With the digitization of health care records, you’d kind of expect that electronic medical records could talk to one another. Alas, the US healthcare system is still a veritable tower of Babel. It’s a real mess for patients, doctors, hospitals, labs, etc. trying to share information. And the pandemic has made things worse as people get testing and care in different places than they’re used to. Thanks to healthcare, the fax machine is still alive and well in the third decade of the 21st century.
But people like Drew Ivan haven’t given up. They’re working nonstop to turn the promise of healthcare interoperability into reality. As Chief Product and Strategy Officer of Lyniate, Drew is building digital connections throughout the healthcare ecosystem.
If interoperability seemed like a vague concept a year ago, the COVID-19 pandemic has made it concrete for many people trying to share healthcare information across practice settings. I asked Matthew Michela to comment from his vantage point as CEO of Life Image, which bills itself as the largest medical evidence and image exchange network.
What has the pandemic revealed about data-sharing infrastructure in healthcare? Is the answer different for other industries like financial services?
Healthcare is decades behind financial services when it comes to customer-centric, protected data sharing. The pandemic has magnified the many clinical, operational, and infection risks associated with the outdated data-sharing infrastructure in healthcare, which relies heavily on faxes, paper, and CDs. However, the problem isn’t a lack of technology. The problem has been the business, financial, behavioral, and cultural resistance to data interoperability. This pandemic demonstrated that data interoperability isn’t an existential threat.
In radiology, nearly 80% of the transactions that Life Image sees are the processing of images that are sent on a compact disc (CD) into a digitally shareable format online. During a pandemic, the last thing any clinician wants is for a patient to show up in the ER clutching a CD that has touched multiple points in its workflow. Nor is it in the best interest of patient treatment to lack access to critical data such as a lung x-ray for treatment decisions.
What are the implications for healthcare interoperability?
In recent years, interoperability between large, tertiary hospitals, and their primary referral sites have made gains, but connections with smaller community referral sites and patients remain virtually nonexistent. This has a detrimental impact on care coordination and the risk of disease spread. Complex data is notoriously difficult to access. Locked in proprietary silos, this critical information is not accessible in a timely and efficient manner or requires manual intervention. Faxes, PDFs, CDs, and thumb drives are unreliable, especially during a massive emergency, and having no clinical information available happens way too often. It is imperative, during this public health crisis, that there is a flow of data through digital connections for attending healthcare workers to have as much relevant clinical data in advance as possible. A lesson learned the hard way, data interoperability must be a priority and resources should be reallocated to break down data silos and turn data into information. Frictionless data sharing is no longer an existential threat. All of a sudden, because of the pandemic, the hazards of no interoperability are tangible.
How do the ONC and CMS interoperability rules interact with the pandemic?
COVID-19 has manifested a critical need for exactly what the rules require: the advancement of interoperability and digital online access to clinical data and imaging, at scale, for care coordination and infection control. For decades, accessible healthcare data has been limited to structured data typically found in claims systems and, more recently, electronic health records (EHR). While this information identifies procedure type and cost, it has very limited clinical value. Now, more than ever, it is imperative that healthcare workers have as much relevant clinical data in advance as possible. Access to data for post-acute care monitoring is equally as important, as much of it will be done virtually. Patient data needs to be digitally accessible and analyzed by geographically dispersed care teams. The pandemic demonstrated why the rules were needed long ago and have helped fast-track interoperability even as ONC delayed compliance with the information blocking rules a second time.
What role does the cloud play for healthcare data? What are the advantages and disadvantages? Does the pandemic change anything?
Think out a decade or so. All the data silos are gone, and there will be better access to all sorts of clinical data. This will be because of the cloud. Cloud-based solutions support the availability and scalability of health data. Providers will have access to valuable patient data from numerous sources, enabling better care coordination and treatment decisions. Research teams will be able to access diverse sets of patient data to advance understandings in medicine and drug development. AI developers will be able to more effectively train algorithms on diverse datasets and increase the validity of machine learning. Standardized data in the cloud will accelerate innovation. The cloud is often viewed as a threat by providers or facilities because it means giving up control of data, but it’s not their data to control. Or there tend to be unsubstantiated concerns surrounding the privacy and security of the cloud. In the shadows of big tech, this is where healthcare is heading.
What role is Life Image playing in the pandemic? What adjustments have you made from a year ago?
With nearly 15 years of experience building interoperable tools and a mature digital network, Life Image has a number of established tools to assist during this public health crisis. Patients’ lives can depend on data running across the Life Image network. Our customers depend on our network to provide uninterrupted ability to care, coordinate with other physicians, and to minimize health risks to their own employees. Exacerbated by the pandemic, we launched two new solutions to help alleviate these needs:
Patient Connect Portal (PCP): Given the fact that Covid-19 is a respiratory illness with significant secondary impacts on other organs such as the brain, liver and kidney, the ability to collaborate around medical imaging data and bring that information to the point of care is critical. We launched a comprehensive portal called Patient Connect Portal that gives patients the ability to collect, own and share their health data with their care team. Most patient portals do not give patients ownership of data nor do they have the ability to collect diagnostic images due to the complexity of that type of data. The patient portal combines both diagnostic images with their medical data for a more meaningful clinical picture of a patient’s history.
Life Image Network Connector (LINC): As I previously mentioned, the larger AMCs and urban centers have pretty good connectivity. The severe gaps occur in more remote, rural regions and with smaller healthcare institutions. To alleviate this gap, we created a solution specifically designed for this segment of healthcare innovators, community hospitals, imaging centers and physician groups who don’t have a large IT staff or budgets. LINC provides the ability to quickly get up and running with a solution that enables bi-directional exchange of diagnostic images and reports with other facilities or patients electronically.
Mike Totterman and Alex Zapesochny grew up on the same street of immigrants in Rochester, NY. Two decades later they joined with Sasha Latypova to co-found iCardiac Technologies, a high-tech success story that helped pharmaceutical companies measure cardiac safety in clinical trials. Now, with Clerio Vision they’re plotting to revolutionize the world’s eyesight with innovative contact lenses and a noninvasive procedure to replace LASIK. I’ve been along for the ride, as an investor and board member in both companies.
In this episode of the HealthBiz podcast, Alex and Mike talk about entrepreneurship, spinning technologies out of universities, making partnerships last, and what they do in their spare time.
As I re-listened to the interview, I was struck by the wisdom they shared about how to turn a cool technology into a real business. It’s hard to do but there are some best practices to follow.
Chances are you’ve been hearing a lot about cyberattacks and specifically ransomware in healthcare lately. Attackers take over systems and encrypt files, demanding payment in Bitcoin. They often get away with it.
Attacks like the recent ones on Universal Health Services and ERT that make the papers are just the tip of the iceberg. No one wants to report that something like this happened to them.
Until recently, I had assumed that such attacks were really hard to stop. Some are. But it turns out there are often many ways to thwart ransomware, and often hours or even days in which to do so.
I asked security experts at Gamayan to analyze the UHS attack and was amazed that they found at least 28 ways it could be stopped. Check out the UHS ransomware case study that breaks down the attack and potential response step by step.
If you want to learn how to prevent such attacks at your organization, contact me.
Here’s the timeline of the attack:
16:37 Bazar Malware Executed (Remote IP)
16:48 Domain discovery commands
17:06 Registry discovery commands
17:28 More domain discovery and network checks to domain controllers
17:41 AdFind used to map active directory
18:49 checks again for domain trusts and AdFind using Bazar (FTP exfiltration to remote IP)
20:12 First lateral movement attempt with WMIC (SMB transfer, Multiple payloads tried)
20:23 P64.exe Cobalt Strike beacon run on beachhead host (Remote IP)
21:04 Second P64.exe Cobalt Strike beacon dropped on beachhead host (New remote IP)
21:09 Next lateral movement attempt via a service and PowerShell (First Successful Lateral Movement)
21:10-22:06 Continual lateral movement using Cobalt Strike beacons via SMB across the environment
21:43 Windows Defender begins to be disabled using Powershell commands
21:45 First RYUK ransomware executable transferred to the backup system (Ryuk Executed)