Increasingly healthcare organizations, whether provider, payor, pharmaceuticals, or life sciences worldwide realize that security is difficult, and good security professionals are expensive and hard to find, and that partnering with a cloud provider that has strong security, compliance, and privacy enables them to alleviate security challenges and costs and focus more on healthcare. In this post, I will share some updates on this important topic. If you want to jump into looking at tactics to get started in addressing security and compliance issues in your organization, take a look at our interactive e-book.

Security is the Top Criterion for Healthcare Selection of Cloud Vendor

Far from simply offloading security to the cloud provider, security continues to be the top criteria for healthcare organizations’ selection of cloud, according to Frost & Sullivan, Healthcare Cloud Computing Outlook – Global 2016-2021.

Cloud Security is a Shared Responsibility

Effective security must be holistic, multi-layered, defense in depth, paying attention to prevention, detection, and response / remediation. As such security with the cloud is a shared responsibility between the healthcare organization and the cloud provider. As shown in the following diagram, even if we just consider the cloud part of the healthcare organization’s IT infrastructure, security is a shared responsibility. The dividing line between what security the cloud provider delivers and what the healthcare organization is responsible for varies according to the particular type of cloud use with the healthcare organization taking on the most responsibility with basic IaaS cloud use, through to the cloud vendor being responsible for the most security with SaaS cloud use.

Effective security requires that all responsibilities are fulfilled and none “fall through the cracks” so it is super important to ensure that these responsibilities are understood and met, continuously over time. This can be a significant challenge with new threats emerging, whether breaches, ransomware, and Distributed Denial of Service (DDoS) or others. More and more healthcare workloads are also moving to the cloud increasing the sophistication of cloud use. Relatively new technologies, such as AI and machine learning (ML), IoT (Internet of Things), blockchain, are also continually changing the risk landscape.

Compliance with Shared Responsibilities

Compliance with shared responsibilities requires assignment of controls and ensuring that all control requirements are met between the healthcare organization and the cloud provider. Microsoft is committed to being a partner in compliance with a wide portfolio of certifications including regulations such as HIPAA, data protection laws including GDPR, security standards including ISO27001, and security frameworks such as the HITRUST CSF. See the Microsoft Trust Center for the complete industry leading portfolio of compliance offerings. HITRUST compliance is increasingly sought by organizations that put information security and privacy front and center. Microsoft is proud to be associated with HITRUST, and that Microsoft Azure and Office 365 are the first hyperscale cloud services to receive certification for the HITRUST CSF.

Continuous Security

Compounding these challenges, effective security must be maintained continuously even as cloud threats, workloads, technologies, and the associated risk landscape changes. Azure Security Center enables the healthcare organizations security team to assess and maintain security continuously and be alerted right away as new threats and vulnerabilities emerge, enabling management of these through remediation. Similarly, Microsoft Compliance Manager enables assessment, tracking, identification of non-compliance items, assignment of items for remediation, and helps the healthcare organizations security and compliance team achieve continuous compliance.

Outlook and Opportunities

To date the healthcare industry has only just begun the process of migration to the cloud, thereby freeing healthcare organizations of the burden of acquiring, maintaining, and securing IT servers and storage infrastructure on premises. This in turn is improving the agility of healthcare organizations, and their ability to innovate, which is timely given the pressure to innovate to reduce healthcare costs, improve patient outcomes, engagement, and experiences, as well as improve the experiences of healthcare professionals. New technologies such as AI / ML, IoT, blockchain, and more can be rapidly prototyped, piloted, and adopted with cloud using click to deploy and manage capabilities enabling healthcare to realize benefits on a much shorter timeframe than would be the case without cloud.

The majority of healthcare IT workloads worldwide remain on premise, within data centers maintained by healthcare organizations. Several concerns are currently “log-jamming”, either gating or impeding, the migration of these workloads to the cloud. Amongst these concerns, security and compliance are top of the list. Microsoft, with leading security, compliance, and worldwide presence, a strong healthcare enterprise focus, and a thriving healthcare security and compliance partner ecosystem is working with healthcare organizations to alleviate these concerns and break the log-jam, paving the way for increased adoption of cloud by healthcare worldwide, and realization of the benefits to healthcare and patients.

Learn more

Interested in learning more about what you can do to drive security and compliance in Healthcare? Explore our interactive e-book 5 Tactics for Improving Security and Compliance in Healthcare.

The post Healthcare cloud security and compliance — Status, outlook, and opportunities appeared first on Microsoft Industry Blogs.

Whether you’re interested in using Artificial Intelligence (AI) and Machine Learning (ML) to drive better health outcomes, reduce your operational costs, or improve fraud detection, one way you can better unlock these capabilities is through leveraging blockchain.

In my last blog, “Improving Patient Care through AI and Blockchain – Part 1,” I discussed several opportunities for blockchain to help advance AI in healthcare, from sourcing more training data from across a consortium, to tracking provenance of data, improving the quality of AI with auditing, and protecting the integrity of AI using blockchain. In this second blog, take a look at four more reasons to consider blockchain for advancing AI in healthcare.

1. Shared models
   In cases where constraints exist that preclude the sharing of raw training data from across a consortium of healthcare organizations, for legal or other reasons, it may be possible to incrementally train shared models, enabled by the blockchain. In this approach the AI / ML models themselves can be shared across the network of healthcare organizations in the consortium, rather than the raw training data, and these shared models can be incrementally trained by each organization using its training data, and within its firewall. Blockchain can then be used to share the models as well as metadata about training data, results, validations, audit trails, and so forth.
2. Incentivizing collaboration using cryptocurrencies and tokens
   Cryptocurrencies and tokens on blockchain can be used to incent and catalyze collaboration to advance AI / ML in healthcare. From sharing of training data, to collaboration on shared models, results, validations, and so forth, healthcare organizations can be rewarded with cryptocurrencies or tokens proportional to their participation and contribution. Depending on how the blockchain is setup these cryptocurrencies or tokens could be redeemed by participating healthcare organizations for meaningful rewards, or monetized. This can be useful in any AI / ML blockchain initiative both as an accelerant, and could also be critical to overcome potential impediments and reservations to collaboration that can arise where the size / value of contributions from organizations across the consortium are asymmetrical.
3. Validating inference results and building trust faster
   Before AI / ML models can be used for patient care they must be validated to ensure safety and efficacy. A single organization validating a model alone will take more time to achieve an acceptable level of trust than would be the case for a consortium of healthcare organizations concurrently collaborating to validate a shared model. Blockchain can be used to coordinate and collaborate around such validation to increase synergy, minimize redundant efforts, accelerate validation, and establish trust in a new model faster.
4. Automation through smart contracts and DAOs
   Executable code for processing transactions associated with AI / ML, whether procurement of training data or otherwise, can be implemented on blockchains in the form of smart contracts. DAOs (Decentralized Autonomous Organizations) such as non-profits can also be built using smart contracts to automate whole enterprises that can facilitate advancing AI / ML in healthcare at scale.

Keep the conversation going

If you’re interested in using AI, ML, or blockchain for healthcare, you know that new opportunities are constantly surfacing and with it come a whole host of new questions. Follow me on LinkedIn and Twitter to get updates on these topics as well as cloud computing, security, privacy, and compliance. If you would like to explore a partnership as you work to implement AI and/or blockchain for your healthcare organization, we’d love to hear from you.

The post Improving patient care through AI and blockchain: Part 2 appeared first on Microsoft Industry Blogs.

AI (Artificial Intelligence) and ML (Machine Learning) have shown incredible potential in healthcare across a wide range of use cases, from diagnostic imaging, to anti-fraud, resource and asset optimization, readmission prevention, behavioral analytics, medical risk analytics, claims analytics, and many more. In a series of blogs, we will share a more detailed look at the opportunities to advance AI in healthcare using blockchain for those that want a more technical deep dive. For this first post, we’ll be covering ways that using blockchain in healthcare can help build higher quality models, obtain better data, improve auditing, and protect the integrity of the models.

Why use blockchain in healthcare?

Whether you are using AI/ML to optimize your operations or to improve patient care, the success of using this technology in each of these use cases hinges on the quality of inference that can be done and achieving acceptably low error rates. These in turn depend on the quality of the models. Building higher quality models in almost all cases can be done better through collaboration across a consortium of healthcare organizations instead of any one organization going at it alone. Using blockchain can help to address this issue and unlock the power of AI for healthcare organizations.

Four Ways Blockchain Can Advance AI in Health

1. More training data from across a consortium and improved ability to specialize
   
   AI / ML are extremely data hungry. The more training data, the better the models, the better the inference and results. Almost all AI / ML efforts are limited by data available. In most cases data used to train models is being sourced from just a single organization. Blockchain can be used to publish metadata about data that exists across a consortium of healthcare organizations. This metadata can include pointers to the enterprise systems that store the data, and hashcodes that can be used to verify the integrity of data. Organizations participating in such a blockchain can discover available data, locate it, and subsequently request data of interest via a secure, direct peer-to-peer exchange. Metadata on the blockchain can include information used to determine data of a particular specialty, eg x-rays of tumors of a particular kind. Having more data from across a consortium, and the ability to query by data specialty based on metadata on the blockchain enables new levels of specialization of data sets, and specialized models trained with it.
2. Higher quality data and models through tracking provenance
   
   Biasing of models is a common problem with AI / ML. In healthcare, a biased model can skew results, or increase error rates in ways that can impact inference results and ultimately patient care. Metadata on blockchain can include provenance information that enables the highest quality data sets from across the consortium to be identified and only this data included in training models to help mitigate biasing.
3. Improved quality management through auditing
   
   Blockchains excel at protecting the integrity of data. This makes them particularly well suited to storing audit trails that require such integrity protection to mitigate risk of accidents, fraud, and other risks to data integrity. Blockchain can be used to record all audit information regarding the building, testing, and use of AI / ML in healthcare. This can include training data, models and versions through the adaptive learning process, results generated, validations of results, who did what, when, where, why, how, and so forth. In the event of an incident, for example a biased model is detected, one can go to the audit trail and see exactly what data went into the model, root out data causing the biasing, retrain models, and correct the issue.
4. Protecting the integrity of AI / ML
   
   As healthcare grows to depend on AI / ML, so does the need to protect the integrity of models and other associated assets since corruption of these assets, whether accidental or malicious can impact results, and in a worst case such as in diagnostic imaging could directly impact patient care. As mentioned earlier, blockchains excel at protecting data integrity, and for all practical purposes they are immutable. Blockchains can protect both data stored on the blocks of the chain, as well as data stored off-chain and referenced by metadata, pointers, and hashcodes as discussed previously. In the latter case, the integrity of any record stored off-chain can be checked at any point through checking its hashcode against the hashcode stored on the blockchain for the record. If they don’t match integrity compromise is detected, data discarded, and an alert can be issued to initiate remediation.

Collaboration

These are just a few of the opportunities available to help accelerate AI in healthcare using blockchain. What other opportunities do you see?

AI, ML, and blockchain in healthcare are fast evolving. The intersection of these technologies is very new, and even faster evolving. Many of these new concepts do not yet appear in books. I post regularly about new developments in healthcare, AI / ML, blockchain, cloud computing, security, privacy, and compliance on social media. If you are a healthcare organization looking to implement AI / ML or blockchain, or if you are helping healthcare organizations get started with Microsoft technologies for AI / ML and blockchain and would like to explore partnership, we’d love to hear from you. You can find me on LinkedIn and Twitter.

Finally, if you’re ready to get started implementing blockchain and/or AI, take a look at these resources:

• Accelerate your AI / ML in healthcare initiative using this AI in Healthcare Blueprint which includes executable code, test data, automated deployment, and documentation that enables you to rapidly establish a working reference point for your solution in your Microsoft Azure cloud.
• Rapid prototype your blockchain solution using Azure Blockchain Workbench, and deploy to the Microsoft Azure cloud on Ethereum, to enable you to focus more on your blockchain solution rather than development and deployment complexities.

The post Improving patient care through AI and blockchain: Part 1 appeared first on Microsoft Industry Blogs.

The sky-rocketing popularity of Bitcoin and cryptocurrencies and blockchain investments overall (but lack of solutions) has led the healthcare industry to ask “Is blockchain in healthcare real or is it hype?”. The headlines in 2018 alone have ranged from saying “Blockchain technology is positioned to be the next dramatic innovation in healthcare” to “Don’t let Blockchain savings hype fool you” and “Blockchain is this year’s buzzword, but can it outlive the hype?”. Needless to say, there are plenty of believers and just as many nay-sayers. I believe that the best answer is that it is both hype and real. Sounds like a cop-out but when blockchain technology is put into the right healthcare context and applied to the right scenarios, it is definitely real.

Microsoft sees Blockchain as a transparent and verifiable system that has the potential to change the way people think about exchanging value, enforcing contracts, and sharing data. In it’s pure state, blockchain is a distributed digital ledger (or database) that allows a network of peers (people and/or organizations) to share and access data in a peer-to-peer, decentralized, trusted, immutable and crypto-graphically secure network. Blockchains can also be public, private, or consortium based. These attributes of blockchain sound promising but may also present challenges when applied to highly regulated industries such as healthcare that have stringent security, privacy, and regulatory compliance requirements. For example, blockchain networks synchronize and share data with all the peers in the network and many privacy laws, such as HIPAA, have “need to know” requirements which means that a person should only have access to the data if they need it to do their work and provide care to the patient. Also, the new European Union’s General Data Protection Regulations (GDPR) has a “right to be forgotten” clause which can be difficult to meet if the data is immutable and therefore can’t be changed or deleted.  But, those challenges are solvable and we’ll address that later in this blog.

At Microsoft we’ve learned that there are real solutions with real value that leverage blockchain technology as a foundation to deliver viable healthcare solutions that align with the Triple Aim/Quadruple Aim objectives for healthcare entities. We also know that when it comes to discussing “Blockchain in Healthcare” (or any technology) we have to be highly aware of its ability to support the security, privacy, and compliance requirements of this highly regulated industry in a modern world of expanding patient privacy and security rights and demands. Additionally, in our discussions with our customers, partners, and other blockchain experts such as David Houlding from Intel, we proposed that a quick and useful method to assess a blockchain in healthcare scenario is to ensure that the blockchain scenario addresses Dr. Adrian McCullagh’s FITS model while enabling the healthcare organization to deliver on its care objectives while meeting security and privacy requirements.  The two key questions to ask are (1) Does it FIT(S)? and (2) Does it drive measurable Quadruple Aim outcomes?

To illustrate these two questions, I’ve created the Healthcare Blockchain scenario cycle matrix in the following diagram that depicts how these two frameworks can be brought together.  The cycle matrix is used to show the increasing relationship of these eight attributes to the central blockchain scenario. I would argue that not all eight criteria need to be met but by purposefully applying the criteria you get to solutions such as the blockchain based solution from MintHealth (more on this later). The recently announced “provider demographics” scenario to use blockchain to improve provider data is also a good example that meets many of the criteria in this matrix.

As explained by Dr. McCullagh, you should try to run the FITS model against your use case to check if it can reap the benefits of Blockchain.  FITS is an acronym for Fraud, Intermediary, Throughput, and Stable data. Using this model, the best use cases of the Blockchain implementation could be where: (1) There is a high propensity and/or history of fraud. (2) Intermediaries carry out operations and do not truly provide value. (3) Distributed nodes can be leveraged to achieve throughput and (4) Stability of data is required for long periods. Wow, I’m going to say it out loud – so, far this sounds like a good fit for healthcare!

The Quadruple Aim extends the IHI Triple Aim and together they are designed to address (1) Improving the health of the population, (2) Improving patient experience, (3) Reducing Costs and (4) improving the work-life of the caregivers.

Now back to MintHealth. The MintHealth solution is designed to enable healthcare organizations to leverage blockchain technology to transform healthcare and align stakeholders in a new healthcare ecosystem. And in alignment with the cycle matrix they clearly state that they are a global, decentralized health platform that aligns healthcare stakeholders around the shared goal of patient empowerment and improved clinical outcomes, at lower costs.  MintHealth’s solution scores very high on all eight criteria in the “Healthcare Blockchain Scenario Cycle Matrix”.

The one missing component is the need to address security, privacy, and regulatory compliance. In order to enable organizations to deploy secure and scalable enterprise blockchains Microsoft has created the COCO (Confidential Consortium) framework. As announced by Microsoft, the Coco Framework is an open-source system that enables high-scale, confidential blockchain networks that meet key enterprise requirements and provide a means to accelerate production enterprise adoption of blockchain technology. Coco is designed specifically for confidential consortiums, where nodes and actors are explicitly declared and controlled. Coco presents an alternative approach to ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the security and immutability they expect.

Moving forward, we’ll continue to explore “blockchain in health” and how it can strengthen identity and cybersecurity strategies overall. Follow these links for additional information on Microsoft’s blockchain on Azure and overall approach to cybersecurity.

By the way, even the National Information and Standards Technology (NIST) organization has entered the conversation with its “Blockchain Technology Overview” report.

The post Blockchain in Health: Beyond the Hype in a Trusted Cloud appeared first on Microsoft Industry Blogs.

This year at HIMSS, the industry-leading event for healthcare professionals, Microsoft will bring healthcare partners from around the world to demonstrate innovative solutions currently empowering the digital transformation of the health industry. This blog post focuses on Microsoft’s approach to cybersecurity in healthcare and the company’s continued leadership as a trusted cloud data steward. Join Microsoft and its partners at HIMSS18.

Last year, we explored Microsoft’s approach to health security, privacy, and compliance in the cloud as we experienced an increased demand for public cloud and hybrid cloud services.  Given Microsoft’s leadership in supporting the required services coupled with the required levels of security, privacy, and compliance we posited that not all health clouds are created equal.  Since that time, we have also experienced an increased number of threats to cybersecurity in healthcare; cyberattacks with ransomware such as Wannacry being a prime example.  Moreover, while the health organization is transforming there is an increased demand to transmit, store, and process protected health information in the cloud.  This demand for increased cybersecurity in healthcare is really a requirement if we are truly going to enable the future of healthcare as a data-driven industry that will improve health outcomes, improve patient and provider experiences, and lower the per capita cost of care.

In 2018, we see an increased focus on precision medicine and overall data driven health transformation. Data coupled with artificial intelligence and machine learning will drive a number of processes and solutions that extend across both the clinical setting and operations (think supply chain and labor management).  In the clinical setting, the future of health and life sciences’ new solutions, services and research will combine data from multiple sources including genomic, environmental, and life style.  This drive towards personalized care and precision medicine demands and requires increased computational power, data aggregation, artificial intelligence, virtual collaboration, and security, privacy, and compliance.  While regulations such as HIPAA and HITECH in the United States will continue to govern our health industry we also must support global regulations such as the European Union’s General Data Protection Regulations (GDPR) and evolving cybersecurity in healthcare regulations in China and other countries.

It’s with these requirements in mind that Microsoft continues to lead as a trusted cloud data steward.  We continue to build our global security, privacy, and compliance portfolio and now certify and or attest to over 71 defined regulations and their associated technical, physical, and administrative control frameworks.  This is more than any other hyper-scale cloud provider.  In September 2017, we announced our contractual support for GDPR as part of our Online Services Terms.  We have re-tooled and re-engineered our organization and solutions to support the privacy compliance requirements that our customers will require around the world.  As part of our GDPR readiness programs we’ve also created education content, guidance and assessment tools for our customers and partners that will accelerate their journey to meet or exceed these expanded privacy requirements.  See Microsoft’s “GDPR Readiness Resources” portal for more.  It is critical to remember that GDPR is not just about the European Union – these regulations have the potential to affect US and other global healthcare organizations.

And lastly, Microsoft has launched our online Compliance Manager.  The Microsoft Compliance Manager is designed to connect security and compliance features with regulatory requirements.  As posted in Microsoft’s Office 365 blog – “Compliance Manager is a cross–Microsoft Cloud services solution designed to help organizations meet complex compliance obligations like the GDPR. It performs a real-time risk assessment that reflects your compliance posture against data protection regulations when using Microsoft Cloud services, along with recommended actions and step-by-step guidance.”  It should be noted that while platforms such as Microsoft 365 and Compliance Manager can help organizations meet their deadline for GDPR compliance (May 25, 2018) they also support compliance across other regulations and guidelines. For more information please use these additional resources.

Beginning your GDPR Journey e-book

Cybersecurity in Healthcare e-book

Microsoft Service Trust Portal

Microsoft Compliance Manager

We hope the above helps you begin to check the facts as you take advantage of the cloud to help you improve care quality and efficiency, while reducing costs. To learn more, visit the Microsoft Trust Center. It offers detailed security, privacy, and compliance information and resources for all Microsoft cloud services.

And if you have any questions or comments, please reach out to us via email, Facebook, or Twitter.

The post Cybersecurity in Healthcare: Enabling the Future appeared first on Microsoft Industry Blogs.

Earlier this year, in June 2017, we released our “HL7 FHIR on Azure” e-book.  It’s been a very popular download and a steady source of architectural and solution guidance (and in some cases inspiration) for the growing HL7 FHIR community of developers. My goal with the development of the e-book was to establish Microsoft’s support for the growing HL7 FHIR community and to make it easier for the community to develop and test their HL7 FHIR solutions and services. I believe we’ve achieved and surpassed that goal.  For that accomplishment, I want to call out and graciously thank our collaborators and go-to technical and functional subject matter experts Howard Edidin and Steve Ordahl for their continued expert guidance and support of the HL7 FHIR community at Microsoft and around the world.  These two gentlemen are highly skilled solution architects and developers who see the possibilities and make them real.

And yes, now it’s getting real.  More real.  We see the opportunity to integrate HL7 FHIR resources and services with Office 365, Dynamics 365, bots, devices and other productivity and line of business solutions.  We are developing proof-of-concepts scenarios to show what the possible looks like and why this has the potential to make healthcare information workers and care givers more productive, collaborative and data driven while enabling them to truly meet their “Quadruple Aim” objectives.  Our content is available in an opensource format on GitHub and can be accessed here.

As the HL7 org works to release the FHIR Standard for Trial Use (STU) version 4 in late 2018 we continue to explore how HL7 FHIR truly enables interoperability of healthcare data and processes across the healthcare ecosystem. As part of our evolving concepts and challenge to dream of the possibilities, Steve recently demonstrated an HL7 FHIR service with the Microsoft Healthbot services at the December 2017 HL7 meeting in New Orleans. We are also exploring additional updates to the ebook including patterns for “SMART on FHIR on Azure”, IoT and Medical Devices, Machine Learning and AI, Dynamics 365 and Office 365, and even a pattern that uses a blockchain foundation for consent and tracking.

One partner that I’d like to highlight is Dapasoft and their Corolar iPaaS (integration platform as a service) for healthcare interoperability on Azure. Dapasoft has released their latest Corolar integration and interoperability solution as a platform service on Azure with full support for the HL7 FHIR resources and services.

Dapasoft works with organizations all across the healthcare continuum. Given their wide variety of healthcare customers they are seeing very interesting use cases and requests from providers, healthcare agencies, and payors looking for FHIR based solutions. Using Corolar iPaaS customers are able to receive HL7 (version 2.x, HL7 version 3.x, and C-CDA) compliant messages in Azure and transform them into FHIR resources for consumption by downstream FHIR compatible applications. Corolar has been successfully used as a FHIR server to support on-premise products and cloud-based patient portal applications. Using Corolar iPaaS is an extremely efficient means for healthcare organizations to enable FHIR capabilities and extend the investments made on their classic on-premise system. You can sign-up for a demo of Corolar iPaaS.

We will continue to build the HL7 FHIR on Azure community and our resources and hope to see you, the reader, at an upcoming FHIR event. In the meantime, make sure to download the “HL7 FHIR on Azure” e-book to learn more.

The post HL7 FHIR on Azure: What’s Next: “Bots on FHIR, FHIR + Blockchain” appeared first on Microsoft Industry Blogs.

At Microsoft our medical experts including Dr. Simon Kos, our WW Health Chief Medical Officer, and Dr. Dennis Schmuland, U.S. Chief Health Strategy Officer, work diligently to ensure that we’re fully aligned with healthcare’s digital transformation and “Quadruple Aim” objectives – (1) better care, (2) better health, (3) lower cost, and (4) caregiver productivity. (see graphic “Quadruple Aim”.

I argue that, in order to truly optimize outcomes, these activities must be data driven and given the increasing volume of healthcare data – must be powered by the public cloud.  (The benefits of machine-learning and artificial intelligence in healthcare will not be achieved with on-premise resources.  It’s just too expensive and requires the collaborative expertise of the healthcare community, researchers, and organizations such as Microsoft.) Additionally, this data must include a healthcare organization’s most sensitive asset, Protected Health Information or PHI.  Let’s not kid ourselves on this one, three years ago Becker’s Hospital Review reported that IDC predicted that by 2020 80% of healthcare data will be transmitted, stored, or analyzed in the cloud.  We’re most likely already there – but today’s ordinary healthcare transformation is not a well managed process and it’s definitely not as cybersecure, private, and compliant as required.

I’ve been fully vested in the Institute for Healthcare Improvement’s (IHI) “Triple Aim Initiative and Framework” and the one point that the framework calls out is the need for new designs to truly drive healthcare transformation to enable the initiative’s objectives to be met. These new designs must be “PHI data driven” and solutions such as Teladoc’s Azure based tele-health platform are proving that this is possible today and already happening. Teladoc’s telehealth technology platform and licensable software solution has earned the exclusive endorsement of the American Hospital Association. The triple aim healthcare solution is HITRUST complaint, is HIPAA compliant, and more importantly is enabling their care givers to speak with a patient every 8 seconds!

And now, we’re taking this to the next level with re-usable healthcare blueprints and partner offerings to cost-effectively scale their healthcare transformation. The Microsoft Azure architecture blueprints are designed to enable organizations to securely and compliantly accelerate their time to market with new healthcare services and solutions.  Microsoft partner, Project Hosts, recently announced that it is now offering turnkey HIPAA/HITRUST Azure Security Containers for healthcare providers and ISVs. The Azure Security Container cloud platform provides a ready-to-run environment that ensures all applications and workloads placed in the container are fully HIPAA/HITRUST compliant at the software and data level. The security container is ideal for Healthcare organizations that are moving their on-premises workloads into Azure to gain the advantages of Azure’s inherent scalability, performance and operational excellence. The security container is also designed to support new applications such as patient portals and the growing ecosystem of ISV healthcare applications to protect patient data while improving the patient experience. As a HIPAA ready and HITRUST compliant environment, electronic Patient Health Information (ePHI) is fully secure in accordance with regulatory standards.

Overall, solutions such as the Teladoc platform and Project Hosts’ Azure Security Container are enabling healthcare entities to transmit, store, and analyze PHI in the cloud while exceeding their cybersecurity, privacy, and regulatory compliance requirements, manage costs, and provide an improved healthcare experience overall.  I encourage you to take the time to explore the Teladoc and Project Hosts solutions and reach out to us at Microsoft about our quadruple aim objectives and to review our Azure blueprints and architectures.  For more “PHI in the Microsoft Cloud” stories visit the “Microsoft Cloud for Health”.

The post PHI in the Azure cloud: driving real healthcare digital transformation now appeared first on Microsoft Industry Blogs.

Clinician shortages and ever-increasing healthcare needs means care teams are seeing more patients. And heavier workloads can lead to burnout, exhaustion, mistakes, and patient and employee dissatisfaction. So how do you ease this burden and improve not only the effectiveness of your care teams, but their personal experience and job satisfaction?

Many people in the health industry are asking that question as the “Triple Aim” has evolved to the “Quadruple Aim”—the fourth aim being to address clinician and staff satisfaction. Because in order to provide better care to more people at lower costs, health organizations realize they need to take care of those taking care of their patients.

The quadruple aim imperative calls for new designs in healthcare. Health organizations are taking advantage of cloud-first, mobile-first solutions to meet that imperative by digitally transforming. They’re re-designing workflows to save staff time and empowering care teams to be more productive, collaborative, and engage with patients in new ways—wherever they or their patients may be.

With trusted cloud eHealth solutions and advanced cybersecurity, they’re able to do all of this in a way that’s secure, private, and helps them meet compliance requirements. Being able to trust the cloud they’re using is vital as health organizations extend care beyond the four walls of their facilities and coordinate services across the care continuum—expanding how and where health professionals and patients access confidential information.

By equipping staff with tools that work the way they do and help them meet the demands of new care models and expectations of patients, health organizations are empowering care teams to not only be more productive and improve patient outcomes—but to do so in ways that leave them feeling happy and energized, not burnt out and exhausted.

In this video, William Robinson, MD, and Nick Patel, MD, talk about how time-saving technology has helped them see two more patients per day, feel more joy in their work, and go home earlier.

One of the most moving stories of care teams scaling care and connecting with patients along their entire care journey comes from Children’s Mercy. As nurse Lori Erickson writes in her blog, since they started using their home-monitoring app in March of 2014, none of the babies with single ventricle (SV) heart disease in their Cardiac High Acuity Monitoring Program (CHAMP) has died at home during the high-risk period between their first and second surgeries. That’s significant because typically as many as 20 percent of SV infants don’t survive this timeframe known as interstage, which is the first four to six months of their life.

And it’s exciting to see numbers like two million worker hours saved over three years. That’s what Advocate Health Care is accomplishing by empowering its care teams with cloud-based communication and collaboration tools. See more of their incredible time and cost savings numbers and learn how their staff is able to work together and care for patients more efficiently—while improving security and compliance with a wide range of policies: Read this blog by Dennis Giles, director of Unified Communications for Advocate Health Care.

Worry less about your staff and dream more about how you can empower your care teams to be happier and more productive: Explore ways your health organization can digitally transform.

Learn more: Cybersecurity in Health e-book.

The post Empowering care teams to improve job satisfaction appeared first on Microsoft Industry Blogs.

What did we learn from this attack?

I spoke to customers and partners after the attack. Some, rightly so, are very concerned about the next attack and even saw this as a “practice run”. This attack taught us a few lessons that we need to proactively address. The cyberworld was fortunate that the “kill switch” was accidently found. But, we can be better prepared. Here are a few of my observations and recommendations:

• The advice to not pay ransomware resonated and the bitcoin wallets linked to the ransomware showed less than $60,000 paid out of a potential $30M+ (if ~30% of the 300,000 of the infested machines had paid the ransom). This first lesson learned is just good practice and with proper planning organizations can recover from cyberattacks without paying ransom. Organizations must make recovering from a cyberattack part of their business continuity and recovery plan.
• A key component of an organization’s ability to digitally transform is the adoption and use of modern technology that also provides better protection in today’s cyberworld. Unsupported and unpatched software is extremely vulnerable and there are still almost 200,000 PCs running XP in the United States and thousands more around the world, we must work to reduce that number.
• The Server Message Block (SMB – used for providing shared access to files, printers, and serial ports) was exploited in unpatched systems. While this was a Windows based attack, SMB is used by MAC OS and Linux/Unix and are also vulnerable. Machines with modern operating systems and protection, such as Windows 10 with update enabled, were protected.
• The SMB exploit enabled a growing threat called “Lateral Movement” enabling the ransomware to self-propagate across machines. This is a critical lesson learned as it’s no longer just about protecting sensitive electronic protected health information (ePHI) data on a few machines. Organizations must adopt a holistic cybersecurity and risk mitigation plan and cannot exclude older equipment with the excuse that “…it doesn’t store ePHI so it’s ok…” Additionally, modern file sharing and cloud storage services such as OneDrive were not affected by the SMB exploit. Microsoft’s cybersecurity, risk assessment, and digital services teams can help find and identify these vulnerabilities along with helping organizations build their “Digital Services Roadmap”.
• Privileged accounts, administrator accounts, and end point ports must be secured, managed and protected from untrusted systems – “Zero Trust” continues to be a focus. Solutions such as Operations Management Suite along with services and solutions from our partners such as Lumen21, Silect, Barracuda, TrendMicro, and others. can help customers address this need.
• Endpoint protection coupled with identity and security management is absolutely a must-have along with a layered security (security in depth) approach to proactively defend against future attacks. While having various solution components in place is helpful, it has become more critical to leverage integrated solution suites that provide broader protection.
• Organizations must practice cybersecurity incident recovery. We learned that organizations that were prepared recovered quickly from this attack (or completely avoided it). Those that were not prepared lost productivity and put patients at risk. Microsoft’s Cybersecurity Incident Recovery guidance and Cybersecurity services offerings are designed to support help customers prepare for and recover from cyberattacks such as this one.

For more information on Microsoft’s and our partners’ solution and service offerings to modernize and fortify a covered entities cybersecurity, privacy, and compliance posture please download our Cybersecurity in Health e-book.

The post WannaCry ransomware attack – Lessons Learned appeared first on Microsoft Industry Blogs.