• Joy Xu Headshot

Joy Xu

Student

McMaster University

"Social Distancing” Amid Digital Pandemics

Connected Conference Theme:
Biography:

Joy Xu is a student at McMaster University in the health sciences program. With great passion towards healthcare, she’s an avid researcher who has worked on health policy at the McMaster Health Forum, computer simulations at the University of Toronto, and explores the department of anesthesiology and rheumatology.

Proposal Inspiration:

“I’ve always held an intrinsic curiosity towards science. Born near the start of a new millennium, I witnessed the monumental progress in digital innovations. Growing up, my interests peaked within healthcare and I began learning about technological miracles helping institutions deliver compassionate support to the community. Wherever I volunteered, privacy and confidentiality was always held in high-regard and even became embedded as one of my personal core values. However, I often observed the lack of attention directed towards data sharing on the internet. As I scrolled through social media, I felt countless twinges of concern as I saw potential realms for privacy breaching. This year, misinformation and cyber attacks throughout COVID-19 has truly shown the detrimental effects of inadequate attention towards cyber security and digital transformation. The future can only prevail in optimism by learning from the surreal events of 2020. More than ever, these issues must be addressed now.”

Need/Opportunity for Action:

In 2018, Canada strived closer towards attaining universal pharmacare with the Ontario Drug Benefit (ODB) program which provided over 4,400 prescription drug products to vulnerable demographics [1,2]. However, substantial economic losses have resulted from the lack of vigilance towards digital transformation of the pharmaceutical industries, including measures to improve cyber security and digital systems [3,4]. Pharmaceutical fraudulence accounts for an estimated 2 – 10% loss out of the $5.9 billion cost of the ODB program [5], [6]. With a conservative estimate, a mere 2% loss adds up to $118 million lost annually [5]. Yet only $5 million is recovered from pharmacy inspections every year [7]. The system of fraud prevention relies on outdated technology, including lack of adequate encryption, cyber security, and automated processes [4, [6].

For example, one of the most reported methods of “accidental fraud” involves the ministry of health’s computer system which has a seven-day window to reverse charges [7]. Billing cannot be reverted after this period, which often results in accidental charging when long-term care institutions don’t inform pharmacies of a resident’s death in time [7], [8].

The ministry also lacks consistency with implementing inspections. For example, the ministry did not report any fraud cases for two years to the Ontario Provincial Police’s Anti-Rackets Health Fraud Investigation Unit in 2013 and 2014, and only reported two cases in 2015 [8]. When the Ontario Provincial police asked for files, the ministry provided 13 cases where 8 cases were deemed too old for investigation (which included false prescriptions made against physician orders, false billing, and even billing when there were no customer visits) [5], [8], [9]. Without digital transformation, the archive system did not provide adequate integration between different units within the justice system for proficient fraudulent inspections [4].

In 2019, an investigation showed that fake transfers were easily made to falsely charge for drugs that were never in the inventory in the first place [8], [10]. With this method, over 100 of Ontario pharmacies have been involved with fraudulence within five years [8]. Additionally, auditors often provided early notice for inspection, which enabled pharmacies to replicate official documents within a few hours [11].

Though most pharmaceutical institutions have incorporated digital systems, additional defensive mechanisms must be instilled to tighten fraud regulations and also protect patient confidentiality [4], [12]. Cyber attacks have been detrimental to the healthcare system, often rendering millions of patient data lost to illegal sources such as the WannaCry ransomware cryptoworm demanding payment from hospitals in cryptocurrency [13], [14]. Even Express Scripts, one of the largest processors of pharmacy prescriptions, reported extortionists demanding for personal medical information on millions of patients [15].

Particularly within 2020, digital transformation must be prioritized with the unprecedented incidence of COVID-19 [16]. The continuous malperformance of fraud prevention is a culmination of an entire decade’s lack of sufficient attention to digital transformation in the pharmaceutical industries [12], [17].

Beyond pharmacare, cyber security must prevail against cyber attacks targeting health care information intended for the public [16]. Network penetration rates have tripled with attempts to steal intellectual property while taking advantage of the epidemic to extract ransom payments [18]. In 2019, ransom demands reached over $84 to $338 million (which is $570 million to $2.3 billion after factoring downtime costs) [18].

Canada remains as the only country with universal healthcare, but not pharmacare [19]. The ODB program has advanced us closer, but in addition to innovation, proactive maintenance needs to operate simultaneously to create sustainable systems for both medicare and pharmacare [20]. As a leading country, we must recognize the outdated elements and risks associated with this model during a digital era. By implementing the following feasible recommendations, the pharmaceutical industry can uphold precedence in digitally transforming systems for preventative measures against fraudulence, cyber attacks, and other technological risks.

Proposed Action:

1. Bolster the internal connectivity of pharmaceutical governance with enhanced digital systems

Most members involved within pharmaceutical fraudulence prevention should co-work rather than codepend in a serial process of inspection like the Ontario Ministry of Health, OPPs and College of Pharmacists [8]. For example, the health fraud investigation unit only inspects pharmacies based on ministry referrals (which resulted in no crime investigation between 2013 – 2015) [8], [9]. Hence, the allocation of specialized pro-active sectors within each group can alleviate the stagnancy and duration of the process. Unlike previous decades, digital records and online communication platforms can increase visibility between the moderating groups to adopt efficient methods within the serial approval process [7], [11]. The pro-active sectors within each department may require increased staffing which can be costly. However,the investment returns prove to save more than expended– in 2017, 10 inspectors recovered $10.3 million alone [8]. Within 4,200 pharmacies, only 6% are audited every year [8]. Therefore, increasing inspections can be a feasible and lucrative investment to sustaining pharmacare in the long-term. Additionally, e-health cloud computing can allow controlled data sharing to certain groups to streamline pharmaceutical processes at an enterprise level [21]. The cloud computing technology may present additional security risks– however, security architecture can establish privacy domains in the e-health infrastructure to uphold patient confidentiality [21]. Additional measures could include the implementation of cryptographic techniques which serve multifunctional purposes: (1) Stored data can be encrypted over the network available to users (2) Authentication mechanisms can be employed with decryption keys and digital signature verification [21], [22]. Through these processes, further investment and research could yield potential solutions to reducing inefficient operations [17].

2. Integrate technological solutions to improve pharmaceutical systems and enhance cyber security

Many fraudulent cases encompass counterfeited documents to pass inspections [8]. Official prescription and drug transfer documents should incorporate unique identifiers which can only be recognized through authorized personnel and government representatives [23]. Even with early notice of inspections, these identifiers prevent external manipulations while allowing auditors to access the unique identifier for the document validity [23], [24]. This may be in the form of number codes that match government registry, guilloches background printing, rainbow printing, invisible fluorescent printing, intaglio printing, micro-printing, etc [24]. The detection process can also be automated for efficiency through hand-held recognition machines or equipment for authorized government officials use only [21], [25]. Alternative options include classification systems to analyze the printing technique (where counterfeit documents often yield inkjet due to PC printouts) [25], [26]. Pharmacies should increase vigilance in implementing cybersecurity measures within technical management [27]. All pharmacies can significantly reduce cyber attack risks through implementing the encryption of data, secured hardware, and updated antivirus and malware protection software [28]. Particularly within smaller to medium pharmacies, cyber security can easily neglect the insurance of highquality systems administration and maintenance which is essential to configuring digital systems [29]. Social awareness among staff must proceed simultaneously [27]. Besides technical breaching, common cyber security risks often pose in the form of fake websites exploiting visitors (called watering holes) and emails requiring sensitive information (called phishing) [28]. During training orientations, cyber security must be contextualized beyond technical terms to warn staff of its appearance through common means such as unsolicited emails [27], [29]. Additionally, reporting cyber attack incidents should be a priority as well. In 2017, only 10% of Canadian businesses reported incidents to the police, which allow cyber criminals to continue victimizing other entities with data breaching and economic losses [30].

  1. Sanford, S., Hu, J., Fordham, J., Bates, L., Roche, B., Leon, S. and Barnes, S., 2018. Finding The

    Way Forward: Equitable Access To Pharmacare In Ontario. [online] Wellesleyinstitute.com. Available at: <http:// www.wellesleyinstitute.com/wp-content/uploads/2018/10/Finding-the-Way-Forward-

    Equitable-Access-to-Pharmacare-in-Ontario-.pdf> [Accessed 31 August 2020].

  2. “Get coverage for prescription drugs,” ontario.ca, 20-Sep-2016. [Online]. Available: https://www.ontario.ca/page/get-coverage- prescription-drugs. [Accessed: 31-Aug-2020].

  3. Knowledge Protection: A Research Agenda I. Ilvonen, S. Thalmann, M. Manhart, and C. Sillhaber, “Reconciling digital transformation and knowledge protection: a research agenda,” The Operational Research Society, 13-Mar-2018. [Online]. Available: https://

    doi.org/10.1080/14778238.2018.1445427. [Accessed: 01-Sep-2020].

  4. L. V. Minard, H. Deal, M. E. Harrison, K. Toombs, H. Neville, and A. Meade, “Pharmacists’ Perceptions of the Barriers and Facilitators to

    the Implementation of Clinical Pharmacy Key Performance Indicators,” Plos One, 04-Apr-2016. [Online]. Available: https://doi.org/10.1371/ journal.pone.0152903. [Accessed: 01-Sep-2020].

  5. A. Miller, “Medical fraud north of the 49th,” CMAJ : Canadian Medical Association journal = journal de l’Association medicale canadi- enne, 08-Jan-2013. [Online]. Available: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3537805/. [Accessed: 31-Aug-2020].

  6. B. Dachis, “Fiscal Soundness and Economic Growth: An Economic Program for Ontario,” SSRN, 26-Mar-2018. [Online]. Available: http://

    dx.doi.org/10.2139/ssrn.3145368. [Accessed: 01-Sep-2020].

  7. “Ontario Drug Programs Reference Manual ,” Ministry of Health, 27-Nov-2019. [Online]. Available: http://www.health.gov.on.ca/en/pro/ programs/drugs/resources/odp_reference_manual.pdf. [Accessed: 01-Sep-2020].

  8. B. Lysyk, “Ontario Public Drug Programs,” Auditor Annual Report, Dec-2017. [Online]. Available: https://www.auditor.on.ca/en/content/ annualreports/arreports/en17/v1_309en17.pdf [Accessed: 31-Aug-2020].

  9. A. Shnier, “Fraudulent Misrepresentation and Fraudulent Concealment in Products Liability in Tort Law in Canada: The Special Relationship Between Drug Companies and Consumers in the Context of the Fraudulent Misrepresentation and Fraudulent Concealment of Data,” Spring- erLink, 04-Feb-2020. [Online]. Available: https://doi.org/10.1007/978-981-15-1424-1_9. [Accessed: 01-Sep-2020].

  10. I. Akomea-Frimpong and C. Andoh, “Understanding and controlling financial fraud in the drug industry,” Journal of Financial Crime, 31-Jan- 2020. [Online]. Available: https://doi.org/10.1108/JFC-06-2019-0071. [Accessed: 01-Sep-2020].

  11. “Chapter 4-Regulating Pharmaceutical Drugs-Health Canada,” 2011 Fall Report of the Auditor General of Canada, 2011. [Online]. Available: https://www.oag-bvg.gc.ca/internet/English/parl_oag_201111_04_e_35936.html. [Accessed: 01-Sep-2020].

  12. E. Perakslis and R. M. Califf, “Employ Cybersecurity Techniques Against Medical Misinformation,” JAMA Network, 16-Jul-2019. [Online]. Avail- able: https://jamanetwork.com/journals/jama/article-abstract/2736435?

    casa_token=hYpUFe62zT8AAAAA:TrBmKDWM7dwmPytBpGTiMqUVdWKLleQm7p2Sj3qdnpgs46MNYfgN_7jsZR5zf6EQGXkuQUotXg. [Accessed: 31

    -Aug-2020].

  13. A. Damodaran, T. A. E. Aven, J. M. Woodruff, J. R. W. AJ. Card, G. Purdy, B. R. Carroll, S. G. AC. Cagliano, L. A. Cox, O. K. M. Briner, V. G. S. Etges APB da, P. B. LP. Fávero, M. M. S. P. Bromiley, J. D. J. Celona, L. B. M. C. FA. Chervenak, A. A. Oppenberg, J. B. L. JE. Wallace, A. D. B. GT.

    Troyer, and J. C. JR. Haney, “Development of an enterprise risk inventory for healthcare,” BMC Health Services Research, 24-Jul-2018. [Online]. Available: https://doi.org/10.1186/s12913-018-3400-7. [Accessed: 01-Sep-2020].

  14. G. Martin, S. Ghafur, J. Kinross, C. Hankin, and A. Darzi, “WannaCry- A Year On,” The BMJ, 04-Jun-2018. [Online]. Available: https:// doi.org/10.1136/bmj.k2381. [Accessed: 01-Sep-2020].

  15. K. Evans, Human capital crisis in cybersecurity: technical proficiency matters. Place of publication not identified: Ctr For Strat & Intl Stds, 2010.

  16. Canadian Centre for Cyber Security, “Cyber Threat Bulletin: Impact of COVID-19 on Cyber Threats to the Health Sector,” Canadian Centre for Cyber Security, 15-Aug-2018. [Online]. Available: https://cyber.gc.ca/en/guidance/cyber-threat-bulletin-impact-covid-19-cyber-threats-health-

    sector. [Accessed: 31-Aug-2020].

  17. K. Huang, M. Siegel, and S. Madnick, “Systematically Understanding the Cyber Attack Business: A Survey,” Digital Object Identifier System, Jul- 2018. [Online]. Available: https://doi.org/10.1145/3199674. [Accessed: 01-Sep-2020].

  18. S. Ho, Ransomware costs Canadian companies as much as $2.3 billion, 15-Feb-2020. [Online]. Available: https://www.ctvnews.ca/business/ ransomware-costs-canadian-companies-as-much-as-2-3-billion-1.4813224#:~:text=Ransomware costs Canadian companies as much as $2.3 bil- lion,-Solarina Ho CTVNews&text=The report by anti-malware,US$260 million last year. [Accessed: 31-Aug-2020].

  19. “The Advisory Council on the Implementation of National Pharmacare recommends Canada implement universal, si…,” Government of Cana- da, 12-Jun-2019. [Online]. Available: https://www.canada.ca/en/health-canada/news/2019/06/the-advisory-council-on-the-implementation-of- national-pharmacare-recommends-canada-implement-universal-single-payer-public-pharmacare.html. [Accessed: 01-Sep-2020].

  20. S. G. Morgan and J. R. Daw, “Canadian pharmacare: looking back, looking forward,” Healthcare policy , Aug-2012. [Online]. Available: https:// www.ncbi.nlm.nih.gov/pmc/articles/PMC3430151/. [Accessed: 01-Sep-2020].

  21. H. Lohr, A.-R. Sadeghi, and M. Winandy, “Securing the e-health cloud,” ACM Digital Library, Nov-2010. [Online]. Available: https:// doi.org/10.1145/1882992.1883024. [Accessed: 01-Sep-2020].

  22. A. Bussani, J. L. Griffin, B. Jansen, K. Julisch, G. Karjoth, H. Maruyama, M. Nakamura, and R. Perez, “https://dominoweb.draco.res.ibm.com/ reports/rc23792.pdf,” IBM Research Report, 09-Nov-2005. [Online]. Available: https://dominoweb.draco.res.ibm.com/reports/rc23792.pdf.

    [Accessed: 01-Sep-2020].

  23. N. Paskin, “Toward unique identifiers,” Toward unique identifiers , Jul-1999. [Online]. Available: https://ieeexplore.ieee.org/ document/771073. [Accessed: 01-Sep-2020].

  24. A. B. Centeno, O. R. Terrades, J. L. Canet, and C. C. Morales, “Identity Document and banknote security forensics: a survey,” arXiv.org, 20-Oct- 2019. [Online]. Available: https://arxiv.org/abs/1910.08993. [Accessed: 01-Sep-2020].

  25. R. Nanavati , Real-time Identification System using Mobile Hand-held Devices: Mobile Biometrics Evaluation Framework , Apr-2014. [Online]. Available: https://apps.dtic.mil/sti/pdfs/AD1017590.pdf. [Accessed: 01-Sep-2020].

  26. C. H. Lampert, L. Mei, and T. M. Breuel, “(PDF) Printing Technique Classification for Document …,” Printing Technique Classification for Docu- ment Counterfeit Detection, Nov-2006. [Online]. Available: https://www.researchgate.net/ publication/224761226_Printing_Technique_Classification_for_Document_Counterfeit_Detection. [Accessed: 01-Sep-2020].

  27. “Guide to Information Security For The Health Care Sector,” E-health Ontario, 2010. [Online]. Available: https://www.ehealthontario.on.ca/ images/uploads/pages/documents/InfoSecGuide_Complex.pdf. [Accessed: 01-Sep-2020].

  28. “Baseline Cyber Security Controls for Small and Medium Organizations,” Canadian Centre for Cyber Security, 15-Aug-2018. [Online]. Available: https://cyber.gc.ca/en/guidance/baseline-cyber-security-controls-small-and-medium-organizations. [Accessed: 01-Sep-2020].

  29. G. A. Canada, “Spotlight on Cybersecurity,” Global Affairs Canada, 29-Jun-2020. [Online]. Available: https://www.tradecommissioner.gc.ca/ guides/spotlight-pleins_feux/spotlight_cybersecurity_pleins_feux_cybersecurite.aspx?lang=eng#TC2. [Accessed: 01-Sep-2020].

  30. H. Bilodeau, M. Lari, and M. Uhrbach, “Cyber security and cybercrime challenges of Canadian businesses, 2017,” Statistics Canada: Canada’s national statistical agency / Statistique Canada : Organisme statistique national du Canada, 28-Mar-2019. [Online]. Available: https://www150.statcan.gc.ca/n1/pub/85-002-x/2019001/article/00006-eng.htm. [Accessed: 01-Sep-2020].

Disclaimer: The French version of this text has been auto-translated and has not been approved by the author.