Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?

What Should You Do To Secure Your ePHI?

Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?

If You Don’t Secure Your Data–Prepare For Ever-Increasing Fines

According to Health IT Security, in February 2019 Tennessee-based Community Health Systems (CHS) settled with the 4.5 million patients impacted by its 2014 data breach. Those patients who experienced identity theft or fraud due to the cyber attack will receive up to $5,000 each.

The lawsuit counsel also requested approval to award attorney’s fees for the case (about $900,000), as well as an incentive award of $3,500 for each patient they represented.

This is just one example of a healthcare breach and its effects. Click here to learn about some of the biggest healthcare breaches for 2018. 15 million patient records were breached in 2018 as hacking and phishing surged. This number tripled from 2017.

Don’t Let This Happen To Your Healthcare Business–What Should You Do To Secure Your ePHI? — Ask your IT provider to implement a Layered, Managed & Proactive Approach To IT Security.

This is the industry’s definitive source to prevent healthcare data breaches…

You need these 4 layers:

1. For your Computers: Your need Anti-Virus, Anti-Malware and Zero-Day Protection that’s managed by your IT Managed Service Provider so you know new updates are being applied daily.

• Managed Anti-Virus & Anti-Malware: This keeps both known and emerging viruses and malware off of your workstations and servers. Because it’s managed, it stays up-to-date with the latest cyber threats. It also protects against new viruses by using behavioral scanning and heuristic checks. These detect new, unrecognized viruses and malware and send them to a sandboxed environment away from your core systems. This is essential with all the new virus and malware threats being created each day.
• Zero-Day Protection: This provides end-to-end cybersecurity protection for your computers, as well as your networks, endpoints, mobile devices, and cloud-based services when an unknown security vulnerability in computer software or an application occurs, and where a patch hasn’t been released to handle it.

2. On Your Network: You need a Next Generation Firewall. This detects and blocks complicated cyber attacks by enforcing security measures at the protocol, port and application level.

Next-Generation Firewalls can be implemented in either software or hardware. The difference between a standard firewall and a next-generation firewall is that the next-gen performs a more in-depth inspection and in smarter ways. It brings added information to the firewall’s decision-making process. It also has the ability to understand the details of web traffic passing through, and can take action to block anything that might exploit your network’s vulnerabilities.

3. Email:  You need SPAM filtering with link and document scanning. This is a service designed to block SPAM from your users’ inboxes. It sets up an email gateway that stops the bad guys before they reach your inbox while making sure the good guys (you) aren’t bogged down trying to manage it. Many email messages today are SPAM. SPAM filtering is critical for keeping phishing emails off your computers. However, even the best filters can’t block 100 percent of SPAM messages. This is another reason why you need #4 below.

4. User Education: Different sized organizations cope with dissimilar problems, but all have employees who are usually the weakest link in their IT security. Modern phishing and social engineering attacks are a major threat to medical businesses today. Even a single unaware employee is enough for a cybercriminal to trick through email to gain access to your ePHI, data, finances and more.

Security Awareness Training tackles this problem head-on. You need ongoing education that trains your employees in cybersecurity measures and protocols via a comprehensive curriculum that includes simulated hacking and phishing attempts —This helps your employees know what to look for when using your IT systems.

To ensure cybersecurity, your staff should know…

• How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
• How to use your practice management technology without exposing data and other assets to external threats by accident.
• How to respond when they suspect that an attack is occurring or has occurred.
• Additional vital information to maintain cybersecurity.

In addition …

Ask your IT provider to implement these 4 solutions to minimize your risk:

1. Data encryption so your ePHI and EHRs are secure both in transit and storage.
2. Multi-factor authentication where your users must use two or more forms of electronic identification to access data.
3. Routinely patch and update your software programs to close any security gaps.
4. Mobile Device Management to protect your data if mobile devices are lost or stolen.

With this and a layered, managed and proactive approach to IT security, you should have a fighting chance against today’s cyberattacks.

Healthcare providers have a legal obligation to keep patient data security, whether it’s at rest on a server or in transit to the cloud or a third party. To maintain regulatory compliance and the confidence of your patients, your practice needs to be vigilant in the technologies that it deploys to make sure that all personal and medical information is protected.

Unfortunately, hackers are using sophisticated means to steal this data, sell it or hold your medical practice hostage until you pay massive ransoms. The cost to your practice can be significant, both in dollars spent, patients who leave and reputation lost.

Your practice and patients need an IT solution that provides reliable services to protect data and monitor your IT systems. Otherwise, you leave the data far more vulnerable.

A managed service provider (MSP) that knows the complex issues facing medical businesses today is your best defense. Here’s a look at some of the most common IT issues facing practices and how you and your (MSP) can guard against them.

How Do I Manage All the Users Who Have Access to Patient Data?

Not all cyberattacks are perpetrated by outside parties. Employees — current and former — may have access to sensitive information, which is why processes and procedures need to be in place to manage access. Two common issues are:

• Controlling Privileged Access. Your practice needs to routinely review which employees have administrative access or privileged accounts in your system. Assess access needs for employees who change roles within the practice and practice “need to know” procedures when determining who sees what.
• Removing Accounts. Whenever an employee leaves a practice, especially if they are terminated, it’s important to remove their access immediately and inactivate their accounts. Many practices create generic accounts for vendors, contractors and consultants and forget to review and delete them. In addition to deletion in the moment, there should be a regular review of active accounts to make sure they are still necessary.

What Security Issues Are Due to Our Products?

Servers and software are major access points for disruption. There are a couple of common vulnerabilities that practices should look at:

• Changing Default Credentials. Desktop computers, laptops, firewalls, wireless access points and routers come equipped with default usernames and passwords. These defaults are widely known. If you keep those credentials on the devices, you’re making it that much easier for hackers to gain access.
• Changing Default Configurations. Just as with your devices, your operating system will come preconfigured with settings that should be changed immediately after installation.

What Do I Need To Do When Transmitting Data?

Many servers include services such as file transfer protocol (FTP), Telnet and terminal services. You should not transfer any information using these tools as they are easily “sniffed” by hackers using freely available methods. For example, FTP and Telnet need to regularly reauthenticate access credentials. Usernames and passwords are sent as text that can be easily accessed by third parties.

Data transfer should be done using sophisticated encryption protocols when transmitting and backing up data.

What Can I Do To Help Employees?

Your employees are your first line of defense against a cyberattack. Automation and education are the keys to prevention.

You need to make sure they are aware of methods used by bad actors and can detect suspicious emails and attachments that pose a major risk to the practice.

It also means making sure you have automated security tools in place to prevent attacks. You need to provide anti-spam, anti-malware and anti-phishing tools that run automatically on every connected device on your network. These software apps should be updated automatically to address the ever-emerging new viruses, worms and trojans that do damage.

You also need to make sure that patches to software and operating systems are applied automatically and immediately.

With some careful planning and the right technology partner, your health care business and its data will remain safe.

The red tape that normally surrounds the administration of patients in the healthcare industry is a leading cause of physician burnout, as many data experts have noted. Healthcare providers are responsible for a growing volume of paperwork and other off-patient work, and the trend towards greater bureaucracy seems to be inevitable. By some estimates, one hour of bedside patient care results in two hours of paperwork post-visit for the average physician.

Fortunately, AI-driven resources are finding new avenues for physicians to spend less time in front of mounds of paper. With new technology in tow, there are now new ways to administrate patient encounters. Physicians are able to stay in compliance with watchdogs, take smarter notes on patients and provide better overall care.

AI in the Medical Marketplace

One such technology, Suki, is a voice-enabled digital assistant that is made specifically for professionals in the medical industry. Suki is designed to help doctors with patient documentation, giving them more time to focus on the bedside. The technology has the ability to respond to complex voice commands, using those commands to create notes that are clinically accurate. The program also has the ability to enter those notes directly into an electronic health record (EHR) system.

No voice technology is able to completely replace direct input, but it does reduce the need for it immensely. AI also reduces the instance of human error in the data input stage during medical transcription and dictation. The result is a significant time savings when creating and organizing medical documents.

Where the technology succeeds most is in leveraging AI to “teach” the program the idiosyncrasies of the physician that is using it. Eventually, the Suki that is used by an individual physician will become a digital scribe that is unique to that person, fully capable of note taking with very low input from the physician himself. Suki is based on successful commercial digital assistants like Alexa, but the nod to the medical industry is an essential one. Currently, commercial digital assistants do not have the ability to learn from esoteric medical terms or organize records in a way that is specific to medical watchdog standards.

Other speech recognition systems that are focused on medicine include Sopris Health, Deepgram, Saykara, Dragon Medical Practice Edition and Nuance.

The Link Between AI and EHR

Digital assistants for the medical industry must be specific to the industry for another reason – the mandatory use of the EHR in the industry. HIPAA standards now require EHRs to form a significant part of each provider’s data infrastructure. Any note-taking or administration program that claims to help the medical industry must follow the protocols set forth in HIPAA standards.

The fact that Suki and other AI driven technologies kept these standards in mind allowed them to more easily implement new features that are relevant to physicians. These features include customer-facing options such as imaging and X-ray integration and supply-side improvements like improved end-user response times.

EHR technology gives the physician room to dictate data on a patient while in the room seamlessly, but only with the right process in place. Having a digital assistant that is geared to dictate medical records saves huge amounts of time. Many doctors in the orthopedic and sports medicine industries report that they are saving up to an hour of administration time per patient.

With AI and EHR in tow, doctors have the choice to document the patient during the visit or after. This saves a huge amount of time during the initial visit, a time that is usually spent gathering the entire patient history. Experts believe that doctors will save even more time when patients begin to become aware of these technologies. As patients become more open to their use, more doctors will implement them with greater levels of comfort.

Patients can also take command of the notetaking process when AI and EHR are used correctly. As notes are being taken, some doctors actually encourage patients to chime in if there is a point of clarification or some information that has not been considered.

Patient and Clinician Satisfaction

It is well known that doctors are judged by their bedside manner just as much as their technical skill or knowledge of medicine. One of the major benefits of AI is the ability to reduce physician burnout, a phenomenon that reduces the ability of physicians to present a warm, empathetic bedside manner.

Initial studies on Suki show an average note completion time of 1.5 minutes, down from 4.8 minutes per note without Suki or any other voice assistant tech. This adds up to approximately one hour of time saved per day. More importantly, it increases the time that doctors can spend truly connecting with patients during the encounter.

Future Success

Although the advantages of AI are well documented, its success depends on a number of factors. Experts have stated that vendor support is essential for more widespread adaptation of the technology. There must also be more attention paid to the unique needs of the physician practice.

Artificial intelligence and robotics are poised to change the entire economic landscape over the coming decades, with an estimated 30% of existing jobs poised to be taken over by robots by 2030. Nowhere is this more evident than in healthcare. Many healthcare tasks are routine and prone to human error, making them prime targets for automation. At the same time, patients and ethics experts remain skeptical as to how robots may replace the expertise and compassionate presence of human medical providers.

Current Role of Robots in Health Care

Many people assume that robots in medicine remain years away, but the technologies currently deployed in medicine may come as a surprise. The first robotic device for surgical procedures, the da Vinci Surgical System, was initially approved by the Food and Drug Administration in 2000. It has performed more than 20,000 since, offering safe and reliable surgical interventions overseen by a human surgeon.

Surgery is not the only area of medicine where robots have made an impact. Powerful UV light-emitting robots disinfect surfaces and entire rooms, reducing risk of hospital-based infections such as MRSA or C. diff. Prosthetic robotic limbs interface with the nervous system to restore movement and the sense of touch to amputees. Automated dispensing robots limit medication dispensing errors in pharmacy settings. And clinical training robots offer lifelike simulations of medical conditions to help doctors during their training.

Future Applications of Artificial Intelligence and Automation

With each year, the role of automated systems in health care continues to expand. Industry experts predict a major shift in how health care is delivered over the next few decades. For example, robots are perfectly poised to increase access to medical services in rural or underserved areas. In a telehealth model, robots may collect routine clinical information such as a patient’s blood pressure, heart rate, breathing, and presenting symptoms. A remote specialist can then use the clinical information to make a diagnosis and offer a treatment plan.

Robots may also be deployed in rehabilitation settings to assist with physical therapy for patients with spinal cord injuries or neurologic diseases. Integrating robotics with virtual reality can help patients improve mobility, balance, strength, and coordination.

Human-sized robotics systems are not the only ways that robots may revolutionize medicine. Microbots or nanobots are tiny mechanical devices being developed to deliver drugs to specific sites. Currently, chemotherapy and other medical interventions cannot be specifically targeted to one area of the body. Researchers are developing microbots and nanobots made from biodegradable materials that can deliver medications without being attacked by the human immune system.

Limits of Robotics in Health Care

Despite the advantages of artificial intelligence and automation, there are significant drawbacks when considering how to provide high-quality clinical care. Take, for example, the experience of Catherine Quintana, whose 78-year-old father was taken to Kaiser Permanente Medical Center in Fremont, CA, due to chronic lung disease. Quintana was shocked when a robot rolled into the room to deliver some medical news — that her father was dying and that the only remaining treatment was palliative care.

Though extreme, this example points to one of the fundamental limitations of automation in health care. Even with cutting edge automation technology, robots are incapable of passing as humans. In particular, they cannot convey human emotions and struggle to handle complex questions. This limits the role of robots in health care. Though they may be used for some types of automation, when it comes to discussing complicated chemotherapy regimens with an oncologist or delivering the news that a loved one has Alzheimer’s disease, we continue to crave human touch.

Despite these limitations, robots have a clearly defined role in our medical landscape. Routine tasks with a high potential for human errors are perfectly poised to be taken over by automation. The ultimate question is how we, as patients, will react and adapt to this new era of robotic medicine.