical professionals don’t have to switch from a Tablet to a PC to finish projects. Its docking station provides a power supply and extra ports to attach a mouse and keyboard. There may even be a mount that turns the tablet into a display for presentations or easy viewing of EMR. These functions make transitioning to the next step in care very easy and help streamline the workflow of the healthcare setting.

Tablet PCs Lead to Better Patient Care

Tablet PCs provide physicians with an endless amount of information right at their fingertips. This translates into better patient care because the physician can access a more complete patient record immediately. They can access the latest up-to-date research, medication databases to aid in prescribing medications, and send prescriptions or lab requests electronically using an error-free and more secure method of transmission.  Additionally, documenting can be done at the point of encounter, saving the time of going back and forth to another room in which EMR is stored.

Above all, patient safety and health is always the priority and can be achieved more efficiently with the use of a Tablet PC.

A recent study shows tablet PCs with EMR enhance clinical routine and promote bedside time. Results indicated increased productivity, enhanced data access, improved patient–physician interaction and workflow, and optimized patient outcome. With all the benefits of Tablet PCs, it’s apparent they are the premier choice for EMR.

Information on medical-grade Tablet PCs for EMR:

https://www.cybernetman.com/en/medical-tablet