Home » News » Currently Reading:

News 3/31/17

March 30, 2017 News 5 Comments

Top News


An IBM security report finds that healthcare is the #5 most-hacked industry sector, with just 29 percent of the incidents involving outsiders.

“Inadvertent actors” — such as employees who fall for phishing or malware scams — made up nearly half the total number of incidents, while malicious insiders were behind just about as many attacks as external hackers.

Many successful healthcare attacks involved smaller organizations, resulting in an 88 percent drop in exposed records in 2016 vs. 2015.

The report estimates that criminals made $1 billion from ransomware in 2016 and that 44 percent of spam email contains malicious attachments, most of it ransomware.

IBM warns that the success of hackers has driven down the black market value of structured data, adding that “unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

Reader Comments

From Jake Serpent: “Re: ransomware. The FBI is investigating a case where PCP’s clearinghouse account was hacked and $86,000 in insurance payments were routed to other bank accounts. Interestingly, the FBI advised them not to disclose to their EHR/PM vendor’s IT support that they had been hacked until they had learned more. This is a new hole in the cash flow for thieves to exploit.” Unverified.

image image

From Jigger: “Re: NantHealth. Allscripts invested $200 million in the company in mid-2015 before the NH IPO, while NantHealth’s Patrick Soon-Shiong personally invested $100 million in Allscripts. How have they fared?” The best I can tell, Allscripts spent $200 million to acquire shares that are now worth $74 million, so they are down $126 million. Soon-Shiong’s $100 million investment in Allscripts shares is now worth around $92 million. In the past year, MDRX shares are down 7 percent, while those of NH have shed 73 percent since they began trading in June 2016.

From Oleander: “Re: Aventura. Has ceased operations and closes Friday.” Unverified, but folks in the know say they’re winding it down. It’s highly unusual for a company that sells a product (rather than a service) to just walk away instead of selling out for whatever price the market will bear. I expect to have more details soon.


From Lugubrious Lad: “Re: Missouri’s lack of a prescription drug monitoring program. From reports I’ve read, it’s a small group led by a powerful state legislator that has blocked a statewide program. State Senator Rob Schaaf once said people who die of overdoses remove themselves from the gene pool.” Senator Schaaf is a doctor, with his obvious lack of empathy perhaps validating that he’s better suited for power-brokering than attending to patients. Schaff’s PDMP objections involve patient privacy – he proposes his own bizarre system in which doctors would send the state the names of patients for whom they are considering issuing prescriptions for narcotics and then the state would let the doctor know of any concerns (given that they have no medical information to review and that such a system wouldn’t work with that of any other state, including those that border Missouri). Schaaf says he will filibuster any attempts to implement a PDMP other than his own: “I’d just as soon not have a PDMP. Would they rather have a database that protects privacy or no database at all?” On the other hand, his skimpy legislative body of work includes designating Jumping Jacks as the official state exercise.


From Tip Toe Through the Tulips: “Re: Skagit Regional Health (WA). The 185-bed system’s consultant and another consulting firm that was being paid $500 per hour contracted for Epic for $72 million to replace Meditech and NextGen, more than larger sites have paid. The cost is now over $100 million and the IT department has gone from 53 FTEs to 113 plus 60 consultants. They are missing deadlines, dates have been pushed back, the consultant-turned-CIO has gone, and they are continuing without a CIO. This coupled with a money-sucking HIE they own with Island Health that is in disarray, for which they have hired another expensive consulting group to review. Time will tell whether this system survives a $1 million per bed Epic project.” Unverified.

HIStalk Announcements and Requests

image image

We funded the DonorsChoose grant request of Mrs. V in Texas, who asked for a 8×10 carpet for her first grade class’s reading area. What won me over was her eloquent description of its importance to her classroom in replacing the worn out one they had been using for years: “We start from only knowing mostly sounds and basic words to reading chapter books. We will basically summit a knowledge mountain this year to be prepared for our future. I do my job so that someday these students will have the opportunity to have a career of their own. The carpet is the heartbeat of our classroom. We share all of our lessons there. We share joy, excitement, heartbreak, breakthroughs, and growth on that piece of cloth. The battle of education is fought and won in one spot in the classroom and that is on that carpet.”


The government’s Internet privacy protections rollback revived my interest in using a private VPN service for web browsing (though to be fair, those protections hadn’t taken effect yet anyway, so nothing has changed.) My requirement of a free trial led me to VyprVPN at $45 per year. Speedtest shows no slowdown and it’s painless to install and use. A VPN also protects you when using public WiFi, but even more intriguingly, it apparently can save money on Internet purchases, where price is often set by the user’s location — VyprVPN priced the same SYD-LAX flight on Kayak by connecting through servers in several countries and it ranged from $2,900 to $5,400. VyprVPN runs great on the laptop and iPad, although it didn’t work on my Chromebook because of router settings that I didn’t bother changing because it wasn’t really important.

This week on HIStalk Practice: Congratulatory AHCA ads fly fast, furiously, and prematurely. Facial recognition software helps physicians diagnose rare pediatric disease. Wisconsin MDs prepare for mandatory PDMP reporting. Eastern Shore Psychological Services implements MediWare EHR. EPatientFinder’s Lance Hayden offers inexpensive steps to better practice cybersecurity. IHealth acquires AllDocuments. Mecklenberg County health officials accidentally release PHI. Navicure’s Jim Denny eases providers into care cost transparency practices.


April 26 (Wednesday) 1:00 ET. “SSM Integrated Health Technologies Clinical Data Migration: Functional and Technical Considerations.” Sponsored by Galen Healthcare Solutions. Presenters: Sandy Winklemann, MHA, RHIA, project manager, SSM Integration Health Technologies; Tyler Mawyer, MHA, managing consultant, Galen Healthcare Solutions; Kavon Kaboli, MPH, senior consultant, Galen Healthcare Solutions. GE Centricity and Meditech to Epic EHR transition. Join us for a complimentary webinar as present the decisions that are important to consider when performing a clinical data migration from the point of view of  the healthcare organization program manager, the clinical analyst, and the technical implementation team. Our expert panel will survey data migration considerations, best practices, and lessons learned. The webinar will present a unique client perspective, offering insight into considerations surrounding staffing, clinical mapping, legacy application support, and validation and testing.

Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.

Acquisitions, Funding, Business, and Stock


San Francisco-based primary care practice Carbon Health raises $6.5 million in a seed funding round to expand use of its patient app that offers appointment scheduling, payments, and prescription refills.


Health kiosk vendor Higi receives an unspecified Series B investment from BlueCross BlueShield Venture Partners and acquires EveryMove, which offers a health rewards system to health plans.



Three Ontario hospitals will implement Meditech 6.1 Web EHR, hosted by Markham Stouffville Hospital.



Evariant names Clay Ritchey (Imprivata) as CEO.


Leidos Health hires Bill Kloes (Nuance) as VP of operations integration of its health group.


Terri Ripley, MIT (Inova Health System) joins OrthoVirginia as CIO.


The Strategic Health Information Exchange Collaborative hires Pam Mathews, RN, MBA (Pam Mathews & Associates) as interim executive director.

image image image

Solutionreach promotes Paul Kocherans to SVP of sales; Justin Everette to VP of marketing; and Lance Rodela to VP of product management.

Announcements and Implementations

IBM will incorporate SNOMED CT terminology in its Watson Health offerings.

CMS approves Forward Health Group’s PopulationManager as a qualified registry for the 2017 performance year.


The World Health Organization launches a global initiative to reduce severe, avoidable medication error harm by 50 percent over the next five years. It will offer guidance, strategies, plans, and tools.


Healthwise provides a $2 million grant to fund the Informed Medical Decisions Program at Massachusetts General Hospital’s Decision Sciences Center. Michael J. Barry, MD, Healthwise chief science officer, will return full time to MGH to direct the center, which will study how to incorporate the patient’s voice in making healthcare decisions.

The Connecticut Hospital Association and Bayer will create a statewide database to track patient exposure to radiation from CT scans.

Government and Politics


Senators Lamar Alexander (R-TN) and Bob Corker (R-TN) introduce legislation that would allow Americans who live in a county where no insurers offer ACA plans in 2018 to apply any federal subsidy they receive to plans they buy directly from insurers. The challenge, which they didn’t mention, is that those same counties may well have no insurers willing to sell individual policies either, meaning that those who can’t get insurance through an employer can’t obtain it at any price.


Meanwhile, Sen. Corker responds to the comments of fellow Republican and House Speaker Paul Ryan (R-WI), who expressed concern in a TV interview that President Trump will reach out to Democrats to get healthcare legislation passed instead of twisting the arms of party loyalists to repeal ACA in purely partisan fashion. A new poll finds that 62 percent of Americans think President Trump has mishandled healthcare reform, sending his record-low approval rating even lower to 35 percent following last week’s AHCA drama.

The Texas Senate appears to have ended the state’s relentless efforts to stifle the use of telemedicine.

Privacy and Security

Thieves hoping to steal petty cash from a clinic of CoxHealth (MO) also grab patient fee slips from the state, triggering the requirement that the incident be reported as a breach to HHS.



A New York Times Magazine article describes the expensive industry created around “coder vs. coder” billing code jockeying that occurs among hospitals, insurers, and auditors that often leave patients holding an indecipherable bills from multiple providers involved in a single episode of their care that may bankrupt them despite their best intentions. Some excerpts:

Individual doctors have complained bitterly about the increasing complexity of coding and the expensive necessity of hiring their own professional coders and billers … But they have received little support from the medical establishment, which has largely ignored the protests. And perhaps for good reason: The American Medical Association owns the copyright to CPT, the code used by doctors …  when Medicare announced that it would pay only a set fee for the first hour and a half of a chemotherapy infusion — and a bonus for time thereafter — a raft of infusions clocked in at 91 minutes … Today many medical centers have coders specializing in particular disciplines … The Business of Spine, a Texas-based consulting firm with a partner office in Long Island, advises spine surgeons’ billers about what coding Medicare and commercial insurers will tolerate, what’s legal and not, to maximize revenue. The evolution of this mammoth growth enterprise means bigger bills for everyone.

Colorado’s new Medicaid payment system for developmental disability services is rejecting provider claims due to coding errors that the state blames on users who didn’t pay attention to its communication about the changes over the past 18 months. Speech therapy clinic operator Jill Tullman says she bills up to $12,000 per week to Medicaid, but has been paid only $288 in the past month. She also spent 2,500 minutes trying to get help from the state’s call center, run by Hewlett Packard Enterprise, which still has 90-minute wait times even after fixing software and connectivity problems. The state has paid 48 percent of submitted claims in the first month. 

A Florida State University psychology researcher studies the EHR data of 2 million patients to create a machine learning method that can predict whether someone will attempt suicide within the next two years with 80-90 percent accuracy.


The University of Texas system regents will pay Ron DePinho, MD — the just-resigned president of MD Anderson Cancer Center — over $1 million per year to serve as a professor of cancer biology, placing his compensation at nearly triple that of his boss, the cancer biology chair. He will also receive $1 million per year to fund his research projects. Cynics might presume that his resignation was neither voluntary nor unchallenged.

Sponsor Updates

  • Consulting Magazine profiles Peter Smith of Impact Advisors.
  • Imprivata will exhibit at the VHHA Spring Conference April 5-7 in Williamsburg, VA.
  • Philly.com profiles InstaMed.
  • InterSystems will exhibit at the HIMSS Population Health Forum April 3-4 in Boston.
  • Intelligent Medical Objects will exhibit at AORN International Surgical Conference & Expo April 1-5 in Boston.
  • Kyruus hosts NewCoBos April 5-6 in Boston.
  • NTT Data’s Lisa Woodley presents at the LOMA 2017 Customer Experience Conference March 30 in Las Vegas.
  • Point-of-Care Partners will exhibit at the HL7 Mini-Connectathon April 10-12 in Chicago.
  • Protenus hosted its inaugural Privacy and Analytics Conference last week at its headquarters in Baltimore.
  • SK&A publishes “Physician Office Usage of EHR Software.”
  • PatientSafe Solutions will demonstrate new Rounding and Early Warning System worfklows of its PatientTouch platform at AONE/ANIA.

Blog Posts


Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "5 comments" on this Article:

  1. Not to be a buzz kill on the FSU suicide prediction story using machine learning, but achieving 80% accuracy, if that’s the metric they really used, is terrible. I can get 99+% accuracy by always guessing “no”. What you’re looking for its a metric like F-measure, which balances sensitivity and PPV. They might be using F measure or AUC and the FSU press office and local paper dumbed things down too much, even putting “machine learning” in quotes.

    The study is mentioned on Reddit a month ago, and yet we’re still waiting on the study to be published. We’ll see what actual metric was used, the data, ML algorithm, and most importantly the experimental setup. A well-designed EHR data study can be replicated relatively easily. Regardless that number looks too good to be true.

    • “I can get 99+% accuracy by always guessing ‘no’.”

      That’s a great observation! The ultimate measure would be how many people it called out as high risk, but even then you would assume that interventions would follow and thus even among those folks few of them would commit suicide (assuming the intervention was effective, that is). Or, perhaps those it call out could be categorized after the fact as having suicidal intentions (perhaps by admitting such) and in that case, if they were not previously diagnosed as suicidal by traditional means, then the benefit would be real.

      • The real issue here is of course the data. “Big data” studies rarely contain the granular information you’re talking about regarding the patient’s status or doctor’s thinking. We really know nothing about the data until we see the study. As an aside, I think it should be a requirement that any article about a single study should link to that study in the journal or pre-print, especially if it’s a thinly veiled university press release.

  2. Wait a minute. If you guess no every time you get 0% sensitivity. And you can’t calculate specificity at all in that case. Yes, due to low prevalence of suicidal people the positive predictive value (assuming what he reported is 80% sensitivity, which is what makes sense) is going to be just a few percent, but the question is then what the next step for the positives would be and its cost effectiveness

    • I wasn’t suggesting always guessing no as a useful system, more of a demonstration that accuracy isn’t a good metric to use here. It makes more sense with balanced classification problems, or multi-class problems. If the 80% is sensitivity, that tells us really little about how useful a system this is: I can get 80% sensitivity by randomly sampling 80% of the population.

      F-measure or AUC (or AUROC if we want to be really specific) will provide a score that balances the false positives and false negatives. F-measure does this for a specific point on the curve, while AUC measures the entire curve. Both have their disadvantages.

Text Ads


  1. Unfortunately, I can't disagree with anything you wrote. It is important that they get this right for so many reasons,…

  2. Going out on a limb here. Wouldn't Oracle's (apparent) interoperability strategy, have a better chance of success, than the VA's?…

  3. Dr Jayne is noticing one of the more egregious but trivial instance of bad behavior by allegedly non-profit organizations. I…

  4. To expand on this a bit. The Vista data are unique to Vista, there are 16(?) different VISN (grouped systems)…

Founding Sponsors


Platinum Sponsors











































Gold Sponsors