wn cyber 1

Health data management trends to watch for in 2018

Health data management trends to watch for in 2018

Shot of two surgeons analyzing a patient’s medical scans during surgery

By Bill Siwicki
January 04, 2018

Informatics, data analytics, privacy and security, clinical documentation improvement and information governance are among the imperatives that will dominate data trends in 2018, according to the American Health Information Management Association.

Data Analytics
Demand for services and projects will increase in 2018, AHIMA predicts. Data analysts are expected to be busy helping providers participate in new payment models and find their way through new policy initiatives such as MACRA.

Informatics
Data experts will help to mitigate physician burnout with electronic health records by streamlining processes to capture data in EHRs, protect patient-generated data in mobile apps and develop interfaces and dashboards for telehealth services, AHIMA said.

Privacy & Security
While cybersecurity incidents will likely continue to make headlines in 2018, there are a number of policies related to data security to watch for this year, AHIMA said. These include the issuing of “minimum necessary” requirements, guidance around mental health information and data sharing as required by proposed rules of both the 21st Century Cures Act and the penalty sharing provision of the HITECH Act, experts said.

Clinical Documentation
Clinical documentation improvement specialists will also continue to be deeply involved with claims denials in 2018, helping to identify denials for coding and documentation that should be appealed as well as continue to expand to new and specialty areas of healthcare such as long-term care, home health, psychiatric units and rehab facilities that call for high-quality documentation, AHIMA predicted.

Information Governance
In the area of information governance, experts said enterprise-wide retention policies and data quality will continue to cause cybersecurity challenges for providers in 2018, demonstrating the strong need for IG programs to address them.

Government & Policy
Federal rules and regulations will also be worth paying close attention to this year. In addition to the 2018 budget, which will affect funding of the Office of the National Coordinator for Health IT and HHS’ Office for Civil Rights, the forthcoming definition of “information blocking” defined by the 21st Century Cures Act will be a major story to look for because of its impact on a large portion of EHR users, AHIMA said.
Four big issues impacting inpatient and outpatient coding in 2018 will be reimbursement, telemedicine, copy/paste and coding auditing, the experts added. Also, starting in January, the Medicare Access and CHIP Reauthorization Act of 2015 will require physicians to start reporting patient relationship modifiers.

Workforce
Finally, with regard to education and workforce issues, “upskilling” existing practitioners for more advanced roles in data analytics and informatics, preparing academic faculty to teach higher-level content in data analytics and revising curriculums to ensure students are prepared to meet workplace needs are all education and workplace trends to pay attention to in 2018, according to AHIMA.

Related Articles

GDIT Recruitment 600×300
GovExec Newsletter 250×250
GDIT Recruitment 250×250
GDIT HCSD SCM 1 250×250 Train
Study: Cybercriminals eyeing smaller providers and Health IoT in 2018

Study: Cybercriminals eyeing smaller providers and Health IoT in 2018

Cropped shot of an unidentifiable hacker cracking a computer code in the dark

By Bill Siwicki
January 5, 2018

This past year was another challenging one for healthcare organizations as they remained under sustained attack by cybercriminals who continue to target healthcare networks through the use of well-known vulnerabilities.

A new study predicts that 2018 won’t be any easier, especially as attackers increasingly set their sights on smaller providers and the myriad connected Internet of Things devices across healthcare.

In 2017, there were a total of 140 hacking-related data breaches reported to the Department of Health and Human Services’ Office of Civil Rights – a 24 percent increase over the 113 such events reported in 2016, according to the “2017 Health Care Cyber Research Report,” from cybersecurity vendor Cryptonite.

The number of reported hacking events attributed to ransomware by healthcare organizations jumped by 89 percent from 2016 to 2017, the study shows. This was an increase from 19 reported events in 2016 to a total of 36 events in 2017.

In 2017, ransomware events represented 25 percent of all events reported to HHS/OCR and attributed to IT/hacking. All six of the largest hacking-related healthcare events reported in 2017 were attributed to ransomware, the study found.

Somewhat encouragingly, this past year, just 3,442,748 records were reported to be compromised, a big decrease from 13,425,263 reported compromised in 2016.

But in years past, cybercriminals devoted significant time and effort to targeting the largest healthcare organizations. For example, 2015 breach events included Anthem (78.8 million records) and Premera Blue Cross (11 million records), and 2016 events included Banner Health (3.6 million records) and Newkirk Products (3.4 million records).

Now this low-hanging fruit has to some extent been harvested, and attackers are increasingly turning their attention to a broader mix of healthcare entities, the report said.

“The emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyberattackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers, and many other smaller yet critical healthcare institutions,” according to Cryptonite. “This is the beginning of a trend that will increase very substantially in 2018 and 2019.”

Internet of Things devices in healthcare also represent new and expanding opportunities for cyberattackers. IoT devices now are now nearly ubiquitous in healthcare – already widely deployed in intensive care facilities, operating rooms and patient care networks, said Michael Simon, president and CEO of Cryptonite.

“Cyberattackers target healthcare networks for two primary reasons – to steal the medical records they contain or to extort ransom payments,” said Simon. “Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud. While 2017 was the year of ransomware, we are anticipating this already hard-hit sector will feel the wrath of cybercriminals targeting the hundreds of thousands of IoT devices already deployed in healthcare.”

Related Articles

GDIT Recruitment 600×300
GovExec Newsletter 250×250
GDIT Recruitment 250×250
GDIT HCSD SCM 1 250×250 Train
Cyber Threats: Why Insiders Pose the Greatest Risk

Cyber Threats: Why Insiders Pose the Greatest Risk

Hackers pose myriad threats to government organizations, but vulnerabilities aren’t all coming from the outside. Insider threats – both malicious and unintentional – may be even more dangerous.

Roughly half of Federal agencies suffered an insider threat in the past year and almost one-in-three lost data in a breach, according to a MeriTalk study that surveying 150 Federal IT managers knowledgeable about their agencies’ cyber security programs.

The National Insider Threat Program was established in Executive Order 13587 four years ago to deter, detect and mitigate compromises of classified information by malicious insiders. The order requires Federal agencies to establish their own insider threat detection and prevention programs under guidance from the National Insider Threat Task Force (NITTF).

The NITTFT was established in response to the Wikileaks scandal in which thousands of classified U.S. government documents were published online as a result of breaches by U.S. Army soldier Pvt. Bradley (now Chelsea) Manning and sent to the Wikileaks website run by Internet activist Julian Assange. In a subsequent breach, government independent contractor Edward Snowden released thousands of additional documents to media. Both Manning and Snowden downloaded documents without being detected, causing international reverberations once details of classified programs and communications became public. Manning has since been convicted for leaking an archive including 700,000 government files. Snowden remains in self-imposed exile in Russia, where he fled to escape arrest.

While Manning and Snowden are poster children for the insider threat, unintentional insider threats – risky cyber behavior by usually well-meaning employees – may be the greater problem. Such unintentional threats can unwittingly open doors to hackers who can exploit system vulnerabilities to access and acquire vast amounts of data. Such was the case with the massive data breaches this year at the Office of Personnel Management.

Some 51 percent of respondents to MeriTalk’s Insider Threat survey, underwritten by cyber security software and services supplier Symantec, said it was common for employees to fail to follow appropriate protocols. Another 40 percent of respondents said employees access off-limits government information at least once weekly.

Michale Theis is assistant director for insider threat research at the CERT Insider Threat Center, at Carnegie-Mellon University (CMU). The Federally-funded research and development center within CMU’s Software Engineering Institute, has been tracking insider threat cases since 2001 and compiled a database of more than 1,200 cases.

“There’s no one type of insider, there’s no one type of threat,” Theis told GovTechWorks. “We have insider threat for fraud. We have insider threat for IT sabotage, for espionage, for intellectual property theft. Recently, we’ve added unintentional insider threats.”

For each threat profile, the center develops models to better understand the causal circumstances and then tries to develop solutions to mitigate those threats. For example, research has shown that intellectual property theft usually occurs in the 30 days preceding an employee’s announced resignation. Knowing that, organizations can be attuned to employees downloading or emailing extensive amounts of data and look for patterns that will identify a potential problem before it blows up into an outright threat.

Steve McIntosh is the Insider Threat Program Coordinator with the Defense Intelligence Agency (DIA). “For DIA the program is set up to monitor the behavior of the workforce, to detect that behavior which could be of concern and to put that behavior into context to determine whether or not it poses a risk, threat, or vulnerability to the agency,” he said. A retired officer with the Air Force’s Office of Special Investigations McIntosh said the idea is to monitor employee behavior, assess risk, and respond appropriately– which could mean anything from counseling an employee to suspending access.

“We’re dealing with human beings,” McIntosh said. “There will be lots of behavioral indicators that will tell us whether an individual is getting off-center and may need some help.”

DIA’s program is built around a threat mitigation cell where employee data is collected, examined and put into context. Sources include both electronic and non-electronic data from both inside and outside the agency. In addition, a user activity monitoring tool tracks, such as when the employee arrives and leaves work, what apps he or she accesses on the network and so on. When the system detects a change in usual patterns, that employee is flagged for additional examination.

“We monitor activity for behavior that is out of the norm, that could be considered to be of concern,” McIntosh said.

DIA’s monitoring tools track and learn employee behavior patterns. “The tool actually learns the employee,” McIntosh explained. “It knows when you come to work, it knows when you go home, it knows what you do online [at work]. And it ingests all this data and gets a profile of you, and tells us when something has changed.” DIA also has access to external data, he said. But its direct monitoring is limited to at-work activity.

Privacy concerns are paramount in all such programs. CERT’s Theis said agencies need to work closely with their legal and human resources teams to ensure employees understand the monitoring to which they will be subjected – and that they agree to it through controls and acknowledgements when they log into government systems.

There is no one solution for combatting or stopping insider cyber risks. End-user education and training, improved security technologyand additional controls and guidance, are all seen as effective parts of a program by Federal IT managers.

“Insider threats are people issues,” Theis said. Not all those issues will show up by monitoring the network. He said behavioral issues ranging from on-the-job performance to arguments with other employees can all be indicators of disgruntlement and potential risk.

All agencies with access to classified information are required to have their own insider threat programs. Other agencies may choose to implement one as well. Among the 150 Federal IT managers surveyed by MeriTalk in September, more than half said their agency had a formal insider threat program in place. Those that did were more likely to have annual in-person security training and a system of real-time alerts for inappropriate access and data loss.

Tobias Naegele is the editor in chief of GovTechWorks. He has covered defense, military, and technology issues as an editor and reporter for more than 25 years, most of that time as editor-in-chief at Defense News and Military Times.

Related Articles

GDIT Recruitment 600×300
GovExec Newsletter 250×250
GDIT Recruitment 250×250
GDIT HCSD SCM 1 250×250 Train