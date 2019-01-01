Topics
Reimbursement
More than half of rural hospitals could close under a public health option
Half of rural hospitals could close under public health option
Revenue Cycle Management
Healthcare revenue cycle management market projected to be worth $104 billion by 2025
Rev cycle market worth $104B by 2025
Strategic Planning
Close to one-third of healthcare employees have never received cybersecurity training, report shows
One-third of healthcare employees lack cybersecurity training
Capital Finance
U.S. spends more on healthcare, but not on social services spending, study finds
Higher social spending linked to higher healthcare spending
Supply Chain
Optimizing the total performance of a healthcare supply chain means data and clinical integration
Optimizing the total performance of the supply chain
Accounting & Financial Management
Charity care spending among California hospitals is plunging
CA hospitals: Charity care plunging
Budgeting
Health systems allocate just 5-10% of total spending on primary care, despite benefits
Public and private payers underinvest in primary care
Quality and Safety
Medical devices pose cybersecurity and patient threat
Medical devices pose cybersecurity threat
Billing and Collections
Surprise medical bills in ER and inpatient settings are soaring, JAMA finds
Surprise medical bills are soaring
Claims Processing
BCBS Institute and Solera partner, pay SDoH organizations through outcomes-based medical claims
BCBS Institute, Solera, to pay organizations through outcomes-based claims
Workforce
Up to 14% of internal medical residents have been bullied during training, Johns Hopkins found
14% of internal medicine residents have been bullied
Operations
Insurers' collective premium rate increases are less than 1% for 2020 ACA plans
ACA insurers request rate hikes of less than 1%
Medical Devices
Apple is developing custom health information tracking chips
Apple is developing custom health chips
Hospital/physician relations
Wording in medical student evaluations differ by gender, minority status, revealing potential bias
Gender, minority bias revealed in med student evals
Construction & Facilities Management
Cape Cod Healthcare building $180M patient tower, investing in EHR
CCHC building $180M patient tower
Compliance & Legal
Majority of providers fall short of compliance with HIPAA access requirements
HIPAA access: Most providers fall short
Policy and Legislation
HHS and FDA propose plan for importation of prescription drugs from other countries
HHS releases plan for importation of drugs from other countries
Community Benefit
Kaiser Permanente commits $1.65 million to California wildfire relief efforts
Kaiser Permanente commits $1.65 million to California wildfire relief efforts
Accountable Care
Rural hospitals not using bundled payment models, data shows
Rural hospitals not using bundled payment models
Acute Care
Diverting avoidable emergency department visits could save healthcare $32 billion annually
Diverting avoidable ED visits could save $32B
Ambulatory Care
Medical schools, teaching hospitals account for 3% of US GDP, report shows
Med schools, teaching hospitals are 3% of GDP
Analytics
Innovaccer research shows how AI could improve cost of care models
Innovaccer research shows how AI could improve cost of care models
Business Intelligence
While the price of healthcare is growing, utilization is dropping and price variations persist, report says
HCCI: Price of healthcare is growing, utilization is dropping, price variations persist
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
CMS overhauls meaningful use EHR program, renames it 'Promoting Interoperability'
CMS overhauls meaningful use as 'Promoting Interoperability'
Medicare & Medicaid
CMS will delay updates to hospital star ratings until 2021
CMS delays hospital star ratings update until 2021
Patient Engagement
Bar is rising for consumerism in healthcare, but providers are still playing catch-up
Consumerism is rising; providers are playing catch-up
Pharmacy
Drug price forecast projects 4.5 percent increase in hospital drug spending for 2020
4.5% increase predicted for hospital drug spending
Population Health
IPA, insurer launch innovative new partnership to manage social determinants of health
IPA, insurer launch innovative new partnership to manage social determinants of health
Risk Management
Hospital employees are clicking on phishing emails, and that's a problem, JAMA study shows
JAMA: Hospital employees are clicking on phishing emails
Telehealth
Use of non-hospital-based provider-to-patient telehealth grew nearly 1,400%
Non-hospital-based telehealth grew 1,400%
Mergers & Acquisitions
Tufts and Harvard Pilgrim to merge, creating large nonprofit insurer
Tufts and Harvard Pilgrim to merge
Close to one-third of healthcare employees have never received cybersecurity training, report shows

There is an apparent lack of awareness of federal regulations in both the U.S. and Canada to keep patient information secure.

Jeff Lagasse, Associate Editor

Employees of healthcare organizations in the U.S. and Canada are lacking cybersecurity education and awareness in three main areas, including regulation, policy and training. That's according to a new report from Kaspersky, "Cyber Pulse: The State of Cybersecurity in Healthcare Part 2."

The report reveals several key findings that directly correlate to the increasing number of hacking and IT-related incidents occurring in healthcare organizations across North America.

When surveying respondents on healthcare regulations, the main findings concluded that there is an obvious lack of awareness of federal regulations in both the U.S. and Canada to keep patient information safe and secure.

Nearly a fifth of U.S. respondents (18%) reported they didn't know what the HIPAA security rule meant. In Canada, nearly half of respondents (49%) said they didn't know if Canadian PHI needed to stay in Canada.

WHAT'S THE IMPACT

In addition to gaining insights on regulations, healthcare policy proved to be another area in which healthcare professionals are lacking in awareness and education. More than one-fifth of respondents (21%) in North America admitted that they were not aware of the cybersecurity policy at their workplace. When breaking down the results by region, just over a third (34%) of respondents in the U.S. and just over a quarter (27%) of respondents in Canada said they were aware of the cybersecurity policy at their workplace, but have only reviewed it once.

Since the majority of healthcare organizations store patient information electronically, it's of prime importance that practitioners know how their IT devices are being protected. Forty percent of all North American respondents were not at all aware of cybersecurity measures in place at their organization to protect IT devices.

When examining if the size of an organization had an effect, a lack of awareness of device security increased with size, with small business reporting 53%, medium businesses 39% and enterprise businesses at 36%.

The survey also evaluated respondents on the level of cybersecurity training they received in their workplace. According to the findings, there's a dramatic need and desire from employees for increased cybersecurity training in their organizations.

Nearly one in five respondents (19%) said there needed to be more cybersecurity training by their organization. When comparing the results by region, more than 24% of respondents in the U.S. said they had never received cybersecurity training but should have, compared to 41% of respondents in Canada when asked the same question.

The bottom line: It's imperative for healthcare organizations to prioritize cybersecurity in their industry to better serve their patients and keep their private healthcare information safe.

Security experts from Kaspersky suggest hiring a skilled IT team who understand the healthcare industry's unique security risks to put the proper protections in place. It will also be important for IT teams to establish a clear cybersecurity policy, and effectively communicate that policy to employees on an ongoing basis for increased awareness. Increased training for employees should also remain an area of focus as employees are on the frontlines of potential cybersecurity attacks each day.

ON THE RECORD

"The results of the survey show that knowledge of regulatory requirements is missing or too low," said Matthew Fisher, chair of Health Law Group and partner for Mirick O'Connell. "In working with many clients and talking with others across the healthcare industry, the results are not surprising given the number of erroneous statements made about regulatory requirements and the misuse of regulations as the reason not to engage in an action that is actually permissible. The lack of awareness creates unnecessary risks."

"In addition to regulation and policy awareness, training remains an essential part in keeping healthcare organizations safe from potential breaches," said Rob Cataldo, vice president of U.S. enterprise sales at Kaspersky. "Ongoing trainings must be implemented for employees so they have a better understanding of what to look for and the actions to take should they find something suspicious. Cybersecurity awareness training is key to promoting an employee culture of vigilance where employees take pride and do their part to protect their patients and overall organization."

THE LARGER TREND

Cyber attacks can have a profound impact on the finances of hospitals and insurers. Lisa Rivera,  a partner at Bass, Berry and Sims who focuses on healthcare security, told Healthcare Finance News in July that some estimates place cyber attacks at $5 billion in cost to the healthcare system.

Beyond the cost to find a solution to fix breaches and to settle any civil complaints are fines from the Department of Health and Human Services Office of Civil Rights. In 2018, OCR issued 10 resolutions that totalled $28 million.
 

Twitter: @JELagasse

Email the writer: jeff.lagasse@himssmedia.com

