University of Mississippi Medical Center (MS) will pay $2.75 million to settle HIPAA charges related to the 2013 theft of password-protected laptop by a visitor to the hospital’s medical ICU. OCR’s investigation uncovered the fact that entry of a generic WiFi username and password provided access to an unsecured Microsoft Access database that contained the information of 10,000 patients.
OCR concluded that UMMC’s “organizational deficiencies and insufficient institutional oversight” prevented it from undertaking risk management activities even though the hospital knew it was vulnerable. It also noted that the hospital did not perform the required patient notification following the laptop’s theft.
From Sieve Crusher: “Re: US Digital Service. They’re actively recruiting. Experience in the EHR world is applicable to government work in many ways – long-time employees, legacy systems, and a culture of poor user interfaces. Silicon Valley experience isn’t needed – the government can use folks of talent. There’s also 18F, an earlier companion effort that allows remote work instead of relocation to DC, but they are backlogged with applicants.” It sounds pretty fun for someone without a family or already in the DC area since no relocation assistance is provided – it’s a one-year commitment with benefits provided and a casual work environment. Not everybody can say they spent time working for the White House.
From HER Auto Correct: “Re: article saying that EHR use decrease costs. I don’t believe it.” The 2014 article concludes that per-admission costs are 10 percent lower in hospitals that use advanced EHRs. I really dislike studies in which Database A is linked to Database B to reach a lofty conclusion implying causation vs. correlation. This is one of those. The authors sampled a 2009 inpatient treatment database and matched it up to the sometimes-accurate HIMSS Analytics database of what EHR each hospital uses. “Cost” was derived from applying the cost-to-charge ratio of each hospital to its billed charges, which is a pretty blunt measure of a hospital’s actual incremental cost, although it’s usually all we have to work with. There’s also the question of ensuring a representative sample of hospitals in all sizes and locations and selecting patients of similar complexity. All that aside, correlation is not causation and most hospitals are already using advanced EHRs, so I don’t see any practical application of the conclusions. A better study would have been to choose 10 hospitals that implemented EHRs and see how their individual costs changed afterward, although the huge problem persists in trying to factor out all other variables. One last observation: bias exists in even the topic of the study – do hospitals really expect to reduce costs by implementing EHRs? The fact that even the financially distressed hospitals don’t de-install them and go back to paper suggests a self-assessed positive ROI that may or may not be financial.
HIStalk Announcements and Requests
Poll respondents were evenly split on their opinion of the Affordable Care Act. Comments suggested that it worked fairly well if the goal was to people insured rather than to control costs or influence personal health choices. Mary C notes that ACA didn’t provide healthcare reform, only insurance reform, while Dave says insurance companies have had to resort to high-deductible plans to shield themselves from the unaddressed issue of cost control, although he also notes that individual patients benefited since ACA eliminated coverage denial of pre-existing conditions and lifetime limits. Most commenters noted that the “affordable” part is a misnomer since ACA policies cost a lot more with fewer choices and it’s just not possible to cover all of those newly insured people for the same cost, especially given that a lot of care involves expensive, late-stage interventions of limited value. HIT Project Manager boldly opines that Medicare and Medicaid should gradually phase out paying for treatment of chronic conditions that are caused by preventable behaviors, using EHRs to identify patients who ignore advice related to obesity and smoking and making them pay fully out of pocket for their treatments. Bill says just buying insurance for a bunch more people is running up the federal deficit without any evidence that quality or cost has improved. The most positive thread of commentary is that while ACA is a long way from perfect, it can be fine tuned over time.
New poll to your right or here: for those with a recent hospital visit: does the hospital allow you to electronically submit your own data into their records? I’m sure some hospitals provide a way to import wearable or questionnaire-type patient information to populate their EHRs, but I doubt it’s the 37 percent of them that a recent AHA survey found.
I was thinking as I reviewed the journal article above that I really bristle at using the word “reimbursement” to define payments to providers. You aren’t getting reimbursed – you are sending a bill and someone pays it. Especially if you run a private medical practice, a business no different than a auto body shop in expecting insurance companies to pay up.
We bought a robotics kit and books for the North Carolina gifted class of Ms. S, who explains the photos above in describing how she put the materials to work immediately. “I gave the kids the option to participate in a district competition at the end of May, explaining that many students had a big head start on them — they had begun working last fall, whereas we had started months later. However, my students were willing to take on the challenge! They competed their work through a combination of quick understanding (impressive!) and teamwork. I’m pleased to say that the construction claw project won first place in the competition! All of my students said they enjoyed the experience and would like to participate in robotics again next year. That is wonderful news, especially from students who may not be able to attend robotics camps or programs outside of the school setting.”
Last Week’s Most Interesting News
- ProPublica begins publishing the letters OCR sends in summarizing and closing HIPAA complaints.
- Philips acquires Wellcentive.
- An HHS report to Congress identifies the lack of applicability of HIPAA to non-covered entities, such as app vendors, and outlines the non-HIPAA enforcement authority of the Federal Trade Commission.
- ONC publishes an online tool that grades the interoperability readiness of a submitted C-CDA document.
- The VA hires KLAS to provide an overview of the EHR vendor landscape.
- AMIA cautions the FDA that EHR information is not necessarily of research quality, suggesting that it focus electronic data collection efforts on clinical data warehouses or HIEs.
- Hacker The Dark Overlord posts for sale the digital assets of integration vendor PilotFish Technology and says he pushed an update to all of its clients that allowed him to steal their EHR information.
August 10 (Wednesday) 1:30 ET. “Taming the Beast: CDS Knowledge Management.” Sponsored by LogicStream Health. Presenters: Louis Saldana, MD, MBA, CMIO, Texas Health Resources (THR); Maxine Ketchum, clinical decision support analyst, THR; Kanan Garg, senior applications analyst, THR; Patrick Yoder, CEO, LogicStream health. This presentation will review THR’s systematic process for managing clinical decision support assets, including identifying broken alerts, addressing technical and clinical issues, modifying order sets, and retiring tools that have outlived their usefulness. Attendees will learn how THR uses a robust knowledge management platform to better understand how clinicians are interacting with their clinical content to maintain their order sets and reduce the number of alerts fired.
Acquisitions, Funding, Business, and Stock
The newly formed Providence St. Joseph Health acquires doctor house call scheduling app vendor Medicast, which had previously raised $2 million but hasn’t had new funding in the past two years.
Athenahealth announces Q2 results: revenue up 17 percent, EPS $0.34 vs. $0.32, falling well short of expectations for both. The company also announced that EVP/COO Ed Park will leave his position by the end of the year, but will likely join the company’s board. Park holds $2.3 million in stock after selling $2.2 million worth so far in 2016. ATHN shares dropped 9 percent Friday following the announcements, having shed 3.1 percent in the past year.
From the Athenahealth earnings call:
- The company has converted 40 percent of its clients to AthenaClinicals Streamlined, with those clients averaging a 10 percent improvement in same-day encounter close rate. The company notes, however, that it is working closely with a “minority” of clients who liked their old workflow better and hints that it expects to take a short-term hit on its Net Promoter Score.
- Eighty hospitals are using AthenaOne for hospitals.
- The company launched AthenaInsight.com to share information collected from its user network.
- The company admits that it’s not sure whether sales are tracking against target due to seasonality and a bottleneck in servicing inpatient demand, but also notes that the HITECH wave of “I need an EMR or I’ll be shot” is ending and that it has to adjust to the pre-HITECH world of developing by its own schedule rather than just hitting MU-driven functionality dates.
- Athenahealth notes that its population health management product has provided “a lovely little tailwind on our growth” since it can work with Epic and Cerner and that has allowed the company to add those users back to its prospect list.
- The company’s hospital win rate is 32 percent.
- Jonathan Bush says the company made a “terrible operational miscalculation” when it started allowing senior support reps to travel to client sites to provide go-live support, which caused longer telephone hold times just as Streamlined was being rolled out.
- Of the Streamlined rollout, Bush said, “Streamlined’s big mistake was that it was not an agile deployment. This was not, you get a skateboard, and then you put it back out with a handle on it, then you put it back out with a little motor on it, then you put it back out with sides, and eventually it’s a car. This was, take a skateboard, hide it, and show back up two years later with something you think will be a car, and all of the feedback that all of the customers would have had along the way comes raining down on you at once. So, we’ve had to do a lot of tuning of Streamlined once it came out of the garage. We will not be doing that kind of hide it away for years and then do a great reveal of something radically different any more in the future.”
- Bush allowed Ed Park to summarize his career in ending the earnings call, introducing him as, “The man who brought me here, who made every theoretical PowerPoint promise I made either go away or turn into actual functioning reality at scale, Ed Park.”
CTG CEO Cliff Bleustein, MD resigns “by mutual agreement” after 16 months on the job. He has been replaced by SVP/GM Bud Crumlish. I interviewed Bleustein two months ago. CTG shares are down 18.5 percent in the past year, giving the company a market value of $88 million.
Video visit vendor MDLive names Sanjay Patil, MD (Care Connectors) as EVP/GM of health systems strategy and transformation.
Announcements and Implementations
A new Peer60 report on cardiovascular information systems finds that hospitals expect their procedure volume to increase significantly, with the biggest driver by far being their addition of service lines, but also due to adding more providers, population growth, an aging population, and better insurance coverage. Epic and Philips are the most-recommended CVIS vendors, although nearly half of respondents say they are considering replacing their current system. Epic is the most-often considered new system by far, while McKesson is equally dominant as the vendor most likely to be displaced.
Government and Politics
The Department of Justice charges the owner of 30 Miami-area skilled nursing and assisted living facilities with running a $1 billion Medicare fraud scheme, the largest healthcare fraud case in US history. Philip Esformes, who is also a noted philanthropist, is accused of placing patients in his facilities who didn’t quality for that level of care, then billing Medicare and Medicaid for medically unnecessary services. He and his two co-conspirators are also charged with taking kickbacks to refer those patients to community mental health centers and home care providers who also rendered medically unnecessary services. Esformes paid $15.4 million to settle charges of exactly the same thing 10 years ago, but was able to hide his identity until HHS-OIG and the FBI used advanced data analysis and forensic accounting to unravel his current operation. His father, Rabbi Morris Esformes, was charged with taking kickbacks in 2004 when he boosted his $4,000 investment in a pharmacy to $7 million in profit when its was sold two years later by sending the pharmacy all of the business from his Chicago nursing homes, which were also the subject of complaints about poor care that he attributed to anti-Jewish sentiment.
British Columbia’s health minister orders an immediate third-party review of Island Health’s $132 million Cerner implementation following physician complaints that the system is endangering patients and the switch back to paper of one hospital’s ICU and ED in one hospital nine weeks after go-live.
Acting CMS Administrator Andy Slavitt is apparently not impressed with the EHRs out there.
Privacy and Security
Laser & Dermatologic Surgery Center (MO) notifies 31,000 patients that their information was exposed when its computer systems are hit with ransomware. The clinic declined to pay and instead successfully restored its systems.
The health information of nearly everybody in Denmark was exposed last year when a state office mailed two unencrypted CDs that the post office instead delivered to a China-owned bank. The CDs contained the cancer, diabetes, and psychiatric information of 5.3 million people. The bank employee realized the postal service’s mistake and took the package to the intended recipient.
Police arrest two Florida paramedics who were fired after posting pictures of themselves in their ambulances with incapacitated patients, sometimes posing them in humiliating fashion in attempting to one-up each other.
It appears the Twitter account used by hacker The Dark Overlord has been deleted and he hasn’t been heard from in a few days. I don’t know what that means
Microsoft adds appointment-booking capability to Office 365, allowing users to choose the service they need, search for for available dates and times, and book the appointment from their PC or mobile device with confirmation and reminders to follow. Users can also cancel or reschedule their own appointments. Microsoft stuff doesn’t always catch on and I doubt this product would pass HIPAA muster, but otherwise it cold be interesting for healthcare.
The Gates Foundation creates Chronos, a tool to help grantees meet the foundation’s open access requirement that their research be published broadly and with unrestricted access and re-use, including the underlying data sets. The service will pay publisher article processing charges, check compliance with policies, and track the impact of publishing activity, all to allow grantees to focus on their research rather than the processing of publishing it.
The Cleveland business paper covers MetroHealth’s use of 25 EHR scribes in its ED, which reports higher-quality and more timely documentation completion.
An editorial in the Lancet ponders the role of peer-reviewed medical journals in a publishing world turned upside down by the Internet, the endless quest for profitable eyeballs, and technology that “has transformed artisans into professionals.” It frets about open access journals, research misconduct, and the lack of reproducibility in many scientific studies.
The government of Indonesia arrests 23 people, including three doctors, after finding vials of vaccine that actually contained only sterile saline in 37 hospitals and clinics. An estimated 5,000 children have received fake vaccine, inciting parents to mob a Jakarta hospital and beat one of its doctors. The government caught one person who had adulterated vaccines years ago, but fined him only $100, and had not acted on vaccine manufacturer complaints of counterfeit products going back to 2011. The government vows to re-vaccinate millions of children at no charge and has established a vaccine distribution oversight group.
- Delayed or not, it’s time to prepare for MACRA (Nordic)
- Health care is on FHIR (The Advisory Board Company)
- Your telehealth summer reading: Highlights from MedPAC, AHRQ, and NEJM (The Advisory Board Company)