Home » News » Currently Reading:

Monday Morning Update 3/14/16

March 13, 2016 News 5 Comments

Top News


The Senate’s HELP committee passes S.1101, the Medical Electronic Data Technology Enhancement for Consumers Health Act (MEDTECH), which exempts several types of software from the FDA’s oversight as medical devices. The bill would prohibit the FDA from regulating EHRs, provider administrative systems, lifestyle apps, clinical lab testing software, and clinical decision support systems that don’t involve medical images or physiologic monitors.

Reader Comments


From Blue Cheer: “Re: the PR firm’s case study on producing the HIMSS presentation of Jonathan Bush and John Halamka. The link you posted doesn’t work.” It appears the PR company pulled down the self-congratulatory article, but you can read “HIMSS 2016: The Power of a Well-Crafted Keynote” here via Google’s cache. It seems like glossy over-preparation using expensive PR people and the Athenahealth communications team, but at least J&J must have been well prepared.


From ac360: “Re: Community Health Systems. The newly promoted SVP/CIO appears to have been fired from EMC in 2002 for falsifying sales to earn bonuses and billing EMC work from a company he himself owned and not turning the money over to EMC. CHS must not have done much of a background check.” I’ll decline to comment since I don’t know anything other than what the 2002 WSJ article says. Firing someone  – like filing a lawsuit that is later dropped — carries a minimal burden of proof and deprives interested parties of the chance to hear both sides of the story.

From Roy G. Biv: “Re: QuadraMed layoff. It was a barely double-digit RIF in R&D. Still, the company is losing customers and losing ground, so you might assume that a lower R&D priority signals a lack of aspiration to market relevance.”

From Long-Suffering Epic Director: “Re: Epic support problems. Epic 2015 is not live yet and we’re spending more time supporting it than Production. We have to drop everything because someone broke something, frequently when we loaded an urgent patch that would fix something. Frontline support wasn’t lacking in initiative 10 years ago. The people Judy and Carl have delegated to us in recent years seem more arrogant and less knowledgeable. We don’t get discussion about the problem and what can be done to fix it – we get speculation of what might be possible in a future release and a mélange of thoughts about what’s available in Model, what Kaiser does, and why can’t we be more like Model. What really sucks is that’s there is no real option. We’re dealing with a monopoly in this industry and the monopoly knows it.”

HIStalk Announcements and Requests


It’s a toss-up whether employers get their money’s worth in sending people to the HIMSS conference. New poll to your right or here: what kind of keynote speaker would you most like to see at the conference? Vote and then click the poll’s Comments link to suggest specific people or to add a category that I missed.

From another poll I ran, two-thirds of respondents say their companies didn’t make any sales in the past year as a result of exhibiting at HIMSS15. I used to cross-reference the current year’s list of exhibitors with the one from the previous conference to identity the exhibitors that didn’t think it was worth it, that went out of business, or that were acquired and no longer exist under their previous name.



Welcome to new HIStalk Platinum Sponsor TelmedIQ. The Seattle-based company offers a secure healthcare communications hub that brings together physicians, nurses, care administrators, and clinical technologies to improve patient care coordination. TelmedIQ simplifies clinician workflow through real-time messaging, quick access to contacts and groups, and the ability to set up workflows so that messages automatically go to the right person at the right time. It integrates with EHRs, on-call scheduling systems, and other systems to make clinical information available with just a swipe and a tap. Customers can replace “page and pray” pagers by turning any Android or iOS device into a secure, two-way mobile pager that can handle image files, audio, and video messages to individual users or to groups. Practices can take also advantage of a cloud-based medical answering service for after-hours coverage. The company offers a white paper on best practices for mobile secure text messaging. Thanks to TelmedIQ for supporting HIStalk.

Only 75 folks signed my petition asking HIMSS to adopt an anti-harassment policy for HIMSS17, so I’ll accept that as an endorsement of the status quo of self-policing. I’m surprised, given the significant number of attendees and poll respondents who expressed discomfort at the actions of others at HIMSS16, but I will defer to the majority.

A bunch of people have emailed me to say that their entire teams were sick after the HIMSS conference, usually complaining of sore throat, congestion, cough, and fatigue. Conferences offer the double whammy of breathing recycled airplane air and being squeezed in for a week with glad-handing strangers. It’s like putting your kid in a new daycare, where the herd carries less-defended bugs. All large conferences have this problem, although Las Vegas is probably the worst offender since attendees are forced to mingle with endless casino patrons just to get to and from conference events. There’s no solution other than washing your hands often, carrying and using hand sanitizer, and drinking a lot more water than you probably did there (especially given what the concession vendors charge for it). The “fist bump instead of a handshake” thing from the swine flu outbreak a few years ago was a good idea from a microbial standpoint, but didn’t catch on because it looks like a carefully groomed hipness affectation.

Monday is not just the usual Pi Day of March 14 (3.14) – it’s also correct to five digits at 3.14.16, although maybe that’s not as impressive as March 14, 2015 at 9:26:53.


I get a bit annoyed when I’m looking up someone’s LinkedIn profile to get a photo or previous employment for something I’m writing and they use LinkedIn’s messaging function to email me, “I saw that you looked at my profile. Can I help you?” like they caught me sitting on the hood of their car or something. If that bugs you, too, go to LinkedIn’s Manage Privacy & Settings, click the link labeled “Select what others see when you’ve viewed their profile,” and click the last option to go into complete private mode.


People are griping that Hollywood Presbyterian Medical Center was wrong to pay ransomware hackers $17,000 because that will encourage more such activity, but I disagree. It’s exactly like settling a nuisance lawsuit, which hospitals do all the time – if you can walk away unscathed for 1/100 of the cost of taking the risk that you can prove yourself right, that could be a good business decision, especially since patients were being affected. Some thoughts:

  1. The hospital’s systems had been down for more than a week, making it obvious that it couldn’t simply restore backups. Plus, the clock was ticking — ransomware usually sets a short time limit to pay up before the data is permanently destroyed and the amount increases every day until then. It’s a brilliant way to immediately monetize cyberhacking in a way that can scale infinitely.
  2. The hospital’s lack of a technical defense was moot by then – no amount of 20-20 hindsight was going to get their systems back. They had only one option. It’s like losing a storage system and then finding that your backups can’t be restored, except in this case, the backups were available, but just not for free.
  3. I doubt that the ransomware specifically targets hospitals, although I would be interested in how the software determines how much ransom to charge – maybe it’s based on the number of servers it finds on the network or something like that. No individual PC user would pay $17,000, so either the malware auto-detects the extent of infrastructure or the hacker manually steps in to determine the required toll.
  4. The hospital is also darned lucky that the anonymous hackers didn’t just take their money and walk away without restoring its systems.
  5. If the hospital didn’t completely rebuild its systems and networks, the hackers probably left themselves a back door by which to turn their one-time extortion license into a recurring revenue stream.
  6. For every public report of ransom demands being paid, at least 100 companies keep it quiet since it’s bad PR and maybe even illegal to be paying cybercriminals. The only reason the handful of high-profile examples came out was because the affected organizations had to explain to their public customers why their physical services were limited. We would never know if a hospital was hit by ransomware and simply paid up quickly and moved on, just like we don’t know how many of them routinely pay off frivolous nuisance lawsuits.
  7. Law enforcement isn’t going to be much help. They won’t be able to identify the hackers who are likely outside of US jurisdiction anyway and the amount of money demanded is too low to excite them.
  8. Cybercriminals are getting smarter in distributing their malicious email attachments and Office macros in emails that include the personal details of the recipient, often getting even cautious users to open attachments that claim to be a Fedex shipping receipt or an invoice that includes their name or address in the email body. When the payout is as high as the $17,000 that Hollywood Presbyterian paid, it is economically feasible for hackers to target specific hospital employees, Google their personal details, and email them directly with convincing emails. It’s no longer safe to assume that malware-containing emails will be laughably poorly composed with misspellings, fractured English, and obvious scam themes involving Nigerian princes or big inheritances. Ransomware could conceivably kill conventional email in which anyone who knows an email address can send anything they want to the recipient.
  9. Antivirus software vendors seem to struggle to keep up with malware variants. I was thinking that an enterprise solution might be to move all attachment-containing emails from untrusted senders (as defined by users) to a quarantine. Otherwise, once the email hits someone’s inbox, it’s probably going to be opened. A big challenge, though, is that anyone checking their personal email at work via a browser is bypassing much of the IT protective infrastructure. Ransomware can also be spread in from just visiting an infected website, perhaps leading us back to those early Internet days when IT departments used Websense or other filtering tools to block unapproved sites by default.
  10. Health systems should be huddling together right now to develop best industry practices for combatting ransomware, including ways to make sure that backups and mirrored data copies aren’t infected. We’re going to see a lot of ransomware attacks in 2016.

More members of the Greatest Musical Generation have left us, with the fifth Beatle George Martin and the amazing Keith Emerson of The Nice and Emerson, Lake, and Palmer passing away last week.

image image

Mr. Lincheck sent photos of the robotics makerspace he created in the library using the Lego Mindstorms kit we provided in funding his DonorsChoose grant request. He held a box-unpacking ceremony when it arrived, adding that the students “sqealed and oooed” with every flap that was opened and have since built several robotics items and “do not want to stop.” 


Also checking in was Ms. Norman from Utah, who is using the monitor and wall mount we provided to present students with information about graduation requirements, health screenings, and grades in multiple languages so she can “communicate to those otherwise that might have felt unappreciated or ignored.”

Last Week’s Most Interesting News

  • McKesson sells its ambulatory PM/EHR products to E-MDs.
  • Aetna lays off a significant percentage of employees working on iTriage and merges that business unit with its WellMatch business.
  • A study finds that doctors spend 785 hours per year on quality measure reporting.
  • Ambry Genetics makes the de-identified genetic data of 10,000 cancer patients available to researchers and decries the data-hoarding practices of its genetic testing competitors.
  • The VA says it is reassessing its previous decision to stick with its self-developed VistA system, saying previous IT management failed to develop a sound strategic plan.
  • A study finds that telemonitoring of discharged CHF patients didn’t reduce readmissions.


March 16 (Wednesday) noon ET. “Looking at the Big Picture for Strategic Communications at Children’s Hospital Colorado.” Sponsored by Spok. Presenters: Andrew Blackmon, CTO, Children’s Hospital Colorado; Hemant Goel, president, Spok. Children’s Hospital Colorado enhanced its care delivery by moving patient requests, critical code communications, on-call scheduling, and secure texting to a single mobile device platform. The hospital’s CTO will describe the results, the lessons learned in creating a big-picture communication strategy that improves workflows, and its plans for the future.

March 16 (Wednesday) noon ET. “The Physiology of Electronic Fetal Monitoring.” Sponsored by PeriGen. Presenter: Emily Hamilton, MDCM, SVP of clinical research, PeriGen. This webinar will review the physiology of EFM – the essentials of how the fetal heart reacts to labor. The intended audience is clinicians looking to understand the underlying principles of EFM to enhance interpretation of fetal heart rate tracings.

March 22 (Tuesday) 2:00 ET. “Six Communication Best Practices for Reducing Readmissions and Capturing TCM Revenue.” Sponsored by West Healthcare Practice. Presenters: Chuck Hayes, VP of product management, West; Fonda Narke, senior director of healthcare product integration, West Healthcare Practice. Medicare payments for Transition Care Management (TCM) can not only reduce your exposure to hospital readmission penalties and improve patient outcomes, but also provide an important source of revenue in an era of shrinking reimbursements. Attendees will learn about the impacts of readmission penalties on the bottom line, how to estimate potential TCM revenue, as well as discover strategies for balancing automated patient communications with the clinical human touch to optimize clinical, financial, and operational outcomes. Don’t be caught on the sidelines as others close gaps in their 30-day post discharge programs.

Contact Lorre about our post-HIMSS webinar sale.

Acquisitions, Funding, Business, and Stock

Cleveland’s Global Center for Health Innovation, a taxpayer-funded project intended to to boost tourism in which HIMSS is the major tenant, hires an outside firm to try to fill the 15 percent of its space that is vacant. The new plan calls for the money-losing building to be used as collaboration space between providers and vendors. The Center’s upcoming events schedule lists only two short lectures.


UnitedHealthcare launches a startup health insurance company called Harken Health, which focuses on individual coverage with unlimited, no-co-pay visits to PCPs who practice in the health centers it owns. Harken Health offers its policies on Healthcare.gov to residents of Atlanta and Chicago and plans to expand. It offers health coaching and classes and says healthcare needs fixed because “For far too long, the healthcare system has valued efficiency over empathy.” It sort of feels like McDonald’s opening a farm-to-table fine dining restaurant in a carefully crafted marketing ploy intended to steal business back from nimbler and more creative competitors, but we’ll see where it goes.

Government and Politics


Reuters names its top global innovators in government, with HHS taking fourth place overall and earning the top spot among the six US winners because of the contributions of its research arms (NIH, CDC, FDA, and the Public Health Service). The VA was #12.

Oracle sues HHS, demanding that it investigate the failed Cover Oregon insurance exchange, which Oracle sued for unpaid bills and by whom it was sued in turn for creating a flawed exchange. The company says the state’s actions are politically motivated.

Privacy and Security

Four PCs at Canada’s Ottawa Hospital are infected by what sounds like ransomware. The hospital was apparently successfully in simply reformatting the hard drives of the infected devices.

Doctors treating the Germanwings co-pilot who intentionally crashed a passenger jet in the French Alps thought he was potentially dangerous due to his long history of psychiatric illness, but decided they could get in trouble for reporting him under Germany’s strict privacy laws. Doctors in general blame their reluctance to alert authorities on lack of a formal definition of “imminent danger” and “threat to public safety.”




The folks from our nearby HIMSS conference booth neighbors Access sent over a photo of themselves temporarily kidnapping my standee for a photo op. Lorre says a lot of people dropped by our micro-booth to pose for selfies with the smoking doctor cutout, which amuses me in thinking of otherwise responsible adults beaming with their arms around cardboard.

A physician’s op-ed piece in the New York Times describes the feeling of reading the obituaries of patients who got so little of her time as a busy hospital resident, allowing her to see them as the people they were before they became patients. It made me wonder if one of the many standard intake and history forms shouldn’t ask more questions about the person filling them out – their accomplishments, aspirations, relationships, and values. The trouble would be that providers aren’t paid to read them, so they probably wouldn’t.


I’ll predict that we will hear a great deal this year about self-assessment health surveys. Consider the SF-36 health survey form, which asks people questions about their perceived level of health in covering areas such as their activity level, pain, and emotional issues. Insurers and providers need a non-encounter based early warning system for problems in patients whose health they are financially rewarded for maintaining. They could learn a great deal by asking these questions 2-4 times per year. Smartphone apps — instead of obsessing with conveniently measurable but nearly medically worthless data points such as steps walked — could administer an SF-36 type quiz at predetermined intervals to establish a baseline, then alert the user and their provider that their self-perceived health is slipping. Maybe the user automatically gets a coupon for a free Starbucks coffee or something like that for taking the time to give their provider an update. Creating such an app would be very easy, with little R&D required and no FDA issues to address. Patients know their health better than any EHR or provider, so it’s ridiculous to ignore their perceptions or to expect them to articulate them in a rushed office visit. This information would be a lot more useful than patient satisfaction surveys that end up being gripe sessions about parking lots, receptionist personality, and waiting rooms. 

Sponsor Updates

  • TierPoint hosts a March Madness event March 18 in Charlotte, NC.
  • Valence Health offers the business and technology roadmap it presented for provider-led health plan startups at the Provider-Led Health Plan Forum.
  • Verisk Health will exhibit at Employee Healthcare Conference West March 16-18 in San Diego.
  • Huron Consulting Group will exhibit and speak at the 2016 ACHE Congress on Healthcare Leadership March 14-17 in Chicago.
  • WeiserMazars CEO Victor Wahba offers advice for young professionals.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "5 comments" on this Article:

  1. Yes you are correct on the hospital breach. I live in So Cal and that’s been an interesting hospital over the years with things that have occurred there as well, but have gotten a lot better. They were lucky they did get their data base and yeah made the right decision as the time it would take for tech, a lot more expensive and what I wonder was why there seemed to be no mention of “back up”? Maybe I missed it but don’t hospitals normally back up in other states, etc. Maybe the hackers got the back up too. Even then, it’s still a lot of IT work to restore a complete back up.

    Interesting comments on HIMSS as well. I kind of predicted it would be the Battle of the Healthcare Quants with technologies on the exhibit floor and from what I have read, it seems that was kind of what was going on. In my opinion, I pretty much have come to the conclusion that Slavitt, running CMS is pretty much just functioning as a quant these days himself with models as his Goldman and McKinsey backgrounds would lend itself to focus in such a manner. You can go back to the early days when he and Senator Warren’s daughter (cronyism?) started Healthy Allies when both were employed by McKinsey and what did they create that United Healthcare bought? A company you have to pay monthly with a subscription to get discounts…and then of course things grew into the Ingenix era, more algos and more math models.

    I do look forward to a day again when HHS and CMS does something other than make everyone else miserable with more stats and quality reports, and understand we need some of course, but they keep putting more models on top of ones that are already broken and hope for a fix, and that won’t happen very soon:) In the consumer area, with an exception of a few very geeky folks, we’re out of the apps and wearables as we could care less as there’s no real privacy guaranteed and as I have said for years “people lie with computer code” especially if it means making a lot of money and frankly I don’t think I can stand to see one more number crunch risk assessment. Why even get out of bed anymore as we are all so “risk assessed” these days and insurers kind of treat risk like you have a condition. It would really be nice to lighten up the ball and chain risk assessments we all wear around our ankles today:) It’s too much and then as what’s happening, folks just tune out.

    I was also surprised to see a tone of “hurry up health IT” referenced as you can’t hurry up writing code so I guess common sense and reality went out the window and now we have the perception that all Health IT coding and money is just a cinch…wrong of course:) I used to call that perception “The Sebelius Syndrome” and now it looks like it returned due to the complexities out there today.

  2. RE: Ransomware

    In my job I interact with IT folks in hospitals small and large throughout the country. There’s a stunning amount of apathy out there regarding this specific threat. A lot of “backups” that haven’t been tested in two years and reliance on the protection of security vendors who, as you said, can’t keep up with the number of unique threat signatures popping up every day. I know of at least two other facilities who were hit and paid in the last 12 months. Even with 15 minute RPO, you’re still losing data if you restore. Guess we’ll add “Eastern European Cybercriminal Syndicates” to the list of contributors to the rising cost of US Healthcare.

  3. Epic–Nothing special about its code, software or DB. There’s no reason to believe that it wouldnt succumb to the same support and customer services gaps that its predecessors experienced. FLPoggio and others that have been doing this for awhile have seen this script over and over.

    At least Epic has milked CFOs for as much cash as they could before the cat was out of the bag. Mayo seems to be the most recent sucker.

  4. Valence Health has laid off 70+ employees across the board, said “healthcare industry is not doing well”. Haha.. they are a fortune 500 company and recently locked in a billion dollar contract witch is the largest company todate. So sad how cold they are to let employees go to “reorganizing”.

Text Ads

Recent Comments

  1. Looks like the House rep for Spokane and one of the Senators from Washington State are engaged: https://mcmorris.house.gov/posts/mcmorris-rodgers-blasts-va-cerner-for-patient-harm-at-spokane-va https://www.murray.senate.gov/murray-mcmorris-rodgers-secure-va-commitment-to-hold-town-halls-for-veterans-in-eastern-washington/ That…

  2. The thing I'm focusing on are the department(s) these have hit: Marketing & Customer Experience. The database community has believed…

  3. How Cerner fumbles VA and rolls out at DHA without issue, and Congress to my knowledge doesn't as why, so…

  4. Yikes. Oracle/Cerner just can't get the break on this one. Mr. H, could you please run a poll on how…

  5. That BH ER experience matches mine even years before the pandemic - went in with a suicidal friend, and they…


Founding Sponsors


Platinum Sponsors






















































Gold Sponsors