< + > Steady Improvement, AI Benefits, and Reducing Burden were the Key Messages at NextGen UGM 2024

At the 2024 NextGen User Group Meeting #NextGenUGM24, the message was clear: The company continues to make steady improvements to its platform and remains focused on reducing administrative burden for both customers and partners. Most importantly, NextGen Healthcare’s Ambient Assist solution has lived up to expectations.

Healthcare IT Today was invited to cover #NextGenUGM24, held in Nashville TN. Here is our summary of the event.

Key Takeaways

1. NextGen’s Ambient Assist (ambient clinical voice) solution has been successfully rolled out to hundreds of physicians over the past year. Physician feedback has been extremely positive.
2. The company remains focused on improving its platform to help reduce the administrative burden on end-users and the technical burden on partners.
3. NextGen has consolidated its patient-facing solutions under a single umbrella – dubbed Closed Loop Practice and Patient Experience – and dedicating more resources to help improve the overall patient experience.

No Flash. Just Steady Improvement.

At #NextGenUGM24, the company did not make any flashy announcements or bold promises. Instead, they stayed true to the strategy they set out a year ago – steady improvements designed to reduce administrative burden on physicians and practices.

In doing so, NextGen sent a clear message: we are doing what needs to be done and our customers are seeing the benefits.

The company’s Ambient Assist (ambient clinical voice) solution is a cornerstone of the reduce-burden effort and CEO David Sides was happy to announce the successful rollout to hundreds of physicians over the past year. Collectively tens of thousands of patient visits have now been captured and documented automatically by the system.

Physicians are saving hundreds of hours of documentation allowing some to achieve a better work-life balance while others have chosen to see more patients to ease the access challenge in their community. Sides in his opening keynote shared how one physician (who he didn’t realize was sitting near the front of the audience) had done over 1,200 visits with Ambient Assist.

The company expects even faster adoption now that the early adopters have achieved results that have lived up to expectations.

Deeper Integration with Partners

In speaking with NextGen’s partners who were exhibiting at event, it was clear that many have been working more closely with the company to improve the level of integration. Several exhibitors shared how they are leveraging NextGen’s APIs to offer new features that were not possible using their prior method of integration.

The upside for end-users is a smoother experience and better usability.

IMO Health, for example, was showcasing their refreshed user interface which was only made possible by using NextGen’s new APIs.

Benchmarking Gaining Traction

Srinivas Velamoor, NextGen’s President and COO, shared how the benchmarking solution continues to gain traction with customers. By making key performance metrics available to its customers in a data warehouse, practices are able to see how they are performing relative to organizations of similar type, size, geography and along dozens of other vectors.

“By giving our customers these benchmarks through this enterprise data warehouse and dashboard that we publish, they can see how much potential they are leaving on the table,” said Velamoor. “Not only for RCM reimbursements, but also how fast a physician conducts an encounter and how satisfied patients are with their service. It is a powerful tool that allows us to partner more closely with our clients.”

Learn more about NextGen at https://www.nextgen.com/

NextGen is a sponsor of Healthcare Scene.

< + > Chief AI Officer: Healthcare's hot new role demands a rare combination of skill sets

You can't just toss AI onto the CIO or CTO titles. Overseeing artificial intelligence in clinical and business environments, standing up a governance structure, and managing portfolios of tools for different patient types requires deep experience.

< + > Vendor AI Roundup: Enhanced EHR offerings designed to give practices a leg up

Also: SmartDX launches tools to help hospitals overturn denials in minutes and recover lost revenue.

< + > Three Ways AI Is Transforming Medical Coding to Improve U.S. Healthcare

The following is a guest article by Cathy Donohue, Senior Vice President of Product at CodaMetrix

For decades, niche automation and piecemeal software solutions have been deployed by health systems to make electronic health records (EHRs) more effective in delivering care, monitoring quality, and controlling costs. Much of these objectives rely on the presence of accurate code sets to describe the patients’ condition and the care delivered.

But healthcare staffing shortages combined with the growing complexity of medical coding and payer rules, and pressure on providers for more personalized care have left many hospitals swimming upstream, struggling with staffing shortages, provider burnout, and unreimbursed care.

Fortunately, in response to this turbulence, we are seeing the emergence of a new wave of next-generation artificial intelligence (AI) and deep machine learning. These solutions can deliver unprecedented accuracy and validation of claims by aggregating disparate pieces of clinical information found across the patient journey. New technology is now allowing a bedside encounter to be accurately captured and autonomously coded, transforming the providers’ workflows in ways that get claims approved faster at a lower cost.

I have spent the last 25 years focused on driving efficiency and usability by refining how IT systems interact with electronic records, all while remaining cognizant that the EHR was originally designed for registration and billing, not for physician workflows and improving patient outcomes.

The ability of AI to bolster the bottom line of health systems – by improving the speed, efficiency, and accuracy of insurance claims – is now widely understood across the healthcare sector. AI can be adapted to health systems’ existing interfaces with the help of data ingestion and integration tools, so hospitals are not reinventing the wheel to take advantage of automation to improve their bottom line.

Advanced machine learning holds enormous potential to bring order to the chaos of the modern health system. To that end, here are three ways AI is transforming medical coding to improve the financial health of practices and the quality of care accessed by patients.

Alleviate Provider Burden

Beyond the strains of patient care delivery, the status quo asks providers to spend extensive administrative time on chart documentation and medical coding. Given there are no coding classes in medical school, it’s not surprising many doctors simply default to their most used, or “favorite” codes. All too often this leads to poorly calibrated and inaccurate coding, both in respect to the acuity of a patient and the level of care provided.

Automation can now take this burden off the provider and convert that administrative time to patient care. AI has the capability to mine the medical record and historical patient timeline for a more accurate view of a patient’s diagnosis and treatment plan, saving the provider time, providing more accurate coding, and getting paid accurately for the treatment administered. There should however remain a safety net for medical coder involvement in complex cases, as well as routine human quality audits and feedback opportunities.

Improve Claim Quality

AI is able to populate the diagnostic and procedure codes reflecting the clinical specificity expressed within the EHR and apply those to the revenue cycle’s objectives for meeting the highest quality requirements of the claims process. Providers can be prescriptive in the level of quality each automated claim must meet. In the case where AI produces predictions not meeting said standard, or if claim edits are hit, cases can be routed directly to a manual coder, along with the autonomously predicted code sets, pertinent patient details, and documentation of the patient’s encounter to make the case review and coding as efficient as possible.

On both fronts, AI’s goal is to increase the speed, comprehensiveness, and accuracy of the submitted claim. The added benefit comes with the rounds of optimization the models will undergo as they learn from the human coding activity to continuously improve coverage and accuracy.

Produce Clinically Comprehensive Code Sets

While most EHRs have fulfilled their role as collectors of health systems’ digitized data, there remains a wide gap in their ability to package and display that data in a meaningful and efficient way to drive a comprehensive, longitudinal assessment of any given patient’s clinical condition.

Health systems invest millions of dollars to derive accurate assessments, in the form of diagnosis and procedural codes, for a multitude of purposes and beyond those of producing billable claims. In fact, the cost of coding across the enterprise is nearly double what is spent by the revenue cycle department.

But, if AI is able to evaluate the longitudinal record, then why stop at only producing the encounter-specific codes that meet the relatively low claim’s threshold of “medical necessity”? Instead, AI-driven autonomous coding can raise the bar and establish a clinically comprehensive set of codes, thereby supporting prior authorizations and utilization management, identifying care gaps, building care plans, and populating care registries, as well as supporting clinical research through patient recruitment for clinical trials.

It isn’t hard to take this one step further and suggest that AI could assist providers at the point of care by building an accurate and comprehensively coded problem list and encounter history. Providers would then be freed from scouring a patient’s chart to help inform the appropriate delivery of care. This can be particularly effective in emergency and bedside services, some of the most difficult service lines due to the multiplicity and complexity of diagnostic and procedure codes.

These types of transformative changes are starting to take shape in the minds of many health leaders as they begin to digest, implement, trust, and embrace the power that AI in medical coding can have across the enterprise. As understanding and confidence builds in the advantages a well-conceived AI platform can offer, deep learning will make it possible for players across complex health systems to care more and code less. That’s a future that should appeal to revenue cycle managers, providers, and patients alike.

About Cathy Donohue

Cathy Donohue is the Senior Vice President of Product at CodaMetrix, a Boston-based SaaS company that leverages AI to transform clinical data into accurate medical codes, enhancing revenue cycle management and patient care. With over a decade of experience in product strategy and operational leadership, she has successfully driven initiatives at companies like Commure and PatientKeeper, managing multimillion-dollar product portfolios and large cross-functional teams. Cathy is known for her expertise in agile development, customer relationship management, and regulatory compliance. She holds an MBA in Healthcare Administration from Boston University and a BA in Business Economics from UC Santa Barbara.

< + > Hippocratic AI Receives Investment From NVentures to Build Generative AI Healthcare Agents

Investment Follows Technical Collaboration on Large Language Models for Healthcare

Hippocratic AI, the company building the first safety-focused Large Language Model (LLM) for healthcare, today announced it has received an investment from NVentures, NVIDIA’s venture capital arm in its recently closed extended Series A round. NVentures, along with Greycroft and Leo Shapiro of 7Wire Ventures, contributed a combined total of an additional $17 million to the round, bringing the total invested in the company to $137 million. The first close of the Series A round was co-led by Premji Invest and General Catalyst with participation from SV Angel and Memorial Hermann Health System as well as existing investors Andreessen Horowitz (a16z) Bio + Health, Cincinnati Children’s, WellSpan Health, and Universal Health Services (UHS) at a $500 million valuation.

Hippocratic AI’s collaboration with NVIDIA is centered on cutting-edge technological advancements. Hippocratic AI is leveraging NVIDIA NIM microservices to scale its production platform to deliver low-latency and long-context conversational capabilities. The collaboration, launched at the NVIDIA GTC global AI conference earlier this year, includes several techniques tailored for real-time, long-context conversational AI, including prefix caching, speculative decoding, and prefill/decode disaggregation. In addition, Hippocratic AI, powered by NVIDIA technologies, is advancing medical domain specialization in LLMs through custom automated speech recognition (ASR) technology, fine-tuned to meet the needs of clinician-patient interactions.

“NVIDIA is an ideal collaborator to help us achieve our vision of delivering healthcare abundance,” said Munjal Shah, Co-Founder and CEO at Hippocratic AI. “Our deep technical collaboration has helped us to build an LLM with extremely low latency leading to more empathetic inference capabilities. Their venture capital arm’s investment in our company demonstrates our shared interest in harnessing the power of generative AI to revolutionize healthcare.”

“Generative AI will expand the healthcare industry and its ability to serve the growing demands of patient care, and Hippocratic AI is putting the technology to work to increase access to healthcare,” said Kimberly Powell, Vice President of Healthcare at NVIDIA. “The company’s safety-focused approach uses advanced NVIDIA technologies to make personalized, real-time patient interactions more natural and capable, helping build trust among patients and clinicians alike.”

About Hippocratic AI

Hippocratic AI’s mission is to develop the first safety-focused Large Language Model (LLM) for healthcare. The company believes that a safe LLM can dramatically improve healthcare accessibility and health outcomes in the world by bringing deep healthcare expertise to every human. No other technology has the potential to have this level of global impact on health. The company was co-founded by CEO Munjal Shah, alongside a group of physicians, hospital administrators, healthcare professionals, and artificial intelligence researchers from El Camino Health, Johns Hopkins, Washington University in St. Louis, Stanford, Google, and NVIDIA. Hippocratic AI has received a total of $137 million in funding and is backed by leading investors, including General Catalyst, Andreessen Horowitz, Premji Invest, SV Angel, NVentures, and Greycroft. For more information on Hippocratic AI, visit hippocraticai.com.

Originally announced September 19th, 2024

< + > Medtronic dismissed from pulse oximeter lawsuit, FDA still working on guidance

The medtech company says it is the only manufacturer of FDA-approved pulse oximeters to have reached an agreement in a lawsuit against many over the devices' notoriously higher rates of error for people with darker skin.

< + > Cutting through the AI hype to ensure investments have impacts

A healthcare artificial intelligence expert also discusses foundational first steps hospitals and health systems should take when looking to adopt AI and how AI can be used to free up time and fight burnout for staff.

< + > The U.S. BIOSECURE Act Misses the Urgent Need to Secure DNA Data

The following is a guest article by Bruno Kurtic, Co-Founder, President, and CEO at Bedrock Security

It’s becoming increasingly evident that the U.S. BIOSECURE Act will soon become the law of the land. The U.S. House of Representatives recently passed the bill with strong bipartisan support, highlighting escalating national security concerns, particularly those related to cybersecurity and the protection of core intellectual property. As the government seeks to address those concerns, it’s worth considering where the BIOSECURE Act misses the mark, particularly in terms of protecting U.S. citizens and their DNA data. Undeniably, the Chinese government poses a broad and growing threat to critical infrastructure, which includes healthcare and the public health sector, and the sensitive data of American citizens. Through this Act, Congress is seeking to control pharmaceutical supply chain threats, largely by prohibiting federal agencies from engaging with biotechnology companies of concern. Whether it achieves this goal remains up for debate.

Where the BIOSECURE Act Falls Short

According to the House Select Committee on the Strategic Competition Between the U.S. and the Chinese Communist Party (CCP) and House Select Subcommittee on the Coronavirus Pandemic, the BIOSECURE Act is intended to control the biotech supply chain and secure citizens’ genetic data. Yet it targets specific companies without the broader context of looking at how companies collect or maintain personal genetic data. The CCP’s national security laws require Chinese firms to share any data requested, which includes the biotech companies that collect, test, and store American genetic data. That’s any Chinese firm, not a select few — therefore, the focus of the Act fails to address many real sources of potential data security risks. To effectively protect DNA data, the nation needs a comprehensive approach that creates uniform standards, considers all entities with access to genetic information, and coordinates internationally on biosecurity measures.

The Imperative of Securing Personal DNA Data

DNA data is uniquely sensitive information that contains very intimate details about an individual’s health, ancestry, and genetic predispositions. While there are many types of sensitive information, DNA data is far more uniquely personal and revealing than most other types of data. Unlike exposed passwords or credit card numbers, for example, a person’s genetic code never changes. Once it is exposed, this personal biological information remains vulnerable forever.

DNA data also has serious potential for misuse; much like any health data, genetic information may enable discrimination in terms of getting health insurance or setting premiums, finding or retaining employment, denying loans or charging higher interest rates for financial services, or in a variety of other ways. DNA data can be used in healthcare, research, forensics, and other fields, reinforcing why it must be protected against misuse across many domains. With this indisputable commercial value, hackers are likely to find DNA data an attractive target, while such breaches will erode public trust in genetic testing and research, potentially hindering scientific progress.

Given the far-reaching implications of unauthorized access to genetic data, the government should require robust security measures for all entities handling DNA data rather than focusing on a few companies. Protecting genetic data is necessary to safeguard individual privacy, maintain public trust, and still enable the responsible advancement of genomic science and its many possible applications.

Implementing Appropriate Data Controls

Regardless of when the BIOSECURE Act ultimately becomes law, both the public sector and private organizations must adopt measures that ensure sensitive data is appropriately secured. There is a real and pressing need for frameworks that mitigate data exposure risks. Such frameworks must include effective data controls that enable researchers to use data responsibly while still prioritizing personal privacy.

President Biden’s Executive Order 14028, one of many aimed at improving the nation’s cybersecurity, focuses on Zero Trust Architecture (ZTA) as an important way to minimize access to resources and continuously authenticate and authorize identity. This includes:

• Limiting data access to specific individuals or accounts through role-based access controls (RBAC)
• Enabling only the lowest necessary level of access at all times
• Using strong passwords and encryption for all accounts and devices
• Auditing and authorizing account permissions regularly

These measures should be accompanied by data de-identification efforts, such as removing or encrypting personal identifiers to protect DNA data while still allowing for analysis. In addition, identifiers, data, and encryption keys should be stored separately in encrypted files and locations.

Securing sensitive data also requires careful management of how data is shared, such as data use agreements to specify allowed uses and protections, sharing the data through controlled-access repositories, and ensuring researchers understand both personal privacy and intellectual property considerations of sharing such data.

Reducing the Risk of Data Exposure

There are multiple steps organizations can take to reduce the risk of exposing sensitive data. Robust access controls can significantly reduce risk, particularly when accompanied by encryption and de-identification measures. Enhanced authentication measures, such as adopting multi-factor authentication, following strong password policies, requiring regular password changes, and requiring reauthorization or re-identification periodically also reduce these risks.

Another essential step is implementing a comprehensive and quick data identification and classification system that analyzes structured and unstructured data to identify and appropriately protect diverse types of information. This enables organizations to apply stricter access controls to highly sensitive or regulated data, particularly DNA and protected health information. It also supports data minimization practices by helping to identify shadow data, by making it simpler to review stored data and securely dispose of information that’s no longer needed, and by helping organizations ensure that only necessary data is collected and retained.

When accompanied by other cybersecurity best practices, these measures can help organizations significantly reduce their risk of data exposure and demonstrate a commitment to protecting confidential health information, including DNA data. Cyber threats continue to evolve, and nation-state actors are playing a larger role than ever before, increasing risks to American citizens and their data. Organizations must take the responsibility for safeguarding sensitive information seriously now, whether it’s mandated by legislative requirements or not.

About Bruno Kurtic

Bruno Kurtic is a highly accomplished entrepreneur with 30 years of experience in building and leading high-growth technology companies. As Co-Founder, President, and CEO of Bedrock Security, Bruno leads the company’s vision and strategic direction.

Before founding Bedrock, Bruno co-founded Sumo Logic, where he crafted the company’s product and strategy, leading it from inception to a successful IPO. During his decade-long tenure as Head of Product, he established strategic partnerships with industry giants like AWS, Akamai, Crowdstrike, and Google Cloud, positioning Sumo Logic as a market leader. His hands-on approach in go-to-market activities and securing multiple patents helped the company raise over $346 million in funding from top-tier investors, including Greylock Partners and Sequoia Capital. Following the IPO, Bruno served as Chief Strategy Officer, continuing to guide the company’s strategic direction.

Bruno earned his undergraduate degree in Quantitative Methods and Computer Science from the University of Saint Thomas, followed by an MBA from MIT.

< + > This Week’s Health IT Jobs – October 30, 2024

It can be very overwhelming scrolling though job board after job board in search of a position that fits your wants and needs. Let us take that stress away by finding a mix of great health IT jobs for you! We hope you enjoy this look at some of the health IT jobs we saw healthcare organizations trying to fill this week.

Here’s a quick look at some of the health IT jobs we found:

• Director, Data Platform Solutions – Interwell Health
• Specialist – Information Technology – Atlas Healthcare Partners
• IT Asset Management Specialist – VITAS Healthcare
• Complex Case Manager – Harris Health System
• Manager of Health Information Management – North Central Health Care
• Credentialed Trainer – Yale New Haven Health
• IT Lead – CereCore
• Executive Director, Linde Center for Primary Care Leadership – Beth Israel Deaconess Medical Center
• Manager, Health Informatics – Valley Health System
• IT PACS Sr Systems Administrator – CommonSpirit Health
• Epic Analyst – Core Clinical – University Medical Center of Southern Nevada (UMC)
• IT Operations Technician – Epic
• Hospital Coding Specialist I (Remote) – Riverside Healthcare
• Data Analyst – Value-Based Care – Graves Gilbert Clinic
• IT Technical Admin – UCaaS – Capital Health
• Health Information Management Specialist – Ensemble Health Partners
• Supervisor Clinical Operations – Mass General Brigham Health Plan
• ICT/Security Healthcare Principal – HDR
• Director, Health Information Services Operations – Virginia Mason Franciscan Health
• IT Procurement Specialist – Waianae Coast Comprehensive Health Center

If none of these jobs fit your needs, be sure to check out our previous health IT job listings.

Do you have an open health IT position that you are looking to fill? Contact us here with a link to the open position and we’ll be happy to feature it in next week’s article at no charge!

*Note: These jobs are listed by Healthcare IT Today as a free service to the community. Healthcare IT Today does not endorse or vouch for the company or the job posting. We encourage anyone applying to these jobs to do their own due diligence.

< + > New Oracle EHR promises AI-enabled reinvention

Previewed at the company's annual summit, the electronic health record, built on Oracle Cloud Infrastructure, offers secure automation across clinical workflows, enabling faster insights at the point of care with streamlined documentation and more.

< + > Considerations and Safeguards Addressing Potential Vulnerabilities in Connected Medical Devices and the Internet of Things (IoT)

Digital transformation in healthcare is an incredible tool that is actively working to make the lives of patients and staff better every day; especially as more organizations begin to embrace it and expand its use throughout their healthcare systems. However, as with every new idea and technology, we must immediately think of the potential security vulnerabilities and how to cover them. With digital transformation, two big areas we need to consider the security risks of are connected medical devices and the Internet of Things (IoT).

So, as healthcare embraces digital transformation, what considerations and safeguards are in place to address potential vulnerabilities in connected medical devices and IoT within the healthcare ecosystem? We reached out to our insightful Healthcare IT Today Community with this question and the following is what they had to share.

Yigal Rozenberg, SVP Technology at Protegrity
As healthcare embraces digital transformation, ensuring the security of connected medical devices and IoT systems requires ongoing collaboration between healthcare providers, manufacturers, IT security teams, and regulatory bodies. Key safeguards include maintaining an inventory of connected devices, segmenting networks, implementing security by design, conducting regular vulnerability assessments, and enforcing strong access controls. Additionally, continuous monitoring, patch management, risk assessments, vendor management, regulatory compliance, incident response planning, and user training are crucial. Balancing the benefits of connected devices with robust security measures remains a primary challenge in the evolving threat landscape.

Marlena Herrera, Director of Customer Success at Protegrity
In the Healthcare industry sensitive data is commonly thought of as Personally Identifiable Information [PII]. Considering medical devices and IoT, we have to look at what may be sensitive differently. Thinking about information such as location, IP address, medical device number, and other components that are not usually thought of as sensitive must be considered with the increased number of connected devices within the healthcare ecosystem. Having a solution that resolves data challenges for PII, medical devices, and IoT-connected devices improves the security posture and safeguards the healthcare ecosystem’s data.

Yuval Wollman, Chief Cyber Officer at UST
As healthcare organizations adopt digital transformation, addressing vulnerabilities in connected medical devices and IoT is significant. Healthcare organizations should make sure that “security by design,” where security is integrated into the development of these devices, is part of the product development. In addition, regular software updates and patching can help maintain the latest security protections. In the Change Healthcare attack, outdated systems were exploited and contributed to the shutdown of systems.

A network segmentation strategy should also be in place as it limits the spread of attacks by separating critical medical devices and their connected networks from other networked systems. As always, and as part of cyber hygiene, continuous monitoring and leveraging threat intelligence for real-time threat detection are also essential to maintain the integrity and safety of an organization’s network.

Pratik Maroo, Head of Healthcare and Life Sciences at Zensar
It is estimated that the value of medical IoT devices will be $467.25 billion by 2027. The pandemic accelerated the adoption of emerging regulations to expedite the use of IoT in the medical world. Some of the measures are to: Enforce strong password policies and regularly update their secure network services and interfaces by up-to-date encryption, authentication, and authorization measures Establish secure firmware updates with automatic, authenticated, and encrypted update mechanisms Regularly review and update components used in the IoT/connected devices Data minimization practices to collect required information Comprehensive device management policies with regular security audits Physical security measures to prevent from tampering/unauthorized access.

Jerry Mancini, Senior Director, Office of the CTO at NETSCOUT
It’s crucial to address vulnerabilities in IoT-connected medical devices. Key considerations include implementing strong security measures for these devices, such as regular software updates and robust authentication protocols. This is important because IoT devices are often hijacked to join botnets that can launch large-scale DDoS attacks capable of crippling networks and mission-critical applications. Additionally, ensuring that devices are segmented from critical systems and monitored for unusual activity can help mitigate these risks and protect patient data. Concerns related to security risks and the IT organization’s ability to respond to them are significant, particularly in hospitals. The extensive cache of distributed IoT devices poses a unique challenge, with threats against these devices being of particular concern.

To address this, network visibility into all IT activity, including IoT is crucial. Network Operations (NetOps) and Security Operations (SecOps) teams must work together to reduce threats and investigate potential incidents of compromise. By collaborating effectively, these teams can enhance the security posture of healthcare organizations, ensuring that connected medical devices and IoT systems are safeguarded against vulnerabilities, thus protecting patient data and maintaining the integrity of healthcare services.

William Ogle, Senior Director of Governance, Risk, and Compliance at Nordic Consulting
As healthcare embraces digital transformation, addressing potential vulnerabilities in connected medical devices and the Internet of Things (IoT) is crucial. Organizations and manufacturers are implementing several key safeguards to enhance security, including adherence to industry standards and regulatory requirements, robust authentication and access control measures, and end-to-end encryption of data at-rest and in-transit. Regular security assessments, timely patching, and software updates are vital to mitigate risks. Network segmentation and continuous monitoring help isolate and detect threats, while comprehensive incident response and disaster recovery plans ensure swift action during breaches.

To safeguard the entire ecosystem, third-party risk management and supply chain security are essential controls. Within healthcare organizations, ongoing user education and cybersecurity training programs can help foster a culture of security awareness. Through these measures, healthcare organizations can better protect their IoT devices and more importantly, strengthen their overall information security and privacy programs.

Marcus Flack, CTO/Chief Technology Officer at CenTrak
As healthcare systems increasingly incorporate digital technologies and IoT devices, addressing potential vulnerabilities involves a purposeful process from the beginning. Healthcare decision-makers must lay a strong foundation and ensure that security measures are integrated into the design and implementation of connected devices and systems. To better ensure the proper foundation, healthcare teams must evaluate the security posture of vendors providing connected devices to ensure they meet stringent security requirements. Our cloud software hosted on AWS comes to mind for me.

However, the job isn’t over once the implementation is completed. We always recommend teams perform regular penetration tests to identify and address any potential vulnerabilities in IoT devices as well as implement continuous monitoring to detect and respond to threats in real time. To further safeguard, organizations should employ strong encryption and access controls to protect patient data transmitted and stored by IoT devices, along with adhering to industry standards and regulations to ensure that connected devices meet necessary security requirements.

Charles Cinert, Chief Services Officer & General Manager at ClearDATA
Wearables and IoT devices are undeniably a marvel of modern healthcare technology, continually evolving and offering unprecedented convenience and health monitoring capabilities that can improve patient health outcomes. That said, wearables contain and transmit significant amounts of protected valuable health information. One major challenge is the lack of standardized security protocols across various manufacturers of wearable devices. With no uniform baseline for security measures, wearables become an increasingly attractive target for exploitation. Given the diverse range of devices—from heart rate monitors to glucose sensors—any compromise can lead to data manipulation. Such tampering could result in incorrect diagnoses or treatment decisions, directly impacting patient health and safety.

The potential for ransomware attacks on connected devices adds another layer of concern. As these devices often handle critical health monitoring and management functions, any disruption could have severe consequences on patient care. The risk is further compounded by the possibility of these devices opening up multiple entry points for sophisticated threat actors to infiltrate larger healthcare-connected networks. This underscores the need for device manufacturers and healthcare organizations to implement comprehensive cybersecurity and compliance measures.

Establishing stringent, industry-wide security standards would mitigate these risks, but in the absence of standardized measures, it is critical that wearable device companies prevent unauthorized access. This includes following strong encryption standards, deploying regular software updates, ensuring multi-factor authentication, and implementing proactive and continuous threat monitoring and detection. It also means regularly testing and reviewing their devices against HIPAA, GDPR, NIST, and other healthcare security, privacy, and compliance frameworks. The combined efforts of strong technical measures, continuous vigilance, and industry collaboration are essential to safeguarding the future of wearable technology.

Mike Donahue, Chief Delivery Officer at CloudWave
To address potential vulnerabilities in connected medical devices and the Internet of Things within the healthcare ecosystem, healthcare organizations should go beyond their IT Incident Response plan and consider adopting a medical device cybersecurity approach that prioritizes patients.

This includes implementing a program designed to bring together technology and processes for a single focus of protecting the patient in the event of a cyberattack. It should enable all levels of the healthcare organization to understand the security risks involved with medical devices, define policies, deploy breach detection, perform medical-device manufacturer cybersecurity risk assessments, and more.

Additionally, healthcare organizations should proactively develop incident response plans that take into account the potential impact of cyberattacks on connected medical devices and IoT and ensure that clinical staff have defined actions to take in the event of a cyberattack.

Cecil Pineda, Senior Vice President and Chief Information Security Officer at R1
IoTs may be one of the hardest areas to protect, as many of these devices do not utilize common operating systems, protocols, or standards. They may have embedded credentials or default credentials, with some of these devices insecure out of the box. There are many technologies out there to help protect them, but what I have found to be more effective is segmenting them off your network, protecting access to these devices and networks, and applying some intrusion detection capabilities so you can monitor any intrusions. Systems hardening and firmware maintenance are key, even if it’s limited.

There are so many good points to consider here! Huge thank you to Yigal Rozenberg, SVP Technology at Protegrity, Marlena Herrera, Director of Customer Success at Protegrity, Yuval Wollman, Chief Cyber Officer at UST, Pratik Maroo, Head of Healthcare and Life Sciences at Zensar, Jerry Mancini, Senior Director, Office of the CTO at NETSCOUT, William Ogle, Senior Director of Governance, Risk, and Compliance at Nordic Consulting, Marcus Flack, CTO/Chief Technology Officer at CenTrak, Charles Cinert, Chief Services Officer & General Manager at ClearDATA, Mike Donahue, Chief Delivery Officer at CloudWave, and Cecil Pineda, Senior Vice President and Chief Information Security Officer at R1 for taking the time out of your day to submit a quote! And thank you to all of you for taking the time out of your day to read this article! We could not do this without all of your support.

As healthcare embraces digital transformation, what considerations and safeguards do you think are in place to address potential vulnerabilities in connected medical devices and the Internet of Things (IoT) within the healthcare ecosystem? Let us know either in the comments down below or over on social media. We’d love to hear from all of you!

< + > Leveraging Call Verification for Identity Management in Healthcare

One of the scariest things in healthcare right now is having your organization breached.  While systems are sometimes breached through more traditional approaches to hacking, the most common breaches today generally occur when hackers steal someone’s credentials.  In fact, many hackers are using social engineering attacks on IT help desks to breach healthcare systems.  This is why identity management in healthcare is so important.  All those expensive IT security systems don’t help you much when the hackers take control of your users legitimate credentials.

This was the topic I explored recently with Tracey Nyholt, Founder & CEO at TechJutsu, at the Oktane conference by Okta in Las Vegas.  In our discussion, Nyhold shares about her company TechJutsu, some of the challenges of identity management in healthcare, and the solutions available for healthcare organizations.

One of the solutions Nyholt shares is called Caller Verify. She shares the story behind TechJutsu’s creation of Caller Verify and what inspired them to create this solution.  Nyholt shares how Caller Verify tackles the pressing security concern of social engineering attacks on IT help desks.  The simple solution is integrated with many of the popular software systems out there including EHR systems.  With the click of a button a call center agent or help desk staff can have Caller Verify make a phone call to verify the identity of an individual.  Such a simple to implement, but powerful solution for identity management.

Check out the interview below to learn about how clients have responded to this solution, how Nyholt sees healthcare organizations leveraging Caller Verify, and how they’re integrating it with third party software vendors.  Plus, she shares how they’re working to make sure Caller Verify and TechJutsu are staying one step ahead of the attackers.

Learn more about Caller Verify: https://www.callerverify.com/

Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.

And for an exclusive look at our top stories, subscribe to our newsletter and YouTube.

Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our Media Kit.

TechJutsu is a proud sponsor of Healthcare Scene.

< + > How Healthcare Organizations can Minimize the Impact of Ransomware in the Cloud

The following is a guest article by Scott Ragsdale, Head of U.S. Healthcare Region at Nutanix

Ransomware is a critical threat in today’s business landscape, and the effects of these attacks are especially detrimental for healthcare organizations. Despite advances in security, ransomware attacks have increased by an alarming 95 percent year-over-year. This trend is likely to continue as cybercriminals become more emboldened and sophisticated, in part due to new technologies—like generative AI (genAI)—which help them carry out smarter, more frequent attacks.

Earlier this year, a large healthcare technology company experienced a ransomware attack that, “affected billing and care authorization portals…led to prescription backlogs and missed revenue for providers, posing potential threats to worker paychecks and even patient care.” This incident highlights the fact that healthcare organizations have a lot more to lose than the typical negative outcomes associated with ransomware attacks, such as downtime, financial loss, and reputational damage. A ransomware attack on a healthcare company can have real, human consequences for the people who entrust these organizations with their care—medical procedures and other critical care, like prescriptions, could be delayed.

Unfortunately, many healthcare organizations will find themselves contending with a ransomware attack at some point. And once an attack has taken place, that is just the beginning. Cybercriminals can demand multiple ransoms, steal private patient data, and/or threaten to share sensitive information. Healthcare organizations need to have robust security tools and protocols in place not only to safeguard their data, but to protect the health of the patients they serve.

Identifying and bouncing back from ransomware attacks is a well-documented challenge across industries: One report found that 87 percent of organizations experience difficulties related to ransomware and malware protection with their current IT infrastructure. Although the healthcare industry has been slower to move to the cloud due to the sensitive nature of its data, adoption has been on the rise in recent years (in part spurred by the pandemic), and today 47 percent of health organizations store protected health information (PHI) in the cloud, which increases their level of risk.

Every healthcare organization needs to be focused on cyber resilience so that when ransomware attacks happen they can continue to carry out their critical functions and minimize the impact on patients. Here are a few ways healthcare organizations can practice cyber resilience and reduce the negative outcomes of ransomware in the cloud.

Employ Automated Security Solutions (But Don’t Neglect Human Processes Either)

The uptick in cloud adoption has expanded healthcare organizations’ attack surfaces significantly, and as a result, there is more to secure than ever before. This is a “superhuman” job: Automated solutions are indispensable for protecting against ransomware attacks at scale. Tools that offer automated detection and recovery capabilities are essential for both identifying and remediating ransomware attacks so that healthcare organizations can continue to carry out their vital functions, even in the midst of an active attack.

Automated solutions are a cornerstone of robust security for healthcare organizations, but it’s important not to overlook human processes either. Employees should receive regular cybersecurity awareness training (more on this later) since human error is a major contributor to cybersecurity incidents in healthcare.

Have Security Fundamentals in Place, But Don’t Neglect to Identify the Attack’s Root Cause

A sobering fact about today’s ransomware attacks is that they’re not just about hackers getting their ransom: Cybercriminals want healthcare organizations’ data—including PHI—and the money they get along the way is just an added bonus. Once that data is stolen, there’s no way of ever getting it back, so healthcare organizations need to get security right the first time. This is why cybersecurity fundamentals such as secure backups, data encryption, and security testing protocols are table stakes.

As noted earlier, automated solutions that support fast detection and recovery are also key, but there’s a catch: Healthcare organizations need to be clear on the root cause of a ransomware attack before trying to remediate it. By attempting to recover before determining an attack’s inception point, healthcare organizations risk being reinfected with malware and compromising their backups. Approaching security with a holistic mindset is the best way to prevent this from happening: Healthcare organizations should encourage effective communication between teams and be sure to get the green light before doing damage control.

Foster a Positive and Engaging Security Culture for Healthcare Workers

Many of us are familiar with the trope that security is everyone’s responsibility, and it should be. But in order to make that a reality, healthcare organizations need to go the extra mile to get employees involved and invested in their mission. They can do this by gamifying and incentivizing security trainings and exercises to get employees on board and thinking critically about their impact on the organization from a security standpoint.

It only takes one employee performing a seemingly innocuous action to have serious consequences. An example of this is when a Health Service Executive (HSE) employee opened an Excel attachment that was unknowingly infected with malware, “ultimately enabling Conti ransomware to be deployed throughout 80 percent of HSE’s IT environment two months later.” The resulting headache and $600 million in damages could have potentially been avoided had employees received comprehensive cybersecurity awareness training. Always keep trainings positive and never shame employees who make mistakes during trainings, as it could discourage them from reporting legitimate security threats in the future.

The threat of ransomware is here to stay, and healthcare organizations arguably have more on the line than other industries. Accordingly, they need to prioritize cyber resilience and adopt automated detection and recovery solutions that let them carry on as close to “business as usual” as possible, not if—but when—an attack occurs.

< + > Oshi Health Raises $60M Series C to Strengthen Its Position as the Category Leader for Virtual Digestive Care

New Investor Oak HC/FT Leads Round to Address Soaring Demand from Consumers and Healthcare Buyers for the Nation’s First Digestive Health Virtual Center of Excellence

Investment in Oshi Comes as Digestive Health Rises to Top Four Cost Driver for Employers, Affects More than 25% of all Americans, and is the #1 Reason for Avoidable ER Visits

Oshi Health, a virtual gastrointestinal (GI) center of excellence, today announced that it has raised $60 million in Series C funding led by Oak HC/FT with participation from existing investors Bessemer Venture Partners, Flare Capital Partners, Frist Cressey Ventures, CVS Health Ventures, and Takeda Digital Ventures.

Oshi Health is now available in all 50 states to more than 40 million people as an in-network virtual GI clinic, and has a growing roster of in-person GI practice partners across the country. The company’s whole-person care model is helping patients reach lasting symptom control faster and at a lower total cost of care. Oshi has partnered with innovative benefit leaders from employers such as Dayforce, Koch Inc., Mariner, Nielsen Company, and TE Connectivity to drive awareness and impact within their populations, with dozens more employer programs launching by year-end.

This new capital will help extend the company’s market leadership and momentum, by adding partnerships with more provider groups, growing payer coverage, servicing new employer partners, and expanding into Medicare populations beginning in 2025.

“Digestive health is an urgent and under-resourced category, and Oshi stands out for its unique ability to provide proven clinical care that delivers faster relief for patients and significant savings for employers and health plans,” said Nancy Brown, General Partner at Oak HC/FT. “We are thrilled to support a team that is transforming value-based models within the virtual health space.”

“Digestive health issues are a crippling reality for millions of Americans and a financial burden for their employers and health plans,” said Sam Holliday, CEO at Oshi. “We have proven the transformative ability of our model to fill the gaps in care and create value for everyone involved, and we are excited to have the support of healthcare’s leading investors as we scale to free millions of people from their suffering.”

Gastrointestinal care is a widespread need, 2 out of 3 Americans experience digestive symptoms every week and 25% of people live with a diagnosed GI condition, driving $136 billion in annual costs. In traditional GI care, patients lack support between visits and are left on their own to decipher complicated symptoms and coordinate their own care. For many, symptom control remains elusive, and unmanaged digestive symptoms are the #1 cause of emergency department treat-and-release visits. Escalating costs have made it a top four cost driver for employers and payers alike.

“Digestive health issues are a growing cost in our health plan and there is a shortage of high-quality, convenient digestive care in the marketplace,” said Matthew Hall, Benefits Strategy Manager at Koch, which relies on Oshi to provide virtual digestive care to its employees. “Oshi’s unique virtual model supports our employees and their families with the time and expertise needed to deliver truly transformative digestive care on their own terms. I’m excited about the partnership between Koch and Oshi and the potential to make a meaningful difference in the lives of our employees.”

Because of its clinical approach and unique ability to diagnose, prescribe, treat, and coordinate care, Oshi Health can intercept and change the trajectory of unmanaged symptom escalations and drive the most significant outcomes and cost savings in the industry. Oshi surrounds patients with a dedicated multidisciplinary care team – including advanced practice providers, registered dietitians, behavioral health specialists, and care coordinators, overseen by board-certified gastroenterologists. This specialized care team works in collaboration with each other and in partnership with local gastroenterologists and primary care providers who are not structured or reimbursed to provide the time and high-touch care that Oshi delivers. Oshi patients can access unlimited virtual visits and messaging support with their care team until they understand their symptom triggers and gain the knowledge, tools, and optimal treatment plan to control their symptoms.

In data published at the Institute for Healthcare Improvement detailing an analysis conducted by a national health plan of a large commercially insured population using Oshi Health, 92% of patients reported symptom improvement with 98% patient satisfaction. This clinical trial also demonstrated that Oshi’s care resulted in total medical cost savings of $10,292 per patient in six months, driven by decreases in avoidable testing, procedures, ER visits, and medication utilization.

About Oshi Health

Oshi Health is a redesigned digestive healthcare experience that transforms access to care, the patient experience, clinical outcomes, and healthcare economics. In a high-touch virtual care delivery model, Oshi Health provides diagnosis and integrated care for digestive conditions and empowers people to achieve lasting control of their symptoms. Launched in 2020, Oshi Health works with innovative employers, health insurance partners, health systems, and community GI practices to scale access to multidisciplinary care, reduce healthcare costs, and improve the lives of millions of Americans with chronic gastrointestinal diseases. For more information, visit oshihealth.com.

About Oak HC/FT

Oak HC/FT is a venture and growth equity firm specializing in investments in fintech and healthcare. Using partnership as a foundation, Oak HC/FT guides companies and founders at every stage, from seed to growth, to create businesses that make a measurable and lasting impact. Founded in 2014, Oak HC/FT has invested in over 85 portfolio companies and has over $5.3 billion in assets under management. Oak HC/FT is headquartered in Stamford, CT, with an office in San Francisco, CA. Follow Oak HC/FT on LinkedIn and X and learn more at oakhcft.com.

Originally announced October 16th, 2024

< + > Oracle Health to apply for QHIN status

EHR customers could take part in the direct sharing of health information – including X-rays and MRIs – between providers, payers, government agencies and others under the TEFCA nationwide interoperability framework.

< + > Best Cybersecurity Practices for Patient Data Sharing in Healthcare

The following is a guest article by Alexander Norell, Senior Director and Global Security Architect at VikingCloud

One cannot overstate the benefits of data sharing in healthcare, which grows more prevalent as the years pass and technologies make the process more seamless.

The dawn of integrated care systems that foster streamlined record-sharing is already linked to improving patient outcomes through precision medicine that caters to individual needs.

Integrated data sharing across healthcare systems ensures three-dimensional assessments of patients. Nothing crucial or life-saving gets forgotten because it’s all available at a practitioner’s fingertips.

Beyond readily available data to help treat acute or more immediate symptoms, these advancements in record sharing also help flag long-term trends—increasing the potential to catch underlying health problems that would otherwise go undetected.

Furthermore, data sharing across healthcare networks, platforms, and infrastructures enables enhanced collaboration. Fewer silos exist between care providers, who can more easily work together to foster superior patient outcomes.

Data sharing also has more big-picture benefits. The mass swaths of health-related data enable healthcare entities to better manage the health of entire populations by helping identify trends and develop strategies based on vast evidence.

It’s worth noting how the technologies driving increased data sharing aid in efficiency, reducing paperwork, human error, and the already strenuous workloads of industry professionals.

These are all significant benefits of data sharing in the healthcare sector. However, one glaring challenge exists in this brave new world of more integrated, collaborative care: Protecting sensitive patient data from cybercriminals.

The Importance of Cybersecurity in Healthcare

The healthcare sector is uniquely vulnerable to cybersecurity breaches.

2023 was a record year, with 114 data breaches of 100,000 or more records reported to The HIPAA Journal.

Cybercriminals are drawn to healthcare data as bees are to honey. Its sensitive nature is of great value on the black market, but also to care providers and the patients who’ve entrusted them to protect their personal information. Ransomware attacks make up the bulk of incidents seen today. Hackers leverage healthcare’s growing reliance on technology by demanding exorbitant amounts of money for stolen data. The cost of responding to and recovering from a breach in this industry has been higher than that of any other sector since 2011, according to a report by IBM and the Ponemon Institute.

North America is a particularly popular target for ransomware attacks, having experienced 315 of the healthcare sector’s 379 ransomware attacks last year. IBM and the Ponemon Institute peg the average cost of these incidents at $10.9 million. 2024 is projected to also near or surpass the $10 million mark.

While the vast increase in data sharing will significantly bolster patient outcomes, the proliferation of related technologies leaves the data more vulnerable than ever.

It’s up to healthcare organizations to implement robust cybersecurity protocols to offset the worst-case scenario (seismic data breaches) and maximize the best-case scenario (mass systemic improvements).

The Top Healthcare Cybersecurity Risk Factors

As we’ve established, data breaches adversely impact a healthcare institution or medical practice’s finances.

They also cause reputational damage. Even worse, they disrupt the ability to provide optimal care—research conducted by Cynerio and the Ponemon Institute found that 53% percent of healthcare organizations that have been the victim of a cyber attack experience adverse impacts such as increased mortality rates. Researchers Hannah Neprash, Claire McGlave, and Sayeh Nikpay back this claim up in an article written for STAT, citing findings from their own recently published report. Where roughly three in 100 hospitalized Medicare patients die in the hospital under normal conditions, that number goes up to 4 out of 100 during a cyberattack.

Unfortunately, the monetary value of patient data on the black market makes it a tantalizing target for malicious actors. Compounding this issue are the many weaknesses and risk factors in healthcare providers’ cyber-security infrastructures that make the sector more attractive to cunning cyber criminals.

In healthcare, the top risk factor by some margin is the surge in industry-wide data sharing (primarily of the digital variety).

A confluence of connected devices collects and transfers sensitive patient information to entire infrastructures (including organizations, partnerships, systems, etc.) for optimal patient outcomes. The more connected devices involved in a network, the more chances hackers have to strike, adding to organizational risk.

Below, we’ll highlight a few more risk factors leaving healthcare infrastructures vulnerable to data breaches and cyberattacks:

• Overextended staff members often aren’t adequately prepared to fend off cyberattacks
• Those same staff members don’t necessarily prioritize cybersecurity, given their substantial workloads and the stress of their jobs
• Many healthcare organizations lack resources and utilize legacy technologies ill-equipped for today’s cybercriminals
• Care providers can take a more ad-hoc, reactive approach to cybersecurity instead of proactive, holistic, and systemic integration

Securing Patient Data: A List of Best Practices

Here’s a list of best practices for protecting patient data:

• Bolster encryption levels with algorithms to protect patient data from unauthorized users
• Ensure only authorized personnel access patient data via role-based access controls 
• Data infrastructures and integrated systems require robust authentication methods, such as multi-factor authentication, to ensure that only verified users can access data 
• Frequently auditing user activities and system logs will help identify suspicious behaviors before something nefarious or damaging occurs
• Data should be backed up on primary and backup systems with offsite solutions to prevent loss
• Assess your systems to identify weaknesses that exist and address them; this process necessitates mapping how patient data travels through your organizational infrastructure from acquisition to disposal, from there, it’s possible to flag weak points—where the data isn’t compliant or highly vulnerable to attacks, afterward, it’s time to establish best practices and strategies to bridge your data protection gaps
• Implement secure transition protocols (e.g., HTTPS and VPNs) to protect data transmissions, also, ensure you’re using intrusion detection/prevention tools, firewalls, and other security measures for patient data
• Minimize and consolidate patient data as much as possible, only gather what’s necessary to prevent bloat, which can make it unmanageable and more open to breaches
• Consider anonymization and pseudonymization of data records kept for research and statistics
• Stay on top of (and rigorously adhere to) data-protection compliance measures
• Monitor your third-party service providers

We want to highlight how valuable staff buy-in is to your data protection strategies.

After all, they’ll require the necessary training and education to uphold best practices, and their ongoing commitment to compliance and robust data protection is crucial to the lasting success of any healthcare practice, organization, or institution.

Cloud Technology’s Role in Enhancing Healthcare Security

According to a study by DuploCloud, 70% of healthcare organizations have migrated to the cloud.

Cloud computing offers healthcare organizations enhanced encryption, bolstered security controls, redundancy, access controls, and compliance certifications. The result is robustly protected patient data and improved patient outcomes.

With all that said, cloud computing is like any infrastructure in that it has its risks.

However, paired with the best cybersecurity practices we’ve provided (along with supplemental technologies and tools), it promises to protect your healthcare organization’s patient data (and reputation) in the short and long term. This way, you and your patients will reap the benefits of data sharing while stonewalling data breaches—the best of both worlds.

About Alexander Norell

A highly regarded and growth-focused GCRS professional, Alexander Norell has more than 25 years of experience in the IT consulting industry and 20 years in cyber, IT, privacy, and information security.

As a Senior Director, Alexander has extensive experience in leadership roles for GRC security specialists. He is responsible for running the EMEA portfolio of consulting services for VikingCloud, and the delivery of all services, including risk, privacy, ISO, and PCI.

< + > Candid Health Announces $29 Million Series B Led by 8VC to Transform Revenue Cycle Automation

Candid Health, the revenue cycle automation platform for healthcare providers, today announced a $29 million Series B led by 8VC with participation from existing investors First Round Capital, BoxGroup, and Y Combinator. This brings the company’s total amount raised to $47 million.

Candid Health is on a mission to simplify medical billing, allowing providers to focus on delivering quality care. The complex and outdated U.S. healthcare system costs $280 billion annually, with more than 1,000 payors and ever-evolving requirements leading to slow, error-prone manual processes – a prime candidate for automation.

Where traditional technology has struggled to keep up with the complexities of changing regulations and the claims cycle, Candid Health’s modern platform uses automation to transform billing.

“Candid Health transformed the way we do business. We went from a manual process with virtually every claim needing hands-on work to automation that submits claims efficiently and correctly. As a fast-growing healthcare provider, technology like this is crucial to our success,” said Stephanie Liu, Co-Founder of Nourish. “Candid Health has helped us achieve best-in-class collection rates while enabling us to deliver better service to our patients.”

By streamlining the entire process — from claim submissions to accounts receivable-manual interventions are eliminated, and claims are auto-corrected. The impact to its more than 150 customers is clear: Candid’s highest-performing customers are consistently able to achieve 95-99% first-pass resolution and net collection rates, ensuring accurate payment the first time.

“Most medical billing companies focus on resolving issues post-claims submission more efficiently, but we’re flipping the model. We focus on submitting claims correctly the first time so that there are no issues to fix,” said Nick Perry, Co-Founder and CEO at Candid Health. “We’ve been rethinking medical billing from the ground up to automate complexity. This ensures healthcare providers can get paid, on time, and for less cost.”

“Candid Health brings urgently needed simplicity to the complexity that characterizes medical billing,” said Sebastian Caliri, Partner at 8VC. “They’ve substantially automated claim preparation and submission — reducing human error and manual interventions — building on data architecture that enables continuous improvement and expansion into new workflows. It’s a privilege to renew our support for one of the best teams and most important missions in healthcare.”

About Candid Health

Candid Health is on a mission to simplify medical billing, allowing providers to focus on delivering quality care. Trusted by more than 100 leading organizations, our revenue cycle platform uses automation to transform billing. The company is backed by 8VC, Y Combinator, First Round Capital, and Boxgroup. Learn more at joincandidhealth.com.

Originally announced September 11th, 2024

< + > Seoul National University Bundang Hospital bags Stage 6 AMAM

It is now the second APAC hospital presently validated at this stage.

< + > Singapore project to build voice AI for detecting early elderly depression

Subsyndromal depression is said to be five times more common than clinical depression among Singaporean seniors.

< + > Bonus Features – October 27, 2024 – Almost 90% of info blocking complaints to ONC/ASTP are against providers, 74% of patients with health plan questions want to speak to a human, plus 20 other stories

Welcome to the weekly edition of Healthcare IT Today Bonus Features. This article will be a weekly roundup of interesting stories, product announcements, new hires, partnerships, research studies, awards, sales, and more. Because there’s so much happening out there in healthcare IT we aren’t able to cover in our full articles, we still want to make sure you’re informed of all the latest news, announcements, and stories happening to help you better do your job.

News

Walmart is moving into prescription delivery, with a service that’s currently live in six states (Arkansas, Missouri, New York, Nevada, South Carolina, and Wisconsin) and available in 49 states by January. (No indication on which state is missing out.) Same-day delivery is currently supported, and the retailer will be rolling out express delivery soon.

Almost 90% of information blocking complaints have been against providers, according to the latest ASTP/ONC blog post. Many complaints stem from “pre-conditions” on access to information that aren’t required under the HIPAA Privacy Rule or any other laws. The agency also released an info sheet to help developers comply with the regulation.

A report from customer experience platform vendor Five9 found 74% of consumers prefer speaking to a human when they have questions about their health plan. Consumers also want answers quickly, as 49% won’t spend more than 15 minutes on hold.

Partnerships

• Lab inventory management system Labguru is now integrated with NetSuite.
• Claims management software from FinThrive is now integrated with Oracle Health Patient Accounting.
• Intellectual and developmental disabilities care vendor CentralReach named LeadSquared a preferred partner for sales, marketing, and CRM automation.
• Net Health is integrating Tali, a voice-enabled AI assistant, into four of its restorative care EHR offerings.
• Recently launched medical imaging and clinical data network Avandra is collaborating with Datavant to support data exchange.

Products

• Mila Health launched Mila, an AI-powered provider assistant for automating patient-provider interactions.
• Psych Hub launched a behavioral health care navigation platform to help consumers find clinical and non-clinical resources.
• Authenticx launched Ava, an AI-powered assistant for analyzing the application’s call transcripts, providing feedback to customer service agents, and recommending strategic actions.
• ixlayer announced a Complete Blood Count test with at-home sample collection, with public availability expected in early 2025.

Sales and Company News

• Florida-based Lee Health selected Caregility to help expand its virtual nursing program.
• Montana-based Billings Clinic-Logan Health is expanding its Oracle Health EHR install to all 30 of its hospitals.
• Philadelphia-based behavioral health company Acclaim Autism chose Appian to accelerate patient onboarding.
• East Alabama Medical Center chose Inflo Health to orchestrate radiology follow-up care. The implementation, which increased recommendation follow-up rates by 74%, earned Inflo Health the American College of Radiology’s Learning Network Vendor Partner designation.
• Non-emergency medical transportation and home care provider Modivcare chose Genesys Cloud for member-facing voicebots and chatbots as well as workforce management. Additionally, Modivcare completed an 18-monthRPM pilot with Michigan Center for Rural Health that saw the number of patients with controlled blood pressure readings double.
• Kinetik Healthcare Solutions achieved HITRUST r2 Certification for its Revenue Cycle Management and Trip Scheduler platforms.

People

• Whole-person care platform Fullscript announced Ashley Koch will serve as President in addition to Chief Financial & Strategy Officer. The company also added Dr. Stephen Kahane to its Board of Directors.
• Define Ventures added Bruce Broussard as Venture Partner; if the name sounds familiar, it’s because he’s the former CEO and president of Humana.
• Patient flow software vendor LeanTaaS appointed Rami Karjian as Head of the Operating Rooms business.
• RCM vendor TruBridge elected Amy O’Keefe to its Board of Directors.

If you have news that you’d like us to consider for a future edition of Healthcare IT Today Bonus Features, please submit them on this page. Please include any relevant links and let us know if news is under embargo. Note that submissions received after the close of business on Thursday may not be included in Bonus Features until the following week.