How to Recognize a Phishing Attack

Pat Stricker, RN, MEd

Senior Vice President

Last month’s article, Healthcare Data Breaches: Their Frequency, Impact, and Cost, discussed the overall impact that cybersecurity breeches are having on healthcare. Healthcare continues to lead all industries in the number of beaches with 27% and has the highest cost for data breaches at $408/record, nearly three times the cross-industry average of $148. While the number of data breaches in healthcare remained relatively the same between 2017 and 2018 (359 and 351), the number of healthcare records exposed increased at an alarming rate of over 250% (5,138,179 to 13,020,821). This shows that hackers are getting bolder. They realize each healthcare record is worth $50 on the black market, much more than Social Security and birth date records ($3) or credit card information ($1.50).  That is because healthcare records contain personal, financial, and medical data that can be used for Medicare fraud – the most profitable type of identity theft.

 

Studies also show that healthcare employees are seven times more often responsible than employees of other industries for causing breaches due to human errors and/or careless actions such as: inappropriate conversations; misuse or careless handling of mail, emails, and other hard copy documents; leaving computer screens or hard copy records unattended and visible to others; and sharing passwords or not logging off a computer when not in use.

 

However the biggest threat posed by employees is the intentioned, careless clicking on links or documents in “phishing” emails, which can allow hackers to steal the login information, giving them access to email or cloud accounts that contain patient data. These are usually innocent, unknowing acts by the employees, but they are very consequential to the organization. The links or documents in the phishing emails can expose PHI or embed malware within the computer system or network, resulting in serious network problems or system stoppages. This obviously causes significant issues and costs for the healthcare organization and financial gain for the hackers.

 

This is exactly what happened in the largest healthcare data breach in 2018. A health system email system exposed 1.4 million records when hackers sent emails to employees from a fake account that appeared to be coming from an executive within the organization. The email asked the users to disclose their email credentials. Once the employees clicked on the link or the attached document, the hackers gained access to internal email accounts and then to patients’ records. This phishing attack was not uncommon. The 2018  Verizon Data Breach report confirmed that phishing attacks are increasing, accounting for 43% of all data breaches. Other research found that over 90% of data breaches are the result of phishing emails and an average of 16 malicious email messages are sent to every email user every month.

 

That is scary!  That means we have at least 16 chances each month of clicking on a phishing email and creating a data breach or a ransomware attack causing a possible system outage of the entire computer network at our organization. How would you like to be the person responsible for causing the data breach and costing the organization millions of dollars in fines or paying a ransom to get the system up and running again?  Some employees have even been terminated due to this type of error, if it was done against normal company policies. I’m sure none of us would want to be in that situation, so we have to educate ourselves to be aware of possible phishing schemes and know how to avoid them. Let’s start by defining some key concepts.

 

Phishing is a scam aimed at getting an online user to reveal personal or confidential information for the purpose of identity theft. There are three types of attacks: 

  • Phishing – a general email that is sent as spam or as an email addressed to a large, non-specific group of users. The goal is to get users to open embedded links or attached files that, when clicked on, allow the hackers to access to the user’s system. Once in the organization’s system hackers can delve deeper to obtain personal information, credentials, logins, passwords, and other data.
  • Spear phishing – a more sophisticated and elaborate targeted phishing attack that focuses on a specific company or individual and combines tactics like personalizing or impersonating users so the spear phishing email is extremely believable and compelling. The goals are to bypass or evade email filters and antivirus software and gain access to a system in order to introduce malware and other attacks. This type of approach was used in the large breach described above.
  • Whaling – a specific attack that targets specific members of an organization’s upper management team by name. The goal is to obtain confidential company information by using a webpage or email that appears to be legitimate (corporate logo, color scheme, address, brand identity). It is usually presented as an urgent matter that needs attention, such as an internal corporate issue, a new or updated policy, significant complaint, or legal issue.

 

A phishing scam typically starts with a legitimate-appearing email from a person, company, or website asking the user to update personal information, such as a password, credit card, social security number, or bank account number. The message looks authentic and comes from organizations a user may have accounts with. It also may include legitimate-looking company logos and formats that the company uses. In fact, it usually looks so authentic that recipients respond to about 20% of them. In fact, the 2015 HIMSS Cybersecurity Survey of 300 health information professionals indicated that phishing attacks were their biggest future security fear and the “#1 thing that keeps Chief Information Security Officers up at night”. The 2019 HIMSS Cybersecurity Survey of 166 health information security professionals still found phishing to be a major concern, especially for those healthcare systems that are not conducting adequate phishing tests. One reason this is so worrisome is that the threat is directed at all levels of employees in an organization and it is relatively easy to get someone to unknowingly click on a link or document. It is not something Information Systems can control with tools and countermeasures.

 

Phishing attacks often introduce ransomware into computer systems by sending emails from legitimate-looking banks or credit card companies requesting the recipient to “update” their personal information (birthdate, social security number, passwords, etc.). When the attachment or link is clicked, malicious malware is introduced into the system, which can spread from one system to another. Ransomware can also be introduced, encrypting documents, music, pictures, and other files and making them inaccessible. The organization can be held hostage until they pay a ransom to unlock the files. If the ransom is not paid within a defined time the ransom is increased. Organizations that have routine back-ups of their system can eliminate having to pay the ransom and restore their system, but it still results in system downtime and a lot of time and effort to get the system operational  again. Organizations that do not have system back-ups have to pay the ransom or risk losing all their data.

 

Systems that are using older versions of software that are not receiving automated cybersecurity updates are very susceptible to phishing attacks. We cannot get lulled into thinking that the security programs on our system or our Information Technology (IT) department will handle all these threats. While some employees are specifically targeted because of their position or because of the types of information they have access to, all individuals and companies should assume they are or could be targets of phishing attacks. All it takes is for one person to click on a link that contains the malware. And I’m sure you don’t want to be “that person” who takes down the entire system!

 

Tips for Preventing Phishing Attacks

To make sure you are not a victim of a phishing attack, let’s review some things you can do to prevent getting “hooked”.  These two articles, 8 Ways to Prevent “Phishing Scams” and 10 Tips to Prevent Phishing Attacks, provide the following useful suggestions to help guard against phishing.

  • Learn to recognize potential phishing emails, such as those that:
  • Are sent as a general email without your name included.
  • Come from senders unknown to you.
  • Ask you to confirm or update personal information.
  • Make a request for information look like it is an urgent matter.
  • Threaten you with worrisome consequences, if you do not respond.
  • Look authentic – images in email look like or are similar to a known company.
  • Threaten to terminate your account or offer free gifts or promotional items.
  • Be sure to communicate personal information only via phoneor secure websites:
    • Do not give personal, financial, or login information to someone who calls or emails you requesting it. A legitimate organization will not ask for this information in this manner. Look up the number of the company or organization and call them directly or go to their secure website to provide such information.
    • For email transactions, make sure the website is secure before giving any information.

 

 

      • Look for “https” in the address bar.  The “s” means it’s secure.
  • Look for a padlock in front of the browser address and a “green address bar”, indicating the site has applied for a SSL certificate, is the legitimate owner of the website, and encrypts information to and from the site.
  • Even if the browser address has a padlock or a green address bar, you cannot be guaranteed that it is totally safe, since “phishers” are applying for certificates in names of companies with mis-spellings that are very similar to real websites, e.g. “phypal.com” instead of “paypal.com” or “banskfamerica.com” instead of “bankofamerica.com”. So check the website name carefully.
  • If you are still unsure about the site’s validity, double-click the padlock icon to see the security certificate. In the “Issued To” in the pop-up window you will see the name matching the site you think you are on. If the name differs, you are probably on an unsafe site.
    • If your browser gives you a message about an “untrusted security certificate” for a website, do not proceed to the website, as it is not trustworthy.
  • Do not download files or open attachments in emails from unknown senders. Even if emails are from known senders, be certain you know the files or attachments are trustworthy before downloading or opening them.
    • Files or attachments can contain malware that could infect your computer.  
    • Be careful of links that offer bargain, low cost products. They could lead to webpages that can gain access to your credit card information.
  • Beware of embedded links in emails that ask you to update your personal information or password, even if the email appears to come from someone you know. Phishing emails, in addition to looking legitimate by using company logos, etc., also try to look like a security-conscious organization by notifying you that your account was compromised and asking you to be proactive and re-register or change your password. They may even provide a hyperlink to make it “quick and convenient” for you. However when you click on the link and enter your information, it will steal your data. To prevent being “caught”:
  • Hover over the hyperlink to determine the address of the hyperlink. You should be able to tell if it is the official website address or a copy-cat. Example: banskfamerica.com instead of www.bankofamerica.com.
  • Always enter the company website address yourself or look up the company phone number and call to see if they are requesting the information. Legitimate businesses usually do not request personal information by email.
  • Never enter personal information through links provided in an email. Only login and enter personal information once you are sure you are on the official site.
  • Beware of pop-ups and follow these tips:
    • Never enter personal information in a pop-up screen. Legitimate organizations do not ask you to submit information that way.
    • Do not click on links in a pop-up screen.
    • Do not copy web addresses from pop-ups into your browser.
    • Enable pop-up blockers.
  • Use anti-spyware, firewalls, spam filters, and anti-virus software.
    • Anti-spyware and firewalls prevent phishing attacks from gathering data from your computer, e.g. webpages containing personal information, like credit cards.
    • Spam filters identify files that could contain unsolicited commercial email (UCE). Spam is identified based on the content, inaccurate header information, blacklisted files, known spammers or specific senders, or specific wording in the subject line or body of the email.
    • Antivirus software scans every file which comes through the Internet to your computer to prevent viruses from deleting files or directory information.
    • Update the programs regularly to assure they are able to block new viruses and spyware.
  • Consider setting up a free virtual private network (VPN) instead of using free, open, unsecured Wi-Fi networks that can be easily compromised. A Consumer Trust Survey found that 43% of the respondents use free, untrustworthy Wi-Fi networks.
  • Password protect all your devices. 61% of the survey’s respondents indicated their tablets were not password protected. Many smartphones are also vulnerable, because they do not have strong, up-to-date anti-virus and malware protection and the operating systems are not routinely updated. Unfortunately many phones are not password protected either, because users say it takes too long to access the content. The use of thumbprints and facial recognition have helped to gain quicker access and make phones safer, but it is essential to have all devices password protected. Isn’t it better to take a little longer to log in than to allow devices to be unprotected and the target of phishing schemes?

·         Be sure to use unique, strong passwords for all your websites. One-third of the respondents said they only use one or two passwords for all their websites. This is dangerous!
o    See hints for developing strong passwords in this previous newsletter article, Cybersecurity for Case Managers: Responsibilities of Individual CMs

  • Be sure your operating system and browser are updated to the latest version that addresses the most current online risks.
  • Whenever possible, do not allow websites to keep your payment information on file.
  • Do not share too much information on social media, such as birthdays, anniversaries, children’s names, what you like, what you are doing at work, when you are going on vacation, etc.  All of this can be used to create very targeted and believable phishing attacks.
  • Do not connect and share information with people you don’t know.
  • Do not use your own personal email while at work or while on your organization’s network. Your Internet Service Provider and computer system may not be as well protected as that of your organization and could be more easily compromised.
  • Do not click on ads, as they often contain malware or direct you to a phishing website. If you want to learn more about a product, directly enter the website or product name in the browser address.
  • Go to Anti-Phishing Working Group for a list of current phishing attacks, helpful resources, and the latest news in the fight to prevent phishing.
  • If you think you have been the victim of a phishing attack, be sure to report it right away to your organization, so it can be dealt with as soon as possible.

 

The weakest link in any security system is the human element and that’s particularly true when it comes to phishing attacks. Employees are the biggest threat, since they are the ones who initiate the action that allows the phishing attack to occur.  In addition, hackers have become more creative in manipulating and influencing people, which allows them to gain access to computer systems and obtain sensitive information.

 

Staff Education, Testing, and Monitoring

The most important aspect in preventing phishing attacks is education. Management staff is responsible for making sure all staff members are routinely provided with phishing training and continuously tested and monitored to assure they can recognize the threats and know how to avoid them. Phishing training sessions are recommended at least every quarter to condition employees to look for and report phishing emails. This type of training and monitoring can reduce the percentage of successful phishing attacks. Some companies also include monthly “phishing tests” in which test emails are sent to all employees to see if they are able to identify and handle them appropriately. Those who get “caught” are reminded and given additional education. Companies that encourage employees to report potential phishing threats rather than reprimand them for failing phishing tests tend to have greater success in curtailing threats.

 

The following are resources that include free phishing and cybersecurity quizzes, tests, tools, resources, and staff training programs that can be used by individual case managers to test their knowledge and awareness and by the management and IT staff to assess the organization’s level of potential threats, develop training and testing programs, and track program results. I hope you will find these useful.

Phishing Quizzes, Tests, and Tools

  • Phishing Field Guide from Barkly. Good information for managers about how to recognize, avoid, and stop phishing attacks. The Appendix includes: free phishing tests, anti-spam and email filtering tools, examples of real-life phishing emails to use to test yourself or your employees.
  • Top 9 (Free) Phishing Simulators from Infosec. Phishing Training Programs designed to provide educational awareness, resources, and tools that allow you to create and run your own phishing program.
  • Find Out What Percentage of Employees are “Phish-prone from KnowBe4. Access to a free phishing security test for up to 100 employees.
  • The Phishing Quiz tests your phishing knowledge to determine how skilled you are at detecting malicious phishing attempts.
  • Phishing Your Employees 101 is a simple, open source toolkit and education program designed to help organizations quickly and easily set up phishing websites and lures that can be used to test their employees’ phishing awareness.
  • GoPhish. A free, open source, user-interface tool for IT departments to use to develop their own phishing training, testing, and results tracking.
  • State of Phishing Defense 2018 Report from Cofense outlines the top 10 phishing threats, with metrics on susceptibility and resiliency rates; shows why users respond to certain phishes and can be used to develop awareness training and phishing simulations.
  • The Open DNS Phishing Quiz tests employees to see if they can delineate between legitimate and phishing websites.  

Cybersecurity Quizzes, Tests, and Tools

There’s no question that phishing poses a significant danger to healthcare organizations, as it is the preferred method for hackers to gain access to systems in order to capture PHI and/or deploy ransomware for their financial gain. In addition, all system users are potentially able to fall victim to a phishing attack and introduce malware into the system, so that is a daunting challenge for the IT department, who have little control over how email and internet is used by all employees.

As case managers, we must realize that cybersecurity is not just an IT function. Sure, the IT team does everything it can at a corporate level to develop a secure infrastructure and implement security safeguards. While IT may be responsible for managing the overall cybersecurity of an organization, adopting security best practices, and deploying appropriate technology to lessen the chances that a phishing attack will succeed, each of us has an individual responsibility to be aware of what our roles are in assuring safe security practices. We need to be aware of our vulnerabilities and what we must do to assure the integrity of our computer systems. We need to be “stewards of security”, empowered and accountable to create a culture that raises awareness and reduces security incidents.

 

Remember, anyone can be targeted almost anywhere online, so you need to keep an eye out for “phishy” schemes. I’m sure you don’t want to be the one responsible for allowing a malware, virus, or spyware to gain access to your organization’s computer system, or worse yet, the one responsible for a devastating and costly data breach resulting from your phishing attack.

Watch out for the “phish”!

NOTE: For more information about what each of us can do, refer to this previous newsletter article “Cybersecurity for Case Managers: Responsibilities of Individual CMs”.


TCS Healthcare Technologies Releases ACUITYnxt 1.5

The latest SaaS-based case management software releases a new module to support time-tracking, billing and invoicing

AUBURN, Calif.July 3, 2019 — TCS Healthcare Technologies is excited to release ACUITYnxt 1.5, the latest version of the most intuitive case management software in the industry.  ACUITYnxt is a secure cloud-based case management software application that fully supports the case management process.

“Many of today’s case managers are contractors and business owners themselves so time-tracking, capturing billable items, and invoicing are critical features for them,” said Deborah Keller, RN, BSN, Chief Executive Officer for TCS.

Keller notes, “ACUITYnxt now fully supports these needs.  Our work logs are designed to support simple time-tracking workflows as well as workflows requiring granular billing documentation for time, units of service, specific medical codes, and user-defined items such as mileage as well.  While work logs can be created manually, ACUITYnxt can automatically prompt users with a new work log after saving changes to specific modules or record types.”

In addition to the new time tracking features, ACUITYnxt 1.5 includes several new reports to support invoicing and care plan coordination.

“We have also enhanced a feature unique to ACUITYnxt, drag and drop Screen Templates.   Screen Templates allows for customized layouts for key modules without expensive software coding.  This feature has been expanded to the Work Log module,” adds Keller.  “TCS Healthcare continues to push out new ACUITYnxt functionality in alignment with a very robust road map.  Our entire team is excited about our next release this fall which will include population health stratification and workflow automation.  Authorization management including grievances and appeals management is very soon to follow.”

To request an ACUITYnxt demo, email us at info@tcshealthcare.com.

About TCS Healthcare Technologies:

TCS Healthcare Technologies (TCS) is a leading provider of software and clinical solutions that support and improve medical management operations for health plans, TPAs, ACOs and other case management organizations.  TCS’ team of US-based clinicians and developers are recognized for their best-in-class managed care expertise and customer support throughout the industry.


Healthcare Data Breaches and Their Frequency, Impact, and Cost

Pat Stricker, RN, MEd

Senior Vice President

History and Statistics of Data Breaches

There has been a lot of news lately about data breaches in political organizations, national security agencies, businesses, financial institutions, social networks, and healthcare companies. With each breach confidential data (personal, financial, medical, intellectual property, or trade secrets) is stolen, viewed, or used by unauthorized individuals. While this had been a problem when records were paper-based, the number of records stolen or exposed was smaller. Once the data became digitalized in the late 1980s and early 1990s it became a much bigger issue, since large numbers of records could be compromised more easily.

 

In 2012, the Computer Science Corporation predicted that by 2020 data production would be 44 times what it was in 2009 (a 4,300% increase). They also predicted that one-third of all data would live in or be passed through the cloud. Well, it’s only 2019 and we may have already exceeded that prediction with the amount of data that is generated each date. 90% of the data was generated between 2013 and 2015 alone. That means that the other 10% was generated since the beginning of time. That is unbelievable! How is that possible? How will we ever be able to handle this exponential increase in the volume of data in the coming years?

 

By the early 2000s data management and privacy had become a big enough issue that laws and regulations were enacted to create guidelines for the handling, storage, and protection of sensitive data. Examples of these include HIPAA for healthcare and PCI for payment card financial data. Most databases that track breaches cover the years from 2005 onward, since that was the time data started to grow exponentially, allowing hackers more opportunity to steal massive amounts of data in a single breach. In 2005 alone, 136 data breaches compromised 55,101,241 records according to the Privacy Rights Clearinghouse (PRC), a non-profit organization committed to protecting privacy for all by educating and empowering individuals and advocating for positive change.

 

PRC provides is a database that tracks data breaches reported in the United States by government agencies or verifiable media sources. This searchable database is available for everyone to use for research purposes and is sortable by type of breach and/or organization and by year. The data can also be downloaded as a CSV file. PRC’s data shows that there have been 8,804 reported breaches in the U.S. since 2005, exposing over 11 billion (11,575,804,706) records. Reporting to the Clearinghouse is voluntary, so it does not capture all breaches. Therefore it is not a comprehensive compilation of breach data, so the actual number of breaches and total records affected is obviously higher.

 

Statista, another company that reports data breaches, reports that the number of cyber-attacks continues to rise. In 2005 they found that 157 breaches exposed 66.9 million records, while in 2014 the numbers had risen to 783 breaches exposing at least 85.6 million records, a nearly 500% increase in the number of breaches in just 9 years. And in 2012, three years later, the number of breaches nearly doubled to 1,579. From 2013 to 2015, 90% of healthcare organizations had at least one data breach.

 

The statistics vary by company depending on the type of data it collects, but the consistent element is that even though there has been an immense amount of time and effort spent on trying to protect the data, the number and size of breaches continues to rise, as shown in this graph:

Annual number of data breaches and exposed records in the United States from 2005 to 2018 (in millions)

healthcare data breaches 2019

The Statista numbers above are only for the United States. The Gemalto Breach Level Index reports worldwide data showing there has been more than 14 billion records (14,717, 618, 286) lost or stolen since 2013 when the digital security company started collecting data. That means:

Records are Lost or Stolen at the Following Frequency:

healthcare records stolen

The Breach Level Index website also has other valuable statistics such as industry breach details, a map view of where the breaches occur, a breach risk calculator, and other privacy information.Those are staggering numbers and unfortunately only 4% of the breaches were “secure”, meaning the data was encrypted and therefore useless. The other 96% contained data that was not encrypted, so the data was able to be viewed and used by the hackers.

A recent 2018 Ponemon Report found that data breaches in the U.S. cost an organization an average of $7.91 Million, which is an average of $148/record. The costs include investigation, notification, and remediation. There is also a cost due to the loss of reputation if the data breach is large or could/should have been avoided.

 

The annual Verizon Data Breach Investigations Report (DBIR) is a respected, detailed, statistical report that includes data from 86 countries and input from 73 data sources. Working closely with the Secret Service’s Cyber Division the team analyzes the available data to determine the threat landscape, identify the ever-changing threats, and recommend actionable techniques, tools, procedures, strategies, and best practices to prevent breaches and mitigate risks. The entire 2019 Data Breach Investigations Report and Executive Summary contain a great deal of detailed information for those who need it.

No company or organization is immune to a data breach. All companies possessing sensitive data are under a constant threat. The most likely targets for breaches are government, financial, and healthcare industries. Although the rankings change from time to time, the accommodation and retail industries round out the top five most threatened industries, according to the DBIR, although the social media industry is becoming more threatened in the last few years. For purposes of this article, we are only going to discuss the healthcare industry in detail.

 

Data Breaches in Healthcare

Breaches within medical organizations accounted for about 26% of all breaches in 2016 and almost one in four Americans have had their medical information compromised. Financial gain is the main motivator for hackers because healthcare records are highly valued for their personal, financial, and medical data. This type of information is worth roughly 50 times more than credit card or Social Security data, since it can be used for Medicare fraud – the most profitable type of identity theft. In fact, the co-author of the 2014 Data Breach Investigation Report stated that some employees found jobs in healthcare for the sole purpose of stealing patient information to commit identify theft or tax fraud. Not only can this be used by the hackers, but the records can be easily sold to others because of this valuable data.

 

Breaches also have a significant impact on patients, making them mistrust the system and withhold information: 61% resulted in exposure of personal information and embarrassment; 56% resulted in financial identity theft; and 45% resulted in medical identity theft.

 

Healthcare employees are responsible seven times more often than employees of other industries for breaches caused by human errors (33.5%) and/or careless actions such as:

  • Inappropriate conversations
  • Misuse or carelessness in handling emails, mail, and other hard copy documents
  • Leaving a computer screens or hard copy records unattended and visible to others
  • Sharing passwords with others or not logging off a computer when not in use

 

One of the biggest threats posed by employees is the intentioned, careless clicking on links or documents in “phishing” emails, which can allow hackers to steal the login information to access email or cloud accounts to get patient data. The links or documents can also plant malware within the computer system or network which can lead to more serious network problems or system stoppages. These are usually innocent acts, but very consequential to the organization. Employees have been terminated due to this type of error, if it was done against normal company policies. We will discuss “Phishing” and how to be aware of the dangers in more detail next month.

 

Insider threats are also a bigger issue for healthcare organizations than for other industries. 56% of healthcare threats come from inside the organization and are caused by the ability to gain access to records that are not necessary for business use or patient care or by credential theft. However, there are user-based risk mitigation tools available that will detect if an employee connects to an unauthorized device or uses suspicious software and immediately notify the security officer. After the incident, it allows the employee’s actions to be analyzed and records can be exported to a protected file for further investigation.

 

A Data Breach Investigations Report analyzed more than 1,300 data breaches involving 20 industries and found that the Top 3 Security Threats to the Healthcare Industry were:

  • Insider misuse by employees or trusted third parties who intentionally or unintentionally stole data or damaged a system. Employers consider employee negligence their biggest security risk. Based on the 2018 Ponemon Benchmark Study on the “Cost of Insider Threats”, incidents involving a negligent employee cost the company an average of $283,281, while the cost is usually double that if it involves a thief who steals credential. However the company also shares the responsibility because they should be auditing to identify who is inappropriately accessing patient data.
  • Unintentional actions that directly compromised patient information were found to be the cause of 12% of the security incidents. Examples included: inserting one patient’s information into another patient’s record or envelope; provider websites that allow patients’ information to be available to the public; and decommissioning computers or medical devices without properly removing patient information (“rendering PHI unusable, unreadable, or indecipherable”).
  • Healthcare was the only industry that had theft and loss as a major cause of security incidents. Theft and loss of laptops and other equipment accounted for 46% of the security incidents. The high percentage was attributed to the fact that encryption was not being done. If lost or stolen devices had been encrypted, they would not have had to report the incident as a breach, because the data would have been considered “secure”.

 

The most drastic healthcare breach of healthcare data was the Anthem medical data breach in 2015 that affected 78.8 million people – more than the whole population of Germany. Not only was the number of affected records extremely high, but the data exposed contained very detailed, sensitive personal information: names, contact information, social security numbers, email addresses, home addresses, and income information. As a result Anthem was fined a total of $115 million.

 

The HIPAA Journal reported that between 2009 and 2018 there were 2.546 healthcare data breaches that involved more than 500 records resulting in the exposure of 189 Million (189,945,874) records. That is equal to about 59% of the U.S. population.

 

Data Breach Defense and Prevention Resources

So what can we do to prevent a data breach or to mitigate our risk? Data breach defense and prevention resources have increased drastically over the past few years because of the ever-increasing number of security threats. These solutions offer a proactive approach to security to help ensure the safety of sensitive information. The following resources are offered to allow a more detailed review of breach prevention.

  • Data Breach Today — a multimedia news resource on the latest data breaches, their impact, and strategies for prevention
  • Data Breach Watch– a resource reporting data breaches, news, and trends impacting consumers and companies
  • The Global Privacy & Security Compliance Law Blog– a resource that explains stringent and ever-changing security regulations and compliance requirements
  • The New York Times article –discusses strategies for minimizing the risk of a data breach. One suggestion is to eliminate unnecessary storage of data. Keeping lots of sensitive information may be more risky for the customer and company than not keeping the data. Target’s storage of their customers’ four-digit personal identification numbers or PINs for the debit cards is a good example of data that was not necessary.
  • Data Breach Industry Forecast for 2018 – The 5th annual Experian report that provides an overview of data breach trends and the need for a data breach response plan.
  • Resources from Digital Guardian — cover data breach topics and provide insight into preventing and responding to breaches.

While the Information Technology team may be responsible for managing the overall cybersecurity of an organization, each of us has an individual responsibility to be aware of cybersecurity, how it impacts healthcare and the privacy of our patients, and what procedures we need to follow to assure safe security practices. While nurses may not have an in-depth understanding of the intricacies of cybersecurity, it is important for us to understand the evolving role of cybersecurity in healthcare today and how that affects our role. Threats are becoming more sophisticated while organizations struggle to prioritize and implement more effective security requirements. Unfortunately, the threats usually evolve more quickly than the security measures, so organizations are striving to assure that their measures are dynamic, up-to-date, and include commonly accepted practices.

 

Over the last 20 years, as computer systems and the internet have become an ever-increasing integrated part of healthcare, the need for protecting patient information has become much more complex. It used to be rather easy, since records and reports were in hard copies and contained in the patient’s chart, which was in a protected area in the physician’s office, hospital, or healthcare facility, and only accessible by a limited number of people. Things are very different now. The number of people who have access to patient information is much larger. The information can be sent to multiple people by email, fax, or text and it can be accessed by multiple people from computers, laptops, mobile devices, and smartphones. It can also be stored in numerous places, such as laptops, mobile devices, network drives, CDs, DVDs, thumb drives, and smartphones. While we do have security procedures to try to limit access to only those who have a need to know, ensuring the privacy of patient information is a huge challenge.

 

Given these widespread incidents of cyberattacks, the cost of breaches, the business disruption, and the effect on patients, what can we do to stop them? While there is no way to totally stop cyberattacks, the risk of cyberattacks can be significantly reduced if organizations: are diligent about continually reassessing their HIPAA compliant infrastructure; implement HIPAA compliant guidelines and best practices; and continually educate (and monitor) employees regarding their role in cybersecurity.

 

Healthcare organizations have a challenging uphill battle to modernize systems and reduce risks, but it can be done. We have had almost 15 years of data breach research, which has increased our knowledge of the causes, how to identify potential problems, and what needs to be done to reduce or avert risks. Organizations need to assure that IT teams are provided with dedicated staff that has the resources, time, and money to develop, maintain, monitor, and enforce stringent cybersecurity policies and practices. Employee education is also a critical aspect of reducing risk. Continuous education of all system users needs to be done, so they are aware of their responsibilities in maintaining cybersecurity.

Now that we have looked at the causes and impact of cybersecurity, next month’s article will focus on specific, practical things we, as nurses, can do to help improve cybersecurity and assure we are not the individual responsible for a devastating and costly data breach.


The Universal Challenge in Keeping Clinical Member Data Accurate

Denise Fournier

Application Support Specialist

How often have you heard of data mix-ups between two similarly named members in a software system, or when finding a member in your system, the record is out of date?

Long ago, I remember hearing talk of making sure my dad, Cyril, and his sister, Catherine, didn’t both have accounts at the same store when they were younger and living in the same town, or their purchases would end up getting charged to each other’s account. This would have been the late 40’s to early 50’s, long before the advent of electronic record keeping. Now that everything is computerized and digitized, of course this can’t happen anymore, right?

But, as we all know, data mix-ups do still happen.  And somehow, now they seem even harder to detect and correct.

Currently, my work at TCS Healthcare is to help clients keep their member records accurate and up to date via electronic data loads.  This is still a universal challenge regardless of using a sophisticated software solution, a home grown software solution, or even when keeping track of records via Excel!

So, where do these “challenges” come from? One of the most common problems we run across involves changes to what we refer to as “matching info”. If you’re lucky, you have a single unique identifier that can be used to match up incoming records to previously created ones. In years past that may have been a social security number. But even that had issues – not everybody had one, duplicates did creep into the system, numbers got transposed – and so on.

Currently, the use of social security numbers as unique identifiers is slowly disappearing. So, if there is no other “unique identifier”, you have to rely on information such as name, birth date, gender, etc., all of which can be changed at any time for a variety of reasons. Especially difficult is the common task of recording newborn babies due to changes with the baby’s first name.

Of course, in managed care, there is usually some sort of member ID, which works just fine for most situations. But the same issues can occur that we see with social security numbers – duplicates, transposed numbers, family members with the same base number, etc.

Members with dual coverage, often under different payers, pose yet another dilemma. Detecting dual coverage members adds even more complexity to keeping data records accurate since there is no uniform identifier between different payers. Compounding the problem, data collection practices can vary significantly from payer to payer.

So, what can be done to keep your data as accurate as possible?

The obvious solution is a uniform identifier assigned to each person that NEVER changes regardless of which or how many payers cover that person. On paper, this is a nice idea, but it is probably not realistic.

In truth, there is no “best solution”. However, the following are some practices you can incorporate into your routine which can help to identify potential issues.

Incorporate safeguards into your process to detect and “exception out” bad data before it ends up in your system. For example, finding a member name that was “John Smith” yesterday compared to “Sandra Jones” today, might indicate a transposed member ID at some point in your process.

Monitor your exceptions and make corrections not just to your target but to your source as well. This means if you fix an error on a target system but never circle back and correct the source, that same error can and probably will recur the next time that record comes back through your data feed.

Don’t rely solely on error processing to catch everything. Make sure you also incorporate safeguards during processing to avoid inserting or updating bad data. For example, if a specific value needs to be unique, make sure that an insert is only attempting to add just one record with that value, and that value doesn’t already exist. The more complex things get, the more likely you are to run into unexpected scenarios, and the unexpected can cause a variety of issues like unintended duplicates.

Set up reasonable and strong matching rules to detect your dual covered members. Trying to find dual coverages by using JUST first and last name is NOT a good plan. Include more data items such as birth date, gender, social security number (if you can collect it), address, etc., which can help to detect more dual coverages. There will always be some records that simply don’t line up, so you’ll also want to have a process in place that allows you to mark your dual coverage records whenever they are discovered outside your normal process.

Overall, data maintenance is definitely a challenging business! And for those who have accepted that challenge, keeping that “bad” data at a minimum is an on-going process. However, adding in safeguards and consistent monitoring can help significantly in the “fight” for good member data.


TCS Healthcare Technologies Releases ACUITYnxt 1.4

The newest SaaS-based case management software now offers Assessments that auto-trigger Care Plans to support the case management process.

Auburn, CA – April 8, 2019 — TCS Healthcare Technologies is excited to release ACUITYnxt 1.4, the latest version of the most intuitive case management software in the industry.  ACUITYnxt, a cloud-based case management software application, now offers several features to further enhance the ability for ACUITYnxt to support the case management process.

“Every nurse case manager knows that assessments are central to the case management process, which is why we are excited to add assessments which auto-trigger care plans in ACUITYnxt,” said Deborah Keller, RN, BSN, Chief Executive Officer for TCS.  “Our assessments in ACUITYnxt are unique in that case managers can create and customize their own assessments in an intuitive panel, including the triggering of specific care plans based on assessment responses.”

Keller adds, “A new Member Plan module displays every care plan a member is enrolled in, offering the user a 360-degree view of the full plan of care.  Organizations can elect to use the classic Problems- Goals-Interventions-Outcomes format or any combination of those elements.”

In addition to assessments and auto-triggered care plans, the latest release of ACUITYnxt also includes Drag-n-Drop Screen Design and Custom Fields.  As features have expanded, the ACUITYnxt database has been tuned for optimal performance resulting in a 600% improvement in processing speed.  Also, all CPT and HCPCS medical codes have been updated to reflect the latest 2019 releases from the AMA and CMS.

“Feedback from our ACUITYnxt early adopters has been overwhelmingly positive.   All have remarked that ACUITYnxt is intuitive and easy to use, allowing them to be efficient and effective as they manage their case load,” notes Keller.  “This confirms our roadmap for ACUITYnxt.  Our next release in July 2019 will include a new data integration engine and updated reporting for billing and time tracking.”

To request an ACUITYnxt demo, email us at info@tcshealthcare.com.

 

About TCS Healthcare Technologies (www.tcshealthcare.com)

TCS Healthcare Technologies (TCS) is a leading provider of software and clinical solutions that support and improve medical management operations for health plans, TPAs, ACOs and other case management organizations.  TCS’ team of US-based clinicians and developers are recognized for their best-in-class managed care expertise and customer support throughout the industry.

 

To learn more about ACUITYnxt and TCS Healthcare Technologies, visit www.tcshealthcare.com.


TCS Healthcare Technologies Names Deborah Keller new Chief Executive Officer

Experienced nurse leader to take helm of care management software company

AUBURN, Calif.April 1, 2019 /PRNewswire/ — TCS Healthcare Technologies (TCS), a leading provider of software solutions for health plans, TPAs, ACOs and case managers, is pleased to announce that Deborah Keller, RN has been appointed Chief Executive Officer (CEO).  She assumes the strategic leadership as Rob Pock, Founder, steps down as CEO.

According to Pock, “Debb is the perfect choice to take over the helm of TCS.  I have worked closely with her over the past seven years and have observed her servant attitude with respect to our clients and our employees.  As an RN Case Manager with extensive experience in the “trenches,” she brings to TCS the heart, soul and character of those we strive to serve.  As CEO she has the leadership skills and the industry vision that will bring great products and services to the managed care industry.  Debb’s appointment sets TCS apart as the only care management software company that is led by a clinician and former user of the Acuity suite of software.”

As TCS transitions leadership, TCS will continue its development plans for ACUITY Advanced Care and ACUITYnxt.  Keller says, “TCS has an aggressive five-year roadmap for both products.  Our clinicians will continue to work side-by-side with our developers to bring to market solutions that include the functions, features, and integrations necessary to fully support population health programs.”

Regarding her new position, she notes, “I want to take my experience as a client, a clinician and now as CEO to help ensure our product roadmap remains focused and true to our client base and the needs of the industry, both today and into the future.”

“I am humbled and excited to lead TCS Healthcare as we continue to build software products that managed care end users, especially case managers, actually enjoy using.”

To learn more about TCS and its suite of care management software products and services, visit www.tcshealthcare.com.

About TCS Healthcare Technologies (www.tcshealthcare.com)

TCS Healthcare Technologies (TCS) is a leading provider of software and clinical solutions that support and improve medical management operations for health plans, ACOs, TPAs, and risk-bearing provider groups. TCS’ team of US-based clinicians and developers are recognized for their best-in-class managed care expertise and customer support throughout the industry.


A Recipe for Healthcare Success: Workflow Automation, Business Rules, and Artificial Intelligence

Pat Stricker, RN, MEd

Senior Vice President

Technology today makes the healthcare industry entirely different that it was when I started my nursing career. There were no computers to track and monitor the numerous processes in the hospital; no cell phones; no automatic devices for IV drips, respiratory machines, or telemetry; no automatic thermometers or BP devices; no electronic medical records; and no electronic pharmacy ordering/delivery system. Everything was done manually. Surgery schedules, staff schedules, admitting logs, and all other informational documents were typed or hand written anew each day. Consequently it took a long time to get anything accomplished, yet we were able to provide excellent care considering what we had to work with.

Compare that to today when we are used to having everything electronic and at our finger-tips.  Processes in the hospital are electronic and automated — computerized records, all types of electronic monitoring devices, order entry for all ancillary services, remote monitoring, computer programs for all aspects of patient care, cell phones for instant communication with others and access to internet information, and computerized logs, reports, and any other type of data that is available instantly in real-time. Consequently things get accomplished very quickly today and most of these things are even done automatically without us having to intervene.

The banking and retail industries have surpassed the healthcare industry in automating processes —  teller machines (ATMs), automated banking on our computers and cell phones, self-checkout at the grocery store, cellphone-controlled thermostats and home alarm systems, self-driving vehicles, and a variety of other automated processes. The healthcare industry, on the other hand, lags behind these industries, because it is capital and hardware intensive and constrained by numerous safety regulations. This makes automating processes more difficult and leads to slower progress. However, healthcare reforms and increased competition have created the need to focus on increasing efficiency and reducing costs. These are the two main financial priorities cited by three out of four hospital and health system CEOs. In order to accomplish these goals, automating manual tasks and processes has become a key strategy to improve performance and create more time for the staff to devote to higher level cognitive functions that require human intervention.

 

Workplace Automation and Workflows

Let’s start by defining some of the terms used in the automation process:

  • Automation: 1) The technique of making an apparatus, process, or system operate automatically by using mechanical or electronic devices that take the place of human labor; 2) a technology, method or system of operating or controlling a process by highly automatic means, as by electronic devices; 3) decreasing human intervention to a minimum; 4) a mechanical device that functions automatically without continuous input from an operator.
  • Workflow: A defined process involving a series of tasks that must be done by a specific individual(s) in a specific sequence in order to obtain pre-defined results.

Workplace automation in the past was typically associated with manufacturing. One of the first introductions of workplace automation was done on the assembly line at the Ford Motor Company in 1913 to improve the work process and reduce costs. With this innovation Ford achieved a dramatic reduction in the time to produce a car from 12 hours to 1.5 hours! In addition, the number of cars produced was increased with the same number of workers and the workers were happy because they no longer had to perform repetitive, boring tasks. So it was a win for the company and the workers.

Other workplace automation involved the use of robots that took the place of humans. This created a negative perception of workplace automation. This was a concern when automation and robotics were first introduced in the pharmacy. Some feared robots would replace the pharmacists, however they found automation allowed the them to eliminate counting medications that required little cognitive value and let them focus on more clinically relevant work that was more productive and rewarding.

Today’s workplace automation is not focused on replacing humans, but rather empowering humans by complementing or augmenting their abilities, in order to allow them to reduce repetitive tasks with little cognitive value and spend more time on meaningful, relevant, higher level, decision-making functions.

Automation will be even more essential as more of the baby-boomer nurses retire. A study in 2009 found that 260,000 registered nurses are projected to retire by 2025 – 6 years from now. That will be twice as large as any nursing shortage experienced in this country since the mid-1960s. This shortage of RNs will make it imperative that we achieve optimum work efficiency by eliminating redundant, repetitive work and manual tasks.

Another reason to work toward optimizing automated workflows is to be able to manage population health management (PHM) programs. There are not enough providers to manage these large patient populations, so this makes automation a “must have” rather than a “nice to have”. A report by the Institute for Health Technology Transformation says, “Automation makes population health management feasible, scalable and sustainable.”

Automation has also been shown to reduce repetitive tasks and increase more meaningful tasks. A time-in-motion study was conducted by a Florida hospital to measure nurse work behavior before and a year after the implementation of an electronic health records (EHR) system with clinical documentation. The administration wanted to determine if the move toward automation actually increased the time at the bedside, decreased the time spent on documentation, and decreased time spent on administrative tasks. Results showed a significant increase in the time nurses spent on both direct care and in EHR documentation. However, they found that the increased time spent in both of those areas came from a 12% decrease in the time spent on administrative tasks after implementing the automated documentation system. This validated the value of automating tasks. Nurses were able to spend more time on direct care and thoughtful documentation, rather than repetitive administrative tasks.

Automation can be a set of tools within a business software program that performs repetitive, easy-to-replicate tasks without the need for human interaction. Anything that adds value that is done more than once should be considered for automation. In a hospital setting that may be a routine procedure that is done frequently on a large population, such as joint replacements.  Once these repetitive, routine tasks become automated the process will become easier to adapt the concepts to higher level tasks.

 

Business Rules, Business Engines, and Workflow Engines

In order to automate tasks, business rules need to be defined. A business rules is: 1) a policy or procedure that guides conduct or action; 2) a definition or constraint of some aspect of business which always resolves to either true or false; 3) a description of operations and constraints that apply to an organization; 4) a process that provides business structure or controls/influences the behavior of a business; 5) a criteria for decision-making.

Business rules set expectations and provide guidelines for daily business activities. They also help organizations stay in compliance with local, state, and federal regulations.

Business rules contain an IF/THEN statement – IF a certain condition exists, THEN a certain action should take place. Examples include: 1) IF a new case is created, THEN send a Welcome Letter; or 2) IF a certain quality issue or risk is identified, THEN send an alert to a certain person or department.

A Business Rules Engine is a software system that executes one or more business rules (from regulations, company policies, or other sources). The system allows non-programmers to add and change business logic without the intervention of the vendor or IT department. This is a key component, since the department or organization needs to be able to customize the rules to meet their unique workflow needs. The rules can also be applied to data for analysis resulting in process improvement and improved outcomes.

Workflow Engine is a key software component that manages and monitors business processes and workflow activities (processing, approving, and determining new activities to transition to, based on defined workflows). It facilitates the flow of information, tasks, and events, allocating tasks to different users while communicating data to other participants. It can execute a number of arbitrary steps and sequences. Examples include: assigning a new case to a clerical group or user based on the type of program the patient was enrolled in vs. assigning a new case with the same type of enrollment to a clinical group or user based on a risk factor that was identified for the patient.

Workflow engines typically have three main functions:

  • Verifying to see if a process is valid depending on the current status.
  • Determining if the user is permitted/has the authority to execute the task.
  • Executing a task, after verifying the above two conditions are met. If not met, an error report is created and the task (change) is rolled back.

Healthcare software applications have business rules and workflow engines, but some work better and are easier to use than others. If purchasing a software application be sure to ask pointed questions about how the business rules and workflow engine works. Provide the vendor with a case study of one of your most difficult workflow processes and ask them to automate it for you. Also ask them to show you how a non-programmer would create this automated workflow.

Automation and Artificial Intelligence (AI)

Automation leads to the next big trend in healthcare today — Artificial Intelligence (AI). There are numerous definitions of AI , but these define its essence: 1) a branch of computer science dealing with simulation of intelligent human behavior in computers, 2) the capability of a computer system to imitate human intelligence (learning, reasoning, and self-correction), 3) a collection of multiple technologies that enable machines to perform administrative and clinical functions, 4) computer systems able to perform tasks normally requiring human intelligence (visual perception, speech recognition, decision-making, and language translation).

Some examples of AI include: machine learning, natural language processing (machine translation, question answering, and text generation), image recognition, speech to text or text to speech, and robotics.

AI does not rely on technology that uses algorithms and/or tools to complement a human being. AI attempts to truly augment human activity by imitating and surpassing the abilities of a human. Today, the basic goal of AI is to use human reasoning as a model, not as an end goal of creating a perfect replica of the human mind. We should not be afraid of AI replacing humans, but rather embrace it as a powerful tool that empowers humans to focus on their highest potential.

Systems using AI are taught to recognize patterns in unstructured data and turn it into structured data that enables automation. AI innovations in electronic health records (EHR), revenue cycle, and operations will continue to increase exponentially over the next few years. AI will be integrated into clinical workflows, empowering providers with real-time data at the point of care.

AI has the power to make improvements in cost, quality and access. Therefore it is experiencing explosive growth. According to Accenture analysis the health AI market in 2014 was at $600 million, but that is expected to increase to $6.6 billion by 2021 – an amazing eleven-fold growth in just 7 years and a compound annual growth rate of 40%. However it is expected to increase more than 10 times over the next 5 years and they predict that key clinical healthcare AI applications can potentially save U.S. healthcare $150 billion by 2026.

Automation and AI is a growing trend in all area of business, especially as technology becomes more sophisticated. Previously implementation and new projects required large amounts of time and cost to get completed, thereby limiting the number of projects that could be done and cancelling a lot of innovative new programs. Now with automation and AI, projects will be able to be completed in 25-50% less time and with less cost, thereby allowing those resources to be allocated to other needed projects and programs. This increased efficiency, productivity and lower costs will result in better profitability, so this is definitely going to be an key imperative for healthcare organizations.

 

The Benefits of Automation

  • Saves Time and Improves Productivity
  • Streamlines Processes
    • Reviewing workflows helps identify and eliminate unneeded or unnecessary steps
  • Improves Efficiency and Throughput
    • Allows system to be scalable and staff to handle more patients
  • Improves Reliability and Accuracy
  • Reduces Costs and Improves Profitability
  • Improves Quality and Consistency
    • Consistent basis for care activities, medical records, order entry and decision support leads to reduced deaths, non-compliance and costs.
  • Increases Predictability of Outcomes
    • Standardized care plans, supported by automation, make it more likely for a patient to follow the plan. Automation can also detect when the patient has deviated from the plan and alert the care team so they can intervene.
  • Allows More Time for Human Creativity and Higher Cognitive Functioning
  • Provides Ability to Analysis Large Amounts of Data to Support Decision-Making
  • Increases Patient Experience
  • Improves Project Implementation (Less Tasks to Teach the Users)
  • Performance and Program Improvement/Optimization
    • Data from Automation Provides Continuous Feedback That Can Be Used to Increase Performance Over Time

 

Problems or Issues with Automation

  • Unrealistic Expectations
  • Poor Design and Testing
  • Lack of Time and Attention Required to Maintain Automated Rules
  • Technology Problems
  • Organizational Problems

 

Steps to Take to Implement Automation

  • Review workflows, policies, and procedures closely to determine what steps should be added, deleted, or changed.
  • Look for processes that are routinely done that do not have a defined workflow.
  • Look for processes performed on large populations on a routine basis, e.g. joint replacement.
  • Think “outside the box” when defining a workflow process. Don’t include unnecessary steps.
  • Challenge yourself on every workflow – Do all these steps need to be taken? What can be eliminated? What can be automated?
  • Review documentation standards. Look for ways to automate repetitive documentation by providing appropriate options that can be selected in a dropdown. Streamline documentation, if possible, while still making sure it is appropriate.
  • Track and identify problems with patients with home devices. Contact immediately to resolve issues and analyze progress over time.
  • Look for ways to automate quality and identify risk factors.
  • Look for ways to automate scripting, scheduling, reporting, and analysis.
  • Make sure any software applications you purchase have business rules and automation tools. They should each department is able to make changes to meet their own needs, not just the vendor or IT department. Learn how to customize workflows within the system.
  • Develop a Change Process to document all changes, why they were made, who made them and when. Assure the Change Process has management oversight and approval.
  • Develop IF/THEN statements for automation. If “this occurs”, THEN auto-generate “this action”.
  • Make automation “part of the culture” within the organization.

 

Examples of Automated Processes

  • Letters: welcome, follow-up, appointment, closure, instructions, education. Trigger a specific letter based on a documentation field (new enrollment, type of enrollment, non-adherence with care plan, need for additional education, etc.). Can also set up a text field that can be pulled into a letter for more personalization. Letters can be set to be delivered by email, text, or mail.
  • Identify and enroll candidates for programs based on a diagnosis, number or types of admissions, prescribed medications, treatments, risk factors, etc.
  • Provide “Gold-card” service for providers. Allow certain providers automatic approval of procedure (UM) requests.
  • Send automated reminder to re-schedule for patients who miss appointments.
  • Set up auto-data loads on a routine basis for patient’s labs, pharmacy scripts, or imaging results.
  • Identify risk factors and create automated action (call, letter, enrollment, etc.)
  • Create admission and discharge automation that may include processes for registration, billing, insurance, providers, CMs, ancillary team, pharmacist, therapists, etc.
  • Develop process to find:
    • Patients with risk factors for new programs being offered
    • Candidates for marketing programs
    • Certain providers and analyze patients’ progress
    • Quality issues – lack of compliance, risk factors, falls, etc.
    • Medication non-adherence

It seems inevitable that we are headed towards a future with more automation and AI and that they have the potential to transform the economy at large. However, one thing seems certain – if something can be automated, it will be.


Strategies for Setting Personal and Performance Goals That Are Achievable

Pat Stricker, RN, MEd

Senior Vice President

We are all familiar with setting goals. It is something we do daily helping our patients/clients set their healthcare goals and something we do on an annual basis as we set our work performance goals. But how often do we really think about the overall goal-setting process and how it relates to, not only our work life, but to our personal life. I would venture to guess that most of us take a lot more time and effort defining our work-related goals, than we do our personal goals. Work-related goals are usually done in a much more formal, written format, whereas personal goals are more often than not a one-line general statement that is usually not even written down. Let’s take a look at the formal goal-setting process and see how it can be used to help us achieve some of our important personal life goals, as well.

The following are definitions for a GOAL:

  • An intention or purpose
  • The object of a person’s ambition or effort; an aim or desired result
  • The end toward which effort is directed – an AIM
  • An idea of the future or desired result that a person envisions, plans and commits to achieve
  • An observable and measurable end result having one or more objectives to be achieved within a more or less fixed timeframe

 

Why We Need Goals

People without goals do not have a vision and plan for what they want to achieve in life. They seem to drift through life and accept whatever comes. They may work hard, but they do not try to develop a plan to take control of their life. They also may seem to appear complacent, bored or lethargic. On the other hand, those who are goal-oriented think about what they want out of life, determine what they can do to make it happen, and set goals to achieve their desired vision.

Developing goals is a key component of life. Goals help us develop a vision, direction, and path for our life. They give us a sense of clarity and focus to identify the things that are important to us and how we can achieve them. They provide us with a sense of passion, purpose, ambition, and control to make things happen, instead of just waiting for life to occur. Goals affect our thinking and actions and make us motivated and enthusiastic about what we want to do with our life.  Focusing on achieving positive goals provides us with positive outcomes that lead to a sense of accomplishment. This, in turn, leads to increased self-confidence and the more confidence you have, the more goals you will want to set.

Developing a life vision is essential. It requires defining long-term goals with associated objectives (a series of tasks or steps) that help us reach that vision. The world is so full of options that it’s easy to be overwhelmed when faced with some life decisions. How can we decide which options to choose and which to ignore? Having pre-defined long-term goals helps identify the direction you want to take in life. They let you quickly filter the options that either fit into your future vision or do not lead you in the direction you have chosen. All you have to do when faced with this type of decision is ask yourself one simple question – “Is this option aligned with my long-term goals?”  If “yes”, do it. If not, skip it.

GoalBuddy, a goal-setting system, describes this as the “Focus Filter”, helping you to focus on the things that are important to you. The GoalBuddy System is a good tool for anyone who wants to learn more about goal setting. It offers a free Complete Guide to Goal Setting that includes: web-based training materials, web-based tools with exercises, templates, podcasts, and a free mobile application.

Types of Goals

There are many types of goals that help define our life vision or work performance. These are a few examples of goals and corresponding questions you might ask yourself. For each of these, the last question will be “What will it take to achieve those goals?”

  • Personal – What do you see for your life in the future? What are the most important things you need to have in your life?
  • Academic – What knowledge, qualifications, or type of education do you want to achieve? What level do you want to achieve?
  • Career – What type of career do you want? What area do you want to focus on? What are the important aspects of that career? What level do you want to reach?
  • Financial – What salary range do you hope to earn at a given point in your life?
  • Creative or Physical – Do you want to progress creatively or artistically or do you want to develop your skill in a certain sport or other physical activity? If so, in what area(s)?
  • Performance (Work-related) – What can you do to enhance the organizational or departmental strategic goals? How can you help improve quality or reduce costs? What do you want to do to improve your personal work performance or work experience?

Making Goals Achievable

Most people tend to make goals at some point in their lives, yet many feel that they have a hard time meeting them. They feel they are accomplishing very little, getting nowhere, and are just taking what life offers them, instead of trying to determine their own path. That generally occurs because people don’t take the time and effort to develop a vision for their future – what they want to achieve in life. They need to develop goals that are well defined, realistic, and achievable.

When looking at the definitions of a goal, one indicated a goal needed to be clearly defined and measurable, have specific objectives (tasks or steps), and have a defined timeframe. This actually defines a goal-setting process called SMART, which is designed to help you clarify your goals, focus your efforts, use time and resources productively, and increase your chances of achieving your life vision. The SMART system focuses on developing goals that are clear and reachable:

  • Specific (simple, sensible, significant).
  • Measurable (meaningful, motivating).
  • Achievable (agreed, attainable).
  • Relevant (reasonable, realistic and resourced, results-based).
  • Time bound (time-based, time limited, time/cost limited, timely, time-sensitive).

This system was defined about 40 years ago and has been updated by others who have suggested adding other areas of focus, such as: SMARTER that adds Evaluation and Review, and other areas that focus that include Efficacy and Feedback.

The following examples from the SMART system illustrate how to develop and achieve goals that are:
1.       Specific — All goals need to be clear and specific in order to focus your efforts on achieving them. Avoid using general statements. Ask yourself these five questions:

  • What am I trying to accomplish?
  • Why is this goal important?
  • Who is involved?
  • Where is it located?
  • Which resources or limits/barriers are involved?

Example — A specific goal may be: “I want to gain skills and experience to become the director of the department in order to build my career, increase my salary, and achieve a position on the leadership team.”

  1. Measurable Goals need to be measurable in order to track progress. This helps you stay focused, meet deadlines, and feel excited and motivated as you get close to achieving the goal. Ask yourself these quantifiable questions:
  • How much will it cost? How much time will it take?
  • How many qualifications do I need to get? How many leadership classes do I need? How may leadership teams should I be on?

How will I know when it is accomplished?

Comments:  You could measure your goal of acquiring the director position by completing the necessary leadership course, attaining your certification, and gaining the 3-5 years of required management experience.

  1. Achievable — A goal should stretch your abilities, but it still needs to be realistic and attainable. An achievable goal should answer these questions:
  • How can I accomplish this goal?
  • Do I have the required management and leadership experience?
  • How realistic is the goal, based on my time constraints, finances, and family obligations?
  • Do I have the family support to achieve this goal?
    • Am I capable of obtaining the required experience and qualifications?

Comments:  Your goal of getting the skills, experience, and training needed to be considered for the promotion is entirely up to you and in your control. However, the final decision of whether you get the position or not is dependent on others, such as a selection committee, human resources, a recruiter, etc.

2.       Relevant — The goals need to be important to you and align with other relevant goals. You need to have control over the goal and be responsible for achieving it. A relevant goal should answer “yes” to these questions:

  • Does this seem worthwhile?
  • Is it the right time? Do I have time make this a reality?
  • Does this match my other efforts/needs?
  • Am I the right person to reach this goal?
  • Is this the right time based on needs within the family? Does it fit with my spouses goals?

3.       Time-bound –Every goal needs a target date that provides a deadline to focus on and something to work toward. This helps prevent everyday tasks from taking priority over longer-term goals.

These questions should be asked:

  • When will I be able to acquire the skills and training I need?
  • What can I do six months from now?
  • What can I do six weeks from now?
  • What can I do today?

Comments:  Be sure to also determine a realistic time frame for accomplishing the smaller objectives (tasks/steps) that are necessary to achieve your final goal.

 

Key Strategies for Achieving Goals

  • Before setting goals, start by analyzing your past experiences to identify what helped or stood in the way of you meeting your goals. Is there a goal I constantly fail? Do I tend to set easy or hard goals? Do I procrastinate in working on my goals? Am I truly committed to my goals or do I just make a quick list, because I need to have something to show my boss? Also take a look into the future and determine what you envision when you goals are met.

Analyzing past and future goals before you begin to set your goals may seem like a strange way to start the goal-setting process, but it will help you identify more about yourself and what is important to you. It is a key strategy to help you put things in perspective, which will make goal-setting easier.

  • Keep the process simple. Set fewer goals that you definitely want to meet. Usually three goals per quarter are recommended. However you could choose up to seven goals, but be careful, that could lead to failure due to loss of focus and time to get the goals completed.
  • Make sure each goal is actionable. This is a key technique for success.
  • Start with small steps, then as you see progress move up to larger steps. This will increase your motivation and before long you will be meeting your goal.
  • Try to find someone to mentor you. Their advice and encouragement will be invaluable. If that isn’t possible, find someone you can talk with about your goals to offer you support. Partners help provide you with incentive and accountability.
  • Review your list of goals and objectives (tasks/steps) frequently and revise them, as needed.
  • Acknowledge your progress and be grateful for your progress, even if it is slower than you hoped. This is still a positive outcome and should help raise your enthusiasm and motivation. This is another key aspect for success. Don’t get discouraged, as this can lead to guilt, negativity, and loss of motivation.

Work-related Goals

This article has dealt primarily with personal goals, since we probably don’t spend as much time on those goals, as we do on work-related goals. We set our performance goals at least annually and work with patients/clients almost daily in helping them set their healthcare goals. These are a more formal and defined processes, however they follow similar basic principles, as discussed above for personal goals.

Each year organizations set strategic goals for the upcoming year. In turn, departments, units, and functional areas use those goals to set even more specific goals for programs, products and services that coincide with the strategic goals. Managers then work with their individual staff members to develop individual performance goals that align with the departmental and strategic organizational goals. Using this type of process ensures that all areas and individuals in an organization are focused on the same overall goals and striving to achieve excellence in their organizational and individual goals.

This process seems easier because the strategic and departmental goals are already defined and our individual goals are developed to align with them. So we just need to use the SMART principles to develop goals that are pertinent to our role and responsibilities, yet align with the strategic goals. We also add some personal performance goals that will improve our individual work performance.

There is no need to go into any more detail about developing these goals, since the process is similar, but keep these things in mind when thinking about developing work-related goals.

·         Use Strategic Thinking Skills: Review the strategic organizational and departmental goals before developing yours. Ensure your goals coincide with them and help achieve those goals.

  • Identify Problems That Could Impede the Strategic Goals: Think about the strategic goals and identify problems that are making it difficult to meet those goals. Look for ways to develop a goal that solves a problem that is being ignored, because everyone thinks there isn’t any way to fix it. That will provide more value that trying to develop yet another goal for a problem everyone is aware of. Another idea would be to develop a goal that would help enhance revenue and provide more value to the organization.

·         Develop Goals That Have Defined Objectives:  These will break down larger, more complex goals into specific objectives (smaller tasks/steps) that can be achieved in a 3-6 month timeframe, instead of goals that take an entire year. This results in smaller, more defined manageable pieces and timeframes that can lead to even more value to the organization.
In summary, to be successful in achieving any type of goal, you need to spend time determining what is really important to you or the organization. You also need to choose goals that excite or motive you, since that makes it easier for you to make a solid commitment to diligently work to achieve them. When defining your goals you need to make sure they are Specific, Measureable, Attainable, Relevant and Time-bound. And for larger, more complex goals, you need to break them down into smaller objectives (tasks/steps) in order to ensure achieving the overall goal.

 

“What you get by achieving your goals is not as important as
what you become by achieving your goals.”

Henry David Thoreau


ACUITYnxt WEBINAR March 6th, 2019

ACUITYnxt Webinar

March 6, 2019

YOU’RE INVITED!!

Join us March 6, 2019, at 11am PST/2pm EST for a live preview of our newest software for case managers! Whether you are an independent case manager, or part of a case management team, watch a demo of our web-based case management software. You will see the new features of ACUITYnxt, such as assessments that trigger care plans and other exciting features that case managers want.

Don’t miss out! Register below!

More Details

2019 Healthcare Technology and Medical Innovation Predictions

Pat Stricker, RN, MEd

Senior Vice President

It’s that time of year again – time to look at the healthcare trends and predictions for 2019.  It’s always interesting to look at what the healthcare experts think will be the “hot topics” for the coming year. Since there are numerous areas in healthcare that publish predictions, I chose to focus on the health information technology (HIT) and medical innovations areas. The following lists were created by reviewing numerous websites, studies, surveys, and articles.

Health Information Technology Predictions

  • Artificial Intelligence (AI) and Machine Learning
  • Innovative New Drugs, Precision Medicine, Therapies, Devices, and Wearables
  • Blockchain
  • Big Data and Data Ownership
  • Digital Health and Patient Experience
  • Healthcare Insurance Changes
  • Value-Based Care
  • Cybersecurity

 

Medical Innovations

  • Stroke Screening and Intervention
  • Robotic Surgery
  • 3D Printing
  • Virtual and Mixed Reality

I can’t say many of these were surprises, but there were a couple that I did not think would make the list and others that I was surprised to see not on the list.

In a survey conducted by Frost and Sullivan 244 healthcare industry participants were asked the following question: “Tell us ONE key technology you believe will have the most profound impact on the healthcare industry during 2019?”  80% of the participants mentioned 4 technologies they felt would be game-changers in 2019:  Artificial Intelligence (AI), Big Data Analytics, mHealth), and Wearables. AI and Big Data Analytics were not a surprise, since they have been hot topics for the past few years and probably will be for years to come. However, even though mHealth and Wearables seem to be garnering a lot of interest, they did not make any of the prediction lists I reviewed.

HEALTHCARE TECHNOLOGY PREDICTIONS

Let’s take a look at each of the health information technology predictions in more detail.

Artificial Intelligence (AI) and Machine Learning (ML)

These were mentioned in numerous prediction lists. AI has been and will continue to be a major innovation in the years to come, not just in healthcare, but in every aspect of our lives. It is being compared to inventions like electricity, the car, and others that completely changed the world. It suffers from over-inflated promises made by vendors and has had challenges and setbacks when it could not handle the complexities of clinical care (example – IBM Watson Health), but it is slated to revolutionize healthcare. I can’t wait to see what lies ahead.

  • AI will make steady progress even though it will struggle with adoption gaps. It is a mature technology that can handle large, diverse data sources, due to improvements in machine learning and natural language processing algorithms. Healthcare enterprises can choose from a variety of clinical, educational, technical and analytical solutions.
  • A survey found that 75% of healthcare organizations plan to execute an AI strategy.
  • 25% of business processes will be impacted by the adoption of AI technologies by 2020.
  • Forbes predicts AI in healthcare IT will reach $1.7 billion and that AI platforms used to change healthcare workflows will result in a 10-15% increase in productivity over the next 2-3 years. However, the cost of AI is a critical concern. Evidence must be presented that proves a solid ROI. AI is currently used in diagnostic imaging, drug discovery, and risk analytics applications.
  • AI and ML research and applications continue to grow with health related startups seeing a steady increase in the number of deals and equity funding. Healthcare is currently the largest industry for AI deal activity.
  • AI is changing healthcare by helping physicians make better decisions, improving the accuracy in viewing patient scans, improving the triage process, allowing the quick analysis of massive amounts of data in an EMR system, and reducing physician burnout.
  • AI will be used to support the expected 50% of clinical applications that will include ambient interfaces (sensors, speech and gesture recognition) by 2022. These changes are predicted to increase data quality by 40%.
  • The merging of AI and analytics will move analytic capabilities to mainstream adoption in the next 2-3 years.

New Drugs, Precision Medicine, Therapies, Devices, and Wearables

  • Opioid Epidemic: One of the most important goals this year will be to find a solution to the opioid epidemic. Over 130 people die each day in the United States from opioid-related drug overdoses. The cost for treatment of prescription opioid abuse alone is over $28.9 billion annually. The opioid crisis is a public health emergency, with chronic pain being the leading cause of opioid prescriptions. Efforts to find new processes and technology to prevent potential misuse of opioids and alternatives to the drugs will be a major effort.
  • Even though there are alternative therapies for chronic pain, none have made a significant effect on the crisis. However there is a new innovative pharmacogenomics test, based on a patient’s genetic makeup that is expected to make a difference. It identifies the way an individual metabolizes drugs and can be used to eliminate unnecessary and ineffective prescriptions, predict an individual’s level of pain relief or non-relief from opiate-based analgesics, and specifically tailor medication therapy to an individual. Pharmacogenomics has the potential to make significant changes that could end to the crisis.
  • Behavioral Health Epidemic: The U.S. is facing a major behavioral health epidemic, with issues ranging from eating disorders, anxiety and depression to suicidal tendencies. Yet the U.S. healthcare system isn’t equipped to quickly and accurately assess a patient’s mental health at all care access points. Costs for the treatment of behavioral health issues continue to mount, so we need to get better at identifying and treating behavioral issues before they become a problem.
  • Expect to see an increase this year in mandated behavioral health screenings and technology designed to better manage medication dosages.
  • Precision Medicine: The rise of precision medicine or pharmacogenomics is another trend that will greatly impact pharmaceutical research and healthcare technology this year. This approach to patient care has been successful in oncology by focusing on a patient’s protein interaction and genetic makeup for a better treatment protocol. Researchers can study the cancer and determine where it may be most vulnerable for treatment by comparing the DNA from a patient’s tumor to normal cells. By tracking the patient’s genetic profiles, physicians can also learn which treatments work best for which patients. A study found that 65% of patients prescribed the world’s top five selling drugs didn’t respond to the therapy. Precision medicine can have an immediate impact by helping to identify new ways to reduce overspending on prescription and pharmaceutical costs for medications that are not working.
  • In 2019, precision medicine will continue to expand beyond oncology. It is currently being used for genetic profiling of joint tissue in rheumatoid arthritis patients to see which drugs work best for individual patients. Stem cell studies are also presenting completely new ways to tailor specific patient treatments. Multiple sclerosis researchers are now able to track the course of an individual’s disease and predict the most effective treatment.
    • Look for pharmaceutical companies to invest heavily in precision medicine this year.
  • Advances in Immunotherapy for Cancer Treatment: Cancer immunotherapy (biologic therapy) uses the body’s own immune system to fight cancer. These immunotherapies have existed for some time and the work continues to highlight new and novel immunotherapeutic targets.
    • New immunotherapeutic targets and biomarkers are discovered almost daily, so effective therapies may soon exist for all tumor profiles.
    • Other cancer treatments were mentioned above in the Precision Medicine section.
  • RNA-Based Therapies: These therapies, similar to DNA-based gene therapies, are the newest innovation and are showing immense potential. By interfering with genetic data at the ribonucleic acid (RNA) level, a patient’s genetic abnormality can be intercepted before it is translated into functioning (or nonfunctioning) proteins. They are being used to explore a variety of rare genetic diseases, e.g. Huntington’s disease, as well as in cancer and neurologic diseases. These new therapies offer immense opportunities.
  • Smartphone and Smart Watch Applications: Apple will continue to make significant progress as they have done in integrating the iPhone with other data sources, including EHR systems (EPIC).
    • Currently they are working on making their Apple watch into an ECG app.
    • 20-30% of acute care providers will deploy smartwatch-based apps by 2022, which will provide a 50% increase in clinician productivity.
    • 50% of pharmaceutical reps will be able to accomplish all field duties on one device (a smartphone) by 2022.
  • Procedures in Outpatient Centers: There is a continued trend to treat patients at outpatient surgical facilities, rather than inpatient facilities. Several studies have shown that Ambulatory Surgery Centers have significantly better outcomes, lower infection rates, and save millions annually. Expect to see continued expansion of complex surgical procedures in the outpatient area and new innovations that cater to the needs of these specialized centers.
  • Asia becoming the New Local Innovation Hub for Global Drugs and Devices: Historically, the majority of medical innovation flowed from West to East. That is now changing. Forbes is predicting that in 2019 up to 10% of healthcare R&D will be done in Asia.

Blockchain

Blockchain is described as: (1) a system in which a record of transactions are maintained across several computers that are linked in a peer-to-peer network; (2) a digital database (or the technology used to create the database) containing information, such as financial transactions, that can be simultaneously used and shared within a large decentralized, publicly accessible network; and (3) an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way.

  • Future Model: While Blockchain is currently used in financial areas, it is not widely known, understood, or used in healthcare at this time. However, that is beginning to change. It is being used in at least one large-scale effort, an initiative addressing the $2 billion a year problem of provider data management by a consortium involving Quest, Humana, and Multiplan, Aetna and Ascension. This could be the model for the future.
  • Use Expected to Increase: Blockchain is expected to increase to eight times its current use by 2022, due to the ever-increasing need to share large volumes of data and solve “big data” analytic issues.
  • ROI: Blockchain is now moving from “hype” to real commercial use across enterprise initiatives. Forbes predicts that by end of 2019, 5%-10% of healthcare Blockchain applications will move from the pilot stage to partial/limited commercial availability.Companies will continue to expand their current use and other companies, who have waited, will finally jump in. The focus will move to exploring HOW and WHERE Blockchain can be used in the healthcare space.

Big Data and Data Ownership

Organizations are engaged in a battle to determine who owns the consumer’s data. Large tech companies have made progress in aggregating and analyzing large, diverse data sources, but the challenge is how to apply what has been learned to make a difference in real-time delivery of care and how to engage more meaningfully with healthcare consumers.

  • Analytics is expected to shift Big Data to meaningful Small Data by specialty
  • Personal data ownership will triple globally by 2023, as digitally engaged patients bring their own data, and industry and government organizations develop more data-driven programs.
  • As healthcare embraces data management workflows, Forbes expects specialty-specific analytic solutions to be popular with organizations who want to investigate drug utilization, treatment variability, clinical trial eligibility, billing discrepancy, and self-care programs dealing with major chronic conditions. Forbes predicts that by end of 2019, 50% of all healthcare companies will have resources dedicated to accessing, sharing, and analyzing real-world evidence for use across their organizations. In the future, the primary goals will include: identifying and determining risk for individuals in population health management programs, identification and use of the best treatment pathways (lowest cost, best outcomes), and operational automation by patients, payers, physicians, and procedures.

Digital Health and Patient Experience

A 2019 health industry research report conducted by International Data Corporation (IDC), a global provider of market intelligence, advisory services, and events for IT, telecommunications and consumer technology markets, provides a detailed analysis of healthcare trends and issues. It stressed that the number one goal for healthcare organizations, if they want to remain competitive in 2019 and beyond, must be to optimize a personalized, natural, digital experience for patients. This must include connecting with patients through online healthcare portals that allow patients to view and interact with healthcare organizations/personnel at any time and from any internet-connected device.  IDC’s research director stated “the future belongs to visionary leaders and forward-thinking organizations that are able to break the shackles of legacy systems and accelerate mastering digital-first strategies.” This includes building health IT programs that focus on “data-driven, experiential, and personalized approaches”. If healthcare organizations do not aggressively work at digitally transforming their companies, IDC warns that they could see a decline of over two-thirds of their markets by 2022.

Health systems are heavily investing in EHRs, which means smaller digital health companies and startups are struggling to compete. They typically do not provide a high return on investment, due to slow enterprise-wide adoption rates and newer reimbursement models. In addition, they need to pilot and implement their products quickly to gain traction, to alleviate being crushed by big tech companies with similar offerings. Healthcare enterprises are helping to set up innovation funds to assist startups to pilot their solutions. In some instances, the enterprises are taking equity stakes in some of the companies.

  • Outpatient digital health technology will grow by 30%, reaching $25 billion. It will continue to empower individuals to feel confident in managing their own health.
  • Increased costs from chronic health conditions and the aging population will drive digital health solutions, such as devices, telehealth platforms, and mHealth applications.
  • Reimbursement policies related to clinically relevant digital health applications will expand care delivery models beyond physical conditions to include behavioral health, digital wellness, dentistry, nutrition, and prescription management.

Healthcare Insurance Changes

  • Innovative Private Insurance Models Shake up Healthcare Payer Industry: Health insurance policies fail to meet the personalized needs of individuals. A number of insurance companies are now providing data and digital-driven services to personalize the experience and reduce the cost. Forbes expects 5-10% of health insurance plans to link to lifestyle and health data-driven interactive policies by the end of 2019. This interactive policy will enable insurance companies to leverage individual data and use it to personalize premiums and discounts/rewards.
  • 30% of Fortune 500 companies will offer employer-direct healthcare instead of traditional health insurance by 2021, due to the cost of specialty drugs and negotiated bundled procedures.

Value-Based Care

Forbes predicts this year will be the “year of value-based-care”. They expect economic, reimbursement models to continue to transition to models that are based on outcomes and value. They will be data-driven and provide risk-sharing that will lead to more value for all parties.

  • Up to 15% of global healthcare spending will be tied to value/outcome based care models by the end of 2019.

Cybersecurity

The 2019 health industry research report conducted by IDC includes a cybersecurity assessment that shows its ever-increasing important role, as more and more technology applications and databases are developed and used in the general population. Cyber-attacks continue to increase, yet healthcare organizations still lag far behind cybersecurity standards in the finance and retail industries.

A  report found that during the last year, the healthcare industry saw an average of 32,000 intrusion attacks per day per organization, compared to only 14,300 per organization in other industries. And considering stolen health credentials can be worth 10 to 20 times more than credit card information on the black market, this is a major issue. In addition, breaches over the past year have increased every quarter, with 4.39 million medical records exposed in Q3 alone.

  • Expect healthcare organizations to try to close the gap between healthcare cybersecurity standards and the standards of other industries.
  • AI and Machine Learning will be used to improve cybersecurity capabilities and combat ransomware by 40% of healthcare providers by 2022.

 

MEDICAL INNOVATIONS

While I did not conduct an exhaustive search of medical innovations, I used the “Top 10 Medical Innovations for 2019”from the Cleveland Clinic that was unveiled at their 2018 Medical Innovation Summit in October, 2018.  The innovations were selected by a panel of Cleveland Clinic physicians and scientists. I have already included these medical innovations in the above technical predictions, so I will not repeat that information here:

  • Alternative Therapy for Pain: Fighting the Opioid Crisis
  • AI in Healthcare
  • Advances in Immunotherapy for Cancer Treatment
  • RNA Based Therapies

Stroke Screening and Intervention

  • Visor for Prehospital Stroke Diagnosis: Hemorrhagic strokes, during which blood escapes from a ruptured blood vessel in the brain, requires rapid diagnosis for effective treatment, as uncontrolled bleeding can lead to swelling, brain damage, and/or death. Nearly 40% of hemorrhagic strokes result in death. A visor is now available for healthcare professionals to use to scan for bleeding in the brain. It can be used anywhere and is an efficient prehospital diagnostic tool to speed up diagnosis and reduce the time to treatment.
  • Expanded Window for Acute Stroke Intervention: A timely response is critical in stroke intervention, as prolonged lack of blood flow can cause irreversible damage, often resulting in disability. Interventions are available, but only if they are done within a limited window of time. New guidelines now provide an expanded treatment window, which has the potential to lower the risk of disability and provide recovery to an increased number of future stroke patients.

Robotic Surgery

  • Innovation in Robotic Surgery: Robots in the operating room offer surgeons guidance for extreme precision surgeries, while providing the shortest and least invasive surgeries. Surgical platforms are highly advanced and are used for a variety of surgeries. Shortened recovery time, limited post-surgical pain, and improved surgical outcomes are additional benefits of minimally invasive robotized surgery.
  • Mitral and Tricuspid Valve Percutaneous Replacement and Repair: Today, cardiac surgery is less invasive, more routine, and more effective than in the past. It is performed via a catheter through the skin and many cardiac procedures no longer require open heart surgery. That is a major benefit. In addition to aortic valve percutaneous intervention, percutaneous mitral and tricuspid valve intervention has yielded significant positive outcomes and post-op results. This innovation has significant implications for the future of cardiac care.

3D Printing

  • Patient-Specific Products Achieved with 3D Printing: Medical devices can be made to exact patient specifications using 3D printing technology. These devices are more compatible, comfortable, better accepted by the body, and provide better performance outcomes than other devices. The versatility of 3D printing provides advanced care, while minimizing the risk of complications. The most significant work includes external prosthetics, cranial/orthopedic implants, and customized airway stents. Prosthetics and other bodily implants will soon be available on the commercial market. The technology has also been used for complicated heart surgeries and the most recent total face transplant. This is an amazing innovation.

Virtual and Mixed Reality

  • Virtual and Mixed Reality for Medical Education: Virtual and mixed reality (VR/MR) uses computer technology to create simulated and hybrid environments that astound gaming users. However, VR/MR technology is much more than a game and is being used in medical education programs to provide life-like simulation training. This unique, immersive learning appeals to audio, visual and kinesthetic learners.

Definitions: 

Virtual Reality is an artificial environment that is experienced through sensory stimuli (such as sights and sounds) provided by a computer and in which one’s actions partially determine what happens in the environment.

Mixed Reality is a hybrid reality that merges the real and virtual worlds to produce new environments and visualizations where physical and digital objects co-exist and interact in real time. Mixed Reality augments the real world with virtual objects that aim to look as if they are really placed within that world. Mixed Reality takes place not only in the physical world or the virtual world, but is a mix of reality and virtual reality.

Healthcare is always going through substantive changes. This make it a moving target to try to determine what will happen in the next year, so it will be interesting to see if these predictions are accurate.