Home » This Week in HIT » Currently Reading:

This Week in HIT 8/30/13

August 30, 2013 This Week in HIT 1 Comment

Tales from Encrypt: Big Breaches to Fill

8-30-2013 11-13-07 AM

Facts and Background

Major data breaches were reported this week at Advocate Medical Group (IL) and UTPhysicians (TX), both involving the theft of unencrypted computers from their premises.


Both incidents involved somewhat unusual circumstances: Advocate’s stolen devices were desktops rather than laptops, while the stolen laptop of UTPhysicians was attached directly to a medical device and therefore not something IT would necessarily support. The bottom line of this cautionary tale: if there’s a hard drive, encrypt it.


  • Computer security is only as good as physical security unless encryption is installed.
  • Computers attached to medical devices may not even be on the network, making them discoverable only by physical inspection.
  • It’s interesting that anyone even bothers to steal computers given their low black market value compared to cell phones or iPads. Perhaps they are intentionally stolen for more sinister purposes, such as intending to sell the medical data they may contain or holding them for ransom, but the thieves realized too late that they’re not really bright enough to pull that off.
  • Government agencies like HHS and the IRS like to choose an occasional rule-breaker and flog them publicly to keep everybody else in line. Being that poster child is going to cost AMG millions in fines, investigation costs, and remediation.

Hospital EMRs: Epic and Cerner are Kicking Sand in Everybody Else’s Faces

8-30-2013 11-33-29 AM

Facts and Background

A KLAS report finds that Epic and Cerner are about the only systems being bought by 200+ bed hospitals and health systems, while Meditech and McKesson Paragon dominate small-hospital sales.


The Epic-Cerner domination was obvious, but the staggering declines by conglomerate vendors McKesson, Siemens, and GE Healthcare may not have been.


  • It has always been true that the best and best-selling products in healthcare IT are sold by companies that aren’t distracted by unrelated business lines. The worst and worst-selling products have always been marketed by international conglomerates.
  • Cerner is a rare exception to another rule: publicly traded companies usually far worse in product quality and sales.
  • KLAS says Cerner is narrowing the previously lopsided five-to-one sales advantage Epic has had.
  • McKesson’s only potential bright spot is Paragon. If it wasn’t for that product, they would be better off just selling off their creaky legacy products (Star, Series, Horizon, etc.) and getting out of healthcare IT altogether as big companies often do once the novelty has worn off.
  • Most of the laggards came with low expectations, but the zero wins and three losses for Allscripts explain why the company is suddenly steering all conversations toward population health management and away from both inpatient and ambulatory EHRs.
  • The only real unanswered question, which KLAS points out, is who the Horizon and Meditech Magic customers will choose once they realize the Meaningful Use drawbacks of sticking with an also-ran EMR.
  • Epic and Cerner aren’t cheap. As hospitals feel the budget pinch and swallow hard when writing their monthly maintenance fee checks, will the lower cost of Meditech and Paragon lure them in despite more limited functionality?
  • Meditech should have been a better contender, but 6.0 seems to have killed its momentum just when it seemed poised to seize the opportunity to move into the Big Three of big-hospital products.
  • As the hospital whales consume the smaller fish, Epic and Cerner will gain more hospitals by attrition as the incumbent vendors get the boot.

Attention Doctor Shoppers: The Database Knows You’re Hooked 

8-30-2013 12-16-19 PM

Facts and Background

New York State prescribers must check the I-STOP statewide database of filled narcotics prescriptions before issuing new narcotics prescriptions as of this week.


It’s a good first step in identifying drug-seeking patients, but not a very elegant solution in in requiring prescribers to manually look up patients on a secure Web page.


  • Pharmacists aren’t required to check the database when dispensing prescriptions, but they are required to enter their filled narcotics prescriptions into it immediately.
  • The database should really be a national one, although state-specific laws always impose maddeningly archaic limitations on any kind of national effort (state-by-state medical licensure, for example).
  • It would be nice if the database had the capability to integrate with EHRs to save doctors a lot of fumbling around while they’re in the room with the patient.
  • What happens when a patient is identified as a doctor shopper? Most likely nothing except they walk out without a new prescription and buy their drugs on the street instead.
  • While some prescription drug abusers pay cash to avoid detection, surely insurance company records (and especially Medicaid records) would already have allowed these patients to be easily identified.
  • Use of the database is likely to increase drug dealer profits and drug abuser crime as the reduced drug supply pushes prices up.


Mr. H, Inga, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there is "1 comment" on this Article:

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors






























































Gold Sponsors
















Reader Comments

  • Money Doc: Come on, Dr. Nguyen. You are talking about "lost revenue" but you don't worry about gaps in patient care? Are you reimbu...
  • Anonymouse: You are ultimately responsible for not properly vetting your provider and signing the contract that probably states the ...
  • Conrad Black: That will happen at the same time my doctor starts reimbursing me for a two hour wait in his office or a mistaken/late d...
  • Conrad Black: The same people that pay for any other services/products the organization provides...
  • Anonymous: The SamSam ransomware has been around for 2 years... shame on Allscripts for not patching their main servers to allow at...
  • Anonymous Reply: Kathy: Anti-Ransomware protection?? lol, Its a joke because the programmers that are making the protection, always hav...
  • John Jones: Who pays to notify all these patients of a potential breach of their protected health information? Someone do that math ...
  • Don't think twice it's alright...: It isn't surprising that the State of Illinois procurement office rejected Cerner's shortsighted protest of Epic winning...
  • Thomas Nguyen: I am one of the many doctors affected by this. If allscripts had any ethics, they would reimburse the doctors affected f...
  • Kathie: As of August 4, 2017, hackers accounted for 75 healthcare breaches and in November 2017 Ransomware knocked out North Car...

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

Sponsor Quick Links