Raul Luna,Emily Rhine,Matthew Myhra,Ross Sullivan,Clemens Scott Kruse

DOI: https://doi.org/10.3233/THC-151102

Abstract:Background: Recent legislation empowering providers to embrace the electronic exchange of health information leaves the healthcare industry increasingly vulnerable to cybercrime. The objective of this systematic review is to identify the biggest threats to healthcare via cybercrime. Objective: The rationale behind this systematic review is to provide a framework for future research by identifying themes and trends of cybercrime in the healthcare industry. Methods: The authors conducted a systematic search through the CINAHL, Academic Search Complete, PubMed, and ScienceDirect databases to gather literature relative to cyber threats in healthcare. All authors reviewed the articles collected and excluded literature that did not focus on the objective. Results: Researchers selected and examined 19 articles for common themes. The most prevalent cyber-criminal activity in healthcare is identity theft through data breach. Other concepts identified are internal threats, external threats, cyber-squatting, and cyberterrorism. Conclusions: The industry has now come to rely heavily on digital technologies, which increase risks such as denial of service and data breaches. Current healthcare cyber-security systems do not rival the capabilities of cyber criminals. Security of information is a costly resource and therefore many HCOs may hesitate to invest what is required to protect sensitive information.

Clemens Scott Kruse,Benjamin Frederick,Taylor Jacobson,D Kyle Monticone

DOI: https://doi.org/10.3233/THC-161263

Abstract:Background: The adoption of healthcare technology is arduous, and it requires planning and implementation time. Healthcare organizations are vulnerable to modern trends and threats because it has not kept up with threats. Objective: The objective of this systematic review is to identify cybersecurity trends, including ransomware, and identify possible solutions by querying academic literature. Methods: The reviewers conducted three separate searches through the CINAHL and PubMed (MEDLINE) and the Nursing and Allied Health Source via ProQuest databases. Using key words with Boolean operators, database filters, and hand screening, we identified 31 articles that met the objective of the review. Results: The analysis of 31 articles showed the healthcare industry lags behind in security. Like other industries, healthcare should clearly define cybersecurity duties, establish clear procedures for upgrading software and handling a data breach, use VLANs and deauthentication and cloud-based computing, and to train their users not to open suspicious code. Conclusions: The healthcare industry is a prime target for medical information theft as it lags behind other leading industries in securing vital data. It is imperative that time and funding is invested in maintaining and ensuring the protection of healthcare technology and the confidentially of patient information from unauthorized access.

Cartwright, Anthony James

DOI: https://doi.org/10.1007/s10877-023-01013-5

IF: 1.977

2023-04-24

Journal of Clinical Monitoring and Computing

Abstract:Cybersecurity has seen an increasing frequency and impact of cyberattacks and exposure of Protected Health Information (PHI). The uptake of an Electronic Medical Record (EMR), the exponential adoption of Internet of Things (IoT) devices, and the impact of the COVID-19 pandemic has increased the threat surface presented for cyberattack by the healthcare sector. Within healthcare generally and, more specifically, within anaesthesia and Intensive Care, there has been an explosion in wired and wireless devices used daily in the care of almost every patient—the Internet of Medical Things (IoMT); ventilators, anaesthetic machines, infusion pumps, pacing devices, organ support and a plethora of monitoring modalities. All of these devices, once connected to a hospital network, present another opportunity for a malevolent party to access the hospital systems, either to gain PHI for financial, political or other gain or to attack the systems directly to cause erroneous monitoring, altered settings of any device and even to access the EMR via this IoMT window. This exponential increase in the IoMT and the increasing wireless connectivity of anaesthesia and ICU devices as well as implantable devices presents a real and present danger to patient safety. There has, at the same time, been a chronic underfunding of cybersecurity in healthcare. This lack of cybersecurity investment has left the sector exposed, and with the monetisation of PHI, the introduction of technically unsecure IoT devices for monitoring and direct patient care, the healthcare sector is presenting itself for further devastating cyberattacks or breaches of PHI. Coupled with the immense strain that the COVID-19 pandemic has placed on healthcare and the changes in working patterns of many caregivers, this has further amplified the exposure of the sector to cyberattacks.

anesthesiology

Kimmarie Donahue,Shawon Rahman

DOI: https://doi.org/10.48550/arXiv.1512.01731

2015-11-30

Cryptography and Security

Abstract:Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems and ensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance

Mitchell G. Goldenberg,Teodor P. Grantcharov

DOI: https://doi.org/10.1007/978-3-319-61446-5_17

2018-01-01

Health Informatics

Abstract:Patient confidentiality has remained a central issue in the current “big data” era of healthcare. Protections such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) exist to ensure that digital personal health information (PHI) are legally secure from threats and breaches that would threaten confidentiality. To be compliant with HIPAA regulations, steps must be taken by health care providers and digital health platforms, and these fall under the Privacy Rule, which outlines appropriate uses and disclosures of PHI, and the Security Rule, which lays out with granularity the steps that must be taken to adhere to the HIPAA regulations. Through deliberate design of secure digital health platforms, we can use technological advances in the collection, measurement, and delivery of health care to advance care and improve patient safety. Renewed efforts to optimize and standardize health care delivery has facilitated the implementation of electronic and digital health solutions that benefit medical and surgical training and efficiency while minimizing harm to patients. Cross-industry innovations such as the OR Black Box® will allow us to accomplish these lofty goals. Finally, we must strive to include patients in this digital health movement, as now more than ever we can create knowledge translation solutions that ensure that patients understand their health in a meaningful way.

Mohammad S Jalali,Sabina Razak,William Gordon,Eric Perakslis,Stuart Madnick

DOI: https://doi.org/10.2196/12644

2019-02-15

Abstract:Background: Over the past decade, clinical care has become globally dependent on information technology. The cybersecurity of health care information systems is now an essential component of safe, reliable, and effective health care delivery. Objective: The objective of this study was to provide an overview of the literature at the intersection of cybersecurity and health care delivery. Methods: A comprehensive search was conducted using PubMed and Web of Science for English-language peer-reviewed articles. We carried out chronological analysis, domain clustering analysis, and text analysis of the included articles to generate a high-level concept map composed of specific words and the connections between them. Results: Our final sample included 472 English-language journal articles. Our review results revealed that majority of the articles were focused on technology: Technology-focused articles made up more than half of all the clusters, whereas managerial articles accounted for only 32% of all clusters. This finding suggests that nontechnological variables (human-based and organizational aspects, strategy, and management) may be understudied. In addition, Software Development Security, Business Continuity, and Disaster Recovery Planning each accounted for 3% of the studied articles. Our results also showed that publications on Physical Security account for only 1% of the literature, and research in this area is lacking. Cyber vulnerabilities are not all digital; many physical threats contribute to breaches and potentially affect the physical safety of patients. Conclusions: Our results revealed an overall increase in research on cybersecurity and identified major gaps and opportunities for future work.

Pius Ewoh,Tero Vartiainen

DOI: https://doi.org/10.2196/46904

2024-05-31

Abstract:Background: Health care organizations worldwide are faced with an increasing number of cyberattacks and threats to their critical infrastructure. These cyberattacks cause significant data breaches in digital health information systems, which threaten patient safety and privacy. Objective: From a sociotechnical perspective, this paper explores why digital health care systems are vulnerable to cyberattacks and provides sociotechnical solutions through a systematic literature review (SLR). Methods: An SLR using the PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) was conducted by searching 6 databases (PubMed, Web of Science, ScienceDirect, Scopus, Institute of Electrical and Electronics Engineers, and Springer) and a journal (Management Information Systems Quarterly) for articles published between 2012 and 2022 and indexed using the following keywords: "(cybersecurity OR cybercrime OR ransomware) AND (healthcare) OR (cybersecurity in healthcare)." Reports, review articles, and industry white papers that focused on cybersecurity and health care challenges and solutions were included. Only articles published in English were selected for the review. Results: In total, 5 themes were identified: human error, lack of investment, complex network-connected end-point devices, old legacy systems, and technology advancement (digitalization). We also found that knowledge applications for solving vulnerabilities in health care systems between 2012 to 2022 were inconsistent. Conclusions: This SLR provides a clear understanding of why health care systems are vulnerable to cyberattacks and proposes interventions from a new sociotechnical perspective. These solutions can serve as a guide for health care organizations in their efforts to prevent breaches and address vulnerabilities. To bridge the gap, we recommend that health care organizations, in partnership with educational institutions, develop and implement a cybersecurity curriculum for health care and intelligence information sharing through collaborations; training; awareness campaigns; and knowledge application areas such as secure design processes, phase-out of legacy systems, and improved investment. Additional studies are needed to create a sociotechnical framework that will support cybersecurity in health care systems and connect technology, people, and processes in an integrated manner.

Stephanie Ness,Tushar Khinvasara

DOI: https://doi.org/10.9734/jerr/2024/v26i21075

2024-01-29

Journal of Engineering Research and Reports

Abstract:Currently, the majority of economic, commercial, cultural, social, and governmental activity and contacts between countries, encompassing individuals, non-governmental organizations, and government institutions, occur in the virtual realm known as cyberspace. In recent times, numerous private enterprises and governmental institutions worldwide have encountered the issue of cyber- attacks and the peril associated with wireless communication technology. The modern society heavily relies on electronic technology, and safeguarding this data from cyber-attacks poses a formidable challenge. Cyber-attacks are intended to inflict financial harm onto companies. Cyber- attacks may serve military or political objectives in certain instances. Some examples of these damages include PC infections, knowledge breaches, data distribution service (DDS), and other attack routes. For this purpose, different companies employ diverse strategies to mitigate the harm caused by cyber-attacks. Cybersecurity monitors up-to-date information on the most recent IT data. Researchers worldwide have proposed several techniques to prevent cyber-attacks or mitigate their impact. Several approaches are currently in the operational phase, while others are still in the study phase. The objective of this study is to conduct a thorough examination and evaluation of the latest advancements in the field of cyber security, with the purpose of identifying and analyzing the problems, vulnerabilities, and strengths of the proposed methodologies. A comprehensive analysis is conducted on several forms of novel descendant attacks. The discussion revolves around conventional security frameworks, encompassing their historical context and early-generation approaches to cyber-security. Furthermore, this report presents the latest advancements and developing patterns in the field of cyber security, as well as the current problems and risks to security. The comprehensive review study offered for IT and cyber security researchers is anticipated to be beneficial.

JG Zhang,XM Chen,J Zhuang,JR Jiang,XY Zhang,DQ Wu,HK Huang

DOI: https://doi.org/10.1117/12.480651

2003-01-01

Abstract:In this paper, we presented a new security approach to provide security measures and features in both healthcare information systems (PACS, RIS/HIS), and electronic patient record (EPR). We introduced two security components, certificate authoring (CA) system and patient record digital signature management (DSPR) system, as well as electronic envelope technology, into the current hospital healthcare information infrastructure to provide security measures and functions such as confidential or privacy, authenticity, integrity, reliability, non-repudiation, and authentication for in-house healthcare information systems daily operating, and EPR exchanging among the hospitals or healthcare providers. CA component keeps the information of user personnel identification, accessing rights, and their administration levels, and the DSPR component manages the All the digital signatures of patient medical records signed through using an-symmetry key encryption technologies. The electronic envelopes used for EPR exchanging are created based on the information of signers, digital signatures, and identifications of patient records stored in CAS and DSMS, as well as the destinations and the remote users. The CAS and DSMS were developed and integrated into a RIS-integrated PACS, and the integration of these new security components is seamless and painless. The electronic envelopes designed for EPR were used successfully in multimedia data transmission.

Megha M. Moncy,Sadia Afreen,Saptarshi Purkayastha

2023-11-07

Abstract:This research examines the pivotal role of human behavior in the realm of healthcare data management, situated at the confluence of technological advancements and human conduct. An in-depth analysis of security breaches in the United States from 2009 to the present elucidates the dominance of human-induced security breaches. While technological weak points are certainly a concern, our study highlights that a significant proportion of breaches are precipitated by human errors and practices, thus pinpointing a conspicuous deficiency in training, awareness, and organizational architecture. In spite of stringent federal mandates, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, breaches persist, emphasizing the indispensable role of human factors within this domain. Such oversights not only jeopardize patient data confidentiality but also undermine the foundational trust inherent in the healthcare infrastructure. By probing the socio-technical facets of healthcare security infringements, this article advocates for an integrated, dynamic, and holistic approach to healthcare data security. The findings underscore the imperative of augmenting technological defenses while concurrently elevating human conduct and institutional ethos, thereby cultivating a robust and impervious healthcare data management environment.

Computers and Society,Cryptography and Security

Joseph E Chasteen,Gretchen Murphy,Arden Forrey,David Heid

2004-08-15

Abstract:This article reviews the issues related to the Health Insurance Portability & Accountability Act (HIPAA) security rule that apply to dental practice. The security rule specifically addresses individually identifiable health information that is transmitted or maintained in electronic media. System security must be applied to the entire technical infrastructure for the practice environment as well as to the work culture on a daily basis and must be thought of as an enterprise asset. Security refers to all of the policies, procedures, tools, and techniques used to assure that privacy and confidentiality are adequately addressed in a healthcare system. HIPAA requires all covered entities that transmit or maintain electronic health information perform, and document, a risk assessment for security and develop a security plan to address major areas of concern. A self-assessment tool is provided in this article.

Rajesh Keshavrao Deshmukh,Mohit Shrivastav

DOI: https://doi.org/10.70135/seejph.vi.769

2024-09-02

Abstract:India and other Asian nations are seeing an unparalleled pace of advancement in the modernisation of their healthcare systems. In this endeavour, information technology is crucial. Though the healthcare industry has made great progress, information security is still lagging behind the protection requirements attained in technologically developed nations such as the United States and the United Kingdom. This study is an honest attempt to pinpoint vulnerabilities and dangers in the field of cybersecurity and offers a few targeted remedies in three main domains: risks, vulnerabilities, and IoMT. Using a qualitative research methodology, this research culminates in the creation of a security maturity model for Indian healthcare. Furthermore, in light of these attacks, the well-known National Institute of Standards and Technology (NIST) risk assessment system and its guiding principles are examined. Evaluating the risks intrinsic to these hacks analytically becomes crucial given the comparatively low information risk management maturity levels in Asian healthcare organisations. While several nations in Asia and throughout the world are battling the COVID-19 outbreak, cybercriminals have been attempting to spread misinformation about vaccines. Additionally, some people and organisations are attempting to undermine specific vaccines in order to promote their COVID-19 treatments. Hacking research data, virus testing, and clinical studies that reveal side effects or possible issues are of particular interest to profit-seeking businesses. The secure methodology for identifying network attacks is suggested by this study.

Stephen J Tipton,Sara Forkey,Young B Choi

DOI: https://doi.org/10.1007/s10916-016-0465-x

Abstract:This paper examines various methods encompassing the authentication of users in accessing Electronic Medical Records (EMRs). From a methodological perspective, multiple authentication methods have been researched from both a desktop and mobile accessibility perspective. Each method is investigated at a high level, along with comparative analyses, as well as real world examples. The projected outcome of this examination is a better understanding of the sophistication required in protecting the vital privacy constraints of an individual's Protected Health Information (PHI). In understanding the implications of protecting healthcare data in today's technological world, the scope of this paper is to grasp an overview of confidentiality as it pertains to information security. In addressing this topic, a high level overview of the three goals of information security are examined; in particular, the goal of confidentiality is the primary focus. Expanding upon the goal of confidentiality, healthcare accessibility legal aspects are considered, with a focus upon the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With the primary focus of this examination being access to EMRs, the paper will consider two types of accessibility of concern: access from a physician, or group of physicians; and access from an individual patient.

Benjamin Ransford,Daniel B. Kramer,Denis Foo Kune,Chen Yan,Wenyuan Xu,Thomas Crawford,Kevin Fu

DOI: https://doi.org/10.1111/pace.13102

2017-01-01

PACE - Pacing and Clinical Electrophysiology

Abstract:Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high-profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk-based analysis of security concerns that supports ongoing discussions with patients about their medical devices.

Josephine Lamp,Carlos E. Rubio-Medrano,Ziming Zhao,Gail-Joon Ahn

DOI: https://doi.org/10.1145/3278576.3278602

2018-01-01

Abstract:The proliferation of networked medical devices has resulted in the development of innovative Medical Cyber-Physical Systems (MCPS) that promise more coordinated and high quality of care for patients. Unsurprisingly, the cybersecurity of MCPS is of high concern, as they are life-critical systems that, if compromised, may result in dire consequences to the patient. A variety of security requirements have been developed over the past 10 years as a result of governmental acts such as HITECH in order to better secure and protect healthcare environments. However, it is unclear how applicable these requirements may be to MCPS infrastructures. As a result, this case study analyzes current healthcare security requirements and their applicability to MCPS using an approach that leverages ontological representations and automated requirement traversal techniques. Using such a methodology, we find that 70% of applicable requirements/risks for MCPS components are missing from the security documentation, including serious items such as Authentication, Data Encryption, DoS attacks, and Legacy Vulnerabilities. We also validate our results within real-world instances and find that almost half of the relevant requirements are not implemented within existing MCPS architectures.

A Bourka,N Polemi,D Koutsouris

Abstract:The scope of this paper is to present the current needs and trends in the field of healthcare systems security. The approach applied within the described review was based on three major steps. The first step was to define the point and ways of penetration and integration of security services in current healthcare related applications addressing technical, organisational and legal/regulatory issues. The second step was to specify and evaluate common security technologies applied in healthcare information systems pointing out gaps and efficient solutions, whereas the third was to draw conclusions for the present conditions and identify the future trends of healthcare information security. A number of EU RTD Projects were selected, categorised, analysed and comparatively evaluated in terms of security. The technical focus was on key security technologies, like Public Key Infrastructures (PKIs) based on Trusted Third Parties (TTPs) in conjunction with other state-of-the-art security components (programming tools, data representation formats, security standards and protocols, security policies and risk assessment techniques). The experience gained within this review will provide valuable input for future security applications in the healthcare sector, solving existing problems and addressing real user needs.

Kishu Gupta,Vinaytosh Mishra,Aaisha Makkar

DOI: https://doi.org/10.1109/JBHI.2024.3467179

2024-10-06

Abstract:Healthcare has witnessed an increased digitalization in the post-COVID world. Technologies such as the medical internet of things and wearable devices are generating a plethora of data available on the cloud anytime from anywhere. This data can be analyzed using advanced artificial intelligence techniques for diagnosis, prognosis, or even treatment of disease. This advancement comes with a major risk to protecting and securing protected health information (PHI). The prevailing regulations for preserving PHI are neither comprehensive nor easy to implement. The study first identifies twenty activities crucial for privacy and security, then categorizes them into five homogeneous categories namely: $\complement_1$ (Policy and Compliance Management), $\complement_2$ (Employee Training and Awareness), $\complement_3$ (Data Protection and Privacy Control), $\complement_4$ (Monitoring and Response), and $\complement_5$ (Technology and Infrastructure Security) and prioritizes these categories to provide a framework for the implementation of privacy and security in a wise manner. The framework utilized the Delphi Method to identify activities, criteria for categorization, and prioritization. Categorization is based on the Density-Based Spatial Clustering of Applications with Noise (DBSCAN), and prioritization is performed using a Technique for Order of Preference by Similarity to the Ideal Solution (TOPSIS). The outcomes conclude that $\complement_3$ activities should be given first preference in implementation and followed by $\complement_1$ and $\complement_2$ activities. Finally, $\complement_4$ and $\complement_5$ should be implemented. The prioritized view of identified clustered healthcare activities related to security and privacy, are useful for healthcare policymakers and healthcare informatics professionals.

Cryptography and Security,Machine Learning

AKM Iqridar Newaz,Amit Kumar Sikder,Mohammad Ashiqur Rahman,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.2005.07359

2020-05-15

Cryptography and Security

Abstract:The recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of the patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices (IMDs), body area networks (BANs), and Internet of Things (IoT) technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems as any security or privacy violation can lead to severe effects on patients' treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security measures in healthcare devices and applications. In this paper, we explore various security and privacy threats to healthcare systems and discuss the consequences of these threats. We present a detailed survey of different potential attacks and discuss their impacts. Furthermore, we review the existing security measures proposed for healthcare systems and discuss their limitations. Finally, we conclude the paper with future research directions toward securing healthcare systems against common vulnerabilities.

D B Harding Jr,R J Gac Jr,C T Reynolds 3rd,J Romlein,A K Chacko

DOI: https://doi.org/10.1007/BF03167663

Abstract:The modern information revolution has facilitated a metamorphosis of health care delivery wrought with the challenges of securing patient sensitive data. To accommodate this reality, Congress passed the Health Insurance Portability and Accountability Act (HIPAA). While final guidance has not fully been resolved at this time, it is up to the health care community to develop and implement comprehensive security strategies founded on procedural, hardware and software solutions in preparation for future controls. The Virtual Radiology Environment (VRE) Project, a landmark US Army picture archiving and communications system (PACS) implemented across 10 geographically dispersed medical facilities, has addressed that challenge by planning for the secure transmission of medical images and reports over their local (LAN) and wide area network (WAN) infrastructure. Their model, which is transferable to general PACS implementations, encompasses a strategy of application risk and dataflow identification, data auditing, security policy definition, and procedural controls. When combined with hardware and software solutions that are both non-performance limiting and scalable, the comprehensive approach will not only sufficiently address the current security requirements, but also accommodate the natural evolution of the enterprise security model.

Isabel Straw,Irina Brass,Andrew Mkwashi,Inika Charles,Amelie Soares,Caroline Steer

DOI: https://doi.org/10.2196/50505

2024-07-11

Abstract:Background: Health care professionals receive little training on the digital technologies that their patients rely on. Consequently, practitioners may face significant barriers when providing care to patients experiencing digitally mediated harms (eg, medical device failures and cybersecurity exploits). Here, we explore the impact of technological failures in clinical terms. Objective: Our study explored the key challenges faced by frontline health care workers during digital events, identified gaps in clinical training and guidance, and proposes a set of recommendations for improving digital clinical practice. Methods: A qualitative study involving a 1-day workshop of 52 participants, internationally attended, with multistakeholder participation. Participants engaged in table-top exercises and group discussions focused on medical scenarios complicated by technology (eg, malfunctioning ventilators and malicious hacks on health care apps). Extensive notes from 5 scribes were retrospectively analyzed and a thematic analysis was performed to extract and synthesize data. Results: Clinicians reported novel forms of harm related to technology (eg, geofencing in domestic violence and errors related to interconnected fetal monitoring systems) and barriers impeding adverse event reporting (eg, time constraints and postmortem device disposal). Challenges to providing effective patient care included a lack of clinical suspicion of device failures, unfamiliarity with equipment, and an absence of digitally tailored clinical protocols. Participants agreed that cyberattacks should be classified as major incidents, with the repurposing of existing crisis resources. Treatment of patients was determined by the role technology played in clinical management, such that those reliant on potentially compromised laboratory or radiological facilities were prioritized. Conclusions: Here, we have framed digital events through a clinical lens, described in terms of their end-point impact on the patient. In doing so, we have developed a series of recommendations for ensuring responses to digital events are tailored to clinical needs and center patient care.