Data Warehousing

A member of the U.S. House of Representatives and a Federal Trade Commission official have called for greater protections against and notifications of ransomware attacks – and bolstered cybersecurity for healthcare overall.

The Office for Civil Rights has launched a new round of HIPAA audits. Will the program succeed in improving privacy and security practices and protecting patient data? Or could it have the opposite impact?  

LAS VEGAS – Commvault, an enterprise data protection and information management technology provider, launched at HIMSS16 its Commvault Clinical Archive, a system designed to modernize the way healthcare organizations manage, migrate and share clinical data. As healthcare provider organizations look to control costs and improve care, Commvault Clinical Archive, the vendor said, can centralize information management and break down data silos, reducing storage costs and complexity, enabling better data-sharing, and eliminating costs of maintaining and supporting legacy systems. Following Commvault’s investment in PACS replacement data migration and storage services vendor Laitek, Commvault developed a system built on the Commvault Data Platform and Laitek’s Semperdata platform. The system migrates data and enables clinical data management for healthcare providers. Through this integration, Commvault Clinical Archive addresses data management on both the clinical and business sides of healthcare in a single platform. [Also: See photos from Day 3 of HIMSS16] As a result, for example, providers can decommission legacy PACS systems into a single data management platform while making legacy studies accessible to new PACS systems and available for bulk migration, Commvault said. Data is extracted from a legacy PACS in its original format, normalized and migrated into the clinical archive in a standard format for interoperability, and then stored for future use. Commvault Clinical Archive also can be used as a vendor-neutral archive for all clinical information. “Healthcare customers are facing many pressures to modernize data management strategies, reduce costs and increase efficiencies,” said N. Robert Hammer, chairman, president and CEO of Commvault. “Retiring legacy PACS and managing clinical data across multiple vendor silos is increasingly becoming frustrating for healthcare IT teams, and our new solution supported by Laitek’s technology will help healthcare organizations better manage, control and protect clinical data while also benefiting from our proven approach to overall data management.” Recent research by International Data Corp. dives into the issue of legacy PACS decommissioning and medical image archiving. “IDC research shows that replacing legacy picture archiving and communications systems is a priority among healthcare IT administrators as a result of high total cost of ownership and the solution’s proprietary and siloed nature with a single department, especially as new types of unstructured content other than medical images, like scanned documents, photos and videos, proliferate across the enterprise,” said Judy Hanover, research director at IDC Health Insights. “Healthcare providers are moving to standards-based application-independent clinical archiving solutions that have lower total cost of ownership and allow them to manage, secure and share medical images alongside other vital content, improving provider operations and the quality of care by making content available for clinical decision-making.” Twitter: @SiwickiHealthIT This story is part of our ongoing coverage of the HIMSS16 conference. Follow our live blog for real-time updates, and visit Destination HIMSS16 for a full rundown of our reporting from the show. For a selection of some of the best social media posts of the show, visit our Trending at #HIMSS16 hub.

The same week the Hollywood Presbyterian attack was making headlines around the world,  another species of ransomware – aptly named "Locky" – was first observed in the wild.

All but seven U.S. states have either passed or are working on legislation that would establish a state-sponsored, all-payer claims database – and that’s among the reasons these databases are in the spotlight for their promise to improve the way providers and insurance companies manage patient populations. This year at the HIMSS16, in fact, John Freedman, MD, president of Freedman Healthcare, and Linda Greene, vice president of Freedman Healthcare, will lead a session intended to shed light on what APCDs are and where they’re headed in the future. See all of our HIMSS16 previews APCDs as “large-scale databases that systematically collect medical claims, pharmacy claims, dental claims (typically, but not always) and eligibility and provider files from private and public payers,” said officials at the Robert Wood Johnson Foundation in a recent report. “States with APCDs are responding to a need for comprehensive, multi-payer data that allows states and other stakeholders to understand the cost, quality, and utilization of health care for their citizens.” “While enormous attention is focused on EHRs and the health record data they contain – deservedly so – the other data world of claims data has been quietly creating applications for public health, price transparency, performance improvement, population health management and health services research,” Freedman said. [Also: 21 awesome photos from past HIMSS conferences] Instances of all-payer claims databases, in fact, have tripled in the past decade. “The impacts of APCDs on healthcare are just starting,” he continued, “and they will be profound.” The session,“Implications of Expanding State All Payer Claims Databases,” will be held on March 3 from 1 - 1:30 p.m. in the Sands Expo Convention Center. Twitter: @HealthITNews This story is part of our ongoing coverage of the HIMSS16 conference. Follow our live blog for real-time updates, and visit Destination HIMSS16 for a full rundown of our reporting from the show. For a selection of some of the best social media posts of the show, visit our Trending at #HIMSS16 hub.

A high percentage of IT workers admit to not following the same security protocols they are expected to enforce, according to a new survey conducted across the United States by Absolute, a Canadian security firm. In fact, 33 percent admitted to successfully hacking their own or another organization and 45 percent admitted to knowingly circumventing their own organization's security policies. "The big surprise for us in this survey is that the gatekeepers are really the gatecrashers," said Stephen Midgley, vice president of global marketing for Absolute. Moreover, he said, while the survey of IT department managers included several industries, the findings apply across the board, with healthcare no exception. [Also: Hollywood Presbyterian gives in to hackers, pays ransom] "Given that IT is the security gatekeeper for an organization, it was alarming to see such high incidents of non-compliant behavior by IT personnel," he said. "Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies." IT decision-makers bear the brunt of responsibility. Of those surveyed, 78 percent said the organization's security is primarily IT's responsibility. The report also showed that 65 percent of IT decision makers believe they would likely lose their job in the event of a security breach. "The gaps in current data breach response plans and in upholding general best practice policies must be addressed," Midgley said. As he sees it, when it comes to security – especially in healthcare, but also in other sectors – there's an accountability divide. "That is a very precarious space for IT to be in," Midgley said. "They are tasked with data security, but aren't actually responsible for the device that contains that data.” "I think in healthcare it's magnified," he added, "because of HIPAA, HITECH, PHI. So, you can have all the security in place, but at the end of the day, IT is reliant on the employee to ensure security is implemented correctly. Yet, what we find is those very same employees try to find ways to circumvent the security policies that have been put in place." There's a lot of work for IT in terms of bridging that gap, he said, and recommended that organizations implement technology that is adapted to their environment that gives them complete visibility and control of the devices. Midgley mentioned the example of one healthcare entity that has a policy of automatically wiping data from any device – laptop, tablet or phone – that goes beyond a certain location. [Like Healthcare IT News on Facebook] "They assume that device has PHI on it," he said. "It's mitigating the risk of a data breach." The survey – which polled 501 U.S. adults who work in information security management roles in companies or organizations with 50 or more employees – found that security remains at the top of the IT spending list, with 87 percent of respondents expecting increased investment in security this year. Twitter: @HealthITNews

Ransomware attack had locked out administrators unless they agreed to the demand of 40 Bitcoins.

Only a few days remain to submit speaker and session proposals for the Healthcare IT News and HIMSS Big Data & Healthcare Analytics Forum, which will be held in San Francisco June 14 and 15.

New rules are anticipated to allow organizations -- those approved as qualified entities -- to confidentially share or sell analyses of the data.

Only a few days remain to submit a speaking proposal for the HIMSS and Healthcare IT News Privacy & Security Forum in Los Angeles, May 11-12. The deadline for submitting a proposal is Thursday, Feb. 4 at 5 p.m. Speaking opportunities are limited to security professionals and experts from healthcare provider and payer organizations, government agencies and academic institutions. Presentations should be practical, actionable, and solutions-based. Click here for additional information and to submit a proposal. The two-day Privacy & Security Forum will bring together more than 200 leading providers, payers, researchers and government officials. The forum's goal is to provide healthcare security professionals with tools, solutions, best practices and expert insights into how they can better manage risk and protect their organization’s data assets. Presentations will address, among others, the following topics: BYOD, cybersecurity, incidence response, cloud security, data-loss prevention, HIPAA compliance, security frameworks, medical device security and third-party management.