Benjamin Harris

For much of the history of modern medicine, the model has been that patients go to the hospital or physician to receive treatment. This works well when all of the tools needed to solve a health problem are concentrated in one location. There are some things that an MRI machine or a ward of specialists can't fix though. Food insecurity, lack of reliable transportation, even levels of literacy and education are all factors that can lead to the types of hospital visits that quickly become expensive. Addressing these upstream factors, known as social determinants of health, requires healthcare systems to look outside of their traditional realms and roles. Cindy Gaines, RN, chief nursing officer at Philips Population Health Management, says that a hospital can't solve every problem in the world but it can broaden what it looks at and whom it works with. Data to target, not overwhelm Hospitals need to know what the needs of their population are before they can start finding ways to address them. Gaines says that a community health assessment is an important place to start, followed by other publicly available health data. While trying to address social factors without targeting the needs of specific populations won't get very far, neither will overloading with data. Start with what you have is her advice. "SDoH surveys can be really long and overwhelmed with data," she says. "Even using ZIP code data, you can learn a lot about a community." Seek out partnerships "We take action one patient at a time when we're in the office," says Gaines, who says practitioners might interact with patients who need to make a choice between paying their electricity or their medical bill – and never know. Instead, hospitals need to partner with organizations that fall outside of the healthcare realm. Gaines says she's seen hospitals partner with or even create farmer's markets or food pantries in food deserts. She notes one health provider sponsored a public bike program in one town to address things like obesity and low exercise rates. Making an impact on SDOH means "really being creative about what we want to do" and then finding the right places in the community to partner with or support, says Gaines. Better understanding a patient population and identifying upstream solutions place the hospital in the role of the coordinator. Focusing on the goal of keeping communities healthy means that communicating better with other providers and outside organizations will help target and address underserved populations. Knowing where to look for data as well helps healthcare providers start to develop standards for how to connect those in need with the services that can help them. When better information about patients and situations that impact their health become clear, hospitals can effectively build partnerships and help address environmental factors. Something as simple as identifying patients with transportation needs and providing rides for them to reach an appointment can lead to a huge decrease in spending. "It takes a community to address the social determinants," says Gaines. "It isn't a hospital going out and changing the world on its own." .jumbotron{ background-image: url("https://www.healthcareitnews.com/sites/hitn/files/u2556/SocialDeterminantJumbotron.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; } Focus on Social Determinants of Health In September, Healthcare Finance News, Healthcare IT News and MobiHealthNews will take a look at the SDOH and how varied health systems, IT companies, Congress and others are addressing it. Benjamin Harris is a Maine-based freelance writer and former new media producer for HIMSS Media. Twitter: @BenzoHarris.

Numerous challenges will hinder AI growth in healthcare unless the industry improves, a new scientific report finds.

For a few hundred dollars, any hacker can buy their way into a healthcare network.

Underlying weaknesses in common OS’s are slowing hospitals down. Software can help fix them.

A new industry survey finds that a lack of network visibility is impairing already overworked cybersecurity teams.

A new white paper identifies the challenges health systems need to overcome for a successful analytics program.

It’s the operating system that runs the elevator, the HVAC system, medical equipment, and even the router that connects everything else in a hospital to the outside world. Wind River Systems’ VxWorks real time operating system powers these devices and more. But pervasive vulnerabilities in versions going back over a decade have recently been discovered. The vulnerability is within the TCP/IP (IPnet) stack, which exists in a wide range of older IoT devices. However, according to Wind River Systems’ FAQ, the latest release of VxWorks is not affected. Wind River has recommended that organizations deploying devices with impacted versions of VxWorks patch immediately and said it has fully tested patches to address the TCP/IP (IPnet) stack vulnerabilities. WHY IT MATTERS Researchers at Armis, who call VxWorks "the most widely used operating system you may never (have) heard about," have discovered 11 vulnerabilities, six of them critical, that affect Wind River VxWorks versions since version 6.5 – and are collectively referring to them as "URGENT/11."  Wind River notes that certain releases, including its latest release, are not affected. Six of the 11 vulnerabilities are remote code execution vulnerabilities. Other vulnerabilities include denial of service vulnerabilities. The significance of the RCE vulnerabilities is that successful exploitation could allow a hacker to remotely take over the impacted devices. Successful exploitation of other vulnerabilities could lead to leakage of information, denial of service, and logical flaws.  Additionally, these vulnerabilities can be exploited by an unauthenticated remote attacker. "The potential for compromise of critical devices and equipment especially in manufacturing and healthcare is a big concern," said Ben Seri, vice president of research at Armis. VxWorks and operating systems with similar vulnerabilities are the lightweight and powerful systems that drive many mission critical and specific-use devices. These devices range from perimeter-level ones like routers and firewalls to medical equipment which sit inside secured networks like connected medical devices. The consequences of any of them being brought to outside control could directly impact everything from the routine functioning of a hospital’s basic facilities to life-critical operations. Wind River has issued patches and is working on mitigation with customers, but as Wired has pointed out, addressing such widespread IoT updates can be a long process. On Tuesday, the U.S. Department of Homeland Security put out a Cybersecurity and Infrastructure Security Agency ICS Advisory that explained the vulnerability in detail and offered mitigation information. THE LARGER TREND The healthcare industry has been recognized as both target-rich and easy pickings. Any new vulnerability to something so deep-seated in a hospital’s network architecture should reinforce the need to be willing to spend big on investments to security. This is doubly true with the relatively new class of IoT devices which are currently expanding inside hospitals at a meteoric pace. While this is hardly the first instance of a connected IoT medical device getting hacked, any news of new vulnerabilities makes for a call to action on security. ON THE RECORD "URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security," said Yevgeny Dibrov, CEO and co-founder of Armis. "Every business with these devices needs to ensure they are protected. The vulnerabilities in these unmanaged and IoT devices can be leveraged to manipulate data, disrupt physical world equipment, and put people’s lives at risk." "Wind River’s dedicated security incident response team worked closely with Armis to ensure customers were notified and provided patches and mitigation options," said Arlen Baker, Wind River's chief security architect, in a blog post. This shared, collaborative process was designed and executed to help device makers mitigate potential risks to their users. We thank the security researchers for their role in helping us discover these vulnerabilities in the IPnet networking stack." Benjamin Harris is a Maine-based freelance writer and former new media producer for HIMSS Media. Twitter: @BenzoHarris.

Finding the best care for a patient can be a constantly moving target. The number of stakeholders, the constant advance of new information and treatment options and the nuanced demands of different payers make for a maze of complexities to navigate. In the field of oncology, for example, nobody but a specialist could be expected to keep up with the growing wealth of knowledge in the treatment of individual cancers. Yet most patients are treated by general oncologists who may not be abreast of every best course of action for specific conditions. These practices might not know which treatments a patient could be pre-approved for, or which payers are most likely to compensate and for what. As the practice of tailoring precision medicine plans for each patient takes hold, physicians are being asked to make more specific treatment decisions than ever before. "You have labs, you have payers, you have providers and you have pharma – and they’re all interested in what the doctor is about to do with a patient," said Clynt Taylor, CEO of Intervention Insights, which makes a tool called Trapelo that helps streamline treatment and payment options. Taylor says that giving an oncologist "an opportunity to see what they should be ordering based on the clinical scenario" empowers them to make the best decision for the patient. Information is inspiration "Most doctors have a good idea of what they want to do," said Taylor. "It’s information access that’s really holding up the process: ‘I didn’t know the lab could do that, I didn’t know these genes should be tested.’" Effective deployment of an IT system that can gather all of this information and put it at an oncologist’s fingertips, integrated into their workflow, helps align the interests of everyone involved. In precision medicine, every decision has to be tailored to the patient at hand. This requires significant knowledge about everything in a field where treatment options and knowledge about the disease are advancing rapidly. Doctors need to know their options in a way that relates to the patient and which a payer will approve. "If I order a test, will I get a treatment option that is supported by clinical evidence?" said Taylor. "Or will I get treatment options I can’t use?" Taylor notes that health plans "will pay if there’s evidence." But that puts the onus on providers to have conversations with the payer at the beginning of the care process to build a case for a specific treatment regimen. Integrating payers into the treatment option plan helps form a more granular narrative of care. "Payers not usually involved until the end of treatment selection process," said Taylor. "Docs go through the process, made treatment decisions, submitted to payer and the payer says ‘what’s going on?’ Involving them earlier in the process avoids the situation where payer prior authorization is a holdup." Having a picture at the onset of care of how to proceed and the likely outcomes enables a much better relationship with the payer and delivers the most effective care possible for an individual. Deep insights have been helping physicians predict the best treatment course in a number of fields; tying the process to the payer conversation makes for a more streamlined transition from treatment to payment. Taylor notes that as more data is amassed about precision health, the more seamless the whole process will become. "The more we can streamline communications through automation, the faster a decision can be made," he said. Benjamin Harris is a Maine-based freelance writer and former new media producer for HIMSS Media. Twitter: @BenzoHarris.

The Office of the National Coordinator for Health IT says it's seeking public input and recommendations before it takes a "snapshot" of its Interoperability Standards Advisory toward the end of the year.

More than half of hospitals say they've had one or more data breaches caused by third-party vendors in the past two years, with an average cost of $2.9 million per incident – but too many are still failing to do adequate risk assessments.