HHS OCR announces two big HIPAA violation settlements for years-old incidents, both involving the theft of unencrypted, PHI-containing laptops.
North Memorial Health Care (MN) will pay $1.55 million to settle charges involving the 2011 theft of an PHI-containing, unencrypted laptop from an employee of Accretive Health. HHS OCR says the system violated HIPAA rules by failing to require Accretive to sign a business associate agreement and for not performing a security risk analysis.
Feinstein Institute for Medical Research (NY), a non-profit sponsored by Northwell Health, will pay HHS OCR $3.9 million to settle charges that it lacked of security management processes, detection of which was triggered by OCR’s investigation of an unencrypted PHI-containing laptop that was stolen in 2012.
From Dockside: “Re: Novell GroupWise. BJC HealthCare began its Outlook rollout using Microsoft hosting services. The rollout is going well and will be finished in stages over a couple of months. Makes me wonder how many GroupWise shops are left.” I was involved with that same conversion at my hospital many years ago and thought we were probably one of the last holdouts then. Users weren’t clamoring for Outlook, but our GroupWise version was so old that it couldn’t handle long file names and its inline document viewers didn’t work with newer file formats. The product is still around, with the 2014 edition being the most recent version. Most of us in the hospital missed a few GroupWise features that Outlook didn’t have, but nobody had any interest in going back since we had already moved away from Novell Office. BJC is the first-listed success story on the GroupWise site. I also notice that the screen shot included in the Wikipedia entry for GroupWise is from someone in healthcare since the pictured inbox contains emails from HIStalk and HIMSS.
From Legally Blonde: “Re: Hardee County, FL. The grand jury in January 2015 investigated the director of the county’s economic development department for spending $7.25 million to fund creation of what is now CareSync. The jury found that nobody monitored the project or whether it returned benefit to county taxpayers. A member of the economic development board had financial interest in the approval of the money. The jury found that projections of 400,000 users and $26 million in annual revenues were ‘mere smoke and mirrors and not even close to being met.’ The interesting thing to me is that surely that indictment was in play before the investors of CareSync (Merck Global Health Innovation Fund ) invested. There was a Series B raise of 18M in early October 2015. Certainly there were clauses about there being no legal proceedings in the terms of the funding.” The full grand jury report is here. I found a March 2015 story in which the development authority ignored the grand jury’s recommendations. I’m not a legal expert, but it looks like the grand jury was focusing on the county’s economic development board and not CareSync and I saw nothing involving indictments or anything more than recommendations to the county. CareSync said its October 2015 fund raise would enable the hiring of 500 workers, although it didn’t indicate how many of them would be working in Hardee County.
From Empowered Patient: “Re: obtaining medical records. Thank you for sharing Deven McGraw’s excellent explanation in Jenn’s HIStalk article. The HIPAA Omnibus Rule clearly spells out the right that a patient has to receive an electronic copy of their protected health information if the entity is capable of producing it. Further, the electronic copy must be provided in a readily producible form and format, including unencrypted email if that is the patient’s desire. I have argued with CIOs and security professionals who should know better, but denial of these rights is a violation of HIPAA. The American Bar Association has a great overview for anyone who still doesn’t understand.”
From MS Clippy: “Re: HIStalk articles. Which one is the most-read ever?” I don’t have tools that track how many times each post has been read, which would be pretty cool. It’s been busy the last couple of weeks, though, with nearly 10,000 page views Monday and 8,000 on Tuesday and Wednesday. Those are pretty big numbers for the post-HIMSS lull with no blockbuster news.
From Tawdry Tale: “Re: Memorial Hermann. Has been hit by ransomware from the Nemucod Trojan dropper.” Unverified.
HIStalk Announcements and Requests
Ms. Medina says her California first graders are using the engineering kits we provided in funding her DonorsChoose grant request to learn about simple tools and machines.
I also heard from Mrs. Sickle, whose Missouri first grade classroom is filled with charts the students are making from the chart paper we provided.
This week on HIStalk Practice: Complete Family Foot Care informs patients of a Bizmatics EHR breach. St. Clair Specialty Physicians implements Medical Design Technologies charge-capture software. CTO Prakash Khot brings Salesforce ethos to Athenahealth. Morris Heights Health Center goes with EClinicalWorks EHR and population health management software. Atlantic Spine Center launches virtual consults. Xerox’s Tamara StClaire addresses the population health management equation. Physician burnout may lead to a surge of ninjas promoting "warlord tourism."
This week on HIStalk Connect: Researchers unveil a new sensor capable restoring a sense of touch for prosthesis wearers. Personal assistant apps fail to offer clinically relevant results when queried with health questions. AliveCor introduces an Apple Watch band that can capture an ECG. The NHS will expand the use of e-referrals through a $78 million grant program.
March 22 (Tuesday) 2:00 ET. “Six Communication Best Practices for Reducing Readmissions and Capturing TCM Revenue.” Sponsored by West Healthcare Practice. Presenters: Chuck Hayes, VP of product management, West; Fonda Narke, senior director of healthcare product integration, West Healthcare Practice. Medicare payments for Transition Care Management (TCM) can not only reduce your exposure to hospital readmission penalties and improve patient outcomes, but also provide an important source of revenue in an era of shrinking reimbursements. Attendees will learn about the impacts of readmission penalties on the bottom line, how to estimate potential TCM revenue, as well as discover strategies for balancing automated patient communications with the clinical human touch to optimize clinical, financial, and operational outcomes. Don’t be caught on the sidelines as others close gaps in their 30-day post discharge programs.
Acquisitions, Funding, Business, and Stock
McKesson lays off 1,600 people, 4 percent of its US workforce, after losing some of its key pharmaceutical customers.
Cash-strapped Toshiba, struggling after an accounting scandal, sells its Toshiba Medical Systems business to Canon for $5.9 billion. Canon’s healthcare offerings include digital radiography and fluoroscopy systems.
Ireland-based Oneview Healthcare raises $45 million in its Australian Stock Market IPO, valuing the company at $160 million. Shares rose 3 percent on their opening day.
Predictive analytics care coordination systems vendor Pieces Technologies raises $21.6 million in Series A funding.
Riverside Medical Center (IL) chooses Glytec’s eGlycemic Management System and its Glucommander algorithm-based software for insulin management and glycemic control in its diabetes management program.
Charles Perry, MD, MBA, CMIO of Elmhurst and Queens Hospital Centers (NY), resigns in protest, comparing the Epic project of NYC Health + Hospitals with the Challenger space shuttle disaster of 1986. He says his hospitals aren’t ready for their go-live and patients will be harmed if the April 1 date isn’t moved back. He had been in the CMIO role since June 2014.
Impact Advisors promotes Michael Nutter to VP.
Accenture hires retired Army Surgeon General Lt. Gen. Patricia Horoho, RN, MSN to lead its Accenture Federal Services defense health practice, which includes its work on the DoD’s EHR project.
Announcements and Implementations
Wolters Kluwer migrates three customers of the sunsetted Olympus EndoWorks to Provation MD Gastroenterology, the first of 86 facilities that have contracted for the replacement.
Medsphere launches a mobile version of its OpenVista EHR, which includes its NoteAssist template-based patient documentation system.
ID Experts launches the first complete identity protection program for health plan members, which includes protection against all nine types of identity theft. The company offers services for identity monitoring, identity recovery, health fraud, and breach response.
Government and Politics
The VA will attempt to fire three executives from its Phoenix hospital over the 2014 wait times scandal. Two of them were placed on leave nearly two years ago but are still employed, and all three will be able to challenge their termination, which in the VA usually means they’ll just be reassigned. The VA previously fired the hospital’s director, but she got to keep her bonus despite pleading guilty to a felony charge for accepting $50,000 in gifts from a lobbyist who was her former supervisor. She had worked at four VA facilities in five years.
Privacy and Security
Premier Healthcare (IN) breathes a sigh of relief when a stolen laptop containing the PHI of 200,000 people is anonymously returned by mail, with IT forensics showing that it had not been powered on since the theft occurred in January.
UNICEF is testing the use of drones in Malawi to carry the blood samples of babies born to HIV-infected mothers to a hospital laboratory, hoping to cut down on the two-month turnaround time between drawing the blood and receiving the result. Ten percent of the country’s population has HIV.
A physician leaving the medical profession to work for a medical device company she founded explains her decision:
The phenomenon of patients as customers, the cultural rise of entitled incivility, and trusting Dr. Google more than their doctor has eroded some of the pleasure of patient care … In Kurt Vonnegut’s dystopian gem [Harrison Bergeron], to promote equality, the best and brightest were interrupted by technology that slowed thought. Much as the concept of the EHR makes sense in today’s peripatetic world, the required computer interface currently is right out of Vonnegut. Five minutes of patient contact necessitates 10 of charting, documenting discharge, signing scripts, and all must now be done with a mouse and click box. So many of my heroes have stopped seeing patients, so many years of productive practice lost to the interface. The part of the medical equation that solves the problem shouldn’t be doing data entry. Scribes? Real time dictation? While a portable electronic record is a necessary iterative step to longitudinal map that follow patients through life, the EHR kills joy.
Broward Health (FL) demotes its CEO and places its general counsel under review after executives complain about lack of leadership and a prolonged contracting process with doctors that may leave it without specialists who can treat trauma or stroke patients. The hospital’s chief of staff says the former Broward General Medical Center is 30 days away from being forced to shut down. SVP/CIO Doris Peek told the board that employees look to it to provided leadership. The hospital district’s former CEO committed suicide on January 23, followed by a state investigation into the district’s contracting practices.
Boston Medical Center (MA) will offer the digital sleep training app Sleepio as an employee benefit. The UK-based vendor claims hospital employees sleep 4.5 hours per week longer using its cognitive behavioral therapy program. Consumers can sign up directly for $300 per year.
Data analysis by ProPublica may dispute the claims of doctors that payments they receive from drug companies don’t influence their prescribing habits. Doctors who received money or meals from drug and device makers were 2-3 times more likely to prescribe brand name drugs. The study found that 90 percent of cardiologists who wrote at least 1,000 Medicare prescriptions received such payments, as did 70 percent of internists and family practitioners. Reporters contacted three doctors who prescribed high rates of brand name drugs. The first doctor claimed the drugs are of higher quality, the second said he can’t make a living without taking drug company payments, and the third threatened to call the district attorney about reporters questioning the $53,400 in drug company payments he received.
Eleven-hospital Presence Health (IL) announces that it lost $186 million in 2015, blaming one-time charges that include a $53 million write-off of uncollectible debt, a change in accounting policies, and the cost of implementing unstated software (presumably Epic since they’re implementing it).
In Canada, a Winnipeg doctor loses his license for a variety of professional misconduct offenses including failing to install medical records software as ordered in a 2000 disciplinary hearing for poor recordkeeping. A 2014 forensic audit of his computer found no trace of the EHR software, but records suggested he had copied and pasted blood pressure readings over multiple visits. The doctor had submitted in his defense the results of a peer group analysis and an independent audit of his practice, but he later admitted that he just wrote both documents himself.
Friday is Match Day, where graduating medical school students find out where they’ll be spending the next few years working endless hours for low pay. The always-talented University of Chicago Pritzker School of Medicine Class of 2016, led by the musically gifted Beanie Meadow, provides this amusing tribute to their graduating peers everywhere.
Attention, all you witless punsters who think flame-related FHIR jokes are clever: research suggests that you might have a neuropsychiatric disease beyond just being annoying.
- KLAS rates InterSystems HealthShare a top HIE technology in the EMR-independent category.
- PDR will exhibit at CBI e-Rx & EHR-1 March 21-22 in Philadelphia.
- Navicure will exhibit at the MGMA/AMA Collaborate in Practice event March 20-22 in Colorado Springs, CO.
- Nordic sponsors the Southwest Region User group Meeting at Maricopa Integrated Health System March 18 in Phoenix.
- Orion Health CEO Ian McCrae discusses precision medicine on a New Zealand morning show.
- Key Takeaways from HIMSS16 (Medicity)
- All Aboard: Getting Users to Hop on the Secure Text Messaging Bandwagon (Spok)
- Device Deployment in Large System Implementations, There are Things That I Know That I Know (Impact Advisors)
- How to Heal a Broken Heart (bleed Bug) (InstaMed)
- Full Moon over South Beach – SCOPE ’16 (Liaison Technologies)
- Top Takeaways from HIMSS16 (LifeImage)
- #NATCON16 – Informed and Inspired (Netsmart)