NIST refines Cybersecurity Framework 

The latest version of the NIST Cybersecurity Framework addresses supply chain cybersecurity and offers a more comprehensive treatment of identity management.

As a first line of defense, the National Institute of Standards and Technology’s Cybersecurity Framework helps federal, state and local governments — as well as organizations across all industry sectors — manage cybersecurity-related risk.

Version 1.1 is an update to the original released in February 2014 and is meant to serve as a living document where changes can be made as cyber environments and risks shift.

The two versions are fully compatible. The additions, including new categories and subcategories, do not invalidate uses or work products in the first version of the Framework. “We didn’t want to change the framework substantially so the two frameworks could work with each other,” NIST Cybersecurity Framework Program Manager Matt Barrett said during an April 27 webinar on the Framework update.

The changes to the framework are based on feedback collected through public calls for comments, questions received by team members and workshops held in 2016 and 2017.

Changes include adding a new category for managing supply chain risk, that includes an assessment process for commercial off-the-shelf IT products and services.

Eight subcategories were added, and language was refined in several places, such as clarifying what “compliance” means for various stakeholders. A new section on self-assessment for cybersecurity risk was added, and the access control category has also been changed to better account for authentication, authorization and identity proofing.

In addition, information has been added to implementation tiers and profiles to reflect considerations within an organization’s risk management program. Another subcategory has also been added to address coordinated vulnerability disclosure.

NIST refines Cybersecurity Framework Read Version 1.1 of the Framework click here.


Source: NIST refines Cybersecurity Framework — GCN

EHR Interoperability Issues Plague 36% of Medical Record Admins

A recent Black Book survey found that 85 percent of physicians depend on their core health system to enable EHR interoperability.

EHR Interoperability Issues Plague 36% of Medical Record Admins

Physicians who are not on the same EHR platform report having EHR interoperability issues and that they cannot use patient data from external sources.

ehr interoperability physician ehr use


 – There has been small improvement in medical record administrators being able to exchange patient health records with other providers, with 36 percent stating they have EHR interoperability issues with that task, according to recent Black Book research.

Forty-one percent of medical record administrators reported the same data exchange issues in 2016.

The majority of network physicians – 85 percent – said they depend on their core EHR health system to enable interoperability, Black Book found. This helps providers as they work to improve initiatives in population health, precision medicine and value-based payment models.

For the report, Black Book interviewed just over 3,000 crowdsourced, current hospital EHR users.

“In 2018, 57 percent of hospital network physician practices operating on assorted EHRs report they continue to lack the financial and technical expertise to adopt complex interoperability which are compulsory to attain higher reimbursements built into value-based care initiatives by both public and private payers,” Black Book Research Managing Partner Doug Brown said in a statement.

Approximately one-quarter of surveyed physicians said they still cannot utilize a lot of meaningful patient information received electronically from external sources as currently shared outside siloed EHRs.

For Q1 2018, 62 percent of hospitals are not using information outside of their own EHR because external provider data is not available in their EHR systems’ workflow. One-third of respondents also said that the data that they can view cannot be trusted because of the disparate systems between providers.

Just over one-quarter – 27 percent – of medical record administrators said transferred patient data was not presented in a useful format. In 2017, 22 percent reported the same issue.

Another Black Book survey indicated that EHR technology and the way providers use that technology can impact numerous healthcare stakeholders.

Seventy-eight percent of hospitals said they have not prioritized or budgeted more meaningful improvements in patient engagement, interoperability or patient communications for 2018.

However, 92 percent of younger healthcare consumers were dissatisfied with their inpatient provider experience where complete medical records were not offered. Eighty-five percent of younger healthcare consumers reported dissatisfaction when telehealth options were not offered.

Healthcare consumers under the age of 40 were also more likely to desire reliable technological options at their provider, the report found. Eighty-nine percent of those respondents said they are unsatisfied with an organization’s technology capabilities, while 84 percent said they are looking for the most technologically advanced and electronically communicative provider.

“Healthcare consumers more frequently interact through electronic media in 2018, and while they value contact with their providers, they don’t have the patience for lacks in hospital interoperability, incorrect billing and access to scheduling and results,” Brown explained.

The majority of consumers – 80 percent – were also more likely to blame the hospital system itself instead of the EHR systems or financial technology for a lack of patient record portability and access.

Black Book also found that 69 percent of healthcare consumers cited business office and insurance processes as the most important moment when overall satisfaction of a hospital organization is concluded. This was for cases when patient care met patient expectations.

“Part of this is probably due in part to patient expectations that have been set beyond most hospital’s technological capabilities for interoperability with both other providers and payors,” Brown stated.

He added that healthcare IT systems’ revenue cycle management channels had the lowest positive experience.

Earlier this year, KLAS research found that Epic and athenahealth were found to be the most successful EHR platforms for removing EHR interoperability issues.

Respondents said Epic and athenahealth offer equally efficient health data exchange, but Epic EHRs were much easier to use than athenahealth EHRs once retrieved.

Both Epic and athenahealth let users share EHRs without investing as much effort, the report showed. Epic clients have to put forth the least amount of effort, as it has a quick verification process and users can take advantage of Care Everywhere, eHealth Exchange, and Carequality.

In comparison, eClinicalWorks, GE Healthcare, Greenway Health, MEDITECH, NextGen Healthcare, and Allscripts reportedly provided interoperability experiences that require “heavy lift, custom connections to external EMRs and HIEs.”

“Traditionally, patient-record sharing has been accomplished with expensive, custom-made point-to-point connections between healthcare organizations as well as local and regional HIE networks,” report authors explained.

“Fortunately, additional options are taking shape where EMR vendors build ‘plug-and-play’ connectivity into their EMR products, enabling quick, easy, and inexpensive connections between providers across national networks.”

Source: EHR Interoperability Issues Plague 36% of Medical Record Admins

Cloud-based office solutions under increasing attack – Beazley Breach Insights

Beazley breach insights – April 2018 Cloud based office solutions under increasing attack

Specialist insurer Beazley has reported that the number of business email compromises is accelerating, particularly for those organizations using Office 365, the popular cloud-based solution for Office applications and other Microsoft productivity services. These hack and malware breaches accounted for 13% of incidents reported to its Beazley Breach Response (BBR) Services team during the first quarter 2018. The three sectors most affected were financial services, healthcare and professional services.

In BBR Services’ experience, these incidents are usually caused by an employee clicking on a link in a phishing email, HelpDesk message, or Microsoft survey. After clicking on the link, the employee is redirected to a legitimate-looking website and asked for email credentials. The hacker then harvests those credentials and logs into the mailbox undetected.

In general, email compromises are on the rise because they are relatively easy to carry out and threat actors are able to use the email accounts for a variety of purposes. Once in the mailbox, the attacker may run searches to steal personally identifiable information. The attacker may also steal bank information to send emails requesting fraudulent wire transfers. Additionally, attackers frequently search the inbox to determine what HR and benefits self-service portal the employer uses, and then requests a password reset for the user in that system. Once in the self-service portal, the attacker redirects the employee’s paycheck to one of their accounts. Finally, the attacker often sends spam emails to all of the user’s contacts in an attempt to get others to give up their credentials as well.

Katherine Keefe, global head of Beazley Breach Response Services, said: “The number of compromised email accounts is accelerating but simple steps such as frequently changing passwords, having dual-factor authentication and removing auto-forwarding or auto-delete rules can help reduce vulnerabilities. With privacy regulations becoming more stringent and the public demanding greater accountability for their personal data, it is more important than ever for organizations to secure their lines of defense.”

A large majority of breaches that the BBR Services team has worked on have involved Office 365. The default settings on Office 365 do not typically include the logging necessary to rule out a compromise of all emails in an inbox. Fortunately, BBR Services has identified several forensic partners that have created a tool to gain access to additional logs through Microsoft. With this additional insight, the number of affected individuals often drops, along with forensic and notification costs. Organizations can protect themselves against these attacks by doing the following:

  • Require two-factor authentication for access to Office 365.
  • Microsoft provides a tool called Secure Score that can be used by anyone who has administrative privileges for an Office 365 subscription. It assists not just in analyzing, but also with implementing best practices regarding their Office 365 security.
  • Enforce strong password policies. Educate employees about the risks of recycling passwords for different applications.
  • Alert employees who have access to accounts payable systems or wire transfer payments about these types of scams.
  • Train all employees to beware of phishing attempts.
  • If you use cloud-based platforms, investigate what logging is available and make sure it is enabled. For instance, if you’ve migrated from on-premises Exchange to Office 365, audit your security settings, which are reset to default settings during migration. In Office 365, you must turn on audit logging in the Security & Compliance Center.
  • Work with your cloud provider’s technical team to determine what activities are logged and ensure you have the visibility you need, for the monitoring period you need.
Higher Education Incidents, Q4 2017

The top two causes of data breaches reported to BBR Services in Q1 2018 were hack or malware (42%) and accidental disclosure (20%), consistent with incidents reported in Q4 2017. Social engineering and disclosure by insiders were the next highest cause of incident, each at 9%.

Higher Education Incidents, Q1 2018

Hacking and malware incidents were up from Q4 2017 to 47% of the total number of incidents for higher education establishments. Also compared to Q4 2017, accidental disclosure recorded a 5 percentage point drop to 20% while social engineering plateaued at 9%.

Financial Services Incidents, Q1 2018

Over half (55%) of all data breach incidents reported to BBR Services in Q1 2018 were caused by hacking or malware, similar to the 53% recorded in Q4 2017. The number of social engineering incidents, which accounted for one in five breaches (20%) in Q4 2017, almost halved to 12% of the total in the quarter.

Healthcare Incidents, Q1 2018

Accidental disclosure (29%) and hacking or malware (29%) endured as the most frequent causes of data breach in the healthcare sector in Q1 2018, at a combined 58% of the total. A slight reduction in the number of breaches caused by insiders from 19% in Q4 2017 to 15% in Q1 2018 is to be welcomed.

Professional Services Incidents, Q1 2018

There were two striking features of data breaches reported by professional services firms to BBR Services between Q4 2017 and Q1 2018: the number of breaches due to the loss of portable devices and due to accidental disclosure both doubled, while the number of social engineering incidents almost halved.


Source: Beazley breach insights – April 2018

Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

Digitizing core systems and processes may not get the same attention—or levels of investment—as customer-focused transformation. However, smart CIOs are leading the charge to re-engineer how back-office work gets done, harnessing emerging technologies and building the foundation for a more dynamic enterprise ecosystem

It’s no surprise that the first wave of digital transformation focused on the most visible customer-facing functions, but IT leaders are now turning their attention to reinventing heart-of-the-business operations.

For many in the business and tech worlds, the word digital conjures thoughts of the marketing, sales, and customer experience initiatives that have dominated business mindshare—and investments—to date. It only makes sense given the imperative for organizations to improve engagement with their key constituents, be they customers, patients, citizens, or business partners.

However, savvy CIOs quickly realized that any effort to transform their customer-facing systems and processes would be limited without equally effective and integrated back-office operations. That digital interconnectedness is required to make key data and intelligence residing in the core—related to pricing, product availability, logistics, quality, financials, and more—available to customercentric operations.

Tying together enterprise functions and the core is a start, but it only scratches the surface of the digital transformation opportunity. Over the next 18 to 24 months, CIOs, CFOs, and supply chain leaders will begin developing new digital capabilities in their core systems—and not simply new point solutions or shiny digital add-ons. They will begin constructing a new core in which automation, analytics, real-time analysis and reporting, and interconnections are baked into systems and processes, fundamentally changing how work gets done.

More Meaningful Change

Efforts to digitize core business processes are hardly new. Over the last two decades, companies have invested in ERP implementations, large-scale custom systems, and business process outsourcing to transform their core operations. Some of these investments delivered tangible benefits, such as standardized workflows and automated tasks. Others created unintended side effects, such as subpar user experiences, rigid operating procedures, or even stagnation because needed changes were too costly or difficult to implement.¹

This time, it’s different. In the coming months, CXOs will target core business areas such as finance and supply networks for meaningful change. Rather than focusing on discrete tasks or individual tools, they will broadly explore digital technologies capable of supporting global ecosystems, platform economies, complex operational networks, and new modern workplaces.

Individual emerging technologies will still have a role to play as essential enablers. Blockchain’s distributed ledger, for example, has promising implications for trade finance, supply chain validation processes, and other areas. Yet blockchain alone is only one component in a more dynamic, interconnected core stack. As companies begin their core transformations, it will be critical to understand how individual innovations can work in concert with existing capabilities to drive business value.

The Future of Digital Finance

New core principles can be applied to all heart-of-the-business functions and processes. However, focusing on a couple of areas with long histories of technology-enabled transformation, such as the finance function, can help to illustrate the changes ahead.

For finance organizations, the digital revolution presents both significant opportunities and nagging challenges. Exploding volumes of structured and unstructured data contain insights that could transform business and operating models. By harnessing digital technologies and enhancing existing analytics capabilities, finance could become the enterprise’s go-to source for strategic advice. At present, however, many finance organizations struggle with the data they have, lacking the technologies and skill sets to capitalize on this opportunity.²

Nonetheless, forward-thinking CFOs and CIOs are charting a course toward a digital future built on interconnected and automated systems, unified data sets, and real-time analysis and reporting. Though the specifics of the digital finance organizations will vary by company, they will share the following characteristics³:

Agile and efficient. New product integration and upgrades are faster and more effective thanks to the utilization of public, private, or hybrid clouds.

Increasingly automated and intelligent. Robotic process automation (RPA) enables increased efficiencies and lowers operating costs. Cognitive computing capabilities simulate human intelligence, grinding through mountains of data to automate insights and reporting in real time.

More detailed and accessible insight. Predictive algorithms and visualization technologies enable more seamless oversight, planning, and decision-making by planners and analysts. Advanced analytics illuminates connections and trends buried within data for more detailed, accurate, and efficient reporting.

Built for big data. Next-generation technical architectures can handle massive data sets without sacrificing availability, timeliness, or the quality of books and records.

Dynamic Digital Supply Networks

The digital revolution is driving profound change in every core function, but perhaps none more so than the supply chain. The traditional supply chain was built to support a linear progression of planning, sourcing, manufacturing, and delivering goods. Supply chain systems enabled large numbers of transactions for each of these functions and their dependencies.

With the rapid digitization of the enterprise, this model is giving way to a more fluid system in which data flows through and around the nodes of the supply chain—dynamically and in real time. This interconnected ecosystem economy calls for more efficient and predictive digital supply networks (DSNs) with the following characteristics:4

Always-on agility and transparency. Integrating traditional data sets with data from sensors and location technologies provides visibility into all aspects of the network. DSNs can dynamically track material flows, synchronize schedules, balance supply with demand, drive efficiencies, and rapidly respond to changing conditions or disruptions.

Connected community. Multiple stakeholders—suppliers, partners, customers—can communicate and share data directly.

Intelligent optimization. By connecting humans, machines, and analytics, DSNs create a closed loop of learning, which supports on-the-spot human-machine decision-making and solving challenges such as commodity volatility, demand forecasting, and supplier-specific issues.

Holistic decision-making. More transparent supply chain processes result in improved visibility, performance optimization, goal setting, and fact-based decision-making.

Where to Begin

Creating a new core is neither a marathon nor a sprint—rather, it’s a series of sprints toward a long-term goal. As you begin exploring digital possibilities, the following steps can help you get off to a good start.

Study the masters. If you haven’t already, create a small cross-functional team to help you understand digital transformation possibilities. Chances are, peers in other parts of the company are already leading digital initiatives. Talk to your colleagues and learn from their successes—and their failures.

Map the journey. Make a transformation plan for your function, focusing first on applications that have proven clear winners in other organizations. This can serve as a master blueprint, but remember to execute it one step at a time. Things are changing fast in the digital world.

Be realistic. Before committing to bold visions of digital grandeur, consider the hardest part of the equation: Where do your people, organizational structure, processes, and technology fit in this brave new world? Many established assets can serve as building blocks for the new core, but make sure any modernization needs are well understood before provisioning budget and locking down milestones.

Start cleaning data. Data is the lifeblood of the digital core—and a potential source of trouble in any new core initiative. The data needed for use cases may be siloed and rife with misspellings, duplicate records, and inaccuracies. Consider creating a cognitive data steward to automate the tedious process of resolving data issues.


Many boardrooms may lack the appetite to fund expansive—and expensive—transformations, particularly when the focus is back-office operations. Nonetheless, as digital’s disruptive march across the enterprise continues, digitizing the core presents a host of potentially valuable opportunities to redefine heart-of-the-business work and establish a better foundation for customer-facing innovation and growth.

—by Bill Briggs, chief technology officer, Deloitte Consulting LLP; Steven Ehrenhalt, principal, Deloitte & Touche LLP; Doug Gish, leader, Deloitte Consulting LLP; Adam Mussomeli, principal, Deloitte Consulting LLP; Anton Sher, principal, Deloitte Consulting LLP; Vivek Katyal, principal, Deloitte Advisory; and Arun Perinkolam, principal, Deloitte & Touche LLP

Source: Core Transformation: Reinventing the Back Office – CIO Journal – WSJ

The rise of the exponential professional – Deloitte

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future. Posted by …

The rise of the exponential professional

This post is the first in a three-part series on the exponential professional, focused on ways exponential technological growth might impact professionals in the workplace of the future.

Posted by Darryl Wagner and Caroline Bennet on March 1, 2018.

AI. Automation. Machine Learning. Natural Language Processing & Generation. New technology is rapidly disrupting and transforming the nature of work and the identity of professions by enabling humans and machines to work together, side by side. A new breed of professional is rising to navigate this shifting landscape by embracing technology, leaving behind traditional tasks, and applying a uniquely human skill set to focus on higher-value, strategic roles. Enter the exponential professional.

The professional of today might assume that automation only affects nonprofessional workforce segments. Certified professionals such as lawyers, doctors, actuaries, and accountants may feel especially immune to these effects. However, exponential technologies are ushering in sweeping changes for professionals across all levels and industries.

For example:

  • Cognitive computing – Machines will analyze data sets, identify and apply new algorithms to process data, make decisions, and flag exceptions.
  • Process automation – Push a button and maintaining process will become a thing of the past
  • Image processing – Assessing hazards and risks such as determining if properties are made of stone or glass
  • Natural Language Generation – machines writing intelligent memos and communicating findings
  • Virtual reality can give professionals a better understanding of their colleague’s jobs. A call center representative could virtually follow people or processes, transforming their scripts into experience

Getting beyond fear
Professionals’ first reaction to realizing that technology can replace human tasks in their workplace may be fear—the fear of job insecurity coupled with anxiety over their place in the workforce. A look back at a major revolution of the past, the computer revolution, may help alleviate such concerns. During the computer revolution, bank usage of ATM’s exploded. However, instead of reducing the headcount of employed bank tellers, banks used the new technology to open more branches, which led to more jobs. From 1970 to 2010, the number of bank tellers in the United States increased from just under 300,000 to around 600,000.1 This widespread rollout also enabled tellers to take on more complex customer requests, such as new product inquiries.

While technology reduces the need for certain roles, it is often a catalyst for growth in other areas. Upon reviewing UK census data, Deloitte UK discovered that technological advances between 1992 and 2014 caused decreased agriculture and manufacturing employment that were offset by rapid growth in the health care, creative, technology, and business services sectors. The net change was a 23 percent increase in jobs.2 Additionally, there are countless other examples of jobs created in the last decade that are a direct product of technology revolution: mobile app developer, rideshare driver, social/digital media marketer, social media manager, data scientist, chief sustainability officer, drone operator, blogger. While each of these is new and different, each has roots in “old world” jobs with transferable skills: software developer, taxi driver, print marketer, publicist, actuary, environmental activist, pilot, freelance writer. Research suggests this pace of change is set to accelerate with nearly 65 percent of children entering primary school today predicted to end up working in completely new job types that do not yet exist.3 As such, the professional of today should recognize that just like the introduction of computers, the introduction of exponential technologies expands the frontier of opportunities for the business professional.

Just as robots changed the look and feel of a factory, new technologies and the digital revolution will impact the future of the workplace for many professions. For example, augmented and virtual reality will upend learning in the workplace by enabling learners to experience near real-world scenarios in the safety and methodical manner of a simulation.4 This is already being applied in the training of mining personnel where virtual environments can be used to build experience without the need to navigate hazardous environments.5

Similarly, finance professionals can harness cognitive data analytics technologies to automatically prepare and cleanse data, evaluate or identify drivers of results, and document findings. This will enable these professionals to focus their attention on higher cognitive activities.6 By replacing manual processes with machines, talented business professionals can focus on processing exceptions, interpreting and communicating results, and driving forward-looking strategic actions. Integrating machines with people and process can improve the quality of basic data processing, but can also significantly shift the strategic output capacity of any process by focusing talent on more strategic objectives.

A changing workforce
Technological advances are combining with generational changes that will disrupt how companies source talent—and even the very definition of an employee. Traditionally, companies have employed legions of full time, “on balance sheet” staff with set benefits and salaries. However, many companies have turned to alternative talent sources, such as crowdsourcing, to solve problems and create new ideas. A recent study by Harvard and Princeton economists showed that 94 percent of net job growth from 2005 to 2015 was in “alternative work,” or independent contractors and freelancers.7 As technology advances, more and more professionals are expected to join the gig economy, where they may negotiate short-term contracts, work for multiple employers, and diversify their project portfolio. The move to the gig economy is only partially driven by technology. The cofactor to technology is a Millennial mind-set shift toward the workplace. Millennials value work-life balance, flexible hours, ability to work from home, sense of meaning, and a variety of experiences.8 These values are often likely to be satisfied in an alternative work arrangement.

Anticipated implications
So, what are the anticipated implications for the professional of today? First, many tasks traditionally performed by humans will be performed automatically. This means that professionals can adjust their focus toward augmenting process with tasks that require uniquely human skill. Second, alternative work arrangements will bring about changes to companies’ organizational structures, operating model, and how professionals interact with their employers. Third, industry views on professionalism will need to evolve.9 Standards for how professionals leverage, trust, rely on, and interact with automated processes will need to be defined. This includes adapting employee training, which traditionally focused on creating technically sound individuals, and rethinking professional standards.

Let’s look at an exponential professional in action: an exponential actuary…

  • Uses Natural Language Processing to autogenerate reports before breakfast
  • Helps save hundreds of hours a year by relying on bots to automatically generate and QA data and perform analysis
  • Focuses efforts on high-value activities such as designing analysis and interpreting results


Exponential technologies are beginning to transform the workplace by efficiently and economically automating many human tasks and facilitating alternative work arrangements. These changes enable the rise of a new adaptive, innovative, and strategic professional—the exponential professional—assisted by and working with technology to create unprecedented value.

Next up: In the second post in this three-part series, we’ll discuss the expectations and responsibilities of the exponential professional.

Darryl Wagner is a principal in Deloitte Consulting LLP and the Global Actuarial, Rewards & Analytics Leader and US ARA Insurance Services Leader.

Caroline Bennet is the National Leader of Deloitte Actuaries & Consultants, the Insurance Leader for Deloitte Australia, and Leader of FSI Consulting, and is a member of the Global Deloitte Actuarial, Rewards and Analytics Executive Team.

Contributors: James Dunseth, Trent Segers, Wes Budrose, Nate Pohle, Ajay Parshotam, Mehul Dave, and Corey Carriker







7 From Deloitte Review, Issue 21. Navigating the Future of Work [Page 36]




Source: The rise of the exponential professional – HR Times – The HR Blog

AAFP Urges Improvements to Fledgling Patient Data Initiative

The AAFP made detailed suggestions to improve CMS’ recently announced initiative to improve patients’ access to and control of their electronic health data.

March 22, 2018 04:11 pm News Staff – The AAFP is working to propel a new CMS initiative meant to give patients better access to — and control of — their health care data into action that improves patient care and reduces physicians’ administrative burden.

CMS Administrator Seema Verma, M.P.H., publicly unveiled the MyHealthEData Initiative( on March 6 during a speech( at the Healthcare Information and Management Systems Society annual conference in Las Vegas.

She told her audience the United States will never achieve the long-sought goal of value-based care “until we put the patient of the center of our health care system.”

Verma said the Trump administration is determined to ensure that patients “have the information they need to be engaged and active decision-makers in their care.”

A CMS press release( noted the initiative is headed up by the White House Office of American Innovation with active participation from HHS, CMS, the Office of the National Coordinator for Health IT, NIH and the Department of Veterans Affairs.


  • The AAFP recently responded to CMS’ announcement about its MyHealthEData Initiative with a letter outlining suggested improvements.
    In a letter to CMS Administrator Seema Verma, M.P.H., the AAFP urged CMS to require vendors to provide any new government-required updates to electronic health records systems without additional cost to medical practices.
  • The letter also urged the agency to utilize the AAFP’s Principles for Administrative Simplification to reduce physician documentation requirements.
  • Midway through her speech, Verma related a personal story about a recent out-of-town health emergency in her family that led to her husband’s hospitalization. After his discharge, Verma asked for a copy of the complete medical record amassed during the inpatient stay to ensure that doctors back home had all the information they would need for follow up care.

“After the federal government has spent more than $30 billion on EHRs (electronic health records), I left with paper (five sheets) and a CD-ROM” that was both difficult to utilize and incomplete, said Verma.

“I couldn’t help but contemplate the disconnect between the genius of the medical system that used the latest technology and science to save my husband’s life but didn’t have the tools available to just give me his medical records, which I thought would have been the simplest task out of all they had performed,” she said.

Verma also announced an update to the agency’s Blue Button initiative, calling the new Blue Button 2.0( a developer-friendly, standards-based application programming interface “that enables Medicare beneficiaries to connect their claims data to secure applications, services and research programs that they trust.”

AAFP Weighs In
The AAFP has advocated long and hard for interoperability of EHRs and supports certain portions of the new initiative; however, other key points raised eyebrows among Academy leaders.

In a March 14 letter(4 page PDF) to Verma signed by AAFP Board Chair John Meigs, M.D., of Centreville, Ala., the AAFP weighed in on important portions of the initiative during its formative stages to ensure the final program doesn’t create more obstacles to already overburdened family physicians.

The AAFP noted its approval of agency efforts that “encourage patients to have meaningful control of their data” and to improve interoperability and administrative simplification.

“We would, however, object to placing responsibility for the adoption of interoperable systems on physician practices,” the Academy stated. “The creation of standardized interoperable systems should instead be the responsibility of vendors.”

The AAFP pointed out that physicians were promised EHR interoperability and secure patient access when they purchased certified EHR technology or upgraded their existing systems; however, many systems do not meet this standard.

Lack of this promised interoperability leaves physicians beholden to EHR vendors — a situation that has allowed vendors to engage in price gouging when peddling software upgrades and maintenance.

“We strongly urge CMS to require EHR vendors to provide any new government-required updates to such systems without additional cost to the medical practice,” said the AAFP.

Multiple studies have shown that physicians spend far too much time — up to 50 percent of their workday and even after clinic hours — using their EHRs, said the AAFP, referencing a Feb. 7 letter(6 page PDF) to Verma.

“CMS must take the time and financial costs physicians endure into account while addressing improved patient access to health care data,” said the Academy in its most recent comments.

Stop Information Blocking
In her speech, Verma zeroed in on CMS’ intent to prevent providers and hospitals from blocking patients — and their physicians — from seeing personal health data. “We will not tolerate this practice anymore,” she said.

In response, the AAFP noted that too often physicians receive summaries of care that are too long and “filled with clinically irrelevant information.” Indeed, said the letter, unnecessary information often is inserted into summaries by automated processes “designed to ensure compliance with CMS regulations and requirements for the MU (meaningful use) and ACI (advancing care information) programs.”

The AAFP told CMS to improve its regulatory requirements and focus on “how and when data is exchanged rather than focusing on the data in the exchange.”

Furthermore, the AAFP called on CMS to use the authority it was granted in the 21st Century Cures Act( to penalize health care organizations that are not sharing information.

“Policies should be focused on penalizing bad actors blocking information,” the Academy said in its letter.

Streamline Documentation, Billing Requirements
The AAFP pointed out that the level of documentation required of physicians has escalated in recent years despite the widespread adoption of EHRs. In particular, the Academy took issue with CMS’ documentation requirement guidelines for evaluation and management (E/M) services.

The letter argued that the guidelines, written for use 20 years ago in a paper-records era, “do not reflect the current use and further potential use of EHRs or team-based care.”

CMS should recognize and adhere to the AAFP’s Principles for Administrative Simplification to reduce documentation requirements. In these principles, the AAFP calls for

eliminating documentation guidelines for E/M codes 99211-99215 and 99201-99205 for primary care physicians;
applying a new standard to all public and private payers to allow medical information to be entered into a patient record by any care team member related to a patient’s visit;
discarding data templates and box-checking requirements that do not enhance patient care; and
redesigning and optimizing EHR systems through the collaborative efforts of physicians, vendors and workflow engineers.
Improve Related Programs
The AAFP addressed additional points in its letter to CMS, including suggestions related to

streamlining requirements associated with meaningful use and the Quality Payment Program’s advancing care information component;
interoperability of quality measures, including elimination of all health IT utilization measures and implementation by all payers of the Core Quality Measures Collaborative’s core measures sets championed by the AAFP;
widescale interoperability of patient admission, discharge and transfer data in as close to real time as possible; and
reducing hospital admissions and readmissions, and duplicative testing.
“With the modifications we have suggested and attention to other overarching health care IT issues as outlined above, we believe these programs will lead to great success for our patients by catalyzing better, more efficient quality care,” concluded the AAFP.

Related AAFP News Coverage
Fresh Perspectives: Doctor or Patient? Who Owns Medical Records?


Source: AAFP Urges Improvements to Fledgling Patient Data Initiative

Half of ransomware victims who pay the ransom don’t get their data back: 5 things to know

Only about half of the organizations that suffered a ransomware attack in 2017 recovered their data after paying the ransom, according to a CyberEdge Group survey

The research and marketing firm spoke with nearly 1,200 IT security pros in 17 countries about their experiences with cyberattacks last year.

Here are five survey insights.

1. Seventy-seven percent of the organizations surveyed suffered a form of a cyberattack in 2017, which is down from 79 percent in 2016. This marks the first time in five years the percentage of organizations who were hit by a cyberattack declined.

2. Just over half (55 percent) of respondents fell victim to a ransomware infection in 2017, compared to 61 percent in 2016.

3. Of the organizations that suffered a ransomware attack, 38.7 percent of victims decided to pay the ransom demand. However, only 49.4 percent of those organizations actually recovered their data, as opposed to 86.9 percent of organizations that refused to pay the ransom and were able to recover their data.

4. Organizations ranked malware as their top concern, followed ransomware, phishing and credential abuse attack.

5. Cybersecurity-related budgets are expected to account for 12 percent of an organization’s overall IT spend in 2018, which represents a 4.7 percent growth year-over-year.

Click here to download the complete report.

Source: Half of ransomware victims who pay the ransom don’t get their data back: 5 things to know

CrowdCrypto Newsletter – Issue #12

Another great summary of Crypto news from Robin Sosnow (@RobinSosnowEsq). 

🇺🇸 USA Regulatory Spotlight: 

Cryptocurrency Spotlight:

Global Spotlight:

Events Spotlight: 

Equity Crowdfunding Spotlight:

Source: CrowdCrypto Newsletter – Issue #12

4 things I have held dear in life the simple principles:


Over the years in work or at home you gain mentors or people you listen to or look up to for advice. During these years the most impressive point was given to me by a friend and respected individual that I have held dear to this very day and are simple guiding principles at work and home.

4 things I have held dear in life the simple principles:

Humility – Someone else obligation, Before the opportunity

  • Humility or humbleness is a quality of being courteously respectful of others. It is the opposite of aggressiveness, arrogance, boastfulness, and vanity. Rather than, “Me first,” humility allows us to say, “No, you first, my friend.” Humility is the quality that lets us go more than halfway to meet the needs and demands of others.
  • The quality or condition of being humble; modest opinion or estimate off one’s own importance, rank, etc. 

Integrity – Do the right thing always

  • Firm adherence to a code of especially moral or artistic values
  • The quality of being honest and having strong moral principles; moral uprightness.
  • The condition of being unified, unimpaired, or sound in construction.

Respect – Hierarchy is not a proxy

  • A feeling of deep admiration for someone or something elicited by their abilities, qualities, or achievements.
  • Due regard for the feelings, wishes, or rights of others
  • Hierarchy is not a proxy for the interactions between one another Hierarchy is just a method of getting what needs to be done, done. Everyone is equal everyone has some in Hierarchy above them, next to them and below them, we should never ever forget this at home or at work.

Conviction – Honorable Intentions and Belief

  • fixed or firm belief the act of convincing a person by argument or evidence.

If you keep these things dear to your heart and wear them on your sleeve, the results can be surprising, when you compromise on any you compromise on all of them and you tumble down the slippery slope.

A lot of people say they have principles, and they might be able to rattle off some thoughts and points, but it’s more what they action and actually what they do which is more important. Not just the talk but the action speak larger than the words its what can bind you together or show how far apart you might be.

Teams, individuals, and your family need to be able to do amazing things each and everything minute of the day. Having these 4 principles, it has given me a baseline to reference against.