Investors weren’t happy that Cerner missed Q3 revenue expectations and also lowered guidance last week, even though profit was up 34%. Shares dropped 9% Friday.

An anonymous source (someone affected) says that over 100 people have been laid off from Kaiser’s IT department.

Another source tells me that Bronx-Lebanon’s Eclipsys deal was booked at $32.5 million, to answer a reader’s question.

The fox joins the chickens: the SEC director who went after McKesson HBOC for fraud will quit to work for a private investment company as its general counsel.

News bits from Medicity: their client Delaware Health Information Network gets an NHIN trial implementation grant, Medicity’s headcount will have tripled in less than three years, its product suite now supports all LDAP-compliant directory services, and it just opened a new 24×7 Network Operations Center. I had missed that CEO Kipp Lassetter will be on a panel at the Collaboration Communications Summit in Beverly Hills (November 5-6), of which HIStalk is a media partner.

An interesting report (warning: PDF) called “The Relationship Between Electronic Health Records and Patient Safety”, from Canada Health Infoway. Overview: evidence that clinical systems improve patient safety is incomplete, clinical systems may have unintended consequences, implementation should be incremental to let providers adjust, and expectations must be realistic.

Don’t forget the poll to your right on PHRs. I’m interested to know who’s using them. I only know that I’m not.

Let’s hear it for those sponsors who keep the HIStalk well flowing. Click over and take a look, and if you’re their customer, please tell them you appreciate their support of HIStalk.

Design Clinicals, LLC
EnovateIT
eScription
Hayes Management Consulting
Healthcare Growth Partners
Healthia Consulting
Inside Healthcare Computing
Intellect Resources
InterSystems
John Muir Health
Lucida Healthcare IT Group
Medicity
MedMatica Consulting Associates
Noteworthy Medical Systems
Novo Innovations
Picis
Premise
Pring|Pierce Executive Search
SCI Solutions
Sentillion
SolCom
Stratus Technologies
The White Stone Group, Inc.EHRConsultant

Baylor Health Care is #15 on the 2007 Information Week 500, the highest ranked health care system at one spot behind Google.

Surely it’s not just me: spam filters are rejecting an awful lot of e-mails. How many times lately has something you’ve sent not arrived, or has someone sworn they sent you an e-mail that you never received? I suspect those server-based spam tools are too tightly wound to let all the real e-mails through.

Another odd Misys press release: its extensive research reveals that doctors don’t use EMRs because they’re expensive and hard to use. A shocker, I know, especially coming from a company often known for trying to sell expensive, hard to use products. Here’s the research methodology used: Misys watched a bunch of cheaper, better competitors brutalize it in the marketplace. Great conclusion, but too late to keep those horses in the barn.

A European project will monitor patients at home, using sensors that report environment as well as physiology.

As I already mentioned, Medsphere settled its lawsuit with the Shreeves. You have to assume that (a) either new CEO Mike Doyle said he wasn’t coming unless they took that blot off the company’s record, or (b) it was a Ken Kizer vs. the founders grudge match with no possible winners, so his leaving the CEO post was related in some way. It’s too bad the distraction couldn’t have been ended sooner. Medsphere already had enough challenges before the suit.

Here’s yet another smart card pilot for medical records. Seems like everybody’s been trying to make smart cards do something useful for 20 years or so now. This latest one at least carries more information than just a medical record number, but it’s really just a PHR on a card that the patient can’t update, i.e. like a floppy-carrying sneakernet. Siemens is paying for the pilot.

Cardinal Health’s Medicine Shoppe will run up to 500 clinics in India’s urban slums, complete with a pharmacy, lab testing, and a doctor.

CPSI’s Q3 numbers: revenue up 2.6%, EPS $0.30 vs. $0.32.

E-mail me.

Inga’s Update

John Hallock of athenahealth dropped me a note letting me know that athena had actually announced one other group live on athenaClinicals. FirstHealth Family Center in NC is up and running at its seven facilities.

Earlier this week Mr. H mentioned a Misys press release about EMRs that he said “contains no news.” Basically true, but I what I found interesting is that the article promotes hosted EMRs, an offering Misys won’t be selling until the iMedica arrangement is finalized (not expected until November), If I were a Misys prospect buying EMR today, I might be scratching my head asking why Vern is promoting hosted solutions when they aren’t selling one yet.

Columbia University’s physician group, the Faculty Practice Organization (FPO) of the College of Physicians and Surgeons, signs a management and consulting agreement with Greencastle Consulting. Greencastle will manage FPO’s roll-out of the Allscripts TouchWorks EHR.

Medical Economics has an interesting article titled “Avoiding EHR Sticker Shock.” It provides some insight as to why various solutions may appear to have such different costs. It also suggests some less obvious components the buyer should consider when calculating the total cost of ownership.

E-mail Inga.

Art Vandelay’s Thoughts on Worker Benefits and Technology

Art Vandelay is a hospital-based technologist and HIStalk contributor.

I find the move by General Motors (GM), now Chrylser/Cerberus, and the United Auto Workers (UAW) very telling about the future of worker health care benefits and soon, very telling about the future of consumer-centric health care technology. In the end-state of the deal with GM, the UAW will assume the responsibility for retiree health benefits over the next few years. Although many other businesses have begun to reduce or eliminate their retiree health care and pension exposure, this is the first major visible movement in an industry that has reacted with the speed of a tortoise in the face of major cost challenges.

The situation for GM is daunting. For every able-bodied worker, there are four retirees. This is basically the same demographic trend that many European countries and, to a lesser extent, the U.S. face. The obvious effect of this is a growing number of Medicare beneficiaries with fewer resources paying into Medicare, while healthcare costs outpace “revenue”, i.e. our tax dollars. The moves we see from the UAW will likely be the same we see in other slow-moving industries for employees and retirees, as well as with Medicare. Undoubtedly, the UAW will push health savings account and high-deductible health maintenance organization-based plans. Both options are associated with the “consumer-directed movement”, although there are varied findings about the effectiveness of these plans depending upon one’s viewpoint ( i.e., consumer cost, payer/employer cost, quality, satisfaction).

So what can we expect as technologists?

1. There will be an unprecedented, albeit slow-moving, pressure to provide information about (first) cost, (second) quality and (third) access to care in a consumer-friendly manner. I stress, in a consumer-friendly manner. How many of us have had to explain bills, referral and authorization requirements, and the provider industry’s broken processes to parents, friends, and relatives not “in-the-know”? We will be pushed as technologists to:

• Provide natural language interfaces to knowledge bases of frequently asked questions, including providing our users with content management tools to rapidly add, edit and tag new consumer questions and our organization’s answers.
• Partner more tightly with our clinical and administrative counterparts to understand and standardize our data as well as our competitors’ available data (likely facilitated by health plans).
• Provide more data in real-time regarding cost, quality and access as opposed to data that are months or weeks old.
• Provide analysis models taking the real-time data to predict cost, quality and access challenges before they occur.
• Provide multi-factorial, consumer-friendly decision-making tools so they can use information to make educated decisions about providers and treatment options (perhaps with weighting or in conjunction with national benchmarks). Health plans will likely provide similar tools for treatment options (maybe competing tools with different outcomes) as well as tools to compare providers. Consider the challenges that group practices and other organizations with employed providers will face if they are compared to one another, as opposed to being compared as groups (everyone will want access to the provider with the best cost/quality outcome).
• Work with health plans and the government to define normalized cost and quality information for reporting (expect registry upon registry to arise – all with slightly different data definitions creating different extract, transform and load (ETL) requirements).

2. There will be an unprecedented demand to drive the work of the key knowledge workers to other, less trained, or more focused but lower-paid resources. This will be seen in as increased demand for nurse practitioners and physician assistants in many additional care settings. Nurses will likely become the care coordination coaches for the inpatient experience, running entire teams of partially specialized resources. Other disciplines with limited use of technicians will likely develop the roles. These will result in rapidly changing staffing models. We will be pushed as technologists to:

• Define role-based access relationships for users (consider this a wake-up call for those of us with applications that do not have fine-grained role-based access control).
• Provide aids in applications to guide users through the use of a system or the execution of processes, including the integration and use of workflows.
• Provide activity-based cost decision support to validate that these new staffing models make sense.
• Provide interfaces or maybe even create web service-based mash-up applications to support these new processes.
• Include these alternative providers in enterprise scheduling systems (or create and possibly host enterprise scheduling systems for our organization and our partners)

3. There will be unprecedented demand for personalization in consumer web sites provided by both providers and payers, dare I say the re-emergence of the portal. From a provider-centric viewpoint, we will be pushed as technologists to:

• Provide tools that measure and deliver enhanced access (i.e., self-scheduling, virtual, remote or electronic visits).
• Provide tools that measure and track progress towards our desired outcomes as patients (i.e., personal care planning tools, disease management tools). Unfortunately, according to recent findings, patients with chronic conditions are using the web less than those without chronic conditions.
• Provide patient-access to their records.
• Provide the ability for patients to estimate, pay, dispute, and view their bills on-line.
• Remember that all our patients aren’t web savvy, have physical impairments or speak other languages. Some of us will be asked to provide access to these tools via telecommunications technologies ( i.e., voice XML – VXML) and other means that meet the patients’ requirements.

4. There will be unprecedented demand for resources to assist patients move through the complexity of the health care system. Call them care navigators, concierges, or coaches, these resources may be free or they may be paid third parties. We will be pushed as technologists to:

• Provide tools to facilitate the communication between the care navigators and patients. Think internet-enabled call center tools (i.e., instant messaging, intelligent conversation avatars, call distribution and management software, referral management software, message tracking software). Customer relationship management (CRM) software will really come to health care to aid with the navigation, document the patient conversation, and to cross-sell our organization’s and partners’ services.
• b. Provide tools that integrate the documented messages into the computerized patient record when required.
• Provide tools that track and document patient and family preferences for care (i.e., locations close to work and home, preferred providers, preferred treatments, willingness to use alternative medicine and care extenders).
• Provide the knowledgebases mentioned in #1 for these care navigators.

5. There will be unprecedented demand for computerized patient records that support outreach to affiliated physicians and data exchange. Eventually, when consumers wake up and payers listen to the demands of the consumers, some level of standards-based electronic data exchange between providers (think HL7′s Continuity of Care Record – CCR) will be required. Therefore, as technologists, we will be expected to provide computerized patient records for our organizations, our partner physician organizations, and ensure these applications support the CCR.

A change is upon us. There will be no shortage or work or demands for investment – can anyone say job security?

 View/Print Text Only

Medsphere will announce this morning that it has settled its lawsuit against founders Scott and Steve Shreeve.

 View/Print Text Only

From Rogue: “Re: HIMSS. The ‘HIMSS alliance with some kind of emergency response group’ grew out of COMCARE’s participation in a HIMSS work Group on health IT for emergency responders. The Work Group published a white paper a few months back (available on the HIMSS website) outlining the patient data issues confronting emergency responders in emergency and disaster situations.”

From Laurie Strode: “Re: Insight. The McKesson Insight user group conference is underway in Atlanta. I’ve attended this conference several times, but not this year (due to scheduling conflicts). It has usually been a good use of time, excellent educational sessions put on by a wide rage of users ranging from nurses and physicians to analysts and consultants.” Link. Somebody ask a question of the keynote and loudly and clearly reference HIStalk, please. Free PR, you know. Is Charlie McCall there?

From The PACS Designer: “Re: Oracle. As a final post on the Oracle Database 11g software, TPD wanted to leave HIStalk readers the web link that lists the features previously mentioned plus some other nice features of this new software offering.” Link.

From Annie Brackett: “Re: Inga. Someone asked me at a cocktail party recently, out of nowhere, ‘Are you Inga’? EVERYONE knew what they meant. I said not hardly, but was flattered. I thought that Inga would be pleased. She’s now like one of those stars that goes by one name, but everyone knows them … Cher, Madonna , Britney, etc.” Well, now you’ve gone and swelled her head with her newfound anonymous fame. Note her news items below – she’s noticeably saucier than usual. Isn’t she fun? Now she’ll want an entourage.

From Lindsey Wallace: “Re: Sunquest. What happened to their other products?” You must be an old-timer. The new Sunquest has deconstructed itself back to its very early roots, selling only lab-related applications. Pharmacy, radiology, Clinical Events Manager, etc. have all been history for some time. I remember a great writeup in Investor’s Business Daily about CEM — right before they pulled the plug on it. Flexirad used to be pretty good, pharmacy not so much. All on the ash heap of IT history. Just laboratorian stuff now.

John has some good stuff on Google Health (“the vision is gone”), HealthVault (“the cupboards were bare”), and Dossia (“… there is a ton of cynicism regarding what the true motivations are of the employers that are sponsoring Dossia.”) I see that, like me, John’s working the cynicism space. Good reading, although I must point out that, despite John’s indifference to Google’s message, VP Marissa Mayer (who was doing the talking) is not only a Stanford MSCS, but an awarded Stanford programming instructor, and not terribly hard to look at besides. She joined in 1999 as one of the first 20 employees, so I’m sure she’s loaded, too. A pretty, rich, 32-year-old geek … well, life’s just unfair.

Speaking of Google, Q3 numbers just came in: revenue up 57% to $4.23 billion, EPS $3.38 vs. $2.36. Yep, that’s over a billion dollars’ profit in one quarter. The company added over 2,100 employees in the quarter, pushing them up to 16,000.

WebMD wasn’t so lucky. Its shares toileted, down 14%, after the company missed Q3 estimates. More importantly, though, was an announcement that the company had signed a multi-year agreement with Yahoo for seach and advertising. That means no Google takeover, which means no one wants wildly overpriced WBMD stock (PE of 236).

Cerner’s Q3 numbers, also just announced: revenue up 8%, EPS $0.43 vs. $0.33. The value of Neal’s shares: $371 million. Makes me remember that it will be HISsies time soon (The Pie).

And speaking of Cerner, this looks like it might be a video made at Cerner’s bash at HIMSS. Despite entertainment featuring two soul groups missing all but one original member each (who sound good anyway, I noticed), the chick on the right is obviously getting down with her bad self and the one gesticulating at her beer looks a little bit like Marcia Brady.

Ben Williams is named CIO for Catholic Healthcare West, coming over from St. Joseph Health System in Orange, CA. Must have been some good money – he was making $644K at St. Joseph in 2005, according to federal forms. No vows of poverty at the new place, either – the president was paid $4.5 million and almost all the VPs were over $1 million, according to the most recent forms. Actually, I was more eloquent back in February: “Humble servant CEO Lloyd Dean made $5.8 million in compensation and benefits in 2005. Read that again slowly … the guy running a nonprofit hospital group out-earned most publicly traded company CEOs. So much for a vow of poverty. Even their HR VP made $1.9 million. What the hell is that all about? You’re telling me that a Catholic-run hospital group has to pay $1.9 million a year to get someone to run HR? And they’re supposed to be a non-profit? Ridiculous. Excessive. Embarrassing. I’m not out of adjectives, but I’ll stop.”

Listening: new VAST.

My thought while driving to work today: widespread lack of IT success in hospitals may be due to the never-ending threat of healthcare personnel shortages (despite the skills of multi-million dollar HR VPs slaving away). Hospitals have a lot of licensed employees who could work in any number of places, most of whom are expected to use IT systems as part of their jobs. What are the odds that hospitals will strong-arm them into changing their work processes as part of a software implementation? Nobody tells nurses, pharmacists, rad techs, etc. what to do because they’ll just jump ship for a competitor or better job. High-paid executives (see above) aren’t about to lift a bedpan, so it’s better to tread lightly when it comes to imposing order. And without that, IT will surely fail. IT is the only industry I can think of where the most highly educated, mission critical, short supply professionals are the ones expected to tickle the computer ivories. I’m not sure I disagree with Reid Conant’s ‘scribe’ model of letting somebody else do the typing. At least with expendable staff you’d have a shot at repeatable processes.

If you want to play around with a mashup tool for non-geeks, Microsoft just release Popfly to beta. Do something interesting with it and let me know.

I haven’t done a poll for a long time, so I figured it was time. To your right: do you keep a PHR?

I’m hearing that Kaiser Permanente has laid off some IT folks at Pleasanton. Feel free to let me know using the anonymous Rumor Report to your right (I’m fanatical about keeping sources anonymous). Layoffs are their business, but the interest, of course, is whether they’re clearing the decks for outsourcing.

William Osler Health Centre in Toronto will implement SolComHealth e-HIM software from SolCom, integrating it with the hospital’s MedSeek portal and Meditech clinical system. I noticed a new SolCom web design while I was cruising, too.

Patient flow system vendor Premise held its three-day user group meeting last week in Mystic, Connecticut.

Even CNET weighs in on Medsphere’s lawsuit against its founders. “Still, customer wins like these would be all the sweeter if the company’s board could come to a peaceful resolution with its founders, Scott and Steve Shreeve. There is blame on both sides, but nothing that justifies a $50 million lawsuit against two entrepreneurs who created what the board manages today. It’s time to resolve the past.” I have never seen a company blacken its own eye so stubbornly and intently, just as it was trying to bootstrap up out of obscurity. That and its “we’re open source, but only if you don’t look too closely” waffling aren’t winning it any friends (or customers, most likely). Soothe the egos, fire the lawyers, make a decision whether you really want to be open source or not, and sell some damn software. We all want to like you, so don’t make it so hard for us. That’s Mr. HIStalk’s free management consultation.

British hospitals, stung by poor financial reviews by NHS, blame software that lengthened patient wait times and prevented cancer patients from being seen promptly. The software was not named, but I believe it may have contributed not only to their delays, but to someone’s $371 million fortoona.

E-mail me.

Inga’s Update

Some of my postings have not made the last couple of HIStalk issues. I am prone to paranoia attacks and initially thought Mr. H was censoring me. Turns out my email was not working (somehow I felt better knowing that it was Yahoo censoring me.) I am happily back online, freeing my energy to be paranoid about other things.

Speaking of paranoia, I think the Greenway folks may have some issues thinking folks don’t take them seriously enough. Greenway releases an announcement that it has “further established itself as a leader in the healthcare information technology (HIT) industry with its latest testimony before the U.S. House of Representatives Committee on Science and Technology.” Greenway’s vice president of marketing and governmental affairs, Justin Barnes, testified last month, along with execs from HCA, AIHMA, and GE, plus a Yale School of Medicine physician/professor.

dbMotion executive Ilan Freedman makes some interesting comparisons between the French HIE initiatives compared to what is going on in the US. I told Mr. H I would be willing to visit France to assess the situation and report back to HIStalk readers. Hmm … that must have been one of the many lost emails because he never responded back.

Re: Epic photos. Someone tell me what the big chicken is all about. I found it a bit creepy.

Only a blessing from the Vatican stands in the way of a merger between UPMC and Catholic-run Mercy Hospital of Pittsburgh. The FTC just approved the deal, as did the PA Attorney General.

Medseek announces new software agreements and consulting projects with 13 hospital systems.

Nuance makes yet another acquisition – the 10th this year, by my count. Guess that is one way to grow your business. Vocada, a provider of critical test result management solutions, is the Nuance’s latest purchase.

Medsphere contracts with another community hospital for its open source-based EHR systems and services. Century City Doctors Hospital in Los Angeles will implement OpenVista EHR at its 120-bed acute care facility.

e-MDs announces a new president, Dr. Michael Stearns. Founder Dr. David Winn will stay on as CEO and chairman of the board. One thing I admire about e-MDs is its commitment to having numerous clinicians on staff. That is not to say that Dr. Stearns, a neurologist, will necessarily make a great president, but I am sure he understands the needs of physicians.

Finally, at least one person acknowledges they agree with me, at least in part, that Microsoft’s HealthVault has some merit. Dr. Douglas Krell sent this note: “I’d like to agree in part, with your appraisal of Microsoft’s HealthVault PHR. I also agree with Dr. Singh that in the beginning, many of the PHR users may be likely to be the worried well, those with real chronic illness, and the Quicken users. But from the physicians’ point of view, I believe that it will be our job to educate and encourage people to make use of these systems to track and interpret their own health data.  We’ve always found that people who actively participate in their own care will be healthier. We need to support those efforts.  It will help us to practice and advise patients more efficiently.  We ARE paid for using these systems to the degree that the more patients we see, the more data we can review and process, the greater our productivity.  Ultimately the better patient care we’ll be able to provide.  Some people will ignore our advice but nevertheless, we should be advocating the adoption of this bit of information technology.”

Is it me, or are all the harshest PHR critics those in the HIT space? Is it because deep down we still want to be the ones to hold the keys to the patients’ records? Do we consider the products too immature to be useful? Do we not trust patients with this information? I remember in the early 80’s when ATMs first became available, you could only use your own bank’s ATM since they weren’t connected. Now you can access your money from any ATM in the world. The point is we have to start somewhere and I think we need more leadership from healthcare providers and HIT to move PRH adoption forward. Otherwise, then years from now, healthcare will be the only industry that still uses fax machines.

I suppose if you use a name like hatchet_guy one shouldn’t expect a lot of feel-good postings. Earlier this week HG commented on the vendor conference mentioned last week and suggested the vendor had a number of problems. I talked to one of the customers mentioned and was told the report was “definitely not accurate” and any issues they had were “temporary” (the individual suggested the posting was so off that it wasn’t worth discussing).

The Hughston Clinic selects athenaClinicals for its nine orthopedic locations throughout Georgia and Alabama. The clinic was already utilizing athenahealth’s billing and PM services. I could be wrong, but I think this is the first EMR client that athenahealth has announced this year.

E-mail Inga (new address because Yahoo Mail eats my messages).

 View/Print Text Only

From G-Ray: “Re: RHIOs. I was wondering if your readers have any real information on the differences (if any) between HIEs and RHIOs.”

From Miles J. Bennell: “Re: Epic’s campus. I thought you would find these interesting. A client visiting Epic’s campus and took these pictures. Nice looking campus, although I really question their taste in art (see the very large chicken picture).” Link. Definitely cow-tipping country. Like Microsoft’s relocating intentionally to the dreary Northwest to keep the non-work distractions down, the location is perfect for getting fun-loving kids to work too many hours. Like in My Cousin Vinny, “I bet the Chinese food in this town is terrible.”

From Martin Jensen: “Re: HealthVault. While I was away at a conference last week, my partner took it as an opportunity to learn animation. He posted his first cartoon on our new HITCHtv.net website. I think you’ll enjoy it. Check out ‘HealthFault from Microsoft.’” Link. Those Healthcare IT Transition Group folks (Michael and Marty) are funny and smart. I haven’t figured out exactly how their business model works, but it’s fun.

From John Harris: “Re: MSFT. Even Harvard experts think MSFT can sovle the HIT ‘problem’. I did post a link for him back to your blog as recommended reading from an expert on the industry ” Link. The Harvard Business Online guy asks the question, “Is Microsoft’s approach on target or do you favor a government-led solution?” Do we only get two choices?

Listening: I was premature in calling Ziggy Stardust the best album ever. I’m now convinced it’s Forever Changes, circa 1967, by Love. Remarkably fresh and brilliant from the tragic, late Arthur Lee and bandmates. I’ve played it constantly for two days.

Scott Shreeve evaluates doctor social networking site Sermo: “Knowledge Prostitution Enabling Aggregated Voyeurism: Is This a Business Model?” Sermo is allowing drug companies to buy their way into the site to influence its doctor members. It’s like Internet porn with (clothed) docs being watched with creepy intensity by salivating drug companies. Big Pharma 2.0.

My newsletter editorial going out tomorrow: “Where Good Products Go to Die: The Elephant’s Graveyard of Conglomerate-Acquired Products.” Finish this sentence: “Base on that title, surely company being referred to is ____”.

EHRConsultant is offering free educational videos on the use of speech recognition software and EHRs, divided by vendor and specialty.

Cerner’s user conference drew 6,700 attendees to Kansas City last week.

Michael Stearns is promoted to president of e-MDs.

Noteworthy Medical Systems names former Eclipsys CEO Paul Ruflin as its new president and COO.

Speaking of Eclipsys, the company is bailing on Boca and moving its headquarters to Atlanta. I guess the traffic wasn’t bad enough there.

Mediware will buy Integrated Marketing Solutions, which sells software for blood donation centers.

Picis announces the release of CareSuite Extelligence Anesthesia 3.0, its anesthesia care business analytics system. The OR version is coming soon.

HIMSS ties the knot with some kind of emergency medical response advocacy group. Roger, Rampart 1.

Here’s a Misys press release about EMRs that contains no news. Maybe that’s why it’s running only on some German stock site.

Microsoft gets further into Cisco’s unified communications business.

The medical division of Philips turns in a disappointing Q3, blaming US regulatory changes for imaging systems.

InterSystems gets a big Cache’ deal with the VA.

Reminders: there are two signups to your right, the first one for e-mail updates when I write something new here, the second for the Brev+IT weekly newsletter (latest issue here, although folks on the list got it Sunday). The Search box to your right will dig through 4+ years of HIStalk to find a company, product, or person that might interest you. E-mail me if you want sponsor information, have interesting news or rumors, or have some other reason to make contact (I read them all).

 View/Print Text Only

Photo: Health Management Technology

Security and privacy in healthcare are obviously hot topics. So, when Sentillion decided to sponsor HIStalk a few weeks ago, I pressed my luck and asked for an interview with CEO and co-founder Rob Seliger. I knew the company was refocusing a bit and also introducing a new single sign-on application called expreSSO, so I offered as bait the chance to talk about that. When I got on the phone with Rob, he said he’d be happy to talk about anything and that we didn’t have to pitch product. Good answer.

When I hear either “single sign-on” or “CCOW”, I think of Sentillion first because they’ve been doing it for a long time. They’ve introduced some new products I wasn’t fully aware of, including the vThere virtualized client for remote access.

Thanks to Rob for the chat.

Tell me about Sentillion and how you came to create it.

Sentillion was founded in 1998, spun it out of the former HP medical products group. I have the simplest resume on the planet – paper route, HP for 18½ years, then Sentillion. [laughs] I was working on technology that integrated applications not on the back end, like databases and integration engines, but on the front end of care, looking at the user experience of the caregiver, whether using applications from the same or different vendors.

We determined that our technology would serve better as a glue, run as a neutral company. We built a business case, they agreed. We spun the IP out with myself and my co-founder in 1998. We did three rounds of venture capital, the last one in 2001, and have been growing the company every since.

We moved from general integration to specific applications used in identity and access management. What we’ve been able to do is create a whole suite of products that address identity and access management needs for healthcare and, specifically, hospitals.

We sell to provider healthcare organizations. We’re unique in that way. Our competitors sell to finance and banking and retail customers. We said that healthcare has special needs, workflows, idiosyncrasies, and constraints. We wanted to create technology that was purpose-built for healthcare. Fast forward and we have hundreds of thousands of caregivers in hundreds of hospitals in the US, Canada, UK.

Healthcare security, like IT in general, seems to fall well behind that of most other industries, with lack of consistent authentication rules across applications, applications that don’t support LDAP or other centrally managed security, and heavy help desk use for password resets. Is it getting better?

It is getting better, but slowly. There are reasons why stronger security technologies have not been broadly adopted in healthcare. The main reason is that they get in the way of delivering healthcare. I’m not a physician or nurse, but I have a tremendous respect of what those people do for a living, taking care of people as their number one job. Navigating security isn’t what they’re paid to do. Our customer base is some of the smartest, most highly trained people on the planet and they’re adept at finding workarounds to impediments to delivering care, including security.

Part of our process is leveraging the years of experience we have in the care business. How many other security companies can you name that have a chief medical officer? We hired Dr. Jonathan Leviss as our Chief Medical Officer because he had a passion to eliminate the obstacles between caregivers and the productive use of computers.

You’ve heard of the last mile problem, like with DSL, where you can’t get connected if you’re too far from the telephone switch. I refer to our situation as the last inch problem, that inch that’s between the caregivers’ fingertips and the keyboard they don’t use. We provide security solutions that make them more productive instead of less, while instilling better security practices across the organization.

People often say that healthcare is slow to adopt technology, yet you can look at the amazing equipment from imaging systems to robotic surgery that is used. I don’t see a fear of technology in healthcare, just an avoidance of technology that’s an impediment to healthcare delivery. Vendors often miss that. We work really hard to get that right.

What security priorities would you recommend to a hospital CIO?

My favorite thing to do if I’m allowed is to take a walk, particularly in care areas, and watch what people are doing, who they are, where the computers are, what they’re showing, and whether they’re attended or unattended.

UPMC implemented our solution years ago. They started deployment in the ICU. I was with an entourage of UPMC executives and I drifted back from the tour group because they were headed to a workstation that someone was using with single sign-on and single patient selection. I stood back and marveled at all the workstations that were not in use, but were locked. I asked UPMC when the last time was that all those workstations with no one around were actually locked. [laughs]

It’s kind of like the broken window theory of why neighborhoods go downhill. Good security isn’t just the things you do on your network with firewalls and antivirus software. It also has to do with what people can see. Show them that their information is being safeguarded and protected. How would someone feel being wheeled down the hall and seeing other people’s information on display? It could be their information as well. You must show personnel and patients that they’re doing the right thing.

You testified before Congress after the VA’s security breach. How would you grade their progress since?

The hearings were for the right intentions but for the wrong reasons. The breach that occurred with the theft of that laptop was benign. The information was not clinical and the thief who stole it didn’t know it was there. At the end of the day, it was a non-event. They didn’t get Congress to the point of understanding how to practice good security.

The VA has the same challenges as non-VA – security vs. usability, however people who work for the VA can be told what to do, which isn’t always true of community physicians in hospitals. The VA has its act together as well as anyone else. They’re continuing to make investments in practical security practices. They’re extending a pilot we did for deployment of single sign-on, which is the first step in a powerful direction for them.

The participation in that hearing was fascinating for me. It was literally like being in a TV show. Members of Congress were in seats elevated maybe 10 or 12 feet in the air, looking down at myself and my VA colleagues at a table. Each member of Congress took the opportunity to express a passionate opinion, not all of which were germane to the conversation at hand. Despite the hyperbole, they actually listened to what I said and what the VA said. They asked good questions. It was a remarkable discourse.

The hearings were well after 9/11, yet the halls of Congress, with minimal screening, are still very open to the public. It was a wonderfully reassuring about our way of life. It was wide open to people who wanted to come and listen and participate and not be overly encumbered with security.

I’ve done so much public speaking that I’m rarely nervous, but I was nervous. I would not want to be there for a serious transgression or offense.

If I looked at your laptop right now, what security measures would I find?

You’d find our product, Vergence, which is single sign-on and a bunch of other things. Virtually everybody here uses it. What do I like about it the best? I don’t have to remember my passwords for the system that approves expense reports, Webex, salesforce.com … the list goes on and on. What I like best is the sheer convenience factor. The screensaver periodically locks my workstation after about 15 minutes of unattended use. That happens whether I’m using it at home or in the office. We all use high quality passwords, mnemonics based on pass phrases, based on an elaborate sentence I can remember and choose some letters from it to make my password.

Unless you’re sitting in front of it, you wouldn’t see the display because of a 3M privacy protection screen. I was working on board financials on an airplane flight several years ago when the woman next to me leaned over, almost into my seat, and said, “You know how to use a spreadsheet.” I thought, “How long has she been watching me work on board financials?” Anybody who’s a road warrior in the company can have a privacy shield.

Security and privacy get confused. The woman looking over my shoulder wasn’t trying to hack our systems, but she was breaching our privacy as a company by looking at sensitive information. Both security and privacy need proper protection. The recent George Clooney story suggests that the concern is well founded that the biggest data access concern that healthcare organizations should have is what happens within their four walls. Too bad Palisades Medical Center isn’t a Sentillion customer, as this is not a good way to get one’s hospital in the news.

Are you happy with the progress that healthcare software vendors have made in making their products CCOW compliant for improving the user experience?

Interesting question. The general answer is no. We’ve put our heart and soul into the CCOW standard going back to the HP days. Standards in healthcare still have a fickle existence when it comes to vendors adopting standards and applying them thoughtfully and properly to their products and with the same interest as something that is purely proprietary.

Much of the venture capital we raised in the early days was spent giving market visibility to the CCOW standard. That helped to a point, but there are vendors to this day who have not implemented the standard or have done so in an incomplete way just to check off that they’ve done it, or done it in an elitist way, interpreting it in a way that’s good for their business interests but not as useful to the customer as a full implementation.

Often a customer will say to us, “You’re Sentillion, can’t you get Vendor X to do it correctly?” I keep looking for that sheriff’s shield or subpoena power to tell vendors what to do. [laughs] We’re just another vendor.

Our answer was that so much of what was conceived by us and others in the standard is extremely powerful, but if vendors won’t implement it timely or correctly, we need another way. We developed a technology called bridging that allows achieving the standard in a way that’s not invasive to the application.

The A-Ha was that the part of the application we can see and rely on is the user interface, as opposed to trying to inspect the application at a code level and hoping for an undocumented API or secret hook that we could latch on to. The user interface is tangible. Because that translates into a series of calls to the underlying OS, we created programs to watch for those calls. We can watch an application as the user is using it and see that they selected a patient. We can get that and send it to other parts of the application to automate patient selection, but without having the CCOW standards.

I read something where someone said that CCOW is a great standard, but that Sentillion controls it. Boy, did that rile me. I’ve been doing this for over 15 years, originally for non-CCOW work. There are very specific rules of engagement for a standards open development process, from NIST, a standard for being a standard, how you vote, how you achieve a quorum, etc. For an open standard, when you have a final ballot, people can vote Yes, No, or Abstain. You throw out the Abstain votes and 90% of what’s left has to be Yes for the standard to be valid. Imagine trying to get that level of agreement in your own family. [laughs] It’s a tough hurdle with lots of opinions, lot of eyeballs before a ballot passes. There’s no way any one organization can control a standard. They can be a blocker if they have enough votes, but they can’t force something to happen.

If there’s a secret to what we’ve done, it’s two things: show up to the meetings and document them. [laughs] I like to write and most people don’t, so often it is myself or others who volunteer to document the meetings, but that doesn’t mean we’ve done anything more than spending evenings and weekends to pull documents together for the greater good. The idea that an individual or organization can control a standard is unfounded.

When I Google Sentillion, I get ads for ComputerProx and Encentuate. What is the Sentillion value proposition over these and other competitors like Carefx?

The companies we’re most likely to compete with head to head are more often companies like Novell or Computer Associates, We’ll also see Imprivata. We don’t see a lot of some of the other companies that come up with the ad hits, even though they’ve latched onto the keywords. Across the board, for all our competitors, there are really three salient points.

First is the healthcare focus. A CA or Novell, while they have sales and marketing teams that cater to healthcare, have products that are generic that are supposed to work in 9 to 5 office environments and not necessarily healthcare.

Second, we believe strongly that we provide a fabric or glue. The last thing we want our customers to have to do is glue our glue. If we show up and say, “We have one piece of the puzzle and you’ll have to work with these other vendors”, that’s not particularly satisfying. That’s why we’ve invested heavily in developing our own products. All our products were developed by Sentillion so our customers would have a single vendor, a single number to call. Every one of our competitors requires multiple partners to do what we do as a single vendor.

Third is the incredible track record we have in getting customers live and keeping them live. We have hundreds of hospitals and hundreds of thousands of users. We monitor uptime across all customers and report to our board like it was financial information. Five nines. Who’s doing that for a security apparatus like we provide?

I hope you don’t think it’s bravado, it’s just pride. There are still hospitals using monitors that I wrote firmware for, like the HP Clover. I still feel pride when I walk by them in a hospital and know that patients are being cared for with something I wrote.

Why is desktop virtualization important?

Going back to this sense of responsibility to solve problems, for years our customers were asking us to help with people who are not physically in their facility, like community docs or docs working at home. We told them we could help to a point, but they’d have to build a portal or provide remote emulation like Terminal Server or Citrix, which requires an investment in servers and expertise. That’s an OK answer, but not satisfying for customers.

We were developing improvements to our internal testing apparatus. We do massive scalability tests to test response time and failure factors and failover. We were experimenting with the virtualizing of clients, not servers. 99% of what people are doing is on servers, putting multiple virtual servers on one physical server. We thought, “With a bit more work, we could provide a virtualized client to our customers.” That was the birth of our vThere product.

Take the clinical workstation with whatever applications, OS, service packs, etc. for people who are physically in your enterprise. You can make exactly that same environment available to people outside your organization. It’s transparent, no particular software package or OS, or even preventatives or antivirus. You need a host PC of a reasonably contemporary vintage running a reasonably contemporary version of Windows. That’s it.

Fire up Windows and you get a completely virtualized version of the clinical workstation running on the host using the host’s memory and CPU, but no other aspect of the host software, If you use a VPN, we use that. The user clicks on an icon, it runs in a window and looks exactly like the application in a hospital. They provide their logon credentials and everything is identical. Radiologists can manipulate their images exactly like in the office without the remote delays. There’s no training involved, no new portal, and no additional expenses for standing up servers to host WTS or Citrix. It’s all running on native client hardware.

We introduced vThere in the middle of 2006. Use ranges from physician access to their full cadre of clinical applications to medical coders who work at home, who have increasing clout because they stand between the hospital and reimbursement. Hospitals are increasingly willing to accommodate a work-life balance for coders. Customers are doing that with IT, too, allowing them to work from home two or three days a week. How can you provide with them their usual applications? Our vThere product is a practical, elegant, and cost-effective solution.

Proximity-based security and biometrics always seemed ideal for healthcare. Are they, and how well are they selling?

We have extensive implementations of proximity and biometrics, primarily in the US. Less so in Canada and in the UK, which has a different model where NHS has mandated the use of smart cards. The combination of active proximity and biometrics is very powerful. You can achieve touchless logon. You walk up to a workstation, your identity is provided to an active proximity device, and you are then authenticated by fingerprint. With Vergence, our flagship product, we can not only log you on, but automatically launch your applications based on your role, and then single sign you onto those applications. The first thing you need to do is select a patient – we can’t read minds yet. [laughs] It’s very powerful. Customers are using the technologies separately as well.

We introduced in the latest version of Vergence a variation on the strong authentication theme using passive proximity devices and an Enterprise Grace Period. Most healthcare environments are reasonably physically secure. You can have flexibility in how you apply authentication to users during the day. The user, at the beginning of their grace period, swipes a proximity card, authenticates by password, and does their business. The next time they need to log on, during the grace period defined by the organization, they only need to swipe their smart card. Possession of the smart card within the grace period tells us it’s that user. Those seven or eight character strokes done 50 to 100 per day times add up. It allows organizations to find the right balance between strong authentication and caregiver convenience.

How does expreSSO change the single sign-on equation for healthcare customers and for Sentillion?

The biggest challenge that customers have with anybody’s single sign-on always centers around connecting with the application. Often, a vendor walks into a sales situation, tries to impress on the customer how easy their tools make it, and shows a live demo. They’ve thought through the applications to impress how easy it is. For more complicated applications, or those developed in-house with less optimal programming, what seems so easy in the sales call is much harder.

We’ve taken everything we’ve learned to make it easier to deploy. The next generation of tooling accompanies expreSSO. A wizard allows organizations to create incredibly sophisticated connectors without having to write code. If you think about a process of creating a connector for signing on and off and dealing with other sign-on related events, you’re navigating through a series of screens and either inputting information on behalf of the users or accepting information like a password expiration message. The trick is to satisfy the application by putting in the right information at the right time while responding to the information needed.

We looked at metaphors that would be easy for people to understand. We decided to use editing a movie. Movies have frames, they flow in a sequence, and you can insert special affects. We take a movie metaphor and apply it to the process of having a user generate a connector to a target application. We show screens in the order they want them to appear and define inputs based on visual controls that they point and click through — for a logon, logoff, or password expiration message, each representing the application as it appears at a certain point in time.

Anybody that’s used iMovie or Microsoft’s movie maker would instantly get how the expreSSO wizard makes connectors for applications. My wife recently edited videos of my son, who’s a competitive fencer. Colleges wanted 15 minutes of video. My wife went through hours of movies, having a great time with iMovie creating effects. She’s not a movie director, and had never used iMovie before, but she was still able to use a tool to do very powerful things.r That’s what expreSSO is all about.

The press release mentions cost savings.

Vergence does an awfully lot more than single sign-on – patient selection, auditing, and role-based access. Vergence is really a platform for creating a complete clinical workstation. It’s always been that, but in the early days, it was too broad for people to understand that, so we positioned it as a single sign-on solution. It’s like saying a car is an air conditioner when it’s more than that, like an entertainment system and transportation.

expreSSO does one thing really well and cost effectively – signing on and signing off. Customers increasingly want to focus on that to start and that’s what expreSSO is meant to solve really, really, well. When they’re ready for a more comprehensive solution, they can upgrade to Vergence.

You’ve had some recent organizational changes, I’ve heard. What’s going on at Sentillion?

We made some changes back in June that were mainly centered around refocusing the company on healthcare. We had started a process with vThere in broadening our footprint beyond healthcare in a thoughtful way. We created a business unit inside of Sentillion to look at opportunities outside of healthcare so the bulk of the company could stick with healthcare.

It’s difficult for a $30 million company to do as many things as we were trying to do. We were diversifying into the UK, bringing vThere and expreSSO to market, and trying to establish a foothold for vThere outside of healthcare. It was one vector too many. I decided we needed to reconsider expanding outside of healthcare, or at least let it be opportunistic and let companies find us. We had hired people without the healthcare background because we didn’t need that.

We’ve just come off a terrific Q3, the first full quarter since the change. We signed six new customers and sold a bunch of products to existing customers. It was a good thing to do and we did it thoughtfully for our customers and employees.

What do you like most and least about being a CEO?

I thought I would miss writing code. My expertise is in distributed, object-oriented programming. How’s that for a mouthful? [laughs] I really don’t miss it. I find what I really enjoy is the challenge of doing things that others haven’t done before.

People often ask me about what I do other than work. I have a car that I’ve been building for years. I drag race it. It’s a combination of parts that have never been put together, which means I make a lot of mistakes. I fine tune my problem solving skills and persistence. The thing I love most is to see what others here are able to accomplish that I have nothing to do with. It’s intensely satisfying. It happens following ethical principles that we care about and a corporate style that I care about, but I had nothing to do with it.

What I like least is the set of arcane accounting rules that govern software revenue recognition. It’s a set of principles defined by accounting boards that software companies need to follow to book revenue on an annual or quarterly basis. The rules are complex, but accounting rules don’t have that foundation of reason. It’s kind of like laws that evolved over the years. You can spend an inordinate amount of time interpreting the rules so you do the right thing. I’m not always sure that time is effective for the business or customers, other than you want to do the right thing.

Who do you admire in the industry?

The people that I admire most are in the new generation of CIOs, probably in their late 30s or early 40s, who grew up with information technology instead of having it happen around them. They have business savvy as well. The combination of a comfort with IT and business savvy are impressive.

Mark Hopkins at UPMC is one such person. Steve Hess of Christiana Care, Praveen Chophra at Childrens Healthcare of Atlanta, Allana Cummings of Children’s Omaha, and Marianne James of Children’s Cincinnati. All of these are examples of healthcare CIOs who have a comfort with technology and business acumen. They are putting it to formidable use in their organizations.

I gave a lecture at HIMSS about the healthcare tipping point, referencing Malcolm Gladwell’s book. One of the required ingredients is people like this to make it happen. If healthcare IT becomes truly pervasive in the next five years, it will be because of people like this.

Thanks for sponsoring HIStalk, by the way.

What was most fun about sponsoring your blog is that we all reading it already. It was a Homer Simpson Doh! moment. The best endorsement is that we didn’t just hear about it and decided to sponsor. Just like we use our product, we were already reading your blog.

 View/Print Text Only