Uncategorized

Why Healthcare Should Be Worried About the Target Cyber Attacks

If you are a CEO or COO of a health care organization, and your IT people have been trying to get your attention, it’s time to have a serious sit-down with them.

If they haven’t been trying to get your attention, it’s time to have an more serious sit-down with them, complete with charts and graphs and arrows on fip charts.

Here’s why: Remember in November it was revealed that the Target retail chain’s computer systems were compromised? Some 70 million names, home addresses and phone numbers were stolen (pretty good raw material for identity theft) and 40 million credit card numbers.

It has turned out since then that some two dozen other companies, including Neiman-Marcus, the Michael’s arts-and-crafts chain and the White Lodging Services hotel management firm, have been hacked in similar ways, with the attackers software sitting in the companies’ servers, credit card machines and cash registers often for months before they were detected, sucking down every transaction, every bit of data moved about.

Hey wait, you say, I have every confidence in our computer security. Why we passed a security audit just recently.

Heh. So did Target — just before they discovered the break-in. They got a clean bill of health, and the auditors failed to find the malware installed on every server, every credit card terminal, every cash register.

Why? Because the attackers have gotten way more sophisticated, and they used new techniques and methods of entry. You can now buy ready-made hacking software designed to do this on the Internet for less than $1000.

Here’s the kicker: Target has security guards at the doors, it has those beeper tags on small high-value items so you can’t sneak them out without paying for them, it has burglar alarms — but the perps in the biggest heist in the company’s history entered through the thermostat.

Got that? The thermostat.

Big-box stores have pretty sophisticated HVAC. Hospitals have much more sophisticated HVAC systems. Big-box stores typically outsource the management of such systems to outside firms. Most hospitals do the same. The outside contractor monitors and controls the HVAC over the Internet.

All the sensors, thermostats, switches, control valves and such report to software on the store’s servers. To allow this, the outside contractor is given password-controlled access to the store’s computer system.

How many of your systems, such as HVAC, water/sewage, security, and so on, are connected to the Internet, so that they can be remotely monitored? If you’re doing it right, there are a lot of them, and many are outsourced. Think about that, then read these two paragraphs from a New York Times article the other day:

“Remote access to these systems is really common and integrators are almost always on the corporate network,” said Billy Rios, director of threat intelligence at Qualys, a cloud security firm. Mr. Rios said that the security at such companies tended to be poor and that vendors often used the same password across multiple customers.

Over the last two years, Mr. Rios and Terry McCorkle, also of Qualys, said that they found 55,000 HVAC systems connected to the Internet. In most cases, they said, the systems contained basic security flaws that would allow hackers a way into companies’ corporate networks, or the companies installing and monitoring these systems reused the same remote access passwords across multiple clients.

—     Nicole Perlroth, “Heat System Called Door to Target for Hackers,” NY Times, Feb. 5, 2014

If that didn’t make your blood feel like it’s been run through a chiller, it ought to. How certain are you that your patient and payment information is separated by an impenetrable wall from your plant-monitoring information? What about your system makes it invulnerable to this style of attack? How is the data in your system encrypted against anyone who might penetrate the firewall?

Hey wait, you say, we’re not a high-value target. We don’t have millions of credit card numbers. And why would anyone want to steal millions of health plan account numbers? Or even millions of medical histories?

Maybe you’re right. But think about this: We are in the middle of a massive move not only to computerize the entire patent experience, but to pull together all the different pieces into comprehensive records that include enormous amounts of personal information, from address and credit card information to sexual health, addiction and other embarrassing private stuff.

Keep in mind that the ACA and other recent changes will greatly ramp up the amount of substance abuse and other behavioral health issues that are covered as part of the mainstream record.

Now picture a black hat advertising on hacking forums: “We can get you the medical records of anyone — any celebrity, wealthy person, or blackmail target.” And they can say that because they have penetrated the nets of information that flow between hospitals and payers, as well as the internal systems of hospitals and clinics.

But it’s even more important than that. Health systems, clinics, and hospitals depend on their customers having a feeling of trust and safety in bringing their problems and medical details to you. If people feel that you’re a sieve, they will take their problems elsewhere. You seriously do not want your institution named in a headline about a data breach.

So CEOs, COOs: Time for a good long detailed talk with your IT people.

With nearly 30 years’ experience, Joe Flower has emerged as a premier observer on the deep forces changing healthcare in the United States and around the world. As a healthcare speaker, writer, and consultant, he has explored the future of healthcare with clients ranging from the World Health Organization, the Global Business Network, and the U.K. National Health Service, to the majority of state hospital associations in the U.S.

You can find more of Joe’s work at his website, imaginewhatif.

38 replies »

  1. I think that it’s best to regularly monitor any healthcare systems as much as they could in order to detect and apply security measures at the incidents of attack/s.

    Even the outsourcing industries are applying extra security features to tighten up their systems. We just have to be very careful of choosing the most trusted and reliable provider.

  2. Hey, Chuck! Wow, really? That’s amazing. Really makes you wonder about the dynamics in the management of security there.

  3. The Target war story was worse than you describe. Target did have intrusion detection software in place. It did sound alarms. Nobody responded to the alarms. No remedial action was taken and no emergency protective changes were put into place for more than a week after outsiders pointed out to Target that they had been hacked.

  4. You’re welcome. Thanks for your interest and thoughtful comments.

    I suspect that I have a different set of priorities than many of the healthcare cognoscenti. I’d like to at least be able to crawl a little before I try to run a three minute mile!

    My primary concern today focuses on the relationship between patient and provider. This the low hanging fruit. And what we have spelled out today, is just a start. It will serve as a base from which we can do things that today are unimaginable.

    Today, I want to help providers improve the quality of care they give individual patients and reduce its cost. We do that by giving them instant access to the patient’s complete medical record. At the same time, I want to bring the patient into his/her health equation and we do that by giving them their records so they can read them, add addenda to correct mistakes or add comments, etc.

    Once we are on our way toward improving care at the delivery level, we can reach for higher hanging fruit. We can broaden our sights to public health issues and how to satisfy them.

    At that point, some form of HIEs undoubtedly will be necessary but they no longer will have to meet the same patient identification, security and privacy issues as today because they won’t be needed by providers at the delivery level. We’ll be able to tolerate less than 100% accuracy and be able to use whatever these “new” HIEs look like to deal with health issues on a macro level.

  5. Ah! That is indeed much more comprehensive and compatible with the workflow than I imagined — since your initial post was arguing against using health information exchanges. Your system sounds like an excellent one if used in parallel — and it is not an argument for not using health information exchanges. Thanks for the clarification.

  6. Joe and Bobby,

    Let me clarify two points. First, if you’ll visit the FAQs section of our website, you’ll understand that the scope of our MedKaz system is far broader than you envision. There is nothing like it, so I appreciate you have no frame of reference. (I apologize in advance to any readers offended by specifics about the MedKaz System but I don’t know any way to correct misunderstandings without getting into specifics.)

    Most importantly, while MedKaz is patient-centric and gives the patient a copy of all his/her records from all his/her providers, it does NOT replace provider paper or EMR systems. It COEXISTS with and complements them. Thus, the doc has his/her records for his/her patients and can use them as he/she needs them; the patient has all his/her records from all his/her providers — past and current.

    It, indeed, is a “parallel system.” However, that doesn’t mean information has to be entered manually into two systems. Today, even without automatic interfaces, the provider — with the patient’s permission — can download a record from the patient’s MedKaz to his/her system with one click, and his/her assistant can fax a record to us, or upload a record to our server (for us to process and download to the patient’s MedKaz) by accessing our Care Provider portal. Either way, it’s a simple, almost instantaneous process.

    Down the road, it will be even simpler. As providers find how helpful MedKaz is in treating their patients and how it increases their income, we expect providers will tell their vendors they want automatic interfaces between their EMR system and MedKaz. When that happens, a record will be automatically uploaded to our server when the doc signs his/her notes. You can’t beat that for simplicity! (Our API spells out other interfaces as well.)

    Second, MedKaz blends seamlessly into a provider’s workflow and saves them time with each patient. When they log on, information is waiting for them, including a Referral Request if the patient was referred by another doctor, a Complaint Report based on the Instant Medical History if the patient completed a Pre-Visit Questionnaire, and an up-to-date Health Summary listing prior illnesses and surgeries, chronic illnesses, current meds, allergies, immunizations and a list of all care providers the patient has seen since they last saw their doctor (with the reasons they saw him/her) or, if the patient is seeing the provider for the first time, a list of every provider he/she has seen in the prior six months.

    The doc reviews this information in seconds, thereby saving the minutes they now spend trying to elicit this same information, and can talk with/treat the patient. As they examine the patient, they can search the patient’s MedKaz for relevant records, reports and information and with two or three clicks read complete notes. It couldn’t be simpler or easier!

    I should add that MedKaz also gives providers who still use paper what I think of as an EMR light — a Patient Record Manager (PRM). It has the same look, feel and functionality as the patient’s MedKaz except that it includes all their patients — so they can identify patients subject to a drug recall or care alert, etc. The provider simply downloads the same encounter record to his/her PRM as the patient downloads to his/her MedKaz. Thus, even though the doc keeps paper records, he/she can access a patient’s records on his or computer anytime, anywhere. Hopefully, it will convince them to adopt an EMR system!

  7. It not only glosses over the clinician’s workflow reality, if it were used by most patients. it would drop out of current and future workflow reality any possibility of tracking patients when they are not present, of for instance calling all your diabetes patients periodically, making sure that they are on track and offering help to adjust their medications or a talk with a nutritionist.

    If you are imagining that the clinician or the clinician’s office or the system they work for is keeping track of all that stuff (including when the person was last in, what their A1c number was, their weight, whether they have seen a podiatrist), then you are imagining a parallel system. Such a vision not only doubles the information workload (everything has to be entered in both systems), it also does not meet your apparent criterion of making health information exchanges unnecessary.

    Being able to sift through all of the data for all the patients under the care of a given group of PCPs (at least) or a given system has proven to be highly effective in not only helping people toward better health but also lowering their costs — as have, to a lesser extent, regional health information exchanges.

    If you want to give that up, you’re not playing to the same scoreboard that I am — or that most people are.

  8. “Giving the patient their records so they move with the patient (rather than “follow” the patient as Dr.Mostashari likes to say), doesn’t replace the PCP or the other healthcare resources. It merely ensures that any provider treating the patient has access to the patient’s complete record and, thereby, can avoid mistakes, unnecessary tests, etc. It especially benefits the chronically ill patient who goes from doctor to doctor or hospital to hospital for care.”
    __

    A noble sentiment. One that glosses over clinicians’ workflow reality.

  9. Joe,

    I apologize for not describing our system in detail in these comments but I don’t want to come across as “selling” our system (to learn more about it, visit our website). I’m merely trying to say here that there is at least one viable alternative to the approach we as a country are taking to achieve better, coordinated, lower cost care — and that we should be open to considering it and any other innovative approaches. The stakes are simply too high to ignore systems that work, especially if they work today and form a basis for even greater improvement in care tomorrow.

    I don’t understand how you concluded that “Your solution sounds like it works great as long as the patient himself (or the patient’s family or caregivers) serve as the care coordinators. The solution assumes patients who have the energy, the education, and the focus to take charge of their own health and drive all the questions forward without any help.”

    MedKaz assumes just the opposite. Giving the patient their records so they move with the patient (rather than “follow” the patient as Dr.Mostashari likes to say), doesn’t replace the PCP or the other healthcare resources. It merely ensures that any provider treating the patient has access to the patient’s complete record and, thereby, can avoid mistakes, unnecessary tests, etc. It especially benefits the chronically ill patient who goes from doctor to doctor or hospital to hospital for care.

    Put another way, if a patient has a PCP, MedKaz helps the PCP understand the care the patient received in the past and is receiving in the present if the patient sees other providers, too. Similarly, it helps other providers the patient might see or transition to, such as between PCP and hospitalist, hospital and assisted living facility, etc.,understand the patient’s health issues. That’s not doable in most situations today with today’s EMR or paper systems and won’t be doable, if at all, for several more years. In the meantime, hundreds of thousands are made sicker or killed and we waste hundreds of billions of dollars from medical mistakes!

    If a patient has no one looking out for his or her care and goes from ER to ER or doc to doc, MedKaz helps ensure they receive coordinated, consistent care by making the patient’s records available to any provider they see. Again, this is not doable with established systems today.

  10. “there is a consensus among pretty much everyone who is trying to reform health care that two of the many goals are:
    1) People must have some choice in their providers. There is little or no support for any system that simply mandates where people will get care.
    2) We must improve continuity of care,not only for highly significant cost savings, but for better care, for saving the life and decreasing the suffering of the patient”

    ???????

    Those are are running the show (CMS, large insurers, hospital mega-corps) are aggressively working to prevent those two goals.

  11. That does sound a lot better. So your interface makes it far more than a stack of searchable PDFs? That’s great.

    But it still does not solve the problem of care coordination and how to manage the health of populations. Your solution sounds like it works great as long as the patient himself (or the patient’s family or caregivers) serve as the care coordinators. The solution assumes patients who have the energy, the education, and the focus to take charge of their own health and drive all the questions forward without any help.

    You may like that image, you may feel you fit that image, and you may be right. I would bet all your customers do, too — otherwise they would not be your customers.

    But to crack the nut of how we get to a health care system that is better for everyone as well as far cheaper, we can’t only design solutions for the active, engaged, thoughtful patient. We have to look especially at those people who are chronically among 5% who drive half of all health care costs, or the 1% who drive 20% of health care costs. If they are chronically in that category, we have to ask why they are there, how we can help them, and how we can reach them. You can do that without being able to look at health care in aggregate, at least across a system, at least across a region. We have to find ways to help people who slip through the cracks, who don’t have a trusted connection with the health care system, someone to help them untangle the knot.

    You may not want that kind of help, and you may not need it, and that’s fine. But other people do, and we need to be able to find them in order to help them.

  12. Bobby and Joe,

    Our experience has been that docs are suspicious of patients bearing records, but when they need information, they’re delighted to find it so readily available — and they use it.

    In my own case, I recently had a followup visit with an ophthalmologist where having his complete progress notes on my MedKaz avoided a second visit. After waiting four months and having my pupils dilated, the doc said he’d have to reschedule my appointment because his EMR system was down. When I showed him his progress notes on my MedKaz, he expressed great delight, examined my eyes, declared everything in order and said “see you in a year.”

    I and other MedKaz users have had enough similar experiences to recognize that gaining acceptance by docs may be slower than we might wish, but if the product is designed right and helps them provide better, coordinated care — and even increases their income, they’ll embrace it.
    — — — — — —
    “To be used effectively, any record system has to be part of their normal workflow, formatted in ways that they are used to, searchable in ways that are normal to them in their everyday work. No .pdf is searchable in ways that are common in good EHRs. For instance, it cannot create a time series out of a bunch of discrete measurements of, say, blood albumin level.”

    Agree that a system should blend into the doc’s workflow and give them access to the info they want. But since each vendor’s EMR system differs from other vendors’ systems, there really is no standard formatting. Thus, our approach has been to create a simple, easy to use GUI that any doc familiar with any system can master MedKaz in less than a day, and use to provide better care. And it works.

    With regard to pdf functionality, once a document is searchable, data also is extractable. Thus, it is possible in our MedKaz system to not only display documents but also to manage the data in progress notes, operative and discharge reports, meds lists, vitals, etc. in very imaginative ways. In short, the searchable pdf is the starting point. It makes it possible to electronically search for specific records, create reports drawing from data contained in multiple records, send records either as pdfs or structured data to provider systems or other designated recipients, etc. The sky’s the limit to what you can do!

  13. I am happy to hear your company is providing an alternative, Merle. It would seem to be only a partial answer to the problem, though.

    Bobby actually points out one of the main problems: Doctors are busy and think of themselves as busy. To be used effectively, any record system has to be part of their normal workflow, formatted in ways that they are used to, searchable in ways that are normal to them in their everyday work. No .pdf is searchable in ways that are common in good EHRs. For instance, it cannot create a time series out of a bunch of discrete measurements of, say, blood albumin level.

    This is similar to Kaiser, whose latest health information architecture actually works very well across their huge system. But doctors working elsewhere complain that when they get a Kaiser patient and ask for their records, what they get is a huge paper printout with no way to sort quickly through it for the relevant information.

  14. “At the risk of being censored or having these comments deleted by THCB’s editors…”
    ___

    Oh, pul-eeeze. The only thing they censor here is my REC Blog link.
    __

    “aggregates the patient’s complete record, both paper and electronic, from all their providers on a MedKaz Green Drive which the patient owns and carries in their wallet, on their key chain, or wears. ”

    Well, I carry my full progress notes from my former Primary on a USB drive, in editable .rtf format. My new docs don’t seem interested in downloading and viewing them.

  15. Joe,

    I agree completely that patients should be able to choose their care providers and that their records should be available to any care provider who treats them.

    But I completely disagree with your conclusion that “There is simply no practical way of achieving those two goals without some kind of digital health information exchange.” The truth is HIEs have almost insurmountable problems and don’t work beyond small networks.

    At the risk of being censored or having these comments deleted by THCB’s editors, I will tell you that there is a very simple, practical way to not only accomplish what you want, but even more. Adopt the “revolutionary” patient-centered health record system called MedKaz®. (Full disclosure: our company, Health Record Corporation, created it.)

    MedKaz gives the patient control of their complete medical record from ALL their providers and enables any provider to electronically access it at the point of care, anytime, anywhere, at home or away, in or out of network — even without Internet access. And it empowers patients to review their providers’ notes and participate in their care decisions.

    How does it work? It aggregates the patient’s complete record, both paper and electronic, from all their providers on a MedKaz Green Drive which the patient owns and carries in their wallet, on their key chain, or wears. When they see a care provider, they give it to him or her. With two or three clicks the provider can sort, search for and access specific records. They are displayed as pdf documents in a browser. At the end of the visit, the provider updates it for the patient — and is paid to do so. Couldn’t be simpler, easier to use and learn, more practical or more useful. It’s encrypted, HIPAA compliant and best of all, available today at a very affordable price.

  16. Joe, 1) and 2) are worthy endeavors and require health information sharing with patient consent, data minimization and transparency. These are the core of what’s known as Fair Information Practice.

    Today’s HIE designs are coercive (they’re designed as an involuntary surveillance mechanism) and hidden (the patient is not notified when their health data is accessed or shared). Data minimization is limited to the strict requirements of federal law rather than what the patient or reasonable physicians would do routinely (how much of your child’s health record do you want in her permanent file forever?).

    In 2014, it’s not unreasonable for patients to be in control of data sharing, to be identified accurately rather than “probabilistically”, and to be notified of data access in real time. This is the essence of provider choice and care coordination.

  17. It is fair to say that there is a consensus among pretty much everyone who is trying to reform health care that two of the many goals are:

    1) People must have some choice in their providers. There is little or no support for any system that simply mandates where people will get care.

    2) We must improve continuity of care,not only for highly significant cost savings, but for better care, for saving the life and decreasing the suffering of the patient.

    There is simply no practical way of achieving those two goals without some kind of digital health information exchange.

    So the security of that HIE is a problem to be solved, not a reason to do without an HIE.

    If you wish to argue either that people should have no choice whatsoever of providers, or that continuity of care is not important, or that old-fashioned paper records were a perfectly viable way to provide it, you have a lot bigger argument on your hands, one that simply dismissing the situation as “ironic” won’t carry.

  18. Isn’t it ironic? The need for data security in single organizations is enormous, as pointed out so clearly in this post. Yet in healthcare we continue down the path to link multiple individual organizations via HIEs — thereby opening the door for hackers to breach multiple organizations in one fell swoop!

    On second thought, maybe the fact that we have not found a way to link everyone in a nationwide HIE is a gigantic blessing in disguise!

  19. This is far more amazing than any hacking could ever be. How did John H find time to write a book? He has his ball busting day job, his ONC work, his wife’s illness to help manage, his farm to work on, he writes all teh time on his blog

    Has he got one of those Hermione Granger time shifting clocks?

    The public has a right to know!

  20. Before I retired, I worked for a major phone company and a large bank. While I worked for the phone company, it came to light that wiretapping was trivially easy for any employee or anyone who wanted to get to that system from the outside. That has since been fixed, but it illustrates the kind of problem that exists today.

    Medical corporations such as hospitals need to think about who would want to abuse the system and what will happen when they are raked over the coals publicly for letting it happen.

    The motive might not be destruction or stealing money. Sometimes the motive is to blackmail a patient. Or maybe the motive is revenge by killing a patient hooked up a computerized system keeping him or her alive. The motive could be identity theft.

    I could come up with many more reasons why someone would want to attack a medical records system in a hospital or elsewhere.

    Once you’ve convinced yourself that there are very good reasons for bad guys to come after you, take two NSAIDs and and get to work looking at vulnerabilities and start fixing them.

  21. About Business Associate status – As described in the article the HVAC contractor is not accessing/creating protected health information on behalf of the HIPAA-covered healthcare provider and, thus, the HVAC contractor is not a HIPAA Business Associate. Nonetheless, the scenario points healthcare providers to the need to treat such contractors’ activities as a source of security risk and to manage accordingly.

  22. Academia has the same problem — fat, dumb, and happy administrators all pulling down high 6-figure salaries, while the bulk of actual teaching is done by adjuncts getting paid Happy Meal Money.

  23. Adrian: it certainly won’t be the people currently in charge. No industry in America is more infused with the Peter principle than healthcare, especially in the administrative ranks of hospitals and health systems.

    The intellectual deadwood that got us here is fat, happy, and rich, so there’s no need, in their sclerotic brains anyway, to change. As long as there is a new BMW in the driveway every couple of years, and junkets to the Caymans, why change.

    American healthcare needs a wholesale housecleaning and top to bottom infusions of new blood, brains, and guts.

  24. “Hospitals have much more sophisticated HVAC systems. Big-box stores typically outsource the management of such systems to outside firms. Most hospitals do the same. The outside contractor monitors and controls the HVAC over the Internet.”
    __

    Under HIPAA Omnibus, such companies are BAs (Business Associates) and must have BAAs in place (Business Associate Agreements) that specify their compliance particulars that map to the myriad pertinent details of 45 CFR 164.308 for starters (ePHI security). I hope HHS/OCR will be auditing them.

  25. Thanks Vik. If we expect to benefit from digitized health information on a large scale, we need to hold our hospitals and their information systems to a much higher standard of performance than even our banks.

    Dilbert’s author calls the approach of the hospital executives you mention a “confusopoly”.

    My bank and my credit card manage to give me a real-time accounting for disclosures even on my smartphone. Their transaction costs are reasonable. My hospital has huge transaction costs and they still force me to use paper forms whenever it suits them. They seem to think that because I’m putting my life in their hands the “trust me” model extends to opaque consent and transparency practices.

    Who will lead the health services sector out of the confusopoly era?

  26. An excellent article about yet another fairy tale component of our healthcare system. Hospital executives live in a parallel universe from the rest of us; in their universe, money grows on trees (also called tax payers), market share matters more than clinical excellence, and data security is just one of those things that will have to take care of itself.

    The fundamental problem with the security of patient information is that it has never had any. Paper files in physician offices, clinics, and hospitals have been insecure since they very first encounter sheet was penned. And that nonchalance has carried right over to today.

    I am one of the Target customers whose data was compromised, and I have a new American Express card because of it. I won’t shop there anymore. At all. I am quite happy to shop at the WalMart that is virtually next door. Teaching consumers to discipline healthcare providers by taking their business elsewhere is a critical step. And, consumers should also leverage social media to broadcast word of data breaches by their healthcare providers.

    I like Adrian’s suggestion of Google-style alerts (or even two-step authentication before someone is allowed to view a record) a lot. But, it’s both too simple, too smart, and too useful for hospitals to embrace it. Hospital executives thrive on complexity, obtuseness, and brainless bureaucracy because they think those things equate with intelligence.

  27. Modern EHRs do have proper accountability built into them: Who accessed, who made which change and when, with access restricted to different parts of the record, so that the registration people don’t see the medical facts, and the nurses don’t see the financial information.

    Real-time accounting for disclosures should certainly be there for inadvertent or illegal access, or for anyone accessing it through the patient’s own access. But think about it: Your bank does not let you know every time something within interacts with your bank records (a payment arrives or goes out, for instance, or interest is re-calculated). If it did, you would be overwhelmed with useless information. It would have the paradoxical effect of teaching people to ignore all those notices. EHRs can be even more complex, with many legit accesses, especially while you are going through a health event of some kind.

  28. That ship has left the dock. In fact it’s over the horizon by now. It would be like demanding that the banking system keep your account, with all its transactions and all the communications with other financial institutions, solely on paper. Or demanding that the airline you use keep no digital copy of your ticket.

    It’s not going to happen. And the reasons are legion. Patients more and more live their lives through their devices. If you are going to reach them, work with them, interact with them, we will have to go not only digital but mobile, in a major way. Health information exchanges reduce people going unnecessarily to the EHR, increase primary visits by the same amount, and drop repetitive scans and tests. Most importantly, it is impossible to penetrate a paper system to see where the choke points are, where the quality problems are, how you can help people better, who is getting lost in the system.

    A better, far cheaper healthcare system must be digital and mobile, and all of that is necessarily based on the comprehensive, secure EHR.

  29. Great post! Target has a pharmacy. The pharmacy is likely on the network. Does that mean that Target had a HIPAA Business Agreement with the HVAC vendor before giving them access?

    Joe’s story is just the beginning. Perimeter security did not help Target (it passed the audit) and it did not help the NSA (an update to the network was pending in the office Snowdej used). It’s old technology in the days when staff brings their own device, thermostats and other things are on the Internet and the network changes hour by hour.

    It’s time hospitals stop pretending our records are safe behind firewalls and start encrypting everything and monitoring everyone, including the doctors who access. Commercial systems to do this are available.

    It’s also time for patients to have a real-time accounting for disclosures. My bank and Google and Apple all send me a simple email whenever someone makes a change to security-sensitive parts of my account. Why won’t my hospital send me a text or email when someone opens my record?

  30. Thanks for your informative article…..
    You really give some thinkable points that we have to understand….

    Keep it up….i’ll wait for your next article….
    thx again.

  31. yup, go ahead and put your private information out there for all to see and abuse, at will.

    The entire EHR scene is an accident waiting to happen.

    There needs to be an opt out for all patients. I do not want my records in an EHR. Paper is just right, thank you.

  32. In the 90s it was amateur hackers fooling around. Today we are facing highly sophisticated, motivated and inventive criminal enterprises. I am not hugely confident that health care CIOs are keeping up with the arms race.

  33. I am waiting for the first large scale “unauthorized release” of patient electronic medical records.

    Just like all the other incidents, including NSA data, it is a virtual certainty. The question is when.

  34. The CEOs may not be listening, but not sure how much the CIOs are saying about the topic, given that they’re ones responsible for setting up the defenses in the firat place