security Archives - InnoHEALTH magazine

Webinar: Cyber and Data Security for Healthcare Establishments

InnoHEALTH Magazine — Tue, 10 Dec 2019 08:25:58 +0000

Title: Cyber and Data Security for healthcare establishments
Date: December 21, 2019
Time: 4 pm to 5 pm
Speakers: Satyendra Verma, Sachin Gaur
Organizers: CAHO and ICFHE
Register now
Introduction:

Healthcare is a vulnerable target for cybercrime because of two simple reasons; Firstly, it is a rich source of valuable data and Secondly, defenses are virtually absent in most healthcare establishments around the world and the case is no different in India.

The decision makers in the ecosystem are aware that Databreaches and attacks on medical devices can have severe consequences but unlike other sectors, the slow pedalling in this direction has little to do with lack of security budget or availability of methods to secure them but has more to do with the Gap in understanding among them.
This Webinar aims to help to demystify this topic with minimum technical jargon and demonstrate how no amount of technology or solutions can help unless they are preceded by clear Decisions & Directions from the Top Management. We will also share an innovative cybersecurity toolkit which can be used to do a quick in-house assessment of the Information Security Statues at your Healthcare establishments and how simple steps can resolve 80% of the Information/Cyber/Data Security issues.
Who will Benefit ? / Target Audience:

Top management
Decision makers
Owners

What it IS?

Attempt to Demystify the Subject for Top management.
Guided Quick Self Assessment of your Cybersecurity Status
Educate about forthcoming Indan Regulations related to Data Security
Explanation on which 20% of efforts can solve 80% of the problems.

What it is NOT?

Technical Details of Cyber Attacks.
Explanation of a particular solution.
Aimed at IT Managers

Speaker Bio:
Satyendra Verma
An Army vetran has an extensive exposure to Information System Security in his 23 years of service with Indian Army. After retirement, he has done extensive research to gain knowledge about the cyber issues pertaining to Healthcare and Education sector. He has conducted extensive training and workshops in Information Security in both the fields. He is ISO 27001, Certified Lead Auditor for Information Systems Security. He is also an active sportsman and the Indian Team Captain for Wingsuit Flying.
Sachin Gaur:
He has a double M.Sc.(tech) in Mobile Security and Cryptography from Aalto University, Finland and University of Tartu, Estonia. He has worked in the past with organizations like Adobe, C.E.R.N. and in research at the Aalto University in security related topics.
Register now for free

Also Read:
Exclusive Interview with India’s National Cybersecurity Coordinator
Don’t ignore the cyber threats in hospital. Enroll for the Cyber4Healthcare course on Udemy

The post Webinar: Cyber and Data Security for Healthcare Establishments appeared first on InnoHEALTH magazine.

Machine Learning in Claims Processing

InnoHEALTH Magazine — Wed, 30 Oct 2019 07:57:09 +0000

Challenge

Healthcare costs across the world have soared over the past decades at a rate at which, where United States spends more on healthcare than the national budget of half of the countries in the world. A big chunk of those expenses relate to pharmaceutical products.

AI and IoT in Healthcare: Need of Future
Opportunity

Here is the opportunity for Machine Learning Solutions – in US, by and large, most pharmaceutical transactions are captured electronically as claims. These claims, and the way they are processed, cover a myriad scope of information including patient demographics, disease states, drug utilization review, formularies, coverage and utilization review, contra-indications, etc. This information can be used for a number of reasons – better pricingof drugs based on their utilization and volume, better prediction of diseases and therapeutic journeys where we can guess over time which drugs a patient will require, and a more interactive engagement of the patient using virtual “friends” to guide them through their therapy and ensure compliance, adherence and better outcomes.

IoT can truly Transform Rural Healthcare in India

Over the past several years, solutions have been operationalized working with payors, PBMs on cost and efficacy predictions for new therapies for HIV (PrEP treatment) and Hemophilia (Gene Therapy). Another application is successfully helping Pharmacy Benefit Managers predict their most efficient drug pricing for patients who are not covered with insurance, cost efficiencies for seasonal and style drugs to name a few. GxWave™ leverages LSTM algorithm (Long Short-Term Memory) in predicting price efficiencies, claim volumes, call center call volumes, and average margins.

Approach

Solutions such as GalaxE’s GxWave™ platform with solutions such as Claims Neurology described below, utilizes their proprietary technology to extract business rules from adjudication systems and then use prior claims data to predict various “edits” or applicable rules such as prior authorization (where the use of a specific drug requires express approval from the physician) or adjustments and accumulators so that across their therapy, the price they pay is properly adjusted for the full range of medicines and medical services the patient consumes. These pathways for the adjudication of a claim are then trained on neural nets that learn the time based, formulary based, disease and therapy-based trends.

AI and Cybersecurity in Digital Healthcare

The trained nets are then used to predict and project the therapeutic journey of a patient, or the volume and timeframe for the consumption of specific therapy in a given market.

With all the consolidations of drug & device industries in play, their efficiency has to be at the highest point in order to drive patient costs lower. GxWave™ is helping these entities with improving efficiency. With a combined data set comprising elements of documentation across the development lifecycle of an application with governing procedures and its intended use, natural language processing techniques can derive information from previously unexplored data sets that can be analyzed to ensure compliance to regulations, adherence to organization policies and procedures and alignment with the documented intended use of the system. Healthcare IT consists of diverse applications with multiple critical integrations at various levels where regulatory impact can be ambiguous and could be left unassessed. A change in the landscape has to be simultaneously assessed for regulatory and risk impacts (includes business, security and privacy risks) without delays ensuring all impacts are being planned for before the change is implemented.

Healthcare IT market builds the foundation of Artificial Intelligence
Advantages
A number of advantages have surfaced with these solutions:
1. Immediate re-categorization or inspection of current non-regulated applications that could potentially be regulated due to change in feature/functionality.
2. Expose deficiencies within the system that could lead to a potential replacement for not being able to satisfy customer and regulatory requirements.
3. Allow for continual monitoring instead of the traditional approach of conducting periodic reviews.
4. Improve software documentation quality across the application lifecycle.

This is just the beginning. We expect that solutions like GxWave™ will utilize data from genomics, patient profiles, therapy histories and help generate the most medically and economically rational and effective therapies for patients in the very near future!

About the authors

Sandipan Gangopadhyay is the President and COO of GalaxE and plays a key role in GalaxE’s continued worldwide expansion and operational success Prior to this, Mr. Gangopadhyay spent over a decade in high profile roles in both Pharmaceutical and Information Technology companies around the globe and instrumental in setting up one of India’s first private Software Technology Parks. He has a Bachelor’s degree in Computer Engineering from Bombay University, is a member of the Indian Institute of Chemical Engineers, and is certified in the Governance of Enterprise IT.

Dheeraj Misra is the Chief Technical Officer and Senior Executive Vice President of GalaxE and has over 15 years of experience in the design, development, testing, porting and maintenance of application and system software for the healthcare industry. Prior to this, he spent a number of years in high profile roles at HCL Technologies, Context Integration, Eforce Global, and as a Research Specialist in Parallel Processing. He has a B.E. in Computer Engineering from REC, Allahabad.

Vijayaraj Chakravarthy, Senior Vice President of Delivery and Head of Strategic Business Unit, is a member of the GalaxE’s executive leadership team, responsible for organization growth and innovation through predictive analytics platform aiming to discover new cost reduction opportunities in the Healthcare ecosystem of the United States. He serves as a subject matter expert on various AI/ML-based platforms and frameworks. He is passionate about solving industry problems with automation methods and agile execution. His leadership style focuses on developing a positive environment, teamwork, passionate culture, and an entrepreneurial mindset. He has B.E in Electrical and Electronics from PSG College of Technology, India. He enjoys spending time with his family. He has a green thumb to nurture organic gardens. He likes to do tech-inspired research projects for Kids.

The post Machine Learning in Claims Processing appeared first on InnoHEALTH magazine.

Exclusive Interview with India's National Cybersecurity Coordinator

InnoHEALTH Magazine — Mon, 14 Oct 2019 05:23:08 +0000

Vision for cybersecurity: An exclusive interview with India’s National Cybersecurity Coordinator at Prime Minister’s Office

-Interviewed by Sachin Gaur, executive editor, InnoHEALTH Magazine

Lt General (Dr.) Rajesh Pant is an internationally recognized Cyber Security expert, presently tenanting the prestigious appointment of National Cyber Security Coordinator at the Prime Minister’s Office, India. General Pant brings to the table an interesting mix of military operations, academic excellence, corporate governance, and cybersecurity wisdom. Prior to this, he was the Head of the Army’s Cyber Training establishment for three years. He served in the Army Signals Corps for 41 years wherein he was awarded three times by the President of India for distinguished service of the highest order. He also served as the Chairman of Precision Electronics Ltd as a Governing Council Member of IETE (India). Sachin Gaur interviewed him on his viewpoint on India’s vision for cybersecurity.

Q. On behalf of InnoHEALTH Magazine, we congratulate you on your new assignment. For our readers, we would like you to share your short-term and long-term vision for Cybersecurity from national security perspective.
Short-term vision is to issue National Cyber Security Strategy 2020-25 early next year. Task force is working overtime on this by consulting all stakeholders. Long-term vision is to create an all-encompassing cyber vertical at the national level, to handle incident response, cybercrimes, legal issues and capacity building.

Q. We know that there are some fundamental technological shifts waiting to happen like 5G, and along-with it massive (Internet of Things) IoT deployments and especially use cases of connected healthcare. Can you share your views on the cybersecurity implications of the connected devices?
IoT security is a priority topic world over and this is because the limited security capabilities of these devices are also an afterthought. We need to work on a framework, to bring baselinesecurity through the manufacturers and developers of these devices. These devices are omnipresent in our lives, we find them in our home environment to industrial environments including hospitals. We have seen attacks in the past, where such devices are compromised to launch massive denial of service attacks to manipulate the workings of critical infrastructure.
Also, the issue of IoT security is multidimensional, from data security, privacy to device security. As we discuss this, there are multiple acts and bills pending in the Parliament on these topics. While the bills and acts will provide a framework, we need to also create awareness on both sides, supplier and consumer on the possible risks and mitigation strategies.

Q. What steps can be taken to improve the security in such connected devices?
When I say baseline security framework, it can be achieved in multiple ways.
As of today, most devices that we use including mobile phones, do not have a security testing certification. So, we can agree with the industry and look at important test cases and if they can do self-certification on such test cases.
For example: the device should not have weak default login credentials, it is sending data to a remote server and can be operated remotely. So, we can come up like a 5-star rating framework like that of the energy consumption but for the security of IoT devices basis what kind of tests they clear.
Industry bodies can agree on various levels of security and what it takes to achieve that level. Such a framework, when implemented, can provide confidence to consumers and users on the kind of device they are using vis-a-visthe use case they have at hand. So, they might use a higher security rating device in a use case where the stakes are high.
The other approach is to get the security testing done with notified agencies. Department of Telecom for example has announced mandatory security testing of network elements for telecom given telecom is a part of the critical infrastructure and security issuescannot be taken lightly.
Also, some of the emerging concepts in connected devices are missing in the various governing acts of the industrial connected devices. So, we also need to update our legal frameworks to cover software-based tempering of such devices and make the manufacturers and service providers accountable and proactive towards the security of the systems they provide.

Q. What are the threats that you foresee for the health sector?
There are three areas we see where health sector can be impacted:
First is the data breaches and ransomware attacks on healthcare data. As we know, among all the data, healthcare is the most sensitive and sought after by malicious actors. Outside of India, we have seen umpteen cases where ransomware has crippled the health system and it is only after paying the ransom the hospitals can start operation again. Timely backups and encryption of healthcare data during storage is a preventive measure that clinical establishments can take to mitigate the breach and ransomware attacks.
Second is the manipulation of connected devices. The topic of IoT and connected devices security, as discussed in the above sections, directly apply to the medical devices. Healthcare is a domain where attacks on such devices can be life threatening, especially when there are implantable devices. As we have the new Medical Device Regulation Act in India since 2018, we should also consider cyber security aspect in the devices which have a communication interface. For example, a pacemaker which has a communication interface can be manipulated remotely and the patient’s life is at risk.
Third is the manipulation of health system including the building management. We are probably not very far from the days when sophisticated attacks, as we see in the movies, on high security establishments by manipulating the building controls. The building management systems are very weak when it comes to security. Every hospital is a building and imagine what a false fire alarm would mean to patients in Intensive Care Unit. Or even loss of air conditioning or sudden spikes in electrical power.
There is a proposed act DISHA, Digital Information Security Healthcare Act, which might address some of the legal aspects of security in the healthcare setting. A lot needs to be done in this area, and we are on our way.

Q. Our readership consists of health experts all over the world. Any message for them?
We are at the cusp of a new age where we look to take advantage of Artificial Intelligence to Internet of Things. For such a knowledge economy to take off, health sector is at the center of it and health experts need to pay attention on what they are buying and how such systems are managed and operated. Through intervention of Ministry of Health & Family Welfare and responsible bodies such as National Accreditation Board of Hospitals & Healthcare Providers (NABH) of Quality Council of India, we plan to recommend a cyber audit and increased awareness of information security.
We would not want our hospitals and clinical establishments to be a prey for malicious actors. Rather we would want our experts to leverage technology to take the country to the next level in providing care to a wider population at a lower cost and of the highest quality.

The post Exclusive Interview with India's National Cybersecurity Coordinator appeared first on InnoHEALTH magazine.

Welcome 2019! Another Year of Development

InnoHEALTH Magazine — Mon, 21 Jan 2019 10:54:08 +0000

Our best wishes for the Year 2019 to all our readers, advisory group and wellwishers. We have completed three years and this year has been very eventful; we have launched IC Foundation of Healthcare and Excellence (ICFHE), a not-for-profit organization for social interventions and are now connected to the community of 40,000 like-minded people. We have put this issue on the theme of “Innovation in Diabetes-Unmet needs“given India has 73 million population suffering from Diabetes and 50% of people are not even diagnosed properly which means 7% of the Indian population is diabetic. World’s 18% diabetics are in India, second largest in the world. At present, the world has 425 million diabetics which would become 629 million in the year 2045.

We intend to handle this menace by conducting awareness programs, find innovative methods to bring diagnostic tools and treatments at a lower cost with quality & behavior modification programs for preventive and curative measures.

The lifestyle changes are the key to the treatment of lifestyle diseases like hypertension, diabetes, obesity and select cancers. They cause complications for other parts of the body such as eyes, heart, kidney, and foot. People must be told of the importance of diet, exercise, and meditation in order to have a healthy lifestyle. We have taken this initiative and created a website to raise awareness of the latest scientific interventions www.experimentswithsugar.in

We intend to publish articles regularly of common interest and would also encourage the professionals in this field to share their experiences through our magazine. Our team participated in ESICON 2018, to learn latest on the diabetes treatment from the top experts. We have also surveyed the clinicians for their unmet needs and will soon be releasing the findings.

We plan to have the next issue on the theme Cyber4Health: security and privacy issues linked with the health sector and their solutions. Healthcare providers are welcome to share their articles and help us increase awareness in this new arena. Our cybersecurity training programs for senior officers of the Armed Forces and various healthcare organizations were very well received.

What is new in the kitty for 2019-a delegation visit to Sweden during the month of May for B2B meetings and Vitalis conference; regular club meetings, InnoHEALTH magazine issues, and webinars to promote and foster innovations; our annual international InnoHEALTH conference in October in New Delhi.

We request you to join in various initiatives and make your contributions towards a better world.

The post Welcome 2019! Another Year of Development appeared first on InnoHEALTH magazine.

How Crucial is DISHA Act for Healthcare Industry?

InnoHEALTH Magazine — Mon, 17 Dec 2018 08:56:22 +0000

“A journey of a thousand miles begins with a single step.” The Digital Information Security in Healthcare Act (‘DISHA’) is that firm first step taken by the Indian Government in the long journey to secure the healthcare data of patients in India. The question we need to ask ourselves is that Why DISHA is the need of the hour? Why do we need to safeguard the electronic health record in hospitals?

The draft of the act was made public in November 2017 by Ministry of Health and Family Welfare. The word ‘Disha’ means direction, the GoI has taken the first step in the direction of safeguarding the digital health record. For this InnovatioCuris has also taken the first step towards having a concrete discussion about ‘Challenges in the implementation and opportunities for making health sector DISHA and data protection ready’. There were panelists from various renowned government, private hospitals, and healthcare IT firms.

The first session was about the ‘Challenges in the implementation of DISHA’. The panelists were happy that InnovatioCuris has taken an initiative to critically discuss the challenges a hospital will face once the act becomes the law. All the panelists agreed that the act lacks various aspects. Few concerns that bother the clinicians are, that who will give the consent if the patient is unconscious.

The ambulances have the capability that it sends the health records from the ambulance to hospital before the patient reaches the hospital for doctors to study the emergency cases. In this scenario, what should be done if a patient denies the consent for sharing the data at a later stage? Should the clinical establishments discard the already shared health record or should they handover the same to the owner (in this case, patient) or what should be done. There are no set protocols defined in the act for such cases.

A question was put forward, does the patient has the authority to edit their health record, or can they view, who have seen their health record. A healthy discussion took place where we got to know that citizens of Estonia have chip cards, where one can see their health record and can also see the logs of who has accessed their health record. This made us realize, that India as a nation state can use Aadhar card as a mechanism, where we can log in into a portal and get to see health records.

The third challenge that came forward was interoperability of health records. As the record lies with the custodian, not the patient, editing and viewing of it can be done by the clinical establishments. The health record can be shared by the clinical establishments to another, but there is no standard on how to transfer it. Data integrity is a point of concern, which is not mentioned in the act.

One of the challenges that came into light was according to ‘Clinical Establishment Act Standards for Hospital[2]’ the hospital has to keep health information and statistics in respect of national programmes, notifiable diseases, and emergencies/disasters/epidemics and furnish the same to the district authorities in the prescribed formats and frequency. The question is what if the patient does not give consent. The proposed act should have a provision where the clinical establishments are liable to take the health data.

As we have unstructured healthcare facilities in India, the act should also empower the clinical establishments by various means to keep the data safe. As of now the DISHA is a proposed act, not a law and has lots of loopholes. It also lacks in many aspects discussed earlier. This is just a start and the government should take necessary steps to improve it.

The second panel discussed on ‘Opportunities for making health sector DISHA and data protection ready’. The panelist consisted of CIO of path labs, owners of healthcare IT firms, who shared relevant thoughts and comments. The panel started the discussion on why do we need the act and what are the benefits of the act. Panelist were grateful to the government to bring the act. They told that the clinical establishments will take steps to increase the safety of the health record.

The gaps in the technology for generation, storage and transmission will be lowered down. Sectors such as banking, financing and insurance have structured their data, but this lacks in healthcare. Detailed scope of security features are missing from the act, this would help the companies to design the software from the ground up by using security as an important consideration.

The imminent threat is in the software which are already in place and have not been patched or the system has not been upgraded. The good news is that many have an audit trail in built in their system, which track any CRUD(creation, read, update, delete) of the records. The discussion contributed a fruitful thought: Data at rest is not encrypted. The question that arises is what is preventing the healthcare IT companies to encrypt the data at rest.

One of the challenge in the DISHA is that, the owner of the data must be informed of any breach of the privacy or confidentiality of their digital health record within three days. But according to IBM report it takes on an average of 197 days to detect a breach[1]. How can the Healthcare IT companies safeguard the health record and let the owner know about the breach. The solution is to encrypt the tables in the database, but that might hamper the performance.

It is a huge opportunity for the stakeholder to bring standards in the act. DISHA might have only completed its first round of comments from the public and stakeholders, it can be expected that the revisions made based on the feedback will churn out a more refined version of the act. In any case, it is evident from the draft that the government has really pushed to provide additional security, privacy and confidentiality for individuals, with respect to their digital health record.

The post How Crucial is DISHA Act for Healthcare Industry? appeared first on InnoHEALTH magazine.