How OfxCloud™ Empowers Medical Providers Through Remote Access

Together with speed, security, and performance, one of the most powerful aspects of cloud-based storage is accessibility. Making data available to any authenticated user with an internet connection is a huge advantage for both distributed teams and challenging use cases.

OfxCloud™ combines this accessibility with best-in-class encryption, resilience, and availability — exactly what businesses and providers dealing with healthcare and medical information need. There are several advantages that come with this kind of accessibility and remote access.

Secure Medical Information Available Anywhere to Properly Authenticated Users and Applications
Accessibility and security must work together to provide the right level of access to the right data in the right way. All information held in OfxCloud™ is encrypted by default, whether it’s at rest, or being transmitted, analyzed, or managed.

This level of encryption, combined with powerful authentication and authorization policies, makes OfxCloud™ a great choice for sensitive medical information that could otherwise be accessed by hackers. In fact, it’s this level of protection that makes OfxCloud™ the best choice for distributed access.

All healthcare information is centralized, meaning that multiple applications, organizations, and users can access and update “one version of the truth.” These users can be based anywhere, and since the data is compatible with multiple systems, creating, managing, and updating it is fast, simple, and secure.

Medical Data is Not Compromised by Lack of Access to “Traditional” Applications or Storage Systems
Another key advantage is that healthcare data isn’t reliant on having access to one specific system or database. For example, after a natural disaster like Hurricane Harvey, hospitals can continue to access information provided they have an internet connection. This is true even if their onsite data centers are down.

This can easily extend to other parts of the world as well — when organizations like Doctors Without Borders travel to areas without much infrastructure, all they need is a laptop and internet connection to capture, update, and use medical information for people in need.

Looping in Other Medical Consultants and Expertise is Easy
Sometimes, you want a second opinion. In those cases, it’s easy to share healthcare data with medical experts and others. Whether its diagnostic results, images, treatment plans, or any other healthcare data, you can get opinions from anyone else with access to that information.

It’s time to think about data differently., When it comes to medical information, accessibility, and remote access, there’s really only one sensible choice — OfxCloud™.

The healthcare data experts at Panoptex strive to provide a unique, tailored big data storage, processing, and complex analysis solution that delivers optimum value as well as unrivaled security to customers. If you want to learn more about how we can help protect your organization’s healthcare data, contact us today at (407) 777-2555.

Two Critical Ways to Protect Patient Identity and Healthcare Record Integrity

As if the threat to electronic healthcare records (EHRs) from hackers wasn’t enough, there are other endemic issues with the medical information being held on patients. It remains critical to prevent unauthorized access to healthcare data — medical providers, healthcare IT professionals, and administrators must carefully manage numerous other aspects of how healthcare data is handled.

That’s not enough by itself — here are two other big changes they can make to protect sensitive medical information, enhance patient outcomes, and make medical care more immediate, efficient, and effective.

Reduce Misidentification of Patients

It sounds like a horror story — patients being misidentified and receiving the wrong treatment, but it is a significant issue for medical providers. Misidentification causes 30 percent of radiation, medication, and blood transfusion errors. It also means that hospitals can lose between 1 and 4 percent of net patient revenue as the result of denial write-offs, often due to misidentification.

This is before we take into account the devastating impact of receiving the wrong treatment, therapy, pharmaceuticals, or transfusions. Needless to say, in some cases, this can lead to legal damages and other very serious implications.

One of the reasons for this issue is the amount of manual identification medical providers need to perform. They rely on identity cards, drivers licenses, and passports to verify identity, yet in the high-pressure, fast-moving medical environment, people still make mistakes.

One solution is to create a more robust software solution in which biometrics or similar authentication will capture, record, and prove identity. This can be integrated with a provider’s enterprise master patient index (EMPI) and can update EHRs across and outside the organization with all of the correct and relevant identity and biometrics data.

Eliminate Duplicate Medical Records

With so many providers updating information into EHRs, duplication becomes a very real problem. Studies show that up to 10 percent of medical records are duplicated, resulting in very costly data cleansing and remediation activities. It can typically cost $1,000 to identify and audit each record, with an additional $5,000 in costs to rectify the mistakes.

One reason for so much duplication is the myriad, disparate systems that different healthcare providers, insurers, and administrators use. Centralizing this data would significantly reduce duplication issues, save money, and result in better patient care.

OfxCloud™ is a Powerful Solution for These Issues

OfxCloud™ is a specialized data storage and management solution. It uses extremely robust encryption and built-in resilience to provide the reassurance and security that sensitive medical information requires.

OfxCloud™ allows healthcare providers, IT professionals, and administrators to use a “one version of the truth” storage system for EHRs and other medical data. Because it’s cloud-based, the information is available to any authenticated and verified user or application, and because it’s centralized, the risk of duplication is significantly reduced.

Combine that with industry-leading speed, performance, and integration and it’s easy to see how biometrics and EMPI can substantially reduce misidentification of patients. OfxCloud™ is the only sensible choice for best-in-class healthcare data management and protection.

The EHR database experts at Panoptex strive to provide a unique, tailored big data storage, processing, and complex analysis solution that delivers optimum value as well as unrivaled security to customers. If you want to learn more about EHR databases and how we can help protect your organization, contact us today at (407) 777-2555.

The Internet of Things, Security, and the Law

The Internet of Things (IoT) is finding its way into every aspect of our lives. From our smartphones to personal fitness devices, and thermostats to home appliances, the IoT is becoming more connected to our bodies and our homes. These devices are generating a lot of data, and governments are putting legal frameworks and regulations in place around how IoT data can be managed, used, and stored.

This isn’t just driven by consumer technology. IoT devices are finding their way into every aspect of industry and commerce around the world, from smart sensors in factories to water monitors in a farmer’s crops. One area that’s seeing heavy use of IoT technology is the healthcare industry. Connected medical devices capture a great deal of sensitive information and its concern about access to this healthcare data that’s behind the need for legal action to regulate IoT information.

A 2017 bill, “The Internet of Things Cybersecurity Improvement Act of 2017” aims to introduce strict security standards about how IoT device manufacturers handle all the data their devices are producing. The bill only targets vendors selling devices to the federal government including the Defense Department and Veterans Affairs healthcare facilities, but this will then filter out into the rest of the healthcare industry.

The main regulations the bill introduces are as follows:

Allow maintenance patches and security updates for IoT devices — most IoT devices run on installed “firmware.” This firmware must be updatable so it can be patched if any security or other vulnerabilities are identified.

Remove hardcoding of username and password and allow them to be changed — default credentials on IoT devices provide a very easy attack vector for hackers and criminals. The legislation requires vendors to allow IoT devices to have their login, password, and authentication information changed.

Ensure devices are free of known security vulnerabilities — although this should really be best practice, the legislation also requires new devices to be updated to remove any previously identified security issues or vulnerabilities.

There are several other areas that the legislation also covers. Here’s a quote from Senator Mark Warner’s website, a co-sponsor of the bill:

 

  • Direct the Office of Management and Budget (OMB) to develop alternative network-level security requirements for devices with limited data processing and software functionality.
  • Direct the Department of Homeland Security’s National Protection and Programs Directorate to issue guidelines regarding cybersecurity coordinated vulnerability disclosure policies to be required by contractors providing connected devices to the U.S. Government.
  • Exempt cybersecurity researchers engaging in good-faith research from liability under the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act when in engaged in research pursuant to adopted coordinated vulnerability disclosure guidelines.
  • Require each executive agency to inventory all Internet-connected devices in use by the agency.

 

As IoT device use becomes more widespread, we can expect to see more legislation introduced to keep user data safe. IoT manufacturers will need to stay up-to-date with changing compliance and legal requirements to ensure they can provide reliable, resilient, secure devices.

The IoT Healthcare experts at Panoptex strive to provide a unique, tailored big data storage, processing, and complex analysis solution that delivers optimum value as well as unrivaled security to customers. If you want to learn more about IoT healthcare and how we can help protect your organization, contact us today at (407) 777-2555.

Blockchain Technology and What it Means for Electronic Health Records

The applications for blockchain technology only seem to be limited by the imagination. It’s inevitable that if there’s a way to store or manipulate data in a traditional way, blockchain will come along and suggest an alternative approach.

The healthcare industry, with its reliance on the secure storage and transmission of medical data, is a natural choice for disruption. What, then, can we expect to see as healthcare data needs evolve and blockchain technology positions itself as a universal panacea?

A Quick Overview of Blockchain Technology

Blockchain technology is a “shared, decentralized, distributed ledger of all transactions across a network.” That’s a bit of a mouthful, so let’s break it down. Essentially, blockchain technology securely distributes data across many computers, ensuring that all those computers can validate any transactions on the blockchain.

It’s a way to distribute information in a very secure, decentralized way. Blockchain technology is what cryptocurrencies like Bitcoin are based on, although the technology extends far beyond currencies. It allows for a common, shared record of information that can only be updated by authentic transactions.

How Blockchain Technology Can be Applied to Healthcare Data

The main impact of the blockchain on electronic health records (EHRs) would be to create “one version of the truth.” This would be an EHR for a patient that has all of the information from multiple sources:

  • Diagnostic and lab tests.
  • Doctor and medical provider records.
  • Insurance records.
  • Updates on procedures and treatment plans.
  • Hospital, clinic, and ER visits.
  • Drugs and pharmaceuticals.
  • And every other area which would impact on a person’s health.

The distributed nature of the blockchain means that users with the proper authority would be able to access the EHR and make the changes. The distributed, secure nature of blockchain technology would ensure that changes could only be made by authorized users and would then authenticate that information.

The Benefits of Blockchain for EHR

There are several benefits to EHR supported by blockchain, they are:

  • It would give patients easier access to their EHRs so they could check them over and correct erroneous data.
  • All authorized providers or people with a legitimate need for access to a patient’s EHR would be able to add to it.
  • Theoretically, important information would only need to be provided once, then updated only if it changed. A person would not have to give their contact details, medical history, drug breakdown, and other information repeatedly.
  • Any hacking attempts on medical records with an attempt to change the data in the EHR would be quickly discovered and the data would be reverted to the “correct” version.

Blockchain vs. Encrypted Healthcare Data in the Cloud

So, how does blockchain technology stack up against using a dedicated, encrypted cloud service like OfxCloud™ to store sensitive medical information? Well, blockchain technology for healthcare data is still in its infancy, and we aren’t yet seeing many practical examples of how it works. This means the technology is still unproven, and there are big logistical, compliance, legal, and security issues that need to be overcome.

Although blockchain technology may resolve these issues in the long-term, right now a dedicated, encrypted, cloud-based, scalable, and resilient storage system provides all the benefits of blockchain with none of the risks.

The EHR security experts at Panoptex strive to provide a unique, tailored big data storage, processing, and complex analysis solution that delivers optimum value as well as unrivaled security to customers. If you want to learn more about how we can help with your organization’s EHR security, contact us today at (407) 777-2555.

Healthcare Evolution — Some Big Changes for Analytics and Insights

The world of healthcare data, analytics, and intelligence moves quickly. Technological innovation, patient demands, regulatory environments, and changing medical and insurance needs require that healthcare businesses adapt or fail. This need for transformation is driving thinking in the space and was at the heart of discussions around healthcare at the annual HIMSS Big Data and Healthcare Analytics Forum.

Here are some of the topics that were discussed, together with our take on how this will create innovation throughout the healthcare data and medical information space.

Clinical Intelligence and a Holistic Approach to Healthcare Data
If we want to evolve the quality of care and deliver truly next-generation patient outcomes, we need to go beyond simply capturing and reacting to specific patient and medical information. One of the main tools that can assist in evolving how we treat people is “clinical intelligence.” This is a toolset that can gather together, cleanse, analyze, and correlate medical data across multiple people, population groups, regions, conditions, and more.

Mining this data will reveal surprising insight into wellness, diseases, common causes, and the steps that medical providers, patients, families, insurers and more can take to enhance patient outcomes. It’s bringing the well-established discipline of “business intelligence” out of the boardroom and into the consulting room, giving patients and doctors the right insight to make better decisions.

Enhancing Patient Care by Looking Beyond Reactive, Individual Patient Needs
The strong drive toward value-based care is only going to get more powerful as patients focus on outcomes and a better quality of life, rather than providers trying to give as many tests and procedures as possible.

One way to deliver greater value is through proactive health management — using data and insights to suggest changes individuals can make to maintain a healthy lifestyle and enhance their own wellness. This comes about both through understanding an individual’s medical history but also tying that into further medical information for greater context. For example, family history, genetic makeup, or conditions that affect individuals of a similar population group, lifestyle, or other common factors.

This move towards proactive health management doesn’t just apply at an individual level. It can also be predictive of larger health issues within a population and help medical providers prevent these problems from occurring, and dealing with them effectively if they do.

Discovering Trends and Correlations in Healthcare Data
Access to large healthcare datasets, coupled with the proper level of granularity, will allow researchers and analysts to make insightful predictions on regional or population-wide health changes. This will help health providers deal with long-term shifts in diseases, conditions, and wellness. Coupled with proper policy, this can lead to much better preventative care and enhanced patient outcomes.

Taking Advantage of Precision Medicine and Real-Time Analytics
Medicine and effective treatments are becoming more personalized. From bespoke drug combinations to individual diagnostics, healthcare providers are moving towards treating the patient rather than the condition. This type of precision medicine will become more powerful as real-time analytics allows for immediate insight into how effective a treatment is, not just for that patient, but for others who have extremely similar characteristics.

This is an exciting time in the healthcare field. As we think of new ways to use medical information, the opportunity to gain real insight on healthcare data protection that leads to better patient outcomes is becoming a reality.

New Health IT Certification Revisions — How Will They Impact You?

The Health IT Certification program is a voluntary program administered by the Office of the National Coordinator for Health Information Technology (ONC). It’s designed to provide training, reassurance, compliance, and excellent standards for protecting healthcare data, software, and other technology in line with federal, state, and private needs.

Although the program is not mandatory, development in line with its certificates and standards is considered necessary for providers of healthcare technology to federal and state-run initiatives, bodies, and agencies.

That’s why medical device manufacturers and healthcare software developers need to understand any changes to the standards, requirements, or certifications under the program. In September 2017, the ONC announced two major changes to the certification program.

Over Half of the Testing Criteria for Certified Products can Now be Self-Declared by the Manufacturer or Developer

The ONC currently has 55 separate testing criteria for verifying that technology and software is developed in line with its health certification standards. Of those 55 areas, 30 can now be self-declared by developers as being in line with the program’s requirements. The drive behind this change was to not have to “spend valuable time testing” with an ONC-Authorized Testing Laboratory.

These certifications are based in large part around the Centers for Medicare & Medicaid Services’ (CMS) Quality Payment Programs. Developers supporting these programs will see their administrative burden reduce as they are able to self-declare rather than having to go through a more formal process.

The ONC states that “By making this change, ONC enables ONC-ATLs and health IT developers to devote more of their resources and focus on the remaining interoperability-oriented criteria, aligning with the tenets of the 21st Century Cures Act.“

The ONC Will Use Enforcement Discretion for Randomized Surveillance of Certified Products

The agency has decided to use more discretion when carrying out randomized surveillance, and, “will not, until further notice, audit ONC-ACBs for compliance with randomized surveillance requirements or otherwise take administrative or other action to enforce such requirements.”

These changes are both designed to advance healthcare data protection and software developers. This should result in less administrative overhead and lower costs as the ONC devolves some of its power and allows vendors to self-certify.

The Equifax Data Breach and How it Could have Been Stopped

The Equifax data breach is one of the most significant thefts of personal information in the history of hacking. Over 140 million customers were impacted — more than half the US population with people affected in the UK and Canada as well.

The depth of data stolen was also staggering — names, addresses, social security numbers, drivers license details — in short, everything an identity thief could ever want. The real question, though, is how did the breach happen in the first place, and could a properly encrypted online data storage solution like OfxCloud™ prevent other breaches of this nature?

The Cause of the Equifax Breach – A Web Development Tool

Hackers got into the Equifax system through an identified flaw in a piece of software called “Apache Struts” that supported their online dispute portal. Apache Struts had an identified vulnerability, which Equifax started patching but did not complete in time.

Once the vulnerability was known, hackers took advantage and found Equifax’s infrastructure to be vulnerable. Once they were into the system, they were then able to access other databases and information and pull out all of that sensitive information.

Lessons to Be Learned

Patching Needs to be Immediate

In large organizations, vulnerability patching can take time. This is clearly not ideal as it leaves a window for hackers to take advantage. Companies can get around this by moving away from legacy data storage and software to online solutions like OfxCloud ™— online solutions are patched immediately, so they are not vulnerable.

Unauthorized Access Must be Spotted Early

The hackers had access to the data for over two months before Equifax saw them. In addition to their own monitoring, using a hosted online solution would have provided an extra level of scrutiny, monitoring, and defense.

Data Needs to be Fully Encrypted at Every Stage

One of the biggest flaws in the Equifax data breach was the lack of encryption. Properly encrypted databases are much harder to hack, and even if data is extracted, it’s essentially useless. That’s where fully encrypted solutions like OfxCloud™ really have an advantage.

Data is encrypted by default, from the moment it’s created, and throughout its life. Whether the data is at rest, being accessed, shared, transmitted, managed, or archived, encryption must be part of an end-to-end information storage solution.

Every System and Storage Solution Should Have Independent Verification and Authentication

Finally, the hackers were able to get at so much Equifax information because the web development tool provided them with a backdoor — once they were into Apache Struts, they could access other large parts of Equifax’s internal data. Sensitive information should be properly protected at every level — there need to be clear, unbreachable walls around data and strong gatekeepers that demand robust authentication to get access.

Just one of these changes would have significantly reduced the threat of a breach at Equifax — all of them would have likely eliminated that threat completely. If you want to reduce any threats to your sensitive data, there’s really just one sensible choice— OfxCloud™.

The healthcare data experts at Panoptex strive to provide a unique, tailored big data storage, processing, and complex analysis solution that delivers optimum value as well as unrivaled security to customers. If you want to learn more about how we can help protect your organization’s healthcare data, contact us today at (407) 777-2555.

A Lack of Expertise Could be Damaging Your Healthcare Data Security

There’s no doubt that healthcare database security needs to be at the heart of how your organization deals with sensitive medical information. With healthcare data being so attractive to hackers, you need the right technologies in place to secure medical information in all its forms.

Vulnerability assessments, auditing, and threat intelligence are helping businesses to identify what they must do to securely protect sensitive medical information. Whether it’s compliance gap analysis, threat vectors, vulnerability, patching, or something else, 84 percent of IT security professionals said that threat intelligence was essential to strong policies and practices.

A Shortage of Skilled IT Professionals is Impacting How Healthcare Data Threat Intelligence is Used

Unfortunately, there is a lack of skilled IT experts with the right experience, insight, and abilities to properly understand and implement what this threat intelligence is telling them. This lack of skill means only half of organizations use threat intelligence when responding to healthcare data security risks. Here’s how that could impact your organization.

No Clear Information on Exactly What Medical Data You Are Capturing, Storing, Managing, or Sharing

To get strong healthcare data protection in place, you need to start by understanding the context of the medical information you’re collecting — where the data comes from, how it’s used, stored, and shared, and the various ways the information is managed and transformed throughout its life.

In many cases, this means a detailed audit of all the data your organization is holding and the various ways that information is stored, manipulated, shared, and archived. If you don’t have the expertise to identify and audit this data, you can’t put effective controls in place that define and restrict how the medical information is used.

Difficulty Understanding What Threat Intelligence Data Means and The Steps that Need to be Taken

Data protection, threat assessment, and vulnerabilities is a complex topic. When organizations are handling large amounts of medical data over multiple environments, keeping track of changing threat levels, attack vectors, security, and controls is challenging. Without the proper expertise, translating threat insights into practical steps to manage any risk is almost impossible.

No Influence Over External Partners, Suppliers, and Others Over How Data is Shared, Stored, and Used

The need to protect healthcare data doesn’t end with your organization. Whenever you transmit, receive, or otherwise share sensitive medical information with others, you have a duty to protect that data. If you don’t have the right IT healthcare expertise, it is difficult to put the correct policies, processes, and technology in place to protect data. Additionally, influencing suppliers, partners, and others to do so becomes very difficult.

One way to start resolving the issues with a lack of healthcare database protection expertise is to use technologies with strong levels of encryption and security built in. That’s why we built OfxCloud™ — it’s designed to give you a robust level of secure healthcare data storage while being easy to learn, so you can get the right people in place to manage your healthcare data risks properly.

The Importance of Healthcare Data & Ensuring Its Confidentiality

Protecting healthcare data from unauthorized parties, while simultaneously making it accessible to authorized healthcare professionals, patients, and caregivers, appears to be an unsolvable conundrum. Healthcare administrators constantly struggle with sharing paper-based patient records effectively. Paper-based patient records need to flow quickly to and from primary care physician offices, specialists, hospitals, clinics, and patients, yet it remains cumbersome and time-consuming to scan and email, fax, or mail such records.

Conversely, electronic health records (EHRs) solve the need for efficient information sharing, yet are only used by about half of the nation’s doctors [1]. Unfortunately, many healthcare administrators worry about the risks and costs associated with unauthorized individuals receiving or merely accessing EHRs. Faith in keeping (electronic) records confidential, especially across disparate, connected systems, fluctuates as healthcare administrators hear more about patient record breaches than they do about technologies that offer bona fide cloud security.

Used effectively, electronic health records help physicians provide higher-quality, more personalized care to patients—at a lower cost. [2] For example, EHRs provide emergency-room doctors with rapid access to information about patient allergies, prior surgeries, current and former medications, and similar health-related information while treating a patient when seconds are critical.

EHRs are not only delivered instantly to healthcare administrators on demand, but also allow them to navigate quickly through dozens, hundreds, or even thousands of pages. Paper-based records can take immeasurably longer to sift through, yielding delays in care and higher costs. Keeping paper-based records secure is also a nightmare. While an original document may be locked in a filing room, once copied, those records will change hands numerous times as administrative staff are involved with copying, scanning, faxing, placing records in envelopes, handing them off to couriers, delivered to one or several recipients, then read by one or more healthcare professionals, and, eventually, filed and stored.

As healthcare administrators recognize the value of EHRs, they’re also beginning to see how properly-implemented cloud security gives them complete control of their data, ensuring only those with specific authorization to a patient record are granted access. Internal and external record queries are examined and managed with levels of granularity not previously thought possible, while all pertinent, confidential data remains encrypted in transit, at rest, and in use. With OfxCloud, healthcare administrators can minimize the risks of EHRs, but enjoy all the benefits, including cost-reduction, patient appreciation, and better healthcare overall. Contact us today to learn more about OfxCloud – an in-cloud data warehouse solution that delivers accelerated time to market, mass query capability, and comprehensive security.

Key Healthcare Assets Protected by OfxCloud

Medical device data, patient histories, financial information, and pharmaceutical data all require strong security controls such as data encryption and granular rights provisioning. This ensures that patients, designated family members and caregivers, appropriate medical staff, doctors, and other approved parties get the appropriate level of data access.

Such complex requirements create significant challenges for healthcare organizations who already struggle to maintain compliance with laws like the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA). The costs of maintaining compliance with laws and implementing strong, effective security controls remains far lower than the expenses associated with a data breach, including reputation damage, loss of consumer trust, and, for public companies, devalued stock.

Healthcare executives, in their struggle to find reputable vendors and reliable technologies, listed expense reduction as one of their top five concerns for 2017, per the Advisory Board Company’s latest Annual Health Care CEO Survey. [1]

This means that affordable, reliable technologies designed to protect healthcare-related data are a strategic priority amidst healthcare organizations, many of which are taking a strong look at OfxCloud — which offers expert protection of digital assets, while ensuring all authorized parties have the specific access they require. Simultaneously, OfxCloud prevents unauthorized users, internal and external, from getting their hands on confidential healthcare information and utilizes data encryption while information is in transit, at rest, and in use.

Patients expect easy access to their medical information for themselves, authorized family members, and caregivers. Therefore, healthcare organizations must devise ways to supply access while preventing cyber thieves and malicious insiders from copying or stealing that very same data. Internal policies, and punishment for not following them, can only go so far as more stories of internal and external data breaches make front-page news.

Secure your organization’s digital assets with a reliable solution that guarantees data encryption in all three states, allows granular rights provisioning, helps meet compliance obligations, and delivers peace of mind and confidence for executives and shareholders. Contact us today to learn more about OfxCloud, a complete 360-degree solution for enterprises seeking to fully engage their business data in ways not previously possible!