In my second blog focusing on Bring Your Own Device (BYOD) in EMEA I’ll be taking a look at the positives and negatives of introducing a BYOD culture into a healthcare organisation. All too often we hear of blanket bans on clinicians and administrators using their personal devices at work, but with the right security protocols in place and enhanced training there is a huge opportunity for BYOD to help solve many of the challenges facing healthcare.


Much of the negativity surrounding BYOD occurs because of the resulting impact to both patients (privacy) and healthcare organisations (business/financial) of data breaches in EMEA. While I’d agree that the headline numbers outlined in my first blog are alarming, they do need to be considered in the context of the size of the wider national healthcare systems.


A great example I’ve seen of an organisation seeking to operate a more efficient health service through the implementation of BYOD is the Madrid Community Health Department in Spain. Intel and security expert Stack Overflow assessed several mobile operating systems with a view to supporting BYOD for physicians in hospitals within their organisation. I highly recommend you read more about how Madrid Community Health Department is managing mobile with Microsoft Windows-based tablets.



The Upside of BYOD

There’s no doubt that BYOD is a fantastic enabler in modern healthcare systems. But why? We’ll look at some best practice tips in a later blog but suffice to say here that much of the list below should be underpinned by a robust but flexible BYOD policy, an enhanced level of staff training, and a holistic and multi-layered approach to security.


1) Reduces Cost of IT

Perhaps the most obvious benefit to healthcare organisations is a reduction in the cost of purchasing IT equipment. Not only that, it’s likely that employees will take greater care of their own devices than they would of a corporate device, thus reducing wastage and replacement costs.


2) Upgrade and Update

Product refresh rates are likely to be more rapid for personal devices, enabling employees to take advantage of the latest technologies such as enhanced encryption and improved processing power. And with personal devices we also expect individuals to update software/apps more regularly, ensuring that the latest security updates are installed.


3) Knowledge & Understanding

Training employees on new devices or software can be costly and a significant drain on time, notwithstanding being able to schedule in time with busy clinicians and healthcare administrators. I believe that allowing employees to use their personal everyday device, with which they are familiar, reduces the need for device-level training.  There may still be a requirement to have app-level training but that very much depends on the intuitiveness of the apps/services being used.


4) More Mobile Workforce

The holy grail of a modern healthcare organisation – a truly mobile workforce. My points above all lead to clinicians and administrators being equipped with the latest mobile technology to be able to work anytime and anywhere to deliver a fantastic patient experience.



The Downside of BYOD

As I’ve mentioned previously, much of the comment around BYOD is negative and very much driven by headline news of medical records lost or stolen, the ensuing privacy ramifications and significant fines for healthcare organisations following a data breach.


It would be remiss of me to ignore the flip-side of the BYOD story but I would hasten to add that much of the risk associated with the list below can be mitigated with a multi-layered approach that not only combines multiple technical safeguards but also recognises the need to apply these with a holistic approach including administrative safeguards such as policy, training, audit and compliance, as well as physical safeguards such as locks and secure use, transport and storage.

1)  Encourages a laissez-faire approach to security

We’ve all heard the phrase ‘familiarity breeds contempt’ and there’s a good argument to apply this to BYOD in healthcare. It’s all too easy for employees to use some of the same workarounds used in their personal life when it comes to handling sensitive health data on their personal device. The most obvious example is sharing via the multitude of wireless options available today.

2) Unauthorised sharing of information

Data held at rest on a personal devices is at a high risk of loss or theft and is consequently also at high risk of unauthorized access or breach. Consumers are increasingly adopting cloud services to store personal information including photos and documents.


When a clinician or healthcare administrator is in a pressured working situation with their focus primarily on the care of the patient there is a temptation to use a workaround – the most obvious being the use of a familiar and personal cloud-based file sharing service to transmit data. In most cases this is a breach of BYOD and wider data protection policies, and increases risk to the confidentiality of sensitive healthcare data.

3) Loss of Devices

The loss of a personal mobile device can be distressing for the owner but it’s likely that they’ll simply upgrade or purchase a new model. Loss of personal data is quickly forgotten but loss of healthcare data on a personal device can have far-reaching and costly consequences both for patients whose privacy is compromised and for the healthcare organisation employer of the healthcare worker. An effective BYOD policy should explicitly deal with loss of devices used by healthcare employees and their responsibilities in terms of securing such devices, responsible use, and timely reporting in the event of loss or theft of such devices.

4) Integration / Compatibility

I speak regularly with healthcare organisations and I know that IT managers see BYOD as a mixed blessing. On the one hand the cost-savings can be tremendous but on the other they are often left with having to integrate multiple devices and OS into the corporate IT environment. What I often see is a fragmented BYOD policy which excludes certain devices and OS, leaving some employees disgruntled and feeling left out. A side-effect of this is that it can lead to sharing of devices which can compromise audit and compliance controls and also brings us back to point 2 above.


These are just some of the positives and negatives around implementing BYOD in a healthcare setting. I firmly sit on the positive side of the fence when it comes to BYOD and here at Intel Security we have solutions to help you overcome the challenges in your organisation, such as Multi-Factor Authentication (MFA) and SSDs Solid State Drives including in-built encryption which complement the administrative and physical safeguards you use in your holistic approach to managing risk.


Don’t forget to check out the great example from the Madrid Community Health Department to see how our work is having a positive impact on healthcare in Spain. We’d love to hear your own views on BYOD so do leave us a comment below or if you have a question I’d be happy to answer it.



David Houlding, MSc, CISSP, CIPP is a Healthcare Privacy and Security lead at Intel and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts

“Any fool can make something complicated. It takes a genius to make it simple.” – Woody Guthrie, musician


The proliferation of electronic systems and devices in healthcare is a good example of the tendency of systems to increase in complexity over time, and the complexity has taken its toll on our ability to adequately secure data. In 2014, the number of people in California alone whose electronic protected health information (ePHI) was exposed by a breach had increased 600 percent. The national cost of recovering from a breach averaged $5.4 million, not including the harm from loss of consumer trust. FrankNegro-Dell.jpg


With so much at risk, security is no longer just an IT issue; it is a significant business and operational concern. The growing complexity of healthcare IT demands a simpler approach that will enable organizations to address security realistically. As Harvard surgeon Atul Gawande explained in his 2007 book The Checklist Manifesto, a checklist can help people simplify the steps in a complex procedure, like the one he used to reduce central line infections at Johns Hopkins University. His simple, five-step checklist for central line insertion, including the enforcement and monitoring of hand washing, helped prevent 43 infections and 8 ICU deaths, saving the hospital $2 million. Enforcement and monitoring of hand washing significantly increased compliance of basic hygiene and was important in reducing infection rates.


Use checklists

If healthcare organizations used a checklist of basic security hygiene, similar to the one Gawande wrote about, many breaches of privacy could be avoided. But, like enforcement of hand washing, which is both cheap and effective at preventing infection, healthcare organizations often neglect the bedrock of a good security posture: encryption, identity and access management platforms, risk analyses, and breach remediation and response plans.


While organizations understand that these activities are important, many lack operational follow-through. For example, less than 60 percent of providers have completed a risk assessment on their newest connected and integrated technologies, and only 30 percent are confident that their business associates can detect patient data loss or theft or perform a risk assessment. Barely 75 percent of providers use any form of encryption, despite the fact that it confers immunity from the requirement to report ePHI breaches. And according to Dell's 2014 Global Technology Adoption Index, only one in four organizations surveyed actually has a plan in place for all types of security breaches. Many healthcare organizations are just as vulnerable as Community Health Systems was in early 2014, or insurer Anthem was at the beginning of 2015.


In the face of multiple incentives to encrypt data and manage authorizations and data access, why do so many organizations ignore these most of basic of measures?


The answer is complexity. In a 2010 survey, IBM’s Institute for Business Value identified “the rapid escalation of complexity” as a top challenge for CEOs, and most of those polled did not feel felt adequately ready to confront this complexity. To better manage the chaos, healthcare CIOs can look to their own clinical departments for examples of significant quality improvements achieved by establishing a checklist of behaviors and making people accountable for sticking to the list. The Royal Australian College of General Practitioners (RACGP), for instance, has adopted a 12-point framework to help physician practices assess their security and comply with security best practices. These guidelines are tightly integrated into areas such as process development, risk analysis, governance and building a culture of security.


Simplified playbook

Dell security experts have also written recently on the importance of a simplified playbook approach to security, focusing on four areas: (1) preventing, (2) detecting, (3) containing, and (4) eradicating breaches. By implementing a framework based on these four simple principles, healthcare organizations can not only address the technical and hardware components of security, but also address the “human element” that is responsible for many breaches, including human error and malicious insiders. Within these four strategic areas of focus, healthcare organizations can incorporate checklists of the core tactics that will support those areas. For instance, many of the activities in this process will take place to prevent a breach in the first place, and should limit employee negligence. Thus, to prevent a breach, a checklist similar to the following should be implemented, depending on the organization’s unique needs:


1. Automatically encrypt all protected data from point of creation, and as it moves, including movement into the cloud.

2. Implement an effective identity and access management solution. Include clear direction on access rights, password maintenance and management, remote access controls, and auditing and appropriate software configuration.

3. Regularly assess security risks, using a framework such as NIST, and include threat analysis, reporting schedule and data breach recording procedures.  Ensure risk remediation efforts have a high priority.

4. Ensure the education of staff on security “hand washing” behaviors, including password, internet and email usage practices.

5. Monitor to detect threats in real-time.


Similar checklists can also be created for the other three areas mentioned above. Healthcare organizations can simplify even further by vertically integrating security add-ons and centralizing and hardening security into the IT infrastructure. This includes embedding security in firewalls, servers and data centers; integrating secure messaging with next generation firewalls; and encrypting data automatically as it scales and moves into the cloud.


We can improve healthcare cybersecurity by focusing on a checklist of simple practices that have the greatest impact. And simplicity, Leonardo da Vinci once stated, “Is the ultimate sophistication.”


What questions about cybersecurity do you have?


Join Dell and Intel at HIMSS booth #955 on April 14 at 11 am CT for an interactive tweet-up discussing relevant topics in healthcare security. Register for this exclusive event here.

Frank Negro is Global Practice Leader, Strategy and Planning, Healthcare and Life Sciences Solutions at Dell Services

The Bring Your Own Device (BYOD) movement is booming. Tech Pro Research's latest survey shows that 74 percent of organizations globally are either already using or planning to allow employees to bring their own devices to work.


Allowing employees to bring their own devices into the office for business use has helped companies cut hardware and service costs, increase flexibility and achieve greater productivity, but there are also inherent security and data protection risks.

According to the same Tech Pro Research study, security concerns were the primary barrier to adoption of BYOD for a large majority (78 percent) of respondents; followed by IT support concerns (49 percent); lack of control over hardware (45 percent); and regulatory compliance issues (39 percent).


The cost of a data breaches is often substantial. Data from the Ponemon Institute shows that in EMEA in 2014 the organisational cost of a breach was some £2.02m in UAE/Saudi Arabia, £2.21m in the United Kingdom and over £2.50m in Germany.


Of course these concerns and costs are understandable, but they needn’t be a showstopper.


Mobile risk analysis

Carrying out a thorough risk analysis of the impact of BYOD can help organizations better understand the associated security, management and compliance issues and help them chose the mobility solution that best aligns with their strategies.


Madrid Community Health Department, the agency in charge of providing public health services in Madrid, found that increasing numbers of physicians and other staff were trying to access the corporate network from their own tablets and smartphones.


Rather than try and resist this rising tide it called in an independent security expert to collaborate with its IT and Legal teams to draw up a list of 18 security requirements its mobility strategy needed to meet.


A full list of these requirements can be found here: [ENG]/[ESP].


It then assessed the capability of three different scenarios in assuring compliance with these statements.


  • A tablet running a Windows 8.1 operating system (OS) managed by Mobile Device Management (MDM)
  • A tablet running an Android OS managed by MDM
  • A tablet running a Windows 8.1 OS managed as a normal PC


Managing Windows 8.1 tablets was shown to meet all 18 compliance statements. Managing Windows 8.1 and Android tablets with MDM was only able to meet eight and 10 user compliance statements respectively.


Managing mobile as a PC

From this Madrid Community Health Department was able to conclude that tablets running a Windows 8.1 OS offered greater flexibility, since they can be managed both with an MDM and as a normal PC.


However, adopting and managing tablets with Windows 8.1 running as a normal enterprise PC can manage and cover most of the defined risks, providing the tablet is given to the employee by Madrid Community Health Department as a normal PC.


For Madrid Community Health Department carrying out a full risk analysis showed that managing Windows 8.1 devices as a normal PC best aligns with its strategies.

If your organization is uncertain which management solution to choose, then a similar analysis could be the way to move you closer towards BYOD.


Computer Aided Engineering (CAE) has become pervasive in the design and manufacture of everything from jumbo jets to razor blades, transforming the product development process to produce more efficient, cost effective, safe and easy to use products. A central component of CAE is the ability to realistically simulate the physical behavior of a product in real world scenarios, which greatly facilitates understanding and innovation.



Application of this advanced technology to healthcare has profound implications for society, promising to transform the practice of medicine from observation driven to understanding driven. However, lack of definitive models, processes and standards has limited its application, and development has remained fragmented in research organizations around the world.


Heart simulation invaluable

In January of 2014, Dassault Systèmes took the first step to change this and launched the “Living Heart Project” as a translational initiative to partner with cardiologists, researchers, and device manufacturers to develop a definitive realistic simulation of the human heart. Through this accelerated approach, the first commercial model-centric, application-agnostic, multi-physical whole heart simulation has been produced.


Since cardiovascular disease is the number one cause of morbidity and mortality across the globe, Dassault Systèmes saw the Living Heart Project as the best way to address the problem. Although there is a plethora of medical devices, drugs, and interventions, physicians face the problem of determining which device, drug, or intervention to use on which patient. Often times to truly understand what is going on inside a patient invasive procedures are needed.


CAE and the Living Heart Project will enable cardiologists to take an image (MRI, CT, etc) of a patient’s heart and reconstruct it on a 3D model thereby creating a much more personalized form of healthcare. The doctor can see exactly what is happening in the patient’s heart and definitively make a more informed decision of how to treat that patient most effectively.


What questions do you have about computer aided engineering?


Karl D’Souza is a senior user experience specialist at Dassault Systèmes Simulia Corp.


I recently spoke to Mark Blatt, Intel’s Worldwide Medical Director, about whether virtual care can deliver equal to or better than face-to-face care. Across the world, ageing populations are stretching public health services to the limit. It's impractical for everybody with a health problem to go to a hospital or clinic, taking up the valuable time of a limited number of doctors and nurses that could be better used elsewhere.


That's why we believe virtual care is a trend that will increase markedly in the future. It isn't something that is entirely new – in the past my fellow medical professionals have found the telephone a valuable diagnostic tool. And while it remains an important part of virtual care, the desk telephone (which is more commonly used in a mobile situation today), when used in isolation, can help to deliver only basic support.


So, what does the future hold for virtual care? Take a look at the video above to hear Mark’s thoughts and leave us your ideas too. I’d love to hear from you in the comments section below.

Technology is making huge advances in all spheres of life, especially in healthcare. Clinicians have a wider range of devices at their disposal and can choose the best device based on their needs. With increased connectivity, clinicians are able to turn to mobile devices for their portability and versatility, but for certain tasks that require a large screen size, plugged-in capability and high-performance power, all-in-one (AiO) desktop computers might be a better bet. 50076.jpg


The right device for the right time

AiO computers are capable of performing multiple functions that require a huge amount of data, making them ideal for many situations in a healthcare setting. For instance:


  • Senior administrators can use the touch and voice commands, combined with large and immersive screens to quickly navigate through large data files or numerous reports. Plus, AiOs take up little precious room on the desk or at a shared station, and technologies like Intel® RealSense™ can use facial recognition as a sign-on for added protection in a multi-user environment.
  • Surgeons in the operating room can connect critical monitoring devices to new AiOs so that real-time data needed by anesthesiologists, nurses, and physicians, along with a patient’s full medical history, is consolidated onto one large screen during a procedure. This provides a more holistic view of the patient to make better operating room decisions.
  • Doctors and nurses can use an AiO to replace a bedside terminal to collaborate with patients on critical care questions. After they sign off, the desktop can also be used by the patient and family members as their big-screen TV, streaming music station, or voice-enabled Web browsing desktop.
  • Teleradiologists will appreciate the large processing power and screen size of an AiO to examine X-rays and CAT scans in minute detail. With touch integration, they can rotate, enlarge, measure, and expand images without maxing out the processing requirements like you would on a laptop. The sleek footprint also gives new AiOs better usability in tight spaces, such as patient examination rooms or the ER, and it’s easy to plug in a handheld microphone for direct dictation.
  • Ob-gyns can take advantage of new, low-cost technology such as the USB probes that plug into AiOs to become ultrasound machines. Imagine being able to save tens of thousands of dollars on stand-alone ultrasound equipment by making use of the powerful performance and features of new desktop computers.

Better workflow and security

Unlike mobile devices where data can experience lag while it’s sent to and from the cloud, desktop systems connect directly to the network to streamline workflow because everything is updated in real time. This can be especially valuable in hospital areas where Wi-Fi is problematic or rooms that are purposely built to block X-rays. To speed things up even further, no additional encryption is needed for data both in flight and at rest, as would be for a mobile wireless device.


Additionally, Intel® vPro™ technology allows these powerful devices to be easily and even remotely managed, which can be especially valuable for smaller clinics that don’t have a dedicated IT department. Lastly, AiOs offer more physical security—it’s difficult to walk off with a desktop after all.


What questions about desktop computers in healthcare do you have? Do you use both mobile and desktop in your healthcare environment?


This is the first installment of the Desktop World Tech Innovation Series.

Click here to view: blog #2

To view more posts within the series click here: Desktop World Series

The countdown to HIMSS 15 is on. Next month, the healthcare technology community gathers in Chicago April 12-16 for the world’s largest health IT event to see what devices, software, infrastructure and security architecture will be shaping the landscape in 2015 and beyond.


At Intel, we’re approaching HIMSS with a critical eye on three areas that we feel are focal points for CMIOs:


  • The right mobile device for the right decisions at any point of care
  • Clinical analytics
  • Consumer health (IoT, wearables) and the next generation of devices


To learn more about these pillars of healthcare technology, you’re invited to the Intel booth (#2525) to view the latest hardware and software that clinicians are beginning to utilize. We encourage you to sign up to take a guided tour, where you’ll see:


  • A simulated collaboration room with working technology
  • A device bar with applications and demonstrations
  • Server and analytics stations
  • An IoT/wearables table featuring Google Glass, sensors, headphones, and ultrasound technology


When you take a booth tour you’ll also have a chance to win a tablet computer in our HIMSS drawing.


Outside of the Intel booth, you will find our experts sharing their knowledge in a number of forums. For example:


Finally, be sure to follow us on Twitter to keep up-to-date on all the happenings going on at the event. We’ll be live tweeting from the show floor and sharing pictures of cool health IT products/services that we discover.


HIMSS is always a great event and we are looking forward to seeing you in Chicago.


What questions about HIMSS do you have? What are you most looking forward to seeing during the show?

In my last blog post, we looked at the first two significant policy issues that will shape the future of health IT this year and beyond—EHR meaningful use and interoperability. Today, we focus on alternative payments, telehealth care delivery models, and ICD-10 (briefly)


Alternative Payment and Care Delivery Models

A newly-proposed CMS Shared Savings Program Rule focuses on more ACO flexibility, greater performance-based risk and reward as well as the use of innovative care coordination and telehealth tools. While I am still holding out for passage of bipartisan, bicameral SGR/ FFS reform legislation, there has been real progress out of the Department of Health and Human Services (HHS) as it has proposed phasing in an alternative payment models that leverage outcomes and quality-based payments with a smaller fee-for-service reimbursement. Basically, paying providers for value, not volume.


Through this January announcement:


  • HHS has set a goal of tying 30 percent of traditional, or fee-for-service, Medicare payments to quality or value through alternative payment models, such as ACO, PCMH or bundled payment arrangements by the end of 2016, and tying 50 percent of payments to these models by the end of 2018


  • HHS also set a goal of tying 85 percent of all traditional Medicare payments to quality or value by 2016 and 90 percent by 2018 through programs such as the Hospital Value Based Purchasing and the Hospital Readmissions Reduction Programs


Note: In 2011, Medicare made almost no payments to providers through alternative payment models, but today such payments represent approximately 20 percent of Medicare payments. The goals announced in January represent a 50 percent increase by 2016.


  • To put this in perspective, in 2014, Medicare fee-for-service payments were $362 billion so a significant amount of payments will be shifting quickly into alternative payment models and this trend will not be tied to just Medicare but rather all insurers including Medicaid will be briskly moving in this direction


HHS has adopted a framework that categorizes health care payment according to how providers receive payment to provide care:


  • Category 1—fee-for-service with no link of payment to quality
  • Category 2—fee-for-service with a link of payment to quality
  • Category 3—alternative payment models built on fee-for-service architecture
  • Category 4—population-based payment


Medicare telehealth expansion includes use of health IT for chronic care

Medicare has expanded its covered telehealth services to include wellness (HCPCS code G0438) as well as several behavioral health visits. Beginning in January 2015, Medicare will reimburse physicians $40-$42/patient/month for chronic care management services for patients with more than one chronic condition

  • Physicians must use EHR systems that meet 2011 or 2014 certification criteria for meaningful use and a scope of service
  • Chronic care management is expected be provided by clinical staff directed by a physician or other qualified health professional. The level of service is expected to be 20 minutes per patient per month



Oh, and let’s not forget about our decade-long transition to ICD-10 on October 1, 2015.


So as you can see and are probably well aware, 2015 has already started off with seismic shifts in public policy in an attempt to stabilize the rate of growth of our annual healthcare costs. I don’t believe anyone can kid themselves and think that we will ever reduce our nation’s healthcare expenses, but what many of us are passionately working towards is creating a smarter and sustainable healthcare system that will at least reduce the rate in which our costs are increasing and truly create a healthcare system where we see intrinsic value and the patient becomes an informed and accountable consumer. We can all dream can’t we?


What questions do you have?


As a healthcare innovation executive and strategist, Justin is a corporate, board and policy advisor who also serves as an Entrepreneur-in-Residence with the Georgia Institute of Technology’s Advanced Technology Development Center (ATDC). In addition, Mr. Barnes is Chairman Emeritus of the HIMSS EHR Association as well as Co-Chairman of the Accountable Care Community of Practice. Barnes has appeared in more than 1,000 journals, magazines and broadcast media outlets relating to national leadership of healthcare and health IT. Barnes also recently launched the weekly radio show, “This Just In.”


Our latest video showcases how 3D imaging technology is used with mobile devices to help radiologists deliver improved patient care in hospitals.


I think we have all seen radiologists who would normally use a light box to analyse x-rays. Nowadays this has been replaced by powerful graphic workstations, which are usually stationary, making results difficult to move around in a hospital. Intel technology, with powerful in-built rendering and networking capabilities, have made these images mobile - truly mobile.


More powerful processing technology is enabling the production of 3D images that enable healthcare professionals to view fractures from every angle on a mobile device in today’s hospital. Being able to zoom in and rotate the injury on a tablet is no longer a futuristic vision. Intel technology has bought 3D visualisation to the patient’s bedside.


When I speak to doctors they tell me they get a real feel for how bone fragments are positioned and consequently can provide the best possible treatment for realignment. And the patient benefits too, as treatment plans can be discussed in detail with a highly visual explanation of their injury on a tablet device. Clinicians have known for decades that the most effective patient outcomes are achieved when the patient is educated about their medical injury and buys-in to the treatment plan.


We’re helping to bring images to life for doctors and patients here at Intel – check out our healthcare device selector tool to find the best solution for you and your patients.


Keep in touch with the latest healthcare IT news by following us on twitter via @intelhealth and join our healthcare professionals’ community to receive a monthly email with best practice solutions to help you deliver better patient care.

As we head toward HIMSS in Chicago next month, it’s a good time to take a look at the significant policy issues that will shape the future of health IT. While we will see tweaks to important legislation and regulation, the major public policy impacts that I envision for 2015 and even 2016 will revolve around EHR meaningful use, interoperability and most importantly in my book and strategy, alternative payment and care delivery models. Yes, ICD-10 is in there too but literally for how many years can we talk about that?


In this two-part blog series, I’ll look at the five issues that I see as priorities. Today’s topics: meaningful use and interoperability.


EHR Meaningful Use
EHR meaningful use will almost certainly grab the biggest headlines throughout the year as we just saw with the popular CMS announcement of the delay in the Medicare EHR meaningful use attestation for the 2014 reporting year, whereas eligible professionals now have until March 20, 2015.


There is also a new EHR meaningful use rule expected this spring that is intended to be responsive to provider concerns about software implementation, information exchange readiness as well as be reflective of developments in the industry and progress toward program goals achieved since the program began in 2011.


Here are a few highlights:


  • Shorten the EHR reporting period in 2015 to 90 days to accommodate these changes
  • Realign hospital EHR reporting periods to the calendar year to allow eligible hospitals more time to incorporate 2014 Edition software into their workflows and to better align with other CMS quality programs
  • Modify other aspects of the program to match long-term goals, reduce complexity, and lessen providers’ reporting burdens


Interoperability and Data Exchange

The Office of the National Coordinator for Health Information Technology (ONC) released its shared interoperability Roadmap on January 30.


The ONC sees health IT as an important contributor to improving health outcomes, improving health care quality and lowering health care costs. They further state that health IT should facilitate the secure, efficient and effective sharing and use of electronic health information when and where it is needed.


Here are a few highlights:


  • ONC suggests that the community must expand its focus beyond institutional care delivery and health care providers, to a broad view of person-centered health
  • Healthcare is being transformed to deliver care and services in a person-centered manner and is increasingly provided through community and home-based services that are less costly and more convenient for individuals and caregivers
  • The Roadmap Identifies Four Critical Near-Term Actions for Enabling Interoperability
    • Establish a coordinated governance framework and process for nationwide health IT interoperability
    • Improve technical standards and implementation guidance for sharing and using a common clinical data set
    • Enhance incentives for sharing electronic health information according to common technical standards, starting with a common clinical data set
    • Clarify privacy and security requirements that enable interoperability


A personal favorite inside the Roadmap is the call for alignment of private payer efforts with CMS policies and programs, including incentives for health information exchange and e-clinical quality measures that will enable the three- and six-year goals in the Roadmap. This is a key component that will garner a lot of broad stakeholder support including the critical support of caregivers and IT professionals who struggle to participate in quality and incentive programs due to their lack of coordination and ability to report on measures.


The ONC did create a terrific infographic that details this journey as well. Public comments on the ONC Interoperability Roadmap are open until April 3, 2015.


What questions about EHR or interoperability do you have?


Watch for the second part of this blog series to be posted soon.       


As a healthcare innovation executive and strategist, Justin is a corporate, board and policy advisor who also serves as an Entrepreneur-in-Residence with the Georgia Institute of Technology’s Advanced Technology Development Center (ATDC). In addition, Mr. Barnes is Chairman Emeritus of the HIMSS EHR Association as well as Co-Chairman of the Accountable Care Community of Practice. Barnes has appeared in more than 1,000 journals, magazines and broadcast media outlets relating to national leadership of healthcare and health IT. Barnes also recently launched the weekly radio show, “This Just In.”

Today I begin a series of blogs which take an in-depth look at the issues surrounding what is commonly known as ‘Bring Your Own Device’, with a focus on the Healthcare and Life Sciences sector in EMEA. Bring Your Own Device or BYOD, is the catch-all phrase attributed to the use of personal technology devices in a corporate environment for business use.

I’ll look at the scale of BYOD in specific territories, get under the skin of exactly why this trend has taken off over the past few years and dig into the detail of the opportunities and costs of allowing a BYOD culture to develop within your healthcare setting. I’ll conclude the series with some practical advice on how advances in technology can help you safeguard your systems and data.


I’d also be interested to get your views too (leave a comment below or tweet us via @intelhealth), whether you’re a clinician working at the sharp end of care delivery and benefiting from using a personal device at work, or you’re an IT administrator tackling the often thorny and complex issue of implementing a BYOD policy in your organisation.


Cost of Data Breaches in EMEA

Providing context to the scale of BYOD across EMEA inevitably means looking at the cost of data breaches but I’d stress that not all of the consequences of allowing BYOD are negative, as I’ll explain in a later blog. A great point of reference though is the Ponemon Institute, which has produced detailed reports on the cost of data security breaches for many years.




Cost (m)

Ave per

Capita Cost

Negligence Cause (%)


Attacks (%)

System Biz Process Failures (%)



















UAE/Saudi Arabia
























*Source: 2014 Cost of Data Breach Study (country specific -. December 2014 – Ponemon Institute


The table above shows the significant costs associated with data breaches across a number of sectors including pharmaceuticals, energy and public (which includes health). BYOD sits under the term ‘Negligence Cause’ in the table above and for some countries in EMEA it accounts for a significant portion of overall breaches. The organisational costs are significant and reflect not only the consequential increase in investment to safeguard security weaknesses but also fines levied by national and pan-regional government.


I’ll drill down into specific examples of Bring Your Own Device in healthcare in more detail in the future but as a brief indicator we know, for example, that in England the National Health Service (NHS) suffered 7,255 personal data breaches over a 3 year period. These breaches of healthcare information security include data being lost, stolen or inappropriately shared with third parties, and in the case of inappropriate sharing this often includes a workaround using a personal device.


Opportunities presented by Bring Your Own Device

The negative comments around BYOD and associated costs to healthcare organisations as a result of data breaches often mask what are some fantastic upsides. I’m keen to emphasise in this series that with the right security solutions, both at rest and in transit, and across the entire network-client-device continuum, there are significant advantages to healthcare organisations in allowing individuals to use personal devices at work.


I hope this first blog has piqued your interest in what is a hot topic within the health and life sciences sector across the EMEA region. If you’ve successfully implemented a BYOD policy in your healthcare organisation or you want to highlight why and how you are using your personal device to deliver better patient care we’d be grateful to hear from you.


It would be fantastic to share some great examples from EMEA to help our community learn together. If you want to be the first to know when the next blog in this series will be published then sign-up to our Health and Life Sciences Community.


David Houlding, MSc, CISSP, CIPP is a Healthcare Privacy and Security lead at Intel and a frequent blog contributor.

Find him on LinkedIn

Keep up with him on Twitter (@davidhoulding)

Check out his previous posts

There’s a lot of talk these days about personalized medicine. This emerging medical science promises medical diagnoses and treatments that are tailored to an individual’s set of medical problems, rather than the current methodology of generalized treatments for a wide range of disease with an average range of effectiveness and a broad range of side effects. Personalized medicine offers much more specific treatments of disease, improved outcomes, faster recovery, and fewer side effects.


With the advent of new diagnostic technologies, such as next generation sequencing (NGS), experimental personalized treatments for disease are being developed for rampant diseases like cancer, extreme allergies, and bacterial and viral infections. Many of these treatments involve the use of genomic sequencing to identify the precise source of disease, then engineering treatments to combat those biomarkers that are unique to the disease state. While promising, these techniques require an extremely large amount of computation in order to yield actionable results. For institutions that have this technology available to them, the specificity of these treatments is improving steadily, and the research and experimental methodologies are becoming ever more promising. int_brand_879_LabDocTblt_5600_cmyk._lowresjpg.jpg


Laws and restrictions are barriers

So, why isn’t personalized medicine developing at a faster rate, and why aren’t many of these new methods available to the general public? The answer is, in part, that the stringency of privacy laws and restrictions on where human personal health information (PHI) can be stored, the format it can be accessed in, who can access it, and where you can analyze it is so locked down that most researchers can’t analyze the data using existing high performance computing (HPC) infrastructures that may be available to them because the computational environments don’t meet the compliance standards required by the Health Insurance Portability and Accountability Act (HIPAA) and other privacy laws surrounding the health industry.


The reality is that these regulations are not defined in a specific manner, especially with regard to technological solutions being used to process and interpret medical information. The vast majority of the law talks about security restrictions on electronic health records (EHR) systems and the infrastructure that house these databases. As such, individual auditors and compliance officers often interpret the needs for compliance in very different ways, since the laws are written in a subjective manner.


What this means for personalized medicine, is that hospitals, universities, government agencies, and corporations all have to err on the side of extreme levels of security in order to approximate the privacy laws as they are currently defined. In most IT organizations with restrictions such as these, decisions are made to prioritize security over performance, to the great detriment of research. Anyone who follows this emerging field knows that modern laboratory technologies produce enormous amounts of data that need to be transmitted to storage systems and analyzed on compute infrastructures before any interpretations can be made.


Transferring those data from the equipment, through many firewalls to encrypted storage, and running on isolated compute equipment is going to be very slow and prohibitive to the progress of research in general, not to mention expensive to implement for the organization due to the need to duplicate infrastructure to meet security needs. In my estimation, this extreme interpretation of security applications is the hold up for personalized medicine. Don’t get me wrong, privacy is important and it needs to be protected, but there are likely better ways to preserve privacy that embrace modern technology practices without squelching the productivity of researchers under the thumb of extreme security.


Needed: common reference architectures

What the industry needs is to develop common reference architectures that utilize flexible and dynamic virtual infrastructures to protect information as it flows from place to place, lands on remote storage, is analyzed, then returned to its safe place, all while moving the data and analyzing the data at the best possible speeds.


The use of better data transfer utilities that encrypt data during transmission using encryption features that are built into modern processors, along with better and faster networking practices that temporarily define isolated virtual networks through the use of software defined networking (SDN), will help pave the way towards wide-scale application of personalized medicine techniques. The use of these types of technology, combined with proven reference designs that auditors and compliance officers can refer to, will help dig the medical environments out of the dark ages and place them squarely in the 21st century, affording them the best that research computing has to offer at affordable prices on shared infrastructures that are institutionally owned. With the technology barrier resolved, while preserving privacy, personalized medicine could begin to progress towards wide-scale implementation.


What questions do you have?

Are nurse practitioners just what the doctor ordered for improving rural health? Health experts and nursing leaders I talk with say the answer is a resounding yes. Now, a sophisticated medical office on wheels, developed at the University of Kansas (KU) Center for Design Research (CDR), is ready to help us fill that prescription.


The KU WellCar* empowers nurse practitioners—connected to remote physicians and other resources as needed—to take healthcare on the road. Created in collaboration with nurses and other health leaders, the WellCar was first seen as a vehicle to help nurse practitioners deliver primary care services in rural Kansas. But as healthcare continues to move out of the hospital or clinic and into the community and home, the WellCar is being eyed as a way to improve a broad range of healthcare services—and to extend care everywhere from inner cities to disaster sites.  


NP and WellCar.jpg


Empowering Mobile Care 


How does the WellCar empower you if you’re the nurse practitioner behind the wheel? It means you can arrive at a patient’s home equipped to perform diagnostic procedures, document care, and provide patient education. Instead of the traditional black bag, you’re backed by a van full of robust, compact medical diagnostics equipment and computer and communications technology. You’ve got the patient’s up-to-date health history at your fingertips, along with data from in-home health monitoring equipment. Reflecting your vital role within the healthcare team, you’re equipped to conduct video conferences with remote experts and to securely collaborate and share results with labs and supervising organizations.


There’s also a WellPac* that provides a case for carrying necessary equipment into the home and a work surface once you’re inside. But most equipment stays in the van—you transfer data to it wirelessly. The WellCar’s advanced communication system is also designed to link the digital equipment within the van and connect to secure external cloud services.


The bottom line is that you can deliver the compassionate, personalized care that is so crucial to both care-givers and patients—and in a more coordinated, productive way. You’ll also help fill an urgent need. Nearly one-quarter of the United States population lives in rural areas, but only about 10 percent of physicians practice in rural America. Rural residents tend to be poorer than average and to suffer higher rates of poor health and suicide.[1] And of course the lack of healthcare services isn’t limited to the United States. 


wellcar intel3.jpg


A Product of Passion and Best Practices


One thing I love about the WellCar is that it reflects the passions of the people who have created it. Professor Gregory Thomas, who heads the CDR and directed the project, is a cancer survivor and educator committed to having KU’s design students solve significant, real-world problems. He and his students followed best practices for user-centered innovation, including cross-disciplinary collaboration and close involvement with potential users. Students viewed the project as not simply a set of design challenges, but as something that can benefit their families and communities. Their advances in remote data collection won them Connected World magazine’s University Competition held in Chicago at the 2014 Connected World Conference.


Passionate clinicians influenced all aspects of the design. Dr. Aenor Sawyer, associate director of strategic relations at the University of California, San Francisco (UCSF) Center for Digital Health Innovation (CDHI), is both an orthopedist and a daughter who cared for her father at home for 10 years. She’s leading CDHI’s efforts to build out a next-generation model for highly distributed healthcare. She reached out to Professor Thomas after reading about the project, and became the WellCar’s medical director. Debbie Gregory, a registered nurse and co-founder of the Nursing Institute for Healthcare Design, shared her expertise in designing intuitive, productive healthcare experiences.


Gordon Alloway, former project director of the Heartland Telehealth Resource Center and now a consultant specializing in rural health access, contributed his passion for helping rural Americans maintain their highly valued independence.


Intel® Inside


I also love the WellCar as an example of people using Intel® technologies to do amazing things. A Panasonic Toughpad* tablet computer powered by the Intel® Core™ i5 vPro™ processor provides what Professor Thomas calls the technology brains of the WellCar. A custom communication system designed by Cornerstone Integration uses Intel® technologies for the Internet of Things to manage communications within the van and to the outside world. The Intel Health and Life Sciences team shared technology roadmaps, insights on mobile workflows, and advice on solving technical challenges.


Many other companies have recognized the WellCar’s potential impact and gotten involved. Ford donated a new Transit Connect Wagon*. Philips, HealthSTATS International, Vidyo, Voalte, and Midland Radio are among those providing expertise and equipment, either for the van itself or for patients’ homes.


Increasing Access to Care


Diverse organizations are beginning to explore how they can use the WellCar to help increase cost-effective access to high-quality healthcare. I’m excited to see where the WellCar’s road will take it.


What role do you see for the WellCar? Are you eager to get behind the wheel? I hope you’ll read more and share your thoughts. Together, we can expand access for underserved patients wherever they reside.



[1] For more about the data in this paragraph, see National Rural Health Association, What’s Different About Rural Health?


The way CIOs and clinicians think about mobile technology has changed over the past few years. Initially, we thought mobile was going to revolve around touch-friendly applications like in the consumer world. But clinical care is a complicated business. If you look at what a physician does, they are moving through an electronic health record, then a database. The ability to run both touch-friendly apps on a Windows device and your traditional enterprise clinical systems that you have been using for 20 years in your hospital is a really important part of the story.


Virtually every customer we see using mobile devices uses both touch and a traditional desktop application in touch mode. So, they can use a stylus to navigate tasks that were designed for a keyboard and mouse but need to be performed on a mobile device. That combination is key.


Security on mobile devices has changed as well. Clinicians want full functionality while the IT department wants as much security as possible. The hardest thing to do is accommodate both needs. But when you think about it, Windows has always featured functionality and security. Our customers have been managing and deploying this infrastructure for 20 years. All of the policies that our customers have spent years building, planning and designing do work. Third party add-ons like smart card readers can connect to all of the devices and IT can breathe a sigh of relief because it can take advantage of the current infrastructure.


Gareth Hall is global director of mobility for healthcare at Microsoft.


Bradley Dick is Chief Information Officer at Resurgens Orthopaedics, one of the largest orthopedics practices in the country with 97 orthopedic surgeons, 21 locations in an around metro Atlanta, six outpatient surgery centers, and nine imaging facilities. We recently caught up with him to get his thoughts on his organization’s mobile technology strategy and why mobile technology is growing in healthcare.


Intel: What is the mobile strategy for your organization?


Dick: Our mobile strategy is to empower the physician at the point of care. It’s not tied to a particular device. Data is really the power of mobile healthcare technology and the key is to get the data to the practitioner at the point of care so they can make decisions and not impact the workflow. We found that with any type of solution, if it significantly impacts workflow it will not be successful.


Intel: What types of solutions have you successfully implemented recently?


Dick: The most recent solution we implemented is the Allscripts TouchWorks EHR for Windows 8. We wanted a solution that would enable the provider to have the entire episode of care available to them; everything starting when the patient walked into the building to the time they left the facility. Other solutions did not have the same multi-tasking functionality or support for other applications.


Intel: What has helped drive the growth of mobile technology in healthcare?


Dick: One of the big drivers of mobile healthcare technology is the ubiquity of bandwidth. With great bandwidth available, it opens us up to a lot of interesting possibilities. A lot of the big data systems we are starting to look at are going to be key in the mobile space because behind the scenes, we have to get that data to the clinician at the point of care. That’s always been the big challenge. Data is only as good as it is integrated into the actual care of the patient and bandwidth makes that possible.


Intel: What should CIOs be thinking about when it comes to mobile technology?


Dick: Healthcare CIOs should be thinking about the workflows of their clinicians and look to find ways that they can make those workflows more efficient. Trust me, physicians are using mobile devices and want to have that technology and the data. The key is to collaborate with providers and care coordinators to find the right tools. It will be much more successful if you integrate them into the process rather than come up with a process on your own.


Intel: What keeps you up at night when it comes to healthcare technology?


Dick: What keeps me up at night is the worry that we are not innovating enough. We have been focusing on regulatory compliance so much I don’t think we are innovating. EHRs are not innovation. We need to start seeing the smaller companies introduce solutions that we can integrate into our systems and have some sort of interoperability. Right now it’s almost impossible for the small companies to get our attention because we know they cannot integrate into our systems.

Filter Blog

By date:
By tag: