News

The health system’s CEO said it is creating an innovation arm to improve the patient experience as well as post-acute and behavioral health services.

Two-thirds of healthcare organizations believe personalized medicine is already having a measurable effect on patient outcomes, according to a new survey. Even more, 75 percent, say it will impact their organizations over the next two years.

With the healthcare industry suddenly accounting for nearly 25 percent of all data breaches, a new study from The Brookings Institution suggests some new cybersecurity strategies are needed. Niam Yaraghi, a Brookings fellow, conducted in-depth interviews with 22 healthcare organizations – providers, payers and business associates – that had each experienced at least one  data breach. He found some things in common across them, and some differences. But his biggest takeaway was that guidance and enforcement from the federal government isn't doing enough to keep patient data safe, and that a more concerted private-sector strategy is needed to help ensure security best practices. In his report, "Hackers, phishers, and disappearing thumb drives: Lessons learned from major healthcare data breaches," Yaraghi offered a series of suggestions for both the HHS Office of Civil Rights and those working in the healthcare trenches. "Consider a simple office visit," he said. "In addition to the physician who sees the patient, it may involve an independent entity that facilitates the scheduling of the visit, an electronic medical records vendor that provides software and cloud storage for saving the doctor’s notes, a health information exchange platform that shares this data with other physicians, another party that creates the bill, the insurance company that pays for it, and sometimes a collecting agency that manages the patient’s late payments." That scale and complexity has left healthcare "uniquely vulnerable to privacy breaches." A host of other factors, from the value of detailed patient medical records – containing both medical and financial data – to hospitals' historic ill-preparedness, has led to healthcare earning the dubious distinction of being hackers' new favorite target. [Also: Status report: OCR's effort to guide HIPAA compliance in mobile health] "Government incentives led healthcare organizations to adopt electronic health records without being ready to adequately  invest in security technologies," said Yaraghi. "Privacy breaches used to have little to no effect on the revenue stream of healthcare organizations, and thus, they did not have strong economic incentives to invest in digital security and patient privacy." That's all changed now, of course: 23 percent of all data breaches happen in the healthcare industry, according to Brookings. Over the past six years, health records of more than 155 million Americans have potentially been exposed in whopping 1,500 separate breaches – the per-record cost of which is $363, the highest of all industries. The government isn't always helpful when it comes to addressing this all too vexing problem, the Brookings report argues. While HIPAA "is clear about the requirement to protect health data," for instance, "it does not specify how to do so and is open to interpretation," Yaraghi said. "HIPAA is also outdated and falls short of addressing modern cybersecurity challenges." After a breach happens, meanwhile, OCR initiates audits. "While one does not expect the organizations that were audited to have a positive view about OCR, most of them mentioned that the process is very punitive and contributes to organizations’ reluctance to share the details of breaches with peers," he added. "Furthermore, audits usually take more than two years and organizations incur significant legal fees during the process." As a potential way forward, Yaraghi offered some pointed suggestions to both the healthcare industry and the government. First and most obvious, health organizations must prioritize patient privacy. "In many of the interviewed organizations, privacy breaches could have been prevented had the organization spent enough on security technologies or diligently implemented and followed privacy policies," he said. "Healthcare organizations now have access to both the knowledge and technology that is required to ensure the privacy of their patients, and thus should use these resources to their fullest potential." He emphasized the acute need for better communication: "Information sharing about security technologies, privacy policies, and breach incidents should take place among healthcare organizations and also between healthcare organizations and federal agencies," Yaraghi said. And he touted the value of cyber insurance – not just as a protective mechanism for individual organizations, but as lever to help drive improvements in security practices industry-wide. Such an insurance market could "fundamentally improve how patient privacy is viewed and managed in the healthcare sector," he said. "To underwrite the privacy risk of healthcare organizations, cyber insurance companies will be willing and able to conduct timely and efficient audits and proactively manage their clients’ privacy protection efforts. Healthcare organizations will also have a direct economic incentive to reduce their cyber insurance premiums by addressing their security weaknesses and preventing privacy breaches." Sign up for the Healthcare IT News Privacy & Security Update newsletter. Meanwhile, Yaraghi had two key recommendations to the Office for Civil Rights. First, it should better communicate the details of breach incident audits, he said. 
"After a breach happens, OCR conducts a thorough investigation to identify its causes. Through these audits, OCR also ensures that the victim organization has put corrective and preventive policies in place to avoid future incidents. Although the lessons learned from each breach can prevent other similar incidents, OCR does not share the details of its investigations. OCR should provide detailed reports on how each breach happened, and how other healthcare organizations can avoid similar occurrences." Also, the government should get more specific about HIPAA – ideally establishing a "universal HIPAA certification system," said Yaraghi. "OCR should prevent more than it punishes," he said. "Although the audits that happen after a breach effectively reduce the chances of second incidents, they cannot prevent privacy breaches in the first place. Random audits that take place before a breach occurs will be helpful in preventing one. These random audits are currently conducted very rarely. OCR should accredit certification agencies that can conduct preventive audits in accordance with OCR standards and certify the compliant organizations." Twitter: @MikeMiliardHITN Email the writer: mike.miliard@himssmedia.com Like Healthcare IT News on Facebook and LinkedIn

A new survey of more than 1,500 women revealed that they frequently encounter obstacles that impact salary and career advancement, according to Women Who Code. Seventy five percent of jobs in the U.S. will require technology skills within the next decade, according to Women Who Code CEO Alaina Percival. “It’s imperative that the industry as a whole become a more welcoming and inclusive place for women who have been drastically underrepresented to date,” Percival said in a statement. “Providing women every available opportunity and resource to succeed is crucial – both for their well being and for the stability of the economy.” Highlighting challenges women face once they enter technology careers, the study also looked at what needs to be done to attract women to technology fields in the first place. Nearly 80 percent of women indicated flexible work hours as critical, and one in four respondents said flexible work hours was the most important factor when considering a career in tech. Half of all respondents, in fact, agreed that balancing their career and personal life is challenging. Women Who Code, a global nonprofit dedicated to inspiring women to excel in technology careers, conducted the research with developer training company Pluralsight. When asked to rank the biggest challenges in their careers, respondents listed lack of opportunities for advancement first, followed closely by lack of female role models and lack of mentorship at work. More than 60 percent of female leaders agreed or strongly agreed with the statement that having more women on their teams would be beneficial. Respondents also cited a lack of confidence and male-dominated work environments as top issues holding back their careers. And while 20 percent of respondents in their 20s and 30s aspire to a vice president or C-level position, more than 50 percent felt uncomfortable asking for a raise and nearly 50 percent felt uncomfortable asking for a promotion. What’s more, women in leadership roles reported being held back by male-dominated work environments at more than twice the rate of women in mid-level positions or below (19 percent vs. 8 percent), while nearly half of respondents ages 21-49 feel that male colleagues are more likely to get promoted than female colleagues. When it comes to salaries, the latest HIMSS Compensation Survey, released at the 2016 HIMSS Annual Conference and Exhibition, found big gaps between men and women holding positions with the same title in the healthcare IT field. Men, on average, earned $126,262, compared to $100,762 for women. Twitter: @Bernie_HITN Email the writer: bernie.monegain@himssmedia.com Like Healthcare IT News on Facebook and LinkedIn

In a deal with Bausch + Lomb, IBM announced a cloud-based app that helps cataract specialists plan and conduct surgeries.

Optum has partnered with Medecision and TriZetto to deliver a new platform for Medicaid Management Information Systems that brings features specifically for population health management. Called Optum Medicaid Management Services (OMMS), the new platform is available via a software-as-a-service (SaaS) and business process-as-a-service (BPaaS) model that incorporates Aerial, Medecision’s population health management tools, and TriZetto’s broad Medicaid claims and administrative platform named Facets. The Optum solution provides states with business services, such as Medicaid fee-for-service claims processing, care provider enrollment, call center activities and operations reporting; analytics and data warehousing services that can use data to help states identify needs across their population, focus resources accordingly to improve outcomes, and measure the performance of care providers, health plans and new state-managed programs to improve care; and health services such as wellness and care management programs to improve the health of Medicaid fee-for-service recipients. The companies said states that purchase services instead of setting systems requirements can benefit with shortened IT implementation period with less cost and reduced risk; more choices from proven commercial solutions; improved administrative operations; and access to new technologies and cloud-based approaches that help agencies operate more flexibly. Optum estimates that its SaaS approach could cut by as much as half the timeframe for new MMIS implementations, thereby significantly reducing the time and cost of implementation, and containing operational costs in both the short and long term. Traditionally, MMIS systems – which process Medicaid fee-for-service claims and managed care encounters, and provide reporting on the program – are formally certified by the Centers for Medicare and Medicaid Services. Such certification enables states to access enhanced matching federal funds at the rate of 90 percent for design, development and implementation, and 75 percent for operational expenses. The companies said that in conjunction with the launch of OMMS Optum has received certification from CMS as a Quality Improvement Organization (QIO)” entity, a designation that enables it to perform quality improvement initiatives, and review cases and analyze patterns of care related to quality measures and medical necessity. The QIO-like designation allows states to receive 75 percent federal matching funds when Optum performs these services. “The Optum solution is analogous to states purchasing the electricity they need rather than building the entire power plant,” Optum executive vice president Steve Larsen said in a statement. “Our state Medicaid clients have told us that traditional MMIS program administration approaches – now more than three decades old – needed upgrading to reflect the fast-paced environment and their broadened responsibilities under the Affordable Care Act.” Twitter: @HealthITNews Like Healthcare IT News on Facebook and LinkedIn

When Republican presidential hopeful Donald Trump accused his presumptive Democrat opponent, Hillary Clinton, of playing the 'woman's card'  in the race to the White House, it backfired. Clinton was the first to respond, unleashing many other retorts from both women and men – and an extra $2.4 million in campaign fundraising. "If fighting for women's health care and paid family leave and equal pay is playing the woman card, then deal me in!" Clinton shot back. One of our favorite commentaries came from Kirsty Styles, writing on thenextweb.com: Styles writes about a deck of cards in production now by a creative sister and brother team which is celebrating famous women, such as Harriet Tubman, Susan B. Anthony, Mary Cassatt and Beyonce. Clinton is the ace in this deck, which is due on the market in July. While enamored of the idea, in her column Styles points out that the Woman Card deck doesn’t reference any female tech innovators who've made America great. [See also: HIMSS compensation survey: Big salary gap between men, women healthcare pros.] Styles suggests three to get the creators of the card deck fired up for tech: Pioneering computer programmer Grace Hopper, Radia ‘don’t call me the Mother of the Internet’ Perlman and women in tech champion Anita Borg. Hmm, maybe someone should create a Women in Health IT card deck. Or maybe it’s enough with the cards already. New York Times columnist Nicholas Kristof writes in his April 30 column, "Trump Plays the Man's Card," that Trump is missing point. "This is the card that in the United States earns women just 92 cents to a male worker’s dollar, less than one-fifth of the seats in Congress, a bare 19 percent of corporate board seats, an assault every nine seconds — and free catcalls and condescension! Frankly, I’ll stick with my MasterCard," Kristof writes. That 92 percent earnings figure stands in contrast with the findings published in a HIMSS compensation survey released this past January. The HIMSS survey reveals that men, on average, earned $126,262, compared to $100,762 for women in the survey of 1,900 healthcare professionals that includes CEOs, CIOs, IT project managers, sales professionals and those with clinical titles such as CMIO and Clinical Systems Analyst. It means that women in health IT make about 80 percent of what men earn in the same positions. Twitter: @Bernie_HITN Email the writer: bernie.monegain@himssmedia.com

While accurate data on deaths associated with medical errors is lacking, it is estimated that between 210,000 and 400,000 people in the U.S. die every year because of medical errors, making medical errors the third biggest cause of death in the country after heart disease and cancer, a new study found. While human error can never be completely eliminated, better measurement of medical errors can mitigate the frequency, visibility and consequences of such errors, the study said. To remedy the problem of human error, hospitals should properly investigate patient deaths for potential contribution of error, and should include additional information on death certificates, according to “Medical error—The third leading cause of death in the U.S.,” a report from research firm The BMJ. Martin Makary and Michael Daniel at Johns Hopkins University School of Medicine in Baltimore noted that U.S. death certificates have no place for acknowledging medical error, and the academics call for better reporting to help understand the scale of the medical errors problem and how to tackle it, the BMJ report said. Currently, death certification depends on assigning an International Classification of Disease (ICD) code to the cause of death; thus, causes of death not associated with an ICD code, such as human and system factors, are not captured. As a result, accurate data on deaths associated with medical errors is lacking. Using studies from 1999 onward, and extrapolating to the total number of U.S. hospital admissions in 2013, Makary and Daniel calculated a mean rate of death from medical errors of 251,454 a year, the study said. They acknowledge that human error is inevitable, but say “although we cannot eliminate human error, we can better measure the problem to design safer systems mitigating its frequency, visibility and consequences,” according to the study. The Johns Hopkins experts believe strategies to reduce death from medical care should include three steps: Making errors more visible when they occur so their effects can be intercepted; having remedies at hand to rescue patients; and making errors less frequent by following principles that take human limitations into account, the study reported. For instance, instead of simply requiring cause of death, they suggest that death certificates could contain an extra field asking whether a preventable complication stemming from the patient’s medical care contributed to the death. Twitter: @SiwickiHealthIT Email the writer: bill.siwicki@himssmedia.com

IBM is making quantum computing available to the public, providing access to a platform from any desktop or mobile device via the IBM Cloud. It has implications for healthcare, where another supercomputer, IBMWatson, is already at work helping researchers and clinicians eradicate cancer, making sure the world’s population gets better sleep and sorting big data to boost genomics work and precision medicine. With IBM Quantum Experience, the new cloud-based platform unveiled today, users can create algorithms and run experiments, learn about quantum computing through tutorials and simulations and get inspired by the potential of a quantum computer. The goal, say IBM executives, is to make it easier for researchers and the scientific community to accelerate innovations. [See also: IBM Watson teams up with American Cancer Society to pit cognitive computing against cancer.] Today’s announcement comes days after Big Blue launched on April 29, secure blockchain services for healthcare, government and financial services on the IBM Cloud. Blockchain is the technology underpinning bitcoin, but IBM executives and others note that blockchain is much broader than bitcoin. "Clients tell us that one of the inhibitors of the adoption of blockchain is the concern about security," Jerry Cuomo, vice president, Blockchain, IBM, said in a statement. "While there’s a sense of urgency to pioneer blockchain for business, most organizations need help to define the ideal cloud environment that enables blockchain networks to run securely in the cloud." [See also: IBM Watson takes analytics prowess overseas: Supercomputer to work on big data and genomics in Italy.] Blockchain becomes more attractive wrapped in the new security framework IBM introduced on April 29 along with new blockchain services IBM’s quantum processor, IBM Quantum Experience, is housed at the IBM T.J. Watson Research Center in New York. A universal quantum computer can be programmed to perform any computing task and will be exponentially faster than classical computers for a number of important applications for science and business, according to IBM executives. “Quantum computing is becoming a reality and it will extend computation far beyond what is imaginable with today's computers," said Arvind Krishna, senior vice president and director, IBM Research, said in a statement. "This moment represents the birth of quantum cloud computing. By giving hands-on access to IBM's experimental quantum systems, the IBM Quantum Experience will make it easier for researchers and the scientific community to accelerate innovations in the quantum field, and help discover new applications for this technology." Twitter: @Bernie_HITN Email the writer: bernie.monegain@himssmedia.com      

Michael Kaiser on how healthcare organizations struggling to find great employees can guard against an array of new cyberthreats. And it begins with finding farm teams akin to ones that Major League Baseball teams use to cultivate players.