Network Infrastructure

Only a few days remain to submit a speaking proposal for the HIMSS and Healthcare IT News Privacy & Security Forum in Los Angeles, May 11-12. The deadline for submitting a proposal is Thursday, Feb. 4 at 5 p.m. Speaking opportunities are limited to security professionals and experts from healthcare provider and payer organizations, government agencies and academic institutions. Presentations should be practical, actionable, and solutions-based. Click here for additional information and to submit a proposal. The two-day Privacy & Security Forum will bring together more than 200 leading providers, payers, researchers and government officials. The forum's goal is to provide healthcare security professionals with tools, solutions, best practices and expert insights into how they can better manage risk and protect their organization’s data assets. Presentations will address, among others, the following topics: BYOD, cybersecurity, incidence response, cloud security, data-loss prevention, HIPAA compliance, security frameworks, medical device security and third-party management.

One of my all-time favorite Star Trek original series episodes is entitled "The Trouble with Tribbles." In this episode, Captain Kirk urgently races to a space station that's in distress. Once at the space station, he and the crew of the starship USS Enterprise encounter small furry creatures that purr and resemble something between a small cat and a cute guinea pig that are called Tribbles. Once these creatures are brought onto the Enterprise, they start immediately reproducing into litters of Tribbles and threaten to overwhelm the Enterprise and the crew. In much the same way that the cute and cuddly Tribbles start to overtake the USS Enterprise, so too have devices with ePHI overtaken and in some cases overwhelmed the hospital and healthcare technology ecosystems. The truly hard part is not simply containing the obvious devices and applications that store and transmit ePHI such as servers, computers, interface engines or electronic medical records. The real challenge are standalone devices, sometimes decades old, that unbeknownst to the users store and transmit ePHI. So where all can we look for these devices and how can we get in front of them so that they don't threaten your starship? First, it is critically important to conduct an ePHI data landscape analysis and document where and how ePhi data moves throughout your network. It is amazing how many times a network subnet or route takes a "hop" that is unaccounted for and could find its way to a device. For example, unassuming multi-function devices that users perceive to simply be photocopier / fax / printers can connect to your corporate network and can store documents on a network shared drive or email users on your behalf. Additionally, those multifunction devices can contain hard drives and copies of the print jobs or fax jobs that it has completed. One large health plan recently was penalized by the Office of Civil Rights to the tune of over one million dollars because the leased copy machines they returned contained hard drives that were unencrypted and had the ePHI information for over 300,000 individual's stored on them. Next, look for devices that do not connect to your corporate network but actually store and forward ePHI. There are a number of clinical modalities (hearing test machines, radiology systems, cardiology systems, etc.) that are considered clinical devices but connect to a standalone PC or laptop via a serial cable or some sort of connection from the instrument to the computer. An easy rule of thought is; if it has a hard drive on it then encrypt it! One of the most annoying tribbles that seems to have infiltrated organizations is the ever present 1980's style pager. Even more annoying is the fact that these pesky devices won't go away in the industry, much less that they can easily store hundreds of alpha numeric messages that surely could contain ePHI. If your organization has them, make sure that they are encrypted or better yet get rid of them for a smart clinical communication application that can take its place. There are a number of leading vendors out there that have clinical applications designed for the modern healthcare worker that take into account ePHI data storage and transmission. In the same sentence of a pager is the issue of healthcare workers texting each other patient information on their personal devices. While it's difficult to try and curtail behavior that occurs on a device completely out of the control of the organization, there must be thorough education, policy, and user attestation efforts to educate your healthcare worker population on why this must not occur. Convenience simply does not take precedence on what could be a major risk and issue for ePHI. Additionally, another legacy device that must be addressed is the standalone fax machine. Some fax machines have hard drives and can store the fax cover sheets for easy reprinting. If ePHI can be stored on those fax machines that could constitute a risk that needs to be addressed and mitigated. Another pesky tribble are automated batch and FTP jobs that "put" files onto network shares or distribution points for organizations to share information among each other. Make sure that these FTP jobs are secure and do not use network account credentials that are generic in nature or easy to guess. It's amazing how many of these jobs are setup by vendors when an application is initially installed, but are left on autopilot for years without audit. Lastly, work closely with your purchasing and finance departments to put controls into place that any electronic item coming into an organization is reviewed and has a proper ePHI risk assessment completed on it to ensure that there are appropriate ePHI controls in place. Beyond technology, it is the organizational culture that must be primed to understand the risks of ePHI proliferation and ensure all of the dimensions are addressed. Too often a tribble can quickly be introduced into an organization because it's the new cute and fuzzy creature that is admired and wanted by all. Captain Kirk ultimately saved the Enterprise by finding every single tribble and getting them off of the USS Enterprise. While that may not necessarily need to be the course of action for every tribble in your organization; you must try your absolute best to identify and remediate the risks before you suddenly realize one day that your starship has been overrun by what everyone assumed were cute and fuzzy innocent looking creatures.

Sue Schade, chief information officer at University of Michigan Hospitals and Health Centers, plans to leave that role and will instead focus on consulting, coaching and interim management work after spending more than 30 years leading IT departments.

Healthcare IT News and HIMSS are accepting speaker proposals for the Privacy & Security Forum in Los Angeles, May 11-12, 2016.

With 900 care locations and a 1,200-member IT team, Carolinas HealthCare System is sprawling and complex. That’s just how Chief Information Officer Craig Richardville likes it. Complexity creates excitement, Richardville, who was recently named the 2015 CHIME-HIMSS John E. Gall Jr. CIO of the Year, tells Healthcare IT News. “It’s just so dynamic that it creates the energy.” CHIME and HIMSS give the CIO of the Year Award jointly each year. The groups selected Richardville for the 2015 honor, they said, for “pursuing an aggressive and effective approach to employing technology to help provide better care.” Q: What do you view as your primary mission as CIO? A: To best serve our patients by engaging the optimal use and investment of technology and information for our patients and providers to improve their health and enhance care. Q: What is your proudest achievement? A: First and foremost, my family – watching my three sons grow and develop into fine young men and assets to our community. Professionally, the team – the complete CHS Team coming together to address and develop new and exciting ways of improving our services and connecting to our patients. Q: What has been the biggest challenge you¹ve had to face as CIO? A: Change management – ensuring that we lead the transformation of healthcare delivery. Q: How has your work changed over the years, and what factor has most contributed to the change? A: The biggest change is the addition from an executor of a plan, in with the development of the strategy. There are many ideas in and outside of healthcare that are applicable for us to evaluate and appropriately implement, so being part of the discussion over the last several years has allowed an opening of all minds, mine-included, to what the future possibilities are. Q: How has meaningful use changed the way you work? A: Meaningful use accelerated our plan and provided a discount to automate the clinical record and processes and to build a foundational platform for many other key initiatives to be built upon it, such as interoperability, patient engagement, mobility, virtual care, care management, etc. In that way it was beneficial, but the requirements and timeline and maturity of the service offerings has led to some of the frustration. To ensure we communicate our success and future progress, MU needs to be clearly identified as service and outcome-oriented for ensuring our work clearly puts the patient first. Q: Looking ahead, what challenges do you see coming in health IT? A: Interoperability. True interoperability based upon secure standards is absolutely necessary if we are to achieve the vision all of us share regarding making sure patients have access to their health information, and it’s easily accessible to their providers. Unlocking the data in our systems to share with providers and patients is crucial to creating a seamless health information system. It requires that we agree upon standards and safe transport protocols. It’s absolutely vital though that in order to serve our patients, we provide them and their providers with the health data they need to lead full lives. Also, patient engagement. Providing solutions that are easy, accessible and integrated into people’s lives is a challenge. Healthcare is good at building and deploying very feature-rich and complex software systems. What’s harder though is to deliver that sophistication into solutions that are consumer-grade, easy to use and accessible to consumers. It should be as easy as hailing a car on Uber, ordering a pair of shoes from Zappos, downloading a movie from Amazon or making a dinner reservation on Open Table. These solutions have to be integrated into the lives of people in a way that is not obtrusive but still help them manage and improve their health status. Q: What challenges are unique to Carolinas HealthCare? A: Carolinas HealthCare System has a level of complexity that may be similar to some but different from others. We are a multi-state health system with a large portfolio of combined assets, but also, in various markets, we have regional relationships that are a mixture of managed services, leased services and shared services. This complexity has allowed us to be very similar to other communities in that we have in some cases, like EMR for example, where we have been able to build core competencies around the higher layer services, such as health information exchange, patient engagement, data warehouse and analytics that contain a multi-faceted number of systems, products and solutions as opposed to a single platform like many others. Q: What new technology developments on the horizon have you enthusiastic? A: Mobility – placing the patient to be accountable for their health and wellness by providing the apps and connectivity for them to do so. Virtual care and it’s continued quick advancement and acceptance as a delivery model holding us accountable to the existing standards, yet improving access and lowering cost. Interoperability. FHIR appears to be very promising and we’re looking at ways here at Carolinas HealthCare System to use it to better build and deploy solutions for our patients and providers. Q: Where will health IT be five or 10 years from now? A: I would expect that we will be leading many other industries and that those in financial services, retail, etc., will look at healthcare IT for advancing their companies and industries, similar to how we are modeling some of our services offerings in comparison to them. There is a tremendous amount of talent within healthcare. We have arguably evolved quicker in this transformation that any other industry. With the management of the tight budgets that we hold ourselves to, we will inevitably be the one to lead the industry pack as we continue to help the business develop and deploy solutions that make it easier for patients and clinicians at a competitive price point. One of the things we’ve learned over the last 20 years, particularly here at Carolinas HealthCare System, is we’ve gotten very good at deploying solutions that are on time, on budget and deliver great value. Our teammates have great insight into how things work. We listen to and continue to better understand our patients, and how we can best optimize solutions and deliver value. I am very fortunate to be with a health system with a visionary board, and feel blessed to be part a group of colleagues that thrive upon teamwork and successful execution of our plans. Healthcare IT is not only playing the support role that we always have, but also leading and being a key component of many of our strategic initiatives. Twitter: @HealthITNews

The Massachusetts eHealth Institute at MassTech, known as MeHI, has awarded more than $1.3 million in grants to 25 behavioral health providers to improve patient care, reduce healthcare costs and ensure appropriate privacy and security protection of behavioral health patient data.

The recent CMS 90/10 final rule extends the 2011 federal funding regulation for Medicaid Eligibility systems. It's just one of the latest CMS efforts to support states attempting to modernize and develop more effective Medicaid IT systems.

Evariant, which offers a CRM platform for healthcare providers, raised $42.3 million in a Series C round of financing. Goldman Sachs led the funding.

The Verona, Wisconsin-based EHR giant will provide Vanderbilt University Medical Center with clinical, administrative and billing software and also MyChart, Epic's patient portal.

More than 720 data breaches occurred this year, and the top seven cyber attacks alone have left more than 193 million personal records open to fraud and identity theft.