Healthcare Technology Vendor News

TigerConnect Survey Finds 89% of Healthcare Providers Still Use Fax Machines and 39% are Still Using Pagers

Posted by HIPAA Journal

TigerConnect has released its 2019 State of Healthcare Communications Report, which shows that continuing reliance on decades-old, inefficient communications technology is negatively impacting patients and is contributing to the increasing cost of healthcare provision.

For the report, TigerConnect surveyed more than 2,000 patients and 200 healthcare employees to assess the current state of communications in healthcare and gain insights into areas where communication inefficiencies are causing problems.

The responses clearly show that communication in healthcare is broken. 52% of healthcare organizations are experiencing communication disconnects that impact patients on a daily basis or several times a week. Those communication inefficiencies are proving frustrating for healthcare employees and patients alike.

The report reveals most hospitals are still heavily reliant on communications technology from the 1970s. 89% of hospitals still use faxes and 39% are still using pagers in some departments, roles, or even across the entire organization. The world may have moved on, but healthcare hasn’t, even though healthcare is the industry that stands to benefit most from the adoption of mobile technology.

The HHS’ Centers for Medicaid and Medicare Services (CMS) is pushing for fax machines to be eliminated by the end of 2020 and for healthcare organizations to instead use more secure, reliable, and efficient communications methods. Given the extensive use of fax machines, that target may be difficult to achieve.

“Adoption of modern communication solutions has occurred in every other industry but healthcare,” said Brad Brooks, chief executive officer and co-founder of TigerConnect. “Despite the fact that quality healthcare is vital to the well-being and functioning of a society, the shocking lack of communication innovation comes at a steep price, resulting in chronic delays, increased operational costs that are often passed down to the public, preventable medical errors, physician burnout, and in the worst cases, can even lead to death.”

The cost of communication inefficiencies in healthcare is considerable. According to NCBI, a 500-bed hospital loses more than $4 million each year as a result of communication inefficiencies and communication errors are the root cause of 70% of all medical error deaths.

The communication problems are certainly felt by healthcare employees, who waste valuable time battling with inefficient systems. The report reveals 55% of healthcare organizations believe the healthcare industry is behind the times in terms of communication technology compared to other consumer industries.

One of the main issues faced by healthcare professionals is not being able to get in touch with members of the care team when they need to. 39% of healthcare professionals said it was difficult or very difficult communicating with one or more groups of care team members.

Fast communication is critical for providing high quality care to patients and improvements are being made, albeit slowly. Secure messaging is now the primary method of communication overall for nurses (45%) and physicians (39%), although landlines are the main form of communication for allied health professionals (32%) and staff outside hospitals (37%), even though secure messaging platforms can be used by all groups in all locations.

Even though there is an increasing mobile workforce in healthcare, healthcare organizations are still heavily reliant on landlines. Landlines are still the top method of communication when secure messaging is not available. Landlines are also used 25% of the time at organizations that have implemented secure messaging.

Healthcare organizations that have taken steps to improve communication and have implemented secure messaging platforms are failing to get the full benefits of the technology. All too often, secure messaging technology is implemented in silos, with different groups using different methods and tools to communicate with each other. When secure messaging is not used, such as when the platform is only used by certain roles, communication is much more difficult.

The communications problems are also felt by patients. Nearly three quarters (74%) of surveyed patients who had spent at least some time in hospital in the past two years, either receiving treatment or visiting an immediate family member, said they were frustrated by inefficient processes.

The most common complaints were slow discharge/transfer times (31%), ED time with doctors (22%), long waiting room times (22%), the ability to communicate with a doctor (22%), and the length of time it takes to get lab test results back (15%). Many of these issues could be eased through improved communication between members of the care team. The survey also revealed hospital staff tend to underestimate the level of frustration that patients experience.

Communication problems play a large part in the bottlenecks that often occur in healthcare. Communication problems were cited as causing delayed discharges (50%), consult delays (40%), long ED wait times (38%), transport delays (33%) and slow inter-facility transfers (30%). There is a 50% greater chance of daily communication disconnects negatively impacting patients when secure messaging is not used.

Hospitals that communicate with patients by SMS/text or messaging apps are far more likely to rate their communication methods as effective or extremely effective. 75% of hospitals that use text/SMS and 73% that use messaging apps rate communication with patients as effective or very effective, compared to 62% that primarily use the telephone and 53% whose primary method of communicating with patients is patient portals. The survey also showed that only 20% of patients want to communicate via patient portals.

It has been established that secure messaging can improve communication and the quality of healthcare delivery, but healthcare communication is often not a strategic priority. 69% of surveyed healthcare professionals that are not using a secure messaging platform said this was due to budget constraints, 38% said money was spent on other IT priorities, and 34% cited concerns about patient data security, even though secure messaging platforms offer afar greater security than legacy communications systems.

TigerConnect has made several recommendations on how communication in healthcare needs to be improved.

  • Prioritize communication as a strategy
  • Focus on improving communication to ease major bottlenecks
  • Integrate communication platforms with EHRs to get the greatest value
  • Standardize communication across the entire organization
  • Include clinical leadership in solution design
  • Stop using patient portals to communicate with patients and start using patient messaging in the overall communication strategy.

The survey provides valuable insights into the state of communication in healthcare and clearly shows where improvements need to be made. The full TigerConnect 2019 State of Communication in Healthcare Report is available free of charge on this link (registration required).

The post TigerConnect Survey Finds 89% of Healthcare Providers Still Use Fax Machines and 39% are Still Using Pagers appeared first on HIPAA Journal.

ProtoLytic, LLC Verified as HIPAA-Compliant by Compliancy Group

Posted by HIPAA Journal

ProtoLytic, LLC, the Tampa, FL-based developer of decision support tools for medical cost management, has been confirmed as HIPAA-compliant by Compliancy Group.

ProtoLytic tools are used by healthcare providers to develop treatment plans for patients using evidence-based guidelines and demographic data to help claims adjusters process referrals and medical service requests and reduce time to quality of care. The company has also developed a predictive modelling information system to determine the treatment and medical services patients with specific health conditions are likely to need.

These software solutions naturally come into contact with electronic protected health information (PHI). Consequently, ProtoLytic is classed as a business associate under Health Insurance Portability and Accountability Act (HIPAA) Rules. In addition to entering into a business associate agreement (BAA) with HIPAA-covered entities, ProtoLytic is must ensure safeguards are implemented to ensure the confidentiality, integrity, and availability of ePHI and the company and its employees must adhere to the regulatory standards of the HIPAA, Privacy, Security, Omnibus, and Breach Notification Rules.

ProtoLytic is committed to ensuring the privacy and security of all client information and had already implemented its HIPAA compliance program. To take its compliance efforts to the next level, ProtoLytic partnered with Compliancy Group.

Assisted by Compliancy Group’s HIPAA compliance coaches and using the company’s proprietary web-based compliance software solution, The Guard, ProtoLytic successfully completed the 6-Stage HIPAA Risk Analysis and Remediation Process and its good faith compliance efforts were verified as meeting the necessary standards of HIPAA that apply to business associates.

Following the successful completion of the program, Compliancy Group awarded ProtoLytic the HIPAA Seal of Compliance. The HIPAA Seal of Compliance demonstrates to current and future Protolytic clients that the company is committed to privacy, security, and compliance with HIPAA and the HITECH Act, thus helping the firm differentiate its services.

The post ProtoLytic, LLC Verified as HIPAA-Compliant by Compliancy Group appeared first on HIPAA Journal.

New Version of SpamTitan Released, Including New RESTapi

Posted by HIPAA Journal

TitanHQ has released a new version of its leading cloud-based anti-spam service and antispam software. The latest version of SpamTitan – v7.06 – includes a new RESTapi which can be used by partners and clients for seamless integrations.

The latest version was debuted on November 12, 2019. Users of the cloud-based anti-spam service have automatically been upgraded to the latest version. SpamTitan software users had had the latest version downloaded to their appliances, although appliance administrators need to apply the update and accompanying security patches by logging into their user interface.

The latest release includes security patches to address issues with the reporting engine and patches and ISO/OVA images are now available for all clients and partners. The patches cover several packages including OpenSSH, OpenSSL, PHP, ClamAV and sudo.

TitanHQ has enjoyed 30% growth in 2019 fueled in a large part by managed services providers serving the SMB market. The TitanHQ platform is proving popular with MSPs for providing spam filtering, DNS filtering, and email archiving solutions to their clients. Q3, 2019 was the busiest ever quarter for MSP growth at TitanHQ and that strong growth has continued in Q4, 2019.

More than 2,200 MSP partners are now using the TitanHQ platform and Q4, 2019 looks set to beat previous records thanks to the launch of the “Margin Maker for MSPs” initiative for Q4, which has made adoption of the platform even more attractive for MSPs.

TitanHQ is encouraging implementation of the RESTapi and API adoption, which are seen to be vital for the company’s partnership expansion plans. “We have enjoyed a record-breaking growth and the latest enhancements and new features that have been added to SpamTitan will help to ensure growth in 2020 continues at record levels,” said Ronan Kavanagh, CEO, TitanHQ.

Technical details of the new RESTapi can be accessed on this link.

The post New Version of SpamTitan Released, Including New RESTapi appeared first on HIPAA Journal.

EnTech Confirms HIPAA-Compliant Status with Compliancy Group

Posted by HIPAA Journal

The Fort Myers, FL-based managed IT service provider, EnTech, has been confirmed as in compliance with Health Insurance Portability and Accountability Act (HIPAA) Rules by Compliancy Group.

Entech has been serving businesses in Southwest Florida for more than 20 years. The company offers managed IT and integration services to help businesses get the most out of information technology, along with strategic technology consultancy services to help businesses choose the best IT architectures to meet their needs.

In order to provide those services to healthcare organizations, EnTech is required to comply with HIPAA Rules. The company must implement appropriate safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) and its employees made aware of their responsibilities with respect to HIPAA and ePHI.

Assisted by Compliancy Group’s HIPAA coaches and using “The Guard” compliance tracking solution, EnTech has successfully completed Compliancy Group’s 6-Stage Risk Analysis and Remediation Process.

Successful completion of that process has been confirmed by Compliancy Group, resulting in the company being awarded Compliancy Group’s HIPAA Seal of Compliance. The HIPAA Seal of Compliance is only awarded to companies that have satisfied all requirements of the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules and have an effective HIPAA compliance program in place.

“We are very proud to have achieved this designation as it shows our commitment to our clients and community,” said David Spire, Entech’s Chief Development Officer. “With the ever-changing threat landscape, organizations in the healthcare field that directly or indirectly provide medical care today need to take all the necessary steps to protect all of our personal information.”

Along with a signed business associate agreement, the HIPAA Seal of Compliance provides reassurances to current and future EnTech clients that the company is committed to privacy and security and is fully aware of its responsibilities under HIPAA.

The post EnTech Confirms HIPAA-Compliant Status with Compliancy Group appeared first on HIPAA Journal.

Vulnerability Identified in Philips IntelliBridge EC40/80 Hubs

Posted by HIPAA Journal

A vulnerability has been identified in the Philips IntelliBridge EC40/80 hub which could allow an attacker to gain access to the hub and execute software, modify files, change the system configuration, and gain access to identifiable patient information.

Philips IntelliBridge EC40/80 hubs are used to transfer medical device data from one format to another, based on set specifications. The hub does not alter the settings or parameters of any of the medical devices to which it connects.

The vulnerability could be exploited by an attacker to capture and replay a session and gain access to the hub. The flaw is due to the SSH server running on the affected products being configured to allow weak ciphers.

The vulnerability would only require a low level of skill to exploit, but in order to exploit the flaw an attacker would need to have network access. The flaw – CVE-2019-18241 – has a CVSS v3 base score of 6.3 out of 10 – Medium severity.

The flaw was reported to Philips by New York-Presbyterian Hospital’s Medical Technology Solutions team, and under its responsible vulnerability disclosure policy, Philips reported the vulnerability to the DHS Cybersecurity Infrastructure Security Agency.

The vulnerability is present in all versions of the EC40 and EC80 hubs and will be addressed in a new release, which will not be available until the end of Q3, 2020.

Until Philips issues the new release, users of the affected hubs have been advised to implement the following mitigation measures to reduce the potential for exploitation.

  1. Only operate the hub within Philips authorized specifications, using Philips approved software, configurations, system services, and security configurations
  2. There is no clinical requirement for these devices to communicate outside the Philips clinical network. The devices should be logically or physically separated from the hospital network.
  3. Users should block access to the SSH port. SSH is not meant to be used for clinical purposes, only for product support.
  4. Use a long and complex SSH password and make sure password distribution is controlled to ensure SSH is used via physical access only.

The post Vulnerability Identified in Philips IntelliBridge EC40/80 Hubs appeared first on HIPAA Journal.

Google Confirms it has Legitimate Access to Millions of Ascension Patients’ Health Records

Posted by HIPAA Journal

Following a report in the Wall Street Journal, Google has confirmed it is collaborating with one of the largest healthcare systems in the United States, which gives it access to a huge volume of patient data.

Google has partnered Ascension, the world’s largest catholic health system and the second largest non-profit health system in the United States. Ascension operates more than 2,600 healthcare facilities in 21 states, including 150 hospitals and over 50 senior living facilities.

The collaboration has given Google access to patient health information such as names, dates of birth, medical test results, diagnoses, treatment information, service dates, and other personal and clinical information.

The project – code name Project Nightingale – had been kept under the radar prior to the WSJ Report, which claimed that at least 150 Google employees have allegedly been able to access patient data as part of the project and that access to patient data had been granted without patients or physicians being informed. Both Google and Ascension made announcements about the Project Nightingale collaboration after the WSJ story was published.

In a November 11 press release, Ascension said it “is working with Google to optimize the health and wellness of individuals and communities, and deliver a comprehensive portfolio of digital capabilities that enhance the experience of Ascension consumers, patients and clinical providers across the continuum of care.”

Google explained in its announcement that it had previously mentioned the collaboration in July 2019 in its Q2 earnings call, in which it stated, “Google Cloud’s AI and ML solutions are helping healthcare organizations like Ascension improve the healthcare experience and outcomes.”

Google explained in its November 11 blog post that collaboration with Ascension is focused on A) Shifting Ascension’s infrastructure to the Google Cloud platform; B) Helping Ascension implement G Suite productivity tools and; C) Extending tools to doctors and nurses to improve care. Google also stated that some of the tools it is working on are not yet active in clinical development and are still in the early testing stage, hence the code name, Project Nightingale.

Another goal of the collaboration is to use Google’s considerable computing capabilities to analyze patient data with a view to developing software that leverages its AI and machine learning technology to deliver more targeted care to patients.

Ascension said the it will be “Exploring artificial intelligence/machine learning applications that will have the potential to support improvements in clinical quality and effectiveness, patient safety, and advocacy on behalf of vulnerable populations, as well as increase consumer and provider satisfaction.”

As a business associate of Ascension, Google has confirmed that access to patient data is legitimate and in full compliance with Health insurance Portability and Accountability Act (HIPAA) Rules. Google has signed a BAA with Ascension and has implemented appropriate safeguards to keep patient information secure and is in full compliance with all requirements of HIPAA.

Ascension has also confirmed that the partnership is “underpinned by a robust data security and protection effort and adherence to Ascension’s strict requirements for data handling.”

While patients may be concerned that Google now has access to some of their most sensitive data, it is not standard practice for healthcare organizations to announce collaborations with third-party companies that provide services that require access to protected health information. However, a proactive announcement rather than a reactive press release may have helped allay fears and concerns.

The post Google Confirms it has Legitimate Access to Millions of Ascension Patients’ Health Records appeared first on HIPAA Journal.

Vulnerabilities Identified in Medtronic Valleylab Energy Platform and Electrosurgery Products

Posted by HIPAA Journal

6 vulnerabilities have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one critical flaw that could allow an attacker to gain access to the Valleylab Energy platform and view/ overwrite files and remotely execute arbitrary code.

The vulnerabilities were identified by Medtronic which reported the flaws to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency under its responsible vulnerability disclosure policy.

Four vulnerabilities have been identified in the following Medtronic Valleylab products

  • Valleylab Exchange Client, Version 3.4 and below
  • Valleylab FT10 Energy Platform (VLFT10GEN) software Version 4.0.0 and below
  • Valleylab FX8 Energy Platform (VLFX8GEN) software Version 1.1.0 and below

The critical vulnerability is an improper input validation flaw in the rssh utility, which facilitates file uploads. Exploitation of the vulnerability would allow an attacker to gain administrative access to files, allowing those files to be viewed, altered, or deleted. The flaw could also allow remote execution of arbitrary code.

The flaw has been assigned two CVE codes – CVE-2019-3464 and CVE-2019-3463. A CVSS v3 base score of 9.8 has been calculated for the flaws.

The products also use multiple sets of hard-coded credentials. If those credentials were discovered by an attacker, they could be used to read files on a vulnerable device. This flaw has been assigned the CVSS code – CVE-2019-13543 – and has a CVSS v3 base score of 5.4.

Vulnerable products use a descrypt algorithm for operating system password hashing. If interactive, network-based logons are disabled, combined with the other vulnerabilities, an attacker could obtain local shell access and view these hashes. The flaw – CVE-2019-13539 – has a CVSS v3 base score of 7.0.

Medtronic has released a patch for the FT10 platform, which should be applied as soon as possible. The FX8 platform will be patched in early 2020. Medtronic notes that the above products are supplied with network connections disabled by default and the Ethernet port is disabled on reboot; however, the company is aware that users often enable network connectivity.

Until the patches are applied to correct the flaws, Medtronic advises users to disconnect vulnerable products from IP networks or ensure those networks are segregated and are not accessible over the internet or via other untrusted networks.

Two further vulnerabilities have been identified in the following Medtronic Valleylab energy and electrosurgery products:

  • Valleylab FT10 Energy Platform (VLFT10GEN)
    • Version 2.1.0 and lower and Version 2.0.3 and lower
  • Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States)
    • Version 1.20.2 and lower

The FT10/LS10 Energy Platform incorporates an RFID security mechanism for authentication between the platform and instruments to prevent inauthentic instruments from being used. This security mechanism can be bypassed. The flaw has been assigned the CVE code, CVS-2019-13531, and has a CVSS v3 base score of 4.8.

The RFID security mechanism does not apply read protection, which could allow full read access to RFID security mechanism data. This flaw – CVE-2019-3535 – has a CVSS v3 base score of 4.6.

A patch has been issued to correct both of these flaws.

The post Vulnerabilities Identified in Medtronic Valleylab Energy Platform and Electrosurgery Products appeared first on HIPAA Journal.

Speakap Confirmed as HIPAA Compliant by Compliancy Group

Posted by HIPAA Journal

The communication platform provider Speakap has announced it has achieved compliance with Health Insurance Portability and Accountability Act (HIPAA) Rules with Compliancy Group.

Speakap has developed a communications platform that helps healthcare organizations communicate quickly and efficiently with their frontline staff, even if they do not have easy access to computers. Through a mobile app, healthcare organizations can maintain contact with deskless workers and communicate with the entire workforce through a desktop version of the app. The app is used by businesses in a wide range of industry sectors; however, in order to offer the communications solution to the healthcare industry, Speakap needed to ensure that its platform, policies, and procedures were in full compliance with HIPAA Rules.

Since the platform can be used to communicate ePHI, Speakap is classed as a business associate under HIPAA and must ensure administrative, physical, and technical safeguards are incorporated into its solution and the company fulfils its responsibilities with respect to HIPAA.

To ensure that the company was fully compliant, Speakap sought assistance from Compliancy Group. Using Compliancy Group’s proprietary software solution, The Guard, and assisted by its compliance coaches, the company successfully completed Compliancy Group’s 6-stage risk analysis and risk remediation process.

Compliancy Group’s HIPAA experts have verified Speakap’s good faith efforts toward HIPAA compliance and have awarded the company its HIPAA Seal of Compliance. The HIPAA Seal of Compliance confirms that Speakap has the safeguards, policies, and procedures in place and has developed and implemented an effective HIPAA compliance program and has met the necessary regulatory standards of the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, HIPAA Omnibus Rule, and the HITECH Act.

“Speakap’s HIPAA compliance builds upon the company’s commitment to offer trusted and secure solutions that comply with the highest industry standards,” said Speakap CEO, Erwin Van Der Vlist. “We’re providing those who require HIPAA compliance the highest levels of trust and the peace of mind they deserve. The platforms we provide are backed by the extraordinary measures we take to deliver industry-leading services.”

The post Speakap Confirmed as HIPAA Compliant by Compliancy Group appeared first on HIPAA Journal.

Compliancy Group Helps Technology Response Team Achieve HIPAA Compliance

Posted by HIPAA Journal

Compliancy Group has announced that Technology Response Team has successfully completed its 6-stage HIPAA risk analysis and remediation process and has demonstrated compliance with the standards of the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules.

Technology Response Team is a Managed Service Provider (MSP) based in Denver, CO that provides a wide range of IT support and cybersecurity services to healthcare organizations in the Denver Front Range and helps them succeed through the use of technology.

The company translates complex computer terminology into language that can be easily understood by its clients and helps them implement IT solutions that improve efficiency and protect against malicious attacks.

Naturally, the services provided to healthcare organizations mean the company will come into contact with systems used to create, receive, store, process, and transmit electronic protected health information. As such, Technology Response Team is classed as a business associate and is required to comply with HIPAA.

Technology Response Team is committed to compliance and by partnering with Compliancy Group has taken its compliance program to the next level. Through the use of Compliancy Group’s proprietary software, The Guard, and assisted by its compliance coaches, Technology Response Team demonstrated that its compliance program covers all aspects of HIPAA Rules and the company is a HIPAA-compliant.

After successfully completing the 6-stage HIPAA risk analysis and remediation process, Compliancy Group awarded the MSP the ‘HIPAA Seal of Compliance’. The HIPAA Seal of Compliance confirms that the company’s good faith effort toward HIPAA compliance have been assessed and verified by Compliancy Group’s compliance coaches as meeting HIPAA standards.

Through the incorporation of HIPAA policies and procedures and staff training, the company is in a better position to serve clients in the healthcare industry and implement solutions that will help with their compliance efforts and secure their systems from malicious attacks.

The post Compliancy Group Helps Technology Response Team Achieve HIPAA Compliance appeared first on HIPAA Journal.