Have you ever heard of medical record indexing? I hadn’t until I met Andrew Fehlman, CEO of Solarity by EDCO. His company works with major US health systems that have implemented top-end electronic medical records like Epic and Cerner. He compares medical record indexing to helping organize a complex inbox full of emails, PDFs, images and other documents. Solarity uses streamlined workflow tools and machine learning to boost accuracy and throughput well beyond what health information management departments can do on their own.
Andrew joined the company straight out of college, working his way up in sales and ultimately to CEO. He’s built up the company, led it through successful growth equity financings, and is positioning Solarity to thrive in the era of interoperability. Solarity has continued growing straight through the pandemic and is looking forward to 2021.
If interoperability seemed like a vague concept a year ago, the COVID-19 pandemic has made it concrete for many people trying to share healthcare information across practice settings. I asked Matthew Michela to comment from his vantage point as CEO of Life Image, which bills itself as the largest medical evidence and image exchange network.
What has the pandemic revealed about data-sharing infrastructure in healthcare? Is the answer different for other industries like financial services?
Healthcare is decades behind financial services when it comes to customer-centric, protected data sharing. The pandemic has magnified the many clinical, operational, and infection risks associated with the outdated data-sharing infrastructure in healthcare, which relies heavily on faxes, paper, and CDs. However, the problem isn’t a lack of technology. The problem has been the business, financial, behavioral, and cultural resistance to data interoperability. This pandemic demonstrated that data interoperability isn’t an existential threat.
In radiology, nearly 80% of the transactions that Life Image sees are the processing of images that are sent on a compact disc (CD) into a digitally shareable format online. During a pandemic, the last thing any clinician wants is for a patient to show up in the ER clutching a CD that has touched multiple points in its workflow. Nor is it in the best interest of patient treatment to lack access to critical data such as a lung x-ray for treatment decisions.
What are the implications for healthcare interoperability?
In recent years, interoperability between large, tertiary hospitals, and their primary referral sites have made gains, but connections with smaller community referral sites and patients remain virtually nonexistent. This has a detrimental impact on care coordination and the risk of disease spread. Complex data is notoriously difficult to access. Locked in proprietary silos, this critical information is not accessible in a timely and efficient manner or requires manual intervention. Faxes, PDFs, CDs, and thumb drives are unreliable, especially during a massive emergency, and having no clinical information available happens way too often. It is imperative, during this public health crisis, that there is a flow of data through digital connections for attending healthcare workers to have as much relevant clinical data in advance as possible. A lesson learned the hard way, data interoperability must be a priority and resources should be reallocated to break down data silos and turn data into information. Frictionless data sharing is no longer an existential threat. All of a sudden, because of the pandemic, the hazards of no interoperability are tangible.
How do the ONC and CMS interoperability rules interact with the pandemic?
COVID-19 has manifested a critical need for exactly what the rules require: the advancement of interoperability and digital online access to clinical data and imaging, at scale, for care coordination and infection control. For decades, accessible healthcare data has been limited to structured data typically found in claims systems and, more recently, electronic health records (EHR). While this information identifies procedure type and cost, it has very limited clinical value. Now, more than ever, it is imperative that healthcare workers have as much relevant clinical data in advance as possible. Access to data for post-acute care monitoring is equally as important, as much of it will be done virtually. Patient data needs to be digitally accessible and analyzed by geographically dispersed care teams. The pandemic demonstrated why the rules were needed long ago and have helped fast-track interoperability even as ONC delayed compliance with the information blocking rules a second time.
What role does the cloud play for healthcare data? What are the advantages and disadvantages? Does the pandemic change anything?
Think out a decade or so. All the data silos are gone, and there will be better access to all sorts of clinical data. This will be because of the cloud. Cloud-based solutions support the availability and scalability of health data. Providers will have access to valuable patient data from numerous sources, enabling better care coordination and treatment decisions. Research teams will be able to access diverse sets of patient data to advance understandings in medicine and drug development. AI developers will be able to more effectively train algorithms on diverse datasets and increase the validity of machine learning. Standardized data in the cloud will accelerate innovation. The cloud is often viewed as a threat by providers or facilities because it means giving up control of data, but it’s not their data to control. Or there tend to be unsubstantiated concerns surrounding the privacy and security of the cloud. In the shadows of big tech, this is where healthcare is heading.
What role is Life Image playing in the pandemic? What adjustments have you made from a year ago?
With nearly 15 years of experience building interoperable tools and a mature digital network, Life Image has a number of established tools to assist during this public health crisis. Patients’ lives can depend on data running across the Life Image network. Our customers depend on our network to provide uninterrupted ability to care, coordinate with other physicians, and to minimize health risks to their own employees. Exacerbated by the pandemic, we launched two new solutions to help alleviate these needs:
Patient Connect Portal (PCP): Given the fact that Covid-19 is a respiratory illness with significant secondary impacts on other organs such as the brain, liver and kidney, the ability to collaborate around medical imaging data and bring that information to the point of care is critical. We launched a comprehensive portal called Patient Connect Portal that gives patients the ability to collect, own and share their health data with their care team. Most patient portals do not give patients ownership of data nor do they have the ability to collect diagnostic images due to the complexity of that type of data. The patient portal combines both diagnostic images with their medical data for a more meaningful clinical picture of a patient’s history.
Life Image Network Connector (LINC): As I previously mentioned, the larger AMCs and urban centers have pretty good connectivity. The severe gaps occur in more remote, rural regions and with smaller healthcare institutions. To alleviate this gap, we created a solution specifically designed for this segment of healthcare innovators, community hospitals, imaging centers and physician groups who don’t have a large IT staff or budgets. LINC provides the ability to quickly get up and running with a solution that enables bi-directional exchange of diagnostic images and reports with other facilities or patients electronically.
Diabetes is a costly illness that affects tens of millions of Americans. Joslin Diabetes Center is a world renowned specialist located in the heart of Boston’s Longwood Medical Center. It seems like it should be booming, but in fact diabetes treatment is not a great business and Joslin has not had strong financial performance.
Cancer, cardiology and orthopedics –with their invasive procedures– are much better for making money. But good diabetes care means coordinating lots of people to examine and guide the patient. That’s expensive to provide but not well reimbursed.
And standalone specialty hospitals, even prestigious ones, need strong connections to integrated health systems if they want patients.
Jean Mixer has been guiding Boston Children’s Hospital into the digital future for the past seven years, so she was more than prepared when the COVID-19 pandemic arrived and suddenly everyone was forced to go remote. I first met Jean at Boston Consulting Group in the 1990s when she led growth strategy projects in healthcare, financial services and consumer goods. We stayed in touch and reunited five years ago when Health Business Group helped Jean put the Children’s digital strategy in place.
In this episode of the HealthBiz podcast, Jean traces her journey from JP Morgan to BCG to her own consulting practice and then to Boston Children’s. She shares her experience as a director of public companies in biotech, medical devices, and banking. And she explains what she’d do if she had a time machine.
Chances are you’ve been hearing a lot about cyberattacks and specifically ransomware in healthcare lately. Attackers take over systems and encrypt files, demanding payment in Bitcoin. They often get away with it.
Attacks like the recent ones on Universal Health Services and ERT that make the papers are just the tip of the iceberg. No one wants to report that something like this happened to them.
Until recently, I had assumed that such attacks were really hard to stop. Some are. But it turns out there are often many ways to thwart ransomware, and often hours or even days in which to do so.
I asked security experts at Gamayan to analyze the UHS attack and was amazed that they found at least 28 ways it could be stopped. Check out the UHS ransomware case study that breaks down the attack and potential response step by step.
If you want to learn how to prevent such attacks at your organization, contact me.
Here’s the timeline of the attack:
16:37 Bazar Malware Executed (Remote IP)
16:48 Domain discovery commands
17:06 Registry discovery commands
17:28 More domain discovery and network checks to domain controllers
17:41 AdFind used to map active directory
18:49 checks again for domain trusts and AdFind using Bazar (FTP exfiltration to remote IP)
20:12 First lateral movement attempt with WMIC (SMB transfer, Multiple payloads tried)
20:23 P64.exe Cobalt Strike beacon run on beachhead host (Remote IP)
21:04 Second P64.exe Cobalt Strike beacon dropped on beachhead host (New remote IP)
21:09 Next lateral movement attempt via a service and PowerShell (First Successful Lateral Movement)
21:10-22:06 Continual lateral movement using Cobalt Strike beacons via SMB across the environment
21:43 Windows Defender begins to be disabled using Powershell commands
21:45 First RYUK ransomware executable transferred to the backup system (Ryuk Executed)