Finance
Even After Reopening, Healthcare Delivery Organizations Still Hurting Financially
Research from the Alexandria, Va.-based trade association AMGA reveals that nearly 9 in 10 medical groups and integrated health systems report their revenue has declined by 25 percent or more during the COVID-19 pandemic.
These findings, compiled from recent surveys conducted by AMGA, highlight the urgent need for Congress to provide more financial assistance to U.S. healthcare providers, the association’s officials concluded. The 95 respondents to the AMGA surveys included leaders from 59 of the nation’s preeminent integrated health systems and 36 independent medical groups. The surveys were conducted May 26 to June 1.
The data showed that nearly 90 percent of medical groups and integrated health systems report that their revenue has declined by 25 percent or more during the COVID-19 pandemic, with nearly 40 percent of medical groups and 20 percent of integrated health systems saying monthly revenue losses have exceeded 50 percent.
The CARES Act, signed into law on March 27, provided $100 billion in relief to healthcare providers. The HEROES Act, approved by the House of Representatives on May 15, included an additional $100 billion for the Provider Relieve Fund. In a letter to Senate leadership last week, AMGA asked Congress to continue funding the Provider Relief Fund in future legislative packages. Despite this relief, these survey findings demonstrate that more immediate assistance is needed if medical groups and integrated health systems are to continue meeting the needs of patients—both during and after the pandemic, AMGA officials pointed out. AMGA previously reported survey data showing that two-thirds of integrated health systems said their initial share of payments from the CARES Act will replace less than one week of revenue lost.
It should be noted that an MGMA Stat poll from May found that 89 percent of medical practice leaders said they have returned to doing in-person visits. More than half (54 percent) reported that all of their providers are seeing patients in person, while 20 percent said 76 percent to 99 percent of providers were seeing patients in person. Today, those in-person visit numbers are likely even higher.
“Health systems and medical groups are operating under a cloud of financial uncertainty that threatens their ability to continue to deliver the best care to their communities,” said AMGA President and CEO Jerry Penso, M.D. “We continue to urge Congress to provide additional funding to stabilize the front lines of the COVID-19 crisis.”
Privacy & Security
Review of Government-Sponsored Contact Tracing Apps Reveals Major Security Risks
A comprehensive review of 17 contact tracing apps, each from a different country, reveals that the vast majority of contact tracing apps built and deployed by governments are not sufficiently secured.
A new report from mobile app security company Guardsquare included an assessment 17 Android mobile contact tracing apps from 17 different countries, including Europe, the Americas, and Asia-Pacific. All apps were built by government entities, with some supported by third-party contractors. Researchers noted it was not an exhaustive list, but “provides a window into the security flaws most contact tracing apps contain.”
Contact tracing—identifying individuals who may have come into contact with an infected person and then collecting data on these contacts—has helped stop previous deadly outbreaks, and the report’s researchers note that since the COVID-19 crisis began, many countries, as well as public and private organizations, have rushed to develop contact tracing apps.
The Guardsquare analysts said that contact tracing apps have been plagued with severe security issues from the start. Some apps, such as Qatar’s, have already experienced security threats, and researchers have raised legitimate fears about users’ data being broadcast and stolen, they reported.
Yet most of the developers behind these apps are still not taking proper security precautions, they said. When the Guardsquare team spoke with one country that had built its own contact tracing app, they felt that they were not gathering any “data of interest,” and thus did not see the value of spending resources to improve security, according to the report.
The researchers conducted both static and dynamic analysis, and analyzed each of the apps to search for six types of security and privacy protections, across two key categories: code hardening and Runtime Application Self-Protection (RASP). Late last year, Guardsquare performed a similar security analysis on financial services mobile apps, and its researchers now say that like that examination, “it’s clear that the vast majority of contact tracing apps built and deployed by governments are not sufficiently secured. They are easy for hackers to decompile, attack, and even create fake clones, and are likely to lead to security breaches if they have not already.”
In the U.S. specifically, the report found that 100 percent of apps include some level of name obfuscation and string encryption, but none include asset/resource encryption or class encryption, and none have root detection or emulator detection.
Notably, the researchers pointed out that in most cases, these apps are opt-in—but in this analysis, three of the apps that were analyzed are mandatory, meaning that citizens of those nations are compelled to download and use them.
The combined population of the three countries who have mandatory apps is about 1.4 billion people. Of the apps that are mandatory, just one-third (33 percent) use any name obfuscation or root detection, and none use any type of encryption or emulator detection, the researchers noted.
They further pointed out that for contact tracing programs to be successful, the vast majority of people must participate. They concluded, “When security flaws are publicized, the whole app is suddenly distrusted and its utility wanes as users drop off. If these apps are improperly secured (as most are), user data—in particular, location information—may be at risk. This is a security issue and a major privacy concern, and can even run organizations up against compliance laws like GDPR, potentially resulting in massive fines, as well as reputational and trust issues.”
