Health Technology, Digital Healthcare
Article | August 16, 2023
Your patients have grown to trust your expertise and recommendations in matters regarding their healthcare. As the sector transitions into a more digital playing field, uninterrupted network connectivity is more than just a bonus; it’s a necessity.
While there are many different challenges to completely integrating your practice into the digital world, internet outages are the costliest. Downtime can be caused by various factors, which can compromise patient safety, the faith your team instills in you, and your practice’s reputation and revenue. However, investing in the means to maintain a resilient network lets you maximize your network uptime to optimize resources.
We'll look at four different strategies and their benefits for your infrastructure so you can focus on what you do best: providing healthcare excellence to your patients.
Strengthening Network Infrastructure
The traditional way of doing things may be great for your remedies and techniques. Still, with a growing number of patients and their contextually relevant demands, your network needs to be able to accommodate many different booking requests, increase user activity on your server, and store sensitive patient information.
High-speed internet connections enhance your network performance and let you, your team, and your patients make the most of your uninterrupted uptime. Fiber-optic networks, when combined with load balancing and proper segmentation, can diffuse and direct network traffic efficiency and prevent congestion, which prevents downtime due to overload.
Implementing Network Monitoring and Management Tools
Much like your patients visit your practice to ensure everything is all right with the current state of their health, your network must also receive the same treatment. Identifying and pre-emptively resolving potential issues and vulnerabilities will prevent much more destructive or expensive problems from occurring.
Use real-time tools to monitor your bandwidth usage and gain visibility of potential bottlenecks. Tools that offer risk monitoring deliver alerts about critical events that pose a threat to your business continuity. Your IT team will be better equipped to troubleshoot issues promptly and optimize performance.
Conducting Regular Network Assessments and Audits
Once you have the proper monitoring tools to manage your network topology better, proactive troubleshooting is a great way to spot-check whether your current solution is working as it should. A network audit is much like proactive troubleshooting; you are looking to see if anything could harm the overall system and catch it before it can develop.
When auditing a network, the primary focus should be security measures. If patient and confidential data is not secure, the smooth operations of your business are the least of your worries. When conducting an audit, consulting with a network service provider will help identify issues with your protocols, data encryption, and firewall configuration.
Establishing Redundancy and Disaster Recovery Plans
Backing up private and confidential data is crucial to ensuring that sensitive information is not lost or exposed. Minimizing network downtime can often be achieved by having backup systems that will keep running in the event of an attack or outage. For example, a dedicated Cloud Access Network, power supplies, and switches will go a long way.
When creating an internet contingency plan, outline steps and protocols with your team that you will take in the event of a complete failure, including things such as brand reputation management, customer service, and data loss prevention.
Looking Forward
As the lines between in-person and digital are blurred, navigating the complexities of implementing a robust network is paramount to your business.
Strengthening your infrastructure, integrating redundant systems, and conducting regular audits and assessments with the proper monitoring and management tools will help you maximize uptime usage and minimize network downtime.
Although overwhelming, working with a reputable network service provider can help you embrace your network topology to remain competitive.
Read More
Digital Healthcare
Article | November 29, 2023
Affordable healthcare is the need of the hour and interoperability is the means to that end. The healthcare ecosystem is looking into ways they can enable this affordability as soon as possible, and that is where FHIR comes in. FHR promises an on-demand exchange of secure healthcare information. It has become an increasingly popular protocol, thanks to its commitment to ensuring interoperability in the app economy, via apps.
The privilege enjoyed by consumers and participants in most industries is the ease of accessibility of information. With most of it being on the cloud, a URL ensures access to the same information regardless of where it is being accessed from or which internet enable device. This is the privilege FHIR aims to introduce in healthcare, over the current document-based approach where forms are either faxed, emailed, or electronically exchanged.
FHIR is for
Building new healthcare apps
Develop cloud-based health apps that integrate with social networks
Providing a simple to use standards-based API for cloud-based health integration services
The government looking to implement a national EHR
FHIR Aims to Reduce Cost
The medical expenses of an average American in a year are north of $12k and rising. The reasons are the unnecessary complications in the healthcare IT infrastructure. With FHIR, HL7 aims to reduce the burden on providers in sharing and accessing healthcare data at the point of care, thereby reducing the administrative expenses spent on moving data back and forth. It also promises to grant on-demand access to patients – enabling them to make better-informed healthcare decisions.
What is part of FHIR?
Pre-defined Resources and API
A common way to represent data as building blocks and rules for connecting them
Target support for common scenarios
Implementer Friendly
Familiar tooling and technologies using web standards
Multiple Libraries available for faster implementations
Mobile Friendly
Concise and easily understood specifications, RESTful API and JSON
Leverages cross-industry web technologies
Multi-paradigm
Thick client, browser, or mobile devices
Supports human readability as the base level of interoperability
Large Community for Support
Heaps of open-source software and training events, webinars, and connectathons
Specification feedback welcomed, including update requests-tracker
Out-of-the-box Interoperability
Base resources can be used as it is, can also be adapted for local requirements
Seamless exchange of information using messages or document
Start The FHIR
Health plans are jumping on the FHIR bandwagon faster than ever thanks to the Interoperability and Patient Access rule as well as the latest proposals. Do not get left behind or sustain the ramifications of non-compliance with CMS regulations.
Read More
Health Technology
Article | September 12, 2023
The healthcare industry has become a prime target for cybercriminals in recent times.
According to The State of Ransomware in Healthcare 2023 report from Sophos, six in 10 healthcare organizations have been hit by ransomware in the last 12 months, up from 34% in 2021.
Among this uptick have been several headline-grabbing attacks. For example, Shields Health Care Group became the subject of the single-largest breach affecting any organization globally in April 2023, when 2.3 million patients of the Massachusetts-based medical services provider had their personal data stolen after a cybercriminal gained unauthorized access to the organization’s systems.
Meanwhile, in the UK, a ransomware attack on the University of Manchester occurred in June, affecting an NHS patient data set holding information on 1.1 million patients across 200 hospitals.
Critically, the wealth of data housed in healthcare networks, and the potential impact of data unavailability in healthcare, make the industry both attractive and lucrative to threat actors.
It’s no coincidence that the Sophos report shows the rate of encryption in the healthcare sector is at its highest level in recent years. Of those healthcare organizations which suffered a ransomware attack in 2023, 73% had their data encrypted – up from 61% in 2022. When cybercriminals can successfully take down hospital systems and/or encrypt patient data so it can’t be used, they can blackmail health service providers, demanding significant sums before reinstating systems and/or data availability.
Considering healthcare's critical role as the highest-stake industry in our society, where people's lives depend on its success, the likelihood of attackers achieving their goals is greater than in other sectors, as confirmed by the Sophos report. Indeed, of the 73% of healthcare organizations that had their data encrypted, 42% reported that they paid the requested ransom to recover data.
DSPT and the compliance burden
Without question, the security-related challenges in healthcare are mounting. Right now, industry organizations are operating against a backdrop of unprecedented operational and workforce pressures, spiralling demand for care and industrial action.
Moreover, there is a growing regulatory burden, with organizations continually asked to comply with evolving cybersecurity rules, battling with multiple compliance mandates at any given time.
Take the NHS as an example. According to the 2023 NHS Providers’ Regulation Survey, just over half (52%) of respondents said the regulatory burden on their trust had increased. And this is expected to ramp up further in the future, with the UK government setting out a new 2030 strategy aimed at bolstering cyber resilience in healthcare.
Among the compliance burdens that the NHS faces is the challenge of meeting the requirements of the newly updated Data Security and Protection Toolkit (DSPT).
Mandated to minimize cyber risks and enable healthcare providers to maintain a robust information security posture, the DSPT is not a simple checklist of security controls, but a comprehensive toolkit to evaluate current security maturity and establish a risk management programme.
Indeed, in more recent times, DSPT has moved away from being a guide for achieving certain levels of assurance, and toward a mandatory evidence-based system which demands NHS organizations align with 10 precise National Data Guardian (NDG) standards: 1. The organization assures good management and maintenance of identity and access control for its networks and information systems. 2. The organization closely manages privileged user access to networks and information systems supporting essential services. 3. The organization ensures passwords are suitable for the information being protected. 4. Process reviews are held at least once a year where data security is put at risk and following security incidents. 5. Action is taken to address problems as a result of feedback at meetings. 6. All user devices are subject to anti-virus protections, while email services benefit from spam filtering and protection deployed at the corporate gateway. 7. Action is taken on known vulnerabilities based on advice from NHS Digital, and lessons are learned from previous incidents and near misses. 8. The organization has a defined, planned and communicated response to data security incidents impacting sensitive information or key operational services. 9. The organization has demonstrable confidence in the effectiveness of the security of technology, people, and processes relevant to essential services. 10. The organization securely configures the network and information systems that support the delivery of essential services.
Reducing Compliance Challenges with the Right Solutions
Taken individually, these standards may not seem too strenuous to adhere to. However, to be compliant with DSPT, all 10 items need to be completed and deemed ‘satisfactory’.
To tick all 10 key boxes in the most effective and efficient manner simultaneously, organizations should consider their strategy carefully. This could involve embracing supportive tools to accelerate and enhance their compliance journey.
Boiled down, DSPT demands several key things, including unincumbered visibility of the entire ecosystem, as well as the ability to demonstrate secure access, logs and storage, and essential auditing processes to maintain data security.
Achieving these things might appear complicated, even daunting. However, there are solutions known as Security Information and Event Management (SIEM) systems on the market that can make achieving these capabilities, and in turn DSPT compliance, easy.
Here, we outline some of the key features to look out for to meet compliance: • Log retention: A modern SIEM should be able to provide a centralized log storage and big data platform that scales to any organization’s size. Platforms should be able to provide role-based access to log data, including ‘data privacy’ functionality that can mask sensitive data until approved. Log data should not be modified or removed by users once ingested into the platform, while all data held should also be indexed and fully searchable. • Identifying and disabling unnecessary accounts: A good SIEM will also provide account auditing facilities for Active Directory that allow administrators to quickly identify dormant accounts. They should also be able to remove privileged user access when no longer required or appropriate. More sophisticated platforms will be able to do this in an automated manner. • Easy identification of issues: Clear and easily readable dashboards, alerts and reports for user logging activity should be provided, including failed login, apparent brute-force attempts, and bad password management practices. Further, those using machine learning will be able to identify unusual behavior patterns based on a baseline of activities of users and their peer group. • Integrate with third-party threat feeds: It will also be able to integrate with a wide variety of third-party threat feeds that provide information about specific known threat payloads/hashes and destination domains/addresses.
Meeting the mandate
Of course, having the right features in place is only part of the puzzle. For organizations to be truly successful in embracing tools that enable them to meet DSPT compliance more effectively, they should work to ensure that solutions providers offer them ongoing support – both in terms of ease of deployment and to ensure that they are using key systems in an optimal manner.
Scalability is another important aspect to consider.
Systems should be able to scale and continue to support the organization as data volumes increase and become more complex over time.
In respect of scalability, organizations should take time to think about pricing models, ensuring that these are based on the number of devices (nodes). In doing so, it will become easier to accurately budget future costs, as well as provide greater budgeting certainty over the short, medium and longer term.
A converged SIEM allows organizations to prioritize the big picture over individual tools, enabling them to develop a seamless and easy to use security operations setup. Not only does this approach boost cost transparency and eliminate potential complexities with managing a variety of siloed products – equally, it reduces the burdens on security teams, eliminating complexities over system integration and enhancing performance.
A converged SIEM combines key technologies easily to offer improved security outcomes. In doing so, organizations can easily home in on specific standards and adopt security best practices while reducing the burden on security teams tasked with meeting DSPT compliance.
Read More
Future of Healthcare
Article | February 19, 2022
Anesthesia groups face major challenges in the aftermath of the pandemic: Financially strapped hospitals are increasingly unwilling or unable to pay anesthesia subsidies, and a shortage of qualified anesthesiologists and CRNAs is making recruitment extraordinarily competitive.
The good news is that anesthesia opportunities are plentiful in the ambulatory surgery center (ASC) market. As more inpatient procedures migrate to ASCs, anesthesia practices can help meet demand by working with hospitals and ASCs. A dual-contracting approach can help increase revenue, reduce operational risk, enhance recruiting leverage, and present opportunities for equity investments in ASC ventures.
Expanding ASC Case Mix
Multiple factors are driving increased ASC volume.Consumers have long been attracted to the convenience andfast turnaround timesASCs offer, and as the pandemic began to take hold and patients worried about becoming infected in hospitals, theirpopularityincreased.
But even before the pandemic hit, theuse of ASCs was growing,with the number of centers increasing 7.1% annually since 2016.1No doubt this was in part driven by Medicare restricting fewer surgeries to the inpatient only (IPO) setting. This year alone, Medicare is adding 11 orthopedic procedures to the ASC-approved list, including total knee arthroscopy (TKA) and total hip arthroscopy (THA).2Commercial payersare alsofuelingASC volume by promotingthis venue as a lower-cost option to members.Lastly, with more than 90% of ASCs at least partially owned by physicians,providers themselvesare driving moreprocedures to this setting.
Hospitals Become ASC Buyers
For years, hospitals viewed ASCs as direct competition and discouraged or even prohibited inpatient anesthesia practices from contracting with them. But that dynamic is changing as more hospitals become buyers or majority investors.
According to a recent survey, the percentage of hospitals and health systems planning to increase their investments in ASCs rose from 44% in 2019 to 67% in 2020, with 75% of 200-plus-bed hospitals already owning more than one ASC.3Hospitals view these investments as a way to enhance physician relationships and increase surgical capacity.
The Benefits of Practice Diversification
For anesthesia practices that elect to contract with both hospitals and ASCs, a key benefit is improved profitability, since average ASC case reimbursements are higher than average hospital cases due to better payer mix and more efficient room turnover. Groups that work with multiple organizations also reduce their institutional or operational risk by limiting their exposure to potential financial problems associated with a single contracted entity.
Practices likewise gain an edge when it comes to recruiting in today’s highly competitive anesthesiologist and CRNA market. One of the chief benefits of ASC involvement is being in a position to offer a better work-life balance by spreading call responsibilities across a larger physician call pool. The math is simple: If a hospital group has seven physicians, each must provide call coverage once a week. But if the group also contracts with five ASCs and brings on five additional doctors to staff the facilities, individual call responsibilities are reduced to once every 12 days.
The importance of mitigating call duties to improve the work-life balance for both experienced clinicians and new hires can’t be overstated, particularly as hospitals work to streamline OR throughput by increasing the number of surgical procedures. Groups can also explore a range of creative compensation approaches, including essentially selling call opportunities to newly hired or recent graduate anesthesiologists as additional avenues to attract qualified clinicians while easing the burden on senior anesthesiologists.
Equity Opportunities
Among the most intriguing aspects of ASC involvement is the potential for becoming an equity stakeholder in the business. Surgeons traditionally have been the primary drivers in creating ASCs, but new opportunities exist for anesthesiology groups, particularly if their hospital is buying an existing ASC or developing a new ASC venture and looking to diversify the ownership group.
The idea of anesthesia ownership isn’t as crazy as it might sound. Like surgeons, anesthesiologists are integral to the success of an ASC, and like surgeons, they get there early and stay late. It’s no secret that joint ownership can greatly improve relations between the practice and the hospital, since both are now working toward the same objectives.
Groups can also make more money. I met with a surgical group not long ago with a 49% ownership stake in a hospital. That equity generated an additional $80,000 per year for each physician partner. How much you can make, of course, depends on your specialty, your level of ownership, and the volume of business. But you’ll never know until you try.
Outside Expertise
The pandemic has unleashed numerous changes throughout healthcare, and where the dust will eventually settle isn’t entirely clear. But what is certain is that for organizations to remain viable, they’ll need to be flexible and look hard at nontraditional business opportunities. Contracting with both hospitals and ASCs represents one such approach for anesthesia groups.
If you’re interested in exploring this and other business possibilities but don’t know where to start, Change Healthcare can help. Our team of expert anesthesia practice-management consultants have an average of 18 years’ experience in the specialty. We can be engaged on a per-project basis or we can provide our consultant services as part of our turnkey anesthesia-billing solution.
Our anesthesia revenue cycle management services can be deployed either on our own proprietary anesthesia-billing platform or on your hospital billing system. Either way, we’ll provide seamless, end-to-end service.
Read More