Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

How Connected Medical Device Platforms Can Conquer IoT Difficulties

Posted on October 29, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest blog post by Abbas Dhilawala, CTO of Galen Data.

The medical industry in the United States and around the world faces unprecedented challenges in 2019. An aging population, growing costs throughout the system, and frequent regulatory changes are just a few reasons why healthcare providers are increasingly adopting new technologies that can reduce costs and drive operational efficiency throughout the healthcare industry.

To that end, a growing number of connected medical devices are using the internet of things (IoT) to collect, analyze and transmit health data or images to internal hospital servers or cloud-based storage. While these innovative devices are slowly changing the paradigm of patient care and lowering costs throughout the system, med tech companies are still facing major barriers in the widespread adoption of connected medical devices.

Here are a few challenges associated with connected medical device platforms and the IoT, and how med tech companies can work to overcome those difficulties in the near future.

Improving Interoperability Between Connected Medical Devices

The technology companies that are building connected medical devices envision a future where wearable medical devices will instantly collect, analyze and transmit patient data to a central data repository where it can be used to update electronic health records and provide physicians with real-time information about patient wellness. One of the major obstacles here is interoperability – such a system would require a standard format for data and a common communication protocol that would allow all of these connected devices to transmit data to a single system.

Health plans, health care providers and medical technology vendors must work together to develop a consensus for interoperability standards that will facilitate more open exchange of data between authorized parties.

Address Growing Concerns over Cybersecurity

As connected medical devices proliferate through our world, it is becoming clear that medical technology companies need to take bigger steps to secure these devices and the data they collect against data breaches and malicious software attacks. Research from the Ponemon institute found that 70 percent of medical device manufacturers believe an attack on their medical devices is likely, but just 17% have taken significant steps to protect against this kind of attack.

We can look at data from recent years to estimate the results of poor security oversight in the world of connected medical devices. McAfee reports that the healthcare industry saw a 211% increase in cybersecurity incidents in 2017 compared to 2016. In the same year, 65% of all healthcare-related ransomware attacks were conducted by exploiting software vulnerabilities in connected imaging devices. However you measure it, the connected medical devices produced today aren’t sufficiently secure to be used in modern healthcare settings without the risk of compromising patient data.

Medical technology companies need to reduce the security risk posed by their devices by investing in improved security measures that reduce or eliminate software vulnerabilities. Medical technology companies should adopt a secure-by-design approach, even if it means adding hardware that increases the power consumption or cost of the product. Healthcare providers and patients need to trust that connected medical devices provide adequate protections for sensitive data.

Work to Fully Understand User Needs

The market for connected medical devices is expected to triple between 2018 and 2023, reaching a value in excess of $60 billion globally. As healthcare plans and providers move towards value-based payment models, the companies that build connected medical devices will have to demonstrate that their devices improve patient outcomes when compared to the alternative.

Manufacturers of medical devices must develop stronger ties to clinicians and patients that use their products and invest more resources in collecting evidence about the efficacy of their devices in improving outcomes for patients. In an outcome-based model, health plans will only want to pay for connected medical devices that create genuine value in the marketplace, and preference will likely be shown for devices that lead the way in software security.

Focus on Actualizing Real Benefits

As IoT medical devices become increasingly common in the marketplace, med tech companies must develop use cases that highlight the benefits they can deliver to early adopters. This includes efficiencies like the ability to transmit data wirelessly to health care providers, the potential to automatically update patient health records using data from wearables, easier access to data for physicians and health plans, and overall lowered costs of medical care.

Medical technology companies are working towards building the systems and functions that will usher in a more data-driven and patient-focused approach to health care. The most successful manufacturers will be the ones that gain industry support by delivering reduced costs and enhancing patient outcomes through repeatable use cases.

Summary

Connected medical devices stand to revolutionize the global healthcare industry, but there are still many challenges to overcome before IoT medical devices take over. Manufacturers of IoT medical devices must improve interoperability between systems to promote data sharing, address growing concerns over device security and generate evidence that their devices can meet user requirements and improve patient outcomes. Med tech companies that focus on creating real, demonstrable benefits for their customers will have the best opportunities to succeed as the healthcare IoT expands in size over the next five years.

About Abbas Dhilawala
Abbas has over 13 years of experience developing enterprise grade software for the medical device industry. He is well versed with technology and industry standards regulating security and privacy of data. His expertise lies in programming, cloud, cyber security, data storage and regulated medical device software.

EHR Passwords

Posted on July 2, 2018 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Everyone has issues with passwords in their lives. I once saw a startup company who’s entire advertising at an event was a big screen that said “Kill Passwords.” They were mobbed by people that stopped to hear what they were doing (Sadly, they haven’t killed passwords yet).

Turns out that EHR users hate passwords too:

The responses to this thread are pretty epic. Here are a few of them that stood out to me:


Many doctors have felt like doing this…and a few have done it.


Sad, but true in some places.


Been there. In fact, I’m always there since some password I use reguarly is always changing on me.


This is what annoys me most. Many of these password policies aren’t based on security or they’re based on outdated security.


The best reason why IT professionals should get to know more reasonable password policies that are just as or even more secure.

Dance Dance Authentication – Amazing Early Start to April Fool’s Day

Posted on March 31, 2017 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

At Healthcare Scene we love a well played April Fool’s day joke. We’ve done a few of our own over the years, but with April Fool’s day being on Saturday this year we’ll probably pass. However, it will still be fun to watch this weekend.

In a pretty smart move, Stack Overflow rolled there’s out early when they announced the next step in computer security called Dance Dance Authentication. Check out the video for more details (and a great Friday laugh):

They also have a blog post out about it with these priceless quotes:

“Computer security is always evolving. Passwords are “what you know.” Smart cards are “what you have.” We decided to ask “how you do you.”

“This security update is the result of years of work, requiring advances in many fields such as computer vision, AI and advanced calisthenics.”

The creativity of humans will never cease to amaze me. Have a great weekend. Let us know if you implement this new Dance Dance Authentication in your hospital or practice.

A 2 Prong Strategy for Healthcare Security – Going Beyond Compliance

Posted on November 7, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is sponsored by Samsung Business. All thoughts and opinions are my own.

As if our security senses weren’t on heightened alert enough, I think all of us were hit by the recent distributed denial of service attacks that took down a number of major sites on the internet. The unique part of this attack was that it used a “botnet” of internet of things (IoT) devices. It’s amazing how creative these security attacks have become and healthcare is often the target.

The problem for healthcare is that too many organizations have spent their time and money on compliance versus security. Certainly, compliance is important (HIPAA Audits are real and expensive if you fail), but just because you’re compliant doesn’t mean you’re secure. Healthcare organizations need to move beyond compliance and make efforts to make their organizations more secure.

Here’s a 2 prong strategy that organizations should consider when it comes to securing their organization’s data and technology:

Build Enough Barriers
The first piece of every healthcare organization’s security strategy should be to ensure that you’ve created enough barriers to protect your organization’s health data. While we’ve seen an increase in targeted hacks, the most common attacks on healthcare organizations are still the hacker who randomly finds a weakness in your technology infrastructure. Once they find that weakness, they exploit it and are able to do all the damage.

The reality is that you’ll never make your health IT 100% secure. That’s impossible. However, if you create enough barriers to entry, you’ll keep out the majority of hackers that are just scouring the internet for opportunities. Building the right barriers to entry means that most hackers will move on to a more vulnerable target and leave you alone. Some of these barriers might be a high quality firewall, AI security, integrated mobile device security, user training, encryption (device and in transit), and much more.

Building these barriers has to be ingrained into your culture. You can’t just change to a secure organization overnight. It needs to be deeply embedded into everything you do as a company and all the decisions you make.

Create a Mitigation and Response Strategy
While we’d like to dream that a breach will never occur to us, hacks are becoming more a question of when and not if they will happen. This is why it’s absolutely essential that healthcare organizations create a proper mitigation and response strategy.

I recently heard about a piece of ransomware that hit a healthcare organization. In the 60 seconds from when the ransomware hit the organization, 6 devices were infected before they could mitigate any further spread. That’s incredible. Imagine if they didn’t have a mitigation strategy in place. The ransomware would have spread like wildfire across the organization. Do you have a mitigation strategy that will identify breaches so you can stop them before they spread?

Creating an appropriate response to breaches, infections, and hacks is also just as important. While no incident of this nature is fun, it is much better to be ahead of the incident versus learning about it when the news story, patient, or government organization comes to you with the information. Make sure you have a well thought out strategy on how you’ll handle a breach. They’re quickly becoming a reality for every organization.

As healthcare moves beyond compliance and focuses more on security, we’ll be much better positioned to protect patients’ data. Not only is this the right thing to do for our patients, it’s also the right thing to do for our businesses. Creating a good security plan which prevents incidents and then backing that up with a mitigation and response strategy are both great steps to ensuring your organization is prepared.

For more content like this, follow Samsung on Insights, Twitter, LinkedIn , YouTube and SlideShare.

What Are You Doing To Protect Your Organization Against Your Biggest Security Threat? People

Posted on July 28, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.


This was a great tweet coming out of the HIM Summit that’s run by HealthPort. I agree with the comment 100%. Sure, we see lots of large HIPAA breaches that make all the news. However, I bet if we looked at the total number of breaches (as opposed to patient records breached), the top problem would likely be due to the people in an organization. Plus, they’re the breaches that are often hardest to track.

What’s the key to solving the people risk when it comes to privacy and security in your organization? I’d start with making security a priority in your organization. Many healthcare organizations I’ve seen only pay lip service to privacy and security. I call it the “just enough” approach to HIPAA compliance. The antithesis of that is a healthcare organization that’s create a culture of compliance and security.

Once you have this desire for security and privacy in your organization, you then need to promote that culture across every member of your organization. It’s not enough to put that on your chief security officer, chief privacy officer, or HIPAA compliance officer. Certainly those people should be advocating for strong security and privacy policies and procedures, but one voice can’t be a culture of compliance and security. Everyone needs to participate in making sure that healthcare data is protected. You’re only as strong as your weakest link.

One of the attendees at the session commented that she’d emailed her chief security officer about some possible security and compliance issues and the chief security officer replied with a polite request about why this HIM manager cared and that the HIM manager should just let her do her job. Obviously I’m summarizing, but this response is not a surprise. People are often protective of their job and afraid of comments that might be considered as a black mark on the work they’re doing. While understandable, this illustrates an organization that hasn’t created a culture of security and compliance across their organization.

The better response to these questions would be for the chief security officer to reply with what they’ve done and to outline ways that they could do better or the reasons that their organization doesn’t have the ability to do more. The HIM manager should be thanked for taking an interest in security and compliance as opposed to being shot down when the questions are raised. It takes everyone on board to ensure compliance and security in a healthcare organization. Burning bridges with people who take an interest in the topic is a great way to poison the culture.

Those are a few suggestions about where to start. It’s not easy work. Changing a culture never is, but it’s a worthwhile endeavor. Plus, this work is a lot better than dealing with the damaged reputation after a security breach.

Health IT Security: What Can the Association for Computing Machinery (ACM) Contribute?

Posted on February 24, 2015 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

A dazed awareness of security risks in health IT has bubbled up from the shop floor administrators and conformance directors (who have always worried about them) to C-suite offices and the general public, thanks to a series of oversized data breaches that recentlh peaked in the Anthem Health Insurance break-in. Now the US Senate Health Committee is taking up security, explicitly referring to Anthem. The inquiry is extremely broad, though, promising to address “electronic health records, hospital networks, insurance records, and network-connected medical devices.”
Read more..