Recent Articles:

Morning Headlines 4/8/16

April 7, 2016 Headlines No Comments

MHS Genesis rolls out as name for new electronic health record

The DoD brands its Cerner implementation project MHS Genesis.

Hospitals’ Computerized Systems Proven to Prevent Medication Errors, but More is Needed to Protect Patients from Harm or Death

A new report finds that CPOE systems fail to flag 39 percent of potentially harmful drug orders and 13 percent of potentially fatal drug orders.

MedStar disputes report it ignored warnings that led to attack

MedStar disputes recent allegations that the ransomware attack it suffered exploited known security flaws from 2007 and could have been prevented with a simple software update.

As hospitals go digital, human stories get left behind

A physician at Massachusetts General Hospital (MA) argues that EHRs fail to capture a meaningful patient story, arguing that EHRs mask “how one symptom relates to another, the emotional context in which the symptoms or events occurred, or the thought process of the physician trying to pull together individual strands of data into a coherent narrative.”

View/Print Text Only View/Print Text Only
April 7, 2016 Headlines No Comments

News 4/8/16

April 7, 2016 News 9 Comments

Top News

image

The Department of Defense christens its Cerner-centered EHR project as MHS Genesis. The functional project champion explains, “We want people to know MHS Genesis is a safe, secure, accessible record for patients and healthcare professionals that is easily transferred to external providers, including major medical systems and Department of Veterans Affairs hospitals and clinics. When our beneficiaries see this logo or hear the name, they’ll know their records will be seamlessly and efficiently shared with their chosen care provider.”

image image

I might quibble that the DoD’s new logo incorrectly contains all capital letters in spelling GENESIS and looks like something a Photoshop newbie might design, but at least it uses the correct Greek mythology symbol of the wingless Staff of Asclepius – which denotes healing and medicine –rather than the oft-mistaken winged Staff of Caduceus, which is symbol of commerce. Still, I  can understand how the latter is more appropriate than the former in our convoluted healthcare system, where the lines at the financial trough are often serpentine.


Reader Comments

image

From ZenMaster: “Re: Sandlot Solutions. Website down. Phone not working. Clients frantic. A cautionary tale for all the start up Population Health Analytics companies out there. HIE / Healthcare Data Aggregation / Population Analytics is hard. Proceed with caution.”

image

From A Vendor That Also Finds Email Tracking Slimy: “Re: vendors being informed when you open their spam email and then contacting you directly. Most of these programs function by embedding a one-pixel image into emails and tracking when that image is loaded. Disable the automatic download of images in your mailbox settings or contact your organization’s IT team about blocking or filtering items that are created using similar methods like Tout, Sidekick, Yesware, Streak, etc.” Promos for the Yesware tracker shows why aggressive companies keep using it for “prescriptive analytics” to pester prospects – unfortunately, it works, just like other sales techniques that range from cold calling to outright lying.


HIStalk Announcements and Requests

image

We funded the DonorsChoose grant request of Ms. S in Texas, who asked for five animation studio kits for her elementary school class to produce STEM-related movies.

image image

Also checking in is Mrs. S from Connecticut, whose middle schoolers are using the Chromebooks we provided to publish and discuss their writing, with some of the most active participants being those students who don’t otherwise engage.

image

Speaking of Chromebooks, I decided to round out my little technology arsenal of everything I use to research and write HIStalk (a $300 Toshiba laptop and a $200 iPad Mini) with a Chromebook. The Asus C201 has an 11.6-inch monitor (perfect for traveling), 4 GB of memory, a 16 GB solid state drive, a very nice Chiclet keyboard (I’m not a fan of on-screen and tiny Bluetooth keyboards), and a battery life of around 10-12 hours. It weighs about 2 pounds and is 0.7 inches thick. It powers on and off almost instantly and took almost no time to set up, automatically updating itself as needed in the background with no third-party antivirus needed. The learning curve is pretty much zero – the only workaround I had to look up was how to regain Delete-key function since that key is omitted from most Chromebooks for space reasons. Best of all, it was only $200 complete with a nice padded sleeve and a wireless mouse with nano receiver. Chromebooks use the Chrome OS operating system instead of Windows or Linux, so they won’t run most desktop apps, but the Chrome browser is very fast (as are Google Docs and Gmail), Dropbox works fine, and thankfully my most valuable program LastPass works great on it for automatically logging me in password-protected sites I’ve saved, like Amazon. I even installed the Chrome OS version of Teamviewer in case I need to remote back into the laptop to do something. It’s not for everyone – for example, folks who rely on desktop versions of Office – but you might be surprised at how much of your work is online once you think about it and this is an inexpensive, lightweight, headache-free alternative to Windows or Apple laptops. 

This week on HIStalk Practice: KAI Innovations acquires Trimara Corp. Family physician Kim Howerton, MD stumps for direct primary care in Tennessee. DuPage Medical Group expands relationship with PinpointCare. Cable and home security business Connect Your Home gets into the telemedicine business. Culbert Healthcare Solutions VP Johanna Epstein offers advice on improving patient access (and ROI to boot). Kaiser Permanente Northwest puts medical record access at patient fingertips. Tribeca Pediatrics founder details the drastic steps he took to revitalize his failing practice. Biotricity CEO Waqaas Al-Siddiq offers his take on what’s holding physicians back from making the wearables leap.


Webinars

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

Andover, MA-based National Decision Support Company opens a research and development headquarters in Madison, WI.

image

Population health management systems vendor Lightbeam Health Solutions acquires Browsersoft, which offers an HIE solution built with open source tools.

image

Digital check-in vendor CrossChx raises its second $15 million round in two years, increasing its total to $35 million.


Sales

image

Tampa General Hospital (FL) will implement the Voalte Platform for caregiver communication.

Universal Health Services will replace the former Siemens Invision revenue cycle solution with Cerner’s revenue cycle solution, integrating with UHS’s existing Millennium products. For-profit hospital management company UHS operates 25 hospitals.

The Department of Defense awards a five-year, $139 million contract to McKesson’s RelayHealth for patient engagement and messaging solutions. I assume that’s an extension or expansion since the military was already using RelayHealth.

Ernest Health (NM) will expand its use of NTT Data’s Optimum Clinicals suite in four facilities. The organization uses Optimum RCM in its 25 locations.

image

Queensland, Australia’s Metro North chooses the referrals management system of Orion Health.


People

image

Influence Health names Michael Nolte (MedAssets) as CEO. He replaces Peter Kuhn, who remains as president, chief customer officer, and board member.


Announcements and Implementations

image

Franciscan Alliance (IN) uses InterSystems HealthShare to create a vital signs viewer for legacy data that can be accessed from inside Epic by its 140-physician group.

image

India-based doctor finding and appointment scheduling app vendor Practo begins answering medical questions from India, the Philippines, and Singapore at no charge via Twitter using the @AskPracto account.


Government and Politics

image

National Coordinator Karen DeSalvo, MD, MPH says of information blocking in a Wall Street Journal interview, “We don’t have all the authority we need to really be able to dig into the blocking effort. We have put forward a proposal to Congress asking for more opportunities to address the issue.” She says that it’s a big step that the major inpatient EHR vendors have pledged to not participate in information blocking vs. a year ago when “people said blocking is a unicorn and not happening.” She adds consumers are interested in third-party apps that can extract data from elsewhere to create their own longitudinal health record and says that person-centric medical records will shift “very deliberately away from the electronic health record as being the source or center of the health IT universe.”

image

HHS asks for ideas about how to measure interoperability within MACRA objectives, with responses due June 3. The most interesting part of the information published in the Federal Register is that ONC is considering analyzing the audit logs of EHR users to determine how often they exchange information.

AMIA says proposed HHS changes that would give drug and alcohol abuse patients more control over their medical records aren’t adequate and fail to address electronic information exchange. AMIA wants HHS to revisit the idea of giving patients granular sharing control over their entire medical record, saying that managing substance abuse data differently is “a dated concept and flawed approach.” Doug Fridsma, MD, PhD, AMIA president and CEO, said in a statement, “Clearly, the trend in healthcare is to make patients first-order participants in their care. This means giving them complete access to their own medical records, and it should mean giving them complete control over who sees their medical information.”


Privacy and Security

MedStar Health (MD) disputes earlier Associate Press reports indicating that an unpatched JBoss server allowed hackers to take its systems down with ransomware. MedStar says Symantec, which it hired to investigate the attack, has ruled out unapplied 2007 and 2010 JBoss patches as the problem. The AP stands by its earlier report and adds that experts say that the Samsam ransomware that infected MedStar can be prevented by keeping updates current.

Google’s Verily Life Sciences biotechnology company comes under fire for awarding a research contract to a company its own CEO owns and for failing to tell its Baseline health study volunteers that it is planning to sell their data to drug companies for a profit.

image

Metropolitan Jewish Health System (NY) announces that an employee of one of its participating agencies responded to a phishing email in January 2016, with the unidentified hacker gaining access to the email account that contained PHI.


Other

Leapfrog Group  finds that CPOE systems still miss a significant number of drug ordering errors, failing to warn the prescriber of potentially harmful orders 39 percent of the time and also missing 13 percent of potentially fatal orders. Leapfrog collects voluntary CPOE test results from hospitals that use its testing tool.

The AMA publicly supports AllTrials, a global campaign that calls for every past and present clinical trial to be registered with their methods and summary results reported. The campaign says it’s not fair to study participants to hide study results that are inconclusive or unfavorable to the sponsoring organization, such as a drug company buying a study that finds one of its products ineffective. Commendably, the AMA’s involvement came from a proposal from its Medical Student Section. 

image

The COO of BCBS of North Carolina, promoted from CIO four years ago, resigns abruptly after the botched rollout of a billing and enrollment system last November during Healthcare.gov’s open enrollment period. The company is scrambling to rewrite the system in time the next open enrollment that starts November 1. It found an unspecified “fatal problem” in its software before last year’s open enrollment began, but continued anyway thinking it could fix problems as they arose, causing 147,000 customer calls on November 1 alone and 500,000 in the first week. The company imposed emergency measures in January 2016 after projecting that it will lose $400 million in North Carolina Healthcare.gov business, turning off the ability for consumers to apply online since they had no way to determine whether the applicant was actually eligible to purchase insurance.

image

The always-hustling Newt Gingrich pens an editorial criticizing his home state of Georgia for proposing to outlaw people doing their own eyeglass exams at home via a company’s app. USA Today got the assurance of Newt’s people that he had no financial interest in any related firms before running his op-ed piece, only to find out afterward that he’s running a $100 million tech fund with a private equity firm.

image

I missed a great April Fool’s prank by MedData, who announced the April 1 hiring of Hayden Siddhartha "Sidd" Finch as chief experience officer, slyly referencing a 1985 George Plimpton April’s Fool fake story in Sports Illustrated involving a Tibetan pitcher with a 168 mph fastball. The brilliant Plimpton even led off the 1985 story with a clever clue in spelling out “Happy April Fool’s Day” with the first letters of each word in the opening sentence, but still duped a significant number of people who should have known better (including a Senator, reporters, and Mets fans looking for hope).

An article questions whether it’s OK for sexting-comfortable teens to send genitalia photos to their doctors for diagnosis, wondering whether those images should be sent securely or whether the doctor receiving them might even be charged with possessing child pornography.

image

A woman who recorded her hernia operation with a hidden recorder captures OR staff making fun of her belly button and calling her “Precious” from the movie about an overweight teen. Harris Health System (TX) declined to comment citing HIPAA, but told the woman they had reminded OR staff to watch their comments and that was enough. She says she was racially profiled and is considering suing.

A primary care physician at Massachusetts General Hospital (MA) says the lack of patient narrative in EHRs dehumanizes patients and hampers the diagnostic abilities of physicians, noting that the story of Cinderella, if entered into the hospital’s newly implemented Epic system, would be a problem list consisting of “Poverty, Soot Inhalation, Overwork, and Lost Slipper.” She describes Epic (and thus EHRs in general) as:

Epic features lists of diagnoses and template-generated descriptions of symptoms and physical examination findings. But it provides little sense of how one event led to the next, how one symptom relates to another, the emotional context in which the symptoms or events occurred, or the thought process of the physician trying to pull together individual strands of data into a coherent narrative. Epic is not well-suited to communicating a patient’s complex experience or a physician’s interpretation of that experience as it evolves over time, which is to say: Epic is not built to tell a story.

A Boston Globe article ponders why the medical schools of Harvard and nine of its prestigious peers like Yale, Johns Hopkins, and Columbia don’t have a department of family medicine. Harvard blames lack of costly participation by its affiliate hospitals to support a residency. However, a Harvard medical student says doctors specializing in internal medicine and pediatrics often bolt for more lucrative subspecialties while most family medicine practitioners remain in primary care, adding that Harvard Med thinks, “You’re less competitive or you’re less rigorous if you’re interested in primary care.” Ironically, Harvard launched one of the first family practice residencies in 1965, but the federal government ended its funding 10 years later due to poor quality. The chair of the recently created family medicine program at Icahn School of Medicine says bluntly, “It’s bizarre to me that you have these institutions that don’t really feel that there’s a requirement to introduce their students to the second-largest specialty in the United States.”

The department of physical and occupational therapy at Massachusetts General Hospital (MA) create a video just before its April 2 go-live with Epic.


Sponsor Updates

  • CloudWave joins the Microsoft Cloud Solution Provider program.
  • Experian Health will exhibit at the SE Managed Care Conference April 7-8 in Charleston, SC.
  • PeriGen publishes its annual review of labor and delivery malpractice awards.
  • Red Hat announces the winners of its 2015 North American Partner Award Winners.
  • The SSI Group will exhibit at the Texas Ambulatory Surgery Center Society 2016 Annual Conference April 7-8 in San Antonio.
  • Streamline Health will exhibit at the 2016 HASC Annual Meeting April 13-15 in Dana Point, CA.
  • Surescripts announces its 2015 White Coat of Quality Award winners for excellence in e-prescribing quality.
  • Iatric Systems will exhibit at the Hospital & Healthcare IT Reverse Expo April 13-15 in Atlanta.
  • RTLS technology from Versus earns Cisco Compatible Extensions certification.
  • A record number of attendees gather at InstaMed’s annual user conference.
  • InterSystems will host its annual Global Summit April 10-12 in Phoenix.
  • Intelligent Medical Objects will exhibit at HealthCon2016 April 10-13 in Lake Buena Vista, FL.
  • Netsmart will exhibit at the Texas Public Health Association Conference April 11 in Galveston.
  • Obix Perinatal Data System will exhibit at the SSMHealth Annual Perinatal Nursing Conference April 14 in Fenton, MO.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
April 7, 2016 News 9 Comments

EPtalk by Dr. Jayne 4/7/16

April 7, 2016 Dr. Jayne 4 Comments

clip_image002 

In a previous post, I mentioned Epic vital signs alerts with values that were way out of range. Several readers commented, with one saying this couldn’t possibly be a client value and another wondering what other customer-built “garbage” might be in their system. The original reader who shared the alert sent me a screenshot of the Epic foundation build, showing the Epic-released values that are delivered read-only. Although you can modify it on age-based overrides, the the maximum pulse of 500 is out of the box.

Even worse, I noted that the pulse values all have trailing zeroes. I’ve spent more than a decade arguing with EHR vendor staffers about the concepts of precision and significant digits, and the fact that trailing zeroes don’t belong in fields like these. Since a pulse measurement obtained via traditional clinical skills can’t technically be precise to two decimal places, it shouldn’t be reported as such. Weird News Andy chimed in as well, suggesting that perhaps it was an alert for hummingbirds.

clip_image004

It’s National Public Health Week. Events in our area focused on tobacco, obesity, and diabetes. One of our offices had planned to host a blood drive, but it was canceled by the blood bank due to an “equipment malfunction.” I’m not sure what might be malfunctioning that would prevent us from using disposable collection gear, but we weren’t able to find another agency that had availability. Hopefully we’ll be able to make up for it next month.

Several of my consultant friends have a betting pool running on when CMS will release the MIPS/MACRA proposed rule. It looks like it has gone to the White House Office of Management and Budget, which might mean we could see it sooner than some of us thought. I’m banking on Memorial Day weekend since CMS has made a habit out of releasing it just before long weekends. By law, it has to be released within 90 days, but I think there may have been one recent proposed rule that came out past the 90-day mark. I’m too tired to Google it though, and it doesn’t really matter, so props to those of you who know for sure. I’m seeing a deluge of information from professional societies asking their members if they’re ready for MACRA, which is funny because many of the front line physicians I talk to don’t even have an idea what it is.

I mentioned it before, but the White House petition supporting a voluntary patient identifier doesn’t seem to be getting much traction. Only 6,000 people have signed it since it went live on March 20. It needs nearly 94,000 more signature prior to April 19 in order to receive a response from the White House. Although the Executive Branch can’t actually solve the problem, getting enough signatures on the petition would make a statement. If you’re supportive, please consider signing to have your voice heard.

clip_image006

The AMIA iHealth conference is right around the corner. I’ll unfortunately be attending another conference at the same time, but am interested to hear from readers that may attend. It’s approved for 12 hours of ABPM LLSA credit, so if you’re board certified in Clinical Informatics and haven’t started earning your hours, it would make a nice start. I’m nearly done with my continuing education for the year, which is a good feeling. The only thing I have left is a module for my primary board certification, and I’m waiting until summer when a new MOC paradigm goes into effect for us.

image

I often have physicians throwing articles at me with ratings and rankings of the “best EHRs.” Such pieces generally drive me crazy, because once you dig into the number of participants and truly dissect the data, it is often poor. In one recent study, the physicians polled couldn’t even correctly identify their vendor and instead claimed they were using systems from vendors such as “CPOE” and multiple acronyms developed by hospitals to brand or market their systems. The prize for the best article of the week goes to GomerBlog, however. Thanks for the laugh because I sorely needed it this week.

What’s your favorite EHR? Email me.

Email Dr. Jayne.

View/Print Text Only View/Print Text Only
April 7, 2016 Dr. Jayne 4 Comments

Morning Headlines 4/7/16

April 6, 2016 Headlines 2 Comments

Allergan, Pfizer call off proposed $160B merger

Pfizer backs out of its plan to acquire Allegran and move its headquarters to Ireland for tax reasons after the Treasury Department put new rules in places to make tax inversions less lucrative.

National Health IT Coordinator Says Technology Can Help Unblock Patient Data Access

National Coordinator Karen DeSalvo, MD discusses health data portability, information blocking, and cloud technology in a Wall Street Journal interview.

Better Health Care: A Way Forward

Former National Coordinator David Blumenthal writes a JAMA op-ed on improving access, cost, and quality of care.

It’s Time To Stop Pretending Patients Don’t Care About Their Medical Records

Fast Company discusses barriers to expanding patient access to their medical information after an informal internet survey finds that 77 percent of patients are very interested in having access to the information.

View/Print Text Only View/Print Text Only
April 6, 2016 Headlines 2 Comments

Readers Write: The Future of Mobility and Cloud in Healthcare

April 6, 2016 Readers Write No Comments

The Future of Mobility and Cloud in Healthcare
By Joe Petro

image

For some time now, we’ve been hearing concerns voiced by physicians about how complicated their lives have become due to the mountainous documentation requirements. Among the most difficult is capturing the details a patient shares during a consultation and trying to fit that information into the structured template found in today’s EHRs.

How can we expect a patient’s story to be impactful when all its context and richness is lost to making sure we click and check the right boxes? This is a byproduct of all the initiatives coming out of the federal government. The EHRs are left with no choice but to force the structured capture of clinical documentation.

At the same time that we see these changing requirements, we’re also seeing a change in the technology used by physicians. Physicians are becoming increasingly more mobile and technologies can improve the physician experience and allow them to capture the patient story across the multitude of devices they currently use throughout the day. Executed properly, this ultimately offers physicians a way to streamline this documentation burden as certain technologies, such as speech recognition and language understanding, let them capture the required documentation in a more natural way.

In parallel, we are seeing an emergence of a cottage industry of mHealth app vendors looking to bring innovative technologies to the healthcare workflow. We have reached a tipping point where technical tools make it easier to leverage a large number of advanced capabilities. This makes it easier for the entire industry to create solutions and applications that are immediately impactful. This is a unique time and place in our technological evolution in the healthcare space.

Cloud is an example of a set of technologies that makes things easier and has the potential to deliver high impact. The cloud makes it possible for technologies to meet physicians wherever they are, on any device, at any time. For example, physicians can enter data into their mobile devices/apps any time, anywhere, and on the go. The cloud will be there to broadcast this information far and wide to EHRs or other apps and tools in a more meaningful way no matter where it originated. Thanks to cloud enablement, mHealth apps and other innovations become more useful to the physicians who want to be mobile.

Mobile and cloud innovations are impacting patients as well. Mobile applications and wearable devices are allowing patients to manage their own health, capture their own health data, and turn this data into actionable insights. Our lives and our health are on the brink of being substantially instrumented. We are now tracking sleep and eating patterns and mobile devices are starting to capture valuable information from blood pressure to heart rate to weight and more.

This technology can help patients comply with the treatment plans that physicians prescribe by allowing them to report progress or other important details in real time. The cloud is connecting patients to their own personal health experience, enabling them with the tools they need to better look after and manage their own health. It also connects patients to their healthcare providers and institutions before they actually need to receive care, potentially keeping them out the hospital in the first place. This evolution is taking place today.

We’re transitioning to a phase where we can truly call this “healthcare” instead of “sick care,” a phase where we are shifting to managing our health proactively instead of just managing a sickness after it has already happened. With all this data available via the cloud, EHRs and all health-oriented applications will evolve, making it easier for physicians to leverage the technology to increase productivity and improve quality of care. The value that the EHRs are promising to deliver will be delivered partly through this mechanism.

As we continue down this path, we move towards a setting that seems as if it’s almost from a futuristic movie where everything in healthcare is mobile, connected, and intelligent. We’re going to see patients surrounded by enabling technology in such a way that intelligent services in the cloud will help their mobile devices keep track of important information that can then be used during visits with their physicians or, more importantly, prior to visits.

Physicians will be primed for the visit with everything they need on a device, reducing the time patients spend having to tell the same thing to three different people upon entering a health system. Present-day documentation requirement problems will eventually fade into the background as technology advances and interacting with these systems become more human-like and natural. Physicians will be able to focus fully on what got them into medicine in the first place: caring for their patients.

Joe Petro is senior vice president of healthcare research and development of Nuance of Burlington, MA.

View/Print Text Only View/Print Text Only
April 6, 2016 Readers Write No Comments

Readers Write: Tax Rebate? Insurance rebate!

April 6, 2016 Readers Write No Comments

Tax Rebate? Insurance rebate!
By Richard Gengler

image

Now that tax season is in full swing and the eventual rebate is around the corner, it is an ideal time to think about another kind of rebate. This one stems from the changes in healthcare policy with the Affordable Care Act (ACA) with the increasing push of the triple aim of improved patient experience, improving the health of populations, and reducing the per capita cost of healthcare.

With the individual markets becoming the fastest-growing part of the payer sector and increasingly competitive, payers are searching for any potential leverage to obtain, retain, and grow their membership base. There is more discussion on the importance of net promoter score (NPS), whereby payers can utilize their existing members to act as promoters.

By utilizing new innovations and alternative service modalities, insurance companies are able to hit all three parts of the triple aim. Almost on a daily basis we are hearing about innovations that have greater than 90 percent user satisfaction rates and significantly having positive impact on population health at potentially a fraction of the cost.

Health plans are required to have an 80 percent or 85 percent medical loss ratio (MLR), meaning that they spend this amount of the premiums they collect on medical expenses. The rest can be used for administrative, profit, and marketing. Any difference in this percentage must be refunded to the members, according to law. Great idea, but does this actually work?

Looking back to 2014, there are plentiful insurers offering rebates to their members in a wide variety of markets from individual, small group, and large group. Take, for instance, Celtic Insurance Company in Arkansas, which had $6,774,488 in rebates to its individual market. Or how about California Physicians Service ,with an astounding $21,819,095 for its small group market. In the large group market, Cigna Health and Life Insurance Company of DC sent back $5,608,359.

clip_image004

One would think this is an opportunity to fully engage and grow membership. Data from the Kaiser Family Foundation shows that many insurance companies are not meeting the medical loss ratio standards. This signals a missed opportunity.

clip_image006

To calculate the MLR is quite simple.

Let’s take, for instance, a population of 3 million Americans using a service that traditionally costs $1,751 per person per year. If there was an alternative service modality that is clinically equivalent for $30, this would create a savings of $1,721 and a percentage difference of 98 percent. If the premiums and other elements remain the same, this could be extrapolated out to provide bountiful rebates to the members.

Next time you are thinking about innovative strategies to increase the NPS of your members while increasing membership, think about your taxes. Your members will thank you, tell their friends, and increase your membership.

Richard Gengler is founder and CEO of Prevail Health of Chicago, IL.

View/Print Text Only View/Print Text Only
April 6, 2016 Readers Write No Comments

Readers Write: All Claim Attachments are Not Created Equal

April 6, 2016 Readers Write No Comments

All Claim Attachments are Not Created Equal
By Kent McAllister

image

According to the 2014 CAQH Index, responding health plans representing 103 million enrollees returned data on claim attachments. There was approximately one claim attachment for every 24 claims during 2013 from those same responses.

Interestingly, the vast majority of claim attachments were submitted manually via paper delivery or fax. CAQH counted approximately 46 million claim attachments processed among the plans reporting, which can be extrapolated to roughly 110 million claim attachments industry-wide.

CAQH also estimates another 10 million prior authorization attachments. This statistic suggests a total of 120 million attachments annually across healthcare.

There’s a clarification, however, that must be made when dealing with attachments. Electronic attachments, in and of themselves, are not always the same despite industry rhetoric claiming that there is little difference between the healthcare sectors.

When dealing with the substance of attachments, there are two major distinct segments that providers must accommodate. These two segments are vaguely similar at the highest level, but distinctly different at the business process level for a few reasons. These two segments align with respective accountable payer organizations:

  1. Health and dental plans: commercial health plans and federal and state fiscal agents and administrators,
  2. Workers compensation (WorkComp): property and casualty insurance carriers and third-party-administrators.

The majority of the 120 million attachments are processed by health plans. Dental plans also manage an essentially equivalent business process for handling attachments, often through the same technical channels and human resources with similar skills.

Workers compensation claims, on the other hand, while voluminous, have a notably different set of business processes because of a number of distinctions in both the property and casualty insurance business and in the nature of “claims” in WorkComp parlance.

A WorkComp claim is generally related to an individual injured on the job. That claim may have a life of many months, or, in some cases, years. Resulting from that claim are typically many bills (or e-bills) that usually have an attachment. The e-bill submission process is more similar to property and casualty processes — such as auto physical damage — than to traditional health and dental plan processes.

An interesting contributor to this distinction is that property and casualty insurers are not considered “covered entities” under the 1996 HIPAA legislation. This is important, and any industry observers not recognizing this are failing to accommodate a major consideration.

Just as not all claim attachments are equal, neither are all vendors. For example, some companies that are heavily involved in the P&C space don’t work with the medical side, while others focus almost exclusively on medical. Vendors usually serve one of the two often-unrelated markets.

Providers must be aware of the differences. P&C electronic attachments, even though they may sound as if they’re in the healthcare setting, just don’t carry the same weight as electronic claims actually exchanged to support patient claims generated within a health system. Likewise, those vendors that work almost entirely in healthcare have little claim, if any, to the P&C market.

In a market filled with healthcare claims-related vendors, healthcare organizations must be able to place their trust in partners that understand the complete landscape of the healthcare space. They should also know that even though WorkComp may appear on the surface to be medical, it requires an entirely different scope of work than their counterparts working in the space. In this burgeoning sector of healthcare administration, messages are often painted too broadly with too wide a brush and healthcare leaders should be wary when entering into conversations that broach the subject of electronic attachments.

For the improvement of all parties involved, vendors should recognize and articulate the differences between health and dental attachment processes and WorkComp attachment processes in their public messages. The industry will be better served if vendors accept a mandate to clarify market confusion and to paint clearer lines as to their roles in electronic attachments.

Kent McAllister is chief development officer of MEA|NEA|TWSG of Dunwoody, GA.

View/Print Text Only View/Print Text Only
April 6, 2016 Readers Write No Comments

HIStalk Interviews Paul Brient, CEO, PatientKeeper

April 6, 2016 Interviews No Comments

Paul Brient is CEO of PatientKeeper of Waltham, MA.

image

Tell me about yourself and the company.

I’ve been CEO of PatientKeeper for almost 14 years. Our company is focused on automating physicians, primarily in an inpatient setting. We offer an overlay solution that allows doctors to automate their entire days, regardless of the back-end system that they are working on in their hospital.

Given the data entry that’s expected of physicians, is it possible to make usability better?

Certainly usability has come to the forefront as we have gotten past the adoption question and people are using it. But now the question is, can people use it in a way that saves them time? Clicks and keystrokes are the enemy of saving time. Lack of intuitiveness is as well. If you have to puzzle over a screen and figure out what is being asked of me, or how do I find that order that I’m looking for, those things all kill productivity.

Clearly we think it’s possible to create systems that save physicians time, but it requires a very thoughtful set of work. Not only on software design, but also on, what are we going to ask the physician to do? 

Obviously in our current healthcare environment, there are a lot different people in different organizations that have very legitimate things they would like physicians to do. Unfortunately, without some sort of filter or prioritization of them, you end up with all of them being thrust on the doctors. That just kills their productivity.

How do you go beyond the technical definition of usability to design software that physicians will at least tolerate and maybe even enjoy using?

In healthcare, that is a particularly challenging question. If you go back to the days of Hewlett-Packard, they were engineers building software or systems for engineers. They had this next-bench idea, where literally they would be building a tool for an engineer at the next workbench at Hewlett-Packard. They had this great environment for design.

In the healthcare world, that’s just not practical. You can’t just go sit in a hospital and have doctors write software while they are taking care of patients. That would be a bad thing for lots of reasons.

We think the best approach is get as close to that as you can, though, which is to have full contact with practicing providers to get feedback on what the real world is in healthcare delivery. Not a theoretical world, a theorized world, or a world they way we would like it to be. The actual world of all the crazy data patterns and situations that occur.

Then, get experienced designers who have usability training who understand how to build good software. If you don’t expose them to the chaotic and complicated world that physicians face every day, they just can’t build software that works for them. It’s really hard. It’s a difficult challenge to get access to that environment and then also to digest it in a way that makes sense.

The handful of significant inpatient EHR vendors are running decades-old code. Are they challenged to meet customer demands without rebuilding their products from the ground up?

Cerner Millennium — which I think is the most modern of the systems — was released before the millennium, in 1997. They certainly all have some legacy aspects to them in terms of technology. They weren’t built yesterday. You couldn’t have built them yesterday, because it takes a long time to build these systems. They’re big and complicated and they have many, many elements to them.

But I do think that some of the vendors — with the move towards interoperability and some of the standards that are being proposed, the FHIR concept if not the standard — pressure is starting to get applied that will allow these systems to become more open and allow innovation to occur that hasn’t before. Even a system as old as Meditech Magic can be made very open. It’s not a technological limitation, it’s a philosophical limitation. The push towards interoperability is helping to get the philosophy aligned more where we would like the technology to go.

When we talked three years ago, you said that healthcare is the only area left where it’s OK to have a monolithic, closed system that doesn’t support interoperability or an ecosystem. Where do you see that going?

Certainly in the last three years it has improved a lot. The FHIR standard has come out. At HIMSS, we saw Cerner demonstrating applications running against Millennium and moving across and running those same applications against Epic or even PatientKeeper, since we support it as well.

That’s a big change. That’s awesome. But it’s not yet sufficient. Even if you make the software interoperable, the data underneath in many hospitals isn’t yet. It’s not LOINC encoded and all that stuff like it would be if you started from scratch. But they did their implementations 30 years ago as well.

There’s still a lot of work to do as an industry. It’s a little bit chicken-and-egg. The more we open stuff, the more people can innovate and invent and other vendors can create cool applications that motivate people to want to exercise interoperability. That says, we’ll make more interoperability. It becomes a virtuous cycle. Without that pull, it’s just theoretical, “Hey, you should be interoperable and make some new APIs available” and no one really uses them. That isn’t going to drive it.

I think we’re starting to see that cycle start a little bit. You see a variety of organizations — like xG health, for example — taking some products that Geisinger has written for in-house and trying to bring them out to the market. It’s starting. It will be really cool to see that happens over the next three or four years.

How will that impact your business? PatientKeeper has been connected to these systems for more than a decade and new entrants will then have the bar lowered to do the same.

We had to spend a tremendous amount of money building all these integrations, but we would just as soon not have to build them. We built them so that we could build the software that we expose to physicians and that they use.

We embrace it. We’ve implemented the FHIR standards on both ends of our application. Somebody can run FHIR on top of us. We can run using FHIR on top of something that is FHIR enabled.

We think openness is philosophically the way to go. That means if someone finds a better application than we have, well then, shame on us. Our job is to have the best applications, and if we don’t, then someone should buy one that is different from ours and have it work with ours that they do think are best.

That’s the way innovation works. That’s the way it works in the tech world. That creates a great ecosystem, an ecosystem that has all ships rising because it puts competitive pressure on everybody. I’m a huge fan, philosophically. I think it can do nothing but good things for us and for other vendors like us.

You just added imaging appropriate use criteria to your product. Are you seeing more interest in having point-of-care systems offer guidance, reminders, or other features that keep providers on the best practices track?

Hopefully it’s the tip of the iceberg. I believe the reason that we as a country spent $40-plus billion getting doctors onto electronic systems isn’t so that we can just get rid of paper, although that was nice. It’s so that we can take this next step of improving healthcare and making the computer an essential tool for physicians.

The analogy I like to use is if you go to most doctors today and say, "Would you write this order on paper instead of putting it into the computer?" Depending on what kind of computer they have, they might gladly say, "Yes, please give me that paper. I can’t wait to write it on paper." If we do our job right as informaticists and as healthcare IT providers, the answer to that should be, “No. I would never write it on paper, because that’s dangerous. I get so much good information and so much help from the computer to do my job that I would never consider practicing without the computer.”

We’re not there yet. PatientKeeper isn’t there. I don’t think anyone is there. But that is the ultimate test. Imaging criteria is one small step. As we start to deploy more advanced techniques, with all the big data analytics techniques, we’ll have computers that know everything about that patient that is all codified. 

The computers aren’t really helping the doctors that much. In some cases, the computer asks the doctor questions the computer knows about. Did you give aspirin to this patient? Well, yes, because I put the aspirin order in the system — why are you asking me? It’s even worse.

The next four, five, six years is going to be that renaissance, helping the physicians with what they do in a way that works for them. Interoperability is such a key to that because it’s going to require the entrepreneurial horsepower of an industry. It’s not going to be one company that solves that problem.

We’re seeing early steps in using little data, where instead of waiting years for big clinical studies to be completed, doctors are getting immediate data analysis from their own systems, such as, “If I have 10 patients in my database who are somewhat like this one, how many of them benefited from this treatment option I’m considering?” Is that concept ripe for development?

I am so excited about that concept. If you think about clinical trials the way they have existed to date, we have a molecule or we have a procedure or a hypothesis. We go out and recruit people, we do all kinds of stuff, and we see whether it works or not.

But every day, there are millions of clinical trials being done. Patients are seeing providers. Things are happening. Outcomes are happening. If we can learn from all of that, even in the smaller cohort, that here are patients like you and and let’s observe how they work. Here are different protocols.

Our parent company HCA has been doing clinical research essentially by just observing different practice patterns across their hospitals. They have done groundbreaking research around sepsis prevention and what things worked and what things didn’t work around preventing infection. Just by observing that there are three or four different ways people do this in terms of washing hands, prophylactic antibiotics, et cetera. They figured out which ones work better without a clinical trial — just by observing the data they have.

That is the future. It might even change the clinical trials industry. At some point you still have to come up with new molecules, but when you start getting into these practices and procedures and off-label use, there is a lot we can learn.

I haven’t heard much about the HCA acquisition since it was first announced. What has changed since?

Certainly the goal of the acquisition was to have exactly what you just described happen, which is business as usual for PatientKeeper from a customer perspective and from an organization perspective. I’m pleased to report that we have achieved that goal. We’re a year and a half in to the acquisition. I’ve talked to some of our customers and they didn’t even know we were acquired. That’s awesome.

The big thing that has changed, which our customers will start to notice over time, is that we’ve made some very big investments in our R&D organization and our hosting center operations. We now have a world-class hosting operation. We had a pretty good one before, but we have a much better one now.

That’s really the big change that we have made. We’ve accelerated R&D efforts and accelerated a variety of projects that we had on the back burner. We’re in the pipeline that we’ve now pulled forward. We haven’t gotten those out to the market yet, so if you are a customer of ours, you haven’t seen the benefits of that. But in the next six to 12 months, you’ll start to see those things hitting the release cycle.

Otherwise, it is just business as usual for us. We’re deploying our advanced clinical software throughout the HCA hospitals and having a great time continuing to go against our original vision.

Do you have any final thoughts?

We’re at the beginning of a new era in healthcare IT. Up until now, it’s been, get rid of paper, get stuff automated. We’ve mostly done that. I wouldn’t say we’re complete, but that phase is coming to an end, where you’re taking processes that have never been automated and automating them.

Now it really is about that next generation. If you think of the evolution of the Internet, we now have concepts like Facebook and EBay that were not possible on paper. They are new concepts. What we’re going to find is a whole new set of innovation in healthcare IT around concepts that were not possible until everybody is electronic. As a company, we’re excited to participate in that. We’re excited to see the ecosystem and the healthcare IT industry itself blossom as that occurs.

View/Print Text Only View/Print Text Only
April 6, 2016 Interviews No Comments

Morning Headlines 4/6/16

April 5, 2016 News No Comments

Variation in Quality of Urgent Health Care Provided During Commercial Virtual Visits

A study published in JAMA finds significant clinical variation among care delivered by commercial telehealth vendors. Researchers suggest vendors begin developing industry best practices aimed at standardizing care.

Mass. General launches Epic health records upgrade

Massachusetts General Hospital, Massachusetts Eye and Ear, and Newton-Wellesley Hospital all go live on Epic over the weekend as part of Partners Healthcare’s $1.2 billion Epic implementation.

Hackers Broke Into Hospitals Despite Software Flaw Warnings

The Associated Press reports that MedStar Health’s recent ransomware attack was executed by exploiting known vulnerabilities from as far back as 2007. MedStar’s failure to apply security patches in time could leave them legally exposed.

Survey Finds Hospital Executives Increasing Focus on Patient Expectations and Engagement

An Advisory Board Company survey of healthcare CEOs finds that the most common executive action items include minimizing clinical variation, redesigning services for population health, meeting rising consumer expectations, deploying patient engagement strategies, and controlling avoidable utilization.

View/Print Text Only View/Print Text Only
April 5, 2016 News No Comments

News 4/6/16

April 5, 2016 News 8 Comments

Top News

image

A study of scripted standardized patient encounters performed by physicians of six virtual visit companies finds significant clinical variation. Remote physicians didn’t ask the right questions or didn’t perform the correct examination steps in 30 percent of visits and gave the wrong diagnosis or no diagnosis at all 23 percent of the time. They ordered urine cultures for only 34 percent of recurring urinary tract infection patients and failed to order the recommended X-rays for ankle pain 84 percent of the time. The authors conclude that while virtual visits may involve lower rates of inappropriate testing, remote physicians often don’t order even medically indicated tests, possibly because of the complexity involved in following up on test results from the patient’s home location or concerns about insurance coverage.

The authors also note that some of the companies performed better than others and suggested they share best practices. The virtual visit companies tested were Ameridoc, Amwell, Consult a Doctor, Doctor on Demand, MDAligne, MDLIVE, MeMD, and NowClinic.

While the virtual visits weren’t perfect, they were not compared to face-to-face visits. Those probably have a similar lack of conformance to best practices, but there’s no good way to send standardized (i.e., fake) patients into an exam room to serve as mystery shoppers.


Reader Comments

image

image

From PHE: “Re: Sandlot Solutions. Has ceased operations. They were down to a skeleton crew as of last week, looking for last-minute funding to maintain core operations, but I was told that the board had already voted to close down if nothing came through as of Friday. No evidence of ongoing operations this morning.” Unverified. However, the logo of Sandlot Solutions was recently removed from the banner of parent company Santa Rosa Holdings – it was there in a March 13, 2016 cached copy but is gone now.

image

From Luxardo: “Re: NYC Health + Hospitals going live on Epic. Reports say it went OK, but 900 Epic installers were on site at the two facilities whose combined census was 700. No wonder these installs cost a small fortune – that has to be at least $2 million per day to have a tech person standing next to each clinical person all day. The real test will be 30 days from now when all those installers have gone back to Wisconsin.”

image

image

From Concerned Customer: “Re: Vocera. Do you put in any stock into this?” SkyTides, which sells “deep due diligence” to hedge funds in “targeting over-hyped stocks and outright frauds,” calls Vocera and Chairman Robert Zollars “purveyors of fraud and obsolete, defective products.” It says Zollars previously ran two companies that paid $591 million to settle fraud charges (Neoforma alone paid $586 million, it says) and claims Vocera strong-armed customers into accepting early product shipments so that the resulting revenue could help the company hit forecasts. It says insiders have been aggressively selling their shares and that Vocera’s one product hasn’t had a major upgrade since 2011 and “appears to be inferior” even though it’s the most expensive. SkyTides accuses Vocera of committing accounting fraud in the three of 16 quarters it reported a profit, says the company has lost $110 million, and predicts that Vocera will have to cut prices to compete. Vocera shares had little reaction to the announcement and have risen 29 percent in the past year vs. the Dow’s decrease of nearly 2 percent. A federal judge gave initial approval a month ago for Vocera to pay $9 million to settle securities class action litigation that accused it of telling investors during its March 2012 IPO that the Affordable Care Act would boost its business, then admitting in May 2013 that ACA was actually hurting sales, sending shares down 37 percent. I’ll be interested to see if Vocera responds, although since it’s an analysis firm making the claims rather than a regulatory agency or litigant, they wouldn’t have much to gain and would instead call attention to the unflattering charges.


HIStalk Announcements and Requests

image image

We funded the DonorsChoose grant request of Mr. Cho in providing 15 scientific calculators for his Bureau of Indian Affairs high school math classes in South Dakota, replacing the 99-cent models he was using. He reports, “These calculators have made it easier for us to do more in the 47 minutes I’m allotted each day per class. The students are now able to move into higher level math. We just started 4th quarter on Monday and your calculators have, over the past three months, allowed us to go into pre-calculus in my Algebra 2 class. My Algebra 1 students were able to use the calculators and fly through it and are now starting Algebra 2! We will continue to use these calculators weekly for many years.”

image image

Also checking in is M. Feeley from New York, whose pre-schoolers are experimenting with the light kits and games we provided.


Webinars

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

Sunquest acquires GeneInsight, a genetic testing software firm created by Partners HealthCare (MA). Sunquest had previously invested in the company. which will operate as a wholly-owned subsidiary from its Boston office.

image

Cumberland Consulting Group acquires 50-consultant  Oleen Pinnacle Healthcare Consulting, expanding the company’s payer market capabilities.

image

Credentialing software vendors Symplr and Cactus Software merge.

image

Healthcare software vendor Ability Network acquires EHealth Data Solutions, which offers software for senior living providers. Minneapolis-based Ability, whose chairman and CEO is former McKesson President and CEO Mark Pulido, has made four other acquisitions in the past two years following a $550 million investment by Summit Partners.


Announcements and Implementations

image

St. Luke’s University Health Network (PA) goes live on Bernoulli’s medical device integration and connectivity in six of its hospitals as part of its Epic implementation.

image

NYC  Health + Hospitals goes live on Epic at its Elmhurst and Queens hospitals, reporting no major problems.

Massachusetts General Hospital and two other Partners HealthCare (MA) facilities go live on Epic, with 1,000 Epic employees participating in Boston.

ESD celebrates its 26th year in the consulting business, noting that its implementation team members worked 30,000 hours in March.

image

McKesson signs up 2,111 of its employees to the Gift of Live Bone Marrow Foundation’s donor registry.


Government and Politics

image

The Federal Trade Commission creates an online tool for developers of health-related software that asks questions about how their software works and then suggests specific federal laws and regulations (such as HIPAA and the FDA) that might apply to them.


Privacy and Security

image

The Associated Press reports that MedStar Health’s ransomware attack exploited known flaws in the Red Hat’s JBoss Application Server that date back to at least 2007. Red Hat and the federal government have for years urged JBoss users to apply patches that correct a common configuration error that allows external users to take control of the server. The article notes that MedStar may be fully exposed to lawsuits or sanctions if it (or its vendors) failed to apply the patch and therefore could be construed as not having exercised reasonable diligence in protecting its systems and data. MedStar criticized media coverage of its attack, saying the publicity will encourage copycat hackers.


Other

Epic’s trade secrets lawsuit against India-based Tata Consultancy Services goes to trial in federal court.

A Wall Street Journal op-ed piece called “How Not to End Cancer in Our Lifetimes” says the White House’s proposed changes to patient consent policies may impede research. The author, dean of Weill Cornell Medicine, says proposed HHS regulations will limit the number of patients who consent to having their leftover medical samples de-identified and stored for future research. It would also require providers to obtain new specimens from each patient every 10 years and to manage their consent documents.

Hospital executives surveyed by The Advisory Board Company state their top concerns as minimizing clinical variation, retooling for population health management, meeting rising consumer expectations, developing patient engagement strategies, and controlling avoidable utilization.


Sponsor Updates

  • AirStrip will exhibit at the Health Evolution Summit April 13-15 in Dana Point, CA.
  • Besler Consulting will exhibit at the HFMA Hudson Valley Annual Institute 2016 April 7 in Tarrytown, NY.
  • Crossings Healthcare Solutions will attend the Cerner Southeast RUG April 20-22 in Charlotte, NC and the Great Lakes RUG May 31-June 2 in Chicago.
  • Crain’s Chicago Business names Burwood Group as one of the Best Places to Work for Women Under 35.
  • Caradigm will exhibit at the Care Coordination Institute April 7-9 in Greenville, SC.
  • Clockwise.MD will present at the 2016 Spring Healthcare Tour and Conference April 5-6 in Nashville, TN.
  • CompuGroup Medical will exhibit at G2 Lab Revolution April 7-8 in Phoenix, AZ. 
  • Direct Consulting Associates will exhibit at Health Connect Partners – Hospital & Healthcare IT Conference April 13-15 in Atlanta.
  • Divurgent will exhibit at the Health Information Technology Summit April 10-13 in Washington, DC.
  • EClinicalWorks will exhibit at the NCCHC Spring Conference on Correctional Health Care April 10-12 in Nashville, TN.
  • HCI Group CEO Ricky Caplin earns recognition from Consulting Magazine, KPMG, and the University of Florida Entrepreneurship & Innovation Center.
  • Healthgrades releases its 2016 Outstanding Patient Experience Award and 2016 Patient Safety Excellence Award recipients.
  • HealthMEDX will host its annual user group meeting April 12-14 in St. Louis.
  • Healthwise will exhibit at the Allscripts Central Region User Group April 13-15 in Minneapolis.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
April 5, 2016 News 8 Comments

HIStalk Interviews Miles Beckett, MD, CEO, Silversheet

April 5, 2016 Interviews No Comments

Miles Beckett, MD is co-founder and CEO of Silversheet of Los Angeles, CA.

image

Tell me about yourself and the company.

I’m originally a medical doctor. I went to med school at UC San Diego. I was a plastic surgery resident at Loma Linda Medical Center. I left the surgery program. I was very interested in the technology world. I ended up moving back to LA and starting a digital media company that I sold in 2012.

After selling that company, I was excited about re-engaging with healthcare, taking my tech knowledge and partnering up with a friend of mine from medical school who’s an anesthesiologist — Dr. David Rakoff — and then a product and engineering guy Patrick Cheung, who ran product in my last company. We founded Silversheet.

The idea was to improve life for doctors and other providers and the administrators at healthcare facilities, to make the whole process of interacting with medical staff more efficient. We’re starting out with a credentialing and privileging product to try to automate as much of that process as possible and make it easier for everyone.

You helped create the lonelygirl15 Web series that was massively popular in 2006-2008. What did you learn from that experience?

First and foremost, when the market’s ready for an idea, it’s going to happen. Back in 2005-2006, video was becoming possible online and big platforms like YouTube were emerging. Lonelygirl was obviously a big hit and it was awesome, but there were a lot of other Web series emerging at the time. We were part of a bigger movement.

As I was thinking about new companies and new ideas and things to work on, healthcare was appealing. Not just because of my personal background, but also because for a variety of reasons, change is happening. The Affordable Care Act, adoption of EMR technology, and the general sentiment from doctors and administrators that they want things to be better and to be more efficient. That’s one big lesson.

The second one — and a core of our current company as well — is that by building communities, by connecting people together with technology, that’s really where the power is. Silversheet is a great software product, but even more importantly, it’s connecting the doctors and other providers to the facilities. It’s that exchange of information and ideas that makes the magic.

Healthcare IT doesn’t seem all that exciting compared to what you’ve done in the past and other companies already offer electronic credentialing. Do you see Silversheet expanding into new areas?

We’re not 100 percent sure exactly what direction we want to go in down the road. Most of the investment in time and energy so far has been spent on the way that doctors interact with patients or nurses interact with patients. EMRs are probably the best example, but then other types of services and applications that are focused on that. I just don’t think there’s been a lot of energy on, how does the healthcare system actually function behind the scenes? How do the facilities interact with their doctors and their staff?

We’ve talked to a bunch of hospitals and health systems. We’ve been focused right now on the outpatient setting, almost exclusively with surgery centers initially. We’re trying to learn, how do those medical staff offices and how do the administrators in them, what are the different functions that they’re performing? Any of those areas that we think we could improve through a platform like Silversheet that makes it easier for them to exchange information, we would want to do.

What’s the prevalence of electronic credentialing?

Credentialing itself is a decent-sized market. There’s a billion or so dollars that’s spent on it annually. There actually is a lot of credentialing that’s done both by surgery centers and hospitals and other institutions and insurance companies and medical groups that are doing provider enrollment. It’s fairly big in and of itself.

Most importantly, a lot of the ways that it’s been done before, it’s either outsource agencies that may have some technology but maybe not as much as you might think, or software that still requires huge amounts of data entry on the part of the administrators. The thing we’re doing a little bit differently is trying to automate a lot of those processes.

We automate a bunch of the primary source verifications. We hook into different databases to pre-populate information about the doctor. 

The biggest difference is that because the doctors have accounts, there’s a network. Once a doctor has their credentials in Silversheet, it’s portable. When they go to a new institution that’s using Silversheet, it automatically synchronizes. If they’re not using Silversheet, they can share their credentials with a click. I think that’s fairly unique to our approach.

Do you foresee a more consumer-facing aspect to the business, such as a physician directory or a tool to help consumers make choices?

People have asked us about that. I don’t know. It’s certainly not a focus right now or for the foreseeable future, but anything’s possible.

As someone who works with investors and technologists in Silicon Valley, how do you think they view healthcare IT?

There are two different views. Some people are playing in between.

If you look at the classic Silicon Valley VC, there’s this general attitude of disruption and wholesale change of industries. That’s going to be tough to do in healthcare. The reality is that people’s lives are on the line and there’s a lot of rules and regulations for good reason. There have been some companies that started and ideas that sound great on paper, but when you actually get into the weeds, they don’t work out so well.

On the flip side, there are more older-school healthcare IT vendors that are using old code or old processes or old development strategies. They’re not taking advantage of the network or connected databases and things like that.

There is middle ground. A fair number of new startups that are like that. We hope that we’re one of them. Definitely my perspective and my approach is that I am a doctor. I didn’t practice long, but I did work in urgent care for a year or two after I left the surgery program. There is a component of having a visceral understanding of what it’s like to be a doctor or what it’s like to interact with nurses or to be nurse and be an administrator.

You have to both really understand how people are working in the system, how they’re currently using software, and what they would like to see improved. Then on the flip side, understand the need to go after big markets and do things in new ways and things that are exciting for investors. We’ve tried to do that obviously with Silversheet. We’re tackling a problem that’s like very real and it’s very much burdensome in the lives of both admins and doctors, but there’s big opportunities down the road.

Where do you see company evolving over the next several years?

Certainly over the next year or two, we are focused on making the credentialing and privileging solution amazing. I’d say we’re 90 percent of the way there. There’s always room for improvement.

Software development is an endless process. The best companies like Facebook or LinkedIn are constantly improving. That’s the big focus of ours. There’s a lot of room for improvement. If you look at existing systems, there’s just a lot of things that are not being taken advantage of. When a lot of these systems were first built, email was not really being used much by anyone, so it wasn’t even considered as a part of a lot of the work processes.

Honestly, we’re pretty focused on that at least for the next year or two. There may be other adjacent areas that the medical staff office handles that we might get into. The Affordable Care Act has put a lot of emphasis on quality measures and things like that, so we might get into some of that.

We are still figuring it out and listening to our customers. Almost all of the features that we’ve built since we launched publicly last year have been from customer feedback.

Do you have any concluding thoughts?

I feel like the time is now. Change is happening. As we’ve talked to admins at surgery centers and as we’ve talked to hospital administrators and certainly doctors and other healthcare providers, everybody’s excited about technology and sees a role for it to improve their working lives and the lives of the patients that they treat. I see that as a marked contrast to when I was in my internship in medical school and it was still very much a scary thing for people. I’m really excited. We’re going to see more and more awesome things over the next decade.

View/Print Text Only View/Print Text Only
April 5, 2016 Interviews No Comments

Morning Headlines 4/5/16

April 4, 2016 Headlines No Comments

New York’s Epic EHR ‘go-lives’ please officials, staff

Two NYC Health & Hospitals facilities are live with Epic after an April 1 go-live that a spokesman for the health system went well, explaining, “There were minor issues, but they were dealt with right away.”

Theranos Devices Often Failed Accuracy Requirements

A newly released CMS inspection report confirms that Theranos’ proprietary blood testing analyzer, Edison, failed internal quality control tests 29 percent of the time, while its California lab was also cited for doing tests with unqualified personnel and storing samples at the wrong temperatures.

Proteus Digital Health Presents Interim Results at ACC From a Randomized Controlled Clinical Study of Proteus Discover

Proteus Digital Health announces interim results from an RCT study of its smartpill technology, finding that its smartpill technology improves blood pressure control in hypertension patients significantly. 85 percent of patients using the smartpill achieved their target blood pressure within four weeks, while only 33 percent of participants in a control group receiving traditional care were able to do the same.

AMA taking bigger role in key IT initiatives

Michael Hodgkins, MD, CMIO of the American Medical Association, discusses interoperability and his role on the board of the Sequoia Project, formerly Healtheway.

View/Print Text Only View/Print Text Only
April 4, 2016 Headlines No Comments

Curbside Consult with Dr. Jayne 4/4/16

April 4, 2016 Dr. Jayne No Comments

I had lunch with some of my former colleagues the other day. One of the hot topics was the relatively new Patient-Centered Specialty Practice Recognition program from NCQA. Several of the specialty physicians who were at the table are employed by a health system and are being encouraged to participate in the program as part of an overall accountable care strategy.

The program is designed to recognize specialty practices that are committed to access, communication, and care coordination. Although it should be fairly easy to “encourage” employed physicians to participate as a condition of their employment, the physicians around the table were unconvinced that the independent specialists would be interested.

Our community has many more independent specialists than owned/employed, while the majority of primary care physicians are no longer independent. Several primary care physicians spoke up about the difficulty of trying to achieve Patient-Centered Medical Home recognition since they felt they were being asked to do more but were not allowed by their employers to add staff.

However, at least as primary physicians, they felt they had experience in coordinating care where they didn’t feel that some of their specialty colleagues were ready to take that on. Several complained about narrow insurance networks that require them to work with specialists who have poor communication and coordination skills, using words like “atrocious” and “radio silent” to describe how they hear back from consultants.

I suppose I was lucky to start my career in the days when my employers supported my ability to refer to the specialists I felt were most appropriate and when most of the specialists in the community were credentialed with nearly all third-party payers. The only payer I had difficulty finding specialists for was Medicaid.

As I determined that a given specialist had poor communication skills or was lacking in follow-up or coordination, they quickly fell off my list of consultants. That got me in trouble more than once with senior members of the hospital medical staff, who complained bitterly that a certain new physician wasn’t giving them the referrals they felt they were due. When I was approached about it by a hospital VP who had been assigned to “mentor” me, I explained that I was referring to the junior partners in their practices who were friendly, collaborative, and actually acted as though they wanted to care for my patients. The fact that I was at least referring to the practice seemed to provide cover, but the idea that a specialist would be “owed” referrals due to seniority or status was (and still remains) offensive.

Referring to the specialists I prefer is a bit more difficult now. Our office gets frequent callbacks from patients who are unable to see the specialists that we recommend due to insurance issues. I try to give patients subtle warnings when I am forced to refer them to physicians I would normally not select. I’ll go ahead and provide multiple referral names, putting the people I prefer at the top of the list. but warning the patient that they need to check with their insurance to determine whether they are covered.

Should the patient choose to go out of network, they can. I explain that the less-desirable provider (without using those words, of course) is more likely to be on their insurance and dance around the fact that although they may have strong technical skills and are a “good surgeon” that the patient might experience some “inconvenience” with the office and getting the paperwork back and forth. I hate to have to use a euphemism for “poor care coordination,” but at least it gives the patient a small bit of warning.

My personal friends who are specialists pride themselves on cultivating their referral base and treating their referring physicians well. Should they decide to pursue recognition, I would foresee their main barriers would be dealing with the documentation requirements from NCQA and educating their staff on any tweaks to process or documentation that may result. I know several of them have unwritten policies for how communication and care coordination occur and they’ll need to get these pinned down and consistent across everyone working in the practice.

Another barrier might be cost. NCQA has a reputation for charging more for the PCMH recognition process than other organizations. Specialists have been fairly insulated from some of the nickel-and-dime treatment that primary physicians have been battling for years, so I’ll be happy to have them on board with our cause.

Others may resist in that they believe they are already providing high quality are and don’t feel the need to have someone else tell them they are. We saw that kind of thinking in the early days of PCMH, but things are getting to the point where physicians almost have to have the formal recognition to stay ahead.

I recently read an article about the CareFirst BlueCross / BlueShield program in Virginia, Maryland, and the District of Columbia. Nearly 90 percent of the plan’s physicians are participating. Those that do receive a 12 percent participation fee regardless of performance metrics and without any penalties or risk assumption. It also treats online visits the same as face-to-face ones. CareFirst’s analysis shows that in looking at 2014 data, participating practices took in an additional $41K in revenue above the participation fee. Additionally, 75 percent of its patients had established a relationship with a primary physician.

The program asks physicians to group together in panels that are graded on patient engagement, access, and appropriate use of services. The engagement score holds the most weight and includes patient satisfaction indicators. The panels of physicians are expected to meet monthly to discuss performance and compare notes.

From the provider standpoint, this sounds like the kind of work we need to be doing to help physicians move forward under new care models. Rather than just tell them they need to do a certain thing or achieve a certain outcome, they’re creating support structures for physicians who can work within the collaborative environment to make changes. Participating providers should also receive reinforcement from their peers when they are doing well, in addition to suggestions for changes proven in other practices.

It remains to be seen whether these types of initiatives will appear in the Patient-Centered Specialty Practice realm. I’ll be watching to see whether specialty physicians start gravitating towards this on their own or whether they’ll only head in that direction when forced to by their employers or other external pressures. I’ll be interested to hear what they think of the process and whether it elicits sympathy for the primary care physicians who have gone before them.

What do you think about Patient Centered Specialty Practice recognition? Email me.

Email Dr. Jayne.

View/Print Text Only View/Print Text Only
April 4, 2016 Dr. Jayne No Comments

Could Ransomware’s Rise Be Healthcare’s Downfall?

April 4, 2016 News 6 Comments

We look at the evolution of what’s turning out to be the hottest health IT buzzword in 2016 and talk with several cybersecurity experts to gain a technical understanding of the problem.
By
@JennHIStalk

image

Ransomware. It’s a word that didn’t make most lists of healthcare IT buzzwords to watch in 2016, yet it has become synonymous with industry headlines in the last several weeks. Its mere mention is now perking up the ears of mainstream journalists and evoking a healthy level of fear from hospital CIOs.

Around 10 hospitals in North America (that we know of) have made news due to ransomware attacks. In February, Hollywood Presbyterian Medical Center (CA) became ransomware’s poster child as it went public with its attack and subsequent decision to pay $17,000 in bitcoin to regain control of its hijacked computer systems. MedStar Health (MD) is nipping at the headline heels of HPMC thanks to a late-March attack similar in nature. While the health system has not formally acknowledged the hack as one of the ransomware variety, media reports indicate that its files have indeed been held captive for $18,500.

image

MedStar is still attempting to get back to business as usual with fax machines and paper records. Representatives have been quick to publicly state that care quality — and in most cases, access — have not been compromised, though anonymous hospital employees have indicated otherwise. There’s also the certain mess to clean up once systems are restored and manually recorded information is backloaded and old charges are posted.

As 2016 progresses, hackers and their victims are learning the ransomware ropes. Varieties of attacks are evolving as cybercriminals experiment with new methods of socially engineered phishing campaigns and the levels of extortion their victims will find acceptable. Providers – even smaller physician practices – are reevaluating their IT infrastructure, pointing an especially critical eye at breach protocols already in place and the integrity of their backups.

In addition to these evaluations, the healthcare community is no doubt wondering who will be next and how can these attacks be prevented? Should ransoms be paid? As insidious ransomware spreads, so to do the concerns of providers.

An Evolving Internet Helps Hackers Thrive

As cybersecurity professionals already know, ransomware attacks are nothing new. Late 1980s versions of the business model were spread by floppy disks that locked down files – a highly inefficient method that prevented early attempts at ransomware attacks from becoming widespread. Internet availability helped it creep back in around 2005/2006, and to then take off between 2011 and 2012 as use of the the World Wide Web became more widespread.

image

“What really changed the game was the first CryptoLocker malware introduced in 2013, which is what we see almost exclusively now for ransomware,” explains Ryan Olson, intelligence director at Palo Alto Networks. “What’s changed since then is an apparent shift in the minds and methods of cybercriminals. They’ve realized that using bitcoin for payment is very profitable, a method much less likely to get them arrested. It’s certainly a far cry from the days of dealing directly with banks and stealing people’s credentials.”

image

Olson also attributes the rise in ransomware attacks to a corresponding explosion in tools aimed at making the exploits of hackers more effective. “We’re tracking about 30 different types of ransomware right now – from CryptoLocker to Cryptowall to TeslaCrypt – and many of them are being provided to hackers as a service,” Olson says. “If you have a criminal actor who can’t write malware, but who wants to get people’s money through this business model, all they have to do is go out and find a service that will do it for them. All they have to do is distribute the malware and collect the money.”

Thanks, MU (Healthcare Becomes an Easy Target)

It’s not hard to understand why hackers have begun targeting healthcare organizations. The transition away from paper records to digital systems has helped hospitals become a hacker’s sweet spot. “In the past, infecting a bunch of health systems wasn’t very lucrative because trying to monetize stolen healthcare records was pretty challenging,” Olson says. “Most of those computers didn’t have financial information on them. But with ransomware, any system that a hospital needs access to can be a source of monetization. I think that’s something that criminals have realized. Hospitals in particular are a relatively soft target because nearly any system inside their network can be monetized since it is necessary to daily operations and contains sensitive information that hackers can encrypt.”

image

Patrick Upatham, director of threat intelligence at Digital Guardian, sees hospitals as the latest flavor of the month. “It’s mostly just a numbers game,” he says. “Public services like hospitals ride the double-edged sword of having to publish information about themselves to service their customers, while at the same time providing a map of ingress avenues of attack that can be exploited. The problem stems from when these normal avenues of contact with hospital personnel are leveraged in an attacker’s favor and lead to that one point of weakness that allows them to get their criminal foot in the door.

“This lopsided, or asynchronous, attack model can be easily automated by an attacker to identify and gather contact information for hundreds if not thousands of hospitals,” he adds, “which could then lead to a malicious email sent through an anonymized service. All it would take is one user to click one link, visit one page, or open one document crafted with certain healthcare terminology to infect a machine. Combined with a self-propagating mechanism, a single infection could take its toll on a hospital.”

“Economically speaking,” Upatham adds, “the cost for sending tens of thousands of emails can be recouped 100 times over from a single hospital willing to pay the ransom. Statistically speaking, with the average success rate of a targeted phishing email hovering around 40-50 percent, even at 1 percent, with one hospital out of a 100 falling for it, that can still be good business. These hits are probably just happenstance from the statistical approach of phishing attacks.”

Worming Its Way In

image

While security firms are monitoring dozens of types of ransomware, most experts agree that the attacks occur in two main ways – phishing emails, as Upatham alluded to above, and exploit kits. “Phishing emails are typically sent indiscriminately to a lot of different people,” Olson explains. “In some cases, they prompt the recipient to open up a file that’s attached to an email. When opened, the file exploits a vulnerability on their computer to infect the system, or tells them to enable macros in Word. We used to have a lot of trouble with macro malware back in the early 2000s, after which Microsoft turned them all off by default so that people weren’t getting infected any more. In 2014, we started seeing attackers use these again in trying to trick people to enable them. The macro is really simple in that it just downloads the malware and puts it on the victim’s computer.” Olson adds that the themes of phishing emails vary. They can include fake package notification messages, fake order reports, and fake travel reports.

While less common than phishing emails, exploit kits are another common method used in ransomware attacks. “Exploit kits are an attacker code that hackers try to inject into Web pages by compromising the Web servers that are hosting them,” he says. “They exploit code by taking advantage of a vulnerability on a victim’s computer to automatically install malware. We call these ‘drive-by downloads’ because they install the malware so quickly and stealthily.”

The Realities of Successful Prevention

When it comes to preventative measures, healthcare systems can’t rest on their IT laurels. Neither can they settle for the advice of the latest “listicle” and its high-level admonitions to educate, back up, and prepare. Enterprise healthcare IT environments are far more nuanced than a 10-bullet-point list and it seems that no amount of investment will successfully overcome human nature’s inclination to click.

image

“It’s all great advice, but some of it is totally impractical,” says David Finn, health information technology officer at Symantec and recently appointed member of the new HHS Cyber Security Task Force. “Healthcare isn’t going to stop using email. You can’t tell physicians and nurses they can’t get on the Web. There are a couple of steps you have to take. The first thing is look at the battle today – the good guys versus the bad guys. The battleground is really the end point again, so you have to start there with good security on all your end points. It has to be installed, updated, and patched regularly, which is where a lot of organizations fall down.”

“The second step,” Finn continues, “which is almost as important as the first, is user education. Computers don’t click on dangerous links and tablets don’t open emails they’re not supposed to – people do. In Hollywood Presbyterian’s case, for example, every employee at that organization received an email with what appeared to be a legitimate invoice. It’s really hard for people, when they think they’re getting a bill for something, to not open it even though they may not have bought anything.”

Upatham likens the need for user education to good hygiene: “Educating users about possible attack attempts and making sure they practice good online hygiene should go hand in hand with hospital hygiene. If any place of employment should understand the implications of introducing viruses to a healthy system through dangerous means, it should be in a hospital. The same stress and education should be extended to online access.”

Once good online hygiene and end-point security are addressed, providers still must deal with a laundry list of other less sexy but just as important preventative measures. “You do have to have content scanning and filtering under your email systems and on your Internet gateways,” Finn adds. “Attackers frequently use old vulnerabilities to use filter command and control structures to send data out, so you have to have all your servers and all your storage patched and current with your operating systems, and all the utilities that should be on those devices.”

“Then of course you need to have some kind of advanced threat protection looking at intrusion prevention or intrusion detection, because a lot of times malware comes in and lives on your network for extended periods – months and months, even up to a year, while it’s mapping data and networks. It’s probably doing a better job than most of our organizations actually do when it comes to that. You pretty much have to be on the lookout for anomalous activity all the time. And that brings us back to end-point security again so that the worm isn’t working through and propagating itself across the whole network.”

“Last but certainly not least,” says Finn, “and this is the one everyone hollers about, is the need to deploy and maintain a comprehensive backup solution. That includes having protection and anti-malware on the storage itself. If you’re relying on the backup groups, and the backup PC gets infected, you’re shooting yourself in the foot because this new malware is pretty sophisticated. It will look for those backups, find where those backups are going, and then it will encrypt them, too. You need to look at the storage and the storage needs to be completely offline from the typical point of entry for these malware devices.”

Olson believes that the biggest preventative challenge healthcare organizations are running into involves shared storage systems. “When a system gets infected and it’s attached to a shared storage system – a network drive of some kind that’s configured so that any user can write files to it – in those cases, the malware will actually go in and find that network storage drive where everybody is sharing all of their files and encrypt all of them. That’s where the biggest impact occurs. At that point, you’ve gone from a single system that was impacted to suddenly all of the systems that rely on that shared data. Now none of them can access the data, and you have a much bigger problem than you had before. Limiting access to those shared drives is another component of protection against ransomware.”

Ransomware Requires Rethinking Strategy and Budgets

The MedStar attack – the fourth such healthcare breach to occur in just a few weeks – should serve as a wakeup call to healthcare executives across the country, according to Upatham. “Hackers are after the healthcare industry now more than ever,” he notes. “Now that they’ve easily cracked a handful of hospital firms, and many have paid the ransom fees, hackers will continue to attack for additional monetary gain.”

Finn concurs that the time is now for the healthcare C-suite to wake up: “Everyone needs to be rethinking their strategy, and not just around ransomware. We complain about the pace of change in healthcare, but the bad guys are moving way faster than us. They don’t have the constraints of regulations, taxes, and budgets. It’s easier for them to get ahead of us than it is for us to get ahead of them. If there’s one lesson we can take away from all this, and not to kick someone when they’re down, but if you look at Hollywood Presbyterian, they didn’t pay that ransom to get access to computers or to get data back, though that was ostensibly what was happening. They paid the ransom because they couldn’t take care of sick people. That’s a business issue. That’s not an IT issue. Until the CEOs, CFOs, CNOs, and CMOs recognize that this is really a threat to their business and ability to care for patients, I don’t think IT will get the support it needs in terms of staff, budget, tools, and training.”

image

In terms of budget priorities, Sensato CEO John Gomez suggests making two immediate purchasing decisions. “Invest in the latest backup software available,” he says, “and, beyond that, get someone to do a backup and recovery assessment. Make sure it is holistic and frequent, and make sure you test your ability to recover. If you can’t back up, you will pay your attackers. The second investment is in user education. Every independent software vendor, independent hardware vendor, provider, and payer should be informing their users about what to look for, and that should come from the CEO. Users need to understand that being aware is critical to avoiding attacks.”

Preparing for What Comes Next

As Finn previously mentioned, cybercriminals are always one step ahead of the game, unencumbered by the constraints of law-abiding organizations. Thus, it’s nearly 100-percent guaranteed that ransomware attacks will continue to evolve in an attempt to develop an immunity to healthcare’s defenses.

“I wish I could say that all providers have to do is back up, test, and educate,” says Gomez, “but ransomware is evolving. Last week, the FBI issued a warning about a new strain of ransomware that doesn’t use phishing attacks as the attack vector. Although back up, test, and educate is a short-term fix, the reality is that you either decide cybersecurity is a top three priority for your organization and take aggressive steps to lock things down, or you’re pretty much rolling the dice.”

“The last thing to keep in mind,” he says, “is that ransomware is just the attack du jour. It’s not like attackers will say, ‘Ok, we’ve messed with healthcare enough, now let’s go mess with finance for a while.’ Attacks will evolve and a whack-a-mole approach to cybersecurity is not going to work. You need a holistic, long-term, and aggressive strategy.”

Olson sees the evolving Internet of Things as the perfect conduit to a corresponding evolution of the ransomware business model. “If an attacker is able to compromise some sort of device, even though it’s not a traditional computer, one of the monetization mechanisms they might have for that is to hold it for ransom. That’s something we really haven’t seen before, but I fully expect to see it in the future as these devices come online and attackers start to search for new systems they can infect, take over, and turn into a profit. It would not surprise me if we saw ransomware attacks against medical devices. I hope that’s not the direction that attackers go, simply because they’re preying on the most vulnerable people.”

“We know that medical devices have fallen victim to ransomware,” Gomez confirms. “As best we can tell, the devices were not the target of the attack, but rather fell victim to a form of ransomware that attacks much like a virus, for lack of a better term. The virus spreads and just does its thing across the network. As scary as that is, the bigger issue we will no doubt soon face is the purposeful attack of a medical device. I started the Medical Device Cybersecurity Task Force, an open-source nonprofit, to specifically address the challenges faced by the industry in securing medical devices. We are currently working on compiling 25 short-term steps that a healthcare organization should consider to secure their devices. We are also conducting research in our labs and running several pilots with three different healthcare organizations.”

Best Practices Can Only Come From Learning Experiences

Healthcare, unfortunately, will likely have to suffer through several dozen or more ransomware attacks before providers can definitively say what worked and what didn’t in terms of prevention and remediation. Finn is hopeful that the nascent HHS Cyber Security Task Force will help the healthcare community share recommendations that will ultimately influence federal legislation.

“You know that in healthcare, we’re not only siloed within the four walls of the hospital, but across the industry,” he says. “In terms of new care models and new security models, that is going to have to change. It’s going to take all of us. Whether we’re providers, vendors, or business associates, we’re all going to have to come together and decide what the addressable items need to be. We’re going to have to have some way of knowing what everyone else is doing to prevent their organizations from becoming the next victim. If there’s one thing we do know, it’s that everyone trying to solve security issues by themselves doesn’t work. We’ve all got to come together and drive a consistent message across this industry.”

View/Print Text Only View/Print Text Only
April 4, 2016 News 6 Comments

Morning Headlines 4/4/16

April 3, 2016 Headlines No Comments

Ransomware and Recent Variants

The US Department of Homeland Security issues a ransomware alert focused on the recent increase in healthcare-focused attacks. Alvarado Hospital Medical Center (CA) and Knings Daughters Health (IN) are both hit with new ransomware attacks.

Fitch Affirms Baptist Health Care’s Rev Bonds at ‘A-‘; Outlook Stable

Fitch affirms the A- bond rating of Baptist Health Care Corporation (FL) but notes that EHR-related training costs will impact profits.

e-MDs Finalizes Acquisition of Software Technology Assets from McKesson

e-MDs completes its acquisition of McKesson ambulatory products Practice Choice, Medisoft, Medisoft Clinical, Lytec, Lytec MD, and Practice Partner.

Trades executed – or killed – by final medical opinion

A Cincinnati paper discusses the medical review process involved in baseball contracts, highlighting the MLB-wide EHR that went live in 2010 and houses medical information on every player from every team in one centralized, online database.

View/Print Text Only View/Print Text Only
April 3, 2016 Headlines No Comments

Monday Morning Update 4/4/16

April 3, 2016 News 5 Comments

Top News

image

The San Diego newspaper reports that Alvarado Hospital Medical Center (CA) has been hit by an unspecified “malware disruption.” The hospital declines to say whether it was ransomware, but states that it has not paid a ransom. The FBI is investigating. The hospital is owned by Prime Healthcare Services, which had two other of its hospitals recently disrupted by ransomware.

image

Meanwhile, Kings Daughters Health (IN) is hit by ransomware, with some systems remaining down since Wednesday morning. A hospital user opened an email attachment infected with the Locky malware.

image

The US Department of Homeland Security’s US-CERT, in collaboration with the Canadian Cyber Incident Response Centre, issues a ransomware alert that specifically calls out hospitals. It recommends that individuals and organizations:

  • Perform and test backups and store them offline.
  • Use application whitelisting that allows only specified programs to run.
  • Apply patches and antivirus updates.
  • Restrict user install and run privileges.
  • Block suspicious attachments and avoid enabling macros from all email attachments.
  • Don’t click unsolicited Web links.

Reader Comments

From Jack: “Re: MedStar Health. Has a major portion of their infrastructure and server management outsourced to Dell, which manages them with offshore IT people. I find myself wondering if Dell is at risk here, and if so, are there others who are vulnerable to ransomware attacks.” Unverified.

From Kermit: “Re: whales. Sure, they get personal health records. Just not us.” Researchers propose creating electronic records for the 84 endangered whales that live in Puget Sound from spring to fall, explaining, “The goal is to really start getting a lot of data and pull them together in a way that permits easier analysis. Ultimately, the real benefit of any health record is to help make management decisions.”

From Boy Blunder: “Re: Epic 2015. I was on the call when an Epic support executive asked us to delay, with similar talking points to what was stated on HIStalk. He tried to minimize things, saying they’ve found fewer problems for each project released in 2015 and that waiting for a couple of fix packages would be better. That doesn’t square with the situation since we were discouraged from pursuing 2015 when it was released and have been warned on various pieces of broken functionality for months. An experienced TS’er  said her colleagues testing these packages are worried about unrealistic timelines and the likelihood of newly created problems. She also expressed a lot of skepticism about the message we’d been getting from Epic’s leadership about things being on the right track given how long 2015 has been on the market, and encouraged us to consider delaying a bit further. It concerns me greatly that I’m getting a more realistic view of what’s happening from people that aren’t leading Epic than from those that are.” Unverified.

From Just HIT On: “Re: healthcare IT. I’m an undergrad in an unrelated major and just accepted a job with a big health IT vendor’s corporate development arm. I asked an associate there what I should read as a helpful daily news source and he suggested HIStalk. Do you recommend books or starter material so I can get my feet wet before starting?” I haven’t seen any books that would be a timely overview of the entire health IT industry. I would probably suggest reading all HIStalk posts going back six months or so – headlines, news posts, interviews, Dr. Jayne, our posts from the HIMSS conference, etc. Make notes about concepts that are unclear – say, clinical decision support or patient identifiers – and then search to find previous HIStalk posts on those topics. That will give you an immersion into what’s going on right now with some context and often a link to an article that I found acceptably authoritative. I’ll offer readers the chance to weigh in as well.

image 

From Lantana: “Re: Epic. I’d to offer a shout-out to the Open.Epic team and give them credit for their openness (pun intended) in responding to another vendor’s very detailed requests related to how they integrate, in this case related to pushing CCDs. Unlike so many other vendors, they’re willing to invest time, answer progressively more detailed questions, and, it seems, always do so with a smile. This was all done simply through the website, with no clients involved and no clients even named. Simply open information sharing. So many other vendors, though not all, approach integration grudgingly and usually would only engage with another vendor if required or paid by their client. I’m grateful Epic has taken a different tack.” Verified, as this report came from a non-anonymous vendor executive.


HIStalk Announcements and Requests

Thanks to the following sponsors, new and renewing, that recently supported HIStalk, HIStalk Practice, and HIStalk Connect. Click a logo for more information.

image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

image

Fifty-nine percent of non-profit employees admire and respect their organization’s highest-ranking executive, while in the for-profit world, it’s a 71 percent approval rating. That might be surprising to folks who assume that non-profit leaders earn more respect. New poll to your right or here: who would you trust most to protect your personal health data?

image image

Ms. Lacey says her Texas elementary school class is using the two tablets we provided in funding her DonorsChoose request for before-school skills practice, in activity stations, and in after-school tutorials, with students asking her even before she arrives in the classroom if they can use them.

image image

Also checking in is Ms. Alley of Virginia, whose elementary school class received an iPad Mini and accessories via our donation. Students are required to spend 20 minutes with the Imagine Learning program and previously could rarely get time with the school’s few iPads. They are also using it to practice math skills and she is using  an app called Class Dojo to communicate with parents. She concludes, “The iPad mini has become an integral part of our classroom. I can’t imagine the days before we had it. Thank you so much for your generosity. You have truly made a huge difference to our classroom and our lives.”


Last Week’s Most Interesting News

  • MedStar Health becomes the latest health system to have its systems taken down by ransomware.
  • Orion Health lays off 10 percent of its US workforce.
  • Southcoast Hospital (MA) will lay off 95 employees after a Q1 loss of $10 million that it blames on Epic project cost overruns.
  • Dell announces that it will sell its IT services business, the former Perot Systems, to Japan’s NTT Data for $3.05 billion, 20 percent less than it paid for the business in 2009.
  • Mandatory electronic prescribing takes effect statewide in New York.

Webinars

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Here’s the recording of Vince and Frank doing “rise of the small-first-letter vendors.”

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

E-MDs closes its acquisition of McKesson’s ambulatory PM/EHR products.

image

Valence Health lays off 75 employees, half of them in Chicago. Nathan Gunn, MD, president of the company’s population health and risk services, has left for unspecified reasons.


Other

The bond ratings agency of Baptist Health Care Corporation (FL) affirms its A- rating, but notes that profits will be hit by EHR training costs. Its Allscripts project will require $40 million in capital over the next five years for a March 2017 go-live, with Allscripts providing a $22 million, 10-year, interest-free loan.

The Cincinnati newspaper notes that Major League Baseball’s EHR allows players or their doctors to send their electronic health information to wherever they like, allowing a team’s physician to review a player’s medical history before recommending that the team acquire him. A snippet:

But in 2010, MLB introduced its Electronic Medical Records system, housing medical information on every player on every team in one centralized, online location. When a trade is being discussed, one team doctor can give another an electric key to access the records of a specific player. (Players are also given this key to distribute to whomever they wish once they reach free agency.) Access to such records usually shuts off after 24 hours, underlining how streamlined MLB has made a process that used to take at least several days. “We could do it the same day now,” Kremchek said. “The girls who work in my office can pull it up on a computer, and I can do it in the matter of 10 minutes.”

Those records are also dizzyingly complete. All available medical information on every player at every level of every organization is included, and go far beyond the scans taken when players first report to spring training each February. If a player sought treatment for any issue at any point in the season – even if he was issued two ibuprofen for a headache – that information is included. That’s a stark contrast from years ago, when a team didn’t know much about its own players, much less anyone else’s. “Twenty years ago when we started doing this, we had our own minor-league players showing up who had surgeries,” Kremchek said. “We never knew who had what, and they’d show up and have bandages on.”

image

Boston Children’s Hospital will roll out an Amazon Echo voice-powered system in the next few weeks that will “embed Children’s Hospital know-how” in the device.

image

Hospitals in Croatia entertain pediatric patients by having clown-physicians put on shows via Skype every Thursday at 5:00 p.m.

image

The Boston newspaper discovers that the Massachusetts Department of Health cited Brigham and Women’s Hospital (MA) last year for breaking its own policies in caring for a Middle Eastern prince who brought his personal chef and a seven-person entourage along with him for a seven-month stay in two penthouse suites. In a good example of VIP Syndrome, the patient had a drug-resistant infection but hospital management ordered employees not to wear mandatory protective gowns because the prince found them “offensive.” The hospital allowed him to leave for overnight hospital stays and allowed members of his entourage to administer his medications and clean his IV site. Employees were also alarmed by the large number of narcotics ordered for him and delivered to his penthouse.

image

Epic’s April Fool’s home page makeover was even wittier than usual, featuring clever humor from obviously well-read recent liberal arts grads. A faux news item involving a rebranding of the company’s Cogito ergo sum reporting system to its French translation of Je Pense Donc Je Suis explained with the drollest of humor, “Most customers simply found it too challenging to pronounce correctly a phrase from an irrelevant lingua mortua – ergo the name change …There was a certain a priori knowledge of Latin that was, ipso facto, just not present for most people.” An article citing an HIStalk interview with Athenahealth’s Jonathan Bush claims he’s been using MyChart while thinking it’s his own company’s portal, commending its “chill vibe” and adding, “I pulled my phone out after my duet with Erykah Badu at SXSW because I remembered I needed to schedule some vaccinations. Tom Hardy and I are running an ultramarathon in Madagascar next month. Anyway, I had them scheduled in under a minute. See, this kind of positively disruptive patient empowerment is exactly what Athenahealth is about.”

Another pretty good April Fool’s thing is Twine Health’s “Introducing Snapchart,” the EHR that immediately destroys the information you enter (if you’re over 30, Snapchat text messages self-destruct once read). It would have been nearly perfect had they wired CEO John Moore, MD, PhD with a lapel mike or used a directional one for better audio. Watch for cameos by John Halamka and ZDoggMD.


Sponsor Updates

  • TeleTracking will exhibit at the AORN Surgical Conference & Expo 2016 April 3-5 in Anaheim, CA.
  • Zynx Health announces call for nominations for the 2016 Clinical Improvement Through Evidence Award.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
April 3, 2016 News 5 Comments

Morning Headlines 4/1/16

April 1, 2016 News No Comments

Hackers offering bulk discount to unlock encrypted MedStar data

MedStar confirms that the cyberattack responsible for bringing down its network was the result of a ransomware attack in which hackers are demanding $1,250 per computer or $18,500 for all computers to restore access to files. The FBI continues to investigate, meanwhile hackers have given the hospital 10 days to pay before encrypted data will be permanently destroyed.

Southcoast Health cutting dozens of jobs on heels of expensive IT upgrade

Southcoast Health (MA) lays of 95 employees as part of cost saving measures put in place after the health system went over budget on their $100 million Epic install.

May 2016 FHIR Release

FHIR publishes release notes for its newest version.

CareFusion Pyxis SupplyStation System Vulnerabilities

The Department of Homeland Security finds security vulnerabilities in versions of CareFusion’s Pyxis SupplyStation, most attributed to outdated third-party software.

View/Print Text Only View/Print Text Only
April 1, 2016 News No Comments

Subscribe to Updates

Search


Loading

Text Ads


Report News and Rumors

No title

Anonymous online form
E-mail
Rumor line: 801.HIT.NEWS

Tweets

Archives

Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Follow

Reader Comments

  • Dave's right: Anybody who works in the HIT sector in Atlanta will tell you McKesson has been steadily shedding employees for the past ...
  • Dave Newman: Oh my gosh, that is a lot of bloviating buzzwords, even by Hammergren's standards. ..."reduce complexity, lower costs, a...
  • ProGoogler: From the most recent Change Healthcare 10-K: If we cannot generate sufficient cash flow from operations to service our ...
  • No Buyer???: If you watch Bearing Sea Gold this seems like the kind of deal Emily finally was able to make with Zeke to save their si...
  • Amused: What a joke. What a mess. This reminds me of Microsoft and GE spinning off their (failing) HIT businesses into a joint v...

Sponsor Quick Links