HealthCare

5,400 More: Providence Breach Highlights the Poor State of Data Security

5,400 More: Providence Breach Highlights the Poor State of Data Security

Providence Health and Services, an Oregon-based healthcare clinic, recently notified nearly 5,400 current and former patients that their medical data may have been exposed. A former employee reportedly accessed the medical records without “any apparent business need” between July 2012 and April 2016, according to a Providence media advisor. Affected information included demographic details, medical treatments, and possibly insurance data and Social Security numbers.

Providence_Health_&_Services_logo

The employee has since been fired in accordance with a corrective action plan, with the clinic noting that it didn’t believe any sensitive information was further viewed or disclosed.

Damage Control

Providence’s breach highlights one of the biggest problems plaguing healthcare as a whole—threat detection. With private information being transferred across multiple EMRs, external hard drives, and mobile devices daily, it’s becoming increasingly difficult for clinics to monitor all channels on which sensitive data travels. Add in human error and the complications that arise when data is handled by large teams of providers, and you have a security system that is vulnerable inside and out.

Breaches like the one recently reported in Providence can take months to detect, and in some cases, they may even take years. Unless a breach is detected immediately, unauthorized users have plenty of time to copy, transfer, or sell privileged information.

As part of its corrective action strategy, Providence is offering 24 months of free credit monitoring for all affected patients. Although damage control tactics like these are necessary after any instance of data loss, they do little to assuage the fears of patients worried about future information exposure. By the time the breach has occurred, it’s already too late.

A Measured Response

Knowing how to appropriately respond to breaches is the responsibility of all organizations handling sensitive data. In Providence’s case, the clinic didn’t believe that the data was exposed beyond the initial breach, and tailored its outreach accordingly.

The confusion following breaches makes large-scale damage control strategies difficult to apply at the drop of a hat, making it essential for breach response protocols to be in place before the damage is done. When strategies for breach prevention are incorporated into clinic policy through mandatory employee training, threat classification, and agile threat response, better security comes as a matter of course. To prevent breaches like the one affecting Providence, healthcare organizations need to build security into their infrastructure from the ground up.

Desh Urs iBridge LLCWritten by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

$2.7 Million: The Costs of OHSU’s Security Shortcomings

$2.7 Million: The Costs of OHSU’s Security Shortcomings

The Oregon Health & Science University recently resolved an investigation into two breaches of electronic health data occurring in 2013, resulting in a payment of $2.7 million and three-year corrective action plan to prevent future security issues.

According to Tamara Hargens-Bradley, spokesperson for the U.S. Department for Health and Human Services Office for Civil Rights, these breaches occurred across multiple channels:

“The first incident involved a stolen laptop and the second resulted from the use of an internet-based information storage service, or ‘cloud storage’ service, without a business associate agreement,” she said. “No harm was reported by patients.”

OHSU

The breaches occurred within three months of each other, both the result of improper security protocols. The stolen laptop was not encrypted at the time of its theft. And Google, the company hosting the illegally-accessed spreadsheet, features no contractual relationship with OHSU to securely store sensitive information. These failings bring to light previous security incidents in OHSUs infrastructure, occurring in 2009 and 2012 and affecting nearly 15,000 patients.

Since the 2013 breaches, the OHSU has taken steps to improve its security protocols, including:

  • Stronger computer encryption across the campus
  • Free identity theft protection for at-risk patients
  • Toll-free phone outreach for patient concerns and support

Steps to Security

Though OHSU committed itself to a three-year security action plan to prevent future data loss, its strategy may be shortsighted. Though its commitment to supporting affected patients is necessary, it’s little more than a damage control measure. Pledges to strengthen computer encryption across the university will do nothing to support cloud-based security infrastructure or prevent theft of the hardware itself.

Better security is a product of planning—reacting after the fact isn’t enough to enact meaningful change. Structures must be in place before breaches happen; and for organizations like OSHU that have suffered myriad breaches over the past seven years, these structures can’t come soon enough:

  • Preparation: Security should be delegated to a specific task force that is trained in crisis management and has dedicated plans for how to solve emerging threats.
  • Detection: Organizations must know where breaches are before they can be addressed.
  • Removal: Workflows for how data breaches will be contained and addressed help teams act efficiently.
  • Post-Recovery Response: Data must be reviewed on how the breach occurred, why it occurred, and how to reinforce security to prevent it from happening again.

While prioritizing affected patient and communication are good first steps, OHSU has a long road to travel before it’s ready to build structures that support true organizational security.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

 

EHRs the New Target of Malpractice Litigators

EHRs the New Target of Malpractice Litigators

Medical malpractice litigators have found a new target: Electronic Health Records (EHRs).

Amidst the concerns of data security and protecting EHRs from breaches, certain legal teams are finding ways to exploit the imperfect nature of electronic records for legal gain.

Targeting Electronic Records

Many EHRs are designed with a digital experience in mind. Information is stored in templates that populate correctly on a screen but don’t keep the same clean format when printed. This can create confusion for those viewing the printed records—data may populate in several locations at once, giving the appearance of mismanaged records and internal disorganization.EHRs the New Target of Malpractice Litigators

Litigators, whose job it is to discredit medical organizations during malpractice suits, prey on this confusion and use it as an example of poor healthcare practices. The argument is that if the record itself is confusing, it stands to reason that overall care will be marginal. Legal teams can take this even further by questioning the authenticity of the data itself.

This leads to situations where healthcare providers are embroiled in malpractice disputes about quality of care, but have to defend how their medical records work. This litigation is controversial—rather than discussing the actual issues the defendants in the complaint, litigators are shifting the focus to technical failings to help win their cases. Every healthcare organization must know of this trend and do what it can to prevent EHR templates from damaging credibility.

Avoiding Confusion

Litigators exploiting the shortcomings of EHRs rely on one primary element for their cases—confusion. If healthcare organizations can improve their communication and documentation protocols, they will be less vulnerable to the drawbacks of EHR paper documentation.

Understanding the context of care is essential when determining how to address malpractice concerns. Organizations must be able to defend their actions in the face of scrutiny, even when printed EHRs provide irregular readouts. Questions concerning how care is viewed, which provider did what, and when they did it all contribute to understanding health outcomes. Each of these questions must be thoroughly documented for each patient to prevent legal teams from using data confusion as ammunition for malpractice suits.

In addition, communication between C-suite staff, caregivers, and EHR providers must be seamless and transparent. Litigators targeting EHRs rely on the inherent disorganization that comes from transferring digital information into print. When processes and patient care are documented thoroughly, they become easy to understand at a glance. This helps reduce the likelihood that litigators can leverage the weaknesses of printed digital templates to discredit healthcare providers.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge Newsletter10 Legal eBook CTA

Americans Still Unprepared to Share Health Information Online, Pew Reports

Americans Still Unprepared to Share Health Information Online, Pew Reports

Although healthcare technology and EHR management tools are improving in security, a new survey by Pew found that Americans are still unprepared to share their health information online.

Americans Still Unprepared to Share Health Information Online, Pew Reports

Pew’s research showed that American tolerance for healthcare data breaches is low—just over half of Americans surveyed felt that doctors should use health information websites to manage patient records, citing privacy concerns as the biggest drawback. Another 20 percent of respondents said their comfort with online sharing would depend on the scenario, and 26 percent felt that accessing online health information was unacceptable.

Respondents cited various reasons for their aversion to online record sharing, but each reason speaks to a larger trend in the healthcare world—patients strongly safeguard their own information, and must trust the clinicians with whom they share information.

Privacy is Case-by-Case

Throughout Pew’s survey, many respondents agreed on one point: their comfort with sharing data depended on the unique circumstances of each medical situation. Before sharing their information online, respondents wanted to know:

  • Do I trust this clinic?
  • How will they store the data?
  • How will the data be used?
  • Is my data secure?

Respondents also claimed that the record type stored made a difference in their comfort level. Patients were comfortable with sharing surface level information, such as appointment scheduling or providing basic personal details. However, they complained about having their health information and medical outcomes exposed, which they felt could negatively affect their ability to secure credit, purchase insurance, or find jobs.

“My health records are confidential,” one respondent claimed. “I don’t want them in the hands of someone unscrupulous or marketing companies possibly trying to recommend a drug or something based on a condition I may have.”

Building Trust

Despite the reluctance to share information online, respondents agreed that their personal relationship with that clinic factored into their decision to share data. If they trusted the organization, they were more open to online health records.

Clinicians must remember this as they move towards electronic health records. Although the surge in data breaches over the past few years has painted digital healthcare management in a bad light, clinics still have options to protect themselves. Choosing the right data security options for enterprise health platforms will help prevent data loss, build trust with patients, and ensure that digital records are just as secure as paper files.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

5 Healthcare Imperatives that Speak to the Need for Personalization

5 Healthcare Imperatives that Speak to the Need for Personalization

Patient expectations are changing fast in the healthcare world.

A recent report by EMC showed that technology has greatly influenced patient expectations over the past few years:

  • 47 percent want more “personalized” experiences
  • Over 50 percent want faster access to services
  • On top of that, 45 percent expect 24/7 access and connectivity to services
  • 42 percent want access on a wider range of devices than they currently have

Given the results of this survey and others like it, there are several healthcare imperatives that providers must understand when creating a more accessible and personalized patient experience:

1. Predict New Opportunities

Greater healthcare personalization involves identifying areas where patients need care the most. 5 Healthcare Imperatives that Speak to the Need for PersonalizationValue-based care and patient-centered medical homecare are a few examples of areas where service providers can reach out to patients outside of the traditional healthcare setting. To better predict these opportunities, providers must get involved with data studies and leverage this information in pilot programs. These test programs provide valuable information about network efficiency and how customers respond to each care initiative.

2. Promote Transparency

Transparency of treatment options, outcomes, and medical data is essential for personalization. The best patient outcomes stem from collaborations between patient and provider; transparency helps establish trust and lets patients take an active role in their care. The easiest way to personalize healthcare is to involve patients in the decision-making process.

3. Support Innovation

Healthcare providers must support innovation any way they can. This involves contributing to clinical research studies, integrating new technologies to support productivity, and leveraging the omnipresent access of the Internet to provide each patient better control over their data. As digital healthcare strategies become more tech-centric, providers must build internal cultures that promote innovation and growth.

4. Connect with Your Customers

Dave Diamond, the CTO of EMC, spoke on the value of patient interaction for greater personalization:

“The key theme is to know your customer,” said Diamond. “Go to your customer, the patient and engage them. Go with consumer-direct products like every other industry has. In the post-meaningful use world – providers are digitized like other industries.”

Providers must prioritize one-on-one interactions with patients to learn what values drive their behavior.

5. Provide Continual Access

The above EMC report highlighted the importance of real-time access of health services. Patients these days want to be able to connect to the services they want, through whatever devices they have on hand. Providers must understand this and use innovative channels and applications to create this access. Telemedicine, mobile health, and online web portals can all contribute to an infrastructure of patient connectivity.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

Growing Innovation in the Healthcare Technology World

Growing Innovation in the Healthcare Technology World

Digital health systems and applications are making waves in the healthcare world, but their use is still in its infancy.Growing Innovation in the Healthcare Technology World

Higher care quality, better patient outcomes, and overall efficiency are typical benchmarks used to measure, healthcare system efficiency, but most health applications have only shown modest returns on their use. Compounding the problem is the difficulty of measuring patient outcomes across disparate systems; healthcare system leaders are still unsure of how to achieve the maximum returns from healthcare technology.

Healthcare administrators must answer three questions before they can leverage healthcare applications in more practical and economically viable ways:

1. Who should pay for the applications and services?

These days, most applications are cheap or free outright, making patients pay for their own applications may be a barrier to entry. The demand for these applications is high, and consumers are showing more interest in having control over their own health information. However, without demonstrable proof that health application use is linked to better patient outcomes, the cost disbursement of health applications presents a challenge.

2. How do we measure the effectiveness of the outreach?

This is one of the primary underlying issues plaguing healthcare service providers. To justify reimbursement, application providers must prove that their services produce long-term health benefits that translate into economic benefits in the healthcare system. Without standardized measures for patient data collection and review, this analysis is difficult to perform.

3. What framework is necessary for start-ups to implement sustainable and successful health applications?

Creating an accessible IT framework for application developers is the best place to start.

Not approaching healthcare infrastructure as a national priority is a mistake. Each regional health system should consider the use of open innovation platforms that store and provide health data. This framework should be able to integrate with application programming interfaces and other IT services, with the end goal of creating a centralized data platform for health service use.

Starting with top-down solutions like these improve both assessment and delivery of health services while making them more affordable for all parties involved. Though effective in theory, an open innovation platform would require efficient collaboration among multiple parties in each country.

Those responsible for maintaining this platform will need a solid understanding of healthcare management, data security, and collaboration with regulators. Though this is a tall order in a still-growing healthcare IT field, open innovation platforms promise easier collaboration between payers and health application developers than ever before.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

It’s (Not) Academic: Cybersecurity Is a Must for Universities and Academic Medical Centers

It’s (Not) Academic: Cybersecurity Is a Must for Universities and Academic Medical Centers

Although cybersecurity has taken a central role for healthcare facilities and legal firms, cybercrime doesn’t discriminate based on industry.

Universities and academic facilities contain sensitive data just as vulnerable to outside intrusion as industries that heavily prioritize security. Student healthcare data, financial information, and other personal details are all at risk in unsecured academic networks. Over the past several years, multiple universities have reported data breaches that had significant impacts to their student body and reputation.

It’s (Not) Academic: Cybersecurity Is a Must for Universities and Academic Medical Centers

The University of Maryland suffered a breach in 2014 that resulted in over 300,000 compromised records, including university IDs and social security numbers. That same year, a breach at Butler University revealed the social security numbers, driver’s license information, and bank account data of over 200,000 individuals.

The financial cost of these breaches is high, but the damage isn’t limited to leaked information. Much as other victims of high-profile breaches (including Sony and Target) have recently learned, the bad PR from a data breach can be catastrophic to an institution.

Threat Prevention

As positive PR is an absolute necessity for academic organizations, a cybersecurity prevention and damage control strategy is essential.

Initial measures for beginning this plan should include:

1. Internal Threat Assessment

With over 50 percent of cyber attacks in 2014 from insiders, institutions must know of internal threats and have measures for threat assessments. This involves creating dedicated teams with representatives from each department who can oversee internal data security in their own divisions.

2. Enhance Security Infrastructure

Academic institutions must upgrade their IT security to discourage hackers. Sensitive information should be protected with authentication credentials, firewalls, and by limiting access to only essential personnel. Better system-wide controls help prevent the unregulated flow of information that cyber breaches rely on.

3. Breach Testing

Many institutions these days test the strength of their security with the help of white hat hackers. These vendors can review the strength of your cybersecurity protocols and offer guidance on where you may be vulnerable.

4. Damage Control Planning

Should a breach occur, institutions must have a plan in place to mitigate the damage. Steps will need to be taken to lock down your system and prevent small data losses from turning into out of control information breaches. This includes disclosure protocols for parties who may be affected by the data loss.

5. Getting Insured

Cyber insurance can help reduce the financial burden of leaks should a breach take place. This can be beneficial for large-scale organizations who handle millions of patient or customer records.

While these steps are a good start for academic organizations without cybersecurity protocols in place, they are only the first steps of a larger, system-wide push towards data security. The threats are here—academic institutions can’t afford to wait.

Desh Urs iBridge LLCWritten by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Despite the push towards data security and information governance, data breaches can occur where you least expect them. Though encryption software and more secure firewalls have shown success at preventing internal data breaches, another threat is looming on the data security landscape: “visual hacking.”

Low-Tech Hacking

Visual hacking involves capturing confidential information from digital screens by using smartphones, discrete cameras, or plain sight. Compared to complex coding backdoors and malware infection, visual hacking is relatively low-tech, but that doesn’t mean it isn’t a concern for healthcare organizations tasked with controlling sensitive data.

Imagine the opportunities for visual hacking present in locations as basic as healthcare clinics. Offenders can snap photos of your information as you fill out your medical record, eavesdrop on your conversation with staff, and once they enter the actual clinic, use silent, high-powered zoom cameras to discretely record any instances of unsecured patient data. With just a few clicks of a button, healthcare organizations can suffer data breaches that may cost them millions.

Visual Hacking

Though protecting confidential data from prying eyes has always been a concern in the healthcare field, new mobile camera technology is giving offenders more tools than ever before. A 3M sponsored hacking experiment with the Ponemon Institute found that a white hat hacker could visually hack sensitive information in 88 percent of attempts.

3M’s campaign against data loss helps IT and security professionals better address their security vulnerabilities. According to Gartner, IT security spend reached $75.4 billion in 2015, but this increase in security funding will do little to prevent the rise of low-tech hacking methods.

Preventing Visual Hacking

Healthcare providers must try to prevent data loss from visual hacking:

  • Using applications to mask high-risk data, particularly when accessing data from mobile and public locations.
  • Creating a corporate culture of security that prioritizes visual security—all staff must know of the growth of visual hacking and why all data must be stored behind authentication or privacy filters.
  • Limiting logins to necessary locations will help prevent the number of access points where data breaches may occur.

There’s no simple strategy to fight visual hacking, but healthcare organizations that understand the risks and challenges associated with visually securing private data are one step ahead in the game. Data security across all channels is an ongoing struggle that healthcare providers must be prepared to face.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

Personal Accountability: The Need for Patient Controlled Records

Personal Accountability: The Need for Patient Controlled Records

Though the use of clinician Electronic Health Records (EHRs) is the standard for patient data storage, researchers at Boston Children’s Hospital are pushing away from this framework in favor of giving patients more control over their data.

The Tech Myth

A common misconception in the healthcare industry is that medicine relies on complex and specialized IT systems for data storage.Personal Accountability: The Need for Patient Controlled Records The opposite may be true. Specialized software leads to extensive IT costs and strenuous physician workloads, all to aggregate data in a fragmented system that patients can’t access on their own.

This creates challenges on both the patient and provider sides: clinicians must struggle with burdensome systems and expensive IT infrastructure while patients must deal with having their information spread across as many EHR systems as providers they see. This system creates a lack of transparency for patient data and makes it difficult for both patients and providers to view the big picture for each patient’s health history.

Empowering Patients

Giving patients a centralized way to control and manage their health data offers several advantages over the current system:

  • Patients can collect data from many providers seen, providing a 360-degree view of health history and outcomes across providers
  • A comprehensive database of health encounters helps providers coordinate care across specialties
  • Data governance allows patients to supply their own information or correct errors that healthcare providers may not notice

Isaac Kohane, MD and chair of the Department of Biomedical Informatics at Harvard Medical School commented on the need for patient controlled records:

“EHRs and patient portals were plan B … We should go back to plan A, which was to create patient-controlled data stores that compile all pertinent data across a patient’s lifetime and is the patient’s to share as they see fit.”

Steps to Patient Controlled Records

Giving patients universal access to their health records will require a large-scale shift of industry priorities and initiatives. The current infrastructure doesn’t support cooperation between clinicians or data visibility. Kohane and the research team at Boston Children’s listed several steps that could help create a system where patient controlled data is the norm:

  • Receive stronger incentives from the Centers for Medicare and Medicaid Services, with private insurers that support giving patient’s access to data.
  • Create consistent public application programming to enable patients to access their data.
  • Establish tools to give patients governance over who can access or change their data.
  • Adopt exacting security standards and authentication protocols to ensure data protection and accountability.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

3 Truths of Improving Healthcare Processes and What You can do About it

3 Truths of Improving Healthcare Processes and What You can do About it

Healthcare providers are in constant search of efficiency.

And not just healthcare providers, either. Every organization out there could stand to benefit from process optimization in one form or another. It’s this basic idea that led Dr. William Edwards Deming to create his legendary 14 point plan for process evaluation efficiency over 75 years ago. These principles still hold true today, with several having special significance for improving the healthcare industry.

1. Improvement Relies on Process Management

Healthcare is complex, with many considerations. Improving processes usually means creating a better system to deal with challenges. However, it’s difficult to know exactly which processes generate the most impact. The Pareto principle applies to healthcare processes, with 20 percent of processes likely doing 80 percent of the heavy lifting. Healthcare organizations must identify these lynchpin processes and prioritize their efficiency to see the maximum return for their effort.3 Truths of Improving Healthcare Processes and What You can do About it

2. Improvements are Data-Driven

It’s as true for healthcare as it is for any industry: quality improvements rely on data. Data powers our decision making, provides context for processes, and helps ensure improvements do as they were intended. No process improvement can exist without data.

3. Managing Care and Managing Physicians are not the Same

The Deming principle of managed care was once misunderstood. Managing processes of care doesn’t mean removing agency from clinicians. Physicians are an essential part of improving health processes—they must be engaged and included in the discussion. Deming referred to clinicians as the “smart cogs” of healthcare processes. Involving physicians in the improvement process gives them a voice and helps ensure their interests are represented during times of change.

With Deming’s principles at work, we can look at how clinics can prioritize quality improvements in their organizations.

  • Implement an Enterprise Data Warehouse: A system wide hub for data and information helps provide a framework for your processes. We’ve established the necessity of data—and a centralized network of information is the best way to track whether your improvements yield results.
  • Use Pareto’s Principle: With 20 percent of processes creating 80 percent of the results, healthcare providers must know which processes are most important. Resources are limited, and quality improvements won’t come from supporting care processes that have little actual impact. Analytic tools can help providers identify these variable and resource-intensive processes.
  • Involve Everyone: Clinical teams, nurses, and physicians must all be involved in the improvement process. More perspectives offer new insights into what can be improved, and the talents of various clinical teams can inform your improvements with understanding and expertise that can’t be found elsewhere.

Dean Van Dyke iBridge LLC
Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know