Topics
Reimbursement
Proposed inpatient payment rates 'woefully inadequate' AHA says
Proposed inpatient payment rates 'woefully inadequate' AHA says
Revenue Cycle Management
Enhancing preventive care with accessibility and technology
Enhancing preventive care with accessibility and technology
Strategic Planning
Intermountain Health spinoff Culmination Bio announces partnership 
Intermountain spinoff Culmination Bio announces partnership 
Capital Finance
Tech investment must bring value to care delivery
Tech investment must bring value to care delivery
Supply Chain
HIMSSCast: Embrace technology to replace the mundane tasks
HIMSSCast: Embrace technology to replace the mundane tasks
Accounting & Financial Management
Humana's 2025 earnings, pricing decisions and membership may take hit from MA rate notice
Humana's 2025 earnings, pricing decisions may take hit from MA rate notice
Budgeting
Insurers likely to pay $1.1 billion in rebates this fall
Insurers likely to pay $1.1 billion in rebates this fall
Quality and Safety
J.D. Power: Digital health insurance channels lack engagement
Study: Digital health insurance channels lacking
Billing and Collections
No Surprises Act implementation coincided with in-network claims growth
NSA implementation coincided with in-network claims growth
Claims Processing
UnitedHealth's 'band-aid' payment for Change disruption falls short, hospitals say
UnitedHealth's 'band-aid' payment falls short, hospitals say
Workforce
HIMSSCast: The need for home care continues
HIMSSCast: The need for home care continues
Operations
HHS seeks input from payers on Change cyberattack response
HHS seeks input from payers on Change cyberattack response
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Henry Ford, Michigan State research center to be built for $335 million
Henry Ford, MSU research center to be built for $335M
Compliance & Legal
MGMA wants Change to take responsibility for HIPAA breach notifications
MGMA wants Change to take responsibility for HIPAA breach notifications
Policy and Legislation
HIMSSCast: Revolutionizing the Medicare program 
HIMSSCast: Revolutionizing Medicare 
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
Moving beyond financial incentives to engage specialists in ACOs
Moving beyond financial incentives to engage specialists in ACOs
Acute Care
Acute Hospital Care at Home data released 
Acute Hospital Care at Home data released 
Ambulatory Care
U.S. trails other countries in primary care access
U.S. trails other countries in primary care access
Analytics
Children's Hospital Colorado creates analytics resource center
Children's Hospital Colorado creates analytics resource center
Business Intelligence
Racial disparities put further strain on primary care
Racial disparities further strain primary care
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
CMS overhauls meaningful use EHR program, renames it 'Promoting Interoperability'
CMS overhauls meaningful use as 'Promoting Interoperability'
Medicare & Medicaid
CMS releases rules on wait times and payment standards in Medicaid
CMS releases rules on wait times and payment standards in Medicaid
Patient Engagement
Commonwealth Fund creates employer-based health insurance task force
Commonwealth Fund creates health insurance task force
Pharmacy
Walgreens expands specialty pharmacy and investment in gene therapy
Walgreens expands specialty pharmacy and investment in gene therapy
Population Health
CDC warns clinicians to look out for bird flu cases
CDC warns clinicians to look out for bird flu cases
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth equity key to addressing digital gaps
Telehealth equity key to addressing digital gaps
Mergers & Acquisitions
Novant Health and CHS counter FTC bid to block hospital deal
Novant Health and CHS counter FTC bid to block hospital deal
View more
Dec 10, 2019 More on Strategic Planning

Machine learning, AI, telemedicine and other technologies will pose data security risks, says Dr. John Halamka

While the shift is necessary, the transition period will likely see hackers targeting newly vulnerable information, said Halamka.

Jeff Lagasse, Editor

BOSTON, Mass. - Healthcare is at the cusp of transformative change, and in few areas is this more manifest than in data security, with the next several years seeing the accelerated proliferation of aggregated data, machine learning, telemedicine and heath-enabled mobile devices. There's great opportunity here, but also more risk, as hackers and malicious actors will have new targets in the war for data.

Delivering a keynote address at the Healthcare Security Forum in Boston on Tuesday, Dr. John Halamka, the newly-named president of the digital health initiative Mayo Clinic Platform, said more data is being used for more purposes by more people -- and healthcare will have its work cut out for it in order to be ready.

The problem of data aggregation in particular is that it begets the need for cloud storage, which potentially makes data more exposed. Currently, companies like Google and Microsoft -- which can have upwards of 5,000 data security professionals on the task -- are better at handling aggregated data than the typical health system, which by comparison may have a dozen or so people assigned to be stewards of digital patient information.

That means a significant migration of data to the cloud, but that presents problems of its own.

"How do you lock it at night? I worry about the loss of control," said Halamka.

One of the headaches with which healthcare will grapple is that, as the cloud migration takes place, 80% of an organization's security training isn't as relevant because it will now be dealing with different dashboards and control mechanisms. Professionals will be operating in a completely new environment.

With hackers getting more sophisticated, this transitional data limbo could leave a window open for data thieves.

"If a hacker is going to go after large amounts of data sets, are they going after Fort Knox, or a cardboard box? They're going after the cardboard box," Halamka said. "This is one of our main concerns about the migration to the cloud."

The advent of machine learning, he said, won't mean that doctors get replaced. Rather, the technology will handle more prosaic tasks, and this will prove especially useful for providers trying to reduce medical expenses by harnessing the technology to augment human decision-making. The endgame is more personalized precision medicine, but that leaves the door open for more risk as well.

"If we're now dependent on machine learning and AI, what happens when the AI is corrupted? What if an adversary wants to pollute my data set, and I end up with an algorithm that's not set for purpose? These are things we have to start to consider," Halamka said.

The spread of telemedicine and health-enabled mobile devices is signaling further change in healthcare, and while conveniences abound -- allowing patients to avoid unnecessary emergency room trips, for example, and send high-resolution images to providers -- that also introduces new security concerns, as many of these devices lack robust security protections. Among the concerns are malware and denial of service, especially if hackers gain access to APIs.

Perhaps one of the trickiest data security issues causing consternation among healthcare IT professionals is the increasing need for interoperability, especially as payment models transition from fee-for-service to a value-based framework.

"It used to be (that) you could have information silos, where data is an asset," Halamka said. "In a value-based purchasing world, that's not the case. An MRI used to be a moneymaker. Now it's a cost. We want more and more data liquidity if we're going to survive in a value-based world."

Massachusetts may have a possible model for the future. It has enacted rules creating a credentialing program dictating what constitutes a good data steward. If a company has gone through a certification program and can prove to the state that it has strong security controls, training and all the rest, it will be allowed to play what Halamka called "the interoperability game."

"It's important for organizations because we are as weak as the weakest link we share," he said.

While these are but some of the considerations facing healthcare professionals over the next several years, health systems and providers will have to assume some level of risk to survive.

"It's really hard to fundamentally change your infrastructure while maintaining reliability and security," said Halamka. "We won't be fully equipped to do this over the next five years. … Regardless of your politics and your belief in Obamacare and the ACA, the move to value instead of fee-for-service is the trajectory of healthcare in this country. That is where we're going to go."

Twitter: @JELagasse

Email the writer: jeff.lagasse@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.