GeBBS Healthcare Blog

Will the Multi-Billion Dollar DoD EHR Project Produce the Intended Results?

Posted on Wed, Aug 19, 2015 @ 08:00 AM

By Nitin Thakor, President & CEO

Modern Healthcare magazine has reported that experts are saying the U.S. military's giant electronic health-record contract announced recently with a consortium including EHR vendor Cerner Corp. will likely have a major impact on advancing interoperability in health information technology across the entire U.S. healthcare system.

According to a July 29 briefing, Dr. Jonathan Woodson, assistant secretary of defense for health affairs, is quoted saying, “The military's goal is to use its new system to achieve health IT interoperability with thousands of civilian healthcare partners. That's because 60% to 70% of the care provided to the 9.6 million Military Health System beneficiaries—active duty military personnel, retirees and their families—is delivered by providers in the private sector.”

GeBBS Healthcare Solutions

How has the “interoperability thing” worked out so far in the private sector with all of the governmental incentive dollars that have been spent?

I think if you asked several physicians about the efficacy of many of today’s EHRs and their interoperability, you might get a different answer.

The Modern article goes on to say says that EHR vendors have faced mounting pressure from federal policymakers, healthcare providers, and insurers to speed up what has been seen as the slow pace of making EHRs interoperable. HHS' Office of the National Coordinator for Health Information Technology and Congressional panels have investigated and criticized vendors and providers for what they say are business practices blocking patient information sharing. The military's EHR contract is seen as a vehicle to resolve those roadblocks.

We shall see.

Some estimates of the recently awarded DoD EHR contract run as high as $10.5 billion. DoD officials have disputed that figure as being too high. After all the “hoopla” dies down and billions of dollars have been spent, many industry veterans have doubts that the joint DoD and VHA EHR project will ever produce the scope of medical records interoperability it was intended to create.

Tags: Healthcare IT Solutions / EHR

Yes, It’s Time to Encrypt PHI Data!

Posted on Fri, Aug 14, 2015 @ 08:00 AM

Although employee negligence and lost/stolen devices continue to be major causes of data breaches, criminal attacks are now the leading cause of breaches in healthcare.

What are these cyber criminals doing to get access to the data, and what is causing the breaches in our healthcare organizations? Ponemon’s report says that 88 percent of these breaches came from phishing to get a foothold into a network. The attackers try to compromise employees who have elevated privileges that will give them access to sensitive systems and critical data.

Stronger technical controls like encryption and bio-access security devices will prevent damages from most of these attacks. These criminal are not looking for gall bladder surgery data; they are looking for financial information they can use to rob unsuspecting patients.

GeBBS service delivery model

Two things need to take place immediately; we need to begin to encrypt all stored PHI and we need to improve the security measures that protect access to that data.

Even though data processing speed sometimes suffers as a result of encryption, the justifications for not encrypting data are quickly going away. Safe and secure are better than fast.

Secondly, we must take the human element out of PHI data access. Bio-access security systems must be employed that will thwart unsuspecting healthcare workers from falling prey to sophisticated “phishing expeditions” by professional hackers.

Tags: Business Process Outsourcing (BPO), Healthcare IT Solutions / EHR

Security Breaches Must Not Undermine Healthcare’s Movement toward Electronic Record Keeping

Posted on Fri, Feb 27, 2015 @ 10:19 AM

For years, healthcare officials have worried out loud that privacy and security breaches could undermine public support for a federal program to accelerate the shift from paper to electronic health record (EHR) systems. But for just as long, healthcare spending on security has lagged behind security spending in other databreachindustries.

Recent survey reports from HIMSS peg average healthcare organizations’ spending on security at about 3% of their IT budgets. “That's too low to get the job done,” said an executive from a healthcare IT company, quoted recently in a Modern Healthcare article. “People in healthcare just have to wake up,” he said. “Healthcare data is a lucrative target for these guys.”

I couldn’t agree more! My position is that the movement towards EHRs is essential for higher quality patient care and increased efficiencies in the healthcare delivery systems. These types of data breaches should not delay this movement. Insurance companies, providers and their services and technology vendors must step up their data security and encryption efforts.

I sincerely believe that with all of the technological expertise we have at our hands in the healthcare industry, we can stop 99 percent of these breaches. According to what I have read in the newspapers and magazines, the recent breach at Anthem was not instigated by sophisticated data intrusions, but by multiple, simple “phishing” expeditions for passwords, conducted over several weeks, within with the breached company’s employee base.

These kinds of data breaches should be able to be identified and contained. They are not that sophisticated and should not provide access to any company’s vital records. We must not allow these hackers to de-rail our critical movement toward the EHR. We have the ability to devise security and encryption technologies that will foil these hackers. Let’s budget the resources and get it done!

Tags: Data Analytics, HIPAA, Healthcare IT Solutions / EHR

Security Reigns Supreme at GeBBS

Posted on Tue, Oct 15, 2013 @ 10:53 AM

Implementing health information technology in a secure manner is an extremely important issue in the healthcare industry.  To remain effective and efficient, healthcare providers must utilize the latest information technology solutions.  These IT solutions require the electronic storage and transmission of sensitive patient data. They must be designed, implemented and maintained with advanced IT security measures to ensure proper risk management and compliance with governmental regulations. 

Here at GeBBS we take our security responsibilities seriously. We have become a recognized leader in the design and maintenance of optimal IT security systems. As an example of this leadership, our Chief Information Security Officer (CISO), Veerendra Sheregar, was recently selected as a 2013 finalist for the world-wide Top 100 CISO List. Veerendra was recognized for incorporating and implementing innovative information security solutions into GeBBS’ IT systems that assist the company’s customers in confidently and securely transacting business with GeBBS.

Under Veerendra’s leadership, the company’s IT solutions were singled-out for their robust and effective information security practices, which have the right balance of proactive and intelligent security processes, coupled with a strong monitoring framework, with an emphasis on data protection as a part of ISO 27001 implementation.  We thought that this recognition provided a good opportunity to talk with Veerendra about IT security and the role it plays at GeBBS.

Why do you feel that security plays such an important role in information technology delivery systems? “The elements of risk and doing business have always been inseparable, but new information security risks pose unknown challenges.  This is particularly true for healthcare information.  It must be protected with the very highest security measures. At GeBBS, information security procedures, related to the use of the Internet and e-commerce, play an extremely important role in protecting patients’ healthcare information.”

What gives you the greatest satisfaction in your role as CISO?  “I think getting the right information to the right people at the right time, securely, efficiently and effectively gives me the most job satisfaction.”

How do you feel about the recognition of making the TOP 100 CISO List?  “With all the increasing pressures on security standards to manage information policies and procedures, I’m proud to be included on the TOP 100 CISO List on the behalf of GeBBS HealthCare Solutions.”

“I would like to add that this recognition comes to me as part of my work -- the entire GeBBS team – is dedicated to providing our healthcare clients with the very best security measures, while providing them with the IT systems they need to improve their business and clinical processes.”

About the TOP 100 CISO List Award

The Top 100 CISO Awards were created by InfoSecurity Magazine partnering with iViZ Security, a cloud-based penetration testing service to recognize executives who have demonstrated outstanding initiatives in using information security practices and technology to secure their business and mission critical information in the most effective manner.

Tags: Healthcare IT Solutions / EHR