Skip to main content

Electronic Health Records (EHR, EMR)

SPONSORED
By DXC.technology | Mike Miliard | 01:00 am | July 26, 2019
According to the CBSi B2B Cybersecurity Study, Asia Pacific 2018, one of the biggest challenges faced by an organisation’s cybersecurity framework is aligning cybersecurity with business priorities. Jega Ponnudurai, Industry General Manager, Healthcare & Life Sciences, Asia, DXC Technology, recommended that healthcare organisations tackle this challenge by linking the costs and benefits of cybersecurity to the value of regulatory compliance.  This is especially critical for certain segments which are more linked to patient safety and patient data confidentiality and calls for more investment on security frameworks within application parameters. These segments include clinical documentation, pharmacy and medication management, tests and investigations and critical care support systems. Ponnudurai, who has more than 25 years of experience in the telecommunication and healthcare industries, shares his insights on the cybersecurity threat and risk landscape in Asia Pacific.  Most common cybersecurity threats/risks to healthcare organisations in APAC Specific to healthcare organisations, issues like Electronic Medical Record (EMR) data leakage, especially sensitive operational (like billing disputes, patient dissatisfaction) and clinical (like sensitive diseases HIV/STD etc.) data with the purpose to malign private/public health settings or get hold of VIP patient data are some of the cybersecurity threats/risks these organisations face. However, Ponnudurai explained that they had not come across cases where a security threat on data leakage has ended in ransom demand but it could happen.  Network and workplace-related security threats are no different from those of other industries – these include ransomware, endpoint attacks, phishing and many others. Key lessons from a series of healthcare-related data breaches/leaks in Singapore Some of the key lessons learnt are the importance of having security, not only from the outside but also from within an organisation. There is also a need for independent cybersecurity auditors to be put in place and such audits to be carried out more frequently.  “Internet separation models and the design of data security zones is becoming more and more pertinent in terms of de-risking data in rest,” said Ponnudurai. There also needs to be a diligent scoping of cloud data assets and for cross-application landscapes, data security/accessibility should be governed/designed by information area at a corporate level, not at an individual application level.  From within an organisation, human (contractor or internal employee) inflicted local threats needs to be closely controlled and monitored. Blind spots in the management of cybersecurity threats/risks One of the areas/aspects that is usually overlooked by healthcare organisations in the management of cybersecurity threats/risks is application security in clinical applications. Most large healthcare organisations have a mesh of clinical and operational systems – Patient Administrative System (PAS), EMR, Finance, Billing, Ancillary systems for pharmacies/laboratories, Radiology Information System (RIS)/ Picture Archive and Communication System (PACS) etc. Often these systems need to exchange information – and security breaches are potent in a) data in motion, such as interfaces and message queues and more importantly b) context switching, such as accessing an application logic/data/screen from another application.  “A robust Development, Security and Operations (DevSecOps) Strategy should be imbibed early in the life-cycle for health application design,” Ponnudurai added. Managing increased cybersecurity threats with reduced budgets and lack of trained experts Chief Information Security Officers (CISOs) or Chief Information Officers (CIOs) are constrained by reduced budgets and lack of trained professionals to deal with the ever-increasing cybersecurity threats and incidents and Ponnudurai’s suggestion to tackle the issue is to study the impact of cybersecurity breaches, both from a financial and personal trauma (for the impacted parties) perspective. The concern of most healthcare providers about cybersecurity has resulted in their hesitation to venture into cloud-based services. This, in turn has a direct cost impact in the running of a healthcare service provider. Increasingly, cloud adoption should be backed up by cyber defense and orchestration strategies including intelligent security operations and continuous threat monitoring using a leveraged Security Operations Centre (SOC) model which reduces upfront capital expenditure (CapEx). This provides best-of-class protection at a spread out cash-flow, he concluded. For more information on DXC's security services and solutions, visit their website here.
By Leontina Postelnicu | 04:32 am | July 25, 2019
Walsall Healthcare NHS Trust will be replacing its Lorenzo patient administration system from DXC Technology after awarding a 10-year contract to British health IT services and solutions supplier System C. The trust, located in England's West Midlands, provides acute hospital and community health services to around 270,000 people in Walsall and its vicinity. The contract will see the current PAS and other clinical and departmental systems be replaced, based on System C’s global digital exemplar (GDE) blueprint, developed with the supplier’s partner in the national flagship programme, University Hospitals Bristol NHS Foundation Trust. THE LARGER TREND The GDE initiative was launched in 2016 by then health secretary Jeremy Hunt in a response to a review of NHS IT carried out by Professor Bob Wachter, with 12 trusts initially selected to take part and receiving up to £10m to drive the digital transformation of the NHS. The programme has been expanded in the past three years, although rumours surfaced earlier this year that it could be cut, ahead of the launch of a new unit for digital, data and technology, NHSX. Matthew Gould, NHSX chief executive, later said that the GDE scheme would continue, but with “more emphasis on the parts of the NHS that need most help”. WHY IT MATTERS The new systems at Walsall are expected to go live in the next year, and CCIO Dr Muhammad Shabab Javed said the trust had “high aspirations for digital transformation”. According to Darren Fradgley, director of strategy and improvement for Walsall Healthcare, in a survey carried out before the new contract was awarded, looking at the use of hospital IT systems, staff said they “would happily embrace new technologies that the market has to offer”. “This gave us the mandate for change, and since then the clinical voice has been very strong,” Fradgley added. Meanwhile, System C revealed that the project will support an integrated health and care record being developed for the area through the Walsall Together Partnership, through which local NHS organisations are working together to “transform” the delivery of health and social care amid growing pressures. ON THE RECORD “We selected System C because their products are really high quality, because their blueprint gives us a clear route towards a full EPR and because they have a strong and clear approach to genuine partnership,” Fradgley explained. “It was really important that we selected a technology partner that had a proven track record of successful deployments. Our teams are looking forward to working together on this project.”  Markus Bolton, joint chief executive of System C, added: “Walsall is an ambitious trust with lots of energy, and we are delighted to have been selected as their partner in this project.”
SPONSORED
By MDabstract | MDabstract | 11:22 am | July 24, 2019
A complete data integration solution that delivers trusted patient data from numerous data sources requires meticulous upfront planning — as well as both electronic and manual entry components.
By Mike Miliard | 05:26 pm | July 23, 2019
The tool is meant to help healthcare organizations better understand how their social needs investments and community partnerships might pay off, in savings and reduced utilization for high need, high cost patients.
By Mike Miliard | 12:04 pm | July 23, 2019
The groups urge the Senate to follow the House's lead and finally lift the ban on federal funding for a nationwide unique patient identifier, making the case that it can help avoid serious safety risks due to matching errors.
By Bill Siwicki | 11:00 am | July 23, 2019
Universal Health Services runs more than 15,000 tests per day to ensure that patient-critical applications and records are available for physicians and clinicians.
By Mike Miliard | 03:55 pm | July 22, 2019
The cloud-based eMyLabCollect enables integration with any laboratory or hospital information system via HL7 feeds.
Workforce Development
By Nathan Eddy | 12:09 pm | July 22, 2019
And that's because too many board members don't have the right level of IT and security expertise, a new Black Book study suggests.
By Tammy Lovell | 02:54 am | July 18, 2019
The integration allows blood test results to be shared electronically with Cambridge University Hospitals.
By HIMSS TV | 02:17 pm | July 17, 2019
New Zealand has 4.5 million people, 20 autonomous government healthcare groups, different incentives and an "interesting way of procurement" that makes it difficult for vendors, says Taranaki District Health Board CIO Steven Parrish.