Topics
Reimbursement
Elevance, UnitedHealth among insurers accused of alleged price fixing
Elevance, UnitedHealth among insurers accused of alleged price fixing
Revenue Cycle Management
Mary Washington Healthcare latest to outsource revenue cycle 
Mary Washington Healthcare latest to outsource revenue cycle 
Strategic Planning
CommonSpirit, University of Utah Health team on access
CommonSpirit, University of Utah Health team on access
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Labor expenses continue to challenge hospitals
Labor expenses continue to challenge hospitals
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
US healthcare system ranks last in equity, access
US healthcare system ranks last in equity, access
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Elevance laying off 123 California employees
Elevance laying off 123 California employees
Operations
UAB, Press Ganey launch certificate program for healthcare leaders
UAB, Press Ganey launch certificate program for healthcare leaders
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
University Hospitals expanding with $3.2 million donation
University Hospitals expanding with $3.2M donation
Compliance & Legal
Johnson and Johnson sues HRSA for blocking 340B plan
J&J sues HRSA for blocking 340B plan
Policy and Legislation
Planned Parenthood, other groups decry executive power in House bill
Planned Parenthood, other groups decry House bill
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Interoperability in healthcare moving forward despite challenges
Interoperability in healthcare moving forward despite challenges
Business Intelligence
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
CVS announces Dr. Sreekanth Chaguturu as president, Health Care Delivery
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Almost a quarter of Americans underinsured, survey finds
Survey: Almost a quarter of Americans underinsured
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
Express Scripts, Caremark, OptumRx fight back in lawsuit against FTC 
Express Scripts, Caremark, OptumRx sue FTC 
Population Health
Reproductive care, including abortion, facing challenges
Reproductive care, including abortion, facing challenges
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth prescribing of controlled drugs extended through 2025
Telehealth prescribing of controlled drugs extended
Mergers & Acquisitions
Cardinal Health set to acquire two companies for combined $3.9B
Cardinal Health set to acquire two companies for combined $3.9B
View more
Apr 07, 2020 More on Analytics

HIMSS20: Improving smart contract security in the healthcare supply chain

Healthcare organizations should enter into smart contracts with their eyes open and take steps to ensure the mitigation of risk.

Jeff Lagasse, Editor

From a technological standpoint, supply chain data and processes are undergoing an evolution. They are making the transition from enterprise and manufacturing resource planning systems to the cloud.

Smart contracts, which have received a lot of renewed focus due to their integration into specific blockchain technologies, provide vehicles for organizations to augment their existing data exchange while utilizing it to provide even more business value.

But in a digital HIMSS20 session, Mitchell Parker, Chief Information Security Officer for Indiana University Health, cautioned that healthcare organizations should enter into smart contracts with their eyes wide open, and take steps to ensure the mitigation of risk and the integrity of their data.

Currently, supply chains depend heavily on electronic data exchange, or EDI, to automate and run their businesses. What smart contracts do is encompass both the data and the workflow in a viable, integrable manner that supply chains are now beginning to leverage.

"This is an evolution, not a revolution," Parker said.

With EDI workflows there's a lot of variability in the data, because they don't provide for the automation of workflow data itself – and they don't address security or process concerns. The move toward smart contracts stems from the need to evaluate the entire process, not just the data.

The shifts in the data and contracting realms are happening simultaneously, moving from traditional legal practices to automation and self-service. This shift can trace its roots to the 21st Century Cures Act final rule, which placed a lot of workload on legal teams. With EDI, there's a lack of automated enforceability.

"Our current contracts, due to the lack of resources, are a leap of faith," said Parker. "And that's not a place we want to be in."

The 21st Century Cures Act final rule prompted a move from EDI to an application program interface, or API-based mode of communication. That means customizations have to be rebuilt every time an organization upgrades. Because this means hacking the system, they don't really allow for effective patch management, and upgrades can break the customization.

That means healthcare organizations keep old systems around to maintain business functionality, which in turn increases the risk of ransomware or other kinds of attacks. Electronic health records systems also tend to resist customizations.

EDI, the means by which organizations interchange data, are characterized by manual processes that often come with significant customization to determine what contracts are being performed effectively. Now, instead of just data, organizations are being asked to prove data-flow integrity from source to destination, which has led to decreased security and a dependence on legacy systems that can't be touched.

"There's no provenance or auditability with these hacks," said Parker. "There's no way to comply with regulations, and there's an increased risk from having to operate these systems. This leads to significantly increased risk."

Smart contracts – commonly known as "contracts as code" – feature intelligent programmable workflows, and can be legally binding, since blockchain qualifies as an electronic record-keeping system.

Under this framework, automated EDI and contracting transactions act as a hybrid of master agreements and smart contracts. They allow organizations to do as much as possible electronically, and also perform better analyses on the data that needs to be improved.

"This is an evolution of technology," said Parker.

The risks of EDI are tied to their running on old, outdated software that opens itself up to ransomware attacks. With mobile and 5G technology making the communications picture more complex, there's a need to improve security to reduce the potential for legacy systems to be attacked by hackers. Vendors offering blockchain-based smart-contract solutions for EDI include Oracle, SAP, IBM Hyperledger and Salesforce.

The benefits of blockchain-enabled technologies is that the data is decoupled from the source systems. It often uses triggers to execute contracts and the code contained within them.

The key to successfully implementing this model, said Parker, is to interview, not one, but many potential business partners, and get their firms a security risk assessment from a business partner skilled in ERP. Organizations should develop a plan to remediate any issues that arise, and also develop a plan to comply with NIST requirements for ID management.

Contracts, said Parker, need a master agreement covering usage terms and conditions as part of the contract language needed to perform testing to ensure intended behaviors.

HIMSS20 Digital

Experience the education, innovation and collaboration of the HIMSS Global Health Conference & Exhibition… virtually.

Twitter: @JELagasse

Email the writer: jeff.lagasse@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.