Recent Articles:

Monday Morning Update 9/8/14

September 5, 2014 News 6 Comments

Top News

image

Another team officially joins the DoD EHR hunt: PwC, DSS, Medsphere, and General Dynamics, which will offer up VistA.


Reader Comments

image
From Bon Scott: “Meditech announcing organizational changes. It seems odd that the previous sales and marketing VP is now over services and the VP over an older product line is now in charge of sales and marketing. Think this is a sign of the times with Meditech and it coming across as desperate for change?” EVP Hoda Sayed-Friel (above) takes over implementation and support, VP Helen Waters moves over sales and marketing, and EVP Michelle O’Connor takes over all develpoment.

From OB: “Re: Denver fire department. Great idea — a mobile care unit that handles 911 calls that don’t require a patient to be taken to an ED. I was interested to read that ‘South Metro Fire also relies heavily on Colorado’s new electronic medical records network. The nurse or EMT can call up patient records on the scene to provide care that’s more like an office visit, and dispatchers can check recent medical histories to make sure they send ambulances to people who might really need one.’ Too bad that insurance is not paying for the service right now, hopefully that will soon change.”


HIStalk Announcements and Requests

Thanks to the following sponsors, new and renewing, that recently supported HIStalk, HIStalk Practice, and HIStalk Connect. Click a logo for more information.

image
image
image
image
image
image
image
image
image
image

image

Poll respondents see drugstore chains as having significant influence on healthcare going forward. New poll to your right or here: of which industry groups are you a member?

Maybe it’s just me, but I’m creeped out when after casually looking at someone’s LinkedIn profile, they send a message saying, “I saw you looked at my profile. May I help you?” Answer: no, because if I wanted help I could message you just as easily as you messaged me. I don’t really like having my profile views tracked, so I finally overcame my inherent laziness and went to Privacy Settings and changed “Select what others see when you’ve viewed their profile” to the “You will be totally anonymous” option (which surprisingly doesn’t require the hard-sold LinkedIn upgrade). Facebook could have an instant goldmine if they charged for the ability to see who has viewed your profile, just like Netflix will mint coin the moment they break the porn barrier.


Last Week’s Most Interesting News

  • CMS publishes updated Meaningful Use requirements with few changes from the original draft that drew widespread provider ire in requiring a full 365-day reporting period for 2015, meaning hospitals have to be ready to start in the next four weeks.
  • CVS continues its transition to a healthcare powerhouse by renaming itself CVS Health, emphasizing its offerings that include Minute Clinics for primary care and chronic disease management in partnership with health systems.
  • An apparently security weakness in Apple’s iPhone that allowed nude celebrity photos to find their way onto the Internet makes headlines just as the company prepares to announce several health-related offerings.
  • The White House announces a new CTO and deputy CTO from Google and Twitter, respectively, ending the streak of two US CTOs (Aneesh Chopra and Todd Park) who had strong healthcare backgrounds.

Webinars

September 11 (Thursday) 1:00 p.m. ET. Electronic Health Record Divorce Rates on the Rise — The Four Factors that Predict Long-term Success. Presented by The Breakaway Group, A Xerox Company. Presenters: Heather Haugen, PhD, CEO and managing director, The Breakaway Group, A Xerox Company; Bill Rieger, CIO, Flagler Hospital, St. Augustine, FL. Many users are considering divorcing their EHR as dissatisfaction increases. Many are spending 90 percent of their time and resources on the wedding  (the go-live) instead of the long-term commitment to new workflows, communication, education, and care outcomes (the marriage). Hear more about the findings of research published in “Beyond Implementation: A Prescription for Lasting EMR Adoption” about EHR adoption and success factors.  Registrants get a free electronic or paper copy of the book.

September 18 (Thursday) 1:00 p.m. ET.  DHMSM 101: The Hopes, Politics, and Players of the DoD’s $11 Billion EHR Project. Presented by HIStalk. Presenters: Dim-Sum, an anonymous expert in government healthcare IT, military veteran, and unwavering patriot; Mr. HIStalk. The Department of Defense’s selection of a commercially available EHR will drastically change the winning bidders, the health and welfare of service members all over the world, and possibly the entire healthcare IT industry. The presentation will include overview of the military health environment; the military’s history of using contractors to develop its systems vs. its new direction in buying an off-the-shelf system; its population health management challenges in caring for nearly 10 million patients all over the world, some of them on the battlefield; and a review of the big players that are bidding. This presentation will be geared toward a general audience and will be freely sprinkled with humor and wry cynicism developed in years of working in two often illogical industries that hate change.


Acquisitions, Funding, Business, and Stock

image

Asthma inhaler monitoring device vendor Propeller Health raises $14.5 million in Series B financing.


People

image

Chris Hogg (Practice Fusion) joins Propeller Health as COO.


Technology

Fascinating but scary: if you have a Google account, check out its display of where you’ve been lately, as tracked by (a) your Android phone’s GPS, or (b) your use of Google Maps.

Other

Apple adds a countdown clock for its September 9 announcements, also adding that it will stream live video from the same page. Nobody can top Apple when it comes to creating drama and excitement around product announcements. I can’t imagine a healthcare IT company doing anything like that, although Epic probably could if it wanted given its similar fanboy base and creative flair.


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

 

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
September 5, 2014 News 6 Comments

Morning Headlines 9/5/14

September 4, 2014 Headlines 1 Comment

After quitting tobacco, CVS makes its next health-care moves

CVS pulls tobacco from its shelves a month ahead of its published goal, cutting $2 billion in annual revenue in the process. The company will expand its Minute Clinics and pursue new payer and health system partnerships to compensate for the loss.

President Obama Names Megan Smith U.S. CTO, Alexander Macgillivray Deputy U.S. CTO

Megan Smith, former Google VP of new business development, replaces Todd Park as the new US CTO, while Alexander Macgillivray, Twitter’s former lead council, will assume the role of Deputy US CTO.

Cover Oregon needs Oracle’s help to avoid delays in federal health exchange transition

After Oracle and the state of Oregon sue each other over the failed Cover Oregon health insurance exchange, Oracle puts the brakes on efforts to move on by refusing to provide access to the servers and source code for the site. The impasse will likely compromise Oregon’s ability to launch a functional exchange before the start of the next open enrollment period on November 1.

View/Print Text Only View/Print Text Only
September 4, 2014 Headlines 1 Comment

News 9/5/14

September 4, 2014 News 4 Comments

Top News

image

CVS Caremark changes its name to CVS Health as it also stops selling tobacco products in its 7,700 pharmacies. The company will take a $2 billion revenue hit in removing tobacco from its shelves, but the move obviously positions it more convincingly as a player in the general health market as it expands the number of its Minute Clinics from 900 to 1,500 in the next three years. CVS says it doesn’t plan to move Minute Clinic into full primary care as Walmart is doing, but will expand its chronic disease management services, which is not surprising given its recently announced care management relationships with several health systems and its transition to Epic.


Reader Comments

image

From Heathkit Assembler: “Re: Apple HealthKit. Here are the company’s specific developer requirements.” The “improving health” part might be just as easily skirted as HIPAA’s “treatment, payment, and operations” unless Apple defines it further.

From Just Nutz: “Re: Meaningful Use. Mr. H’s ‘Comatose’ was the perfect descriptor. CMS could have made 2015 more flexible. The 2014 period ends in 26 days, so people had already figured Stage 2 out if they were ever going to, and Stage 3 was pushed back but virtually no one cares about this today. The primary stressor for hospitals, the year-long reporting period that also starts October 1, was ignored despite thousands of comments urging CMS to address it as hospitals desperately try to get ready for 2015.” I’m glad Meaningful Use interest is finally fading. It was a necessary and ultra-expensive evil for getting poorly selling EMRs adopted, but it’s time to let the free market take back over and forget piecemeal provider bribes that often don’t provide the biggest bang for the patient outcomes buck.

From Nasty Parts: “Re: Explorys. I can confirm that they’re on the market. I hear GE, IBM, McKesson, and Medecision are the suitors.” Unverified.

From Beltway Bandido: “Re: DoD EHR. VistA is in the mix, being bid by DSS, PwC, and General Dynamics.” Dim-Sum told me they are pushing VistA, which has zero chance of getting anywhere for reasons that are surprisingly good.


HIStalk Announcements and Requests

This week on HIStalk Connect: Dr. Travis discusses Apple’s move into healthcare ahead of next week’s anticipated iWatch unveil. Qualcomm announces the 10 finalists in its $10 million Tricorder X-Prize competition. Ybrain closes a $3.5 million Series A to further development of a wearable device designed to help treat Alzheimer’s Disease. Three students from the University of Queensland in Australia win iAward’s Young Innovator of the Year award for a gamified mHealth app that helps children with cystic fibrosis. 

This week on HIStalk Practice: Healthpointe announces a new urgent care telemedicine service. Veterans in Rhode Island share their health data with the VA via the state HIE. President Obama holds Estonia in high esteem when it comes to sharing digital health data. University of Toledo Physicians selects athenahealth solutions. The VA announces mobile versions of its most popular HealtheVet portal applications. Fall conference season – from open source to the cloud – gets into full swing. Thanks for reading.

Note to desperately idea-starved writers trying to sound hip and topical by riding pop culture coattails: articles like “What healthcare can learn from the passing of [fill in ‘Robin Williams’ or ‘Joan Rivers’ or any other recently deceased celebrity’s name]” are about as lazy, pointless, and lame as their titles suggest.

Listening: Dutch progressive rockers Knight Area, which sounds a lot like early 1970s Genesis. They will release a new album in October.


Webinars

September 11 (Thursday) 1:00 p.m. ET. Electronic Health Record Divorce Rates on the Rise — The Four Factors that Predict Long-term Success. Presented by The Breakaway Group, A Xerox Company. Presenters: Heather Haugen, PhD, CEO and managing director, The Breakaway Group, A Xerox Company; Bill Rieger, CIO, Flagler Hospital, St. Augustine, FL. Many users are considering divorcing their EHR as dissatisfaction increases. Many are spending 90 percent of their time and resources on the wedding  (the go-live) instead of the long-term commitment to new workflows, communication, education, and care outcomes (the marriage). Hear more about the findings of research published in “Beyond Implementation: A Prescription for Lasting EMR Adoption” about EHR adoption and success factors.  Registrants get a free electronic or paper copy of the book.

September 18 (Thursday) 1:00 p.m. ET.  DHMSM 101: The Hopes, Politics, and Players of the DoD’s $11 Billion EHR Project. Presented by HIStalk. Presenters: Dim-Sum, an anonymous expert in government healthcare IT, military veteran, and unwavering patriot; Mr. HIStalk. The Department of Defense’s selection of a commercially available EHR will drastically change the winning bidders, the health and welfare of service members all over the world, and possibly the entire healthcare IT industry. The presentation will include overview of the military health environment; the military’s history of using contractors to develop its systems vs. its new direction in buying an off-the-shelf system; its population health management challenges in caring for nearly 10 million patients all over the world, some of them on the battlefield; and a review of the big players that are bidding. This presentation will be geared toward a general audience and will be freely sprinkled with humor and wry cynicism developed in years of working in two often illogical industries that hate change.


Acquisitions, Funding, Business, and Stock

image

Best Doctors acquires Rise Health, which offers a population health management platform.  Rise Health’s CEO is Mark Crockett, MD (formerly of OptumInsight/Picis) and its president/COO is Connie Moser (with McKesson until a few months ago).

image

Clarity Health, which sells a referral management system, raises $1.89 million, increasing its total to $13 million.  

Pain treatment analytics platform vendor Axial Healthcare raises $1.75 million in a Series A round. Paul McCurry, MD, formerly of MedSolutions, founded the Nashville-based company in 2012.  

Google enters the pharma business with a drug company biotech partnership that will research age-related diseases at a cost of up to $1.5 billion.


Sales

Piedmont Healthcare (GA) selects Perceptive Software’s Acuo Vendor Neutral Archive.

Health Plan of San Mateo (CA) chooses Verisk Health’s payment accuracy suite.

image

Saline Memorial Hospital (AR) chooses Allscripts Sunrise. What a great hospital name – if it were located in Normal, IL it could be called Normal Saline.

image

Singing River Health System (MS) chooses Strata Decision’s StrataJazz decision support and cost accounting.


People

image

Nancy Brown (McKesson) joins Oak HC/FT as a venture partner.

image image

As expected, the White House names Megan Smith (Google) as CTO, replacing Todd Park. Former Twitter lawyer Alexander Macgillivray is named as deputy CTO.


Announcements and Implementations

Elsevier will market Tonic Health’s patient data collection platform.

Flint Rehabilitation Devices launches MusicGlove, a Guiter Hero-type game that helps stroke and muscular injury patients regain hand function through music-paced repetitive exercise games.

MedAptus launches Provider Enrollment in partnership with Newport Credentialing Services.


Government and Politics

Former Senators Trent Lott and John Breaux sign on as lobbyists trying to convince the federal government to cancel plans to impose sanctions on a state-owned Russian bank in protest of that country’s activities in the Ukraine. As Lenin said, “We will hang the capitalists with the rope they sell to us.” The healthcare connection: the political guns-for-hire formed the Alliance for Connected Care to twist political arms on behalf of telehealth-invested companies such as CVS, Teladoc, and WellPoint.

image

Oregon and Oracle are suing each other over the Cover Oregon health insurance exchange, but even though the state is moving to Healthcare.gov for Medicare it will still need Oracle’s help to get its Medicaid part running. The snag: Oracle won’t give the state access to its servers or set up a new production environment. A consultant’s report says if Oracle doesn’t come to the table by Friday (September 5), the site won’t be ready for the next open enrollment period that starts in November.

image

HHS announces that a hacker breached a test server of Healthcare.gov in July and installed malware. Apparently it wasn’t a targeted attack, just the usual hack bot cruising, which HIStalk’s server defenses have blocked exactly 1,000 times today (as broken out by the graphic above) which means nearly every site on the Internet, including Healthcare.gov, is getting pounded even though they contain nothing of value. It’s unbelievable that any site can keep running given the endless creativity and resources hackers are willing to waste to penetrate pointlessly.


Other

Coming soon to an already economy-devastating US healthcare system: cancer drugs that cost $150,000 or more per patient per year and are required for the rest of a patient’s life.

The city council of Berkeley, CA approves a “charity cannabis mandate” that requires medical marijuana dispensaries donate at least 2 percent of their product to low-income residents, with the mayor arguing that marijuana is a medicine and everybody should have access to it. The response from the California Narcotic Officers’ Association: “Instead of taking steps to help the most economically vulnerable residents get out of that state, the city has said, ‘Let’s just get everybody high.’”

Someone tweeted that “assumptions are imperfect substitutes for data.” I might agree, but with several caveats:

  • Data are never perfect, complete, and free from bias, so there’s always a leap of faith even when data (including the “big” kind) are available.
  • You can lose your advantage (competitive or clinical) while waiting on the perfect set of data.
  • It’s hard to distinguish causation from correlation, subjecting any given data set to imperfection. As our hospital pathologist helpfully told me early in my career when I reviewed a patient’s chart for a committee, “He died with it, not of it.”
  • Sometimes intuition, experience, and people knowledge works better than data. The challenge is to determine which side of the fence a given situation falls on. Ideally, someone with that intuition, experience, and people knowledge is the one evaluating the data so you get the best of both worlds.
  • Healthcare straddles the fence above. Data analysis can provide new insight and help make treatment decisions, but only if wielded by expert clinician hands. You as a patient are just like other patients in not wanting to be managed by faceless payer or government algorithms cranked out from population health number-crunching that don’t take your own feelings, impressions, and beliefs into account. When it comes to the practice of medicine, art and science aren’t conveniently demarcated by a sharp line.
  • Bad decisions can (and often do) come from good data.

image

Weird News Andy calls this story from England “Meals on Wheels.” A new hospital uses a fleet of 12 robots to deliver patient meals, linens, instruments, and pharmacy items to the floors. Unrelated but interesting is the hospital’s response to patient complaints about small portion sizes, some of which found their way (with pictures) online: “We don’t know if it is a frail old man we are serving or a large rugby player so it’s up to each ward to know their patients and serve food accordingly.” WNA finds this a good story pairing: a company’s restaurant robot grinds beef and cooks it to order to create 360 burgers per hour, even slicing tomatoes and pickles simultaneously and placing the finished product in paper bags. The company’s co-founder says the machine isn’t intended to make fast food employees more efficient, but instead to eliminate them.


Sponsor Updates

  • NVoq announces the 2014 SayIt Healthcare Productivity ShowcaseFest, where 12 chosen healthcare professionals will work with the company’s SayIt speech recognition product to build and record a voice-optimized EMR Showcase. Nominations are due September 26.
  • GetWellNetwork Inpatient earns 2014 Edition Modular Inpatient EHR certification.
  • EDCO Health Information Solutions will host a session titled “An Unexpected Necessity – Indexing Software” at the AHIMA conference in San Diego on September 28.
  • Impact Advisors publishes a blog post, “Meaningful Use Final Rule.”

EPtalk by Dr. Jayne

clip_image001

The Greenway Engage14 user group meeting kicked off today in Dallas. I’ve got a reporter embedded. Here are some of his preliminary thoughts.

“We are making our final descent into Dallas, where the temperature is 99 degrees and the local time is 8:04 p.m.” Maybe it is just me, but it felt like 324 degrees Kelvin when departing the airport. Greenway has chosen yet another Gaylord hotel, this time a short ($25 cab) jaunt from DFW. It is the official hotel of the Dallas Cowboys and there are some players milling around and mixing with the OB/GYNs. It is a huge complex. So far, no riots over MU2 have broken out. That being said, the gent next to me at the bar was here to cancel his contract — he was hoping to get to do so directly to Tee Green. He was upset about product performance and issues upgrading, describing 2014 as, “The year I will never recover from financially.”

I’ll be curious to see and hear some other opinions as the conference begins in earnest tomorrow. I remain skeptical of the premise that the annual way to educate and inform your best customers is to price gouge them at a hotel that is inconvenient at a time when most kids are just going back to school and many practices are becoming quite busy. For now, everyone is getting settled in for what should be a long weekend of wondering what happened to MU and where they go from here. Also, what happened to Vitera in all of this, their product wasn’t so bad …”

He plans to attend the opening night gala and snap some photos and get feedback from the trenches as the liquor flows. I perused the agenda to suggest some sessions for him. It seems they have ambitiously scheduled fitness classes on Friday and Saturday at 5:30 a.m. I noticed they left them off the schedule for Sunday morning, which is probably a good thing since their client event runs from 7 p.m. to 1 a.m. the night before. The agenda says the “Greenway team is famous for its dance moves,” so I’ll definitely be on the lookout for photographic evidence.

I don’t envy them with the updated Meaningful Use timeline being released the weekend prior. Attendees will expect Greenway staffers to be knowledgeable and ready to provide advice on their particular situations. I have to admit this is the first rule I’m not going to read in its entirety. Like Mr. H, I am kind of “over” MU and will wait for the CliffsNotes versions that I anticipate my vendors will send within a week or so.

I laughed as I went through my inbox. Right after the notification from CMS was this article from JAMA touting the benefits of “cognitively stimulating activities such as reading” as preventive against cognitive impairment. I think I’ll go for some 2048 instead.

As for my roving reporter’s comments about user group meetings in general, I’m sympathetic. Our primary vendor’s meeting continues to increase in cost, not only for the meeting itself, but for hotel and travel. We’ve had to cut back on the number of people we send and rotate attendees to make sure that everyone has the chance to go every few years. A couple of our staffers who really enjoy attending have gotten smart and submit a presentation every year in the hopes that they’ll be selected to speak and will get one of the coveted spots.

clip_image003

Thanks to Dr. Travis for turning me on to NomadList, which appeared in a tweet about 25 promising startups. NomadList quantifies the best cities to live in when you can work remotely, providing info on cost of living, Internet speed, and weather. I know a couple of consultants who have a minimal home base and travel all the time whether they’re client-facing or not. I once had an EHR conversion done by a guy who admitted he was processing my data from the beach in Thailand. Top US cities include San Juan, Las Vegas, Austin, Dallas, and Park City.

If you’re a digital nomad, what do you think? Email me.


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

 

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
September 4, 2014 News 4 Comments

Morning Headlines 9/4/14

September 3, 2014 Headlines 3 Comments

Task force taps the brakes on interoperability

During Wednesday’s Health IT Policy Committee meeting, members decide that a JASON report on health data interoperability that had been created to guide future policymaking is inadequate and overlooks the pressures on EHR vendors.

Google’s Calico, AbbVie forge deal against diseases of aging

Google’s Calico initiative to extend human life enters into a $500 million research agreement with US drugmaker AbbVie to help create life sciences research facilities in Silicon Valley, and then collaborate on drug development projects. Each business will contribute $250 million initially, with the option of adding an additional $500 million over the lifetime of the partnership. The team will share both costs and profits equally as new drugs are developed and marketed.

Groups press FDA to encourage medical-device registries

Pew Charitable Trusts, the Blue Cross and Blue Shield Association, and the Science Infrastructure Center run by Weill Cornell Medical College are collectively calling on the FDA to create a medical device registry that would be tasked with post-market surveillance and capturing data for long-term research initiatives.

CMS finalizes auto-enrollment process for current Marketplace consumers

CMS publishes a final rule that will provide consumers who purchased their health insurance over an insurance exchange with a simple way of to renewing the plan.

View/Print Text Only View/Print Text Only
September 3, 2014 Headlines 3 Comments

Readers Write: Lessons Learned from the CHS Breach

September 3, 2014 Readers Write 2 Comments

Lessons Learned from the CHS Breach
By John Gomez

In early 2014, a group of security researchers began to suspect that some implementations of SSL — a commonly used method to encrypt data — were not as secure as the name would imply. Their thesis was rather elegant, actually more art than science, but fascinating just the same.

They hypothesized that although the cryptographic algorithms may well be secure and protect over-the wire data (data sent across a network) from prying eyes, the actual programming used to implement the algorithms may have flaws. If there was a flaw in the underlying implementation — such as how memory is managed, for instance — then SSL could become a tool for nefarious agents to exploit and compromise network security.

On April 1, 2014, two groups of security researchers (Neel Mehta of Google and Codenomicon) announced that such a flaw did exist in SSL, specifically in OpenSSL. This vulnerability came to be known as Heartbleed.

Within hours of the vulnerability being announced, sites around the world were compromised, including the Canadian Revenue Agency, Mumsnet in the UK, and others. Early estimates showed that well over a million sites and X.509 certificates were at risk of attack. On April 12, 2014, University of Michigan reported that a server in China had attacked a decoy server at U of M with advanced tools to exploit the Heartbleed vulnerability.

The revelation of the Heartbleed impact created shock waves. Some, like the Electronic Frontier Foundation, called it “catastrophic,” and Forbes columnist Joseph Steinberg declared, “Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.”

Within days of the disclosure, the Federal Bureau of Investigation released a private industry notice (or PIN) to the healthcare industry that stated, “The healthcare industry is not as resilient to cyberintrusions compared to the financial and retail sectors, therefore the possibility of increased cyberintrusions is likely.”

Flash back to February 2014, when a group of hackers known as Unit 61398 was suspected of launching cyberattacks against a variety of US industries, specifically the financial, transportation, energy, and healthcare sectors. Unit 61398 is believed to be, according to cybersecurity firm Mandiant, a top-secret unit of the People’s Liberation Army based in Shanghai.

Since February 2014, it has been learned that Unit 61398 is not specifically tasked with cyberattack missions, but it is believed to have developed highly sophisticated software and hardware tools that could be used for cyberwar, typically known as cybermunitions. Speculation is that these tools are made available to independent hacker groups for “testing purposes only,” although this has never been confirmed.

One such group believed to have gained access to these tools is APT 18, a well known and highly sophisticated group of Chinese hackers with branches in Shanghai, Hong Kong, Singapore, and the United States. APT is shorthand for a type of cyberattack known as Advanced Persistent Threat. APT 18 specializes in conducting those attacks.

It is believed that within hours of the Heartbleed disclosure on April 1, APT 18 started customizing the tools from Unit 61938. One they possibly created is a Remote Access Tool (or RAT.) A RAT works by using a carrier to gain access to network systems, usually by rather simple means. For example, a RAT can be deployed inside a network as a result of a user watching a video, reading an e-mail, or opening a file.

A highly common way of distributing a RAT is through a trusted third-party communication, which is typical in exchanges between business associates and covered entities in healthcare. A RAT could also be deployed to a medical device with a vulnerable call-home feature and network access.

The RAT allows remote control of a network, servers, devices, and much more. Just like a real rat, a cyber-RAT is infectious and can cause severe damage. The current thinking is that APT 18 targeted Community Health Systems (CHS) and successfully introduced a RAT before CHS could apply the Heartbleed patches to all of its systems. This is speculation, but highly probable.

It is also probable that APT 18 was successful because it had started targeting the healthcare industry in February 2014. Heartbleed was a fortunate development. It is also believed that CHS is not the only targeted healthcare entity and APT 18 may have compromised other healthcare organizations that may not have discovered the compromise yet. APT 18 may have used other vulnerabilities to infiltrate the CHS system, but for purposes of this article, we will continue to embrace the common thinking that Heartbleed was the key mechanism.

Criticizing CHS would be wrong. It acted quickly and there’s no evidence that it was negligent or dismissive. A better use of our time as an industry would be to learn from the CHS experience. The healthcare information technology sector is under attack by sophisticated enemies who will continue to persist their attacks on healthcare infrastructure as a means to undermine patient confidence in our ability to provide quality care and security.

We should be thankful that the CHS breach was limited to data because a RAT can take over an MRI, CT scanner, or EMR system to impact patient safety. Other cybersecurity researchers have demonstrated how to attack X-ray machines and other medical devices. The risk of attack on medical devices prompted the FDA to issue a memorandum on security to medical device manufacturers in June 2013. Although some manufacturers have responded to the memo in a positive manner, some have ignored its warning.

The most important lesson we can take away from the CHS breach is that we as an industry, to echo the FBI PIN, are “…not as resilient as other industries.” Which leaves us with the question: how do we improve our security stance and become more resilient?

Security takes money and a lot of it. There is no way to sugarcoat that fact or to make it more politically correct. NBC News recently reported that the annual cost of healthcare breaches is approximately $5.9 billion. Being secure means educating the board of directors and making it a core investment of the healthcare organization. There is no cheap answer or strategy.

Then, consider how to become aggressive about cybersecurity. Not assertive, but aggressive. Here’s an analogy.

Think of a healthcare system as a castle. Castles had multiple layers of security — intelligence, physical deterrence, internal and external defensive tools and strategies, propaganda, community allegiance, and, “Oh, crap, everything has failed” plans.

The safest castles — the ones that truly focused on protecting their inhabitants, allowing them to pursue a happy and high quality life — had the best layers of coordinated defense and offense. The castles that simply deployed the basics — a moat, drawbridge, some pots of tar, and maybe a few archers — soon learned that a persistent and determined attacker, like APT 18 or others like them, would eventually defeat these strategies.

In today’s terms, that means if you have firewalls, intrusion detection, penetration testing, DLP and similar tools, and policies and procedures, you either have been breached or you will be breached, just like the simpleton castle that did only the basics. A Level III castle.

If you take things up a notch, maybe employ a CISO, get advanced tools, and offer community education and compliance monitoring, you’re on the right track. Still, the odds are that you will get taken out. Your castle is a bit more sophisticated as a Level II castle. You added some alligators to the moat, armed the citizens, and took survival a bit more seriously. A good job, but you could do better. You are assertive, not aggressive.

The best castles invest in leading edge tools, form regional security councils to share ideas and help each other, create crisis response plans, educate their business associates, and use tools for real-time compliance monitoring, data discovery, classification and categorization, and locking down medical and mobile devices. This is a Level I castle. Just like in medieval times, it has not only strong external defenses, but also internal mazes, secret passages, trap doors, nightingale alarms, and have remote forces that can respond at a moment’s notice to surround the enemy.

It’s true that someone can get into even a Level 1 castle, but a Level I castle will survive longer than a Level II or III castle. In fact the odds are that a Level I castle will repel attacks and be standing after an APT or coordinated persistent attack.

If you had to put your family and loved ones in a castle that was going to be attacked, you would choose the Level I castle. You would do anything to safeguard the lives of those you love. In this day and age and within our industry, cybersecurity is not about privacy any longer. It is about safeguarding patient lives.

It doesn’t matter how the CHS attack happened. It is a wake-up call. Vendors, providers, and allied health entities need to build a Level I castle because they are at risk of coordinated and focused attacks. APT 18 is just one of hundreds of organized entities and thousands of independent attackers who are targeting healthcare and your castle.

To give you an example of how the stakes have been raised, ISIS (yes, the Middle East terror group) has several hundred computer programmers and hackers on their payroll. Take a few moments to let your mind wander about the damage a group like ISIS could cause to your castle. Some of those attackers will be happy with just taking data, while others won’t be happy until they take a patient’s life. 

CHS has shown that life for all of us in healthcare information technology has changed. The only remaining question is, whose castle will be next?

John Gomez is CEO of Sensato of Asbury Park, NJ.

View/Print Text Only View/Print Text Only
September 3, 2014 Readers Write 2 Comments

Advisory Panel: Reactions to the Community Health Systems Data Breach

September 3, 2014 Advisory Panel No Comments

The HIStalk Advisory Panel is a group of hospital CIOs, hospital CMIOs, practicing physicians, and a few vendor executives who have volunteered to provide their thoughts on topical industry issues. I’ll seek their input every month or so on an important news developments and also ask the non-vendor members about their recent experience with vendors. E-mail me to suggest an issue for their consideration.

If you work for a hospital or practice, you are welcome to join the panel. I am grateful to the HIStalk Advisory Panel members for their help in making HIStalk better.

This month’s questions involve actions taken in response to news of the recent hacking of Community Health Systems via the Heartbleed exploit.


What new actions or security reviews has news of the CHS breach caused in your organization?


I have been asked to have a penetration test performed on our network by our COO. This level of attention is unprecedented. I owe the folks at CHS a thank you gift for raising awareness amongst the rest of our executive team.


Asked my management team to review our systems again. I’m not positive the networking group reviewed their systems in April. I am now. 


It’s a reminder that we must constantly scan our environment for vulnerabilities and remediate every exposure. We have decommissioned some hardware as a result of our Heartbleed assessment.


We reviewed our current IE based connectivity i.e, Cisco (far better than Juniper).


[from a vendor member] As a result of recent breaches such as Community and Sony, we are setting up IDS — intrusion detection — for our production environment. We are now getting daily reports on access activity from our prod environment, paying very close attention to foreign access attempts. We are also turning up our white hat vulnerability scanning of our code base before deploying to production. White hat is also doing proactive vulnerability testing in our prod environment. SQL injection, xsite scripting vulnerabilities are specifically targeted. We are doing everything possible to be proactive to protect all client data under our care.


Gather details on the CHS breach. Ensure that we don’t have the same exposure. My understanding was the the Heartbleed vulnerability was unpatched on a VPN device (vendor omitted) and the device was configured for single-factor authentication only. From there, the attacker leveraged a known trojan backdoor to gain remote access to unpatched / unprotected Windows machines.


The news of the latest breach pretty much is part of the background noise since there is a breach every couple of days.


We are implementing a data loss prevention product to help mitigate the risks.


No new technology, but increased education for our staff  to remind them that security involves all users. We also presented our information security plan to our board, which met this week.


New actions, none. We had done sweeps using scripts to detect the Heartbleed SSL on our publicly-facing systems. We already have active security sweeps that detect Heartbleed vulnerabilities as well as any exploitation attempts.


We are re-evaluating our ability to detect large outbound data flows.


It actually happened at a good time. We were in the midst of our annual security audit when the news broke. We had just received initial results which showed our security posture. Tying the breach to our posture and presenting to executive leadership and the board gave our security program immediate credibility.


We have been reviewing our policies for vendor-managed systems and will be setting a revised set of standards for all vendors to follow irrespective of whether they like it or not.  We culturally and procedurally need to move away from the mentality of, “This is vendor managed, so we don’t touch it.” 


No new actions or reviews. Has led to heightened organizational awareness.


No changes. We are already monitored by a third-party vendor and have security set around our perimeter.


Review of all access privileges and more limited access to some previously given more global access. Creating more steps for some who have global access because we are asked to do things others used to do when they had access to the data.


We have not changed anything since the CHS attack. We have not performed anything in addition to our current IT security assessment, which coincidentally is running right now.


[from a vendor member] No new actions. We are already pretty paranoid. As a vendor organization with large payer and provider data sets, we’d be in big trouble if we breached. 


We have re-examined our approach to Heartbleed, but recognize that all of our best efforts are sometimes not enough. We focused on remediation, but also on response should we have a problem.


Initial reports suggest that the Heartbleed exploit was involved. Are you confident that your network equipment software has been updated?

I am as confident as reasonably possible. We have outsourced most of our security monitoring to a third-party service and they have scanned and validated we are secure. 


Yes. (two responses)


We are confident that our actions have corrected identified issues. This seems to be a “known unknowns” kind of situation where we know about some system components not managed by us that could be vulnerable. Vulnerability scanning continues.


Yes. We scan with Qualys monthly and before any new infrastructure is put onto the PRD network.


Yes. We have the same Juniper SSL VPN and applied the update soon after the exploit was identified.


When the Heartbleed exploit was publicized, we reviewed all our existing infrastructure and patched what we could. We continue to work with vendors to ensure that all needed patches have been installed.


Public Internet facing, yes, we are protected. There are a number of free or custom scripted scanning engines to verify. We’ve done that with QualysGuard on the big-name side, custom scripts on our security team, and finally by pushing as many things though our F5 load balancer that was not as effected on the SSL off-loading side. Internally there are ton of HTTPS/SSL security administration pages that need updates still, this many months on.


We initiated a remediation effort as soon as news of the Heartbleed vulnerability went public. While we feel pretty confident we have addressed the know vulnerability, we remain vigilant for suspicious activity.


We ran a test that showed that we only had one Heartbleed exposure, on a semi-retired system, which we fixed.


Not fully as we are completing our assessment, but believe our plans will largely address this.


Confident yes. Certain, no.


I hope so:) not confident.


I am never confident that we have covered every possible point keeping software up to date. There is always a chance we have missed something that will expose us to an exploit. Not that we accept vulnerabilities, but we are realistic about what we can and cannot protect.


[from a vendor member] We are pretty confident our network is up to date. It is amazing as a recently founded company (less than five years) with a hosted "cloud" model the amount of equipment in our office is down to laptops and a switch, one server for hardware experiments that is not hosting live data. Everything else is hosted and easy to control and evaluate. That is underappreciated in its effects in your efficiency and margins as an organization.


One of our staff reads Finnish blogs and we found out early. The patch was installed quickly.


We think so, but have chosen to take a more comprehensive look.


Would your network monitoring procedures detect unusual user behavior or large data transfers?z


We are missing some components of a perimeter security solution (IDS/IPS for one). This event has escalated the discussion and we are now pursuing the purchase of products and services to fill in a few gaps.


Probably not. Our logs are so voluminous we can’t find the needles that are in the haystacks, let alone tie needles from multiple haystacks together. 


Yes. We use intrusion detection and other monitoring techniques and have a 24×7 monitoring team to support detection.


Not really, but large data transfer is generally inhibited or not allowed.


Yes. DLP would detect/block any abnormalities at egress through the internet proxy.


No. We have to implement our data loss prevention solution before we can detect those.


We recently installed a new product from our core security vendor that looks unusual traffic on our network and has the ability to block traffic or workstation when it see something unusual. We feel this new system will be critical in responding events where no known malware or virus has been published.


[from a vendor member] We hope so. Our tests have picked up this kind of behavior, but frankly I’m always impressed at the ingenuity of software developers. It is what we pay them for, but since they could write the rules for those tests, they usually have insight into how someone might take a shortcut. 


Yes. We a security analytics platform based on real-time logs and network capture. There are a number of custom “content” detection methods we have on that solution. We detect abnormally large SSL handshakes, for example, an indicator of someone attempting to grab a full 256-bit data response from a vulnerable OpenSSL installation. When it comes to data exfiltration, we have the same security analytics platform plus a DLP platform, security operations center (SOC) rule sets, web filtering rules that would detect large transfers, and your general network operations center (NOC) monitoring.


We believe they do.  However, continuing to re-evaluate and test our ability to detect large outbound data flows.


Yes. Firewall alerts show large transfers. Geoblocking rules stop any transmissions to non-US IP addresses.


Not completely as it currently stands.We are presently executing upon a set of strategies will address this and other matters in the coming months.


Likely only very significant or large-scale activity.


Yes, we have checks and balances in place.


We have tools in place to detect abnormalities. However, we have not tested for this scenario … yet.


We have mechanisms for detecting unusual user behavior and our software blocks large data transfers (Outlook). Anything more sophisticated than than that would not be seen. The traffic (network) software requires human monitoring to be useful and we are short-staffed in that area.


Yes, I believe so. We have invested in tools and technologies, but in many ways, It just means we might detect something a bit more quickly than we might have otherwise detected. Not truly about prevention — just detection.


What ONE recommendation would you offer to a hospital trying to assess or improve its security against cyberattacks?


If you’re a small to mid-size healthcare organization, hire qualified professionals to evaluate, plan, and implement a full security program.


You can’t have one. Cyber security is multiple layers of different locks with keys held by multiple people. 


Address identified vulnerabilities without delay.


Have a robust Intrusion Detection System – we use McKesson as our ISP.


Diligence. More specifically, scan, patch, repeat. Strong password policies and two-factor authentication.


Tools are available. Look at the products in that space and select and implement. It will take a senior-level network resource to do it right.


Multi-layered security infrastructure and lots of training for staff.


[from a vendor member] Cloud vendors are probably more secure and less likely to breach their data, which doesn’t seem to make sense until you really examine the required data flows and architectural components. And watch those appliances and browser plugins, but I’m sure they are ahead of those issues already. 


Hire a SOC or some other Managed Security Service (MSS) based off a security solution that uses both log sources as well as network capture. If that is too much $$ for the analytics solution, at least hire a managed/outsourced SOC to watch your firewall/public Internet device logs. If a hospital can’t spend ~$10-30k per year to fund watching the front door, there are many other ways to breach that organization. 


Ensure firewalls are secure and these firewalls are sensitive enough for certain levels of attack and then immediately be informed of the attack to  those who need to know.


Take these threats seriously and prepare. Many in our healthcare industry seem to feel that these things only happen to financial institutions or commercial organizations. We’re the new target and, unfortunately, I think we’ll see more of these large breaches before healthcare finally takes security seriously.


Take it seriously. Now even small hospitals are a target. You cant follow "security by obscurity" any more.


Use common sense. When it’s been announced in every major public media source that there is a bug in the software that health systems use that leaves them vulnerable to data breaches, they should fix the bug immediately. We still regularly hear about unencrypted laptops being stolen. I wonder how many health systems there are out there that still haven’t fixed the Heartbleed bug and won’t until they have a breach?


Invest in security in your org and engage the people to have heightened awareness of security risks. Bad things will happen; the bad guys have more money, more resources, and more time than many of us. It is important to know how to reduce exposure and be prepared for the bad events. In many ways, it is like the principles of a High Reliability Organization, ideas promoted by Drs. Weick and Sutcliffe.

  1. Be preoccupied by failure. Focus on what could go wrong.
  2. Be reluctant to simplify interpretations. Don’t jump to simple conclusions – try to understand the situation.
  3. Sensitivity to operations. Respect the folks close to the problem; they may be able to help you detect that something is going wrong.
  4. Commitment to resilience. Be prepared to bounce back; don’t give up.
  5. Deference to expertise. Engage the experts

We have dedicated software, not hardware, for DDOS attacks, but those are pretty obvious when they are happening. Far and away it is the human factor, phishing, that is the danger, perhaps even more so from the IT department who considers themselves immune to this type of attack. I bet they are are just as gullible as every other user.


Install an IPS. It is amazing to see what how many times a day you are scanned and/or attacked. The right technology will allow you to “see” the activity and defend against attack.


Use an outside firm that has expertise in this area to do an annual assessment and also perform white hat hacking. You will be amazed at what is discovered and how this information can help position the organization to be as prepared as reasonably possible against attacks.


I would love to believe that ONE recommendation would address our reality. This space is one of the most underrated in terms of complexity, cost, and risk. We have spent the past 18 months going through an exhaustive planning and education process to thoroughly assess where we are and where we need to be. There are technical parts for sure which need to be understood and addressed. These are the easiest to deal with because they are, by definition, known. The issue is, how to you reconcile an organization’s risk tolerance against a growing uncertain threat? This is not an easy topic to get organization leaders’ heads around. Take the recent situation at Children’s of Boston. Did any of us actually believe we providers would be the victim of an attack from a sympathetic group involving the care of a very tragic patient care situation? 

We live in a different world at a very different time. We providers are all under a significant amount of pressure as we deal with all of what is happening in our space. I believe most of us have been making “best reasonable efforts” to do the right thing and safeguard the information which we need to be responsible for. We also need to invest in a wide variety of enablers to transform ourselves into what we believe is important. Everyone is becoming more sensitive as most people know that no one is immune to this threat and it’s just a matter of time. Unfortunately, it’s difficult to make the necessary investments to mitigate against most if not all of the threats given the economic pressures that we are all under. Interesting topic in very interesting times.


View/Print Text Only View/Print Text Only
September 3, 2014 Advisory Panel No Comments

Morning Headlines 9/3/14

September 2, 2014 Headlines 1 Comment

‘Find My iPhone’ exploit may be to blame for celebrity photo hacks

A long-known vulnerability within Apple’s Find My iPhone portal allowed hackers to gain access to the login details of dozens of celebrities’ iCloud accounts, ultimately leading to the exposure of hundreds of nude photos. The embarrassing security lapse comes just ahead of Apple’s planned roll out of HealthKit, a service that Apple will use to store and share personal health data.

U.S. Digital Services Playbook

The newly created US Digital Services group publishes its Digital Services Playbook for public comments. The playbook outlines 13 best practices borrowed from private industry that will become the standard operating procedure for future government IT projects.

Failure to join up medical records ‘is a health risk’, says GP chief inspector

In England, the chief inspector for primary care doctors calls the country’s lack of integration between primary and acute care EHR systems a health risk. He proposes giving patients unrestricted access to their own primary care EHRs as a potential solution.

View/Print Text Only View/Print Text Only
September 2, 2014 Headlines 1 Comment

News 9/3/14

September 2, 2014 News 8 Comments

Top News

image

Experts speculate that a known vulnerability of Apple’s FindMyPhone app allowed hackers to download nude photos of celebrities from their synced iCloud accounts using a brute force password attack program. Apple buries the optional two-factor authentication option in technical documentation and allows unlimited password guesses. The company has released an emergency patch. The healthcare connection: the timing for Apple couldn’t be worse as it prepares to announce new health-related apps next week. They’ve apparently known about the problem for a long time.


Reader Comments

image

From 123456: “Re: The Advisory Board. Announced a hiring freeze on Friday, but didn’t call it that.” The internal email says, “For the coming months, we will prioritize staffing needs based on member impact and growth, which also means in some cases deprioritizing currently open positions and not filling them this year.” ABCO has been on a hiring tear and will add another 400 employees by the end of the year (for a total of 1,100 new hires in 2014), so that seems like a smart decision and good news for existing employees. It’s like having a table in a restaurant that’s turning away walk-ups. It would be a far less upbeat story if they were laying off, shrinking headcount by attrition, or growing too quickly by bringing on poor hires.

image

From Unbelievable: “Re: QuadraMed. Announced another reorganization today. Customers have expressed disappointment with the services team and the lack of experienced resources, contracting directly with former employees to achieve Meaningful Use.” Unverified.

image

From CaptainSalty: “Re: Explorys. Apparently a large strategic player is deep in acquisition talks.” Unverified.

image

From Julia: “Re: 2014 CEHRT. A table on this page says the flexibility with MU2 reporting is for providers whose vendors have delayed 2014 Edition EHRT availability. But this chart implies you can choose Stage 1 criteria even though you’re using a 2014 CEHRT. Any insight?” I’ve lost interest in the Meaningful Use program, so I’ll let someone who follows it more closely answer. This latest round of tweaks exceeded my attention span permanently.


HIStalk Announcements and Requests

image

Citrix says they’ve fixed the GoToWebinar problem we had last week that locked some registered people out. We don’t trust their fix (in which they just rolled us back to the last good version), so we could use some help testing Wednesday (today) at noon Eastern. They say if we can get more than 32 people, we’ll be fine for our next live webinar on Thursday. To help us out:

  1. Register for our test webinar (just your name and email address is fine – GTW requires both).
  2. Jump on the webinar at noon ET Wednesday. You don’t even need to call in since we just need to see if we can get everybody logged on.
  3. Just hang out there until Lorre sees more than 32 people on and gives the OK to log off. She might tell stories or something while we wait.

The word I replace most often in reader-submitted articles: “utilize.” It’s no better than the shorter and less pretentious “use.” Here’s another oddity I see in nearly every interview: instead of saying, “We wanted to see how the market reacted,” I usually get, “We wanted to see how does the market react,” making me wonder whether or not to use a question mark after the oddly phrased semi-question.


Webinars

September 4 (Thursday) 2:00 p.m. ET. MU2 Veterans Speak Out: Implementing Direct Secure Messaging for Success. Presented by DataMotion. Moderator: Mr. HIStalk. Panelists: Darby Buroker, executive director of health information exchange, Steward Health Care; Anne Lara, EdD, RN, CIO, Union Hospital of Cecil County, MD; Andy Nieto, health IT strategist, DataMotion; Mat Osmanski, senior application analyst, Steward Health Care; Bill Winn, PhD, Meaningful Use service line executive, Navin, Haffty & Associates. Panelists will discuss the strategy and tactics of meeting the transitions of care requirements for MU2, including assembling the team, implementing Direct Secure Messaging, getting providers on board, and reporting results.

September 11 (Thursday) 1:00 p.m.ET. Electronic Health Record Divorce Rates on the Rise — The Four Factors that Predict Long-term Success. Presented by The Breakaway Group, A Xerox Company. Presenters: Heather Haugen, PhD, CEO and managing director, The Breakaway Group, A Xerox Company; Bill Rieger, CIO, Flagler Hospital, St. Augustine, FL. Many users are considering divorcing their EHR as dissatisfaction increases. Many are spending 90 percent of their time and resources on the wedding  (the go-live) instead of the long-term commitment to new workflows, communication, education, and care outcomes (the marriage). Hear more about the findings of research published in “Beyond Implementation: A Prescription for Lasting EMR Adoption” about EHR adoption and success factors.  Registrants get a free electronic or paper copy of the book.


Acquisitions, Funding, Business, and Stock

image

Compuware will be acquired by private equity firm Thoma Bravo from $2.5 billion after years of pressure from activist hedge fund operator Elliott Management, whose $2.3 billion offer to buy the company was rejected in December 2012.


Sales

image

University of Toledo Physicians (OH) chooses athenaOne.


People

image image

News I missed from a few days ago: Rebecca Kaul, president of UPMC’s Technology Development Center and daughter of CEO Jeffrey Romoff, resigns three months after being given the chief innovation officer title. Her group developed several applications, including the ConvergenceMD tablet app, and invests in technology companies not owned by UPMC. VP and radiology informatics chief Rasu Shrestha, MD replaces her.

image

Forward Health Group names Laura Kreofsky (Seek LLC) director of client services.


Announcements and Implementations

image

The Department of Homeland Security goes live on eClinicalWorks at its 23 Immigration and Customs Enforcement detention facilities. Harris Corporation was the primary bidder.

The PACS Designer launches an Indiegogo campaign to fund development of his Solutions Whitebook that will cross reference ICD-10 codes to ICD-9.

Craneware launches Reference Plus to ease chargemaster maintenance and coding for critical access and independent community hospitals.

image

EDCO Health Information Solutions announces Version 3.5 of its Solarity medical record scanning and indexing software, which allows users to scan and send paper medical record components to HIM in as few as three clicks.

image

Spok announces Spok Mobile 4.0, the latest release of its secure messaging app that provides a user status indicator and free trial version.


Government and Politics


The new US Digital Services posts its Playbook with 13 key plays and associated checklists and key questions for each :

  1. Understand what people need.
  2. Address the whole experience, from start to finish.
  3. Make it simple and intuitive.
  4. Build the service using agile and iterative practices.
  5. Structure budgets and contracts to support delivery.
  6. Assign one leader and hold that person accountable.
  7. Bring in experienced teams.
  8. Choose a modern technology stack.
  9. Deploy in a flexible hosting environment.
  10. Automate testing and deployments.
  11. Manage security and privacy through reusable processes.
  12. Use data to drive decisions.
  13. Default to open.

Technology

A Wired article on how to make programming code “beautiful” explains at great length what seems like a fairly obvious method to avoid deadlocked rows, storing multiple versions, and tracking status changes: store the original row when added, then never update it directly, instead recording transactions that are performed on it such as “invoice status changed” and “line item added.” Sounds good except for the overhead required to look at the current state of the row, which would require replaying all the individual transactions created against it. Nobody likes seeing a “record lock” error, but they also don’t like waiting to see the information they requested.


Other

image

Chicago-area Northwestern Memorial HealthCare and Cadence Health merge to form a four-hospital, 19,500-employee, $3 billion organization.

A before-and-after study of 30 hospital-associated medical practices finds that EHR implementation in 2007-2009 was associated with increased revenue, but with fewer patients seen. It concludes that while productivity slipped with EHR usage, increased orders for ancillary procedures (not upcoding) increased revenue, leading the authors to speculate that doctors possibly “were taking better care of fewer patients.”

image

In England, the influential doctor who serves as Chief Inspector of General Practice says that hospitals and practices put patients lives at risk by not sharing electronic medical records. He says the “wall between hospitals and GPs” forces consultants to write letters describing recommended treatments instead of entering them into a shared medical record and prevents hospitals from seeing office-based lab test results. He also advocates giving patients access to their own records.

The Toledo newspaper reports that many area private practice doctors are signing up to become hospital employees, with one cardiology group reporting that cardiologists went from 85 percent in independent practice to 85 percent employed in just 18 months. It quotes a family practitioner who listed access to Epic as one of the reasons he went to work for a hospital, explaining, “A doctor in practice will never have Epic. They don’t sell that to small groups — it’s too expensive.”


Sponsor Updates

  • iHT2 releases a research report titled “Answers to Healthcare Leaders’ Cloud Questions.”

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

 

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
September 2, 2014 News 8 Comments

Morning Headlines 9/2/14

September 1, 2014 Headlines No Comments

CHIME Statement on Finalization of Meaningful Use ‘Modifications’ Rule

CHIME publishes a statement calling the decision to mandate a 365-day reporting period for 2015 attestations deeply disappointing, going on to say that as a result “the very future of Meaningful Use is in question.”

Providers see little enthusiasm to join Pioneer ACOs

While federal officials debate expanding recruitment efforts for Medicare’s Pioneer ACO model, existing Pioneer ACO executives are speaking out over the logic of such a decision, explaining that “Organizations are not gravitating toward the Pioneer ACO model because the downside risk is not outweighed by the opportunity for economic gain—the business case is not compelling.”

Doctors Use Canadian Technology to Tackle Prescription Drug Crisis

In Canada, physicians are using a government-funded opioid management toolkit made by CognisantMD to help combat the increased prevalence of prescription drug abuse and opioid overdoses.

Taking the pulse of Beaumont Health hospital merger

Crain’s covers the formation of Beaumont Health, an eight-hospital health system that will finalize its formation this week. While the merger is imminent, key strategic decisions are still unresolved. One consultant explains “The new organization officially goes online Sept. 1, and none of the executives know what their jobs will be”

View/Print Text Only View/Print Text Only
September 1, 2014 Headlines No Comments

HIStalk Interviews Charlie Enicks, VP/CIO, Georgia Regents University and Health System

September 1, 2014 Interviews 1 Comment

Charlie Enicks is VP/CIO of George Regents University and Health System of Augusta, GA.

image

Can you describe the contract you just signed with Cerner?

Cerner has similar arrangements in a couple of places. At University of Missouri, they call it the Tiger Institute. They just recently did something at Children’s National in Washington called the Bear Institute.

They agreed to a long-term agreement that sets out a way of operating and allows us to, from a strategic standpoint, innovate with Cerner and with Cerner and Philips. We’ll have an innovation committee that has a membership from our research and clinical group, from Cerner, and from Philips to talk about what could be either three-way or two-way innovation. We’re very excited about that part. 

What it allows us to do from a strategy is accelerate the pace of implementations that we can get done here. With our current financial situation, we can’t really get capital at a fast enough pace to get done what we want to get done. This contract smooths the cost out over 14 years. The Year 1 rate is lower and in the out years, the operating side is about equal to what we’d expect and the capital side is lower because of the investment Cerner is willing to make.

That includes moving the Cerner software and data to Kansas City to their data center. It includes moving the service desk to Kansas City, where it will be open 24 hours day, seven days a week, whereas we’re operating 14 hours, five days a week, which is problematic in a clinical environment. Ten senior associates will relocate to Augusta and work here. Five of those employees will be focused on innovation and process improvement projects that we plan to undertake.

It improves our disaster recovery and security profile. We have started putting together plans to operate a warm site. We’re looking at an investment of five to 10 million dollars to do that, so we avoid that step.

 

Which employees will not move to Cerner?

I’m responsible for the university as well. The university applications, our audio-visual effects, our client services on the university side will stay with the university. I’ll have CMIO, a chief information security officer, my university operation, and the administrative. We’ll still be doing all the contracting for non-Cerner applications and hardware.

 

Are they taking over the entire operation?

They’re taking over the operation of it and they’ll make recommendations about different things, but we do the procurement. It could possibly pass through Cerner if Cerner can get a better deal for us, but it’s not a requirement.

 

Fourteen years is a pretty long contract to lock in. What led you to have the confidence in Cerner to be willing to do that?

We’ve worked with them for 12 years. The 14 years was picked because of our Philips arrangement — it started last year and was a 15-year deal. We wanted those to be concurrent. There are typical ways to get out of the contract should either party decide at earlier than 14 years that it really doesn’t make sense.

My personal experience with Cerner went back to Emory back in the early 1990s during the genesis of the Millennium software. But I had not worked with them for almost 20 years. In the last two and a half years, I’ve been very impressed with where they’re going with their company, the services that they’re offering, and the direction of software.

Our access to capital is limited. Our growth strategy as an academic medical institution is creating enough clinical work for our students and residents. We’ve got relationships all over the state.

For us, this represents a way to get done what we need to do. We don’t have the capital to switch to some other vendor. We’ve decided to become a strong partner with Cerner. We think that will get us where we need to go.

 

Do you think it will become common that hospitals will be looking for someone to do their hosting or move to a cloud-type environment?

I would absolutely agree this is a trend. You’ve got companies like Novant in North Carolina — they’re starting to do this in the Epic space — and other companies. You’re going to see more and more of it.

Cerner recognized that. I guess they started the remote hosting a little over 10 years ago. But their ITWorks component of this, and their new software like the population health management, which is a cloud-based solution — that’s really where they’re moving as well.

I agree, I think this is going to be more and more the case as this stuff gets very complex and expensive to manage. Even though Augusta is an attractive place to some people. It’s very hard to recruit senior-level Cerner folks to Augusta.

 

What other things are you struggling with?

Like everybody else, we’re struggling with getting Stage 2 Meaningful Use tested. We’re very close — we still have some transition of care. We need to get those numbers up a little bit. But we’ll get that done.

Our issue predominantly in the clinical space is that we’ve had the product for a long time. We need to optimize what we’ve got, but we also need to get in the oncology module, the anesthesia module, and the maternity module. That’s really what’s keeping me up. Before this opportunity, I really didn’t see a way out of being able to get all that done in a timeline that the clinicians needed to do their work.

For the other projects that I’m worried about it in the health system, Cerner will be responsible for managing those. We’re doing a total voice over IP replacement for the university and the health system. Cerner will be managing it. We’re doing a consolidation of our Active Directory. We will still be buying the software, hardware, or services. Cerner will be responsible for executing.

 

Do they have those resources or will they staff up to meet your needs?

They do have a fairly extensive number of resources. They’re not sitting on the bench somewhere not doing anything, but we would be the 17th or 18th client that utilizes their ITWorks service. They’ve got a pretty extensive group out of Kansas City doing this now.

View/Print Text Only View/Print Text Only
September 1, 2014 Interviews 1 Comment

Morning Headlines 9/1/14

August 31, 2014 Headlines No Comments

New CMS rule allows flexibility in certified EHR technology for 2014

CMS publishes a final rule that will delay the start of MU Stage 3 until 2017, but does little to help providers and hospitals still struggling to meet Stage 2 requirements.

Hundreds of blood tests to be re-checked after computer crash at hospital

In Ireland, Cork University Hospital will have to redraw and rerun hundreds of blood tests after an IT failure leads to the loss of the original test results.

More Data to Be Withheld from Database of Physician Payments

CMS reports that additional data will be withheld from the Open Payments platform set to go live September 30. Payment data stemming from research grants made by pharmaceutical companies to doctors through intermediaries, such as contract research organizations, will be suppressed until doctors have time to verify or dispute the reported payment data.

View/Print Text Only View/Print Text Only
August 31, 2014 Headlines No Comments

Monday Morning Update 9/1/14

August 30, 2014 News 4 Comments

Top News

image 

CMS basically kills the comatose Meaningful Use program by publishing a rule that leaves the 365-day attestation period for 2015 unchanged, meaning hospitals must be ready to start in the next four weeks. The rule, released late in the afternoon of a Friday holiday weekend, ignores widespread recommendations to allow providers to attest for any three-month quarter of the year. The only benefit to providers is that Stage 3 is moved back a year to January 2017 and an extension of time for using 2011 CEHRT. The program has gotten so complex that I’m not sure anyone really understands it. Leave a comment with your reaction to the new rule, assuming you even care.


Reader Comments

From DrM: “Re: Apple’s privacy policy change for HealthKit. This is actually broader than just selling data. It extends to providing HealthKit data to any third party for any purpose other than providing health and/or fitness services, and even then they must obtain user consent. This precludes many secondary use scenarios, possibly even ones that might be beneficial to the user. I’m guessing this change was driven by their discussions with large healthcare organizations who likely told them that if they allow others to monetize or reuse that data, they won’t be putting their patients’ data into HealthKit and wouldn’t ask their patients to do so, either. Apple has a number of other hurdles to overcome to make their technology work for healthcare, but this would have been a quick deal-breaker for many if not most organizations.”

image

From Frogger: “Re: Castlight Health. I’m M&A trained and Castlight was a loser from the get-go. The who’s who of investors, big-name healthcare people, and investment bankers involved were desperately trying to save their investment with a much-publicized marketing campaign of an IPO. However, many of my colleagues with healthcare investment backgrounds (including me) can’t figure out what’s so attractive. It will be sure to die if Todd Park gives it CPR like Healthcare.gov, which is still being propped up by taxpayer dollars. Left on its own, it would perish by Christmas and still have 15 million uninsured, which was the CBO projection even if it had gone according to plan.” I dug through SEC documents trying to figure out how many CSLT shares Todd owns or if he’s sold them, but couldn’t find his name anywhere other than on the list of the shareholders of Maria Health that morphed into Castlight. He wasn’t a company executive, just a co-founder, so maybe his shares are held under a corporate name. I would think he had to divest to work for the White House, but I don’t know for sure.

image

From The PACS Designer: “Re: Windows 9. The Microsoft Threshold project, now known as Windows 9, has been rumored to be moved forward from 2015 to a possible launch in late September. It will be interesting to see how it will be sold considering how many users are still on Windows XP.” Everybody knows that every other major version of Windows is bad, which obviously includes the terrible decisions made about the user interface of the poorly-adopted Windows 8, such as the default Metro tile interface even for non-touchscreen desktops, the bizarre Charms bar, and the unintuitively hidden red X to close an open window. Let’s hope Microsoft doesn’t break the streak by rushing out a partially baked Windows 9. Rumors suggest that a Win 9 upgrade will cost somewhere between nothing and $20. I’ll add this: I’m on Windows 8.1 and I like it a lot since updates made the non-tile display standard. I’ve had no problems at all, and even its native Bitlocker encryption works flawlessly and invisibly. Individual Win XP users should definitely get off that creaky platform, especially since Microsoft will supposedly offer a great deal to move to Windows 9.


Reader Comments about HIE Costs

From an HIE president: “We partnered with the state’s department of health for important services that include public health feeds for Meaningful Use. When providers are forced by regulation to use the HIE, there’s no charge for access. However, those services are subsidized by the all-in participant fees, which are on average less than one-tenth the number you mentioned. Yes, our HIE hopes to make our services so valuable that everyone will use them, but since we are governed by providers that both set and pay the fees, I wouldn’t consider it milking for profit. Certain vendors have been speaking negatively about HIEs for years, telling customers, ‘You don’t need them – just buy my [incredibly expensive] software.’”

From an EHR vendor: “One state we work in was territorial. We were told that practices had to submit data via the HIE instead of directly to the state. The HIE moved very slowly and the state demanded more upfront data cleanup by the EHR, such as changing ‘Road’ to ‘RD’ or whatever. I think the state was threatened by the HIE’s approach and wanted to punish someone for it. Then there was a problem that the HIE wouldn’t talk to the state about, so the state called us, then the HIE blamed their HIE platform vendor and the state, the state blamed us and our clients, and our clients blamed us, all while the vendor didn’t respond. That vendor finally fixed the problem without any explanation or apology.”

From an EHR vendor: “I have really not found an HIE with a sustainable business model.  They inherently believe they are providing value and believe that providers should line up and pay for it.  I have not found that to be the case.  We are finding more success in purpose-driven connections that generally bypass HIEs, partially due to their limitations in dealing with sensitive data and consents.”

From a hospital CIO: “The point of being held hostage is longstanding. I tried to make the point to the state HIE leaders that if you want to charge my organization, you need to do something I can’t do or do it more effectively. I had already automated interfaces to reference labs and e-prescribing, items the HIE was trying to sell me as added value. I told them they should remove my need to maintain never-ending state reporting changes in return for getting my ADT information, but they couldn’t seem to grasp the concept. They saw the health system’s participation in an HIE as an obligation.”

From a hospital: “The state HIE has told us repeatedly we need to pay full participation costs when we only need to send immunization data. This would have been around $675K annually. We have refused since there’s no reciprocal benefit to us. I know several of the state’s largest health systems are united with us in refusing to pay. The way to statewide HIE connectivity is through regional HIE collaboration.”


HIStalk Announcements and Requests

image

A third of poll respondents say their provider organizations are taking new security steps after the Community Health Systems breach. New poll to your right or here: how much impact will drug chains such as Walgreens and CVS have on healthcare in the future?

The HIStalk site had some malware added via SQL injection Friday afternoon. Sucuri, my excellent malware monitoring and remediation service, detected and removed it quickly, but it takes quite a while for the online services (especially Google Safe Search) to catch up and stop showing the “blocked” warning. It’s surprisingly challenging to keep the hackers out, even with a dedicated, hardened server with updated software. HIStalk, for example, has had 31,000 malicious access attempts blocked by yet another tool I use. After this incident, I’ve one more layer of security, a virtual proxy firewall that blocks several kinds of attacks.

image

The silver lining of the malware problem is that I found a great secure password management tool: LastPass. It will detect and store your Web-based passwords as you log in (encrypted on the web) and give a single-click access to any of them across multiple devices, including the iPhone. I updated my sites with new, complex passwords that I don’t have to remember – I only need to recall the master password that opens the LastPass web page in Firefox. You can even create a shared folder to share passwords with family members with real-time updates. It’s free, amazingly, and the premium version with extended mobile support is only $12 per year. It will change your life.

image

My idea for the HIMSS conference: Chicago’s not Black Rock City, but let’s go Burning Man and erect a giant figure of The Man (maybe he could look like Steve Lieber) that will be ceremoniously burned Wednesday night as a clothing-optional emotional purging of the week’s triumphs and frustrations. Then on Thursday, The Temple (the exhibit hall) can be immolated as the 15 people who stick around until then cheer.


Last Week’s Most Interesting News

  • Apple updates its privacy policy to prohibit health app developers from selling user data.
  • The Department of Defense issues the RFP for its $11 billion EHR project.
  • The VA issues an RFP for a new patient scheduling system.
  • Premier announces that it will acquire supply chain technology vendor Aperek.
  • The White House confirms that Todd Park will transition from US CTO to a West Coast-based advisory role, where he will recruit technology talent for government work.
  • Oregon files a lawsuit against Oracle over its mothballed $240 million health insurance exchange.

Webinars

September 4 (Thursday) 2:00 p.m. ET. MU2 Veterans Speak Out: Implementing Direct Secure Messaging for Success. Presented by DataMotion. Moderator: Mr. HIStalk. Panelists: Darby Buroker, executive director of health information exchange, Steward Health Care; Anne Lara, EdD, RN, CIO, Union Hospital of Cecil County, MD; Andy Nieto, health IT strategist, DataMotion; Mat Osmanski, senior application analyst, Steward Health Care; Bill Winn, PhD, Meaningful Use service line executive, Navin, Haffty & Associates. Panelists will discuss the strategy and tactics of meeting the transitions of care requirements for MU2, including assembling the team, implementing Direct Secure Messaging, getting providers on board, and reporting results.

September 11 (Thursday) 1:00 p.m.ET. Electronic Health Record Divorce Rates on the Rise — The Four Factors that Predict Long-term Success. Presented by The Breakaway Group, A Xerox Company. Presenters: Heather Haugen, PhD, CEO and managing director, The Breakaway Group, A Xerox Company; Bill Rieger, CIO, Flagler Hospital, St. Augustine, FL. Many users are considering divorcing their EHR as dissatisfaction increases. Many are spending 90 percent of their time and resources on the wedding  (the go-live) instead of the long-term commitment to new workflows, communication, education, and care outcomes (the marriage). Hear more about the findings of research published in “Beyond Implementation: A Prescription for Lasting EMR Adoption” about EHR adoption and success factors.  Registrants get a free electronic or paper copy of the book.


Announcements and Implementations

Philips announces the monitoring cost for its free Lifeline app for seniors — just $13.95 per month with no contract required. That seems like a good deal for independent elderly folks as long as they have a smartphone and keep it handy at all times.


Government and Politics

CMS’s Open Payments system is not only late going live, it also will exclude an estimated one-third of total payments drug and device manufacturers pay to doctors. CMS says physicians who are paid via contract research organization haven’t had time to verify the validity of their data, so it will be withheld from the September 30 go-live. System proponent Senator Chuck Grassley (R-IA) wasn’t happy with the news, saying, “CMS has had more than four years to figure everything out. It’s disappointing and irresponsible that so many basic questions are unresolved at this late stage.” CMS was supposed to release its rules for the system that reports payments for research, consulting, and gifts in December 2011, but didn’t get them out until February 2013. Adding to the site’s problems, CMS says the system’s operation will be interrupted at times from August 30 to September 5.

Vermont, which fired its health insurance exchange contractor CGI and brought it Optum to review the project, gets a black eye when Optum concludes that the state’s project ownership was lax and CGI didn’t feel accountable.


Technology

image

A ED doctor develops a smartphone app that can objectively measure whether a patient is experiencing genuine alcohol withdrawal. The patient simply holds the smartphone for 20 seconds, after which the doctor can tell if they’re faking it to get prescriptions. One of its developers is working on an app that objectively measure the redness of a patient’s face to determine whether rashes are getting better or worse. Of all the dopey medical apps out there, these seem like great ideas.


Other

image

AMIA will convene an invited group this week on “Harnessing Next-Generation Informatics for Personalizing Medicine.” I wouldn’t have named AMIA as the best organization to work on tailoring treatments to genomics and discovering the correlation between physiology and diseases and treatments, but at least they are looking ahead.

In Ireland, a large hospital’s laboratory will need to reinterpret and possibly redraw hundreds of blood tests when on of its systems crashes several times in August.

image

Executives of four private health systems that control 80 percent of the Phoenix, AZ market question whether taxpayers should pay around $1.4 billion to replace Maricopa Medical Center and other county health facilities. The executives say there’s no need to expand a tax district hospital when most patients are treated as outpatients and the existing systems have more than enough capacity. I’ll admit the building looks awful, as does most early 1970s architecture, where a lot of hospitals are trapped in time due to the sudden influx of Medicare money.

Siemens posted this pretty cool time lapse video of a trade show setup. I was in the HIMSS exhibit hall on setup days earlier this year and it was a madhouse of fast-moving motorized equipment, setup workers, employees in blue jeans, and mountains of shipping containers.


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

 

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
August 30, 2014 News 4 Comments

Morning Headlines 8/29/14

August 28, 2014 Headlines No Comments

Apple prohibits HealthKit app developers from selling health data

Apple has updated its privacy policy to prohibit developers that connect to its HealthKit API from selling health data to marketers. The announcement comes on the heels of rumors that Apple will finally unveil the iWatch during its upcoming September 9 marketing event.

Google’s Smith Is Top Candidate for U.S. Chief Technology Officer

The VP of Google’s secretive X labs is rumored to be a top candidate for next US CTO position, replacing Todd Park who recently announced that he would be moving on.

Greenway Collaborates with Walgreens to Deploy Nation’s Largest Pharmacy EHR System, Furthering Care Coordination Across Drugstore Chain

Greenway has completed its implementation of Walgreen’s pharmacy EHR, the largest centralized pharmacy EHR system ever deployed.

Making Science Fiction a Science Reality: 10 Finalist Teams Selected For $10 Million Qualcomm Tricorder XPRIZE

Qualcomm has unveiled the final 10 teams in its $10 million tricorder XPRIZE competition.

View/Print Text Only View/Print Text Only
August 28, 2014 Headlines No Comments

News 8/29/14

August 28, 2014 News 1 Comment

Top News

image

Apple updates its privacy policy to prohibit companies whose apps connect to its HealthKit platform from selling user data to marketing firms. The change comes just ahead of the expected announcement of new health-related iOS 8 capabilities, including Apple’s Health app. Deborah Peel, MD of Patient Privacy Rights reacted to the announcement by saying, “If Apple is really doing this, if they’re really saying to developers that you can only use the data for the specific purpose that app provides the user and that they can not share the data with anyone else without informed consent, that is the victory of victories. That’s what we’re seeking from all of the 100,000 of the companies that are now selling health data.”


Reader Comments

image

From Aruba Layoffs: “Re: Aruba Networks. Many talented people let go as healthcare technology spending is way down.” Wireless networking vendor Aruba isn’t healthcare specific. Both its revenue and earnings announced this week beat expectations, revenue is growing at 30 percent annually, and share price matches the Nasdaq at 25 percent growth in the past year. The company is, however, laying off 65 employees and moving 75 jobs to Oregon, India, and Ireland, but it sounds like that’s related to shifting resources to less-expensive locations rather than because of financial problems.

image

From Stephanie Reel: “Re: Star-Spangled Spectacular. I wonder if your readers would be interested in something that has everything to do with our nation, but nothing to do with our industry?” Baltimore celebrates the 200th anniversary of the National Anthem — written as Francis Scott Key observed the British bombardment of Baltimore’s Fort McHenry — with a week-long celebration September 10-16. It features visiting ships, a Blue Angels air show, a concert (Kristin Chenoweth, Melissa Etheridge, Denyce Graves-Montgomery, Kenny Rogers, Train, and the Baltimore Symphony Orchestra), festival villages, and of course fireworks. Stephanie is CIO for Johns Hopkins University and Hopkins Medicine – both campuses are worth a tour if you visit Baltimore for the celebration. You can bring the kids and take short side trips from the Inner Harbor to DC and Lancaster, PA along with seeing the Orioles play the Yankees that week.

image

From Jimmy John: “Re: HIPPA. I thought you would enjoy this magazine’s misspelling.” At least they were inconsistent from one line to the next amidst the click-baiting headlines – 50 percent right is better than none. They’re owned by HIMSS (or is that HIMMS?), as is the publication devoting 12 lazy paragraphs to a wandering, not-too-interesting story with the breathy “Generalissimo Francisco Franco is still dead tonight” style headline: “New HIPAA breach details remain vague.” The “new” breach occurred in June and details are “vague” because the reporter just cobbled together the story and quotes from wire reports.


HIStalk Announcements and Requests

image

School has started, so I sponsored some new DonorsChoose projects involving Teach for America teachers, doubling the impact of HIStalk readers since the Bill & Melinda Gates Foundation matched our contributions to fully fund them all. Teachers of DonorsChoose projects provide photos and updates, so I’ll have more later. What we as readers did:

  • Purchased headphones and whiteboards for Grades 3-5 of a highest-poverty school whose teacher is urging her students to take ownership of their education, accept leadership roles, and share knowledge in groups that include peer tutoring.
  • Bought 50 library books for a high-minority, high-poverty North Carolina charter school that has 100 percent college acceptance of its seniors.
  • Provided a listening center for a highest-poverty school in southern Kentucky, whose energetic English teacher is struggling with ninth graders who haven’t read a book in years, some of whom have learning limitations.
  • Bought six bilingual picture dictionaries for a middle school class of a highest-poverty school in New Orleans, whose large population of new students from Central America are working hard to learn English.

Meanwhile, I heard today from the teacher of a high school engineering class for which we bought a 3-D printer. He says he has had to redesign his lesson plans and projects for the better, the number of students in his classes has doubled, and he makes them think about, “How would you model that in the Replicator? What medium should we use?” He taught students the importance of scale and precision by having them create an iPhone case. He says, “I am overwhelmed with requests from the students about what is in the printing queue.”

This week on HIStalk Practice: Dr. Gregg shares a humorous take on voice recognition and “otto collect.” McGree Medical goes live on Epic’s Community Care EHR. HealthSpot prepares to install 100 telemedicine kiosks. Walgreens implements Greenway’s EHR in over 8,200 pharmacies. South Florida Medicine Director of PM Alyson Tiedeman shares her thoughts on managing IT across a large medical group. CarePoint Health System goes with eClinicalWorks for its medical practices. Results are in from the annual HIStalk Practice Reader’s Survey. Thanks for reading.

This week on HIStalk Connect: Dr. Travis discusses health IT IPOs and speculates who the next batch of likely contenders might be. Peer60 analyzes the patient portal market and the varying levels of success health systems are having with each vendor’s offering. Skullcandy partners with USC to host a digital health innovation contest focused on encouraging development efforts at the cross section of health IT and music.


Webinars

September 4 (Thursday) 2:00 p.m. ET. MU2 Veterans Speak Out: Implementing Direct Secure Messaging for Success. Presented by DataMotion. Moderator: Mr. HIStalk. Panelists: Darby Buroker, executive director of health information exchange, Steward Health Care; Anne Lara, EdD, RN, CIO, Union Hospital of Cecil County, MD; Andy Nieto, health IT strategist, DataMotion; Mat Osmanski, senior application analyst, Steward Health Care; Bill Winn, PhD, Meaningful Use service line executive, Navin, Haffty & Associates. Panelists will discuss the strategy and tactics of meeting the transitions of care requirements for MU2, including assembling the team, implementing Direct Secure Messaging, getting providers on board, and reporting results.

September 11 (Thursday) 1:00 p.m.ET. Electronic Health Record Divorce Rates on the Rise — The Four Factors that Predict Long-term Success. Presented by The Breakaway Group, A Xerox Company. Presenters: Heather Haugen, PhD, CEO and managing director, The Breakaway Group, A Xerox Company; Bill Rieger, CIO, Flagler Hospital, St. Augustine, FL. Many users are considering divorcing their EHR as dissatisfaction increases. Many are spending 90 percent of their time and resources on the wedding  (the go-live) instead of the long-term commitment to new workflows, communication, education, and care outcomes (the marriage). Hear more about the findings of research published in “Beyond Implementation: A Prescription for Lasting EMR Adoption” about EHR adoption and success factors.  Registrants get a free electronic or paper copy of the book.

Encore did a great webinar Wednesday on “Enterprise Data – Tapping Your Most Critical Asset for Survival” that some registrants couldn’t view because of a GoToWebinar problem in its latest code update. You can watch it above or on YouTube. Jonathan Velez, MD (CMIO – Hartford HealthCare) and Randy Thomas (Encore) did a nice job and filled the 40 minutes with solid information.

Meanwhile, here’s a case study on how to be a crappy software vendor like GoToWebinar, owned by Citrix:

  • Don’t QA your new releases. Instead, outsource QA to your customers and then just roll them back to pre-broken versions when they call in problems.
  • Don’t notify customers of known problems, especially those that affect critical processes like viewing and recording webinars. Admitting failure will shake their confidence.
  • Instruct your support reps to quickly tell callers that their problem is a known issue. Everybody loves to hear it’s not just them.
  • Keep support callers on hold when they call the high-priority service number and play annoying messages throughout telling them how great support will be once they get through. This heightens their anticipation.
  • Propose illogical solutions, such as restarting a webinar already underway even though that would prevent anyone from seeing it. The support engineer will seem more skilled since no non-engineer would propose a similarly out-of-touch solution.
  • Ask customers to trust you in rolling back to old code versions, even when they have no way to verify that the change works (unless they have 100 friends willing to hop on an impromptu webinar to see if they can get in). You trust them to pay their bills, so the should trust you to release pretty good code.
  • Just give up, as did the person from Citrix who told me apologetically, “Maybe it’s time for you to find a new webinar provider.” This reverse psychology will make them want you even more.

I apologize if GTW’s bug locked you out of Wednesday’s webinar. The video above is perfect and worth watching.


Acquisitions, Funding, Business, and Stock

image

Craneware acquires Scottish patient access mobile systems vendor Kestros Limited, which has been selling primarily to NHS Trusts.

image

September 10 is a critical day for Castlight Health and its tanking share price: the lockup period ends and the pre-IPO shareholders will be able to sell up to 76 million shares, which closed at around $40 on IPO day in March but are now trading at less than $12. That’s a 70 percent haircut, but the company still has a $1 billion market cap on less than $30 million in annual revenue and huge losses. Maybe co-founder Todd Park can swing by on his new West Coast White House gig and apply Healthcare.gov-like CPR.


Sales

image

Robert Wood Johnson Health System (NJ) expands its relationship with NTT Data in selecting its Optimum RCM suite.

image

Kaweah Delta Health Care District chooses Access for electronic forms and patient signatures.

image

Marshfield Clinic (WI) standardizes on Client Outlook’s eUnity university image viewer and collaboration tool for its homegrown CattailsMD EHR.

image

Georgia Regents Health System (Augusta, GA-based GRHealth) signs a $400 million agreement to turn over its IT operation to Cerner, which it says will save it 15 percent of its operating costs annually and make its annual expense predictable. GRHealth operates Georgia Regents Medical Center and Children’s Hospital of Georgia. The system says all 132 employees will receive offer letters from Cerner. Cerner became interested in the arrangement last year when the system signed a $300 million clinical technology partnership agreement with Philips, indicating along with the Siemens acquisition that Cerner sees a future in merging IT systems with clinical monitoring.

Sunquest will expand its relationship with private pathology lab CellNetix to work on anatomic pathology workflow solutions.


People

image

Boston Software Systems promotes Steve Cohen to COO.

image

David Watson (Oracle) will be named CEO of the new California Integrated Data Exchange (Cal INDEX).


Announcements and Implementations

Walgreens completes the rollout of its Greenway Health EHR to all of its 8,200 locations, allowing its pharmacists to counsel patients and provide immunization and testing recommendations.

Aspirus Wausau Hospital (WI) announces an OR digital integration project that will feature a centralized OR hub equipped with touch-screen monitors that can display images from all devices and modalities. It will use Brainlab’s Buzz digital OR.

image

Sentry Data Systems announces its 340B Technology Backbone to help pharmacies manage their 340B drug purchasing programs.


Government and Politics

image

Bloomberg reports that Google executive Megan Smith is the top candidate to replace Todd Park as US CTO. Smith’s background is the Google X skunkworks lab, so unlike her predecessors Aneesh Chopra and Park, she has no healthcare experience. She is married to re/code technical reporter Kara Swisher, although they are separated.

image

Meanwhile, the White House confirms that CTO Todd Park will continue working for the White House after returning home to California, recruiting technical talent for government work in a new role of technical advisor.  President Obama said in a statement, “From launching the Presidential Innovation Fellows program, to opening up troves of government data to the public, to helping spearhead the successful turnaround of HealthCare.gov, Todd has been, and will continue to be, a key member of my Administration. I thank Todd for his service as my Chief Technology Officer, and look forward to his continuing to help us deploy the best people and ideas from the tech community in service of the American people.”


Innovation and Research

XPRIZE names the 10 finalists competing for its $10 million Qualcomm Tricorder XPRIZE: Aezon (US), CloudDX (Canada), Danvantri (India), DMI (US), Dynamic Biomarkers Group (China), Final Frontier Medical Devices (US), MESI Simplifying diagnostics (Slovenia), Scanadu (US), ScaNurse (England), and zensor (Ireland.)

image

President Obama will champion ElectRx, a $79 million, five-year DARPA-run project to implant computer chips in troops and veterans to promote faster healing. The program’s manager describes it as “a closed-loop system that would work in concept like a tiny, intelligent pacemaker” to assess conditions and send electrical stimulation to induce healing. A related effort will detect mood changes associated with PTSD. I don’t know how they’ll deal with FDA approval.

Speaking at the American Legion National Convention in Charlotte, NC, President Obama said,

So we’re going to keep at this until we end this backlog once and for all. And as we do, we’re going to keep working to liberate you from those mountains of paper. We’ve got to move towards a paperless system — electronic health records that our troops and veterans can keep for life, and that could cut down on some of the bureaucratic red tape so that you’re getting the benefits that you’ve earned a little bit faster. 


Technology

Korea-based medical wearables startup Ybrain raises $3.5 million in a Series A round. Its product isn’t the usual fitness tracker: the US-educated team has developed an electrical stimulation device that it says can combat the effects of Alzheimer’s when used at home for 30 minutes per day, five days per week. The company hopes to launch its service in early 2015.

image

Apple co-founder Steve Wozniak says he expects the company to create a market for wearables starting with upcoming announcements on September 9 that will likely include the iWatch. He says he expects fitness monitors to be involved and maybe an EKG display at some point, but in the mean time, he’s not a fan of the category:

I feel that wearables are a hard sell. They are go-betweens for your smartphone but are an extra piece and need special advantages that the smartphone doesn’t have, in my opinion. If they are just a Bluetooth go-between then it could wind up in the category of Bluetooth headsets: Fun to wear and show off for a day.

image

Discover magazine highlights three projects that owners of 3-D printers can perform to help people in need. Among them: use downloadable designs to print and assemble a prosthetic hand for someone who needs one, requiring around $50 in parts and 8-14 hours of printer time. The first e-NABLE conference will be held at The Johns Hopkins Hospital (MD) on September 28.

image image

More on 3-D printing: in the UK, 12 NHS trusts are using 3-D printers to test implants before surgery to reduce cost and OR time, including bones for facial reconstruction surgery, hip replacements, and forearms. In China, surgeons implant a 3-D-printed vertebra in the spine of a 12-year-old cancer patient.


Other

Sharp HealthCare (CA) becomes the tenth of the 32 Pioneer ACOs to drop out of the program, saying that local wages rose 8.2 percent in San Diego but the Pioneer model doesn’t adjust payments accordingly.

image

Drug maker Bayer starts a healthcare accelerator for Europe-based companies, offering a 3.5-month program of mentoring, free office space in Berlin, and around $65,000 financial support, taking as much of 10 percent equity in return. The five startups chosen from 70 applicants are Cortrium (a device that measures temperature, activity, respiration rate, and EKG); PharmaAssistant (medication reminders via smartphone); Parica (vital signs analysis); FabUlyzer (measuring fat burned after exercise); and Cardimoni (checks heart rate and rhythm).

AMIA’s annual meeting will be held November 15-19 in Washington, DC. The early bird member registration fee of $795 ended Thursday, August 28, but it’s still discounted to $895 through October 23 (then $995). Keynotes will be Amy Abernethy, MD, PhD of Flatiron Health (I interviewed her last month) and National Coordinator Karen DeSalvo, MD, MPH, MSc. Ross Martin, MD will head up the talent show, which will provide a musically equipped stage and a house band for participants, who need only bring “additional instruments, props, and groupies.”

image

Cisco CEO John Chambers says the US and other developed countries will go bankrupt if they don’t fix their healthcare systems, adding that technology has a key role (although he seems to pay little attention to the caregivers on the other end of it):

The first thing that will happen is all devices on our bodies, in hospitals and in our homes will be connected. The second technological advance is video, which is the way people will prefer to communicate in the future. Video can connect any health care professional to any patient and to any specialist, all at tremendous speeds. You’ll be able to receive medical expertise 24/7. Health care applications will combine the technologies of cloud and big data, whether in the hospital or in your home. Video allows a different level of collaboration, and it offers security and privacy from your home. This is the Internet of Everything … in a typical hospital, there are nine to 15 different applications that were never designed to share information with each other. And without a common medical record that has the appropriate security and privacy built into it, moving data from one application to another is difficult …  The end game should be connecting any patient to the best healthcare professionals in the world at any time, using video-driven, low-cost technology.

Greenway Health CEO Tee Green accepts his Ice Bucket Challenge, offering to make a donation to ALS Association for every employee who sends him a video of themselves doing the same.

Weird News Andy asks if Oompa Loompas were vegetarians because he never found them attractive: a study (of questionable scientific validity) finds that the healthy skin glow of people who eat high-carotenoid vegetables is more attractive than a suntan.


Sponsor Updates

  • Kyle Silvestro of SyTrue will participate in a panel discussion titled “How Cloud Based Solutions Allow for Improved Coordination of Care and Patient Satisfaction While Reducing Overall Costs of Billing”at the Radiology Business Management’s fall conference October 19-21 in Seattle.
  • GetWellNetwork CEO Michael O’Neil will facilitate a breakout session, “Interactive Patient Engagement and Activation Workshop: What’s in a Number?” and will present “ePatient Entrepreneur Story” at the Stanford Medicine X conference on September 4.
  • Craneware announces the appointment of Russ Rudish (Deloitte Touche Tohmatsu) to its board as non-executive director.
  • Emdeon launches its co-pay assistance program for retail pharmacies, Emdeon Easy Save.
  • AirWatch renovates and expands its former headquarters.
  • TeleTracking Technologies will launch multiple solutions at its client conference October 26-29 in Florida.
  • Sentry Data Systems shares how a Rand report clarifies the 340B program impact and provides steps to ensure its longevity.
  • NextGen announces that its ambulatory EHR V 5.8.1 has earned 2014 ONC HIT Cancer Registry Certification.

EPtalk by Dr. Jayne

Recent research at the University of Michigan finds that patients with low literacy and low comprehension of numerical concepts are less able to understand online lab results. The Internet survey of 1,800 adult patients looked at simulated diabetes results and whether patients understood if labs were within or outside of reference ranges. Less literate patients were also less able to determine when they should call their doctor, based on the data.

Researcher Brian Zikmund-Fisher is quoted as saying, “We can spend all the money we want making sure that patients have access to their test results, but it won’t matter if they don’t know what to do with them.” At the other end of the spectrum, over three-quarters of patients with higher literacy skills could identify levels outside the reference range. He goes on to state the need for more research on the best ways to display lab data.

When we first started releasing lab results directly to patients, our physicians voiced concerns. Physicians wanted to hold the results until they could put a comment with them, as they had done in the paper world. Many of our physicians would mail the patient a copy of the test results with a handwritten “OK” or “great” or “double your Lipitor and see me for fasting labs in six weeks.” Our administration overruled the physicians.

Initially we received more phone calls about labs. Most physicians changed their behavior to start counseling patients about potential lab results at the time they were ordered or drawn to reduce the potential for calls.

That approach is fine when you’re counseling a patient on an existing diagnosis or if the labs in question are “maintenance” labs, although it adds a new dynamic to the visit that we don’t always have time for. Looking at other scenarios, I don’t think it’s the best approach when you’re dealing with a new diagnosis, particularly if it’s an emotionally charged one such as cancer or other potentially fatal conditions. I’d like to at least get to those patients on the phone first before they see the results on the patient portal.

Our results release in real time, so it puts the physicians in the position of “stalking” lab results in the evening and over the weekend, then frantically trying to get in touch with patients before they log on. An uncertain diagnosis is certainly stressful for the patient, but it also weighs heavily on the physician. Adding time pressure isn’t optimal for anyone, especially if the physician needs to consult with other members of the care team prior to talking with the patient.

clip_image002

National Health IT Week is almost upon us again, with the goal of raising “awareness of Health Information Technology’s power to improve the health and health care of patients across the nation.” When IT solutions are used to transform care and improve quality it can be a powerful thing, but when tools are employed without goals, accountability, or governance, it doesn’t make the world a better place. There are key themes for each day of the week:

  • Patient Engagement
  • Advancing Interoperability Through Meaningful Use
  • Advancing Interoperability Across the Care Continuum – Beyond
  • Advancing Interoperability Through Standards
  • Clinical Quality & Safety

I couldn’t help but notice that quality and safety are last on the list. I’m going to give ONC the benefit of the doubt and assume that they are building the week towards the most important aspect, but if that’s true, then it puts patient engagement towards the bottom.

Why do we seem to revere the means more than the ends? Email me.


Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

 

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
August 28, 2014 News 1 Comment

Morning Headlines 8/28/14

August 28, 2014 Headlines No Comments

Medtronic Buys NGC Medical To Expand Hospital-Services Offerings

Medtronic acquires Italian-based hospital services firm NGC Medical for $350 million. NGC Medical will be integrated into Medtronic’s hospital managed-services business.

Federal auditors sought documents related to troubled Md. health exchange launch

Auditos from HHS’s Office of the Inspector General are investigating the now fired Noridian Healthcare Solutions over fraud allegations surrounding the failed health insurance exchange it was contracted to develop for Maryland.

NIH issues finalized policy on genomic data sharing

The National Institutes of Health issues its final policy on genomic data sharing. The new policy will apply to all NIH-funded projects that generate genetic data.

Twitter helps Chicago find sources of food poisoning

Health officials within the Chicago Department of Public Health are using aggregated Twitter feed data to identify restaurants causing food poisoning in the city.

View/Print Text Only View/Print Text Only
August 28, 2014 Headlines No Comments

Morning Headlines 8/27/14

August 27, 2014 Headlines 1 Comment

DoD Takes Next Step in Modernizing Electronic Health Records

The Defense Department issues an $11 billion RFP for its next generation EHR. The RFP calls for initial field testing by the end of 2016.

There’s finally someone in charge of HealthCare.gov

CMS names Kevin Counihan to the newly created CEO of Healthcare.gov position. Counihan was previously the chief executive of Connecticut’s largely successful health insurance exchange.

VA Takes Next Step to Modernize Scheduling System

The VA announces that it will issue an RFP for a new medical appointment scheduling system by the end of September, one of many corrective actions being put in place following the VA’s recent off-the-books scheduling scandal.

In Indiana, state government tries using big data project to reduce infant mortality

Indiana will spend $9.1 million to implement SAP’s data analytics platform with goals of reducing its infant mortality rate from 7.7 to 6.89 deaths per 1,000 births.

View/Print Text Only View/Print Text Only
August 27, 2014 Headlines 1 Comment

News 8/27/14

August 26, 2014 News 10 Comments

Top News

image

image

The Department of Defense issues an RFP for its $11 billion EHR replacement. Dim-Sum brought up a great point in our conversation the other day: the government requires that a significant chunk of the bid be awarded to companies owned by women, minorities, and veterans. That means a lot of companies beyond the winning primary contractor and EHR vendor will earn business. Stay tuned for Dim-Sum’s September 18 HIStalk webinar. I didn’t think of it until this minute, but I bet he could provide a good overview of how to do business with the DoD – that would give small players time to get their ducks in a row.


Reader Comments

From Medwreck: “Re: cloud. I’m on a life sciences panel for an upcoming cloud-based content management software conference. Will all healthcare hosting and apps go the way of the cloud at some point?” Yes, for the most part. Data center operation isn’t the core competency of providers, security challenges are exceeding local resource capabilities, access to bandwidth is nearly universal, and cloud providers can offer higher reliability and recoverability. Assuming the price point is comparable or favorable and the cloud provider offers solid service levels, it makes no sense for providers to run data centers, just as it makes no sense for them to run electrical generators or wells when electric and water companies can do it better and with the higher efficiency that specialization brings once the grid has been established. The exceptions will be applications from small vendors that don’t offer them via the cloud or charge excessively for that option, which won’t be the case for long because they’ll be out of business. 


HIStalk Announcements and Requests

image

The CHS Heartbleed-related breach is getting a lot of interest. I’m putting HIStalk Advisory Panel reactions together for a post next week since I suspect many hospital IT people are scrambling to explain what it means to their peers. Please add your thoughts here if you work for a hospital.

Listening: masterful early 1970s progressive rock from Peter Gabriel-led Genesis (Phil Collins was just drumming in overalls then – it was later he moved out front to lead the band to bubblegumdom) and the even more talented but criminally underappreciated Gentle Giant and the brilliant Kansas. Forty-year-old music shouldn’t sound this good and the now-balding and rotund 64-year-old Gabriel shouldn’t  have been quite so androgynously attractive in video from his early 20s.


Webinars

August 27 (Wednesday) 1:00 p.m. ET. Enterprise Data – Tapping Your Most Critical Asset for Survival. Presented by Encore, A Quintiles Company. Presenters: Jonathan Velez, MD, FACEP, CMIO, Hartford Healthcare; Randy Thomas, Associate Partner, Encore, A Quintiles Company. This first of a webinar series called “It’s All About the Data” will describe the capabilities provider organizations need to become data driven. The presenters will provide an overview of the critical role of an enterprise data strategy, creating the right data from source systems beginning with implementation, real-world data governance, how to avoid “boiling the ocean” with an enterprise data warehouse, and the role of performance feedback to transform analytics insights into improved outcomes and efficiencies.

September 4 (Thursday) 2:00 p.m. ET. MU2 Veterans Speak Out: Implementing Direct Secure Messaging for Success. Presented by DataMotion. Moderator: Mr. HIStalk. Panelists: Darby Buroker, executive director of health information exchange, Steward Health Care; Anne Lara, EdD, RN, CIO, Union Hospital of Cecil County, MD; Andy Nieto, health IT strategist, DataMotion; Mat Osmanski, senior application analyst, Steward Health Care; Bill Winn, PhD, Meaningful Use service line executive, Navin, Haffty & Associates. Panelists will discuss the strategy and tactics of meeting the transitions of care requirements for MU2, including assembling the team, implementing Direct Secure Messaging, getting providers on board, and reporting results.  

September 11 (Thursday) 1:00 p.m.ET. Electronic Health Record Divorce Rates on the Rise — The Four Factors that Predict Long-term Success. Presented by The Breakaway Group, A Xerox Company. Presenters: Heather Haugen, PhD, CEO and managing director, The Breakaway Group, A Xerox Company; Bill Rieger, CIO, Flagler Hospital, St. Augustine, FL. Many users are considering divorcing their EHR as dissatisfaction increases. Many are spending 90 percent of their time and resources on the wedding  (the go-live) instead of the long-term commitment to new workflows, communication, education, and care outcomes (the marriage). Hear more about the findings of research published in “Beyond Implementation: A Prescription for Lasting EMR Adoption” about EHR adoption and success factors.  Registrants get a free electronic or paper copy of the book.

The Breakaway Group created this fun intro to their September 11 webinar.


Acquisitions, Funding, Business, and Stock

image

image

Premier, Inc. reports Q4 results: revenue up 17 percent, adjusted EPS $0.34 vs. $0.29.  The company also announced that it will acquired Raleigh, NC-based supply chain analytics vendor Aperek for $48.5 million. It’s Premier’s third acquisition so far this year and the announcement hinted at more to come, which CEO Susan DeVore suggested when I interviewed her last month.

image

AirStrip raises $25 million in funding. New investors include The Gary and Mary West Health Investment Fund, Leerink Partners, and AirStrip customers Dignity Health and St. Joseph Health.

image

Visage Imaging’s parent company, Australia-based Pro Medicus Limited, discusses FY2014 results.

image

Sunquest owner Roper Industries announces two medical acquisitions: Strategic Healthcare Programs (post-acute care analytics) and Innovative Product Achievements (surgical scrub dispensing). 

image

Columbia City, IN-based supply chain software vendor Solstice Medical secures $2.5 million in funding, $1 million of that from a state investment program for potentially high-growth businesses.


Sales

7-3-2012 10-22-02 PM

Greater Hudson Valley Health System (NY) chooses Strata Decision’s StrataJazz for complete financials.

image

Baptist Health (FL) selects Explorys for analytics.

image

Flagler Hospital (FL) chooses MModal for speech-driven clinical documentation.

Integrated Health Network (NJ) selects eClinicalWorks EHR and population health management for its 45 practices.

North Carolina Pediatric Associates will deploy NextGen Ambulatory EHR, PM, and patient portal.


People

image

UPMC EVP/CIO Dan Drawbaugh will resign after 30 years with the health system to pursue unspecified other professional interests. SVP Ed McCallister will serve as interim CIO. Drawbaugh was one of the highest-paid non-profit CIOs in the country, earning $1.6 million in 2012.

image

Emanuel Medical Center (GA) promotes David Flanders from CIO to COO.

image

CMS names Kevin Counihan (Access Health CT) to the newly created position of CEO of Healthcare.gov. Connecticut’s exchange, built with minimal functionality to meet ambitious deadlines, was one of few state-developed exchanges that worked, to the point that other states with overly ambitious visions and questionable contractors asked it for help. Earlier this week, when asked if the federal government would benefit from Connecticut selling its services to other states, he said:

I think this idea about trying to keep things as efficient and cheap as possible, and simple as possible, has a lot of value whether it’s to a state or to the federal government. And, as I said, I just believe that this is about simplicity and ease in doing everything that either the states or the feds can do to make a complex purchasing decision easy as possible. If there’s opportunities within something that a state has, like Connecticut, I think the feds have to look at it.


Announcements and Implementations

image

Philips introduces its Lifeline smartphone-based medical alert app for seniors. I didn’t realize that Framingham, MA-based Lifeline Systems was founded in 1972 by a Duke gerontologist on sabbatical, was bought by Philips in 2006 for $750 million, and is now the number one medical alert service with 7 million subscribers.

The NextGen Share HISP solution earns DTAAP and EHNAC accreditation.

image

Caradigm will offer providers unlimited identity and access management for a single annual all-inclusive price that includes provisioning, single sign-on, and context management for an unlimited number of applications.

3M announces its Coding and Reimbursement System Plus (CRS+) coding system.

image

Lincor launches an Android-based TV system MediaLINC for education, entertainment, and clinical content delivered to hospital beds via standard HD TV sets.

Imprivata introduces enhancements to Imprivata OneSign Secure Walk-Away that include advanced 3D camera technology, video tracking, and facial recognition.


Government and Politics

image

The VA will open an RFP for a commercial patient scheduling system in September and will award a contract by the end of the year. VA CIO Stephen Warren says the agency will “acquire a commercial, off-the-shelf scheduling system,” but then oddly adds that it wants a system “tailored specifically for our Veterans.” (the VA always capitalizes “veteran” even though that’s incorrect).

A White House video profiles the first day at work of former Googler Mikey Dickerson, recently named the first administrator of the new US Digital Service under the White House CTO (the departing Todd Park is prominent in the video, sitting beside President Obama). Dickerson also helped revive Healthcare.gov. The government modeled the service after a similar UK one, but skeptics say a lack of clout will probably hamper this effort like it did a couple of previous open government initiatives that everyone has forgotten. Dickerson seems sufficiently nerdy, although working for the White House isn’t nearly as lucrative as banking Google stock options and DC is a very long way from the Silicon Valley. The President brags on camera about the small-team success with Healthcare.gov, not mentioning that its development was the exact opposite with pathetic CMS oversight, political meddling, and poor contracting practices — Todd Park wasn’t brought in until it blew up. It’s a fun video even if it propaganda for a White House program that probably will amount to very little (pardon the redundancy).

image

A New York Times article exposes Medicare’s nursing home rating as irrelevant, where plush amenities and unaudited self-reported statistics earn high marks for clinically dangerous facilities that have figured out how to game the system. One five-star home was fined the maximum state penalty after a killing a patient in a medication error and despite having twice the average number of consumer complaints and a dozen lawsuits from patients and families. In that facility, residents are often housed three to a room, quality employees are in short supply, and basic supplies are scarce. According to one resident, “If I fell down, they’d pick me up, but that’s about it.” Two-thirds of the 50 homes on a federal watch list for quality still have four- or five-star ratings due to their self-reported staffing and quality numbers.

image

Tuesday’s HITPC interoperability Workgroup Governance Subgroup suggests five problems (above) that ONC should address through policies or programs. Overall barriers for the quantity of information exchanged were named in responses (a) lack of a national provider directory; (b) inconsistent data sharing laws; (c) DirectTrust accreditation is not universal and is not inexpensive; (d) lack of a common trust bundle for HISPs; and (e) inconsistent data matching methods.

image

Former FDA Commissioner Andrew von Eschenbach says the agency is holding back innovation by requiring too much red tape for conditional drug approval and by not recognizing the possible benefits of drugs combined with medical devices or diagnostic tests. He also advocates using EHR data along with specific molecular patient characteristics to streamline pre-market testing and post-market surveillance.


Innovation and Research


An Indiegogo campaign for The Defender rape defense system raises far more than its $100,000 goal. It sprays pepper spray, takes a photo of the assailant, connects with a 24-hour response center, and sets off an alarm and flashing light.

image

Tennis ball boys at the US Open will wear Ralph Lauren’s Polo Tech Smart Shirt for testing as the company plans for a spring retail rollout. An accelerometer, gyroscope, and heart rate monitor are embedded in the shirt, with wires woven into the shirt’s fabric serving feeding them information.


Technology

MOVEO Foundation, which advocates for the use of virtual reality in surgical training, creates a video showing the use of the Facebook-owned Oculus Rift during surgery.

image

Microsoft claims at a partner conference that several hundred customers have switched from Google Apps to Office 365, displaying a slide of 15 organizations that include University of Colorado Health. Google researched those 15 and found quite a bit of Microsoft inaccuracy, including its listing of UC Health, which had never been a paid Google Apps user. University of Colorado Boulder uses Google Apps exclusively for students and is considering moving faculty to it. I’ll say this: I use Gmail and hate it and the entire Google Apps suite, vastly preferring Office 365 to Google’s ugly, quirky, minimally maintained, and unreliable apps. I use Gmail mostly to read other hosted email accounts, so I should probably just move to Outlook since it now appears to have a web client that doesn’t require a locally maintained Exchange server.


Other

Ice Bucket Challenges have jumped the shark, but are still fun to watch when it’s someone you know. Here is Matt Hawkins of Sunquest, calling out Tee Green of Greenway Health to ice up (or is that ice down?)

Health Affairs offers a short-term solution for the seemingly random pricing of the same test and procedure at different hospitals: cap payments at 125 percent of the price Medicare pays since that price is already adjusted by local cost of living. Then, they say it’s time to dump the AMA-supervised committee (RUC) of mostly specialists who set Medicare prices, which not surprisingly recommends paying more for procedures like they perform and less for primary care and prevention. Not many industries would let a trade group set government-paid prices.

A security expert analyzing the healthcare breaches such as that experienced by Community Health Systems says the suspected China-based group seems to be most interested in stealing oncology data, either to create knockoff chemo drugs or to try to address China’s cancer problems. Patients have already started filing class action lawsuits against the chain. Meanwhile, in more of an old-school breach, ProPublica uncovers the illegally hushed and still-unreported case in which an unvetted Chinese national was hired in 2007 to work in the Arizona Counter Terrorism Information Center and is believed to have returned to Beijing that year with the personal information of 5 million Arizona drivers. Lastly (for today anyway) the Chinese government announces plans to develop an operating system to eventually replace Windows, Android, and iOS.

image

The information of 595 patients of Steward-owned St. Elizabeth’s Medical Center (MA) is exposed when the personal laptop and thumb drive of a formerly employed physician are stolen from his home. Hospital policy prohibits storing PHI on personal devices. Neither were encrypted.

image

Greenville Health System (SC) will issue $91 million in bonds, with the proceeds partially used to pay $97 million in Epic implementation costs.

A New Jersey paper describes how for-profit hospital operators turn facilities around (note that IT isn’t on their list, for-profit hospitals being minimally interested in technology outside of the billing area in my experience):

  • Buy struggling or bankrupt hospitals cheap.
  • Hire well-connected political influencers to get the deal approved.
  • Sell the property to investors and lease it back.
  • Lay off employees, cut staffing, and use more per-diem workers, especially if buying a bankrupt hospital where union contracts can be renegotiated.
  • Squeeze vendors using corporate leverage.
  • Streamline and standardize care to get patients out the door faster.
  • Cut executive positions and salaries.
  • Improve billing and collections.

image

Fitness tracker Jawbone collects the sleep tracking data of its users (Quantified Someone Else?) and creates this analysis of the Napa earthquake, in which it could even tell how many users were awakened by tremors and didn’t go back to sleep that night. They could probably perform some interesting sexual metrics.

image

I was thinking about this on a plane recently when the guy in front of me kneecapped me by reclining his seat hard even before takeoff. An altercation between two United passengers forces the flight to divert for an unscheduled landing at O’Hare when a male passenger uses the banned Knee Defender gadget to block the seat in front of him from reclining so he can use his laptop, causing the angry woman in the seat to throw water on him. The irony is that both passengers were in extra-room seats. I can’t blame the guy – I’ve had my laptop screen jammed and nearly broken when the person in front of me decided to recline, which squeezed the laptop under the tray table latch.


Sponsor Updates

  • Nuance announces that users of its PowerShare Network have shared 3 billion medical images, with the number growing 30 percent per year.
  • PerfectServe announces the formation of its customer advisory panel.
  • Also making the Inc. 5000 list run here earlier is Direct Recruiters, Inc.
  • Wellcentive releases its 2014 PQRS application.
  • The World Economic Forum announces the selection of Health Catalyst as one of 24 global Technology Pioneers.
  • Versus discusses the hospital’s responsibility to prevent violence against healthcare workers.
  • Administrative Eyecare Magazine features Versus Technology client Key-Whitman Eye Center for its use of RTLS to increase patient volume while reducing wait times.
  • The Advisory Board Company recognizes four healthcare organizations for RCM improvements up to $8.2 million.
  • CareTech Solutions presents a case study titled “Maximize Uptime with Stretched Clusters” at VMworld 2014 this week in San Francisco.
  • Beacon Partners offers seven ways organizations can protect themselves against hackers.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

 

125x125_2nd_Circle

View/Print Text Only View/Print Text Only
August 26, 2014 News 10 Comments

Founding Sponsors


 

Subscribe to Updates

   

Search


Loading

Tweets

Report News and Rumors

No title

Anonymous online form
E-mail
Rumor line: 801.HIT.NEWS

Archives

Sponsor Quick Links

7ads6x98y

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Follow

Reader Comments

  • Anne, RN: UIowa isn't the only Davies Award recipient. Also winning: Truman Medical Center in KC - Cerner Lakeland in Michigan ...
  • geetha: We are a solopractice and had eCW for only a yr. Thank god we switched to athena, which is fabulous and does everythin...
  • David McCallie: Re: CommonWell and Sam Lawrence's questions, Sam, the full specifications of CommonWell's services (and use-cases ) a...
  • meltoots: CMS can extend all the deadlines for MU2 and all the overlapping overly complex programs (PQRS, VBM, etc) they want, but...
  • richie: “One of our most important obligations to the American people is to report information and data accurately,” HHS Se...

Text Ads