The U.S. federal government recognizes the risk of data breaches to the healthcare industry and has enacted laws to mandate protection of personally identifiable information. This information, collectively known as Protected Health Information (PHI) in the regulations, includes identifiers such as names, geographical locations smaller than a state, dates related to the individual, phone and fax numbers, email addresses, and many other types of numbers or codes that identify an individual.


As described in Cybercrime and the Healthcare Industry, protected healthcare information can be many times more valuable than credit card data. So what makes this information so valuable? First, healthcare organizations often are not set up to detect breach, so it can go undetected for longer periods of time. Second, credit card accounts can be cancelled; however, personal identification information is much more difficult to cancel. Third, criminals can utilize the breached information in many different ways: A) fraudulent claims, B) access prescription drugs either for use or resale, C) open new credit card accounts, or D) possible blackmail or extortion opportunities with sensitive health details.


At the recent 2014 Information Systems Security Association Puerto Rico InfoSec Conference, the presentation Reducing Risk of Healthcare Data Breaches had a Breach Definition section that steps through the appropriate Code of Federal Regulations that define healthcare breach. Each slide in the section highlights the appropriate snippets of the code and provides links to the original documents (the definition spans several federal documents to weave together the full story).


Within the regulations, organizations that have 500 or more records breached are supposed to report the breach to the Health and Human Services department. These breaches are made publicly available on the Breaches Affecting 500 or More Individuals web page and the information can be searched or downloaded. As of the end of 2013, 800 reports had been filed accounting for 28,898,900 breached records. Thus far Washington D.C., Puerto Rico, plus all states, except Maine, have reported breaches.  The figure below shows the per capita impact of breached records by region. As shown, in the three years since reporting was mandated, five regions have already had at least 1 in 5 of their population’s records breached.




At the end of 2013, 98 of the breach reports had detailed comments about the breach and the organization’s response to the breach. For electronic breaches, a very typical response was to add encryption (see following graph).



While encrypting Protected Healthcare Information is a great starting point and, arguably, a very positive step to take, note that it should not be a final step. For instance, my colleague, David Houlding, wrote Healthcare Information at Risk – Encryption is Not a Panacea and describes many other activities that are worthy of considering in addition to encryption. There are several technologies available that accelerate the speed at which data can be encrypted/decrypted (e.g. processor hardware support like AES-NI or self-encrypting Solid State Drives (SSDs)). These solutions are often far more affordable to do prior to being breached rather than paying for a breach after the fact in: A) manpower, B) post-breach encryption, C) government fines, D) brand name damage, and E) loss of customer loyalty / lawsuits.


How are you protecting your Protected Health Information?


Doug Bogia, PhD, is a mobile health lead architect at Intel Corporation.


At HIMSS14, infrastructure was on the minds of many attendees. In the above video, AirStrip CEO Alan Portela talks about how healthcare organizations can economically optimize technology infrastructures while still delivering performance. One way is to utilize companies like AirStrip as aggregators of information from electronic medical records and devices to efficiently update existing systems.


Watch the video and let us know what questions you have about building or updating health IT infrastructures.

Whether the ICD-10 delay and Medicare payment fluctuations bring relief or frustration, there are still many ways to position your organization for a successful future.


In fact, despite the recent disposition toward delay, now is actually the time to energize or re-energize your focus on existing programs that create a strong foundation for evolving and future value-based and alternative payment incentive models, such as accountable care organizations (ACOs) and patient-centered medical homes (PCMHs).


As you may know, the congressional stalemate on how to pay for long-term Medicare payment stability — coupled with the phasing out of fee-for-service (FFS) — brought ICD-10 into pre-midterm election politics. The result? A one-year delay of the advent of ICD-10 in the U.S. until Oct. 1, 2015. In addition, a one-year Medicare payment patch averted a 24-percent cut, instead increasing Medicare payments by 0.5 percent for the next 12 months.


Both actions temporarily slowed the momentum of the SGR Repeal and Medicare Provider Payment Modernization Act (SGR Repeal), which proposed to stabilize Medicare payments through 2018 and that same year institute a value-based purchasing program similar to accountable care structures while phasing out FFS.


Moving your healthcare organization forward

Keep in mind that throughout this process, congressional leaders said they will still work hard to resurrect the bipartisan SGR Repeal Act widely supported by Capitol Hill, provider groups and the health IT industry. This is the right thing to do to advance preventive, coordinated care and move toward a sustainable healthcare system.


In the case of ICD-10, many organizations were readying for the conversion this fall, respecting its merits toward advancing quality reporting, expanding performance measures and improving overall population health.


You can make the most of these changes by staying focused on creating strategies for implementing the value-based and alternative payment incentive models the SGR Repeal Act proposes:


Accountable care organizations — With more than 600 voluntary structures currently operational, many of your peers have moved into coordinated care programs based on quality incentives. Don’t be left behind. These programs are another example of how private payers and healthcare organizations have followed the lead of the original Medicare Shared Savings Programs.


Patient-centered medical homes — This equally successful program has been expanded to include specialty medicine, with the March 2013 launch of the Patient-Centered Specialty Practice (PCSP) program by the National Committee for Quality Assurance (NCQA).


Meaningful use Stage 2 — Stage 2 is an example of how quality measure incentive programs will come to pass. Keep in mind that for the 2014 reporting year, any 90-day or fixed-quarter attestation can be pursued, so there’s plenty of time to capitalize and ready your organization for success. There are incentive funds still on the table.


With aspects of healthcare coverage, payment and sustainability such a paramount issue for our country — intertwined with health IT adoption and improved population health goals — it’s essential to continually assess what programs are best for your organization and your patients.


It’s safe to say you will need to engage these programs despite periods of fluctuation to successfully compete in a future of healthcare dominated by accountable care, value-based purchasing and alternative payment models.


Justin Barnes is a vice president at Greenway Health, chairman emeritus of the Electronic Health Record Association (EHR Association) and co-chair of the Accountable Care Community of Practice (ACCoP).


Follow Justin on Twitter (@HITAdvisor)

See his other posts here


In the above video, Stanley Crane, Chief Innovation Officer at Allscripts, talks about opening development platforms for EHRs, improving manageability for CIOs in a BYOD world, and boosting synchronicity among devices and server components.

Take a look and let us know what questions you have about health IT synchronicity.


A growing number of healthcare organizations view data and analytics as instrumental to achieving their objectives for improved quality and reduced cost. Glenn D. Steele Jr., MD, CEO of Geisinger, recently outlined how his organization is using analytics to advance their population health initiatives.


While healthcare is currently behind other industries when it comes to use of business intelligence and analytics, this is changing. The fundamental transformation driving this change is the (worldwide) migration from volume-based care to value-based care. Organizations with the capacity to optimize care based on the latest medical literature, their patients’ specific condition(s), and, ultimately, their genomic profile, will survive. Those that are unable to update their culture, rely only on personal experience, medical training, and (often times) a trial and error approach, will be left behind.


The above video excerpt from the Intel Health & Life Sciences Innovation Summit panel, Care Customization: Applying Big Data to Clinical Analytics & Life Sciences, lets you hear how leaders from provider, payer, life sciences and analytics organizations describe key use cases they have implemented, infrastructure trends, and practical steps to get started.


While payers are typically farther along in their use of analytics than providers (particularly in the area of claims analytics to optimize claims processing and reduce false claims), providers are using analytics in the following (representative) areas:


  • Reduce unplanned readmissions
  • Reduce hospital acquired infections
  • Identify cost inefficiencies
  • Measure quality / outcome improvements (across a health system if applicable)


One of the key barriers to the use of analytics we often see in healthcare is the organizational culture. This can be challenging as culture is something that doesn’t change overnight. So what can we do about it? I will leave you with two pieces of simple advice:


  1. Identify a clinical champion: Culture change won’t happen based on a top-down approach or through programs driven exclusively by the IT department. There must be a partnership between IT and the clinical side of the house to identify needs and create value for the organization.
  2. Start with real use cases: Before you build anything, identify a small set of use cases that will deliver value and demonstrate early success for your organization. Build on that success to scale.


Are you deploying big data or analytics solutions in your organizations?


Chris Gough is a lead solutions architect in the Intel Health & Life Sciences Group and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@CGoughPDX)

Check out his previous posts

When it comes to personalized medicine, speed can make all the difference in the world for patients. That’s what makes today’s announcement that Intel Corporation and the Broad Institute have dramatically improved the time it takes to analyze genetic information and detect genetic variants associated with medical conditions so exciting.


By optimizing the latest version of the Broad’s Genome Analysis Toolkit (GATK) 3.1 for Intel® Advanced Vector Extensions (Intel® AVX) in Intel® Xeon servers, Intel and the Broad were able to achieve three to five times overall improvement in variant discovery to meet the challenges of research, and accelerate discovery.


These improvements enable a whole genome to now be processed in one day instead of three. Imagine that you were a patient waiting for results. Cutting wait times by two-thirds is a huge step in the right direction for improving care and outcomes using technology.


Together with new methods, GATK 3.1 can now analyze datasets consisting of tens of thousands of DNA samples, 100 times what was previously achievable. The improved speed for variant analysis in large association studies will help enable new medical discoveries for conditions such as cancer, neurodegenerative disorders, and cardiovascular disease that were never before possible.


What’s the bottom line? Intel and the Broad are improving the quality and performance of the whole GATK pipeline in order to benefit patients worldwide. The computational bottlenecks that stand in the way of scientific discovery are being solved, and that will make personalized medicine a reality for everyone.


Read more from the Broad about its take on today’s announcement.


What questions do you have about GATK or personalized medicine?


Learn more about GATK 3.1 for academic, noncommercial use or for commercial uses.


Interoperability was a big topic at HIMSS last month. That’s why we connected with Jon Zimmerman, Vice President and General Manager, Clinical Business Solutions at GE, who talked about connecting new innovations and various points of care in healthcare and making them work together.


Watch the above video to learn why GE is focusing on interoperability and putting an analytics framework around solutions to drive insights for patient care plans, and let me know what questions about interoperability you have.


It's always tempting to get caught up in the promise of the next, new thing. Gestural computing and 3-D printing spring to mind as recent examples, as well as a variety of wearable tech gadgets that we’re told are just around the corner from being commonplace.


While I have no doubt these technologies will find their way into the mainstream, it seems more likely that, for health care providers, the highly-familiar-yet-presently-underutilized touch computing will offer the most real-world value over the next few years.


Consider Aetna CEO Mark Bertolini’s keynote address at HIMSS14, in which he made clear that healthcare costs are rising significantly, and keeping these costs down is a task to be shared by everyone. (When payers suddenly form a palpable presence at a tech show, it’s worth taking note.)


Mobile is now the norm in healthcare settings, and touch computing directly ties in with key best practices for the use of mobile in these environments (i.e.- using the right device for the right task, rearranging workflows to enhance collaboration, and focusing on the compute model in relation to the task at hand).


If the healthcare industry is to deliver on ACA’s stated objectives of improved quality of patient care and increased efficiencies across the system, then engagement is critical to enabling clinicians to do more with less. I’m thinking tablets and 2 in 1s (all fueled by touch) could be the lynchpin that ensures engagement not only among physicians and clinical staff, but patients as well.


In terms of cost, having one device instead of two (notebook and tablet) is a less expensive mobile touch alternative and provides a better tablet experience for users, not to mention a three-year cost savings of $1,470. Read more on the costs savings here.


If you’d like to see how clinicians are using touch computing to provide better care, check out this new SlideShare overview that details the power of touch in health IT. (see above also)


As a B2B journalist, John Farrell has covered healthcare IT since 1997 and is Intel’s sponsored correspondent.

Read John’s other blog posts


Thanks to technology, patients are becoming more engaged with their own healthcare. Wearable devices are just one way that patients are helping to provide more data about themselves and their conditions.


To learn more about this trend and find out what’s next with wearables, Intel Health and Life Sciences General Manager Eric Dishman recently sat down with Gunnar Trommer, Ph. D., Vice President, Marketing and Business Development at Sotera Wireless, to discuss the company’s new wearable form factor that measures vital signs and transmits the data wirelessly to a physician and into an EMR.


The device is able to continuously monitor blood pressure readings and provide ICU-level diagnostics. In the above video, Gunnar shares his insights on wearable technology and how it can improve patient outcomes.


Watch the conversation and let me know what questions you have about wearables and the future of patient participation in healthcare data.

Estimates of the number of IoT (Internet of Things) project 1.9 billion devices today growing to 9 billion by 2018. Already, healthcare has made major strides into the Internet of Things with a myriad of healthcare specific Internet connected devices, or “things” for managing health and wellness through vital signs.


For example, multiple healthcare “things” can measure everything from patient activity through multiple vital signs such as blood pressure, glucose levels and so forth. Connecting these “things” to the Internet enables the data to be analyzed, for example, for diagnostics. This has potential to radically transform healthcare enabling better, faster diagnostics, and personalized medicine.


Patient conditions can be detected proactively and early, personalized treatment provided, and patients allowed to return home for recovery faster with post treatment monitoring. Healthcare IoT is also poised to empower patients with their data, which historically has been locked inside healthcare organizations and difficult for patients to acquire. Clearly, potential benefits of healthcare IoT are great.


Security of IoT

Concurrently, privacy and security incidents such as breaches have reached alarming levels globally, both in frequency and impact. Privacy concerns have also been exacerbated in recent years by concerns over surveillance and privacy intrusions from online service providers such as social media platforms. Realizing the benefits of healthcare IoT sans the privacy and security incidents, and doing so in a way that preserves and builds patient trust, requires a proactive approach where privacy and security is built in by healthcare IoT device and service providers.


Many healthcare IoT service providers today stream sensitive patient data from the devices, securely over the Internet, to repositories they maintain for secure storage. These repositories enable analytics on the patient data, empowering patients with new insights, knowledge, and enabling them to make better informed decisions on their health and wellness. However, in a sense, these repositories are silos, storing the data from the specific healthcare IoT device and enabling analytics just on that data. Unfortunately for the patient, this data is not automatically available for co-mingling with other data from other healthcare IoT devices provided by other organizations. The result is a limitation in the analytics that can be done and benefits that can be delivered back to the patient.


Privacy through separation

Interestingly, one of the unintended benefits of silo’ing patient data across separate secure clouds maintained by different healthcare IoT service providers is that privacy and security risk is reduced through separation. If one of the providers is breached, there is a limit to the variety and quantity of sensitive healthcare data at risk. While industry is generally currently in the phase of building out the healthcare IoT, proliferating devices and silos, proactive attention to privacy and security demands that we think ahead to the inevitable next phase.


This is where data from different healthcare IoT providers is brought together, further enabling greatly increased benefits, while also greatly increasing privacy and security risks. An intrusion of such an integrated repository of patient data could breach a much greater variety and quantity of sensitive data. Preventing cybercrime in healthcare requires a holistic approach where a combination of administrative, physical, and technical safeguards are used to mitigate privacy and security risks. With cybercriminals using increasingly sophisticated techniques for intrusions, technical controls need to protect the whole stack, from various layers of software right down to the hardware level. With patients and healthcare workers being increasingly empowered with more sensitive data, and tools such as smart devices, apps, social media, wearables and IoT, we need to recognize that many breaches occur from inadvertent user actions that while well intentioned, subject sensitive data to greatly increased privacy and security risks.


In addition to securing the hardware and software, we need to secure the user, also empowering them with new visibility into privacy and security risks of their actions, as well as actionable alternatives available to them that both achieve their goals while reducing or eliminating risks.


What privacy and security challenges and risks are you seeing from healthcare IoT, and how are you planning to address these?


David Houlding, MSc, CISSP, CIPP is a senior privacy researcher with Intel Labs and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts

Below is a guest post from Af┼čar Akal, Healthcare Enterprise Solution Sales for Intel in the Middle East, Turkey and Africa, on the upcoming GenoFuture’14 event next week in Istanbul.


Let’s face it: the bulk of IT spending related to life-sciences will take place outside the Middle East and Balkans. It is no surprise that unless you ask for it (and pay a decent sum) no country in the region registers on the pivot table radar that breaks down worldwide spending projections. It is simply accounted under the ‘rest of the world’ line. This, however, should not mean the region is fast asleep while the rest of the world has already embraced disruptive innovations in life-sciences such as genomic sequencing and clinical analytics.


Qatar announced three years ago it was going to sequence all of the Qatari population’s human genomes and formed a bio-bank in collaboration with Imperial College (London) while the Kingdom of Saudi Arabia has recently announced a similar mapping exercise to the tune of 100,000 genomes in partnership with Life Technologies.


Another spotlight is Turkey, where Izmir, the third largest city located in the West coast, has started the countdown to the opening of the Turkish Genome Institute. Why not locate this facility in the capital city of Ankara or the trade capital of Istanbul? Izmir’s regional development agency, which supports the city’s economic development efforts, explains at IZKA’s web site that healthcare is a strategic sector for attracting local and overseas investment. This covers a vast array of industry and services that include pharmaceutical production, research and development in new drug discoveries, biomedical sciences, clinical trial outsourcing, medical equipment, and on and on. So why not set a Genomic Institute in the same locale to lead the way?


The Institute’s interim director, Dr Mehmet Ozturk, welcomed Intel’s invitation to speak at the GenoFuture’14 event, an inaugural international forum to discuss Innovations in life sciences by bringing clinical geneticists and IT industry from the Middle East and Balkans together.


Intel’s Worldwide Medical Director, Dr. Mark Blatt, and Director of Life Sciences Research Ketan Paranjape, will also take center stage to explain why Big Data in genomics and clinical analytics matters for Intel and how we strive to bring full computational, storage, networking and latest software technologies from behind cold roomed data centers to the bench-top where consumers (that is patients) can benefit.


I recommend that you keep an eye on the Middle East and the region’s role in genomic and life-science research and its application to personalized medicine. The region is energized thanks to high oil prices and thankfully the governments are putting these funds to good use.


What questions do you have?

I was expecting the arrival of 2 in 1 mobile devices to make more of a splash in the healthcare space.


These slick devices, which combine a tablet and a laptop, started popping up in healthcare settings a few months back. Dell, HP, Lenovo, and others rolled out their competitive offerings, each promising convenience, lower replacement costs, easier management, and better security—and the research shows they deliver.


But healthcare CIOs tell me their selection of these devices is still largely driven by user preference, mostly because they provide both tablet and full keyboard functionality as needed.


Others, such as Linda Reed, RN, MBA, FCHIME, vice president and CIO at Morristown, N.J.-based Atlantic Health System, are quick to add that 2 in 1s haven’t been widely adopted yet because—surprise, surprise—today’s clinical applications and EMRs are still not fully developed for a tablet. The apps tend to be cumbersome and lack intuitive navigation.


“What we have found to date is that smart phone, tablet, laptop and workstation still have fairly distinct use cases,” Reed says. “Our docs will use all of the above, based on what they are trying to get done.”


But while it’s still early, health IT professionals should consider that clinical apps and EMRs will continue to evolve, and the case for device consolidation is a good one—especially when you compare Ultrabook replacement costs with the cost of replacing either an iPad or Android tablet and a laptop.


Whether a healthcare organization wants to provide staff with tablets, or simply support BYOD in-house, the upside to a single 2 in 1 device can be significant.


Beyond saving on costs (think devices + replacements + hardware support), these lighter, more energy efficient and easier to manage 2 in 1s can streamline workflows while providing greater security. The fact that they’re easier for health IT professionals to manage is gravy.


For a detailed breakdown of total cost of ownership—and why 2 in 1s may be the least expensive, most secure option for healthcare organizations going forward—check out this report. You may want to share it with your favorite clinical app or EMR vendor, too.


What questions do you have about 2 in 1 devices?


As a B2B journalist, John Farrell has covered healthcare IT since 1997 and is Intel’s sponsored correspondent.

Mobile World Congress starts this week. Below is a guest post from Intel's Mel Remington, who will be at the show representing the Intel Health & Life Sciences Group.


Mobile World Congress ’14 is set to have even more visitors than last year from business, government and consumer arenas. A major theme, which has been evolving over the past few years, is mHealth. We’ll again see examples across the show floor with a variety of usage models centred on the smartphone opening up new service channels for consumer health.


But there is a bigger picture and reality where the compute model matters: to enable healthcare systems to improve care coordination and collaboration across the actors within the healthcare system and patient inclusion and empowerment. This is where industry analysts such as IDC define a higher level category--Centre stage – Mobile Health –which opens up so many possibilities to transform healthcare delivery.


  • If you are thinking ahead you may be asking some or all of these questions.
  • Is mobile health a reality at a scale level? 
  • What are the true benefits to the healthcare system?
  • Are there viable business models for solution & service providers?
  • Where can we see examples at the show?


To the first question, yes, mobile health is a reality at scale. Keep in mind, mobile health also includes security and manageability and crucial components to secure patient data, so too is the design of the software solution and selecting the right device for the right task.


To the second question, mobile health offers many benefits to healthcare systems such as helping to improve capacity of healthcare workers that help in turn increase access to care or result in helping to improve the quality of healthcare services. The net results can improve efficiencies, drive up quality, whilst meeting the increasing demands on healthcare systems at the same or lower costs. 


And to the third question, for solution and service providers, there are many possibilities from rich media content delivery, provisioning for mobile solution apps, devices with security and manageability, data centre, cloud, big data and analytics services.


Finally, to hear about examples at the show, come and check out the Intel stand in Hall 3 at Mobile World on Wednesday 26th at 4:00 p.m. and Thursday 27th Feb. at 12:30 p.m., where Intel will be hosting a Mobile Health presentation showing examples around from Spain and Brazil with Telefonica and a major Healthcare Provider, so we can address these questions and others in more detail.

As HIMSS14 approaches in a few days, we are sharing a pre-show guest blog series from health IT industry experts on trends you can expect to hear about at the event. Below is a guest contribution from Jean Cleghorn, Private Practice & Physician Healthcare Technology Liaison at HP.


These days, buzzwords like “interoperability” and “patient engagement” have taken the healthcare industry by storm and it’s become harder to determine what solutions will actually drive your business forward. Whether you are a doctor or an administrator, you want to make sure you have access to all patient information and ensure patients are fully informed about their treatment plans so that hospital resources are being maximized. So how does technology play a role in transforming the continuum of care and how can CIOs help make the best decisions for their business?


The healthcare industry has historically lagged behind other industries in its adoption of emerging technology trends. That’s no longer the case. New technologies like cloud and mobile-enabled healthcare have empowered CIOs to transform their hospitals, creating a better environment for patients and doctors alike.


Access to data at any time, anywhere in the hospital, is a critical concern for any CIO, and technology like EHRs for all patient information is leading to improved patient care and efficiency for administrators and caregivers. Even with the realization that the future of health IT is moving towards a more streamlined, “patient first” approach, CIOs may not always feel confident in their abilities to protect and share all of that sensitive information across networks connecting hospitals, doctors, specialists and medical researchers. But implementing technologies doesn’t have to be so difficult, and in the end, it’s worth the effort. For example, tablets and PCs can provide access to EMRs, thin client and print solutions can streamline workflow, and workstations provide the performance and reliability required for hospitals.


Next week at HIMSS 2014, HP is demonstrating how customers like Jump and OSF HealthCare are using HP technologies powered by Intel to transform the continuum of patient care. As you can see in the video below, technology from tablets to thin clients can be used to help update vital patient statistics, manage automated workflows that help doctors respond quickly, and ensure that full medical histories are at doctors’ fingertips. Check it out for more best practice tips.



You can see the technology in action at HIMSS at HP booth #1949.


What questions do you have?


As HIMSS approaches next week, mobility is sure to be a hot topic among attendees. In the above video, Simon Eastwick from the global business unit for mobility at HP, talks about the growing prevalence of mobile devices and the expectations for tablets in the healthcare environment. He explains how mobile health technology can improve clinician workflow and impact patient care, and how CIOs can best manage these devices.


What questions do you have about mobility in health IT?

Filter Blog

By date:
By tag:
Get Ahead of Innovation
Continue to stay connected to the technologies, trends, and ideas that are shaping the future of the workplace with the Intel IT Center