Health care organizations should take extra cybersecurity measures to protect imaging devices and systems because they "are particularly susceptible" and "often incorporate software that is vulnerable to threats," said J. Anthony Seibert, a radiology professor at the University of California at Davis' school of medicine. Dr. Christopher Roth, an associate radiology professor and Duke Health's vice chairman of information technology and clinical informatics, cited the importance of training workers and regularly testing them on security practices.
Michael Archuleta comments on cybersecurity in health care
Michael Archuleta, director of IT, Mt. San Rafael Hospital
Health care data breaches will cost the sector $4 billion this year. We continue to see issues ranging from legacy systems and poor patch management practices to cybersecurity issues on medical devices. It's becoming increasingly difficult for health care organizations to find funding for an area that does not produce revenue. Past reports from other security researchers show the majority of health care medical devices continue to operate on legacy platforms, making them vulnerable to breaches.
Health care organizations need to have accurate counts of internet of things devices that are connected to their network so they have a better understanding of the associated risks. This will also give organizations a more complete perspective of the environment and how it relates their cybersecurity strategy, and underline the importance of putting more funds toward cybersecurity improvements.
With a well-rounded focus on cybersecurity, health care organizations can identify openly exposed devices and develop plans, ensuring mitigation of cybersecurity risks to improve outcomes and keep patients safe.
Improve your customers' digital experience Healthcare organizations are using new tools to transform their digital presence and create a better experience for their consumers. Creating a full-cycle experience is not only better for patients, but also leads to reduced readmission rates and other unnecessary post-discharge costs. Click here to begin designing a better patient experience.
Health IT leaders say cybersecurity and ransomware attacks will remain significant threats to hospitals and health care systems in the coming year but warn new issues are also emerging. Leo Bodden, chief technology officer and vice president of NewYork-Presbyterian Hospital, cites concerns about market disruptions like the entry of Google, Apple and other technology firms into the field, while Memorial Healthcare System CIO Jeffrey Sturman warns increased competition from non-traditional players such as CVS and Walgreens is also a cause of concern.
Health care providers can take several measures to pass or avoid a security audit by the HHS Office for Civil Rights, and the most important step is to "educate all staff members on the requirements contained within the Office of the National Coordinator for Health IT Guide to Privacy and Security of Electronic Health Information," says Troy Young, chief technology officer at AdvancedMD. Other steps include reviewing policy and procedure documentation, discussing EHR and software data protection with vendors, setting strong passwords and frequently updating them, and creating a security risk assessment or management plan.
CHIME and other health care organizations have long supported congressional action to allow HHS to fund the establishment of a national patient identification system. NPIs would facilitate the matching of patients to their medical records, thus improving efficiency and reducing the risk for medical errors, and it would improve the security of Social Security numbers, though cost and patient privacy are issues that must be addressed.
The American Hospital Association, the Association of American Medical Colleges, the Children's Hospital Association and the Federation of American Hospitals filed a lawsuit against the Trump administration in the US District Court in Washington, D.C., seeking an expedited decision on a rule requiring hospitals to make public the rates they negotiate with insurers. The plaintiffs contend the rule violates the First Amendment by compelling speech and exceeds the intended meaning of "standard charges" transparency in the Affordable Care Act.
Forty-two states and the District of Columbia have laws regarding telehealth reimbursement, but the laws vary, and four of those states do not require reimbursement, according to a report from legal firm Foley & Lardner. Thirteen states require coverage of remote patient monitoring, and 34 require coverage of store-and-forward telehealth services.
CHIME's new Organizational Leaders Membership is accepting applications. This is a convenient way to bring your expanded leadership team into CHIME and expose them to all the resources CHIME has to offer. Learn more.
Registration for CHIME's Spring CIO Forum in Orlando, Fla., is now open. Take advantage of the exclusive hotel block reserved for CHIME members at the Hyatt Regency Orlando Hotel, located directly across the street from the Convention Center. Register now.
Ask yourself: 'Does this subject move me to feel, think and dream?'