Topics
Reimbursement
Home health agencies get half a percent pay increase
Home health agencies get half a percent pay increase
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
Two CFOs see promise of AI, but have yet to build a dedicated budget
Two CFOs see promise of AI, but have yet to build a dedicated budget
Capital Finance
HIMSSCast: Is private equity the bad guy in healthcare?
HIMSSCast: Is private equity the bad guy in healthcare?
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Hospital margins climb to 5.1% in September
Hospital margins climb to 5.1% in September
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Johns Hopkins Health Plans announces multi-payer portal
Johns Hopkins Health Plans announces multi-payer portal
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
$47.5 million grant allows Rutgers to turn lab discoveries into practical healthcare
Rutgers to promote 'translational' science with $47.5M grant
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cleveland Clinic partnering with Cavaliers on new training center
Cleveland Clinic partnering with Cavs on new sports complex
Compliance & Legal
Elevance latest insurer to sue over Medicare Advantage star ratings
Elevance latest insurer to sue over Medicare Advantage star ratings
Policy and Legislation
HHS investing $75 million in rural healthcare infrastructure
HHS investing $75 million in rural healthcare infrastructure
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
ACO REACH changes more negative than positive, says participant
ACO REACH changes not positive, says participant
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
Aetna underperforms, plans recovery as CVS Health logs $95.4B in revenue
CVS Health logs $95.4B in revenue as Aetna struggles
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Elevance Health 'considering options' following star ratings hit
Elevance Health 'considering options' following star ratings hit
Patient Engagement
Patients see narrow networks in ACA marketplace plans, KFF finds
KFF: Patients see narrow networks in ACA marketplace plans
Pharmacy
HIMSSCast: Prior authorization as gatekeeper
HIMSSCast: Prior authorization as gatekeeper
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Teladoc posts $640.5 million in revenue, stresses virtual care improvement
Teladoc posts $640.5 million in revenue
Mergers & Acquisitions
Steward Medical sold to Rural Healthcare Group 
Steward Medical sold to Rural Healthcare Group 
View more
Apr 07, 2020 More on Analytics

HIMSS20: Improving smart contract security in the healthcare supply chain

Healthcare organizations should enter into smart contracts with their eyes open and take steps to ensure the mitigation of risk.

Jeff Lagasse, Editor

From a technological standpoint, supply chain data and processes are undergoing an evolution. They are making the transition from enterprise and manufacturing resource planning systems to the cloud.

Smart contracts, which have received a lot of renewed focus due to their integration into specific blockchain technologies, provide vehicles for organizations to augment their existing data exchange while utilizing it to provide even more business value.

But in a digital HIMSS20 session, Mitchell Parker, Chief Information Security Officer for Indiana University Health, cautioned that healthcare organizations should enter into smart contracts with their eyes wide open, and take steps to ensure the mitigation of risk and the integrity of their data.

Currently, supply chains depend heavily on electronic data exchange, or EDI, to automate and run their businesses. What smart contracts do is encompass both the data and the workflow in a viable, integrable manner that supply chains are now beginning to leverage.

"This is an evolution, not a revolution," Parker said.

With EDI workflows there's a lot of variability in the data, because they don't provide for the automation of workflow data itself – and they don't address security or process concerns. The move toward smart contracts stems from the need to evaluate the entire process, not just the data.

The shifts in the data and contracting realms are happening simultaneously, moving from traditional legal practices to automation and self-service. This shift can trace its roots to the 21st Century Cures Act final rule, which placed a lot of workload on legal teams. With EDI, there's a lack of automated enforceability.

"Our current contracts, due to the lack of resources, are a leap of faith," said Parker. "And that's not a place we want to be in."

The 21st Century Cures Act final rule prompted a move from EDI to an application program interface, or API-based mode of communication. That means customizations have to be rebuilt every time an organization upgrades. Because this means hacking the system, they don't really allow for effective patch management, and upgrades can break the customization.

That means healthcare organizations keep old systems around to maintain business functionality, which in turn increases the risk of ransomware or other kinds of attacks. Electronic health records systems also tend to resist customizations.

EDI, the means by which organizations interchange data, are characterized by manual processes that often come with significant customization to determine what contracts are being performed effectively. Now, instead of just data, organizations are being asked to prove data-flow integrity from source to destination, which has led to decreased security and a dependence on legacy systems that can't be touched.

"There's no provenance or auditability with these hacks," said Parker. "There's no way to comply with regulations, and there's an increased risk from having to operate these systems. This leads to significantly increased risk."

Smart contracts – commonly known as "contracts as code" – feature intelligent programmable workflows, and can be legally binding, since blockchain qualifies as an electronic record-keeping system.

Under this framework, automated EDI and contracting transactions act as a hybrid of master agreements and smart contracts. They allow organizations to do as much as possible electronically, and also perform better analyses on the data that needs to be improved.

"This is an evolution of technology," said Parker.

The risks of EDI are tied to their running on old, outdated software that opens itself up to ransomware attacks. With mobile and 5G technology making the communications picture more complex, there's a need to improve security to reduce the potential for legacy systems to be attacked by hackers. Vendors offering blockchain-based smart-contract solutions for EDI include Oracle, SAP, IBM Hyperledger and Salesforce.

The benefits of blockchain-enabled technologies is that the data is decoupled from the source systems. It often uses triggers to execute contracts and the code contained within them.

The key to successfully implementing this model, said Parker, is to interview, not one, but many potential business partners, and get their firms a security risk assessment from a business partner skilled in ERP. Organizations should develop a plan to remediate any issues that arise, and also develop a plan to comply with NIST requirements for ID management.

Contracts, said Parker, need a master agreement covering usage terms and conditions as part of the contract language needed to perform testing to ensure intended behaviors.

HIMSS20 Digital

Experience the education, innovation and collaboration of the HIMSS Global Health Conference & Exhibition… virtually.

Twitter: @JELagasse

Email the writer: jeff.lagasse@himssmedia.com

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.