As we all know, healthcare is a well regulated and process-driven industry. The current timeline for new research and techniques to be adopted by half of all physicians in the United States of America is around 17 years. While many of these regulations and policies are created with the best of intentions, they are often designed by criteria that doesn’t have the patient in mind, but play more to the needs of our billing needs, reimbursements, and being efficient as organizations. Rarely do we see these being designed with the experience and interactions with a patient.


The challenge for technology at the moment, especially for the physician, is how to move beyond the meaningful use criteria that the federal government has adopted. Doug Wood.png


Outdated record rules


We are currently working with medical record rules and criteria that are 20 years old, and trying to adapt and apply them to our electronic records. The medical records have become a repository of large amounts of waste of words and phrases that have little meaning to the physician/patient interaction. For me to wade through a medical record (because of the meaningful use criteria and structure of medical records) it is very difficult to find relevant information.


As a person involved in quality review, what I find more and more in electronic records is that it’s very easy to potentiate mistakes and errors. One part of the whole system that I find uncontainable is to have the physician, who is one of the most costly members of the team, take time to ostensibly be a clerk, or scribe, and take time to fill out the required records.


Disrupts visits


The problem that we can identify with all of this, at least in the office visit portion, is that it disrupts the visit with the patient. It focuses the conversation to adhere to getting the clerical tasks necessary for meaningful use criteria completed. And to me, there’s nothing more oppressive in this interaction than to doing this clerical work, than when it’s done electronically, and getting worse.


So if we look at this situation from the perspective of people (both the patient and physician), and how we can use electronic tools, we could rapidly be liberated from the oppression of regulatory interactions. It would be so easy, right now, to capture patient’s activities and health to create a historical archive. This could be created in some template using video and audio technologies, and language dictation software that could give the physician much more content about what is going on.


I say this after visiting the Center for Innovation team at the Mayo Clinic Scottsdale location, where they are conducting a wearables experiment, on which the provider is wearing Google Glass when at an office visit with a patient.


The experiment had a scribe in another room observing and recording the interaction through the Glass feed, both video and audio, to capture the visit and create the medical record. As I looked through the note that was put together, it was a good note. It met the requirements for the bureaucrats, but it missed the richness of the visit that I observed, and it missed what the patient needed. It missed the steps and instructions that the physician covered with the patient. There is no place to record this in the current set up.


Easy review access


Just think if that interaction was available, through a HIPAA compliant portal, for the patient and provider to access. When the patient goes home, and a few days later asks, “What did my doctor cover during my visit,” they would be able to watch and hear the conversation right there. They might have brochures and literature that was given to them, but imagine if they had access to that video and audio to replay and watch again.


It seems to me that we have the technology at hand to make this a viable reality.


The biggest challenge here is to convince certain parties, like the Federal Government and Medicare, that there is a better way to do this, and that these are more meaningful ways. Recalling who the decision makers are that designed these processes and regulations, we must work to change the design criteria from that of a compliance perspective, to one where the needs of the patient come first.


That’s where I think we have the great opportunities and great challenges to turn this around. If we think for a minute, and decide to do away with all this useless meaningful criteria, and instead say, “Let’s go back and think how we can make the experience better for the patient,” and leverage technologies to do just that, we would be much better off.


What questions do you have?


Dr. Douglas Wood is a practicing cardiologist and the Medical Director for the Mayo Clinic’s Center for Innovation.

I’ve looked at many aspects of Bring Your Own Device in healthcare throughout this series of blogs, from the costs of getting it wrong to the upsides and downsides, and the effects on network and server security when implementing BYOD.


I thought it would be useful to distil my thoughts around how healthcare organisations can maximize the benefits of BYOD into 5 best practice tips. This is by no means an exhaustive list but provides a starting point for the no doubt lengthy conversations that need to take place when assessing the suitability of BYOD for an organisation.


If you’ve already implemented BYOD in your own healthcare organisation then do register and leave a comment below with your own tips – I know this community will appreciate your expertise.


Develop a Bring Your Own Device policy

It sounds like an obvious first step doesn’t it? However, I’d like to stress the importance of getting the policy right from day one. Do your research with clinical staff, understand their technology and process needs, identify their workarounds and ask how you can make their job of patient care easier. Development of a detailed and robust BYOD policy may take much longer than anticipated, and don’t forget that acceptance and inclusion of frontline staff is key to its success. Alongside the nuts and bolts of security it’s useful to explain the benefits to healthcare workers to get their trust, confidence and buy-in from the start.

Mobile Device Management


It’s likely that you have the network/server security aspect covered off under existing corporate IT governance. A key safeguard in implementing BYOD is Mobile Device Management (MDM), which should help meet your organisation’s specific security requirements. Some of these requirements may include restrictions on storing/downloading data onto the device, password authentication protocols and anti-virus/encryption software. Healthcare workers must also be given advice on what happens in the event of loss or theft of the mobile device, or when they leave the organisation in respect of remote deletion of data and apps. I encourage you to read our Case Study on Madrid Community Health Department on Managing Mobile for a great insight into how one healthcare organisation is assessing BYOD.

Make it Inclusive

For a healthcare organisation to fully enjoy the benefits of a more mobile and flexible workforce through BYOD they need to ensure that as many workers as possible (actually, I’d say all) can use their personal devices. It can be complex but some simple stipulations in the BYOD policy, such as requiring the user to ensure that they have the latest operating system and app updates installed at all times, can help to mitigate some of the risk. Also I would be conscious of the level of support an IT department can give from both a resource (people) and knowledge of mobile operating systems point of view. Ultimately, the most effective BYOD policies are device agnostic.

Plan for a Security Breach


The best BYOD policies plan for the worst, so that if the worst does happen it can be managed efficiently, effectively and have as little impact as possible on the organisation and patients. This requires creation of a Security Incident Response Plan. Planning for a security breach may prioritise fixing the weak link in the security chain, identifying the type and volume of data stolen and reporting the breach to a governmental department. For example, the Information Commissioner’s Office (ICO) in the UK advises that ‘although there is no legal obligation on data controllers to report breaches of security, we believe that serious breaches should be reported to the ICO.’

Continuing Assessment

From a personal perspective we all know how quickly technology is changing and improving our lives. Healthcare is no different and it’s likely that the tablet carried by a nurse today has more computing power than the desktop of just a couple of years ago. With this rapid change comes the need to continually assess a BYOD policy to ensure it meets the advances in hardware and software on a regular basis. The risk landscape is also constantly evolving as new apps are installed, new social media services become available, and healthcare workers innovate new ways of collaborating. Importantly though, I stress that the BYOD policy must also take into account the advances in the working needs and practices of healthcare workers. We’re seeing some fantastic results from improved mobility, security and ability to store and analyse large amounts of data across the healthcare spectrum. We cannot afford for this progress to be hindered by out-of-date policies. The policy is the foundation of the security and privacy practice. A good privacy and security practice enables faster adoption, use, and realisation of the benefits of new technologies.


I hope these best practice tips have given you food for thought. We want to keep this conversation about the benefits of a more mobile healthcare workforce going so do follow us on Twitter and share our blogs amongst your personal networks.


BYOD in EMEA series: Read Part Three

Join the conversation: Intel Health and Life Sciences Community

Get in touch: Follow us via @intelhealth

David Houlding, MSc, CISSP, CIPP is a Healthcare Privacy and Security lead at Intel and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts

Today, many healthcare organizations are experimenting with and implementing the art of virtual care. Innovation in technology is finally able to address the need to go beyond brick and mortar and drive “care anywhere” when it is needed. While technology is enabling providers to drive virtual care initiatives to increase quality of care, provide patients with more access, and improve patient empowerment, therein lies the question: How secure is the ecosystem in which more and more personal health information is being exposed to?


Current Technology


First, let’s look at where we are currently. Healthcare is one of the most exciting industries today, thanks to digital technology and the industry and governments coming together to address some major pain points that existed for many decades. We are finally at a point where many of the “what if we could” ideas that clinicians and patients worldwide had can be realized. For example, many providers are driving initiatives around virtual care, including telehealth, and remote patient monitoring leveraging technology that can reside in patients’ homes.


In the future, payers may be able to use HIT and device information to drive big data and provide the optimal plans for patients in different demographics given the geographic region where they live, family history, and life habits. Last, but not least, patients are empowered with tools, devices, and information to proactively manage their own health the way that really makes sense, outside the hospital.


Wearables and Mobility


Simple forms of home monitoring have existed for years; however, today, there is a big disruption in the market due to new form factors of clinical wearables and connectivity solutions, which are easier to use and have a greater ability to transfer and provide access to patient data. Smartphones and tablets have become an integral part of people’s lives and can serve as a tool for telehealth, as well as a hub for clinical patient information. This makes the implementation of virtual care much easier, allowing patients to have options to cost-effective solutions and allowing them to manage their health more proactively. photo for kay 1.jpg


At the same time, this proliferation of devices and data also increases the risk of data attack. Any points the data is collected, used, or stored can be at risk and needs to be secured. If the wearable devices that are collecting the data are outside the U.S. and this data is being uploaded to the cloud inside the U.S., then the use of these wearables can represent trans-border data flow which can be a significant concern, especially for countries with strong data protection laws such as in EU. We need to be more responsible on how the data can be captured, transmitted, and protected. At Intel, we provide security solutions that integrate well into the user experience such as fast encryption and cost reduction. We are working with our customers to develop the most effective solution for data privacy and security.


Key Challenges


Overall, it is wonderful to see so many healthcare institutions driving virtual care. Care is definitely moving outside the traditional venues to new more natural settings closer to what patients need. However, this also exposes more patient health information to be outside the hospital walls and outside the walls of patients’ homes.


As such, at Intel, when we design a solution, we enable security in our core HW technology. And this provides differentiation in how the users experience security. To have a great experience, the end user should not be subjected to data breaches or other security incidents, and solutions need to be smarter about detecting user context and risks, and guiding the user to safer alternatives. Devices need to function reliably and be free of malware.


In addition, we are focused on driving consistent security performance across the compute continuum of care.


That brings us back to the original question: How secure is the ecosystem? Security will play a key role in ensuring a safe solution that providers, payers, and patients can all rely on. Security would also be key to enabling faster adoption of virtual care. Depending on the types of patient information collected, used, retained, disclosed, or shared, and how to store/dispose it, security can be designed to optimally protect privacy. It is a complex area to address, but given the value of health data, I am hopeful that organizations will start to design their virtual care solutions and ecosystem with security as one of the key pillars.


What questions do you have?


Kay Eron is General Manager Health IT & Medical Devices at Intel.

Popularly referred to as next-generation sequencing (NGS), or high-throughput sequencing, NGS is the catch-all term used to describe a number of different modern sequencing technologies including Illumina (Solexa), Roche 454, Ion Torrent (Proton/PGM), and SOLiD. This has allowed us to sequence DNA and RNA much faster and cheaper than the previously used Sanger sequencing, and has revolutionized the study of genomics and molecular biology.


The cost of genomic sequencing has also come a long way. From $3 billion to sequence the first human genome, it cost about $100 million per genome in 2001, and as of January 2014, the cost is about $1,000. Compared to Moore’s law that observes computing doubles every two years, the cost of sequencing a genome is falling five to 10 times annually.


The issue now is computing power to analyze this data. Newer sequencers are now producing four times the data in half the time. Intel® technologies like Xeon® and Xeon® Phi®, SSDs, 10/40 GbE networking solutions, Omni-Path fabric interconnect, Intel Enterprise Edition for Lustre (IEEL), along with partners like Cloudera and Amazon Web Services, are helping to cut down the time for secondary analysis from weeks to hours. Photo for ketan 1.jpg


Genomic information is now catalogued and used for advancing precision medicine. For example, genomic information from TCGA (The Cancer Genome Atlas) has led to developments and FDA approval for certain cancer treatments. Currently, there are about 34 FDA-approved targeted therapies like Gleevec that treat gastrointestinal stromal tumors by blocking tyrosine kinase enzymes. Though approved by the FDA in 2001, it was further granted efficacy to treat 10 more types of cancers in 2011.


Technical Challenges


Sequencers are now producing four times more data in 50 percent less time at about 0.5TB/device/day. This is a lot of data. Newer modalities like 4-D imaging are now producing 2 TB/device/day. The majority of the software used for informatics and analytics is open sourced and the market is very fragmented.


Once the data is generated, the burden of storing, managing, sharing, ingesting, and moving it has its own set of challenges.


Innovation in algorithms and techniques is outpacing what IT can support, thus requiring flexibility and agility in infrastructures.


Collaboration across international boundaries is an absolute necessity and that introduces challenges with security and access rights.


Finally, as genomics makes its way into clinics, clinical guidelines like HIPAA will kick in.


At the clinical level, you have barriers around the conservation and validity of the sample, validity and repeatability of laboratory results, novelty and interpretation of biomarkers, merging genomics data with clinical data, actionability and eventually changing the healthcare delivery paradigm.


There are too few clinical specialists and key healthcare professionals, like pharmacists, who are trained in clinical genomics. New clinical pathways and guidelines will have to be created. Systems will need to be put in place to increase transparency and accountability of different stakeholders of genomic data usage. Equality and justice need to be ensured and protection against discrimination needs to be put in place (GINA).


Reimbursement methods need to consider flexible pricing for tailored therapeutics responses along with standardization and harmonization (CPT codes).


Path Forward


Looking ahead, we need to develop a standardized genetic terminology (HL7, G4GH, eMERGE) and make sure EHRs support the ability to browse sequenced data. Current EHRs will need standards around communication, querying, storing, and compressing large volumes of data while interfacing with EHRs’ identifiable patient information.


Photo for ketan 2.jpg


Intel is partnering with Intermountain Health to create a new set of Clinical Decision Support (CDS) applications by combining clinical, genomic, and family health history data. The goal is to promote widespread use of CDS that will help clinicians/counselors in assessing risk and assist genetic counselors in ordering genetic tests.


The solution will be agnostic to data collection tools, scale to different clinical domains and other healthcare institutions, be standards based where they exist, work across all EHRs, leverage state-of-the-art technologies, and be flexible to incorporate other data sources (e.g., imaging data, personal device data).


What questions do you have?


Ketan Paranjape is the general manager Life Sciences at Intel Corporation.

Improving care for patients is a common goal for our healthcare team and partners, so I’m really excited to be able to share the outcome of a collaborative project we’ve been working on with the Spanish Society of Family Medicine and Community (semFYC).


Together we have created a tablet featuring an app store exclusively for doctors. Meeting the needs of healthcare professionals with an easy-to-use mobile device combined with medical applications that have the endorsement of a scientifically-recognised body in semFYC is incredibly exciting for all involved and a step-change for the way GPs and physicians access the latest clinical information.


Josep Basora, President of semFYC, spoke to me about the tablet and app store created in partnership with Intel: “When I started to drive this project I wanted to facilitate the right information, at the appropriate place and by the authorised time. Mobility is one of the keys that defines the work of the current healthcare professional.”


“For a physician, the possibility to use applications that have the endorsement of a scientific society such as semFYC has real significance, as it has the full assurance that the tool used is supported by rigorous governance. This has certainly had a positive effect on both resource optimisation and improvement of patient service.”


semFYC brings together more than 17 Societies of Family Medicine and Community in Spain covering a total of 19,500 GPs with a focus on improving the knowledge and skills of its members. The app store, which exclusively features medical applications, automatically updates installed apps with the latest information around procedures and drugs, thus reducing the time GPs require to update their knowledge and consequently increasing the quality of patient care.


Take a look at the video above to find about more about the tablet and health app store created by Intel with semFYC.


A perfect storm of market conditions is forming that will likely propel consumer health near the top of many enterprise priority lists and justify its estimated 40 percent CAGR in 2015.

Intel has been the driving force behind the global technology revolution for more than 40 years, and we’ve seen the dramatic impact of technology on healthcare. Looking ahead, here are the five drivers that we see fueling growth in consumer health:

Payment Reform


One of the most important conditions is payment reform. As the basis for reimbursement shifts away from fee-for-service and toward quality-based outcomes in the U.S., providers will extend the continuum of care far beyond their hospitals to more accurately quantify value after discharge.



One of the best ways to optimize care and demonstrate effectiveness is to implement a holistic approach for understanding a person’s status by deriving actionable data about her individually and continuously from multiple sources — including consumer devices.

Photo for MJ blog HIMSS.jpg

Consumer Involvement


Consumer empowerment is also going to play a large role. It began with the shift from a business model that was traditionally B2B to one that was more B2C as commercial health insurers positioned themselves to personally engage millions of newly eligible customers. Now, consumer health solutions enable all payer organizations — private, public, employer — to promote healthy behaviors and timely preventative care that has been shown to reduce the occurrence of costly acute emergencies. Ultimately, consumers will have the ability to be more active in managing their own care, with the expectation of access to more of their health information anytime.

Baby Boomers


A demographic shift is also fueling this growth. Every day, 10,000 baby boomers celebrate their 65th birthday in the U.S., and that trend will continue until at least 2019. Unfortunately, 90 percent of them, with help from their family caregivers in some cases, are managing at least one chronic medical condition (860 million people worldwide). As telehealth becomes more widely adopted (and reimbursed), remote doctor consultations will increasingly rely on consumer health technologies to improve chronic disease management and ease the stress on a limited pool of primary care physicians.


Worldwide Approach


Many fast-growing emerging global markets, like China and India, are exhibiting strong appetites for consumer health solutions that can add value while supplementing recent government efforts to provide more efficient virtual care to their significant aging and rural populations. As more technology vendors from the region offer innovative products at very competitive price points, access and adoption will continue to climb at a healthy pace, contributing to notable growth of the consumer health market segment regionally and worldwide.


Of course, one of the biggest hurdles to overcome is alignment of priorities for all major stakeholders. You need a consumer-centered design, an evaluation of clinical workflow integration, and a way to measure the business impact of the goals.


What questions do you have? What other drivers do you see impacting consumer health?


Michael Jackson is General Manager, Consumer Health at Intel Corporation.

I like to think of security as a chain, and like any other chain it is only as strong as its weakest link. In the case of security in healthcare the chain consists of the network, the server and the device. Often the focus is overwhelmingly placed on the security of the device but I argue that data is as equally, if not more, at risk when it's in transit as it is when at rest. So, with that in mind I wanted to take a look at some of the wider security considerations around Bring Your Own Device (BYOD).

Whenever I speak at events about security and healthcare my starting point is often that we must remember that the priority for healthcare professionals is patient care. Security cannot, and must not, compromise usability as we know this drives workarounds. Often these workarounds mean using personal devices in conjunction with what is more commonly known as 'Bring Your Own Cloud'.

Bring Your Own Cloud

Bring Your Own Cloud (BYOC) primarily refers to the use of clouds that are not authorized by the healthcare organization to convey sensitive data. This often occurs through an individual using an app they downloaded onto a personal device. Many such apps have backend clouds as part of their overall solution. When sensitive data is entered into the app it gets sync’d to the cloud. Furthermore, this transfer can occur over networks that are not managed by the healthcare organization, making the transfer invisible to the healthcare organization. Of course, sensitive data in an unauthorized cloud can constitute a breach. In many cases these 3rd party clouds can be in different countries, making this transfer a trans-border data flow and can represent further non-compliance issues with data protection laws.

For example, imagine a nurse taking patient notes that need to be sent to a specialist such as a cardiologist. This should be done using a secure device with a secure wireless network and a secure solution approved by the organization for such a task. However, lack of usability, or cumbersome security around such solutions, or a slow or overly restrictive IT department can drive the use of BYOC approach instead. In a BYOC approach the nurse uses a personal app on a personal mobile device together with either unencrypted email, a file transfer app, or social media to send these for analysis by a specialist.

This introduces risks to both the confidentiality of the sensitive healthcare data, as well as the integrity of the patient record that is often not updated with information traveling in these “side clouds”, rendering it incomplete, inaccurate, or out of data. In a best case this can result in suboptimal healthcare, and in a worst case this could be a patient safety issue. The consequences to both patient and organisation of such risks can be severe. Here at Intel we have security solutions available to healthcare organisations, which ensure that data is always secure whether at rest or in transit on the device or organisation’s network. Our security solutions also use hardware-enhanced security to maximize performance and usability, mitigating risk of cumbersome security and the healthcare worker being driven to resort to workarounds and BYOC.

Apps for Healthcare

One area where I’m seeing a lot of rapid change is in the development of apps for healthcare. I recently spoke to the Apps Alliance on the security challenges for developers of healthcare apps, whether they are aimed at healthcare professionals or consumers. These apps often make the recording and analysing of health information very easy and in some cases they can enhance the relationship between patient and clinician.

Stealth IT

I’d also like to briefly take a look at what is often referred to as ‘Stealth IT’, also called ‘Shadow IT’. As with any form of workaround, the use of Stealth IT can be driven by an unresponsive or overly restrictive corporate IT department. One obvious example would be a small team of researchers requiring additional server space to store data but perceiving the organisational process slow and expensive in providing such resources. The consequence is the purchase of what is comparatively cheap and accessible server space with any number of easy-to-find companies on the web. I remind you of my earlier comments about knowing exactly how secure the server is and in which country or continent the server sits.

I like to think that a healthcare organisation looking to put a Bring Your Own Device policy in place appreciates the benefits and risks but starts with understanding why a healthcare professional uses their own device, logs on to an unsecure network or purchases unauthorised server space. Only then will the organisation, healthcare worker and patient truly reap the benefits of BYOD.



David Houlding, MSc, CISSP, CIPP is a Healthcare Privacy and Security lead at Intel and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts

As promised, the Centers for Medicare and Medicaid Services have offered up plans for Meaningful Use Stage Three just in time for discussion at the HIMSS Annual Conference. Based on conversations I’ve had with CIOs, there will be a lot to discuss in Chicago.


As with the previous incarnations (Stages 1 and 2), there’s a 60-day comment period during which anyone can weigh in on the proposals. Although the previous rules reflected input from groups like HIMSS and CHIME, I heard frequent grumbling from healthcare providers that the regulations elevated political and economic interests over those of physicians, hospitals and most importantly, patients themselves. beaudoin_med.jpg


Perhaps because Stage 3 represents the end of the process, CMS is signaling its intent to finalize a rule that puts patients first, and believes that eligible providers and hospitals can use technology creatively and flexibly to meet the latest requirements.


The Basic Overview

To get a basic overview of the rules, take a look at this infographic produced by my former colleagues over at Healthcare IT News. For a more substantive take, John Halamka, a physician and CIO at  the CareGroup Health System, posted a definitive summary of the proposed rules on his blog.


There are eight objectives, and as many as 20 measures of meaningful use for providers and hospitals. Some measures are essentially repeats from earlier rules (although the thresholds are increased), while others represent new and uncharted territory.


Despite its length of 300-plus pages, Halamka calls the MU Stage 3 proposal a good first draft.


“CMS deserves a lot of credit,” he says, “for streamlining and consolidating… and making the Stage 3 rule coherent and relatively easy to understand.” But he’s not so kind about the the rule’s sibling proposal, also released on March 20 – the Office of the National Coordinator’s 2015 EHR standards.


Although meaningful use and EHR certification are generally thought to go hand-in-hand, this time “ONC includes a variety of certification specifications for which there are no corresponding MU requirements from CMS,” Halamka notes. “This has the potential to create market confusion, an overwhelming scope for vendors/developers and a laundry list of requirements that serve narrow interests.”


Scott MacLean, Deputy CIO and Director of IS Operations at Partners HealthCare in Boston, agrees that the industry is already suffering from regulation fatigue. It’s not that any single regulation is, by itself, difficult or noxious, but rather it’s the sum of regulations which are often times at odds with each other.


Patient Engagement

Particularly challenging are the requirements for patient engagement. Twenty-five percent of patients must access their records electronically under the MU Stage 3 proposal, while 35 percent of patients must receive a clinically relevant secure message. Providers must also incorporate data from non-clinical settings for 15 percent of their patients.


“Whether its between systems and providers, or between patients and providers, I’m worried about the interoperability requirements,” MacLean notes. “When we’re dependent on other people doing something, it’s cause for concern.”


Charles Christian, CIO of St. Francis Hospital in Columbus, Georgia and chair of the CHIME Board of Trustees, agrees. “Providing electronic access to the information is important,” he says. “However, holding the organizations accountable for their patients’ behavior after their encounter is a requirement that many organizations can’t successfully accomplish. I agree that we need to engage our patients; however, there are many that do not want to interact with their healthcare providers electronically.”


Overall Christian is confident that the nation’s healthcare CIOs can have an impact on the final Stage 3 rules. “It appears that CMS is working toward the flexibility that they outlined, but I'm sure that some in the industry will wish for more,” he says. “CMS is specifically asking for comments on a large number of items and options. This leads me to believe that they are seeking additional input from the industry and they are listening to the concerns and impacts.  We will need to wait until the final rule to see what impact the comments have had.”


What do you think about the Stage 3 proposal? Is it ready for prime time yet? What changes would you seek?


Jack Beaudoin co-founded MedTech Media with the launch of Healthcare IT News in 2003 and is a sponsored corresponded for Intel Health & Life Sciences.

In healthcare, the patient is at the heart of everything we do. This sentiment is echoed in technologies ranging from wearables and mHealth to telehealth and remote patient monitoring, with the aim of generating data we didn’t have before, improving collaboration and integration, and fostering communication and education. NancyRagontheadshot.JPG


The driving force behind all this innovative goodness? To improve patient care and engagement. Today’s patients are becoming more engaged in their own healthcare, and as a result are starting to drive the requirement for better information consolidation and integration. Technology empowers patients to be more informed and more proactive, delivering greater access to their own health data. This year, we decided to highlight this growing trend by building our entire HIMSS booth around it, focusing on Powering Patient Care Through Technology!


With technology enabling better and more open lines of communication to healthcare providers 24/7, patients are no longer recipients but vital participants in the continuum of care. And as the delivery of value-based care continues to expand across healthcare, meeting the modern patient’s needs is imperative, helping them to be Empowered, Mobile, Secure and Connected. Our HIMSS booth contains four patient stations that will bring each of these concepts to life:


  1. Empowered Patient. See how patients are putting themselves at the center of their care
  2. Mobile Patient. Find out how patients are embracing mobility for better health
  3. Secure Patient. Learn how providers are transforming their infrastructures for total optimization, accessibility and security
  4. Connected Patient. Learn about ways patients are staying connected to caregivers and other providers


Check out these patient-focused resources to keep up with the latest technology advances powering the patient experience:



Are you headed to HIMSS15? Visit us to see the patient experience firsthand. Check out what we’ve got planned for HIMSS15 and Booth #1231 where we’ll be Powering Patient Care Through Technology!


Looking for technology to help support your patient care and engagement efforts?

For more information on a variety of technology solutions from patient data management to EHR support to back-end infrastructure, visit CDW Healthcare’s CommunIT.


Nancy Ragont is Senior Manager of Segment Marketing at CDW Healthcare

The saying that “life sciences is like a puzzle” has never been more true than it is today. The life sciences are in the midst of a dramatic transformation as technology redefines what is possible for human health and healthcare. That’s why the upcoming Bio-IT World event in Boston, April 21-23, holds so much promise for moving the conversation forward and sharing knowledge that truly helps people.


As the show approaches, we’re excited to roll out a new resource for you that offers an optimized compendium of codes with benchmarks and replication recipes. When used on Intel®-based computing platforms, and in concert with other Intel® software tools and products, such as Intel® Solid-State Drives (Intel® SSDs), the optimized code can help you decipher data and accelerate the path to discovery. rubiks-01_v2.jpg


Industry leaders and authors of key genomic codes have supported this new resource to ensure that genome processing runs as fast as possible on Intel® based systems and clusters. The results have been significantly improved speed of key genomic programs and the development of new hardware and system solutions to get genome sequencing and processing down to minutes instead of days.


Download codes

On the new resource page, you can currently download the following codes to run on Intel® Xeon® processors:


  • BWA
  • GATK


If you’re looking for new tools to help handle growing molecular dynamics packages, which can span from hundreds to millions of particles, take advantage of these codes that are compatible with both Intel® Xeon® processors and Intel® Xeon® Phi™ coprocessors and allow you to “reuse” rather than “recode:”


  • AMBER 14
  • GROMACS 5.0 RC1
  • NAMD
  • Quantum ESPRESSO
  • NWChem

Solve the cube

Finally, because life sciences is like a puzzle, look for a little fun and games at Bio-IT World that will test your puzzle solving skills and benefit charity.


If you’ll be at the show, be sure to grab a customized, genomic-themed Rubik’s Cube at the keynote session on Thursday, April 23, and join the fun trying to solve the puzzle after the speeches at our location on the show floor. Just by participating you will be eligible to win great prizes like a tablet, a Basis watch, or SMS headphones. Here’s a little Rubik’s Cube insight if you need help.


Plus, we’re giving away up to $10,000 to the Translational Genomics Research Institute (TGEN) in a tweet campaign that you can support. Watch for more details.


What questions do you have? We’re looking forward to seeing you at Bio-IT World next month.


Mobility is expected to be a hot topic once again at HIMSS 2015 in Chicago. Tablets like the Surface and Windows-based versions of electronic health records (EHRs) from companies such as Allscripts are helping clinicians provide better care and be more efficient with their daily workflows.


The above video shows how the Surface and Allscripts’ Wand application are helping one cardiologist improve patient engagement while allowing more appointments throughout the day.  You can read more in this blog.


Watch the video and let us know what questions you have. How are you leveraging mobile technology in your facility?

In my second blog focusing on Bring Your Own Device (BYOD) in EMEA I’ll be taking a look at the positives and negatives of introducing a BYOD culture into a healthcare organisation. All too often we hear of blanket bans on clinicians and administrators using their personal devices at work, but with the right security protocols in place and enhanced training there is a huge opportunity for BYOD to help solve many of the challenges facing healthcare.


Much of the negativity surrounding BYOD occurs because of the resulting impact to both patients (privacy) and healthcare organisations (business/financial) of data breaches in EMEA. While I’d agree that the headline numbers outlined in my first blog are alarming, they do need to be considered in the context of the size of the wider national healthcare systems.


A great example I’ve seen of an organisation seeking to operate a more efficient health service through the implementation of BYOD is the Madrid Community Health Department in Spain. Intel and security expert Stack Overflow assessed several mobile operating systems with a view to supporting BYOD for physicians in hospitals within their organisation. I highly recommend you read more about how Madrid Community Health Department is managing mobile with Microsoft Windows-based tablets.



The Upside of BYOD

There’s no doubt that BYOD is a fantastic enabler in modern healthcare systems. But why? We’ll look at some best practice tips in a later blog but suffice to say here that much of the list below should be underpinned by a robust but flexible BYOD policy, an enhanced level of staff training, and a holistic and multi-layered approach to security.


1) Reduces Cost of IT

Perhaps the most obvious benefit to healthcare organisations is a reduction in the cost of purchasing IT equipment. Not only that, it’s likely that employees will take greater care of their own devices than they would of a corporate device, thus reducing wastage and replacement costs.


2) Upgrade and Update

Product refresh rates are likely to be more rapid for personal devices, enabling employees to take advantage of the latest technologies such as enhanced encryption and improved processing power. And with personal devices we also expect individuals to update software/apps more regularly, ensuring that the latest security updates are installed.


3) Knowledge & Understanding

Training employees on new devices or software can be costly and a significant drain on time, notwithstanding being able to schedule in time with busy clinicians and healthcare administrators. I believe that allowing employees to use their personal everyday device, with which they are familiar, reduces the need for device-level training.  There may still be a requirement to have app-level training but that very much depends on the intuitiveness of the apps/services being used.


4) More Mobile Workforce

The holy grail of a modern healthcare organisation – a truly mobile workforce. My points above all lead to clinicians and administrators being equipped with the latest mobile technology to be able to work anytime and anywhere to deliver a fantastic patient experience.



The Downside of BYOD

As I’ve mentioned previously, much of the comment around BYOD is negative and very much driven by headline news of medical records lost or stolen, the ensuing privacy ramifications and significant fines for healthcare organisations following a data breach.


It would be remiss of me to ignore the flip-side of the BYOD story but I would hasten to add that much of the risk associated with the list below can be mitigated with a multi-layered approach that not only combines multiple technical safeguards but also recognises the need to apply these with a holistic approach including administrative safeguards such as policy, training, audit and compliance, as well as physical safeguards such as locks and secure use, transport and storage.

1)  Encourages a laissez-faire approach to security

We’ve all heard the phrase ‘familiarity breeds contempt’ and there’s a good argument to apply this to BYOD in healthcare. It’s all too easy for employees to use some of the same workarounds used in their personal life when it comes to handling sensitive health data on their personal device. The most obvious example is sharing via the multitude of wireless options available today.

2) Unauthorised sharing of information

Data held at rest on a personal devices is at a high risk of loss or theft and is consequently also at high risk of unauthorized access or breach. Consumers are increasingly adopting cloud services to store personal information including photos and documents.


When a clinician or healthcare administrator is in a pressured working situation with their focus primarily on the care of the patient there is a temptation to use a workaround – the most obvious being the use of a familiar and personal cloud-based file sharing service to transmit data. In most cases this is a breach of BYOD and wider data protection policies, and increases risk to the confidentiality of sensitive healthcare data.

3) Loss of Devices

The loss of a personal mobile device can be distressing for the owner but it’s likely that they’ll simply upgrade or purchase a new model. Loss of personal data is quickly forgotten but loss of healthcare data on a personal device can have far-reaching and costly consequences both for patients whose privacy is compromised and for the healthcare organisation employer of the healthcare worker. An effective BYOD policy should explicitly deal with loss of devices used by healthcare employees and their responsibilities in terms of securing such devices, responsible use, and timely reporting in the event of loss or theft of such devices.

4) Integration / Compatibility

I speak regularly with healthcare organisations and I know that IT managers see BYOD as a mixed blessing. On the one hand the cost-savings can be tremendous but on the other they are often left with having to integrate multiple devices and OS into the corporate IT environment. What I often see is a fragmented BYOD policy which excludes certain devices and OS, leaving some employees disgruntled and feeling left out. A side-effect of this is that it can lead to sharing of devices which can compromise audit and compliance controls and also brings us back to point 2 above.


These are just some of the positives and negatives around implementing BYOD in a healthcare setting. I firmly sit on the positive side of the fence when it comes to BYOD and here at Intel Security we have solutions to help you overcome the challenges in your organisation, such as Multi-Factor Authentication (MFA) and SSDs Solid State Drives including in-built encryption which complement the administrative and physical safeguards you use in your holistic approach to managing risk.


Don’t forget to check out the great example from the Madrid Community Health Department to see how our work is having a positive impact on healthcare in Spain. We’d love to hear your own views on BYOD so do leave us a comment below or if you have a question I’d be happy to answer it.



David Houlding, MSc, CISSP, CIPP is a Healthcare Privacy and Security lead at Intel and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts

“Any fool can make something complicated. It takes a genius to make it simple.” – Woody Guthrie, musician


The proliferation of electronic systems and devices in healthcare is a good example of the tendency of systems to increase in complexity over time, and the complexity has taken its toll on our ability to adequately secure data. In 2014, the number of people in California alone whose electronic protected health information (ePHI) was exposed by a breach had increased 600 percent. The national cost of recovering from a breach averaged $5.4 million, not including the harm from loss of consumer trust. FrankNegro-Dell.jpg


With so much at risk, security is no longer just an IT issue; it is a significant business and operational concern. The growing complexity of healthcare IT demands a simpler approach that will enable organizations to address security realistically. As Harvard surgeon Atul Gawande explained in his 2007 book The Checklist Manifesto, a checklist can help people simplify the steps in a complex procedure, like the one he used to reduce central line infections at Johns Hopkins University. His simple, five-step checklist for central line insertion, including the enforcement and monitoring of hand washing, helped prevent 43 infections and 8 ICU deaths, saving the hospital $2 million. Enforcement and monitoring of hand washing significantly increased compliance of basic hygiene and was important in reducing infection rates.


Use checklists

If healthcare organizations used a checklist of basic security hygiene, similar to the one Gawande wrote about, many breaches of privacy could be avoided. But, like enforcement of hand washing, which is both cheap and effective at preventing infection, healthcare organizations often neglect the bedrock of a good security posture: encryption, identity and access management platforms, risk analyses, and breach remediation and response plans.


While organizations understand that these activities are important, many lack operational follow-through. For example, less than 60 percent of providers have completed a risk assessment on their newest connected and integrated technologies, and only 30 percent are confident that their business associates can detect patient data loss or theft or perform a risk assessment. Barely 75 percent of providers use any form of encryption, despite the fact that it confers immunity from the requirement to report ePHI breaches. And according to Dell's 2014 Global Technology Adoption Index, only one in four organizations surveyed actually has a plan in place for all types of security breaches. Many healthcare organizations are just as vulnerable as Community Health Systems was in early 2014, or insurer Anthem was at the beginning of 2015.


In the face of multiple incentives to encrypt data and manage authorizations and data access, why do so many organizations ignore these most of basic of measures?


The answer is complexity. In a 2010 survey, IBM’s Institute for Business Value identified “the rapid escalation of complexity” as a top challenge for CEOs, and most of those polled did not feel felt adequately ready to confront this complexity. To better manage the chaos, healthcare CIOs can look to their own clinical departments for examples of significant quality improvements achieved by establishing a checklist of behaviors and making people accountable for sticking to the list. The Royal Australian College of General Practitioners (RACGP), for instance, has adopted a 12-point framework to help physician practices assess their security and comply with security best practices. These guidelines are tightly integrated into areas such as process development, risk analysis, governance and building a culture of security.


Simplified playbook

Dell security experts have also written recently on the importance of a simplified playbook approach to security, focusing on four areas: (1) preventing, (2) detecting, (3) containing, and (4) eradicating breaches. By implementing a framework based on these four simple principles, healthcare organizations can not only address the technical and hardware components of security, but also address the “human element” that is responsible for many breaches, including human error and malicious insiders. Within these four strategic areas of focus, healthcare organizations can incorporate checklists of the core tactics that will support those areas. For instance, many of the activities in this process will take place to prevent a breach in the first place, and should limit employee negligence. Thus, to prevent a breach, a checklist similar to the following should be implemented, depending on the organization’s unique needs:


1. Automatically encrypt all protected data from point of creation, and as it moves, including movement into the cloud.

2. Implement an effective identity and access management solution. Include clear direction on access rights, password maintenance and management, remote access controls, and auditing and appropriate software configuration.

3. Regularly assess security risks, using a framework such as NIST, and include threat analysis, reporting schedule and data breach recording procedures.  Ensure risk remediation efforts have a high priority.

4. Ensure the education of staff on security “hand washing” behaviors, including password, internet and email usage practices.

5. Monitor to detect threats in real-time.


Similar checklists can also be created for the other three areas mentioned above. Healthcare organizations can simplify even further by vertically integrating security add-ons and centralizing and hardening security into the IT infrastructure. This includes embedding security in firewalls, servers and data centers; integrating secure messaging with next generation firewalls; and encrypting data automatically as it scales and moves into the cloud.


We can improve healthcare cybersecurity by focusing on a checklist of simple practices that have the greatest impact. And simplicity, Leonardo da Vinci once stated, “Is the ultimate sophistication.”


What questions about cybersecurity do you have?


Join Dell and Intel at HIMSS booth #955 on April 14 at 11 am CT for an interactive tweet-up discussing relevant topics in healthcare security. Register for this exclusive event here.

Frank Negro is Global Practice Leader, Strategy and Planning, Healthcare and Life Sciences Solutions at Dell Services

The Bring Your Own Device (BYOD) movement is booming. Tech Pro Research's latest survey shows that 74 percent of organizations globally are either already using or planning to allow employees to bring their own devices to work.


Allowing employees to bring their own devices into the office for business use has helped companies cut hardware and service costs, increase flexibility and achieve greater productivity, but there are also inherent security and data protection risks.

According to the same Tech Pro Research study, security concerns were the primary barrier to adoption of BYOD for a large majority (78 percent) of respondents; followed by IT support concerns (49 percent); lack of control over hardware (45 percent); and regulatory compliance issues (39 percent).


The cost of a data breaches is often substantial. Data from the Ponemon Institute shows that in EMEA in 2014 the organisational cost of a breach was some £2.02m in UAE/Saudi Arabia, £2.21m in the United Kingdom and over £2.50m in Germany.


Of course these concerns and costs are understandable, but they needn’t be a showstopper.


Mobile risk analysis

Carrying out a thorough risk analysis of the impact of BYOD can help organizations better understand the associated security, management and compliance issues and help them chose the mobility solution that best aligns with their strategies.


Madrid Community Health Department, the agency in charge of providing public health services in Madrid, found that increasing numbers of physicians and other staff were trying to access the corporate network from their own tablets and smartphones.


Rather than try and resist this rising tide it called in an independent security expert to collaborate with its IT and Legal teams to draw up a list of 18 security requirements its mobility strategy needed to meet.


A full list of these requirements can be found here: [ENG]/[ESP].


It then assessed the capability of three different scenarios in assuring compliance with these statements.


  • A tablet running a Windows 8.1 operating system (OS) managed by Mobile Device Management (MDM)
  • A tablet running an Android OS managed by MDM
  • A tablet running a Windows 8.1 OS managed as a normal PC


Managing Windows 8.1 tablets was shown to meet all 18 compliance statements. Managing Windows 8.1 and Android tablets with MDM was only able to meet eight and 10 user compliance statements respectively.


Managing mobile as a PC

From this Madrid Community Health Department was able to conclude that tablets running a Windows 8.1 OS offered greater flexibility, since they can be managed both with an MDM and as a normal PC.


However, adopting and managing tablets with Windows 8.1 running as a normal enterprise PC can manage and cover most of the defined risks, providing the tablet is given to the employee by Madrid Community Health Department as a normal PC.


For Madrid Community Health Department carrying out a full risk analysis showed that managing Windows 8.1 devices as a normal PC best aligns with its strategies.

If your organization is uncertain which management solution to choose, then a similar analysis could be the way to move you closer towards BYOD.


Computer Aided Engineering (CAE) has become pervasive in the design and manufacture of everything from jumbo jets to razor blades, transforming the product development process to produce more efficient, cost effective, safe and easy to use products. A central component of CAE is the ability to realistically simulate the physical behavior of a product in real world scenarios, which greatly facilitates understanding and innovation.



Application of this advanced technology to healthcare has profound implications for society, promising to transform the practice of medicine from observation driven to understanding driven. However, lack of definitive models, processes and standards has limited its application, and development has remained fragmented in research organizations around the world.


Heart simulation invaluable

In January of 2014, Dassault Systèmes took the first step to change this and launched the “Living Heart Project” as a translational initiative to partner with cardiologists, researchers, and device manufacturers to develop a definitive realistic simulation of the human heart. Through this accelerated approach, the first commercial model-centric, application-agnostic, multi-physical whole heart simulation has been produced.


Since cardiovascular disease is the number one cause of morbidity and mortality across the globe, Dassault Systèmes saw the Living Heart Project as the best way to address the problem. Although there is a plethora of medical devices, drugs, and interventions, physicians face the problem of determining which device, drug, or intervention to use on which patient. Often times to truly understand what is going on inside a patient invasive procedures are needed.


CAE and the Living Heart Project will enable cardiologists to take an image (MRI, CT, etc) of a patient’s heart and reconstruct it on a 3D model thereby creating a much more personalized form of healthcare. The doctor can see exactly what is happening in the patient’s heart and definitively make a more informed decision of how to treat that patient most effectively.


What questions do you have about computer aided engineering?


Karl D’Souza is a senior user experience specialist at Dassault Systèmes Simulia Corp.

Filter Blog

By date:
By tag: