7- DATA, DATA,& MORE DATA IN HEALTHCARE by PHARMAGEEK
278.6K views | +8 today
Follow
7- DATA, DATA,& MORE DATA IN HEALTHCARE by PHARMAGEEK
#survey #report #ebook #studies #ehealth #mhealth #healthcare
Your new post is loading...
Your new post is loading...
Scooped by Lionel Reichardt / le Pharmageek
Scoop.it!

Stanford Launches App That Connects to Epic EHR & Healthkit #esante #hcsmeufr #digitalhealth

Stanford Launches App That Connects to Epic EHR & Healthkit #esante #hcsmeufr #digitalhealth | 7- DATA, DATA,& MORE DATA IN HEALTHCARE by PHARMAGEEK | Scoop.it

tanford Health Care today announced its new iOS 8 MyHealth mobile health app for patients. Developed in-house by Stanford Health Care (SHC) engineers, MyHealth connects directly with Epic’s EHR, Apple’s HealthKit and cloud services for consumer health data monitoring.

The SHC MyHealth mobile app is designed to make it quick and simple for patients to manage their care right from their iPhones, including:

• Make appointments

• Get test results – your lab results are automatically made available in the palm of your hand

 

Communicate with your care team through a secure messaging system where your information is always kept confidential

• Have a video visit with your doctor through the new ClickWell Care clinic which gives you the convenient option of a “virtual” appointment

 

• Manage your prescriptions and medications

• View your health summary

• Access and pay your bills

• Share your vitals with your doctor via HealthKit integration

Secure Messaging


With the new MyHealth app, patients can communicate directly with their care team through a confidential and secure messaging system. In addition, the app automatically syncs with wearable and wireless products, allowing patients to take vital signs at home or on the go. That data is automatically and securely added to the patient’s chart in Epic for their physician to review remotely.

“The SHC MyHealth app allows patients to connect their lives with their health care,” said Pravene Nath, MD, Chief Information Officer, Stanford Health Care. “By integrating with companies like Withings, our physicians have access to meaningful patient data right in Epic, without having to ask the patient come in for an appointment. We believe this is the future of how care will be delivered for many types of chronic conditions.”

 

No comment yet.
Scooped by Lionel Reichardt / le Pharmageek
Scoop.it!

Will 2016 be Another Year of Healthcare Breaches?

Will 2016 be Another Year of Healthcare Breaches? | 7- DATA, DATA,& MORE DATA IN HEALTHCARE by PHARMAGEEK | Scoop.it

As I listened to a healthcare data security webinar from a leading security vendor, I had to ask: “Are we now experiencing a ‘New Normal’ of complacency with healthcare breaches?” The speaker’s reply: “The only time we hear from healthcare stakeholders isAFTER they have been compromised.”

 

This did not surprise me. I have seen this trend across the board throughout the healthcare industry. The growing number of cyberattacks and breaches are further evidence there is a ‘New Normal’ of security acceptance — a culture of ‘it-is-what-it-is.’ After eye-popping headlines reveal household names were compromised, one would think security controls would be on the forefront of every healthcare action list. Why then are we seeing more reports on healthcare breaches, year after year? 

 

This idea comes from the fact that, due to a lack of enforcement, acceptable penalties, and a culture of risk mitigation, more breaches are to be expected in the healthcare industry. Until stricter enforcements and penalties are implemented, a continuation of breaches will occur throughout the industry.

 

The Office of Civil Rights (OCR), the agency overseeing HIPAA for Health and Human Services, originally scheduled security audits for HIPAA to begin in October 2014. Unfortunately, very few audits have occurred due to the agency being woefully understaffed for their mandate covering the healthcare industry, which accounts for more than 17 percent of the U.S. economy.

 

Why Sweat a Breach?

Last September, newly appointed OCR deputy director of health information privacy, Deven McGraw, announced the launching of random HIPAA audits. In 2016, it is expected 200 to 300 covered entities will experience a HIPAA audit, with at least 24 on-site audits anticipated. However, this anticipated figure only accounts for less than one percent of all covered entities —not much of an incentive for a CIO/CISO to request additional resources dedicated to cybersecurity.

 

Organizations within the industry are approaching cybersecurity from a cost/benefit perspective, rather than how this potentially affects the individual patients. For payers who have been compromised, where will their larger customers go anyway? Is it really worth a customer’s effort to lift-and-shift 30,000, 60,000 or 100,000 employee health plans to another payer in the state? This issue is similar to the financial services industry’s protocol when an individual’s credit card has been compromised and then replaced, or when individual’s want to close down a bank account due to poor service: Does anyone really want to go through the frustration with an unknown company?

 

For some of the more well-known breaches, class-action lawsuits can take years to adjudicate. By then, an individual’s protected health information (PHI) and personally identifiable information (PII) has already been shared on the cybercriminal underground market. In the meantime, customers receive their free two-year’s worth of personal security monitoring and protection. Problem solved. Right?

 

The Cost of Doing Business?

When violations occur, the penalties can sting, but it’s just considered part of the cost of doing business. In March 2012, Triple-S of Puerto Rico and the U.S. Virgin Islands, an independent licensee of the Blue Cross Blue Shield Association, agreed to a $3.5 million HIPAA settlement with HHS. In 2012, Blue Cross Blue Shield of Tennessee paid a $1.5 million fine to turn around and have another HIPAA violation in January 2015..

As of December 2015, the total number of data breaches for the year was 690, exposing 120 million records. However, organizations are unlikely to be penalized unless they fail to prove they have steps in place to prevent attacks. If an organization does not have a plan to respond to a lost or stolen laptop, OCR will possibly discover areas for fines, but this can be a difficult process. Essentially, accruing a fine after a cyberattack or breach is relative.

 

A more recent $750,000 fine in September 2015 with Cancer Care group was settled, but the occurrence happened in August of 2012 — nearly three years later. A 2010 breach reported by New York-Presbyterian Hospital and Columbia University wasn’t settled until 2014 for $4.8 million. Lahey Hospital and Medical Center’s 2011 violation was only settled in November 2015 for $850,000. With settlements taking place several years after an event, settling may appear to be a legitimate risk assessment, further reinforcing the ‘New Normal’ of cybersecurity acceptance.

 

At one HIMSS conference, the speaker emphasized to a Florida hospital the need to enforce security controls. They replied with, “If we had to put in to place the expected security controls, we would be out of business.”

 

Simply put: The risks of a breach and a related fine do not outweigh the perceived costs of enhancing security controls. For now, cybersecurity professionals may want to keep their cell phones next to the nightstand.

Guillaume Ivaldi's curator insight, April 2, 2016 10:18 AM
Simply amazing: cost of providing a decent security is clearly not aligned with the business outcomes, and therefore it is economically better to endure the fine than being fully compliant to the regulation ...
Elisa's curator insight, April 2, 2016 5:47 PM
Simply amazing: cost of providing a decent security is clearly not aligned with the business outcomes, and therefore it is economically better to endure the fine than being fully compliant to the regulation ...