Home » News » Currently Reading:

News 6/28/17

June 27, 2017 News 14 Comments

Top News


A cyberattack of an unspecified nature against Nuance takes all of its cloud services – including dictation and transcription – offline. UPDATE: Nuance has since listed those applications that were not affected and the company is providing service updates.


One HIStalk reader reports that the culprit was ransomware. The company’s announcement says the attack originated in Europe.

I reached out to Nuance but my email couldn’t get through because of a Nuance mailserver error that was likely caused by powered-down servers.

Other newly reported ransomware attacks include drug maker Merck and Heritage Valley Health System (PA), which had to take all computers offline. A reader forwarded an email stating that a West Virginia hospital is also under attack.

Early reports suggest that Ukraine-based hackers used a tool developed by the National Security Agency to create the malware, which is also how the WannaCry ransomware was developed. A Ukrainian financial software firm that was infected then apparently inadvertently spread the malware widely via its software update.


Security firms believe the malware is a variant of Petya, which encrypts entire hard drives rather than just the files they contain. Like WannaCry before it, the malware can’t penetrate properly updated Windows computers. Microsoft released a patch MS17-010 in March that closed the exploit used by both WannaCry and Petya.


Preliminary hacker reports suggest that the a “kill switch” has been found that involves creating a file called C:\Windows\perfc. It has also been observed that the hacker message is displayed immediately as the hard drive encryption starts and CHKDSK is invoked, meaning the infected computer can be powered down immediately and left down and intact until the malware can be removed after booting from a Windows OS copy on disk or USB.

Reader Comments


From Meghan Roh: “Re: Epic App Orchard reader comment correction. We offer 50 percent off the first year’s fee, and if any member is dissatisfied in the first six months, we’ll refund the program fee. We have not reduced program benefits. For developers who don’t know what we offer, we provide a list of more than 300 APIs during the enrollment process to help them make their decision.” Meghan is director of public affairs for Epic.


From Established Relationship: “Re: health systems implementing Epic. Epic does not require hospitals to follow its hiring practices (tests, interviews, etc.) They recommend testing applicants, but it’s up to hospitals to say yes or no. If a hospital opts to set aside their usual hiring practice and follow one recommended by a software vendor, they have to accept responsibility for losing experienced resources and implementing a system with a high percentage of inexperienced resources.” I think most health systems follow Epic’s model of maddeningly SAT-like tests and competitive interviews for newly their newly created positions that follow Epic’s recommended job descriptions and titles. I’m mixed on the practice, as follows:

  • It seems to work in ensuring successful project outcomes, even though it was developed by Epic for hiring new college graduates into their first jobs.
  • It’s not really too much different from other IT migrations in which those who maintained the legacy system are seen as one-trick ponies who are put out to pasture once their single skill is no longer needed, marginalizing the value of their non-system skills, experience, and relationships.
  • It would be tough as a health system project executive to announce that you’ve decided to ignore Epic’s advice, whether it involves hiring, project reporting, or anything else. You don’t want to be the person identified as having gone rogue when the project stumbles.
  • The biggest unsettling fact is that Epic’s model places minimal (actually negative) value on experience with other IT systems, yet its rigid certification and project management requirements nearly always deliver the expected results. That’s threatening to those who equate broad, long experience with better project outcomes.


From Smuggler: “Re: health insurance. Why should the government be allowed to require consumers to buy insurance, or anything else for that matter?” I agree, as long as those invincibles who decide to roll the actuarial dice sign a legally binding waiver acknowledging that they won’t get a penny in benefits from Medicare, Medicaid, or hospitals when something unexpected happens. It’s like homeowner’s insurance, flood insurance, or car insurance – if you opt out of the system, you’re on your own. Whatever’s left of the ACA made insurance available and relatively affordable, so it’s hard to drum up a lot of sympathy for those who could have afforded coverage but chose not pay the taxpayer-subsidized price. All of this would be moot if US healthcare costs weren’t so ridiculously high compared to the rest of the world, the elephant in the room that politicians seem unwilling to address, leaving the only balloon-squeezing choices of covering fewer or healthier people, restricting access to care via ever-narrowing networks or uncovered services, or raising premiums and deductibles.


From KLAS: “Re: reader’s comment about market share. The correct information from the 2016 and 2017 KLAS market share reports is as follows.”

  • Acute wins for 2015-2016 for Cerner — 249 (includes one Soarian add-on in 2015).
  • Total Millennium losses for 2015 and 2016 – 53.
  • Cerner’s net growth — 196 acute hospitals for 2015 and 2016.

HIStalk Announcements and Requests

image image

We provided an iPad Mini for Ms. N’s elementary school class in New York, which is using the tablet for self-assessing their art projects. She reports, “Students are able to take photos of their work give it a title and describe their art, including what materials they used and how they feel their worked turned out. The Mini allows students a sense of independence. Students are better able to share their work with family by using an art app that gives family an opportunity to comment on the artwork.”

Every year I offer a “Summer Doldrums” deal on newly signed sponsorships and webinars, because otherwise it’s pretty quiet and I get nervous that my industry irrelevancy has escalated. Contact Lorre.

Listening: new from San Antonio-based Nothing More, which plays a slick blend of prog rock, Muse-like soaring orchestration, and hook-laden alternative rock.


June 29 (Thursday) 2:00 ET. “Be the First to See New Data on Why Patients Switch Healthcare Providers.” Sponsored by Solutionreach. As patients pay more for their care and have access to more data about cost and quality, their expectations for healthcare are changing. And as their expectations change, they are more likely to switch providers to get them met. In this free webinar, we’ll look at this new data on why patients switch and what makes them stay. Be one of the first to see the latest data on why patients leave and what you can do about it.

July 11 (Tuesday) 1:00 ET.  “Your Data Migration Questions Answered: Ask the Expert Q&A Panel.” Sponsored by Galen Healthcare Solutions. Presenters: Julia Snapp, manager of professional services, Galen Healthcare Solutions; Tyler Suacci, principal technical consultant, Galen Healthcare Solutions. This webcast will give attendees who are considering or in the process of replacing and/or transitioning EHRs the ability to ask questions of our experts. Our moderators have extensive experience in data migration efforts, having supported over 250+ projects, and migration of 40MM+ patient records and 7K+ providers. They will be available to answer questions surrounding changes in workflows, items to consider when migrating data, knowing what to migrate vs. archive, etc.

Previous webinars are on our YouTube channel. Contact Lorre for information on webinar services.



Women’s Care Florida chooses the Healow patient engagement mobile app from EClinicalWorks to help women manage their pregnancies, integrated with the OB/GYN group’s ECW EHR.



Kyruus hires Soojin Chung (Caradigm) as general counsel and chief administrative officer.


Jennifer Rouse (IBM) joins ClearData as VP of marketing.

Announcements and Implementations

A new TransUnion Healthcare survey finds that two-thirds of patients with hospital bills of under $500 don’t pay off the full balance, a big jump from 2014 as deductibles increased. The company projects that 95 percent of patients won’t pay their bills in full by 2020, noting also that the percentage of patients who pay nothing at all toward their balances is increasing.


An HFMA/Navigant survey of 125 health system CFOs and revenue cycle management executives finds that 74 percent are increasing their revenue cycle technology budgets, but are struggling to keep up with EHR upgrades and optimization. Consumer-facing tools such online payment portals and cost-estimation tools are common, but few health systems run propensity-to-pay models for individual patients.


Long-term care software vendor Cantata Health chooses Ability Network as its preferred revenue cycle management software vendor.


Baxter International integrates its DoseEdge Pharmacy Workflow Manager with Epic’s Willow pharmacy system to meet CMS requirements for documenting IV preparation accuracy. 


Craneware announces GA of Trisus Claims Informatics, which automates claims review for completeness, accuracy, and conformance to normal charging behavior.


St. Joseph Hospital (NH) goes live on the EarlySense continuous monitoring inpatient system that uses an under-mattress sensor to monitor heart rate, respiratory rate, and motion.


In Canada, Waypoint Centre for Mental Health Care goes live on Meditech 6.1.

The State of Connecticut and the Connecticut State Medical Society will launch competing HIEs the next few months, with both organizations hoping users will be willing to pay for their services.

An Advisory Board analysis finds that the average 350-bed hospital fails to capture $22 million in revenue.

Government and Politics


The chairs of the Senate Veterans Affairs and Armed Services committees urge the VA to ask the DoD about lessons learned in its EHR procurement and implementation, expressing concern about potential VA cost overruns, implementation delays, lack of standardized processes, and excessive customization. 


A GAO report says the VA’s clinical productivity metrics provide incomplete and possibly misleading information, noting that those metrics fail to capture information from contract physicians and advanced practice providers; don’t adequately incorporate clinical workload intensity; and are hampered by providers who don’t log their time and activities consistently. The lack of good data prevents the VA from identifying and promoting best practices, GAO concludes.



A hospital scrub nurse in Australia develops Scrubit, which improves OR setup by automating preference cards, setups, and lists of required equipment.

British military doctors blame the Ministry of Defence’s IT system for their mis-prescribing of antimalarial drugs for soldiers being shipped out to Afghanistan. They say the system is slow and can’t always bring up patient histories, meaning soldiers may be inappropriately prescribed mefloquine, which can cause depression and suicidal thoughts. The decade-old DMICP system is a customized version of EMIS PCS, provided by Canada-based vendor CGI, which has been the key player in quite a few IT screw-ups including Healthcare.gov.


MIT Technology Review says IBM is overhyping Watson, but the product still has the best chance among AI competitors of delivering healthcare value assuming that IBM can gain access to the data the system requires. The article says IBM has a leg up on startups because conservative large health systems trust it more than any other company. It notes that both IBM and MD Anderson raised expectations unreasonably before the organizations recently shuttered their joint $39 million project (budgeted for only $2.4 million). A snip:

To train Watson to go through giant pools of data and pull out the few pieces of information important to a single patient, someone has to do it by hand first, for thousands and thousands of cases. To recognize genes linked to disease, Watson needs thousands of records of patients who have specific diseases and whose DNA has been analyzed. But those gene-and-patient-record combinations can be hard to come by. In many cases, the data simply doesn’t exist in the right format—or in any form at all. Or the data may be scattered throughout dozens of different systems, and difficult to work with … To really help doctors get better outcomes for patients, however, Watson will need to find correlations between what it reads in health records and what Tang calls “all the social determinants of health.” Those factors include whether patients are drug-free, avoiding the wrong foods, breathing clean air, and on and on. But Tang concedes that today almost no hospitals or medical practices get that data reliably for a significant percentage of patients. Part of the problem is that hospitals have been slow to take up modern, data-driven practices. “Health care has been an embarrassingly late adopter of technology,” says Manish Kohli, a physician and health-care informatics expert with the Cleveland Clinic.

Researchers find that less than 1 percent of pathology specimens provide incorrect results due to mishandling (either switching samples between patients or “floater” cross-contamination), but DNA fingerprinting can eliminate those problems, albeit at a cost of $300 per test. Private insurance generally pays the cost to avoid higher bills for unnecessary or delayed treatment, but Medicare doesn’t. One urology practice starting using the error prevention system after being threatened by a lawsuit after it removed a man’s cancer-free prostate based on another patient’s specimen.


A study finds that a combination of wireless smart pill bottles, lottery-based incentives, and social support did not improve medication adherence or readmissions for post-MI patients. 


A drug company whose opiate addiction treatment drug was getting little market traction hires lobbyists and makes political contributions to influence drug court judges, who then order offenders to be treated with the product that is injected monthly. The resulting sales have increased the company’s market cap to $9 billion. On the positive side, the drug seems to work well in blocking the pleasurable effect of opiates, it’s not addicting, and it’s long lasting. The negatives are lack of proof of long-term efficacy and its $1,000 per month cost.

Sponsor Updates

  • The local paper recognizes AssessURhealth Director of Operations and veteran Kyle Mynatt for his community contributions.
  • Besler Consulting releases a new podcast previewing HFMA ANI 2017.
  • Glassdoor.com recognizes CoverMyMeds CEO Matt Scantland as a highest-rated CEO.
  • The General Services Administration (GSA) awards Audacious Inquiry (Ai) the 8(a) STARS II Governmentwide Acquisition Contract (GWAC).

Blog Posts


Mr. H, Lorre, Jenn, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "14 comments" on this Article:

  1. Amen to the response to Smuggler. Same goes for motorcycle riders that choose to not wear a helmet. I could care less if they do or don’t but those that choose not to should sign a waiver saying they aren’t going to stick the rest of us with the cost to put their brains back together when they end up all over the street.

    • The problem with saying it ok for individuals to go without insurance with that the hospitals are still mandated to provide (essentially free) emergency care. Take that mandate away and we’ll see how many people want to risk signing that waver to go without insurance.

    • The motorcycle example doesn’t hold. If you do not wear a helmet most likely you will die = minimal healthcare cost. If you wear one you will likely live but get banged up pretty good, maybe paralyzed due spine problem = big health care cost. So if the goal is to minimize health care costs…

  2. Epic’s Test is mostly a logic test. I took it and although it felt like ACT / SAT time, it was good to make me and others carefully think about what we were doing. There is a cultural change management aspect to it. Our organization also profiled individuals for work behaviors, collaboration and management styles. Not so ironically, a number of individuals who were forced on to the Team but didn’t score well, couldn’t pass certification, weren’t productive and were moved on or self-selected out. The tests are a tool but they seem rather indicative. They aren’t 100% but the performance of our Team was better than that of many of our hires.

  3. Re: health insurance. We seem to be the only country left on earth still promoting a ‘market-based’ health care system, rather than accepting the Pope’s recommendation that healthcare is a right, not a privilege.

    • If the “rest of the world” is the example we should follow, then why does the “rest of the world” want to come to this country ?

  4. Hello Geniuses,

    Your virus attack is next to the level of God thing, so I don’t hesitate to call you people as Zeus. We all appreciate your hardwork and brainstorming involved in it. However, I would like to make a small request. Could you people please exclude healthcare industry and any other such industries that affect health and life of common people. I am unsure if our Nuance Healthcare Industry is really affected by your Ransonware or not or maybe by some other attack, but whatever it is and whoever it is, please help us out because there is really someone who needs our assistance ASAP.

    So, we really thank you from the bottom of our hearts in advance.

  5. Our organization is a long time Epic user. In order to achieve Good Install (credits) and/or Good Maintenance, (now called Epic Stars) credits you must maintain minimum staffing levels of Epic certified staff based on your application mix. I am not sure I agree with your statement that “most” Epic customers use Epic’s screening tools for hiring. None of the Epic organizations that I have been with have every used those tools. Although Epic does offer many tools, services, white papers and other resources that go well beyond what many other vendors offer, ultimately the implementation and staffing decisions belong to the organization. Many organizations are very successful with Epic and have not spent a fortune for that success. EHR implementations that are struggling do receive a great deal of mention. Successful sites don’t show up in the news very often but can always be found at user group meetings doing presentations.

    • Agreed. Been working with Epic for several years, in contact with several Epic clients and only recently heard of some screening test.
      Potentially, Epic only offers it to clients that beg for it. If the client uses that as a yes/no for hire then…?

  6. RE: App Orchard Clarification

    While I appreciate the clarity around the terms of the App Orchard, the easiest thing to do from a clarity standpoint would be to expose the complete parameters of the program on your website instead of hiding it behind a oblique signup form and selection process. To this date I still know vendors, many well respected in the digital health community, who have still not heard anything back from Epic. You can’t be surprised that people have resorted to conjecture when all you have given them is conjecture.

    I know that you probably wouldn’t like being compared to Allscripts, but they do this in a way that developers expect to engage with vendors. You can get access to the basic FHIR APIs with one legal agreement and access to APIs on a per request basis, tiered by the API. By signing two legal agreements, wholly accessible on the website, developers can have access to API documentation, pricing and EHR sandboxes in a wholly automated fashion. That’s how developers buy hosting and other SaaS solutions today.

  7. Nuance Outage: Our facility is impacted by both their transcription and cloud-based dictation outages. No ETA. Nuance staff are using personal e-mails and devices to communicate. We are in downtime procedures for physician documentation and are working on alternatives in the case of an extended outage. Other facilities have to be in the same state.

    • Same here. Our client services manager (who is normally a total sweetheart) has shut off her cell phone and her voice mail is full. I’m pretty sure everyone there in client services is on the verge of a nervous breakdown.

      We’re pushing our hospitalists to use online physician documentation. The specialists are documenting on paper and we’re scanning it.

      The oddest impact has been with cardiology services in radiology. We have a voice recognition system there that we have been trying to decommission because our radiology group implemented a different solution. The cardiologists have been writing out their reports for echos and nuclear stress tests in long hand, then the radiology director is dictating them into the voice recognition system. Then he copies & pastes them into the HIS where they are waiting to be signed by the cardiologists.

      All of the workarounds for this are labor intensive, and we assume that we’re looking at a minimum of a week for it.

Text Ads

Recent Comments

  1. You note that, "What they need is the same level of sick leave time that many other workers in the…

  2. Re: AR outsourcing at Epic - Getting billing under control after an implementation was always one of the pain points,…

  3. Wow, your Zoom/Teams/Skype skills must be better than mine! "She noted that she thinks relationships are deeper because there has…

  4. The Ars article is all opinion and fluff, yet curiously you do not indict any of the specific content of…


Founding Sponsors


Platinum Sponsors





















































Gold Sponsors










Sponsor Quick Links