Welcome to eHealth Network for Africa

Create an account today to see more

Good Morning
  • Articles (2,235)
  • Lessons for Africa on making eHealth work

    Investing in the right eHealth then realising its benefits are global challenges. England’s NHS’s taking advice from the National Advisory Group on Health Information Technology  in England, chaired by

    Professor Robert Wachter Chair of University of California, San Francisco Department of Medicine. The report, Making IT work: harnessing the power of health information technology to improve care in England, sets out findings and recommendations that can inform Africa’s ehealth programmes too. The core perspective’s that while continuously changing healthcare’s a considerable challenge, eHealth that creates a fully digitised NHS important, will be the most sweeping and challenging.

    There are ten findings and principles:

    Digitise, so adopt eHealth, for the right reasonsIt’s better to have the right eHealth than quick eHealtheHealth’s Return on Investment (ROI) isn’t just financial, patient safety and healthcare quality are important tooDecisions on eHealth centralisation should learn, but not over-learn, the lessons of the National Progarmme for Information Technology (NpfIT) Interoperability (IOp) should be built in from the outsetBoth privacy and data sharing are very importanteHealth must embrace user-centered designThe end of implementation’s the beginning, not the endSuccessful eHealth strategies must be multi-faceted, requiring workforce developmenteHealth entails technical and adaptive change.

    For Africa’s eHealth, Acfee would add two other interacting principles. One is to adopt a business case methodology that enables rigorous, reliable eHealth investment decisions and lays a foundation for M&E. It leads on to the second principle; undertake M&E before, during and after implementation. The learning value is considerable, and leads to better business cases and investment decisions.

    Ten recommendations are:

    Complete a thoughtful, long-term national engagement strategyAppoint national chief clinical information officer with an effective roleDevelop a workforce of trained clinician-informaticists in hospitals, with appropriate resources and authorityStrengthen and grow the CCIO roles, others trained in clinical care and informatics and health ICT professionals Allocate national funding to help hospitals implement eHealth and maximise benefitsSet a time for substantial eHealth maturity when central financial support for hospitals can end and regulators deem those that have not achieved high eHealth levels as not compliant with quality and safety standardsLink national finance viable local implementation and improvement plansOrganise local and regional learning networks to support implementation and improvementEnsure IOp as a core eHealth component needed to promote better clinical care, innovation and researchSupport a robust, independent evaluation of eHealth strategies and act on the findings.

    Sustained investment in eHealth leadership across Africa’s healthcare’s needed too. Acfee proposes a triumvirate of clinical, political and executive eHealth leadership throughout healthcare. It’ll take time to reach a critical mass, so starting now’s essential. Future eHealth Leaders at eHealth ALIVE 2017 in October’s provides a step forward. 

    Appendix F’s an eHealth maturity index. Its self-assessment has three main themes:

    Readiness, strategic alignment, leadership, resourcing, governance and information governanceCapabilities of records, assessments and plans, transfers of care, orders and results management, medicines management and optimisation and remote and assistive care and standardsInfrastructure for WiFi, mobile devices, single sign-on and business continuity.

    Africa’s eHealth will benefit from a fourth component, benefits. It include benefits realisation and the timescales need to reach the critical mass to provide a socio-economic return on eHealth investment.

  • England’s NHS could have prevented the WannaCry cyber-security breach

    It was a bad day for England’s NHS. On 12 May, the WannaCry ransomware attack breached over a third of its organisations’ cyber-security defences. Without access to data, many patient services and schedules were disrupted and brought to a halt. It was a shock to the health system. NHS Digital believes not data was stolen.

    A report from the UK’s National Audit Office identified 14 facets of the breach. The lessons are essential for Africa’s eHealth. 

    The NHS was not the specific target, but it resulted in a major incident and emergency arrangements to maintain health and patient careOn the evening of 12 May, a cyber-security researcher activated a kill-switch, stopping WannaCry locking devices and avoiding more disruptionWannaCry was the largest cyber-attack to affect the NHS, following attacks on several organisations, the NHS trusts, before 12 May 2017, two of which breached by WannaCry had been breached beforeThe Secretary of State for Health asked the National Data Guardian and the Care Quality Commission (CQC) to reviews and report on data security, identifying, in July 2016, that cyber-attacks could lead to patient information being lost or compromised and jeopardise access to EPRs, resulting in all health and care organisations needing to provide evidence that they were improving cyber-security, including moving off old and obsolete operating systems, such as Windows XPThe Department of Health (DoH) and its arm’s-length bodies did not know if local NHS organisations were prepared for cyber-attacks, including their responses to NHS Digital alerts in March and April 2017 warning organisations to patch their systems to prevent WannaCry, crucial knowledge because NHS Digital cannot mandate local bodies to act, even if it has vulnerability concernsWannaCry spread across the Internet, includingthe broadband network connecting all NHS sites in England, the N3 network, but there were no instances of it spreading across the NHS email system, NHSmailAt least 34% of England’s NHS trusts were disrupted, but DoH and NHS England don’t know the full extent of the disruptionThe scale and scope of the disruption isn’t known, but an estimated 19,000 thousand appointments were cancelled, operations were cancelled and in five areas, patients had to travel further to A&E departmentsThe Department, NHS England and the National Crime Agency confirmed that no NHS organisation paid the ransom, in line with NHS Digital advice, but the DoH doesn’t know how much the service disruption cost the NHS and patientsA DoH plan that included roles and responsibilities of national and local organisations in responding to cyber-attacks had not tested at local levels, so the NHS was not clear about actions it should take when WannaCry struck, a deficiency exacerbated because WannaCry was different to previous incidents, such as a major transport accident, and took more time to determine the cause and scale of the problemWithout rehearsals for a national cyber-attack, it was not immediately clear who should lead the response, and there were communications problems tooIn line with its existing procedures for managing a major incident, NHS England initially focused on maintaining emergency care All organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to prevent the breach by patching obsolete Windows operating systems and managing their firewalls facing the Internet would have guarded organisations against infection.

    In response, the NHS’s:

    Developing a response plan setting out what it should do to respond to cyber-attacksEstablishing roles and responsibilities of local and national NHS bodies and the DoHEnsuring organisations implement critical CareCERT alerts for emails sent by NHS Digital providing information or requiring action, including applying software patches and keeping anti-virus software up to dateEnsuring essential communications work during attacks when systems are downEnsuring organisations, boards and their staff take cyber-threats seriously, understand the risks to front-line services and work proactively to maximise their resilience and minimise impacts on patient care. 

    Since WannaCry, 39 CareCERT alerts have been issued by NHS Digital between March and May 2017. They require essential action to secure local firewalls.

    These insights and lessons are valuable for Africa’s eHealth. They provide a component of the cyber-security strategies and plans they need.

  • Dell offers better access to imaging data

    Modern eHealth can provide mountains of clinical data. Storing and accessing it effortlessly in real-time’s an increasing challenge. A whitepaper from Dell EMC, available from EHR Intelligence, describes a way to do it. 

    Key Strategic Technolgies (sic) to Improve Access to Clinical Data promotes two principles for PACS. One’s that storage infrastructure shouldn’t need redesigning every time new data’s added. The other’s to have a Vendor Neutral Archive (VNA).

    Affording a fully-fledged solution can be a challenge for Africa’s tight eHealth finances. Dell EMC proposes a phased approach that supports future VNA deployment. It is flexible enough to support a wide range of performance demands such as data analytics, expansion into private, hybrid, or public clouds and changing clinical workflows.

    It’ll need Africa’s eHealth programmes to partner with infrastructure development vendors who can: 

    Scale local architecture without downtimeMaintain daily performanceReduce or eliminate future migration burden.

    These will help to achieve several objectives that improve healthcare quality:

    Integrate imaging with other eHealthEnable doctors to taking clinical decisions using the most pertinent, complete, accurate and timely patient data. 

    Can this find a place in Africa’s eHealth strategy? The principles fit all types of clinical data.

  • Conférence internationale sur la télésanté et la télémédecine au Maroc

    Casablanca, la case blanche poumon économique du Maroc moderne, est célèbre pour beaucoup de choses, y compris la diversité architecturale des bâtiments (célèbre mosquée Hassan II), de l'art déco à la modernité traditionnelle. Cette semaine, c'est l'architecture numérique de la santé qui est à l’honneur. C'est là qu’à lieu la 22ème conférence internationale sur la télémédecine et la télésanté, qui débute aujourd'hui avec un vaste programme technique. Je suis heureux d'être présent, avec Dr Sean Broomhead, Président d'Acfee, et de nombreux collègues et amis de toute l'Afrique.

    Les objectifs de la conférence sont de présenter des expériences pratiques et des résultats de recherche dans le domaine des solutions de télémédecine et de télésanté, et de fournir aux professionnels de la santé, aux représentants de l'industrie, aux décideurs politiques, aux chercheurs et aux scientifiques et de nouveaux concepts et idées en télémédecine, en télésanté et en santé électronique.

    MeHealth 2017 réunit les membres de la Société marocaine de télémédecine et de télésanté (MSfTeH), de la Société internationale de télémédecine et de télésanté (IsTeH) et un large éventail d'autres institutions et organisations locales et internationales impliquées dans le développement et la mise en œuvre de la télémédecine.

    La conférence MeHealth 2017 de Casablanca, la 22ème conférence internationale de l’ISfTeH veut présenter des expériences pratiques et des résultats de recherche dans le domaine de la télémédecine et des solutions eHealth, et fournir des opportunités aux prestataires de soins, des représentants de l'industrie, des décideurs, des chercheurs et des scientifiques de se rencontrer et discuter des projets en cours, de la recherche et des nouveaux concepts et idées en télémédecine, en télésanté et en santé mentale.

    L'utilisation des technologies de télémédecine et de télésanté représente une réelle opportunité d'améliorer la qualité de vie des patients et de réduire les coûts de santé. Cependant, il fait face à d'importants défis liés à la propriété des données et à la vie privée des patients, à l'engagement du professionnel de santé, à l'adhésion du patient, à l'intégration dans les soins courants, aux aspects financiers et de remboursement.

    Les conférenciers comprennent des intervenants de classe mondiale comme:

    Prof. Francesco SicurelloDr. Najeeb Al ShorbajiPeter J. TonellatoM. Abdarrhman AnneDr. Zakiuddin AhmedLuis FalconProf. Maurice Mars

    Les sessions parallèles couvrent les thématiques suivantes:

    Santé numériqueTélémédecine en AfriqueGNU SantéInformation médicaleBioinformatique Casablanca est également célèbre pour le film de 1942 portant le même nom et son célèbre Rick's Café. Alors que le café original était sur un plateau de tournage hollywoodien, un entrepreneur marocain a depuis créé le véritable Rick's Café à Casablanca. Le restaurant est logé dans un grand bâtiment traditionnel marocain construit en 1930. Nous vous invitons à le découvrir.

  • eHealth and Telemedicine meeting kicks off in Morocco

    Casablanca, Morocco is famous for many things, including diverse building architecture, from Art Deco to modern. This week it’s a digital health architecture attraction. It is the venue for the 22nd International conference on Telemedicine and eHealth, which kicks off today with an extensive technical programme. I am happy to be attending, along with Acfee Director Dr Ousmane Ly and many colleagues and friends from across Africa.

    The goals of the conference are to to present practical experiences and research results in the field of Telemedicine and eHealth solutions, and to provide opportunities for healthcare providers, industry representatives, policy makers, researchers and scientists to meet and share and discuss current projects, research, and new concepts and ideas in Telemedicine, Telehealth and m/eHealth.

    MeHealth 2017 brings together members of the Moroccan Society for Telemedicine & eHealth (MSfTeH), the International Society for Telemedicine & eHealth (IsTeH) and a wide range of other local and international institutions and organizations who are involved in Telemedicine/eHealth development and implementation.

    Speakers include:

    Prof. Francesco SicurelloDr. Najeeb Al ShorbajiPeter J. TonellatoMr. Abdarrhman AnneDr. Zakiuddin AhmedLuis FalconProf. Maurice Mars

    Satellite workshops cover:

    Digital HealthTelemedicine in AfricaGNU HealthMedical InformationNA Student Symposium BioinformaticsStartathon: Innovation in Telemedicine and eHealth. Casablanca is also famous for the 1942 film and its infamous Rick’s Café. While the original café was a Hollywood film set, an enterprising entrepreneur has since created a real Rick’s Café in Casablanca. The restaurant is housed in a traditional Moroccan grand mansion built in 1930. I look forward to checking it out. 
  • eHealth Africa pilots AVADAR to track Toward Polio Eradication progress

    In response to the reported cases of wild poliovirus in Nigeria, eHealth Africa (eHA) partnered with Bill & Melinda Gates Foundation, the  WHO, and Novel-T to pilot a mobile surveillance app for Acute Flaccid Paralysis (AFP) in children. It’s a condition of a rapid onset of weakness of people’s extremities, and includes Guillain-Barré syndrome.  AFP often causes weakness of respiration and swallowing muscles, progressing to maximum severity within one to ten days. 

    WHO defines AFP surveillance as six goals:

    Track wild poliovirus circulationUse data to classify cases as confirmed, polio-compatible or discardedMonitor routine coverage and surveillance performance using standard indicators in all geographical areas and focus efforts in ones that are low-performingMonitor seasonality to determine low season of poliovirus transmissions to help to plan National Immunisation Days (NID)Identify high-risk areas to plan mop-up immunisation campaignsProvide evidence to certification commissions of interruptions of wild poliovirus circulation. 

    Standard indicators are: 

    >90% of expected monthly reports>1/1000,000 annualised non-polio AFP rate per 100,000 children under 15>80% of AFP cases investigated within 48 hours>80% of AFP cases with two adequate stool specimens collected 24-48 hours apart and less than 14 days after onset>80% of specimens arriving at laboratories in good condition>80% of specimens arriving at a WHO-accredited laboratories within three days of despatch>80% of specimens for which laboratories’ results sent within 28 day turn round. 

    AFP surveillance’s one of four cornerstone strategies of polio eradication. The objective’s to identify all cases of polio through a system that targets any case of AFP as a potential case of polio.  AVADAR’s a surveillance tool on android mobile devices provided to health workers and community informants. It aids AFP detection and reporting both in health facilities and local communities.

  • IBM Watson supports better care plans

    Horizons provoke considerable sentimentality and concepts.  Pankaj Patel, an Indian businessman and chairman of Cadila Healthcare urged people “Dwell on possibilities to open up your horizon.”

    It seems that IBM Watson aims to help too. Its Whitepaper. Population health management beyond the EHR:Part 2 unsurprisingly builds from Part 1 that EHRs are necessary but not sufficient. It proposes a care collaboration platform based on a data lake to which all care team members contribute.

    Cognitive computing ‘s the means to achieve it, combining parallel processing with augmented intelligence. It structures unstructured data, enabling fast searches of medical literature, finding connections and patterns among myriad data types and enables computers to learn. These can be used to:

    Identify real outcomes from similar patientsEnable clinicians to make informed decisions about diagnosis and treatmentUtilise data on social determinants of health and genetic and environmental factors that influence healthProduce personalised clinical guidelines, so patients’ personalised care plans are more effectiveImprove clinical decision support over time.

    Central data registries can be expanded to include many elements not typically available through clinical and claims data alone. Extra content be added from care managers and community health workers whose pertinent patient observations might not be able to be document in EHRs.

    This wider range of data can be used for better:

    Performance management with retrospective concurrent, and predictive analytics applied to new payment and delivery modelsRisk identification and mitigation of stratified populations into cohortsOperational processes.

    Personalised care’s the core goals. Achieving it needs more than IBM Watson. Clinical eHealth leadership’s vital too. Warren Bennis, founding chairman of The Leadership Institute at the University of Southern California has a concept to achieve this. “The manager has his eye on the bottom line; the leader has his eye on the horizon.” Which eHealth horizon?

  • How can bad robots be kept out?

    Automation’s steadily progressing across healthcare. It relies on AI and robotics, but not all robots are up to the job. Keeping bad bots at bay’s vital. An eBook from Quocirca sets out a way to do it, leaving the way clear for good bots to help in a range of services. Examples are admin bots that can make appointments, help to access clinical records, answer billing queries and process payments. Chat bots can deal with routine ailments, freeing healthcare professionals to deal with more complex patients. AI’s the driver behind these changes.

    Four types of bad bot activity’s:

    Stealing personal informationCredit care fraudHealthcare insurance fraudBribery and extortion. 

    The OWASP Foundation, a global not-for-profit charitable organisation aiming to improve security of software, runs the Open Web Application Security Project that combats bad bots. Its Automated Threat Handbook lists criminals’ 20 most common activities that use bots. It also publishes its Top 10

    Most Critical Web Application Security Risks, the latest for 2017 are:

    InjectionBroken authenticationSensitive data exposureXML external entities (XXE)Broken access controlSecurity misconfigurationMissing function level access controlCross-Site Scripting (XSS)Cross-Site Request Forgery (CSRF)Insecure DeserialisationUsing components with known vulnerabilitiesInsufficient logging and monitoring. 

    Developers can introduce these vulnerabilities in their software code, making it easy for bots to find, then mimic human behaviour to achieve illicit access. Three traditional ways to mitigate their threat and enable good bots to succeed are: 

    Firewall rules can be changed to block source IP addresses used by cyber-criminals’ bots, but they regularly change IP addresses, can’t deal with previously unknown bots and may block legitimate usersWeb Application Firewalls (WAFs) protect web applications by exploiting common software vulnerabilities, but apart from vulnerability scanners, most bad bots don’t target vulnerabilities, they mimic real users, so WAFs can’t stop themCompletely Automated Public Turing tell Computers and Humans Apart (CAPTCHA), are-you-human tests can work can, annoy some users, but some bad bots can bypass themGeofencing can limit access to websites and apps to users from specified locations, but cyber-criminals can move their location using VPN links to a local Point of Presence (PoP)Direct Bot Detection (DBB) tools and mitigation can distinguish bots from humans and classify them in real time using behavioural analysis and digital fingerprinting, and across several organisations, can improve their understanding of bad-bots through machine learning, identifying bots, determining their provenance and deciding if their activity should be allowed, controlled or blocked. 

    Quocirca says all 20 of the bot types identified by OWASP can be managed using DBB and unwanted activity curtailed. DBB tools aren’t an alternative to the other measures. They can be integrated with other network protection technologies such as WAFs, Intrusion Prevention Systems (IPS) and Security Information and Event Management (SIEM). 

    Adopting the increasing range of cyber-security measures is essential for Africa’s eHealth. Keeping up with trends is too, and links with OWASP can help. Individual membership’s US$50 a year, US$95 for two years and US$500 for lifetime. Corporate membership starts at US$5,000.

  • What's needed to help improve EHRs?

    Millennia ago, primitive people huddled in caves to keep warm and protect themselves from big, wild beasts, many now extinct. As people advanced, huddling became less important, but it’s emerged in healthcare, and EHRs are the catalyst. 

    Safety huddles to proactively identify and address electronic health record safety, a study in the Journal of the American Medical Informatics Association (JAMIA) identified 245 safety concerns related to EHRs. To be more precise, safety huddles found them. Four main types were: 

    42% EHRs’ technology working incorrectly26% EHRs’ technology not working at all17% EHRs’ technology missing or absent16% user errors.

    Huddling theory says the activity’s helpful in creating collective situational awareness, leading to increased organisations’ capacity to respond to concerns, limitations and weaknesses. The study shows it: 

    Promoted discussion of several technology issues in organisationsServed as a promising technique to identify and address EHRs’ safety concerns.

    The team recommends that healthcare organisations consider huddles as a strategy to promote understanding and improvement of EHR safety. If it works for safety, it could help with other weaknesses in EHRs. If it works for EHRS, it could work for some other eHealth services too.

    It seems that our ancient ancestors were on to a modern management technique, so announcement in waiting rooms could soon be saying “A doctor will see you shortly. At the moment, they’re all huddling for eHealth.”

  • Are Africa’s eHealth start-ups on the move?

    Africa’s health systems need a vibrant eHealth start-up environment that provides local solutions. It’s good news that the number of Africa’s eHealth start-ups is rising. Most don’t leverage mHealth.

    The report from the start-up portalDisrupt Africa High Tech Health: Exploring the African E-health Startup Ecosystem Report 2017, identified 115 eHealth start-ups in 20 African countries, about 37%. It reveals the need to stimulate eHealth start-ups in the other 63%.

    Investment’s increasing too, especially finance for businesses growth. The combined eHealth start-up investment’s exceeds US$19 million. Most eHealth start-ups in the report don’t use mHealth. It’s about 44%. 

    Niche solutions are an important component of Africa’s eHealth investment. As demand and opportunities expand, especially for mHealth, the scope for Africa’s eHealth supply side can expand with it. A report in Standard Digital summarises the landscape using data from the 20 countries over three years from Disrupt Africa, it says about 73% of Africa’s eHealth ventures provide mHealth solutions. Local eHealth innovators are emerging in Uganda, Ghana, Egypt, and Senegal. Start-ups launching across Africa has increased over three years. Investors are starting to support start-ups planning to grow expand.

    Africa has an estimated 115 eHealth start-ups. About 28%, 32, are in East Africa. Nearly half of these, 15, of East Africa’s eHealth start-ups in are in Kenya, about 13% of Africa’s total. They may be confronting challenges in attracting finance, unlike reported significant investment in other countries in the region. Does it mean that the available finance’s being spread more evenly, or is it because better investment opportunities are emerging from other countries?

    Total investment in eHealth start-ups over the period is estimated at US$19 million. Kenya start-ups raised US$379,600, under 2%.

    Africa.com has a different perspective. Its report identifies Tunisia emerging as the next eHealth hub. It says there are more than 300 African tech start-ups, 54, 18%, in South Africa , 27, 9%, in Kenya, 23, 8% in Nigeria and 15, 5%, in Tunisia. After creating a successful incubator in Kenya, Merck will launch a start-up incubator in Tunisia by 2019 to collaborate with innovative eHealth start-ups.

    It’s not all rosy. Several challenges to growth are seen as access to finance, uncertain policies, competition from established brands and finding and recruiting talent. 

    Africa’s eHealth strategies need to parallel these initiatives. They’re creating opportunities to improve health and healthcare.

  • Telehealth may increase healthcare demand

    Telehealth, using telephones and including telemedicine, can benefit patients, health workers and healthcare organisations. One probable benefit is reducing reliance on GP and Emergency Department (ED) visits with virtual visits, so reducing healthcare costs. Another’s convenience for patients. It seems that can patients’ convenience’s reducing healthcare benefits, a case of supply led demand. 

    A study in Health Affairs,  Direct-To-Consumer Telehealth May Increase Access To Care But Does Not Decrease Spending, found that the convenience of telehealth services for patients may mean they solve access issues long before they bend healthcare’s cost curve.  It may be these much shorter waiting times and earlier utilisation may increase healthcare spending.

    The research team analysed over 300,000 patients’ commercial claims data spending for acute respiratory illnesses. Data extended over three years. About 12% of telehealth visits replaced visits to other providers. Some 88% was new utilisation with shorter waiting times. Net annual spending on acute respiratory illness services increased by $45 for each telehealth user. 

    eHNA reported on a similar outcome for an eVisit service. The findings seem reinforce each other. Africa’s eHealth programme should include the probability of the phenomenon in their telehealth business cases so additional healthcare resources that may be required can be planned too.

  • mHealth keeps expanding, but Africa and South America are trailing

    The mHealth market’s been growing steadily, and will keep it up. In its report mHealth App Economics 2017 Current Status and Future Trends in Mobile HealthResearch2Guidance (R2G), a strategy advisory and market research company, assesses how digital intruders are taking over the healthcare market. 

    This year, there are 325,000 health and fitness apps available from all major app stores. It’s 78,000 more than last year.

    Most eHealth practitioners come from Europe, 47%, and 36% from the US, a combined 83%. Asia-Pacific accounts for 11%. South America and Africa trail at 4% and 2% respectively, confirming the need for increased human capacity development.

    Other findings include:

    Android’s overtaking Apple in health app numbers84,000 health app publishers release appsWidening demand and supply gap, with high number of developers and low downloads growth ratesUS$5.4bn investment in eHealth start-ups fuelling the marketUsers will download an estimated 3.6bn apps in 201718% are not developing health apps because of uncertain regulations53% of eHealth practitioners expect health insurances to be  the future distribution channel with best market potentialAn estimated 28% pure eHealth market players in the eHealth industry.

    Two app types may have a big healthcare impact. Artificial Intelligence (AI) is seen as the most disruptive technology.  It’s seen as combining with remote monitoring to be the technologies that will disrupt healthcare most. The profile’s:

    AI 61%Remote monitoring and assistance 43%Wearables 34%IoT 30%Virtual reality and intelligence 27%3D printing 22%Blockchain 18%5G 8%Other 5%. 

    It seem that there’s an opportunity for Africa’ health systems to support and expand their local health app supply side. An integrated demand and supply strategy could do it.

     

  • Ponemon shows cyber-security knowledge’s improving

    As cyber-attacks expand in sophistication and volume, knowledge about them’s expanding too. Ponemon Institute, a US research organisation, surveys ICT and security leaders about cyber-security each year. For five consecutive years, its State of Endpoint Risk Report, has added to organisations knowledge. Barkly, a cyber-security firm, has released a preview. The findings are important for Africa’s healthcare and its eHealth and its cyber-security plans. 

    Organisations are struggling to secure their endpoints against new and evolving threats. It’s exacerbated by its high cost for each successful attack. Three other themes are:

    Fileless cyber-attacks area an increasing risk, now about 77% of all cyber-attacksTrust in Anti-Virus (AV)  programs that rely on file scanning and signature matching has waned, with about 80% of organisations replacing or augmenting AV in 2017Endpoint security is becoming more costly and complex.

    False positives are the most significant hidden cost of endpoint protection. Almost 50% of alerts were false alarms. Costs and complexity is increased too because organisations have an average of seven different agents installed on endpoints. Each one needs its own monitoring, so diseconomies of scale. About 75% of organisations find cyber-security management a challenge.

    Affordability and capability’s starting to bite. Only a third of organisations have enough resources to manage cyber-security effectively, a salutary finding for Africa’s health systems.

    Four measures needed to respond to the trend are:

    Move beyond traditional AVInvest against protection against fileless cyber-attacksReduce endpoint management complexityFocus on prevention first, before detection and response.

    These match Ponemon’s findings. There are two challenges are, first, how can the two-thirds of organisations with insufficient resources afford them? Second, can the one third afford the extra cost? Answers to both are vital for Africa’s health systems?

  • eHealth’s goals need shifting to meet doctors’ needs

    There’s a vicious circle revolving around eHealth. As eHealth moves ahead, it’s creating a demand for better eHealth. Dr James Madara, CEO at the American Medical Association (AMA) set some of these out in his recent speech, recorded on YouTube. He sees doctors confronting “Oceans and oceans of data, but only puddles of clinical meaning.” It seems the eHealth challenge’s moving from providing data to giving health professionals the means to navigate their way through the rising tide. His “Longer timelines” view included the utilities needed for a “secure and timely data flow“ needed to improve clinical data liquidity. 

    Fierce Healthcare has summarised some of his themes on the ability of doctors to extract clinical meaning from rapidly expanding data sets and as disorganized and siloed eHealth ecosystem. He equates it to “The fable of the blind men touching the elephant. One feels the trunk, another the tail, one the ear, and each one of the men [sic] has in his mind some different image. That’s what healthcare data are today. Each of us touching data bit-by-bit, then spending time conceptualising the elephant.” AMA’s Integrated Health Model Initiative (IHMI) is helping to deal with these concerns. It includes building a common data-sharing structure with Intermountain Healthcare. 

    An example he uses is a concept from EHRs that existing data in them can be shared and used for current clinical decisions. He set out a scenario of a doctor who suspects patients suffer from hypertension, so “effortlessly” accesses their blood pressure readings from previous healthcare providers. He said doctors can’t do that.

    Africa’s eHealth strategists need to consider Dr Madara’s perspectives. As eHealth investment generates more data, Africa’s health systems simultaneously can put in place the tools that healthcare professionals need to navigate their way through it. eHealth benefits depend on them.

  • KLASified IOp needs to progress

    A bit like an horizon, as eHealth Interoperability (IOp) takes a step forward, its horizon seems like two steps further away. KLAS, the eHealth analyst outfit, has published its Interoperability 2017 report of its Cornerstone Summit. First Look at Trending – Some Progress toward a Distant Horizon,” summarises the findings. It’s the third interoperability summit. The KLAS 2017 research provides the first year-on-year comparison measuring progress. There’s plenty left to do.

    KLAS research shows that shared patient data often fails to benefit patient care much. It’s an important insight for EHR business cases, and reveals the ubiquitous gap between eHealth’s potential and its probability in realising its benefits. An essential question to ask before driving ahead investing scarce resources is asking eHealth sponsors to estimate the percentage of patient encounters in which:

    Outside data informs healthcare delivery betterUsers have access to needed data from outside their organisations. 

    Most of the report deals with methodologies and questions about measuring IOp. They provide a wide range of detailed and precise themes that Africa’s eHealth programmes can use to specify and test their IOp components.

    Other issues are: 

    Should behavioural health and home medical equipment be incorporated in post–acute care interoperability?Pharmacies are key partners in post–acute care IOp, so need includingWhich IOp capabilities and synergies should or should not exist between post–acute care and hospital systems?Should hospitals’ Emergency Department (ED) systems query HIEs to identify if patients receive home health services, and can the home health records and their patient information be added to ED systems?

    Healthcare’s concerns and insights include:

    Securing national IOp inter-organisational trust of incoming data and its accuracyClarity on liability of outgoing data not being used securely or guarded How to co-ordinate between organisations sharing data, especially when different users  need different data?How can patients help bridge IOp?IOp gaps in healthcare transitions are a significant market oversight and need fixingHow should information blocking be defined and implemented?

    Africa’s eHealth programmes can extract invaluable insights from the KLAS report. I can help them extend the stride of the next step. Whether it takes them closer to the IOp horizon’s another matter.

     

  • Is connected eHealth enough to lead to healthier people?

    eHealth’s ICT network, and especially mHealth’s, offers considerable potential for healthier people. Like all eHealth, its probable impact is always less than its potential. A study in the Journal of Medical Internet Research (JMIR) by a research team in Montreal, Canada, identified the phenomenon for connected health tools.

    Is Connected Health Contributing to a Healthier Population? Reviews  mHealth’s health impact. It,

    It’s clear that mHealth enables more precise diagnostics, personalised health recommendations that enhance patient experiences and outcomes and contains healthcare costs. But, for mHealth to achieve its full potential, at least five issues need addressing.

    JMIR’s editor says JMIR Publications discourages the use of Connected Health (cHealth). It’s not clear if how it differs from eHealth, mHealth or Ubiquitous Health (uHealth). eHNA’ll stick with eHealth and mHealth.

    One issue’s achieving active engagement in mHealth use, privacy, security, quality, and developing evidence-based guidelines. The expanding mHealth market, at over 165,000 apps in 2015, conveys an urgent imperative to deal with these. With such a profile and plethora, it’s a bit odd that only 12% of health-related apps have 90% of downloads; a considerable underutilisation and corresponding limited impact on health.

    Maybe, as the study hints, the current focus technology may be too extensive, while simultaneously ignoring the need for a paradigm shift in healthcare providers from fixer to coach, that welcomes, encourages, requires and activates patients’ engagement in their own wellness and care. It could be that uptake strategies are needed to ensure individual’s mHealth engagement is their highest prior for health and illness issues. Succeeding may need a better understanding of the health literacy gap causes.

    Quality’s a challenge. Many consumers, developers and manufacturers aren’t aware of many of mHealth’s technological standards and regulations. Lacking supporting evidence, users often rely on subjective five-star ratings to gauge quality. Apple’s App Store advises that “medical apps that could provide inaccurate data or information, or that could be used for diagnosing or treating patients may be reviewed with greater scrutiny.” Recent initiatives might help overcome this risk and misplaced dependency:

    Reach, Effectiveness, Adoption, Implementation, and Maintenance (RE-AIM) framework evaluates health behaviourMobile App Rating Scale (MARS) assess and scores qualityConsolidated Standards of Reporting Trials (CONSORT-EHEALTH) encompasses initiatives developed by the CONSORT Group to alleviate problems arising of inadequate randomised controlled trial (RCT) reporting.

    Africa’s mHealth emphasis should take note of these. Without them, mHealth may become just a bit of Health.

  • How to deal with with ransomware

    A perspective on eHealth cyber-security is the challenge to cope with changes in government regulations, a revolution in medical device and mobile technology expanding at about 20% a year and healthcare transformation. Its eBook Ransomware: What every healthcare organization needs to know, Cisco sees this as a “Perfect storm of complexity and vulnerability” for information security. 

    Cisco Umbrella is a cyber-security platform for the cloud. Supporting advice in the eBook covers:

    What is ransomware?How prevalent is the threat?Why healthcare?How does infection happen?How does an attack work?How to protect organisations?The first line of defence.

    It sets out four main causes of infections:

    Phishing emailsCompromised web sitesMalvertisingFree software downloads.

    Cyber-attacks come from two sources, email and web sites. Clicking on an illicit link in an email or visiting a compromised or malvertising web site can trigger a sequence of events:

    Launching a download and installation of an exploit kit.Exploit kit identifies vulnerabilities in users’ systems and sends these back to the malicious infrastructureInstalling a targeted payload on users devices that can exploit the vulnerabilitiesCall-back to retrieve private malicious encryption keys that encrypt dataNotify users that a ransom payment will release the encryption key.

    Stopping ransomware attacks needs a set of actions to:

    Monitor global cyber-criminal activities for insight into where hackers are staging infrastructure for future attacksProtect patient devices, medical IoT endpoints, Protected HealTHInformation (PHI) and Personally Identifiable Information (PII) data systems, including ones that don’t support agentsDiscover and block likely malicious domains and Internet Providers (IP)Feed contextual threat intelligence into security management or incident response environments to identify which incidents need attentionKnow how unmanaged mobile and IoT devices connect to networks to prevent patient data exfiltration. 

    After a cyber-attack, assess what happened by:

    Identifying the root causeDeveloping a proactive cyber-security plan that leverages a multi-layer defenceUsing predictive intelligence to understand how and where attacks are staged on the InternetInternally segmenting networks to contain a breachRestoring data from backupsEducating employees about security best practicesDeploying first line defences that stop opportunities for lateral movement of ransomware in networks, eliminate its propagation and reduce the time cyber-attacks have to operate in networks.

    Cisco’s eBook adds to Africa’s eHealth knowledge. It’s an essential document for its cyber-security library.

  • Predictive analytics needed for better infectious disease tracking

    When outbreaks of new diseases emerge, public health’s impact inevitably follows events. Eventually, it catches up. The US Government Accountability Office (GAO) report in May 2017, Emerging Infectious Diseases Actions Needed To Address the Challenges of Responding to Zika Virus Disease Outbreaks, found that the Zika virus case counts from the national disease surveillance system underestimate the total number infections because: 

    Infected people may not seek medical care because they have only mild or no symptoms, or other reasons,May not be diagnosed because of limitations in Zika virus diagnostic testingIncomplete surveillance reporting.                                                                                                                                   

    Better, prompt and accurate information’s still needed. Three Congress representatives have written to the GAO boss, the Comptroller General, suggesting a subsequent study into predictive models and systematically integrating modelling into outbreak responses. They think the US can respond more effectively bt learning if:

    Federal agencies use predictive modelling to inform planning for emerging infectious diseases?How federal agencies use models to inform regulatory decisions about infectious disease outbreaks?Do medical product sponsors use predictive modelling?What funding’s available for infectious disease predictive modelling?What challenges do predictive modellers face?If and how, federal agencies validate models’ predictions? 

    With predictive modelling and analytics expanding their potential, these seem like a good set of questions that all countries should ask. Answers can inform eHealth strategies and strengthen the role and impact of public health professionals.

  • Disaster and emergency preparedness may be needed for nine coastal African cities

    The Earth’s warming. There’s a consensus among Earth scientists that melting land ice contributes to Sea-Level Rise (SLR).  Research from the University Corporation for Atmospheric Research (UCAR) says future warming will exacerbate the risks to human civilization. Ice sheets, glaciers, and ice caps have melted during the 20th century leading to SLR. UCAR says it’s accelerating.

    A report from a team at the Jet Propulsion Laboratory, California Institute of Technology, Should coastal planners have concern over where land ice is melting? published in Science Magazine says the technique of Gradient Fingerprint Mapping (GFM) benefits long-term coastal planning. An appendix to the report identifies nine coastal African cities that could be affected. They’re:

    AlexandriaCasablancaDakarDarEsSalaamDjubutiDurbanLagosLuandaLuderitz

    While the report deals with cities, other coastal communities will be affected too. If measures to reduce global warming succeed, it may not happen. If they’re too late or don’t work, it seems that it will.

    One response is building sea defences. Another’s to relocate communities. Doing nothing could mean emergencies and unplanned population migration. All have consequences for health and healthcare. The results from the study need factoring into the nine countries’ longer term disaster and emergency response and eHealth strategies and plans. Africa’s other coastal countries may need to start planning too.

  • Does spambot Onliner have your email address?

    It’s described as the largest spambot. ZDNet has a report about the finding by Benkow, a cyber-security researcher in Paris, who discovered an open and accessible web server hosted in the Netherlands which stores dozens of text files. They contain a batch of 711 million email addresses, passwords server login information and 80 million email servers used to send spam. The credentials came from other data breaches, such as the LinkedIn and Badoo hacks.

    Malevolent goals are to send email spam through legitimate servers to defeat many spam filters. Onliner delivers Ursnif banking malware into inboxes globally. Ursnif is a Trojan. It steals data such as login details, passwords and credit card data. A spammer then sends a dropper file as normal-looking email attachments. When it’s opened, the malware downloads from a server and infects the machines. Spamming is still an effective way to deliver malware, but email filters are becoming smarter, with many spamming domains blacklisted. 

    There’s been over 100,000 unique infections up to the end of August 2017. Cyber-attackers need large lists of Simple Mail Transfer or Transport Protocol (SMTP) credentials that authenticate them to send bogus legitimate emails that by-pass spam filters. The more servers they find, the bigger the campaign. 

    When bogus emails are opened, they send back to the cyber-crookss the IP address and user-agent information used to identify the type of computer, operating system and other information about the devices. Cyber-attackers use this to identify who to target with Ursnif. They specifically target Windows computers. iPhone or Android users aren't affected by the malware.

    Focused hacking instead of scatter bombing reduces the malevolent campaign’s cyber-noise. It can help to slow down responses from law enforcement agencies. 

    Benkow’s discovery re-emphasises the need for Africa’s eHealth programmes to train, then train again and again, health workers in cyber-security. It’s an essential components in the constant cyber-security response.