Healthcare, Ransomware, and Security Breaches

Ransomware, a treacherous malware exploit that encrypts victims’ data or prevents access to their devices, netted cybercriminals an estimated $1 billion in 2016.

Data-related extortion attacks on businesses rose three-fold during the first nine months of last year, equating to one every 40 seconds. Two-thirds of those hit by ransomware lost all or part of their corporate data and one-quarter spent weeks trying to restore access, according to Kaspersky Labs, a data security firm.

Perhaps even more alarming is a predicted shift from chaotic and sporadic ransomware incidents to steadier assaults in higher volumes. “There is no such thing as a low-risk sector anymore,” Kaspersky’s research warned.

Healthcare, with 16 percent of organizations having been hit by ransomware, ranks in the top 10 among targeted industries.

High stakes for healthcare

Hospitals and health systems, as HIPAA covered entities, must adopt safeguards to ensure the confidentiality, integrity and availability of electronic protected health information (ePHI). The Department of Health and Human Services’ Office for Civil Rights (OCR), which enforces HIPAA, issued guidance in 2016 presuming a breach in the event of a ransomware attack involving ePHI. In other words, it’s up to the provider organization to prove that a breach did not occur by demonstrating low probability that ePHI was not compromised.

Nonetheless, many organizations remain non-compliant or take a stance of “calculated non-compliance.” That means they deem any potential fine to be cheaper than the reporting costs or technical resources needed to investigate incidents to OCR’s satisfaction, according to James Scott, senior fellow at the Institute for Critical Infrastructure Technology.

All the same, providers should be concerned whether ePHI is properly encrypted and adequately protected against compromise by ransomware. And from a system-wide perspective, additional safeguards should include proper use of passwords, removal of outdated software and unauthorized apps, adherence to regular backup procedures, and educating users not to open attachments or click links from unknown senders. Additionally, operating systems, browsers and antivirus programs should be updated to the latest version on all devices.

Also worth noting: Security shortfalls may be present in system integrations written in-house or by contracted developers.

In any event, “negligence gives cyber criminals the incentive to continue to launch ransomware attacks,” notes security website CSO.

And — as if on cue — a newly discovered form of ransomware may be released this month, reports TechRepublic. The malware, known as RedBoot, not only encrypts files but also permanently repartitions hard drives, rendering data unrecoverable. The alert advises businesses to back up workstations to some form of network or cloud storage, refresh all antivirus software definitions, and train users to avoid phishing scams.

A big ask

Hospitals have their hands full providing the best care possible for patients, around the clock, every day of the week. In that light, they shouldn’t be expected to shoulder the entire load of locking down data against an ever-expanding array of intruders.

Networking companies such as NetDirector have the expertise and capabilities needed to properly secure and integrate healthcare data. All of our certifications and processes (e.g., HIPAA and SOC2) are maintained above industry standards in a fully redundant, cloud-based platform. Healthcare clients put their trust in NetDirector to securely handle more than 10 million data and document transactions per month.

Although ransomware and related intrusions are real concerns, NetDirector stands ready to consult and assist in hardening defenses across the healthcare ecosystem.

For more information, please contact us or request a free demo.

NetDirector Enters Comprehensive Agreement to Partner with My Constant Care, LLC for Integration Services

TAMPA, Fla.Sept. 28, 2017 /PRNewswire/ — NetDirector, a cloud-based data exchange and integration platform, has expanded their Integration-Platform-as-a-Service (iPaaS) offerings once again. A strong partnership has been forged with My Constant Care, LLC to provide them with a cloud based integration suite for the already cloud-centric company.

My Constant Care (MCC) provides a unified cloud-based platform for integration and delivery of preventive services such as Annual Wellness Visits, Chronic Care Management, Advanced Care Planning, and Preventative Screenings. Their turnkey delivery model provides patients with the full spectrum of preventive services to enhance overall care delivery without disrupting day-to-day operations of the practice. My Constant Care focuses on maximizing value to both providers and patients. They do this with expert coordination of preventive care options available today while strategically shaping these services to meet performance requirements expected of their future providers in the future. They offer a no-financial-risk solution to the physicians, providing the staff, software, and technology to perform their services.

Utilizing the cloud for integration was a clear next step to elevate the services offered by MCC. NetDirector’s One-to-Many style integration allows MCC to connect to NetDirector once and exchange data seamlessly with EHR systems, billing platforms, and more as the hub expands. Now, MCC’s services can integrate with existing provider platforms as well as future additions to a provider’s suite of technology solutions without relying on internal resources to bridge the gap between solutions.

My Constant Care helps primary care physicians provide a level of service to their Medicare population previously not achievable by small practices,” says Kellie Privette, the Director of Sales and Business Development at MCC. Privette added that “NetDirector’s integration expertise and technology allows MCC to seamless transfer patient data into their customer’s EHR and billing systems, without double entry of a substantial amount of information.”

This integration also increases a provider’s compliance, allowing even small practices to provide the quality and timeliness of service of a larger provider while maintaining and exceeding compliance standards for the healthcare technology industry. By eliminating data entry steps and automating the exchange of patient information securely, the integration allows for providers utilizing My Constant Care to focus more on the patients, and less on the technology behind the scenes.

“We’re very enthusiastic about our partnership with My Constant Care,” said Harry Beisswenger, CEO of NetDirector. “Their services fill a gap in the healthcare industry, and we’re looking forward to helping them achieve their goals of seamless preventive care for everyone.”

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. With security and longevity as a focus, NetDirector is a certified HIPAA Compliant and SOC II Type 2 certified company, a 6-year member of the prominent Inc. 5000, and currently processes more than 8 million transactions per month.

Blockchain Technology: An Emerging Force in Healthcare Integration

Back in March, at the conclusion of the HIMSS17 annual conference, we pointed to blockchain as one of the most noteworthy recent developments in the healthcare IT space. We emphasized that blockchain technology, which uses a distributed database and cryptography to securely manage records and create a permanent record of online transactions, deserves recognition for its potential to increase IT and organizational efficiencies — highly valued attributes in light of Healthcare’s perpetually constrained resources.

An IBM Institute for Business Value study explains that data captured on blockchains can be shared in real time across a scalable group of individuals and institutions. “Every event or transaction is time-stamped and becomes part of a long chain, or permanent record, that can’t be tampered with after the fact,” according to the study report, which finds 16 percent of healthcare organizations ready to commercialize blockchain at scale in 2017.

Where will things go from here?

Room to grow

In practical terms, blockchain could be used in areas such as population health to aggregate patient and financial data that formerly would have been available only from separate sources such as health information exchanges and claims databases.

Further, blockchain’s ability to enable secure and irrevocable data exchange systems would provide “seamless access to historic and real-time data, while eliminating the burden and cost of data reconciliation,” explains Reenita Das, senior vice president of transformational healthcare at research firm Frost & Sullivan.

Micah Winkelspecht, founder and CEO of blockchain start-up Gem, characterizes blockchain as a tool for interoperability — in essence, an open-source protocol layer incorporating rules to which software can be written. “It’s basically like a language that all [participating] companies agree to speak in order to be able to interoperate with each other,” he adds. Unlike the current EHR-centric healthcare system, blockchain would be the “underlying fabric” for the entire continuum of care, “a decentralized, distributed, global data repository that’s basically shared and controlled by everyone,” he envisions.

Cross-industry philosophy

Related, in the mortgage industry, a similar foundational approach has experts believing in blockchain as an enabling technology empowering lenders to overcome current challenges in electronic processes.

Blockchain would be applied as a thin layer atop an existing document management system to effectively “freeze” a copy of the signed documentation, thereby proving it has never been altered and that the original document resides in its original location. Focus would shift from e-signature tools to blockchain as the core technology structure for compliance and document management — without requiring a completely reworked electronic process.

NetDirector recognizes ongoing and changing security needs in industries such as healthcare and mortgage banking. Companies on the front lines shouldn’t have to rewrite existing integrations or pay multiple vendors in their respective networks to operationalize individual system connections.

Within the healthcare ecosystem, NetDirector’s HealthData Exchange builds on a standard data model to map to HL7 or other data formats and achieve EHR interoperability while removing the bottlenecks of traditional interfacing. Such integrative technology holds the promise of making future security updates and landscape changes far more manageable.

For more information, please contact us or request a free demo.

Security in Data Migration, and When Not to Migrate

There’s no turning back on the cloud computing revolution. By 2020, more than 90 percent of data center traffic will be cloud traffic, according to Cisco’s Global Cloud Index forecast.

Separate analysis from 451 Research finds enterprise spending on hosting and cloud services up by 26 percent in 2017 over 2016, outpacing a 12 percent increase in total IT budgets during the same span. “Hosting and cloud services are becoming a focus of IT investment, via both new projects and the migration of existing workloads,” observes Liam Eagle, research manager at the firm.

In healthcare, 76 percent of new or existing workloads are moving to the cloud, in areas such as data archiving, backups/disaster recovery, back-office applications and server virtualization.

Some might even say the transition to cloud is happening too quickly. In fact, the simplicity of initiating cloud projects has raised eyebrows among industry observers — especially since protected health information (PHI) is at stake. “The ease of spinning up a cloud application can create, in and of itself, a risk,” says Shane Whitlatch, enterprise vice president at data security firm FairWarning. “Because cloud projects are easy to start, it’s also easy to just leave them there and not monitor them.”

Does he have a point?

Setting the record straight

Without a doubt, companies across all industries have made some missteps in migrating data to the cloud. In certain cases, organizations have viewed data migration as a one-time event rather a process that will likely be repeated over the years. Therefore, it’s important to analyze whether an IT infrastructure can hold up to the demands of a full-scale migration, reports HealthITInfrastructure.

Closer to home in healthcare, organizations often fail to assess data-quality issues before embarking on a migration. This might come into play, for example, when moving data from a legacy electronic health record (EHR) system to a new EHR application.

And while it’s certainly possible for a healthcare provider to fall victim to the scenario Whitlatch envisions (e.g., gathering PHI for research purposes and later abandoning that data outside established controls on a cloud-based platform), most organizations would avoid that type of vulnerability through due diligence. They recognize that cybersecurity is a shared responsibility between cloud provider and customer. HIPAA’s Security Rule, for instance, applies in equal force to data protection whether the data resides in on-premise systems or in the cloud.

Additionally, above all other factors, healthcare organizations are concerned about adherence to regulatory requirements such as HIPAA when selecting a cloud services provider, according to a 2016 study conducted by HIMSS Analytics.

NetDirector’s HealthData Exchange, a cloud-based platform for exchanging data between healthcare entities, has been certified as HIPAA-compliant under audit by a third-party security and compliance solutions provider. This certification “strengthens the trust that our clients place in us to safely integrate their platforms and transform their data,” explains NetDirector CEO Harry Beisswenger.

For more information on the HealthData Exchange platform, please contact us or request a free demo.

Midyear Healthcare and Technology Progress Report

High availability, interoperability, and utility in population health management all figured prominently in an early 2017 forecast of areas where healthcare CIOs expect information technology (IT) to deliver significant impact for their organizations.

Here’s a look at how things are shaping up at the year’s midpoint.

Systems availability

While natural disasters or cyber-attacks can knock out — or lock out — critical IT systems without warning, healthcare entities still need to prepare for such events. In fact, the HIPAA Security Rule requires health care covered entities to have a contingency plan for responding to unavailability of electronic health information systems.

The Department of Health and Human Services’ Inspector General reported last year in a survey of 400 hospitals that about two-thirds have contingency plans addressing data backup, disaster recovery, emergency mode operations and testing/ revision procedures. Nonetheless, over half of the surveyed hospitals confirmed an unplanned disruption to their electronic health record (EHR) system, and about a quarter of those experienced delays in patient care as a result.

So far this year, EHR outages continue to make headlines:

  • An April 2017 poll, conducted by online physician community Sermo, found that 55 percent of 1,678 responding U.S. doctors had experienced an EHR outage or malfunction that jeopardized the health or safety of a patient.
  • Also in April, Erie County Medical Center and an associated long-term care facility experienced a system-wide shutdown attributed to a ransomware attack. The hospital’s backup process prevented loss of any patient records or financial data, but its EHR was taken offline for six weeks, during which time activities such as patient admissions and prescription writing had to be handled manually.
  • In a separate incident at the end of February, an ophthalmology-specific EHR experienced “technical difficulties” due to outages of Amazon’s S3 cloud-based hosting service.

Data center and cloud services provider Peak 10 recommends that healthcare entities not only review their IT privacy and security policies and procedures but also insist that their service level agreements with technology providers specify agreed-upon security objectives and how compliance will be ensured.

Interoperability

In late March, the Office of the National Coordinator for Health IT (ONC) shared several examples of what it described as “interoperability in action from coast to coast.” Among the programs ONC showcased:

  • An app that imports patient data — including personal and medical device data, remote monitoring and reminders — into a comprehensive family health dashboard.
  • A solution that allows clinicians to create customizable push notifications that can be tailored to individual patients or groups.
  • A smartphone app that allows patients to grant or revoke permission for providers to access, send or receive health information electronically.
  • A secure system for users to seamlessly store and share data with trusted care professionals.

Additional projects outside of ONC’s purview are taking aim at other aspects of interoperability. In April, Ascension Health, Cedars-Sinai Health System and Hospital Corporation of America opened the Center for Medical Interoperability. The lab will provide resources for researchers to test data-sharing connections for medical devices and EHRs. In February, the Personal Connected Health Alliance agreed to partner with the Integrating the Healthcare Enterprise initiative in efforts to improve health data exchange through conformity testing and certification with a focus on standards-based, open specifications.

Population health

No single type of data serves as a comprehensive source of information for population health management. For example, claims data includes patient demographics, diagnosis codes, and dates and costs of services; however, the information is retrospective and limited to just billable aspects of care, explains a recent HealthITAnalytics report. Likewise, EHR systems provide clinical details but often contain unstructured, free-text descriptions that are difficult to extract and analyze.

Still, healthcare organizations continue to press forward with population health initiatives. Vanderbilt University just released a report card — the first of its kind in the nation — intended to guide the planning, implementation, and evaluation of programs and policies to improve men’s health across the entire state of Tennessee. It identifies heart disease and cancer as the leading causes of death in the state and reveals a deficit in men having a personal health provider. Meanwhile, Stanford University’s Center for Population Health Sciences has awarded $275,000 in pilot grants to fund studies seeking to improve population and community health, including a mobile surveillance system that will map autism and gaps in treatment services.

Efforts such as these will help drive discovery of what works in real-world practice of population health management. “As an industry, we can increase the socialization of toolkits and case studies so that healthcare organizations can more clearly define all aspects of population health management model design,” observes Jennifer Rogers, an analyst at Chilmark Research. She adds that optimal IT deployment will speed up gains in value for current and future adopters of population health models.

Availability, interoperability, and population health projects face a balance of challenges and opportunities as we enter the second half of 2017. NetDirector continues to innovate with cloud-based, foundational integration solutions that will help healthcare organizations seamlessly handle the electronic exchange of information in each of these areas within their respective ecosystems. For more information, please contact us or request a free demo.

NetDirector Launches Powerful Integration with Equator® for Orders and Deliverables

Tampa, FL – May 9, 2017 – NetDirector, a cloud-based data exchange and integration platform, has spent several months working alongside Equator, the leading provider of default software solutions for servicers, real estate agents, vendors and other mortgage and real estate industry professionals. The work has yielded a powerful zero-footprint integration option for default servicing firms utilizing Equator.

Equator’s infrastructure software as a service (iSaaS) solutions include EQ Workstation®, EQ Marketplace®, Midsource™ and EQAgent®/EQVendor® portals, which can be used a la carte or as an end-to-end solution. Equator’s REO, short sale and loss mitigation modules processed over $21 billion in transactions in 2015, and have processed more than $315 billion in transactions since its inception. Currently, 4 of the top 5 U.S servicers and the largest holder of real estate are on the Equator platform. With such a high volume of mortgage banking transactions taking place with Equator, it was an easy next step for NetDirector to develop the one-to-many style integration that has fueled their integration platform-as-a-service (iPaaS) business model tailored to the Equator platform.

“NetDirector has worked very closely with us to not only develop, but to thoroughly test this powerful integration suite for default servicing attorneys,” said James N. Vinci, Chief Technology Officer of the Equator business. “We’re excited to collaborate with them, and we believe this collaboration will generate serious efficiency for attorney firms utilizing Equator.”

The initial integration launch includes “Orders” and “Deliverables”, which resemble the referrals and events that are utilized by other industry standard software interfaces in the default servicing sphere. The “Deliverables” also allow for certain documents to be uploaded and other transactions and processes are on the table for future development. Automating these transactions through a cloud-based integration platform provides increases to efficiency through reduced data entry and automated processes. It also significantly reduces the labor stresses of developing and maintaining the integration internally at the attorney’s cost.

“Our ecosystem continues to expand with yet another powerhouse in the industry as we welcome Equator as a new participant,” said Harry Beisswenger, NetDirector CEO. “Our goal is to provide the integrations to default servicing firms that offer the most value, and there has been a major demand for this service. We look forward to the prospect of further data and document integration with the Equator platform in the future.”

Company Bio:

NetDirector provides a secure cloud-based data and document exchange solution for the healthcare and mortgage banking industries to deliver seamless data integration between parties. NetDirector bridges gaps created by disparate systems & technologies by allowing companies at any location to share data & documents securely over a single internet connection with any other member of the ecosystem. Our approach allows trading partners to collaborate and exchange data in a seamless, bi-directional, real-time manner. With security and longevity as a focus, NetDirector is a certified SOC 2 Type II Compliant company, a 6-year member of the prominent Inc. 5000, and currently, processes more than 8 million transactions per month.

Case Study – Automation in Attorney Firm

Our new case study featuring an ROI study on integration and automation with NetDirector + CaseMax in a default servicing attorney firm is now available.

You can find the case study here:

ND_CaseMax_CaseStudy_Button

Healthcare Year in Review: The Data Perspective

As 2016 comes to a close, major developments in health information technology reveal continuing storylines for the year to come. Here’s a brief overview of progress made and ongoing opportunities for health information exchange to surmount pending challenges.

Value-based care

Medicare and commercial insurers are moving quickly toward valued-based payment models, leaving fee-for-service behind. Nonetheless, the implementation of supporting technology remains a work in progress. The 2016 HIMSS Cost Accounting Survey reveals that about half of healthcare provider organizations participate in some type of alternative payment model, but only 3 percent believe they are highly prepared to make the pay-for-value transition. “It will be critical that the industry reaches some level of consistency in terms of how providers should manage the exchange of clinical and financial information between all parties involved in an episode of care, regardless of whether they are part of the same healthcare delivery system,” explains Pam Jodock, HIMSS’ senior director of health business solutions.

Legislation

On December 13, President Obama signed into law the broad-reaching 21st Century Cures Act, which makes significant investments aimed at solving some of the nation’s biggest health challenges. Among its many varied provisions, the Cures Act seeks to improve health IT interoperability by promoting complete access, exchange and use of all electronically accessible health information for authorized use under applicable state or federal law. The legislation puts a priority  — and calls for a Government Accountability Office study — on patient-matching technology that would accurately identify patients for electronic exchange of health information among providers.

Cloud computing

The shared-resources, data-on-demand model known as cloud computing continues to evolve as a trusted healthcare technology core component “underpinning the continued development of electronic health records and big data analytics,” reports HIT Infrastructure. This aligns with increased use of software-as-a-service offerings in areas such as clinical data systems and technical support desks as organizations look to lower costs and improve overall operations, according to research firm Gartner. Cloud security and compliance concerns remain in play, however, especially in the handling of health data and protected health information.

Data sharing

Data is seemly everywhere these days, continually growing, with much of it available to be shared. Despite concerns about the privacy and security of health data, 77 percent of respondents to Rock Health’s 2016 Digital Health Consumer Adoption Report are interested in sharing their health information — especially to get better care from their doctor. Among those surveyed, 79 percent said they would divulge their health history, physical activity (76 percent) and genetic data (64 percent) with a physician. On the flip side, in regard to accessing health information, it matters most to those in poor health. Twenty-eight percent of respondents who self-rated their health status as poor or bad highly desired an electronic copy of their health records, while only 19 percent of those in good health were as interested.

Behavioral health and special care innovation

The U.S. Department of Health and Human Services projects treatment spending on mental and substance use disorders will total $280 billion in 2020. Including individuals with intellectual or developmental disabilities and those who require long-term services and support because of chronic medical conditions or physical disabilities, more than 35 percent of U.S. annual healthcare expenditures flow toward care for groups that constitute less than 20 percent of the population. Efforts to understand population health risks and intervene with preventive care models that reduce costs and improve care have started to gain traction, reports CIO. In one such initiative, Quest Diagnostics is working with University of California San Francisco to tap a database of 20 billion lab test records, combined with a five-minute cognitive assessment, for early detection and treatment of dementia.

NetDirector’s cloud-based HealthData Exchange comes into play in many areas of the developments that have shaped health IT during 2016. The service not only facilitates EHR integration and streamlines clinical workflow and communications with the extended provider community, but also complements existing IT investments.

For more information, please contact us or request a free demo.

Why is Interoperability Progress So Slow?

A little over a year ago, a group of electronic health record (EHR) vendors and providers gathered to map out objective, transparent measures of health information exchange.

Research firm KLAS and the College of Healthcare Information Management Executives (CHIME) shortly thereafter released a joint study of more than 240 provider and 15 vendor organizations. The resulting report identified the most-needed improvements for EHR interoperability: better coordination among vendors, timely location of patient records and greatly enhanced parsing capabilities.

“The data show that there is a lot of activity around health information exchange and data sharing,” CHIME CEO Russell Branzell added. “Providers and vendors, however, agree that effective management and use of standards is critical to moving forward.” He also cited patient identification as a major barrier to creation of an interoperable health network.

Further, the report emphasized that better data flow between providers would be essential during healthcare’s transition from a fee-for-service environment to a value-based delivery model and reimbursement system.

Recent gauge on progress

At the end of August 2016, the KLAS Interoperability Measurement Advisory Team unveiled details of its framework for benchmarking and assessing interoperability performance among EHR vendors. The work focuses on clinical end users’ experience related to:

  1. availability of needed information;
  2. ease of locating records;
  3. ability to view outside records within the clinical workflow; and
  4. impact on patient care.

Roughly a month later, KLAS published its 2016 Interoperability report, which highlighted “significant immaturities” in the marketplace. Of particular note, only 6 percent of surveyed providers confirmed delivery of information accessed from exchange partners on a different EHR in an effective way to facilitate improvement in patient care.

At the front end of the process, respondents reported reasonable access — 28 percent of the time — to information on a different EHR. The ability to locate records was “automatic or simple” a mere 13 percent of the time. Receipt and location of desired information within the clinician’s workflow via integrated display or EHR tab happened just 8 percent of the time.

“We learned that challenges related to effective sharing, especially with a different EHR vendor than your own, are experienced across all facility types and across all vendors,” observed Bob Cash, vice president of provider relations at KLAS.

Nonetheless, Cash expressed optimism that vendors and providers would work through the identified challenges, with the current results serving as a baseline for tracking progress in coming years.

A forward-looking approach

While vendors and providers continue to ramp up interoperability efforts among individual systems, NetDirector has already established expertise in EHR integration, delivering data through a cloud-based exchange. And since NetDirector’s HealthData Exchange uses HL7 standards, it can enable information exchange not only with EHRs but also with practice management systems, lab information systems, health information exchanges, PACS and radiology information systems.

Hospitals and physician practices have engaged with NetDirector to reduce the time, cost and effort involved with EHR integration. What’s more, the technology streamlines clinical workflow, an essential component of ongoing interoperability initiatives across the industry.

For more information, contact NetDirector or request a free demo.

New Transaction Type: Invoice Status Request/Response