Home » News » Currently Reading:

Monday Morning Update 12/10/07

December 9, 2007 News 9 Comments

From Datamus: “Re: selling patient data. it is incredibly important to distinguish the use of properly de-identified data from identifiable data. Having worked to improve patient safety and quality, properly de-identified data for benchmarking and analysis is essential to study practice and improve performance. If we categorize the use of patient data without making this distinction, we risk a crucial tool in work to make care better, safer and more efficient. That said, if anyone is selling IDENTIFIABLE patient data without proper authorization from the patient, they should go to jail.” It would be interesting to see how de-identification works, given that it’s not a set of hard and fast rules (as I understand it, anyway). Example: a rare diagnosis in conjunction with ZIP code might make a patient identifiable, so that’s PHI even though those data fields usually aren’t. Same for an unusual treatments, lab tests, etc.

From Dan Devine: “Re: selling patient data. In 1994, when I signed a contract with [vendor] for their remote hosting option, they had language in their contract about taking de-identified data for studies and analysis. I added verbiage that required them to inform me and get my consent before doing so. I was never asked. That’s no guarantee that they didn’t, of course, but I never actually heard of a case where they had pooled data for anyone to study. Second, the state hospital association signed a deal with [vendor] a few years back which required state hospitals to install [vendor’s product] and then report ER data to them, which would then be utilized by the state for various biosurveillance reasons. However, the contract gave the vendor the right to sell or otherwise use for their own purposes all of the data collected. The CIOs were very upset with this, but the CEOs who make up the hospital association didn’t really think through it and signed the agreements. So, it was really the state hospital association that gave our data away. Many CIOs attempted to rewrite the contracts. Some may have been successful. Others I know were not. I can’t tell you that [vendor] ever sold or used the data, but they had the right to, unfortunately. But, it would have been de-identified, so that’s something.”

From Ms. Bankhead: “Re: selling patient data. I negotiated a contract with [vendor]. There was a clause in the contract that said that they had the right to obtain de-identified information and basically sell it. I have the contract with the terminology.”

From Rogue: “Re: selling patient data. God help any vendor proven to be doing that. It would be national news instantaneously (and thrusting Mr HIStalk into the national spotlight). Come to think of it – to heck with national outrage. I’ll strangle them myself. But maybe I should wait until AFTER I get them to speak in Orlando and try to justify such abhorent behavior. Hope it isn’t true.” We’re branching into two different answers to that question, it appears. So far, no one has said that vendors are selling identifiable patient data. But, it appears that the door is open for selling de-identified data. Theoretically, that isn’t a patient privacy risk specifically, but it does mean hospitals may not be aware of the practice and certainly aren’t being compensated. Contract terms either don’t specifically prohibit it or, in some cases, explicitly permit it.

  • One HIT vendor that runs a clearinghouse is actively selling de-identified data, a reliable source tells me.
  • Here’s a link (warning: PowerPoint) describing a GE program that uses client-provided, de-identified data for quality improvement work. I e-mailed the presentation’s author, Mike Lieberman MD, and received no reply.
  • I also e-mailed Paul Tang MD of Palo Alto Medical Foundation since he had made it clear he knows of vendors that sell data, but I didn’t get a reply from him either.
  • A former vendor sales exec shared this: “[Vendor] has it in every contract. It’s boilerplate stuff. At least several years ago, we would remove it if the client insisted, but in internal contract classes, we were told to really try to keep it in. The pitch was that it would really help the client because they would have access to the aggregate information collected (but of course they would be paying a fee to see the results of their own data).”
  • I found this clause in a vendor contract: “Nothwithstanding the provisions of this Section 8, [vendor] and its subcontractors may disclose non-personally identifiable information provided that the disclosed information does not include a key or other mechanism that would enable the information to be re-identified.”

So, are vendors selling hospital data? Yes, so it appears. Some definitely reserve that right in contractual small print. Properly de-identified? Hopefully. If you’re signing a contact, I recommend not only looking for clauses that allow data selling, but insist on inserting one that prohibits it (or at least mandates disclosure to you case by case). Not just PHI or confidential information … anything. Why shouldn’t you know? It’s your data (or more precisely, your patients’ data).

From Lurker: “Re: patient data. Not exactly selling of patient data, but [vendor] regularly used their customer’s data in their demo system. Things came to a head some years back when they hosted many major customers at their new site for demos and training. In showing a patient, one of the customers in the audience recognized the data as their own. Not from the name, which had been changed, but from the date of birth and clinical details. Needless to say, the solids hit the fan.”

From Warren Treesmiter: “Re: Azyxxi. Is Azyxxi for real? I’m trying to send them a substantial RFP. Nice website, but devoid of any contact info. I sent the RFP to a few ‘health**@microsoft.com’ type of addresses, but no response.”

From Jonny Yokel: “Re: Philips/Emergin. I could not agree more with Art’s comments. He should, however, include HCTSi on his list. They are clearly a thought leader in the field. Just ask any of the Epic, Cerner, McKesson, Eclipsys, etc, sites that are talking with them.”

From Billy Joe Mantooth: “Re: Kaiser CTO. Remember Dave Watson, Kaiser Permanente’s last CTO? He was second fiddle to CIO Cliff Dodd and left very quietly during interim CIO Bruce Turkstra’s brief tenure. He’s joining MedeFinance. Any bets on when or where Cliff or Bruce will resurface?” Link.

The author of Dalai’s PACS Blog finds himself in hot water. He’s a radiologist who writes about PACS/RIS products, honestly and therefore not always positively. Someone from a big vendor supposedly complained about his criticism to the business manager of a clinic that uses Dalai’s radiology group. The BM told Dalai (via one of his partners) to pull those posts and if he didn’t like their equipment, maybe he shouldn’t be reading there. He did so (“a kinder, gentler blog”) but the vendor is taking intense heat from sympathetic radiologists who vow to boycott them on an Aunt Minnie discussion (registration required).

Parkland Memorial Hospital (TX) gets a restraining order against Document Management Systems, a paper medical records company that lost its contract with Parkland last summer. Parkland says the company demanded $2 million to keep its 3 million records organized until the contract expires in February. The company says that’s the cost of the software it developed for handling Parkland’s records.

Optio’s Q3 numbers: revenue down 10%, EPS -$0.01 vs. $0.05.

Convergence CT, a Hawaii software vendor, signs a deal to make its software available in Japan. Its data warehouse product identifies patients for clinical trials from provider data.

The government of Nigeria blacklists Siemens following bribery allegations.

An HIM employee of Rice Memorial Hospital (MN) has died of injuries received in a filing system accident.

Idiotic hospital lawsuit: an anesthesiologist facing 122 counts of medical malpractice files suit against a hospital, its parent company, and 17 individuals, demanding payments he says he earned before his privileges were suspended. His earlier suit was dismissed. A peer reviewer called him “a snake-oil salesman” and “criminal.” He’s asking for $531 million. His attorney is a physician-attorney who lost his own medical privileges for providing substandard care.

E-mail me.

Inga’s Update

As expected, no one sent me a note saying they agreed it was time to legislate electronic Rx!

Dr. M posted some thoughtful comments that suggested doctors would start using IT tools when the tools made their lives easier.

BigNurse said, “The only problem with mandating eRx is that it can be incredibly cumbersome and inefficient. I visited a major eRx company’s reference site and found 1) totally redundant paper and electronic processes running concurrently, 2) significant technical problems that had resulted in end user non-adoption, and 3) on the staff side, little understanding of system functionality and no system “ownership”. Further, there was no evidence that the eRx system had improved anything, in fact, after 2 years of use, their productivity was still hurting. Again, I wish eRx were the answer, but without improvements in implementation, I’m afraid it’s not.”

So, will the tools ever be efficient enough? I remember my first job where I had to start using a PC instead of a typewriter (ok, I am not 25.) I remember thinking how much more time it took to boot up the computer and save and print, etc. I would have been able to type the same thing on the typewriter in half the time. Did word processors and computers get better or did I just get used to the new technology? Or both? Was the turning point when I realized that if I found a typo I could correct it on the PC much easier than with White-out and retyping? I certainly don’t have the answer here and am not a clinician, but, I do believe that at some point the resistors will need to just jump in the water.

Apologies to the Indiana Medical Society and athenaHealth. A reader was gracious enough to inform me that my statement that the organization has over 840 member doctors was “correct” although they actually have a total of 8,400. I love being correct, though I guess correct is different than perfect. Hope none of those Hoosier docs feel slighted.

Dr. Blake also refrained from telling me I was wrong when quoting the Denver papers about Gregory Burfitt’s “resignation.” However, the official Centura press release actually said the board “terminated its contract” with Burfitt. The real version definitely sounds more scandalous.

A reader forwarded me a link to a new blog by TX Health Resource CIO Ed Marx (I liked Ed’s first post to CIO Unplugged, especially since he mentions his first job in healthcare started at 16 as a “sanitation engineer” in a medical clinic). My first job at an amusement park was equally glamorous and similar in function (though will a less lofty “sanitation engineer” title.) I thus see Ed as some sort of new soulmate, not to mention I enjoyed interviewing him about Soarian when he was leaving University Hospital in Cleveland.

E-mail Inga.

Lazlo Hollyfield on Revolution Health

I was surprised about the big deal that was made of Revolution Health’s two recent acquisitions. The feedback was “this was a savvy strategic move to add on to their existing services.” I beg to differ.

I don’t know if Revolution Health is pouring gasoline on Steve Case’s money, but I bet their cash burn rate is bleak. I see a company that is still pretty much a jumbled mess that is struggling to figure out what will make money, i.e. Healtheon, circa 2001.

They laid off a bunch of people recently (25% of your staff is nothing to blow off) and sold ConnectYourCare to ExpressScripts in October to raise cash and get rid of an asset that wasn’t getting enough traction in sales to banks, health plans, and employers due to the slow growth of the CDHP market.

As for their other businesses, I don’t see one area where they are excelling or making enough revenue. Extend Health isn’t getting enough customers and Revolution doesn’t pose any serious threat to eHealthInsurance in the individual health policy market. Revolution throught it would be so easily to sell individual health policies, but they were dead wrong. You really need to know the broker market well and be prepared to deal with all of the underwriting issues and myriad of regulations in 50 states.

As for CarePages and the most recent acquisitions, Google has actually gained market share in health search recently despite the emergence of a number of vertical health search engine companies and forays by IT companies like Microsoft and a few large media companies. Google is like a 50,000 degree sun right now in search. Companies in this space will either find some shade by focusing on a niche (e.g., Healthline’s recent attempts to focus on providing data to Medicare patients on benefits), become a small part of a bigger arm (e.g., Medstory as part of Microsoft’s overall health IT play), or wither and die. Maybe Revolution is counting on driving page views through user-generated content sites like CarePages, but that seems like a tough play too.

RediClinics is making some good headway as one of the leaders among retail clinics. But, even with the low startup costs, most retail clinics just don’t generate a ton of revenue. Most patients aren’t willing to pay $50-$60 OOP for a visit to a retail health clinic when they might only have a $10 or $20 copay in comparison to a visit with their doctor. Most retail health clinics have realized this and now have begun to accept the normal insurance carriers. The real kicker, though, is the diagnosis and treatment codes used to bill for retail health clinics are pretty low hanging fruit. Overall,it doesn’t just add up to a ton of dollars and basically is taking longer than expected to break even on retail health clinics. Optimistic break-even point right now is 18 months and in some cases much longer (say 27-36 months). Not the kind of revenue numbers you want if this is a core area of your business.

Basically I don’t see Revolution Health’s situation improving much in the near-term unless they really concentrate on one or two areas enough to challenge their principal competition in those spaces.

HIStalk Featured Sponsors


Currently there are "9 comments" on this Article:

  1. Re: Jonny Yokel’s comments re: HCTSi (thank-you) – they use Capsule Technologie and are a professional services firm offering middleware for integration. The companies I referenced as ones to watch for subsequent vendor moves offer products that capture information from medical or other equipment.

  2. It seems like someone is generalizing. ePrescribing is not inherently inefficient. Our clinics “write” all prescriptions electronically and manage the medication list online. We are much more efficient (and safer) than when we did these through notes or dictation. I am sure that everyone’s mileage will vary based upon a number of factors like software usability/reliability and smartness of their process design.

  3. Mantooth is wrong. Watson left after Phil the Outsourcer came on board and Dodd is looking at far bigger things than working for Watson. The Epic Hero isn’t likely to reservice anytime soon. KP has gone nuts. More VPs are leaving but on the worker bee side a lot of the staff let go have been brought back after mega-protests from the business clients.

  4. C’mon kids. Deb Peel is missing the point. IMS has been buying de0identified data from every pharmacy in America for decades. (Patient de-identified that is, not physician de-idenitified!!)’

    More to the point their Pharmetrics business (before they bought it) got its data from contracts with managed care orgs from the old Symmetry diagnosis grouping product (at least I think that[‘s what it was).

    Every PBM and health plan has sold de-identified data to pharma companies for years.

    This was all de-identified data and nothing wrong with selling that.

    If hospitals and IT vendors are deliberately selling identified data is a HIPPA violation of the highest order. Anyone crazy enough to do that is looking at a long time in the slammer. Why take the risk?

  5. Following up on Art’s response to Jonny Yokel re: HCTSi . . .HCTSi seems to have moved beyond services and has actually manufactured software and hardware to compete with Capsule. But I wouldn’t add them to anyone’s acquisition list just yet either. They’re newcomers still working with their alpha customer(s?). No library of device dll’s to implement. No reference customers to testify of their success just yet, apart from Clarian, but that was using Capsule’s product and HCTSi’s services. That’s not to say they won’t be on the radar screen in 5 years, but Capsule’s association as the built-in solution for Epic and Eclipsys device data gives them quite a head-start.

  6. I look at this from a patient’s perspective. While I absolutely want my individual privacy protected, I also want hospitals and providers to study and improve their care. I want them to know whether their MRSA rates are rising or falling and why. I want them to understand which doctors have unusually high mortality rates. All of this requires the pooling of my data with others. Like anything else, this is a risk. As someone commented – how do we know de-identification is certain.

    But the question is, am I more concerned about getting a preventable complication or about the use of my de-identified data for quality improvement or even for analysis by pharma companies? Personally, I am much more concerned about the risks of getting an infection than I am about some pharma company getting my de-identified data, spending money and time trying to re-identify it and then sending me a post card to encourage me to buy more of whatever they sell. And while I am fairly certain this is not happening, I would still take the risk over dying of a hospital acquired infection or a medication error or whatever.

    I wish we could all live a life without risk, but the world doesn’t work that way. The question is, are we being sensible about the risks that are out there.

  7. Art Vandelay Correction – Actually HCTSi has two distinct business units, the professional services you rightly named but also products they sell to the health provider market which includes iSirona, a complete point of care data capture solution, http://www.isirona.com. They compete with Capsule Technologies rather than resell their product.

Text Ads

Recent Comments

  1. You note that, "What they need is the same level of sick leave time that many other workers in the…

  2. Re: AR outsourcing at Epic - Getting billing under control after an implementation was always one of the pain points,…

  3. Wow, your Zoom/Teams/Skype skills must be better than mine! "She noted that she thinks relationships are deeper because there has…

  4. The Ars article is all opinion and fluff, yet curiously you do not indict any of the specific content of…


Founding Sponsors


Platinum Sponsors





















































Gold Sponsors










Sponsor Quick Links