NIST publishes a draft guide for securing medical information on mobile devices that includes a risk assessment. It’s pretty geeky in places, which is a good thing since the last thing anybody needs is more feel-bad security hysteria that isn’t actionable. This is a must-read for health system CISOs and network engineers and probably their vendors as well.
From Jack: “Re: Meaningful Use payments to providers. Explain it like I’m five: how can I tell if mine has been paid for MU2? CMS also doesn’t seem to have a good way to see which providers have invested in their Continuity of Care bits. I’m trying to empower my community, remove hassle, and get rid of impediments to care and this seems like a major ‘all of the above.’”
From The PACS Designer: “Re: Windows 10 readiness. With the launch of free Windows 10 sometime after July 29, it’s a good time to get existing systems ready for the 3GB install. Best thing to do before that date is to go to Control Panel and enter Defrag, and Remove in the Search Box to review what should be removed to make room for the upgrade. For Defragmentation, if percentage is more than 5 percent, run the option. Also for Win7/8, enter ClearType to improve the crispness of text in documents.” I thought it was smart of Microsoft to drop the Windows icon in the taskbar to click for notification when Win10 is ready for download sometime after Tuesday. It’s also nice that the upgrade is free. I’ve signed up.
From Petty Officer: “Re: Catholic Health Initiatives. Minimizing Wipro in choosing Cerner ITWorks.” CHI contracts for Cerner’s managed IT services even though it signed a $200 million IT outsourcing agreement with India-based Wipro in 2013.
From Linky: “Re: Military Health System. CIO David Bown may have spilled the beans on DoD’s EHR selection when he said they are working on EHR infrastructure in the Pacific Northwest. January news stories said that IBM/Epic are piloting their system at Tacoma, WA-based MultiCare.” It is interesting, although perhaps IBM/Epic was aware of the initial rollout plans early (maybe it was mentioned in the RFI) and smartly planned their own pilots for the same region.
From NantWhere?: “Re: NantHealth. Purchased Harris healthcare division for $50 million and agreed to keep 170 employees for at least a year in addition. Nant is clearing house to make way for a floundering organization with no sales for over a year. Where is NantHealth going and who will be left to do the work?” Unverified. Harris must have really botched its healthcare business that it bought for $155 million (in the form of Carefx) in 2011 if it really did dump it for just $50 million after deciding to remove its tentative toe from the healthcare waters and focus on big government defense contracts (I apologize for the redundancy – all government defense projects, and in fact all government projects, are “big” and usually grow a lot bigger before they’re either finished or abandoned, which happens with roughly equal frequency.)
From Robert Lafsky, MD: “Re: New Yorker article. Somehow this made me think of you.” The article urges people to “communicate your needs and desires via email that doesn’t require the use of ‘please find.’” I like it, although “please find” irritates me less than the smarmily obsequious “please know.” I blame teachers for telling students they shouldn’t write like they talk, which results in artificially flowery and awkward phrases that are painful to read.
From Ashley Madison: “Re: Ashley Madison breach. Lots of adulterers getting nervous out there!” The site — which proclaims itself “the most famous name in infidelity and married dating” with 38 million members — is breached, with all of its members’ records now in the hands of cyberhackers who are already spamming them and threatening to take their information public if the site isn’t shut down. The company is providing no updates to its users, most of whom are probably just curious without seriously contemplating extramarital relationships. Men, who make up most of the paying customers, spend up to $300 per year hoping to contact women that are in many cases literally unreal (one woman sued the company for wrist injuries she sustained in manually creating thousands of fake female subscriber profiles). A few users have anonymously threatened suicide on various sites. Parent company Avid Life planned an IPO following steady profits that rose to $55 million in 2014, but selectively moral potential investors steered clear.
HIStalk Announcements and Requests
Most poll respondents will take 10 to 19 paid days off in 2015, although a healthy number (pun intended) will be away from work for 20 to 29 days. Shockingly to some of those folks, their employer will not descend into chaos due to their absence, that same reality that sets in when your appreciative, associate-friendly employer suddenly lays you off without even a blip in corporate output as less-expensive replacement hamsters are brought in to keep the wheel turning. A couple of readers noted that despite their alleged time “off,” they are still tethered and sometimes pulled back into “I need you now” situations. Readers also suggested the follow-up poll to your right or here: how often do you check work email or voicemail on a vacation day? Thank the dearly departed Steve Jobs for inventing the iPhone and thereby eliminating the “I’m out of the office not checking email” concept that worked just fine when we all had email access only from our work desktops and we could therefore vacate the office both physically and virtually rather than only the former.
I’m back from vacation, facing thousands of emails and the infuriating “you didn’t reply within a day or two, so I’m sending it again” messages from people (all of them, not coincidentally, from PR companies) who obviously don’t read HIStalk, which is exactly why I don’t set an “out of office” message since readers and sponsors already know I’m offline, selectively responding to anything critical but otherwise not sharing anybody else’s urgency. Jenn admirably covered for me on the Tuesday and Thursday posts, which I read to make sure nothing earth-shattering occurred. I’ll be catching up this week.
A “My Medical Records Saga” Update
I still haven’t heard from the hospital or the Office for Civil Rights regarding my complaint that the hospital refused to provide electronic copy of my records. I used CareSync to request my PCP’s records and the company uploaded and transcribed the information quickly, giving me both discrete data elements and the practice’s scanned reports. CareSync also fixed the technical handshake between its system and Carebox and I was able to effortlessly shoot those records over to Carebox via a Direct message, which required only that I click CareSync’s “share” button and provide my Carebox-assigned Direct address. It was maybe two minutes later that I received Carebox’s “got it” email and was able to view a nicely formatted record, including a beautiful BlueButton extract. The process was immensely satisfying on both ends.
CareSync is a deeper and richer application than I expected and having real humans assemble and upload the records makes it painless. They will even initiate the process of correcting information that the provider has recorded inaccurately (like the hospital flagging me as a smoker for some reason). I haven’t really explored what else CareSync does, but I see that it allows bringing in data from wearables, adding personal and insurance documents, scheduling appointments, setting medication reminders, assigning health maintenance tasks, and viewing a nicely formatted health timeline. You can add a family member as a user, allowing them to view and manage your information.
I think I read somewhere that CareSync offers a “break the glass” one-time password option for emergencies, although I haven’t figured that out yet (it would be cool to have an emergency bracelet thingy to solve that “unconscious in the ED” problem that RHIOs failed to fix). In fact, CareSync could be an opt-in HIE if it could just solve the legal and logistical challenges of polling the user’s defined providers regularly to automatically update information from new visits — you have to request them each time.
I recall that in China, each person maintains their own paper medical records, bringing them along every time they have an encounter and then taking them back home afterward with the new information added. Most people here would think that’s a Luddite system, but I’ve always thought it’s pretty smart given the pathetic state of interoperability in this country, where your ED or hospital outcome will probably already have been decided one way or another before your medical history ever arrives (assuming that the ED or hospital even bothers to try to get it, which I seriously doubt). I would much rather give a provider access to information that I’ve already reviewed with my own comments added, hoping they review it right then and there to avoid errors, conflicts, and expensive duplicate testing. That’s also the logical place to store an advance directive and power of medical attorney since a shocking number of those are ignored because nobody knows they exist or they can’t be found when needed.
Maybe someday we’ll figure this provider-to-provider interoperability thing out despite competing special interests, but until then, the only sure thing is for patients to collect and share their own information. CareSync happened to be the application I tried and I can see great possibilities in providers using it to provide ongoing care management and communication, but I’m sure competing products also do a good job. It has been an eye-opening experience for me to see health IT from the other side of the provider-patient relationship, to take control of my records, and to see what’s been recorded about me by providers, sometimes incorrectly.
Book Review: The Lean Startup
I’m short on time having been away, so I will simply summarize the startup advice as suggested by “The Lean Startup,” which was recommended to me by DrLyle. Quite a bit of it is relevant to healthcare IT and software development in particular, even for large companies interested in increasing their innovation and creating new growth. It’s like an MBA program for startups in highlighting the difference between running a big business and starting a small business with big ambitions.
- Most startups fail not because they lacked a good idea, didn’t have the right stuff, or had poor timing, but rather because they don’t follow a process that seems too much like the much-maligned “management” that the corporate world embraces.
- The prime focus of a startup isn’t to develop or sell products – it’s to learn via validated experiments that force the entrepreneur to test individual elements of their vision, resulting the measurable discovery of truths that keep the company optimally focused and moving forward.
- A startup’s activities should revolve around the Build-Measure-Learn cycle that tells the company whether to stick it our or to pivot (“pivot” being defined as changing direction with one foot planted in the current state, not abandoning the concept for something unrelated).
- While management methods used by established companies – such as market research, forecasting, and accounting – don’t work for startups and result in “achieving failure,” just diving in while merrily abandoning any sort of managerial discipline is also likely to ensure failure.
- Success results from the ongoing measuring and tuning of the “engine of growth.”
- Products should be developed in small batches or even via continuous deployment (which is counter-intuitive in a production-oriented environment), tested with a subset of customers, and negative changes backed out or fixed quickly. Startups don’t have much of a reputation to be tarnished, so it’s OK to fail.
- Ongoing customer contact and behavior monitoring is critical.
- The customer will tell a company what they need or want, which might not be what the company originally thought. Assumptions are often wrong, but the time spent chasing the wrong objective still results in valuable learning.
- Companies need to understand which activities add measurable value and eliminate those that don’t.
- It’s paradoxically easier to raise money with zero revenue and zero customers because small numbers eliminate the possibility of overnight success.
- The initial product release should be the minimum viable product that can be released and tested quickly even without features that may seem essential, followed by intense measurement of product use and customer response to see if the “leap of faith” assumptions on which the company was based are accurate.
- Startups have to manage by non-vanity metrics that portray the true growth trajectory.
- Customer behavior should be tracked by cohort rather than in aggregate to understand how each demographic group responds to product attributes and to design a sales funnel-type process.
- The paid engine of growth is to either increase revenue from each customer or reduce the cost of getting a new customer.
- Companies can fail by efficiently making changes that inflate vanity metrics without changing customer behavior, which then creates a crisis when the growth tapers off with no new activities underway to replace the inevitable slowdown.
- Deciding which incremental investments to make can be done by the Five Whys, addressing a given problem by asking incremental “why” questions five times to arrive at the root cause.
Last Week’s Most Interesting News
- Anthem finalizes its deal to acquire Cigna for $54 billion.
- UCLA Health announces that a September 2014 cyberattack exposed the information of 4.5 million patients.
- An ONC-commissioned consultant’s report outlines a five-year plan for a $20 million, 10-employee Health IT Safety Center whose focus will be “convening, researching, and disseminating.”
- Ascension Health offers to buy revenue cycle services vendor Accretive Health — which gets half its revenue from Ascension — for half its stock market value, sending shares down 50 percent as the company rejects the uninvited offer and issues a “seek strategic alternatives” cry for help.
- UMass Memorial Health care (MA) announces that it will replace the former Siemens (now Cerner) Soarian with Epic, abandoning a bizarre $100 million best-of-breed project announced in 2010 that had the organization trying to cobble together systems from Allscripts, Siemens, Picis, IBM, and Hyland as planned by then-CIO, now-resigned George Brenckle.
July 29 (Wednesday) 11:30 ET. “Earning Medicare’s New Chronic Care Management Payments: Five Steps to Take Now.” Sponsored by West Healthcare Practice. Presenters: Robert J. Dudzinski, PharmD, EVP, West Healthcare Practice; Colin Roberts, senior director of healthcare product integration, West Healthcare Practice. Medicare’s new monthly payments for Chronic Care Management (CCM) can improve not only patient outcomes and satisfaction, but provider financial viability and competitiveness as well. Attendees will learn how to estimate their potential CCM revenue, how to use technology and clinical resources to scale up CCM to reach more patients, and how to start delivering CCM benefits to patients and providers by taking five specific steps. Don’t be caught on the sidelines as others put their CCM programs in place.
July 30 (Thursday) 3:00 ET. “De-Silo Your Disparate IT Systems Around the Patient with VNA.” Sponsored by Lexmark. Presenters: Steven W. Campbell, manager of diagnostic applications and interfaces, Piedmont Healthcare; Larry Sitka, VNA evangelist, Lexmark. The entire patient record, including both DICOM and non-DICOM data, should be available at the point of need. Disparate, aging systems that hide data inside departmental silos won’t cut it, nor will IT systems that can’t integrate medical images meaningfully. Learn how Piedmont Healthcare used a vendor-neutral archive to quickly and easily migrate its images and refocus its systems around its patients.
Acquisitions, Funding, Business, and Stock
Marketing company Physicians Interactive acquires Qauntia, which offers the QuantiaMd collaboration platform and mobile community for physicians.
Dermatology EHR vendor Modernizing Medicine will acquire gastroenterology EHR vendor gMed.
Athenahealth reports Q2 results: revenue up 21 percent, adjusted EPS $0.32 vs. $0.32, falling short of revenue expectations but handily beating on earnings with shares spiking upward on the news. Above is the one-year price chart of ATHN (blue, up 2.8 percent) vs. the Nasdaq (red, up 14.5 percent).
From the Athenahealth earnings call:
- The company is approaching $1 billion in annual revenue.
- Athena expect to receive 75,000 applications for the 1,500 positions it will fill in 2015.
- CEO Jonathan Bush says the under-50 bed hospitals that are prospects for the RazorInsights product it acquired don’t have a strong balance sheet or deep IT talent, which the company will approach as it did small practices originally as in, “We’re not just going to sell you a system, we’re going to give you a system and we’re going to do the crap work that you hate and struggle with that gets in the way of treating patients for you. And so, instead of charging you X hundred thousand or million dollars upfront, we won’t charge you upfront, and we’ll take over these functions, get you more cash faster. And in the course of doing so, give you the clinical and financial systems that you need and keep them current forever.”
- Bush says value-based care is a great opportunity for the company, and while ACOs are “a really badly written risk contract,” Athenahealth can move its focus from Meaningful Use compliance towards portal adoption, care coordination, and system scheduling.
- Bush says the expansion of AthenaCollector to the hospital market is “incredibly synergistic” since a hospital claim has “all of the information on an ambulatory claim with three times the money on it and maybe 10 percent more information” and the company’s ambulatory claims experience allows it to reduce hospital collection cost using the information hospitals already have.
- Bush says of its Enterprise segment, “We are getting access into the Cerner and Epic systems that we’ve never had before and are able to provide an integrated view of the patient’s experience inside and outside of AthenaNet. You’ve always been able to see where a patient’s been inside of AthenaNet even if it’s a different practice, but you’ve never been able to see very cleanly and reliably stuff that’s gone on in the hospital … we’ve always had major Cerner customers, but now we’ve got major Epic customers, not just throw out all of Epic, but you deal with the 50 percent of their admissions that come from outside of that directly-employed inner circle, maybe even some of the guys in the inner circle that are enraged and frustrated and are flight risks to the hospital for being on a hospital-controlled flow-centric system.”
- RazorInsights will disappear as a separate product by next year as it is rolled into AthenaOne, while its acquisition of BIDMC’s WebOMR was scarcely mentioned in the call.
- Bush describes the company’s transactional revenue of 250 information exchanges per doctor per day as, “You’ve got eligibility checks, claims submissions, claim status inquiries, lab accessions, lab results, referrals, authorizations, get me another one, in-office exchanges. So, every time somebody uses an integrated blood pressure cuff, and so the thing goes off from AthenaNet to Welch Allyn and back, each one of those counts on the server. Each one of those is a tick.” The company is measuring that as its total automation rate, which it says is at 57.2 percent.
Besler Consulting acquires the transfer DRG recovery business of DRG Review.
SCL Health (CO) chooses Phynd for profiling and credentialing its 25,000 physicians across multiple IT systems.
Charleston Area Medical Center (WV) will convert from the former Siemens Soarian to Cerner’s other product (Millennium) by next July, saying they are “first in line” to make the move. The health system also says only 25 of its 1,200 doctors have completed ICD-10 training and those who haven’t done so my Monday will have their Soarian access removed.
Dan Critchley (University of Arizona Health Network) joins Optimum Healthcare IT as CEO of managed services.
Roy Moxam (McKesson) joins Sunquest as VP of client experience.
Impact Advisors hires Scott Pillittere (Huron Consulting Group) as VP.
Nick van Terheyden, MD (Nuance) joins Dell Healthcare as chief medical officer.
Announcements and Implementations
Medidata will integrate patient-generated data into its clinical trials platform using Validic’s digital health platform.
Harvard licenses its sleep apnea monitoring software to startup MediCollector.
Government and Politics
Researchers Dean Sittig and Hardeep Singh post a Health Affairs review of ONC’s plan for a Health IT Safety Center, saying that it’s a step forward given the absence of any other form of clinical systems oversight but suggesting that a VA-type safety events analysis service is still needed. ONC’s proposal calls for the Health IT Safety Center to avoid doing such investigations, which the article says will probably have to be performed internally by individual health systems with the Center possibly aggregating and reporting their findings.
HHS’s OIG posts a job opening for CIO, with applications due today (7/27).
A San Diego newspaper article questions whether Medicare can afford personalized medicine as patients demand more expensive custom treatments and tests. However, proponents expect cost avoidance in finding drugs that work for a given patient, citing the fact that cancer drugs fail 75 percent of the time. A health policy researcher says Medicare should change its payment model so that successful treatments for a given patient carry a higher price tag than the same drug, test, or procedure that delivers a less-impressive result for another patient.
The New York Times profiles the Lively safety watch, a stylish alternative to the “I’ve fallen and I can’t get up” one-push alert button that also counts steps and provides medication alerts via an in-home cellular hub with sensors for pill containers and the refrigerator. The watch costs $50 and the monitoring service is $30 per month. It looks a lot like the Apple Watch.
Nike will pay $2.4 million to purchasers of its FuelBand following a class action lawsuit claiming that the company sold the fitness trackers even though they knew its measurements were inaccurate. It appears the wearables fad is tapering off as users don’t find their habits changing and the devices capture information that is a primitive health marker at best. I have at least a couple of them tossed aside in drawers and I bet you do, too.
Global Health Limited sues the government of South Australia, claiming that the state is using its Chiron patient management software despite holding an expired license. The state has been the last user of the outdated software since 2008 but had asked Global Health for permission to keep using it since its implementation of Allscripts Sunrise Clinical Manager for the new Royal Adelaide Hospital is behind schedule.
Western Australia has IT problems of its own as the new Fiona Stanley Hospital reports problems with IT systems that include lack of integration and a 15-minute delay after a physician logs in. Clinicians and patients also report problems with the hospital’s in-room interactive patient entertainment system. The hospital, which was supposed to be paperless, is running well over budget and behind schedule on its $150 million IT project.
A group of fund managers who invest in drug companies launches a US campaign calling for clinical trials to be registered and all data published within a year of study completion. AllTrials recently sued FDA to force it to release clinical trials data for two new, expensive drugs for hepatitis C. Its call to action petition can be signed here and it seeks volunteers to post its videos, host website buttons, and distribute flyers.
Insert your own punch line here: analysis of CMS payment data finds that Dr. Oz made $1.17 million from a hemorrhoid treatment he shilled, albeit at least with disclosure that he was involved in its development, which is about as ethical as he’s ever going to get.
Weird News Andy says he knows Bay Area real estate is expensive, but $2,000 for a bag of dirt might be a bit much. A fake doctor running a fake California cancer treatment center is charged with giving patients treatments consisting of baggies of expired medications and dirt, telling his patients to mix and swallow them with any resulting burning sensation meaning his concoction was working.
- Medicity client Great Lakes Health Connect surpasses its goal of having 1,000 medical practices using its referral application and will soon exceed 1,000 practices that are linked to Michigan’s immunization registry.
- Huntzinger Management Group expands its technology service offerings to include technical advisory, security, operational improvements, and end user services.
- Forward Health Group joins CMS’s Health Care Payment Learning and Action Network, charged with moving Medicare toward more value-based payments.