Hackers breach the servers of Newkirk Products, which issues BlueCross and BlueShield insurance cards in several states, exposing the information contained on the cards of 3.3 million people. This will be one of the largest breaches ever, although the information stolen is not extensive.
Newkirk was acquired in 2011 by IT outsourcer and consulting firm DST, which sold its customer communications business to Broadridge Financial Solutions for $410 million just a few weeks ago.
From Jett Cloud: “Re: Epic. I just returned from training and was shocked by the amount of activity that has nothing to do with healthcare, software, or any professional endeavor. There were constantly people playing games outside, sports, Pokemon Go, or similar things. As part of an organization that’s struggled financially and is really stretching to afford Epic, I’m a bit disgusted by the physical lavishness of the campus.” Epic people put in a lot of hours, so I wouldn’t worry that the tiny percentage of its 10,000 employees you saw playing around means they don’t work plenty hard. Most of them don’t even go out for lunch. They’re also mostly in their mid-20s, so just be amazed that despite being the offspring of hovering, overly indulgent parents they show up and get stuff done in what is the first real job many of them have had. I agree that Epic’s campus is unnecessarily extravagant, it’s part of the company’s culture but nobody put a gun to the head of customers to sign those gazillion-dollar Epic contracts that pay for it. At least both customers and Epic employees can enjoy the orchestrated whimsy instead of just the company’s executives – it’s Mahogany Row and reserved parking spots that annoy me. At one of my previous health system employers, we had to keep reminding our executives not to go off script at employee meetings and talk about their reserved parking lots, plush offices, company-paid cars, travel budgets, and big bonuses – they would genuinely forget that those in the room were working for no perks or bonuses, just a paycheck.
HIStalk Announcements and Requests
Poll respondents were fairly evenly split on whether CMS’s new hospital star rating system has value. Furydelabongo says it’s at least a good starting point even though lower-rated hospitals are predictably shooting the messenger. Mobile Man agrees that if you want healthcare to run like a business, this is how business works. Cosmos disagrees, saying hospitals are too complex to be rated by a single rating, and Michael Murphy explains further that the rating doesn’t reflect procedure volume.
New poll to your right or here: will the cost and quality impact of hospital and medical practice consolidation be good or bad? Vote and then click the poll’s Comments link to explain why.
We funded the DonorsChoose grant request of Mr. G in Wisconsin, who asked for two tablets and a programmable robot. He reports, “As many of our students are new to the field of computer science, these materials have helped to inspire them to build a strong foundation of programming knowledge as they enthusiastically dive into the content that is being taught, and seek out opportunities to help Dash and Dot complete new challenges. The pair of robots have also been a way to illustrate programming concepts that would otherwise be confined to a computer screen. For many students, this opportunity to observe and interact with the robots is key to mastering these programming skills. Finally, the robots and tablets have served as an excellent incentive to encourage positive behaviors in the classroom.”
Thanks to the following sponsors, new and renewing, that recently supported HIStalk, HIStalk Practice, and HIStalk Connect. Click a logo for more information.
Last Week’s Most Interesting News
- Advocate Health Care Network pays $5.55 million to settle HIPAA charges following an OCR investigation of three 2013 breaches in just a few weeks.
- Cerner dismisses Athenahealth’s efforts to penetrate the inpatient market in its earnings call.
- Banner Health (AZ) notifies 3.7 million people that their information was exposed in a breach of its food and beverage systems in one of the largest healthcare breaches ever.
- Theranos CEO Elizabeth Holmes didn’t address any of the company’s business-threatening issues in her presentation to the American Association for Clinical Chemistry and instead uses her podium time to pitch new blood analyzer hardware that has not yet been released or approved by the FDA.
- The FTC reverses an earlier decision to drop data security charges against LabMD.
- Apple publishes a patent that would allow iPhone users to connect with a physician, transmit their HealthKit-collected information, and then initiate a telemedicine session.
August 10 (Wednesday) 1:30 ET. “Taming the Beast: CDS Knowledge Management.” Sponsored by LogicStream Health. Presenters: Luis Saldana, MD, MBA, CMIO, Texas Health Resources (THR); Maxine Ketcham, clinical decision support analyst, THR; Kanan Garg, senior applications analyst, THR; Patrick Yoder, CEO, LogicStream health. This presentation will review THR’s systematic process for managing clinical decision support assets, including identifying broken alerts, addressing technical and clinical issues, modifying order sets, and retiring tools that have outlived their usefulness. Attendees will learn how THR uses a robust knowledge management platform to better understand how clinicians are interacting with their clinical content to maintain their order sets and reduce the number of alerts fired.
Acquisitions, Funding, Business, and Stock
Outsourcer Cognizant Technology guides revenue and profit lower due to Brexit, banking, and US healthcare consolidation and spending cutbacks.
Honor, which matches seniors to home caregivers, raises $42 million, increasing its total to $62 million. One of its VC investors said his firm learned their lesson with Oscar Health, and unlike Oscar, Honor doesn’t just offer online matching – the company remains the intermediary with the user as its customer. It keeps in touch with families with its own app that also populates notes that each assigned caregiver can review. The company also offers a wellness check visit in which observational data is sent back to the user’s doctor. Services are offered only in the Bay Area and Los Angeles, but an expansion to Dallas is planned.
From the Allscripts conference call:
- Sales increased 39 percent for the quarter, or 22 percent without the contribution of the acquired Netsmart.
- The company added one new Sunrise customer.
- Allscripts expects to sell more consulting services after implementation of the “staggeringly large” number of MACRA and QPP reporting requirements.
- The company responded to an analyst’s question about how much revenue Northwell Health contributes to the total, with the answer being a single-digit percentage.
Caradigm provided this response to FlyOnTheWall’s rumor report that I ran Friday in which he said the company let 30 percent of its workforce go this past Wednesday:
Since Neal Singh was named CEO in April 2016, he has worked with Caradigm’s senior leadership team to drive our mission of accelerating the healthcare revolution with innovative solutions to promote better care, smarter spending and healthier people. In keeping with its mission, Caradigm is proactively reorganizing to provide clear accountabilities and streamline efforts to improve teamwork, drive simplicity and deliver quicker results – in order to better serve its customers. Caradigm has reorganized Product teams by key solution focus, with the aim of reducing its customers’ total cost of ownership and reducing time to go-live. Its Services organization has been reorganized to focus exclusively on customer implementations, product support, and driving the relationship and partnership experience that customers have with Caradigm. And in recognition of the fact that customers require deep clinical and technical support and expertise through their lifecycle, Caradigm has expanded the charter of the Care Transformation team. These changes required Caradigm to make difficult layoff decisions. The new organization will put Caradigm on a path for innovation to better support healthcare initiatives and enhance its customers’ experiences. Employees who had their positions eliminated have received both severance and resources to help them with their transition. Caradigm is not disclosing further details about the layoffs.
Privacy and Security
Marin Medical Practices Concepts, a California physician billing and EHR services company, pays a hacker’s unspecified ransomware demands regain access to its data. The company’s medical practice customers, which include the county’s public health clinics, had been unable to access their EHRs for a week.
More breach news from DataBreaches.net:
- Carle Hospital announces that an unnamed vendor placed files containing the information of 1,185 patients on its procurement document sharing site, unaware that other vendors could also view the information.
- Nordic Consulting notifies New Hampshire’s attorney general that one of its HR employees emailed current and former employees who were affected by a previous data breach to remind them to sign up for identity theft protection, but inadvertently attached a worksheet containing the demographic and patient information of employees covered by Nordic’s health insurance.
- Athens Orthopedic Clinic (GA) confirms that hacker The Dark Overlord has placed patient information from its breached system for sale on the Dark Web after the clinic declined to pay $335,000 to keep their records private. The Dark Overlord claims to have already sold the information of at least 5,000 of the 400,000 patients contained in the database he downloaded. He made a good business case to the clinic in pricing his services competitively with the alternative since just offering credit monitoring protection will cost more than his price.
Mayo Clinic researchers will climb Africa’s 20,000-foot high Mount Kilimanjaro this week, monitored by sensors from Philips that will help them understand the oxygen deprivation that occurs during both mountain climbing and heart attacks. A drug company is footing the bill.
Apple joins the “bug bounty” movement in which it will pay outside hackers who find and report security flaws in its products. The company will pay $50,000 for bug reports that involve gaining access to iCloud data.
A New York Times article ponders whether it makes sense for hospitals to include a “did we control your pain” question on their patient satisfaction survey that might encourage doctors to over-prescribe the narcotic drugs that already have led a big chunk of America into addiction. Doctors say patients demand specific drugs and use their satisfaction surveys to retaliate if they don’t get them, cutting into the paychecks of the medical staff whose compensation is partly driven by those satisfaction scores.
A study finds that heavy, detailed media coverage of mass shootings causes more gun violence almost immediately afterward, as would-be mass killers see the fame earned by the shooter. The researchers suggests following the “Don’t Name Them” campaign in which mass murderers are deprived of their moment in the limelight by not publishing their names, photos, writings, and details about their past. That would be a fantastic idea except for the sorry state of “eyeballs at all costs” American journalism, where indeed if it bleeds it leads and no amount of public goodwill can offset those Internet page views.
A lawyer credits the autopilot feature of his Tesla Model X for saving his life when he has pulmonary embolism while driving and instructs the Tesla to take him 20 miles to the hospital ED. He’s still not sure that he shouldn’t have called an ambulance instead, but says he figured he could get to the ED faster on his own. Pricing for the Model X starts at $80,000, probably about the cost of his ED visit.
NPR profiles iNaturalist, a social network for wildlife in which users post photos of animals they’ve seen and share them with other to identify them in a form of gamification. At least one previously unknown species has been identified as a result.
Alameda County, CA replaces its long-time jail healthcare contractor after inmate deaths and allegations of poor care. One of its nurses cited inexperienced management and the implementation of new software that wastes clinician time.
I don’t think I was aware of this: the Ragon Institute of MGH, MIT, and Harvard, which has been working in HIV/AIDS vaccine research since 2009, is also supporting Zika virus research. I hadn’t heard of the institute, which is funded via a $100 million commitment from InterSystems founder and billionaire Phillip “Terry” Ragon.
Drugmaker AbbVie tries to block introduction of a biosimilar drug that is a lower-priced competitor to Humira, which generates 60 percent of the company’s revenue. AbbVie has also filed new patents hoping to delay the entry of the new drug to the market. It’s a good reminder that the sole mission of drug companies is make profits for shareholders, not to perform societal good or to help patients. Companies by definition are not capable of having a collective conscience no matter how much their slick marketing suggests otherwise.
Somerset, PA police arrest a man caught wandering the local hospital’s halls by a nursing supervisor. He was wearing a white coat and claiming to be a doctor in the IT department, which might have been more convincing if he hadn’t then asked her for directions to that department or responded, “Yeah, are you?” when she asked if he was a doctor. Todd Knisely then claimed to be testing the facility’s security for an online journal write-up. He might be telling the truth: Googling him turns up his alter ego (the not very creative “Shadow”) and Shadows [sic] Government, where he wrote up his planned social experiment. He also offers IT security services and website management. He says he wondered about the hospital’s security when he was a patient a year ago and found that he had free run of the place – including computers and paper patient records – since the hospital had no security officers on duty. Knisely (or is that Shadow?) says his legal research indicates that he broke no laws, an interpretation not shared by officers who locked him up for impersonation, theft by deception, and receiving stolen property.
Vince and Elise introduce their “Rating the Ratings” series and offer one last chance to providers who have read or contributed to a report from KLAS, Black Book, etc. to complete my survey for future installments.
- Experian Health will exhibit at the Illinois Rural Health Association Annual Education Conference August 10-11 in Effingham.
- PatientMatters will exhibit at HFMA Arkansas: Summer Institute August 17-19 in Hot Springs.
- The SSI Group will exhibit at the OASCA Annual Conference and Trade Show August 11-12 in Portland.
- Stanson Health enables provider compliance with the PAMA imaging clinical decision support mandate.
- VisionWare achieves Microsoft Gold Partner status.
- Huron Consulting Group closes its acquisition of HSM Consulting.
- ZirMed will host its 2016 User Group August 22-23 in Chicago.
- Understanding an Overlay (PatientKeeper)
- Perinatal Nursing & Technology: Time to Accept & Embrace the Challenge (PeriGen)
- How all the King’s Horses and all the King’s Men Were Given One Single, Bundled Payment to Put Humpty Together Again (PMD)
- User Group Season Kicks Off: Upcoming Events and Conferences (Surescripts)
- Healthcare — today’s biggest ransomware target (Iatric Systems)
- 5 Tips from the Trenches: Best Practices for HEDIS 2017 (Verisk Health)
- Work and play, the Voalte way. (Voalte)