How a Misconfigured Server Exposed Health Data of 974,000 Patients at UW Medicine

How a Misconfigured Server Exposed Health Data of 974,000 Patients at UW Medicine

Server mis-configuration is turning to a key vulnerability leading to PHI breaches.  In a major health data leak, the University of Washington Medicine disclosed that data related to 974,000 patients was left exposed on the internet for three weeks because of a misconfigured server. This is the latest instance of patient data privacy at risk due to improper use of healthcare systems.

The breach came to light when one of the patients found a file with their own data while searching for their name on Google. The matter was brought to the attention of UW Medicine after which an internal investigation was carried out. It was later found that protected health information reporting files were visible by search on the internet from Dec. 4, 2018.

The misconfiguration occurred because of a coding error when data was being moved onto a new server. The files, according to UW Medicine, ‘contained patients’ names, medical record numbers, and a description and purpose of the information. The files did not contain any medical records, patient financial information or Social Security numbers.’ However, for some patients, the files did include the names of lab tests but not the results.

The breach was discovered on 26th Dec and UW Medicine took steps to remove the information from their site and any other third-party sites which might have saved the information related to patient data.

“Because Google had saved some of the files before December 26, 2018, UW Medicine worked with Google to remove the saved versions and prevent them from showing up in search results,” officials said in a statement. “All saved files were completely removed from Google’s servers by Jan. 10, 2019.”

It must be noted that this is the second instance of data breach at UW Medicine. Back in 2013, social security numbers and medical data of 90,000 patients became vulnerable when an employee opened an attachment containing malware. At that time, the provider paid almost $750,000 over the breach with an assessment to address patient data risks and vulnerabilities.

This time around UW Medicine officials have said that they will be reviewing their protocols and procedures to prevent such similar breaches in the future. For now, the breach has been reported with the Office for Civil Rights.

Server mis-configuration such as the one at UW is likely to overtake ‘phishing’ as a top source of breached data according to the Chief Security Officer at Box and current partner at Andreessen Horowitz Joel de la Garza.

A prime example of other instances such as UW medicine is the server security mishap at Rubrik, an enterprise software company focused on cloud data management. There, a misconfigured AWS Elasticsearch server led to private data exposure of major customers of Rubrik.

In a high-risk environment, organisations need to be wary of data leaks such as these. And while it’s safe to assume that this trend is poised to continue, the need of the hour is to educate the IT teams and staff about cybersecurity, data privacy, and data integrity.

Source: UW Medicine/Newsroom

How Teams Became The Fastest Growing Business App In Microsoft’s History

How Teams Became The Fastest Growing Business App In Microsoft’s History

In December last year, a report by Spiceworks pegged Microsoft Teams as the second most used business chat app, ahead of Slack and behind Skype for business. This incredible growth and fast adoption of Teams has been phenomenal, especially considering that the app just launched two years ago.

So, how did Microsoft Teams go from just a fringe chat app with minimal adoption to being the fastest growing business app in Microsoft’s history?

Real-time collaboration and chat applications have become new age communication tools which append the usefulness of workplace emails by providing a secure and team-based platform. These new applications work across multiple operating systems and offer multi-disciplinary functionalities including group chat, video conferencing, meetings, and data sharing. For any organization big or small, a single tool which is resourceful enough to replace various internal disparate communication systems, brings immense value.

From 2016 to 2018, Microsoft Teams grew from 3 percent to 21 percent in terms of app penetration. This growth was amplified by Microsoft’s decision in 2017 to make the app available to business users of Office 365, for free. While other competitor applications like Slack also offer free versions, Microsoft amped the product with functionalities which specifically targeted industries like healthcare. This led to Microsoft Teams defining its own niche within the business app category and beating the competition at its own game.

A good example of this strategy from Microsoft is the schedule-management feature that debuted with rave reviews. Using the schedule-management feature in Teams, managers can create, share, and edit staff schedules within employee groups. The employees too can swap shifts, and request time off using this functionality.

Another example of Teams as an innovator in niche industries like healthcare is the new patient-care coordination offering. Although right now in private preview, the new offering integrates the platform with electronic health records and provides secure messaging which is highly relevant in the healthcare industry. Secure messaging helps healthcare professional stay HIPAA-compliant when sharing patient data and information through chat apps.

“New experiences for Firstline workers will roll out to Teams over time. With this expanded feature set, Teams is the hub for teamwork for all workers,” a spokesperson had said back in September 2018. These new features coupled with the fact that 87 of the Fortune 100 companies are currently on the platform establishes Teams as the go-to workplace collaboration app.

A string of new functionalities provided a shot in the arm for the Teams app, but its success is based on more than just workplace productivity features. Teams is the perceived leader for security, manageability, and cost-effectiveness, which makes it the preferred choice over Slack, even though both apps are neck-to-neck in terms of reliability, compatibility, and user-friendliness.

While it’s difficult for collaboration apps to replace conventional communication tools like emails completely, applications like Teams help in making workplace communication faster and efficient. The end goal for business users, therefore, is to leverage apps like Teams for real-time group collaboration without worrying about the security of such communication.

Integrating FHIR-enabled electronic health records with Microsoft Teams is now available in exclusive Private Preview. To learn more and register, click here.

Patients’ Access to Own Health Records Set to Become Easier

Patients’ Access to Own Health Records Set to Become Easier

Accessing your own health data free of cost will soon become a reality as Federal health regulators proposed major regulations coinciding with HIMSS 2019. Information related to insurance claims, hospital and doctor records will be available for patients on their smartphones once the policy comes into effect.

“Patients have really lost in the system,” said Seema Verma, administrator of the Centers for Medicare and Medicaid Services. “Today, instead of filing cabinets and paper silos, we now have electronic silos that make it difficult for patients to access their own health data.”

The rule, when it comes into effect, will be helpful for patients who want to electronically access information from the healthcare providers’s EHR (Electronic Helath Record) systems. This information can include details such as doctor notes, reports, and historical medical data. The patient will not be charged for these records.

“The rule really is, OK, let’s figure out how to get this information out technically and let’s force it out,” Don Rucker, the national coordinator for health information technology in the Department of Health and Human Services, told WSJ.

In recent times, hospitals have caught on the digital transformation train and started offering online patient portals. These portals however, redact critical information such as imaging scans and doctor notes. This new draft policy aims to make the process and information sharing more transparent.

“It’s very hard for individuals to get their health information today,” Deven McGraw, a former federal official told WSJ, despite existing laws that protects such access.

Companies like Apple have already started building tools which can store personal health information in real-time and this draft policy is expected to bring health data to our digital devices. Claims data, including the cost of services will also be opened for access by patients.

Since the regulations will make it mandatory for the hospitals to follow the guidelines to participate in the Medicare program, the healthcare providers might finally have to be fully transparent and make critical information available to the patients on-demand.

How Providers Gamed the System by Offering Chargemaster Prices Without Insight

How Providers Gamed the System by Offering Chargemaster Prices Without Insight

The Center for Medicare and Medicaid Services (CMS) required hospitals to post their standard charges for every item they use (also known as chargemaster prices) online from the 1st of January. Their expectation was that this price transparency would translate to patient empowerment, as it would enable patients and their caregivers to make informed choices between healthcare providers, based on the cost of the treatment required.

In full compliance of the regulatory requirements, hospitals around the US have made their chargemaster price information publicly accessible. The providers, however, have failed to give meaningful access to the costs related to patients and their treatment. Let’s delve deeper and understand why unloading data related to cost of treatment without any insight is not helpful:

  • Hospitals dumped all the costs in huge lists online without throwing light on the cost of specific services. So, if someone wanted to compare the costs involved in a tonsillectomy, not only would they need to know the names of each consumable, each test, and each service but also the doctor/specialist charges that would be incurred during such a surgery.
  • Some providers have posted a link to an excel sheet online, which displays massive columnized lists showing prices of more than 20,000-35000 items, making it difficult if not impossible, to verify the costs prior to availing any medical service.
  • Many of these lists posted online use abbreviated names, codes, and mixed-up terminology, making it nearly impossible to understand anything from them.
  • Thousands of services have been listed with minor variations and described using abbreviations and codes to reflect price variations. This makes the process even more cryptic.
  • Some providers have displayed the costs using complex software which is only machine readable and defeats the purpose of a transparent policy.

chargemaster prices

The raw data that’s been dumped online is useless to the public and could even be misleading. But of course, there are always exceptions to any rule and some consumer-friendly hospitals like El Camino Hospital in Mountain View, Calif., Baylor Scott & White, Tx., among others. They have invested the time and effort needed to provide transparent online tools which enable patients to make a reliable estimate of the out-of-pocket expenses they would incur for their services. These tools factor in an individual consumer’s health plan benefits and deductible status before providing the estimate.

Currently there are no checks in place to ascertain the integrity of the data posted by providers online and no penalties for non-compliance. Therefore, it is necessary for the CMS guideline to include some checks and balances to attain true price transparency. Till then, the patients and their families will have to contend with complex documents to analyze cost differences across different care options.

5 Innovative Ways Microsoft Teams is Transforming Care Coordination

5 Innovative Ways Microsoft Teams is Transforming Care Coordination

Healthcare in 2019 is all about value of care. While healthcare payors and providers have been heavily investing in the latest medical technology, productivity tools have somehow remained outdated. With renewed focus on value of care and clinicians increasingly resorting to innovative and complex treatment paths, care delivery is becoming more collaborative and team-based. It is therefore imminent that healthcare providers invest in tools to empower clinicians for better care delivery using a secure platform.

Microsoft Teams provides a set of care-coordination solutions to enhance patient care, reduce costs and help stakeholders collaborate without risking patient-data privacy and security. Microsoft Teams has slowly established itself as the go-to productivity tool when it comes to patient care. Today, it is preventing thousands of healthcare workers from burnout due to administrative paperwork. While the platform is finding mass-adoption, here are five incredibly innovative ways in which Microsoft is transforming care coordination through Teams:

Aggregate patient’s records in a secure location

Clinicians can now aggregate all patient data including patient history, lab results, notes on patient health, and previous care results at a single location. Verified team members can access these files related to patient data on a dedicated channel and provide inputs as the patient traverses through the care continuum. A centralized care plan not only reduces time to value-care for patients but also reduces hurdles for clinicians by providing a safe collaborative environment.

Meet and make decisions even if offsite

Microsoft Teams makes decision-making simpler and faster. Clinicians can now meet online without the need to be physically present at one location to make decisions on a patient’s case. Every member on a channel can connect online, even if offsite, and help deliver accurate and faster care for critical cases that require immediate decision making.

Review and update patient care plan records collectively

Now team members can edit and provide updates on patient records through focused discussions within the purview of care delivery plans. Team members can work on Office 365 apps such as MS Word at the same time and review care delivery path in real time.

Integrate EHRs and deliver interdisciplinary care

Health providers are increasingly using integration capabilities of Microsoft Teams to connect to Electronic Health Records and provide a real time communication platform for everyone involved in the patient’s care.

No data privacy risk: HIPAA compliant

Data privacy and security is one of the biggest concerns in the health IT space and Microsoft Teams does a good job of addressing those concerns. The platform is HIPAA compliant with almost 1100 internal controls for data privacy. Microsoft also claims that the ‘platform leverages billions of data signals with machine learning’ to ensure protection of sensitive health data. With such robust tools and features, Microsoft Teams is leading the pack in data security and privacy as a trusted cloud platform.
Aurora network, a not-for-profit healthcare network in the United States is leveraging Teams solution to deliver patient centered care.

By accommodating interdisciplinary decision makers under a single umbrella, Microsoft Teams is helping streamline communication and workflows for better care delivery networks.

Member Login

How Interoperability in Healthcare is Helping Patients and Improving Quality of Care

How Interoperability in Healthcare is Helping Patients and Improving Quality of Care

Healthcare costs have been on the rise ever since the late 90’s. In fact, they have almost doubled over the last decade, especially in the USA. The Health IT sector, however, has tried to address these concerns related to cost in innovative ways. Reducing wait times, eliminating room for error and improving the quality of healthcare in general has drastically improved the affordability of care. Interoperability in healthcare has lead this change.

Here are some ways healthcare data and application interoperability can help patients by improving patient outcomes, cutting costs, and aiding value-based care.

Reduce Wait Times and Improve Quality of Care

With interoperability, patient information across several systems is available to doctors at any point in time. This makes collecting, analyzing, and processing data a breeze as opposed to sending out an email to a blood bank or a lab for related patient info, thereby reducing patient care and wait times.

A good example of a Microsoft Azure solution is the Novari ATC. It provides an efficient flow of information across systems in the OR to facilitate better surgical wait times and e-bookings of cases in real time. By reducing OR and other wait times through effective data and application interoperability, doctors and administrators are able to efficiently care for patients. This leads to a higher success rate with treatment. In short, interoperability in healthcare has a considerable positive impact on patient experience.

Eliminate Room for Duplicate Records

A study conducted at the Children’s Medical Center in Dallas showed that duplicate records increased patient cost by over $1000 on average. Creating a standard access point for patient data eliminates this massive expenditure on duplicate tests, prescriptions, and reports.

A good example, is the OLIS (Ontario Laboratories Information System) system in Ontario – a province-wide central data repository that stores lab tests and other health documents that can be digitally transferred.
Dapasoft has integrated many acute care provider EHR system including Cerner, Meditech, and Epic to name a few so that lab data is easily accessible in a central repository.

Improved Patient Engagement

The increased use of mobile health apps in the past decade have given patients the chance to access their health records remotely and even communicate with their provider. This is where data standardization kicks in, to make sure that data moving from one system to another is converted and streamlined smoothly. Patient Engagement stops patients from visiting/revisiting and has show to aid the quality of care in general.

Dapasoft helped William Osler Health System (WOHS) setup their MyChart patient portal in just about 18 months by leveraging the hospital’s existing BizTalk Server. The portal saw over 18,000 patients sign-up and helped improve patient engagement and outcomes.

Interoperability in Healthcare Allows for Movement of Massive Amounts of Data

While the security of data on cloud-based systems and mobile devices is vulnerable to breaches, it allows for a large volume of data storage. A recent Cisco report showed that health data will grow nearly four folds in the next five years and that in turn becomes a task to manage manually. With interoperability, this data can be moved through various systems and platforms, which indirectly helps keep patient data segregated while allowing for massive storage.

A good example is NEODIN (Northern and Eastern Ontario Diagnostic Imaging Network), a regional diagnostic image repository that allows for the storage of X-rays, MRI, CT Scans, ultrasounds and other records from over 62 hospitals in one secure central repository.