An IBM security report finds that healthcare is the #5 most-hacked industry sector, with just 29 percent of the incidents involving outsiders.
“Inadvertent actors” — such as employees who fall for phishing or malware scams — made up nearly half the total number of incidents, while malicious insiders were behind just about as many attacks as external hackers.
Many successful healthcare attacks involved smaller organizations, resulting in an 88 percent drop in exposed records in 2016 vs. 2015.
The report estimates that criminals made $1 billion from ransomware in 2016 and that 44 percent of spam email contains malicious attachments, most of it ransomware.
IBM warns that the success of hackers has driven down the black market value of structured data, adding that “unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”
From Jake Serpent: “Re: ransomware. The FBI is investigating a case where PCP’s clearinghouse account was hacked and $86,000 in insurance payments were routed to other bank accounts. Interestingly, the FBI advised them not to disclose to their EHR/PM vendor’s IT support that they had been hacked until they had learned more. This is a new hole in the cash flow for thieves to exploit.” Unverified.
From Jigger: “Re: NantHealth. Allscripts invested $200 million in the company in mid-2015 before the NH IPO, while NantHealth’s Patrick Soon-Shiong personally invested $100 million in Allscripts. How have they fared?” The best I can tell, Allscripts spent $200 million to acquire shares that are now worth $74 million, so they are down $126 million. Soon-Shiong’s $100 million investment in Allscripts shares is now worth around $92 million. In the past year, MDRX shares are down 7 percent, while those of NH have shed 73 percent since they began trading in June 2016.
From Oleander: “Re: Aventura. Has ceased operations and closes Friday.” Unverified, but folks in the know say they’re winding it down. It’s highly unusual for a company that sells a product (rather than a service) to just walk away instead of selling out for whatever price the market will bear. I expect to have more details soon.
From Lugubrious Lad: “Re: Missouri’s lack of a prescription drug monitoring program. From reports I’ve read, it’s a small group led by a powerful state legislator that has blocked a statewide program. State Senator Rob Schaaf once said people who die of overdoses remove themselves from the gene pool.” Senator Schaaf is a doctor, with his obvious lack of empathy perhaps validating that he’s better suited for power-brokering than attending to patients. Schaff’s PDMP objections involve patient privacy – he proposes his own bizarre system in which doctors would send the state the names of patients for whom they are considering issuing prescriptions for narcotics and then the state would let the doctor know of any concerns (given that they have no medical information to review and that such a system wouldn’t work with that of any other state, including those that border Missouri). Schaaf says he will filibuster any attempts to implement a PDMP other than his own: “I’d just as soon not have a PDMP. Would they rather have a database that protects privacy or no database at all?” On the other hand, his skimpy legislative body of work includes designating Jumping Jacks as the official state exercise.
From Tip Toe Through the Tulips: “Re: Skagit Regional Health (WA). The 185-bed system’s consultant and another consulting firm that was being paid $500 per hour contracted for Epic for $72 million to replace Meditech and NextGen, more than larger sites have paid. The cost is now over $100 million and the IT department has gone from 53 FTEs to 113 plus 60 consultants. They are missing deadlines, dates have been pushed back, the consultant-turned-CIO has gone, and they are continuing without a CIO. This coupled with a money-sucking HIE they own with Island Health that is in disarray, for which they have hired another expensive consulting group to review. Time will tell whether this system survives a $1 million per bed Epic project.” Unverified.
HIStalk Announcements and Requests
We funded the DonorsChoose grant request of Mrs. V in Texas, who asked for a 8×10 carpet for her first grade class’s reading area. What won me over was her eloquent description of its importance to her classroom in replacing the worn out one they had been using for years: “We start from only knowing mostly sounds and basic words to reading chapter books. We will basically summit a knowledge mountain this year to be prepared for our future. I do my job so that someday these students will have the opportunity to have a career of their own. The carpet is the heartbeat of our classroom. We share all of our lessons there. We share joy, excitement, heartbreak, breakthroughs, and growth on that piece of cloth. The battle of education is fought and won in one spot in the classroom and that is on that carpet.”
The government’s Internet privacy protections rollback revived my interest in using a private VPN service for web browsing (though to be fair, those protections hadn’t taken effect yet anyway, so nothing has changed.) My requirement of a free trial led me to VyprVPN at $45 per year. Speedtest shows no slowdown and it’s painless to install and use. A VPN also protects you when using public WiFi, but even more intriguingly, it apparently can save money on Internet purchases, where price is often set by the user’s location — VyprVPN priced the same SYD-LAX flight on Kayak by connecting through servers in several countries and it ranged from $2,900 to $5,400. VyprVPN runs great on the laptop and iPad, although it didn’t work on my Chromebook because of router settings that I didn’t bother changing because it wasn’t really important.
This week on HIStalk Practice: Congratulatory AHCA ads fly fast, furiously, and prematurely. Facial recognition software helps physicians diagnose rare pediatric disease. Wisconsin MDs prepare for mandatory PDMP reporting. Eastern Shore Psychological Services implements MediWare EHR. EPatientFinder’s Lance Hayden offers inexpensive steps to better practice cybersecurity. IHealth acquires AllDocuments. Mecklenberg County health officials accidentally release PHI. Navicure’s Jim Denny eases providers into care cost transparency practices.
April 26 (Wednesday) 1:00 ET. “SSM Integrated Health Technologies Clinical Data Migration: Functional and Technical Considerations.” Sponsored by Galen Healthcare Solutions. Presenters: Sandy Winklemann, MHA, RHIA, project manager, SSM Integration Health Technologies; Tyler Mawyer, MHA, managing consultant, Galen Healthcare Solutions; Kavon Kaboli, MPH, senior consultant, Galen Healthcare Solutions. GE Centricity and Meditech to Epic EHR transition. Join us for a complimentary webinar as present the decisions that are important to consider when performing a clinical data migration from the point of view of the healthcare organization program manager, the clinical analyst, and the technical implementation team. Our expert panel will survey data migration considerations, best practices, and lessons learned. The webinar will present a unique client perspective, offering insight into considerations surrounding staffing, clinical mapping, legacy application support, and validation and testing.
Acquisitions, Funding, Business, and Stock
San Francisco-based primary care practice Carbon Health raises $6.5 million in a seed funding round to expand use of its patient app that offers appointment scheduling, payments, and prescription refills.
Health kiosk vendor Higi receives an unspecified Series B investment from BlueCross BlueShield Venture Partners and acquires EveryMove, which offers a health rewards system to health plans.
Three Ontario hospitals will implement Meditech 6.1 Web EHR, hosted by Markham Stouffville Hospital.
Evariant names Clay Ritchey (Imprivata) as CEO.
Leidos Health hires Bill Kloes (Nuance) as VP of operations integration of its health group.
Terri Ripley, MIT (Inova Health System) joins OrthoVirginia as CIO.
The Strategic Health Information Exchange Collaborative hires Pam Mathews, RN, MBA (Pam Mathews & Associates) as interim executive director.
Solutionreach promotes Paul Kocherans to SVP of sales; Justin Everette to VP of marketing; and Lance Rodela to VP of product management.
Announcements and Implementations
IBM will incorporate SNOMED CT terminology in its Watson Health offerings.
CMS approves Forward Health Group’s PopulationManager as a qualified registry for the 2017 performance year.
The World Health Organization launches a global initiative to reduce severe, avoidable medication error harm by 50 percent over the next five years. It will offer guidance, strategies, plans, and tools.
Healthwise provides a $2 million grant to fund the Informed Medical Decisions Program at Massachusetts General Hospital’s Decision Sciences Center. Michael J. Barry, MD, Healthwise chief science officer, will return full time to MGH to direct the center, which will study how to incorporate the patient’s voice in making healthcare decisions.
The Connecticut Hospital Association and Bayer will create a statewide database to track patient exposure to radiation from CT scans.
Government and Politics
Senators Lamar Alexander (R-TN) and Bob Corker (R-TN) introduce legislation that would allow Americans who live in a county where no insurers offer ACA plans in 2018 to apply any federal subsidy they receive to plans they buy directly from insurers. The challenge, which they didn’t mention, is that those same counties may well have no insurers willing to sell individual policies either, meaning that those who can’t get insurance through an employer can’t obtain it at any price.
Meanwhile, Sen. Corker responds to the comments of fellow Republican and House Speaker Paul Ryan (R-WI), who expressed concern in a TV interview that President Trump will reach out to Democrats to get healthcare legislation passed instead of twisting the arms of party loyalists to repeal ACA in purely partisan fashion. A new poll finds that 62 percent of Americans think President Trump has mishandled healthcare reform, sending his record-low approval rating even lower to 35 percent following last week’s AHCA drama.
The Texas Senate appears to have ended the state’s relentless efforts to stifle the use of telemedicine.
Privacy and Security
Thieves hoping to steal petty cash from a clinic of CoxHealth (MO) also grab patient fee slips from the state, triggering the requirement that the incident be reported as a breach to HHS.
A New York Times Magazine article describes the expensive industry created around “coder vs. coder” billing code jockeying that occurs among hospitals, insurers, and auditors that often leave patients holding an indecipherable bills from multiple providers involved in a single episode of their care that may bankrupt them despite their best intentions. Some excerpts:
Individual doctors have complained bitterly about the increasing complexity of coding and the expensive necessity of hiring their own professional coders and billers … But they have received little support from the medical establishment, which has largely ignored the protests. And perhaps for good reason: The American Medical Association owns the copyright to CPT, the code used by doctors … when Medicare announced that it would pay only a set fee for the first hour and a half of a chemotherapy infusion — and a bonus for time thereafter — a raft of infusions clocked in at 91 minutes … Today many medical centers have coders specializing in particular disciplines … The Business of Spine, a Texas-based consulting firm with a partner office in Long Island, advises spine surgeons’ billers about what coding Medicare and commercial insurers will tolerate, what’s legal and not, to maximize revenue. The evolution of this mammoth growth enterprise means bigger bills for everyone.
Colorado’s new Medicaid payment system for developmental disability services is rejecting provider claims due to coding errors that the state blames on users who didn’t pay attention to its communication about the changes over the past 18 months. Speech therapy clinic operator Jill Tullman says she bills up to $12,000 per week to Medicaid, but has been paid only $288 in the past month. She also spent 2,500 minutes trying to get help from the state’s call center, run by Hewlett Packard Enterprise, which still has 90-minute wait times even after fixing software and connectivity problems. The state has paid 48 percent of submitted claims in the first month.
A Florida State University psychology researcher studies the EHR data of 2 million patients to create a machine learning method that can predict whether someone will attempt suicide within the next two years with 80-90 percent accuracy.
The University of Texas system regents will pay Ron DePinho, MD — the just-resigned president of MD Anderson Cancer Center — over $1 million per year to serve as a professor of cancer biology, placing his compensation at nearly triple that of his boss, the cancer biology chair. He will also receive $1 million per year to fund his research projects. Cynics might presume that his resignation was neither voluntary nor unchallenged.
- Consulting Magazine profiles Peter Smith of Impact Advisors.
- Imprivata will exhibit at the VHHA Spring Conference April 5-7 in Williamsburg, VA.
- Philly.com profiles InstaMed.
- InterSystems will exhibit at the HIMSS Population Health Forum April 3-4 in Boston.
- Intelligent Medical Objects will exhibit at AORN International Surgical Conference & Expo April 1-5 in Boston.
- Kyruus hosts NewCoBos April 5-6 in Boston.
- NTT Data’s Lisa Woodley presents at the LOMA 2017 Customer Experience Conference March 30 in Las Vegas.
- Point-of-Care Partners will exhibit at the HL7 Mini-Connectathon April 10-12 in Chicago.
- Protenus hosted its inaugural Privacy and Analytics Conference last week at its headquarters in Baltimore.
- SK&A publishes “Physician Office Usage of EHR Software.”
- PatientSafe Solutions will demonstrate new Rounding and Early Warning System worfklows of its PatientTouch platform at AONE/ANIA.
- Understanding What is Required Under the Stark Law, with infographic (Optimum Healthcare IT)
- Which MIPS path is right for you? (Encore, A Quintiles Company)
- ILÚMinate: 3 Key Takeaways from the HIMSS17 Health IT Conference (Ilum Health Solutions)
- Thought leader podcast series: Big Data (Meditech)
- How Hospitals are Using Analytics to Drive Improvements in a Value-Based World (Dimensional Insight)
- Health Information Technology’s Opportunities for Patient Safety (Impact Advisors)
- Healthcare organizations report thousands of hours and millions of dollars saved with SSO and VDI (Imprivata)
- How to Choose and Navigate Social Channels in Healthcare Marketing (Influence Health)
- Rearrange Activities with Ease (Learn on Demand Systems)
- 2017 HIPAA Compliance Checklist: 4 Items to Expect from a Vendor (Liaison Technologies)
- CMS Delays Bundled Payment Expansion. What does it mean for you? (Medecision)
- 6 Questions with Dr. Colin Banas, CMIO at VCU Health (Spok)
- Are Your Payments Walking Out the Door? (Navicure)
- The Meditech Scheduling Module: Tips and Benefits When Upgrading to 6.1 (Parallon Technology Solutions)
- Leading the Way Through Healthcare Fee for Value Transformation (Experian Health)
- Where We Are, and Where We Aren’t, in Healthcare IT (PatientKeeper)
- Information Governance Programs Harness the Power of Data (Sagacious Consultants)
- A Connected Care Journey for Patients (Salesforce)
- Burden of Prior Authorization Affects Providers: Coalition Seeks Reform (The SSI Group)
- 3 Ways to Make Your Practice Appeal to Patients (Solutionreach)
- The Way Technology has Revolutionized our World Today (Summit Healthcare)
- To the Tech-Minded Physician on National Doctor’s Day, We Thank You (Surescripts)