The healthIT world descended on Las Vegas in March for HIMSS16, the world's largest conference for all things healthcare digital. Over 42,000 attendees networked and shared ideas about everything from cyber-security to interoperability to health IT policy. Here are our key take-aways:
Cybersecurity
- Healthcare is a prime target of cyber criminals. Healthcare records are more valuable than other kinds of pirated personal information on the black market because they include detailed information including, but not limited to a person's name, address, social security numbers, age, gender and medical conditions. This detailed information is extremely useful in creating false identities and committing insurance fraud.
- The malware used by hackers who target medical information is highly sophisticated and increasingly difficult to detect. "Ghostware," polymorphic code and "two-faced" malware are just some of the newest threats being used by hackers. Information security officers have a difficult time keeping up with these threats as hackers and the technology that they use evolve and adapt rapidly.
- Now that healthcare providers are relying on electronic medical records to deliver care, "ransomeware" is a major threat. Cyber criminals send an e-mail with an attachment containing a virus that, when opened, rapidly takes over a targeted computer system. The attacked system is held hostage by the criminals until a ransom is paid. Several hospitals have already been forced to pay hackers to release their computer systems. We can expect many more ransomware attacks on healthcare providers as ransomeware becomes more prevalent.
- Most medical devices are now "wireless enabled." The U.S. Food and Drug Administration has published several reports recently that identify the vulnerability of connected medical devices to hackers. Too often, these devices do not include basic cybersecurity protections since they are not required by law. As the FDA and medical community have yet to reach a consensus on best practices regarding wireless enabled devices, manufacturers are sometimes not installing even basic cyber-security features making these devices vulnerable to hackers. Having unprotected connected medical devices is among the easiest ways for a hacker to gain access to a healthcare provider's network.
Interoperability
- The federal government reaffirmed its commitment to achieve widespread interoperability among various electronic medical record platforms by 2018. It is a key pillar of healthcare reform according to HHS Secretary Burwell.
- ONC announced that ten major organizations, including the largest electronic medical record vendors, have signed the Interoperability Pledge committing resources and stating the objective to achieve interoperability.
- The Sequoia Project, which supports eHealth Exchange (formerly the Nationwide Health Information Network), announced that its Carequality Interoperability Initiative had successfully launched with participation by Epic and other major EMR vendors as well as large health data exchanges.
- Microsoft has announced its Connected Care program for its employees. This program allows Microsoft employees to share health information electronically among the entirety of each employee's healthcare providers in order to promote continuity of care.
Value Based Payment Models
- CMS has committed to have 50% of its Medicare payments covered under Value Based Payment models by 2017, and 90% by 2019. This is transforming the healthcare industry. Timely access to clinical information is vital for healthcare providers that want to thrive under the VBP models.
- MACRA, passed by Congress in 2015, replaces a mosaic of "Pay for Performance" initiatives with two mega categories: Merit Based Incentive Payments (MIPS) and Alternate Payment Models (APMs). Healthcare providers must demonstrate that they meet specific targets in order to receive incentive payments. They must have performance data to do this. MIPS and APMs are increasing the need for EMRs that are interoperable with other data systems.
The healthcare industry is undergoing a fundamental
transformation unlike anything that we have seen since the adoption
of DRGs in the 1980's. There will be organizations that
don't survive this transformation, and many healthcare
providers will struggle to thrive in the new environment. There are
many opportunities, however, for innovative healthcare
organizations that can embrace technology and adapt. The legal
issues associated with these changes and
the widespread adoption of health information technology are
significant and must not be underestimated.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
