Heart of Health Policy

Updates on Health Policy News Affecting Practice.

What is the Role of Cardiology in Data Sharing?

Cardiology Magazine, Jan. 2017Increased data sharing is transforming both research and practice in cardiology as it fits into the broader open-science movement and ultimately benefits clinical care, according to a technology corner article published Dec. 11 in the Journal of the American College of Cardiology.

Pranammya Dey, et al., examine the reasons behind sharing clinical research data and discuss key initiatives that have enhanced greater sharing of data. They also describe how data sharing is especially important in cardiology, given its history of gathering evidence for knowledge creation and secondary data analysis. Read More >>>

The authors explain that unanswered questions remain in many clinical trials and certain information is often left out. They note that “withholding data, positive or negative, can cause harm,” and that withholding data can also prevent independent investigators from detecting errors in previously published studies.

However, due to groups such as the Academic Research Organization Consortium for Continuing Evaluation of Scientific Studies, which comes together to advocate for sharing and standards, the move toward sharing clinical trial data is progressing.

Organizations such as the U.S. Food and Drug Administration and the National Institutes of Health (NIH) have also promoted clinical trial data sharing. For example, since many trial results previously went unreported, the NIH requires all trials that it partly or fully funds to be registered and report summary results.

Furthermore, to continue increasing data sharing and rewarding those for doing so, the authors explain that new incentive structures are necessary. They provide suggestions for moving forward such as acknowledging the original producers of data in publications; providing funding for sharing data; giving credit for data sharing in academic promotions; reimbursing health systems that share data with patients and researchers; and creating a standardized recognition system for data generators.

The authors conclude that “the revolution in data sharing that has transformed domains ranging from physics to genetics is just beginning for clinical medicine.” They add, “as we move toward a world of open data, cardiology has the opportunity to lead and, in so doing, to serve as a model for all of medicine.”

<<< Return to top

Ransomware Protection Tips

Cardiology Magazine Image

The U.S. Department of Health and Human Services has issued the following guidance for facilities and services affected by a ransomware attack:

  • Contact the FBI Field Office Cyber Task Force or U.S. Secret Service Electronic Crimes Task Force immediately to report a ransomware event and request assistance.
  • Report cyber incidents to the US-CERT and the FBI Internet Crime Complaint Center.
  • If your facility experiences a suspected cyberattack affecting medical devices, you may contact U.S. Food and Drug Administration’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.

Facilities can prevent cyberattack by ensuring that computers and other devices are updated and patched with the latest anti-virus software. Microsoft has a suite of protection tools on its Guide for WannaCrypt Attacks page. All employees should only open emails from trusted sources and never open attachments unless its contents are absolutely known. For general advice on how to protect against ransomware, review US-CERT Alert TA16-091A.

Medical Device and Electronic Security: What Should Your Practice Know?

Cardiology Magazine Image

As increasing amounts of data are stored in online accessible distributed databases, colloquially known as the “cloud,” any breach of the security that guards these databases has potentially wide-ranging implications and could affect many individuals. Banking, insurance and now medical records are largely digital. As long as aggregate access to this data remains possible, inappropriate access is a concern. In the past year, major corporations such as Equifax and Yahoo have announced data breaches, exposing internal and customer data.

To a large extent, the medical field accepts and operates in a lower security environment, and relies on the non-maleficence of individuals operating within the system. Patients with implanted medical devices have private data that are created and stored on the device, and may be vulnerable to unauthorized access, or worse, alteration of the medical device programming or function. However, this longstanding balance between availability and security breaks down when there can be continuous anonymous attacks to a system by potentially distant operators, such as with an imperfectly secured web portal for patient records, where there is little penalty and a great opportunity for attempted compromise of a system. Read More >>>

As physicians, practice managers and users of connected devices, what are we to do regarding electronic security and our medical practices? There are some very quick and common-sense steps to ensure quality and the balance of security, inconvenience and ensuring legitimate access.

The first is to understand your practice’s security setup. Talk to your IT administration and ensure that basic consensus operations are implemented. For example, do office computers have hard drive encryption, preventing the hard disk from being removed and analyzed for passwords, patient or practice information? This can be implemented in a fashion that is transparent to the user. Talk to your device representatives and ensure that updates are pushed to all device programmers and that patches, if available, are given as an option to patients with devices that can be upgraded.

The second is to make sure that your own computer and device systems are up to date and continually patched. Even the simplest of office and electronic medical record systems needs to be actively managed and updated. Personal systems that are connected to the hospital network or contain any protected medical information must be kept up-to-date with all known exploits removed. Routers, computers and even connected devices should be continually updated with the latest firmware and fixes.

Finally, it is critical to use good sense when transporting or transmitting medical information in any form. Laptops that contain protected information must have strong encryption, in addition to any flash drives or portable storage. There are numerous free tools that IT professionals can help implement in all operating systems. Email should generally be regarded as insecure and vulnerable to interception during transmission — although with modern programs the presence of end-to-end security is now indicated to the user and should be used if available. Keep in mind that even with encrypted transport, account administration at either end of email may generally access emails and records.

Security does not need to be, and should not be, an overzealous mission that becomes self-defeating. After a brief heyday of strict password-changing in the early 2000s, IT administrators ultimately realized that the enforced changing of passwords every few months does not actually improve security, as users will just write them down or increment one small aspect of the password. Similarly, requiring a difficult to remember and combination of odd symbols password is less important than ensuring adequate length of a password and prevention of commonly used words. In the physical world, placing everything in an office under a lock and key has the possibility of keeping legitimate users out, makes things difficult in an emergency and makes for an unwelcoming environment. The best fixes preserve this balance with local systems, while all online systems, or those widely exposed to the internet, must be given continuous attention and tight security.

This article was authored by G. Stuart Mendenhall, MD, FACC, cardiologist at the University of Pittsburgh Medical Center.

<<< Return to top

Keywords: ACC Publications, Cardiology Magazine, Information Dissemination, Research Personnel, Motivation, Consensus, United States Food and Drug Administration, Computer Security, National Institutes of Health (U.S.), Research, Internet, Online Systems, Health Policy, Financial Management, Software, Physics, Crime, Attention, Electronic Health Records

< Back to Listings