Ten-hospital MedStar Health, the largest health system in the Baltimore-Washington corridor, shuts down its electronic systems and turns away elective patients and after what appears to be a ransomware attack that began Monday morning. The systems remain down. The FBI is investigating.
Despite MedStar’s assertion that it is unaware of any demands for ransom, some of its employees reported seeing a pop-up window demanding payment in bitcoin.
Senate HELP Committee Chair Lamar Alexander (R-TN) says the MedStar attack proves that HHS should quickly implement requirements from the Cybersecurity Information Sharing Act of 2015, which calls for HHS to:
- Appoint a cybersecurity leader.
- Create a healthcare cyberthreat report.
- Create a task for to submit recommendations and to disseminate federal cyberintelligence threat information.
- Publish voluntary best practices.
From MD Prof: “Re: NY e-prescribing. You mentioned an exemption for patient-requested paper prescriptions. Can you provide a link to the regs?” I had run across a source that said patients can request paper prescriptions, but upon reviewing the regulations and the stated exceptions, I don’t see such language, so I don’t believe patients have that option after all. Patients and prescribers could see some problems:
- Patients may want to price-shop multiple pharmacies and can’t without having a paper prescription.
- They might not have a particular pharmacy in mind at that moment.
- They may want to send some prescriptions to one pharmacy and others to a different one to save money and new electronic prescribers may struggle with how to do that.
- If the requested pharmacy doesn’t have the medication in stock, the prescriber will have to issue a new electronic prescription to a different pharmacy.
- Patients might choose a pharmacy that is closed for a holiday or for normal hours of operation.
All of these are especially problematic for ED physician prescribers, who would be hard to reach if prescription changes are needed. I’m also not clear of pharmacies can still transfer prescriptions among themselves, which I assume they can once it has been created electronically. MD Prof also notes that it’s a pain for doctors to perform the required manual patient lookup on the I-Stop website to identify possible doctor shoppers and suggests further integration of that database with prescribing systems.
From Circular Logic: “Re: site. I wasn’t able to get on for part of Monday.” Me neither, at least for a few minutes mid-morning. It was really busy yesterday for some reason, with more daily page views than even during the HIMSS conference. In fact, it was the busiest day since July 30, 2015 when the DoD contract winner was announced and when I decided I needed to upgrade to a bigger dedicated server. Maybe it’s time again.
From C. Cortez: “Re: rumors. I hope you don’t listen to the comments of people complaining about running industry rumors. Those rumors are usually correct.” My survey shows that only 1.3 percent of readers don’t enjoy reading rumors on HIStalk, which is not really surprising given that I’ve been running them since 2003 and therefore the audience is somewhat self-selecting. What I’ve learned in that 13 years is that nearly everybody loves reading well-placed “rumors” until they hit too close to home, at which time the indignant commenter suddenly proclaims them to be “gossip.” Many big stories have been broken here from reader rumors, while the rest are still entertaining.
From Sue Veed: “Re: interoperability. Judy Faulkner is still describing technical problems and calls for national standards. The problem is now 40 years old with no resolution in sight. The banking industry adopted MICR check standards in no time and healthcare is still dithering. Why?” I heard a keynote years ago by Dee Hock, a local banker who almost single-handedly created what was then BankAmericard (now the Visa credit card system after which competitors are modeled). He explained that it was tough to convince banks (which were local and regional rather than national back then) that it was in their best interest to work together in a decentralized way to create a nationally available electronic credit card network for their shared customers, which he later described as the prototype for “chaordic” organizations that “blend competition and cooperation to address critical societal issues.” Healthcare IT is stuck in the mid-1960s with no heir apparent to Dee Hock available to convince providers and IT vendors that everybody wins (especially the customer) if they share information.
HIStalk Announcements and Requests
We provided Mrs. Openlander from Missouri with several sets of math and reading flash cards for her K-5 school in funding her DonorsChoose grant request. The cards are placed in high-traffic areas so that hallway waiting downtime can be used for extra instruction.
Also checking in is Ms. Wilson from Virginia, who passes along to HIStalk readers that the five human anatomy models we provided are being used for class demonstrations and “center time,” where the teachers have created add-on learning exercises such as an interactive anatomy whiteboard game. She concludes, “Our students have grown so much in the short time we have had the new materials. I cannot tell you how good it makes us feel to watch them interacting and striving to learn in ways that before you gift we never thought possible … your gift has changed the lives of our students and us forever.”
A quote I can’t get out of my head: “There’s no such thing as a cloud. It’s just someone else’s server.”
March 30 (Wednesday) 1:00 ET. “Coastal Connect Health Information Exchange: Igniting the Power of Events-based Notifications Webinar.” Sponsored by Medicity. Presenters: Cory Bovair, application specialist. CCHIE; Andy Biviano, director of product management, Medicity. Wilmington, NC-based CCHIE, which covers 800 physicians and 1.4 million patients, implemented Medicity Notify for real-time clinical event notifications to help reduce ED utilization, improve care quality, and enhance patient satisfaction. In the first 30 days, physicians and care managers received more than 3,000 admission and discharge notifications.
April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?
April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.
Acquisitions, Funding, Business, and Stock
Dell will sell its IT services business, the former Perot Systems, for $3.05 billion to Japan’s NTT Data to help pay for Dell’s planned $60 billion takeover of data storage vendor EMC. Dell bought Perot Systems for $3.9 billion in 2009. NTT Data, a subsidiary of Japan’s national telephone company, acquired IT systems and services vendor Keane for $1.2 billion in 2010, giving it the Optimum hospital product suite.
Alphabet’s (Google) Verily Life Sciences is losing top executives and its governmental connections with FDA and HHS due to the abrasive management style of CEO Andrew Conrad, STAT reports. The company has apparently abandoned its project for connecting medical devices to the cloud, with all of its team members departing the organization. Also gone is the co-founder of the project to develop a glucose-monitoring contact lens. A biotech consultant who previously worked for a research institute Conrad founded describes him as, “We used to joke and call him the seagull of science. He used to fly in, squawk, crap over everything, and fly away. You couldn’t engage him for more than 10 minutes. It was sort of the overpromise, under-deliver.”
The Department of Defense issues a $77 million, one-year contract extension to Philips for “patient monitoring systems, subsystems, accessories, consumables, spare/repair parts, and training.”
Announcements and Implementations
Boston Children’s Hospital (MA) launches Feverprints, an iPhone app powered by Apple ResearchKit that will use crowdsourcing to explore normal temperature variation and evaluate the effectiveness of fever medications.
Carolinas HealthCare (NC) will implement Epic at Southeastern Health (NC) via a shared services agreement. I believe Southeastern runs McKesson Horizon for inpatient and eClinicalWorks for ambulatory.
AARP Health Innovation@50 announces the ten finalists for its April 27 pitch event:
- Cake (end of life planning)
- Medvizor (patient instructions)
- Penrose Senior Care Auditors (senior check-up app)
- PicnicHealth (personal health record)
- Savor Health (nutrition)
- SeniorHabitat (senior care facility selection)
- SensaRx (wandering sensor)
- SingFit (music as medicine – video above)
- UnaliWear (fall detection and medication reminder watch)
- Well Beyond Care (non-medical assistant finder)
Privacy and Security
A new ransomware variant called PowerWare is discovered to be targeting healthcare specifically in spreading itself via macros embedded in Microsoft Word documents posing as email-attached invoices. It’s smarter than similar types of ransomware, invoking the “fileless” native automation tool Windows PowerShell to download a script and then encrypt the PC’s files. This would be another great reason to demote users who have Administrator privileges or who can run programs with elevated permissions.
Peer60 releases “Trends in Revenue Cycle Management.” Some of its findings: (a) cost is the top criterion for selecting a RCM vendor; (b) collections is the most-outsourced provider service; and (c) the most-unmet RCM needs are denials management, contract management, and value-based reimbursement.
A 60-patient study finds that the fingerstick blood tests previously offered directly to Arizona consumers by Theranos give results that vary significantly from results obtained from venipuncture samples that were sent to Quest and LabQuest.
Banner Health (AZ) will complete by fall of 2017 the replacement of Epic by Cerner at the two Tucson hospitals formerly owned by University of Arizona Health Network, which it acquired in 2015. Banner says the switch will provide “significant savings” to the hospitals, which spent an unbudgeted $32 million and a total of $115 million on their 2013 Epic project, causing a $29 million fiscal year loss that was followed by the sale of UAHN to Banner.
- Aprima will exhibit at the Texas MGMA Annual Meeting March 30-April 1 in Dallas.
- The Baltimore Business Journal lists Audacious Inquiry as one of the five largest software developers in the Baltimore area.
- Catalyze publishes a new e-book, “Innovation Doesn’t Follow Rules.”
- Besler Consulting will exhibit at the HFMA Hudson Valley Annual Institute 2016 April 7 in Tarrytown, NY.
- Burwood Group Justin Flynn will present at the Palo Alto Networks Ignite 2016 Conference April 4 in Las Vegas.
- Carevive Systems shares its latest presentation, Survivorship Care and Care Plans: Transforming Challenges into Opportunities.
- Direct Consulting Associates sponsors the HonorHealth Charity Golf Classic in support of the HonorHealth Military Partnership.
- Divurgent will exhibit at the AEHIS/CHIME Cyber Security Lead Forum April 4 in San Francisco.
- EClinicalWorks will exhibit at the 2016 Health Care Symposium April 1 in Costa Mesa, CA.
- Healthwise will present at the Society of Behavioral Medicine meeting March 30-April 2 in Washington, DC.
- 5 Real Ways to Enable IoT Success in the Enterprise (AirWatch)
- How the HLC Proposes to Transform Healthcare Now (AirStrip)
- EHR Improvements After the AMA “Hateful 8” List (AdvancedMD)
- Progressing with Population Health and Big Data (Caradigm)
- Organizational Health (Part 4) – “Disagree but Commit” (Optimum Healthcare IT)
- Iowa ePA Legislation and CoverMyMeds (CoverMyMeds)
- HIMSS 2016 – Transforming Health with PCMH, Population Health, and More (CTG)
- Starting the Journey: Transforming Your Practice into a Patient-Centered Medical Home (Galen Healthcare Solutions)
- 3 Evolving Revenue Cycle Trends: Leveraging Them to Improve Financial Viability (Hayes Management Consulting)