Danone is a company which deserves much admiration. For thousands of years, the ‘lactobacillus bulgaricus’ cultured milk - as indicated by analysis of this bacteria’s genome - was consumed as yogurt. Let’s not underestimate this historical disruption. Probably due to a chance event somewhere in Central Asia, this bacteria-cultured product extended the useful life of plain milk from less than a day in warm climates to three days or more. Useful, considering the lack of refrigeration at the time.


A few decades ago came the incremental innovations of adding Bifidus Actiregularis bacteria to yogurt and packaging it in an organic compound called PLA Igneo instead of polystyrene plastic. Danone promoted this nutritionally advanced and re-packaged product as a ‘probiotic’ with their successful Activia brand, and thus created an annual $4 billion market. Not bad for a commodity product right? Well, labelling yogurt as a probiotic was no hype as per Danone’s commercial success shows.


Big Data - Hype or Reality?

I recently had the privilege of co-hosting a short talk on Big Data with the Chief Medical Officer of Dell Health and Life Sciences, Dr. Nick van Terheyden, to a group of distinguished guests at the NHS Innovation Expo in Manchester, UK. Dr. van Terheyden spoke about the flood of data originating from behavioral, demographic, social and financial domains and underscored the importance of predictive analytics that will not only shape delivery of healthcare but also define the science of prevention in the next decade.


If you’re on the customer side of the healthcare industry, I would suggest that you have the full right to do a sanity check on whether you’re being hyped by the concept of big data. Is the whole IT industry repackaging plain old yogurt cultured by a mixture of Data Warehousing, Data Mining and Business Intelligence tools under the Big Data label? Well if Activia is any guide, architectures, packaging and delivery methods have changed considerably.



Does your data require surgery?

You no longer have clusters of computers crammed into a datacenter for high performance computing. Dell’s Active Infrastructure HPC for Life Sciences is comparable in size to a fridge and can sequence up to 13,000 genomes in a year or 37 per day. Delivery methods have also been transformed by cloud-based technologies and as this blog post indicates, you can rent a Dell based SAP Hana appliance over the Amazon Web Services for as low as $3500 per month before you decide to go with an on-site solution. It’s important to reinforce at this point that privacy and security is a major concern for the healthcare industry so careful consideration must be taken when choosing a solution.


So big data has arrived. It’s no longer a hype but the main question remains of its probiotic value - is Big Data any good for the healthcare industry? Well, according to this WebMD article, probiotics are good for our health so if we carry the same analogy, we may claim Big Data is also good for the healthcare industry. But let’s hold on to that thought for a second. Sometimes, probiotics come short of curing human ills and you may have to undergo a medical intervention including surgery. With that in mind, Dell and Intel is promoting a 'Does your data require some serious surgery?' campaign offering all our customers a free assessment on your Big Data needs. Reach out to us by filling out this request form and we will happily be at your service.


Contact Afsar Akal on LinkedIn



The King Faisal Specialist Hospital and Research Centre (KFSHRC) is the pinnacle of the healthcare system in the Kingdom of Saudi Arabia. With facilities in Riyadh and Jeddah, plus a children’s cancer center, KFSHRC provides care for the most seriously ill patients from anywhere in Saudi Arabia. Along with delivering advanced treatments, the center conducts leading-edge research and helps train the next generation of physicians, nurses and other clinicians.


Like many nations, Saudi Arabia faces an increasing demand for healthcare services as its population is growing, people are living longer, and lifestyle diseases are on the rise1

KFSHRC recognized that modernizing its technology infrastructure would be essential to meeting future challenges in a reliable, cost-effective way. So, the center is migrating much of its data center infrastructure to servers and storage systems based on the Intel® Xeon® processor E5 family. KFSHRC is also adopting 2 in 1 devices with the Intel® Core™ i5 vPro™ processor for clinicians on the go.

KFSHRC leaders say their technology strategy is enhancing care givers’ productivity and delivering an optimized data center that supports innovative healthcare IT solutions. For example, they have:

  • Reduced capital costs as well as ongoing costs for licensing, support, and maintenance
  • Reduced floor space requirements by 50 percent
  • Reduced cabling inside the data center by 70 percent
  • Improved system availability by 90 percent
  • Enhanced agility by enabling them to deploy new capabilities rapidly


KSFHRC’s technology strategy delivers important benefits for patients and healthcare providers alike. These include:

  • More coordinated, patient-centered care. Powerful healthcare IT solutions and mobile computing can empower treatment teams to provide more coordinated care before, during, and after the patient’s hospital stay.
  • Higher patient satisfaction and engagement. Patients and their families can experience shorter wait times, greater convenience, and fewer redundant procedures. Tools such as portals can help engage patients in managing their own health.
  • Improved productivity, hiring, and retention. Healthcare IT solutions can help medical professionals work more productively and reduce stress. Healthcare IT modernization help KSFHRC attract and retain doctors, nurses, and other clinicians.
  • Readiness for Healthcare 2020. KSFHRC is positioning itself to take advantage of technology-enabled advance that are transforming medicine.

Read the case study to learn more about KFSHRC’s technology strategy and its use of Intel technologies.


1 For example, see data from the United Nations World Population Prospects, summarized in Demographic Profile of Saudi Arabia and the news release Saudi Health Interview Survey finds high rates of chronic diseases in the Kingdom of Saudi Arabia, based on a study conducted by the Saudi Ministry of Health and the Institute for Health Metrics and Evaluation (IHME) at the University of Washington, available at http://www.healthdata.org/news-release/saudi-health-interview-survey-finds-high-rates-chronic-diseases-kingdom-saudi-arabia


Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to www.intel.com/performance

Intel does not control or audit the design or implementation of third party benchmark data or Web sites referenced in this document. Intel encourages all of its customers to visit the referenced Web sites or others where similar performance benchmark data are reported and confirm whether the referenced benchmark data are accurate and reflect performance of systems available for purchase.

Located in Northwest Louisiana—one of the poorest areas of the United States—University Health System strives to deliver top-quality care to some of the sickest of the sick and the neediest of the needy. The two-hospital system is affiliated with Louisiana State University School of Medicine and maintains a Level One Trauma Center.


Healthcare budgets in Louisiana are tight and getting tighter. So when UHS’s technology leaders saw an opportunity to get their Epic* infrastructure on a more sustainable footing, they did their due diligence and then made the move. Today, their Epic* EMR and InterSystems Caché database run on the Intel® Xeon® processor E7 and E5 families powered by Red Hat Enterprise Linux* and VMware*.


In this short video, UHS CIO Marcus Hobgood (below, left) and executive IT director Gregory Blanchard (below, right) tell what they were after—and what they’ve achieved. (Hint: Zero downtime, 40 percent faster responsiveness, 50 percent lower acquisitions costs—and very happy clinicians.)

Marcus Hobgood and Gregory Blanchard.jpg


Watch the video and share your thoughts or questions in the comments. Have you moved your EMR database to an Intel® platform? Are your results similar to Marcus and Greg’s? Any insights to share based on your transition?


Join and participate in the Intel Health and Life Sciences Community.


Learn more about Intel® Health & Life Sciences.


Stay in touch: @IntelHealth, @hankinjoan

I'm excited to be leading a workshop on 'Accelerating Innovation in Healthcare' at IDC's Pan-European Healthcare Executive Summit in Dublin this week. The theme of integrated care and collaboration across the entire healthcare ecosystem is underpinned by innovation, whether that be innovation in hardware such as mobile devices or innovation in thinking around perceptions by providers of what is possible.


Rapid Growth of IoT in Healthcare

I'm particularly interested in how the Internet of Things, robotics and natural language interfaces can change the way healthcare providers deliver high quality care. You may wish to read my earlier blog for a great example of how the Internet of Things is having meaningful impact today, with MimoCare helping the elderly live a more independent life through the use of sensor technology. It is estimated that the Internet of Things in healthcare could be worth $117bn by 2020 so given that we're still in the relatively early stages of IoT implementation in the sector you get some idea of how rapid the adoption of these new technologies is likely to be. Healthcare providers need to be open to collaborating with innovators in this space and, encouragingly, there has been a lot of positive conversation about just that here in Dublin. The result of embracing IoT in healthcare? Lower costs, better patient outcomes and a real move towards prevention rather than cure.


Innovation for the Now

Other technologies discussed at the event included the Intel® RealSense™ Camera which has the potential to be used across a range of scenarios. Bringing 3D depth-sensing technology to healthcare offers up some exciting potential uses from being able to track the 22 joints of a hand to assist in post-operative treatment after hand surgery, to assessing the facial expressions with emotion-detection in patients recovering from a stroke. This is not innovation for the future, this is innovation for the now. We've worked with GPC in the area of wound care management and I think the impact of RealSense™ is summarised succinctly by GPC Medical Director, Dr. Ian Wiles, who said: "[This is] not 3D for the sake of 3D, but better care using 3D".


NLP brings Streamlined Workflows and Lower Costs

When I look at disruptive technologies in healthcare I'm seeing lots of discussion around Natural Language Processing (NLP). NLP has the potential to transform Electronic Medical Records (EMRs) by extracting structured information from unstructured text. Imagine taking historical medical data in the form of freestyle notes and being able to pull that data together into a more structured format to monitor performance and critique clinical decisions. The benefits of NLP to providers are obvious, streamlining workflows, better decision-making and lower costs, all of which benefits the patient too. This will of course require all players in the healthcare ecosystem to be more flexible when it comes to exchanging data. It's still early stages for NLP but I will share some of the work Intel is undertaking in this area in a future blog. If you'd like to be kept up-to-date on this topic and others across the healthcare and life sciences spectrum please do leave your details here.


The theme of convergence and making integrated care work resonated throughout the opening day of IDC’s Pan-European Healthcare Executive Summit in Dublin. It's fantastic to see how much collective drive there is amongst the healthcare community to collaborate and be more flexible to achieve this paradigm shift which will help to deliver innovative, safer and sustainable care.


Major Healthcare Challenges Today

As the foundation sponsor keynote speaker I thought it was important to set the scene to understand the challenges that lie ahead if we are to truly push forward with a more integrated system of healthcare delivery. And I wanted to share that with you here too. I see 4 major issues in global health today:

  • Ageing Population1 - 2bn people over 60 years old by 2050
  • Medical Inflation2 - 50% increase in worldwide health costs by 2020
  • Consumerism3- Increasingly engaged patients via apps, device, wearables, etc
  • Worker Shortage4 - 4.3m global shortfall of doctors and nurses today


All of these issues are interconnected, for example, an ageing population highlights the need for us to robustly tackle chronic conditions, such as diabetes, respiratory disease and dementia, which are soaking up healthcare resources. I've talked previously of how the changing narrative of care can help to reduce healthcare costs but it's integration and collaboration across the entire healthcare ecosystem that will accelerate change.


The Foundations to Deliver Precision Medicine

Technology can help us to move towards a pervasive, continuous notion of healthcare by interconnecting all of the players which deliver health and well-being to the population. Think not just of primary care, but of community/home care too, throw lifestyle and environment into the mix alongside omic profiling and we begin to create the foundations to deliver precision medicine at the bedside.


I think we'd all agree that the quality of life of a patient is enhanced when they enjoy independent healthy living - it's also more cost-effective for healthcare providers too. Integrated care means that the patient benefits from a fully-joined up approach from providers, care is seamless so that time in hospital is kept to a minimum and patients and carers are armed with the right support to prevent readmissions.


Innovation Today

The obvious example (and one where some countries such as Sweden are really forging ahead) is easily accessible Electronic Medical Records which can be updated and shared by caregivers across a range of settings to ensure the most up-to-date clinical information is available at the right place and at the right time, but I'm also seeing some fantastic innovations around how the Internet of Things is benefiting both patient and provider too. This is not about future-gazing, this is about prevention rather than cure, using the technology we have available today to join the dots where it has simply been too difficult, costly or, in some cases, impossible to do until now.


Managing Complex Healthcare Ecosystem

I'm always keen to emphasise that the really, really hard stuff is in fact the soft stuff. We have brilliant engineers here at Intel who are doing incredible things to move healthcare forward, but it's changing the perceptions and realities of the players within the healthcare ecosystem that is the big challenge. We must accept that every player should be interconnected, that includes the patient, the payer, the device-maker and the researcher - no single piece of this hugely complex jigsaw should be operating in isolation if we want to collectively reduce costs and better manage those chronic diseases. Business models are changing and relationships are changing, they have to, so it's great to see that conversation playing out so positively here in Dublin this week.



1 United Nations, Population Ageing and Development 2009

2 Bain & company, 2011. From “The Great Eight: 20 Trillion Growth Trends to 2020.”

3 Worker Shortage: World Health Organization, 2007

4 Inefficiency and Poor Patient Experience: The Institute of Medicine, "Better Care at Lower Cost"

Healthcare reform is a hot topic, and for good reason. We have a healthcare system that lacks a personalized approach to solving the puzzle of today’s most invasive diseases. We have a system that is expensive, fragmented and largely inaccessible to our underserved communities. The question is, how do we fix it? eric_dishman.jpg


Make healthcare personal

We talk a lot about scaling patient engagement, but what does that mean and what are the benefits? It’s simple. An engaged and informed patient is more likely to own their health and proactively work with their doctor and various care teams. Two-way collaboration gives clinicians greater access to more actionable patient-generated data, making collaborative care possible while increasing the quality and accuracy of patient electronic health records (EHRs).


Precision requires diverse data

Combining patient, clinical, diagnostic and ‘omic data will give us a more diversified data set, changing the way we view health data and potential treatments.  But to analyze such diverse and large data sets will require new architectural approaches.  We will need to collect and store patient data in central and secure repositories when we can.  We will also need solutions that can accommodate large amounts of genomic data which isn’t efficient to move from the hospitals that generate and store it. Next-generation high performance computing (HPC) platforms that enable researchers from across our country to conduct large scale collaborative analytics on millions of people’s data wherever it resides, in an open and secure trust model will be key. On September 17, the Precision Medicine Initiative Working Group formed under the National Institutes of Health (NIH) made a very bold announcement that could change the future of medicine.  A cohort of one million or more Americans will volunteer to have their various healthcare data incorporated into a precision medicine platform that will accelerate research across many areas of health and disease. Researchers will now have a huge pool of diverse data to help them discover and quantify factors that contribute to illness, and then test approaches that can preserve health and treat disease.


Securing the ability for participants and institutions to efficiently access this broader dataset will be crucial. With imaging, genomic, and consumer generated data beginning to scale, we should start with commitments to and validation of interoperability standards from the outset, so we do not recreate the problems seen in traditional EHR data.


What questions do you have?


Learn more:


US Senate Committee on Health Education, Labor and Pension’s hearing

National Institutes of Health one million research cohort to help millions of Americans who suffer from disease


To close Big Data Week, this panel discussion with experts from Intel, Ayasdi and UnitedHealthcare explores using machine intelligence to gain insights and what big data access means for organizations.


Listen to the full discussion and let me know what questions you have. How is big data and analytics impacting your healthcare organization?

It’s great when two different parts of my life at Intel collide.


Last week I had the opportunity to chat with Andrew Lamkin, a colleague at Intel who has been working on a project to put the prototyping of new healthcare wearables in the hands of anyone with a 3-D printer and a desire to create a useful new device.


In this project, Andrew’s team published a 3-D model for a wristwatch bezel that can be fitted with an Intel Edison and one or more breakout boards with sensors. (See for example, http://www.thingiverse.com/thing:803004.) The Edison’s computing power, combined with its ability to communicate via WiFi and Bluetooth, make it ideal for recording and transmitting a variety of signals from a user’s wrist. Data from accelerometer, temperature and a number of other sensors can be streamed from the device.


This is very thought-provoking for anyone interested in wearables and the data they produce…particularly if you recently attended the Working Group meeting for the President’s Precision Medicine Initiative, as I did on July 27 and 28. The Working Group is tasked with making recommendations to the President on what data should be recorded and made available for analysis in a national research cohort of one million patients to support the advancement of precision medicine. The topic of this working group session was “Mobile and Personal Technologies in Precision Medicine.”


The discussion covered a wide range of topics around the potential value of data from wearables, along with potential challenges and risks.  Interesting use cases that were exposed ranged from the measurement of environmental health factors to identification of stress and stress-relieving activities in college students. Of course, many challenges cropped up, and the question of whether a limited set of devices would be included in the initiative or whether the million patient cohort would be “BYOD” was left unresolved until the final report.

Dr. Francis Collins, the Director of the NIH, suggested that the NIH use some of its “prize-granting” funds to hold a bakeoff of wearable devices to decide what might be included in the design of the Million Patient Cohort.

After talking to Andrew about his Edison prototyping project, I became enamored with the idea of an army of device prototypers using his designs to prototype new and interesting wearables that might just end up as part of the Million Patient Cohort.


And as a data scientist, regardless of which devices are included, the thought of all the streaming data from one million patients gives me great optimism for the future of precision medicine in America.


What questions about wearables do you have?


Predicting Population Health

Posted by jhankin1 Sep 17, 2015


Continuing our Big Data Week theme this week. In this newest video, Graham Hughes, MD, chief medical officer at SAS, talks about population health and how healthcare can leverage lessons from other industries, like retail, to take data analytics and predict behaviors.


What other industries are outpacing healthcare when it comes to big data analytics? Why?


In this new video, Carl Johnson, senior physician at Optum Analytics, talks about how data analytics can help physicians reach the triple aim: improve the patient experience, improve the health of populations, and lower costs.


Take a look at the clip and let us know what questions you have about big data analytics in healthcare. What’s your vision?


Dr.  Charles Macias is the Chief Clinical Systems Integration Office for Texas Children’s Hospital in Houston and a leading proponent of population health analytics. In his practice as an emergency room physician, Macias has seen first-hand the impact of population health and the potential it has to streamline workflows and improve outcomes. We recently sat down with him to discuss his views on population health analytics and where it is headed in the future.


Intel: What is your definition of population health analytics?


Macias: Population health analytics really refers to how an organization, or government, is addressing the healthcare issues of a population at large. While many people think of population health as an entire region, state or country, there’s variable definitions for how we could parse out one’s segment of a population. In my particular setting, for example, we service the pediatric population up to age 21. Our definition of population health is really about what’s happening to children.


Intel: In another blog you told the story of a young asthma patient. How does that experience years ago compare to today in terms of analytics?


Macias: From a population health perspective, in 2004, when that story took place, population health really wasn’t about population health; it was about treating single patients. That was a paper-based world. We had to depend on published research to understand something about the populations, and when you depend only on the published evidence, you’re assuming that somewhere out in this periphery of research you’re going to be able to translate it down to a population that looks like your own. So, if that direct connection doesn’t exist, if your population is very different, you’re at odds with what you’re really going to know about how to treat your population. Today, the story is very different. Today, we have electronic medical records. Today, we have an electronic data warehouse. We can store data and information about our populations. What used to take me six months to find out now can take about 24 hours thanks to updates in our enterprise data warehouse. I have the answer at my fingertips.


Intel: Today in your practice, how do analytics impact your workflow?


Macias: Analytics today has a completely different impact than it did on clinicians five years ago, 10 years ago, and certainly 20 years ago. Number one, it’s given us the understanding that the 800,000 medical articles that are out there that are essentially non-digestible bits of information. They can systematically be filtered into some kind of clinical standards that can be placed into the analytics and matched against the analytics to say this population parallels what this evidence is telling us and, therefore, this clinical standard should really interdigitate with that work and we should understand how that population fits in with that clinical standard. So, now we have the ability to use best practice alerts, health maintenance reminders, and create long term plans of care embedded directly within the medical record.


Intel: What’s your vision for the future of analytics?


Macias: My vision for analytics is in the world of decision support. It’s really about making clinicians’ workflow much smarter and quicker, and much easier. We already know that when we start a day, we have so many patients to see. In my setting I know I’m going to be overwhelmed with a number of patients in the emergency department. If there are ways to translate the work that’s ongoing, the workflow within the EMR to the kind of decision support that’s going to make prediction rules and strategies much easier, that’s going identify the patients at risk for bad outcomes and link them to the right strategies that will help obviate a need for much more escalated care in the future. That’s a win/win. As we begin to place resources against the value that’s given, I see a lot better alignment with where our healthcare infrastructure supports those strategies.


Intel: How do you work with Health Catalyst to get the information you need?


Macias: The role that Health Catalyst has had in our data governance has been critical to evolving to where we are as an organization. We have learned from how we look at populations of care and how we look at our approaches to merging the science of care with operational care process teams. Predictive analytics comes from how we house data in our enterprise data warehouse. It really goes beyond the EMR’s capability of doing bedside analytics; it’s about the bigger picture of integrating all of those critical domains to effectively improve outcomes. It would not have been possible without our partnership with Health Catalyst.


In the above video, Dave Antsey, global head of life sciences at Cray, Inc., talks about scientific innovation and how it relates to computer infrastructure. He says the coming of big data will have an impact on an organization’s processes and workflow.


Watch the clip and let me know what questions you have. What’s your view of big data in healthcare?

Genome sequencing has moved from bench research into clinical care—and it’s producing medical miracles. Now, it’s time to make genome sequencing an everyday part of our clinical workflows. That day is closer than you might think.


Those were the messages James Lowey shared at HIMSS 2015 in Chicago. As VP of technology at TGen—the nonprofit Translational Genomics Research Institute—James is at the forefront of efforts to bring next-generation genomic sequencing into the clinical mainstream and use it to transform the way we diagnose, treat, and prevent illness.


At the HIMSS session, James described the broad range of areas of clinical interest for genomic data. He also discussed the compute infrastructure necessary to provide cost-effective performance and scalability for large-scale production processing of genomic data.


Recently, our healthcare team interviewed James to learn more about his TGen’s strategy. In this case study, James tells us where he thinks we’re heading—and how fast we’re getting there. He also highlights social and policy issues that must be addressed, and points out the need for ongoing research to establish evidence-based clinical protocols.




I hope you’ll read the TGen case study and join the conversation. Is your organization incorporating genomic analysis into clinical workflows? If so, can you share any advice or best practices? If not, how close are you? What are your next steps? What’s holding you back? Let me know in the comments section. Or become a member of the Intel Health and Life Sciences Community.


Learn more about Intel® Health & Life Sciences.


Download the session handout from HIMSS 2015, Using Genomic Data to Make a Difference in Clinical Care.


Stay in touch: @IntelHealth, @hankinjoan

In my last blog, Healthcare Breaches from Loss or Theft of Mobile Devices or Media, I looked at breaches resulting from loss or theft of mobile devices containing sensitive patient data. In this blog I build on this with another very common type of breach that results from healthcare employee accidents or workarounds. In this case a workaround is defined as a well-intended action the employee takes to get their job done but that is out of compliance with the privacy and security policy of the healthcare organization and adds risk.


The Ponemon 2015 Cost of a Data Breach: United States study reveals that 19 percent of all breaches across industries, including healthcare, are caused by human error. A further 32 percent are caused by system glitches that include both IT and business process failures, in which human error can be a key contributing factor. The total average cost of a single data breach event is $6.53 million, or $398 per patient record (the highest across all industries).


In a previous blog Is Your Healthcare Security Friendly? I discussed how if usability in healthcare solutions is lacking, or security is cumbersome, it can drive the use of workarounds. The use of workarounds is further exacerbated with so many BYOD options and apps now available, giving well intentioned healthcare workers amazing new tools to improve the quality and lower the cost of care, but these tools often were not designed for healthcare and add significant additional risk and in a worst case lead to breaches.


An example of this type of breach is shown in the info graphic below where the first failure is ineffective security awareness training for healthcare workers on how to avoid accidents and workarounds. The second failure is usability is lacking in a solution used by healthcare workers, or security is too cumbersome for example too many logins, or the healthcare IT department is perceived by healthcare workers to be too slow or overly restrictive in enabling new technologies. A 2014 HIMSS Analytics Study Curbing Healthcare Workarounds: Driving Efficient Co-Worker Collaboration reveals that 32 percent of workers use workarounds every day, and 25 percent use workarounds sometimes.


Keeping in mind that any one of these could result in a breach this is a staggering finding and highlights how common workarounds are and how significant the associated privacy and security risks are. The third failure leading to breach in this example involves the healthcare worker using a BYOD device such as a smartphone with an app that has a cloud backend, in order to collaborate with a healthcare co-worker. An example of this could be a healthcare worker taking a photo of a patient and attempting to use a file transfer app to share it with a colleague. In step four any data the healthcare worker puts into the app, or data collected by the app itself such as location history, is sent to the app backend or “side cloud” where in step 5 it is accessed by unauthorized individuals leading to a breach.


David_Security sept.png


Security is complex, and there are many safeguards required to effectively mitigate this type of breach. Maturity models have achieved wide adoption and success in healthcare, for example the HIMSS EMRAM (EMR Adoption Model) has been used by 5300+ provider organizations worldwide. Maturity models are a great way to simplify complexity and enable rapid assessment of where you are and what you need to do to improve.


In the infographic above, beneath the sequence of events leading to this type of breach, is a breach focused maturity model that can be used to rapidly assess your security posture and determine next steps to further reduce residual risk. There are three levels in this maturity model, Baseline includes orange capabilities, Enhanced adds yellow capabilities, and Advanced adds green capabilities. Only safeguards relevant to mitigating this type of breach are colored in this maturity model. Other grayed out blocks, while important in mitigating risk of other types of breaches, do not play a significant role in mitigating risk of breaches from insider accidents or workarounds. There are many risks in healthcare privacy and security. This model is focused on breaches. A holistic approach is required for effective security, including administrative, physical and technical safeguards. This maturity model is focused mostly on technical safeguards. Below I briefly review each of the safeguards relevant to this type of breach.


A baseline level of technical safeguards for basic mitigation of healthcare breaches from insider risks requires:


  • User Awareness Training: educates healthcare workers on how to be privacy and security savvy in delivering healthcare, and the risk of accidents and workarounds, and viable safer alternatives
  • Device Control: prevents the unauthorized use of removable media, for example USB sticks that workers may attempt to use to move sensitive patient data unsecured
  • Mobile Device Management: keeps mobile devices secure, including BYOD devices used by healthcare workers, addressing risks including patient data loss or unauthorized access
  • Anti-Malware: detects and remediates malware infections of healthcare worker devices, including malware employees may accidentally encounter on infected websites or apps
  • DLP Discovery: discovers where sensitive patient data is at rest and how it moves over the network, a key first step in an ongoing inventory of sensitive data you need to protect. This can be used to detect unsecured sensitive data and uncover accidents or workarounds leading to it, enabling correction before a breach
  • Vulnerability Management and Patching: involves proactively identifying vulnerabilities and patching them to close security holes before they can lead to a breach. This is particularly important with healthcare worker devices used to access the Internet and at risk of being exposed to malware and attacks
  • Email Gateway:  enables you to catch unsecured patient data attached to emails and also defends against malware attached to emails, and phishing attacks
  • Web Gateway: can detect malware from healthcare workers web browsing the Internet, and defend against attempted drive-by-downloads that may otherwise lead to data loss and breach


An enhanced level of technical safeguards for further improved mitigation of risk of this type of healthcare breach requires addition of:


  • Secure Remote Administration: enables healthcare IT to efficiently, securely and remotely administer endpoint devices so they are up to date with the latest patches and safeguards to defend against breaches from accidents and workarounds
  • Endpoint DLP: Data Loss Prevention enforced on endpoint devices to monitor and address day-to-day end-user risky actions that can lead to accidents, or be used in workarounds
  • Policy Based File Encryption: can automatically encrypt files containing sensitive healthcare data based on policy and protect the confidentiality of those files even if put at risk in an accident or workaround
  • Network DLP Monitor / Capture: enables healthcare security to gather information about data usage patterns, enabling proactive risk identification, and better decisions on how to mitigate


An advanced level of security for further mitigation of risk of this type of breach adds:


  • Network DLP Prevention: ensures that sensitive healthcare data only leaves the healthcare network when appropriate, and helps defend against loss of sensitive healthcare information from accidents or workarounds
  • Digital Forensics: enables you to determine in the event of an accident or workaround whether a breach actually occurred, and if so the nature of the breach, and exact scope of data compromised


Healthcare security budgets are limited. Building security is an ongoing process. The maturity model approach discusses here can be used in a multi-year incremental approach to improve breach security while keeping within limited annual budgets and resource constraints.


What questions on healthcare security do you have?

Filter Blog

By date:
By tag:
Get Ahead of Innovation
Continue to stay connected to the technologies, trends, and ideas that are shaping the future of the workplace with the Intel IT Center