HHS considers running an ethical hacking program to identify cybersecurity vulnerabilities, encouraged by results from the Pentagon’s recent pilot program. The concerns of such a program are that, (a) hackers would by definition be encouraged to seek exposed confidential patient information, and (b) they are likely to find a lot of it, thus requiring someone to take action.
“Hack the Pentagon” was the first bug bounty program run by the US government. It drew 1,410 participants this past April and May and paid $71,200 in bounties, or an average of $588 for each verified vulnerability. Most of the reported vulnerabilities involved cross-site scripting, but one participant discovered a significant SQL injection bug.
The DoD used the HackerOne bug bounty program that provides hacker invitations, a leaderboard, hacker messaging, payments, and workflow.
From Venus de Milo: “Re: Epic’s new product name. Userweb shows a whole treat titled, ‘We are excited to announce Caboodle as the new name for Epic’s enterprise data warehouse.’” It’s a quirky name, but I like it. At least they don’t use eye-rollingly unoriginal names like Insight.
From Brownian Movement: “Re: Epic. The company forces the individual employees of consulting firms sign a non-compete directly with Epic. If you work for a consulting firm and have access to an Epic client’s system, you can’t work in software or sales for an Epic competitor for one year after leaving the consulting firm.” The non-compete agreement that Epic requires its own employees (and those of its customers) to sign is almost certainly not legally defensible, so it’s even more likely that such agreements signed by the employees of other companies couldn’t withstand a legal challenge. However, Epic’s industry clout and legendary legal firepower cause everybody to sign the paper anyway. Most of the griping happens only when someone wants to change jobs, but the sit-out period would be over before any expensive legal challenge could be completed. Think about Epic’s heavy-handed control – Epic’s new customers are required to let the company administer tests to their employees who want to work on their Epic project. Epic scores the tests secretly, providing only a hire/no hire recommendation. If you score well, you get to work on the Epic project team and thus get to retain your job. Score less well (by whatever standards Epic uses) and you’ll be banished to the legacy maintenance team with all the other rejects, thus assured of losing your job once Epic is live and your legacy system babysitting skills are no longer needed. It is reasonable to expect companies to stack the deck in favor of their own interests unless someone musters a challenge.
From Follow the Money: “Re: DOJ’s bust for a measly $900 million in Medicare fraudulent billing. Reminds me of a poem by James Roche.”
The Net Of Law
The net of law is spread so wide,
No sinner from its sweep may hide.
Its meshes are so fine and strong,
They take in every child of wrong.
O wondrous web of mystery!
Big fish alone escape from thee!
From Stiffie: “Re: healthcare IT writers and reporters. I looked up their lightweight credentials and made you a table of who is out there dispensing analysis and advice.” I don’t necessarily agree since most publications simply rewrite press releases to resemble original reporting, so it would be a waste for them to hire someone with actual industry experience. If these folks can find and keep an executive-level audience, more power to them because it’s not easy.
HIStalk Announcements and Requests
Two-thirds of poll respondents disagree with the AMA’s opinion that technology reduces the efficiency of care delivery. Some of those respondents correctly noted that “efficiency” is in the eye of the beholder, whose personal data capture efforts might – like paying income taxes — detract from their own performance in deference to the greater good. New poll to your right or here: how would you characterize McKesson’s contribution to health IT?
Mrs. Riley’s Maryland second graders are using the 25 sets of headphones we provided in funding her DonorsChoose grant request to access Internet tools and educational games. They are less distracted by the noise of what other students are doing and she can differentiate the simultaneous activities being pursued by her special education subgroups.
My WiFi range extender was performing erratically, so I replaced it with the $30 Netgear N300. You just plug it into a wall jack near the end of the wireless coverage range of your router, connect your smartphone or tablet to the newly created network (whose name, unless you change it, is your existing network’s name plus _EXT at the end), then enter the network password on the setup page. I’m getting five bars and high speeds far from the router and it’s never hiccupped even once in several weeks. It’s a great solution for coverage problems (distant bedrooms, garage, workshop, or patio) or if you want to stream Netflix from a spot where coverage is too weak to support a high-quality picture. The little gadget even has an Ethernet port if you need to hardwire something.
Listening: Eye Empire, an apparently defunct band that offered the compelling combination of alt metal chops with understandable vocals rather than screaming and grunting, not that there’s anything wrong with that. For an even harder edge with a biker bar vibe (since they love featuring strippers in their videos), there’s always Southern hard rockers Texas Hippie Coalition, which sounds and looks like Charlie Daniels fronting Pantera.
Last Week’s Most Interesting News
- The newly installed president of the American Medical Association says his practice doesn’t use an EHR, preferring to pay the penalty rather than participate in Meaningful Use.
- An HHS OIG analysis finds that one-third of Medicare recipients were prescribed potentially addictive opioids last year at a cost of $4.1 billion.
- HHS credits analytics for helping it identify the 301 people it arrested for Medicare fraud.
- The VA continued its hints about eventually de-emphasizing or replacing of VistA in favor of a commercial product.
- McKesson is reportedly trying to sell its health IT business to Change Healthcare (the former Emdeon).
- A federal report recommends national quality reporting, real-time data sharing, use of best practices, and civilian-military cooperation in reducing 30,000 unnecessary trauma patient deaths each year.
June 28 (Tuesday) 2:00 ET. “Your Call Is Very Important.” Sponsored by West Healthcare Practice. Presenters: Cyndy Orrys, contact center director, Henry Ford Health System; Brian Cooper, SVP, West Interactive. The contact center is a key hub of patient engagement and a strategic lever for driving competitive advantage. Cyndy will share how her organization’s call center is using technologies and approaches that create effortless patient experiences in connecting them to the right information or resource. Brian will describe five key characteristics of a modern call center and suggest how to get started.
Acquisitions, Funding, Business, and Stock
How health IT stocks performed in Friday’s Brexit-triggered selloff, which I expect to be reversed Monday as investors realize that several mechanisms exist to reverse the UK’s decision and that the timeline is long in any case:
Dow: down 3.4 percent
Nasdaq: down 4.1 percent
S&P 500: down 3.6 percent
Allscripts: down 2.7 percent
Athenahealth: down 0.8 percent
Cerner: down 3.1 percent
McKesson: down 3.8 percent
Quality Systems: down 3.1 percent
Paula McCann, VP/CIO of East Texas Medical Center Regional Healthcare System, is appointed to the Texas Health Services Authority board.
Rosanna Morris, RN, MBA, chief nursing officer and Epic EHR implementation co-leader of Nebraska Medicine, is named CEO of Beaumont Hospital (MI).
Announcements and Implementations
IDC Health releases yet another worthless health IT vendor revenue ranking with methodology unspecified. Assuming its information is correct – which I don’t when privately held companies are involved – I don’t know exactly what anyone would do with that information other than, (a) the PR people in companies named to the list who brag on the bestowment of questionable awards; and (b) the uncritical health IT rags that milked this anemic “news” for several paragraphs of slightly reworded press release text. As a customer, I wouldn’t necessarily be delighted that my vendor has more revenue than its competitors, especially if the portion I contributed wasn’t worth what I received in return. Bigger is definitely not associated with better. Perhaps it is appropriate that IDC in text messaging parlance stands for “I don’t care.”
Austin-based revenue cycle technology vendor DaVincian Healthcare, which has raised $50 million in funding, wins a contest for using Amazon’s Alexa to solve financial payments problems. The winning system allows patients to receive prescription refill reminders, ask questions about their prescriptions, and send messages to their providers. I think a lot of people are like me, though – I bought Alexa but never use it since the benefit is unclear if you’re already near a phone and I don’t really know what all it does since Amazon is cool like Apple in not providing a manual. It seems to be best suited for ordering even more stuff from Amazon. The video features a robotic phony doctor decked out in the obligatory scrubs, white coat, and the doctor ego elevation tool (a stethoscope) sitting in what looks like a spare bedroom in front of a desk full of books puzzlingly turned around backwards (they probably didn’t have any actual medical books handy). In fact, the windows in the doctor’s office look exactly like the ones in the patient’s living room and in his daughter’s house, so perhaps they all live together in Alexa-powered health IT communal bliss. Fun aside, it’s a nicely done video and the product is interesting if someone can validate the extent to which Alexa customers have integrated it into their daily lives.
Government and Politics
HHS names Aaron Miri, CIO and VP of government relations of Imprivata, as the privacy and security representative of the HIT Policy Committee. Appointed to the HIT Standards Committee are new members:
- Rajesh Dash, MD (Duke University School of Medicine)
- Kay Eron (Intel)
- Peter Johnson (retired)
- Kyle Meadors (Drummond Group)
- Terrence O’Malley, MD (Massachusetts General Hospital)
- Andrey Ostrovsky, MD (Care at Hand)
- Wanmei Ou (Oracle)
- Larry Wolf (Strategic Health Network)
In Australia, the CIO of Queensland Health and CEO of eHealth Queensland resigns after just seven months on the job to take a private sector position. He was placed under investigation three weeks after taking the job following a nepotism complaint. He was hired by his wife, a Queensland Health executive.
China uses the death of a student from treatments he found from Internet searches to tighten the government’s control over the Internet, requiring search providers to censor “rumors, obscenities, pornography, violence, murder, terrorism, and other illegal information” along with limiting the display of paid ads. That won’t affect Google, at least for the moment, since the Great Firewall has blocked it almost continuously in the years after the company declined to censor search results.
A Vermont citizen advocate wants to know, “What does Vermont have to show for its $50 million investment in VITL?” in referring to Vermont Information Technology Leaders. He questions why patients don’t own their data and claims that VITL’s contract with its technology vendor Medicity requires it to transfer all of its intellectual property and patient information to the company.
Privacy and Security
A newly signed Illinois law requires covered entities that report a data breach to OCR to also notify the state’s attorney general even if the incident doesn’t meet the state’s definition of a breach.
Here’s your “Jeopardy” question for the week. The answer is, “A study surprisingly finds that you really can go blind from playing with this in the dark.” The correct question: “What is a smartphone?”
A Peer60 medical image sharing report finds that McKesson is leading in installations and recommendation scores, with LifeImage leading the pack by a wide margin among vendors being considered by first-time adopters. The least-desirable image sharing technology is, thankfully, CDs, while cloud networks toped the list and site-to-site sharing came in #2. The highest-risk vendors for replacement are Sectra and Philips, with their biggest threat being customers who are pursuing a single-vendor strategy and superior technology.
PBS covers the ordeal of a heart bypass patient who verified that the hospital and surgeon accept his insurance, only to get stuck with a $2,200 bill from an ICU doctor who doesn’t. The patient asks reasonable questions of an unreasonable healthcare non-system: “Out of nowhere, somebody who you never heard of, I don’t remember meeting, sends a bill. Why is he not accepting the insurance? Why is he out of network?” The answer isn’t so simple, of course – hospitals take hundreds of insurances whose coverage varies widely, with the real problem being that hospital bills aren’t all-inclusive even though you might logically wonder why not. The article profiles another patient who was left on the hook for a $5,000 out-of-network plastic surgeon’s bill after rushing to the ED with deep ankle cuts. The hospital answered the reporter’s inquiry with a dry, concise response: “The current system is not optimal.”
- Sunquest will host the Tucson Cancer Regional Moonshot Summit on July 29.
- Craneware will exhibit at the HFMA ANI conference in Las Vegas this week and will co-present a session about pharmacy revenue integrity.
- Optimum Healthcare IT joins CHIME as a foundation partner.
- T-System celebrates 20 years of advancing care delivery and financial outcomes for EDs, freestanding emergency centers, and urgent care.
- ZDoggMD will make an appearance at TeleTracking’s annual conference, October 9-12 in Naples, FL.
- TierPoint is recognized in Gartner’s June 2016 “Magic Quadrant for Disaster Recovery as a Service” report.
- TransUnion, VitalWare, Huron Consulting Group, and Zynx Health will exhibit at the HFMA ANI Conference June 26-29 in Las Vegas.
- Valence Health Chief Strategy Officer Phil Kamp will speak at the HFMA ANI Conference June 26-29 in Las Vegas.
- Visage Imaging and Vital Images will exhibit at SIIM 2016 June 29-July 1 in Portland.
- Wellsoft EDIS publishes a new case study on its work with Kingston General and Hotel Dieu Hospitals.
- ZirMed client Baptist Health will share how it leveraged the company’s revenue cycle solutions at the HFMA ANI Conference June 26-29 in Las Vegas.
- Clinical Alerting: Moving Beyond Nurse Call (Spok)
- Tips to Help Drive Your Population Health Journey and Avoid the Potholes (Verisk Health)
- Hospitals turn to Voalte for a communication do-over. (Voalte)
- Don’t Compromise Your Enterprise – Understanding the Role of Notifications in Your E9-1-1 Solution (West Corp.)
- Advanced Health Risk Assessments that Work (Xerox)