In IBM’s 2022 Cost of a Data Breach report, the company revealed that the global average cost of a data breach was $4.35 million. In the healthcare sector, however, that number skyrocketed to $10.1 million. Why is an attack on a healthcare organization so much more costly? While part of this comes down to the fact that healthcare organizations often have big budgets, and so might be able to pay big ransoms, the biggest part of the answer is consequences. In there, real lives are at stake. Downed systems don’t just mean a loss of profit, it means a loss of life. Faced while the choice of paying up or letting people die, the decision to pay a ransom is not a hard one, even if the asking price is very large indeed.

State of the Industry

The healthcare industry is a particularly attractive target for ransomware for two main reasons. First, irrespective of benefits, healthcare companies tend to be large businesses with large balance sheets. Total expenses for U.S. hospitals reached above one trillion dollars in 2022, indicating that on any given day, a massive amount of money is flowing in and out of hospitals nationwide. For cybercriminals, this means an easy target with an almost-guaranteed payout to some degree. 

Second, healthcare is an extremely vital industry for humankind. For many organizations in other verticals, ransomware may be a “pay up or go offline” situation. Devices may be taken offline and productivity may slow temporarily, but ransomware is a temporary setback- organizations may even take their time coming up with a way to circumvent payment. For healthcare, however, time is not on the side of the organization. The effects of a ransomware attack are far more useful for criminals when actual lives are on the line.

The deeper problem is that as long as healthcare organizations have to keep paying ransomware to save lives, criminals will keep attacking- it’s, unfortunately, part of the overall risk factor for these providers. 

A Different Breed of Risk

However, it’s not just the attractiveness of the target that keeps criminals attacking healthcare organizations- it’s also the risk profile of the average healthcare employee.

More than most other industries, we see extremely high mobility of staff within healthcare. Across many healthcare businesses, we see a substantial contingent of staff that are out in the field or is more mobile within their office space. Doctors and nurses are constantly on the move, even if they never actually leave the hospital. Many devices become mobile out of necessity. This creates a physical risk of device loss or theft, increasing the need for a strong, resilient connection and the ability to track or wipe a device should it be stolen. 

Additionally, healthcare data is extremely valuable to criminals. This isn’t simply because of the deeply personal nature of the data. It is because it’s a trove of extremely valuable Personal Identifiable Information (PII) point of view. This sort of personal information is just what cybercriminals need to get the answers to personal questions connecting bank accounts, site logins, and more. 

Finally, healthcare systems are often large and interconnected – if security is not ironclad, criminals can rapidly gain the ability to move from end-user laptops to departments like billing, to the pharmacy, to control systems – always finding the weakest link as long as a valuable target exists. This creates an endless game of ‘whack-a-mole’ for healthcare IT teams, where the objective is to simply become less of a target while routing out malware infections across a wide range of systems. 

Overall, with their large attack surface, interconnected systems and highly valuable data, devices in healthcare settings are a perfect target. They are also a perfect use case for a zero-trust network access approach to security. 

Reducing Risk

Risk is usually defined as the product the probability of a successful attack and the impact of the attack. Protecting your organization to minimize the chances of success is the cost common way people try to reduce risk, but it has its limits. No organization is ever going to be perfectly protected. This means that in most cases the best way to minimize risk is by being ready for an attack so that you can minimize its impact. This means that IT teams must find ways to get their organization to a point where it’s possible to recover without paying. This allows them to break the vicious cycle: as long as attacks lead to payments then payment will lead to more attacks. Breaking the cycle is crucial because if you can’t, then no matter how strong your defenses are, criminals will just find a different part of your business to attack. The ultimate goal is to get to a point where if your organization is ransomed it’s only a minor setback – you have the safeguards and backups to minimize the blowback. When you’re able to recover without paying then you win. Criminals aim to attack where the ROI is the greatest – if you reduce don’t need to pay then they’re more likely to move on. 

In the case of ransomware, minimizing impact means being able to restore your systems to the pre-attack state as quickly and efficiently as possible. Naturally, to do this you need to have backups, but you need more than that if you want a rapid response, especially when you have a mobile workforce. What you need is remote control of the devices and you need remote control tools that will survive a complete, clean slate reinstall of the systems. Surviving a reinstall is crucial because, in an ever-changing world of malware infections, it’s often impossible to be sure that you’ve successfully removed the infection without completely wiping the entire disc. The ability to bounce back in the face of an attack, what IT and Security people call “resilience”, is one of the most effective tools you can deploy to minimize the overall risk from ransomware attacks.

Importance of Forward-Planning

Reducing risk is impossible without a forward-planning, but with a little foresight, healthcare organizations can dramatically reduce the risk from ransomware attacks. The key to this is to balance existing cybersecurity techniques to help prevent attacks with cyber-resilience techniques to help IT teams bounce back. Everyone in healthcare knows that no matter how young and healthy you may be, health insurance is a necessity if you want to get healthy again when illness happens. Cyber-resilience is just the same; if you want to keep your systems healthy you don’t just need to practice good hygiene, you need to ensure that you can get prompt and effective treatment when an infection happens. That way your organization can spend less time and energy keeping PCs healthy and more time keeping the humans healthy!

About Nicko van Someren

Nicko van Someren serves as Chief Technology Officer at Absolute Software, where he oversees the direction and strategic vision of Absolute’s product architecture and security roadmap. He has more than two decades of experience leading, developing and bringing to market disruptive security technologies. Prior to his role at Absolute, Nicko served as Chief Security Officer and Chief Information Officer at nanopay, Inc, a financial services technology company. He has also served as Chief Technology Officer at the Linux Foundation, Good Technology (now a part of BlackBerry) and nCipher (now a part of Entrust Datacard) as well as the Chief Security Architect at Juniper Networks.

Nicko also serves as a board member and advisor for numerous startups and is a mentor for the Techstars accelerator program in Boulder, CO. He has a PhD from the University of Cambridge and fellowships from the Royal Academy of Engineering and British Computer Society.

What You Should Know:

• Lucem Health, a Mayo Clinic Platform portfolio company, has closed a Series A venture capital funding round of $7.7M led by Mayo Clinic, Granger Management and Mercy (St Louis).
• Lucem Health helps clinical AI innovators transform data science into innovative, trusted solutions that can detect diseases earlier and optimize care delivery, positively impacting patient lives, improving the physician and provider experience, and ultimately producing improved outcomes.

How Lucem AI Platform Works

The Lucem Health Platform takes data from any source, normalizes and connects it to any AI model or algorithm, and delivers the resulting predictive insights seamlessly into existing clinical workflows. By embedding seamlessly into PACS, EHRs, and other data-driven workflows, the Lucem Health Platform makes it easier for hospitals, clinics, and physician practices to build, train, and scale AI models using their own data.

Expansion Plans

The funding will be used to advance development of Lucem Health’s platform for clinical AI solution deployment, grow the company’s solution portfolio and expand its sales and marketing capacity. The company recently launched Lucem Health Reveal, a family of solutions which uses AI and existing data to identify patients at higher risk of serious or chronic disease.

Related: Mayo’s Lucem Health Launches AI-Driven Early Disease Detection Platform

“AI has tremendous potential to transform and augment how physicians and providers practice medicine, make decisions and serve their patients. Yet, so far, we have barely scratched the surface of AI’s potential in healthcare,” said Sean Cassidy, founding CEO of Lucem Health. “We started Lucem Health to accelerate integration of powerful AI-generated insights into care delivery workflows in a thoughtful, responsible way. In a challenging market for raising capital, we appreciate our investors’ confidence and support.”

In 2020, the Dental Care Alliance (DCA) experienced a significant cyberattack on its systems, which lasted approximately an entire month. This gave the threat actor an extended period to compromise the healthcare organization’s servers and extract the private and confidential information of around one million patients. 

This is just another example of how vulnerable the healthcare industry is to cyber criminals looking to exploit security weaknesses. Healthcare organizations are prime targets for threat actors who are fully aware that their targets are invested in keeping their systems and businesses up and running efficiently and securely. This is especially critical in protecting patient privacy and data, particularly when it comes to impacting life-saving information and equipment.

The incident

The cyberattack on the DCA was launched between Sept. 18 and Oct. 11, 2020. During the month of the breach, a cybercriminal was able to access various confidential files, including patient data such as names, contact details, treatments, diagnoses, patient account numbers, their dentist’s names as well as billing details and health insurance data. In 10 percent of the cases, bank account numbers also were compromised, making this the second-largest reported attack that year. 

The attack resulted in a class-action lawsuit, which ended in a $3 million settlement against the DCA. The DCA was accused of negligence for its failure to protect and maintain its systems and infrastructure against breaches, and for failing to implement proper security monitoring. It also was cited for neglecting to upgrade its security measures and to implement proper cybersecurity hardware and software, as well as adequately train its employees. As a result, patients feared an increased risk of fraud. 

While it was not publicized how the attacker gained initial access to the company’s network, plaintiffs argued that it was the DCA’s poor cybersecurity practices that exposed them to the risk of identity theft and fraud. 

Unfortunately, this is not the only case in which an organization has been sued over alleged negligence. Eye Care Leaders was accused of concealing multiple ransomware attacks in 2021, which resulted in a provider-led lawsuit. Not only does this highlight the frequency of attacks on healthcare organizations, but it also underscores the immense cost that is associated with failing to understand risk and provide adequate cybersecurity protocol and measures. Just a single security incident can lead to reputational damage and significant financial losses. This is further exacerbated by the consequences of breaches of confidential patient and client information.

Both cases are windows into the high-stakes cyber risk landscape for healthcare providers and payers, particularly when it comes to an organization’s being fined by the federal government for HIPAA violations. 

Cyber risk in healthcare

In 2021 alone, the healthcare industry was hit with 849 cyber incidents, with 571 of these confirmed that private data had been accessed, according to the Verizon Data Breach Investigations Report. This placed healthcare in eighth place for industries targeted by attacks, and in third place for number of data breaches, out of a total of 21 categories in the Verizon report.

By using past cyber events and parameters such as revenue, number of employees and number of database records, it is possible to estimate a quantified value of risk to which companies are exposed. By using benchmark values, one can deduce that the healthcare industry shows relatively higher rates of reported breaches in comparison to other sectors (though that is in part driven by stronger data privacy policies and required reporting for smaller incidents to meet federal regulations). There is a 9.3 percent overall probability of an annual incident targeting this industry.

The probability of incidents happening in a year and the estimated cost by risk category within healthcare is as follows:

• Insider Error: Probability: 29.95 percent, cost: $73.6 million 
• Insider Misuse: Probability: 24.99 percent, cost: $47.2 million 
• Basic Web Application Attacks: Probability: 9.19 percent, cost: $42.1 million 
• System Intrusion: 4.83 percent, cost: $5.4 million 
• Social Engineering (Phishing, etc.): Probability 3.80 percent, cost: $6.6 million 
• Denial of Service (DoS): 2.19 percent, cost: $7.5 million 
• Ransomware: 3.85 percent, cost: $929.9 thousand

In quantifying the risk, healthcare organizations can better calculate their risk appetite and allocate spending more efficiently to bolster security where needed. This not only will increase overall cybersecurity, it also will reduce wasted spending on protecting infrastructure that isn’t as vulnerable or may not need as strong measures as other areas. 

Bolstering cybersecurity 

In order to prevent falling victim to a cyberattack and avoid being entangled in costly lawsuits, organizations should foster a strong cybersecurity culture and be aware of the risk to which they could be exposed as well as the potential value associated with it. In addition to increasing overall visibility over devices on and connections to the network, expanding cyber threat awareness training for staff and implementing multi-factor authentication, organizations should know their risk. 

What does this mean? Understanding risk can best be done by quantifying its value. By using an international standard, such as FAIR (Factor Analysis of Information Risk™), organizations can estimate their risk financially, which allows them to better implement cybersecurity strategies according to where higher risk exists.  They can allocate budgets and understand their risk appetite more thoroughly as it allows them to see how much different risks could cost the business. 

Ultimately, quantifying risk would allow organizations to understand what’s at stake and to prepare and invest accordingly. 

About Bryan Smith

Bryan Smith is the CTO of RiskLens, which helps organizations make better cybersecurity and technology investment decisions with software solutions that quantify cyber risk in financial terms. Smith is a broad technologist with over 20 years of software engineering experience. His expertise includes building enterprise scale web applications, cybersecurity, and big data. Smith led the development of RiskLens’ enterprise cyber risk quantification and management platform. Prior to RiskLens, Smith helped build the nation’s first digital archives enabling it to scale 3400% over five years.

What You Should Know:

• MultiPlan, a provider of data-enabled cost management, payment, and revenue integrity solutions for 700+ healthcare payors announced the acquisition of Benefits Science LLC (BST) for $160M in cash and stock.
• BST was founded in 2012 by a group of MIT-trained experts in data science, including Dimitris Bertsimas, Ph.D., who is recognized as an early pioneer in healthcare analytics and who serves as the company’s chief data scientist. Dr. Bertsimas will continue with BST post-closing. Today, BST’s machine learning algorithms and AI software help about 75,000 employers to predict future risk and manage health plan decisions.
• As part of the acquisition, BST will form the foundation of MultiPlan’s new Data & Decision Science service line by adding new decision analytics and software solutions that intersect with high customer demand and limited competitive offerings.

Acquisition Accelerates Launch of New Data & Decision Science Service Line 

The acquisition of BST strengthens MultiPlan’s foothold in large and fast-growing adjacent markets by unlocking the value of its significant and expanding claims flows for in-network commercial, Medicare Advantage and other government programs, property and casualty, and supplemental insurance markets.

Key products BST brings to MultiPlan’s new Data & Decision Science service line include:

• Price Transparency – a modern self-service software platform jointly developed with MultiPlan that provides prescriptive analytics and applications to help customers benchmark network performance, optimize network design, and improve competitive positioning. In less than a second, the solution can query over 500 billion records of machine-readable payor and provider pricing data now required by regulation to be made public. The solution will aggregate this vast contracted rate information and enrich it with MultiPlan’s extensive proprietary demographic and affiliate data on 1.3 million contracted providers, pricing technology, and deep clinical billing expertise.
• BenInsights – a modern software platform for employers and their consultants that quickly and accurately aggregates a plan’s data and provides highly flexible financial and clinical reporting and decision tools through a self-service software platform. BenInsights also integrates predictive risk modeling and prescriptive analytics and value-added services, such as benefit plan design and optimization.
• Risk Analytics & Insights – solutions that complement existing actuarial-based modeling by applying interpretable risk models, risk scoring, and prescriptive analytics for commercial and government health plans. Among other services, risk scoring can seamlessly attach to MultiPlan’s prepayment claims flows to help identify emergent risks by individual, group, or condition, and prescribe financial and clinical program enhancements across a plan sponsor’s organization.
• Other Market Solutions – a group of software solutions for supplemental insurance carriers and stop loss carriers, including digital claiming, digital underwriting, and targeted selling tools, that help improve plan performance and competitive positioning.

Financial Terms

Under the transaction agreement, MultiPlan will pay a consideration of $160M, comprised of $140.8M in cash and 21.6 million shares of MultiPlan common stock to acquire BST. Additionally, MultiPlan will establish a long-term incentive and retention program pursuant to which BST’s management team is eligible to receive target payments of $66M over three to five years, subject to ongoing service to MultiPlan and to adjustments based on performance relative to annual recurring revenue targets. BST is projected to generate revenues of approximately $16M with breakeven profitability in 2023. MultiPlan expects the acquired company to contribute over $100M of incremental annual revenues within the next several years and to approach corporate-level profit margins at scale.

The COVID-19 pandemic shined a spotlight on the urgent need to modernize the nation’s public health system. Despite success in rapidly developing vaccines, the unprecedented public health emergency also exposed significant gaps in U.S. public health infectious disease data collection and analysis methods which are critical for identifying behavioral risk factors and preventive actions.

The Problem

Unfortunately, inefficiency remains a hallmark of the U.S. public health surveillance system due to the following two lingering issues:

• Disparate data collection systems

The CDC receives data from all 50 states and more than 3,000 local jurisdictions and territories. Hospitals, providers, and laboratories use a variety of systems to collect this data which is then reported to state, city, and local public health agencies. The information is then shared with CDC and other federal agencies. In general, each city, county, and state decide what information is collected, as well as how and when it can be shared with CDC.

What’s more, many current systems rely on disease-specific monitoring and manual data entry, which substantially burdens federal data partners. State and local reports to CDC are often delayed because the systems and data are simply not interoperable.

• Antiquated data-sharing methods

While data is increasingly shared via automated, electronic exchanges, some data is still being sent by fax machines, excel spreadsheets, or even by phone. The CDC encourages standardization, but it lacks the authority to receive data directly without establishing a data use agreement with each state and local jurisdiction. 

As a result, the agency must manually clean the data before conducting the analyses needed to provide an aggregated picture of public health. It can take weeks or even months to share the data with public health authorities, providers, and the scientific community,

The key challenge: how to collect and share information more efficiently so that information turns into actionable insights that can shape important public health decisions?

The Progress

The good news is CDC is leading multiple initiatives to make our public health infrastructure more connected and resilient. The CDC’s Data Modernization Initiative (DMI), launched in 2020, is a multi-year, billion-dollar-plus program to modernize core data monitoring and surveillance infrastructure across the public health ecosystem with the goal of enabling faster, actionable insights to support better decision-making. The recently created Office of Public Health Data, Surveillance and Technology will support this effort.  

Four key actions for fully modernizing the public health data infrastructure, and expanding data collection and sharing are:    

1. Adopt a Scalable, Federated Data Mesh Infrastructure

Today’s network of siloed, disease-specific systems creates significant redundancies and inefficiencies. It cannot scale to support the level of data aggregation, access, and speed public health agencies need. 

A scalable, federated data mesh infrastructure would allow federal agencies to curate high volumes of rich, interoperable data across their ecosystems. They could then accelerate their aggregation and analysis, and in turn, their public warnings and outreach, which are critical for fast-moving threats such as infectious diseases. 

By decentralizing data repositories, a data mesh allows those who are most knowledgeable about their data to control it, namely the public health entities functioning as nodes in a network. Via the mesh, the CDC would engage with electronic health records (EHRs), lab reports, genomic sequencing information, immunization, and other records. State and local agencies would then similarly engage. With CDC defining mesh policies and managing the mesh, data can be ingested, cleaned, standardized, and provisioned for use. 

With such a decentralized information technology architecture, federal agencies could also integrate technology to facilitate HIPAA-compliant patient record matching. This could be achieved without creating bottlenecks typically associated with centralized reporting and dissemination. 

Powered by robust metadata, search features and a centralized data catalog, the mesh would enable authorized personnel to effectively find, access, aggregate, and analyze public health data. This information could also be merged to support the principal guidelines for sharing and managing data adopted by research institutions worldwide, known as the FAIR Principles (Findable, Accessible, Interoperable and Reusable).

2. Protect Privacy 

Protecting the confidentiality of patient health information must be a top priority when modernizing public health infrastructure. The data mesh described above can integrate privacy-preserving record linkage (PPRL) technology which allows for data to be linked across different data sets without exposing individuals’ personal information.

PPRL technology maintains HIPAA compliance while enabling the matching of identifiable patient data without compromising patient privacy and confidentiality. For example, PPRL employs hashing to convert variables such as names, birthdates, and addresses into encrypted tokens that preserve the original values.

Linking data at the patient level enables a comprehensive view of an individual’s health, allowing researchers to answer questions that would otherwise require extensive primary data collection or complex data use agreements.

By integrating PPRL with standardized Fast Healthcare Interoperability Resources (FHIR) data components, public health agencies would be able to ingest and collect data from multiple sources and feed it into scalable analytics and modeling tools.      

3. Expand Data Sources

Currently, limited  EHR and social determinants of health data (such as access to transportation, rates of chronic disease, food insecurity, and crime) are interoperable via the established standard – the United States Core Data for Interoperability (USCDI). This data should be augmented by structured health data which is currently siloed in other agency systems including:

• Geospatial data such as walkability and access to care
• Remote-sensing data, such as wastewater testing and satellite imagery
• Mobility data from smartphones, GPS, and sensors along highways 

By layering additional data from siloed health systems and non-health sources, public health agencies could enrich the baseline USCDI data to gain deep insights. Recent efforts demonstrate the value of multilayered data to track the spread of COVID-19 in wastewater samples across the country, understand the impact of social distancing during the pandemic, and predict obesity rates.     

While encouraging, however, these results are limited in scope. Real-time, actionable surveillance at scale is impossible because of the lack of interoperability across data sources. Alternate approaches that bring more data into public health models and simulations must be pursued.

By extending interoperability and connecting the universe of rich, relevant data, public health agencies could boost the accuracy of prevalence estimates, counter-balance biases in traditional data collection, effectively target control and prevention strategies, and better allocate resources.

4. Harness Intelligent Automation 

Modernizing surveillance systems without burdening the public health workforce is a major challenge.

Public health agencies at all levels face a dire shortage of workers, with roughly 44 percent considering leaving their jobs within the next five years. That’s why public health agencies should adopt intelligent automation tools.

Intelligent automation can significantly improve infectious disease reporting by automating the collection and transfer of relevant health information from EHRs. When a health worker records a particular symptom or disease case in a patient’s EHR, the system could automatically send the data directly to CDC, eliminating current administrative reporting burdens. Improvements in the EHR aren’t limited to public health use – intelligent automation systems can also enhance the care provided to patients and decision support provided to providers.

Intelligent automation systems could also scan and interpret lab reports and clinical notes to uncover disease cases that might otherwise elude health officials, and trigger reports to state and local authorities. Additionally, technology learns and adapts. Powered by artificial intelligence and machine learning, these systems can go beyond simple optical character recognition by leveraging natural language processing to understand context, reduce noise, and improve accuracy.

Conclusion   

With a more modernized data infrastructure, public health leaders will be better equipped to identify and contain outbreaks, understand disease burdens, guide policy changes, evaluate and improve prevention and control strategies, and target research investments. The bottom line: enhanced data collection and analysis capabilities are critical to improving our nation’s public health outcomes.

About Kenyon Crowley

Kenyon Crowley, PhD is the Health Analytics Lead for Accenture Federal Services. Dr. Crowley brings nearly twenty years of health information technology expertise to his role. In his role at Accenture Federal Services, Dr. Crowley will help to accelerate the responsible and ethical use of AI and other advanced analytics tools across the federal health sector to help improve the well-being of all people in the country.

What You Should Know:

• Researchers at the Icahn School of Medicine at Mount Sinai found that applying machine learning models to data collected passively from wearable devices can identify a patient’s degree of resilience and well-being. The study, published in JAMIA Open, supports the use of wearable devices, such as the Apple Watch, to monitor and assess psychological states remotely.
• The researchers note that mental health disorders account for 13 percent of the burden of global disease and that there are disparities in access to mental health care. Therefore, a better understanding of who is at psychological risk and improved means of tracking the impact of psychological interventions are needed. Wearable devices could provide an opportunity to improve access to mental health services for all people. “Wearables provide a means to continually collect information about an individual’s physical state. Our results provide insight into the feasibility of assessing psychological characteristics from this passively collected data,” said first author Robert P. Hirten, MD, Clinical Director, Hasso Plattner Institute for Digital Health at Mount Sinai. “To our knowledge, this is the first study to evaluate whether resilience, a key mental health feature, can be evaluated from devices such as the Apple Watch.”
• The study analyzed data from the Warrior Watch Study, which comprised 329 healthcare workers in New York City who wore an Apple Watch Series 4 or 5 and completed surveys on resilience, optimism, and emotional support. The metrics collected were predictive in identifying resilience or well-being states, supporting the further assessment of psychological characteristics from passively collected wearable data. The researchers intend to evaluate this technique in other patient populations to improve its applicability.
• In essence, the study highlights the potential for wearable devices and machine learning models to monitor and assess psychological states remotely, improving access to mental health services for all people. Further research is needed to refine the algorithm and improve its applicability in a range of physical and psychological disorders and diseases.

What You Should Know:

• Healthcare providers face the difficult challenge of coping with an ever-increasing workload while still providing high-quality patient care and trying to retain their staff. 
• As the CEO of CalmWave, Inc., Ophir Ronen is an expert in both patient outcomes and staff retention who understands the importance of leveraging AI technologies to reduce alarm fatigue and deliver more efficient quiet care. 

Delivering Efficient Care by Reducing Alarm Fatigue

Alarm fatigue is a critical issue that plagues the healthcare industry, particularly in intensive care units (ICUs) and critical care settings. It occurs when healthcare professionals become desensitized to the constant barrage of beeping alarms from medical equipment, which can lead to missed or delayed responses to life-threatening situations. The over-reliance on alarms often results in false alarms, creating a sense of mistrust and a potentially hazardous environment for patients and clinicians. This problem has been exacerbated by the increasing complexity of medical technology and the consequent proliferation of alarms.

 CalmWave, Inc., is an innovative solution that addresses the alarm fatigue problem. By leveraging artificial intelligence and machine learning, CalmWave, Inc., filters out unnecessary alarms and alerts healthcare providers only when it detects critical events, thereby enhancing patient safety and improving clinical outcomes. CalmWave, Inc.’s, technology is highly relevant as it enables clinicians to focus on the most critical patient needs and make more informed decisions, improving the overall quality of care delivered in healthcare settings.

In an interview with HIT Consultant, Mr. Ophir Ronen (CEO CalmWave, Inc.) talks about the importance of AI-driven solutions to alarm fatigue.

How can digital health help healthcare providers balance workloads while still delivering quality care? 

Ophir Ronen, CEO of CalmWave, Inc.: Digital health can revolutionize healthcare by optimizing operations health and streamlining workflows, allowing healthcare providers to balance workloads while maintaining high-quality care. One of the critical aspects of digital health is the ability to leverage and activate the vast amounts of data generated by various systems, such as electronic health records (EHR) and connected devices.

By aggregating medical data from multiple sources, including vital signs, EHR, and clinician attrition data, digital health solutions can help identify optimal clinical workloads. Artificial intelligence (AI) plays a crucial role in analyzing this data to generate objective measures to enhance staffing and workflow efficiency.

Furthermore, digital health can alleviate the burden of non-clinical tasks on healthcare providers by automating these processes. This automation allows clinicians to focus on patient care, ensuring the highest quality outcomes. By optimizing workloads and streamlining processes, digital health enables healthcare providers to work at the top of their licenses, benefiting patients and healthcare systems.

How can AI improve nurse retention and patient outcomes? 

Ronen: AI has the potential to significantly improve nurse retention and patient outcomes by addressing critical challenges faced by healthcare professionals, such as alarm fatigue and non-value-added work. By optimizing medical alarm systems and reducing non-actionable alarms, AI can create a more manageable work environment for nurses, increasing job satisfaction and reducing turnover.

In Intensive Care Units (ICUs) around the world, an overwhelming number of alarms (85-99%) are non-actionable, contributing to alarm fatigue, stress, and patient disturbance. AI can aggregate alarm data from various sources, such as pulse oximeters and blood pressure cuffs, to identify optimal thresholds that minimize non-actionable alarms. As a result, the clinical work environment improves, leading to higher nurse retention, and patients can rest more effectively, enhancing their recovery.

Moreover, AI can help alleviate the burden of non-value-added tasks that clinicians face daily. Nurses often spend a significant portion of their time on non-clinical work, which can contribute to burnout and attrition. By automating these tasks, AI allows nurses to focus on patient care, leading to better job satisfaction and patient outcomes.

An example of AI in action is the CalmWave Operations Health AI Platform. This platform analyzes the constant flow of data from vital signs monitors to provide objective measures of clinical workload. It identifies clinicians at risk of burnout, enabling healthcare leaders to make informed decisions and implement strategies to improve nurse retention.

Given the concerns about clinician burnout, what role does reducing alarm fatigue with data-driven insights have in combating burnout? 

Ronen: Reducing alarm fatigue through data-driven insights is essential in combating clinician burnout and improving patient care. As a significant contributor to stress and cognitive overload, alarm fatigue can negatively impact healthcare providers’ mental well-being and job satisfaction.

AI-based solutions, such as CalmWave, can identify the sources of non-actionable alarms and provide data-driven recommendations for clinicians to make informed decisions. By offering real-time insights, these AI platforms enable healthcare professionals to adjust alarm settings efficiently, ultimately reducing false alarms and creating a more manageable work environment.

Reducing alarm fatigue benefits not only clinicians but also patients. Quieter environments allow patients to rest more comfortably, contributing to faster healing and better overall outcomes. By addressing alarm fatigue, AI solutions can significantly enhance the quality of care and support healthcare providers in their mission to provide the best possible patient care.

What are some of the barriers to implementing AI-driven solutions aimed at combating alarm fatigue and clinician burnout in healthcare settings? 

Ronen: Implementing AI-driven solutions to combat alarm fatigue and clinician burnout in healthcare settings faces several barriers, including organizational complexity, risk aversion, cost, data privacy, and clinical risk concerns. Hospitals, being highly complex systems with multiple stakeholders and priorities, often need extensive testing and proven effectiveness to adopt new technologies.

Despite these challenges, AI-driven solutions like CalmWave’s Operations Health Platform can offer significant benefits in reducing costs, maintaining data security, and improving patient care. By providing objective measures of clinician workload, the platform helps to enhance nurse retention, reducing the financial burden of nurse attrition in hospitals.

CalmWave’s platform is also SOC2 Type II certified, ensuring that data remains secure and protected. Regarding patient care, the platform reduces non-actionable alarms, alleviating alarm fatigue for healthcare providers and creating a more conducive environment for patients to rest and recover.

Current healthcare systems are overwhelmed, understaffed, and under-resourced, making it difficult for clinicians and leadership to explore new solutions. Some AI implementations require lengthy integration processes and extensive training, adding to this challenge. However, CalmWave’s human-centric design philosophy focuses on minimizing implementation complexity, providing just-in-time training, and enabling clinicians to use the platform to optimize care readily. Overcoming these barriers and embracing AI-driven solutions like CalmWave can significantly enhance healthcare delivery and benefit both patients and providers.

What are other promising implementations of AI that can help alleviate clinician burnout? 

Ronen: Several promising AI implementations under development aim to alleviate clinician burnout. One such development involves integrating patient bedside monitoring equipment, allowing AI-driven platforms like CalmWave to analyze data more effectively and ensure better alarm management.

AI can also actively map individual alarms to specific incidents, generating alarms based on the overall incident rather than each individual alarm. This approach reduces alarm fatigue and cognitive overload, creating a more manageable work environment for healthcare professionals.

In addition to bedside monitoring integration, AI can help reduce paperwork burdens by automating documentation processes, freeing up more time for clinicians to focus on patient care. Increasing efficiency in administrative tasks further lowers the risk of burnout among healthcare providers.

AI can also assist in clinical decision support by analyzing large amounts of patient data and providing healthcare professionals with accurate and timely insights for informed decision-making. This enhancement of care quality reduces the cognitive load on clinicians and contributes to decreased burnout and improved job satisfaction.

What impact does ‘quiet care’ have on the patient? 

Ronen: Quiet care promises to revolutionize care for critically ill patients by providing a truly quiet, peaceful, and restful environment in the ICU, something that has been missing since the beginning of continuous patient monitoring. Clinicians once believed that they and their patients had no choice but to tolerate the noise from monitors, but CalmWave technology is changing that perspective.

Other patient populations, such as those in Neonatal Intensive Care Units and Pediatric Intensive Care Units, have already benefited from noise reduction efforts, recognizing the harm noxious stimuli can cause premature infants, newborns, and children. Studies on Labor & Delivery patients have shown that quieter, peaceful laboring environments lead to more relaxed mothers with lower blood pressure, less labor pain, and calmer babies.

Research also indicates that high noise levels, including alarm noise, in ICUs can negatively affect patients’ sleep quality and duration. Insufficient sleep can increase the risk of developing delirium, an altered mental state, with potential long-term effects. Reducing non-actionable noise in ICUs significantly improves patients’ ability to recover, as they can rest and heal properly. Quiet care allows clinicians to provide the best care to patients without distractions from non-actionable alarms, ultimately optimizing patient recovery and outcomes.

It’s a fact: More than 80% of data breaches involve a human in some way. That could involve someone falling for a spear-phishing campaign designed to solicit credentials, clicking on a malicious link, or a simple error that leaves a security vulnerability open to bad actors. Creating a culture of security in your organization will keep security at the forefront of everything from operations to care delivery.

Monitoring and maintaining the security of IT infrastructure is often overemphasized within hospitals and health systems, while the human side of reducing risk is often under-emphasized. And unlike APIs, software, and technology hardware, employees can’t be patched; they can’t be reconfigured; and they can’t be reset after making a mistake.

The answer is training, continual training to help create a culture of security within your hospital or health system. But with so many competing training programs — everything from HIPAA and regulatory compliance to handwashing and job-specific training — it’s difficult to break through the noise and gain traction. But as the average recovery cost for a healthcare organization after a breach has now passed the $10 million mark in 2022, a 40% increase from 2020, the time for definitive action is now.

If a doctor, nurse, or other hospital employee sees a suspicious package in a hallway, chances are good they will alert the physical security department who will take appropriate measures. But what about a suspicious email? Some IT departments don’t want to know, believing it’s just more work for them. But for every potentially damaging email that’s deleted without taking any action, there could be thousands more in waiting. 

The key to creating a mature and robust security awareness program starts with executive leadership support, followed by continual training to reinforce the security message. Across industries, some companies have a dedicated position for security awareness or give an existing IT person some additional duties as a security awareness officer. With continued IT staffing shortages in healthcare, that might not be possible, so consider outsourcing security awareness and training to a vendor well-versed in the unique nature of healthcare.

Some healthcare organizations are minimally training their staff for compliance, hoping it will be sufficient. But minimal training delivered once a year can’t address the dynamic nature of cyber threats, which are continually evolving. As organizations harden their security posture in response to specific threats, new threats emerge that companies may not be aware of.

Two recent emerging threats:

1. Last August, the FBI warned healthcare organizations about a fraud scheme where scammers impersonate law enforcement or government personnel, targeting specific individuals to extort money or steal personally identifiable information. The scammers spoof authentic phone numbers and use names of real security personnel, informing the target they missed a court date and owe a fine or are subject to arrest unless they comply.
   
2. The following month, a new, sophisticated phishing attack was revealed, using multiple fake email accounts to trick a user into believing he/she is part of a conversation among colleagues. Called multi-persona impersonation, multiple interactions take place to convince the target the conversation is real before a malicious link is sent. The “grooming” process can take weeks, underscoring the lengths hackers will go to steal information.

The SANS Institute, a leading authority on cybersecurity training, certifications, and resources, recommends monthly training noting, “Organizations that engage and train their workforce only annually or on an ad hoc basis cannot effectively change behavior and are thus stuck at the compliance level, checking the box.” The information security organization recommends monthly training that’s “communicated engagingly and positively that encourages behavioral change” to help employees understand the importance of cybersecurity so that they will actively recognize, prevent, and report incidents.

Training doesn’t have to be overly formal. Some of the most effective training involves humorous videos depicting fictional hospital employees failing at HIPAA security or allowing someone to openly walk through administrative areas simply because they have an official-looking badge. This kind of training connects with trainees, offering better retention and creating an “a-ha!” moment when they are later faced with a similar situation.

To make it more fun, you might hold a prize drawing among those who report a potential security incident during a certain time period. The key is a constant drumbeat of training that helps create the culture of security that healthcare organizations need.

To build on the training, phishing exercises carried out by your organization’s security group can help gauge the effectiveness of the training. Users who struggle with identifying phishing scams should receive additional training. Phishing training is complex and requires purpose-built tools, such as education software designed to be impactful, but also something employees don’t dread. Phishing education software can also give IT tools to create fake emails, and some vendors provide dashboards or other metrics to determine effectiveness by employee or department. Third-party vendors can also conduct phishing campaigns on behalf of organizations.

It’s recommended that each employee is phished at least once a quarter. Some healthcare organizations phish everyone during a limited time, which can create bottlenecks for IT staff. Consider a drip email campaign of weekly or bi-weekly emails that phish each employee quarterly.

Creating a culture of security is critical for hospitals and health systems, as important as the physical security of network infrastructure, monitoring network traffic, and maintaining a robust software patching program. Given the tight IT workforce environment and competing demands on existing IT staff, outsourcing a managed security awareness and training program might make sense.

About Don Kelly

Don Kelly is the Manager of the Virtual Information Security Program at Fortified Health Security, healthcare’s cybersecurity partner protecting patient data and reducing risk for healthcare organizations. By partnering with healthcare organizations through a host of managed service offerings and technical security solutions.

What You Should Know:

• AmerisourceBergen (AB), a global healthcare company, has announced a strategic partnership with SteadyMD, a B2B telehealth infrastructure provider for the co-creation of a telehealth solution focused on Test to Treat opportunities. The solution is being offered as a pilot to independent community pharmacies across the US.
• In addition to the commercial partnership, AmerisourceBergen has also made a minority investment in SteadyMD through its venture fund AB Health Ventures.

Test to Treat Pilot

AmerisourceBergen’s telehealth solution is being developed to expand the number of Test to Treat services that independent pharmacies can offer to patients. The Test to Treat initiative was launched in 2022 to help provide quick and equitable access to COVID-19 testing and treatment in the early days of infection. The model is intended to provide a seamless patient experience and designed to reach high-risk, underserved populations.

With its telehealth solution, AmerisourceBergen is evaluating the long-term viability of the Test to Treat model for use cases, beyond COVID-19, to improve access to treatment. The pilot program has been launched across a group of 130 independent retail pharmacies, including members of the Good Neighbor Pharmacy network. Over a span of 12 weeks, pilot participants will utilize the SteadyMD platform to provide patients with a quick and accessible Test to Treat option within their pharmacy, at an affordable price. Patients can test for an illness or condition and then, if deemed necessary by a SteadyMD physician, consult with them on demand through the telehealth platform and receive a prescription for treatment.

Pharmacies participating in the telehealth pilot program can use the solution to help patients obtain COVID-19 oral antiviral therapies, as appropriate. AmerisourceBergen and SteadyMD will continuously evaluate opportunities to expand use cases during and after the program.

“The Test to Treat initiative is an important acknowledgement of the role of pharmacists and pharmacies as accessible healthcare providers and destinations,” said Jenni Zilka, Senior Vice President, Good Neighbor Pharmacy Field Programs & Services at AmerisourceBergen. “In order for pharmacies to continue making a sustainable impact on the communities they serve, we need to continue providing them the tools, resources, and authority to provide necessary clinical services, where appropriate. AmerisourceBergen’s exploration of a telehealth solution with SteadyMD to enhance the scope of the Test to Treat model is just one way we’re continuing to support the important role of the pharmacist in the healthcare ecosystem.”

What You Should Know:

• Healthy.io, the global leader in transforming the smartphone camera into a clinical-grade device, raises $50M in a Series D funding round led by Schusterman Family Investments and is joined by Aleph and other existing shareholders. This investment, together with a previously unannounced $45 million February 2022 investment, comprises the company’s Series D.
• The Series D round will support Healthy.io’s expansion across the U.S. market, where Minuteful Kidney™, the company’s clinical-grade kidney test and patient engagement service, has met increased demand from leading health plans, health systems, and kidney care management groups.

Empowering At-Risk Members for Chronic Kidney Disease

As rates of diabetes and hypertension continue to rise across the United States, more Americans are at risk for chronic kidney disease (CKD) but are otherwise untested and unmanaged. CKD is a leading cause of death in the country. Known as a “silent killer,” 90% of the 37 million Americans who have the disease – which disproportionately impacts underserved communities – don’t know they have it and often progress to late-stage CKD or dialysis treatments. Barriers such as a lack of awareness and transportation challenges prevent at-risk Americans from completing recommended testing, a urine albumin-creatinine ratio (uACR) test, that can detect kidney damage. 75 million Americans are recommended to complete uACR testing, yet 80% do not.

The company’s at-home urinalysis services enable providers and healthcare systems to reach high-risk, previously untested members and help close care gaps. Healthy.io partners with leading health insurers and providers to integrate Minuteful Kidney™ in their kidney management programs. Minuteful Kidney™ is marketed commercially across the United States and the United Kingdom and is the first and only FDA-cleared, smartphone-powered, at-home kidney test that allows patients to take the test in the privacy of their homes and receive immediate clinical-grade results. The service removes the barriers associated with traditional lab testing and averts the road to dialysis.

High Adherence Rates

In tests of over 250,000 patients in the U.S. and the U.K., the solution has demonstrated unprecedentedly high adherence rates of up to 50% among previously untested populations. Promoting early diagnosis of CKD can also drastically reduce the skyrocketing costs associated with CKD, which currently costs Medicare $124B a year.

What You Should Know:

• Magenta Medical, the developer of the world’s smallest heart pump, announced today a $55M financing round led by global healthcare investment manager OrbiMed, with participation from existing investors New Enterprise Associates (NEA), Pitango VC, and ALIVE – Israel HealthTech Fund.
• The financing will be used, among other things, to advance the clinical programs of the company’s product in the United States toward its first FDA approval.

Furthering Magenta’s Clinical Programs in Support of FDA Approval For World’s Smallest Heart Pump

Temporary mechanical circulatory support (MCS) is one of the fastest growing markets in interventional cardiology, encompassing devices that aim to augment the output of a failing heart, in the setting of dangerously low blood pressure, while resting the heart and providing a bridge to recovery over a period of hours or days. Existing temporary MCS devices provide limited flow, require an invasive surgical procedure, or both.

Magenta’s percutaneous Left Ventricular Assist Device (pLVAD) is a powerful heart pump that is initially folded, inserted through the groin using a small puncture, and expanded for activation inside the left ventricle. The flow of the pump is adjusted based on the clinical circumstances of the patient, up to the entire cardiac output, allowing the heart to rest and the patient to recover. Once the Magenta technology is approved, physicians will be able to rely on a single device to treat the full range of MCS patients, thus eliminating the need to escalate therapy to a new device and subject the patient to unnecessary and invasive replacement procedures.

“Magenta is proud to add OrbiMed to its growing roster of leading MedTech investors as a highly reputable partner for innovative medical device companies,” said Dr. David Israeli, CEO of Magenta Medical. “I am confident that together we can build an organization well-equipped to bring to the market high-impact technology that can potentially address multiple unmet needs in the general cardiology patient population, as well as in many under-served patient groups.”

The potential advantages of Magenta’s high-flow, low-profile device were recognized by the US FDA, resulting in Breakthrough Device Designation for two indications: high-risk percutaneous coronary intervention (HR-PCI) and cardiogenic shock (CS). Magenta successfully completed a HR-PCI first-in-human (FIH) study in Tbilisi, Georgia, the results of which were presented at the recent 2022 Transcatheter Cardiovascular Therapeutics (TCT) conference in Boston, MA, by Dr. Duane Pinto of Beth Israel Deaconess Medical Center and Harvard Medical School. Building on this experience, Magenta is now preparing to launch its clinical programs in the US, starting with an imminent HR-PCI Early Feasibility Study.

The healthcare workforce is in crisis. From devastating staffing shortages to unmanageable levels of stress and burnout, today’s healthcare workers are desperate for some relief. Unfortunately, exacerbating these already significant challenges is an increasing rate of workplace violence in healthcare. 

According to the results of a study published recently in the American Journal of Preventive Medicine, about one-third of public healthcare workers have experienced at least one incident of workplace violence during the COVID-19 pandemic. And that’s just one of many reports that demonstrate the severity of the issue. 

There are some very important things that can be done to better protect healthcare workers, but at the top of that list should be elevating workplace safety to a key performance indicator (KPI) for healthcare systems. Unless there is a top-down focus on this issue, healthcare workers will continue to be putting themselves in danger simply by going to work and attempting to provide care to the people most who, according to a study in the Annals of Medicine and Surgery,  are most likely to engage in violence against them.

Nobody outside healthcare knows how bad it’s gotten

Although workplace violence in healthcare is an issue for all types of healthcare workers, it is most often nurses who bear the brunt of workplace violence. Last year, a Press Ganey analysis surprised many, stating that an average of 57 nurses are assaulted every day — that’s about 2 every hour. While terrifying incidents of shootings may make the news, every day, all across the United States (and the world), nurses are punched, spit on, kicked, and otherwise harassed. 

Too often, this is considered just “part of the job.” When examining nonfatal workplace injuries and illnesses across all sectors, healthcare workers account for about three-quarters of all incidents, according to the Bureau of Labor Statistics. Such incidents have certainly increased since the onset of the COVID-19 pandemic, but violence against healthcare workers was already trending upwards, with the rate of injuries related to workplace violence perpetrated against medical professionals growing by 63% between 2011 and 2018.

 The importance of leadership involvement in preventing hospital incivility and violence 

Leaders play a pivotal role in preventing hospital incivility and violence by sending a clear message that certain behaviors are not acceptable and will not be tolerated in the workplace. In nearly every other industry, individuals who display threatening or inappropriate behavior are removed from the workplace. However, in the healthcare industry, healthcare workers cannot simply send badly behaving patients home. Instead, leaders must develop systems and protocols to ensure the safety of everyone.

Leaders can implement policies and procedures that promote a safe and respectful workplace. For example, they can provide training for staff members on how to recognize and de-escalate potentially violent situations. This training can include techniques for communicating with agitated or aggressive patients, as well as strategies for diffusing tense situations before they escalate into violence. Leaders can also develop escalation plans that outline clear steps for dealing with violent or disruptive behavior, such as calling security or involving law enforcement.

Additionally, leaders can establish reporting systems for incidents of violence or incivility. These systems encourage staff members to report incidents without fear of retaliation and provide a clear and consistent process for addressing reports of violence or incivility. Leaders can ensure all staff members are aware of these reporting systems and that they understand the importance of reporting incidents in a timely and accurate manner.

By prioritizing workplace safety and taking an active role in preventing incivility and violence, leaders not only create a safer workplace for staff and patients but also foster a more positive work environment where employees feel valued and supported. This, in turn, can lead to increased job satisfaction, reduced turnover rates, and improved patient outcomes. 

How Digital Technology can Help

Mitigating workplace violence is not a one-and-done initiative. It is something that healthcare organizations must consciously address every day, and no single intervention or policy will solve the issue. However, digital engagement technology has the potential to improve communication between patients and the care team (and among the care team) and increase transparency around activities related to a patient’s care, giving them more insight into what is happening around them, which can help to prevent violent incidents. 

Digital health technology, via either TVs or mobile devices, can be used to provide clear prompts to patients and their families, clearly communicating that any physical or verbal violence or abuse will not be tolerated. This same technology can be used throughout the facility or specifically on high-risk units to communicate when a patient is displaying violent behavior. 

Digital signage can also be used to indicate a room where there is a potentially aggressive or violent patient, and facility-wide alerts can be sent to communicate to entire floors or units when there is an issue. These tools can be customized to hospital codes so that all staff members quickly and easily know what they should do in the event of a violent incident.    

The healthcare industry needs outside support to prevent workplace violence 

Despite advancements in digital technology and tools for healthcare workers, the issue of workplace violence remains a pressing concern for healthcare professionals. Nearly a year ago, thousands of nurses marched in Washington, D.C., asking for changes to nurse-to-patient ratios, the staffing shortage, and workplace violence. And before that, Democratic Representative Joe Courtney introduced H.R. 1195, the Workplace Violence Prevention for Health Care and Social Service Workers Act, aimed at putting processes around workplace safety. Under the act, any company, facility, or organization to employs healthcare or social service workers would be required to:

• Conduct a risk assessment 
• Develop and implement a prevention plan
• Ensure all employees receive workplace violence prevention training 
• Investigate all occurrences of workplace violence 

But the bill, which has been passed by the House of Representatives, has stalled in the Senate–

despite support from the American Nurses Association and National Nurses United, the nation’s largest nurses union. 

The bottom line is that we must  do better by nurses and other healthcare workers. We have the digital technology and tools to arm them with better ways to communicate with patients and with each other. But we need understanding and support from executive leaders. Leaders have an opportunity that is powered to a meaningful degree by technology yet centered on human connection and one that explicitly rejects the notion that violence and safety threats are “part of the job.” It is incumbent upon healthcare executives to elevate the safety of the care environment to the top of their organization’s system-wide strategic plan and make it a key performance indicator for leaders at all levels. 

About Katherine Virkstis
Katherine Virkstis is Vice President of Clinical Advisory Services, at Get Well where she leads the company’s nursing and clinical vision. Katherine has worked with hundreds of executive teams at healthcare organizations in more than 50 countries and is trained as a primary care physician.

References:

1. https://www.ajpmonline.org/article/S0749-3797(22)00507-4/fulltext
2.  https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9206999/
3. https://www.bls.gov/iif/home.htm
4. https://www.pressganey.com/platform/ndnqi/
5. https://www.congress.gov/bill/117th-congress/house-bill/1195/text

What You Should Know:

• Innovaccer Inc. announced that Emcara Health, PopHealthCare’s national value-based medical group that delivers advanced in-home primary care for seniors and vulnerable populations, has selected Innovaccer’s Best in KLAS data platform to accelerate its ability to drive growth and rapidly scale Emcara Health’s integrated care solution to more communities nationwide.
• The Innovaccer data platform will enhance Emcara Health’s ability to create unified patient records that provide a 360-degree holistic view of patients by integrating data from myriad EHRs, HIT systems, and third-party community data (such as SDoH). Interoperable, EHR-agnostic physician engagement will further providers’ efforts to close coding and care gaps at the point of care and make informed decisions that drive better clinical outcomes. 
• Data-driven, customizable TCM protocols will help ensure effective care coordination with automated transitional and chronic care management for at-risk and rising-risk populations.

What You Should Know:

– MedCrypt, Inc., a proactive cybersecurity solutions provider for medical device manufacturers, announced its financing of the School of Engineering for a Tufts University fellowship program that will support research focusing on the investigation of medical device security and threat modeling.

– MedCrypt acknowledges the vital role that evidence-based security practices play in the MedTech industry and recognizes the need to address the existing gaps. Additionally, the organization encourages research initiatives that drive the industry forward. By taking a hypothesis-driven approach, the findings from this research fellowship could inform sustainable, scalable advances in medical device security processes.

– This is not only beneficial but also necessary, as the FDA relies on threat modeling to generate evidence that medical devices have been built with security in mind. Threat modeling artifacts are used to conduct safety risk assessments, which then inform vulnerability surveillance for products in the field.

John Erwin, CEO of Carenet Health

I was pleased with the robust turnout at HIMSS this year; it does seem like the healthcare industry is making up for the lost time from the pandemic. The topics that dominated the conference included teasing out the nuanced approach to safely deploying Chat GPT/AI into the industry (and when not to), health equity, and the patient journey. Workforce burnout continues to be a major issue in healthcare, though I think we could have spent even more time discussing solutions here, given its profound impact on every aspect and stakeholder of the care continuum. While this is not a new phenomenon, it is certainly the biggest challenge to the industry currently. Current policies will have to evolve to ensure job stability and staffing for healthcare, which is where the innovative use of AI and technology can bridge the gaps. 

Adam Mariano, President & General Manager of Healthcare, LexisNexis Risk Solutions:

The big opportunity at HIMSS this year is that everyone is finally talking about social determinants of health, bias in care and health disparities in a way that is not just theoretical but is actually ‘let’s take action’. I’m really pleased to see lots of our partners, competitors,  providers, payers, life science folks really engaged and willing to participate in these types of conversations this year.

Kimberly O’Loughlin, CEO of HRS

HIMSS is always an energizing event. It’s a wonderful venue to connect with customers, be inspired by what others are doing, and share stories and ideas for innovation. It was especially meaningful to have our customers present the wonderful results they are achieving by leveraging our remote patient monitoring and care platform. 

Solutions providers who can provide turn-key capabilities and wrap-around services and be true partners with clients are what is needed. The only way we are going to enable real performance improvements and address critical issues like clinician shortages and burnout is if we simplify and streamline workflows for clinicians. Artificial intelligence/machine learning and the power of what it can do was another key topic of discussion at HIMSS. We are excited about what it can bring to remote care delivery to drive patient engagement, improved outcomes, and clinical workflow efficiencies to even higher levels.

BJ Schaknowski, CEO at symplr

The potential to save on streamlined architecture was a significant theme at HIMSS this year. Many agreed that hospitals are only taking advantage of a small percentage of the multi-million-dollar systems available to them. And as financial pressures increase, healthcare leaders are implementing more deliberate decision-making to better leverage vendor partnerships and optimize software purchases. Spending is focused on enterprise-wide solutions as opposed to best-in-breed and price sensitivity is a major factor in software purchasing. 

Nicole Rogas, President at symplr

Health equity was a cornerstone of conversation this year at HIMSS, and rightfully so. Together, as healthcare vendors and providers, we need to come together to provide a solution. Every person should have access to care, regardless of race, ethnicity, age, socio-economic status, etc. Organizations emphasized the potential for digital health to bridge the health equity gap by increasing access for patients and eliminating barriers to care. In support of health equity initiatives, interoperability remains top of mind for industry leaders. When health equity is a key objective in data strategies amongst providers and vendors we can develop and deliver solutions that pave the way toward more equitable care, improving health outcomes, and reducing health disparities.