Home » News » Currently Reading:

News 3/30/16

March 29, 2016 News 15 Comments

Top News


Ten-hospital MedStar Health, the largest health system in the Baltimore-Washington corridor, shuts down its electronic systems and turns away elective patients and after what appears to be a ransomware attack that began Monday morning. The systems remain down. The FBI is investigating.


Despite MedStar’s assertion that it is unaware of any demands for ransom, some of its employees reported seeing a pop-up window demanding payment in bitcoin.


Senate HELP Committee Chair Lamar Alexander (R-TN) says the MedStar attack proves that HHS should quickly implement requirements from the Cybersecurity Information Sharing Act of 2015, which calls for HHS to:

  • Appoint a cybersecurity leader.
  • Create a healthcare cyberthreat report.
  • Create a task for to submit recommendations and to disseminate federal cyberintelligence threat information.
  • Publish voluntary best practices.

Reader Comments

From MD Prof: “Re: NY e-prescribing. You mentioned an exemption for patient-requested paper prescriptions. Can you provide a link to the regs?” I had run across a source that said patients can request paper prescriptions, but upon reviewing the regulations and the stated exceptions, I don’t see such language, so I don’t believe patients have that option after all. Patients and prescribers could see some problems:

  • Patients may want to price-shop multiple pharmacies and can’t without having a paper prescription.
  • They might not have a particular pharmacy in mind at that moment.
  • They may want to send some prescriptions to one pharmacy and others to a different one to save money and new electronic prescribers may struggle with how to do that.
  • If the requested pharmacy doesn’t have the medication in stock, the prescriber will have to issue a new electronic prescription to a different pharmacy.
  • Patients might choose a pharmacy that is closed for a holiday or for normal hours of operation.

All of these are especially problematic for ED physician prescribers, who would be hard to reach if prescription changes are needed. I’m also not clear of pharmacies can still transfer prescriptions among themselves, which I assume they can once it has been created electronically. MD Prof also notes that it’s a pain for doctors to perform the required manual patient lookup on the I-Stop website to identify possible doctor shoppers and suggests further integration of that database with prescribing systems.

From Circular Logic: “Re: site. I wasn’t able to get on for part of Monday.” Me neither, at least for a few minutes mid-morning. It was really busy yesterday for some reason, with more daily page views than even during the HIMSS conference. In fact, it was the busiest day since July 30, 2015 when the DoD contract winner was announced and when I decided I needed to upgrade to a bigger dedicated server. Maybe it’s time again.


From C. Cortez: “Re: rumors. I hope you don’t listen to the comments of people complaining about running industry rumors. Those rumors are usually correct.” My survey shows that only 1.3 percent of readers don’t enjoy reading rumors on HIStalk, which is not really surprising given that I’ve been running them since 2003 and therefore the audience is somewhat self-selecting. What I’ve learned in that 13 years is that nearly everybody loves reading well-placed “rumors” until they hit too close to home, at which time the indignant commenter suddenly proclaims them to be “gossip.” Many big stories have been broken here from reader rumors, while the rest are still entertaining.

From Sue Veed: “Re: interoperability. Judy Faulkner is still describing technical problems and calls for national standards. The problem is now 40 years old with no resolution in sight. The banking industry adopted MICR check standards in no time and healthcare is still dithering. Why?” I heard a keynote years ago by Dee Hock, a local banker who almost single-handedly created what was then BankAmericard (now the Visa credit card system after which competitors are modeled). He explained that it was tough to convince banks (which were local and regional rather than national back then) that it was in their best interest to work together in a decentralized way to create a nationally available electronic credit card network for their shared customers, which he later described as the prototype for “chaordic” organizations that “blend competition and cooperation to address critical societal issues.” Healthcare IT is stuck in the mid-1960s with no heir apparent to Dee Hock available to convince providers and IT vendors that everybody wins (especially the customer) if they share information.

HIStalk Announcements and Requests

image image

We provided Mrs. Openlander from Missouri with several sets of math and reading flash cards for her K-5 school in funding her DonorsChoose grant request. The cards are placed in high-traffic areas so that hallway waiting downtime can be used for extra instruction.

image image

Also checking in is Ms. Wilson from Virginia, who passes along to HIStalk readers that the five human anatomy models we provided are being used for class demonstrations and “center time,” where the teachers have created add-on learning exercises such as an interactive anatomy whiteboard game. She concludes, “Our students have grown so much in the short time we have had the new materials. I cannot tell you how good it makes us feel to watch them interacting and striving to learn in ways that before you gift we never thought possible … your gift has changed the lives of our students and us forever.”

A quote I can’t get out of my head: “There’s no such thing as a cloud. It’s just someone else’s server.”

Listening: Built to Spill, Boise-based indie rockers who start a small-hall tour in late May as they approach 25 years of bandom. Also, new Italy-based symphonic metal from Rhapsody of Fire.


March 30 (Wednesday) 1:00 ET. “Coastal Connect Health Information Exchange: Igniting the Power of Events-based Notifications Webinar.” Sponsored by Medicity. Presenters: Cory Bovair, application specialist. CCHIE; Andy Biviano, director of product management, Medicity. Wilmington, NC-based CCHIE, which covers 800 physicians and 1.4 million patients, implemented Medicity Notify for real-time clinical event notifications to help reduce ED utilization, improve care quality, and enhance patient satisfaction. In the first 30 days, physicians and care managers received more than 3,000 admission and discharge notifications.

April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock


Dell will sell its IT services business, the former Perot Systems, for $3.05 billion to Japan’s NTT Data to help pay for Dell’s planned $60 billion takeover of data storage vendor EMC. Dell bought Perot Systems for $3.9 billion in 2009. NTT Data, a subsidiary of Japan’s national telephone company, acquired IT systems and services vendor Keane for $1.2 billion in 2010, giving it the Optimum hospital product suite.


Alphabet’s (Google) Verily Life Sciences is losing top executives and its governmental connections with FDA and HHS due to the abrasive management style of CEO Andrew Conrad, STAT reports. The company has apparently abandoned its project for connecting medical devices to the cloud, with all of its team members departing the organization. Also gone is the co-founder of the project to develop a glucose-monitoring contact lens. A biotech consultant who previously worked for a research institute Conrad founded describes him as, “We used to joke and call him the seagull of science. He used to fly in, squawk, crap over everything, and fly away. You couldn’t engage him for more than 10 minutes. It was sort of the overpromise, under-deliver.”


The Department of Defense issues a $77 million, one-year contract extension to Philips for “patient monitoring systems, subsystems, accessories, consumables, spare/repair parts, and training.”

Announcements and Implementations


Boston Children’s Hospital (MA) launches Feverprints, an iPhone app powered by Apple ResearchKit that will use crowdsourcing to explore normal temperature variation and evaluate the effectiveness of fever medications.


Carolinas HealthCare (NC) will implement Epic at Southeastern Health (NC) via a shared services agreement. I believe Southeastern runs McKesson Horizon for inpatient and eClinicalWorks for ambulatory.

AARP Health Innovation@50 announces the ten finalists for its April 27 pitch event:

  1. Cake (end of life planning)
  2. Medvizor (patient instructions)
  3. Penrose Senior Care Auditors (senior check-up app)
  4. PicnicHealth (personal health record)
  5. Savor Health (nutrition)
  6. SeniorHabitat (senior care facility selection)
  7. SensaRx (wandering sensor)
  8. SingFit (music as medicine – video above)
  9. UnaliWear (fall detection and medication reminder watch)
  10. Well Beyond Care (non-medical assistant finder)

Privacy and Security

A new ransomware variant called PowerWare is discovered to be targeting healthcare specifically in spreading itself via macros embedded in Microsoft Word documents posing as email-attached invoices. It’s smarter than similar types of ransomware, invoking the “fileless” native automation tool Windows PowerShell to download a script and then encrypt the PC’s files. This would be another great reason to demote users who have Administrator privileges or who can run programs with elevated permissions.



Peer60 releases “Trends in Revenue Cycle Management.” Some of its findings: (a) cost is the top criterion for selecting a RCM vendor; (b) collections is the most-outsourced provider service; and (c) the most-unmet RCM needs are denials management, contract management, and value-based reimbursement.


A 60-patient study finds that the fingerstick blood tests previously offered directly to Arizona consumers by Theranos give results that vary significantly from results obtained from venipuncture samples that were sent to Quest and LabQuest.


Banner Health (AZ) will complete by fall of 2017 the replacement of Epic by Cerner at the two Tucson hospitals formerly owned by University of Arizona Health Network, which it acquired in 2015. Banner says the switch will provide “significant savings” to the hospitals, which spent an unbudgeted $32 million and a total of $115 million on their 2013 Epic project, causing a $29 million fiscal year loss that was followed by the sale of UAHN to Banner.  

Sponsor Updates

  • Aprima will exhibit at the Texas MGMA Annual Meeting March 30-April 1 in Dallas.
  • The Baltimore Business Journal lists Audacious Inquiry as one of the five largest software developers in the Baltimore area.
  • Catalyze publishes a new e-book, “Innovation Doesn’t Follow Rules.”
  • Besler Consulting will exhibit at the HFMA Hudson Valley Annual Institute 2016 April 7 in Tarrytown, NY.
  • Burwood Group Justin Flynn will present at the Palo Alto Networks Ignite 2016 Conference April 4 in Las Vegas.
  • Carevive Systems shares its latest presentation, Survivorship Care and Care Plans: Transforming Challenges into Opportunities.
  • Direct Consulting Associates sponsors the HonorHealth Charity Golf Classic in support of the HonorHealth Military Partnership.
  • Divurgent will exhibit at the AEHIS/CHIME Cyber Security Lead Forum April 4 in San Francisco.
  • EClinicalWorks will exhibit at the 2016 Health Care Symposium April 1 in Costa Mesa, CA.
  • Healthwise will present at the Society of Behavioral Medicine meeting March 30-April 2 in Washington, DC.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.


View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there are "15 comments" on this Article:

  1. PowerWare is manifesting itself all over the place. Being reported across a number of verticals and industries. Apparently being distributed via compromised personal email lists in some cases. Some DOD domains now stripping out all attachments and URLs.

  2. If you like “There’s no such thing as a cloud. It’s just someone else’s server.”, you’ll love this quip I plucked from Twitter a few days ago:

    “There’s no such thing as the Internet of Things. It’s just other peoples’ computers inside your house.”

  3. Ransomware, and the BS just keeps coming! Biggest road blocks to implementing a secure Information System Environment at the multi Hospital, Clinic system I retired from two years ago was from Senior Management, Care Providers and Vendors, primarily Doctors. Doctors demanded mostly unrestricted external access to thumb drives and other removable media along with external internet with no restrictions. Senior Management refused to fund systems that blocks unauthorized external access, including email, and refused to require Care Providers to agree to following safe practices!

    As much as I have a problem with Class Action Lawyers maybe it is time for a lawsuit.

    For the joke of the day!
    Senate HELP Committee Chair Lamar Alexander (R-TN) says the MedStar attack proves that HHS should quickly implement requirements from the Cybersecurity Information Sharing Act of 2015, which calls for HHS to:

  4. Just noticed the ‘A 60-patient study finds that the fingerstick blood tests previously offered directly to Arizona consumers by Theranos give results that vary significantly from results obtained from venipuncture samples that were sent to Quest and LabQuest.

    I have not been to Theranos for a couple of getting more extensive tests done at Quest and INR at PCP vi fingerstick. Every 30 days. Well the INR has not worked out so well as for the first time in over 3 years of INR management I jumped from the 2 – 3 range to almost 8 after have multiple increases to what looked like readings below 2! I have had 4 INR’s over 14 days at PCP, last two at my instance. The last one I demanded after PCP said I should not need another for 2 weeks show INR headed backup above 3. Yet another dosing change come back in 2 weeks. Over the next 2 weeks I will get INR done every 3 days at Theranos. Should be interesting, will let you know. Never had this problem using Theranos for INR for several months.

    Who did the study?

    FYI – Like my PCP, have never trusted INS fingersticks!

  5. While I like everything @ HIStalk I find DonorsChoose to be the highlight and most positive. I will hold my rant about lack of educational funding!

  6. And here’s another reason why a patient may want a hard copy of his script:
    He wants to gets his meds from Canada and save a bunch of money, not just for him, but for his insurance. I have a high deduct plan and I have been doing this for years.
    I was taking a med that six yrs ago that cost .50 a pill, now it costs almost $10/pill. I get it from Canada for about .90/ea

    Glad I am not living in NY.

  7. From the following article. I have never had a finger stick test for any thing at Theranos. Did not think they had even been offering them the last few months. Everything has been standard blood draw and pee in the cup!

    Test results from Theranos’ finger-prick technology were flagged by Theranos as abnormal 1.6 times more often than those from LabCorp or Quest.


    FYI – I am not a Theranos advocate, just like the model that most likely will not survive.

  8. RE: Sue Veed: interoperability and Credit Card comparison

    If the EHRs and the hospital networks had a shared revenue model which incented interoperability then it is more likely that the problem would work itself out in the public interest.

    Relevant to Sue’s comparison to the development of standards by local and regional banks which was necessary for the development of credit card networks, the largest credit card issuers, which take the majority of the margin from credit card transactions, are the largest banks.

  9. Sure. Let HHS regulate that people will just not open messages and files from unknown sources. Does anyone else have the same kind of reaction?

  10. Re: Dee Hock

    I read a biography about a foundational character in the early credit card days. Not sure it was Dee Hock but that name sounds familiar so I’ll go with that.

    It turns out that Dee was both a visionary and savvy political operator. For many of his initiatives he met with resistance from his bank executives. So what he would do is threaten to resign. They needed him and knew it so he’d get his way. This apparently went on for years and years!

    Eventually though the industry matured. One day this same situation developed and Dee offered to resign. This time the resignation was accepted and Dee was out.

    Sad to say, but Health data interchange standards might have advanced farther with such a character in place. Except obtaining the necessary leverage to make progress has been a problem. Until recently neither the carrot nor the stick approach has been enough.

  11. Ransomware: I hate the thought of paying these creeps, they will never stop.

    What if there could be a shift in how we treat patients and hacking hospitals then became inconsequential?

  12. RE: Sue Veed: interoperability

    First – did we, as a(n American) people, ever identify what exactly we mean by “interoperability”? Do we mean the sharing of simple patient demographics, lab results, coding information, and claim forms? Because those standards exist and are used widely today. No serious IT company, EHR vendor, or health-related start-up could expect to be successful today or in the future if its product didn’t integrate along specific, accepted guidelines (like ANSI) or with specific systems (like Epic or Cerner). So, if that’s assumed by all, then we’re talking about a world in which we can pass over extremely rich patient detail: 3-D diagnostic images; every H&P, Periop report, clinic visit note, clinical impression, etc. a patient has ever had recorded in a given IT system; highly sensitive behavioral health information;…the list goes on and on. Being able to pass information that is that complex between systems is unrealistic. It requires either one private player dictating standards to the industry and all other players falling in line, or it requires the government dictating the standards (either situation seems to pave the way for a single-payer system…) Can you think of any other industry with IT standards that pertain to data that is as rich as is patient-centered healthcare data? I think not. Which leads me to…

    Second – I hate the comparison to the banking industry’s standards. The complexity of the data cannot be compared to healthcare’s. I see banking as covering roughly 1/3 of what healthcare IT covers, if you compare banking to healthcare’s claims and revenue cycle industry standards, like 837’s. Then, think, as a day-to-day consumer, of how terrible your IT interactions are with the banking industry: an ATM machine can print you a basic receipt; you can check your balances and holdings online; you can get a still-vague credit report from various online vendors and start-ups. Big whoop.

    Healthcare interoperability isn’t something you just throw around and argue about (especially in Congress). I think it requires us to address the actual issue of US healthcare: are we going to join the rest of the world and become a single-payer system to truly manage the health of our population, or are we going to continue to run on the (perhaps perfectly-fine if not for Medicare’s interference…?) capitalist market? I don’t know that there is a clear answer, but that’s the question for sure, whether or not anyone wants to actually ask it.

  13. I agree with The World Today. Banking industry (at least consumer facing part of it) is nowhere close to the Healthcare industry in complexity.

    Can you really go to a bank that you have never done business with and ask them to pull up all of your previous banking records from all different banks that you have done business with in last 20 years? Will the same bank to provide you a loan (same day of course – just like what you would expect service in an emergency room)?

    ATM withdrawals are more like getting your prescription filled in any pharmacy (and the prescription filling is harder as someone else may need to pick up the partial cost of that, we need to make sure that the insurance company is ready to tdo that, also confirm that the prescription won’t harm you as well as you are not filling a lot of false prescriptions – and many more checks).

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors



























































Gold Sponsors
















Reader Comments

  • Veteran: #fakenews...
  • Vaporware?: Secretary Shulkin: "the American healthcare system hasn’t yet figured out interoperability, but the VA can lead the wa...
  • Justa CIO: The reported go live date for McLaren Oakland is wrong. There are no dates set for activations for any locations. Post...
  • Brian Too: I admit I am partial to the quoted ICD-10-CM of "S07.9XXA Crushing injury of head, part unspecified, initial encounter....
  • Cosmos: As others in the comments section have pointed out before, GE's EMR for athletes is ironically a health record for the h...
  • HIT MD: I appreciate the thoughtful postings on this topic, particularly those by Ross Martin and LMNOP. I've never participate...
  • My Two Cents: Re: I wish we could all just get along and put the patient at the center of what we do. Yep, I get more and more disc...
  • bbc: Did you take the Hippocratic Oath in Med school? does the slightest thought of helping your patients concern you at all...
  • My Two Cents: I have a few concerns about the article Mr. Crane wrote on Drug Pricing Transparency and respectfully disagree and quest...
  • Brian Too: Aha! That makes more sense now. Thank you for clarifying....

Sponsor Quick Links