22 states changed telemedicine laws during the pandemic

The Commonwealth Fund released an issue brief this week reviewing state actions to expindividual group health insurance coverage of telemedicine between March 2020 March 2021.  

It found that 22 states changed laws or policies during that time period to require more robust insurance coverage of telemedicine.

“If telemedicine proves to be a less costly way to deliver care, payers consumers may benefit from expanding coverage of telemedicine after the pandemic,” wrote report authors.  


In March 2020, federal regulators temporarily relaxed restrictions for telemedicine visits for Medicare patients, raising payments to the same level as in-person visits reducing cost-sharing, among other changes.  

Officials encouraged states insurers to provide similar flexibility under private insurance – many took that encouragement to heart.  

Of the 22 states that expanded access to telemedicine during the pandemic, the report found that most pursued changes via administrative action.  

“Use of executive authority allowed states to move relatively quickly during the crisis, though it has meant that the new telemedicine coverage requirements are temporary,” wrote the researchers. They noted, for example, that seven governors included specific telemedicine coverage requirements in executive orders, which will expire after the public health emergency.  

Some states used bulletins, notices, or executive orders from the department of insurance or a similar agency to enhance coverage.  

New legislation, which takes more time, but is necessary for permanent changes, passed in eight states.

Utah, Illinois, West Virginia, New Hampshire Massachusetts – which had not previously required coverage – changed their policies during the pandemic. At this point, 40 states require coverage.

These policies do not all carry equal impact. Eighteen states required coverage of audio-only services for the first time during the pandemic, bringing the total number up to 21. Four states eliminated cost-sharing for telemedicine services, three added a requirement that cost sharing not exceed in-person identical services. And 10 states newly required insurers to pay providers the same for telemedicine in-person visits.  

Report authors noted that insurers were cooperative with these changes, but longer-term adoption of policies like reimbursement parity “would likely be contentious.” They pointed out the states will need data to inform debates on how best to regulate telemedicine.  

In 2021, at least 30 states have weighed legislation that would revise telemedicine coverage standards, found the Commonwealth Fund.

Despite the known benefits of telemedicine, researchers also cautioned that it has not been equally beneficial to all patients.  

“Research shows telemedicine use is lower in communities with higher rates of poverty among patients with limited English proficiency, potentially undermining goals of expanding access to underserved communities exacerbating health inequities,” read the report.  


As the report notes, multiple states have implemented pro-telehealth policies to enable access during beyond the COVID-19 public health emergency. 

But a major question remains regarding federal legislation, which could fill in many state-by-state gaps prevent a so-called “telehealth cliff.”  

“If Congress does not act before the public health emergency ends, regulatory flexibilities that now ensure all Medicare beneficiaries maintain access to telehealth will go away,” said Kyle Zebley, director of public policy at the American Telemedicine Association, during a conference panel earlier this month.  


“Whether telemedicine reduces overall healthcare costs depends on how services are reimbursed if virtual visits reduce other services or simply add to utilization,” said Commonwealth researchers. “Having access to data can help stakeholders understhow longer-term expansion of telemedicine affects access, cost, quality of care.”


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source link

Using the cloud data life cycle to protect patient privacy

In an ideal world, technology would maximize individual benefits while also protecting privacy.   

But in practice, the pivot to digital-first healthcare has sometimes left personal information vulnerable to attack – as evidenced by the recent spike in targeting of health systems.

One example of this paradigm, says Dr. James Angle, product manager for IT services in information security, at Trinity Health, involves the migration of increased amounts of data to the cloud.  

“Before the use of cloud, PHI was stored either in the [health delivery organization’s] data center or a third-party data center,” noted Angle, who will be presenting on the subject at HIMSS21 in August.   

“With cloud, data is stored in multiple data centers in multiple jurisdictions,” Angle continued. “The increase [in] data storage locations gives attackers more targets.”   

“In addition, having multiple jurisdictions means more, as well as different, requirements. This adds complexity, which is the enemy of privacy security,” he added.  

During his HIMSS21 presentation, Angle will discuss the process of analyzing how an organization collects, uses, shares maintains personal identifying information, as well as how to best protect that information.   

“Ensuring privacy for our patients is a process that starts with privacy engineering includes conducting privacy risk assessments understanding the data life cycle,” he said. “If these processes are followed, we will enhance our ability to protect our patients’ information.”  

Angle will also explain how HIPAA’s privacy rule functions in the context of security information sharing.

“The purpose of the privacy rule is to give patients more control over their health information. The HIPAA Privacy Rule creates national standards to protect individuals’ medical records other protected health information,” he said. 

“Additionally, the privacy rule defines limits the circumstances in which an individual’s PHI can be used or disclosed by a covered entity or its business associates,” he continued.  

Returning to the matter of the cloud, Angle notes that the data life cycle gives the analyst a structured way to look at privacy.

“There are six phases in the cloud data life cycle: create, store, use, share, archive destroy. Each phase has different requirements issues that must be addressed,” he said.  

The “create” phase, which involves the generation or acquisition of new data or the modification of existing data, can be a useful example of this.  

“When personal data is collected, it is important to remember that the individual whose data is being collected has the right to know what data is being collected, what the data will be used for, if it will be shared,” Angle said. “The collector must obtain consent, which means asking users for permission to process their data.   

“Healthcare delivery organizations must explain their data collection practices in clear simple language, then users must explicitly agree to them. Additionally, it defines who can collect PHI/PII data map the data to access rights for everyone who has access,” he added.

Even as the cloud has enabled innovation, Angle notes that it also adds complexity to an organization’s data protection plan.   

“Data must not only be protected inside the HDO’s network but also in transit in the cloud,” he said. “The HDO needs to know where the data will be stored, who has access to the data, what controls are in place to protect the data.”   

“Using the data life cycle, the analyst can look at the requirements for each phase ensure the correct controls are in place to protect the patient’s privacy throughout the entire data life cycle,” he continued.   

“By using the data life cycle, you are answering who, what, when, why, how the data is treated in each phase. This will give you a clear picture of the data and, in turn, how to protect the data.  

“If you don’t have these answers, you cannot be sure you are fully protecting the data,” he said.  

James Angle will explain more in his HIMSS21 session, “Protecting the Privacy of Healthcare Data in the Cloud.” It’s scheduled for Tuesday, August 10, from 11:30 a.m.-12:30 p.m. in Caesars Forum 123.


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source link

AWS looks to digital health with new accelerator

Amazon Web Services (AWS) is creating a new accelerator aimed at the digital health space that will give 10 startups operating in the U.S. a four-week crash course in technical training and business development, includes a mentorship component.

AWS Healthcare Accelerator’s first cohort will be done in partnership with KidsX, a pediatric-focused digital health incubator that launched in September of 2020. However, the new AWS accelerator does not have a pediatric focus, companies in the accelerator program can cater to any patient population.

“The program is tailored to accelerate growth in the cloud, with a focus on solutions like remote patient monitoring, voice technology, analytics, patient engagement virtual care,” Sandy Carter, VP of partners programs for the worldwide public sector at AWS, wrote in a statement.

Carter said the accelerator will be looking for companies that “improve patient care, better health outcomes, lower cost of care.”

Applications are currently open close on July 23.

“Selected startups will receive AWS Promotional Credit, potential proof of concept opportunities with public sector healthcare customers, specialized AWS training, mentoring from healthcare domain technical subject matter experts, business development go-to-market guidance, investment guidance.”

Startups will also have a chance to collaborate with people inside the world of healthcare on everything from clinical validation to EHR integration.


Digital health startups are having their day in the spotlight, in part due to the global COVID-19 pandemic. In 2020, Rock Health reported a whopping $14 billion in digital health venture deals. That momentum has not appeared to have stopped. In April, Rock Health reported a record-breaking $6.7 billion in first-quarter funding for digital health companies.

But it’s not just investors who are turning toward digital, but also big tech companies, like Amazon. Google, Apple, Facebook Amazon have all rolled out new digital health-focused initiatives within the last year.

This new accelerator signals that AWS is looking to work with startups in particular train them to use its web service. In the release, Carter noted that during the pandemic, there was a significant decrease in healthcare utilization rates, which could lead to issues down the pipeline. This issue could create a place for digital tools, she noted.

“This places healthcare startups in the unique position of being able to quickly provide turnkey solutions that can use data analytics to identify high-risk patients, create a platform to remotely engage deliver care for patients, or even pivot from their existing functionality to meet the needs of public sector healthcare,” Carter said.


AWS isn’t new to healthcare. Just two months ago, AWS announced that it would distribute $12 million in computing credits expertise to cloud-powered disease detection diagnostic tools.

In 2019, AWS launched Amazon Transcribe Medical, an automated speech recognition service that lets developers add medical dictation documentation to their apps.

But Amazon isn’t the only software giant that has put resources toward cloud-based healthcare technology. Microsoft Cloud for Healthcare Google Cloud remain big competitors of AWS. Google Cloud has previously launched educational programs including the Healthcare Interoperability Readiness program, which helps providers with interoperability questions.

Source link

‘Strong’ IT teams behind Indonesia’s digital transformation

Indonesia, the world’s fourth populous nation, has been leveraging digital technologies to advance its healthcare system. During the “Building a Successful Digital Transformation Roadmap in Indonesia” webinar on 10 June, three hospital leaders in the country shared their strategies blueprints in implementing digital initiatives.

PT Siloam Hospitals CIO Ryanto Marino Tedjomulja, Mandaya Hospital Group President Director Dr Ben Widaja Dr Fathema Djan Rachmat, president director of Pertamina Bina Medika (Pertamedika) talked about the challenges the insights they gathered in the digital health journey of their hospitals.

Dr Joanna Pang, chief manager for Information Technology Health Informatics at Hong Kong’s Hospital Authority (HA), also contributed to the discussion with her experience in helping develop Hong Kong’s digital health ecosystem.

Dedicated teams to lead digital transformation

The first step in the digital transformation of Siloam Hospitals was the consolidation of data. Tedjomulja said they created a sole department to oversee this process which has led to the connection of all its 40 hospitals through one single system.

During this phase, all available data were brought together, such as those from patients, medications service expenses, in a single database to encourage clinicians staff to use data in decision making. “We use this data to drive culture transformation in Siloam; to be more data-driven,” he said.

A dedicated IT team was behind Pertamedika’s latest integrated hospital service system called One Solution System, according to Dr Rachmat.

She recalled that all 73 state-owned hospitals under the Indonesia Healthcare Corporation (IHC), the network operated by Pertamedika, used to run their own separate apps. Now, they are working with one solution that is user-friendly for doctors includes an end-to-end module from the dashboard to EMRs.

Dr Rachmat said she would not mind having an audience with their IT team to discuss, for instance, the latest software they are developing. She said the hospital leadership would provide the space they need.

In their digital health journey, she underscored the importance of getting everyone on board. “We make sure everyone understands the concept of digitalisation IT as well as the business processes of our hospital services”.

Also lately, the IHC tried out drone technology in delivering remote care evaluating its capacity to do long-distance implementations. In trying out such an innovative practice, not a lot of people were needed, Dr Rachmat said. “We just need to have a strong team making sure that everybody can implement this in their hospitals. We also make sure that a digital mindset is grown in the hospital”.

The trouble with systems integration

The Mandaya Hospital Group is set to open its newest digital hospital in West Jakarta this year. The construction of Mandaya Royal Hospital Puri (MRHP) started in 2018. It will be a 16-floor general hospital with centres of excellence in cardiovascular services, neurology oncology.

According to Dr Widaja, one of the challenges in opening a greenfield hospital is the lack of a base data set. “We have a brand-new team with zero data migration. This means [we] do not have an initial set of data. We need to build a lot of new things, [like] establishing a new database”.

Aside from starting from scratch, it will need multiple software which not a single vendor can all provide, he claimed. MRHP will need 13 software systems – seven for medical use six for non-medical operations. These, including an EMR, had to be sourced from different vendors abroad, such as in Europe, Malaysia Indonesia.

Still, what is important down the line is systems integration. “How do we combine collaborate all 13 software systems down to a single system for patient family experience, making sure that their experience is seamless, making sure that they’re not aware that we have 13 software systems in our system,” Dr Widaja said. The unified system must also be predictive, proactive, personalised, robust useful, he added.

In the case of public hospitals in Hong Kong, Dr Pang also thought that integrating a closed-loop system with clinical workflow was “really a challenging task”. It is one of those areas the HA is focusing on to support the network’s clinical operations. HA manages about 43 hospitals a hundred more clinics that serve 90% of all in-patients in the region.

“Us our IT colleagues, we spent quite a lot of time resources in establishing also expanding the mobile capability, the cloud service, [resolving] data issues because these are all interconnected, such that we can support our clinical operation the administration”.

In choosing the right systems, Dr Widaja said they have to weigh their options especially with vendors whose solutions require the adoption of their standard operating procedures. “Do those procedures match our needs? Can they customise according to our needs, the patients our clinicians’ needs?”

With having multiple systems, issues with communications arise. MRHP has set up a dedicated team to control communication.

Echoing Dr Rachmat, he also said: “We need to have a strong, internal IT team to lead these implementation integration phases”.

‘Mindset of innovation’

Tedjomulja said they had to go “back to the drawing board” during the second phase of Siloam’s digital transformation – the digitalisation phase. In entering this stage, they had to consider patients’ expectations first.

Digital initiatives during this phase include the launch of a mobile application for patients; a new clinical system to streamline administrative tasks; the use of robotics process automation technology to automate routine work, especially in their finance department, as well as analytics to draw insights.

Siloam’s digital transformation does not entirely end at the final stage. “We know that technology is always changing; it’s always updating,” Tedjomulja said. There also lies the challenge of encouraging people to adapt to changes.

That is why a “mindset of innovation” is needed to drive digitalisation, he stressed. “We need to be innovating at all times. We have to make sure that we are not left behind.” Among the present innovations at Siloam Hospitals is the application of remote patient monitoring to assist diabetic patients.

Dr Pang also agreed with Tedjomulja’s call. On its end, the HA has established its own AI lab where projects are made following an AI innovation process. Despite this effort, the hospital network has to deal with clinicians’ considerations, such as medical-legal concerns, safety issues, patient outcomes, in adopting the latest AI-powered solutions. “We [found] that it’s not easy to adopt AI solutions in clinical settings because clinicians will have their own considerations”.

But Dr Pang is certain about one thing: “AI will be one of the areas that we should look into because of the rising demfrom patients, limited resources manpower issues. We have to think about how to properly adopt AI to manage the upcoming healthcare challenges”.

For Dr Rachmat, digitalisation is not just “creating an app”.

“It means, in healthcare, we are changing everything. We are transforming our organisation through innovation, [changing] the culture the people by using technology,” she said.

One of the missions of Pertamedika’s IHC network is digital transformation, which for Dr Rachmat, also meant human transformation. “We don’t change just the media from paper to digital, but we’re actually changing people’s mindset culture how they work,” she said.

In 2019-2020, the IHC made efforts to consolidate its network ensure digital, business cultural transformations. For this year, they are seeking or adjusting existing EMR models across the hospital network so, by 2022 they can have a single EMR.

Dr Rachmat noted that the rate of digital adoption in Indonesia’s healthcare system is 10%, which represents a “large opportunity” for expanding digital transformation in domestic hospitals. COVID-19, she said, is one of those factors driving digital adoption.

Last year, the IHC implemented data integration interoperability to capture logistics data from all hospitals as the network worked to meet the needs of COVID-19 patients. This year, IHC plans to build a data infrastructure ahead of instituting business analytics optimisation in 2022. In 2023, IHC will expits digital ecosystem to include state-owned pharmaceutical firms via API sharing, the following year, it will focus on robotics development.

On his end, Dr Widaja said what is crucial in building a digitally-enabled hospital is the concept leadership, “making sure we have the right concept, how to plan it, we set the deadline target, how do we execute it. And we have to make sure leadership is able to drive implementation”.

Source link

How Kelsey-Seybold Clinic recovered from a ransomware attack

This past year, ransomware attacks cost healthcare organizations more than $20 billion, according to a study from Comparitech. Even more critical, however, is the risk to patient care continuity.

Data backup remains essential. Today, however, rapid restore is equally important to defend recover from ransomware other malicious attacks.

Martin Littmann, senior director, chief technology officer chief information security officer at Houston-based Kelsey-Seybold Clinic, has more than 30 years of experience in healthcare IT. He knows firsthwhat’s needed to successfully defend recover. 

After it experienced a ransomware incident, the clinic shifted its security strategy, creating an environment of immutable data snapshots backups. Healthcare IT News interviewed Littman, who shared his expertise on the matter.

Q. Please talk about the ransomware incident you experienced. When did it happen? How did the hackers take control? What was affected? And how did you resolve it?

A. It may surprise folks to know that ransomware has been around a long time – with the first documented incident occurring in 1989. Based on one article I read, there were quite a few variants in existence by 2015, which was the same year we experienced our incident.

Two employees working in the same department visited a day care site to look at their services during lunchtime. That site was built on WordPress was not kept current. The malware they received as a drive-by download was a zero-day variant of Crypto Locker. Our FireEye appliance notified us of the malware at the same time as users calling to report they were unable to access certain files on a network share.

We were able to quickly identify the two infected machines. One was a physical PC, one was a virtual desktop. The virtual desktop was rebooted to a clean image the physical machine was taken off the network re-imaged. The systems storage team was able to quickly identify the extent of the impact: hundreds of thousands of encrypted files across two department shares.

After several discussions with the executives over the area impacted, we decided to work through the day perform remediation that evening. We first restored affected files from snap backups so users could continue their business processes. At the end of the day, we restored the entire file shares followed by backups of the files revised throughout the business day.

Q. What are a couple lessons you learned from that ransomware incident?

A. The event highlighted the need for the information security team to be vigilant in reviewing responding to alerts from our security solutions. It also illuminated the value of the information security, network systems teams working in harmony, underscored the reality that security is everyone’s business. 

In subsequent years, this event was used to highlight the need for richer more frequent user education, as well as bolstering continually improving our security systems tools.

Too often, security teams are flooded with alerts from various tools systems. Without an effective tool or process or increased “eyes on glass,” there is a risk of missing critical alerts. We ultimately upgraded our SIEM approach by employing a data lake-based tool with significantly improved AI analytic capabilities.

We also were able to increase the number of infrastructure, network security systems feeding the SIEM. With this tool, we were able to fine-tune alerts to ensure critical alerts were not missed, lower false positives. We then further improved our process by the addition of a SOAR (security orchestration, automation response) to ensure the security team could triage respond to alerts we had a record of that accountability. 

Additionally, we invested time evaluating open shares over-provisioned user access to limit exposure in any actual malware event.

We have stepped up our user education program. On the one hand, this includes periodic phishing testing. We also leverage current security privacy news items about breaches healthcare fines to remind executives leaders of the need for the organization to be educated vigilant. 

Monthly, we also send out an information security tips newsletter discussing current types of attacks remediations precautions we can take as a business as individuals.

Q. You implemented immutable snapshots backups across Kelsey-Seybold. What is this technology, how does it work to protect your systems data?

A. We have a blended mix of storage technologies a solid data protection solution we have leveraged upgraded since 2007. This strategy was developed based on this solution set before most storage vendors had delivered or matured immutable backup approaches. Our backup strategy was developed before immutable snapshots were available in any storage products we used.

We developed a layered approach that relies on primary, backup archive backups on separate fault domains, as well as local snapshot copies. Each of these relies on separate administrator-level accounts on separate storage systems. The result of this strategy actually creates five copies of our critical EHR database across three different vendor platforms.

The production ODB (open database connectivity) volumes are housed on a purpose-built Pure Storage FlashArray //x50. This is the initial live dataset. The primary volumes are mapped to active/passive frames that are kept in configuration lockstep via Pure Storage HostGroups. This ensures consistent volume mappings during a compute host frame failover.

The database is array snapped four times a day using a snapshot process that leverages a freeze/snap/thaw script workflow that was developed in collaboration with Pure Storage engineers in-house teams. A second copy is replicated to a secondary FlashArray.

The arrays are linked via FlashArray Async-Replication over redundant 10G links with replication schedules controlled through protection groups. Copies three four are sent to another backup proxy to tape. The fifth copy of the database is application-mirrored to a disaster recovery instance. The DR instance lives on separate compute hardware a separate tertiary FlashArray.

In our future implementations evolution, we will look at adding in native storage data protection solutions, such as the immutable capabilities now in the market.

Q. What are the data center business continuity security considerations you have, what are you doing about them?

A. For many years, our executive leadership was content with the level of performance, availability reliability of our systems infrastructure delivered through our top tier network high availability data center.

But as our business continued to grow with significant future growth projections, we all came to the realization that a single data center represents a business risk that should be mitigated regardless of how redundant resilient any implementation may be. This realization led to approval of establishing a second backup/recovery data center.

In today’s environment, this decision also required an evaluation of a cloud-based approach to backup recovery. We studied the technical aspects of cloud-based infrastructure application solutions on the market how these fit with our current premise-based solutions hybrid cloud application solutions.

A significant consideration was conversion from premise-hosted virtual desktops, as well as key clinical applications. In the final analysis, we determined the technical limitations opportunities are not quite there for our needs to move to a full cloud implementation. 

Rather, we decided to continue with our current hybrid model: premise-based compute storage for critical applications department/user file shares, combined with cloud-based email collaboration in Office 365.

We will continue to develop Power Apps, leverage Azure migrate some data backup/archive to S3 instances. Our cloud utilization will continue to grow as more applications mature to include cloud components or shift entirely to cloud architectures. 

Eventually this shift will include moving to desktop-as-a-service, that shift will drastically affect the premise footprint of storage compute.

Twitter: @SiwickiHealthIT
Email the writer: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source link

1 2,394 2,395 2,396 2,397 2,398