Recent intrusions into the hospitals’ IT systems resulted in blocked medical records including medical laboratory data
Healthcare cyberattacks continue to be a threat that bring potentially costly business consequences for clinical laboratories. Just in the past month, two hospital systems had their health information technology (HIT) systems disrupted due to security incidents. In response, the hospitals’ medical laboratories were forced to switch from digital to paper documentation and, in at least one case, the organization reportedly had difficulty accessing electronic laboratory test results.
At Tallahassee Memorial, an “IT security issue” on Feb. 2 resulted in the organization shutting down its IT systems for 13 days, including at its clinical laboratory. The hospital’s computer network went back online on Feb. 15, according to a news release.
At Atlantic General Hospital, according to an AGH news release, IT personnel discovered a ransomware attack on Jan. 29 that affected the hospital’s central computer system. As a result, the walk-in outpatient laboratory was closed until Feb. 14.
These recent cyberattacks underscore the importance for clinical laboratory leaders to have plans and procedures already in place prior to a disruption in access to critical patient data.
Healthcare cyberattacks can be a “complete blindside for a lot of organizations that think they have protections in place because they bought a product or they developed a policy,” said Ben Denkers (above), Chief Innovation Officer at CynergisTek, an Austin, Texas-based cybersecurity company, in an exclusive interview with The Dark Report. Since clinical laboratory test results make up about 80% of a patient’s medical records, disruption of a hospital’s IT network can be life threatening. (Photo copyright: The Dark Report.)
Laboratory Staff Unable to View Digital Diagnostic Results at Tallahassee Memorial
Though the exact nature of the incident at Tallahassee Memorial HealthCare has not been divulged, hospital officials did report the incident to law enforcement, which suggests a cyberattack had occurred.
Electronic laboratory test results were among the casualties of the IT difficulties at TMH. “Staff have been unable to access digital patient records and lab results because of the shutdown,” a source told CNN.
Attempts by Dark Daily to reach a medical laboratory manager for comment at TMH were unsuccessful. However, in a news release posted online shortly after the cyberattack, the health system advised staff members on dealing with the IT outages.
“Patients and families may notice the switch to paper documentation during registration, admission, or during their care, as our providers will be using paper forms, prescription pads, handwritten notes, or other similar paper methods where they may usually use an electronic process,” the news release stated. “We apologize for any delays this may create. We practice for situations like this, and we are prepared to provide safe, high-quality care to our patients during computer system downtimes.”
Atlantic General Hospital Reports Ransomware Incident to the FBI
At Atlantic General Hospital, the outpatient walk-in laboratory and outpatient imaging department both temporarily closed because of the ransomware attack.
Staff members throughout the hospital were “forced to manually check patients in and out of appointments and record all other information by hand instead of online,” Ocean City Today reported.
The hospital immediately informed the FBI of the ransomware incident and continues to work with an incident response team to determine whether criminals accessed any sensitive data. It was not clear whether the organization ultimately paid a ransom to unlock its systems.
The hospital’s medical laboratory director did not respond to an email from Dark Daily seeking further comment.
Healthcare Cyberattacks Attempt to Gain Access to Data
Therefore, it is critical that clinical laboratory and hospital staff work with their IT counterparts to verify that technology and processes are in place to protect access to patient data.
In “Labs Must Audit Their Cybersecurity Measures,” Ben Denkers, who at that time was Chief Innovation Officer at CynergisTek, a cybersecurity firm based in Austin, Texas, told The Dark Report, “Testing, validating, and auditing whether measures are working as designed is a change of mentality for a lot of organizations.” (If you don’t subscribe to The Dark Report, try our free trial.)
An IT network attack is an attempt by a cybercriminal to gain unauthorized access to devices that contain and exchange data within an organization. Although this information may be on individual devices or on servers, network attacks are often only possible after a hacker enters a system through an endpoint, such as an individual’s email inbox.
“It’s important to understand that while the network server itself might have ultimately been the target, that doesn’t necessarily mean that it was compromised first,” Denkers told The Dark Report. “Phishing is a perfect example of a way an attacker could first gain access to a workstation, and then from there move laterally to a server.”
The final cost of a healthcare cyberattack often exceeds the ransom. Media coverage can lead to an organization’s diminished reputation within the community, and if protected health information (PHI) is accessed by the criminals, a hospital or health system may need to pay for identity theft monitoring for affected patients.
There also are regulatory repercussions that can be costly depending on the circumstances surrounding a cyberattack. For example, on Feb. 2, the US Department of Health and Human Services’ Office for Civil Rights announced a settlement with Banner Health Affiliated Covered Entities (Banner Health), a nonprofit health system headquartered in Phoenix, to resolve a data breach resulting from a hacking incident in 2016. That incident disclosed PHI for 2.81 million patients.
As part of the settlement, Banner Health paid a $1.25 million penalty and will carry out a corrective action plan to protect PHI in the future and resolve any alleged HIPAA violations, according to the HHS Office for Civil Rights.
This hefty penalty is a reminder to pathologists and clinical laboratory managers that—when it comes to cyberattacks—the classic adage “an ounce of prevention is worth a pound of cure” is appropriate advice.
“The SDPR will consolidate geographically fragmented EMR, PAS, and LIMS systems to create a detailed lifelong patient record and deliver cost savings,” NSW Health said in a news release.
NSW Health is the largest public health system in Australia with more than 220 public hospitals, 16 Local Health Districts, and three Specialty Networks. NSW Health Pathology operates more than 60 pathology laboratories (clinical laboratories in the US) and has 150 patient service centers.
“While this initiative will provide untold benefits to all the patients of NSW, we are excited about its potential for improving the health outcomes of our regional patients,” said Andrew Montague (above), former Chief Executive, Central Coast Local Health District in a press release. “By enabling greater collaboration across all local health districts and specialty health networks, the Single Digital Patient Record will provide clinicians with even better tools to keep the patient at the center of everything we do.” This project is more market evidence of the trend to bring clinical laboratory test results from multiple lab sites into a single data repository. (Photo copyright: Coast Community News.)
Cloud-based Realtime Access to Patient Records
Australia has a population of about 26 million and New South Wales, a state on the east coast, is home to more than eight million people. Though the scale of healthcare in Australia is much smaller than in the US, this is still a major project to pull patient data together from all the NSW hospitals, physicians’ offices, and other healthcare providers such as clinical laboratories and pathology practices.
With the change, NSW clinicians will benefit from a cloud–based system offering up real-time access to patients’ medical records, NSW Health Pathology Chief Executive Tracey McCosker told ITnews.
“Patients and our busy staff will benefit from clinical insights gained from the capture of important new data. Our work in pathology is vital to the diagnostic process and developing a statewide laboratory information management system will ensure we provide the best possible services,” McCosker told ITnews.
The KLAS Research report, “US Hospital Market Share 2022,” states that Epic, located in Verona, Wisconsin, has the largest US electronic health record (EHR) market share, Healthgrades noted. According to KLAS:
NSW Health’s decision to engage Epic came after a process involving 350 clinicians, scientists, and technical experts, Zoran Bolevich, MD, Chief Executive of eHealth NSW and NSW Health’s Chief Information Officer, told ITnews.
NSW Health’s Goal for Statewide Digital Patient Record
It was in December 2020 when NSW Health announced its plan to create the SDPR.
“Our vision is to be able to provide a single, holistic, statewide view of every patient—and for that information to be readily accessible to anyone involved in the patient’s care,” Bolevich said in the news release.
The SDPR, according to NSW Health, will address the following:
Challenges:
Current systems not connected statewide.
Inaccessible patient data.
Duplicative data collection.
Gaps in decision-making.
Goals:
Improve health outcomes.
Create patient centricity.
Leverage insights.
NSW’s government has already invested more than $106 million in the SDPR, Healthcare IT News reported.
Other Large EHR Rollouts
NSW Health is not the only large organization to take on such an ambitious project of creating a large-scale digital patient record. And not always to a successful conclusion.
The US Department of Veterans Affairs (VA)—also intent on EHR modernization—recently announced it is suspending roll-out of the Oracle Cerner EHR at VA centers until June 2023 to address technical issues affecting appointments, referrals, and test results.
Four VA centers in Washington, Oregon, and Ohio already went live with the system in 2022.
“We are delaying all future deployments of the new EHR while we fully assess performance and address every concern. Veterans and clinicians deserve a seamless, modernized health record system, and we will not rest until they get it,” said Deputy Secretary of Veterans Affairs Donald Remy, JD, in a news release.
For its part, Oracle Cerner wrote federal lawmakers noting the importance of continuing the project, which will move the VA away from its former VistA health information system.
“Modernization requires change and some short-term pain for the long-term benefits of a modern technology infrastructure,” noted Oracle Cerner Executive Vice President Ken Glueck in the letter, Becker’s Health IT reported. “A modernization project of this scale and scope necessarily involves time to untangle the decades of customized processes established in support of VistA, which inevitably involves challenges.”
NSW Health’s goal is to build a single repository of health information—including lab test results from multiple clinical laboratory sites. When finished NSW Health expects that sharing patient data will contribute to producing better healthcare outcomes.
However, the VA’s experience—and several other similar attempts at large-scale electronic patient record installations—suggest the work ahead will not be easy. But for NSW Health, it may be worth the effort.
Medical laboratories may find opportunities guiding hospital telehealth service physicians in how clinical lab tests are ordered and how the test results are used to select the best therapies
Telehealth is usually thought of as a way for patients in remote settings to access physicians and other caregivers. But now comes a pair of studies that indicate use of telehealth in inpatient settings is outpacing the growth of telehealth for outpatient services.
This is an unexpected development that could give clinical laboratories new opportunities to help improve how physicians in telehealth services use medical laboratory tests to diagnose their patients and select appropriate therapies.
Dual Surveys Compare Inpatient and Outpatient Telehealth
Service Use
Definitive Healthcare (DH) of Framingham, Mass., is an analytics company that provides data on hospitals, physicians, and other healthcare providers, according to the company’s website. A survey conducted by DH found that use of telehealth solutions—such as two-way video webcams and SMS (short message service) text—has increased by inpatient providers from 54% in 2014 to 85% in 2019, a news release stated.
Meanwhile, a second Definitive Healthcare survey suggests
use of telehealth in outpatient physician office settings remained essentially
flat at 44% from 2018 to 2019, according to another news
release.
For the inpatient report, Definitive Healthcare polled 175 c-suite
providers and health
information technology (HIT) directors in hospitals and healthcare systems.
For the outpatient survey, the firm surveyed 270 physicians and outpatient
facilities administrators.
DH’s research was aimed at learning the status of telehealth
adoption, identifying the type of telehealth technology used, and predicting possible
further investments in telehealth technologies.
Most Popular Inpatient Telehealth Technologies
On the inpatient side, 65% of survey respondents said the most used telehealth mode is hub-and-spoke teleconferencing (audio/video communication between sites), Healthcare Dive reported. Also popular:
Fierce
Healthcarereports that the telehealth technologies showing the largest
increase by hospitals and health networks since 2016 are:
Two-way video/webcam between physician and
patient (70%, up from 47%);
Population health management tools, such as SMS
text (19%, up from 12%);
Remote patient monitoring using clinical-grade
devices (14%, up from 8%);
Mobile apps for concierge services (23%, up from
17%).
“Organizations are finding new and creative ways through telehealth to fill gaps in patient care, increase care access, and provide additional services to patient populations outside the walls of their hospital,” Kate Shamsuddin, Definitive Healthcare’s Senior Vice President of Strategy, told Managed Healthcare Executive.
DH believes investments in telehealth will increase at
hospitals as well as physician practices. In fact, 90% of respondents planning
to adopt more telehealth technology indicated they would likely start in the
next 18 months, the news releases state.
Most Popular Outpatient Telehealth Technologies
In the outpatient telehealth survey, 56% of physician
practice respondents indicated patient portals as the
leading telehealth technology, MedCity
News reported. That was followed by:
Hub-and-spoke teleconferencing (42%);
Concierge services (42%);
Clinical- and consumer-grade remote patient
monitoring products (21% and 12%).
While adoption of telehealth technology was flat over the
past year, 68% of physician practices did use two-way video/webcam technology
between physician and patient, which is up from 45% in 2018, Fierce
Healthcare reported.
The graph above, taken from the Definitive Healthcare 2019 survey, shows the percentage of telehealth use among surveyed outpatient settings. “The results show how telehealth continues to be one of the core linchpins for providers,” Kate Shamsuddin, Definitive Healthcare’s Senior Vice President of Strategy, told Healthcare Dive. (Graphic copyright: Definitive Healthcare.)
MedCity News reports that other telehealth technologies in
use at physician practices include:
Mobile apps for concierge service (33%);
Two-way video between physicians (25%);
SMS population management tools (20%).
Telehealth Reimbursement and Interoperability Uncertain
Why do outpatient providers appear slower to adopt
telehealth, even though they generally have more patient encounters than
inpatient facilities and need to reach out further and more often?
Definitive Healthcare reports that 20% of physician practice
respondents are “satisfied with the practice’s current solutions and services,”
and though telehealth reimbursement is improving, 13% are unsure they will be
reimbursed for telehealth services.
The Centers
for Medicare and Medicaid Services (CMS) states that Medicare
Part B covers “certain telehealth services,” and that patients may be
responsible for paying 20% of the Medicare approved amount. CMS also states
that, effective in 2020, Medicare
Advantage plans may “offer more telehealth benefits,” as compared to
traditional Medicare.
“There is not only a need for more clarity around reimbursement policies, but also a need for more interoperable telehealth solutions that can be accessed through electronic health record or electronic medical record systems, as well as a better understanding about what types of telehealth options are available,” said Jason Krantz (above), CEO, Definitive Healthcare, in the outpatient telehealth survey news release. (Photo copyright: Definitive Healthcare.)
The increase in telehealth use at hospitals—as well as its
increased adoption by physician offices—may provide clinical laboratories with opportunities
to assist telehealth doctors with lab test use and ordering. By engaging in telehealth
technology, such as two-way video between physicians, pathologists also may be
able to help with the accuracy of diagnoses and timely and effective patient
care.
First used to track cryptocurrencies such as Bitcoin, blockchain is finding its way into tracking and quality control systems in healthcare, including clinical laboratories and big pharma
Four companies were selected by the US Food and Drug Administration (FDA) to participate in a pilot program that will utilize blockchain technology to create a real-time monitoring network for pharmaceutical products. The companies selected by the FDA include: IBM (NYSE:IBM), Merck (NYSE:MRK), Walmart (NYSE:WMT), and KPMG, an international accounting firm. Each company will bring its own distinct expertise to the venture.
This important project to utilize blockchain technologies in
the pharmaceutical distribution chain is another example of prominent
healthcare organizations looking to benefit from blockchain technology.
Clinical laboratories and health insurers also are collaborating on blockchain projects. A recent intelligence briefing from The Dark Report, the sister publication of Dark Daily, describes collaborations between multiple health insurers and Quest Diagnostics to improve their provider directories using blockchain. (See, “Four Insurers, Quest Developing Blockchain,” July 1, 2019.)
Improving Traceability and Security in Healthcare
Blockchain continues to intrigue federal officials, health network administrators, and health information technology (HIT) developers looking for ways to accurately and efficiently track inventory, improve information access and retrieval, and increase the accuracy of collected and stored patient data.
In the FDA’s February press release announcing the pilot program, Scott Gottlieb, MD, who resigned as the FDA’s Commissioner in April, stated, “We’re invested in exploring new ways to improve traceability, in some cases using the same technologies that can enhance drug supply chain security, like the use of blockchain.”
Congress created this latest program, which is part of the federal US Drug Supply Chain Security Act (DSCSA) enacted in 2013, to identify and track certain prescription medications as they are disseminated nationwide. However, once fully tested, similar blockchain systems could be employed in all aspects of healthcare, including clinical laboratories, where critical supplies, fragile specimens, timing, and quality control are all present.
The FDA hopes the electronic framework being tested during
the pilot will help protect consumers from counterfeit, stolen, contaminated, or
harmful drugs, as well as:
reduce the time needed to track and trace
product inventory;
enable timely retrieval of accurate distribution
information;
increase the accuracy of data shared among the
network members; and
help maintain the integrity of products in the
distribution chain, including ensuring products are stored at the correct
temperature.
In the FDA’s February announcement, Scott Gottlieb, MD (above), the FDA Commissioner at that time, said, “For the drug track-and-trace system, our goals are to fully secure electronic product tracing, which provides a step-by-step account of where a drug product has been located and who has handled it, [and] establish a more robust product verification to ensure that a drug product is legitimate and unaltered.” It’s not hard to imagine how such a tracking system would be equally beneficial in clinical laboratories and hospital pathology departments. (Photo copyright: FDA.)
Companies in the FDA’s Blockchain Pilot
IBM, a leading blockchain provider, will serve as the
technology partner on the project. The tech giant has implemented and provided
blockchain applications to clients for years. Its cloud-based platform provides
customers with end-to-end capabilities that enable them to develop, maintain,
and secure their networks.
“Blockchain could provide an important new approach to further improving trust in the biopharmaceutical supply chain,” said Mark Treshock, Global Blockchain Solutions Leader for Healthcare and Life Sciences at IBM, in a news release. “We believe this is an ideal use for the technology because it can not only provide an audit trail that tracks drugs within the supply chain; it can track who has shared data and with whom, without revealing the data itself. Blockchain has the potential to transform how pharmaceutical data is controlled, managed, shared and acted upon throughout the lifetime history of a drug.”
Merck, known as MSD outside of the US and Canada, is
a global pharmaceutical company that researches and develops medications and
vaccines for both human and animal diseases. Merck delivers health solutions to
customers in more than 140 countries across the globe.
“Our supply chain strategy, planning and logistics are built around the customers and patients we serve,” said Craig Kennedy, Senior Vice President, Global Supply Chain Management at Merck, in the IBM news release. “Reliable and verifiable supply helps improve confidence among all the stakeholders—especially patients—while also strengthening the foundation of our business.”
Kennedy added that transparency is one of Merck’s primary
goals in participating in this blockchain project. “If you evaluate today’s
pharmaceutical supply chain system in the US, it’s really a series of handoffs
that are opaque to each other and owned by an individual party,” he said,
adding, “There is no transparency that provides end-to-end capabilities. This
hampers the ability for tracking and tracing within the supply chain.”
Walmart, the world’s largest company by revenue, will
be distributing drugs through their pharmacies and care clinics for the
project. Walmart has successfully experimented using blockchain technology with
other products. It hopes this new collaboration will benefit their customers,
as well.
“With successful blockchain pilots in pork, mangoes, and leafy greens that provide enhanced traceability, we are looking forward to the same success and transparency in the biopharmaceutical supply chain,” said Karim Bennis, Vice President of Strategic Planning of Health and Wellness at Walmart, in the IBM news release. “We believe we have to go further than offering great products that help our customers live better at everyday low prices. Our customers also need to know they can trust us to help ensure products are safe. This pilot, and US Drug Supply Chain Security Act requirements, will help us do just that.”
KPMG, a multi-national professional services network
based in the Netherlands, will be providing knowledge regarding compliance
issues to the venture.
“Blockchain’s innate ability within a private, permissioned
network to provide an ‘immutable record’ makes it a logical tool to deploy to
help address DSCSA compliance requirements,” said Arun Ghosh, US Blockchain
Leader at KPMG, in the IBM news release. “The ability to leverage existing
cloud infrastructure is making enterprise blockchain increasingly affordable
and adaptable, helping drug manufacturers, distributors, and dispensers meet
their patient safety and supply chain integrity goals.”
The FDA’s blockchain project is scheduled to be completed in
the fourth quarter of 2019, with the end results being published in a DSCSA
report. The participating organizations will evaluate the need for and plan any
future steps at that time.
Blockchain is a new and relatively untested technology
within the healthcare industry. However, projects like those supported by the
FDA may bring this technology to the forefront for healthcare organizations,
including clinical laboratories and pathology groups. Once proven, blockchain
technology could have significant benefits for patient data accuracy and
security.
Despite the widespread adoption of electronic health record (EHR) systems and billions in government incentives, lack of interoperability still blocks potential benefits of digital health records, causing frustration among physicians, medical labs, and patients
Clinical laboratories and anatomic pathology groups understand the complexity of today’s electronic health record (EHR) systems. The ability to easily and securely transmit pathology test results and other diagnostic information among multiple providers was the entire point of shifting the nation’s healthcare industry from paper-based to digital health records. However, despite recent advances, true interoperability between disparate health networks remains elusive.
One major reason for the current situation is that multi-hospital health systems and health networks still use EHR systems from different vendors. This fact is well-known to the nation’s medical laboratories because they must spend money and resources to maintain electronic lab test ordering and resulting interfaces with all of these different EHRs.
Healthcare IT News highlighted the scale of this problem in recent coverage. Citing data from the Healthcare Information and Management Systems Society (HIMSS) Logic database, they note that—when taking into account affiliated providers—the typical health network engages with as many as 18 different electronic medical record (EMR) vendors. Similarly, hospitals may be engaging with as many as 16 different EMR vendors.
The graphics above illustrates why interoperability is the most important hurdle facing healthcare today. Although the shift to digital is well underway, medical laboratories, physicians, and patients still struggle to communicate data between providers and access it in a universal or centralized manner. (Images copyright: Healthcare IT News.)
The lack of interoperability forces healthcare and diagnostics facilities to develop workarounds for locating, transmitting, receiving, and analyzing data. This simply compounds the problem.
Pressure from Technology Giants Fuels Push for Interoperability
According to HITECH Answers, the Centers for Medicare and Medicaid Services (CMS) has paid out more than $38-billion in EHR Incentive Program payments since April 2018.
Experts, however, point out that government incentives are only one part of the pressure vendors are seeing to improve interoperability.
“There needs to be a regulatory push here to play referee and determine what standards will be necessary,” Blain Newton, Executive Vice President, HIMSS Analytics, told Healthcare IT News. “But the [EHR] vendors are going to have to do it because of consumer demand, as things like Apple Health Records gain traction.”
Another solution, according to TechTarget, involves developing application programming interfaces (APIs) that allow tech companies and EHR vendors to achieve better interoperability by linking information in a structured manner, facilitating secure data transmission, and powering the next generation of apps that will bring interoperability ever closer to a reality.
TechTarget reported on how University of Utah Hospital’s five hospital/12 community clinic health network, and Intermountain Healthcare, also in Utah, successfully used APIs to develop customized interfaces and apps to improve accessibility and interoperability with their Epic and Cerner EHR systems.
Diagnostic Opportunities for Clinical Laboratories
As consumers gain increased access to their data and healthcare providers harness the current generation of third-party tools to streamline EHR use, vendors will continue to feel pressure to make interoperability a native feature of their EHR systems and reduce the need to rely on HIT teams for customization.
For pathology groups, medical laboratories, and other diagnosticians who interact with EHR systems daily, the impact of interoperability is clear. With the help of tech companies, and a shift in focus from government incentives programs, improved interoperability might soon offer innovative new uses for PHI in diagnosing and treating disease, while further improving the efficiency of clinical laboratories that face tightening budgets, reduced reimbursements, and greater competition.
