Tag Archives: healthcare

How Synthetic Data Aids in Healthcare

Finance and insurance companies have been leveraging synthetic data for many years to improve their workflows while ensuring information confidentiality. With the COVID-19 pandemic, scientists who are striving to find ways to combat the virus have considered synthetic data. How can this technology be of use in healthcare, and how does it help to cope with the pandemic?

What Synthetic Data Is

Without going into convoluted definitions, synthetic data is artificially generated data. It is similar to real data but doesn’t copy it. Synthetic data is generated automatically with the help of dedicated algorithms. It can be in the form of text, video, image, audio or information from tables. 

Synthetic data can be applied in various areas. Waymo uses it to train its driverless cars. American Express uses artificially generated financial information to improve its fraud detection system. Synthetic data helps companies calculate risk accurately while protecting real customers’ data. The OpenAI team has taught the language model GPT-3 to compose texts similar to those that a human would write. A program belonging to Nvidia creates photos of people based on images of real individuals.  

In healthcare, using synthetic data means that important analysis can be done without associating particular people with their medical records. After the outbreak of the coronavirus pandemic, the need for applying such data in healthcare has increased. 

Synthetic Data in Healthcare

Secure data exchange is one of the major concerns in healthcare. According to the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA), any confidential information can’t be disclosed without the consent of the person it belongs to.

Information from patient records must be stored and transferred securely Using the data without specifying the name of the patient is prohibited, too, as it is possible to identify an individual based on the data set. 

That’s why it is more lawful and secure for researchers to create synthetic data as they conduct studies crucial for humanity. Prototypes of training software for machine learning models are trained with synthetic data so they can work with real patient data later. Developers don’t have access to the real information — they can’t read it, extract it from software or use it in any other way.

See also: Avoiding Data Breaches in Healthcare

How Synthetic Data Is Generated

If the true patient is not at risk of being identified, information from real medical records can serve as the basis of synthetic data, though joint case records are much more commonly used. There is also the sort of approach that Mitre offers via Synthea, an open-source tool that allows for creating fictional patients based on publicly available information: scientific research data, disease statistics, demographics and so on. Although the generated dataset is not as reliable as “fakes” of the real medical records, the platform continues to be improved under the auspices of the U.S. government.

Although synthetic data is not suitable for studying real diseases and treatment methods, it can be the basis for the development of applications that allow for using real data without breaking the law. 

Thus, synthetic data opens access to research and development of new technologies in healthcare. 

Practical Applications of Synthetic Data 

Soon after the pandemic outbreak, Israeli scientists began testing synthetic data technology based on EMRs from the last 20 years. Sheba Medical Center — the country’s largest hospital — used the MDClone platform to synthesize the data of its coronavirus patients.

The healthcare facility invited analysts who collected all the information about the virus from the data set. The result of the cooperation of medical researchers and software developers was an algorithm that helps the hospital staff decide when to prescribe medications or when inpatient treatment is needed. 

The software allowed Sheba Medical Center to combine the data from its EMRs with the data belonging to another Israeli healthcare facility — Maccabi HealthCare Services. This provided scientists with a broad view of the course of the individual disease, helping estimate coronavirus outcomes for each person. Without synthetic data technology, the project would have taken much longer as permission to use confidential information would have been required.

Of course, medical scientists can’t rely solely on synthetic data in their research, but the data lets them easily analyze an unlimited number of hypotheses that can lead to significant time savings during the approval of new drugs for real patients.

See also: Wake-Up Call on Ransomware

Although some data security experts doubt that synthetic data in healthcare can ensure patients’ anonymity, this data is extremely useful in prognostications, survival analysis, clinical trials, decision-making and more. Such technologies will accelerate innovation in healthcare while helping scientists comply with legislation. 

20 Issues to Watch in 2021

Out Front Ideas with Kimberly and Mark kicks off every year with our popular 20 Issues to Watch webinar. While there are certainly more than 20 issues to discuss after the unprecedented events of 2020, we focused on the high-impact issues relating to workers’ compensation, healthcare and risk management. These are all important issues for every risk manager and insurance professional to monitor in 2021. 

1. Healthcare Watch

President Biden’s healthcare plan has been referred to as ACA 2.0, as his approach is expected to build on the Affordable Care Act. As a longtime supporter of public options, President Biden will likely give consumers access to Medicare-style health plans, along with an option to continue private insurance. In keeping with the ACA, expect to see the return of the individual mandate and associated penalty removed in 2017.

For most of 2020, there was a significant decrease in employer healthcare spending due to limited in-person care caused by COVID-19. Many employers spent less than in 2019, with average savings around .5% to 2%. Ambulatory care settings and hospital admissions accounted for the largest areas of decreased spending. However, pharmaceutical costs, as projected, increased roughly 6% due to the pandemic. 

Telehealth continues to rise in popularity, with its ever-increasing accessibility. Its long-term use remains unknown due to dependence on government regulations, but expect its continued use in the short term from health providers accustomed to its use. 

2. Political Polarization

With Democrats holding a narrow majority in the House and controlling the split Senate, it is uncertain whether there will be a sweeping or incremental change, especially because President Biden has historically been a political moderate. The secretary of Labor nominee, Marty Walsh, was a former union leader and strong supporter of organized labor, so expect potential Department of Labor policy changes, especially in Occupational Safety and Health Administration (OSHA) enforcement and independent contractor classification.

Political polarization has created continued conflicts for much of our history. There is much work to be done to restore public trust, reduce conflicts and provide a better path forward for our country. 

3. COVID-19 Vaccine Considerations for Employers

Employers are currently assessing their options for requiring employee vaccinations. While employers that primarily have employees working from home have fewer concerns than those working directly with the public, all employers have questions regarding a mandatory vaccine policy. Updated Equal Employment Opportunity Commission (EEOC) guidelines published Dec. 16 state that employers can require workers to be vaccinated, with some limitations, including:

  • Title VII religious exemptions
  • Americans with Disabilities Act accommodations 
  • Any additional rights that apply to either EEO laws or federal, state and local authorities

Like all employment law, expect there may be litigation over employer mandates to require the vaccine. In developing policies, employers will be considering not only their workforce but the expectations from the general public they interact with. 

4. Supply Chain Diversification

COVID-19 caused significant disruption in the U.S. drug supply chain because 80% of the necessary components used in pharmaceutical manufacturing for the country come from China and India. China is also responsible for around 80% of the essential elements used in personal protective equipment (PPE), leading to a shortage during the start of the pandemic. 

These supply chain disruptions were widespread and illustrated the need to diversify sources and not rely on imported goods for critical components. Diversification will make companies more resilient to unexpected events such as natural disasters, political unrest, trade sanctions and other pandemics. 

5. Public Health Policy

Over the decades, public health achievements have included childhood vaccination programs, fluoridation of drinking water and the global commitment to eradicating HIV/AIDS. There are many public health services we should be able to rely on, including preparedness and response capabilities, addressing and diagnosing health hazards, informing and educating the public and strengthening and mobilizing communities, to name a few.

However, a lack of coordination between the federal government and state public health officials led to poor planning and response to the pandemic. Successful public health initiatives rely on people’s trust in public health, but poor communication, mixed messaging and inconsistency in applications and expectations only furthered challenges. 

Public health in the U.S. has generally struggled to make a clear and compelling case for prevention and non-medical approaches to health and well-being. Public health would benefit from leaders focusing on building trust and connecting with communities’ shared values, inspiring participation and active listening.

See also: Don’t Go Into Recovery Mode in 2021; Reset

6. COVID-19 Claims Development

The workers’ compensation industry has seen tens of thousands of COVID-19 claims. According to industry data, the vast majority of those claims are small, with average paid figures just over $1,000. However, the industry has also seen many claims over $1 million incurred on cases that resulted in death or had an extended ICU hospitalization. There could be additional development on these claims as long-term health consequences from COVID-19 become apparent.  

Businesses are seeing COVID-19 related litigation in other areas, including business interruption, employers’ liability, general liability, employment practices liability and even directors and officers coverage.

7. Evolving Employee Benefits

In 2021, expect more employer emphasis on addressing mental health and well-being in the workplace. There are more employer offerings with telehealth’s continued use, like mental health apps and videos with on-demand options. The Center for Workplace Mental Health provides a wealth of employer support for workplace well-being, like the new program Notice. Talk. Act, which offers training for company leaders to improve their understanding of mental health on employees and the organization.

Understanding financial health is a primary concern for employees across the country because the pandemic left many unemployed. Many employers have partnered with their 401K providers to provide webinars and online tools to assist their employees with budgeting and forecasting expenses. Group health solutions are also assisting employees in better understanding copays, deductibles and high-quality care options, ultimately driving down costs and improving healing times.

Flexible work schedules and time away programs are being altered for 2021. Split schedules or starting earlier or later are options many employers are adopting as workers are challenged with their children’s online learning needs or caregiving opportunities. Additionally, the pandemic has caused financial problems for many, adding to stress and anxiety for workers. Allowing and encouraging time away from work is necessary to create a healthier, more productive workforce.

8. Redefining Workers’ Compensation

Presumptions for COVID-19 are just the latest example of how workers’ compensation continues to expand beyond its original design of covering only traumatic accidents in the workplace. As more conditions and diseases are deemed work-related, and more presumption laws are passed, the line between workers’ compensation and group health continues to blur. 

9. COVID-19 as a Comorbidity

While we still know very little about the long-term effects of COVID-19, we know that there is an increasing number of patients experiencing new symptoms months after recovery. These symptoms range from blood clots to neurological symptoms, like brain fog and confusion, to continued respiratory challenges, like shortness of breath. There have also been reported psychosocial effects like anxiety, hopelessness, depression and post-traumatic stress disorder (PTSD), especially in healthcare workers and ICU patients. 

If a large percentage of COVID-19 patients develop long-term physical and mental side effects from the disease, it could increase claims for years to come and even have the potential to be comparable to existing comorbidities such as obesity or diabetes. 

10. Post-COVID-19 Analytics and Benchmarking

The insurance industry and risk managers rely heavily on actuarial models and benchmarks to analyze performance and predict future exposures. One of the core assumptions of analytics and benchmarking is that most analysis components are under conditions similar to the past. However, the pandemic introduced several variables into the analysis that raise questions about the validity of those models in the future. 

In workers’ compensation, frequency models have been disrupted, and there have been delays in medical treatment, litigation and return to work. Carriers are also having to develop new risk models that take into account the potential impact of future pandemics.

11. Employers Addressing Caregiving

Caregiving challenges were mounting for employers in advance of the pandemic. They were magnified because of work from home, school closures, after-school programs, day care and elder care programs. Supporting employees who are also caregivers means first understanding the impact of caregiving on your workforce, then implementing policies, programs and benefits that offer them tools to assist. These may include offerings to support balancing work and caregiving and case management support to coordinate or find caregivers. Employers that are advancing programs such as these use employee peer groups to partner with human resources and business leaders to create programs and offer a feedback loop regarding effectiveness.

12. Expanding Regulatory Burden

Amid the pandemic, regulators released new regulations regarding claims reporting, COVID-19 tracking, premium collection and job classifications. Systems had to be modified to collect the latest information, and already stretched resources needed to adjust to fulfill these additional requirements. 

All these regulatory changes were made with little input from stakeholders, and the increased requirements added additional administrative costs for everyone involved, including employers, third-party administrators (TPAs) and carriers. Temporary emergency rules and regulations are continually expanding and show no signs of letting up.

13. Workforce Evolution

Companies have adjusted their approach when addressing performance, productivity and workplace safety after a major shift to work from home in March 2020. Employee engagement and technology were just a few of the many impacts of this shift. Social distancing and office redesign coupled with consistent communication have proven successful for companies that brought their employees back to the office full- or part-time.

For companies opting to continue work from home policies, there are many unanswered questions regarding when to bring employees back. Whether or not employees are comfortable returning, if vaccines will be mandated or even just waiting until the surge subsides are all considerations for a potential return to the office. Regardless of when return to work becomes a viable option, expect the expansion of remote work opportunities post-pandemic.

14. Economic Recovery

The pandemic has caused significant unemployment increases, with lower-wage workers in service industries being affected the most. Brick-and-mortar retailers were already struggling before the pandemic, and 29 major retailers closed more than 10,000 stores nationwide in 2020. Industries like travel and hospitality are not expecting to see 2019 revenues return until at least 2022. Because these industries rely heavily on business travel, there may never be a full return, as companies are reevaluating the necessity of travel expenses.

While government aid packages could be expanded, they are a temporary fix. Ultimately, the economy will not fully recover until we get people back to work, meaning there will need to be widespread vaccine distribution, removal of government restrictions and new job opportunities for permanently displaced employees.

15. Insurance Innovation

New models for claims processing, including automation, will continue to emerge in 2021 and 2022, widening the gap between the innovators and legacy providers. The consumer journey and engagement will begin to evolve in a material way, driving on-demand tools and solutions. With an added emphasis on customer experience, organizations must rethink their design around support models to assist with consumer education, planning, decision-making and coordination of services. 

With the advancement of technology and the emergence of models not offered previously, expect pricing models to be adjusted. Early adopters wanting to engage in new models will help shape the learnings and performance of the innovation and engage in transparent discussions around value and pricing.

See also: 2021, We Can’t Wait to Get Going!

16. Insurance Market Challenges

In 2020, businesses saw significant price increases across multiple lines of coverage and carriers reducing policy limits in an attempt to reduce their exposure to losses that have been both historic and difficult to predict. Reinsurers reported significant price increases for 1/1 renewals with contract language changed to eliminate ambiguity around underwriting intent and reinforce exclusions. Exclusion of pandemic losses from workers’ compensation treaties means carriers will not have reinsurance available for those losses.

Workers’ compensation is the one line of commercial insurance that has been relatively stable in the last year. Due to drops in employer payroll, overall premiums and claims dropped in 2020. Several factors are putting pressure on carriers to adjust pricing, including historically low interest rates that lower carrier investment income and discounting on long-term claim payouts. There are also significant differences between the guaranteed cost market, which is drive by claim frequency, and the retention market, which is driven by claim severity. The costs of catastrophic injury claims has continued to climb at rates well above medical inflation.  

Risk managers should expect more of the same this year. As losses continue to grow in multiple lines of coverage, carriers are trying to find the correct pricing to make these lines profitable. Additionally, coverage gaps are developing as carriers tighten up policy language to avoid unintended claims. For example, many policies and reinsurance contracts added tight exclusions for infectious diseases, excluding coverage for conditions like Legionnaires disease, which had been previously available.

17. Cyber Risks

Deepfake videos, increased phishing and ransomware attacks and more vulnerable remote workforces have all contributed to record cyber threats. Any vulnerabilities could leave an organization open to million-dollar ransoms, data leaks and irreparable reputation damage. As hackers become more sophisticated and organized, it is vital to remain vigilant, and training employees cannot be overlooked.

18. Public Sector Challenges

The economic recession caused by the pandemic resulted in municipalities receiving significantly lower tax revenues from areas like sales tax, hotel taxes and income taxes. The public sector faced increased costs from public health expenses and the costs associated with operating in a pandemic environment. Additionally, civil unrest and riots in larger cities resulted in billions of dollars in public property damage and thousands of injuries to law enforcement officers. 

Law enforcement agencies face additional challenges due to decreased staffing and recruiting and an increase in retirements. Amid all of these obstacles, pensions remain significantly underfunded, and, as retirements accelerate, these pensions could run out. Ultimately, the events of 2020 will increase the costs faced by public entities, which will increase the burden on taxpayers to pay for all these costs.  

19. Lessons on Industry Engagement

In 2020, most conferences evolved to host their first virtual events. While many industry stakeholders have voiced concern with virtual fatigue and are anxious to get back to in-person events, the value of conferences before the pandemic is in question. As companies have adapted to online certifications, prospecting virtually and partnering with clients outside of these events, organizations question the return on investment of these conferences. While there will be a return to in-person events eventually, expect to see smaller booths, fewer attendees and a larger focus on local and regional participation. 

20. Litigation Management

Pandemic restrictions have forced courts across the country to postpone significant portions of their dockets, causing delays in litigation in both workers’ compensation administrative courts and civil litigation. These delays can cause claims exposures to escalate along with administrative costs associated with the litigation. In dealing with these delays, it may be best to be selective about what is litigated. 

To listen to the archive of our complete Issues to Watch webinar, please visit https://www.outfrontideas.com/. Follow @outfrontideas on Twitter and Out Front Ideas with Kimberly and Mark on LinkedIn for more information about coming events and webinars.

Get Ready for the New Healthcare Debate

While we all long for a return to normal once we tame the coronavirus, when it comes to healthcare in the U.S., we can’t go back to normal. “Normal” didn’t work.

It will take a while for the new contours of healthcare and health insurance to appear, because the focus must stay for now on the acute, short-term dangers to our physical and economic well-being. But the policy fights will come.

When they do, they will have to produce at least a national layer of public health capabilities so that, next time (and we all seem to now realize that there will be a next time), individual states and healthcare systems won’t have to fend for themselves so much. The fights will also accelerate trends in the healthcare world that are moving toward health care, rather than sick care, and will change the roles of many of the players in the industry, likely including the mammoth health insurers.

The need for more public health capabilities is obvious from just a cursory look at how the U.S. experience with COVID-19 compares with that of many other developed countries. Taiwan, for instance, has had only seven deaths. (I’d tell you what multiplier to use for that total to account for the difference between Taiwan’s population and ours, but what’s the point when Taiwan has had so few deaths that some people can probably name them all?) South Korea, with about a sixth our population, has had 263 deaths and is down to nearly zero new cases. Germany, with more than 8,100 deaths, at about a quarter of our population, has done far worse than South Korea and Taiwan, but has fared much better than the U.S. and is seeing almost no new cases. The country has only 5.8% unemployment, while economists say the U.S. is on its way to 25%, so Germany, like South Korea and Taiwan, has seen far less economic disruption than we have. Yes, Spain, Italy and France have done worse than the U.S. in deaths per 100,000 people, but all have their curves headed to zero for daily new cases while the U.S., despite recent progress, is still above 20,000 new cases each day. Only the U.K., among major European countries, has both performed worse than the U.S. in deaths per 100,000 and has failed to drastically reduce the number of new cases.

So, even in today’s hyper-politicized world, it’s hard to escape the conclusion that the U.S. has handled the pandemic poorly. The questions for the future will be: Why? And, more importantly, what can prevent a recurrence?

A significant chunk of the blame will accrue to the federal government, which received increasingly strong signals of danger through January but did little to build testing capability or to take containment measures until well into March. But there’s also a systemic problem with our healthcare system, at least in terms of our ability to respond to a pandemic.

While South Korea responded to the pandemic almost immediately by setting up drivethrough centers in parking lots where anyone could be tested for free, the U.S. system is, “Call your doctor.” That doesn’t work especially well under the best of circumstance, because individual doctors and their health practices have to figure out what guidelines to use for testing and have to fight for supplies, while interacting with health insurers and local, state and federal authorities. The process just takes too long when you’re dealing with a virus so contagious that one case can produce 59,000 new cases in less than two months (based on the R0, or R-naught, of three that seems to be the rule of thumb for the coronavirus at the moment).

Then you add in that many people who don’t have a doctor to call. Some 44 million Americans don’t have insurance, and a further 38 million have limited enough insurance that they likely don’t have a strong relationship with a doctor. Because about half of Americans get their insurance through employers, even those with insurance become vulnerable as a pandemic devastates the economy and people are laid off — like the 36 million Americans who have filed unemployment claims since the pandemic began. How can you do testing through a “Call your doctor” program when maybe a third of the country doesn’t have a doctor to call?

The U.S. briefly tried a South Korea-like system of mass testing. You may recall the Rose Garden announcement in mid-March of a website that Google was supposedly developing that would soon direct people across the country to testing centers in parking lots of major retailers. But the problems were just too hard, and the administration quickly moved on from the plan. The last I read, the website was still just a test in a few counties in California, and testing centers had been set up in only five parking lots.

It seems clear that, where future pandemics are concerned, there needs to at least be a national overlay on the current system. That overlay needs to include detailed planning ahead of time so we can go straight to the South Korea model of widespread national testing, no matter who someone’s doctor is or whether the person has insurance. The funding needs to be ample and permanent — no raiding the cookie jar even if we go 15 or 20 years before another crisis. It seems we also need to agree on what kinds of restrictions on business and individual movement are philosophically acceptable, so we avoid a repeat of the current situation, where a health crisis has somehow become a partisan issue devolving into debates about who’s more patriotic.

I hope we can get to the sort of “germ games” that Bill Gates has been promoting for five years, as he has repeatedly warned that a pandemic would show up soon enough. His idea is that, just as the military conducts war games, why wouldn’t we conduct similar exercises to make sure we’re ready for the viral threats that, as we’re now all painfully aware, can cost the lives of many tens of thousands of people just in the U.S. and create trillions of dollars of economic damage?

I hope, too, that we won’t just stop with planning for the next pandemic, because the current crisis has brought into sharp relief some major problems that we can start to solve even as we’re throwing trillions of dollars at the acute, short-term issues. I saw, up close and personal, how this can work when I was involved in a Stimulus Act project at the Department of Energy in 2010. The leaders were charged with getting $36.5 billion into the economy as quickly as possible but took a very strategic focus and, in the midst of the chaos, made a series of investments that have helped drive prices way down for solar, wind, batteries, electric vehicles and more in the ensuing decade. The same strategic approach can be taken now with our healthcare system.

In particular, it’s clear that we have to do something about “health equity,” which may finally get the attention it deserves because of the hugely disproportionate effect of COVID-19 on minorities. Because of some occasional work I’ve done with the American Medical Association, I’ve heard for a while about “the death gap” — the fact that people born in one part of Chicago have a lifespan 30 years longer than those born just eight miles away — and it’s nice to see that unconscionable disparity get national attention, including on the editorial pages of the New York Times. There’s no simple solution, because so much of the disparity relates to what are known as the social determinants of health. (Even if you have access to healthcare, what does it matter if you don’t have the money to buy a refrigerator and can’t afford to eat well?) But we can start by building on the need for pandemic coverage to make sure everyone has access to a minimum standard of care.

If the dominoes start to fall, then we can look at a broader issue: the need to switch from sick care to health care. At the moment, healthcare providers get paid for each service or medicine they provide, so they focus on sick people and help them get better. But the goal with the pandemic is to keep people from becoming infected in the first place, and some of that prevention thinking needs to infuse the whole system. Healthcare providers are actually much more inclined at the moment to get away from fee-for-service, because so many people are avoiding any interaction with the healthcare system that they can, for fear of coming in contact with those infected with the coronavirus. That fee-for-service income has dried up. If doctors were paid a sort of subscription fee for keeping patients healthy, medical practices wouldn’t be suffering so much. In addition, the pandemic has helped telemedicine finally come into its own. It offers a way to keep doctors in touch with patients easily, going well beyond that seven-minute annual visit that is the way many of us experience healthcare now.

Switching away from fee-for-service and increasing the use of telemedicine means changing payment models, which finally brings us to the health insurers.

They take a beating these days for two main reasons. First, the insurers catch much of the blame for the fact that the U.S. spends twice as much per capita on healthcare than other major economies while getting average care. Second, while everyone wants and needs health insurance, nobody likes it. Dealing with health insurance is simply painful.

In this case, they have the potential to lead the way. While they can’t be expected to do anything deliberately that would cut into their lush profits, they can easily drive adoption of telemedicine and use that as the tip of the spear in efforts to move away from sick care and toward health care, earning good will without much change to their business models.

Even if insurers choose not to lead, the pandemic will drive others to demand change, so the insurers might end up following.



P.S. Here are the Six Things I want to highlight from the past week:

Firms’ Top Priorities During the Pandemic

Change management, flexibility and risk management have exposed their critical importance.

How to Adapt to a VUCA+V World

In a world they haven’t seen before, insurers must do what they haven’t done before if they want to stand a chance to succeed.

Access to Care, Return to Work in the Pandemic

Beyond the pandemic, claims teams will need to know how to prioritize medical care for injured workers.

Hurricane Season: More Trouble Ahead?

As if COVID-19 isn’t tough enough, the Atlantic hurricane season looks to be active, with a higher probability of named storms making landfall.

Getting Back to Work: A Data-Centric View

By the time the world gets to the new normal, insurers must have created an “information mesh.”

The Pandemic and a New Ecosystem

As much as we all wish coronavirus had never happened, it has supercharged innovation in the insurance industry.

Securing Your Internet of (Medical) Things

Internet of Medical Things is no longer a thing of the future; it can be rightly called a thing of today. Worldwide, a plethora of hospitals, health facilities and labs have adopted IoMT systems of iconnected devices and big data, which allows them to render error-free, personalized and overall superior healthcare services to their patients. On top of that, the demand for digitalized healthcare is growing, especially among younger generations, who are more likely to opt for medical providers offering digital capabilities.

Such a system, however, can actually become a source of security and privacy threats to a medical facility and its patients. This vulnerability is a downside of the rapid emergence of healthcare IoT, which neither the equipment makers nor medical practitioners were prepared for. For now, healthcare institutions and legislative bodies are working hard to catch up and impose medical security practices, yet many facilities remain drastically behind the curve.

In the light of grave consequences for human health and life, as well as possible financial and reputational harm to a medical facility, being ill-prepared for IoMT security violations is off-limits for healthcare executives.

It’s high time you homed in on making your healthcare IoT impregnable, and this article will serve as a guide on this journey. Read on and learn about the most common security threats that an average Internet of Medical Things is susceptible to and, most importantly, the ways to shield your connected healthcare environment against conceivable cybersecurity risks.

What Makes IoMT Vulnerable?

Put into practice, the Internet of Medical Things is a vast and miscellaneous entity, often amounting to thousands of connected devices. On average, between 15 and 20 medical devices for monitoring and treatment are implemented in a single ward in the U.S. This number is only predicted to grow: According to a study by Frost & Sullivan, by 2020 the number of operating appliances – from insulin pumps to pacemakers, from imaging systems to MRI scanners – will reach up to 30 billion globally.

So, on the face of it, detecting vulnerabilities in such a system is similar to looking for a needle in a haystack. In fact, there is a definite pattern of security flaws that most healthcare IoTs are susceptible to, and being aware of them is a stepping stone to rendering the system invincible.

See also: Why Medical Records Are Easy to Hack  

Let’s go over the most common weak spots of an average IoMT infrastructure.

Legacy Systems

IoMT emerged surprisingly swiftly and in a sense caught medical authorities off guard. Healthcare facilities were unable to build designated environments from scratch due to monetary or time constraints, so the majority established their medical IoT on their legacy systems.

These systems were flawed and outdated more often than not, lacked crucial cybersecurity controls or all of the above. With time, a small share of organizations revamped their legacy systems, while the majority, according to a Forescout report, still operate on the Windows versions that are to expire by 2020, which would leave them unsupported and highly vulnerable to cybersecurity breaches.

Outdated Medical Devices

Medical devices used to be designed with no or few security considerations, and this used to suffice, as they were standalone, and threats were close to zero. Now, healthcare IoT requires medical devices to be connected within a single network, making outdated hardware a potential source of critical data exfiltration.

Apart from this, a fair share of older medical devices are not in line with the cybersecurity guidelines of the Food and Drug Administration (FDA), require manually implemented patches or are beyond repair, which makes them exposed to all kinds of internal and external security threats.

System Sprawl

The undeniably positive trend toward increasing the number of connected medical devices has a downside: It expands the attack surface. The vaster the medical network becomes, the more foothold cybercriminals gain for infiltration. Besides, the devices commonly come from a variety of vendors, which complicates compatibility between the tools and hinders unified security measures.

Best Practices to Mitigate IoMT Security Risks

Network Segmentation

When you have a vast IoMT legacy system that you do not plan to shift away from anytime soon, limit the potential attack surface by segmenting your medical IoT.

The segmentation principle rests on individual needs and priorities: You can separate vulnerable devices only from the main network or segregate them based on their function or user types. Also, the FDA guidelines insist on separating unpatchable devices from the rest of the network and minimizing the traffic to them.

Applying this unsophisticated measure, one can successfully isolate potentially vulnerable tools from sensitive data and more secure devices, and prevent a possible malware infection from spreading across the network. Segmentation also facilitates supervision of the disparate IoMT environment.

Regular Updating and Patching

Thorough updating and security patching can become an effective preemptive measure against data breaches. However, because the medical IoT system consists of software and hardware from miscellaneous vendors, expect patch and update releases to be numerous and irregular.

This can be managed in two ways: by appointing a dedicated team to implement new versions and bug fixes as soon as they come out or automatically streamlining this process, which will require elaborate development.

Another challenge of updates in medical facilities, especially in intensive care wards and such, is that a great many life-sustaining devices cannot become inoperative even for several seconds.

Data Encryption

Protected health information (PHI) is a coveted prize for cybercriminals who target healthcare facilities, and, in a medical IoT environment, data is more ubiquitous than ever. There is a constant flow of patients’ information within the network of devices, and a fair amount of critical information is stored on servers and devices – all an easy target unless protected.

Encryption is a baseline measure for securing the integrity of PHI. The encryption process involves using a specific algorithm to render data incomprehensible, decipherable only with a confidential key. Encryption keys should also be properly secured, and access to them should be limited to select people. Therefore, in the worst-case scenario when PHI does get stolen, a threat actor could hardly access the data or assign any meaning to it.

See also: Insurance and the Internet of Things  

Machine Learning

Machine learning (ML) can help diminish security concerns related to the Internet of Medical Things. It can serve as an extra-sensitive risk detector, recognizing suspicious activities across all the network’s devices and endpoints in real time. Beyond that, ML can monitor data exchange within the facility as well as with external entities and detect anomalies in the data flow. The technology can also be leveraged for predicting system vulnerabilities, analyzing the facility’s big data and recommending corresponding security measures.

Still, for the time being, machine learning is too young as a technology to be left to its own devices, so considerable human supervision and correction is still required.

With IoMT, It’s Better Safe Than Sorry

Internet of Things has proven to be a disruptive technology for healthcare, used to diagnose more accurately, monitor treatment progression closely and perform sophisticated procedures, to name but a few applications. At the same time, the IoMT environment is very complex, demands financial investment and upkeep and, among all things, can be the loophole for a security breach or a data loss.

Still, it is better to prevent than to treat problems, and health professionals know this like nobody else. Do not wait for the worst to happen – instead, be aggressive and implement relevant security measures to keep your facility and patients from harm. After all, with so much at stake – money, reputation, health and even lives – inaction is inexcusable.

Walmart May Redefine Primary Care

When Catalyst for Payment Reform hosted a webinar that provided a glimpse into Walmart’s healthcare strategy and management plans, Lisa Woods, senior director of U.S. benefits, talked about a new program to simplify and improve healthcare, particularly primary care, for Walmart’s million-plus associates and their families.

She alluded to Walmart’s well established and continuously expanding Centers of Excellence (COE) programs, as well as two new programs. First is a personal healthcare Assistant, powered by healthcare navigation firm Grand Rounds, that helps Walmart associates with billing and appointment issues, finding a quality provider, understanding a diagnosis, coordinating transportation, arranging child care during appointments and addressing other important patient needs.

Walmart has also broadened its telehealth offerings, including for preventive health, chronic care management, urgent care and behavioral health. All video visits have a $4 copay, and associates can book an appointment with a primary care physician within one hour and a behavioral health visit within one week, making services highly accessible. Partners for this program are Doctors on DemandGrand Rounds, and Healthscope Benefits.

Daniel Stein and Matthew Resnick, from physician profiler partner Embold Health, described how their data collection/analytics approach identifies physicians with histories of providing the most appropriate care. In three markets – Northwest Arkansas, Tampa/Orlando and Dallas/Ft. Worth – Walmart’s “Featured Provider” program will connect patients to the high-performing providers that Embold has identified in eight specialties: primary care, cardiology, gastroenterology, endocrinology, obstetrics, oncology, orthopedics and pulmonology. Walmart has been a key partner in the development of Embold Health – Stein, the CEO, Stein is a former Walmart medical director – and its efforts to accurately profile the quality of healthcare delivery at the individual physician level. The health outcomes improvements and savings associated with only using high-performing physicians should be profound.

See also: 11 Ways Amazon Could Transform Care  

The changes that Walmart has announced reflect a laser focus on solving specific problems, like overtreatment and patient difficulty with navigating the system, that plague all primary care programs. The company has been tinkering with and testing different primary care models for a decade or more. As with its COE program, the goals of Walmart’s new healthcare programs are a more refined, disciplined and methodical set of innovations focused on driving better care, a better patient experience and lower cost and that, for the most part, are not yet available to most primary care patients elsewhere in U.S. healthcare.

As a side note, it’s worth recognizing that, in an ideal world, the major health plans – e.g., United, CIGNA, Aetna, Anthem – with many millions of lives covered, would have pioneered these approaches to manage healthcare risk, to improve health outcomes and to reduce cost. The fact that payers haven’t been motivated along these lines is a reflection of the perverse incentives that have driven the U.S. health system for decades, that all patients and purchasers are up against and that have facilitated the kinds of innovations discussed here.

Walmart attacked these problems because it is at risk for its population and its costs. Few employers have the resolve and the resources available to develop key innovations that can move an industry like healthcare forward.

Not surprisingly, Walmart appears to see an opportunity here and has larger plans. Walmart almost certainly believes its healthcare efforts are applicable beyond its own population, and, like HavenKroger and Costco, has staked out a healthcare business strategy. Primary care are logical services to begin with, and Walmart has announced that its pricing will be 30% to 50% below conventional primary care prices. Walmart’s focus on improving experience, health outcomes and cost, combined with its national footprint and deep resource base, could immediately catapult it to the first rank of competitors in this space.

No doubt, Walmart has its eye on providing primary care services to groups as well as individuals. Relationships with health plans would allow the company to share in the savings it generates through the primary care platform and associated programs.

Think about the territory covered here. Walmart intends to:

  • Develop highly price competitive primary care clinics across the country.
  • Offer very low-cost telemedicine that can be a convenient pathway to primary care and other care, streamlining care processes.
  • Implement a personal healthcare assistant that can simplify navigating the healthcare system and expedite a much enhanced patient experience.
  • Connect to the highest-performing local physicians and regional COEs in each specialty, driving appropriate and disrupting inappropriate care and cost, in strong contrast to the inappropriate care and cost patterns that have come to dominate U.S. healthcare.
  • Develop some tie to health plans that would allow the company to benefit from the health outcomes improvements and savings that its management approaches create.

A vigorous primary care campaign by Walmart would undoubtedly threaten traditional primary care models and spur competitive innovation among progressive primary care organizations, especially if the company publicly conveyed a dedicated focus on transparent management of full continuum health outcomes and cost. This would powerfully differentiate Walmart’s primary care efforts from those of competitors like Walgreens and CVS, whose convenience care primary care models are mainly dedicated to maintaining the status quo.

See also: Avoiding Data Breaches in Healthcare  

Walmart’s activities in this space are one signal that the old paradigm in health care is waning and that a new, value-based healthcare market is emerging. It can’t happen soon enough.