"HHS OIG rates HHS’s information security program as “not effective” in its annual review, the same rating it gave HHS…
News 6/2/17
Top News
Doctor office advertising and patient education technology company Outcome Health raises $500 million in funding, valuing the Chicago-based company at $5 billion.
Forbes estimates that the 31-year-old co-founder Rishi Shah owns 80 percent of the company’s shares, giving him a paper net worth of $3.6 billion.
Forbes also estimates that the company’s annual revenue is $200 million and it’s growing 100 percent per year, with most of the money coming from drug companies anxious to get their message in front of patients at an opportune time.
Vivek Kundra, the first US CIO, is a company EVP.
HIStalk Announcements and Requests
Tuesday’s HIStalk page views exceeded 10,000, which isn’t a record or even all that much higher than the usual daily traffic, but it’s the highest count during a non-HIMSS week other than June 28, 2016 (when McKesson announced that it would divest its Technology Solutions business) and July 30, 2015 (when the DoD awarded Leidos/Cerner its EHR contract).
I thought it would be interesting to look at the percentage of females serving on the executive teams of the top five healthcare IT companies by revenue as listed on the new Healthcare Informatics 100, which might bring to mind the old Doors song “Five to One”:
- Optum – 25 percent
- Cerner – 18 percent
- Cognizant – 16 percent
- McKesson – 25 percent
- Philips – 17 percent
This week on HIStalk Practice: Allergy Partners opts for Medfusion technology. Rhode Island practices unite as Brown Physicians Inc. Outcome Health raises $500 million in a quest to assist 70 percent of practices. Practice Fusion’s Matthew Douglass argues that America’s doctors need net neutrality. HealthTap expands to New Zealand, while Heal heads to Washington, DC. EVisit raises $2 million. US HealthWorks taps AmericanWell to power its new telemedicine service for employers.
Thoughts on the $155 Million DOJ Settlement of EClinicalWorks
I had these reactions when writing about the company’s settlement.
- I was curious about how many EPs have attested to Meaningful Use using EClinicalWorks. ONC’s Health IT Dashboard shows around 25,000, making it the #3 EHR vendor (behind Epic and Allscripts).
- The settlement amount represents 35 percent of the company’s annual revenue of $440 million.
- The settlement could be only the beginning of ECW’s problems, as it now has to deal with potential customer defections, the inevitable drop-off in sales, and potential class action provider lawsuits. It could possibly be sued by its certifying body, Drummond Group, plus it is required by the settlement terms to implement internal and external review programs.
- I assume the value of the settlement was based on the MU payments that were made to ECW-using EPs, which I’ll also assume means that HHS won’t go after the EPs individually. The complaint says the federal government is entitled to recover triple the value of fraudulent claims (presumably the MU incentives paid) plus a percentage of the company’s profits that represented “undue enrichment.” Still, as reader Debtor points out, ECW-using EPs could have been paid around $2 billion in Meaningful Use incentives, so as he or she says, “that the DOJ settling for pennies on the dollar and no criminal prosecution is unbelievable.”
- Does Drummond Group, which certified ECW’s EHR, bear any responsibility (legal or otherwise) for failing to detect that ECW was – according to the complaint – rigging its test results? On the other hand, it could argued that since the certification testing scenarios are public and static, the certification body has no easy way to detect fraud in observing only the desired scenario outputs. Certification testing is not dynamic nor comprehensive – it’s following a script to see if the expected outputs are produced.
- The $30 million whistleblower payment will surely encourage others to report any similar problems with other vendors.
- Clearly DOJ was not happy that ECW apparently charged customers for software updates, made it hard and/or expensive for them to migrate from ECW to other EHRs, and did not make it easy for its customers to exchange information with other practices.
- The kickback portion of the complaint arose from ECW giving users a $500 maintenance credit to refer a prospect who eventually signed on as a customer (those payments totaled $144,000), paying users to host site visits ($249,000), compensating customers to provide good product references, and providing consulting fees, honoraria, and gifts to influential users who pitched its product, with one unnamed doctor earning “tens of thousands of dollars in ‘consulting’ fees.” The complaint makes it clear that manufacturers can’t pay any kind of remuneration to encourage use of their products for which the federal government pays via Medicare and Medicaid.
- It’s not clear how the settlement affects ECW-using EPs who could continue attesting under the Medicaid part of Meaningful Use for several more years. Apparently not at all since the product’s certification remains intact.
- Two ECW technical employees will pay relatively small settlement amounts over the product’s inability to process RxNorm terminology for e-prescribing. One of those employees was the developer in charge of the RxNorm software functionality and the other submitted ECW’s final certification application. The complaint says the certification body certified the product in 2013, heard afterward from ECW employees that the software didn’t really process RxNorm codes, and then re-tested the product with the same protocol in 2015, which ECW passed only because it hard-coded the expected 16 RxNorm codes.
- The complaint says ECW’s EHR did not use LOINC or SNOMED CT terminology.
- The complaint says ECW released software without adequate testing, relied on customers to report problems, allowed critical problems to remain unresolved for months or years, and reintroduced previously fixed bugs because its software version control was not reliable.
- The company’s October 6-9 user group meeting should be interesting.
The whistleblower in the case was Brendan Delaney, who was a New York City employee implementing ECW at Rikers Island for prisoner healthcare when he noticed software problems. He has also worked on ECW projects for Arcadia Solutions, HSM Consulting, and as a self-employed contractor. His LinkedIn says he’s revenue cycle manager at NYU Langone Medical Center, or at least was before he learned he’ll be pocketing $30 million (but unfortunately for him, whistleblower windfalls are taxed as ordinary income).
Interesting points from the five-year Corporate Integrity Agreement the company signed with HHS OIG:
- ECW is required to implement a quality assurance program to oversee software defects, usability problems, and any other issues that affect patient safety or product certification and to post known software problems on its portal.
- The company is required to create usability and patient safety advisory teams, consisting of at least a doctor, pharmacist, and nurse.
- ECW is prohibited from using contract language that prohibits customers from disclosing patient safety concerns and agrees that it won’t enforce that requirement in existing contracts.
- The company must help customers who want to migrate to other EHRs and can’t charge them any fees, penalties, or service charges.
- ECW is required to contact every customer with an email subject line of “Important information about your EHR software and services. You have new options free of charge to you.” The communication must start with a statement indicating that ECW has settled with HHS OIG to offer them free upgrades to the latest production version.
- The company must track any payments made to existing customers for marketing purposes and must list all of payments it makes to providers on its website.
What other vendors should do based on the settlement:
- Review the certification process to make sure nothing is being faked, talking to the technical people rather than managers anxious to avoid becoming the shot messenger.
- Don’t provide any kind of incentives for customers or their employees to help make new sales.
- Make sure customers are notified quickly of software problems that endanger patients or that can cause billing mistakes or certification shortcomings.
Meanwhile, the law firm that represented the whistleblower in the lawsuit adds a few points:
- The firm filed Brandon Delaney’s lawsuit against ECW in 2015.
- The firm’s website includes archived copies of advisories ECW sent to its customers that warned of software problems.
- Brandon Delaney provided this statement: “I was profoundly saddened and disappointed by the indifference of senior health department officials and investigators for New York City when I provided detailed information about serious flaws in the EHR software that could endanger patients. I am grateful that Phillips & Cohen and federal government attorneys recognized the seriousness of my charges and dug into the matter quickly and thoroughly.”
The Letter EClinicalWorks Sent to its Customers Thursday
Dear Customer:
Yesterday we announced a settlement with the government. As part of the settlement, eClinicalWorks paid $155 million and agreed to bolster its compliance program. The inquiry leading to the settlement primarily centered on technical aspects of the Meaningful Use program and allegations that eClinicalWorks software had technical non-conformities related to some of the criteria, all of which have since been addressed.
eClinicalWorks cooperated fully with the government. We have not admitted any fault or wrongdoing, and our goal as a company is to always make sure we are doing the right thing. We have decided to put this matter behind us and concentrate all of our efforts on our customers and continued innovations to enhance patient care delivery. Importantly, our software remains fully certified under the Meaningful Use program.
One of the technical non-conformities alleged by the government involved the use of RxNorm codes in electronic prescriptions. From 2014 to August 2016, electronic prescriptions sent by eClinicalWorks users included NDC codes rather than RxNorm codes. During this time period, more than 500 million prescriptions were successfully transmitted and filled, and most major pharmacies did not support RxNorm codes. The failure to include RxNorm codes in electronic prescriptions was completely inadvertent on the part of eClinicalWorks, as our software used RxNorm codes in other parts of the system, such as in C-CDAs. We gained nothing by not including the codes, which are available for free from the National Library of Medicine. We resolved this issue as soon as we learned of it.
Another technical non-conformity identified by the government involved data portability. The 2014 Edition certification criteria require EHR software to “batch export” patient records. There was confusion about the meaning of this requirement, however, prompting ONC in 2015 to issue a clarifying FAQ. When eClinicalWorks was tested for certification in 2013, its authorized certification body (ACB) at the time, CCHIT, determined that our software satisfied this requirement. In 2015, our new ACB, Drummond Group, disagreed and identified this as a non-conformity. eClinicalWorks resolved the non-conformity in 2015, and our software meets all MU Stage 2 data portability requirements.
Historically, technical non-conformities with the MU Program were addressed through an administrative rather than a legal process (visit the ONC’s Certified Health IT Product List (CHPL) website for a list of EHR vendors with non-conformities: https://chpl.healthit.gov/#/search). eClinicalWorks chose to settle this matter to avoid the uncertainty of a prolonged legal dispute which could have been disruptive to our customers, our employees and our company.
The government also alleged that eClinicalWorks’ customer referral program violated the federal Anti-Kickback statute. Under this program, called “Refer a Friend.”eClinicalWorks granted a credit, typically in the amount of $500, against existing users’ support and maintenance fees. Between 2011 and 2016, eClinicalWorks paid $392,000 to users under this and related programs. While referral programs like this are common in the industry, and while HHS-OIG has provided no guidance regarding them, the government took the position that the payments were improper. We disagreed but have nevertheless discontinued the program.
There is a silver lining to this settlement. Today, eClinicalWorks has a more robust compliance program, and we continue to invest our resources and energy into making sure the products and services we deliver serve our customers well in the long run. We paid the settlement amount using cash on hand and have the resources to continue to grow and innovate.
It is our privilege to serve you. I am committed to enhancing our products and services. We will be releasing V11 later this year as planned and seeking certification for Meaningful Use Stage 3.
We founded this company 17 years ago with the mission of improving healthcare together. The settlement does not change that.
Sincerely,
Girish Navani, CEO
Webinars
June 22 (Thursday) 1:00 ET. “Social Determinants of Health.” Sponsored by Philips Wellcentive. Presenter: David Nash, MD, MBA, dean, Jefferson College of Population Health. One of the nation’s foremost experts on social determinants of health will explain the importance of these factors and how to make the best use of them.
June 29 (Thursday) 2:00 ET. “Be the First to See New Data on Why Patients Switch Healthcare Providers.” Sponsored by Solutionreach. As patients pay more for their care and have access to more data about cost and quality, their expectations for healthcare are changing. And as their expectations change, they are more likely to switch providers to get them met. In this free webinar, we’ll look at this new data on why patients switch and what makes them stay. Be one of the first to see the latest data on why patients leave and what you can do about it.
July 11 (Tuesday) 1:00 ET. “Your Data Migration Questions Answered: Ask the Expert Q&A Panel.” Sponsored by Galen Healthcare Solutions. Presenters: Julia Snapp, manager of professional services, Galen Healthcare Solutions; Tyler Suacci, principal technical consultant, Galen Healthcare Solutions. This webcast will give attendees who are considering or in the process of replacing and/or transitioning EHRs the ability to ask questions of our experts. Our moderators have extensive experience in data migration efforts, having supported over 250+ projects, and migration of 40MM+ patient records and 7K+ providers. They will be available to answer questions surrounding changes in workflows, items to consider when migrating data, knowing what to migrate vs. archive, etc.
Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.
Acquisitions, Funding, Business, and Stock
Medical image viewing system vendor TeraRecon acquires machine learning vendor McCoy Medical Technologies and creates a new company that will distribute trained machine learning algorithms for clinical decision support, also offering researchers and hospitals an easy way to distribute their algorithms for research or commercialization.
Accenture will acquire 250-employee laboratory informatics consulting firm LabAnswer, which it will fold into the newly created Accenture Scientific Informatics Services.
Sales
Carilion Clinic (VA) chooses Influence Health’s directory listings management system to monitor its online presence, provide accurate online location listings, and call out unofficial social media pages.
Memorial Sloan Kettering Cancer Center (NY) and Intermountain Healthcare (UT) will use the genomics platform of Philips for cancer research and treatment.
People
Children’s of Alabama (AL) hires Bob Sarnecki (ClearData) as interim CIO.
In England, Beverly Bryant (NHS Digital) will join System C as COO.
SurveyVitals, which offers digital patient experience surveys, hires Robert Harrington, Jr., MD (Reliant Post-Acute Care Solutions) as chief medical officer.
Rob Bart, MD (LA County Department of Health Services) joins UPMC as CMIO.
Announcements and Implementations
An Ellis and Adams research report reviewing the impact of hospital acquisitions on quality finds that the average quality score of an acquired hospital slipped 5 percentage points in the first year.
DrFirst launches new solutions for Meditech users – SmartSig to manage free text prescription instructions and integration with prescription drug monitoring program databases.
Privacy and Security
The medical records (including photos) of 15,000 patients of a Los Angeles plastic surgery clinic – some of them celebrities – have been stolen by a fired employee.
In India, the Mumbai health department’s online birth and death registry is taken offline following complaints that its lack of security was allowing anyone to look up random names and print their birth or death certificates. A government official complains that only the medical health officer is now allowed to use the system and “he cannot keep printing certificates for everyone” in keeping up with the city’s daily workload of 400 births and 200 deaths.
Australia’s health department decides that the records of people who opt out of its My Health Record system won’t be deleted, but rather hidden from providers, allowing those who opt out to change their minds later.
Other
Australia’s Digital Health Agency issues a request for tender for developing a plan to connect all health-related systems over 5-10 years.
A five-sentence letter published in NEJM in 1980 concluding – without much evidence – that opiates aren’t addicting when prescribed for chronic pain has been cited more than 600 times since, with references to the article spiking after OxyContin was brought to market in 1995. The authors note that most of the citations misinterpreted the information or mischaracterized the letter’s conclusions in encouraging doctors to use long-term opiate therapy that contributed heavily to today’s national addiction, leading to their recommendation that authors cite previous studies carefully.
Facebook is hosting an invitation-only meeting next week to court drug companies as advertisers.
Sponsor Updates
- ECG Management Consultants publishes its “2017 Thought Leadership Compendium.”
- EClinicalWorks will exhibit at the California Primary Care Association Region IX Clinical Excellence Conference June 4-6 in Lahaina, HI.
- FormFast and Imprivata will exhibit at EHealth Canada June 4-7 in Toronto.
- Aprima wins Frost & Sullivan’s product leadership award for its RCM platform.
- HBI Solutions publishes a new white paper, “Turn Data Science into Value: The Four Key Requirements.”
- The Atlanta Business Chronicle profiles CFO of the Year finalist and Ingenious Med Chief Compliance Officer and CFO David Lamm.
- InterSystems’ TrakCare tops global EHR deployments, according to a new KLAS report.
Blog Posts
- Arkansas: Concerns and opportunities (EClinicalWorks)
- Go Beyond the Acquisition: Wake Forest Baptist Health Leverages Journey Mapping for Improved Patient Engagement (Evariant)
- Empowering patients with digital innovation and design thinking (Meditech)
- How to Land Top Information Security Talent (Fortified Health Security)
- 5 Common Pitfalls of Technology Strategy Development (Hayes Management Consulting)
- 3 Roadblocks to Digital Transformation (The HCI Group)
- The CIO as a Change Agent (Optimum Healthcare IT)
- The Right Alert, The Right Time, The Right Person (Impact Advisors)
- A Healthcare Marketer’s Guide to Ranking Number One (Influence Health)
- 3 Quick Tips for Refunds in Healthcare (Plus, How to Avoid Them in the First Place) (InstaMed)
- Garbage In, Gospel Out? (InterSystems)
HIStalk sponsors were listed in the Healthcare Informatics 100 highest-revenue healthcare IT companies, representing 38 of the vendors named:
- Ability Network (#75)
- Advisory Board (#19)
- Agfa HealthCare (#72)
- CSI Healthcare IT (#70)
- Cumberland Consulting Group (#95)
- EClinicalWorks (#34)
- Elsevier (#64)
- Evolent Health (#48)
- Experian Health (#45)
- GE Healthcare (#12)
- Harris Healthcare (#58)
- HCI Group (#82)
- Impact Advisors (#99)
- Imprivata (#71)
- Infor (#38)
- InterSystems (#32)
- Leidos (#9)
- Lexmark Healthcare (#61)
- Medecision (#94)
- Medhost (#67)
- Meditech (#33)
- MModal (#43)
- NantHealth (#90)
- Navicure (#87)
- Netsmart (#46)
- NextGen Healthcare (#31)
- Nordic (#59)
- Nuance (#16)
- Optimum Healthcare IT (#73)
- Philips (#5)
- Roper Technologies (#26)
- Solutionreach (#91)
- Spok (#57)
- Sutherland Healthcare (#68)
- T-System (#97)
- Verscend (#42)
- West Corporation (#41)
- Xerox (#8)
Contacts
Mr. H, Lorre, Jenn, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.
Didn’t Farzad run the ONC MU program not long ago? If I remember it was around the time ECW was getting Certified…hmm, and
I would not paint all vendors with the ECW brush. I worked with over 40 vendors (big and very small) guiding them thru the Cert process and not one of them did what ECW did. As crazy as it may have been they wrote (or purchased) real code to do what was needed..even though they may have hated the process!
I concur with FLPoggio’s comment. I too have worked as an implementation consultant with many EHR (and general HIT) vendors, and in particular with eCW many many times. In my experience eCW is unique in their crass commercialism and their indifference to, and lack of interest in, the health care mission. The current owners/leadership are incredibly cynical and don’t believe that they can learn anything from anyone else (especially customers), and in general they view their customers as perpetual whiners who should stop complaining and be happy that they are receving a functional product at a low cost. That is why eCW has been losing share with larger customers who: don’t like to be ignored, have zero tolerance for immature software and management practices, and genuinely want to improve health care delivery.
The only hope for the company at this point is for the current owners/leaders to recede into the background in favor of professional and motivated leadership brought in from the outside who can convince the eCW customer base and employees that they can change company values and attitudes from top-to-bottom, and translate that into professionally designed and delivered software services that provide clinical value and user joy. This should be the time for deep introspection and soul-searching, but unfortunately for eCW’s employees and customers, history does not suggest that eCW leadership is willing or able to lead such a turnaround.
I’m pretty sure whoever drafted this letter for ECW had an outline that goes like this:
1. We settled with the government and paid a big fine
2. We are not at fault and did nothing wrong. We are just going to ignore this. Oh don’t worry we’ve fixed everything that was ‘alleged’ (the fact that we faked multiple MU certifications is FAKE NEWS)
3. MU requirements are irrelevant because they are not used by pharmacy!
4. It’s not our fault we cant share patient records because our first certification was fine, but the second time the silly certification group said we were not. The requirements are not explicit from the government (forget that… we can’t understand the good intention of making our records portable for patients)
5. There should not have been any DOJ involvement because this is a certification compliance issue. (forget that the MU program fueled the EHR market. Last time I checked, defrauding the government was a criminal offense. Just ask the banking industry…)
6. The positive is that we’ll have a beefed up compliance team (just like every other serious vendor out there. Have physician, pharmacist, and nurse on a safety panel? SURPRISE!)
7. Look forward to our new v11 release for MU3 which we won’t try and fake the certification
Get real ECW, my practice will certainty be taking advantage of your free services to migrate to a competitor.
Good Morning –
Wonder what the ECW and MU issue means for those ECW users rolling up on CEHRT 2015 requirements for MACRA.
How can a customer read the ECW letter and believe any of it? The statements themselves make zero sense. For example, resolving the RXNORM issue as soon as they learned of it? Logic says that means they would have supported RXNORM for ePrescribing as soon as they read the requirement; not faking their certification of it. If I’m a customer, I can’t believe anything else in this letter.
Frank and Charlie – That other EHR vendors aren’t doing this is fine but the broader issue is that there are really no safeguards – public or private – from others in this industry literally doing the same thing for years.
ECW has even been a member of the HIMSS EHRA (http://himssehra.org/ASP/case_studies.asp).
Time and time again this is an industry that has both failed to police itself with regard to safety and unintended consequences while actively and vociferously resisting oversight.
It’s stuff like this that will force the FDA to regulate this industry.
eCW and athena have not been member of EHRA for a while.
They don’t believe in dealing with all the Gvt. garbage.
Won’t be surprised when the yellow tape goes up around athena’s headquarters.
Just Answering – HIMSS still prominently lists eCW case studies on its EHRA page: http://himssehra.org/ASP/case_studies.asp
My point is that this industry is going to be forced into “dealing with all the Gvt. garbage” – and not the billions of incentive dollars kind – if they don’t start policing themselves, including the bad actors like eCW.
Would be interesting to know to whom liability would accrue if it is discovered that patients were harmed through eCW’s fraud and whether eCW will be sued by providers who seek to change to another product.
I concur with FLPoggio’s comment – too!