Lynette Moretlo Molefi
Kesandu Nwokolo
Francis Ohanyido
Alvin Marcelo
Anna Adelof
Tom Oluoch
Ndzalama Shivambu
Mats Larson
Keith Househam
Amnesty LeFevre
Onesmus Mwaura Kamau
Hammadoun Dia
Miroslav Koncar
Richard Gakuba

Tom Jones

eHealth Person at eHealth News Africa

Market research report on Brazil’s telemedicine shows it’s likely to increase from $495.3 million in 2015 to $743.8 million in 2017. That’s about a 50% increase in two years. Research and Markets published its findings and also found that the country’s mHealth market revenue look set to grow from $446.8 million to $1.43 billion over the two years, more than three times its 2015 spend.

Brazil’s teleradiology takes a huge market share, 98%. The remaining 2% is for specialist consultations and distance learning and education. mHealth is a different market. Its range’s broad, and includes some apps for telemedicine.

Despite mHealth’s gigantic growth forecast, there are several investment barriers. Short life-cycles is one. Both wearable and apps, and across vital signs remote monitoring and chronic disease management, mHealth’s rapidly and constantly transforming its ecosystem with new value proposition and solutions. Dealing with these obsolescence costs creates affordability challenges.

World Bank data shows Brazil’s Gross Domestic Product (GDP) per head as about US$8,539. An average for Africa’s about US$5,666. The extra 50% can make a big difference to eHealth affordability. Even so, Brazil’s forecast expansion’s huge, so Africa’s health systems may be able to see some significant growth.

Published: 2017-03-23 08:05:00
Tom Jones

In eHealth, going live usually involves uploading software and starting it up. Canada’s First Nations have a much better idea. Manitoulin Expositer has a report about eHealth’s razzamatazz. First Nations health officials and a Telus Health team were at Wiikwemkoong Health Centre to launch an EHR programme that will extend to more First Nations.

Manitoulin Island’s in Lake Huron in Ontario province. Its first nation routes go deep. Archeological discoveries found Paleo-Indian and archaic cultures dating from 10,000 BC.

With Michael McGregor of Giiwednong Health Link (GHL) eHealth programme manager as master of ceremonies, the go live started with a song by local drum group High Eagle Singers. Rita Corbiere, a Wiikwemkoong elder provided an opening invocation.

GHL’s a health and information management collaboration between Manitoulin Island and North Shore First Nation health organisations. It’s funded by Health Canada, with priorities for planning and implementing EMRs in GHL members’ health centres. Practice Solutions Suite (PSS) are part of the project too.

The project started in 2006. The long timeline justifies the celebrations. Next, 14 First Nation member communities will have their EHRs by March 2018. No wonder High Eagle Singers concluded the proceedings with an honour song.

This leaves two challenges for Africa’s communities. One is to start up their EHRs. The other’s to celebrate in a way that only Africans can do.

Published: 2017-03-23 08:00:00
Tom Jones

At eHealth’s high peak sits Interoperability (IOp). Reaching the summit’s a test of preparation and endurance. The view from the top might be breath-taking, but the ascent’s a continuing challenge.

A report from the US Government Accountability Office (GAO) has identified some of these. They’re essential lessons for Africa’s health ministries and systems. ELECTRONIC HEALTH RECORDS HHS Needs to Improve Planning and Evaluation of Its Efforts to Increase Information Exchange in Post-Acute Care Settings sets out five important findings from stakeholders about the US IOp project:

  1. Cost:
  • Facilities often have limited financial resources for the initial costs of EHRs
  • Additional costs may be incurred for exchanging information and maintenance
  1. Implementing standards: concerns are:
  • Variability in implementing health data standards
  • Difficulty finding health information relevant to post-acute care providers when this information’s exchanged
  1. Workflow disruptions: implementing EHRs needs post-acute facilities to change their daily work activities or processes, which can be disruptive
  2. Technology challenges: such as EHRs that can’t exchange health information electronically
  3. Staffing: a lack of staff with expertise to manage EHRs and high staff turnover result in a constant user training.

There are other challenges too. The Department of Health and Human Services (HHS) hasn’t measured the effectiveness of its efforts to promote EHRs. It also lacks a comprehensive plan to meet its goal to increase the proportion of post-acute care providers exchange electronically. These gaps are seen as inconsistent with leading principles of sound planning.

Current planning excludes key external factors and risks that may affect its efforts adversely. Without a comprehensive plan to address these, risks of not achieving goals. Consequently, HHS cannot determine if its efforts contribute to its goal, or if they need modifying.

The Office of the National Coordinator for Health Information Technology (ONC) plans to survey providers in post-acute settings to collect baseline data on EHR adoption rates and activities to

demonstrate ways to exchange health information electronically. Currently, they don’t extend to assessing HHR’s effectiveness in promoting EHRs use. In addition, most of the key efforts lack specific plans for evaluating their progress.

HHS accepts the findings. It plans to improve its tracking of EHRs use in post-acute care if resources become available. The constructive dialogue reveals the way that Africa’s programmes for EHRs should proceed up the mountain, one step at a time, where each step adds to the ascent.

Published: 2017-03-22 08:00:00
Tom Jones

After its success in Rwanda, Vision for a Nation (VFAN) is planning to take its approach to other countries. It could be good news for some African countries.

It’s already helped more than a million people in Rwanda to access eye care services. In four years, VFAN’s provided:

  1. Over 1.2 million eye screenings, more than 10% of the population
  2. 560,000 prescriptions
  3. 144,000 referrals for specialist treatment
  4. 109,000 pairs of glasses.

VFAN’s programme has supported Rwanda’s Ministry of Health to build an affordable, successful nationwide eye care service locally available to 10.5 million people. It’s fully integrated into the public health system.

Tom Rosewall, VFAN’s CEO says “Rwanda is the first emerging country in the world to provide all of its people with local access to affordable eye care.” The service in Rwanda’s sustainable. eHNA reported earlier that Rwanda’s Ministry of Health will assume full responsibility for new eye care services from January 2018. VFAN now plans to take its initiative to other countries around the world. Other parts of Africa are good places to start.

Published: 2017-03-21 08:00:00
Tom Jones

Despite a comprehensive cyber-security framework in place in the US, cyber-crime’s a major threat. It didn’t seem to help prevent a huge phishing attack to a hospital, reported on eHNA, indicating the scale and complexity of the challenge.

The US National Institute of Standards and Technology (NIST) has released for consultation its updated Framework for Improving Critical Infrastructure. It has two main parts, the report and a comprehensive checklist in Excel. They’re both essential for Africa’s health systems in developing their cyber-security.

The new report expands the cyber-security measures in the original framework from February 2014. Its new content includes:

  1. A new section on cyber-security measurement and correlating business results to cyber-security risk management metrics
  2. Expanded explanation of using the framework for supply chain risk management
  3.  Refinements to improve accountability for authentication, authorisation and identity proofing
  4. Better explanation of the relationship between implementation tiers and profiles, including establishing or improving a cyber-security programme and using framework tiers for implementation, and integrating framework considerations with risk management.

The Excel checklist has 23 categories. These lead on to 106 sub-categories and 398 cyber-security reference links. It’s a comprehensive list of actions needed for good cyber-security practices. The 23 categories are including:

  1. Asset Management (ID.AM) Asset Management (ID.AM):  identifying and managing data, personnel, devices, systems, and facilities consistent with their relative importance to business objectives risk strategies.
  2. Business Environment (ID.BE): understanding and prioritising mission, objectives, stakeholders, and activities to inform cyber-security roles, responsibilities, and risk management decisions
  3. Governance (ID.GV): understanding and using policies, procedures, and processes for managing and monitoring regulatory, legal, risk, environmental and operational requirements to cyber-security risk management
  4. Risk Assessment (ID.RA): understanding cyber-security risks to operations such as mission, functions, image, or reputation, organisational assets and individuals
  5. Risk Management Strategy (ID.RM): establish and use priorities, constraints, risk tolerances, and assumptions for operational risk decisions
  6. Supply Chain Risk Management (ID.SC): stablish and use priorities, constraints, risk tolerances and assumptions for risk decisions for managing supply chain risk and implementing processes to identify, assess and manage them
  7. Identity Management and Access Control (PR.AC): limiting and managing access to physical and logical assets and associated facilities to authorised users, processes, and devices consistent with the assessed risk of unauthorised access
  8. Awareness and Training (PR.AT): ensuring personnel and partners are aware of cyber-security and adequately trained to perform their duties and responsibilities consistent with cyber-security policies, procedures, and agreements
  9. Data Security (PR.DS): ensuring data’s managed consistent with risk strategies to protect its confidentiality, integrity and availability
  10. Information Protection Processes and Procedures (PR.IP): maintain and use cyber-security policies that address purpose, scope, roles, responsibilities, management commitment, and coordination, processes, and procedures to protect information systems and assets
  11. Maintenance (PR.MA): ensure control and information system components are maintained in line with policies and procedures
  12. Protective Technology (PR.PT): manage technical security solutions to ensure cyber-security and resilience of systems and assets consistent with policies, procedures and agreements
  13. Anomalies and Events (DE.AE): detecting and understanding anomalous activity and its potential impact promptly
  14. Security Continuous Monitoring (DE.CM): monitor information systems and assets at discrete intervals to identify cyber-security events and verify the effectiveness of protective measures
  15. Detection Processes (DE.DP): maintain and test detection processes and procedures ensure timely and adequate awareness of anomalous events
  16. Response Planning (RS.RP): implement and maintain response processes and procedures to ensure timely responses to detected cyber-security events
  17. Communications (RS.CO): co-ordinate responses with internal and external stakeholders, including external support from law enforcement agencies
  18. Analysis (RS.AN): analyse and review cyber-security measures to ensure adequate responses that support recovery activities
  19. Mitigation (RS.MI): performed activities to prevent expansion of events, mitigate their effect, and eradicate incidents
  20. Improvements (RS.IM): implement lessons learned from current and previous detections and responses
  21. Recovery Planning (RC.RP): implement and maintain recovery processes and procedures to ensure timely restorations of systems or assets affected by cyber-attackes
  22. Improvements (RC.IM): improve recovery planning and processes by incorporating lessons learned
  23. Communications (RC.CO): co-ordinate restoration activities with internal and external parties, such as coordinating centres, Internet Service Providers (ISP), owners of attacking systems, victims, other Computer Security Incident Response Teams (CSIRT) and vendors.

Challenges for Africa’s health systems include where to start and how long should it take to set up? The second question depends on the resources available. The reasonable answer to the second question is, pick a start that matches cyber-security priorities. If these aren’t explicit, start at 1. If there’s already been a cyber-attack, start at 1 and 20 may be relevant.

Published: 2017-03-20 08:00:00
Tom Jones

Cloud computing seems to have clear priorities for healthcare. A survey by Gatepoint Research, available from Health IT Security, sets out the views of 100 ICT senior decision takers in US healthcare. Supported by Level 3 Communications, Strategies for Next-Gen Healthcare Networks provides Africa’s eHealth leaders with a comparator for their cloud and network investment decisions. The survey shows:

  1. Cloud investment priorities are:
  • Business productivity 54%
  • Business continuity and disaster recovery 41%
  • Telemedicine 25%
  • Big Data and analytics 25%
  • EHRs 22%
  • Data storage 19%
  1. Healthcare network priorities are:
  • Reliability 76%
  • Security 63%
  • Support 47%
  1. Drivers for network investment are:
  • Security 91%
  • Manage application growth 8s%
  • Business productivity 81%
  • Future requirements 815
  • Storage 58%.

Like all eHealth, networks become obsolete. Half the ICT executives said their networks are due for upgrading in the next two years. About 21% said it was needed between one and two years’ time. Some 29% said it was needed within the next year. Taken together, none saw their networks’ current services being appropriate beyond two years.

This may indicate how important investment priority is for Africa’s eHealth leaders to find a slot in their short term eHealth investment plans. As networks are expanded to fill the gaps, short term upgrading’s needed too. 

Published: 2017-03-17 08:05:00
Tom Jones

Just because it’s an old hat doesn’t mean cyber-criminals give it up. Structured Query Language (SQL) the long-standing international standard for database manipulation, can still be part of a cyber-attack. SQL injection and Cross-Site Scripting (XSS) attacks enables cyber-attackers to inject client-side script, JavaScript, or Hypertext Markup Language HTML into web pages so other users can see them.

JavaScript’s an object-oriented programming language for creating interactive effects in web browsers. HTML’s a standardised system for tagging text files to achieve font, colour, graphic, and hyperlink effects on web pages.

SQL injections are common for Hypertext Preprocessor (PHP) applications, usually on Linux servers and with MySQL, and Active Server Page (ASP), Microsoft’s web server technology for creating dynamic, interactive sessions with users. Code Project has a post describes a small, sample code to deal with the vulnerabilities and combat these attacks. It’s available to download.

There’s more help, advice and a demonstration on a webcast from Alien Vault. It’s released it partly because it says SQL injection and Cross-Site Scripting (XSS) attacks affect millions of users and they need Security Information and Event Management (SIEM) solutions to find these vulnerabilities. SIEM collects and correlates data to identify patterns and raise alerts on cyber- attacks.

Watch this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.

  1. How these attacks work and what you can do to protect your network
  2. What data you need to collect to identify the warning signs of an attack
  3. How to identify impacted assets so you can quickly limit the damage
  4. How Unified Security Management (USM) can simplify detection with built-in correlation rules and threat intelligence.

Both sources offer Africa’s eHealth projects a start. It also needs to be part of comprehensive cyber-security strategies.


Published: 2017-03-17 08:00:00
Tom Jones

Many children know exactly how Hasbro’s celebrity autobots, the Transformers, work. It seems that top eHealth and healthcare experts aren’t sure how eHealth will transform healthcare. It maybe that new medical techniques and technologies will have a bigger impact. This was the theme at a World Economic Forum (WEF) event in Davos, Switzerland.

The discussion on the hospital of the future set out a theme of healthcare industry moving out of acute care in hospital into homes and clinics. As part of this, a wide, integrated range of data sources will help inform treatment plans. It’s seen as a global phenomenon, but two pertinent questions are:

  1. How will technology companies, especially those in health ICT, develop and provide services to collect and disseminate the data needed?
  2. How will health systems and their workforces use the data to improve outcomes and transform healthcare?

As a big wealth community, the WEF event has an excessive USA emphasis. For Africa, two crucial extra questions are:

  1. Can eHealth help to close the gaps significantly between its large burden of disease, its increasing population and its paucity of healthcare resources?
  2. If it can, how can it be done sustainably?

The experts at WEF outlined some of the new clinical techniques and practices beginning to transform healthcare. There was a downside too, the barriers to data sharing.

There’s nothing new about transferring healthcare from hospitals to community care. It’s been happening since healthcare was created. It has a parallel activity too. As hospitals divest, they also invest in new and more complex medical techniques and practices drawn from research. They’re two continuous curves. This discussion’s on You Tube too.

For Africa’s health systems, an extra eHealth theme is using eHealth to support health workers already working in communities. Giving them better access to drugs and diagnostic tests and results is a priority too.

The WEF experts were unclear about how patients’ can have their data and achieving Interoperability (IOp) between health systems and clinical services. Standardised terminology and health informatics are essential to help shift healthcare models towards communities and homes. Achieving it’s crucial because healthcare’s and medicine’s future depend on doctors who use new clinical techniques and eHealth creatively to improve patient care.

Is it time to send for Bumblebee and its team of heroic Autobots? Their mission could be to capture the evil eHealth Decepticons and Resisticons who are loose in healthcare, so “Rev up and roll out”, or maybe not. The steady eHealth trajectory’s much more appropriate for Africa

Published: 2017-03-16 08:00:00
Tom Jones

Emergency Rooms (ER) are busy. mHealth that eases workload and makes ER doctors’ working lives better are worth it. In Med Page Today, Dr Iltifat Husain has identified four that help.

GoodRx for Doctors, described by Dr Husain as “fantastic … for helping your patients be compliant with their prescriptions,” it included a bookmark to find medications prescribed frequently but may be unaffordable for patients. An equivalent for Africa’s health systems would be well received by communities.

OrthoFlow was developed by UK orthopaedic surgeons and doctors working in Accident and Emergency. Dr Husain says it’s “A great fracture management app that essentially puts an orthopedic surgeon in your pocket.” It helps with fracture management and understanding essential features of fractures, such as how much displacement needs changed management.

STD Tx Guide, developed by the US Center for Disease Control and Prevention (CDC) provides alternative antibiotic regimes for patients allergic to penicillin (PCN). The app was updated recently to include new guidelines.

Gout Diagnosis avoids tapping red or painful joints. Dr Joshua Steinberg took a validated study on gout diagnosis and created an app. He’s a bit of an appthusisast. They’re all available from iTunes.

Africa’s mHealth plans could include investment programmes in ER services. These would have to be in parallel with investment in mHealth for citizens and communities.

Published: 2017-03-13 08:00:00
Tom Jones

Africa’s eHealth’s not strong on cyber-security rules and regulations. They’re essential, but a survey of ICT security experts in the US by Level 3 Communications says they’re not enough. The results, available from Health IT Security are that:

  1. 96% feel vulnerable to a data breach
  2. 63% have suffered one
  3. 69% say meeting compliance requirements is very or extremely effective in safeguarding sensitive data.

In the US, eHealth security and privacy rules are set out in the Health Insurance Portability and Accountability Act 1996 (HIPAA). It established national security standards for eHealth. They are a vital component to protect confidential information from unauthorised access. Level 3 says that since the act, cyber-threats and the cyber-security landscape has evolved rapidly, but healthcare can’t keep up. Cyber-security has become more essential to protect data and healthcare availability and continuity.

Three emerging cyber-security themes have become healthcare’s biggest cyber-security threats:

  1. Vulnerable connected devices the cyber-criminals can access to plant malware
  2. Distributed Denial-of-Service (DDoS) attacks that render computers or networks unavailable
  3. Phishing, accounting for more than 36% of cyber-security breaches.

Four lessons for Africa’s eHealth are clear. First, ensure effective cyber security standards, rules and regulations. Next, keep them up to date to match the expanding cyber-crime initiatives. Third, ensure compliance. And finally constantly strive to go beyond compliance with effective excellent cyber-security practices.

Published: 2017-03-10 08:05:00
Tom Jones