MMA’s injury epidemic

This is one of the first forays from this blog into expanding the definition of healthcare, which is the recent focus of this blog. Anyone who knows me and has seen me would not equate me to any faction of MMA life except for interest in the sport [certain don’t look the part]. However, if this reduces injuries and recovery time in a physical violent sport, that cannot be all bad.

MMA fans wince when they hear news of their favorite fighter pulling out of a heavily anticipated matchup with a training injury. One fan winces more than most — and he believes he can stop it. …

Meet the man who says he's got a solution to MMA's injury epidemic

MMA’s injury epidemic

MMA’s injury epidemic

A person with a potential solution

This is one of the first forays from this blog into expanding the definition of healthcare, which is the recent focus of this blog. Anyone who knows me and has seen me would not equate me to any faction of MMA life except for interest in the sport [certain don’t look the part]. However, if this reduces injuries and recovery time in a physical violent sport, that cannot be all bad.

MMA fans wince when they hear news of their favorite fighter pulling out of a heavily anticipated matchup with a training injury. One fan winces more than most — and he believes he can stop it. …

MMA Junkie, Part of the USA Today Network

Mediterranean diet linked to lower risk of heart attack, stroke – CNN.com

Out of the items listed, I do Broccoli, Olive Oil, Eggs, Beans, and Spinach. Working on the others.

A study found that the Mediterranean diet — high in fruits, vegetables and fish — is linked to a lower risk of heart attack and stroke in people with heart disease.

Source: Mediterranean diet linked to lower risk of heart attack, stroke – CNN.com

Nokia to buy digital health firm Withings for $191 million | Re/Code

Nokia rises from the “American Dead” after all.

The maker of digital scales and fitness trackers will form the basis of a new Nokia digital health business.

Source: Nokia to buy digital health firm Withings for $191 million | Re/code

Crazy Eddie’s HIPAA & Swap Shop

HIPAA compliance is not optional or dependent on the size of the business. In spite of some best efforts, the data host chosen, do so carefully. Or you could end up like Metro Chicago Hospital Council (MCHC) as a non-profit, has a Health Information Exchange (HIE) that is subcontracted. What happens if your provider leaves the market and takes its data store with it? Fortunately for them, they got a judge to be on their side long enough to ensure a proper transition. A federal judge ordered Sandlot Solutions Inc. [what a name for a medical company] not to destroy the data without court approval. It was ordered to provide the raw data to MCHC as well as a “virtual” copy as soon as possible. The HIE was ordered to bear the cost of hardware, personnel and other expenses necessary to do so, and also to post a bond of $25,000 (Susan D Hall, 2016, para. 5). Sandlot Solutions was out of Irving TX, the website is down, obtained through LinkedIn. A simple Dun & Bradstreet report may have flagged this company, but it does not hurt to check. An analogy would be to put the hands of deciding a game in an official making a call, Golden State Warriors found out the “hard way” about that.

Susan D Hall. (2016, April 25). Court prevents HIE contractor from destroying data. Retrieved April 26, 2016, from http://www.fiercehealthit.com/story/court-prevents-hie-contractor-destroying-data/2016-04-25

Health records 101

Most every topic imaginable has a report, think tank, or field study attached to it. That is just the way it is. “Sophisticated” technology will be necessary to make sure that patient records are unique. Many moons ago when I was active in IT, I was always taught to normalize data by creating rules to stop most bad data from entering the system. Errors such as leading a required field blank or a Social Security Number not entered should NEVER happen. The fix is simple, make the fields required, and stop processing until they are filled and properly formatted. In the 2016 version of the web, this can happen with web-based, app-based, or other forms, and it is a no-brainer. Patient name misspellings cannot be eliminated totally, but greatly reduced if a simple crosscheck query of name fields that correspond with SSN numbers or other information that can verify results. The report wants to make it sound or in practice be harder than it really is, but that is why they get “the big bucks”. “Creating policies and procedures for front-end and back-end staff to follow is foundational for the overall data integrity process” (Katie Dvorak, 2016, para. 8).When you hang around any industry long enough, what is old is new again to different generations.


Katie Dvorak. (2016, April 20). Report: Providers must adopt sophisticated tech, stronger policies to prevent duplicate patient records. Retrieved April 21, 2016, from http://www.fiercehealthit.com/story/report-providers-must-adopt-sophisticated-tech-stronger-policies-prevent-du/2016-04-20

Encryption, Encryption, Encryption

After all of the recent issues with Ransomware and other cyber-attacks in the healthcare field, paying attention to the details can be overlooked at your peril. In my home state of Alabama, a laptop was stolen from a vendor to CVS Health. This laptop, for some unexplained reason, had Protected Health Information (PHI) on it. Of course, it was not encrypted, as per CVS network policy, so somebody had a field day with people who used a certain Pharmacy in Shelby County (Birmingham South Suburban). Their so-called private information was not, and now the company has to inform those on it, and presumably make amends for this.The laptop contained information about customers who have had prescriptions filled at the CVS store at 8370 Highway 31 in Calera, the company announced Monday. The laptop was stolen from the vendor and reported to the Indianapolis police department (Kelly Poe, 2016, para. 2).Interesting tidbit here is that it was reported to a police department over 500 miles away from the “scene” of the crime. A later version of the story said it happened at the unnamed vendor’s locale, which is not the CVS in question.

  • This has HIPAA written all over it.
  • Ignorance is not bliss.
  • Compliance is not limited by company size.

Kelly Poe. (2016, April 18). Alabama CVS’ patient information at risk after laptop stolen. AL.com. Shelby County AL. Retrieved from http://www.al.com/business/index.ssf/2016/04/patient_information_at_risk_af.html

EHR vendors, you’re not only next, but now.

This blog and other places have discussed the recent publicity about Ransomware and how hospitals cope with it, some better than others. What they really want is the Electronic Health Records that are employed in such environments. EHR are very personal and specific. Add the web-based nature of exchange and that is manna to a hacker because they can “hit once, effect many”. Mark Menke, security expert and CTO of Network DLP at Digital Guardian remarked: The financial incentives associated with EHR adoption encourage healthcare providers to roll out bare-bones systems without the infrastructure to back them u(Lisa Hoover McGreevey, 2016).
 
  1. HIPAA has very specific rules regards data security and the chain of command. Ignore this at your peril.
  2. Virtually all data in an EHR is valuable, some parts more than others. It is the cyber security specialist along with the practice IT staff or consultants to know the difference. Ignorance is not bliss here.
  3. Encryption, Digital Rights Management (DRM), Single Sign On (SSO), and other technologies are your gateway to mitigating the attacks that will come.
  4. Backups, Backups, Backups. The size of the organization will determine how often this is done; Real-time on-site/off-network and hourly off-site is a good place to start.
(Mark Menke, 2016).

Continue reading

Telemedicine

Using most available measures, there are three Pharmacy chains that matter, 2 of them closer to pure plays in the sector. Walgreen’s is the largest, CVS is not far behind, and of course, Wal-Mart. CVS is the one making the most noise and expansion of technology with Telemedicine availability inside their Minute Clinic locations. The latest is the famous Cleveland Clinic coming on board in Ohio. When a patient enters a Minute Clinic, a Nurse Practitioner evaluates the situation and if they need further consultation, the links become active in a few minutes at an additional cost of $50 over the office visit (Katie Dvorak, 2016b, para. 2–3) Locally in Charlotte, 27 locations in the Metro, which include Target stores. All but two stores in the area have an affiliation with Carolinas Healthcare System, the dominant system in our area. The partnership locally has been active for five years, but no sign of telehealth that can be found or promoted.

According to a report from the Center for American Progress, telehealth is “high quality and cost saving” which grinds to a halt such progress is arcane state laws and licensing requirements. Only New York and the Capitol Region of Maryland, Virginia, and Washington DC allow reciprocity (Katie Dvorak, 2016a, para. 2–3). The mind is boggled when living on the border of two or more states that each doctor has to stay on their side. Not enlightened in the least. Then there is the matter of paying for all of this. As mentioned in the previous paragraph, the extra fee may be a showstopper for most, even with insurance. Seems to be agreement on the merits; most aspects encounter bumps early in the product/service cycle and this is no exception. As with most facets of healthcare, geography plays an out sized role in quality of care and coverages available to their populations. As of February 2016, 29 states and the District of Columbia have laws for private payer policies for telehealth, and 23 states have parity laws that require insurers to cover telehealth services at the same rates as in-person services (Zeke Emanuel, Joshua Sharfstein, Topher Spiro, & Meghan O’Toole, 2016, pp. 40–41).


Bibliography

Katie Dvorak. (2016a, April 13). CAP: Telemedicine licensure, reimbursement issues states must address. Retrieved April 14, 2016, from http://www.fiercehealthit.com/story/cap-telemedicine-licensure-reimbursement-issues-states-must-address/2016-04-13

Katie Dvorak. (2016b, April 13). Cleveland Clinic to work with CVS on MinuteClinic telemed services. Retrieved April 14, 2016, from http://www.fiercehealthit.com/story/cleveland-clinic-work-cvs-minuteclinic-telemed-services/2016-04-13

Zeke Emanuel, Joshua Sharfstein, Topher Spiro, & Meghan O’Toole. (2016, April). State Options to Control Health Care Costs and Improve Quality. Center for American Progress. Retrieved from https://cdn.americanprogress.org/wp-content/uploads/2016/04/07050836/CostContainment-report.pdf

Your Next Fitness Wearable could be a Patch

This article was in my archives from last year but not published. Because of my refocus on this blog with a current healthcare focus, sharing with the audience is not a bad thing. Since this was originally published last year, I have yet to find any follow ups on this topic.

[embeddoc url=”https://herbied.edublogs.org/files/2016/04/Thenextevolutionoffitnesswearables.html_-1315pcx.pdf” viewer=”google”]

PGT Trucking tests headset with sensors for driver fatigue

This is so cool. Can do handsfree and alert to driver fatigue, the main culprit behind a fatal LCV accident in Charlotte

PGT Trucking, a 1,100-truck carrier with flatbed operations is testing fatigue monitoring technology from Maven Machines.

Source: PGT Trucking tests headset with sensors for driver fatigue

Stream 04/07

Healthcare EMRs [personal]

I had the misfortune to sprain my wrist recently that required a medical facility visit. After lengthy waits and treatment, discharge papers (handout with no digital option) disclosed the usual suspects such as purpose of visit and treatment, meds given and prescribed, and follow up procedures. Here is where the follow-up gets hairy approaching fubar. At the left is the first page of an actual discharge paper given out by the Emergency Department. It touts their secure access to your health records and provides a way to contact your doctors and allied professionals. Near the bottom are follow-up instructions, who to see, address info, phone number, and timeframe. The mistake I made was depending on the forms in the service to set up an appointment for today. Their system did not work and when a call was made late Thursday about it, the staff was unapologetic and less than helpful about. This is but one example of how Electronic Medical Records (EMR) failed in real world applications, the kind that drives costs up and reduces outcomes. A copy of the record that I was given was sent to the specialists’ office, which they acknowledged; made its way to the digital equivalent of the circular filing cabinet, the “ignore” bin. An education about how EMR’s are not really what is needed for healthcare reform and cost containment sheds light on the subject. There is the concept of Electronic Health Records (EHR). EMR is a digital version of paper charts in the Doctor’s office, scanned for archival and supposedly sharing purposes among vetted parties. Right answer, wrong question. A move to EHR takes these digitized documents and facilitates sharing throughout the whole system by design. “The EHR represents the ability to easily share medical information among stakeholders and to have a patient’s information follow him or her through the various modalities of care engaged by that individual” (Peter Garrett & Joshua Seidman PhD, 2011, para. 6). This was five years ago little action taken on this. The facility certainly dropped the ball with the information passing with the patient suffering negative outcomes because someone did not think through a system promoted by “suits” who generally do not have a clue on what happens on the front lines of care. This leads us to the present. National Coordinator for Health IT Karen DeSalvo wants to move forward with public access of their own data with a measure of control that is anathema to the profitable business of “blocking” data. the Office of the National Coordinator (ONC) said its 2016 goals include continuing to “build the economic case for interoperability,” coordinate with industry stakeholders to increase enhance consumer access to data, and to discourage health information blocking (Hall, 2016, para. 8). There are many avenues to making dollars in the corporate world; I do not understand how blocking data allows happening beyond a potential lock-in similar to Windows lock in for personal computing back in the day.

BCBSNC Shakeup

A recent media report has the #2 person at Blue Cross Blue Shield of North Carolina (BCBSNC) has resigned leaving behind a mess of a computer system tied to mistaken billing of customers and other software issues.

name Alan Hughes
title Chief Operating Officer (COO)
compensation $1.77M (2014)

(John Murawski, 2016)

I was a customer of BCBSNC during my “interim” period prior to Medicare [long story] and based on most of my interactions with them on the phone and in person, no surprise of their flawed systems. Someone has to fall on their sword and there is usually a severance associated with this, which was not disclosed in the piece, but I do not think he will visit the poor side of Durham County anytime soon. When your background is the Chief Information Officer (CIO) and the information system does not work properly, it happens. The Department of Insurance has reported 11,162 customer calls as of April 1, including 2,346 complaints against the insurer. The agency’s investigation could result in fines against Blue Cross up to $1,000 per violation per day (John Murawski, 2016). That has to leave a mark, but it is election year in North Carolina, so “stay tuned”.

Ransomware

UPDATED: Symantec said, “The 2007 and 2010 fixes referenced in the article were not contributing factors in this event” (Ann C Nickels, 2016). Further comment will not emanate from MedStar concurrent to the advice of IT, cybersecurity and law enforcement experts.

This topic will not go away. The hackers that penetrated MedStar Health in the Maryland/DC region came in through a 9 year exploit named JBoss, an application server courtesy of Red Hat Inc. (Tami Abdollah, 2016). As night turns into day, the hospital chain denies this. It must be stated that part of the mission of hackers is to expose weak spots where found. This time, it is the Samas or “samsam” vector specifically for JBoss middleware and other Java based servers. More details can be found here and here. When an IT person in charge of security ignore application threats from the writers of such software and the government on at least 2 other occasions, that would fit the definition of maleficence. MedStar is in deep doo doo, but admitting it would bring more of the wrong kind of attention in a competitive marketplace. Never mind these breaches are not specific to this chain.

Bibliography

Ann C Nickels. (2016, April 6). MedStar Response to Incorrect Media Reports. MedStar Health. Retrieved from http://www.medstarhealth.org/mhs/2016/04/06/medstar-response-incorrect-media-reports/

Susan D Hall. (2016, April 7). Karen DeSalvo: Tech can improve patients’ access to health data. Retrieved April 7, 2016, from http://www.fiercehealthit.com/story/karen-desalvo-tech-can-improve-patients-acesss-health-data/2016-04-07

John Murawski. (2016, April 5). Blue Cross executive resigns amid technology fiasco | News & Observer. The News and Observer. Raleigh, NC. Retrieved from http://www.newsobserver.com/news/business/article70020192.html

Peter Garrett, & Joshua Seidman PhD. (2011, January 4). EMR vs EHR – What is the Difference? Retrieved from https://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/emr-vs-ehr-difference/

Tami Abdollah. (2016, April 5). Hackers broke into hospitals despite software flaw warnings. AP The Big Story. Washington DC. Retrieved from http://bigstory.ap.org/article/86401c5c2f7e43b79d7decb04a0022b4/hackers-broke-hospitals-despite-software-flaw-warnings

 

EHRs, BSBCNC, Ransomware

Healthcare EMRs [personal]

I had the misfortune to sprain my wrist recently that required a medical facility visit. After lengthy waits and treatment, discharge papers (handout with no digital option) disclosed the usual suspects such as purpose of visit and treatment, meds given and prescribed, and follow up procedures. Here is where the follow-up gets hairy approaching fubar. At the left is the first page of an actual discharge paper given out by the Emergency Department. It touts their secure access to your health records and provides a way to contact your doctors and allied professionals. Near the bottom are follow-up instructions, who to see, address info, phone number, and timeframe. The mistake I made was depending on the forms in the service to set up an appointment for today. Their system did not work and when a call was made late Thursday about it, the staff was unapologetic and less than helpful about. This is but one example of how Electronic Medical Records (EMR) failed in real world applications, the kind that drives costs up and reduces outcomes. A copy of the record that I was given was sent to the specialists’ office, which they acknowledged; made its way to the digital equivalent of the circular filing cabinet, the “ignore” bin. An education about how EMR’s are not really what is needed for healthcare reform and cost containment sheds light on the subject. There is the concept of Electronic Health Records (EHR). EMR is a digital version of paper charts in the Doctor’s office, scanned for archival and supposedly sharing purposes among vetted parties. Right answer, wrong question. A move to EHR takes these digitized documents and facilitates sharing throughout the whole system by design. “The EHR represents the ability to easily share medical information among stakeholders and to have a patient’s information follow him or her through the various modalities of care engaged by that individual” (Peter Garrett & Joshua Seidman PhD, 2011, para. 6). This was five years ago little action taken on this. The facility certainly dropped the ball with the information passing with the patient suffering negative outcomes because someone did not think through a system promoted by “suits” who generally do not have a clue on what happens on the front lines of care. This leads us to the present. National Coordinator for Health IT Karen DeSalvo wants to move forward with public access of their own data with a measure of control that is anathema to the profitable business of “blocking” data. the Office of the National Coordinator (ONC) said its 2016 goals include continuing to “build the economic case for interoperability,” coordinate with industry stakeholders to increase enhance consumer access to data, and to discourage health information blocking (Hall, 2016, para. 8). There are many avenues to making dollars in the corporate world; I do not understand how blocking data allows happening beyond a potential lock-in similar to Windows lock in for personal computing back in the day.

BCBSNC Shakeup

A recent media report has the #2 person at Blue Cross Blue Shield of North Carolina (BCBSNC) has resigned leaving behind a mess of a computer system tied to mistaken billing of customers and other software issues.

nameAlan HughestitleChief Operating Officer (COO)compensation$1.77M (2014)
(John Murawski, 2016)

I was a customer of BCBSNC during my “interim” period prior to Medicare [long story] and based on most of my interactions with them on the phone and in person, no surprise of their flawed systems. Someone has to fall on their sword and there is usually a severance associated with this, which was not disclosed in the piece, but I do not think he will visit the poor side of Durham County anytime soon. When your background is the Chief Information Officer (CIO) and the information system does not work properly, it happens. The Department of Insurance has reported 11,162 customer calls as of April 1, including 2,346 complaints against the insurer. The agency’s investigation could result in fines against Blue Cross up to $1,000 per violation per day (John Murawski, 2016). That has to leave a mark, but it is election year in North Carolina, so “stay tuned”.

Ransomware

UPDATED: Symantec said, “The 2007 and 2010 fixes referenced in the article were not contributing factors in this event” (Ann C Nickels, 2016). Further comment will not emanate from MedStar concurrent to the advice of IT, cybersecurity and law enforcement experts.

This topic will not go away. The hackers that penetrated MedStar Health in the Maryland/DC region came in through a 9 year exploit named JBoss, an application server courtesy of Red Hat Inc. (Tami Abdollah, 2016). As night turns into day, the hospital chain denies this. It must be stated that part of the mission of hackers is to expose weak spots where found. This time, it is the Samas or “samsam” vector specifically for JBoss middleware and other Java based servers. More details can be found here and here. When an IT person in charge of security ignore application threats from the writers of such software and the government on at least 2 other occasions, that would fit the definition of maleficence. MedStar is in deep doo doo, but admitting it would bring more of the wrong kind of attention in a competitive marketplace. Never mind these breaches are not specific to this chain.

Bibliography

Ann C Nickels. (2016, April 6). MedStar Response to Incorrect Media Reports. MedStar Health. Retrieved from http://www.medstarhealth.org/mhs/2016/04/06/medstar-response-incorrect-media-reports/

Susan D Hall. (2016, April 7). Karen DeSalvo: Tech can improve patients’ access to health data. Retrieved April 7, 2016, from http://www.fiercehealthit.com/story/karen-desalvo-tech-can-improve-patients-acesss-health-data/2016-04-07

John Murawski. (2016, April 5). Blue Cross executive resigns amid technology fiasco | News & Observer. The News and Observer. Raleigh, NC. Retrieved from http://www.newsobserver.com/news/business/article70020192.html

Peter Garrett, & Joshua Seidman PhD. (2011, January 4). EMR vs EHR — What is the Difference? Retrieved from https://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/emr-vs-ehr-difference/

Tami Abdollah. (2016, April 5). Hackers broke into hospitals despite software flaw warnings. AP The Big Story. Washington DC. Retrieved from http://bigstory.ap.org/article/86401c5c2f7e43b79d7decb04a0022b4/hackers-broke-hospitals-despite-software-flaw-warnings

Bonus Stream 04/06

Efforting to get back into Pro status so I can directly upload from existing tools.

Update: What I used to do this in the past is no longer available due to hacker exploits.

[embeddoc url=”https://herbied.edublogs.org/files/2016/04/stream-04062016-1oe3o2s.pdf” viewer=”google”]