ContinuITy™: The Importance of Cybersecurity in Protecting Patient Safety

A high-level guide for hospital and health system senior leaders

The following is an article from the American Hospital Association (By John Riggi, Senior Advisor for Cybersecurity and Risk, American Hospital Association) that talks about cybersecurity and protecting patient safety.

Health care organizations continually face evolving cyberthreats that can put patient safety at risk. That’s why I advise hospital C-suite and other senior leaders not to view cybersecurity as a purely technical issue falling solely under the domain of their IT departments. Rather, it’s critical to view cybersecurity as a patient safety, enterprise risk and strategic priority and instill it into the hospital’s existing enterprise, risk-management, governance and business-continuity framework.

Aligning cybersecurity and patient safety initiatives not only will help your organization protect patient safety and privacy, but will also ensure continuity of effective delivery of high-quality care by mitigating disruptions that can have a negative impact on clinical outcomes.

Why Health Care Gets Hit More

Health care organizations are particularly vulnerable and targeted by cyberattacks because they possess so much information of high monetary and intelligence value to cyber thieves and nation-state actors. The targeted data includes patients’ protected health information (PHI), financial information like credit card and bank account numbers, personally identifying information (PII) such as Social Security numbers, and intellectual property related to medical research and innovation.

In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web. Unfortunately, the bad news does not stop there for health care organizations — the cost to remediate a breach in health care is almost three times that of other industries — averaging $408 per stolen health care record versus $148 per stolen non-health record.1

How Cyberattacks Threaten Patient Privacy, Clinical Outcomes and Your Hospital’s Financial Resources

Cyberattacks on electronic health record and other systems also pose a risk to patient privacy because hackers access PHI and other sensitive information. By failing to keep patient records private, your organization could face substantial penalties under HIPAA’s Privacy and Security Rules, as well as potential harm to its reputation within your community.

Most importantly, patient safety and care delivery may also be jeopardized. Losing access to medical records and lifesaving medical devices, such as when a ransomware virus holds them hostage, will deter your ability to effectively care for your patients. Hackers’ access to private patient data not only opens the door for them to steal the information, but also to either intentionally or unintentionally alter the data, which could lead to serious effects on patient health and outcomes.

Another example: Patient outcomes were threatened when Britain’s National Health Service was hit as part of the May 2017 “WannaCry” ransomware attack on computer systems in 150 countries, resulting in ambulances being diverted and surgeries being canceled. Since that time there have been other instances of ambulance diversion orders issued due to ransomware, including here in the U.S. With proper planning and investment, however, it’s possible to mitigate this risk. As I told Congress last July, “The impact of Wannacry on American hospitals and health systems was far less serious, which speaks to the tremendous efforts the field has made to improve cybersecurity and build incident-response capabilities.”

Take Steps to Protect Your Organization

The cyber bad guys spend every waking moment thinking about how to compromise your cybersecurity procedures and controls. The best defense begins with elevating the issue of cyber risk as an enterprise and strategic risk-management issue. If possible, you should also dedicate at least one person full time to lead the information security program, and prioritize that role so that he or she has sufficient authority, status and independence to be effective. Furthermore, you and your team should receive regular updates on your organization’s strategic cyber risk profile and whether adequate measures are dynamically being taken to mitigate the constantly evolving cyber risk.

Finally, the most important defense is to instill a patient safety-focused culture of cybersecurity. This enables health care organizations to leverage their existing culture of patient care to impart a complementary culture of cybersecurity. A culture of cybersecurity, where the staff members view themselves as proactive defenders of patients and their data, will have a tremendous impact in mitigating cyber risk to the organization and to patients.

How ContinuITy™ by The HCI Solution Can Help

ContinuITy™ can be used for planned or unplanned system downtimes and even during full network outages. Carefully honed workflows that strive for excellent patient care and efficiency cannot tolerate any level of system downtime. Finally, there is a MEDITECH downtime system that is familiar to all MEDITECH users, easy to use, secure, and incredibly resilient.

Fill out the below form to request a demo and have one of our experts further explain why ContinuITy™ is an essential part of any healthcare IT system:

The HCI Solution - Request More Information

ContinuITy™: Maintaining Healthcare IT Continuity in an Age of Increased Threats

A focus on enterprise resilience can facilitate business continuity and enable healthcare IT departments to tackle any crisis, from ransomware to natural disasters.

The following is an article from Health IT Security (by xtelligent HEALTHCARE MEDIA) that talks about how to protect your healthcare IT system from an array of threats to your operation.

Whether it’s a ransomware attack or a tornado, hospitals and health systems must be able to maintain business continuity through a crisis. Both natural and human-made threats have the power to disrupt workflows, and with patient care on the line, healthcare organizations cannot afford to lose access to critical data and systems.

While incident recovery plans are required by HIPAA and are crucial to restoring operations, they only address specific symptoms of a larger underlying need: enterprise resilience.

Healthcare organizations can better prepare themselves to withstand disasters by assessing the current threat landscape and focusing on business continuity and resilience rather than just recovery. Leveraging cloud technology can also reduce the burden on healthcare organizations to manage these threats independently, providing trustworthy solutions to protect critical data.

The Current Threat Landscape

Threats to business continuity can come in many forms. From California wildfires to flooding in the Carolinas, unforeseen natural hazards can leave organizations with full ICUs and limited access to critical on-premises data.

At the same time, bad actors have launched cyberattacks against health IT infrastructure — taking systems offline and disrupting day-to-day operations. Beyond external cyber threats, poor employee cyber hygiene may invite phishing scams and endanger even the most robust security architectures.

Healthcare records are worth up to $250 per record on the black market, compared to just $5.40 for payment card information, the next highest value record, SecureLink found. In fact, of all critical infrastructure sectors, the healthcare sector faced the most ransomware attacks in 2021, the FBI’s Internet Crime Complaint Center (IC3) observed in a recent report.

And, HHS recently issued a brief to warn organizations of increased EHR security risks in light of recent cyberattacks. The brief recommended that organizations implement technical safeguards and heighten their cyber resilience to combat these threats.

Healthcare Has a Resilience Problem

But Hector Rodriguez, executive security advisor, WWPS health and life sciences at AWS, suggested that focusing on one problem at a time means missing an opportunity to look at your framework, architecture, and solutions to address the concept of resiliency holistically.

“By treating each of those symptoms one at a time, you are not treating the real issue, which is a lack of resiliency. It’s important that organizations measure how resilient they are at an enterprise level, not just at an individual application, department, or building level,” Rodriguez said.

“This means reevaluating people, tools, and documentation policies and procedures and making sure they’re connected.”

Tips For Achieving Enterprise Resilience

Research conducted by the Boston Consulting Group (BCG) Henderson Institute suggested that organizations build a resilient business model based on principles of biology. Resilient biological systems exhibit six characteristics: redundancy, heterogeneity, modularity, adaptation, prudence, and embeddedness. These characteristics can be applied to businesses to help them maintain resilience by adapting to unexpected events and optimizing efficiency.

Enterprise resilience requires organizations to take a holistic approach to security and safety. They must examine resilience in the supply chain, among employees, within applications, and even within data storage.

“You must leverage newer technologies for immutable data backups and encryption,” Rodriguez advised. “The goal here is availability. If I lose access to my medical record, pharma system, or supply chain system, I will have trouble running a hospital.”

Cloud technology is one of the many tools that can help organizations achieve enterprise resilience and mitigate risk. Cloud adoption may not only allow for quicker recovery but may also reduce the risk of ransomware and data breaches. Rather than a hospital dealing with on-premises patching, cloud vendors patch and update behind the scenes, reducing the risk of out-of-date systems allowing for cyber-attacks.

In addition to cloud technology, comprehensive disaster recovery and incident response plans, including practicing for an event, can help healthcare organizations maintain patient safety and prevent further damage in the face of more predictable human-made and natural threats.

Additionally, enterprise resilience strategies go beyond standard IT disaster recovery by also addressing people and processes. People resiliency requires regular training and tabletop exercises. Every individual within an organization has a role in disaster recovery, and those roles should be clearly defined and should be practiced regularly. In fact, this is the place to start – modern security awareness training is key to building a resilient organization.

Data and application resiliency is also particularly vital to healthcare due to the sector’s reliance on EHR systems. When an organization loses access to its network, patient information may be completely inaccessible.

“A resilient strategy is designed to enable you to bounce back from anything that happens in your organization,” Rodriguez explained.  “When you are more resilient, you can handle just about any disaster thrown at you, and you can also maintain highly available systems and capabilities.”

Rather than strictly safeguarding against and preparing for predictable threats, healthcare organizations should shift their focus toward attaining enterprise resilience to ensure data security and business continuity.

“We need to stop solving problems in the past. We need to design for the future. And that’s what this is about,” Rodriguez emphasized. “Let’s design a more resilient industry overall.”

How ContinuITy™ by The HCI Solution Can Help

ContinuITy™ can be used for planned or unplanned system downtimes and even during full network outages. Carefully honed workflows that strive for excellent patient care and efficiency cannot tolerate any level of system downtime. Finally, there is a MEDITECH downtime system that is familiar to all MEDITECH users, easy to use, secure, and incredibly resilient.

Fill out the below form to request a demo and have one of our experts further explain why ContinuITy™ is an essential part of any heathcare IT system:

The HCI Solution - Request a Product Demo

5 Reasons Why Hospitals Partner with The HCI Solution

Today people rely upon customer reviews and testimonies to decide which vendor to take their business to. Naturally, people want to work with a business that they can trust to get the job done effectively and efficiently within their time constraints. The HCI Solution relies on customer testimonies and references in gaining new customers. Our customers are eager to share their experiences in partnering with us and utilizing our products and services. To present a clear picture, we’ve come up with the following 5 Reasons Why Hospitals Partner with The HCI Solution.

1. Response Time/Communication

It can be frustrating when dealing with an unresponsive vendor, support team, or partner. The HCI Solution knows the impact unresponsiveness and lack of communication can have on productivity and the ability to meet critical deadlines. At The HCI Solution we strive for 1 hour response times, because time is valuable and so are our customer’s needs. We want to ensure that any inquiries, requests, and other correspondence are met with a timely response. Although we may not have an answer within the hour every time, we will do everything we can to acknowledge requests in a timely manner.

Interior Health HCI Response Times Testimony

2. Reputation

The HCI Solution has a mission to deliver reliable and cost-effective software solutions and services that reduce costs and improve healthcare efficiency for our customers so that they can provide better patient care. We value our customers and their opinions of us, because when our customers share positive testimonies of their experience working with us it means we’ve done our job right.

Skagit HCI Reputation Testimony

3. Deeply Integrated Solutions

When we develop and enhance solutions at The HCI Solution, our main priority is that they seamlessly integrate with the other relevant tools and customers’ specific workflows for which they were created. Our applications are easy to use and deeply integrate with MEDITECH, allowing for easy staff adoption. We want customers to feel comfortable using all of our solutions on a regular basis. Our main goal with our applications is to increase workflow efficiency, saving facilities time and money.

4. Competitive Pricing

The HCI Solution offers all products and services with hospital budgets in mind. We strive to meet customer’s needs with a price point that’s fair and affordable. We offer discounts when customers are interested in multiple products and services, or are interested in products or services for multiple facilities. With our Engineering Concierge Services plan, hospitals have saved thousands of dollars and know that no matter how many of their contracted hours are used in a month or what services they are used for, they will continue to pay their contracted monthly rate for the hours used.

Heywood Competitive Pricing HCI Testimony

5. Filling and Bridging the Gaps

It can be difficult finding the right staff to meet all technical needs – they may possess skills to meet certain employment needs, but it is getting more difficult to find well-rounded individuals that cover all of a facility’s needs. Recruiting, vetting, hiring, onboarding, and training individuals can be an arduous task that takes time and money. The HCI Solution is staffed with individuals that can fill those technical gaps facilities may face. With our highly experienced, well-rounded team, it’s safe to say we have our customers covered. They consider us their “one stop shop.”

It’s for all of these reasons that we know customers can take comfort in the decision of choosing The HCI Solution as their credible industry partner. We are committed to carry out our mission, company values, and focus on our vision.

OUR MISSION

To deliver reliable and cost-effective software solutions and services that reduce costs and improve healthcare efficiency for our customers so that they can provide better patient care.

COMPANY VALUES

Trust is the foundation of any good relationship, and that is why we work hard to build trust with all of our customers. We hold ourselves accountable to our customers, shareholders, partners and employees by honoring our commitments, providing results and striving for the highest quality. We also believe strongly in maintaining a high level of customer satisfaction, which is why all of our products come with a satisfaction guarantee.

OUR VISION

To become the leader in software solutions to the healthcare industry by providing cost-effective and reliable products that lead to better patient care by:
• Enhancing patient safety
• Streamlining workflows
• Improving clinical efficiency
• Increasing IT efficiency
• Reducing costs
• Decreasing waste

When you choose The HCI Solution, you choose peace of mind.

Contact Us to find out how The HCI Solution could help you as a partner.

LinkedIn

5 Ways to Improve Clinician/Staff Satisfaction

One of the most valuable assets a hospital has is its clinicians and staff. Keeping your employees engaged and satisfied in their roles is essential to optimal performance and staff retention.  By safeguarding your employee fulfillment you can reduce the high cost and resource demands of staff attrition.

So how do you ensure staff satisfaction? There are countless things employers can do to boost moral and job satisfaction.  The HCI Solution aims to help their employees sustain a passion for their work while helping minimize effort and wasted time for our customers. Simple initiatives and minimal effort can go a long way towards keeping your clinicians and staff happy.

Empower Staff

Without empowering your staff with trust to make decisions and take action employees can not reach their full potential. To have a dream team where the employees take initiative, use their talent to problem solve and are innovative they must have the authority to use those skills. Delegating responsibilities with the intent to further develop and stretch your staff with clearly defined expectations and autonomy is the best way to provide structured staff empowerment. At The HCI Solution it is encouraged to continuously learn, grow and develop.  With many of our Solutions for our customers being unique problems that have proved difficult to solve, HCI employees use creativity and their vast experience to overcome complicated tasks. Allowing the staff to enhance and steer their own job development ensures a mutually beneficial support system between staff and employer.

Reduce Workflow Interruption

Interruption of workflow with delayed system launches can put a damper on process turnover. Laggy launches to required systems is an example of wasted time that can be streamlined. The use of dynamic launches that can open in the background eliminating lag time or that can pass necessary information automatically from one program to another saves time and re-entering data.  The HCI Solution achieves this through the use of LaunchIT for our customers. LaunchIT provides an intuitive solution that aims to eliminate unnecessary wait time to open another system and/or auto populating to the desired content. While a laggy launch might seem like an inconsequential nuisance, the time adds up quickly with multiple uses. When regulatory documentation is needed, keeping the time it takes to accomplish that task is a good idea to maintain compliance.

Support Staff With Needed Resources

Supporting your staff with the tools needed to achieve makes the clinical staff operations easier for everyone.  Downtime can be one of the occasions when a good solution can make an enormous difference in the amount of work and frustration that is thrust upon the staff.  Having a solution that mimics your current EHR and allows you to view all the necessary patient data to safely care for your patients while your system is down can prove invaluable.  ContinuITy™ Downtime Portal was created with these factors in mind. Having an effective solution helps the clinical teams to continue to focus on their patients instead of the downtime obstacle leaving everyone with added peace of mind.

Automate Processes

Time-consuming manual tasks that can be automated are another source of grievance for clinicians and staff. There are many ways to automate tasks in a hospital and The HCI Solution has come up with a few.  The HCI Solution’s Data Services team uses scripting and other tools to automate compiles and/or processes.  One example is providing batch processing for numerous workflow initiatives.  Some tasks are extremely time-consuming but necessary. Batch processing eliminates the arduous effort and minimizes the burden.

Cut Down on Menial Tasks

It is frustrating and inefficient for high value resources to be tasked with menial objectives that eat up their time. SyncSolve® is an application designed to limit time on such tasks while encouraging ongoing dictionary management. Many internal initiatives are made easier or are dependent on the accuracy of dictionaries. This efficiency eliminates unnecessary manual entry and double keying. Keeping the LIVE and TEST synchronized is not only useful for best practice purposes but also saves extensive amounts of time during any system upgrade. By converting a time consuming strenuous task into a quick and easy duty it lightens the resource load and saves resources for critical  purposes.

There are many ways to improve clinician/staff satisfaction.  These listed suggestions just scratch the surface of actions that can be taken for this objective.  When thinking about the strain on staff sometimes streamlining their workflows and providing helpful tools can be enough; allowing for autonomy and growth while providing tools is even better. The HCI Solution is committed to building relationships and going the extra mile. Let The HCI Solution take some of the burdens and provide peace of mind.

Contact Us to find out how we can help improve your clinician/staff satisfaction.

LinkedIn

Improving Clinical Efficiencies: Single Sign-On and Content Sharing

Single Sign-On (SSO) is not the entire answer to clinical efficiencies but rather one important piece of the puzzle. There is no doubt SSO enabled software has allowed users to become more efficient, but the missing piece of the puzzle is clinical content sharing between applications. Clinical content, like what patient you’re on in the EMR, what clinical application you’re in, what user is logged into the workstations, what user is logged into the EMR, etc., are key pieces to the efficiency puzzle. Most clinical EMR software supports some level of FHIR API’s calls which have added much to the missing clinical content piece of efficiency, but it doesn’t solve the entire workflow challenge.

The missing piece of the puzzle is integrating other clinical software into the clinical EMR workflow with clinical and other content. Several specific challenges exist with content sharing, like is the user logged into the EMR the same as the user logged into the workstation? When launching other clinical applications from the EMR your SSO and content software must know who’s logged in to the EMR and who’s logged into the workstation. In the case of multi-user workstations, you want to know what EMR user is launching into the other clinical software. Another challenge is using Health Information Exchange (HIE) or other collaborative content sites and the delay to compile them when needed. For instance, you might want to precompile HIE or collaborative content when the user is on a specific screen so when they need it the content is immediately available, no need to wait while it compiles.

One way in which this efficiency has been achieved is through the use of LaunchIT. HCI’s LaunchIT application is designed to meet all the clinical content challenges without complicated, fragile software design. If you have clinical software you want to integrate with your clinical EMR workflow with SSO and content, LaunchIT is what you’re looking for. Powerful, solid architecture to meet all your clinical software integration needs.

Click here to learn more about how you can optimize your workflow with LaunchIT.

Contact Us to schedule a demo and see LaunchIT in action.

LinkedIn

The Best of Both Worlds: NPR Report Writer and Report Designer

In Expanse, MEDITECH provides two full-featured reporting solutions: NPR Report Writer and Report Designer. Whether we are transitioning existing reports from MEDITECH MAGIC or Client/Server (CS) to Expanse, or building new reports within an active Expanse environment, we need to take a granular view of our options and determine which tool is best suited for each use case. In this exposition, we’re going to review the pros and cons of these two tools, and how to leverage these traits when determining the best option for our reporting needs. Though our examples will be focused on reports being updated across platforms, the same considerations are applicable to new reports being created in Expanse. In addition to our evaluation of NPR Report Writer and Report Designer, we will discuss how you can have the best of both worlds.

Those of us writing reports in MAGIC and CS are already familiar with MEDITECH’s NPR Report Writer, and any existing reports will be written in this medium. The NPR Report Writer is a robust, versatile reporting tool with the capacity to write extremely complex reports with relative ease, using the editor’s extended fragment and macro functionality. This functionality lends itself well to staff familiar with the NPR programming language, being able to create powerful macro-driven reports, that can even call other reports or MEDITECH routines, as needed. Though the MAGIC and CS NPR Report Writers have syntactical and platform-specific differences, converting existing NPR reports to Expanse will only require minor adjustments, provided that the application they are written out of, and fields they reference, are still in NPR in Expanse. This brings us to our first hurdle: there is no native way to pull fields from M-AT applications into an NPR Report Writer report. In Expanse, many applications have changed platforms from NPR to M-AT, such as Abstracting (ABS) and Patient Accounting (BAR), and any report needing to reference data from these applications would need to be built using Report Designer.

Report Designer is the report writing tool MEDITECH provided alongside the release of the M-AT platform and it is included with Expanse. Report Designer has a streamlined, user-friendly interface with many efficiencies that simplify the report creation process. For example, Report Designer includes a mode designed specifically for creating export-style reports that can be leveraged to quickly generate reports in multiple formats. Rather than providing free-form macro functionality like NPR Report Writer, Report Designer is integrated with a rules editor that does not require any programming experience to utilize. This rule-based approach is both a pro and a con, for though it allows users with varying degrees of experience to add custom logic to reports, reports written in Report Designer are bounded by the limitations the rules editor imposes. This can make the task of reproducing complex macro-driven NPR Reports in Report Designer challenging, and unfortunately, in some cases impossible.

When faced with the impossible, we were compelled to pose the question: What if there was another option? What if there was a means of retrieving M-AT data, while still benefiting from the power and versatility of NPR Report Writer’s macro-driven functionality?

The HCI Solution’s answer to this question is the M-AT Object Module (MOM©). MOM© is a suite of utilities encapsulated within an NPR Report that can be called from other NPR Reports to pull in M-AT data. Regardless of the complexity of the dataset or use case, MOM© can be used to achieve the best of both worlds, the data we want in an editor that provides the power and functionality we need. MOM© can even be used to report on M-AT data that it is not currently possible to report on in Report Designer, or that can only be reported on inefficiently, i.e. with complex rules that will take significantly longer to run than a procedural approach would take. In addition to standard M-AT fields, MOM© can be utilized to report on audit log data and user activity (which Report Designer cannot), Financial Status Desktop statistic details, and can even retrieve data housed within a different HCIS than the HCIS the report is being launched from.

Choosing the best report editor for a use case is important, but it doesn’t need to be daunting. Report Designer and NPR Report Writer are both incredible tools, with strengths that should be leveraged in the report conversion and creation process. With the inclusion of MOM©-enhanced NPR Reports, we are free to choose between either tool, without introducing any barriers between us and the data.

Click here to learn more about The HCI Solution’s M-AT Object Module – MOM©

The HCI Solution Data Services team also provides advanced report writing and report conversion assistance, Click here to check out our services.

The HCI Solution also gives back to the MEDITECH community by providing complimentary beginner to advanced Report Designer Educational Sessions each month. View our upcoming RD Ed Sessions.

 

LinkedIn