Tales from Encrypt: Big Breaches to Fill
Both incidents involved somewhat unusual circumstances: Advocate’s stolen devices were desktops rather than laptops, while the stolen laptop of UTPhysicians was attached directly to a medical device and therefore not something IT would necessarily support. The bottom line of this cautionary tale: if there’s a hard drive, encrypt it.
- Computer security is only as good as physical security unless encryption is installed.
- Computers attached to medical devices may not even be on the network, making them discoverable only by physical inspection.
- It’s interesting that anyone even bothers to steal computers given their low black market value compared to cell phones or iPads. Perhaps they are intentionally stolen for more sinister purposes, such as intending to sell the medical data they may contain or holding them for ransom, but the thieves realized too late that they’re not really bright enough to pull that off.
- Government agencies like HHS and the IRS like to choose an occasional rule-breaker and flog them publicly to keep everybody else in line. Being that poster child is going to cost AMG millions in fines, investigation costs, and remediation.
Facts and Background
A KLAS report finds that Epic and Cerner are about the only systems being bought by 200+ bed hospitals and health systems, while Meditech and McKesson Paragon dominate small-hospital sales.
The Epic-Cerner domination was obvious, but the staggering declines by conglomerate vendors McKesson, Siemens, and GE Healthcare may not have been.
- It has always been true that the best and best-selling products in healthcare IT are sold by companies that aren’t distracted by unrelated business lines. The worst and worst-selling products have always been marketed by international conglomerates.
- Cerner is a rare exception to another rule: publicly traded companies usually far worse in product quality and sales.
- KLAS says Cerner is narrowing the previously lopsided five-to-one sales advantage Epic has had.
- McKesson’s only potential bright spot is Paragon. If it wasn’t for that product, they would be better off just selling off their creaky legacy products (Star, Series, Horizon, etc.) and getting out of healthcare IT altogether as big companies often do once the novelty has worn off.
- Most of the laggards came with low expectations, but the zero wins and three losses for Allscripts explain why the company is suddenly steering all conversations toward population health management and away from both inpatient and ambulatory EHRs.
- The only real unanswered question, which KLAS points out, is who the Horizon and Meditech Magic customers will choose once they realize the Meaningful Use drawbacks of sticking with an also-ran EMR.
- Epic and Cerner aren’t cheap. As hospitals feel the budget pinch and swallow hard when writing their monthly maintenance fee checks, will the lower cost of Meditech and Paragon lure them in despite more limited functionality?
- Meditech should have been a better contender, but 6.0 seems to have killed its momentum just when it seemed poised to seize the opportunity to move into the Big Three of big-hospital products.
- As the hospital whales consume the smaller fish, Epic and Cerner will gain more hospitals by attrition as the incumbent vendors get the boot.
Attention Doctor Shoppers: The Database Knows You’re Hooked
Facts and Background
New York State prescribers must check the I-STOP statewide database of filled narcotics prescriptions before issuing new narcotics prescriptions as of this week.
It’s a good first step in identifying drug-seeking patients, but not a very elegant solution in in requiring prescribers to manually look up patients on a secure Web page.
- Pharmacists aren’t required to check the database when dispensing prescriptions, but they are required to enter their filled narcotics prescriptions into it immediately.
- The database should really be a national one, although state-specific laws always impose maddeningly archaic limitations on any kind of national effort (state-by-state medical licensure, for example).
- It would be nice if the database had the capability to integrate with EHRs to save doctors a lot of fumbling around while they’re in the room with the patient.
- What happens when a patient is identified as a doctor shopper? Most likely nothing except they walk out without a new prescription and buy their drugs on the street instead.
- While some prescription drug abusers pay cash to avoid detection, surely insurance company records (and especially Medicaid records) would already have allowed these patients to be easily identified.
- Use of the database is likely to increase drug dealer profits and drug abuser crime as the reduced drug supply pushes prices up.