The massive Sony Pictures data breach forces the company to warn employees that hackers have their personal information (including Social Security numbers, government identifiers, and compensation information) as well as HIPAA-protected health information collected by the company’s health plans. Celebrity PHI was among the information downloaded, which should provide interesting gossip when it inevitably leaks out. A worksheet listing the company’s highest-cost health plan patients (above) was one of the documents hackers posted to the Internet as a warning. Sony Pictures hires a law firm to threaten newspapers and websites that might otherwise post embarrassing hacker-released information, a tactic that legal experts say probably won’t work since the publications would be obtaining the information legally.
Meanwhile, the movie that apparently stoked the ire of the North Korea-based hackers premiered in LA Thursday night, with early mediocre reviews of “The Interview” raising the question of whether it was worth it, especially since the breach exposed emails in which a Sony Pictures executive griped to peers that the film is “desperately unfunny.” At least the movie will get curiosity box office revenue. Perhaps as the ultimate closing of the loop, Sony Pictures can make a movie about its own breach, featuring the “minimally talented spoiled brat” Angelina Jolie. After all, she starred in 1995’s “Hackers” before donning jewelry containing Billy Bob Thornton’s blood and then finally rebranding herself into a pouty-lipped Mother Teresa. Sony Pictures could use the ticket sales to help pay for the fines, privacy lawsuits, loss of business from exposure of its trade secrets and intellectual property, and general damage caused by incriminating emails. If they survive, that is, which should be in serious doubt at this point. The job you should be glad you don’t have is that of David Buckholtz, SVP of corporate IT at Sony Pictures Entertainment, who will never work in that town again.
From Shag Dancer: “Re: HIStalk. How long does it take you to write it?” I spend at least eight hours on Tuesdays and Thursdays, sometimes more and sometimes less on the Monday Morning Update, since I research and write every word. That’s only for the heads-down writing and not all the stuff in between … I’m a fast writer, but it takes forever to wade through all the meaningless junk that I don’t mention and to make sense of the sometimes poorly presented information that I do. My job as I see it is to make it look easy and to disguise a lot of work into a quick and entertaining read.
HIStalk Announcements and Requests
I decided to add a new subcategory called “Privacy and Security” to each post since breach and threat news is frequent. I’ve placed it below the “Government and Politics” section below.
I’m running an end-of-year special on promoted and produced webinars for those signed by December 31, so it’s a great time to contact Lorre to book a slot before the HIMSS conference.
Some company tossed a telephone book in my driveway this morning, reminding me that they still exist even though I haven’t opened one for at least five years (and when I did, I was only seeking pizza coupons). It reminded me of my first cell phone, which was not only large and sporting a walkie talkie type antenna, but also came with an downsized phone book for stashing in the glove box (where, curiously, no gloves have ever been placed).
Listening: new soulful and honest R&B crooning from K. Michelle. I listened unaware that she’s been in some trashy reality TV shows, thankfully, since the music soars despite her iffy career and lifestyle decisions.
I’m a recent coffee convert after years of making fun of Starbucks lines and bizarre morning rituals, so I need to know whether I’ve found belated enlightenment or whether I’ve instead crossed over to the dark side. Take my poll here – what do you enjoy drinking most at work? I usually hit all the hydration checkboxes with coffee, water, and soda in the mornings and I’d still find it hard to choose a favorite, although there’s nothing like coffee to get me going (and it’s not just the caffeine – there’s something about the warmth that just works). I’m not a snob about it, though – the giant $1 cup at McDonald’s is fine.
December 17 (Wednesday) 1:00 ET. There Is A 90% Probability That Your Son Is Pregnant: Predicting the Future of Predictive Analytics in Healthcare. Sponsored by Health Catalyst. Presenter: Dale Sanders, SVP of strategy, Health Catalyst. Predictive analytics is more than simple risk stratification. Once you identify an individual’s risk, what are the odds that you can change their behavior and what will it cost to do so? This presentation, geared towards managers and executives, addresses scenarios in which predictive models may or not be effective given that 80 percent of outcomes are driven by socioeconomic factors rather than healthcare delivery.
December 18 (Thursday) 1:00 ET. Virtual book launch for “Extraordinary Tales from a Rather Ordinary Guy,” a new book by “CIO Unplugged” contributor Ed Marx. Ed will go over the principles contained in the book, read a couple of tales that haven’t been shared until now, and accept live questions. Attendees who use the webinar’s interactive features will be eligible to win free copies of the book as well as a Kindle.
Acquisitions, Funding, Business, and Stock
Google’s venture capital fund is moving its investments from consumer Internet startups to healthcare and life sciences, with a special interest in companies that focus on health data.
Orion Health completes its New Zealand IPO, raising $97 million.
Neos Technologies acquires wearables monitoring vendor AFrame Digital. I don’t know anything about the former except that it writes a bad press release, including misspelling its own name. I’ve only heard of AFrame when it received a 2011 NIH grant to study falls in the elderly. Its “About” page obscures whoever is involved with the company, so my initial “who cares” reaction is that two unsuccessful companies are trying (against all odds) to merge into one better one. I lose nearly all interest in a company whose website fails to (a) list its executives; (b) indicate the location of its headquarters; (c) showcase recent announcements; or (d) make it clear on the home page exactly what it does in a succinct, buzzword-free tagline or paragraph. If they can’t accomplish those trivial tasks, why would I want to buy anything from them?
Lightbeam Health receives an unspecified capital investment from former Allscripts executives Glen Tullman and Lee Shapiro.
A report published by Good Jobs First names Cerner as #3 on the list of companies linked to the Forbes 400 list of richest Americans (Neal Patterson at $1.55 billion) that have received more than $1 billion in subsidies from state and local governments trying to boost economic development. Cerner at $1.7 billion worth of taxpayer gifts trails only Intel ($5.9 billion) and Nike ($2 billion). I say blame politicians rather than the companies that were voluntarily offered taxpayer money for reasons that may or may not make good fiscal sense.
Singapore- based RingMD, which offers consumers live video access to a global network of doctors, will establish its North American headquarters in Charleston, SC in preparation for an expanded US presence. Former programmer and founder Justin Fulcher, who is 24, started the company with the financial support of the Singapore government.
Massachusetts Eye and Ear (MA) chooses Medarchon’s Quarc for secure messaging.
Hunterdon Healthcare (NJ) will use secure communications from Practice Unite.
Genesys Health System (MI) signs up with PerfectServe for clinician communication.
Mary Jahrsdoerfer, PhD, RN (Philips Healthcare) joins Extension Healthcare as chief nursing officer.
Remote monitoring vendor Sentrian hires Lance Myers, PhD (Vivonoetics) as CTO.
Announcements and Implementations
The non-profit American Telemedicine Association launches an accreditation program for providers offering direct-to-consumer consultations, with the cost and requirements of the three-year certification disclosed only after submitting an application. Part of the package includes being able to use ATA’s accreditation seal and being listed in its consumer guide.
Allscripts certifies the Patient Engagement Solution of non-profit Healthwise for integration with its TouchWorks EHR.
Kaiser Permanente Hawaii launches a teledermatology service in which primary care physicians can send patient photos to dermatologists for diagnosis.
The 300th hospital goes live on Medhost’s YourCareCommunity vendor-agnostic patient portal.
The folks at Forward Health Group got permission for me to use the above summary graphic from KLAS’s just-released “Population Health Performance” report in which Forward Health Group scored at the top of several categories and #2 overall. Phytel, Forward Health Group, and i2i Systems led the pack, while eClinicalWorks and McKesson were the only two vendors in the low-performing category.
Wellcentive joins the CommonWell Health Alliance.
Government and Politics
The Senate finally confirms Vivek Murthy, MD, MBA as surgeon general, filling a position that has been vacant for 17 months. President Obama nominated him in November 2013, but his statements labeling guns as a public health hazard drew opposition from the influential National Rifle Association, which ended up on the rare wrong side of a political decision.
Privacy and Security
An interesting study seems to suggest that patients think the specific use of their health information is more important than whether their consent was given in advance. That’s surprising given that our entire desired state is is driven by opt in/opt out via consent signatures. Respondents said research use is OK in most cases, but using their information for marketing (even with their consent) is not OK.
Clay County Hospital (IL) calls the FBI after receiving an extortion email demanding cash to prevent stolen patient information from being disclosed (of which a sample was included as proof of possession). The 22-bed hospital says its servers haven’t been hacked, which would suggest that responsibility rests, as it often does, with an employee.
Virginia Commonwealth University Health System (VA) notifies patients that the used CDs donated by one of its employees to a children’s art project contained PHI, including full clinical records and Social Security numbers.
In Canada, Ontario’s privacy commissioner orders Rouge Valley Hospital to upgrade its computer systems, appalled that a year after several employees were found selling patient information, hospital still can’t review access records going back further than two weeks. A fun tidbit from the article: one of the employees who was selling information to Registered Education Savings Plans (RESPs) changed jobs and lost his access to the computer, after which he pulled the brilliant move of sending a formal request to IT asking to have his access restored so he could look up patient phone numbers to “sell them to RESPs in the course of his part-time employment.”
A tongue-in-cheek observational study finds that physician waiting rooms contain old, boring magazines because patients steal the others, especially newer celebrity gossip magazines. A couple of years ago I picked up a new-looking travel magazine in the lobby waiting room of one of our hospitals while waiting for a co-worker. I wondered why it featured now-defunct countries and photos of vintage automobiles until I checked the cover date, which was 1995. If only it could talk.
”Which surgeon you get matters – a lot,” says a profile of surgical outcomes software Amplio, developed by Memorial Sloan Kettering Cancer Center. The system combines post-op patient feedback with EHR information to tell surgeons how they’re doing, which they rarely know since they assume all similarly trained surgeons have similar outcomes with any variation explainable by how sick their patients are. The article references an earlier study in which it observers could easily and accurately determine who was the better surgeon by simply watching videos of their procedures. It also cites the startling results of a 2007 study: cancer returned in 10 percent of patients whose prostate was removed by inexperienced surgeons vs. in only 1 percent of those operated on by experienced surgeons. A snip from the brilliantly written article:
There’s something powerful about having outcomes graphed so starkly. Vickers says that there was a surgeon who saw that they were so far into the wrong corner of that plot — patients weren’t recovering well, and the cancer was coming back — that they decided to stop doing the procedure. The men spared poor outcomes by this decision will never know that Amplio saved them.It’s like an analytics dashboard, or a leaderboard, or a report card, or… well, it’s like a lot of things that have existed in a lot of other fields for a long time. And it kind of makes you wonder, why has it taken so long for a tool like this to come to surgeons?The answer is that Amplio has cleverly avoided the pitfalls of some previous efforts. For instance, in 1989, New York state began publicly reporting the mortality rates of cardiovascular surgeons. Because the data was “risk-adjusted”—an unfavorable outcome would be considered less bad, or not counted at all, if the patient was at risk to begin with — surgeons started pretending their patients were a lot worse off than they were. In some cases, they avoided patients who looked like goners. “The sickest patients weren’t being treated,” Vickers says. One investigation into why mortality in New York had dropped for a certain procedure, the coronary artery bypass graft, concluded that it was just because New York hospitals were sending the highest-risk patients to Ohio.
The CEO of Withings apologizes to purchasers of its Aura sleep device, acknowledging that in its rush to get the product on the market, the company left out important features such as heart rate tracking and the ability to view results immediately. They’re trying to fix some of the problems with updates.
The Portland, OR newspaper covers the failure of a local interoperability project that started eight years ago, concluding that it didn’t work even though most hospitals are on Epic because: (a) hospitals bear the cost while insurance companies reap the benefit; (b) hospitals get paid for the procedures they perform rather than those whose duplication they avoid; (c) even information that is successfully exchanged doesn’t always make sense to the recipient. Thus reads the boilerplate RHIO epitaph.
A new Consumer Reports survey of recently hospitalized patients finds that those who didn’t feel respected by staff during their stay were 2.5 times more likely to experience a medical error, with an alarming 30 percent of those surveyed saying they actually did. A third of respondents say they weren’t treated like responsible adults, while 40 percent report that doctors and nurses interrupted them instead of listening. The article, which will appear in the February 2015 issue, suggests that patients choose a hospital carefully, invite doctors to sit down and talk, write things down, and bring along a trusted ally to help. I asked Consumer Reports about the survey’s methodology, with the positives being that it was a national representative sample with a high confidence level. The negatives that I can determine (without seeing the actual survey instrument that I asked for) are that patients self-reported whether an error occurred and nothing was mentioned about error significance (getting a daily aspirin an hour late might be reported as a medical error by some patients). Interesting but not surprising to me is that all of the lowest-safety, lowest-respect hospitals (listed above) are in big metro areas, with a heavy Chicago representation. As I always say, go to a big academic medical center if you require tricky diagnosis or surgery; otherwise, a mid-sized community hospital that does a lot of whatever you need is your best bet.
The latest article in the New York Times series “Paying Till It Hurts” reviews the cost of diagnostic tests, which it describes as “what liquor is to the hospitality industry: a profit center with large and often arbitrary markups.” Example: an outpatient EKG done by a community hospital’s technician took 30 minutes and was billed at $5,500, while the same test performed by a Harvard hospital and cardiologist over 1.5 hours was billed at only $1,400 (the article should have mentioned what the graph shows, that Medicare didn’t pay the funny money in either case, instead reimbursing around $400 for each). Eric Topol, MD summarizes the economic incentive as, “At many hospitals, the threshold for ordering an echocardiogram is the presence of a heart.”
The bonds of 109-bed Mayers Memorial Hospital District (CA) are downgraded, primarily because of EHR-related capital expenses and resulting lower cash collections. The hospital, which implemented McKesson Paragon, is down to 3.5 days of cash on hand.
A New Zealand coroner warns doctors to pay attention to the clinical warnings generated by their EHRs after ruling that a patient died after his doctor prescribed quinine inappropriately. The coroner also noted that hospital records aren’t available to physician practices.
In England, a lead nurse in an endoscopy unit hangs himself after expressing concerns about staff shortages and the introduction of a new hospital computer system that was causing a patient backlog, forcing him to work 80 hours per week.
Also in England, doctors at Royal Free Hospital warn that patients are being endangered by its implementation of the OpenText document management system that has created scanning backlog, causing patients to arrive for new visits while their paper records are still piled up in a scanning contractor’s warehouse. The hospital was bragging just a few months ago about the problems that OpenText solved in sending scanned records to its Cerner EPR system.
Duke University Health System (NC) hospitalist Ricky Bloomfield, MD provides the remote chronic monitoring billing codes he mentioned at his mHealth Summit session on Apple HealthKit: the new E&M 99490 for monthly chronic care management ($42.60 per month) that could be combined with CPT 99090 or 99091 to yield $99.52 per month. He warns that nobody has actually tried billing Medicare or any other insurer using these codes yet, so it’s a work in progress.
Only in America: the family of an Ohio inmate who raped and killed a woman who was 30 weeks pregnant sues just about everybody for his painful execution that was performed using the untested two-drug combination of midazolam and hydromorphone. Named in the lawsuit are the manufacturer of the drugs (Hospira) and their distributor (McKesson), companies the family says should have known would cause suffering. In an interesting twist, a prison guard says the inmate told him before he died that his attorney urged him to feign suffocation with a prearranged “thumbs up” signal as the injections were started in the hopes that the governor would stop the execution.
Weird News Andy says, “They really do have skin in the game.” Scientists develop artificial skin for prosthetics that can feel warmth and other attributes. Or as WNA adds, “for Terminator v0.1.”
I invited sponsors to send photos of their holiday activities since I like to put faces with company names. The folks from Direct Consulting Associates providing shots of their company gathering.
Employees of PerfectServe collected donations for the Florence Crittenton Agency in Tennessee, donating clothing and 10 suitcases for the agency’s “Wheels of Hope” campaign that allows children who arrive carrying their belongings in a trash bag to leave with their own suitcase.
- Visage Imaging posts its “RSNA 2014: Visage’s Top Five.”
- RazorInsights doubled its client base, increased revenue by 200 percent, and hired 80 new employees during 2014.
- GetWellNetwork Ambulatory earns ONC-ACB 2014 Edition Modular EHR Certification. The company also announces that CEO Michael O’Neil will present at the 2014 HIMSS Middle East Integrated Health Innovations Conference this week.
- Nuance announces that KLAS rated it #1 for regulatory reporting in “Quality Management 2014: The Race Gets Closer.”