Bloomberg Businessweek puts medical device hacking on its cover, profiling a security expert who was criticized for announcing that he had found that medical devices are full of security holes. “All their devices are getting compromised. All their systems are getting compromised. All their clinical applications are getting compromised and no one cares. It’s just ridiculous, right?” The security expert was hospitalized himself and played around with an automated dispensing machine for medications just outside his room, which he easily penetrated using a known, hard-coded password that let him open any drug drawer he wanted. He’s buying his own medical devices to prove how vulnerable they are.
Experts say hospitals rely on device manufacturers to implement security, but they remain a weak link in exposing a hospital’s entire network. A security firm describes what it learned by creating a “honeypot” fake medical device to see who tried to penetrate it:
The decoy devices that TrapX analysts set up in hospitals allowed them to observe hackers attempting to take medical records out of the hospitals through the infected devices. The trail, Wright says, led them to a server in Eastern Europe believed to be controlled by a known Russian criminal syndicate. Basically, they would log on from their control server in Eastern Europe to a blood gas analyzer; they’d then go from the BGA to a data source, pull the records back to the BGA, and then out … In addition to the command-and-control malware that allowed the records to be swiped, TrapX also found a bug called Citadel, ransomware that’s designed to restrict a user’s access to his or her own files, which allows hackers to demand payment to restore that access.
From Occasional Angel: “Re: Theranos. I thought you’d get a laugh out of the company’s job posting for a communications director, which includes the requirement for an ‘agile thinker ability to respond quickly in shifting situations.’” Theranos certainly continues to experience shifting situations, nearly all of them causing further damage to the company. The latest headline is that grocery store chain Safeway is trying to wangle its way out of a previously unannounced Theranos partnership going back several years to put draw stations in 800 of its stores. The chain’s executives noticed that Theranos results sometimes differed wildly from the same test run by other commercial labs. Safeway also questioned why Theranos often drew samples from both a finger stick and by vein, with one of its executives astutely questioning “If the technology is fully developed, why would you need to do a venipuncture?” Safeway spent $350 million on the in-store clinic areas that featured granite countertops and video monitors, but is now using those areas only to administer vaccines.
My most positive impression of Theranos is that they were able to get the funding to invest in what must have been an ultra-expensive array of automated lab testing equipment (Nanotainer-powered or otherwise) that allowed it to undercut the price of huge-scale competitors. Lab testing is a lot more like a factory than a Silicon Valley startup and it requires brick-and-mortar drawing stations that send samples off to centralized labs, which as why I assume Theranos tries to convince everyone it’s the next Apple instead of an ambitious drop-off dry cleaner. It’s hardly a national diagnostic powerhouse given that its only locations are in California, Arizona, and Pennsylvania. In addition, most of those locations are in the drugstores of Walgreens, which seems to be distancing itself from Theranos pending review of its test process.
From Marketeer of the Beast: “Re: your rebranding of a health system to the made-up name Blovaria. Here’s how I would explain it. ‘Blovaria is a unique way to recognize our evolution in the marketplace. Our new name is the ideal platform to help us deliver market-leading bloviation with extreme variation in patient outcomes’… and on and on.” I like marketing folks that see the humor in what they do. I disdain marketing-speak and committee-driven company depersonalization into a “brand” that often tries to rewrite history and overpromises future company performance, but I believe strongly in much of what makes up marketing. Honest marketing tries to effectively convey a company’s values and vision in a noisy market, which is problematic when the paying customer wants marketing to cover up their incompetence or misplaced mission of simply pocketing cash by any means possible. Marketing people usually write well and are entertaining, so I’d be interested in running a guest article (anonymously, if that helps) from someone willing to explain the goods and bads of what they are asked to do.
HIStalk Announcements and Requests
Mrs. Read from Florida sent photos of her students using the STEM exploration tools we provided via her DonorsChoose grant request. She says they’re working on a project where they’ve programmed the Sphero app-enabled robotic ball to detect underwater forces, adding that some of the students have been motivated to join the school robotics team as a result. Ms. Santoro from Connecticut sent photos of her first graders working with the tablets we provided, saying some of them don’t have access to technology at home and are asking to use them even when their assigned work is finished.
I got a kick out of this tweet from Nick Kennedy, who apparently enjoyed my mhealth Summit rant. He has history in healthcare IT, but is now the founder and CEO of a private flight-sharing company. It’s fun knowing that someone reads HIStalk just because it entertains them.
This week on HIStalk Connect: Walgreens expands its telehealth offering to 25 states and updates its wellness app to capture glucose and blood pressure readings from its line of wireless medical devices. Researchers from Cedars Sinai Medical Center and UCLA find no improvement to 30-day readmission rates or six-month mortality rates when enrolled in a remote patient monitoring program. The American Association for Cancer Research has launched a data-sharing campaign that will create a central repository for researchers to store and analyze tumor gene mutation data. TigerText raises a $50 million Series C investment to help it expand its healthcare-focused communications platform.
This week on HIStalk Practice: The Wright Center receives the 2015 HIMSS Ambulatory Davies Award. Rep. Tom Price introduces the Meaningful Use Hardship Relief Act. The Patriot Promise Foundation launches to help connect veterans with better, technology-enabled care. PracticeMax acquires Medical Management Corp. of America. Greenway Health’s Rob Newman dishes on the KLAS Keystone Summit. The Retina Group of Washington selects a new EHR from Modernizing Medicine. New DreamLab app crunches cancer research data while you sleep. Ask the Doctor acquires Patients Connected.
November 18 (Wednesday) 2:00 ET. “Making VDI Secure and Simple for Healthcare.” Sponsored by Park Place International. Presenters: James Millington, group product line marketing manager, VMware; Erick Marshall, senior systems engineer of virtual desktop infrastructure, Park Place International. Deployment of a virtual solution can optimize the experience of clinician users. Attendees will learn how to address the evolving demands of security and mobility in clinician workflow to improve the quality of care.
November 20 (Friday) 2:00 ET. “The Athenahealth Leadership Institute Presents: Dr. John Halamka Interviewed by Jonathan Bush.” Sponsored by Athenahealth. Presenters: John Halamka, MD, MS, CIO, Beth Israel Deaconess Medical Center; Jonathan Bush, CEO, Athenahealth. Providers are fed up with interface fees and the lengthy, fragmented narratives we’re exchanging today. But what is the right course of action to help deliver better care across the continuum? Bring your questions as we join Dr.Halamka and Jonathan Bush to discuss the current state of healthcare and how we can improve care coordination and interoperability.
December 2 (Wednesday) 1:00 ET. “The Patient is In, But the Doctor is Out: How Metro Health Enabled Informed Decision-Making with Remote Access to PHI.” Sponsored by Vmware. Presenters: Josh Wilda, VP of IT, Metro Health; James Millington, group product line manager, VMware. Most industries are ahead of healthcare in providing remote access to applications and information. Some health systems, however, have transformed how, when, and where their providers access patient information. Metro Health in Grand Rapids, MI offers doctors fast bedside access to information and lets them review patient information on any device (including their TVs during football weekends!) saving them 30 minutes per day and reducing costs by $2.75 million.
December 3 (Thursday) 2:00 ET. “501(r) Regulations – What You Need to Know for Success in 2016.” Sponsored by TransUnion. Presenter: Jonathan Wiik, principal consultant, TransUnion Healthcare Solutions. Complex IRS rules take effect on January 1 that will dictate how providers ensure access, provide charity assistance, and collect uncompensated care. This in-depth webinar will cover tools and workflows that can help smooth the transition, including where to focus compliance efforts in the revenue cycle and a review of the documentation elements required.
Here’s the recording of Thursday’s webinar titled “Top Predictions for Population Health Management in 2016 and Beyond,” sponsored by Medecision.
Acquisitions, Funding, Business, and Stock
TigerText raises $50 million in Series C funding to expand the rollout of its secure messaging app.
The HCI Group acquires UK-based High Resolution Consulting and Resourcing. HCI CEO Ricky Caplin says the company is in “major expansion mode” and will likely announce additional acquisitions shortly.
Arizona-based HealthiestYou gets a $30 million investment from Frontier Capital. The company offers video visits, insurance connectivity, a provider director, and drug pricing lookup.
Turing Pharmaceuticals, the most-hated company in America after pharma-brat founder and former hedge fund manager Martin Shkreli jacked up prices on ancient but vital drug Daraprim, records a $15 million loss on revenue of $5.6 million for Q3. The privately held company will soon start clinical trials for drugs for treating epileptic encephalopathies and PTSD, introducing both hope and despair among those patients who might benefit from the drug but know how hard Turing will put the financial screws to them or their insurance company to obtain it. The first drug earned the FDA’s fast track designation, which makes it surprising that Shkreli didn’t just sell that certificate on the open market since they’ve gone for as much as $350 million. Shkreli is also looking for producers for his upcoming (c)rap album. Those with artistic aspirations but minimal talent always seem to settle for being posers in recording rap, writing children’s books, or appearing on reality TV shows.
Galen Healthcare Solutions hires Steve Brewer (Origin Healthcare Solutions) as CEO. Former CEO Jason Carmichael will remain on the board.
Former IDX CFO Jack Kane joins the board of Health Catalyst. He also serves on the boards of Aesynt (which was just sold for $275 million), T-System, and Athenahealth. He’s also involved with several other former IDXers (including former CEO Jim Crook) in OpenTempo, which offers staff scheduling and workforce management solutions for large medical practices.
Practice Fusion names interim CEO Tom Langan to the permanent role.
Jeff Surges (Healthgrades) will join health plan enrollment technology vendor Connecture as CEO.
Gene Amdahl, who went from being educated in a one-room South Dakota school without electricity to leading the development of the IBM’s System/360 mainframe and later the formation of compatible mainframe competitor Amdahl Computing, died Tuesday at 92.
Announcements and Implementations
Caradigm adds electronic prescribing of controlled substances (EPCS) to its Identity and Access Management solutions (single sign-on, context management, and identity management).
Privacy and Security
A proof-of-concept medical records project wins the Blockchain Hackathon in Ireland. It uses the blockchain to anonymize a patient’s electronic records and make them viewable to doctors or others to whom the patient gives their public identifier, retrieving the information via BitTorrent. A blockchain database securely stores a public ledger of transactions, in essence an ever-growing, append-only transaction log that does not require the participation of any third party to change hands. If you’re excited about the potential healthcare use of blockchain, consider writing an HIStalk guest article so educate the rest of us who have heard the word but don’t know much about it.
The Philadelphia-based Health Care Innovation Collaborative issues a call for chronic disease health project ideas, from which it will choose winners who will work with one or more of its partners that includes CHOP, Drexel University, Independence Blue Cross, Jefferson Health, and University of Pennsylvania Health System. The group was formed by the Greater Philadelphia Chamber of Commerce to increase Philadelphia’s health IT activity.
In England, hospitalized children are being monitored by early warning software originally developed for Formula One race drivers. The pilot project involves wireless vital signs sensors attached to the chest and ankle that send data for real-time analysis and alerts.
BIDMC CIO John Halamka, MD expands on his observations and recommendations for the Meaningful Use program, which he says served its purpose but should be dismantled as it tries to do too much and interferes with patient care. Some of his observations:
- EHR certification threatens usability, interoperability, and EHR quality while also diverting resources away from more important work.
- Nobody is intentionally blocking information exchange – it’s really “incompetence that feels like blocking.”
- Government regulation isn’t the answer to solving societal problems and each new requirement adds a layer of clueless auditors.
- Prescriptive regulation, additional structured data elements, and new quality measures don’t help create disruptive innovation. A business imperative is required.
- The MU program should be rolled into other CMS incentive programs such as Alternative Payment Models and MIPS.
- ONC has become distracted by political agendas, excessive focus on certification, and issuing grants, where it would provide better results as a policy shop that addresses specific problems such as safety and error reduction.
- Stop blaming health IT vendors and providers as the enemy.
- Focus on the few things that really matter, not the 117 goals in the Federal Interoperability Roadmap.
A Health Affairs article says the Meaningful Use program increased hospital EHR adoption, but the effect of penalties as opposed to rewards is uncertain and small and rural hospitals continue to lag. Hospitals cited their challenges as cost, lack of physician cooperation, and the complexity of the MU program.
The San Diego paper profiles startup Doctible, which has created a network of local providers who offer discounted cash prices and online booking for people with high-deductible medical insurance. It bugs me that, like most other sites that list physicians, it puts “Dr.” in front of their name and “MD” after, which is incorrect.
Epic and Cerner face off on interoperability at the Disruptive Healthcare Conference at UW-Madison. A Cerner VP again calls for Epic to join CommonWell, while Epic’s VP says the company already helps its customers connect to CommonWell and shouldn’t have to “buy in” to CommonWell just to keep doing that, explaining, “There is not a magic future down the road in which there is one health information exchange network called CommonWell.” Both VPs agree that hospitals and practices need more incentives to share information.
- AdvancedMD offers a $10 Amazon gift card to anyone who requests their information kit.
- PDR will exhibit at the McKesson Chain & Health System Pharmacy User Conference November 17-18 in Pittsburgh.
- Stella Technology is sponsoring and attending the NYeC Gala Awards to promote health IT in New York City November 18.
- Liaison Healthcare will exhibit at the PointClickCare Summit November 16-19 in Palm Desert, CA.
- LiveProcess will exhibit at the first annual Association of Healthcare Emergency Preparedness Professionals Conference November 17-18 in Omaha, NE.
- MedData will exhibit at the HFMA Region 9 Conference November 15-17 in New Orleans.
- Recondo Technology, the SSI Group, and Streamline Health will exhibit at the HFMA Region 9 Conference November 15 in New Orleans.
- PatientPay sponsors the iPatientCare National User Conference.
- PerfectServe will exhibit at the American Association for Physician Leadership Fall Institute November 13-17 in Scottsdale, AZ.
- Lexmark will exhibit at RSNA15 to benefit Camp Invention’s STEM programs for children across the US.
- ZirMed is sponsoring and will present at “Data-Driven Revenue Cycle” November 18 in Atlanta.
- Insider Theft: The Human Version of Malware (ID Experts)
- Nothing but Net (Ingenious Med)
- Ask the Expert: EMV, Encryption and Reducing your PCI Scope (InstaMed)
- Pro Tips for Implementing Epic’s MyChart (Nordic)
- One Size Doesn’t Fit All (NTT Data)
- Dictation Made Easy (NVoq)
- New Survey Benchmarks Patient Engagement Tactics (Oneview Healthcare)
- Telemetry Care: Cure smartphone alerts (PatientSafe Solutions)
- The Other Socialized Medicine (PatientKeeper)
- Inaccurate Provider Data can be Very Costly! (Phynd Technologies)
- What’s New in Meaningful Use Stage 3? (Sagacious Consultants)
- Reducing Waste by Applying Interoperability Best Practices Presented at Lab Quality Confab (Sunquest Information Systems)
- Technology and Electronic Prescribing Aids in the Fight on Prescription Drug Abuse (Surescripts)