Cloud computing, virtualization offer benefits to healthcare industry

/in , , , /by

Recent advancements in technology have impacted every industry, but none more so than healthcare. The emergence of mobile devices like smartphones and tablets have influenced medical providers, as those devices are beginning to replace traditional monitoring and recording systems and allowing patients more flexibility in their treatment. The growing use of cloud computing has especially had an effect on healthcare, improving communication, data storage and ease-of-use.

One of the biggest advantages technology has brought to the healthcare industry is an improvement in the way doctors and patients communicate with one another. It can often be hard for patients to get ahold of their physicians, but with a variety of cloud communication options like voice and video conferencing, as well as technology focused solely on connecting doctors and patients, the burden is being eased.

Remote monitoring is another major benefit of the use of technology in medicine. Just as it can be difficult for patients to get in touch with their doctors, it can also be hard for many people to make it to the hospital at all. Home monitoring technology allows patients to use a small device designed specifically for their health problem from the comfort of their home. According to a report by Research and Markets, 2.8 million patients worldwide were utilizing home monitoring by the end of 2012. This provides patients with reliable care while reducing the cost of multiple visits to the doctor and lowering the risk of having to be readmitted. Readmission rates for cardiac patients using home monitoring dropped from 25 percent to just 2 percent, Becker's Hospital Review reported.

Cloud computing and virtualization are now also able to take remote monitoring one step further and provide patients with complete medical treatment from their homes using a telehealth platform. Just as home monitoring helped to reduce expenses, telemedicine is also cost-effective as it reduces travel times for patients and allows doctors to see more people each day. For patients living in rural or underserved areas, being able to have a doctor's visit over a video conference and receive prescriptions and medical records through a cloud-based portal is a dramatic improvement from having to travel long distances to see a physician, or not getting any treatment at all.

Increase in healthcare data breaches highlight need for improved storage solutions

/in , , , /by

While much of the news on cybersecurity and data breaches has been focused on attacks aimed at retail stores, security experts are increasingly warning healthcare organizations that hackers are more frequently going after targets in this $3 trillion industry.

In the underground market where cybercriminals sell their stolen goods, medical information can go for more than 10 times what credit card numbers are worth. Due to the high price medical records can fetch, attacks are increasing at an alarming rate. Just last month the FBI warned healthcare providers to be on high alert after Community Health Systems, one of the U.S.'s largest hospital operators was hacked and the information of 4.5 million patients was compromised. A recent study by the Ponemon Institute found that the number of healthcare organizations reporting a data breach is rising, with 40 percent of providers reporting an intrusion in 2013 as opposed to 20 percent in 2009.

Lack of awareness makes healthcare great target
As opposed to retail data breaches or personal identity theft, fraud involving medical information is rarely detected in a timely manner, making it more worthwhile for hackers to go after healthcare records instead of credit card numbers.

"As attackers discover new methods to make money, the healthcare industry is becoming a much riper target because of the ability to sell large batches of personal data for profit," said Dave Kennedy, CEO of TrustedSEC LLC in an interview with Reuters. "Hospitals have low security, so it's relatively easy for these hackers to get a large amount of personal data for medical fraud."

According to an FBI estimate, one medical record can sell for as much as $50 in an underground marketplace, in stark contrast to the few dollars a stolen credit card might bring in. Stolen medical information commonly on sale on the black market includes names, dates of birth, billing information, diagnosis codes and policy numbers. This data is then used by cybercriminals to create fake IDs in order to purchase prescriptions or medical equipment that can be resold, or to make phony insurance claims.

Low funding, high risk
One of the major drivers in the increase in healthcare data breaches is the recent switch to electronic medical records. In an interview with the Boston Globe, Beth Israel Deaconess Medical Center CIO John Halamka said that IT departments in the healthcare industry commonly receive between only 2 and 3 percent of an organization's budget, compared with the 20 percent offered to those in retail and financial industries, yet organizations are being forced to rely on technical solutions. Perhaps because of the lack of funding, a recent study by security firm BitSight Technology found that healthcare providers respond more slowly to data breaches than any other sector, compounding the problem.

The Ponemon Institute report found that the healthcare industry loses $5.6 billion a year due to security incidents. As cybercriminals continue to find more sophisticated attack methods and target larger amounts of information, healthcare providers will have to find a more secure way of storing their electronic medical records. A reliable way to protect patient data is to utilize cloud storage services. Data saved in the cloud can be easily encrypted and kept in a separate place from other enterprise information. Business continuity procedures are also improved by keeping health records in the cloud, as duplicate data can be stored offsite and kept safe in case a system is compromised or a disaster were to occur. Cloud services are a cost-effective storage option as they are highly scalable and require healthcare providers to only pay for the amount of service being used. This allows cash-strapped organizations to protect sensitive information without breaking the bank. 

Health workers look to the cloud to prevent infectious diseases

/in , , /by

As the cloud becomes more widely adopted, the uses for the technology continue to grow. One of the sectors where the uses for cloud computing are advancing rapidly is healthcare.

In hospitals across the country, doctors and nurses are operating over the cloud on virtual desktops in order to access their desktops wherever they are. With the use of virtualization, medical staff are able to access their computers from the nearest thin clients instead of going back to their offices. Not only does this improve patient care, as charts can be updated more quickly and checked more frequently, but less movement helps to stop the spread of infection and decreases contamination. Fewer doctors and nurses entering the rooms of highly contagious people means a lower chance of spreading the disease, and virtual desktops enable medical staff to continue treating patients with a minimal risk of contamination. 

Aid workers look to the cloud for data sharing
On a larger scale, the University of California, San Francisco is in the process of creating a cloud-based platform that would utilize data from the Google Earth Engine to provide health workers around the world with actionable information to predict areas where malaria transmission is the most likely. Google Earth Engine is an aggregator of trillions of satellite images dating back almost 40 years ago, paired with online tools to help researchers map trends, identify changes and quantify differences in the Earth's surface. The project is aiming to provide resource-poor nations with the tools to more narrowly and effectively target campaigns against malaria, which kills 600,000 people each year.

The new tool will look at the relationship between occurrences of the disease and environmental factors like rainfall. Maps of the local areas on the Earth Engine will also help scientists and aid workers learn more about what drives malaria transmission. The malaria prediction tool will also allow health workers to share their information from the field about where and when malaria cases have occurred. By combining real time information with satellite data on environmental conditions within Earth Engine, the tool will be able to pinpoint where new cases are most likely to emerge. With more specific locations of expected outbreaks, healthcare officials can distribute bed nets, spray insecticides and give medicines directly to the people who need them most. 

The cloud platform will be launched in Swaziland, but there are plans to make the tool available to workers within the Global Health Group initiative operating in other countries. The program's creators are also looking into adapting the platform to help predict other infectious diseases.

Cloud helps hospitals treat patients more effectively 
​Cloud-based medical programs are also being used in hospitals across the country, including Memorial Hermann Health System in Texas which recently launched a cloud platform that monitors patients for signs of infections. The technology monitors all of its hospitals' patients simultaneously and continuously for signs of sepsis, a life-threatening infection complication that affects nearly 750,000 people nationwide each year and has a 50 percent mortality rate.

The sepsis monitoring system uses precise calculations to detect signs of infection in patients and alerts staff when at least two signs have been found, including rapid breathing, low blood pressure or fever. The tool alerts medical staff to the infection and enables them to quickly begin procedures to treat the condition.

HealthKit, healthcare and managing BYOD

/in , , , , , , /by

As smartphones become faster and increasingly capable of running sophisticated applications and services, health care organizations are faced with a dilemma. Do they allow doctors, nurses and staff to participate in bring-your-own-device policies and potentially unlock productivity gains that enable higher-quality care? Or do they hold back out of legitimate concerns about data security and compliance with regulations?

The growing interest of technology firms in health care tracking only complicates the situation. Individuals may now use devices such as wristbands, in addition to smartphones, to record and share health information, making it critical for providers to keep tabs on BYOD activity to ensure compliance.

HealthKit and the larger issue of sharing health information
At this year's Worldwide Developers Conference, Apple announced HealthKit, a platform built into iOS that underscores how healthcare on mobile devices is rapidly evolving and sparking questions about how sensitive data is handled. HealthKit isn't a discrete solution but a system of APIs that would allow, say, an application that tracks steps to share its information with medical software that could provide actionable advice.

Major health care organizations are already on board. The Mayo Clinic created an application that monitors vital signs and then relays anomalous readings to a physician. Given the already considerable presence of mobile applications in health care, HealthKit could give hospital and clinic staff additional tools for providing efficient care.

At the same time, HealthKit turns any iOS device into a potential compliance painpoint. Data that is stored on an iPhone, for example, would not fall under the purview of the Health Insurance Portability and Accountability Act, but if shared with a provider or one of their business associates, HIPAA would likely apply. Stakeholders will need time to adjust to the nuances of how healthcare applications interact with each other in the HealthKit ecosystem.

"The question would be whether the app is being used by a doctor or other health care provider. For example, is it on their tablet or smartphone?," asked Adam Greene of Davis Wright Tremaine LLP, according Network World. "Where the app is used by a patient, even to share information with a doctor, it generally will not fall under HIPAA. Where the app is used on behalf of a healthcare provider or health plan, it generally would fall under HIPAA."

Tracking and securing privileged health information
HealthKit is just one platform on a single OS, but it is part of a broader shift in data control, away from centralized IT departments and organizations and toward end users. For healthcare, this change is particularly challenging since providers have to ensure that the same compliance measures are enforced, even as BYOD and cloud storage services become fixtures of everyday operation.

A recent Ponemon Institute survey of more than 1,500 IT security practitioners found that almost 60 percent of respondents were most concerned about where sensitive data was located. BYOD complicates compliance, and healthcare organizations will have to ensure that they have well defined policies in place for governing security responsibilities.

"People trained in security also view IT as accountable for the security domain," Larry Ponemon, chair of the Ponemon Institute, stated in a Q&A session on Informatica's website. "But in today's world of cloud and BYOD, it's really a shared responsibility with IT serving as an advisor, but not necessarily having sole accountability and responsibility for many of these information assets."

It's no longer enough to rely on IT alone to enforce measures. Security teams and IT must work together and implement BYOD security as well as network monitoring to ensure that only authorized devices can connect to the system, and that data is safely shared.

How BYOD can be made easier through desktop virtualization

/in , , , , , /by

 

Bring your own device policies, already buoyed by rapid uptake of smartphones and tablets, may gather additional momentum as prominent technology vendors devote attention to making mobile hardware valuable in the workplace. Dropbox for Business has made several big acquisitions related to BYOD, with the aim of helping businesses transition to multi-device, highly consumerized IT environments. Meanwhile, Apple has included advanced support for email, device enrollment and calendar collaboration in iOS 8, making the mobile OS more amenable to BYOD than ever.

It’s clear that BYOD isn’t going away. However, organizations are still adjusting to the new pressures that the phenomenon places on data control, security and compliance. While major firms continue to work on BYOD-centric solutions, enterprises have to assess their mobility needs and decide whether to implement measures such as desktop virtualization to enable BYOD.

Virtualization makes BYOD more secure for leading steel producer
The central issue with any BYOD policy is the transfer of control – over hardware, software and data – from the IT department to employees, who may be less scrupulous in terms of what applications they use. For example, files that should remain behind the company firewall may be shared with consumer-facing cloud services. Mobile devices enable such habits, even as they hold potential to enhance collaboration and remote work.

Fortunately, desktop virtualization facilitates a middle ground between BYOD adoption and enterprise security. Rather than let each endpoint have its own OS and applications, IT departments distribute a single desktop experience via a virtual machine. Devices connect to the VM securely and gain access to approved software. Data is not retained on user hardware after a session ends.

Essar Group, a conglomerate involved in steel, oil and telecom services, turned to desktop virtualization to standardize and secure its employees’ mobile experience when working with company assets. Ultimately, it moved 5,000 users to its new virtualized platform.

“Security of data was the primary point of scope for looking for [a] desktop virtualization solution,” Jayantha Prabhu, CTO at the Essar Group, told Dataquest. “We had a good experience of the ability to control the data at the disposal of the employee when we deployed the same for some of our teams which handled data which was very critical both from a confidentiality and a brand perspective. We had around 3,000 BlackBerry users and more than 2,000 people with tablets, and with all the applications being accessed on the tablets, it was tough to ensure security of critical information.”

Desktop virtualization is a powerful tool for securing data and controlling mobile devices, but its benefits don’t stop there. Other perks include:

  • Reduced power consumption through the use of thin clients (machines that depend on a server for most or all of their software).
  • Centralized management of software and devices, with much more efficient patch distribution and application upgrades.
  • Support for remote collaboration since users can get the same experience from any Internet-enabled device.

With a broad set of advantages for organizations in finance, healthcare, education and other sectors, desktop virtualization is a practical, versatile way to incorporate BYOD while maintaining the integrity of company data.

Unified communications solutions rapidly replacing legacy phone systems

/in , , , /by

Unified communications solutions are displacing legacy technologies with such speed that some industry observers have begun thinking about the end of the phone number. Facebook’s landmark $19 billion acquisition of WhatsApp – an ad-free mobile messaging service that relies on the user’s screen name rather than a phone number – underscored the rapid ascent of alternatives to the aging SMS/circuit-switched telephony infrastructure.

Chat apps overtake SMS, showing changing face of consumer and business communications
Last year, E.U. Commission vice president Neelie Kroes announced that OTT chat apps had overtaken SMS for worldwide messaging volume. While SMS likely isn’t going away just yet, much of the value in communications has certainly moved from basic services to richer platforms that make the most of high-speed data connections and provide amenities beyond text messaging and voice calling.

Consumer options such as Skype and LINE have become famous for video conferencing and stickers, respectively. Similarly, business-grade offerings often distinguish themselves by including data sharing and email services in addition to text and voice. Organizations across many verticals, including healthcare and education, have put UC to work as they modernize their IT operations. A managed services provider can help navigate the common obstacles that companies face as they move to

“Many of the benefits of unified communications center on internal productivity improvements, or the facilitation of collaborative working,” Liam Ward-Proud wrote for City A.M. “But [small and midsize businesses]  also face the challenge of managing numerous client contact points, and a total communications strategy can help ensure a consistent client experience is delivered.”

University of Washington remakes IT department with UC
Universities have been at the forefront of UC adoption as they adjust to the rapidly evolving communications habits of students. Take the University of Washington, which began planning its move from a legacy phone system to UC as far back as 2010, according to EdTech.

The institution began by overhauling its infrastructure, installing fresh switches to support a network that could handle converged voice and data. Since its systems served more than 22,000 users, upgrades were made in phases over the course of a few years, with medical call centers and campus public safety among the first to receive access to the new platforms.

The university’s UC systems grew to encompass voice, voicemail, chat and video conferencing. Down the road, it has its eye on video-as-a-service and additional cloud-based functionality. Indeed one of the underlying value propositions of UC is that it creates a clear pathway toward cloud computing. Many UC components can be hosted and managed by a third-party, freeing users from having to tend to their own infrastructure. Functionality can also be changed and scaled depending on demand.

In the University of Washington’s case, the rollout of UC is facilitating creation of hybrid cloud. Hybrid setups typically involve:

  • Some infrastructure that is managed in-house, often for reasons such as security, compliance, control and performance.
  • Other applications and resources – for computing, networking and storage – that are piped in from an external provider.
  • APIs and mechanisms for determining what gets run where and when. For example, a workload that is running internally but requires more capacity can be shifted to public cloud infrastructure.

For the university, some assets will be kept on-premises while software is increasingly shifted to the cloud for greater availability.

“Right now, people can use the features in Microsoft Lync, such as chat, voice, video and conference sharing, on a peer-to-peer basis,” Roland Rivera, director network strategy and telecommunications for the university, told EdTech. “Our goal is to provide these capabilities campus-wide. As the technology evolves, we plan to keep the [session initiation protocol] core in-house, but migrate applications to software-as-a-service cloud solutions as those become available.”

Healthcare providers turn to network security, desktop virtualization to protect data

/in , , /by

There's plenty of work to do in shoring up network security at healthcare organizations. While the retail sector has been been making headlines for months due to oversights that led to record-setting breaches at Target, Neiman Marcus and Michaels, hospitals and clinics may be even more vulnerable to attack than these chains, even if they haven't been the subjects of similarly high-profile incidents yet.

Healthcare lags retail, finance in network security
A recent report from BitSight Technologies rated the security postures of different verticals on a scale from 250 to 900 (a higher figure means stronger protection). Healthcare received a 660, falling well behind retail at 685, with utilities and finance even farther up the ladder.

"Unlike the financial institutions and electric utilities in the S&P 500, the healthcare and pharmaceutical companies do not view cybersecurity as a strategic business issue," stated the authors of the BitSight report, according to Cruxial CIO. "They do not spend enough resources to protect their data, in part because cybersecurity has not received the executive level attention it deserves."

The results are surprising in light of how many regulations, including the Health Insurance Portability and Accountability Act, govern healthcare data. Security firm Redspin estimated that nearly 30 million records have been compromised in HIPAA breaches since 2009, and that the yearly total rose 138 percent between 2012 and 2014.

Mitigating risk with managed network security and virtualization
To avoid becoming victims, organizations can rely on a managed services provider to install and oversee mechanisms that shield important assets from surveillance and theft. Core capabilities may include:

  • Dedicated private IP networks that carry encrypted data
  • Secure remote access and collaboration
  • Network authentication and integrity checking
  • Firewalls for MPLS IP-VPN
  • Around-the-clock security management

These fully-featured solutions have become increasingly appealing to healthcare providers, especially as initiatives such as bring your own device and technologies like cloud computing have revolutionized IT. Administrators may no longer feel confident in their networks' safety in the face of threats that could enter from any one of many possible attacks surfaces, including smartphones or unauthorized cloud apps.

Health IT Security's Patrick Oullette chronicled how one healthcare security executive had recalibrated his organization's approach to network security in order to deal with today's threats and usage habits. In practice, this shift has entailed moving beyond data loss prevention and incorporating exfiltration techniques to keep tabs on device activity and traffic flows across the entire network.

"We also have a robust data exfiltration capability that we've instituted at the core of the network and the perimeter so we can watch data flows," David Reis, vice president at Lahey Health, told Health IT Security. "Looked at that way, it becomes illuminating pretty quickly and easy to flesh things out. You ask where the data is moving in and out from, what devices are plugging in and out and what users are doing once they're plugged in."

The adoption of advanced network security measures is promising, especially in light of the healthcare sector having accounted for 43 percent of all breaches in 2013, according to the Identity Theft Resource Center. On this same front, healthcare providers are implementing technologies such as desktop virtualization to bolster security.

Virtual desktops are appealing to hospitals and clinics because they involve little more than dumb terminals, to which operating systems are supplied from remote server. Accordingly, there's less risk of misconfiguration or data theft than with a machine that was running a locally installed OS. Speaking to Health IT Security, Chris Logan, chief information security officer at Care New England Health, described desktop virtualization as "a huge win for security."

Federal big data initiatives make data management paramount concern

/in , , /by

Effective data management will be a critical concern as the United States federal government ramps up its exploration of big data. While information-driven initiatives have the potential to transform a variety of civil and infrastructure projects, as well as contribute to a meaningful cybersecurity plan, a lack of data oversight could make these projects ineffective and put people at risk. 

Federal agencies have already put some big data initiatives in motion, while other industry analysts tout the potential benefits of information analysis. Recent research found that organizations including the Department of Homeland Security and the Government Accountability Office think that big data tools can help them combat cyberthreats on a country-wide scale, according to InformationWeek. Efforts to combat climate change, establish "smart" utilities and improve national healthcare can also capitalize on the insights big data provides.

However, data management, already a thorn in the side of many federal agencies, will become more difficult as data storage demands skyrocket. The Federal Data Center Consolidation Initiative, a project to close 40 percent of federal data centers – saving $5 billion by 2015 in the process – may be losing steam amid cost concerns and facilities closures that don't align with best practices, according to FCW. Out of the more than 7,000 government data centers, only 640 have been shut down. Although 470 are slated to shut down by September 2014, 2,400 would have to close within the next year and a half to reach the stated goal of 40 percent.

The government's struggles are a reminder that data management cannot take a backseat to cost or facilities considerations.

Disaster recovery services, cybersecurity critical to protecting electric grid from attacks

/in , , , , , /by

Over the past few years, the utilities industry has made a concentrated effort to make key infrastructure "smarter." The integration of data-capturing devices and automated, software-based management systems has the potential to create smart electric grids that can more effectively use and distribute power, reducing energy costs and environmental impact in the process.

However, turning power grids into connected devices has potentially harrowing implications – a concentrated cyberattack could cause lengthy and widespread outages, not only withholding electricity from businesses and residences, but disrupting communications, healthcare systems and the economy. According to many cybersecurity researchers, the likelihood of a potential problem occurring is less of an "if" and more of a "when." 

Ramping up disaster recovery services and cybersecurity protocols is key to shielding the smart electric grid from a devastating attack. While the federal government tries to increase the efficacy and stringency of its own security measures, it's important that utility companies – from national generators to local distributors – build up their own prevention and backup systems, according to a recent white paper by the three co-chairs of the Bipartisan Policy Center's Electric Grid Cybersecurity Initiative. This effort will require a hybrid system that responds to both physical and cybersecurity threats. 

"Managing cybersecurity risks on the electric grid raises challenges unlike those in more traditional business IT networks and systems," the report stated. "[I]t will be necessary to resolve differences that remain between the frameworks that govern cyber attack response and traditional disaster response."

Disaster recovery efforts need to include backup digital systems that rival physical ones. Electric grids require faultless failover technology that can depend on a secondary backup network if the primary one is taken offline for any reason. As the Baker Institute pointed out in a recent Forbes article, the measure of a disaster recovery system's effectiveness is based on whether the grid can be restarted following a major breach, disruption or cyberattack. Without a system that can effectively monitor, prevent and immediately respond to such threats, the smart electric grid could be putting many key infrastructure systems in danger.

Curing data management issues in the healthcare sector

/in , , , , , /by

Data management in the healthcare industry is reaching a tipping point. According to CDW Healthcare, the medical sector is gearing up to massive data growth – the 500 petabytes of data in 2013 are set to rise to 25,000 PBs by 2020. By 2015, the average hospital could be producing around 665 terabytes of data.

It's not just the amount of data that's the issue, but the types of information organizations collect. About 80 percent of data is unstructured, with imaging, scans and video requiring huge swaths of server space. Also, many healthcare providers are storing redundant information – the average hospital has 800,000 total records, but as many as 96,000 are duplicates. They are costly to store, making filing systems and data management efforts more complex without delivering additional security.

While big data offers potential benefits in patient care, research and treatment, the healthcare sector is flailing. In part, it's due to a relatively unique set of circumstances. The healthcare sector is traditionally fairly tech-averse – that acres of file cabinets containing patient records in manila folders still persist is a testament to how difficult it is to go digital. Initiatives such as electronic health records and healthcare information exchanges that increase the value of data have to contend with a slew of compliance, privacy and confidentiality issues.

Data management services can help healthcare organizations wield their vast information reserves in a cost-effective and secure way. Modern information technology infrastructure and business intelligence tools are critical to the effective utilization and protection of game-changing data-driven strategies, wrote Forbes contributor John Foley. Not only are massive file systems difficult to back up in a comprehensive way, many medical providers don't have any idea how long it would take to make files available following an unplanned incident. A data management services provider can help the organization establish a customized storage and backup system that prioritizes continuity and compliance. With people's lives potentially hanging in the balance, it's vital that healthcare providers alleviate big data headaches.