Recent Articles:

EPtalk by Dr. Jayne 3/16/17

March 16, 2017 Dr. Jayne No Comments


It’s been a whirlwind of a week with two more trips to the hospital, one planned and one not. Long story short, though, I’m back in the air and off to see clients, which is a good feeling.

I’m also headed somewhere warmer than my current snowy state, which is definitely something to look forward to. Many of my spring plants were up or blooming when the snow hit, so the garden will have a bit of a setback this year. I’m just glad I’m not traveling to central Florida, where CNN reports that a cobra escaped captivity and is now in the wild.

In follow-up to my post about having a partial EHR outage this weekend, the vendor never did send an update about the situation. We also had an outage today of the patient portal, and again after 12+ hours, no follow up. If they’re not going to follow up, their emails shouldn’t say they will send follow-up emails as further information becomes available.

In healthcare IT, we tend to think about our work within the contexts of inpatient vs. post-acute vs. ambulatory vs. community vs. population health, etc. As humans begin to spend more time in space, that’s going to be the next frontier of healthcare IT. NPR recently reported on microbiologist/astronaut Kate Rubins, who was the first person to sequence DNA in space. I was interested to learn about the microbiome of the International Space Station, something you don’t hear about much but that opens the door for some unique research activities.

In other news scientists in China have completed gene editing on viable human embryos using the CRISPR technique. Although the study was small and the results were not perfect, they were promising. Gene editing could reduce the incidence of heritable diseases, but we have a lot to learn about the technique, impact, and ethics of doing so.

I’ve certainly got genetics on the mind following my consultation with the genetic counselor earlier this week. Although she didn’t give me the initial speech about the science of genetics, I appreciated that she didn’t assume that I had done a ton of research or had preconceived notions about what we were talking about. We talked about my specific concerns based on family history as well as what kinds of testing are available and the ramifications of having positive testing.

Although the Genetic Information Nondiscrimination Act of 2008 restricts the use of genetic data in health insurance and employment issues, it doesn’t prevent issues with the underwriting process when you’re talking about life insurance, disability, long-term care coverage, and more. One of the first questions she had for me when we were talking about testing was whether I had addressed those types of coverage or not.

Although I’ve worked out the life insurance and disability pieces, I haven’t addressed the long-term care coverage issue. Still, I decided to go forward with the testing, but on a limited basis, looking only for a couple of specific mutations. There are plenty of panels available that test for up to 80 genes, but I’m not going to go looking for something that isn’t a concern and wouldn’t potentially change my management plan for preventive screenings.

Based on the dramatic increase in our knowledge of genetics over the last decade, we agreed it would be prudent to meet again in a couple of years and discuss whether there are new recommendations for testing someone in my situation. To answer the previous reader question, she uses panels from Myriad Genetics.

We also walked through a couple of risk models based on my family history without the genetic testing component. This is where the discussion quickly became academic, because one of my personal risk factors is considered a “borderline” risk factor in that some models consider it a risk and others don’t. When the model is run with the risk factor in place, my lifetime risk of breast cancer is pretty alarming. Without the risk factor, the risk is cut in half. Even with the diminished risk of the second model, it was enough to qualify me for a high-risk screening program, which seems like a reasonable option compared to the alternatives. We’ll have to see what my insurance thinks, however.

Being in the high-risk program at the medical center is tied to their imaging center, which of course involves hospital facility fees for the studies. In my area, though, the cost difference for a screening mammogram isn’t much more than at the independent imaging center where I had my previous studies, so I opted to get mine done at the hospital while I was there. I realized as I was getting dressed, however, that moving my care to the hospital meant giving up the “real time” reads done at the independent center. I hadn’t thought of that prior to the test, which made me wonder how many other patients might not have thought of it. It really is amazing to me how easily your reasoned clinical and analytic process can go out the door when you become the patient.

My experiences as a patient over the last few weeks have given me a better understanding of how hard we make it for patients and their caregivers and how much individual variation there really is in our healthcare system. It also made me realize that despite thinking I had a pretty solid handle on my family history, there were quite a few questions I couldn’t answer. Most patients probably don’t have as much information as I walked in there carrying and that certainly impacts the patient experience and the specificity of the counseling.

It will be a while before I get the genetic testing results back, and in the mean time, I’ll be reading up on some novel genes that the counselor mentioned may have interesting implications for my family but that aren’t being commercially tested yet.

Friday is Match Day, when thousands of medical students learn which residency programs they’ll be headed to for the next three to seven years. Good luck to everyone waiting for their envelope. And to those who didn’t match to the residency of their dreams, keep your chin up and learn all you can wherever you go.

Email Dr. Jayne.

Morning Headlines 3/16/17

March 15, 2017 Headlines No Comments

Health Insurance Marketplaces 2017 Open Enrollment Period Final Enrollment Report

CMS reports that this year’s final ACA enrollment total was 12.2 million individuals, half a million less than last year.

It’s Time to Adopt Electronic Prescriptions for Opioids

Atul Gawande, MD, MPH calls for greater use of electronic prescribing for opioid prescriptions in an Annals of Surgery article.

What Your Therapist Doesn’t Know

The Atlantic describes new algorithms being used to predict which patients are at risk of dropping out of therapy treatment.

CRISPR Could Change The World, But Right Now $90 Million Is Enough

Botox-maker Allergan will pay $90 million for exclusive rights to CRISPR-based treatments being developed by Editas Medicine that are targeting a rare form of blindness called Leber Congenital Amaurosis.

Readers Write: Data Security Comparison: Healthcare vs. Retail, Finance, and Government

March 15, 2017 Readers Write No Comments

Data Security Comparison: Healthcare vs. Retail, Finance, and Government
By Robert Lord


Robert Lord is co-founder and CEO of Protenus of Baltimore, MD.

In 2016, the healthcare industry experienced, on average, more than one health data breach per day, and these breaches resulted in 27,314,647 affected patient records. Clearly, criminals are targeting patients’ medical information with great frequency and success.

How has the healthcare industry responded to this continuing epidemic? Data suggests there is still a lot of work for healthcare organizations to do in order to improve the security of their patient data. It’s important to look closely at and analyze how healthcare organizations’ security practices and spending compare to retail, finance, and government — three industries known to have proactively advanced their security posture to protect their sensitive data.

Compared to the retail and finance industries, the state of healthcare data security is sorely lacking. Since 2015, 140 million patient records have been compromised, equating to one in three Americans experiencing their health data being inappropriately accessed. Ransomware attacks hit the healthcare industry especially hard, as 88 percent of all ransomware attacks target a healthcare organization.

Criminals are increasingly targeting healthcare because patients’ medical information is incredibly profitable on the black market and it’s more easily accessible when compared to more protected industries, such as finance. Within the finance industry, if a customer’s credit card or bank account number is stolen, that information can simply be changed, rendering it useless to the criminal. Patient data, on the other hand, is a repository of information that can be used to steal an individual’s identity – Social Security numbers, DOB, and addresses.

When combined with sensitive medical information like diagnoses, claims history, and medications, it can create the perfect storm for wreaking havoc in a patient’s life. This kind of information cannot be easily changed, and because of the lagging security in the healthcare industry, this data is incredibly easy to obtain and increasingly vulnerable to criminals’ sophisticated attacks.

There is no question that when compared to other industries, healthcare falls short when it comes to data security. A 2015 survey found that only 31 percent of healthcare organizations used extensive methods of encryption to protect sensitive data and 20 percent used no encryption at all. Another study found that 58 percent of organizations in the financial sector used encryption extensively. These results are concerning because the information healthcare organizations must protect is far more sensitive and potentially damaging than the information retail and finance organizations gather and protect even though the latter group is more proactive in keeping this information safe.

Retail and financial service organizations have more experience protecting customer data from cyber criminals.This gives them an advantage over healthcare organizations, who are relatively new to the game and whose unique security challenges require specially designed solutions. It’s past time for healthcare organizations to invest substantially in protecting patient data. Sadly, according to KPMG, this has not yet occurred at the necessary scale, as IT security spending in the healthcare industry is just 10 percent of what other industries spend on security.

Incentives exist for healthcare organizations to improve their security posture because the cost of a healthcare breach is significantly higher than in other industries. The average cost per lost or stolen record is $158 across all industries. In the retail sector, the cost is $200 per record lost or stolen. In the financial sector, the cost is $264 per record.

Compare this to the healthcare industry, where the average cost per record lost or stolen is $402, double that of the retail sector. Why are healthcare data breaches so much more expensive? In the aftermath of a breach in a heavily regulated industry like healthcare, the breached organization must conduct a forensics investigation and notify any affected patients. These organizations must also pay any HIPAA fines or penalties incurred because of failure to comply with federal or state regulations. This is in addition to legal fees, lawsuits and most importantly, the long-term brand reputation of the affected organization and lost patient revenue.

However, it’s important to note that healthcare is not the only industry to have fallen behind when it comes to data security. The US government has also struggled to institute effective data security practices. A study by SecurityScoreCard examined the security posture of 600 local, state, and federal government organizations and compared them to other industries. The study found that government organizations had some of the lowest security scores, trailing behind transportation, retail, and healthcare industries. It also found that there were 35 major data breaches of the surveyed organizations from April 2015 to April 2016.

In the summer of 2015, the Office of Personnel Management (OPM) announced that it had suffered a massive data breach. The sensitive information of over 21 million people had been stolen, including fingerprints, Social Security numbers, and sensitive health information. A report from the House Committee on Oversight and Government Reform alleged that poor security practices and inept leadership enabled hackers to steal this enormous amount of sensitive data. OPM immediately began to implement changes aimed at improving their security posture and ensure that such a future massive breach would be prevented. However, one can’t help but consider how much less damage would have been done if OPM had made these changes as a proactive data security measure instead of a reactive one.

While healthcare organizations have had their fair share of data breaches, the OPM breach must serve as a lesson to the industry. Since that incident, the government has prioritized cybersecurity and focused on finding solutions to protect our nation’s sensitive information, data, and assets. Healthcare organizations must follow suit.

Here are five things healthcare organizations can do now to improve their health data security:

  1. Frame security risk assessments as an ongoing process rather than a once-per-year event, ideally, but at the very least ensure they are done annually.
  2. Encrypt data stored in portable devices.
  3. Assess other third-party security risks.
  4. Proactively monitor patient data for inappropriate access.
  5. Educate and retrain staff on how to properly handle sensitive data.

Healthcare must make privacy and security top priorities, learning from the past, applying knowledge from other industries, and creating unique solutions specifically designed for the complicated healthcare clinical environment. This will ultimately provide healthcare organizations with the tools to keep sensitive patient information safe, maintain the organization’s brand reputation, and most importantly, increase patient trust.

Readers Write: Beyond the Buzzword: Survey Shows What EHR Optimization Means to Providers

March 15, 2017 Readers Write 3 Comments

Beyond the Buzzword: Survey Shows What EHR Optimization Means to Providers
By David Lareau


David Lareau is CEO of Medicomp Systems of Chantilly, VA.

I was intrigued by this recent KPMG CIO survey that found “EMR system optimization” was currently the top investment priority for CIOs. The survey, which was based on the responses of 112 CHIME members, revealed that over the next three years, 38 percent of the CIOs plan to spend the majority of their capital investment on EHR/EMR optimization efforts.

The key word here is “optimization,” since over 95 percent of hospitals already have an EHR/EMR, according to the Office of the National Coordinator (ONC). Given the high level of provider dissatisfaction with their EHRs/EMRs, it’s not surprising that CIOs are seeking ways to make their doctors happier with existing solutions, since starting over with a new system would require a major capital investment that few hospitals are willing or able to afford.

In the KPMG report, the authors suggested a few ways CIOs could optimize their EMRs/EHRs, including providing effective user training and making more technology available remotely and via mobile devices.

Coincidentally, at HIMSS this year, we conducted our own survey to get a better understanding of what providers find most frustrating about working in their EHR/EMR. I am the first to admit our survey wasn’t the most scientific – the primary reason that almost 700 people agreed to participate in the survey was because it allowed them to enter our drawing for a vacation cruise – but nevertheless, the results were compelling.

We asked HIMSS attendees the following question: What is most frustrating about working in your EHR? We then offered the following response choices:

  1. Relevant clinical information is hard to find
  2. Documentation takes too long
  3. Doesn’t fit into my existing workflow
  4. Negatively impacts patient encounters
  5. Doesn’t frustrate me
  6. My organization doesn’t use an EHR

A whopping 44 percent selected the response, “Documentation takes too long.” For the sake of comparison, the next-highest response was, “Relevant information is hard to find” (18 percent), followed by, “My organization doesn’t use an EHR” (13 percent).

What I glean from these results – aside from the fact that CIOs would be well served to invest in solutions that improve documentation speed – is that CIOs and other decision makers may not be focused on the right solutions.

I am a big proponent of user training, but let’s be realistic: if you have a propeller-driven airplane, it’s never going to perform like a jet aircraft. CIOs must accept that even with all the training in the world, the documentation process within some legacy EHR systems will never be significantly faster, nor will it be particularly user friendly.

Rather than investing resources in trying to teach users how to make more efficient use of an inefficient system, why not consider investing in a solution that can easily be plugged into legacy systems and give clinicians the fast documentation tools they desire? CIOs can find technologies that work in conjunction with existing EHRs to alleviate provider frustration because they work the way doctors think, do not get in their way, and do not slow them down.

The KPMG survey confirms what most of us in healthcare IT have long known: EHRs have not yet achieved their full potential, providers are weary of the inefficiencies, and more resources must be spent to optimize the original investments. As CIOs and other decision-makers consider their next steps, I encourage them to assess what they now have and look for solutions that give clinicians what they want and need at the point of care.

HIStalk Interviews Bill Marvin, CEO, InstaMed

March 15, 2017 Interviews No Comments

Bill Marvin is president, CEO, and co-founder of InstaMed of Philadelphia, PA.


Tell me about yourself and the company.

I started in healthcare in 1993, when I founded a company that was called CareWide. We did electronic claims and practice management software that we wrote to allow small physician offices to submit claims electronically. I grew that out of my parents’ attic into a business that eventually got bought, and then got bought by another company, and then eventually became part of Allscripts.

After that, I went to Andersen Consulting, where I landed in the health and life sciences practice focused on health plans, so now on the other side of the fence. I met my co-founder and partner Chris Seib at my first engagement in Minneapolis at UnitedHealthcare in April 2001. We’ve been working together ever since.

Andersen Consulting became Accenture. The Medicare Modernization Act was signed in August 2003. By 2004, I was consumed with thinking about how high deductibles and HSAs were going to change the revenue cycle. That’s when I asked Chris to join me and start InstaMed.

We started InstaMed in 2004. I was in Philadelphia and Chris was in Newport Beach, California. He had been working out of the El Segundo Accenture office. He would take technology and I would take everything else.

Other than that, I’ve got a wife and one son, who is nine years old. We live in the suburbs of Philadelphia. I travel a lot, but I love what I do. I love technology and I’m passionate about solving healthcare payments.

How have patient payments changed in the past couple of years and how do you think they’ll change in the future?

Health savings accounts first came around in January 2004. For the first four or five years, they were seen as an immediate tax haven for high net worth people. There were some other regions where employers adopted them, some states where HSAs popped up pretty quickly, but in the Northeast where I live, HSAs were really nascent. Companies like Bank of New York Mellon, which also have big wealth management businesses, were some of the first pioneers into HSAs.

When the Affordable Care Act came about, I think everyone in the industry took a big pause and held their breath because they weren’t sure what was going happen to HSAs. HSAs were put into legislation by the Republican Bush administration and here comes the Obama administration with the Affordable Care Act. You thought, maybe this is going to cut the opposite way. But in fact, when the products came out on the exchanges, everyone saw these high deductibles. Even higher deductibles than we had seen when HSAs and high-deductible plans were first launched.

People in the industry, at least on the banking side and the payment side, breathed a sigh of relief. They said, it looks like this train is going to keep rolling and deductibles are going to continue to rise. That’s in fact what has happened.

Costs out of pocket for consumers is a trend that I’ve seen rising since the mid-1990s, when co-pays effectively went to zero with HMOs. There was a competitive phase in the first half of the 1990s when HMOs were competing on price, dropping co-pays, and trying to make it more and more attractive. They went to a $10 co-pay, then a $5 co-pay, and then some HMOs went to $0 co-pays. Of course, we didn’t have high deductibles back then. The insurance picked up the tab for everything after that.

It was the mid-1990s when a lot of those HMOs went belly up, bankrupt, and got rolled up into UnitedHealthcare or others that grew rapidly at the time. That was the beginning of the increase that we’ve seen in consumer out-of-pocket spend. Since the mid-1990s, we’ve been on an upward trajectory, with some pause for the Affordable Care Act. But really, The Affordable Care Act has kept healthcare payments increasing. We see that continuing to increase.

What can a provider do to raise the consumer’s urgency of paying a medical bill to the same level as their unpaid cell or cable bill?

A lot of people use a lot of different excuses as to why payment experiences and bad debt in healthcare are different from other industries. We’re all the same population in the United States. We all have the same FICO scores that we go and get underwritten for mortgages and apartments. Yet somehow, we see such a different loss rate in healthcare than other industries.

The number one thing that we see is that you have to make it a consumer-centric experience, where the consumer is first in the experience. That starts with setting an expectation. When we check into a hotel, we know that if we buy a movie, it’s going to $15, or if we go to the minibar and get a soda, it’s going to be $5 or $10. No one knows exactly what they’re going spend when they check into a hotel, but somehow when they check out, the hotel gets the right amount billed to your credit card every time. You accept that amount. You don’t dispute it. Everything goes through a happy path.

In healthcare, it’s very similar. We don’t know what we’re going to need. We don’t know exactly how much things are going cost. Providers need to do a much better job of setting expectations. With one of our solutions called Estimator, which combines with our patient payment solution, you can set an expectation upfront and secure a card. Your bad debt goes down dramatically.

After you set an expectation, if you just ask the question, "Can I have a card to secure a payment method?" what we find is that about 85 out of 100 times, you’ll get a card. You’re not going to get a card all the time, but you will get a card. With InstaMed Estimator and with the InstaMed Payment Plan solution, we securely store that credit card, that bank account, or any payment method in our InstaMed digital wallet. Then, charge that card later when we know the exact amount.

That’s the direction that healthcare payments need to go in, but it’s not all solved with technology. It’s also solved with the expectation-setting by the provider.

Dental practices give you an accurate, upfront estimate and you then decide whether to proceed knowing the cost. Why is it different with physician practices and hospitals?

Two things in healthcare make it difficult. One is that the healthcare provider has given up the control of pricing by contracting with various health plans. They are accepting the rates that their local health plans are writing up for their members. If I’m coming in through Aetna for an office visit, I’m going to get a different reimbursement than if I’m coming in through UnitedHealthcare or the local Blues plan.

To further complicate things, in dealing with a health plan like Aetna or United, you may have multiple health plans within that entity. An employer that is self-funded may have different rates for their patients than an employer that is not self-funded.

The rates are unknown to the provider. The provider knows what they’ll charge you if they take cash right then and there for the visit, but they don’t exactly what you’re going to owe based on what insurance company you have.

The second thing that they don’t know is where you are in your benefit structure when it comes to co-pays and deductibles. Some benefit structures have $50 co-pays for an ER, or for an OR visit, some can be $200 to $500 for a co-pay. Then, there’s co-insurance or there’s a deductible on top of that.

In order to understand this, you need to have some kind of a data feed, like what we do with our real-time Estimator and Eligibility Network, where you can reach into the benefit structure that the health plan has for that patient. Understand where they are in their deductible. Understand what kind of benefit they have, whether it’s co-pay, co-insurance, deductible, or a combination. Then, understand what the services are going be adjudicated for at the fee rate that you’ve contracted with that health plan.

It’s a lot that I just said right there. [laughs] It’s complicated. It all comes from healthcare providers having entered into these contractual relationships, versus when you go into a store and they say, "All the watermelons are half off today." It’s your store. It’s your inventory. You decide that today, we’re going to sell watermelons at half price. You know how much it is and you’re done.

Pricing is a pretty basic business thing, but in healthcare, pricing is something that healthcare providers outsource to health plans.

How many patients participate in payment plans and what are the collection implications?

I look at things at a pretty macro level with InstaMed and what’s happening on our platform. We continue to see payment plans increase. We track on our platform how many payment plans exist at any one time and the value of those payment plans if they were all to be paid right at this time. It’s sort of like how a bank would track a loan portfolio — how many loans do I have outstanding and what’s the total asset base of all of those loans? That number continues to go up and up.

All of us today, when we’re seeing the larger charges in our healthcare lives, are in a situation where we didn’t plan to blow out a knee on a ski slope. We didn’t plan for that $2,000 worth of physical therapy. Unplanned events, for most of us in the United States, are events for which we don’t have cash readily available to tap. We may have to move money around or we may just not have the money.

More and more payment plans, when offered by the healthcare provider, will see immediate demand. Payment plans are a way for a healthcare providers to self-finance and increase the probability that they’re going get paid something rather than nothing. When you think about it, if you don’t offer a payment plan, you’re basically creating a binary outcome. You’re either going to get paid or you’re not.

When you create a payment plan, you take that binary outcome and create multiple outcomes. The probability of you getting nothing goes down, because you increase the probability of you getting one payment, or two payments, or three payments. That’s a good thing when it comes to reducing bad debt and a tool that I think every healthcare provider should have and should think about what kind of business rules and policies they want to put in place when deploying a payment plan.

Do you have any final thoughts?

In healthcare payments today, a lot of hospitals and large healthcare provider groups who are favoring their banking relationship for payments are doing a disservice to their patients in delivering a consumer-friendly healthcare payment solution as well as a secure and fully point-to-point encrypted payment solution. It’s  important to understand how payments have evolved technologically across all industries, but also, how healthcare is this unique industry where the consumer is becoming more and more and more a part of the payment equation. You need to think about the consumer experience and think about the security that’s involved in point-to-point encryption when delivering a healthcare payment solution for patients.

Morning Headlines 3/15/17

March 14, 2017 Headlines No Comments

Senate confirms Seema Verma to head Medicare and Medicaid

Healthcare consultant Seema Verma, an advisor to Vice President Pence when he was Governor of Indiana, is confirmed by the Senate as the next CMS administrator in a 55-43 vote.

Can a Machine Predict Your Death?

A Slate article discusses the use of data analytics in healthcare, including a project aimed at helping doctors more accurately predict life expectancy for terminally ill patients.

The Asthma Mobile Health Study, a large-scale clinical observational study using ResearchKit

A Nature study using an Apple ResearchKit-based mobile health app to conduct a large scale clinical study on asthma observes that while 40,000 participants downloaded the researcher’s app, only 8,000 went on to enroll in the study, and only 175 participants were still engaged at the 6-month period.

Institute for Healthcare Improvement and National Patient Safety Foundation Agree to Merger

The Institute for Healthcare Improvement announces plans to merge with the National Patient Safety Foundation, effective May 1.

News 3/15/17

March 14, 2017 News 20 Comments

Top News


ECRI Institute lists its “2017 Top 10 Patient Safety Concerns for Healthcare Organizations” that includes:

  1. Information management in EHRs
  2. Unrecognized patient deterioration
  3. Implementation and use of clinical decision support
  4. Test result reporting and follow-up
  5. Antimicrobial stewardship
  6. Patient identification
  7. Opioid administration and monitoring in acute care
  8. Behavioral health issues in non-behavioral-health settings
  9. Management of new oral anticoagulants
  10. Inadequate organization systems or processes to improve safety and quality

Reader Comments


From Greek Goddess: “Re: Epic. As you’ve shared, its non-marketing department has done a good job of making operating margin and revenue growth part of the industry narrative, claiming causation with Epic’s EHR. You’ve been a voice of reason here, along with Wall Street and others – stating the obvious that the tide has risen for the entire industry under more reimbursed care under ACA and Medicaid coverage. The proposed Republican plan will cause 14 million people to lose coverage next year per the CBO. It will be interesting to see what Epic’s non-marketing department does to pin those falling margins on the competitors if that happens.” Perhaps Epic’s snazzy charts will show that their clients enjoyed less-dramatically reduced margins than those of their competitors. It’s meaningless anyway since, as is nearly always the case in healthcare, correlation is easy to observe but causation is nearly impossible to prove.

From RIF’ed Me a New One: “Re: Aetna. Several friends were let go yesterday and were told it was because of the failed Humana acquisition. I’m wondering if anyone else was affected?” I assume that if HIStalk readers are reporting it, it probably affected Aetna’s Medicity or iTriage groups. Anonymous reports on suggest that both Aetna and Humana have been paring headcount since the federal government turned the hose on their mating ritual.

From Slammed CIO: “Re: HIMSS17 unsolicited follow-ups. Vendors are contacting me claiming that I visited their booth at HIMSS17, ones I didn’t talk to then and have no need to talk with now. Has something changed at HIMSS? I’m curious if other attendees are having this experience.” I’ve received only a handful of emails, and while I don’t recall having visited the booths of a couple of the companies that sent them, I might well have allowed them to scan my badge so I could get a snack or lip balm or something.

From Julian Assuage: “Re: anonymous communications. How can I send you something with full anonymity?” My rumor report form is anonymous other than it captures your IP address, which is inherent in the form tool I use (although I don’t look at the IP address anyway). You could use Guerrilla Mail, which offers both disposable email addresses and the ability to send anonymous email without registering or paying. Either method supports adding attachments if you are inclined to provide supporting evidence.


From Pellegrino: “Re: Elaine Remmlinger of ECG. She was supposed to start a project with us and is retiring, effective immediately. It seems the reported bloodletting of the former Kurt Salmon employees is true.” ECG confirms that Elaine has retired as of Monday, but adds that she will probably be transitioning clients and projects for a few weeks.

HIStalk Announcements and Requests

image image

We funded the DonorsChoose grant request of Ms. A in Illinois, who created a family involvement and social-emotional learning program for her community that is “plagued with low social-economic ills, gang infestation, and violence.” We provided VR headsets, geometry kits, robotics and electronic doodling pens, and other interactive tools to allow “virtual field trips.” 





Aging programmer test – how many of the four long-obsolete programming languages above can you identify without Googling?


March 29 (Wednesday) 1:00 ET. “Improving patient outcomes with smartphones: UW Medicine Valley Medical Center’s story.” Sponsored by Voalte. Presenters: James Jones, MBA, MSN, VP of patient care services and nursing operations, UW Medicine Valley Medical Center; Wayne Manuel, MBA, SVP of strategic services, UW Medicine Valley Medical Center. UW Medicine Valley Medical Center dramatically improved patient outcomes after moving to a smartphone-based platform for clinical communication and alarm and alert notification. Before-and-after analysis shows a reduction in hospital-acquired pressure ulcers and skin integrity events, fall and slip events, and medication errors. By limiting overhead paging, the medical center also created a calmer, quieter environment and improved engagement among nursing and hospitalists. Hospital executives will describe their experience and vision for the future in addressing quality, cost, and the patient-caregiver experience.

Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.

Acquisitions, Funding, Business, and Stock


The Hartford business paper profiles CareCentrix, which manages technology-powered post-acute care services for insurers. The company recorded $1.4 billion in revenue in 2016 in managing 23 million covered lives. CEO John Driscoll was formerly president of Castlight Health and was a Medco executive.


Medical cost containment vendor HMS Holdings will pay $170 million in cash to acquire Eliza Corporation, which offers consumer engagement and automated outreach programs.


A federal court rules that the contracts of medical supply competitive bidding site Medpricer violate anti-kickback law since the company charges fees as a percentage of the dollar volume purchased. The federal judge determined that the company violated the law since federal healthcare programs could eventually be billed for the goods. Medpricer sued medical device maker Becton, Dickinson, and Co. for refusing to pay its 1.5 percent fee for three successful bids even though Becton had inserted language into its bid indicating that it would not pay any fees.

Announcements and Implementations


The National Patient Safety Foundation and the Institute for Healthcare Improvement will merge. IHI President and CEO Derek Feeley will lead the combined organizations.


Henry Mayo Newall Hospital (CA) and Parkview Medical Center (CO) go live with Summit Healthcare’s Provider Alert clinical event notification and data exchange solution.

GetWellNetwork completes integration of its interactive patient care system with the VA’s VistA and other technology platforms.

Government and Politics


The Senate confirms health policy consultant and Medicaid expert Seema Verma, MPH as CMS administrator.


The President nominates Scott Gottlieb, MD to run the FDA. He is a venture partner, investment banker, and hedge funder advisor who sits on the boards of several drug companies and has advocated FDA de-regulation. He was FDA’s deputy commissioner for medical and scientific affairs from 2005 to 2007, director of medical policy development before that, and a member of the Health IT Policy Committee.


Trade association Health IT Now urges HHS Secretary Tom Price and Congress to review ONC’s regulatory role in health IT, citing ONC”s plans to review EHR product safety that are seemingly in conflict with FDA’s role and ONC’s “we’ll know it when we see it” certification process. Health IT is a non-profit group, but incorporated as a 501(c)(4) organization, meaning it can engage in political lobbying, endorse candidates, and make political donations. Health IT Now’s odd lot of members include drug companies and few second-tier healthcare associations, with notable dropouts over the years that I noticed in comparing old vs. new member lists being the American Academy of Nursing, the American Cancer Society, AHIMA, ANA, IBM, and several hospitals.



A Sweden-based design firm creates GenderEQ, a free iOS app that analyzes the percentage of time males and females speak during a meeting. I like the idea of calling out unintentional gender bias, but the app’s inherent shortcomings are obvious: (a) it may not always identify gender correctly by voice alone, and (b) it is not unreasonable that those of one gender might speak more than the other in a given meeting simply because of who is in the room or what roles they are serving in the meeting. I suggest a companion app that I’ll call TwitEQ, which matches who talked the most with the perception of fellow attendees that their comments were useful. Meeting dynamics encourage everyone to speak up, even those whose comments are of marginal value or relevance, especially in hospitals where too many people are invited and even more show up because they would otherwise feel slighted that decisions would be made without their self-assessed expertise.


Microsoft begins the rollout of Teams, its free workplace collaboration platform and Slack competitor, to Office 365 users. Somehow it’s comforting to see Northwind Traders used as a sample business as Microsoft always does.

Privacy and Security

From DataBreaches. net:

  • In New Zealand, a new physician practice system is taken offline when the Ministry of Health discovers that it sends data back to the vendor’s servers in unencrypted sessions.
  • A hacker who was previously arrested for stealing and selling 62,000 W2 forms of UPMC employees says he will plead guilty.
  • Denton Heart Group (TX) notifies an unstated number of patients that an unencrypted backup drive was stolen from a locked closet, exposing seven years’ of information.
  • BJC HealthCare notifies 644 program participants that their information was emailed among its service providers without encryption.


A review of an asthma study conducted using Apple ResearchKit apparently reaches an unexpected conclusion – fickle phone users are just as likely to allow their attention to wander from a clinical study over time as they are their use of any other app, as 6,500 baseline users yielded 2,300 who actively participated and 175 who completed a six-month milestone survey. Still, it’s not easy assembling a study cohort in general, so it’s probably not a bad outcome.

A Slate article ponders whether big data can be applied to predict when someone will die, contrasting the unbiased predictive capability of technology vs. the optimistic, subjective guesses of physicians. A NEJM opinion piece written by a Harvard ED doctor who is working on the technology suggests that the best use of such algorithms is by patients and families who can then make non-healthcare decisions for their remaining time, or as the Slate article concludes, “freeing us from trying to live longer so that we can just live.” 


A tiny study performed in a safety net clinic finds that both doctors and patients benefit when patients are given permission to enter topics of concern into the EHR visit note before their arrival.


Three clinicians from University Medical Center (LA) testify that they don’t know who entered a description of “accidental discharge of a gun” in describing the ED treatment of the wife of slain former pro football player Will Smith of the New Orleans Saints. Smith was driving drunk in New Orleans in April 2016 when he rammed the car of another man who then shot several times into Smith’s car, killing Smith and injuring his wife, Raquel. The attorneys of the shooter hope to use the medical record entry to get their client a new trial in claiming that Raquel Smith told the ED staff that her shooting was accidental. The clinicians say the description might have been entered by a medical billing coder who just chose the first available computer dropdown, noting that Raquel Smith’s chart contains another incorrect entry. When asked what Raquel Smith said when she arrived in the ED, the trauma director replied, “Going from memory, I think it was just, ‘I was shot,’ but that was about 900 gunshot wounds ago."”


Weird News Andy questions the wording of a description of a spontaneous breathing trial, which involves cutting back on ventilator breathing assistance to assess the patient’s ability to breathe on their own. WNA challenges this sentence: “If it is not clear that the patient has passed at 120 minutes the SBT should be considered a failure,” wondering if the purpose of the test is to kill the patient.

Sponsor Updates

  • HealthCare Synergy will offer Ability Network’s all-payer claims processing, follow-up, and denial management to its customers.
  • Gartner names AdvancedMD to its FrontRunners quadrant for EHRs.
  • Spok Chief Nursing Officer Nat’e Guyton, RN, MSN will lead a focus group titled “What Keeps You Up At Night?” at AONE in Baltimore, March 29-April 1.
  • KLAS includes Arcadia Healthcare Solutions in its 2016 Population Health Management Performance Report.
  • The Milwaukee-Wisconsin Journal Sentinel talks with GE Healthcare CEO of Clinical Care Solutions Anders Wold about the company’s plans to open a new facility in Wisconsin.
  • Aprima will exhibit at the AAPM Annual Meeting March 16-18 in Orlando.
  • The HIMSS EHR Association recognizes several companies, including GE Healthcare and Medhost, for adopting its new EHR Developer Code of Conduct.
  • Besler Consulting releases a new podcast, “Why adjusting wage index now can affect future reimbursement.”
  • Direct Consulting Associates will exhibit at the Ohio MGMA Winter State Conference March 17 in Columbus.
  • Dimensional Insight launches Version 7.0 of its BI platform.
  • Kay Morgan, VP for drug products and industry standards for clinical solutions at Elsevier, receives the Healthcare Distribution Alliance’s 2017 Distribution Management Award for industry leadership.
  • EClinicalWorks will exhibit at the 2017 VMGMA Spring Conference March 19-21 in Charlottesville, VA.
  • HBI Solutions makes its HIMSS presentations available for download.
  • HCS will exhibit at the NAPHS 2017 Annual Meeting March 20-22 in Washington, DC.
  • Jacksonville’s Business Journal includes The HCI Group’s Jarrod Germano in its “40 Under 40” list of most promising businessmen and women.
  • Healthgrades upgrades its website functionality in a number of areas.
  • Huntzinger Management Group offers its HIMSS presentation, “Portal Use Factors – The Keys to Patient Portal Adoption,” for download.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.


Morning Headlines 3/14/17

March 13, 2017 Headlines 1 Comment

 ECRI Institute Names Top 10 Patient Safety Concerns for 2017

ECRI’s Top 10 Patient Safety Concerns for 2017 includes information management in EHRs and use of clinical decision support tools.

Trump chooses Gottlieb to run FDA; Pharma breathes sigh of relief

President Trump nominates industry favorite Scott Gottlieb, MD to lead the FDA.

HHS secretary expresses concern on bill allowing employers to demand genetic tests

HHS Secretary Tom Price voices concern over the a House bill that would grant employers access to employee genetic test results.

Former Vice President Joe Biden at SXSW 2017: ‘Your government’ is how curing cancer ‘gets done’

Joe Biden speaks about the Cancer Moonshot Task Force and its future with the new administration at SXSW.

Curbside Consult with Dr. Jayne 3/13/17

March 13, 2017 Dr. Jayne No Comments

Even though I haven’t had my post-op clearance visit, I returned to patient care work today. Since I only see patients part time, our medical liability insurance is in the form of a “slot policy,” where multiple physicians share a single policy. Although it’s a cost-effective way to handle coverage for part-time physicians, it can make scheduling complex since you have to avoid exceeding the allowable hours for each physician on the policy.

My partners have been covering my shifts and I know it’s been a strain.Since I’m theoretically being cleared tomorrow, I figured I’d work. It helped that I was scheduled to work at one of our less-busy sites, so I wasn’t too worried about being physically overwhelmed.

No good deed goes unpunished, though, because I was greeted with a partial EHR outage. It was very similar to the recent Amazon Web Services outage in that we could document and scan images but couldn’t view any images or letters. The vendor did promise to keep us posted, but after 10 hours we had heard nothing.

Fortunately, we were able to keep documenting and seeing patients, but it’s annoying that they didn’t at least follow up every couple of hours with a status update. Overall, it was a slow day and I had brought some other work to do if things were quiet. Usually that’s a guarantee that you’ll stay busy, but not so much today.

My backup plan was to do some continuing education and watch some of the “on demand” sessions from HIMSS17, but they’re not posted yet. I instead started to enter my CME credits, and was reminded that the system is less user-friendly than I hoped. First, when you set up your transcript of courses you want to claim credit for, there are some usability challenges. When you select a class, it blanks the screen, forcing you to re-select the day every time you select a class. Second, you can’t select more than one class per time block. Once you select a course in that block, the rest of the options disappear. That makes sense for a live-only conference, but not so much for a conference where you can also earn CME from on-demand sessions.

I suspect it probably has to do with the requirements for CME approval. I think HIMSS was only approved for 22 CME hours this year, despite there being well over 100 sessions approved for credit. Many physicians struggle with the cost of CME, which makes me wonder why they don’t approve the conference for more than 22 hours, especially with the availability of on-demand courses. The content is broad and personally I prefer watching the sessions at home because I’m more focused than when I am in a group setting, especially if other attendees are distracting.

Although volumes were small today, they reminded me why I enjoy practicing medicine. When I first went into informatics full-time, I had about a year and a half gap where I didn’t see patients. Not from lack of interest, but from a lack of options for part-time family medicine docs with inflexible schedules. That’s when I started practicing urgent care and emergency medicine.

What we do certainly fits into the “life is like a box of chocolates” category. Where else can you see a patient roster that includes chief complaints of “fall on ice” and “poison ivy” in the same day after temperatures dropped from 70 to 20? Where else do you get first-hand knowledge of the aftermath of mechanical bull riding? (For those playing along with the home game, today’s answer was a fractured sesamoid bone in the thumb rather than the head injury you might expect.)

I also enjoy practicing medicine because I’ve finally found a spot in an organization where people are truly held accountable. Even in our state of rapid growth and geographic expansion, our leadership hasn’t wavered from their mission and vision. They’ve taken steps to reward employees who support those ideals. As a privately-owned practice, they are relentless in their ability to weed out slackers or those who aren’t committed to the mission. We run in a near-military culture and it’s not for everyone, but knowing your staff has your back (and most of the time is out in front of you getting it done before you even get there) makes being at work almost joyful.

We recently implemented a new bonus system. Instead of getting quarterly or semi-annual bonuses, staff members receive bonuses on an ongoing basis. Each month, every employee is given an allotment of “bonus bucks” to award to colleagues who are living the values. Although providers are on a different bonus structure (based on timeliness of care, quality, patient satisfaction, etc.) we have an allotment of bucks to give to staff. Each bonus award has to include specific commentary via hashtag of why the employee earned the bonus. Since providers have a large bank of bucks to give each month, people are eager to work quickly and efficiently and to operate truly as a team. We were doing well with the old system, but the new immediate recognition scheme has really pushed some people’s efforts over the top.

All employees can view a real-time suite of analytics showing top receivers, top givers, percent participation, and more. Bonus flow can be visualized as an activity network or via a word cloud that summarizes all the words used in the hashtag award notices. It’s pretty cool to watch how things flow over the course of time and across various teams – clinical, reception, radiology, and providers. Employees can cash in their bucks for gift cards, workplace swag, and even months without late shifts or in exchange for holiday shifts. Maybe it’s a bit gamified, but it’s working.

I’m glad to be back in the saddle and hope I’m fully cleared tomorrow, so I can get back in the air for my clients. My next two trips are to some of my favorite parts of the country and I’m looking forward to not being grounded any more.

Email Dr. Jayne.

HIStalk Interviews Michael Mardini, CEO, National Decision Support Company

March 13, 2017 Interviews 5 Comments

Michael Mardini is founder and CEO of National Decision Support Company of Madison, WI.


Tell me about yourself and the company.

National Decision Support Company provides decision support criteria and algorithms that are based on national standards, seamlessly embedded inside of EMRs so that physicians can be aided in making the most appropriate care decisions for their patients at the appropriate time.

What’s the status of Medicare’s advanced imaging requirement?

We’ve gotten some clarity, but there’s still a little bit of fuzziness. It is scheduled to go live on January 1 , 2018. It require physicians to do a consultation with appropriate use criteria for advanced imaging studies for Medicare Part B cases.

What has not been identified yet is the reporting and the claims process. We are going to get some information on that in the next rule-making cycle, which will come out in early July of this year from CMS. There’s still a little bit left to learn, but we think the January 1, 2018 date for the consultation piece is going to hold.

Who doesn’t get paid if the requirement isn’t met?

That is an interesting question. It is the radiologist. It is the radiologist’s responsibility to submit proof that the doctor who gave them the referral did a consultation.

On the back end, ordering clinicians who do not consult appropriately face some penalties by way of prior authorization and further scrutiny around ordering once they get some data over the couple of years, but initially it’s on the radiologist.

Are radiologists willing to accept that change in their workflow in making sure referring physicians went through the mandated steps?

It’s very similar to the commercial prior authorization number. There’s some identifier that is going to be the evidence that there was a consultation done and the clinical decision support mechanisms are required to produce the unique identifier as evidence of a consultation. That number will have to be placed on to the claim that the radiology group submits. They haven’t fully defined what the claims requirements are. There may be some additional data aside from that number, but the workflow is going to be similar.

Your system has to be used by the ordering physician rather than the radiologist, correct?

The ordering physicians are the ones to primarily interact. The radiologists will interact with our system if it’s an unaffiliated referrer to confirm that the decision support number that they have gotten is valid. We think that radiologists will access our solution to confirm that they have a valid number, but with the interaction of AUC and CDS, it’s the ordering doctor, yes.

Is it correct that radiologists are either sent a valid number or they aren’t and they can’t obtain the approval ID themselves?

That’s a very common question that we get. Radiology groups ask us whether they can perform the AUC interaction, even on the phone, so a doctor calls in and they can capture the information. Right now there’s nothing in the regulation or in the statute that would indicate that the radiologists can do that. The onus is on the ordering clinician to do a consultation. It makes sense. This is supposed to be informative and educational to help doctors make the best choices.

What other types of clinical decision support beyond advanced imaging have you added to CareSelect since we last spoke a year ago?

Inside of imaging, we’ve added pretty big sets of criteria for the American College of Cardiology as well as National Comprehensive Cancer Network. Outside of imaging, we’re focusing on some key areas. There’s labs, which is a very similar kind of an issue that’s being faced in imaging. Medications, and when we talk about meds, the entire corpus of meds is impossible to address, but you’ve got some high-cost and specialty meds that need attention.

We are rolling out a solution around opioids, both from a clinical decision support angle as well as a state registry submissions and reviews for opioids. Blood management is also a big topic where there’s some strong criteria out there that needs to be delivered. We’re getting into antibiotic and microbial stewardship, where there’s also some good content out there that absolutely needs to be delivered to help improve decision-making. Admission Level of Care optimization is also a big area of interest.

A year ago, CareSelect was this generic content delivery mechanism focused primarily on the Choosing Wisely initiative. Over the last year, we learned a lot about what the market needs and we’re reacting.

Other companies take the content approach in which the EHR vendor builds their product around a third-party database and handles the user interaction natively within their product. What’s the challenge of offering an integrated service instead?

It’s interesting and it touches the heart of what we do. We start as a hosted content management platform. We use a common web services standards based mechanism to integrate with these EMRs. You can imagine this ability to manage, create criteria, use a single mechanism and a single UI inside of an EMR to deliver thousands of sets of criteria. Whereas all these EMRs have a facility for their customers to build criteria, but these require big build efforts with multiple files created locally that need to be managed.

In our architecture, it’s a common feed. With the CareSelect platform, the technical challenge on the EMR integrations side is simplified. The work on managing the content is taken off the back of the EMR.

Are EHR vendors generally cooperative in adding another company’s product to their systems?

One of the reasons we do well with the EMR vendors is that from a workflow perspective and eyes on the screen, we leverage their platform. There is no CareSelect application. There is no NDSC platform installed locally. We’re leveraging all the native windows that are in the EMRs.

In a sense, we’re adding value to the EMR. The perception to the user is that this is a native EMR alert. There’s nothing foreign about what we are doing, so from the EMR’s perspective, we’re adding value.

Small vendors always complain that the EHR vendors lock them out. Would your approach work with other types of solutions?

There are always challenges around interoperability. I say this all the time — I think these EMR vendors get a bum rap, I honestly do. There is data out there and there are ways to integrate. One of the challenges, or one of the things that I often hear out there with customers, is complaints about vendors that are making offers to solve problems that aren’t reliably solvable, either because the data’s not all there or reliably accessible.

There’s a lot of reasons for that. For us, we stay within ourselves. We understand what we can solve and what we can’t solve and that’s what we deliver. We have good relationships with these EMR vendors. It takes patience. What you ask for today you might not get for another 12 months and that’s fine as long as you can plan for it. These guys have an unbelievable amount of work to do in just delivering everything that these EMRs have to do.

We have our little world, as every vendor does selling their individual solutions. I couldn’t Imagine having to put a ubiquitous system in like a Cerner an Epic or Meditech to satisfy the needs of a couple of thousand doctors and administrators, all with different and sometimes conflicting needs. It’s a challenge and I applaud them for that. Now tack on integrating hundreds of third-party apps all with a different idea of how they want to exist on the desktop. Not fun.

How do you see the future of the company and the ongoing availability of the industry group vetted guidelines that you use?

Sites and hospitals and doctors want to use content for its clinical efficacy. They want to make the right decisions. They prioritize which clinical content sets they use in choosing those that solve a clinical problem, but also address an administrative problem or a business problem. A lot of that has to do with connecting out to payers or their population health platform.

An example would be to ease the prior authorization process, or a notification process, or actively being a part of a population health initiative in an ACO. Using the clinical data and the decision support as a part the workflow to ease the data exchange and communication burdens, for lack of a better term, just to get paid. That’s the cross-section for a decision.

If you’re looking at 40 opportunities to deliver guidance, the 20 that they pick would be the ones that also of have a financial and operational impact. That’s what we’re seeing a lot of. We have hundreds of criteria and the ones that people want to implement are those that are clinically valuable, but that also have an operational and financial impact on their operation.

Morning Headlines 3/13/17

March 12, 2017 News No Comments

House Republicans would let employers demand workers’ genetic test results

HR 1313, which made its way through the House Committee on Education and the Workforce, approves a bill that would allow employees to offer significant reductions on insurance premiums if they participate in workplace wellness programs. Employers would be granted access to results from genetic screenings conducted as part of the program.

Following Health-Care Tweet, Medicaid Official Cancels SXSW Appearance

Medicaid’s chief medical officer Andrey Ostrovsky abruptly cancels his scheduled SXSW appearance after publishing a tweet critical of the AHCA bill.

Top neurosurgeon Johnny Delashaw resigns from Swedish

Johnny Delshaw, MD and chair of Swedish Neuroscience Institute has stepped down from his role at Swedish Health following a Seattle Times investigation that exposed widespread concerns about his practices.

Q&A: Healthcare software ‘should be a joy to use’

In an interview with Modern Healthcare, Epic CEO Judy Faulkner discusses physician burnout, EHR dissatisfaction, increased cybersecurity threats, and the future regulatory burdens the health IT industry will face.

Monday Morning Update 3/13/17

March 12, 2017 News 5 Comments

Top News


House bill HR 1313, the Preserving Employee Wellness Program Act — which was approved in straight party line voting in a House committee last week — would allow employers to mandate that their employees undergo genetic testing and share their results to earn insurance premium rebates.

Companies can’t ask for non-voluntary employee genetic analysis today, but the new law would allow employers to require those tests if they are offered as part of a workplace wellness or disease prevention program.


The bill could end up in the second phase of ACA repeal legislation. It is sponsored by Rep. Virginia Foxx (R-NC).

Reader Comments


From Undervalued: “Re: American Board of Internal Medicine. Called me this evening to take part in a paid survey about unnecessary testing. Doctors are paid $50 for participating, except family practice docs get only $40. As fellow PCPs, ABIM should be ashamed for its undervaluation of family practice colleagues.” I wanted to weigh in on ABIM’s insulting approach, but I got distracted by trying to remember which 1970s band had a psychedelic-looking logo like ABIM’s.


From Stats Rat: “Re: HIMSS publication survey. Says 70 percent of HIMSS17 attendees are actively seeking or planning artificial intelligence.” I don’t think I would draw too much insight from a “top story” based on a survey with just 70 responses.

From Bill Gates’ Brother Pearly: “Re: webinars. Could you offer CMEs or other CEUs to participants? Accredited organizations might be willing to help and you could have more topics related to informatics.” I like the idea, but would indeed need external help since I recall from long-ago hospital experience what a pain it is to accredit educational programs for CEUs.


From Trenton Medusa: “Re: Salesforce Health Cloud. You said you liked what you saw at the HIMSS conference. How much of it was real?” I saw just a short demo of one use case. I was mostly intrigued by the possibilities of having a large, technically sophisticated customer relationship management player turn its focus to health system-physician and physician-patient interaction. Health Cloud is a new offering and I’m not sure that either Salesforce or its prospects have a clear vision of how it can be used. I’m also not sure that Salesforce and its reps are prepared to devote the level of hand-holding that health systems have grown to expect in assuming that their vendors will tell them not only how to use their software, but how the health system should conduct its business (we chronically insecure health systems want vendors to share what they’ve learned at other sites). Lastly, the Salesforce model often involves selling third-party products and services to meet particular needs and that will require money and management of additional vendors. My conclusion is that health systems need to determine for themselves how much of the potential of Health Cloud has been realized at a live site and have a clear plan what they’ll do with it. I’m interested in hearing about firsthand experience.


From Pliny: “Re: medication compliance apps. What do you think of them?” Not much, starting with their premise that people are supposed to be obediently “compliant” with orders from their paternalistic doctors. Some patients – especially those on many medications with complicated schedules – could benefit from meds-due reminders, but I suspect the real problem is a lot more complicated than just issuing appropriately timed beeps or alerting the doctor that the pill bottle wasn’t opened at the right time. Examples:

  • They don’t understand the purpose of the therapy, question its value, or weren’t given the chance to discuss the expected benefit and outcomes before the prescription was generated.
  • They left their rushed encounter without remembering what they were supposed to do.
  • They can’t afford the medication.
  • They are adjusting their own doses for what may or may not be good reasons.
  • Their doctor and/or pharmacist didn’t do a good job explaining how or when the medication should be taken or didn’t develop a trustworthy rapport with them.
  • They are experiencing side effects but don’t know what they should do about them.

From Robert Lafsky, MD: “Re: police technology. Note medical parallels – text-based recording, proprietary databases, and enthusiastic adoption of technologies without adequate trials.” A law professor’s editorial says we spend $100 billion per year on public safety without really knowing which police tactics or technologies work and without conducting any sort of cost-benefit analysis. It calls out expensive gunshot sound detection system ShotSpotter, which is being used even though police departments haven’t analyzed whether it has decreased incidents or increased arrests. The article also notes that, as in healthcare, it’s hard to identify causation vs. correlation and it’s even harder to quantify events that were prevented.

HIStalk Announcements and Requests


My not very conclusive poll finds that the health IT business will either get better or will get worse. Perhaps the only takeaway is to avoid making a plan that involves it remaining the same.

New poll to your right or here: In your most recent physician or hospital encounter, were your electronic records from other providers available and reviewed?

image image

Mrs. R’s second grade English as a Second Language class in New Jersey is using the document camera we provided in funding her DonorsChoose grant request to perform their work on the classroom whiteboard, which gives the students confidence and instant feedback from their classmates. It also eliminates teacher photocopying time and expense. I like funding document camera projects because they are high impact, super low cost at less than $200, make it easier for the teacher to make lessons interactive, and help teach students vital presentation and persuasion skills.


Welcome to new HIStalk Gold Sponsor ROI Healthcare Solutions. The Atlanta-based consulting firm, founded in 1999, offers legacy application support, application management services, ERP optimization (as an Infor Global Alliance Partner), supply chain EDI, staff augmentation, and enterprise content management services. The company’s expertise includes Epic, Cerner, McKesson, Allscripts, RelayHealth, and Hyland. The company offers case studies and a client list. McKesson has named the company as a support partner to provide post-sunset support for Horizon Clinicals. President Jim Jancik’s 25-year career includes experience with CGEY and McKesson, while founder and EVP Kathy London spent time at McKesson, Siemens, and Healthcare Systems Management. Thanks to ROI Healthcare Solutions for supporting HIStalk.


Dear health IT site that isn’t owned by HIMSS for a change: API stands for application program interface. You should check out this thing called Google.

Listening: Doro, the German metal queen (formerly of Warlock) who’s still banging heads at 52.

This Week in Health IT History


One year ago:

  • The New York Post cites unnamed sources who predict patient harm from the rushed Epic implementation of NYC Health + Hospitals.
  • McKesson sells its ambulatory EHR/PM products to E-MDs.
  • MD Anderson Cancer Center goes live on Epic.
  • New VA leadership announces that it is reassessing whether the VistA EHR fits into its long-term plans.
  • CMS pledges to remove Social Security numbers fro Medicare cards starting in April 2018.


Five years ago:

  • Former HHS CTO Todd Park is named US CTO, replacing Aneesh Chopra.
  • Greenway Medical Technologies announces its first quarterly results as a publicly traded company.
  • Wexner Medical Center at Ohio State goes live on Epic.
  • Kevin Fickenscher, MD is named president and CEO of AMIA.
  • Hotel reservations were opened for HIMSS13 in New Orleans following the conclusion of HIMSS12 in Las Vegas.

Weekly Anonymous Reader Question

Here are the reader responses I received to last week’s question: describe an unethical decision your employer made in the past year:

  • Brazen, intentionally fraudulent overcoding seems to be acceptable, according to publicly available Medicare data. Explain why some of your local doctors have 100 percent of visits billed at 99215, which is impossible since there’s not enough time in the appointments and not every patient qualifies for a level 5. Medicare turns its back, ACOs permit it, the press doesn’t care, and it’s too complex for patients to understand, so Medicare keeps paying and healthcare costs keep going up.
  • My former employer pushed sales of a broken piece of software REALLY hard. We also didn’t have the resources to implement it in any sort of reasonable timeframe. Alternately, they fired a woman in the middle of a long fight with brain cancer.
  • Awarded bids to vendors on sole source contracts when an RFP is the rule.
  • Hired his daughter to work in our group. So uncomfortable for everyone.
  • Actively would not admit to customers that we knew we were going to miss contractual deadlines because sold product offerings hadn’t even been agreed to or started, and that left staff hanging in front of execs and colleagues at customer site in a state of lying through omission or avoidance. It was very trust abusive practice of what was explained to me as "incremental disclosure."
  • Should we continue to bill for a physician who is billing for telemedicine visits as office visits?
  • The CEO of the hospital pressuring physicians to write narcotics for patients who would complain if they did not get them when they were not warranted . All for patients satisfaction scores and money.
  • Moved an outpatient IV treatment center to inpatient AO center just because they could charge way more despite increased co-pay and inconvenience for patients.


This week’s reader-suggested question: what’s the dumbest EHR design flaw you’ve seen recently? Inpatient or outpatient, as a user or as a vendor, tell us what you’ve seen.

Last Week’s Most Interesting News

  • Google’s DeepMind Health announces plans to create a blockchain-like patient record and auditing tool.
  • The Republican ACA repeal bill makes its way through the House, with opposition express by several healthcare groups.
  • VA Secretary David Shulkin tells a House committee that the VA should move to commercial software products rather than build its own.
  • Shares of NantHealth drop sharply after a report described founder Patrick Soon-Shiong’s $12 million donation to the University of Utah that required it to purchase $10 million of NantHealth’s services, also allowing the company to inflate the success of its GPS Cancer screening test.
  • India-based Tech Mahindra announces that it will acquire The HCI Group for $110 million.
  • The Advisory Board Company settles its differences with an activist investor.


None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.

Acquisitions, Funding, Business, and Stock


ZirMed will lay off 60 employees, about 9 percent of its workforce, as consolidation and acquisition of physician practices reduce its customer count and the need for support technicians for obsolete products. The layoffs will be equally spread among offices in Louisville, Chicago, and Culver City, CA.


NantHealth’s share price slide continued through last week, closing at $4.33, down 77 percent from their first day of trading in June 2016.


  • Gordon Hospital (GA) will go live with Oracle PeopleSoft In October 2017.
  • Fairview Maple Grove Hospital (MN) will go live with Omnicell’s automated dispensing cabinet System in 2018.

These provider-reported updates are provided by Definitive Healthcare, which offers powerful intelligence on hospitals, physicians, and healthcare providers.



Navicure hires Kermit Randa (PeopleAdmin) as chief growth officer.

Privacy and Security


Several employees of community physician groups and one employee of a contracted vendor are fired after inappropriately accessing the medical records of pediatric patients of VCU Health System (VA). 


A reader-forwarded email suggests that a GetWellNetwork payroll employee has fallen for the now-common W2 phishing scam where an unknown hacker impersonating the CEO sends an email asking for a file of year-end employee tax records. Above is an example of an authentic-looking email intended to harvest the information needed to obtain fraudulent tax refunds.


Epic’s Judy Faulkner has made herself uncharacteristically available for interviews lately. She tells Modern Healthcare that physician burnout started 20 years ago when they lost their fight for healthcare control and government and big business took over. She says her focus is on making the company’s software a “joy to use,” helping derive value from data, and emphasizing collaboration. The 73-year-old Faulkner says she doesn’t see her role at Epic changing over the next five years.


Neurosurgeon Johnny Delashaw, MD — chair of the Seattle-based Swedish Neuroscience Institute — resigns three weeks after the local paper publishes an expose of internal complaints about the organization’s culture of retribution, inappropriate care, and the lack of participation by Delashaw in surgeries for which he generated $86 million in his first 16 months on the job. He left OHSU in 2012 as Oregon’s highest-paid state pensioner at $663,000 per year, earning more than even the former University of Oregon football coach.


Weird News Andy says he should at least have gone to a branch office before mouthing off. A Wyoming ski instructor who cut his jump between two trees too close has his lip pierced by an 18-inch tree branch, after which he called out to his friend, “Hey, look, I just got a new piercing.” The hospital removed the stick, after which the ski dude was happy because he could drink beer through a straw. His GoFundMe campaign raised enough money to cover his $1,250 insurance deductible, although many commenters weren’t sympathetic that he wasn’t willing to pay for his own mistake while another added, “The bigger problem with America is that it costs $1,000 to pull a stick out of someone’s face.”

Sponsor Updates

  • Salesforce earns the number eight spot on Fortune’s list of 100 Best Companies to Work For.
  • The SSI Group will exhibit at the 2017 NCHFMA Annual Meeting March 12 in North Carolina.
  • The Utah Business Insider podcast features Solutionreach CEO Jim Higgins.
  • ZeOmega will exhibit at the Women Leading Business Healthcare Summit March 15-17 in Las Vegas.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.


Morning Headlines 3/10/17

March 9, 2017 Headlines No Comments

GOP Health Bill Clears 2 House Panels After Marathon Sessions

The AHCA bill passes votes in the House Energy and Commerce Committee and the House Ways and Means committee, leading up to a final House vote tentatively scheduled for the week of March 20.

Cerner, State and Local Leaders Commemorate Innovations With Ribbon-Cutting

Cerner opens the first of two towers at its new Innovation Campus.

Partners gets a fiscal health warning

Partners Healthcare (MA) has its credit outlook downgraded from stable to negative, with analysts noting that they are not concerned with the temporary bottom line hit from its Epic implementation.

Trust, confidence and Verifiable Data Audit

Google’s AI subsidiary DeepMind announces that it will build out a blockchain-like data audit tool for its healthcare customers.

News 3/10/17

March 9, 2017 News 2 Comments

Top News


Two House panels approve the Republican ACA repeal bill, sending it to the House floor. The Ways and Means committee required an 18-hour session to endorse the American Health Care Act, while the Energy and Commerce Committee’s marathon hearing lasted more than 27 straight hours before ending with a straight party line vote.


President Trump immediately began pitching the bill, while House Speaker Paul Ryan brought out a PowerPoint presentation hoping to gain support while declaring that the bill is a “binary choice” that suggests taking it or leaving it, now or never, with no significant changes. Sources indicate that the President told a conservative group that if the bill isn’t passed, he will allow the Affordable Care Act to fail and then blame Democrats.

The American Health Care Act has yet to be scored by the Congressional Budget Office to estimate its cost and the number of uninsured Americans before and after its implementation. On record as opposing the bill in its present form are the American Medical Association, the American Hospital Association, the Association of American Medical Colleges, the American Nurses Association, AARP, and a surprisingly bold Medicaid Chief Medical Officer Andrey Ostrovsky, MD. {correction: I originally wrote that Ostrovsky was appointed by the Trump administration, which is incorrect. He joined CMS in September 2016).

Reader Comments


From Pixelator: “Re: Epic’s App Orchard. It follows the Apple App Store model from what I can tell. Apple doesn’t look at or copy code from apps, but it also doesn’t want to be sued by a developer of a minor app if it expands its own product into similar territory. I doubt any EHR vendor gives unfettered access to their APIs or data models that allows a vendor to sell derivative works without any control by the EHR vendor, but I’m interested in the first-hand experience of others with Cerner, Allscripts, etc.“

From Squidward Tentacles: “Re: single-payer system. I’m interested in your thoughts after reading this article in a left-leaning publication.” I’m in favor of universal healthcare, I say after years of arguing otherwise. The US is the stubborn outlier among developed countries and we’re spending ourselves into bankruptcy (both as individuals and as a nation) while lagging the pack on health indicators. Universal healthcare doesn’t necessarily mean a government-run program or one that gives citizens a blank check for their every healthcare need. Unfortunately, we’ll probably continue to out-spend and out-die our peer nations since we’ve allowed healthcare to become a political and economic class football. Our system is mediocre to good for those with means, bad for those without, and worse still for those who have income and assets that can be wiped out with a single, inevitable medical event.

HIStalk Announcements and Requests

image image

Reader donations funded the DonorsChoose grant request of Ms. P in Oklahoma, who asked for hands-on learning stations for her class of learning-disabled kindergartners. She says the kids love the sight word mats, are having fun with watercolors, and are using the chalkboard for practice work.

I was thinking that it’s probably time to buy a new laptop since the $300 one I use as my only computer (other than my Chromebook) is several years old. I’m discouraged that the laptop market seems dull, with prices higher than I expected and poor customer reviews. I’ve been scouring ads from BestBuy and the office supply stories for weeks with nothing rising above the pack. I was thinking it that it makes sense to upgrade when buying something new, like getting 16GB of memory and maybe a solid state drive, but I don’t want to spend $1,000 to replace a $300 device, especially when I don’t need or want a touchscreen or a two-in-one laptop. I thought sure I would feel outclassed and then be overcome with tingly anticipation upon seeing what has improved in the intervening years, but I haven’t missed much.

This week on HIStalk Practice: GuideWell acquires PopHealthCare. The Bronx RHIO selects population health reporting tools from Imat Solutions. CMS opens up 2018 Next Generation ACO applications. First Stop Health raises $1.6 million. Fitbit rethinks its product lines. PCPs in Maryland form the Chesapeake IPA. Health Fidelity’s Chris Gluhak offers HIPs tips for MIPS. Alternative Family Services selects Core Solutions EHR. A Helping Hand of Wilmington implements Mediware’s AlphaFlex. This month’s Winners Circle features Albert Wolf, MD and Todd Wolynn, MD of Kids Plus Pediatrics in Pittsburgh.


None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.

Acquisitions, Funding, Business, and Stock


San Francisco-based online medical clinic Virta Health, which launched this week with $37 million in funding, says it hopes to reverse type 2 diabetes in 100 million people by 2025 using individualized nutritional analysis and artificial intelligence-powered continuous monitoring and coaching. Founder and CEO Sami Inkinen also co-founded real estate site Trulia.


Investors in China are souring at the prospects of the country’s 2,000 mobile health apps that offer consumers alternatives to overcrowded hospitals. At least three apps — of the several hundred that have attracted investments — have hit $1 billion in valuation, but investors are beginning to question whether they will ever make money since the only revenue source for the apps is advertising. The most-used medical app, insurer-owned Ping An Good Doctor (which offers free doctor consultations), raised $500 million in a Series A funding round last spring that valued the company at $3 billion. Search giant Baidu shut down its mobile health unit and at least 27 medical app vendors have closed after burning through their investor-provided cash. The surviving app vendors are trying to pivot in working with hospitals or insurance companies.

Telemedicine platform vendor GlobalMed acquires competitor TreatMD.

India-based offshore medical coding vendor Omega Healthcare Management Services acquires North Carolina-based analytics vendor WhiteSpace Health, which has development offices in India. WhiteSpace Health co-founder Sy Yellamanchali was previously SVP with MModal.


PokitDok raises an unspecified strategic investment to further develop its APIs and blockchain solutions, increasing its total funding to $48 million.


Cerner opens the first two towers of its Innovation campus, its seventh in the Kansas City area.



Mount Sinai Health System (NY) chooses patient-provider matching from Kyruus for its Physician Access Services team that handles referrals for 700 providers.

Adventist Health System chooses Premier’s pharmacy clinical surveillance and analytics for medication management and antibiotic stewardship programs. Premier acquired the former TheraDoc from Hospira for $117 million in August 2014.



MD Anderson Cancer Center President Ron DePinho, MD resigns, explaining that the organization needs someone who can inspire unity and apply operational focus. MDACC has struggled with a deteriorating financial position that it blames on its Epic implementation, among other factors, and has stumbled in its $62 million failed attempt to use IBM Watson for cancer care.


CareCloud hires Greg Shorten (Validic) as chief revenue officer.

Announcements and Implementations

Medecision launches Aerial Bundled Episode Manager, which helps IDNs working under bundled payment arrangements to better identify and care for high-risk patients.


Google’s DeepMind Health subsidiary will implement a blockchain-like Verifiable Data Audit to provide hospitals with an audit log of how the information of their patients was handled. The company says its method is different from blockchain because it will not require heavy duty computing and will be able to call out changes to any part of the stored data. According to the company,

We’ll build a dedicated online interface that authorized staff at our partner hospitals can use to examine the audit trail of DeepMind Health’s data use in real-time. It will allow continuous verification that our systems are working as they should, and enable our partners to easily query the ledger to check for particular types of data use. We’d also like to enable our partners to run automated queries, effectively setting alarms that would be triggered if anything unusual took place. And, in time, we could even give our partners the option of allowing others to check our data processing, such as individual patients or patient groups.

Government and Politics

VA Secretary David Shulkin tells the House Veterans Affairs Committee, “I’ve come to the conclusion that VA building its own software products and doing its own software development inside is not a good way to pursue this. We need to move toward commercially-tested products.”

Conan O’Brien creates a modestly funny ad that lampoons this week’s comments by Rep. Jason Chaffetz (R-UT), who lauded removing the ACA’s individual mandate and said that Americans should invest in their healthcare instead of the latest iPhone. The video also made me think of the digital heath evangelists whose never-ending parade of questionably useful apps are their hammer in search of a nail. Meanwhile, Chaffetz’s comment led family physician Kathryn Allen to immediately file paperwork to run against him.



Debt rating services revise the credit outlook of Partners HealthCare (MA) from stable to negative following its $108 million fiscal year operating loss. Analysts are worried most about continuing losses in the company’s Medicaid insurance business, adding that they aren’t worried about the temporary bottom line hits from its Epic implementation and office consolidation project.

In Minnesota, Fairview Health Services and HealthEast Care System announce plans to merge.


Western Missouri Medical Center (MO) outsources its patient billing after patients complain about the confusing bills sent by its Cerner billing system.


Cancer researcher Carlo Croce, MD, who has been awarded $86 million in federal research grants, has been the subject of several allegations and whistleblower complaints regarding falsified data that include Photoshopped western blots, according to a New York Times investigation. Journals have updated 20 of his papers with corrections, retractions, and editors’ notices, but Ohio State University – the recipient of $8.7 million from his grants – has repeatedly cleared him of wrongdoing. Croce had previously joined a scientific advisory board of a tobacco producer-funded group that tried to convince the public that smoking doesn’t cause cancer. It’s interesting to me is that he’s an art collector, with 400 paintings by Italian masters displayed in the 5,000-square-foot gallery he added to his $3 million mansion. Cancer has bankrupted a lot of people, but some have become wealthy from it.

Add this to the long list of reasons that “semi-private” hospital rooms make no sense at all. An inpatient returns to his bed after undergoing tests and finds that his credit cards and cellphone have been stolen from his bedside drawer. Authorities later investigating fraudulent charges on his card arrest the perpetrator – the guy who shared his hospital room.

The family of a South Carolina man who died of a severe allergic reaction sues Union County Medical Center (SC), claiming that when its locum tenens ED doctor wasn’t able to intubate him, the doctor then viewed a YouTube video on performing a cricothyrotomy, which also failed. Police arriving to investigate found the video still up on the doctor’s computer screen.


Weird News Andy exclaims with his best Monty Python accent that “I’m not dead yet” in describing the findings of ICU doctors in which patients showed brain activity after being declared clinically dead.

Sponsor Updates

  • PokitDok launches its API developer tools on AWS Marketplace with bundled plans for patient check-in, health insurance administration, and out-of-pocket estimates. 
  • The features Impact Advisors Principal Eric Gerard in “What’s the Future of Healthcare?”
  • Imprivata presents at the Massachusetts Health Data Consortium’s event on healthcare’s identity crisis.
  • Ingenious Med’s Practice and Enterprise charge capture and care coordination technology earn HITRUST CSF Certification.
  • InterSystems shares its show-floor presentation from HIMSS17 featuring Laura Adams from the Rhode Island Quality Institute.
  • Intelligent Medical Objects will exhibit at the Cerner UK Collaboration Forum March 13-16 in London.
  • Ovum Report recognizes Liaison Technologies as a leading B2B integration managed services provider.
  • Gartner names LogicWorks a leader in the 2017 Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide.
  • Meditech will host its Certificate Program in Clinical Informatics as a distance learning course March 21 through May 25 at MassBay Community College, Rowan College at Burlington County, and the Deborah Heart and Lung Center.
  • NVoq will exhibit at the AAOS Annual Meeting of Orthopedic Surgeons March 14-18 in San Diego.
  • Obix Perinatal Data System will exhibit at the AWHONN West Central Michigan Chapter Conference March 15 in Grand Rapids.
  • Experian Health will exhibit at HFMA Western PA March 13-14 in Washington, PA.
  • PerfectServe will exhibit at the Renal Physicians Association Annual Meeting March 17-18 in Nashville.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.


EPtalk by Dr. Jayne 3/9/17

March 9, 2017 Dr. Jayne 3 Comments

I’m still getting back into the swing of things following my recent adventure in healthcare. I’ve enjoyed the relative downtime, although I’m getting a little stir crazy. Hopefully I’ll be cleared for travel early next week so I can keep the good stories coming from the trenches.

In the mean time, I’ve been going through my post-HIMSS and post-hospital mail. A couple of vendors need to get some money back on their marketing efforts: the postcard from eClinicalWorks arrived on Monday after HIMSS had already started, with an invitation to “The Way of Tea” at the Vital Images booth arriving on Tuesday. The grade schooler who picks up my mail when I’m gone does an excellent job sorting and bundling so that I know what mail is the oldest. I can’t wait until he grows up – I see some serious potential as a process improvement specialist.

I’ve been working my way through loads of email. A special thank you to all of you who sent well wishes and good vibes for a speedy recovery. It was nice to have those little rays of sunshine popping into my inbox.

I was glad to have been on sick leave from my clinical position because I was supposed to be working the day the big Amazon Web Services outage hit. Our vendor sent quite a few emails apprising users of the status. They were apparently having a partial outage, where users could document visits but could not see images, forms, and letters. You can have a really great downtime strategy in the office, but you never know how things are going to unfold when an outage hits.


CMS has finally updated its website with Clinical Quality Measures information for the 2017 performance period. The Meaningful Use domains have been removed and now the measures align with the Quality Payment Program and its Merit-based Incentive Payment System (MIPS) and Advanced Alternative Payment Model (APM) tracks. CMS invites people to submit questions about the documentation, but I wouldn’t hold my breath waiting for a response. I’m still waiting for clarification on some Chronic Care Management questions from earlier in the year.

I’ve also had a ringside (couchside?) seat for the release of the American Health Care Act, with plenty of time to digest the back-and-forth commentary from politicians and healthcare leaders. I finally had to step back after a while because it’s going to go on for months as everyone tries to get their piece of the action with the usual wheeling and dealing, negotiations, and amendments.

The so-called “repeal and replace” legislation is only 4 percent the size of the Affordable Care Act (120-odd pages vs. 2,700) so the devil will truly be in the details. I’ve talked to a couple of friends who are OB/GYN physicians and their patients are still terrified about losing coverage for contraception and preventive services. One physician has a patient who is trying to import black market IUD devices from Canada. Apparently they’re made by the same manufacturer that makes them for the US market, but the cost is less than 25 percent of what they go for in the States. That’s a sad commentary on the state of healthcare in the US.

After the Affordable Care Act went into effect, my personal insurance plan was still grandfathered and didn’t have to offer all the mandatory coverage. Late last year, the trustees of the plan voted to un-grandfather and began to offer coverage for things that were previously not covered.

I finally began to pursue a genetic consultation to address some lingering family history concerns. After months of waiting and submitting genograms, results of relatives’ testing, and more, I finally have my appointment with the geneticist next week. Of course, it’s going to be better to know one way or another, but I hope my decision to get tested doesn’t come back to haunt me if there are changes to the protections and coverage for people who know they are at higher risk for serious health issues. (At least I know I’m at zero risk for gallstones or cholecystitis now, so that’s a plus.)

I had a strange experience as a physician this week. I received an email in my consulting business account containing a link to access a summary of care record. It was from a hospital where I haven’t been on staff since before I bought this domain, so I’m not entirely sure how my address came to be linked up to their system. Sure enough, it was a patient discharge record.

I cross-referenced it against my patient panel from the last year I was in a traditional primary care practice and found the patient. I’m not sure if it was a computer glitch or whether she really still considers me to be her primary care physician after all this time, but it was a nice memory. I called the hospital and they weren’t terribly helpful in trying to figure out how it got routed to me as it did, but instructed me to simply discard the message.

Physician readers familiar with “The Match” will cringe at this news story. The cardiothoracic surgery program at New York-Presbyterian / Columbia University failed to submit its resident ranking list, meaning it will not be able to offer residency slots as part of the traditional Match Day next week. Columbia can still fill its program through the Supplemental Offer and Acceptance Program, which makes unfilled slots available for residents who did not match. This could be a boon for students who didn’t get a spot via the actual Match process, but it means that the program will most likely not have access to its top-ranked candidates.

I still remember my own Match Day, and not entirely fondly. Although my placement was a sure thing, I was on the edge of my seat waiting for my turn to open my envelope in front of my entire class. For some, it was a barbaric way to do things as we watched people’s dreams get crushed in between happy Matchers jumping up and down. Schools still have formal Match Day ceremonies where this continues to happen, although applicants can now skip the envelope and find out an hour later via email.

What’s your Match Day memory? Email me.

Email Dr. Jayne.

Morning Headlines 3/9/17

March 8, 2017 Headlines 1 Comment

Investor sues Soon-Shiong for alleged securities violations after STAT report

NantHealth stock is down 35 percent following a scathing STAT investigative report on questionable charitable donations. In response, a NantHealth investor files suit against the company, claiming that it artificially inflated the market price of its stock and  reserving the right to expand the complaint  into a class action suit.

Price breaks public silence on health IT policy

HHS Secretary Tom Price lays out his position on health IT in a written response to questions from Senator Bob Casey (D-PA), saying one way to improve care and reduce costs would be “for the federal government to continue to promote the growth of health information technology and electronic health records.”

Ron DePinho resigning MD Anderson Cancer Center presidency

MD Anderson Cancer Center President Ron DePinho resigns. He reflects on his time at the helm as one that brought positive change, but acknowledges that “there was a cost for that change, and I have added to that cost.” He says the organization needs a new president that will bring “a sharp operational focus on navigating the tectonic changes in healthcare delivery and economics.”

How Republican opposition to healthcare reform is taking shape

The Guardian analyzes the likelihood of passage for the American Health Care Act (AHCA), the Republican ACA repeal and replace bill.

Readers Write: Naked Cybersecurity

March 8, 2017 Readers Write 1 Comment

Naked Cybersecurity
By John Gomez

John Gomez is CEO of Sensato of Asbury Park, NJ.

Although the observations in this article are based on my direct experiences over the past four years working with healthcare organizations to secure their systems. I am sure that most of what I am going to share is wrong. I also will apologize upfront for presenting a viewpoint that I am sure is one-sided, and although I believe it to be reflective of the reality of cybersecurity in healthcare, it is probably wrong.

I also want to clarify who I hope will read this article, because it is certainly not meant for everyone. If you are of the belief that academic cybersecurity approaches, checkmark mentality, or putting your faith in things like commercial “trusted” security and privacy frameworks or national cybersecurity information sharing groups is a good idea, then this article is not for you. Reading it will be a total waste of your time.

In fact, if you think that what you have been doing in cybersecurity is right and spot on, this article will just annoy you. And yes, you guessed it, it will be a waste of your time.

On the other hand, if you stay up at night freaked out that despite your best efforts you are losing the battle against a well-armed and informed enemy, then brothers and sisters, you probably will find this article of interest. Yet I warn you — this is more about my opinion (as unqualified as that may be) than any academic, certified, highly-trusted approach you may find in the world of healthcare cybersecurity.

For those who are still reading along, let me drop (in the vernacular of our youth) a truth bomb. A truth bomb that I suspect anyone still reading will not find surprising, but is akin to that small child who once said, “But the emperor has no clothes.” The truth I share with you is that we are losing the cybersecurity war and losing badly. 

There, I said it. And yes, it is rather cathartic to be able to state that in public. Try it with me — I promise you will feel better and empowered. We are losing the cybersecurity war.

Despite our best efforts, despite the beliefs in fancy risk and security frameworks and the latest hyperbole regarding threat intelligence, advanced defenses, and the latest snake oil being peddled by cybersecurity vendors, we are losing ground by leaps and bounds.

If you ever wanted to know what it felt like to be on the receiving end of General Patton’s surge across Europe, just take a job in the world of healthcare cybersecurity. We have some great, passionate, talented people among our ranks, but regardless of how fast they are pedaling, the attacks are overrunning them and taking ground.

In 2016, per a PWC cybersecurity survey, organizations across industries increased their spending on cybersecurity by 20 percent. Yet despite deploying more frameworks, more technology, employing some cool AI stuff, expanding their staffs, and embracing the best practice of the day, we also learned that there was a 38 percent increase in cybersecurity attacks. The cost to remediate an attack rose by 23 percent over 2015.

Talk about a lousy return on investment. You increase spending by 20 percent, and yet you are finding your efforts to not even be closing the gap. In fact, on a cross-industry basis, we are seeing double-digit negative returns on cybersecurity investments.

Years ago, an experiment was conducted where a monkey threw a dart at a list of stocks. The goal was to see if random selection of stocks ended up worst or better than what was selected by professional and well-trained brokers. If I recall, the monkey’s picks fared better. Sadly, for those of us protecting healthcare organizations from attackers, we are seeing similar results. There is no — not one — strategy or best practice that will definitively prevent attackers from gaining access to your systems.

Speaking of attackers, just how painful has life become for their side of the seesaw? I mean, everyone is spending more money; cybersecurity is now a board-level issue; and per HIPAA, it is required that the CEO be intimate with the protection of patient data as it relates to security and privacy. Certainly all this increase in spending, resources, and attention must be making life so very hard for the cyberattacker.

Well, in 2016, the average cost of a highly-sophisticated exploit kit was $1,367, a 44 percent decrease over 2015. Thanks to easy and cheap access to cloud computing (I am looking at you, Microsoft and Amazon), the cost of an attack has dropped 40 percent over 2015. We now have attacker market that include RAS (ransomware as a service), EAS (espionage as a service), and DDoSasS (Distributed Denial of Service as a service). You can contract for any of these attack services from the comfort of your home recliner. We also have learned that the average length of time to successfully execute a breach is now less than 24 hours, a 72 percent decrease over 2015.

Net-net, attackers are winning and probably chilling out, sharing bottles of wine, nibbling on cheese, and laughing their butts off. Yet for those in the trenches, those who get up day to day fighting the good fight, none of this is new. I suspect that the front-line defenders know all of this, yet don’t have the data or podium to yell out, “The emperor has no clothes.”

Ultimately, I believe we all are united (vendors, defenders, management) in understanding that our current approaches are not working over the long term. I also suspect some will have counterarguments, point out that things aren’t that bad, and claim their solution is fault proof. As someone who works with attackers, I can tell you that you would be foolish to believe that your current approaches can thwart attackers. Especially if your approaches date back to 2010, are based on complicated frameworks and tools, and require you to subscribe to checkmark practices.

Here is a final statistical truth bomb that you may find entertaining. About a decade ago, we could detect an attacker in our networks within hours. Over time time-to-detection has evolved from hours to the current average of 265 days. If the attackers keep evolving, soon it will be over a year on average before we can detect an attacker despite our increased spending and advanced defense capabilities.

We can attribute this to advanced persistent threats (even though most attacks are not all that advanced), higher complexity of networks, and technology we defend as among the reasons attackers succeed. I am sure there is some truth in all those reasons, but you don’t win wars by pointing out what you are doing. You win wars by gearing up, toughening up, and figuring out how to fight better and more effectively than your enemy.

I guess the foundational question this article will pose is, is this a lost cause? Should we just wave the white flag and throw up our arms? That is one approach, but I have greater faith in all of you. You who stay awake at night wondering what else you can do to fight the good fight. You who take on your boards, push back against the egotistical physician, and fight to be heard for funding and attention — all to make it a little bit tougher for the attacker. I have tremendous faith for all of you who insist, “Not on my watch.”

I believe there is a lot we can do to turn the tide on the attackers. Right now, we are in a ground war, one that can benefit from technology, but that also requires us to really reconsider our core tactics and principles. One major piece of advice I would give you comes from Luke Cage of Marvel Comics — “…sometimes you have to throw out the science.”

A key approach that should be considered, debated, and tested is simplification. Rather than embrace the false of sense of security that complexity may bring, we should focus on tactics that rely on low-tech solutions that work consistently. You should be establishing last lines of defense that are based on securing high-value targets. It is critical that you take an attacker-centric viewpoint and truly understand attacker motivations. Much of this advice comes from my personal experiences in cybersecurity and in training special operation teams to take the fight to the enemy.

Simply stated, you need to embrace an assertive posture related to your cybersecurity. This is not 2010. It is 2017, and we are now dealing with attackers employing 2020 approaches. We have just seen the release of MedJack 3.0, which bypasses antivirus. We are seeing malware that is polymorphic. We are seeing attackers embrace analytics and machine learning. The answer is not a framework that recommends changing your password every 90 days? A signature-based system is not going to keep an attacker out of your network.

We need to stop putting our faith in those solutions and approaches that are complex and increase complexity. Regardless of the technical solution or tactic, your goal should be to embrace simplicity, reduce excuses, and eliminate barriers to security.

Want to practically eliminate phishing attacks? Invest in a solution that adds the word “External:” to the subject line of any e-mail that comes from outside your organization. You would be surprised how this little low-tech investment dramatically drops the success of phishing attacks. Want to reduce the length of time an attacker is in your network? Learn what scares them most and target their fears (if you don’t know that answer, e-mail me). Turn the tables, get practical, fight back.

Practical real-world security doesn’t require huge expense or complicated approaches. The most critical first step is to become like a child. Open your eyes and realize that the emperor which is healthcare cybersecurity is in the buff.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors




































































Gold Sponsors






















Reader Comments

  • kevin: Quite a juxtaposition to discuss physician shortages-- especially in primary care, whether or real or artifact, matters...
  • Lazlo Hollyfeld: The only other industrialized country that has seen a multi-year decline in lifespan since the start o the 20th century ...
  • Concerned Citizen: Children's minds are amazing! Like you Mr. H, I've seen SNOMED for years and never thought of spelling it backward. Th...
  • Just a Reader: Continuing the blockchain conversation that @DrM and @dysF(n) started on this comments page... I understand how block...
  • HIT Girl: I think I'm going to start applying for random C-level positions now. I won't even bother to read the job description, ...

Sponsor Quick Links