We talk with the EHNAC Executive Director, Lee Barrett, and ask – why now their time has come.

You could say it’s not what you say – it’s how you say it. You could argue that everything about EHNAC is a contradiction, a misnomer.

The image of silver-haired Lee Barrett as he sits back in his university-like Office, gently guiding me into his world – where he has been active for more years than I have fingers and toes – belies the relevance of EHNAC in the current medical world stage.

And that’s the problem. Or to put it another way in marketing-speak – maybe it is the “opportunity”.

EHNAC is a nationwide accreditation process for healthcare players. Up to now, and since its origins in 1993 – its focus has been to give you and I a framework, if you will, a set of guidance, that says you have passed the test – whatever that may mean. You would be forgiven to think that this is akin to taking your driving licence; you get the magic certificate, the nod from the examiner and off you go.

And this approach misses the point. Because EHNAC have moved on. To understand its importance, is to recognise that in getting accredited for your internal and external processes – you are protecting your entire business against the risk of the unforeseen. By complying with industry standards, you are mitigating your exposure to malevolence or just pure chance of things going wrong. A tick in the box from EHNAC means that your processes are reasonable and acceptable.

It’s not like the Assessors at EHNAC don’t have the know how to guide you. The academic atmosphere of Lee’s office gives rise to years of practical experience, across some of the key issues of modern healthcare, which EHNAC imparts to its accredited organisations as part of the deal.

EHNAC is currently active across all of the USA – and mandated in New Jersey, Maryland, and Texas, Compliance with individual State legislation is not a quick process at a government level. But it can be an immediate step at the individual vendor level.

In the litigious world we live in, never has Risk Management become so important. Lee’s parting words to me were:

“We are agnostic; our years of experience has taught us how to deliver standards that give a meaningful structure for each of our varied accredited organisations. What they actually do – is not important. It is how they do it”.

Lee can be contacted at HIMSS in his meetings onsite.

Time to take healthcare security seriously.

We look at the rapid rise of Sasa  Software, and ask; has their time come?

The image of Oren Dvoskin, Commercial Manager at Sasa Software, sitting in his nondescript office, black t-shirt and headphones, looks Californian, as he spells out the pessimism of his profession.

“There are two types of hospital” – he says; “those that have been hacked and know it; and those that have been hacked, but don’t know it.”

Oren’s office is nowhere near Orange County. It is on the border of Israel and Lebanon. If anyone knows about pessimism, it is he. As Sasa Software prepare to face its growing and exponential market at HIMSS 2017 – it surely does not get any more black than this.

Cyber hacking and ransomware, is growing to the point where it cannot be ignored and assumed it is for someone else. But its growth is not the most alarming feature. It is that, for hospitals, any cyber attack would have to be pre-meditated and unique and specifically tailored to find the weak spot, the easiest point of entry, into that particular hospital.

What is worse is – because health records (which are the prime target) are deeply personal and full of personal ID info – any attack is inevitably immediately visible. Unlike say a Bank etc, a Hospital cannot pretend it has not happened and just pay the money.

This is no simple phishing attack.

What that means is, and why Sasa Software believe that this 2017 will be our most “challenging”, i.e. most concerted and worrying – is that Hospitals are still not waking up to this important threat, despite the evidence that 75% have suffered some sort of breach – and that is just those that are publicly noted.

The answer, according to Oren – is to have a mix of baseline protection, the sort that all of us have on our PCs and office servers and Cloud access. This stops the initial and simplest access. But to combat the precise and targeted attack mentioned above, Sasa take the view that every incoming email, data request, every file transfer – is a threat of some sort. Their range of solutions is designed to neutralise any incoming malware or suspicious entry, at source.

But it is also a realisation that files we take for granted – the DICOM image, the voice recording – that we regularly append to our EHR records, are the new source of threat. Viewing images online across the globe, that holy grail of Clinical Consultant interoperability – may be the one area that is the chiles heel for the modern Hospital.

If there is a light at the end of the tunnel, it is not in the fingers crossed hope that that things can get better,. It is the realisation that you can do something about it. Oren is a philosopher with a positive view of human nature, despite the nature of his profession and the market he develops.

The cost of your sorting out a cyber attack ranges from $230.00 – $400.00 per patient record. Sasa Software will be addressing both the Pharma and Clinical markets at HIMSS. Worth having a serious chat.


We talk with Protenus CEO, Robert Lord, about the danger of complacency in an easy-access interoperable world.
Like all things in life, there are good days, and bad; rainy days and silver linings. With healthcare, the drivers that we have been pushing as we motor down the cloud based highway have lead many to believe that patient record accessibility and interoperability is healthcare’s lone nirvana, its Holy Grail. In the same way that we all focus on paperless hospitals, we assume that, well, total access is a Good Thing.
And we would be wrong. Not that “interoperability” itself is a bad thing – but in a modern and real world, we need to be equally aware of the value of our patient data, and how vulnerable it is to both external and internal threats to patient data.
How so?
Because – if we consider that we would never make our Credit Card PIN available to anybody or that we would stand naked to probably only five people on the world; then our Doctor would certainly be one of them. Our personal patient medical record is private, and Hospitals have a duty of care to keep it so. This is not easy, and Hospitals need to take action.
Protenus is rising as one of the stars of HIMSS 2017. Protenus’ founders, Nick Culbertson and Robert Lord, met in medical school, but previously had careers in intelligence and finance , respectively. They now apply their backgrounds in these fields to the protection of electronic health records.
Robert Lord, CEO of Protenus, told us, when we caught up with him – that this is a matter of trust between you and your hospital. You need to feel secure that your personal data will remain personal to you and not be stolen or hacked. Interestingly, Robert told us that the biggest threat to our data comes from inside, the internal hacking of patient data.

Protenus has developed a platform that monitors access to patient data from employees, affiliates and business associates and ensures that every access is appropriate. Through using machine learning and rich clinical context, their system is highly accurate, and vastly improves the efficiency of privacy teams.
Robert is due to speak on this issue, alongside the CMIO of Johns Hopkins, Dr. Peter Greene, at HIMSS itself. What he said to us is: “We see a continuing transformation in the market – we believe that 2017 will be the year of insider threat awareness. While the challenges of inappropriate access and privacy violations have consistently plagued health systems, awareness of this issue has hit an important inflection point, with leaders throughout healthcare technology ready to change the way that we ensure trust in healthcare.”
The Protenus solution is enterprise software-as-a-service that can protect EHRs, HIEs, payors, and any other institution that stores and accesses patient data.