Eleven cyber-security measures can reduce risks
Healthcare’s cyber-security risks are increasing partly due to eHealth trends. AA whitepaper from Osterman Research, sponsored by KnowBe4, a cyber-security training firm, describes them. Protecting Data in the Healthcare Industry also sets out eleven good practices than can help to mitigate the risks. It’s important for two reasons:Healthcare deals with life and death, so can’t afford disruptionCyber-breach disruption damages healthcare’s reputation and value.
Increasing cyber-threat is a combination of eHealth and criminal trends. eHealth trends include:Increasing cloud use for file storage and sharingSystematic under-investment in cyber-securityData breaches are becoming more commonHealth workers face an expanding array of eHealth communication and collaboration tools
Cyber-criminals’ activities and trends include:Healthcare personal data has a high criminal valuePhishing and ransomware growth.
Adopting and sustaining good practices are essential. Eleven set out in the whitepaper are:Take cyber-security risks seriouslyBuild cyber-threat awareness across healthcare organisationsDevelop and implement cyber-security strategiesEstablish thorough, detailed and effective cyber-security policiesEnable encryption at every pointUse cyber-threat intelligenceTest cyber-attack recovery capacity and capabilityInvest in cyber-security awareness trainingGovern user behaviour for tools, devices, and repositoriesTighten password policies and account accessEnsure effective cyber-security defences are in place and working smoothly.
These provide a helpful checklist for Africa’s eHealth. After it’s complete, it’s important that the actions and investment revealed as needed are implemented. Without it, cyber-holes will remain.
- 312 views
- December 13, 2017
- Tom Jones
Will AI improve cyber-security?
AI is seen as a big step up in eHealth and healthcare. Will it help to improve cyber-security too? Forrester, a strategy firm, says it will. Its report Artificial Intelligence Will Revolutionize Cybersecurity But Security Leaders Must View All Vendor Claims With Skepticism also offers caution.
While AI can help, pure AI, the sci-fi version won’t. It’s the building block technologies of pragmatic AI that can provide applications that can support cyber-security in dealing with about current and future threats. Like all solutions, AI’s not a silver bullet, but it’s part of the cyber-security armoury that can help analysts to keep up with new and emerging threats and the daily deluge of alerts and events they have to deal with every day. This emphasises an important AI theme. Human knowledge is paramount and can be enhanced by AI.
AI for cyber-security’s a second joint priority. About 34% of organisations say it’s their objective, the same percentage as improving analytics and insights. Better ICT efficiency’s the top priority at about 40%.
Some AI vendors are incorporating one of more components into their services. The range includes:Biometrics to authenticate users unique physical characteristicsNatural language processing (NLP) technology to reads and understand people’s textMachine learning, composed of tools, techniques, and algorithms to analyse dataDeep learning, a branch of machine learning focusing on algorithms that construct artificial neural networkSecurity automation and orchestration (SAO) to help with cyber-threat investigations and responses.Cyber-security analytics.
Forrester sets out six ways to scale cyber-security with machine learning. It identifies and advantage and disadvantage of each one. The core role is automatically identifying suspicious, anomalous patterns and user behaviour that appear faster. The techniques are:
1. Thresholds set on continuous metrics to detect anomalies. Advantage: thresholds are very simple to configure. Disadvantage: they may detect situations after the fact, not before
2. Built-in rules using vendors’ years of expertise can automatically raise alerts based on this internal. Advantage: built-in rules require little setup and codify vendors’ expertise with other customers. Disadvantage: rules may not exist for all threat surfaces and may be based on outdated information
3. Customisable rules to let cyber-security professionals apply their experience using their organisations’ own unique complex combinations of software and systems. Advantage: security professionals can codify their expertise in the solutions. Disadvantage: they may create rules based on theories instead of concrete data
4. Built-in models, can go beyond rules created by people to address complex relationships from historical data faster and find complex, nuanced relationships than people can. Advantage: models are created by machine learning algorithms that analyse historical cyber-security data, yielding better predictions that improve over time. Disadvantage: models need more data science knowledge to tune and maintain.
5. Built-in models can learn the peculiarities of organisations’ cyber-threat surface. Advantage: predictive models are based on actual data collected from infrastructure and analysed by machine learning algorithms. Disadvantage: false positives and false negatives are often problems with predictive models generated by machine learning
6. External, importable models let organisations’ communities share knowledge. Advantage: organisations can share and reuse AI models used for cyber-security. Disadvantage: community models may vary widely in efficacy and applicability to specific organisations.
The report provides Africa’s health systems sophisticated, balanced insights into AI’s wider user. It is essential to include its perspectives into their eHealth strategies with AI having more than one role in frontline healthcare. It adds a new, constructive dimension to eHealth’s essential cyber-security strategies and plans.
- 666 views
- December 12, 2017
- Ameera Hamid
Lessons for Africa on making eHealth work
Investing in the right eHealth then realising its benefits are global challenges. England’s NHS’s taking advice from the National Advisory Group on Health Information Technology in England, chaired by
Professor Robert Wachter Chair of University of California, San Francisco Department of Medicine. The report, Making IT work: harnessing the power of health information technology to improve care in England, sets out findings and recommendations that can inform Africa’s ehealth programmes too. The core perspective’s that while continuously changing healthcare’s a considerable challenge, eHealth that creates a fully digitised NHS important, will be the most sweeping and challenging.
There are ten findings and principles:Digitise, so adopt eHealth, for the right reasonsIt’s better to have the right eHealth than quick eHealtheHealth’s Return on Investment (ROI) isn’t just financial, patient safety and healthcare quality are important tooDecisions on eHealth centralisation should learn, but not over-learn, the lessons of the National Progarmme for Information Technology (NpfIT) Interoperability (IOp) should be built in from the outsetBoth privacy and data sharing are very importanteHealth must embrace user-centered designThe end of implementation’s the beginning, not the endSuccessful eHealth strategies must be multi-faceted, requiring workforce developmenteHealth entails technical and adaptive change.
For Africa’s eHealth, Acfee would add two other interacting principles. One is to adopt a business case methodology that enables rigorous, reliable eHealth investment decisions and lays a foundation for M&E. It leads on to the second principle; undertake M&E before, during and after implementation. The learning value is considerable, and leads to better business cases and investment decisions.
Ten recommendations are:Complete a thoughtful, long-term national engagement strategyAppoint national chief clinical information officer with an effective roleDevelop a workforce of trained clinician-informaticists in hospitals, with appropriate resources and authorityStrengthen and grow the CCIO roles, others trained in clinical care and informatics and health ICT professionals Allocate national funding to help hospitals implement eHealth and maximise benefitsSet a time for substantial eHealth maturity when central financial support for hospitals can end and regulators deem those that have not achieved high eHealth levels as not compliant with quality and safety standardsLink national finance viable local implementation and improvement plansOrganise local and regional learning networks to support implementation and improvementEnsure IOp as a core eHealth component needed to promote better clinical care, innovation and researchSupport a robust, independent evaluation of eHealth strategies and act on the findings.
Sustained investment in eHealth leadership across Africa’s healthcare’s needed too. Acfee proposes a triumvirate of clinical, political and executive eHealth leadership throughout healthcare. It’ll take time to reach a critical mass, so starting now’s essential. Future eHealth Leaders at eHealth ALIVE 2017 in October’s provides a step forward.
Appendix F’s an eHealth maturity index. Its self-assessment has three main themes:Readiness, strategic alignment, leadership, resourcing, governance and information governanceCapabilities of records, assessments and plans, transfers of care, orders and results management, medicines management and optimisation and remote and assistive care and standardsInfrastructure for WiFi, mobile devices, single sign-on and business continuity.
Africa’s eHealth will benefit from a fourth component, benefits. It include benefits realisation and the timescales need to reach the critical mass to provide a socio-economic return on eHealth investment.
- 231 views
- December 11, 2017
- Tom Jones
England’s NHS could have prevented the WannaCry cyber-security breach
It was a bad day for England’s NHS. On 12 May, the WannaCry ransomware attack breached over a third of its organisations’ cyber-security defences. Without access to data, many patient services and schedules were disrupted and brought to a halt. It was a shock to the health system. NHS Digital believes not data was stolen.
A report from the UK’s National Audit Office identified 14 facets of the breach. The lessons are essential for Africa’s eHealth.The NHS was not the specific target, but it resulted in a major incident and emergency arrangements to maintain health and patient careOn the evening of 12 May, a cyber-security researcher activated a kill-switch, stopping WannaCry locking devices and avoiding more disruptionWannaCry was the largest cyber-attack to affect the NHS, following attacks on several organisations, the NHS trusts, before 12 May 2017, two of which breached by WannaCry had been breached beforeThe Secretary of State for Health asked the National Data Guardian and the Care Quality Commission (CQC) to reviews and report on data security, identifying, in July 2016, that cyber-attacks could lead to patient information being lost or compromised and jeopardise access to EPRs, resulting in all health and care organisations needing to provide evidence that they were improving cyber-security, including moving off old and obsolete operating systems, such as Windows XPThe Department of Health (DoH) and its arm’s-length bodies did not know if local NHS organisations were prepared for cyber-attacks, including their responses to NHS Digital alerts in March and April 2017 warning organisations to patch their systems to prevent WannaCry, crucial knowledge because NHS Digital cannot mandate local bodies to act, even if it has vulnerability concernsWannaCry spread across the Internet, includingthe broadband network connecting all NHS sites in England, the N3 network, but there were no instances of it spreading across the NHS email system, NHSmailAt least 34% of England’s NHS trusts were disrupted, but DoH and NHS England don’t know the full extent of the disruptionThe scale and scope of the disruption isn’t known, but an estimated 19,000 thousand appointments were cancelled, operations were cancelled and in five areas, patients had to travel further to A&E departmentsThe Department, NHS England and the National Crime Agency confirmed that no NHS organisation paid the ransom, in line with NHS Digital advice, but the DoH doesn’t know how much the service disruption cost the NHS and patientsA DoH plan that included roles and responsibilities of national and local organisations in responding to cyber-attacks had not tested at local levels, so the NHS was not clear about actions it should take when WannaCry struck, a deficiency exacerbated because WannaCry was different to previous incidents, such as a major transport accident, and took more time to determine the cause and scale of the problemWithout rehearsals for a national cyber-attack, it was not immediately clear who should lead the response, and there were communications problems tooIn line with its existing procedures for managing a major incident, NHS England initially focused on maintaining emergency care All organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to prevent the breach by patching obsolete Windows operating systems and managing their firewalls facing the Internet would have guarded organisations against infection.
In response, the NHS’s:Developing a response plan setting out what it should do to respond to cyber-attacksEstablishing roles and responsibilities of local and national NHS bodies and the DoHEnsuring organisations implement critical CareCERT alerts for emails sent by NHS Digital providing information or requiring action, including applying software patches and keeping anti-virus software up to dateEnsuring essential communications work during attacks when systems are downEnsuring organisations, boards and their staff take cyber-threats seriously, understand the risks to front-line services and work proactively to maximise their resilience and minimise impacts on patient care.
Since WannaCry, 39 CareCERT alerts have been issued by NHS Digital between March and May 2017. They require essential action to secure local firewalls.
These insights and lessons are valuable for Africa’s eHealth. They provide a component of the cyber-security strategies and plans they need.
- 337 views
- December 08, 2017
- Tom Jones
Dell offers better access to imaging data
Modern eHealth can provide mountains of clinical data. Storing and accessing it effortlessly in real-time’s an increasing challenge. A whitepaper from Dell EMC, available from EHR Intelligence, describes a way to do it.
Key Strategic Technolgies (sic) to Improve Access to Clinical Data promotes two principles for PACS. One’s that storage infrastructure shouldn’t need redesigning every time new data’s added. The other’s to have a Vendor Neutral Archive (VNA).
Affording a fully-fledged solution can be a challenge for Africa’s tight eHealth finances. Dell EMC proposes a phased approach that supports future VNA deployment. It is flexible enough to support a wide range of performance demands such as data analytics, expansion into private, hybrid, or public clouds and changing clinical workflows.
It’ll need Africa’s eHealth programmes to partner with infrastructure development vendors who can:Scale local architecture without downtimeMaintain daily performanceReduce or eliminate future migration burden.
These will help to achieve several objectives that improve healthcare quality:Integrate imaging with other eHealthEnable doctors to taking clinical decisions using the most pertinent, complete, accurate and timely patient data.
Can this find a place in Africa’s eHealth strategy? The principles fit all types of clinical data.
- 402 views
- December 07, 2017
- Tom Jones
Conférence internationale sur la télésanté et la télémédecine au Maroc
Casablanca, la case blanche poumon économique du Maroc moderne, est célèbre pour beaucoup de choses, y compris la diversité architecturale des bâtiments (célèbre mosquée Hassan II), de l'art déco à la modernité traditionnelle. Cette semaine, c'est l'architecture numérique de la santé qui est à l’honneur. C'est là qu’à lieu la 22ème conférence internationale sur la télémédecine et la télésanté, qui débute aujourd'hui avec un vaste programme technique. Je suis heureux d'être présent, avec Dr Sean Broomhead, Président d'Acfee, et de nombreux collègues et amis de toute l'Afrique.
Les objectifs de la conférence sont de présenter des expériences pratiques et des résultats de recherche dans le domaine des solutions de télémédecine et de télésanté, et de fournir aux professionnels de la santé, aux représentants de l'industrie, aux décideurs politiques, aux chercheurs et aux scientifiques et de nouveaux concepts et idées en télémédecine, en télésanté et en santé électronique.
MeHealth 2017 réunit les membres de la Société marocaine de télémédecine et de télésanté (MSfTeH), de la Société internationale de télémédecine et de télésanté (IsTeH) et un large éventail d'autres institutions et organisations locales et internationales impliquées dans le développement et la mise en œuvre de la télémédecine.
La conférence MeHealth 2017 de Casablanca, la 22ème conférence internationale de l’ISfTeH veut présenter des expériences pratiques et des résultats de recherche dans le domaine de la télémédecine et des solutions eHealth, et fournir des opportunités aux prestataires de soins, des représentants de l'industrie, des décideurs, des chercheurs et des scientifiques de se rencontrer et discuter des projets en cours, de la recherche et des nouveaux concepts et idées en télémédecine, en télésanté et en santé mentale.
L'utilisation des technologies de télémédecine et de télésanté représente une réelle opportunité d'améliorer la qualité de vie des patients et de réduire les coûts de santé. Cependant, il fait face à d'importants défis liés à la propriété des données et à la vie privée des patients, à l'engagement du professionnel de santé, à l'adhésion du patient, à l'intégration dans les soins courants, aux aspects financiers et de remboursement.
Les conférenciers comprennent des intervenants de classe mondiale comme:Prof. Francesco SicurelloDr. Najeeb Al ShorbajiPeter J. TonellatoM. Abdarrhman AnneDr. Zakiuddin AhmedLuis FalconProf. Maurice Mars
Les sessions parallèles couvrent les thématiques suivantes:Santé numériqueTélémédecine en AfriqueGNU SantéInformation médicaleBioinformatique Casablanca est également célèbre pour le film de 1942 portant le même nom et son célèbre Rick's Café. Alors que le café original était sur un plateau de tournage hollywoodien, un entrepreneur marocain a depuis créé le véritable Rick's Café à Casablanca. Le restaurant est logé dans un grand bâtiment traditionnel marocain construit en 1930. Nous vous invitons à le découvrir.
- 506 views
- December 06, 2017
- Ousmane Ly
eHealth and Telemedicine meeting kicks off in Morocco
Casablanca, Morocco is famous for many things, including diverse building architecture, from Art Deco to modern. This week it’s a digital health architecture attraction. It is the venue for the 22nd International conference on Telemedicine and eHealth, which kicks off today with an extensive technical programme. I am happy to be attending, along with Acfee Director Dr Ousmane Ly and many colleagues and friends from across Africa.
The goals of the conference are to present practical experiences and research results in the field of Telemedicine and eHealth solutions, and to provide opportunities for healthcare providers, industry representatives, policy makers, researchers and scientists to meet and share and discuss current projects, research, and new concepts and ideas in Telemedicine, Telehealth and m/eHealth.
MeHealth 2017 brings together members of the Moroccan Society for Telemedicine & eHealth (MSfTeH), the International Society for Telemedicine & eHealth (IsTeH) and a wide range of other local and international institutions and organizations who are involved in Telemedicine/eHealth development and implementation.
Speakers include:Prof. Francesco SicurelloDr. Najeeb Al ShorbajiPeter J. TonellatoMr. Abdarrhman AnneDr. Zakiuddin AhmedLuis FalconProf. Maurice Mars
Satellite workshops cover:Digital HealthTelemedicine in AfricaGNU HealthMedical InformationNA Student Symposium BioinformaticsStartathon: Innovation in Telemedicine and eHealth. Casablanca is also famous for the 1942 film and its infamous Rick’s Café. While the original café was a Hollywood film set, an enterprising entrepreneur has since created a real Rick’s Café in Casablanca. The restaurant is housed in a traditional Moroccan grand mansion built in 1930. I look forward to checking it out.
- 947 views
- December 06, 2017
- Sean Broomhead
eHealth Africa pilots AVADAR to track Toward Polio Eradication progress
In response to the reported cases of wild poliovirus in Nigeria, eHealth Africa (eHA) partnered with Bill & Melinda Gates Foundation, the WHO, and Novel-T to pilot a mobile surveillance app for Acute Flaccid Paralysis (AFP) in children. It’s a condition of a rapid onset of weakness of people’s extremities, and includes Guillain-Barré syndrome. AFP often causes weakness of respiration and swallowing muscles, progressing to maximum severity within one to ten days.
WHO defines AFP surveillance as six goals:Track wild poliovirus circulationUse data to classify cases as confirmed, polio-compatible or discardedMonitor routine coverage and surveillance performance using standard indicators in all geographical areas and focus efforts in ones that are low-performingMonitor seasonality to determine low season of poliovirus transmissions to help to plan National Immunisation Days (NID)Identify high-risk areas to plan mop-up immunisation campaignsProvide evidence to certification commissions of interruptions of wild poliovirus circulation.
Standard indicators are:>90% of expected monthly reports>1/1000,000 annualised non-polio AFP rate per 100,000 children under 15>80% of AFP cases investigated within 48 hours>80% of AFP cases with two adequate stool specimens collected 24-48 hours apart and less than 14 days after onset>80% of specimens arriving at laboratories in good condition>80% of specimens arriving at a WHO-accredited laboratories within three days of despatch>80% of specimens for which laboratories’ results sent within 28 day turn round.
AFP surveillance’s one of four cornerstone strategies of polio eradication. The objective’s to identify all cases of polio through a system that targets any case of AFP as a potential case of polio. AVADAR’s a surveillance tool on android mobile devices provided to health workers and community informants. It aids AFP detection and reporting both in health facilities and local communities.
- 325 views
- December 06, 2017
- Lesley Dobson
IBM Watson supports better care plans
Horizons provoke considerable sentimentality and concepts. Pankaj Patel, an Indian businessman and chairman of Cadila Healthcare urged people “Dwell on possibilities to open up your horizon.”
It seems that IBM Watson aims to help too. Its Whitepaper. Population health management beyond the EHR:Part 2 unsurprisingly builds from Part 1 that EHRs are necessary but not sufficient. It proposes a care collaboration platform based on a data lake to which all care team members contribute.
Cognitive computing ‘s the means to achieve it, combining parallel processing with augmented intelligence. It structures unstructured data, enabling fast searches of medical literature, finding connections and patterns among myriad data types and enables computers to learn. These can be used to:Identify real outcomes from similar patientsEnable clinicians to make informed decisions about diagnosis and treatmentUtilise data on social determinants of health and genetic and environmental factors that influence healthProduce personalised clinical guidelines, so patients’ personalised care plans are more effectiveImprove clinical decision support over time.
Central data registries can be expanded to include many elements not typically available through clinical and claims data alone. Extra content be added from care managers and community health workers whose pertinent patient observations might not be able to be document in EHRs.
This wider range of data can be used for better:Performance management with retrospective concurrent, and predictive analytics applied to new payment and delivery modelsRisk identification and mitigation of stratified populations into cohortsOperational processes.
Personalised care’s the core goals. Achieving it needs more than IBM Watson. Clinical eHealth leadership’s vital too. Warren Bennis, founding chairman of The Leadership Institute at the University of Southern California has a concept to achieve this. “The manager has his eye on the bottom line; the leader has his eye on the horizon.” Which eHealth horizon?
- 381 views
- December 05, 2017
- Ameera Hamid
How can bad robots be kept out?
Automation’s steadily progressing across healthcare. It relies on AI and robotics, but not all robots are up to the job. Keeping bad bots at bay’s vital. An eBook from Quocirca sets out a way to do it, leaving the way clear for good bots to help in a range of services. Examples are admin bots that can make appointments, help to access clinical records, answer billing queries and process payments. Chat bots can deal with routine ailments, freeing healthcare professionals to deal with more complex patients. AI’s the driver behind these changes.
Four types of bad bot activity’s:Stealing personal informationCredit care fraudHealthcare insurance fraudBribery and extortion.
The OWASP Foundation, a global not-for-profit charitable organisation aiming to improve security of software, runs the Open Web Application Security Project that combats bad bots. Its Automated Threat Handbook lists criminals’ 20 most common activities that use bots. It also publishes its Top 10
Most Critical Web Application Security Risks, the latest for 2017 are:InjectionBroken authenticationSensitive data exposureXML external entities (XXE)Broken access controlSecurity misconfigurationMissing function level access controlCross-Site Scripting (XSS)Cross-Site Request Forgery (CSRF)Insecure DeserialisationUsing components with known vulnerabilitiesInsufficient logging and monitoring.
Developers can introduce these vulnerabilities in their software code, making it easy for bots to find, then mimic human behaviour to achieve illicit access. Three traditional ways to mitigate their threat and enable good bots to succeed are:Firewall rules can be changed to block source IP addresses used by cyber-criminals’ bots, but they regularly change IP addresses, can’t deal with previously unknown bots and may block legitimate usersWeb Application Firewalls (WAFs) protect web applications by exploiting common software vulnerabilities, but apart from vulnerability scanners, most bad bots don’t target vulnerabilities, they mimic real users, so WAFs can’t stop themCompletely Automated Public Turing tell Computers and Humans Apart (CAPTCHA), are-you-human tests can work can, annoy some users, but some bad bots can bypass themGeofencing can limit access to websites and apps to users from specified locations, but cyber-criminals can move their location using VPN links to a local Point of Presence (PoP)Direct Bot Detection (DBB) tools and mitigation can distinguish bots from humans and classify them in real time using behavioural analysis and digital fingerprinting, and across several organisations, can improve their understanding of bad-bots through machine learning, identifying bots, determining their provenance and deciding if their activity should be allowed, controlled or blocked.
Quocirca says all 20 of the bot types identified by OWASP can be managed using DBB and unwanted activity curtailed. DBB tools aren’t an alternative to the other measures. They can be integrated with other network protection technologies such as WAFs, Intrusion Prevention Systems (IPS) and Security Information and Event Management (SIEM).
Adopting the increasing range of cyber-security measures is essential for Africa’s eHealth. Keeping up with trends is too, and links with OWASP can help. Individual membership’s US$50 a year, US$95 for two years and US$500 for lifetime. Corporate membership starts at US$5,000.
- 348 views
- December 04, 2017
- Ameera Hamid
What's needed to help improve EHRs?
Millennia ago, primitive people huddled in caves to keep warm and protect themselves from big, wild beasts, many now extinct. As people advanced, huddling became less important, but it’s emerged in healthcare, and EHRs are the catalyst.
Safety huddles to proactively identify and address electronic health record safety, a study in the Journal of the American Medical Informatics Association (JAMIA) identified 245 safety concerns related to EHRs. To be more precise, safety huddles found them. Four main types were:42% EHRs’ technology working incorrectly26% EHRs’ technology not working at all17% EHRs’ technology missing or absent16% user errors.
Huddling theory says the activity’s helpful in creating collective situational awareness, leading to increased organisations’ capacity to respond to concerns, limitations and weaknesses. The study shows it:Promoted discussion of several technology issues in organisationsServed as a promising technique to identify and address EHRs’ safety concerns.
The team recommends that healthcare organisations consider huddles as a strategy to promote understanding and improvement of EHR safety. If it works for safety, it could help with other weaknesses in EHRs. If it works for EHRS, it could work for some other eHealth services too.
It seems that our ancient ancestors were on to a modern management technique, so announcement in waiting rooms could soon be saying “A doctor will see you shortly. At the moment, they’re all huddling for eHealth.”
- 346 views
- December 01, 2017
- Tom Jones
Are Africa’s eHealth start-ups on the move?
Africa’s health systems need a vibrant eHealth start-up environment that provides local solutions. It’s good news that the number of Africa’s eHealth start-ups is rising. Most don’t leverage mHealth.
The report from the start-up portalDisrupt Africa High Tech Health: Exploring the African E-health Startup Ecosystem Report 2017, identified 115 eHealth start-ups in 20 African countries, about 37%. It reveals the need to stimulate eHealth start-ups in the other 63%.
Investment’s increasing too, especially finance for businesses growth. The combined eHealth start-up investment’s exceeds US$19 million. Most eHealth start-ups in the report don’t use mHealth. It’s about 44%.
Niche solutions are an important component of Africa’s eHealth investment. As demand and opportunities expand, especially for mHealth, the scope for Africa’s eHealth supply side can expand with it. A report in Standard Digital summarises the landscape using data from the 20 countries over three years from Disrupt Africa, it says about 73% of Africa’s eHealth ventures provide mHealth solutions. Local eHealth innovators are emerging in Uganda, Ghana, Egypt, and Senegal. Start-ups launching across Africa has increased over three years. Investors are starting to support start-ups planning to grow expand.
Africa has an estimated 115 eHealth start-ups. About 28%, 32, are in East Africa. Nearly half of these, 15, of East Africa’s eHealth start-ups in are in Kenya, about 13% of Africa’s total. They may be confronting challenges in attracting finance, unlike reported significant investment in other countries in the region. Does it mean that the available finance’s being spread more evenly, or is it because better investment opportunities are emerging from other countries?
Total investment in eHealth start-ups over the period is estimated at US$19 million. Kenya start-ups raised US$379,600, under 2%.
Africa.com has a different perspective. Its report identifies Tunisia emerging as the next eHealth hub. It says there are more than 300 African tech start-ups, 54, 18%, in South Africa , 27, 9%, in Kenya, 23, 8% in Nigeria and 15, 5%, in Tunisia. After creating a successful incubator in Kenya, Merck will launch a start-up incubator in Tunisia by 2019 to collaborate with innovative eHealth start-ups.
It’s not all rosy. Several challenges to growth are seen as access to finance, uncertain policies, competition from established brands and finding and recruiting talent.
Africa’s eHealth strategies need to parallel these initiatives. They’re creating opportunities to improve health and healthcare.
- 425 views
- November 30, 2017
- Tom Jones
Telehealth may increase healthcare demand
Telehealth, using telephones and including telemedicine, can benefit patients, health workers and healthcare organisations. One probable benefit is reducing reliance on GP and Emergency Department (ED) visits with virtual visits, so reducing healthcare costs. Another’s convenience for patients. It seems that can patients’ convenience’s reducing healthcare benefits, a case of supply led demand.
A study in Health Affairs, Direct-To-Consumer Telehealth May Increase Access To Care But Does Not Decrease Spending, found that the convenience of telehealth services for patients may mean they solve access issues long before they bend healthcare’s cost curve. It may be these much shorter waiting times and earlier utilisation may increase healthcare spending.
The research team analysed over 300,000 patients’ commercial claims data spending for acute respiratory illnesses. Data extended over three years. About 12% of telehealth visits replaced visits to other providers. Some 88% was new utilisation with shorter waiting times. Net annual spending on acute respiratory illness services increased by $45 for each telehealth user.
eHNA reported on a similar outcome for an eVisit service. The findings seem reinforce each other. Africa’s eHealth programme should include the probability of the phenomenon in their telehealth business cases so additional healthcare resources that may be required can be planned too.
- 377 views
- November 29, 2017
- Tom Jones
mHealth keeps expanding, but Africa and South America are trailing
The mHealth market’s been growing steadily, and will keep it up. In its report mHealth App Economics 2017 Current Status and Future Trends in Mobile HealthResearch2Guidance (R2G), a strategy advisory and market research company, assesses how digital intruders are taking over the healthcare market.
This year, there are 325,000 health and fitness apps available from all major app stores. It’s 78,000 more than last year.
Most eHealth practitioners come from Europe, 47%, and 36% from the US, a combined 83%. Asia-Pacific accounts for 11%. South America and Africa trail at 4% and 2% respectively, confirming the need for increased human capacity development.
Other findings include:Android’s overtaking Apple in health app numbers84,000 health app publishers release appsWidening demand and supply gap, with high number of developers and low downloads growth ratesUS$5.4bn investment in eHealth start-ups fuelling the marketUsers will download an estimated 3.6bn apps in 201718% are not developing health apps because of uncertain regulations53% of eHealth practitioners expect health insurances to be the future distribution channel with best market potentialAn estimated 28% pure eHealth market players in the eHealth industry.
Two app types may have a big healthcare impact. Artificial Intelligence (AI) is seen as the most disruptive technology. It’s seen as combining with remote monitoring to be the technologies that will disrupt healthcare most. The profile’s:AI 61%Remote monitoring and assistance 43%Wearables 34%IoT 30%Virtual reality and intelligence 27%3D printing 22%Blockchain 18%5G 8%Other 5%.
It seem that there’s an opportunity for Africa’ health systems to support and expand their local health app supply side. An integrated demand and supply strategy could do it.
- 377 views
- November 28, 2017
- Tom Jones
Ponemon shows cyber-security knowledge’s improving
As cyber-attacks expand in sophistication and volume, knowledge about them’s expanding too. Ponemon Institute, a US research organisation, surveys ICT and security leaders about cyber-security each year. For five consecutive years, its State of Endpoint Risk Report, has added to organisations knowledge. Barkly, a cyber-security firm, has released a preview. The findings are important for Africa’s healthcare and its eHealth and its cyber-security plans.
Organisations are struggling to secure their endpoints against new and evolving threats. It’s exacerbated by its high cost for each successful attack. Three other themes are:Fileless cyber-attacks area an increasing risk, now about 77% of all cyber-attacksTrust in Anti-Virus (AV) programs that rely on file scanning and signature matching has waned, with about 80% of organisations replacing or augmenting AV in 2017Endpoint security is becoming more costly and complex.
False positives are the most significant hidden cost of endpoint protection. Almost 50% of alerts were false alarms. Costs and complexity is increased too because organisations have an average of seven different agents installed on endpoints. Each one needs its own monitoring, so diseconomies of scale. About 75% of organisations find cyber-security management a challenge.
Affordability and capability’s starting to bite. Only a third of organisations have enough resources to manage cyber-security effectively, a salutary finding for Africa’s health systems.
Four measures needed to respond to the trend are:Move beyond traditional AVInvest against protection against fileless cyber-attacksReduce endpoint management complexityFocus on prevention first, before detection and response. These match Ponemon’s findings. There are two challenges are, first, how can the two-thirds of organisations with insufficient resources afford them? Second, can the one third afford the extra cost? Answers to both are vital for Africa’s health systems?
- 447 views
- November 27, 2017
- Tom Jones
eHealth’s goals need shifting to meet doctors’ needs
There’s a vicious circle revolving around eHealth. As eHealth moves ahead, it’s creating a demand for better eHealth. Dr James Madara, CEO at the American Medical Association (AMA) set some of these out in his recent speech, recorded on YouTube. He sees doctors confronting “Oceans and oceans of data, but only puddles of clinical meaning.” It seems the eHealth challenge’s moving from providing data to giving health professionals the means to navigate their way through the rising tide. His “Longer timelines” view included the utilities needed for a “secure and timely data flow“ needed to improve clinical data liquidity.
Fierce Healthcare has summarised some of his themes on the ability of doctors to extract clinical meaning from rapidly expanding data sets and as disorganized and siloed eHealth ecosystem. He equates it to “The fable of the blind men touching the elephant. One feels the trunk, another the tail, one the ear, and each one of the men [sic] has in his mind some different image. That’s what healthcare data are today. Each of us touching data bit-by-bit, then spending time conceptualising the elephant.” AMA’s Integrated Health Model Initiative (IHMI) is helping to deal with these concerns. It includes building a common data-sharing structure with Intermountain Healthcare.
An example he uses is a concept from EHRs that existing data in them can be shared and used for current clinical decisions. He set out a scenario of a doctor who suspects patients suffer from hypertension, so “effortlessly” accesses their blood pressure readings from previous healthcare providers. He said doctors can’t do that.
Africa’s eHealth strategists need to consider Dr Madara’s perspectives. As eHealth investment generates more data, Africa’s health systems simultaneously can put in place the tools that healthcare professionals need to navigate their way through it. eHealth benefits depend on them.
- 380 views
- November 24, 2017
- Tom Jones
KLASified IOp needs to progress
A bit like an horizon, as eHealth Interoperability (IOp) takes a step forward, its horizon seems like two steps further away. KLAS, the eHealth analyst outfit, has published its Interoperability 2017 report of its Cornerstone Summit. First Look at Trending – Some Progress toward a Distant Horizon,” summarises the findings. It’s the third interoperability summit. The KLAS 2017 research provides the first year-on-year comparison measuring progress. There’s plenty left to do.
KLAS research shows that shared patient data often fails to benefit patient care much. It’s an important insight for EHR business cases, and reveals the ubiquitous gap between eHealth’s potential and its probability in realising its benefits. An essential question to ask before driving ahead investing scarce resources is asking eHealth sponsors to estimate the percentage of patient encounters in which:Outside data informs healthcare delivery betterUsers have access to needed data from outside their organisations.
Most of the report deals with methodologies and questions about measuring IOp. They provide a wide range of detailed and precise themes that Africa’s eHealth programmes can use to specify and test their IOp components.
Other issues are:Should behavioural health and home medical equipment be incorporated in post–acute care interoperability?Pharmacies are key partners in post–acute care IOp, so need includingWhich IOp capabilities and synergies should or should not exist between post–acute care and hospital systems?Should hospitals’ Emergency Department (ED) systems query HIEs to identify if patients receive home health services, and can the home health records and their patient information be added to ED systems?
Healthcare’s concerns and insights include:Securing national IOp inter-organisational trust of incoming data and its accuracyClarity on liability of outgoing data not being used securely or guarded How to co-ordinate between organisations sharing data, especially when different users need different data?How can patients help bridge IOp?IOp gaps in healthcare transitions are a significant market oversight and need fixingHow should information blocking be defined and implemented?
Africa’s eHealth programmes can extract invaluable insights from the KLAS report. I can help them extend the stride of the next step. Whether it takes them closer to the IOp horizon’s another matter.
- 304 views
- November 23, 2017
- Tom Jones
Is connected eHealth enough to lead to healthier people?
eHealth’s ICT network, and especially mHealth’s, offers considerable potential for healthier people. Like all eHealth, its probable impact is always less than its potential. A study in the Journal of Medical Internet Research (JMIR) by a research team in Montreal, Canada, identified the phenomenon for connected health tools.
Is Connected Health Contributing to a Healthier Population? Reviews mHealth’s health impact. It,
It’s clear that mHealth enables more precise diagnostics, personalised health recommendations that enhance patient experiences and outcomes and contains healthcare costs. But, for mHealth to achieve its full potential, at least five issues need addressing.
JMIR’s editor says JMIR Publications discourages the use of Connected Health (cHealth). It’s not clear if how it differs from eHealth, mHealth or Ubiquitous Health (uHealth). eHNA’ll stick with eHealth and mHealth.
One issue’s achieving active engagement in mHealth use, privacy, security, quality, and developing evidence-based guidelines. The expanding mHealth market, at over 165,000 apps in 2015, conveys an urgent imperative to deal with these. With such a profile and plethora, it’s a bit odd that only 12% of health-related apps have 90% of downloads; a considerable underutilisation and corresponding limited impact on health.
Maybe, as the study hints, the current focus technology may be too extensive, while simultaneously ignoring the need for a paradigm shift in healthcare providers from fixer to coach, that welcomes, encourages, requires and activates patients’ engagement in their own wellness and care. It could be that uptake strategies are needed to ensure individual’s mHealth engagement is their highest prior for health and illness issues. Succeeding may need a better understanding of the health literacy gap causes.
Quality’s a challenge. Many consumers, developers and manufacturers aren’t aware of many of mHealth’s technological standards and regulations. Lacking supporting evidence, users often rely on subjective five-star ratings to gauge quality. Apple’s App Store advises that “medical apps that could provide inaccurate data or information, or that could be used for diagnosing or treating patients may be reviewed with greater scrutiny.” Recent initiatives might help overcome this risk and misplaced dependency:Reach, Effectiveness, Adoption, Implementation, and Maintenance (RE-AIM) framework evaluates health behaviourMobile App Rating Scale (MARS) assess and scores qualityConsolidated Standards of Reporting Trials (CONSORT-EHEALTH) encompasses initiatives developed by the CONSORT Group to alleviate problems arising of inadequate randomised controlled trial (RCT) reporting.
Africa’s mHealth emphasis should take note of these. Without them, mHealth may become just a bit of Health.
- 376 views
- November 22, 2017
- Tom Jones
How to deal with with ransomware
A perspective on eHealth cyber-security is the challenge to cope with changes in government regulations, a revolution in medical device and mobile technology expanding at about 20% a year and healthcare transformation. Its eBook Ransomware: What every healthcare organization needs to know, Cisco sees this as a “Perfect storm of complexity and vulnerability” for information security.
Cisco Umbrella is a cyber-security platform for the cloud. Supporting advice in the eBook covers:What is ransomware?How prevalent is the threat?Why healthcare?How does infection happen?How does an attack work?How to protect organisations?The first line of defence.
It sets out four main causes of infections:Phishing emailsCompromised web sitesMalvertisingFree software downloads.
Cyber-attacks come from two sources, email and web sites. Clicking on an illicit link in an email or visiting a compromised or malvertising web site can trigger a sequence of events:Launching a download and installation of an exploit kit.Exploit kit identifies vulnerabilities in users’ systems and sends these back to the malicious infrastructureInstalling a targeted payload on users devices that can exploit the vulnerabilitiesCall-back to retrieve private malicious encryption keys that encrypt dataNotify users that a ransom payment will release the encryption key.
Stopping ransomware attacks needs a set of actions to:Monitor global cyber-criminal activities for insight into where hackers are staging infrastructure for future attacksProtect patient devices, medical IoT endpoints, Protected HealTHInformation (PHI) and Personally Identifiable Information (PII) data systems, including ones that don’t support agentsDiscover and block likely malicious domains and Internet Providers (IP)Feed contextual threat intelligence into security management or incident response environments to identify which incidents need attentionKnow how unmanaged mobile and IoT devices connect to networks to prevent patient data exfiltration.
After a cyber-attack, assess what happened by:Identifying the root causeDeveloping a proactive cyber-security plan that leverages a multi-layer defenceUsing predictive intelligence to understand how and where attacks are staged on the InternetInternally segmenting networks to contain a breachRestoring data from backupsEducating employees about security best practicesDeploying first line defences that stop opportunities for lateral movement of ransomware in networks, eliminate its propagation and reduce the time cyber-attacks have to operate in networks.
Cisco’s eBook adds to Africa’s eHealth knowledge. It’s an essential document for its cyber-security library.
- 467 views
- November 21, 2017
- Tom Jones
Predictive analytics needed for better infectious disease tracking
When outbreaks of new diseases emerge, public health’s impact inevitably follows events. Eventually, it catches up. The US Government Accountability Office (GAO) report in May 2017, Emerging Infectious Diseases Actions Needed To Address the Challenges of Responding to Zika Virus Disease Outbreaks, found that the Zika virus case counts from the national disease surveillance system underestimate the total number infections because:Infected people may not seek medical care because they have only mild or no symptoms, or other reasons,May not be diagnosed because of limitations in Zika virus diagnostic testingIncomplete surveillance reporting.
Better, prompt and accurate information’s still needed. Three Congress representatives have written to the GAO boss, the Comptroller General, suggesting a subsequent study into predictive models and systematically integrating modelling into outbreak responses. They think the US can respond more effectively bt learning if:Federal agencies use predictive modelling to inform planning for emerging infectious diseases?How federal agencies use models to inform regulatory decisions about infectious disease outbreaks?Do medical product sponsors use predictive modelling?What funding’s available for infectious disease predictive modelling?What challenges do predictive modellers face?If and how, federal agencies validate models’ predictions? With predictive modelling and analytics expanding their potential, these seem like a good set of questions that all countries should ask. Answers can inform eHealth strategies and strengthen the role and impact of public health professionals.
- 345 views
- November 20, 2017
- Tom Jones
Rome Business School eHealth Masters
Better managers for a better world
Health Information Systems South Africa (HISP-SA)
HISP-SA develops and implements sustainable, integrated Health Information Systems that empower communities, patients and healthcare workers.
Cyber-security: themes for Africa's eHealth
Cyber-crime is on the increase, and Africa’s health sector is not immune to the growing and changing threats.
African eHealth Forum 2016 Report
Successful eHealth connects us with our information in ways that transform what we expect from our health...
African eHealth Forum 2015 Report
Acfee hosts the annual African eHealth Forum. It’s where Acfee’s Advisory Board, its industry partners...