Home » News » Currently Reading:

News 12/20/17

December 19, 2017 News 13 Comments

Top News


Medhost’s public website medhost.com was hacked Tuesday morning, according to a cyber intruder’s message that replaced the company’s usual home page content.

The hacker demanded 2 bitcoin ($37,000), threatening to otherwise “sell the patient data and do a media release regarding the lack of security in a HIPPA [sic] environment.” Medhost offers hosted financial and clinical systems, an emergency department system, a patient portal, and a health and wellness site.

The site had returned to normal by Tuesday afternoon with no acknowledgement of the previous problem on the site or on social media. A Medhost spokesperson did not return my call in which I asked for verification of the hacker’s claim that patient data was exposed.

UPDATE: shortly after the normal home page was restored late Tuesday afternoon, the site was apparently hit again with the “this website has been hacked” message restored.

UPDATE 2: Medhost CISO William Crank reports that the problem has been resolved and no information was compromised:

MEDHOST has full control of the domain, and the restoration of the domain and associated applications has been completed. Depending upon geographic location, sites may already have full access, but it is possible that the DNS restore process could take up to 24 hours to propagate the changes due to TTL. Intermittent application impact may be experienced by end users during that time. MEDHOST wants to reiterate that there is no indication that sensitive information was comprised and the incident didn’t extend beyond the redirection of the MEDHOST DNS to a static site with the message your article referenced. We strive to provide a robust and secure platform for our clients and continue to investigate this incident and its root cause.

Reader Comments


From Athenahealth: “Re: APIs. We have integrations with over 200 innovators and a developer community of 7,000, processing 700 million calls per month. Our single-instance, multi-tenant cloud platform allows a global integration model that allows immediate access to all partners for our clients – where innovators connect once and then are activated at clients with the flip of switch. We agree that talking numbers is interesting, but more so, let’s start to talk about API usability and the downstream impact of API calls.” It’s encouraging that Allscripts, Epic, and now Athenahealth have checked in with big API usage numbers. None of these are surprising – Allscripts (in the form of the acquired Eclipsys) pretty much defined the idea of inpatient systems with “hooks” as we called them in the old days, while Epic and Athenahealth stay current in deploying modern technologies and Athenahealth’s system is based on connectivity. I’m guessing Cerner has impressive numbers although I haven’t seen them.


From Event Attendee: “Re: John Halamka’s installation as Harvard Medical School’s inaugural International Healthcare Innovation Professor of Emergency Medicine. I had the distinct honor of attending and snapped a picture of a few notable CEOs in the room – Jonathan Bush (Athenahealth), Girish Navani (EClinicalWorks), and Hoda Sayed-Friel (Meditech). It’s remarkable that they spent the morning together honoring his lifetime of achievement.”


From Earth Shatterer: “Re: Epic. What exactly is Sonnet?” Sonnet is a streamlined, cheaper, faster-install subset of Epic’s full software suite being developed that will target small hospitals and physician groups, post-acute care facilities, and some international organizations. It will be released in March 2018. Sonnet was announced at HIMSS17 along with Utility, a fast installation program that gets customers live faster with fewer modifications. Epic says Utility implementations started in Q4 2017 (it’s now Epic’s most popular implementation method) and the first Utility-implemented customers will go live in 2018. Judy Faulkner chooses all Epic product names herself and they always contain a subtle reference, in this case with the word “sonnet” as translated from Italian as “little song.” Epic has tried similar rollouts in the past, twice in a partnership with Philips in the early 2000s and another attempt a few years later using the Sonnet name that may have failed because of newly mandated Meaningful Use requirements, but this one seems like a done deal.


From Who Else Remembers?: “Re: selection consultants having a conflict of interest. This is reminiscent of the late 1980s and early 1990s when Arthur Andersen was accused of a similar bias. Back then, the cozy relationship resulted in a string of predictable yet questionable wins for Gerber Alley and Statlan. Anderson would do the selection and inevitably be granted a large advisory and implementation role post award. Notably, Jay Toole and Andersen were crisscrossing the country espousing the virtues of a best-of-breed approach that needed lots of consulting help, for which Andersen was all to eager to offer the brave buyers of these footnotes in HIT history.” It’s a longstanding question of whether consulting firms that sell system services should be asked to help customers choose those same systems, at least without first recusing themselves from earning future business related to the selection. On the other hand, health systems can hire whoever they want and are presumably acting in their best interest. You mentioned Jay Toole, and in tracking him down, I learned that Dearborn Advisors filed Chapter 7 bankruptcy and apparently closed earlier this year. For more about Gerber Alley, see Vince’s HIS-tory.

From Fanny Pacque: “Re: vendor underbidding. Epic underbids (probably to their advantage) relative to their competitors. Implementation services, additional software, etc. always come later and require direct third-party engagement. This is the tick-tock on how you get to projects that go 2-3x over budget. Example: San Francisco Department of Public Health, which is a few months out from choosing Epic and they’re already bidding out voice recognition software, revenue cycle implementation, HIM, and patient outreach. You can see why Allscripts, Cerner, and others might suggest increased transparency on this topic since they provide fully loaded proposals.” San Francisco DPH’s several Epic-related RFPs are here (on the right side of the page as part of RFP 47-2017). I would think a prospect would know to compare apples to apples in choosing a vendor, but sometimes they get so mentally locked in to their favored vendor that they don’t dig deep enough and/or their lack of EHR selection experience makes them unsuited to detect contract land mines.

HIStalk Announcements and Requests

image image

The efficiency of DonorsChoose is always impressive to see – we funded the teacher grant request of Mrs. A in Michigan on December 10 and her students are already using the STEM kits and experiment books we provided just nine days later, as evidenced by the photos above. She reports, “My students and I are so elated that this project was funded. The excitement they showed when we unwrapped the science kits was unprecedented! I wanted to thank you again for your very generous donation. The students are now able to take science out of the science classroom and bring it in to their homes. Not only have you allowed the students to experience science phenomena, you have also allowed their families to as well! Many of my students and their families do not have access to the items that will enable them to perform these experiments and now they do! You have truly helped to create lifelong memories.”


Welcome to new HIStalk Platinum Sponsor Ellkay, which brilliantly taglines itself as “Healthcare Data Plumbers.” The Elmwood Park, NJ-based company enables interoperability, providing a data pipeline for 45,000 practices and 500 PM/EHRs and connecting hospitals, practices, labs, payers, HIEs, and ACOs using almost any system. Products include connectivity for diagnostic labs; PM/EHR integration and data migration, lab orders and results interfaces; and ACO/HIE connectivity solutions. Its CareEvolve portal and interfaces provide clinical workflow support between laboratories and the point of care, while hundreds of hospitals have used Ellkay’s data extraction, conversion, and archiving services to decommission legacy systems. Black Book included Ellkay on its list of 2017’s most disruptive health IT companies that have top customer satisfaction scores. The company’s “Our Story” page is the most entertaining and fascinating backgrounder I’ve seen and the story about why they installed beehives on the company roof roped me in completely. Thanks to Ellkay for supporting HIStalk and for entertaining and informing me with an unusually cool website.


None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre for information.

Acquisitions, Funding, Business, and Stock


High-profile Silicon Valley investor Bill Gurley – an early Uber backer whose startup Brighter was just acquired by Cigna – launches Stitch Health, a Slack-like care team coordination and patient engagement platform. The Connect team communication system costs from $6 to $18 per user per month depending on features. Stitch CEO and co-founder Bharat Kilaru is a 2015 Harvard MBA graduate and ran a Nashville clinic for the underserved until 2013.


Pittsburgh-based specialized outpatient clinical documentation vendor Net Health will be acquired by two private equity firms and the company’s management team.


Humana and two private equity firms will acquire home health and long-term care operator Kindred Healthcare for $4 billion, continuing the trend of insurers moving into direct patient care.


A New York Times review of proposed health system mega-mergers contains some interesting quotes:

  • “Hospital executives are realizing that someone else, including an insurance company employing the nurse at a walk-in clinic or the doctor at a surgery center, wants to take over their relationship with patients — and the potential revenue that those patients represent.”
  • “But many point to the promises of past mergers as reason to doubt whether the hospital mergers allow much more than an ability to demand higher prices from insurers. After the last wave of mergers that took place a few years ago, the hospitals didn’t use that opportunity to bring their costs down.”
  • “The challenge cannot be underestimated in asking these massive institutions to come together and change into something radically different. You’re taking a zebra and a zebra … what they want to become is a unicorn.”


Silicon Valley, meet Bubble 2.0: SoftBank will invest up to $300 million in a dog-walking app vendor that has already raised $40 million.



Mercy Health chooses PatientPing for real-time patient care coordination.



Recondo Technology hires Craig Niemiec (AxisPoint Health) as CFO.


Patrick Neil Mescall, PhD (Businessolver) joins VirtualHealth as SVP of channel development.


Former National Coordinator Karen De Salvo, MD, MPH, MSC joins Dell Medical School at the University of Texas at Austin as a professor, with appointments in internal medicine and population health.

Announcements and Implementations

A survey of a few dozen hospital CIOs finds that the biggest jump in deployed mobile strategy components over the next three years will be in critical test result alerts, clinical decision support alerts, and care team assignments. Respondents also indicated that their investment in communications technologies will be slightly more driven by system integration capabilities than by end user needs.

I’ve never heard of CHIME’s 2014 spinoffs AEHIS, AEHIT, and AEHIA – which seem to have been created primarily to help CHIME to lasso new dues-paying members who don’t meet the job qualifications to join CHIME since they aren’t CIOs (security executives, CTOs, and application leaders, respectively) – but for those CHIME members who are interested, they’re waiving dues for 2018. I don’t quite understand why a prominently posted press release on the site of AEHIS (that’s the security group) is “Fujifilm Captures New Customers for its Synapse Enterprise Imaging Solutions,” but then again I don’t usually like providers and vendors sharing an association-provided membership bed even when a logical connection exists. As readers have observed, CHIME is mimicking HIMSS in seemingly trying to get bigger, more vendor-friendly, and more executive-compensating, but its members are apparently OK with that and that’s all that counts.

Government and Politics

Americans say healthcare is the country’s second-biggest problem behind the government, Gallup finds. Healthcare hasn’t been one of the top two problems since 2007, when it finished a distance second to Iraq.

Privacy and Security


White House Homeland Security Advisor Tom Bossert says in a Wall Street Journal op-ed piece that North Korea launched the WannaCry malware attack earlier this year that hit hospitals hard, adding, “Pyongyang will be held accountable.”

A Black Book survey finds that 84 percent of healthcare provider organizations don’t have a chief information security officer, 54 percent don’t conduct cybersecurity risk assessments, and 39 percent don’t perform regular firewall penetration testing. The survey also finds that few boards of directors actively discuss cybersecurity.

Yet another exercise proves that de-identifying patient data doesn’t really work, as a university in Australia (as several have done) matches up a publicly released Australia Medicare database and re-identifies patients by linking their information to other publicly available databases. The Australian government is considering laws that would make re-identifying government data illegal, which is an interesting (and not in a good way) approach.



A reader whose company has nothing to do with healthcare consulting was surprised to have it shortlisted among the “Top 10 Healthcare Consulting Firms 2018,” which comes with a (free) certificate and (not free) interview reprint rights from a magazine called Enterprise Services Outlook. The magazine shares a telephone number and street address with shady magazines (CIO Review and Healthcare Tech Outlook) published by Bangalore-based marketing firm SiliconIndia. I’ve previously noted the hilarious misspelling of HIPAA on the cover of Healthcare Tech Outlook and the fact that its covers always feature males. It has published an article by UC Health CIO Steve Hess (which also appeared word for word in Becker’s Hospital Review under a different UC Health author’s name) and by other health system CIOs like Marc Probst and Dan Waltz who probably don’t even realize who they’re writing for. The magazine invites readers who “skimp” [sic] its questionable vanity content to join its august roster of contributors.


Jenn ran this fun item on HIStalk Practice: an Australian nurse becomes his own patient when he begins experiencing chest pains while manning a telemedicine clinic in the remote area of Coral Bay. After calling an ambulance and prepping his own epinephrine and shock pads, he called in to a physician in Perth using the Emergency Telehealth Service. Bea Scichitano, MD was on her first ER shift when she took the video call. “I think it probably took me a few seconds to cotton on to the fact that he was the nurse and the patient at the same time,” she said, “so that was a bit of a shock.”


Moxe Health founder and CEO Dan Wilson reads “’Twas the Night Before Go-Live,” an HIT-focused song parody written by Jay Rath. Jay fascinates me because in addition to having spent time with Epic, he’s a former staffer at “The Onion,” a contributor to “Mad” magazine, and has a broad background in theater and radio comedy.


Wendy from Bellin Health (WI) sent a photo of the Epic Willow team’s holiday-decorated cubicle area in the IT department that creatively adds a fireplace inside and a welcome mat out front. The coats inside prompted me to check Green Bay’s weather forecast – Tuesday was to be sunny with a relatively balmy high of 40 degrees and a low of 11, but Christmas will be biting as temps struggle to rise to zero (Fahrenheit, just to be clear).

Sponsor Updates

  • The InstaMed team delivers over 900 presents to the Children’s Hospital of Philadelphia.
  • Definitive Healthcare adds visual dashboards to its hospital and provider databases.
  • Elsevier Clinical Solutions publishes a new white paper, “Build or Buy: Considerations when adding a new Clinical Decision Support System.”
  • FormFast publishes a new case study, “East Alabama Medical Center Saves Time and Cuts Costs with FormFast’s Leading Form Design Technology & Services.”
  • Healthfinch publishes a new case study featuring Valley Medical Group.
  • Data analytics from Arcadia Healthcare Solutions supports a New York Times skin cancer investigation.
  • T-System President and CEO is recognized at D CEO’s “Excellence in Healthcare” awards program.
  • Besler Consulting releases a new podcast, “Perspectives on the Alex Azar nomination for HHS Secretary.”
  • Mphasis Eldorado and Change Healthcare expand their partnership to include integration between Javelina and Change Healthcare’s payment integrity services.

Blog Posts


Mr. H, Lorre, Jenn, Dr. Jayne, Lt. Dan.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "13 comments" on this Article:

  1. In my experience over multiple EHR purchases, Epic has been very transparent about what they cover and what they don’t. It does place a burden on the purchaser to estimate the cost of filling in the gaps to get a true total cost of ownership. That said, anyone who can’t figure this out is already in way over their heads and will likely screw up something big regardless of which vendor they choose.

  2. Re: CHIME – it isn’t what it used to be. And not in a good way. I think your perspective is correct. They are becoming more and more interested in driving revenue instead of enhancing the membership experience. So much so, as a long standing member and former board member, I don’t participate like I used to. Most of the time, not at all. It is turning into a mini-HIMSS and that is not good for anyone.

  3. Fanny Pacque – It is your lucky day, tis-the-season, I give you the gift of knowledge:

    Lesson 1: Since the early 2000’s, Epic has provided potential customers with a list of third party software that the customer needs to license. If the customer chooses to use a third party vendor that Epic has little or no integration experience, Epic notifies the customer of the risk. The customer is directed to include third party software costs in their Total Cost calculation. Epic even provides preferred contact information for these third party vendors.

    Lesson 2: For supporting infrastructure software, Epic conducts an in-depth technical overview, typically for one’s I.T. staff that covers all technologies included like Cache and KB SQL. They further cover the other hardware and software required like SQL Server, Citrix, VMWare, the recommended transaction processing platform like AIX or Linux, and the recommended SAN configuration. This session can go anywhere from four to eight hours in order to review a potential customer’s standards, to answer questions, and to discuss any concerns. Amazingly, this session is attended by others from the Epic Team so that they better understand the customer. Also, the information is shared among those participating in the sales process.

    Lesson 3: Epic also clearly notes the applications that are and are not in their portfolio. Applications like Radiation Oncology, 340b, PACS/VNA, and the like. Practically, this is done to validate a client has accounted for each interface they require and the complexity of the interface. Once again, this information is provided to the client so that their Total Cost Calculation is accurate. Epic goes one step further and clearly covers the scope and implementation sequence as that also can impact a Total Cost calculation. I have yet to see them forget to cover major costs like remote hosting fees or subscription licenses for a population health application (just sayin’).

    Lesson 4: Epic clearly notes the numbers of individuals needed for a Project Team. Customers need to evaluate the abilities of their staff and adjust accordingly. Epic recommends that the Project Team is not staffed by more than 50% third party resources. Epic positions their customers to be able to support themselves and to understand the ramifications of their decisions.

    Bonus Tips for Potential Customers: From my 25+ years of experience, it is advisable for anyone implementing an EHR or Revenue Cycle system to have a discussion with other recent customers about lessons learned. This should include what they would have done differently and where they over or under-estimated scope, resourcing, schedule or budget. I recommend using an independent review of the Total Cost calculation and to review risks.

    Perhaps we all can learn from each other and continue to improve?

    • Miss_Information – I’ll never forget that time Epic told me I was not allowed to talk to other Epic clients without them present.

      • That hasn’t happened to me. That is unfortunate. I have had situations where they have asked to be included given unique circumstances with both customers. By sharing we learn

  4. Hi Mr. HIStalk:

    Any comments on the proposed banned words for the U.S. Centers for Disease Control and Prevention (CDC) budget? This isn’t exactly HIT; however, conflicting sources and resources are making it difficult to understand what is real and what is fake.

    • I can’t add any value to that topic. “Banned” is a strong and all-inclusive word that may or may not apply here, depending on what you read.

      Interestingly, the public is more outraged on the “banned words” issue than the CDC’s actual funding request in which those words were prohibited (apparently other administrations have similarly produced a style guide that includes terminology and many other standardizations just for consistency).

  5. “Who else remembers’ – Steve Rushing was the the Anderson partner I had to deal with in Atlanta while at SMS. We were 0-11 in new business opportunities when Anderson was involved. Decisions primarily went to Gerber or Statlan. SMS was involved in a significant renewal at Hamilton Medical Center, Dalton, GA and the Regional Manager called out the Anderson bias to Hamilton leadership and Anderson was replaced. It was a gutsy move but needed to be done!! It didn’t change much in Anderson’s approach even when Gerber and Statlan tanked. Anderson leached on the next new and shiny vendor. Sad we let that happen in our industry!!

Founding Sponsors


Platinum Sponsors




















































Gold Sponsors












Reader Comments

  • Bob Smith: Sault Ste. Marie...
  • DrChiefHustler: Dr Jayne.....I have always loved your blog and I read it everyday.....but I will fight you over Dr Mostashari! :). He's...
  • IANAL: That ideas thing isn't just a Cerner problem. The last five years on Epic's ideas site there has been this simple thing ...
  • John: Nice to finally see a well thought out COVID federal response plan. But sadly makes me wonder: where might we be today i...
  • Brian Too: Just don't get one of those "synthetic leather" chairs. I got one, against my better judgement I'll admit. It was su...

Sponsor Quick Links