A Wells Fargo Securities analysis of EHR attestation data finds a surge in the number of hospitals and practices qualifying for Meaningful Use money, which it expects to continue through the February deadline. It also notes that Epic is starting to dominate in all measures, leading in the number of physicians that have attested in with a success rate of 35 percent and representing 21 percent of the total attestations. Athenahealth was also noted as performing at an above-average rate, with neutral numbers for Allscripts and slightly negative numbers for Quality Systems. I ran the cumulative percentages by vendor and found that 80 percent of attesting providers are represented by just 22 of the 391 vendors listed: Epic, Allscripts, eClinicalWorks, NextGen, GE Healthcare, McKesson, Greenway, Cerner, Practice Fusion, athenahealth, Vitera, e-MDs, Community Computer Service, Eyefinity, Amazing Charts, Compulink, BioMedix Vascular Solutions, MedPlus, Medflow, Aprima, Partners HealthCare, and MedInformatix.
From The PACS Designer: “Re: X-rays using your phone. Two engineers from California Institute of Technology have developed a microchip that can produce images inside objects without using the normal radiation method. The circuits operate with existing mobile phone technology but use the terahertz operating region to produce the viewable image for the phone. Terahertz radiation can penetrate through the body without damaging the tissue it passes through.”
From Vendor Middle Manager: “Re: clinician compensation. Can you ping the vendor community on the levels of compensation (salary, bonuses, options, etc.) being paid to clinicians? It’s hard to find out because of inherent reluctance to disclose compensation and the variety of titles that don’t reflect true roles. It would be great to hear anonymous examples of physician and nurse compensation with the primary role specified (doing demos, designing user interfaces, developing content, etc.)” I’ll collect and anonymously report your responses if you would care to either e-mail me or use the anonymous Rumor Report.
From Mini Me: “Re: iPad Mini. I’m interested to know how doctors are using the iPad Mini.” Me, too. If you are a clinician using an iPad Mini or an IT person involved in its rollout for clinical use, let me know why you chose the Mini and how it’s being used.
Acquisitions, Funding, Business, and Stock
Investment firm Elliott Management offers to buy Compuware for about $2.4 billion, a 15 percent premium over last week’s closing price. Elliot, which owns 8 percent of the company, says Compuware’s “execution, profitability, and growth have meaningfully underperformed.” Above is CPWR’s five-year share price (blue) vs. the Nasdaq (red). Compuware filed for a possible IPO of its Covisint Corp. unit last week and could conduct the IPO in three to six months.
Revenue cycle software provider Recondo Technology acquires eHC Solutions, an Indianapolis-based developer of EDI solutions.
pMD releases a mobile version of its patient handoff product.
PatientSafe Solutions (formerly IntelliDot) raises $13.3 million in equity financing, about half of the amount it is seeking, raising its all-time financing total to $83 million. The company offers bedside scanning solutions for medications, specimens, and breast milk along with documentation and caregiver messaging.
Rideout Health (CA) selects McKesson’s Paragon HIS as its financial and clinical solution.
ARcare (KY/AR) selects SuccessEHS PM/EHR for its 45 community health center locations.
MemorialCare Health System (CA) will implement the KnowledgeEdge Enterprise Data Warehouse from Health Care DataWorks.
Trustees of St. John’s Medical Center (WY) decide to spend $240,000 to buy eClinicalWorks as a replacement for McKesson Practice Partner, which it has been running for five years. They say Practice Partner is not user friendly and makes it difficult to document office visits.
The Premier Healthcare Alliance names Gary S. Long (Surgical Information Systems) chief sales officer.
CCHIT adds Janet M. Corrigan (National Quality Forum) and Grace E. Terrell, MD (Cornerstone Health Care) to its board of trustees and promotes Executive Director Alisa Ray to CEO.
The National Quality Forum names Christine K. Cassel, MD (American Board of Internal Medicine) president and CEO effective mid-summer 2013.
James D. Morris (Western Digital) joins Harris Corporation as group president of the Integrated Network Solutions business, which includes Harris Healthcare Solutions.
The SSI Group appoints Brian Campbell SVP of sales and Tom Myers chief strategy officer. Both will maintain their roles with MedWorth, an SSI subsidiary.
Meditech promotes Carol Labadini to associate VP for development, implementation, and support of Meditech’s ambulatory solution and Hoda Sayed-Friel to EVP of strategy and marketing.
Billing company PatientFocus adds Philip Hertik (Windsor Health Group) and Lucius E. Burch, IV (Burch Investment Group) to its board of directors.
Ormed names Bill Hockstedler (Connance, Inc.) VP of sales and marketing.
Imprivata names Carina Edwards (Nuance) as SVP of its new Customer Experience Group.
Informatica names Margaret Breya (HP) chief marketing office and EVP.
Announcements and Implementations
New Horizons Health Systems (KY) goes live on Healthland Centriq EHR.
Hutchinson Clinic (KS) exchanges CCD from its Allscripts EMR to the Kansas Health Information Network using the ICA CareAlign Exchange platform.
Orion Health announces the release of Orion Health Mobile, which allows users of Orion Health HIE to view real-time patient information on their iPhones and iPads.
Ormed sells its Canadian business to a subsidiary of Constellation Software, saying it will now focus on selling it ERP, HR, and decision support products to the US healthcare market. Constellation has completed several acquisitions this month, including buying documentation and charge capture systems vendor Salar from Nuance. Constellation also owned 21 percent of Mediware, or about $40 million worth, when that company was acquired by Thoma Bravo last month.
A profile of NewYork-Presbyterian Hospital SVP/CIO Aurelia Boyer, RN, MBA describes the organization’s use of Caradigm Amalga to analyze quality measures in real time, which she says saved $1.5 million in discovering CHF treatment variations.
Medecision’s Aerial care management system earns NCQA disease management certification.
Government and Politics
ONC recognizes Ohio for coordinating its Regional Extension Center, HIE, and Beacon Community in supporting Meaningful Use and interoperability. More than 8,200 Ohio providers have met Meaningful Use requirements, receiving $368 million in federal payments.
In England, the chair of the Public Accounts Committee says paying trusts to implement CSC’s Lorenzo system are “bribes.” An earlier report from eHealth Insider says that CSC has offered $1.6 million each to the next 10 hospitals who sign up for Lorenzo, with funds coming from the Department of Health and CSC. CSC says the report contained factual errors, while Department of Health denies the suggestion that the incentives give CSC an advantage over competitors.
An article in a North Carolina newspaper illustrates why hospitals are snapping up medical practices. Simply by buying the practice, hospitals can bill up to double or more what the same physician in the same office would have been paid for performing the same service. Non-profit hospitals argue that they deserve to bill extra because of Medicare underpayment, a higher level of regulation, treatment of the uninsured, and a higher level of staffing. The article says North Carolina Attorney General Roy Cooper is considering using of antitrust laws to keep hospitals from raising healthcare costs by buying up their practice-based competitors. It cites an example of a patient’s echocardiogram, whose cost to her jumped from a $60 co-pay to a $952 bill even though the same technician performed the same test. In the Charlotte area, more than 90 percent of cardiologists are now hospital employees, spurred by a decline in their incomes of 30 to 40 percent in the past three years.
Weird News Andy says this baby was saved by scissors, but not like you’d think. UK doctors decide to save a baby born after 23 weeks of gestation (within the limit of legal abortion in almost all US states) because she weighed the minimum one pound to be considered viable. Only later did they realize that she had been weighed without removing a pair of scissors from the scales, with her actual weight being only 13 ounces. She’s been discharged after six months (after what must have been a monumental taxpayer expense) and is doing fine.
- Several Marines pay a visit to eClinicalWorks’ Westboro, MA headquarters to collect donated toys for Toys for Tots.
- CommVault will pay $5.9 million for land in Tinton Falls, NJ to build its new headquarters.
- A Wolters Kluwer Health survey finds that 80 percent of consumers believe they would benefit from have more control of their healthcare, though only 19 percent have a PHR. Nineteen percent also say that the most important consideration when selecting a physician is the practice’s level of technology.
- Surgical Information Systems showcased its AIMS solution at this week’s PostGraduate Assembly on Anesthesiology in New York City.
- PSS World Medical will offer Wellcentive’s population health management and analytics platform to its customers.
- GetWellNetwork integrates Stanley Healthcare’s RTLS with its interactive patient care solution to identify caregivers entering patient rooms.
- Dx-Web will offer LDM Group’s PhysicianCare and ScriptGuide products to its network of EMR vendors, expanding the relationship between the companies.
- The Center for Medicare and Medicaid Innovation awards the Mayo Clinic, Philips Research North American, and the US Critical Illness and Injury Trials Group over $16 million to improve critical care in the ICU.
- Billian’s HealthDATA offers strategies for providers to reduce re-hospitalization rates in a blog post.
- AirStrip Technologies will add secure messaging to its applications using Diversinet’s mobiSecure SDK.
- RazorInsights will incorporate Health Language, Inc.’s software into its EHR system to support standard terminologies.
- Clinithink publishes the seventh installment of its seven-part blog series entitled, "Clinical NLP in Plain English."
- DrFirst is ranked by Black Book as the #1 vendor of standalone electronic prescribing systems.
Report from the Healthcare Privacy and Security Forum
December 2-3, Boston, MA
If you are not serious about your patient information security and privacy issues, the Office of Civil Rights (OCR) is, and it will have both financial and legal consequences for the entity. Just check out the Case Examples and Resolution Agreements (more on OCR to follow.)
I had the very good two days attending the inaugural Security and Privacy Forum sponsored by Healthcare IT News and HIMSS in Boston last week. It was well attended with over 250 registrants and 15 corporate sponsors. It does remind me of the early days for HIMSS (I won’t tell you how many years ago that was). It was serious, interactive, and had relevant subjects.
Here are some of the highlights and noteworthy points.
- The keynote was delivered by Tim Zoph, SVP of administration of Northwestern Memorial Healthcare. He shared the greatest impact of a lack of focus on patient security and privacy is the erosion of confidence from patients and consumer towards healthcare providers, with the reported 435 breaches that affected 500 or more individuals since September 22, 2009, now totaling more than 20 million impacted individuals. Tim offered hopes and guidance to healthcare leadership that through creating a culture of security, simplifying the technology environment, using a standards-based security model, being proactive, and most importantly applying the right governance structure that is multidisciplinary, we can avoid security as one of these blind spots outlined in How the Mighty Fall by Jim Collins.
- Barbara Demster, chair of the HIMSS Patient Identity (PI) Integrity Work Group, outlined that PI Integrity has direct impacts to privacy and security in the areas of operations and finance. She offered a HIMSS white paper from the Patient Identity Integrity Toolkit. The current estimate is that records are duplicated in the eight to 12 percent range, with institutions experiencing 47 percent false negative and 51 percent false positive (more problematic). The financial impacts range from administrative, regulatory, and patient care-safety. Barbara also suggests that PI integrity processes need to include stakeholders across the organization. Barbara emphasized that commitment and explicit organizational guidelines towards data governance are imperative.
- Lisa Gallagher (senior director of privacy and security for HIMSS) and Bob Krenek (senior director of Experian Data Breach Resolution) presented the summary results of the 2012 HIMSS Security Survey, released December 12. Summary: (a) security budgets hold steady at 3 percent of the IT budget; (b) those organizations not conducting formal risk assessments will not qualify for MU incentives; (c) organizations need to establish a robust patient information secure environment in order to be able to safely share data externally; and (d) physician practices are not as advanced as other healthcare organizations in many areas of data security.
- Sharon Finney, corporate data security officer for Adventist Health System, shared that her approach in meeting the needs and prepare for an OCR audit is moving her department from internal audit functions to risk assessment, focus on the potential risk impact, quantifying the financial risk, and engaging other departments. She also urged understanding people and process and to focus on the connecting points between each steps. She said she expects MU audits to be performed on all the institutions received funding.
- Edward Ricks, VP/CIO of Beaufort Memorial Hospital suggested that to prepare for an OCR audit is to simplify the process and use outside consultants for support.
- Mobile access and BYOD in healthcare are still major issues for patient information security and privacy with no single strategy, especially in the areas of device-to-device communication of PHI and home or consumer data collection. Sample strategies: Kaiser (do not allow any BYOD), Partners (restrict to technology standards — iOS only), Children’s Hospital of Central California (provide a virtual desktop environment), and others using network security to limit information access. The general agreement is that leadership is required to create a culture of patient information security. There is plenty of work to be shared by all the functional roles, but the reality is, a low amount of resources devoted and focused on the efforts of patient information security and privacy from both the administration and the white coats.
- Jennings Aske (CISO of Partners HealthCare) and Darren Lacey (CISO and director of IT compliance of Johns Hopkins University and Johns Hopkins Medicine) discussed the role of cloud computing. They suggested that it is necessary for the cloud supplier to sign a BAA, disclose underlying infrastructure, obtain third-party certification, and to demonstrate disclosure transparence. They did suggest that hybrid cloud services architecture is a good compromise.
Leon Rodriguez, director of the Office for Civil Rights (OCR), made these statements in an interview:
- HHS OCR enforces the HIPAA Privacy and Security Rules as well as the HITECH Breach Notification Rule.
- The final HIPAA Privacy and Security Rules are expected very soon.
- The greatest challenge is the transformation of the agency from a regulatory body to an enforcement agency, where the scope is expected to be broader in nature.
- The director position requires a balance of business needs and the need to comply with the regulations.
- OCR expects from providers a well-documented procedure and we expect the entity to follow the process. The focused is on encryption, encryption, and encryption.
- The awareness of management is still lacking, which makes it difficult for healthcare organizations to meet the regulations.
- OCR has to work to help consumers to understand privacy violations.
- OCR is starting to move from a reactive mode to proactive audits based on risk analysis.
- OCR expects more monetary restitution in the future and to expand the agency using the proceeds of the fines. $4 million was collected in 2012, but that is expected to grow.
- OCR most likely will offer technology guidance, but will focus on the process.
- OCR is still trying to assess the level of resources necessary to complete the audit.
- Healthcare entity leadership will separate the successful implementation of a security and privacy plan from the unsuccessful ones.
Do you hear the OCR coming down the chimney to your facility? Plan to attend the Forum next year. I think you will find it worthwhile, and it may get you on the official Good List.