/ en Wed, 30 Apr 2025 04:26:02 -0500 Mon, 28 Apr 25 10:30:00 -0500 /leadership-dialogue <div class="container"><div class="row"><div class="col-md-8"><img src="/sites/default/files/inline-images/leadership-dialogue-freese-decker-riggi-900x400.jpg" data-entity-uuid="40fb79e5-2979-4656-8fc4-eff5ace41045" data-entity-type="file" alt="Leadership Dialogue. A conversation with AHA Chair Tina Freese Decker and John Riggi, AHA National Advisory for Cybersecurity and Risk." width="900" height="400"><p>In this episode, Tina Freese Decker, 2025 chair of the AHA Board of Trustees, talks with John Riggi, AHA’s National Advisor for Cybersecurity and Risk. Riggi spent nearly 30 years with the FBI before joining the AHA in 2018.</p><p>Freese Decker and Riggi discuss cybersecurity and physical threats, which are significant enterprise risks for health care, regardless of size or location. Every hospital, physician group and medical center is at risk — and this risk puts the people served at risk, which is why organizations must take these threats seriously.</p><p>Riggi shared three major themes the health care field must lean into regarding cyber and physical threats. The first is leadership. Leaders and teams must recognize that cyber and physical threats are an enterprise risk issue and put the necessary resources in place to be proactive and prevent these threats from occurring. Second, third parties pose a major risk. It is important to evaluate third-party risk and put plans in place to minimize the risk as much as possible. Third, prepare, prepare, prepare! Part of preparation is educating leaders and staff and creating partnerships within the organization and in the community to be able to respond and act if and when something happens.</p><hr><p></p><hr><div></div><div class="raw-html-embed"> <details class="transcript"> <summary> <h2 title="Click here to open/close the transcript."> <span>View Transcript</span><br> </h2> </summary> <p> 00:00:01:01 - 00:00:26:02<br> Tom Haederle<br> Welcome to Advancing Health. Cybersecurity is a risk. And because of that, a priority for all hospitals and health systems. In this Leadership Dialogue, Tina Freese Decker, chair of the ���������� Association, and John Riggi, AHA’s national advisor for Cybersecurity and Risk, discuss planning for cyber attacks, putting protections in place, navigating cyber threats, and rebuilding trust and confidence in the system </p> <p> 00:00:26:04 - 00:00:31:01<br> Tom Haederle<br> when cyber attacks do occur. </p> <p> 00:00:31:04 - 00:01:00:23<br> Tina Freese Decker<br> Hello, and thank you so much for joining us today. I'm Tina Freese Decker, president CEO of Corewell Health and the board chair for the ���������� Association. From data breaches to ransomware attacks to outages, cybersecurity affects patient safety and enterprise risk and is increasingly a strategic priority for hospitals and health systems. Planning for cyber attacks and putting the proper protections in place is key to ensuring sustainability, patient privacy and clinical outcomes. </p> <p> 00:01:00:26 - 00:01:34:22<br> Tina Freese Decker<br> So I am so pleased to have the ���������� Association's John Riggi joining me for today's conversation. John is an expert in this field, and he serves as the AHA's first national advisor for cybersecurity and risk. He joined AHA in 2018 after a long, distinguished 30-year career with the FBI. He brings with him tremendous experience in the investigation and disruption of cyber threats, as well as the unique ability to provide informed risk advisory services to hospitals and health systems. </p> <p> 00:01:34:24 - 00:01:41:26<br> Tina Freese Decker<br> So before we jump into the conversation, John, can you just tell me a bit about yourself so that our audience can get to know you a little bit better? </p> <p> 00:01:41:29 - 00:02:08:13<br> John Riggi<br> Thank you, Tina, so much for inviting me here today to discuss these topics, which unfortunately, as you said, top of mind for everyone. So when I ended my 30-year career at the FBI, I still wanted to be in a position to serve. I spent a lifetime doing that, and in my last role at the FBI, my job was to establish mission critical relationships with private sector, with critical infrastructure in the health care sector in particular. </p> <p> 00:02:08:15 - 00:02:29:22<br> John Riggi<br> That's when I had the privilege and honor to be introduced to AHA and Rick Pollack in talking about cyber threats. And that's when I really learned how critical a role that the ���������� Association served for the entire health care sector. I could send over, you know, an immediate urgent alert to the and with a single press of a button </p> <p> 00:02:29:29 - 00:02:56:16<br> John Riggi<br> 5000 plus hospitals received that alert. 50,000 executives received it. So I understood at that point we needed to engage in that continuing relationship. And when I retired, fortunately for me, Rick Pollack in the team said, John, you know, we've been listening to you and we think cyber will be an emerging threat, going forward. Unfortunately, none of us realized how significant a threat it would be. </p> <p> 00:02:56:19 - 00:03:00:12<br> John Riggi<br> And so, again, my privilege and honor to be here with you today. </p> <p> 00:03:00:14 - 00:03:22:21<br> Tina Freese Decker<br> Well, we are privileged and blessed that you are part of the ���������� Association team, and you're helping us navigate so many of these issues that come forward. Let's start with kind of one of the underlying questions that I have. We've seen all these cyber and physical threats that have targeted hospitals and health systems. How have they evolved over the last, let's say, 7 to 8 years? </p> <p> 00:03:22:24 - 00:03:58:21<br> John Riggi<br> Yeah, unfortunately they've increased pretty dramatically. So not only are they increased in frequency, but also in complexity and severity of impact. So on the cyber front, we have seen a, for instance, in hacking of patient health information. In 2020, it was about 450 hacks impacting 27 million individuals, not inconsequential. Last year, last year with the Change Healthcare attack, we had 259 million Americans had their health care records stolen or compromised by foreign bad guys, by foreign bad guys. </p> <p> 00:03:58:27 - 00:04:24:17<br> John Riggi<br> If we add up the numbers, just since 2020, over 500 million Americans have had their health care records compromised or stolen. So, John, wait a minute. There's only 330 million Americans. That's the population. Meaning that every American in this country has had their health care records compromised more than once. But what really concerns us are the dramatic increase in ransomware attacks, which are often accompanied by data theft attacks. </p> <p> 00:04:24:19 - 00:04:51:12<br> John Riggi<br> So these bad guys, primarily Russian speaking, believed to be provided safe harbor by the Russian government primarily but not exclusively Russian, have increased these attacks so that the impact really is not only disablement of technology, internal networks get shut down, data gets encrypted, organizations are forced to disconnect from the internet has a very, very dramatic impact on care delivery. </p> <p> 00:04:51:15 - 00:05:18:21<br> John Riggi<br> So this resulting disruption, delay to care delivery and ultimately posing a serious risk to patient care and safety, not only for the patients in the hospital, but for the entire communities that depend on the availability of their nearest emergency department for life saving care, radiation oncology, so forth. So we've seen that evolve again very significantly, and one of the reasons I think it's evolved so dramatically. </p> <p> 00:05:18:23 - 00:05:30:21<br> John Riggi<br> Geopolitics is part of that. But I think on a very base level, we as a sector depend more and more on network and internet connected technology and data. </p> <p> 00:05:30:24 - 00:05:56:13<br> Tina Freese Decker<br> Very true. You know, I did a podcast earlier this year about trust and rebuilding confidence and trust and having that public trust in health care systems and hospitals. And when you have a cyber attack or an act of violence that targets hospitals, health systems, it impacts patients, like you said, it impacts staff and our communities. How can we go about building that trust and regaining that confidence when we have these instances occur? </p> <p> 00:05:56:15 - 00:06:06:23<br> Tina Freese Decker<br> And do you have some examples of stories or insights organizations have used that have helped them navigate those cyber threats and build that public trust? </p> <p> 00:06:06:26 - 00:06:32:07<br> John Riggi<br> Great question, Tina. And also on the on the violence side, unfortunately, as I wanted to mention as well, that's increased pretty dramatically to set the stage there. I was shocked, as a former law enforcement officer, to find out nurses are the second most assaulted profession outside of law enforcement. And, you know, we expect it as law enforcement officers to be engaged, confrontational engagements. </p> <p> 00:06:32:07 - 00:06:37:09<br> John Riggi<br> You're making arrests, but nurses who just want to deliver care to help people? Shocking. </p> <p> 00:06:37:09 - 00:06:38:19<br> Tina Freese Decker<br> It's sad and unacceptable. </p> <p> 00:06:38:23 - 00:06:58:27<br> John Riggi<br> Agree, totally. So I think how do we how do we get that trust in the community? I think one - and I think we've done a fantastic job with your leadership and the AHA - acknowledge the risk, acknowledge the threat. Let's not hide it. Let's not pretend it's not there. But then to take real steps to prepare and help mitigate the impact of these threats. </p> <p> 00:06:59:00 - 00:07:25:01<br> John Riggi<br> So now we see, on the cyber side, hospitals are actively working to develop better downtime procedures, better backup systems to help shorten the length of the impact and help recover more quickly. And work with the federal government. Exchange threat information across the sector with our partners in other sectors. And really understand if we're attacked, this isn't a stigma. </p> <p> 00:07:25:02 - 00:07:51:18<br> John Riggi<br> This isn't something that an organization failed to do. We're all in this together. And on the physical side, we're working very closely with the FBI to help develop resources to help identify and mitigate targeted acts of violence directed toward health care organizations. But most importantly, our frontline health care heroes, our frontline health care workers. And again, working with the community, this is all partnership with the community as well. </p> <p> 00:07:51:20 - 00:08:08:05<br> Tina Freese Decker<br> So I'm sure you have a top ten list of things that we could do to prevent these attacks. But if you could share the top three things that we should do to prevent these attacks and how we can be resilient. And when I say attacks, I'm talking cyber and physical. We have limited time, we have limited resources. </p> <p> 00:08:08:05 - 00:08:10:19<br> Tina Freese Decker<br> But what is the most important things that we should be doing? </p> <p> 00:08:10:22 - 00:08:36:21<br> John Riggi<br> I think the overarching umbrella that all the others follow under is leadership. And really looking at these risks, acknowledging them and ensuring that both cyber and physical risks are treated as an enterprise risk issue. And then within that, on the cyber side, making sure on the defensive side that you're following well known, well-established, recognized cyber frameworks, making sure you start there. </p> <p> 00:08:36:24 - 00:09:03:08<br> John Riggi<br> Second, really thinking about third party risk. What we have seen is that a majority, the vast majority of cyber risk, cyber attacks we face come to us through insecure third party service providers. Insecure third party technology and insecure supply chain. Doesn't negate us from our responsibility to do what we can, but we have to understand that. And then the third thing is ultimately prepare. </p> <p> 00:09:03:10 - 00:09:24:08<br> John Riggi<br> We must prepare for the attack. There's an often, I would say, overused expression in the cyber security world. It's not a matter of if, but when. It's true. But I would also change that a little bit about it's not a matter of if you will be attacked. The question is are you prepared? So focusing on resiliency and so forth. </p> <p> 00:09:24:10 - 00:09:55:13<br> John Riggi<br> And then with on the physical side, education of staff, leadership priority, and working with the FBI and local law enforcement to potentially identify ahead of an incident acts of targeted violence directed towards the hospital. And then working together as a community help mitigate and prevent that act. The police always want to respond, can respond after the FBI. But I can tell you from personal experience, we'd rather prevent a crime, prevent an act of violence than respond after the fact. </p> <p> 00:09:55:15 - 00:10:19:15<br> Tina Freese Decker<br> Agree. And I think that developing those relationships with local FBI, with local law enforcement is critical because you to your point, it's not if, but when. But we'd like to be able to prevent all of it. Having those relationships is key. So I know that the AHA has been working very closely with the FBI and some health care systems to exchange that threat intelligence and enhance collaboration across our sector </p> <p> 00:10:19:15 - 00:10:28:21<br> Tina Freese Decker<br> and with federal agencies. Can you share more about that partnership and how it has helped us in identifying and mitigating both physical and cyber threats? </p> <p> 00:10:28:24 - 00:10:51:26<br> John Riggi<br> Great question again, Tina, and thank you for highlighting what we're doing with the FBI. So on the cyber front, we've been actively engaged in cyber threat, information threat intelligence exchange. Both on a very technical level, exchanging what - without getting too technical - threat indicators, malware signatures and so forth, but also identifying big strategic threats that we may face as a sector. </p> <p> 00:10:51:28 - 00:11:19:23<br> John Riggi<br> So, for instance, working with the FBI, we helped identify last year a threat to the blood supply before it was on the government's radar. We helped the government understand that cyber attacks on hospitals are not just data theft crimes. These are truly threat to life crimes. So the federal government actually previously raised the investigative priority level of ransomware attacks on hospitals to equal that of a terrorist attack once they understood what the impact was. </p> <p> 00:11:19:24 - 00:12:00:17<br> John Riggi<br> We are working very closely with the famed Behavioral Analysis Unit of the FBI, the profilers that many books and TV shows and movies have been written about to develop resources to help hospitals identify targeted acts of violence, threats that are pending against hospitals, and again, help intercede, intervene and help prevent those attacks. We have a whole series of resources available on the first ever joint FBI and Joint Health Care Sector webpage. We're about to issue a manual coming out here within the next month or so, based upon, joint work with the FBI in the field on best practices and lessons learned to prevent these acts of violence. </p> <p> 00:12:00:17 - 00:12:06:08<br> John Riggi<br> So we have a robust, almost daily interaction with the FBI and other federal agencies. </p> <p> 00:12:06:10 - 00:12:25:15<br> Tina Freese Decker<br> It's so helpful to know that we have those robust partnerships at the national level, and then we can create it at the local level, and to make sure that we're all in this together to, help protect our patients and the people that we care for in our community. So that's wonderful. My last question for you is just one about how we look forward. </p> <p> 00:12:25:17 - 00:12:38:26<br> Tina Freese Decker<br> Can you tell us what you think about is going to happen in the threat environment for 2025 and maybe into 2026? What are those things we should be watching, looking out for? And is there anything positive that you can see? </p> <p> 00:12:38:29 - 00:13:11:18<br> John Riggi<br> I will let you know there is some hope. Talk about the realistic environment. Then we'll talk about where I see the hope. So first of all, I do believe that the frequency of the attacks may decrease, but I think the bad guys are looking to make a greater impact. We have seen them go after systemically important organizations that serves health care. Change Healthcare, for example. Last year, attacks against the blood supply. The year before they attacked - found vulnerabilities in a commonly used technology and software known as Move It. </p> <p> 00:13:11:21 - 00:13:41:03<br> John Riggi<br> By attacking that software, it gave the bad guys, a Russian ransomware group, were able to gain access to millions and millions of patient records. I do believe geopolitics will have a very significant influence, for better or worse, on the level of cyber threat we face. Depending on how we deal in the outcomes of our negotiations, of our diplomatic efforts with Russia, China, North Korea and Iran has the potential to mitigate or increase the cyber threats that we face. </p> <p> 00:13:41:05 - 00:14:08:19<br> John Riggi<br> And ultimately, again, third party risk, major, major issue. Where do I see the signs of hope? And there are signs of hope, folks. Honestly, I have never seen the sector come together to share threat information to prepare for attacks, best practices, lessons learned not only amongst the sector. We see channels of threat information sharing and best practice across with other critical and sectors, with the federal government. </p> <p> 00:14:08:21 - 00:14:45:26<br> John Riggi<br> We've had victim organizations, CEOs come out publicly. Dr. Leffler from University of Vermont, Chris Van Gorder from Scripps. We've had Eduardo Conrado from the recent attack against Ascension not only come out publicly, but testify before the UN Security Council last November about the impact of this Russian ransomware attack against Ascension. So what I see is hope. The fact we are banding together and with the government and I hope, as we did in the great fight against terror, international terrorism, we will come together in a whole of nation approach to help mitigate that risk. </p> <p> 00:14:46:01 - 00:15:09:17<br> John Riggi<br> Now, Tina, I know I've done a lot of speaking here, and if I may, and with all due respect, I'd like to ask you a question if I could. Tina, in your role, you have very unique dual role. You're CEO of a large health system, and you're also the chair of the ���������� Association board. So how do you think about cyber and physical threats for your own organization </p> <p> 00:15:09:19 - 00:15:11:20<br> John Riggi<br> but on a national level? </p> <p> 00:15:11:22 - 00:15:33:26<br> Tina Freese Decker<br> Well, I believe that cyber and physical threats must be prioritized. It's a strategic risk. We have to understand how we focus on it, and we have to significantly prioritize it and emphasize what we're doing there. Previously, maybe 5 or 10 years ago, it was just thought of as a technical issue. It's not that. It's how we operate. Because like you said, we're so connected, </p> <p> 00:15:33:26 - 00:16:01:07<br> Tina Freese Decker<br> it's critical infrastructure and we must make sure that we are coming together. So for us as an organization, we prioritize our efforts, our investments, our work on it, but also prioritize business assurance. So how do we operate and make sure that everyone understands all the key components and the lessons that you shared on this discussion today, but also when we've had conversations before, how are we making sure that we know those and our teams know those? </p> <p> 00:16:01:09 - 00:16:25:19<br> Tina Freese Decker<br> I think the importance of safeguarding sensitive patient data and ensuring the integrity of our systems cannot be overstated. And that applies for my organization, and that applies for all of our members throughout the ���������� Association. And so I think those are some critical points. As we think about this it is making sure that we are safeguarding sensitive patient data and ensuring the integrity of our systems, as we go forward. </p> <p> 00:16:25:19 - 00:16:59:14<br> Tina Freese Decker<br> That cannot be overstated. And as we do that, I think we all uphold that level of commitment to excellence that our patients and the people in our community want. So, John, thank you so much for your time today, for sharing your expertise. While we may not be able to prevent or mitigate everything, you have given us such great advice and we should make sure we take that down, but also listen to many of your podcasts that you put out or the Action Alerts that you sent through because they are helpful and direct and provide that great advice to move forward. </p> <p> 00:16:59:16 - 00:17:17:11<br> Tina Freese Decker<br> And I know that you are available to connect with all of our members if there is a specific situation, or they just want to learn more to make sure that we're better. So thank you, John, for being here. And thank you to all of those that have tuned in to this conversation. We will be back next month for another Leadership Dialogue. </p> <p> 00:17:17:13 - 00:17:25:24<br> Tom Haederle<br> Thanks for listening to Advancing Health. Please subscribe and rate us five stars on Apple Podcasts, Spotify, or wherever you get your podcasts. </p> </details> </div></div><div class="col-md-4"><div class="views-element-container"> <section class="top-level-view js-view-dom-id-c070d81c3c5be15391911a933cc56a662e5c4684d8214dc766500a3815a48980 resource-block"> <h2>Previous Leadership Dialogues and Rounds</h2> <div class="resource-wrapper"> <div class="resource-view"> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-03-31-chair-file-leadership-dialogue-importance-advocacy-and-storytelling-rural-health-lori" hreflang="en">Chair File: Leadership Dialogue — Importance of Advocacy and Storytelling in Rural Health with Lori Wightman, R.N., CEO of Bothwell Regional Health Center</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-03-31T10:49:30-05:00">Mar 31, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-02-24-chair-file-leadership-dialogue-advancing-health-and-building-trust-lynn-hanessian-and-robert" hreflang="en">Chair File: Leadership Dialogue — Advancing Health and Building Trust with Lynn Hanessian and Robert Trestman, M.D.</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-02-24T08:21:34-06:00">Feb 24, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2025-01-27-chair-file-leadership-dialogue-tackling-todays-health-care-challenges-aha-leaders-stacey" hreflang="en">Chair File: Leadership Dialogue — Tackling Today’s Health Care Challenges with AHA Leaders Stacey Hughes and Ashley Thompson</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2025-01-27T09:40:27-06:00">Jan 27, 2025</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2024-12-16-leadership-dialogue-assessing-health-care-challenges-and-successes-tina-freese-decker" hreflang="en">Leadership Dialogue — Assessing Health Care Challenges and Successes With Tina Freese Decker, President and CEO of Corewell Health</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2024-12-16T08:16:44-06:00">Dec 16, 2024</time> </span> </div></div> <div class="article views-row"> <div class="views-field views-field-title"> <span class="field-content"><a href="/news/chairpersons-file/2024-11-18-leadership-dialogue-advancing-health-care-innovation-amy-perry-president-and-ceo-banner" hreflang="en">Leadership Dialogue — Advancing Health Care Innovation with Amy Perry, President and CEO of Banner Health</a></span> </div><div class="views-field views-field-created"> <span class="field-content"><time datetime="2024-11-18T10:04:06-06:00">Nov 18, 2024</time> </span> </div></div> </div> </div> <div class="more-link"><a href="/topics/leadership-dialogue">Watch More Leadership Dialogues and Rounds Videos</a></div> </section> </div> </div></div></div> Mon, 28 Apr 2025 10:30:00 -0500 Enterprise Risk Management (ERM) /aha-center-health-innovation-market-scan/2024-10-22-4-keys-manage-third-party-cybersecurity-risk <div class="container"><div class="row"><div class="col-md-8"><p><img src="/sites/default/files/inline-images/4-Keys-to-Manage-Third-Party-Cybersecurity-Risk.png" data-entity-uuid="d5427c8a-05dd-4708-9330-067731fbea5a" data-entity-type="file" alt="4 Keys to Manage Third-Party Cybersecurity Risk. A shadowing spy with a key in his hand opens a computer folder icon with Enter printed on it." width="100%" height="100%"></p><p>October marks Cybersecurity Awareness Month, a global campaign dedicated to educating individuals, businesses and institutions about the importance of online safety. For health care leaders, this is an important month to raise awareness in this area, particularly since the frequency and sophistication of cyber incursions into health care have increased steadily.</p><p>Like a mutating virus, the tactics used by bad actors to steal information, delay and disrupt patient care, and shut down vital systems putting patient care and safety at risk, continue to evolve.</p><p>The disruption to care delivery occurs not only when hospitals are attacked directly, but also when mission- and life-critical third-party providers to health care are attacked by ransomware. The loss of critical dependent third-party technology and services may be even more wide-ranging and disruptive to patient care than when hospitals are attacked directly.</p><p>When UnitedHealth Group’s Change Healthcare was attacked by the Russian ransomware group ALPHV Blackcat this year, every hospital in the country felt the impact in one way or another. It was the most significant and consequential cyberattack in the history of U.S. health care.</p><h2><span>Bad Actors’ Hub-and-Spoke Strategy</span></h2><p>Hospitals become collateral damage from an attack on a third party, which is part of cybercriminals' highly effective hub-and-spoke strategy, notes John Riggi, AHA national adviser for cybersecurity and risk, in a recent <a href="/news/aha-cyber-intel/2024-08-05-third-party-cyber-risk-impacts-health-care-sector-most-heres-how-prepare">AHA Cyber Intel blog</a>. By gaining access to the hub (a third-party’s technology), they gain access to all the spokes — the health care organizations that are the customers of the third party. This provides malicious actors with a digital pathway to infect multiple covered entities with malware or ransomware, or to extract data.</p><p>In other words, the bad guys have it figured out: Why hack or attack 1,000 hospitals when they can target the one common business associate and get all the data or disrupt all the hospitals that depend on that single, mission-critical third-party provider?</p><p>Sound familiar? If we’ve learned anything from the widespread, long-lasting, debilitating impact of this spring’s cyberattack on Change Healthcare, it’s this: To sidestep the effects of the inevitable next health care cyberattack, hospitals need to prepare their business and clinical continuity procedures now for an extended loss of services.</p><h2><span>4 Strategies to Bolster Third-Party Risk Management</span></h2><h3><span><img src="/sites/default/files/inline-images/Scrutinize-your-third-party-risk-management-program-icon.png" data-entity-uuid="a9748780-8f51-478d-8469-28041892bc65" data-entity-type="file" alt="Scrutinize your third-party risk management program icon." width="100" height="130" class="align-left">1</span> <span>|</span> Scrutinize your third-party risk management program (TPRM).</h3><p>Review your program’s governance structure and determine whether it needs to be revamped. Confirm that you have a complete, multidisciplinary approach to create a dynamic inventory of all third-party vendors that have access to your systems. Then make sure that your TPRM program identifies, classifies and prioritizes the risks posed by these vendors as well as their subcontractors — drilling down to the level of fourth-party risk.</p><h3><span><img src="/sites/default/files/inline-images/Implement-third-party-risk-based-controls-and-cyber-liability-insurance-icon.png" data-entity-uuid="e3a7bfd1-837e-44ae-a96a-f317ae6b7b3a" data-entity-type="file" alt="Implement third-party, risk-based controls and cyber liability insurance requirements based on identified risk levels icon." width="100" height="130" class="align-left">2</span> <span>|</span> Implement third-party, risk-based controls and cyber liability insurance requirements based on identified risk levels.</h3><p>Assess and formalize your policies and processes for incorporating cybersecurity into third-party risk management. These should include conducting periodic in-depth technical, legal, policy and procedural reviews of the TPRM program and business associate agreement (BAA). The BAA should include cybersecurity and cyber insurance requirements for the vendor and subcontractors, which scale with the level of risk presented by each business associate. In addition, implement annual policy and procedure cyber-risk assessments for vendors, as well as annual vulnerability and penetration testing assessments.</p><h3><span><img src="/sites/default/files/inline-images/Consistently-and-clearly-communicate-internally-your-TPRM-policies-icon.png" data-entity-uuid="527fd12a-efdd-4c42-b7b0-44eebe349710" data-entity-type="file" alt="Consistently and clearly communicate internally your TPRM policies, procedures and requirements icon." width="100" height="130" class="align-left">3</span> <span>|</span> Consistently and clearly communicate internally your TPRM policies, procedures and requirements.</h3><p>Every individual, department and business unit within your organization that purchases technology, services and supplies should be educated about your organizational cybersecurity requirements for third parties and the potential cybersecurity risks to the organization that are involved in work using third-party vendors.</p><h3><span><img src="/sites/default/files/inline-images/Prepare-intensively-for-incident-response-and-recovery-icon.png" data-entity-uuid="17465675-6750-4702-a6b6-d4433501e0ef" data-entity-type="file" alt="Prepare intensively for incident response and recovery icon." width="100" height="130" class="align-left">4</span> <span>|</span> Prepare intensively for incident response and recovery.</h3><p>First and foremost, it is necessary on an ongoing basis to implement a process to identify all internal and external, third-party and supply chain providers of life- and mission-critical functions, services and technology. Identify which organizations or other providers depend on your organization for essential services. Which health care providers depend on the availability of your technology, services, networks and data? What is the contingency plan for these dependent organizations, should you be disconnected from the internet and go "digitally dark"? What impact will there be on your services if you are victim to a ransomware attack?</p><p>Second, in case a cyberattack disables your functions, services and technology, or those of a third party, ensure that they are sufficiently backed up and prioritized for restoration on an enterprise level. Develop operational, business and, most importantly, clinical continuity plans and downtime procedures for each of the internal and external critical technology and services dependencies. Ideally, these procedures should be able to sustain a loss of that life- and mission-critical function without significant impact or degradation of quality, for up to four weeks or longer.</p><p>Third, train staff to execute these plans proficiently. Conduct regular downtime drills and cyberattack exercises for a variety of scenarios at the individual, departmental and enterprise levels, and invite your third-party vendors to participate.</p><p>Last, but not least, incorporate your cyber incident response plan into the overall incident response plan, and integrate the business continuity plans and downtime procedures into the overall incident-command and emergency-preparedness functions.</p><hr><h2><span>Learn More</span></h2><p>The following AHA resources offer additional insights on how to mitigate cyber-risk and strengthen cybersecurity.</p><ul><li><a href="/news/blog/2022-10-21-third-party-cyber-risk-your-cyber-risk-how-understand-mitigate-and-prepare-third-party-cyber-risk-exposure">“Third Party Cyber Risk is Your Cyber Risk. How to Understand, Mitigate and Prepare for Third Party Cyber Risk Exposure,”</a> a blog from John Riggi, AHA’s national security adviser for cybersecurity and risk.</li><li><a href="/news/perspective/2024-10-04-strengthening-cybersecurity-protect-patients-and-access-care">“Strengthening Cybersecurity to Protect Patients and Access to Care,”</a> a perspective from AHA President and CEO Rick Pollack.</li><li><a href="/education-events/navigating-health-care-cybersecurity-storm-strategies-resilience-and-risk-reduction">“Navigating the Health Care Cybersecurity Storm,”</a> an AHA Leadership Scan panel discussion available on demand.</li></ul></div><div class="col-md-4"><p><a href="/center" title="Visit the AHA Center for Health Innovation landing page."><img src="/sites/default/files/inline-images/logo-aha-innovation-center-color-sm.jpg" data-entity-uuid="7ade6b12-de98-4d0b-965f-a7c99d9463c5" alt="AHA Center for Health Innovation logo" width="721" height="130" data-entity- type="file" class="align-center"></a></p><p><a href="/center/form/innovation-subscription"><img src="/sites/default/files/2019-04/Market_Scan_Call_Out_360x300.png" data-entity-uuid data-entity-type alt width="360" height="300"></a></p></div></div></div>.field_featured_image { position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } .featured-image{ position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } Tue, 22 Oct 2024 06:30:00 -0500 Enterprise Risk Management (ERM) /news/perspective/2024-05-17-supporting-hospital-and-health-system-boards-we-navigate-changing-health-care-landscape <p>The many complexities of health care today continue to challenge hospital and health system governing boards to ensure that high-quality patient care is provided to the communities they serve.</p><p>Nowadays, boards need to bring much more than traditional oversight of finances, quality and patient care. Board members must be knowledgeable across a wide variety of health care topics and issues (some further their learning by rounding with clinicians), as well as community bridge-builders who can forge coalitions to advance health.</p><p>The past few years have wrought profound changes, expanding the board’s role in hospital and health system oversight as never before.</p><p>For one thing, the accountability of boards has substantially increased. Today, board members find themselves confronted with multi-faceted challenges such as workforce shortages, a rise in behavioral and mental health issues that impact their communities and workforce, not to mention the ever-present threat of cyberattacks and the expanding role of artificial intelligence.</p><p>Successfully engaging with these issues requires not only a thorough understanding of them, but the ability to create workable strategies and solutions to support their hospitals and health systems to continue to provide high-quality care for their patients and communities.</p><p>Today’s risks have become more significant than in the past. For example, it is important for hospitals and health systems to have a cybersecurity plan in place and for boards to understand what the plan is, what the risks are and what the plan will be going forward.</p><p>And because risk oversight has become increasingly important to organizational sustainability, boards also need to create an enterprise risk management (ERM) discipline that supports the identification, assessment and management of risks. This helps boards to function as effective stewards and fiduciaries and focus on the issues critical to creating greater value for their organizations and stakeholders.</p><p>At the same time, boards also should be looking at their structure to ensure they are diverse in representing their community’s needs. Diversity not only means race and ethnicity, but age, expertise and skill set. A diverse board is a strong board, one that can have robust discussion about the issues impacting their hospitals and health systems.</p><p>Service as a board member today can be demanding, but the opportunity to guide, advise and support the health care organizations that are cornerstones of our communities is immensely rewarding.</p><p><strong>The AHA supports good governance by offering education and resources on governance practices and our field’s emerging challenges that are crucial to advancing health in every community across the country. </strong><a href="https://trustees.aha.org/" target="_blank" title="AHA Trustee Services homepage"><strong>AHA’s Trustee Services</strong></a><strong> serves as the hub for a broad array of efforts to help hospitals and their boards navigate the transforming health care landscape.</strong></p><p>In addition, several of AHA’s key meetings have sessions or educational tracks designed for trustees. For example, at July’s <a href="https://leadershipsummit.aha.org/" target="_blank" title="2024 AHA Leadership Summit homepage">AHA Leadership Summit</a> in San Diego, trustees will have opportunities to enhance their understanding of emerging issues in governance and learn to apply new models and practices.</p><p>Good governance helps ensure quality care for patients and families; fosters safe, positive environments for health care teams; and ultimately helps create healthier communities.</p><p>Thanks to all the community leaders who serve on hospital and health system boards across the country. Please use our <a href="https://trustees.aha.org/" target="_blank" title="AHA Trustee Services homepage">trustee resources</a> as additional insight and tools so we can continue our work together to advance health in America.</p> Fri, 17 May 2024 08:38:03 -0500 Enterprise Risk Management (ERM) /news/headline/2024-04-23-boardroom-brief-encouraging-risk-aware-culture-drive-value <p>A new <a href="https://trustees.aha.org/boardroom-brief-encouraging-risk-aware-culture-drive-value">Boardroom Brief</a> from AHA Trustee Services and the American Society for Health Care Risk Management offers guidance and resources to help boards drive value through enterprise risk management. “Boards that understand the ERM framework and its key concepts will be better able to manage uncertainty, act as effective stewards and fiduciaries and focus on the issues critical to creating greater value for their organizations and stakeholders,” the brief notes.</p> Tue, 23 Apr 2024 15:20:10 -0500 Enterprise Risk Management (ERM) /career-resources/certification-center/cphrm <div> /* Banner_Title_Overlay_Bar */ .Banner_Title_Overlay_Bar { position: relative; display: block; overflow: hidden; max-width: 1170px; margin: 0px auto 25px auto; } .Banner_Title_Overlay_Bar h1 { position: absolute; bottom: 40px; color: #003087; background-color: rgba(255, 255, 255, .8); width: 100%; padding: 20px 40px; font-size: 3em; box-shadow: 0 3px 8px -5px rgba(0, 0, 0, .6); } @media (max-width:991px) { .Banner_Title_Overlay_Bar h1 { bottom: 0px; margin: 0px; font-size: 2.5em; } } @media (max-width:767px) { .Banner_Title_Overlay_Bar h1 { font-size: 2em; text-align: center; text-indent: 0px; padding: 10px 20px; } } @media (max-width:530px) { .Banner_Title_Overlay_Bar h1 { position: relative; background-color: #63666A22; } } <header class="Banner_Title_Overlay_Bar"><img src="/sites/default/files/2024-04/aha-cc-cphrm-banner-image-1170x250.png" alt="Banner Image"><div><h1>Certified Professional in Health Care Risk Management (CPHRM)</h1></div></header></div><div class="row"> p.center_Lead { color: #63666A; font-weight: 300; line-height: 1.4; font-size: 21px; margin-bottom:25px; } <div class="col-md-9"><p class="center_Lead">Take your career in health care risk management to the next level. Obtaining the Certified Professional in Health Care Risk Management (CPHRM) certification is the next step to demonstrate your experience and expertise in the health care risk field.</p><p class="center_Lead">The CPHRM is a prerequisite for many of the best jobs in the field. Earn your CPHRM and continue to build an exciting career.</p><p class="center_Lead">Learn about how to get certified or how to renew your <a href="#Certifications" title="Jump to Health Care Certifications For Professional Development">certification below</a> or visit <a href="https://www.ashrm.org/education/cphrm" target="_blank" title="Visit American Society for Health Care Risk Management | CPHRM Certification">American Society for Health Care Risk Management </a>(ASHRM).</p></div><div class="col-md-3"><div><h4 class="text-align-center"><a href="/career-resources/certification-center" title="���������� Association Certification Center (AHA-CC)">���������� Association Certification Center (AHA-CC)</a></h4><img src="/sites/default/files/2023-08/CPHRM_logo_250x250.png" alt="Certified Professional in Health Care Risk Management (CPHRM) Logo"><ul><li><a href="#Resources" title="Here you will find links to forms, documents, and other relevant content"><strong>Program Resources</strong></a></li><li>P: <a href="(312) 422-3702" title="Call the Certification team">(312) 422-3702</a></li><li>E: <a href="mailto:certification@aha.org?subject=Info%20about%20the%20AHA%20Certification%20Center:%20CPHRM" title="Email the Certification team">certification@aha.org</a></li></ul></div></div></div><div class="row" id="Certifications"> /* PFLmenu */ .PFLmenu { margin: 20px auto; padding-bottom: 5px; color: #afb1b1; letter-spacing: 1.5px; font-weight: 400; font-size: .9em; width: 100%; } .PFLmenu .PFLMenuBar { border: 1px solid #5fa1d0; padding: 5px 10px; overflow: auto; width: fit-content; margin: auto; } .PFLmenu .PFLMenuBar .PFLmenuGroup a:after { content: "|"; padding: 0 3px 0 6px; color: #9d2235; font-weight: 700; } .PFLmenu .PFLMenuBar .PFLmenuGroup a:last-child:after { content: ""; } .PFLmenu a.PFLmenuHome { text-transform: uppercase; color: #63666A; font-weight: 700; } .PFLmenu a.PFLmenuHome:hover { color: #9d2235; } .PFLmenu .PFLmenuGroup { float: right; } .PFLmenu .PFLmenuHome, .PFLmenu .PFLmenuParent { text-transform: ; color: #63666A; opacity: .9; } .PFLmenu .PFLmenuParent { float: ; font-weight: 700; } .PFLmenu .PFLmenuChild {} .PFLmenu .PFLmenuCurrent { opacity: .7; } .PFLmenu .PFLmenuHome:hover, .PFLmenu .PFLmenuParent:hover { text-transform: ; color: #9d2235; } .PFLmenu .PFLmenuActive { font-weight: 500; color: #9d2235; } /* PFLmenu // */ <div class="PFLmenu"><div class="PFLMenuBar"><div class="PFLmenuGroup"><a class="PFLmenuParent" href="#Qualify" title="Jump to: Do I Qualify for Certification">Do I Qualify for Certification</a> <a class="PFLmenuParent" href="#Logistics" title="Jump to: Testing Logistics">Testing Logistics</a> <a class="PFLmenuParent" href="#Process" title="Jump to: Recertification Process">Recertification Process</a> <a class="PFLmenuParent" href="#Study" title="Jump to: Study Resources">Study Resources</a></div></div></div></div> .SessionWrapper { border: solid 1px #aaa; margin-bottom: 20px; } h2.SessionTitle { font-weight: 700; background-color: #003087; color: #fff; padding: 15px; margin-top: 0px; margin-bottom: 25px; font-size: 33px; } .SessionEvents { margin-bottom: 30px; } .SessionEvents br { margin-bottom: 10px; } .SessionEvents h3 { font-size: 30px; } .SessionEvents h4 { */color: #9d2235;*/ } .SessionEvents ul { list-style: none; /* Remove default bullets */ padding-left: 25px; margin-bottom: 25px; } .SessionEvents ul li { margin-bottom: 7px; line-height: 1.5em; font-size: 16px; } .SessionEvents ul li::before { content: " "; font-size: 1em; margin-right: 10px; display: inline-block; height: 12px; background-color: #9d2235; width: 12px; position: relative; top: 0px; } .SessionEvents ul li { padding-left: 23px; text-indent: -23px; } <div class="row SessionWrapper" id="Qualify"><h2 class="SessionTitle">Do I Qualify for Certification?</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"><h3 id="Researchers">Eligibility for the examination requires <span>ONE</span> of the following <span>AND</span> meeting the requirement for risk management experience:</h3><h4>Education/Health Care Experience</h4><ul><li>Baccalaureate degree or higher from an accredited college or university plus five (5) years of experience in a health care setting or with a provider of services to the health care industry.</li><li>Associate degree or equivalent from an accredited college plus seven (7) years of experience in a health care setting or with a provider of services to the health care industry.</li><li>High school diploma or equivalent plus nine (9) years of experience in a health care setting or with a provider of services to the health care industry.</li></ul><h4>Risk Management Experience</h4><p>3,000 hours or 50 percent of full-time job duties within the last three years dedicated to health care risk management in a health care setting or with a provider of services (e.g. consultant, broker, or attorney) to the health care industry.</p></div><div class="col-md-1"> </div></div></div><div class="row SessionWrapper" id="Logistics"><h2 class="SessionTitle">Testing Logistics</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"> <img alt="medical staff with hand to head" src="/sites/default/files/2022-09/spg_job_stressor_400.png"> </div>--><p>The ���������� Association Certification Center contracts with PSI to administer its certification exams.</p><p>Eligible candidates <a href="http://ams.aha.org/eweb/DynamicPage.aspx?webcode=AHACertApply&ct1_credential=CPHRM&ct2_process=CPHRM_APP" title="Apply">must apply</a> to take the exam with the ���������� Association Certification Center. Once the candidate purchases their exam, they can schedule their exam with PSI through the <a href="https://ams.aha.org/eweb/dynamicpage.aspx?webkey=c2d2b8a9-0b78-4ff4-88c2-1fd4ebbd2302" title="AHA Certification Portal">AHA Certification Portal</a>. Candidates can schedule their exam with PSI at an approved <a href="https://home.psiexams.com/#/test-center?p=NGH9CHWN" title="Find an Exam Center">testing center</a> or they can schedule a <a href="https://www.psiexams.com/wp-content/uploads/2023/07/PM-Online-Proctoring-Full-Guide.pdf" target="_blank" title="PSI | Testing Excellence: Online Proctoring Guide">live-remote proctored</a> exam with PSI.</p><p>If you need to reschedule an exam, log in to the <a href="http://ams.aha.org/eweb/DynamicPage.aspx?webcode=AHACertApply&ct1_credential=CPHRM&ct2_process=CPHRM_APP" target="_blank" title="Online Certification Management Portal">Online Certification Management Portal</a>.</p><h3>Exam cost:</h3><ul><li>$275 for ASHRM members</li><li>$425 for non-members</li><li>Eligible veterans can have the cost of their <a href="https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/test-fees/" target="_blank" title="U.S. Department of Veterans Affairs| Get paid back for test fees">exam reimbursed</a></li></ul><p>Candidates that pass their exam can expect to receive their official certification from the ���������� Association Certification Center two to four weeks after their testing date. Please contact the <a href="mailto:certification@aha.org?subject=Info%20about%20the%20AHA%20Certification%20Center:%20CPHRM" title="Email the Certification team">���������� Association Certification Center</a> if you have questions about a certification or need the receipt for the exam for your records.</p></div><div class="col-md-1"> </div></div></div><div class="row SessionWrapper" id="Process"><h2 class="SessionTitle">Recertification Process</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"><h3>Certificants can renew their certification in <span>two</span> ways:</h3><ul><li><strong>Option 1:</strong> Track and renew your CE credits by logging into your <a href="https://ams.aha.org/eweb/dynamicpage.aspx?webkey=c2d2b8a9-0b78-4ff4-88c2-1fd4ebbd2302" target="_blank" title="Certification Portal">Certification Portal</a> and <a href="/system/files/media/file/2019/05/AHA_CC-CPHRM-QualifyingActivities.pdf" target="_blank" title="AHA CC CPHRM Qualifying Activities">documenting 45 qualifying contact hours</a> over your three-year certification period.</li><li><strong>Option 2:</strong> Successfully pass the CPHRM exam.</li></ul><p>Certificants may submit their renewal <span><strong>one year</strong></span> before the current expiration date. However, if you submit your application early, that will not change the expiration date or extend the next renewal cycle. Your 45 contact hours must fall within the three-year certification dates.</p><h3>Renewal fees:</h3><ul><li>$135 for ASHRM members</li><li>$225 for non-members</li></ul><p><em><small>Additional $50 if renewing in the 30 days after your expiration date.</small></em></p><p><em><small>You can submit your certification renewal up to 30 days after your expiration date with a $50 late fee. However, you cannot submit CECs you earned during this 30-day extended grace period. If you do not submit your renewal by the end of the 30-days, you will have to retake and successfully pass the exam to reinstate your credential.</small></em></p><p><em><small>The ���������� Association Certification Center may grant an extension of time to a certificant to complete the number of Continuing Education Credits (CECs) required for a recertification cycle. An extension of time shall not relieve the applicant of the responsibility for completion of the recertification requirements for the cycle in which the extension period falls. A certificant with a credential in Revoked status is NOT eligible to request an extension.</small></em></p></div><div class="col-md-1"> </div></div></div><div class="row SessionWrapper" id="Study"><h2 class="SessionTitle">Study Resources</h2><div class="SessionEvents"><div class="col-md-1"> </div><div class="col-md-10"><ul><li>Review the <a href="https://www.ashrm.org/education/cphrm" target="_blank" title="ASHRM | CPHRM Certification">ASHRM resource page</a> to see a list of materials and classes offered for CPHRM exam preparation.</li><li>Take the <a href="https://www.psionlinestore.com/aha/" target="_blank" title="psi Testing Excellence | AHA (���������� Association Certification Center)">SAE-Self Assessment Exam</a>, an online test that parallels the actual certification exam.</li></ul></div><div class="col-md-1"> </div></div></div> .y-hr3 div:nth-child(2){ border-top: solid 2px lightgrey; margin: 25px 0px } <div class="row y-hr3"><div class="col-md-3"> </div><div class="col-md-6"> </div><div class="col-md-3"> </div></div><div class="row"><div class="col-md-12" id="Resources"><div class="col-md-12"><h2>Program Resources</h2></div><div class="col-md-4 col-sm-6"><h3>Quick Links</h3><ul><li><a href="http://www.ashrm.org/" target="_blank">ASHRM</a></li><li><a href="/system/files/media/file/2019/05/AHA_CC-CPHRM-Handbook.pdf" target="_blank" title="AHA CC CPHRM Handbook">Candidate Handbook</a></li><li><a href="https://ams.aha.org/eweb/DynamicPage.aspx?site=aha&WebCode=runreports&RedirectUrl=https%3A%2F%2Fams.aha.org%2Feweb%2FReports%2FReportStart.aspx%3FReportKey%3Dc61e4e61-dc4e-4cc3-a20c-790963bebfd3%26cpg_code%3Dcphrm%26new_certs%3Dno&_ga=2.75725717.1619578656.1508702991-352981974.1508351712" target="_blank" title="Credential Verification">Credential Verification</a></li><li><a href="https://ams.aha.org/eweb/dynamicpage.aspx?webkey=c2d2b8a9-0b78-4ff4-88c2-1fd4ebbd2302" target="_blank" title="Certification Portal">Certification Portal</a></li></ul></div><div class="col-md-4 col-sm-6"><h3>Forms</h3><ul><li><a href="/system/files/media/file/2023/11/AHA-CC-W9.pdf" target="_blank" title="View the W9">W9</a></li><li><a href="/system/files/media/file/2023/02/AHA_CC-Pin-Cert-form.pdf" target="_blank" title="View the Certificate/Pin Order Form">Certificate/Pin Order Form</a></li><li><a href="/system/files/media/file/2024/05/AHA_CC-Logo-form.pdf" target="_blank" title="View the Logo Order Form">Logo Order Form</a></li></ul></div><div class="col-md-4 col-sm-12"><h3>Health Care Certifications</h3><ul><li><a href="/career-resources/certification-center#PatientSafety" title="Patient Safety Professionals">Patient Safety Professionals</a></li><li><a href="/career-resources/certification-center#EnvironmentalServices" title="Environmental Services Professionals">Environmental Services Professionals</a></li><li><a href="/career-resources/certification-center#Facilities" title="Facilities Professionals">Facilities Professionals</a></li><li><a href="/career-resources/certification-center#Construction" title="Construction">Construction</a></li><li><a href="/career-resources/certification-center#SupplyChain" title="Supply Chain">Supply Chain</a></li></ul></div></div></div> Thu, 11 Apr 2024 12:05:46 -0500 Enterprise Risk Management (ERM) /aha-center-health-innovation-market-scan/2020-06-16-shared-risk-may-be-key-future-growth <div class="container row"> <div class="row"> <div class="col-md-8"> <p><img alt="Shared Risk May Be Key to Future Growth Opportunities. A light bulb made out of paper on graph paper covered with business and productivity icons." data-entity-type="file" data-entity-uuid="9ef4747a-445c-45c1-a5f0-23681dbed085" src="/sites/default/files/inline-images/ms_060920_item1-innovations-620_1592553.jpg" width="620" height="381"></p> <p>COVID-19 has taken a catastrophic financial toll on health care providers, with an estimated <a href="/system/files/media/file/2020/05/aha-covid19-financial-impact-0520-FINAL.pdf" target="_blank">$202.6 billion loss between March and June for hospitals</a> alone. This precipitated a sectorwide downgrade by <a href="https://www.moodys.com/research/Moodys-Credit-stress-continues-to-rise-in-US-healthcare-sector--PBC_1217372?WT.mc_id=AM%7ERmluYW56ZW4ubmV0X1JTQl9SYXRpbmdzX05ld3NfTm9fVHJhbnNsYXRpb25z%7E20200309_PBC_1217372" target="_balnk">Moody’s</a> and <a href="https://www.fitchratings.com/healthcare-pharma" target="_blank">FitchRatings</a> from stable to negative.</p> <p>To make matters worse, this comes on the heels of a period during which many hospitals were already operating on razor-thin margins, especially in rural communities where <a href="https://guidehouse.com/-/media/www/site/insights/healthcare/2020/ruralhospitalsustainabilityindex0420_rev01.pdf" target="_blank">nearly one in four face the risk of closure</a>.</p> <p>Innovation within this context may mean more shared-risk opportunities vs. traditional vendorbuyer relationships, notes Andy Shin, chief operating officer for the AHA’s Center for Health Innovation, in a recent <a href="linkedin.com/pulse/health-care-embrace-three-innovation-trends-after-covid-19-andy-shin/" target="_blank">blog</a>.</p> <p>Defensive tools that reduce operational expenses may get first priority over new value creation for most, but net new revenue opportunities outside of patient care may be an offensive strategy for others. Shin cites three categories that will be especially ripe for new entrants, innovators and collaborators when COVID-19 subsides, including:</p> <h2>Building a Bigger Digital Front Door</h2> <p>Before a vaccine becomes available during the recovery phase, a hospital’s digital front door may be one of the most important channels to instill consumer confidence by providing easy access to clinical guidelines and directing patients to the appropriate levels of care, including virtual options. Other use cases like zero-contact intake tools and virtual waiting rooms not only facilitate social distancing, but also reduce wait times to see a doctor.</p> <p>Once in the rebuilding mode, more hospitals and health systems likely will invest in expanding their digital front door capabilities, looking to enhance artificial intelligence (AI)-enabled tools, increasing access to patients’ own data and integrating patient engagement solutions more fully across the enterprise to empower consumers and decrease administrative burden. The <a href="/center/aha-digital-pulse" target="_blank">AHA Digital Pulse website</a>, created in concert with <a href="https://aviahealth.com/" target="_blank">AVIA</a>, allows organizations to assess how effectively they have established a digital front door.</p> <h2>The Sharing Economy Comes to Health Care</h2> <p>While sharing-economy platforms exist for individuals who share homes, cars and landscaping equipment, there hasn’t been a similar effort in health care for a variety of reasons. Yet, COVID-19 has created acute needs at varying times for different parts of the country, lending itself well to sharing-economy innovations.</p> <p>For example, health systems were recruited to offer spare ventilators to the <a href="https://www.ahadata.com/dynamic-ventilator-reserve" target="_blank">Dynamic Ventilator Reserve</a>, a federal government-AHA partnership virtual inventory, so that they could be loaned easily to hot spots where they are needed most. Moving forward, we may see a wave of new entrants partner and scale marketplaces or even exchanges that help locate and trade for scarce medical supplies.</p> <p a able access acute apart approach be care chronic continue covid-19 disease during economy essential from height injuries is learned lesson need of or pandemic patients providing services sharing should supplies that the there timely to utilizing we with> </p><h2>Compassion Tech</h2> <p>Though COVID-19 is not solely responsible for widening the compassion divide, the opportunity to foster more of the human connection through technological channels will be an area of intense interest.</p> <p>Facial recognition tools that provide instant feedback to clinicians on their demeanor via a computer screen can be effective in sending better body language signals or detect depression in patients — otherwise hidden in plain sight. AI tools that can assist families with difficult conversations about serious illness can help demystify what is still perceived by many as a taboo issue, Shin notes. Compassion tech could be the glue between health care and technology that we’ve been missing.</p> </div> <div class="col-md-4"> <p><a href="/center" title="Visit the AHA Center for Health Innovation landing page."><img alt="AHA Center for Health Innovation logo" data-entity- data-entity-uuid="7ade6b12-de98-4d0b-965f-a7c99d9463c5" src="/sites/default/files/inline-images/logo-aha-innovation-center-color-sm.jpg" type="file" class="align-center"></a></p> <a href="/center/form/innovation-subscription"><img alt data-entity-type data-entity-uuid src="/sites/default/files/2019-04/Market_Scan_Call_Out_360x300.png"></a></div> </div> </div> .field_featured_image { position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } .featured-image{ position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } Tue, 16 Jun 2020 11:05:25 -0500 Enterprise Risk Management (ERM)