BLAW6500 MTSU Legal And Ethical Issues In Healthcare Assignment
Assignment for Meeting #3 6500 Legal Aspects of Healthcare 1. NOTE: Unless indicated otherwise, all written
ORDER A PLAGIARISM FREE PAPER NOW
assignment are to be in 12 point Times New Roman font, 1 inch margins, double-spaced of a minimum of three (3) pages; and the cases, questionnaire, articles, and links to videos are located in the weekly module for this assignment on D2L (unless noted otherwise). The LearnScapes episodes are located in the publisher site (Jones & Bartlett) using the access code that you purchased with your bundle. 2. Read a. Chapter 12 (pages 396 – 413) in our textbook, Legal and Ethical Issues for Health Professionals by George D. Pozgar (4th Edition). b. Choose two articles posted under this week’s topic on D2L or do your own research regarding legal and ethical issues of big data, data security, privacy, or predictive analytics. c. Read the Ashe v. Radiation Oncology Assoc. case d. Read the National Health Corp. v. South Carolina Dept. of Health case. 3. Experience the Simulation and Complete Your Role by Answering the Questions in a Word Document: Watch LearnScapes Episode 4 in Jones & Bartlett LearnScapes for Health Care Ethics: “LearnScape 4: Confidentiality In this Learnscape, the student is the head of Information Technology (IT) Services. When test results for an upstanding member of the community come back as positive for Syphilis, the student is presented with some ethical decision making challenges based on laws requiring that the results to be reported to the state Public Health department, versus the ethics of patient/physician confidentiality.” 4. Complete Written Assignment #3: Reflect on the following questions. Then write a memo answering the following questions and upload your memo to the Dropbox on D2L by the due date/time: Part I: LearnScapes Health Care Ethics: Confidentiality In your Word document to upload on D2L, answer the questions from the episode. (Do not email the answers to me as indicated in the episode). BLAW 6500 Spring 2019 A2 Revised 2/13/19 Page 1 Part II: The Cases a. From the Ashe v. Radiation Oncology Associates case, briefly describe the three different standards used to determine causation in an informed consent case and the pros and cons of each? Which on did the Tennessee court adopt in this case? Which one do you think should be adopted? Explain. b. In the National Health Corp. (NHC) case, why did NHC lose in its application for a CON in South Carolina? What could they have done to better prepare? Look up the Tennessee Health Services Development Agency’s website and Tennessee’s criteria for a certificate of need. Should states require a certificate-of-need before a business/ provider can provide certain healthcare services in the first place? Why or why not? If so, do you agree with the services listed by Tennessee as requiring a CON? Part III: Your Advocacy Cause Think about what role YOU can play in improving patient outcomes, health care organization and delivery, or another cause related to health care. Ideally, it will be a cause about which you are passionate and enthusiastic to solve – whether due to personal or family experience or due to strong interest in solving the problem. You will be designing a project and seeking funding for a hypothetical project to help with your cause in a competition. The Award Grantor will base the award decisions on whether the project meets the four criteria used for granting a Certificate of Need by the Tennessee Health Services and Development Agency (note: your project will not be one of the items requiring a CON in Tennessee but we are going to adopt the criteria for our competition). Pick the cause for which you want to advocate and answer the following in your memo: a. b. c. d. e. What is your cause? Which organization will you (hypothetically) represent to partner with you on your project (or are you going to set up your own organization or do this individually)? Will you meet the four criteria for a Certificate of Need: What sources will you search to find more information about the need for you project? What is the feasibility of your project in terms of collecting, storing and using necessary data? Is your project financially feasible? How much of the grant money will you be seeking? How you will measure the quality and impact of your project? Consider the legal and ethical issues with data collection, data security, privacy, and patient consent. How and on what platform are you going to find and collect data to advocate for your project? Will you need patient or other consents? How will you protect your data from cyberattacks? Who can you contact to find out more about your cause? Initiate contact with this person or organization and set up a meeting. An in-person meeting is preferable, but it BLAW 6500 Spring 2019 A2 Revised 2/13/19 Page 2 can be via telephone if in-person is not feasible – for example, the contact is in Washington, D.C. Isn’t it interesting how one legal case can change the landscape of an entire industry? I look forward to our discussion! Sandy Benson BLAW 6500 Spring 2019 A2 Revised 2/13/19 Page 3 Page 1 9 S.W.3d 119 (Cite as: 9 S.W.3d 119) BACKGROUND Supreme Court of Tennessee, at Nashville. Patricia P. ASHE, Plaintiff/Appellant, v. RADIATION ONCOLOGY ASSOCIATES and Steven L. Stroup, M.D., Defendants/Appellees. Dec. 27, 1999. Rehearing Denied Jan. 7, 2000. Patient brought informed consent claim against doctor after she underwent radiation treatment for lung tumor, sustained radiation myelitis, and was rendered paraplegic. The Circuit Court, Davidson County, Hamilton V. Gayden Jr., J., entered directed verdict for doctor. Patient appealed and the Court of Appeals, Cain, J., reversed and remanded. On doctor’s appeal, the Supreme Court, Holder, J., held that: (1) objective standard was adopted for informed consent cases, and (2) whether reasonable person in patient’s position would have chosen different course of treatment was issue for jury. Judgment of Court of Appeals affirmed and case remanded. West Headnotes *120 O P I N I O N HOLDER, J. We granted this appeal to address the appropriate standard to be employed when assessing the issue of causation in a medical malpractice informed consent case. We find that the objective standard as set forth in this opinion best balances a patient’s right to self-determination with the need for a realistic framework for rational resolution of the issue of causation. We hold that the standard to be applied in informed consent cases is whether a reasonable person in the patient’s position would have consented to the procedure or treatment in question if adequately informed of all significant perils. The decision of the Court of Appeals is affirmed, and the case is remanded to the trial court for a new trial. The plaintiff, Patricia P. Ashe, was diagnosed with breast cancer in 1988. She ultimately underwent a double mastectomy and chemotherapy as treatment for her breast cancer. In 1993, she began experiencing problems with a cough and a fever. She returned to her oncologist, Dr. Michael Kuzu, where she presented symptoms of fever, cough, pain in the abdomen, weight loss, decreased appetite, and irritability. A chest x-ray and a CT scan revealed the presence of a mass in the medial left apex of her left lung. The record indicates that the lung tumor could possibly have been metastatic cancer from the breast. Ms. Ashe underwent surgery, and the upper portion of her left lung was removed. She underwent chemotherapy and was referred to the defendant, Dr. Steven L. Stroup, for consideration of radiation therapy. Dr. Stroup testified that chemotherapy alone would be indicated if the lung tumor were metastasized breast cancer. He, however, opined that radiation therapy would be indicated if the lung cancer were primary as opposed to secondary cancer. Dr. Stroup prescribed radiation treatment for Ms. Ashe. She received a daily dose of 200 centigray for twenty-five days. He described the dose as a “midplane dose.” Ms. Ashe sustained “radiation myelitis” caused by a permanent radiation injury to her spinal cord. She is now a paraplegic. Dr. Stroup did not inform Ms. Ashe that the radiation treatment might result in a permanent injury to her spinal cord. According to Dr. Stroup, the risk that she would sustain a spinal cord injury was less than one percent. Mrs. Ashe proffered the testimony of her expert, Dr. Carlos Perez. Dr. Perez opined that the risk of spinal cord injury was one to two percent. Dr. Perez testified that the applicable standard of care required physicians to warn patients about the risk of radiation injury to the spinal cord. Ms. Ashe filed the present action alleging claims for medical malpractice and lack of informed consent. At trial, she testified that she would not have consented to the radiation therapy had she been informed of the risk © 2010 Thomson Reuters. No Claim to Orig. US Gov. Works. Page 2 9 S.W.3d 119 (Cite as: 9 S.W.3d 119) of paralysis. Defense counsel on cross-examination pointed out that the plaintiff did equivocate in her deposition on the issue of consent. Her deposition testimony indicated that she did not know what she would have done had she been warned about the risk of spinal cord injury. She then testified on redirect examination as follows: True, but the risk of being paralyzed and put in a wheelchair for the rest of your life was not one of the items, if there was any discussed, because had he said that within a six-month period-which they said that would be the time frame for it to happen-had he said, ‘Patty, if you do this there is a risk that you will be in a wheelchair six months from now,’ I would have told him, ‘I will take my chances.’ I would not have it done. The trial court found that the plaintiff’s trial testimony conflicted with her deposition testimony regarding whether she *121 would have consented to the procedure had she been warned of the risk of spinal cord injury. The trial court, therefore, struck the trial testimony and granted the defendant a directed verdict on the informed consent claim. The plaintiff’s malpractice claim went to the jury. The jury was unable to reach a verdict, and a mistrial was declared. The plaintiff appealed to the Court of Appeals. The Court of Appeals held that as part of the plaintiff’s informed consent claim she was required to prove that a reasonable person knowing of the risk for spinal cord injury would have decided not to have had the procedure performed. The Court held that the discrepancy between the trial testimony and deposition testimony went to the issue of credibility and that the trial testimony should not have been stricken. The Court of Appeals reversed the trial court’s grant of a directed verdict on the informed consent claim and remanded the case for a new trial. ANALYSIS [1] The burden of proof on the standard of care element in medical malpractice informed consent cases is controlled by Tenn.Code Ann. § 29-26-118. Pursuant to § 29-26-118, a plaintiff must prove by expert testimony that the defendant did not supply appropriate information to the patient in obtaining his informed consent to the procedure out of which plaintiff’s claim allegedly arose in accordance with the recognized standard of acceptable professional practice in the profession and in the specialty, if any, that the defendant practices in the community in which he practices or in similar communities. Id. In addition, Tenn.Code Ann. § 29-26-115 requires that the plaintiff prove the recognized standard of acceptable professional practice, that the defendant acted with less than ordinary and reasonable care in accordance with that standard, and that the plaintiff sustained injuries as a result of the defendant’s negligent act or omission. Accordingly, the plaintiff in an informed consent medical malpractice case has the burden of proving: (1) what a reasonable medical practitioner in the same or similar community would have disclosed to the patient about the risk posed by the proposed procedure or treatment; and (2) that the defendant departed from the norm. German v. Nichopoulos, 577 S.W.2d 197, 204 (Tenn. Ct. App.1978). This Court recently enunciated a distinction between a lack of informed consent case and a pure medical battery case. In Blanchard v. Kellum, 975 S.W.2d 522 (Tenn.1998), this Court defined a medical battery as a case in which a doctor performs an unauthorized procedure. Id. at 524. A medical battery may typically occur when: (1) a professional performs a procedure that the patient was unaware the doctor was going to perform; or (2) the procedure was performed on a part of the body other than that part explained to the patient (i.e., amputation of the wrong leg). Id. A lack of informed consent claim typically occurs when the patient was aware that the procedure was going to be performed but the patient was unaware of the risk associated with the procedure. Id. The case now before us is not a medical battery case. Ms. Ashe had authorized the radiation treatment. Ms. Ashe, however, contends that she was not apprised of certain risks inherent in the treatment. Her claim, therefore, is premised on the lack of informed consent. The issue with which we are now confronted is whether an objective, subjective, or a hybrid subjective/objective test shall be employed when assessing causation in medical malpractice informed consent cases. The issue is one of first impression in Tennessee. The majority of jurisdictions having addressed © 2010 Thomson Reuters. No Claim to Orig. US Gov. Works. Page 3 9 S.W.3d 119 (Cite as: 9 S.W.3d 119) this issue follow an objective standard. A minority of jurisdictions having addressed the issue follow the subjective approach. One jurisdiction, Hawaii, employed a “modified objective standard”*122 for informed consent cases for approximately ten years. Hawaii has now abandoned the modified approach in favor of the objective standard. We shall now examine the various approaches and the rationales behind these approaches. Subjective Standard The plaintiff urges this Court to follow the minority rule or adopt a subjective standard when evaluating causation in an informed consent case. Causation under the subjective standard is established solely by patient testimony. Patients must testify and prove that they would not have consented to the procedures had they been advised of the particular risk in question. See e.g., Scott v. Bradford, 606 P.2d 554 (Okla.1979); Wilkinson v. Vesey, 110 R.I. 606, 295 A.2d 676 (1972). Accordingly, resolution of causation under a subjective standard is premised elusively on the credibility of a patient’s testimony. The subjective standard engages in an abstract analysis. The abstract analysis not only poses a purely hypothetical question but seeks to answer the hypothetical question. One commentator has framed this hypothetical question as follows: “Viewed from the point at which [the patient] had to decide, would the patient have decided differently had he known something he did not know?” Canterbury v. Spence, 464 F.2d 772, 790 (D.C.Cir.1972) quoting Waltz & Scheuneman, Informed Consent to Therapy, 64 Nw.U.L.Rev. 628, 647 (1970). Proponents of the subjective test argue that a patient should have the right to make medical determinations regardless of whether the determination is rational or reasonable. Gouse v. Cassel, 532 Pa. 197, 615 A.2d 331, 335 (1992). Opponents, however, focus on the unfairness of allowing the issue of causation to turn on the credibility of the hindsight of a person seeking recovery after experiencing a most undesirable result. Sard v. Hardy, 281 Md. 432, 379 A.2d 1014, 1025 (1977). “Patients cannot divorce their re-created decision process from hindsight.” F. Rozovsky, Consent to Treatment, § 1.13.4, 62-63 (1984). Accordingly, the subjective test potentially places the physician in jeopardy of the patient’s hindsight and bitterness. Sard, 379 A.2d at 1025. Moreover, the adoption of a subjective standard could preclude recovery in an informed consent case in which the patient died as a result of an unforewarned collateral consequence. Id. Objective Standard The majority FN1 approach or the so-called objective standard emanates from the seminal decision in Canterbury v. Spence, 464 F.2d 772 (D.C.Cir.1972). In Canterbury, the court held that causation in informed consent cases is better resolved on an objective basis “in terms of what a prudent person in the patient’s position would have decided if suitably informed of all perils bearing significance.” Id. at 791. The objective view recognizes that neither the plaintiff nor the fact-finder can provide a definitive answer as to what the patient would have done had the patient known of the particular risk prior to consenting to the procedure or treatment. Id. at 790. Accordingly, the patient’s testimony is relevant under an objective approach, but the testimony is not controlling. Id. at 791. FN1. Jurisdictions applying the objective standard include: Fain v. Smith, 479 So.2d 1150 (Ala.1985); Aronson v. Harriman, 321 Ark. 359, 901 S.W.2d 832 (1995); Hamilton v. Hardy, 37 Colo.App. 375, 549 P.2d 1099 (1976); Hammer v. Mount Sinai Hosp., 25 Conn.App. 702, 596 A.2d 1318 (1991); Bernard v. Char, 79 Hawai‘i 362, 903 P.2d 667 (1995); Sherwood v. Carter, 119 Idaho 246, 805 P.2d 452 (1990); Funke v. Fieldman, 212 Kan. 524, 512 P.2d 539 (1973); Sard v. Hardy, 281 Md. 432, 379 A.2d 1014 (1977); Woolley v. Henderson, 418 A.2d 1123 (Me.1980); Phillips v. Hull, 516 So.2d 488 (Miss.1987); Backlund v. University of Washington, 137 Wash.2d 651, 975 P.2d 950 (1999); Scaria v. St. Paul Fire & Marine Ins. Co., 68 Wis.2d 1, 227 N.W.2d 647 (1975); Dixon v. Peters, 63 N.C.App. 592, 306 S.E.2d 477 (1983). *123 Modified Objective Standard The modified objective standard was first recognized in Leyson v. Steuermann, 5 Haw.App. 504, 705 P.2d 37 (1985). In Leyson, the Hawaii Court of Appeals attempted to balance patient’s right to self-determination with the concerns espoused in © 2010 Thomson Reuters. No Claim to Orig. US Gov. Works. Page 4 9 S.W.3d 119 (Cite as: 9 S.W.3d 119) Canterbury of subjecting a physician to a patient’s bitterness or hindsight following an undesirable result. The resulting test determined causation “from the viewpoint of the actual patient acting rationally and reasonably.” Id. at 47, n. 10. Approximately ten years after the inception of the modified approach, the approach was declared to be onerous in application. In Bernard v. Char, 79 Hawai‘i 362, 903 P.2d 667 (1995), the Hawaii Supreme Court elaborated that: In its effort to achieve the desired result of combining the objective and subjective standards, the modified objective standard injects at least one extra level of complexity into the causation analysis. Under the objective standard, the factfinder must suspend his or her own viewpoint and step into the viewpoint of a reasonable person to objectively assess the plaintiff-patient’s decision to undergo treatment. Under the subjective standard, the factfinder must simply assess the credibility of the plaintiff-patient when he or she invariably asserts that he or she would have declined treatment with proper disclosure. Under the “modified objective standard,” however, the factfinder must first suspend his or her viewpoint, then place himself or herself in the mind of the actual patient, and, then, while maintaining the viewpoint of the actual patient, try to determine what the actual patient would have decided about the proposed medical treatment or procedure, if the actual patient were acting rationally and reasonably. Id. at 673. Accordingly, the modified approach was abandoned in favor of the objective standard. [D]espite being well-intentioned, [it] exacts too much of a cost in the form of added complexity in seeking to solve problems associated with the preexisting objective and subjective standards while at the same time remaining faithful to the laudable purposes behind such standards. Id. The Court held: (1) that the objective standard provided “a better, simpler, and more equitable analytical process;” and (2) that the objective standard ultimately addressed the concerns which prompted the creation of the modified test. CONCLUSION [2] We agree with the majority of jurisdictions having addressed this issue and hold that the objective approach is the better approach. The objective approach circumvents the need to place the fact-finder in a position of deciding whether a speculative and perhaps emotional answer to a purely hypothetical question shall dictate the outcome of the litigation. The objective standard is consistent with the prevailing standard in negligence cases which measures the conduct of the person in question with that of a reasonable person in like circumstances. Restatement (Second) of Torts § 283, p. 12 (1965); see also 1 S. Pegalis & H. Wachsman, American Law of Medical Malpractice, § 2.15, 103-104 (1980) (criticizing subjective test as being out of step with general negligence concepts). The objective test provides a realistic framework for rational resolution of the issue of causation. We, therefore, believe that causation may best be assessed in informed consent cases by the finder of fact determining how nondisclosure would affect a reasonable person in the plaintiff’s position. [3] We also are of the opinion that the objective test appropriately respects a patient’s right to self-determination. The finder of fact may consider and give weight to the patient’s testimony as to whether the patient would have consented to the procedure upon full disclosure of the *124 risks. When applying the objective standard, the finder of fact may also take into account the characteristics of the plaintiff including the plaintiff’s idiosyncrasies, fears, age, medical condition, and religious beliefs. Bernard v. Char, 79 Hawai‘i 362, 903 P.2d 667, 674 (1995); Fain v. Smith, 479 So.2d 1150, 1155 (Ala.1985); Backlund v. University of Washington, 137 Wash.2d 651, 975 P.2d 950 (1999). Accordingly, the objective standard affords the ease of applying a uniform standard and yet maintains the flexibility of allowing the finder of fact to make appropriate adjustments to accommodate the individual characteristics and idiosyncrasies of an individual patient. We, therefore, hold that the standard to be applied in informed consent cases is whether a reasonable person in the patient’s position would have consented to the procedure or treatment in question if adequately informed of all significant perils. [4] In applying the objective standard to the facts of this case, we agree with the Court of Appeals that the jury should not have been precluded from deciding the issue of informed consent. Under the objective analysis, the plaintiff’s testimony is only a factor when © 2010 Thomson Reuters. No Claim to Orig. US Gov. Works. Page 5 9 S.W.3d 119 (Cite as: 9 S.W.3d 119) determining the issue of informed consent. The dispositive issue is not whether Ms. Ashe would herself have chosen a different course of treatment. The issue is whether a reasonable patient in Ms. Ashe’s position would have chosen a different course of treatment. The jury, therefore, should have been allowed to decide whether a reasonable person in Ms. Ashe’s position would have consented to the radiation therapy had the risk of paralysis been disclosed. The judgment of the Court of Appeals reversing the trial court is affirmed. The case is remanded for a new trial consistent with this opinion. Costs of the appeal to the Court of Appeals shall be as previously taxed; costs of the appeal to this Court shall be taxed against the plaintiff for which execution may issue if necessary. ANDERSON, C.J., DROWOTA, BIRCH, BARKER, J.J., concur. Tenn.,1999. Ashe v. Radiation Oncology Associates 9 S.W.3d 119 and END OF DOCUMENT © 2010 Thomson Reuters. No Claim to Orig. US Gov. Works. National Health Corp. v. South Carolina Dept. of Health and 298 S.C. 373, 380 S.E.2d 841 S.C.App.,1989. April 24, 1989 (Approx. 9 pages) Top of Form 298 S.C. 373, 380 S.E.2d 841, 26 Soc.Sec.Rep.Serv. 474 Court of Appeals of South Carolina. NATIONAL HEALTH CORPORATION, d/b/a National Health Care Center of Georgetown, Appellant, v. SOUTH CAROLINA DEPARTMENT OF HEALTH AND ENVIRONMENTAL CONTROL and Waccamaw River Health Care Center, Inc., Respondents. No. 1326. Heard Jan. 19, 1989. Decided April 24, 1989. Department of Health and Environmental Control denied health corporation’s application for a certificate of need to build a long-term care nursing facility and granted a certificate of need to another corporation. The health corporation brought an action seeking judicial review of final administrative decision of the Department. The Court of Common Pleas, Richland County, Tom J. Ervin, J., affirmed the Department’s decision, and health corporation appealed. The Court of Appeals held that: (1) the Board of Health and Environmental Control followed the proper standard of review in weighing the evidence and making a decision on the merits based on the preponderance of the evidence; (2) the Board’s findings of inconsistency of health organization’s plan with funding plans of agency responsible for funding of Medicaid beds, and of health organization’s failure to demonstrate financial feasibility were supported by the record; and (3) Board did not violate federal statutory and regularatory provisions governing Medicaid program. Affirmed. *376 PER CURIAM: National Health Corporation (“NHC”) brings this action seeking judicial review of a final administrative decision of the South Carolina Department of Health and Environmental Control (“DHEC”). DHEC denied NHC’s application for a certificate of need (“CON”) to build a long-term care nursing facility and granted a CON to Waccamaw Health Care Center, Inc. NHC appealed DHEC’s decision to the circuit court. In this appeal NHC made the following arguments; (1) DHEC denied NHC’s CON application because of an insufficiency of Mediciad funds to support the number of Medicaid beds NHC proposed in its application, and a denial on this basis alone, violates federal Medicaid statutes; (2) DHEC’s finding that NHC’s proposed project was not financially feasible is **843 not supported by the record; (3) the DHEC hearing officer and Board applied the wrong standard of review at the administrative hearing; (4) the trial court should consider the effect of the new Medicaid Nursing Home Permits law in its decision; and (5) DHEC’s denial of NHC’s CON application was inappropriate under the circumstances existing at the time of the administrative hearing. The circuit court addressed each of NHC’s arguments and issued an order affirming DHEC’s decision. NHC’s appeal to this court raises the identical issues as raised in the trial court. After thoroughly and carefully reviewing the record and the applicable law we find that the circuit court’s order correctly sets forth and properly disposes of all the issues which are before the court. We therefore adopt the order of the circuit court (with minor changes) which we quote as follows: This matter came before the Court pursuant to a Rule to Show Cause and Complaint for Judicial Review of Final Administrative Decision of the South Carolina Board of Health and Environmental Control which governs the Department of Health and Environmental Control. The Plaintiff, National Health Corporation (hereinafter, NHC) was represented by David M. Rogers, Esquire. The Defendant South Carolina Department of Health and Environmental Control (hereinafter, SC DHEC) was represented by Susan *377 A. Lake, Staff Counsel. Defendant Waccamaw River was represented by Charles Baxley, Esquire. This matter is an appellate review of the administrative decision of SC DHEC denying the application of NHC for a Certificate of Need and granting a Certificate of Need for the construction of a forty-four (44) bed nursing care facility to Waccamaw. NHC and Waccamaw were competing applicants for a Certificate of Need (hereinafter, CON) to construct a nursing home facility in the Georgetown County area. Pursuant to the 1985 State Health Plan, only one of these projects, either Waccamaw’s or NHC’s could be approved. Waccamaw applied for a CON for forty-four (44) dually licensed private-pay beds which would not participate in the Medicaid program, and NHC applied for a CON for eighty-eight (88) long term care beds which would be partially funded through participation in the Medicaid program. On July 16, 1986, after comparatively reviewing the applications of both competitors, Waccamaw and NHC, on July 16, 1986, SC DHEC notified the parties of its decision to grant a CON to Waccamaw and to deny NHC’s application. NHC appealed the Department’s decision to deny its application and to grant a Certificate of Need to Waccamaw. Waccamaw thereafter moved to intervene in the appeal in order to protect its interests, and that motion was properly granted. On August 12 and August 22, 1986, an administrative adjudicatory hearing was held before an independent Hearing Officer. In his Report and Recommendations, the Hearing Officer determined that the decision of the SC DHEC staff should be upheld. Pursuant to NHC’s request, the Board of Health and Environmental Control (hereinafter, Board) reviewed the Hearing Officer’s Report and Recommendations. On July 29, 1987, the Board issued its Order adopting the Hearing Officer’s Report and Recommendation upholding the SC DHEC staff decision. NHC now seeks judicial review of the SC DHEC decision. On September 10, 1987, this Court heard arguments in this matter and determined that more than substantial evidence exists in the record to uphold the SC DHEC decision. The SC DHEC decision is neither arbitrary, capricious, nor contrary to applicable laws. Rather, the SC DHEC decision is reasonable and in full compliance with regulatory and statutory requirements. *378 [1] It is well-established that the “substantial evidence” rule set forth in the Administrative Procedures Act provides for judicial intervention “only in those cases where a manifest or gross error of law has been committed by the administrative agency.” Lark v. Bi-Lo, Inc., 276 S.C. 130, 276 S.E.2d 304, 307 (1981). The Court must not substitute its judgment for that of the agency, and a judgment upon which reasonable men might differ will not be set aside. **844 Lark v. Bi-Lo, Inc., 276 S.C. 130, 276 S.E.2d 304, 307 (1981); Bilton v. Best Western Royal Motor Lodge, 282 S.C. 634, 321 S.E.2d 63 (App., 1984). In this case, the judgment of the agency was reasonable and proper. The record contains more than sufficient evidence to support the conclusions of the Board. [2] NHC complains that the Board’s decision was in error because the Board applied the “arbitrary and capricious” standard of review, rather than a “de novo” standard of review. While the Plaintiff couches its argument in terms of whether NHC was entitled to a “de novo” review, the real issue raised in argument addresses the appropriate burden of proof. Plaintiff acknowledges that he was generally given the benefits associated with “de novo” review, such as the full opportunity to present evidence and cross-examine witnesses. FN1 The Plaintiff argues, however, on the basis of some general, introductory language in the Order under review, that the Board did not base its decision on the “merits.” The Report of the Hearing Officer, which was adopted as the Board’s Order, states at page 2 “that the issues presented in this administrative appellate review are whether this Department’s decision to deny NHC’s application*379 and grant Waccamaw a Certificate of Need was arbitrary, capricious, or contrary to appellate law, and whether the applicable state law is unconstitutional or in conflict with Federal law.” Plaintiff contends that this statement of the issue indicates that the Board was applying the “substantial evidence” standard of review or burden of proof. However, the Hearing Officer’s Report goes on to state: FN1. Black’s Law Dictionary defines “trial de novo” as “a new trial or retrial had in which the whole case is tried as if no trial whatsoever had been had in the first instance.” Black’s Law Dictionary, (Fifth Ed., 1979). The proceeding before the Board had the “trappings” generally associated with a “trial de novo,” i.e., the right to be heard, to present documents, to cross examine witnesses and have a decision of the merits. This is in accord with the requirements of the APA. However, it is recognized that the Board proceeding is still essentially an administrative “review” of a preliminary agency decision. Section 44-7375 of S.C.Code Ann., (1976, as amended) (repealed eff. June 21, 1988) provides: Upon a written request of any affected person within thirty days of the department’s decision to approve, disapprove, or withdraw a Certificate of Need, the decision must be administratively reviewed by the Board of Health and Environmental Control under the State Administrative Procedures Act. With this in mind, it is understood that the Board proceeding, while encompassing many elements of a “trial de novo,” is in some aspects “essentially appellate.” See, Milliken and Co. v. S.C. Dept. of Labor, 275 S.C. 264, 269 S.E.2d 763, 764 (1980). The question then is not whether the proceeding is “de novo” or “appellate.” In order to accord with the APA and the Supreme Court ruling in Milliken, the hearing must be handled as a quasi-de novo, quasi-appellant proceeding. The real issue which the Court must address in the present case revolves around the proper standard of review, or burden of proof. “the evidence presented at the hearing before the hearing officer amply showed that the application of Waccamaw was superior to that of NHC both in terms of documentation and in terms of the finances and efficiency of the proposed facility.” (Hearing Officer’s Report and Recommendations, p. 10.) [3] [4] It is clear from the Board’s Order read as a whole that the Board fully exercised its authority to weigh the evidence, and make a decision on the merits based upon the preponderance of evidence. This is in accord with the review process provided for in DHEC Regulation 61-15 Section 402, S.C.Code Ann., Vol 24A (1976, as amended). The agency regulation requires that the decision on review be made by the Board on the basis of the evidence presented in the hearing before it or its designee. Since the State Administrative Procedures Act is silent on the standard of review or burden of proof at the agency level contested case hearing, the Department regulations are controlling. I find that there has been compliance with DHEC R. 61-15 and that the proper standard of review was applied. Plaintiff’s argument has no merit whatsoever. *380 [5] [6] NHC complains that SC DHEC did not consider all of the grounds or reasons for which NHC challenged the SC DHEC decision. This argument is without **845 merit. The Hearing Officer in his Report and Recommendations, which the Board adopted, clearly considered all of the issues raised by NHC. Review of the Hearing Officer’s Report and Recommendations and the Transcript of Record in this case leaves no doubt that all of the issues raised by NHC were thoroughly addressed throughout the administrative process. The SC DHEC decision was based on the state law and regulations applicable to the SC DHEC Certificate of Need program. One of the legal requirements to obtain a CON is SC DHEC R. 61-15, Section 503 which provides: In the case of any proposed new institutional health service for the provision of health services to inpatients, the Department shall not grant a Certificate of Need under its Certificate of Need program, or otherwise make a finding that such proposed new institutional health service is needed, unless: ****** (b) the Department makes each of the following findings in writing: ****** (4) That in the case of a proposal for the addition of beds for the provision of skilled nursing or intermediate care services, the addition will be consistent with the plans of other agencies of the State responsible for provision and financing of long-term care (including home health) services. The SHHSFC is the agency responsible for the funding of the Medicaid beds in South Carolina. The record in this case is replete with evidence that NHC’s CON application was not consistent with the funding plans of SHHSFC. (Transcript of Adjudicatory Hearing, p. 51, line 15-p. 52, line 17; p. 66, lines 1-7; p. 171, lines 9-20; p. 178, lines 24-p. 179, line 9; p. 183, line 25-p. 184, line 4) In its application, NHC *381 proposed to fill its facility with 65% Medicaid patients. The balance of beds would serve private pay patients. NHC submitted budgets based on this patient mix. Yet, evidence and testimony was presented at the hearing that the budget plan of SHHSFC was not consistent with the NHC proposal which would require the funding of new Medicaid beds. Additionally, SC DHEC regulations require that an applicant for a Certificate of Need document the financial feasibility of a proposed project. SC DHEC R. 61-15, Section 202, B(14) states: Demonstration by the applicant that the proposed project is economically feasible, both immediately and long-term, and can be accommodated in the patient charge structure without unreasonable increases. If the project is not economically feasible, justify the request for the project. SC DHEC cannot approve a project which is not financially feasible. The record supports a finding that NHC’s proposed project does not meet this requirement while the Waccamaw project has more than adequately demonstrated financial feasibility. The Waccamaw project was designed for only private pay beds where the source of funding would not be Medicaid. The evidence indicates that Waccamaw would obtain sufficient funding from non-Medicaid sources so as to make the project financially feasible. The NHC project, on the other hand, was designed to include 65% of its beds as Medicaid beds. The record contains clear evidence that Medicaid funds would not be available for the NHC beds. The Board also found that inconsistencies in four budgets submitted by NHC and the discrepancies between those budgets and the cost reports submitted by NHC to the State Health and Human Services Finance Commission raised serious questions regarding the financial feasibility of the NHC project. The Board’s findings with regard to inconsistency with the funding plans of SHHSFC and failure to demonstrate financial feasibility are supported by the record. Where there is substantial evidence in the record to support the agency’s findings, the Court will not substitute its judgment for that of the agency. Lark v. Bi-Lo, Inc., 276 S.C. 130, 276 S.E.2d 304 (1981). *382 [7] However, NHC argues that DHEC erred in considering Medicaid budgetary **846 constraints in the denial of its application. NHC has cited a number of federal codes and regulatory provisions which it charges DHEC has violated. The provisions it has cited governing the Medicaid program are applicable to the State Medicaid agency, which is SHHSFC, and do not address the Certificate of Need program. 42 U.S.C. § 1396a(a)(8) (1982 & Supp.1986), 42 U.S.C. § 1396a(a)(1) (1982 & Supp.1986), and 42 C.F.R. § 205.5(a), 431.50, 447.250(b)(c), and 447.255 (1987) set forth requirements for the State Plan for medical assistance developed by the State Medicaid agency-HHSFC. Likewise, 42 C.F.R. § 440.230 (1987), 42 U.S.C. § 1396a(a)(2)(23) (1982 & Sup.1986) and 42 C.F.R. § 447.204 (1987) govern acts of the State Medicaid agency. The denial of a Certificate of Need to NHC is not in violation of the provisions cited.FN2 FN2. 42 C.F.R. §§ 123.412(a)(5)(i) and (6), and 123.413 (1987) have been effectively repealed. The cases cited by NHC generally relate to Medicaid reimbursement and do not discuss or suggest any requirement regarding the approval of Medicaid beds under the Certificate of Need program. Alabama Nursing Home Assn. v. Harris, 617 F.2d 388 (5th Cir.1980), and Thomas v. Johnston, 557 F.Supp. 879 (W.D.Tex.1983), speak only to reimbursement under the Medicaid program. The U.S. Supreme Court in Alexander v. Choate, 469 U.S. 287, 105 S.Ct. 712, 83 L.Ed.2d 661 (1985), addresses issues of amount and scope of services and nondiscriminatory availability of services. In that case, the Supreme Court upheld a 14 day limit on Medicaid reimbursement for inpatient hospital services put into effect by the State of Tennessee solely because of a budgetary shortfall. Plaintiff’s reliance on Kentucky Association of Health Care Facilities v. Dept. for Human Resources, [1981-1 Transfer Binder] Medicare and Medicaid Guide (CCH) Par. 30,995 at 10,108 (E.D. Kentucky 1981) is also misplaced. This case relates to a Medicaid Plan developed pursuant to the federal Medicaid program. The State Plan introduced at the hearing in this case is the State Medicaid Facilities Plan developed pursuant to the State Certificate of Need Program. Additionally NHC has submitted*383 a letter ruling from the Healthcare Financing Administration, (Plaintiff’s Exhibit B). Without ruling on the authority of that document, the court notes that the Board action in this case is not contrary to the position set forth in the letter. In this case, the denial of the NHC application was not based solely on Medicaid funding, the Certificate of Need requirements are totally separate from the State Medicaid Plan, and there is no provision for limiting Medicaid coverage to a certain number or percentage of beds. The Board correctly found that none of the federal statutory and regulatory provisions advanced by Plaintiff were violated by the denial of the NHC application. The South Carolina Certificate of Need Program, administered by SCHEC, as adopted by the General Assembly of the State of South Carolina, is a valid, legislatively mandated control on the construction and provision of health care facilities and services. The requirements of South Carolina Certificate of Need Program regarding funding are similar to Certificate of Need requirements of other states. See 19 Indiana Law Review No. 4, p. 1025 (1987), citing: Me.Rev.State.Ann. tit. 22 § 307(6-A) (comparative review of new nursing home bed addition projects based on availability of legislative appropriations); Mich.Comp.Laws Ann. § 333.2213(2)(f) (Supp.1985) (certificate of need criterion, for nursing home bed addition, of consideration of Medicaid agency plans); Mont.Code Ann. § 50-5-430(2) (1985) (authority to condition nursing home bed additions on availability of Medicaid funding); 1985 N.H. Laws Ch. 378, § 378:6 (to be codified at N.H.Rev.Stat.Ann. § 151-C:5 (II)(b)) (coverage of all health facility transfers of ownership except those subject to federal restrictions on asset revaluation for Medicare/Medicaid reimbursement purposes); Pa.Cons.Stat.Ann. § 4448.707(c)(7) (Purdon Supp.1985) (nursing home bed addition criterion of consistency with Medicaid agency plans); **847 Vt.Stat.Ann. tit. 18 § 2406(a)(4) (Supp.1985) (certificate of need criterion for nursing home bed addition of consideration of Medicaid agency plans); Wis.Stat.Ann. § 150.39 (West Supp.1985) (nursing home project criteria of sufficient Medicaid funds appropriated to reimburse for care to be provided, and *384 statutory ceiling on approvable nursing home beds to enable the state to accurately establish Medicaid budget); 1985 Wisc.Legis.Serv. Act 29 § 1975 (West) (to be codified at Wis.Stat.Ann. § 150.31.) [8] The Board, in rejecting NHC’s argument that consideration of State budgetary considerations is in violation of federal law, cited the case of Wilmac Corporation v. Heckler, 633 F.Supp. 1000 (E.D.Pa.1986), rev’d on other grounds, 811 F.2d 809 (3rd Cir.1987). NHC argues that reliance on this case was improper inasmuch as the case has been reversed upon appeal. This case was vacated on procedural grounds and not because of any substantive error. Moreover, it is noted that the Board’s discussion of this case was dicta. Wilmac was not relied upon as part of the Board’s holding. While this case may have no binding precedential status, I find, as did the Board, that the analysis in the case is correct. The Board’s reliance on this case in no way affects the appropriateness of the Board’s outcome. NHC also complains that SC DHEC erred in considering a moratorium on Medicaid funding which existed in South Carolina when SC DHEC considered these applications. In his Report and Recommendations, adopted by the Board, the Hearing Officer properly noted: NHC’s reliance on this position is misplaced, since the basis for the Department’s decision was Section 503(b)(4) of Regulation 61-15, quoted above rather than on the “Medicaid proviso”, which makes reference to the Health Care Planning Oversight Committee. ****** NHC’s arguments that the Medicaid proviso is void as a violation of federal law and is also in violation of the Constitutional doctrine of separation of powers should not be addressed in this administrative review, since these questions are now moot in that the proviso has been withdrawn. The only reason for these arguments to be addressed herein would be if the department’s decision was based on the Medicaid proviso alone, and if this was the only criteria used in determining that *385 NHC’s application would have been denied. However, the Department’s decision was not based upon budgetary considerations alone (Tr. p. 202, 1.23), and in the comparative analysis of NHC’s application and Waccamaw’s application, the Department determined that the application submitted by Waccamaw was superior. [9] NHC additionally argues that the recently enacted “Medicaid Nursing Home Permit” legislation (to be codified at S.C.Code Ann., Section 44-7-80 et seq., (1976, as amended)) will give NHC an opportunity to participate in the Medicaid Program and so NHC should receive a CON. SC DHEC points out that funding for additional Medicaid beds is speculative. The new law provides that preference in the allocation of Medicaid patient days must be given to facilities already participating in the Medicaid program and that patient days allocated to a nursing home cannot be decreased in subsequent years. See, Section 44-7-84(B). Moreover, if funding for additional Medicaid beds is appropriate, nursing homes other than NHC would be in a position to use those funds to make beds available to Medicaid patients. Indeed, Waccamaw has stated a desire to participate in the Medicaid program if funding becomes available. Waccamaw has agreed not to participate in the Medicaid program, and has budgeted accordingly, to maintain compliance with CON requirements. The existence of additional Medicaid funding, if it does become available, does not entitle NHC to approval of such CON application. As determined by the agency, NHC had the weaker CON proposal. [10] NHC’s argument that its proposed project was superior to Waccamaw’s simply because NHC proposed to serve Medicaid patients is not supported by the record. The record contains abundant evidence that **848 the Waccamaw project was superior to that of NHC. (Tr. of Adjudicatory Hearing, p. 185, lines 17-24). The Board found that the NHC application was an extremely poor one. (Tr. of Adjudicatory Hearing, p. 204, line 22-p. 205, line 9). There is also ample evidence in the record to support SC DHEC’s finding that NHC’s budget costs were understated. The decision of the Board of the South Carolina Department of Health and Environmental Control granting the *386 CON application of Waccamaw and denying the CON application of NHC to construct a nursing facility in Georgetown County was proper, reasonable, consistent with applicable laws and regulations, and supported by more than substantial evidence in the record. None of the grounds set forth in the Administrative Procedures Act at S.C.Code Ann., Section 1-23-380(g)(1) through (6) (1976, as amended) for reversal or modification of an agency decision exist in this case. The Board’s determination is supported by substantial evidence in the record and will not be disturbed. NHC has failed to show that the administrative decision under review is in violation of constitutional or statutory law, in excess of agency authority, made upon unlawful procedure, affected by error of law, contrary to substantial evidence in the record or otherwise erroneous, arbitrary or capricious. The decision is hereby affirmed. IT IS ORDERED that SC DHEC issue the Certificate of Need to Waccamaw River Healthcare Center, Inc., for the construction of its forty-four (44) bed nursing care facility. AND IT IS SO ORDERED. AFFIRMED. S.C.App.,1989. National Health Corp. v. South Carolina Dept. of Health and Environmental Control 298 S.C. 373, 380 S.E.2d 841, 26 Soc.Sec.Rep.Serv. 474 END OF DOCUMENT (c) 2010 Thomson Reuters. No Claim to Orig. US Gov. Works. Bottom of Form 2/14/2019 AI and Big Data in Health Care: The Risks and Rewards – Security Boulevard Thursday, February 14, 2019 InfoSec Institute’s Top Podcasts to Take Your Computer Skills to the Next Level Home Security Bloggers Network Webinars Chats Library ANALYTICS APPSEC THREATS / BREACHES CISO MORE CLOUD DEVOPS GRC IDENTITY INCIDENT RESPONSE IOT / ICS HUMOR Featured Blog Verodin Blog Security Instrumentation for the Casino & Gaming Industry by Brian Contos Verodin Blog Home » Security Boulevard (Original) » Industry Spotlight » AI and Big Data in Health Care: The Risks and Rewards AI and Big Data in Health Care: The Risks and Rewards by Zehra Ali on December 4, 2018 Security Instrumentation for the Casino & Gaming Industry by Brian Contos Verodin Blog The Transformation of Talent & Technology by Kevin Morrison Artificial intelligence (AI) and big data have been around for a while, but over the last few years have become dominant technologies in almost every industry. In the healthcare IT sector, AI and big data analysis tools are expected to play an expanding and major role, touching every part of health care. Subscribe to our Newsletters According to Research and Markets, the computer vision market is expected to see a 47.54 percent CAGR. A segment of $3.62 billion is projected to increase at a Get breaking news, free eBooks and upcoming https://securityboulevard.com/2018/12/ai-and-big-data-in-health-care-the-risks-and-rewards/ 1/6 2/14/2019 AI and Big Data in Health Care: The Risks and Rewards – Security Boulevard compound annual growth rate of more than 47 percent and will reach $25.32 billion events delivered to your by 2023. inbox. Recent Articles By Author Protect Your WordPress from Cybersecurity Threats Much of this growth will be credited for the use of computer vision for independent vehicles, increased reality, manufacturing, and healthcare-based applications. As a result, it will View Security Boulevard Privacy Policy play a significant role in bringing market worth. Subscribe Now The healthcare sector is flourishing at a quick E-Discovery in Cloud: Security Issue and Compliance Gaps pace globally, which is indeed a good sign. Major DNS Threats: Preventing DNS Hijacking and Leaks also increasing continuously. With such high More from Zehra Ali Your Email Managing patient health and research into preventing, managing and curing diseases are Most Read on the Boulevard demands, technologies to help are evolving or being developed. The healthcare sector, which prioritizes treating patients and addressing their concerns, has in the past considered cybersecurity an a erthought. AI and Big Data: Boosting Healthcare Performance Hackers increasingly are targeting health care, which makes cybersecurity the biggest concern for every organization within the sector. One report noted that 90 percent of hospitals surveyed have experienced a cyberattack within the last five years. AI and big data can help. Along with enhancing administrative duties and patient healthcare outcomes, AI and big data are great tools to cybersecurity and safety of Container Escape Vulnerability Puts Cloud Infrastructure at Risk 2019’s Hottest, and Most Bankable, Security Certs 5 Steps to Integrate SAST Tools with DevSecOps The Cyber-Risk Paradox: Benefits of New Technologies Bring Hidden Security Risks Apple Fixes Two Zero-Day iOS Vulnerabilities Exploited in the Wild Upcoming Webinars the patient data. TU Malware Detection E Reducing Risk of Credential Compromise at Netflix 26 February 26 @ 1:00 pm – 2:00 pm through the machine learning apps. Most of these apps are designed to indicate AP new malware via using historical data and the malware patterns. R Container Security: Securing from Within The emerging threats against healthcare sectors could e ectively be detected 01 April 1 @ 1:00 pm – 2:00 pm However, there are certain barriers for complete implementation of this technology in healthcare IT. HIPAA regulations protect the rights of accessing huge data sets which are necessary for automating the process of this app technology. E icient Responding to a Security Breach https://securityboulevard.com/2018/12/ai-and-big-data-in-health-care-the-risks-and-rewards/ Download Free eBook 2/6 2/14/2019 AI and Big Data in Health Care: The Risks and Rewards – Security Boulevard As compared to the conventional patterns, the AI could more e iciently eradicate the threats a er a security breach. AI is capable of continuous and automatic monitoring of network behavior so that anomalies within the network could be marked. As soon as the threat is detected, the issue is forwarded for human insight or an autonomous action could be triggered to minimize the impact of a breach. For instance, with the help of AI-powered automation, tra ic can be segmented defensively to separate sensitive data based on certain security protocols automatically. To Eradicate Attack Risk From Medical Devices Smart devices are more prone to hacker invasion as compared to conventional medical tools. AI could be helpful in this area, too. It is a significant AI advantage, as it is reported that currently there are 3.7 million connected medical devices being Recent Security Boulevard Chats used in the United States. From pacemakers to insulin pumps and other medical electronics, internetconnected devices are providing huge medical benefits to patients. However, these devices are also prone to attack, with millions being publically discoverable. AI could be used to implement data encryption and for malware detection in these devices, particularly the automatic indication of malware—which would free healthcare organizations from relying on manufacturers to ensure security is updated. Are Potential Security Detriments Being Neglected? Cloud, DevSecOps and Network Security, All Together? Security-as-Code with Tim Je erson, Barracuda Networks ASRTM with Rohit Sethi, Security Compass Deception: Art or Science, Ofer Israeli, Illusive Networks There are many healthcare security and compliance challenges that, unfortunately, Tips to Secure IoT and Connected Systems w/ can’t be resolved by AI and big data. Beyond security risks are challenges such as a DigiCert cultural change in human behavior, creative solutions in investigations and balanced human ethical judgment that AI and big data can’t resolve. The advancements and ease provided by the AI come with security challenges. Implementing AI and big data to their full potential is not an easy task. To maintain the accuracy and to avoid potential cybersecurity threats, manufacturers and healthcare providers need to work together. Healthcare use of AI and big data won’t continue to grow if the risks are not taken seriously. Critical Training in Healthcare https://securityboulevard.com/2018/12/ai-and-big-data-in-health-care-the-risks-and-rewards/ 3/6 2/14/2019 AI and Big Data in Health Care: The Risks and Rewards – Security Boulevard Security leaders must train healthcare sta and physicians to eradicate the chances of vulnerability exploitation. Many security experts and analysts believe there is a Industry Spotlight need for bidirectional education. The Cryptojacki ng Boom May Be Over, but First, the security leaders should understand and experience the routine tasks performed by individual healthcare providers. Those insights could be used to enhance personal training and to determine the most vulnerable access points for threats. the Threat Remains 5 Steps to Doing Automation Right Protecting Healthcare Data In AI-driven health care, data is the most important element. Practitioners also can 5 Steps to Integrate SAST Tools with DevSecOps use big data to access vital patient data and to optimize treatment through machine learning technology. However, recent attacks on health care indicate data loss due to the use of AIassisted technology in hospitals. For instance, the most prominent ransomware attack in 2017, WannaCry, also attacked the NHS, a ecting individuals’ private health data and causing destructive consequences. Top Stories Such cybersecurity attacks can be mitigated with the appropriate security IBM Warns Retailers of Trojan Threat protocols, which are optimized according to AI technology and big data advancement. Also, organizations must have a secure infrastructure for processing patient information. Container Escape Vulnerabilit y Puts Cloud Infrastructur Lack of Appropriate AI and Big Data Integration As mentioned before, data is the lifeblood of AI and big data foundation, and the increasing amount of data requires appropriate integration simultaneously. e at Risk Unfortunately, most healthcare data remain dispersed, which undermines the Apple Fixes Two ZeroDay iOS Vulnerabiliti es Exploited e iciency of AI and big data, thanks to a lack of organized and integrated datasets. The common shortcomings associated with AI and big data could be easily managed if there is adequate recognition for built-in biases and errors in AI. Engineers could design adaptable, dynamic AI algorithms focusing on integrating in the Wild new data and enhancing e orts to organize better integrated, broad-based datasets. Security Humor artifiicial intelligence, big data, Data Security, healthcare Featured eBook Automating Open Source Security: A SAN WhiteSource https://securityboulevard.com/2018/12/ai-and-big-data-in-health-care-the-risks-and-rewards/ 4/6 2/14/2019 AI and Big Data in Health Care: The Risks and Rewards – Security Boulevard Many sources indicate that 60–80 percent of code in open source components. This open source code o that, if not managed properly, can expose organiza paper takes a close look at how WhiteSource can au source component vulnerability detection, remedia WhiteSource XKCD, Launch Risk ← A look back on 2018: What was hype and what was, perhaps, underrated Critical Cloud Skills for 2019 and Beyond → Join the Community Useful Links Other Mediaops Sites About Add your blog to Security Container Journal Media Kit Bloggers Network DevOps.com Sponsors Info Write for Security Boulevard Copyright Bloggers Meetup and Awards TOS DevOps Connect DevOps Institute Privacy Policy Ask a Question Email: info@securityboulevard. com Copyright © 2019 MediaOps Inc. All rights reserved. Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For I Accept. i f ti h ki dh di bl th https://securityboulevard.com/2018/12/ai-and-big-data-in-health-care-the-risks-and-rewards/ l d Pi P li 5/6 2/14/2019 AI and Big Data in Health Care: The Risks and Rewards – Security Boulevard more information on how we use cookies and how you can disable them, please read our Privacy Policy. https://securityboulevard.com/2018/12/ai-and-big-data-in-health-care-the-risks-and-rewards/ 6/6 See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/282280458 Big Data Security and Privacy Issues in Healthcare Article · September 2014 DOI: 10.1109/BigData.Congress.2014.112 CITATIONS READS 43 8,133 2 authors, including: Harsh Kupwade Patil LG Electronics, Mobile Research, United States 16 PUBLICATIONS 79 CITATIONS SEE PROFILE All content following this page was uploaded by Harsh Kupwade Patil on 26 November 2016. The user has requested enhancement of the downloaded file. 2014 IEEE International Congress on Big Data Big data security and privacy issues in healthcare Nanthealth Harsh Kupwade Patil and Ravi Seshadri Nanthealth Dallas, US E-mail: hkupwade@nanthealth.com With the increasing cost for healthcare services and increased health insurance premiums, there is a need for proactive healthcare management and wellness. This shift from reactive to proactive healthcare can result in improved quality of care, decrease in healthcare costs, and eventually lead to economic growth. In recent times, technological breakthroughs have played a significant role in empowering proactive healthcare. For instance, real-time remote monitoring of vital signs through embedded sensors (attached to patients) allows health care providers to be alerted in case of an anomaly. Furthermore, healthcare digitization with integrated analytics is one of the next big waves in healthcare Information Technology (IT) with Electronic Health Records (EHRs) being a crucial building block for this vision. With the introduction of EHR incentive programs [2], healthcare organizations recognized EHR’s value proposition to facilitate better access to complete, accurate and sharable healthcare data, that eventually lead to improved patient care. As healthcare industry explores myriad ways of applying big data analysis from diagnosis, to treatment, to population health management, and eventually capital and strategic planning, the opportunities are endless. Furthermore, as healthcare leaders move from a volume-based to a valuebased business model (value refers to the association between quality of care and costs), data will play a pivotal role in the transition [3]. As the healthcare industry witnesses large volumes of data, the first step will involve governance and linking accurate and actionable data in realtime. In this age of connectivity, integrating health systems with large amounts of clinical, financial, genomic, social and environmental data will be crucial for real-time analytics and patient care. The goal is to understand population health for disease control and predictive analysis. For instance, predictive analysis can help understand aggravating health conditions and could prevent adverse health events from occurring (e.g. chronic diseases such as diabetes). Hence, collecting, linking and analyzing multidimensional data in real-time becomes imperative. A logical next step in a patient-centric model would be a new allinclusive scale for measuring the health and wellness of a patient by including, but not limiting to clinical, physical, social, psychological, environmental and genomic data pertaining to a patient. Fig. 1 shows a need for a real-time Abstract—With the ever-increasing cost for healthcare and increased health insurance premiums, there is a need for proactive healthcare and wellness. In addition, the new wave of digitizing medical records has seen a paradigm shift in the healthcare industry. As a result, the healthcare industry is witnessing an increase in sheer volume of data in terms of complexity, diversity and timeliness. As healthcare experts look for every possible way to lower costs while improving care process, delivery and management, big data emerges as a plausible solution with the promise to transform the healthcare industry. This paradigm shift from reactive to proactive healthcare can result in an overall decrease in healthcare costs and eventually lead to economic growth. While the healthcare industry harnesses the power of big data, security and privacy issues are at the focal point as emerging threats and vulnerabilities continue to grow. In this paper, we present the state-of-the-art security and privacy issues in big data as applied to healthcare industry. Keywords; healthcare; big data security; privacy; security analytics I. T INTRODUCTION new wave of digitizing medical records has seen a paradigm shift in the healthcare industry. As a result, healthcare industry is witnessing an increase in sheer volume of data in terms of complexity, diversity and timeliness. The term “big data” refers to the agglomeration of large and complex data sets, which exceeds existing computational, storage and communication capabilities of conventional methods or systems. In healthcare, several factors provide the necessary impetus to harness the power of big data. For example, in the last two decades, healthcare costs have increased at an alarming rate and healthcare expenses are now estimated at 17.6 percent of GDP. As healthcare experts look for every possible way to lower costs while improving care process, delivery and management, big data emerges as a plausible solution with the promise to transform the healthcare industry. The McKinsey Global Institute estimates a $100 billion increase in profits annually, if big data strategies are leveraged to the fullest potential [1]. For instance, harnessing the power of big data analysis and genomic research with real-time access to patient records could allow doctors to make informed decisions on treatments. Furthermore, big data will compel insurers to reassess their predictive models. HE 978-1-4799-5057-7/14 $31.00 © 2014 IEEE DOI 10.1109/BigData.Congress.2014.112 775 762 holistic model for healthcare, with an emphasis on parameters from different domains affecting the condition of a patient. For example, a patient’s vital signs can be normal, but his/her psychological and environmental factors can have dire consequences, (factors not considered as part of the prognosis). of the largest non-profit healthcare providers in US) notified its 49,000 patients that their health information had been compromised due to theft of an unencrypted USB flash drive containing patient records [7]. In 2012, Verizon’s data breach investigation report stated that its forensic investigation and security division compiled data from 47,000 reported security incidents and found 621 confirmed data breaches [8]. Furthermore, a study on patient privacy and data security showed that 94% of hospitals had at least one security breach in the past two years [9]. In most cases, the attacks were from an insider rather than external. In addition, the study stated that the external attacks originated from China, US and Eastern Europe (Romania recording the highest number of external attacks). With the ever-changing risk environment and introduction of new emerging threats and vulnerabilities, security violations are expected to grow in the coming years. Moreover, the Affordable Care Act will lead to more enrollments for health insurance [10], making it an attractive focal point for hackers and opening a floodgate of healthcare breaches in the coming years. Security breaches of EHR can risk patient privacy and violate the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act in the United States [11], [12]. Hence, EHR security must be a high priority to ensure patient safety. Clinical Social Psychology Physical Genomic II. SECURITY AND PRIVACY IN HEALTHCARE Adoption of big data in healthcare significantly increases security and patient privacy concerns. At the outset, patient information is stored in data centers with varying levels of security. Moreover, most healthcare data centers have HIPAA certification, but that certification does not guarantee patient record safety. The reason being, HIPAA is more focused on ensuring security policies and procedures than on implementing them. Furthermore, the inflow of large data sets from diverse sources places an extra burden on storage, processing and communication. Fig. 2 portrays a big data healthcare cloud that hosts clinical, financial, social, genomic, physical and psychological data pertaining to patients. Figure 1. Real-time holistic model for healthcare The explosion of the Internet of Things (IoT) and its ability to provide real-time monitoring and expedited access to care is one of the driving factors for its adoption in healthcare. Gartner estimates 26 billion IoT devices will be functional by 2020 and the amount of traffic generated by such devices will be large enough to place it in the category of big data [4]. Several definitions for IoT exist but currently the focus is primarily on low-cost, low-powered resource constrained (storage, computation and bandwidth) devices [5]. In addition, with the introduction of Body Sensor Networks (BSN) and their direct application to healthcare [6], care providers will be able to monitor vital parameters, medication effectiveness, and predict an epidemic. Body sensors generate massive data, and linking such healthcare data from disparate resource-constrained networks will be crucial for driving healthcare analytics. Hence, healthcare providers have enormous opportunities to revolutionize healthcare by harnessing the power of big data. Nevertheless, such gains will be realized only if security and patient privacy are at the core of any product design and development. The past decade has seen a steady increase in security breaches in healthcare IT. In 2013, Kaiser Permanente (one 763 776 Clinical continue to grow more complex with the increase in the number of IoT devices [14]. For instance, conventional symmetric and asymmetric key distribution and revocation schemes cannot be extended to a billion IoT devices. Hence, new scalable key management solutions leading to seamless inter-operability between disparate networks (e.g. IoT and legacy IP networks) is crucial for IoT’s integration of big data in a cloud environment. As healthcare industry leverages on emerging big data technologies to make better-informed decisions, security analytics will be at the core of any design for the cloud based SaaS solution hosting Protected Health Information (PHI). Additionally, real-time security intelligence will steer new directions in risk management. Consequently, healthcare IT providers can monitor risks in real-time and take preemptive measures before affecting the healthcare business. Financial Social Big data healthcare cloud Physical Psychological Genomic Figure 2. Big data healthcare cloud. C. Privacy-preserving analytics Invasion of patient privacy is a growing concern in the domain of big data analytics. An incident reported in the Forbes magazine raises an alarm over patient privacy [15]. In the report, it mentioned that Target Corporation sent baby care coupons to a teen-age girl unbeknown to her parents. This incident impels big data to consider privacy for analytics. For instance, data anonymization prior to analytics could protect patient identity. Furthermore, privacy- preserving encryption schemes that allow running prediction algorithms on encrypted data while protecting the identity of a patient is essential for driving healthcare analytics. As the industry leverages on IoT devices to transmit vitals to healthcare clouds, there is a need for processing and analyzing data in an ad-hoc decentralized manner. However, performing resource-exhausting operations (required for analytics) while preserving privacy is a challenge in a resource-constrained environment. Additionally, as healthcare analytics gains popularity, new privacy laws need to be drafted to protect patient privacy. For instance, “informed consent” from patients is required prior to performing any analytics on patient data, and new laws need to be drafted to clearly illustrate all processes involved in performing big data analytics on patient data. Traditional security solutions cannot be directly applied to large and inherently diverse data sets. With the increase in popularity of healthcare cloud solutions, complexity in securing massive distributed Software as a Service (SaaS) solutions increases with varying data sources and formats. Hence, big data governance is necessary prior to exposing data to analytics. A. Data governance As the healthcare industry moves towards a value-based business model leveraging healthcare analytics, data governance will be the first step in regulating and managing healthcare data. The goal is to have a common data representation that encompasses industry standards (e.g. LOINC, ICD, SNOMED, CPT, etc.) and local and regional standards. Currently, data generated by BSN is diverse in nature and would require normalization, standardization and governance prior to analysis. B. Real-time security analytics Analyzing security risks and predicting threat sources in real-time is of utmost need in the burgeoning healthcare industry. At present, healthcare industry is witnessing a deluge of sophisticated attacks ranging from Distributed Denial of Service (DDoS) to stealthy malware. Furthermore, social engineering attacks are on the rise and the risks associated with such attacks are difficult to predict without considering human cognitive behavior. Cognitive bias, for example, can come into play, especially in the case of elderly patients. “Cognitive bias is a pattern of deviation in judgment, whereby influences about other people and situations may be drawn in an illogical manner” [13]. For example, a man-in-the-middle attack can be effected perhaps by coaxing an elderly patient to accept a digital X.509 certificate. Such scenarios must be taken into account when designing an end-to-end authentication solution. In the IoT environment, implementing security in resource-constrained networks has been a challenge and will III. CONCLUSION As big data transforms healthcare, security and patient privacy is paramount in driving such technologies. As healthcare clouds with big data become prominent, hosting companies will be more reluctant to share massive healthcare data for centralized processing. Hence, we envision distributed processing across disparate clouds and leveraging on collective intelligence. Secure patient data management is inevitable as healthcare clouds aggregate and link large amounts of data from disparate networks. Additionally, secure and privacy preserving real-time analytics will propel proactive healthcare and wellness. In 764 777 this paper, we review some of the security and privacy issues in healthcare and foresee a need for technological breakthroughs in computational, storage and communication capabilities to meet the growing demand of securing healthcare data. IV. [9] P. Institute, “Third Annual Benchmark Study on Patient Privacy and Data Security,” Ponemon Institute LLC, 2012. [10] “Public Law 111 – 148 – Patient Protection and Affordable Care Act,” U.S. Government Printing Office (GPO) , 2013. [11] “Health Insurance Portability and Accountability Act,” U.S. Government Printing Office, 1996. [Online]. Available: http://www.gpo.gov/fdsys/pkg/PLAW104publ191/html/PLAW-104publ191.htm. [12] “Health Information Technology for Economic and Clinical Health Act,” 2009. [Online]. Available: http://www.gpo.gov/fdsys/pkg/BILLS111hr1enr/pdf/BILLS-111hr1enr.pdf. [13] M. G. Haselton, D. Nettle and P. W. Andrews, “The evolution of cognitive bias,” in The Handbook of Evolutionary Psychology, John Wiley & Sons Inc, 2005, pp. 724-746. [14] H. Kupwade Patil and T. M. Chen, “Wireless Sensor Network Security,” in Computer and Information Security , Morgan Kaufmann – Imprint of Elsevier, 2013, pp. 301322. [15] K. Hill, “How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did,” Forbes, Inc., 2012. [Online]. Available: http://www.forbes.com/sites/kashmirhill/2012/02/16/howtarget-figured-out-a-teen-girl-was-pregnant-before-herfather-did/. REFERENCES [1] P. Groves, B. Kayyali, D. Knott and S. V. Kuiken, “The ‘big data’ revolution in healthcare,” McKinsey & Company, 2013. [2] “EHR incentive programs,” 2014. [Online]. Available: https://www.cms.gov/Regulations-andGuidance/Legislation/EHRIncentivePrograms/index.html. [3] M. M. Brown, G. C. Brown, S. Sharma and J. Landy, “Health Care Economic Analyses and Value-Based Medicine,” Survey of Ophthalmology, vol. 48, no. 2, pp. 204-223, 2003. [4] P. Middleton , P. Kjeldsen and J. Tully, “Forecast: The Internet of Things, Worldwide,” Gartner, 2013. [5] L. Atzori, A. Iera and G. Morabito, “The Internet of Things: A survey,” Computer Networks, vol. 54, no. 15, pp. 2787-2805, 2010. [6] M. Hanson, H. Powell, A. Barth, K. Ringgenberg, B. Calhoun, J. Aylor and J. Lach, “Body Area Sensor Networks: Challenges and Opportunities,” Computer, pp. 58-65, 2009. [7] E. McCann, “Kaiser reports second fall data breach,” Healthcare IT News, 2013. [8] Verizon, “Data breach investigation report,” Verizon, 2013. 765 778 View publication stats
Purchase answer to see full attachment