Security in Data Migration, and When Not to Migrate

There’s no turning back on the cloud computing revolution. By 2020, more than 90 percent of data center traffic will be cloud traffic, according to Cisco’s Global Cloud Index forecast.

Separate analysis from 451 Research finds enterprise spending on hosting and cloud services up by 26 percent in 2017 over 2016, outpacing a 12 percent increase in total IT budgets during the same span. “Hosting and cloud services are becoming a focus of IT investment, via both new projects and the migration of existing workloads,” observes Liam Eagle, research manager at the firm.

In healthcare, 76 percent of new or existing workloads are moving to the cloud, in areas such as data archiving, backups/disaster recovery, back-office applications and server virtualization.

Some might even say the transition to cloud is happening too quickly. In fact, the simplicity of initiating cloud projects has raised eyebrows among industry observers — especially since protected health information (PHI) is at stake. “The ease of spinning up a cloud application can create, in and of itself, a risk,” says Shane Whitlatch, enterprise vice president at data security firm FairWarning. “Because cloud projects are easy to start, it’s also easy to just leave them there and not monitor them.”

Does he have a point?

Setting the record straight

Without a doubt, companies across all industries have made some missteps in migrating data to the cloud. In certain cases, organizations have viewed data migration as a one-time event rather a process that will likely be repeated over the years. Therefore, it’s important to analyze whether an IT infrastructure can hold up to the demands of a full-scale migration, reports HealthITInfrastructure.

Closer to home in healthcare, organizations often fail to assess data-quality issues before embarking on a migration. This might come into play, for example, when moving data from a legacy electronic health record (EHR) system to a new EHR application.

And while it’s certainly possible for a healthcare provider to fall victim to the scenario Whitlatch envisions (e.g., gathering PHI for research purposes and later abandoning that data outside established controls on a cloud-based platform), most organizations would avoid that type of vulnerability through due diligence. They recognize that cybersecurity is a shared responsibility between cloud provider and customer. HIPAA’s Security Rule, for instance, applies in equal force to data protection whether the data resides in on-premise systems or in the cloud.

Additionally, above all other factors, healthcare organizations are concerned about adherence to regulatory requirements such as HIPAA when selecting a cloud services provider, according to a 2016 study conducted by HIMSS Analytics.

NetDirector’s HealthData Exchange, a cloud-based platform for exchanging data between healthcare entities, has been certified as HIPAA-compliant under audit by a third-party security and compliance solutions provider. This certification “strengthens the trust that our clients place in us to safely integrate their platforms and transform their data,” explains NetDirector CEO Harry Beisswenger.

For more information on the HealthData Exchange platform, please contact us or request a free demo.

New Healthcare Developments from HIMSS17

The massive meet-up known as HIMSS17 drew more than 42,000 healthcare IT professionals to Orlando during the last full week of February. Attendees learned the latest on artificial intelligence (AI) and blockchain technologies — and how they may impact the sector — along with crucial updates on information security and electronic health records (EHRs).

The non-profit host organization, the Healthcare Information and Management Systems Society, released a study showing that 56 percent of providers expect increases in their IT budgets this year. They’re also in sync with vendors and consultants on the top priorities for leveraging clinical IT, including privacy/security, care coordination, and population health, according to the research. At the same time, providers continue to struggle with how to get the most out of their existing EHR systems.

A ‘year of action’ in AI, cloud computing, and consumerism

IBM CEO Ginni Rometty’s opening keynote highlighted growth in the company’s Watson Health consultancy, which launched in 2015 and now employs more than 7,000 people. Watson Health has large “cognitive computing” projects underway at Memorial Sloan Kettering and Cleveland Clinic. Rometty said healthcare decision-makers elsewhere are in the midst of due diligence regarding cloud, data architecture and AI platforms.

Ed McCallister, CIO at University of Pittsburgh Medical Center, told Healthcare Informatics during the conference that 2017 will be “a year of action” rather than concept. “In the past, we talked about ‘to cloud or not to cloud,’ and now we’re hearing about approaches,” he explained.

Intermountain Healthcare CIO Marc Probst added, “Where we need to up our game is thinking about how to engage with the consumer and [how to] modify our overall operations and become a digital healthcare delivery system.”

Blockchain breaks through

Aside from those practical discussions, HIMSS17 also served up substantial buzz related to blockchain technology, which creates a permanent record of online transactions. A distributed database manages the records, secured by cryptography. Blockchain could be used in population health, for instance, to aggregate the patient and financial data that formerly would have been available only from separate sources such as health information exchanges and claims databases. A summary from Surescripts, which runs a nationwide network of healthcare entities, noted that the technology “has the potential to increase IT and organizational efficiencies, keep data secure, and streamline patients’ access to medical data.”

Security remains a top concern

Information security has been a constant worry in healthcare for many years, as the sector strives to match measures already in place in more advanced industries such as banking and finance.

Symantec released a report conducted by HIMSS Analytics showing growth in the number of IT employees dedicated to security. However, healthcare organizations devote just 6 percent of their overall IT budget to security, while over one-third have implemented only basic security controls.

More than 700 healthcare CIOs attending the concurrent CHIME Forum got a firsthand look at potential vulnerabilities from Kevin Mitnick, a former hacker once on the FBI’s Most Wanted list. Mitnick, now a “white hat” security consultant to Fortune 500 companies, provided a live demonstration of how easily organizational networks could be penetrated.

“You can always mature your security processes,” Mitnick advised, pointing out efforts to segment networks and use two-factor authentication. “You can take the steps necessary to make [your organization] a harder target so that the bad guys go to another company that doesn’t use rigorous security controls.”

Open EHRs evolve

EHR giant Cerner is focusing on making their software open and interoperable. “We’re going to do anything possible to move forward on interoperability,” commented company president Zane Burke. “We view it as a moral obligation in our industry.” Cerner will collaborate with partners to develop needed solutions that can plug into its EHR platform via application programming interfaces.

Meanwhile, EHR rivals Epic and Allscripts are also working on ways to extend their reach. Epic announced progress on two scaled-back versions of its flagship EHR — at lower price points. And Allscripts CEO Paul Black said, “When people talk about ‘open,’ our definition has to do with being vendor-agnostic, [allowing] a very deep level of integration.” Allscripts’ interoperability suite can pull out data from different EHRs and put it into a single community record, yielding one view of multiple subsystems.

But experts were quick to emphasize that the ultimate success of emerging EHRs depends on embedding physicians in the shaping of products. “Anything that takes too much time and detracts from patients will lead to a lack of interest in the technology,” observed Richard Deem, senior vice president of advocacy for the American Medical Association. Doctors become frustrated when poorly designed interfaces don’t match their workflow or fail to deliver patient information efficiently.

From all indications at HIMSS17, healthcare IT continues to transform in bold, interconnected dimensions. Click here to learn more about how NetDirector’s HealthData Exchange helps providers and vendors reach their goals by electronically moving clinical and financial data among disparate systems.

New Transaction Type: Invoice Status Request/Response

Transaction Spotlight: Fees and Costs Request

Additional Events for a Variety of Servicers

Update – Ocwen/Equator Transition

We have additional updates regarding the Ocwen/Equator transition, as the transition from Ocwen to Equator continues to move forward.

The process of creating the data integration is well underway with NetDirector and Equator. Currently, we are providing the integration with foreclosure files only.

Due to the upcoming and current changes, this integration piece should replace the previous Intelligent Data Agents (IDA) method used for the cut over. If your firm is still using the IDA method, contact your integration analyst about how to transition to the new integration.

Available integrations and specific updates include:

  • Bankruptcy Referrals (IDA Process)
    • Bankruptcy Orders, Motion for Relief, Proof of Claim, Notice of Payment Claim, Notice of Final Cure, Reorganization Plan, Supplmemental Proof of Claim
  • Foreclosure Referrals (Data Integration)
    • Finalizing the implementation process
  • Standard Events/Deliverables (Data Integration)
    • Will be for Foreclosure Orders only
    • These events will require documents to be uploaded as part of deliverable
  • Document Uploads (IDA Process, planning to move to data integration)
    • Done through Equator (formerly ResWare®)
  • Invoice Import (IDA Process)
    • Still done through REALRemit®

If you have any questions about the transition, please contact your integration analyst.

HIPAA Incidents Highlight Need for Adherent Technology Approach

It’s been a busy summer for the Department of Health and Human Services’ HIPAA-compliance body, the Office for Civil Rights (OCR). Between late June and early August, OCR reached settlements totaling $11.65 million in four cases of HIPAA violations and vulnerabilities.

In chronological order:

A $650,000 settlement announced June 29 stated that Catholic Health Care Services (CHCS), which provided management and IT services as an HIPAA business associate to six skilled nursing facilities in the Philadelphia area, failed to safeguard residents’ electronic protected health information (ePHI). Theft of a CHCS-issued iPhone — unencrypted and not password-protected — compromised the ePHI of 412 residents. OCR determined that CHCS had no risk analysis or risk management plan in place for handling PHI, as required under HIPAA’s Security Rule.

OCR announced on July 18 a $2.7 million settlement with Oregon Health & Science University (OHSU) over “widespread and diverse problems” that will be addressed through a three-year corrective action plan. OCR’s investigation started after OHSU submitted breach reports involving unencrypted laptops and a stolen unencrypted thumb drive containing ePHI. Although OHSU performed risk analyses in six years between 2003 and 2013, the processes did not cover all ePHI in OHSU’s enterprise. “While the analyses identified vulnerabilities and risks to ePHI located in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these documented risks and vulnerabilities to a reasonable and appropriate level,” according to OCR.

A statement released July 21 detailed multiple alleged HIPAA violations at the University of Mississippi Medical Center (UMMC) settled by a $2.75 resolution amount and corrective action plan. OCR found that ePHI stored on a UMMC network drive was vulnerable to unauthorized access via the organization’s wireless network. Users could access files in an active directory after entering a generic username and password. The directory included 328 files with the ePHI of an estimated 10,000 patients dating back to 2008. OCR determined that UMMC was aware of risks and vulnerabilities to its systems as early as 2005, but failed to take risk-management action until after the breach. The agency cited “organizational deficiencies and insufficient institutional oversight.”

Advocate Health Care Network agreed to settle potential HIPAA penalties for $5.5 million and by implementing a corrective action plan, OCR announced on Aug. 4. The settlement amount was the largest to date against a single entity, according to OCR, reflecting “the extent and duration of the alleged non-compliance.” The investigation began in 2013 after Advocate submitted three breach notification reports pertaining to separate incidents involving a subsidiary, Advocate Medical Group. The combined breaches affected the ePHI of approximately 4 million individuals, the agency reported. The incidents included the theft of four desktop computers from an administrative office building, unauthorized access to a billing service’s network, and theft from an employee vehicle of an unencrypted laptop — exposing ePHI in each case.

HIPAA audits also a consideration

OCR’s recent actions stemmed from investigations following breach notifications. However, healthcare organizations should also be prepared for the agency’s stepped-up HIPAA audit activity. Every HIPAA covered entity and business associate is eligible for an audit. So-called remote “desk audits” are currently underway and will be completed by the end of 2016. Onsite audits will follow, covering a broader scope of requirements from HIPAA’s rules.

As indicated, the stakes have never been higher for healthcare providers and vendors when handling ePHI. Technology such as NetDirector’s HealthData Exchange electronically moves data among disparate systems while adhering to HIPAA security standards. While helping to ensure compliance, the cloud-based solution frees up time that can be allocated to optimizing the patient care experience.

For more information on how to ease regulatory burdens, contact NetDirector or request a free demo.

 

 

NetDirector makes Inc. 5000 for 6th Consecutive Year

TAMPA, Fla., Aug. 23, 2016 /PRNewswire/ — NetDirector, a leading cloud-based integration and data exchange provider, has been named as a member of the prestigious Inc. 5000 list for the 6th consecutive year, a recipient of the GrowFL “Companies to Watch” award, and a member of the Gulf Coast 500 by Business Observer FL.

Companies like NetDirector that are included on the Inc. 5000 list are among the top companies in the nation, having demonstrated the highest growth in revenue over the last three years. The companies with the highest percentage growth and who meet the other qualifications are then published by Inc. as the Inc. 5000. It is an honor for NetDirector to be included in this list for the 6th consecutive year. With only 4.6 percent of the companies on this year’s list making it on for six consecutive years, it is a very rare accomplishment. NetDirector intends to continue the trend in the coming years with their expansion of integration offerings in the healthcare market.

Florida Companies to WatchSM chooses the 50 companies statewide that are expected to see significant growth over the next several years. NetDirector was among more than 500 nominees for Florida Companies to WatchSM, which is a statewide program managed by economic development group GrowFL, in association with the Edward Lowe Foundation. This is the first year NetDirector has been named as one of the Florida Companies to WatchSM.

The Gulf Coast 500, published by Business Observer FL, is awarded to the Top 500 ranked companies in nine counties along the gulf coast, as decided by total revenue. NetDirector earned a spot in the Gulf Coast 500 for the fourth consecutive year thanks to their steadily increasing client base and revenue.

By linking disparate systems with “plug-and-play” style connectivity, NetDirector eases the operations of companies in the mortgage banking and healthcare industries by allowing data to flow seamlessly from one party to another. Maintaining security and data integrity has been another key focus of NetDirector from the beginning. GrowFL, Business Observer FL, and Inc. recognize the importance of these key factors in today’s evolving mortgage and healthcare technology environments.

“To be included on these lists and receive these awards really tells us that we’re doing things right,” said NetDirector CEO Harry Beisswenger. “NetDirector is committed to the success of a variety of organizations in healthcare and mortgage banking, and we know the secret to that lies with seamless integration workflow.  We owe all of our achievements to the NetDirector team, our customers, and our strategic partners/vendors.”

For more information on connecting to NetDirector’s ecosystem contact us at 813-749-7131 or info@netdirector.biz to explore how NetDirector fits in your organization.

Saving Money for Patients and Providers in Healthcare

Economists and actuaries at the Centers for Medicare and Medicaid Services project U.S health spending to increase an average of 5.8 percent for the period of 2015-2025. That rate will outstrip growth in the gross domestic product by 1.3 percentage points, with health spending representing 20 percent of the total economy by the forecast period’s end.

Higher medical costs and an aging population afflicted with chronic disease will continue to drive spending, while policymakers and providers look to new care/payment models and information technology (IT) as counteracting forces. “Every single strategy needed to fix what’s wrong with U.S. healthcare will require intensive IT facilitation, data analytics and process management,” observed Mark Hagland, editor-in-chief of Healthcare Informatics, in a recent commentary.

On medical frontlines, technology costs at physician-owned multispecialty practices have spiked more than 40 percent since 2009, according to newly released data from the Medical Group Management Association (MGMA). While acknowledging technology’s “crucial” role in helping healthcare organizations move away from traditional fee-for-service structures, MGMA CEO Halee Fischer-Wright, MD, added: “We remain concerned that far too much of a practice’s IT investment is tied directly to complying with the ever-increasing number of federal requirements, rather than to providing better patient care.”

Nonetheless, practices have made headway in patient-facing technology implementation, notably portals that present an interface for patients to view personal health information and carry out transactions online. More than 50 percent of 850 respondents to an MGMA poll said patients were able to set up appointments through their practice portal.

What’s more, portals could play a role in retaining patients over time, concludes a report from athenahealth, which supplies cloud-based EHR and revenue cycle management technology to nearly 80,000 providers. The research shows that after an initial visit to a primary care practice, 80 percent of patients with portal accounts returned for a second visit within 18 months (compared to patients without portal accounts returning 67 percent of the time).

On a broader scale, integrated IT makes possible the sharing of patient information among healthcare’s complex network of stakeholders. For example, radiology service provider EmCare Rays uses a data and document exchange solution from NetDirector to replace point-to-point HL7 integrations with each of its customers. “We believe that we can improve client integration turnaround time and reduce ongoing support overhead,” noted Ivo Yueh, director of IT software development at EmCare Rays.

So while technology such as NetDirector’s HealthData Exchange enables seamless communication among providers, billers, labs, radiology services and others, it also achieves interoperability across the board and improves communication and patient outcomes — potentially at lower costs.

That’s important not only for its immediate impact but moving forward as well. Policy-makers want to see more digital health technologies tailored for use by patients who formerly would have fallen through the healthcare system’s safety net. Timely outreach and interconnection to people likely have to have a chronic disease is a clear path to cutting treatment costs, they say.

 

For more information about technology that’s bending the healthcare cost curve, contact NetDirector or request a free demo.

 

 

New Transactions – Referral Request, Document Request, Reflag Referral Request

We’re excited to be offering three new transactions to our clients that will increase automation of your business processes.

The first is a referral request enhancement. The Referral Request is a request/response transaction for Black Knight only. This enhancement provides firms with the ability to get completed step/form information from a referral. This request can additionally be triggered based on the receipt of sub process referrals that are launched from the completion of a DDF or from a step present in the workload. (additional fee request process).

Benefits of the Referral Request include the retrieval of data filled in by servicers in DDF through an automated process, and getting completed step dates of old referrals and transfer files.

The second new transaction is the Document Request. This is available for Black Knight V2 currently, with Black Knight V3 available in December of 2016. The request contains the RID of the referral package your firm would want to receive.

This transaction alleviates the auto-completion of milestone events from downloading documents, and would still allow firms to select which document types they want to receive, and when they receive them. The cost for the Document Request is one base transaction, and returned documents are charged as normal documents.

The third transaction being added is a Reflag Referral Request. This transaction provides the ability to receive referrals through the existing referral intake process. This transaction is based on the RID for BKFS, or the loan number and case type for Vendorscape. The process consists of the request but also includes an asynchronous response to ensure your firm knows that the referral has been properly reflagged.

Benefits of the Reflag Referral Request include the ability for firms to import transfer files or referrals with changed information or additional information. The cost for Reflag Referrals is one base transaction.

We are currently seeking beta testers for the Doc Request and Reflag Referral transaction types – please contact your integration analyst if interested, or email ndsupport@netdirector.biz.