Server mis-configuration is turning to a key vulnerability leading to PHI breaches. In a major health data leak, the University of Washington Medicine disclosed that data related to 974,000 patients was left exposed on the internet for three weeks because of a misconfigured server. This is the latest instance of patient data privacy at risk due to improper use of healthcare systems.
The breach came to light when one of the patients found a file with their own data while searching for their name on Google. The matter was brought to the attention of UW Medicine after which an internal investigation was carried out. It was later found that protected health information reporting files were visible by search on the internet from Dec. 4, 2018.
The misconfiguration occurred because of a coding error when data was being moved onto a new server. The files, according to UW Medicine, ‘contained patients’ names, medical record numbers, and a description and purpose of the information. The files did not contain any medical records, patient financial information or Social Security numbers.’ However, for some patients, the files did include the names of lab tests but not the results.
The breach was discovered on 26th Dec and UW Medicine took steps to remove the information from their site and any other third-party sites which might have saved the information related to patient data.
“Because Google had saved some of the files before December 26, 2018, UW Medicine worked with Google to remove the saved versions and prevent them from showing up in search results,” officials said in a statement. “All saved files were completely removed from Google’s servers by Jan. 10, 2019.”
It must be noted that this is the second instance of data breach at UW Medicine. Back in 2013, social security numbers and medical data of 90,000 patients became vulnerable when an employee opened an attachment containing malware. At that time, the provider paid almost $750,000 over the breach with an assessment to address patient data risks and vulnerabilities.
This time around UW Medicine officials have said that they will be reviewing their protocols and procedures to prevent such similar breaches in the future. For now, the breach has been reported with the Office for Civil Rights.
Server mis-configuration such as the one at UW is likely to overtake ‘phishing’ as a top source of breached data according to the Chief Security Officer at Box and current partner at Andreessen Horowitz Joel de la Garza.
A prime example of other instances such as UW medicine is the server security mishap at Rubrik, an enterprise software company focused on cloud data management. There, a misconfigured AWS Elasticsearch server led to private data exposure of major customers of Rubrik.
In a high-risk environment, organisations need to be wary of data leaks such as these. And while it’s safe to assume that this trend is poised to continue, the need of the hour is to educate the IT teams and staff about cybersecurity, data privacy, and data integrity.
In December last year, a report by Spiceworks pegged Microsoft Teams as the second most used business chat app, ahead of Slack and behind Skype for business. This incredible growth and fast adoption of Teams has been phenomenal, especially considering that the app just launched two years ago.
So, how did Microsoft Teams go from just a fringe chat app with minimal adoption to being the fastest growing business app in Microsoft’s history?
Real-time collaboration and chat applications have become new age communication tools which append the usefulness of workplace emails by providing a secure and team-based platform. These new applications work across multiple operating systems and offer multi-disciplinary functionalities including group chat, video conferencing, meetings, and data sharing. For any organization big or small, a single tool which is resourceful enough to replace various internal disparate communication systems, brings immense value.
From 2016 to 2018, Microsoft Teams grew from 3 percent to 21 percent in terms of app penetration. This growth was amplified by Microsoft’s decision in 2017 to make the app available to business users of Office 365, for free. While other competitor applications like Slack also offer free versions, Microsoft amped the product with functionalities which specifically targeted industries like healthcare. This led to Microsoft Teams defining its own niche within the business app category and beating the competition at its own game.
A good example of this strategy from Microsoft is the schedule-management feature that debuted with rave reviews. Using the schedule-management feature in Teams, managers can create, share, and edit staff schedules within employee groups. The employees too can swap shifts, and request time off using this functionality.
Another example of Teams as an innovator in niche industries like healthcare is the new patient-care coordination offering. Although right now in private preview, the new offering integrates the platform with electronic health records and provides secure messaging which is highly relevant in the healthcare industry. Secure messaging helps healthcare professional stay HIPAA-compliant when sharing patient data and information through chat apps.
“New experiences for Firstline workers will roll out to Teams over time. With this expanded feature set, Teams is the hub for teamwork for all workers,” a spokesperson had said back in September 2018. These new features coupled with the fact that 87 of the Fortune 100 companies are currently on the platform establishes Teams as the go-to workplace collaboration app.
A string of new functionalities provided a shot in the arm for the Teams app, but its success is based on more than just workplace productivity features. Teams is the perceived leader for security, manageability, and cost-effectiveness, which makes it the preferred choice over Slack, even though both apps are neck-to-neck in terms of reliability, compatibility, and user-friendliness.
While it’s difficult for collaboration apps to replace conventional communication tools like emails completely, applications like Teams help in making workplace communication faster and efficient. The end goal for business users, therefore, is to leverage apps like Teams for real-time group collaboration without worrying about the security of such communication.
Integrating FHIR-enabled electronic health records with Microsoft Teams is now available in exclusive Private Preview. To learn more and register, click here.
Accessing your own health data free of cost will soon become a reality as Federal health regulators proposed major regulations coinciding with HIMSS 2019. Information related to insurance claims, hospital and doctor records will be available for patients on their smartphones once the policy comes into effect.
“Patients have really lost in the system,” said Seema Verma, administrator of the Centers for Medicare and Medicaid Services. “Today, instead of filing cabinets and paper silos, we now have electronic silos that make it difficult for patients to access their own health data.”
The rule, when it comes into effect, will be helpful for patients who want to electronically access information from the healthcare providers’s EHR (Electronic Helath Record) systems. This information can include details such as doctor notes, reports, and historical medical data. The patient will not be charged for these records.
“The rule really is, OK, let’s figure out how to get this information out technically and let’s force it out,” Don Rucker, the national coordinator for health information technology in the Department of Health and Human Services, told WSJ.
In recent times, hospitals have caught on the digital transformation train and started offering online patient portals. These portals however, redact critical information such as imaging scans and doctor notes. This new draft policy aims to make the process and information sharing more transparent.
“It’s very hard for individuals to get their health information today,” Deven McGraw, a former federal official told WSJ, despite existing laws that protects such access.
Companies like Apple have already started building tools which can store personal health information in real-time and this draft policy is expected to bring health data to our digital devices. Claims data, including the cost of services will also be opened for access by patients.
Since the regulations will make it mandatory for the hospitals to follow the guidelines to participate in the Medicare program, the healthcare providers might finally have to be fully transparent and make critical information available to the patients on-demand.
Digital transformation has caught up with the healthcare industry. Healthcare organizations are slowly realizing that their competitiveness is predicated on their adoption of technology and a failure to adapt to change could be catastrophic.
Organizations need to approach digital transformation carefully because technology will define the true worth of all product and services in the future, especially in the healthcare industry. HIMSS 2019, therefore, is the perfect place for a sneak peek into the future of healthcare. With just three more days to go here’s a curated list of exciting sessions at HIMSS 2019.
1. Session: Improving Provider Data Accuracy with Blockchain
(Health Information Exchange, Interoperability, Data Integration) When: 13th Feb, 11:30 am – 12:30 pm Where: Orlando – Orange County Convention Center – W230A What to expect: This session will provide an overview of why Humana, MultiPlan, Optum, Quest Diagnostics and UnitedHealthcare have formed an alliance (named the Synaptic Health Alliance) to explore the use of blockchain technology in tackling the challenge of accurate and efficient provider data management and sharing.
2. Session: Creating the Next Generation of Digital Engagement
(Consumer, Patient Engagement & Digital Connected Health) When: 14th Feb, 8:30 am – 9:30 am Where: Orlando – Orange County Convention Center – W304E What to expect: This presentation will share insights into the initiatives Novant Health has developed to maximize engagement at each point across a patient’s healthcare journey.
3. Session: Clinical Optimization: One Approach to Integration
(Improving Quality Outcomes Through Health Information & Technology) When: 14th Feb, 8:30am – 9:30am Where: Orlando – Orange County Convention Center – W206A What to expect: This session dives into how to reduce care variation, improve clinical outcomes and lower overall costs by implementing a simple, yet effective, clinical optimization strategy.
4. Session: Digitally Transforming Patient and Caregiver Experiences
(Consumer, Patient Engagement & Digital Connected Health) When: 15th Feb, 12:00 pm – 1:00 pm Where: Orlando – Orange County Convention Center – W308A What to expect: In this session, the speakers will discuss key digitalization initiatives at the Cleveland Clinic and the learnings from a multi-year digital transformation currently under way.
5. Session: FHIR Interoperability: Point-of Care Healthcare Apps in the Real World
(Health Information Exchange, Interoperability, Data Integration) When: 15th Feb, 12:00 pm – 1:00 pm Where: Orlando – Orange County Convention Center – W304A What to expect: This session will describe Geisinger’s evolving approach to using FHIR resources to extend homegrown apps beyond our current EHR system, allowing us to share our innovation more broadly than ever before.
TED talks are all about ideas worth spreading. From self-help techniques to innovation in science and technology, TED talks are now considered a congregation for some of the greatest minds in the world. With one of the biggest healthcare conferences (HIMSS) just around the corner, here’s our selection of four of the best TED talks every Health IT leader should watch.
Visualizing the Medical Data Explosion
This talk covers how analyzing medical data has changed over the years due to medical data explosion. A single CT scan generates 25,000 images of the human body, which is equivalent to 20 GB data. All this data helps the healthcare teams to extract relevant information, given the right equipment. Anders Ynnerman also discusses sophisticated new tools like virtual autopsies, which enable physical autopsies and forensic evaluations. They also help to locate metal fragments embedded in a body. The speaker demonstrates touch devices which help with diagnoses, and an MRI which maps brain activity and how the neurons are working, when the person is engaged in certain activities.
Key Takeaway: Health IT has really helped in delivering scores of data related to patients and diseases but learning to analyze that data correctly is the next step in the evolution of new age healthcare models
Let’s Pool our Medical Data
From Avicenna in 980 AD to Carlos Finlay in the 1800s, man has tried to understand disease to treat it. Finlay pioneered the concept of “informed consent”, paving the way for performing clinical studies on human beings, to further our understanding of disease. Today, doctors aim to snuff out the disease itself, by studying genomes which carry the weight of a legacy, trailing over generations and even millennia. But data confidentiality is hampering the possibility of finding innovative new treatments, by hiding the connections between diseases. Privacy is important, but data needs to be shared, if we want to find a real cure to a disease. Can people voluntarily share their medical records and data through standardized legal tools and standardized technology? When Vanderbilt ran a study, which asked for bio-samples for a bio-bank, only 5% of people refused.
Key Takeaway: John Wilbanks founded the world’s first fully digital, fully self-contributed, global and ethically approved clinical research study where people can directly contribute data. This is done through express consent, and people can upload their personal medical history and join an effort to move forward in health as a society, creating a Wikipedia for medical research which contributes to the greater good.
It’s Time to Redesign Medical Data
This talk is about behavioral barriers which make most patients disobey a doctor’s advice. Can we provide information to people and educate them to make better choices and better decisions in life? It’s intriguing because dentists got people to brush and floss their teeth, but other disciplines haven’t seen similar success.. The TED talk focuses on how efficient people are more compliant and personalized information works better than fear-mongering. It’s important to specify individualized points of action, by building an emotional connect with options, choices, benefits and trade-offs. It’s also necessary to create a feedback loop, which connects the information with the action. For this to succeed, we need personalized data. We need to clearly tell people what the drug is for and who it is good for and then offer the statistics on its effectiveness and also its side effects. Same goes for lab test results too.
Key Takeaway: Redesigned medical data is a powerful catalyst for change and tackling behavioural barriers is a pre-requisite to bring about that change.
Soon, We’ll Cure Diseases with a Cell not Pill
This talk by Siddartha Mukherjee shows how antibiotics have made us believe that stopping a disease is all about popping a pill. But only 0.025 percent of all chemical reactions in our body can be targeted by this method. We are now turning to immunotherapy from chemotherapy, bringing spectacular new medicines to treat cancer. Pills are no more the answer to depression, and this TED talk examines why we need to re-look at kidney failure, diabetes, hypertension, and osteoarthritis too.
Key Takeaway: The time has come to treat diseases with a cell and not a pill. Encouraging the growth of some cells, or stopping some from growing makes the treatment of disease individualized, immersive and genome-based.