IT Security Vulnerabilities

Pivoting off my recent blog about patient data breaches, I want to share some recent survey data.  Vormetric, a security specialist company, and 451 Research, an information technology research company, recently published a report based on responses from 1,100 senior executives at large businesses around the world.  Here are some highlights of the report:

90% of respondents stated their organization is vulnerable to security threats.

75% report that cybercriminals are the top threat.

61% of those surveyed admitted to having had a data breach in the past; nearly 20% stated the breach occurred within the past year.

51% of respondents are planning to increase spending on security.

47% report that nation-state hackers are the top threat.

44% claim that a shortage of skill set is a top impediment to better data security.

43% reported that budgets are a key barrier preventing the adoption of better data security.

Garrett Bekker, senior analyst at 451 Research made these remarks regarding today’s security professionals:

“Spending intentions reflected a tendency to stick with what has worked in the past, such as network and endpoint security technologies that offer little help in defending against multi-stage attacks.  Clearly, there’s still a big disconnect between what we are spending most of our security budget on and what’s needed to ensure that our sensitive data remains secure.”

Data security is indeed a top concern for healthcare professionals.  As hackers continue to target healthcare organizations, much emphasis and money will be spent on this war against healthcare privacy.  While we may not be able to guarantee that patient data is secure, all healthcare providers should make a concerted effort to do so.


Contact ABISA, a consultancy specializing in solo and small group practice management.  Visit us at

Is Anyone Surprised About Patient Data Breaches?

Much has been written about data breaches over the past couple of years as this profitable trend of theft increases.  The healthcare industry is no stranger to this; in fact it has been reported that a patient’s healthcare data is worth at least twice as much on the black market as regular consumer data.  The big question is, is anyone surprised?

Many businesses (including healthcare organizations) go through great lengths to secure consumer (patient) data.  And while that effort is noble and important, we should not go around with rose colored glasses believing that the efforts are failsafe.

One thing that bothers me is seeing vendors claim that their services will make your patient data “secure.”  Really?  If any healthcare organization believes that, then give me a call about my oceanfront property in Arizona that is for sale.  To be more precise, a vendor with great services should claim that it will make your data “more secure.”  And if you believe that your data is completely secure, I challenge you to put out a public service announcement or press release touting so.  Any takers?  No, of course not.  Many hackers in the world would love to take you up on that one!

So what can be done?  Well, you certainly need to make the attempt to secure the data (unless you look good in orange) because the healthcare industry has numerous laws and regulations requiring you to do so.  And no, laws such as HIPAA and HITECH don’t ensure your patient data is secure.  Rather, they are the enforcement stick in place so you take appropriate actions to do so.

So, for the patients (and attorneys) in the audience, we should not at all be surprised about patient data breaches or the increasing trend to target patient data.  And for those healthcare groups that are making a concerted effort to mitigate risks and spending thousands of dollars every year to do so . . . kudos.  Unfortunately, there are some medical groups which still believe it won’t happen to them and they are willing to take the gamble.  Those such groups are definitely playing with fire and their time will certainly come.  In this day of electronic data, reachable from anywhere in the world, how can it not?  And if you choose to take that gamble, then you are indeed justified in receiving the inevitable fate that comes your way.  Comply with the laws and make ongoing diligent efforts to secure your patient data.  We cannot ask any more than that.

To my readers, feel free to comment on this issue.  If you are a vendor, I welcome you to comment as well about this subject and/or about your service offerings.  While we may not be able to guarantee that patient data is secure, all healthcare providers should make a concerted effort to do so.


Contact ABISA, a consultancy specializing in solo and small group practice management.  Visit us at

Putting the Patient First

Physicians should take a measured approach to the future of their practice, keeping in mind that patients define value as appointment access and availability.

With the changes and incentives (often misaligned incentives) in play as a result of healthcare reform, many hospitals and provider groups are hedging their bets that bigger is better.  To that extent, some are attempting to leverage their brand outside of their catchment area in an attempt to secure more patients.  The pitch to those communities receiving the new facility is often the same: “we bring an unparalleled level of expertise”, “extending the benefits of an academic institution”, “to better serve the residents”.  The problem is that the community often becomes confused and questions what sort of care they have been receiving for decades before this new entity decided to ride in on their white horse and save us all.  Equally important, the entire medical community is often upset for the same reasons, with physicians stating “So, I have been providing substandard care to my patients?”

Although this has not stopped hospitals and provider groups from expanding their arena in the past, it was not as widespread as it has been in the past few years.  This is due to the Affordable Care Act’s push to have fewer players in the healthcare sector, which can pressure solo and small group medical practices that have longstanding roots in their communities.

A university physician’s group in Florida, for example, entered a market nearly two hours away to offer specialty care such as cardiology, gynecology, and orthopedics.  In just 6 months, they walked away from their $4 million investment.  The center was tracking to be $2 million in the red during its first year, but the university is conflicted.  On one hand, they are not happy about the loss, to which they acknowledged “due diligence could have been better.”  On the other hand, they are still eager to jump into that remote community due to the population health initiatives being driven by healthcare reform.

In Indiana, a proton therapy center closed after being in operation for 10 years.  This Indiana center, which had a $3.5 million operating loss its last year, cited several reasons for closing including changes in new payment models like bundled payments.  The point here is not this center is closing but rather the plethora of other proton centers still being built and planned for around the country.  There are 13 such centers in operation, but 12 more are currently being developed.  Perhaps there is going to be a demand to justify doubling the number of proton therapy centers in the U.S.  And perhaps, clinical studies and payment reforms will be in favor of all this growth.  Time will tell.

On the other hand, patients do prefer hospitality design elements (certainly much more than they like seeing “narrow networks” and lack of access to providers).  To this end, medical offices and hotels share the challenge of designing facilities that are cost-effective, are functional, and promote their organizations’ missions.  Research shows that facility design influences customer behaviors and brand perceptions in a variety of industries.  Customers make decisions about a company’s capabilities and quality based on their perceptions of the physical setting.

Such consumer decisions are very important in healthcare since clinical outcomes are often intangible and difficult to measure for non-clinicians.  Research has shown that a patient’s perception of quality can be influenced by facilities design.  Several studies found that patients surveyed in physically attractive waiting areas gave higher ratings on quality of care and patient-staff interactions.  These patients also were more willing to recommend the facility to others than those surveyed in comparatively unattractive waiting rooms.

A recent study of hospitals demonstrated that patients value hotel-like features twice as much as they value the clinical reputation!  Examples such as these must be heeded in this era where patients are increasingly doing more choosing of their place of service.

There is no crystal ball as to how U.S. healthcare reform will shake out.  I believe that our entrepreneurial society which includes outstanding physicians and great business leaders will prevail and patients will be the benefactors . . . providing all continue to put the patient first.


Contact ABISA, a consultancy specializing in solo and small group practice management.  Visit us at

Connected Health Devices

As I noted in a previous post, millions of Americans report that smartphones and apps have changed the way they manage their health and wellness.  As Americans begin to use wearable devices to track and collect their personal health data, we will see more of a willingness to share that data with healthcare providers and intermediaries.  Parks Associates has published a report which analyzes consumer attitudes and preferences about making care choices and decisions and provides guidance to healthcare stakeholders regarding how to communicate and engage with consumers for self-care and support.  The report shows the increased adoption of connected health devices which includes items such as blood pressure meters, connected treadmills, digital fitness trackers, and networked weight scales.  Here are some highlights of the report:

The most popular health device is connected health equipment.

Digital pedometers and fitness trackers experienced the most growth over the past two years, up 5%.

42% of consumers aged 24-34 own a connected health device.

37% of consumers aged 18-24 own a connected health device.

31% of consumers over the age of 65 own a connected health device.

33% of households with broadband in the United States own a connected health device; this is up 9% from just two years ago.

13% of households with broadband in the United States own two or more connected health devices.

The Director of Health and Mobile Product Research at Parks Associates, Henry Wang, commented on the growing demand from Baby Boomers:

“These consumers face a variety of health and mobility challenges, so there is tremendous potential for accelerated adoption, improved outcomes, and ultimately significant cost savings for both companies and consumers. Interoperability and standards compliance will be the primary challenges as companies look to expand the connected health market and engage this demographic.”

The report can be found here.


Contact ABISA, a consultancy specializing in solo and small group practice management.  Visit us at