"HHS OIG rates HHS’s information security program as “not effective” in its annual review, the same rating it gave HHS…
News 12/22/17
Top News
Despite appearances, Medhost wasn’t hacked this week, the company says. The cyber intruder penetrated Medhost’s domain registrar (not its actual server or site) and then redirected visitors to a new webpage claiming he or she had stolen patient data. The company did a nice job explaining what happened and getting the site restored as quickly as the propagation of the restored DNS allowed.
Lesson learned for anyone running a website: use a complex domain registrar account password and turn on two-factor authentication if they offer it. I changed mine this morning.
Webinars
None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre for information.
Acquisitions, Funding, Business, and Stock
Silicon Valley, meet Bubble 2.0 (and possibly the need for SEC Oversight Part Zillion): the juice manufacturer behind Long Island Iced Tea changes its name to Long Blockchain Corp. even though it admits that it is only beginning to look at blockchain with the vague idea that it might be something cool. The news sent micro-cap shares soaring 200 percent.
A previously dismissed shareholder rights law firm’s securities class action lawsuit against Quality Systems, Inc. is reversed on appeal, with the law firm claiming that Quality Systems/NextGen touted increasing revenue through February 2012, at which time the CEO sold his shares at a high price just before the company lowered guidance and reported lower net income. Above is the QSII share price chart from January 2012 through today, with QSII (dark blue, down 65 percent) vs. the Nasdaq (light blue, up 147 percent).
Sales
USF Health (FL) chooses Kyruus to help its access center match patients to providers.
People
Nordic promotes Michelle Lichte to EVP of client partnerships.
Gary Gartner, MD, MS (Allscripts) joins NextGen Healthcare as VP of clinical solutions.
Announcements and Implementations
A new KLAS report looks at healthcare management consulting (click the graphic to enlarge).The most-trusted partners of respondents in each consulting firm category (cross-industry, healthcare-specific, focused healthcare-specific) were Deloitte, Premier, and Optum. KLAS hasn’t sent me any report announcements since early 2014, so in checking their site to see how the company has grown, I note that it lists 12 executives and a 24-employee research team.
Government and Politics
A newly submitted House bill would allow clearinghouses to sell patient data in a reincarnation of previous bills that were suggested by lobbyists for Experian, The SSI Group, and Availity. Clearinghouses would not be considered HIPAA business associates or covered entities, and like providers that can use patient data without individual consent under the nebulous umbrella of treatment, payment, and operations, would not be required to seek authorization from patients and would be allowed to charge patients for providing copies of their own data. Unlike providers, they would also be allowed to sell data. Hat tip to Politico for turning this up.
The just-passed tax law will affect non-profits that include health systems, hitting them with a 21 percent excise tax on each salary of $1 million or more among their five highest-compensated employees who don’t provide medical services. Also affected will be universities (because of their highly paid presidents and sports coaches) and religious organizations. Given historical health system indifference to high salaries and the enforceability of existing employment contracts, the most likely outcome is that they will just figure out how to bill insurers and patients more to cover their new cost of doing business.
Privacy and Security
Fortified Health Security’s 2018 cybersecurity report finds that nearly all of its web and network penetration tests allowed access to patient information, while 33 percent of systems could be compromised due to incorrectly configured Citrix, VMware Horizon, and SSL VPNs. A rather shocking 72 percent of networks tested were at risk because of weak passwords. It recommends that organizations:
- Maintain and enforce security policies and procedures.
- Keep an updated inventory of devices that store, process, or transmit electronic PHI.
- Use strong security engineering when rolling out remote access solutions and web applications that store patient information in a SQL database.
- Enforce creation of strong passwords.
- Consider implementing systems data loss prevention, security incident event monitoring, and intrusion detection.
- Encrypt data at rest.
- Don’t get indifferent about patch management even though it’s a never-ending slog.
Technology
Wired magazine covers CareCoach, a $200 per month human-powered, tablet-presented simulated pet avatar that monitors high-need and elderly patients by checking in, offering medication reminders, and providing a bonding experience. It’s a good idea, although the avatar’s synthesized voice and inherent processing delays are hard to overlook.
Apple finally admits what many IPhone users have suspected – iOS intentionally slows down older iPhones. Not to sell users a newer model, but to prevent the old phones from shutting down because of deteriorating battery capacity. The takeaway: consider replacing your battery to speed your phone back up instead of spending $1,000 on a replacement.
Bloomberg reports that Apple is developing electrocardiogram capability for its Watch in which wearers will touch two fingers from the opposite hand on the watch’s frame, possibly helping detect arrhythmias. Apple is behind since AliveCor’s Kardiaband add-on band for the Apple Watch is already FDA approved to capture EKGs.
Twitter continues to kill off its only virtue — mandatory brevity — by allowing its users to stitch together a string of tweets. I haven’t seen proportionately more user brilliance in the expansion of the 140-character limit to 280, no different when people who just couldn’t bear to edit their magnificent thoughts started attaching pictures of words that would not have fit otherwise.
Other
Sixty-three thousand drug overdose deaths in 2016 caused US life expectancy to drop for the second year in a row, the first time that has happened since the early 1960s.
A cafeteria worker at Advocate Trinity Hospital (IL) who says “you don’t have to wait until you get rich to help others” spends $5,000 to buy toys for pediatric patients at Advocate Children’s Hospital. In this tenth year of her project, she will donate half the toys to children in Puerto Rico.
Dilbert, like “The Simpsons,” somehow remains relevant and edgy after many years.
Sponsor Updates
- Protenus publishes its November Breach Barometer.
- Liaison Technologies rolls out a single user interface for access to its Alloy integration and data management platform.
- HealthLoop will integrate its automated care plans and check-ins with patient activity and behavior analytics from Sherbit.
- A new release of Harris Healthcare’s Novus Meds medication reconciliation application offers mobile physician access and embedded drug knowledge, developed with Hunterdon Medical Center (NJ)
- CloudWave employees collect toys for United Way.
- Conduent will open a global technology and innovation hub in Raleigh, NC.
- LogicStream Health publishes a new case study featuring Tampa General Hospital, “Decreasing C.diff Rates Through Appropriate Testing with a Clinical Process Improvement software platform.”
- Mazars USA will donate $100,000 in 2018 to nine charities that will work to fight hunger.
Blog Posts
- InterSystems Healthcare Leadership Conference: Sun, sand and the future of health IT (InterSystems)
- Gunnison Valley Health Significantly Improves Revenue Cycle Time with ABILITY | EASE All-Payer (Ability Network)
- How Will the CVS-Aetna Merger Transform the Patient Care Landscape? (Redox)
- A Data-Inspired Future? You’re Looking at It (Liaison Technologies)
- In Mammography, History Matters (LifeImage)
- How providers can bridge care gaps caused by social determinants of health (Meditech)
- The Relationship between Artificial Intelligence and Healthcare: Why It’s Complicated and Why Robot Doctors Aren’t Our Future (Medicomp Systems)
- Is Your Revenue Cycle Ready for the New Year? (Navicure)
- 3 solutions to easily comply with shifting healthcare laws and regulations (Experian Health)
- Healthcare IT Trends to Watch in 2018 (PokitDok)
- How Will the CVS-Aetna Merger Transform the Patient Care Landscape? (Redox)
- Spread Holiday Cheer with These 6 Salesforce Carols (Salesforce)
- Two Bundled Payment Models Recalled by CMS, Others Still in Effect (The SSI Group)
- Save 15 Hours of Phone Time Each Week (Solutionreach)
- Quality improvement: more than just HEDIS (Verscend Technologies)
- Here’s to a happy, health New Year! (Voalte)
- The power of effective clinical communication (Vocera)
- 13 Benefits of a Pilot Project Before Buying (West Corp.)
Contacts
Mr. H, Lorre, Jenn, Dr. Jayne, Lt. Dan.
Get HIStalk updates. Send news or rumors.
Contact us.
I may just be responding to the odd way you worded it and this isn’t what you meant, but providers aren’t able to sell patient data under HIPAA, there’d be no clinical or billing justification to do that. That bill would give clearinghouses the unique ability to sell that data.
Thanks. My sentence wasn’t worded too well, so I cleaned it up for clarity. I’m impressed that you read the post within a couple of minutes of it going up, even before the email and social media notification!.
So, I assume clearing houses would be able to sell my name, address, ICD-10 codes, Rx info and insurance ID?
Can someone please clarify.
Thanks.
Based on my read of the bill (https://www.congress.gov/115/bills/hr4613/BILLS-115hr4613ih.pdf), I think the key change is that clearinghouses can aggregate data about specific patients over time and create their data repositories, rather than just seeing a bunch of individual transactions. They can use that data for additional uses, like clinical trials recruitment and providing patients access to their collected data. The concern is that they’ll also be able to start selling longitudinal data sets of patients that are more at risk of reidentification, since that’s as hard as a high school math project at this point, and also open up places for data breaches.
Essentially, this opens up new potential revenue streams for clearinghouses. I think providers are not going to be happy about it, though, not because it affects their revenue, but if the clearinghouse a provider uses has a data breach, even though the clearinghouse is legally responsible because they’re now all Covered Entities, the PR hit is going to be against the provider.
Shame on you Apple. I’m gonna waste your time at the Genius Bar complaining about my much loved 5 SE
Re: Blockchain/tech bubble. I’m watching bitcoin tumble with schadenfreude. Every armchair investor wants to hit a home run, often on borrowed money. How about you try to hit for singles and doubles for a while?
I’m kind of giggling up my sleeve at that a little, but I also remember back when it was around $100 I thought about buying a few just to see what happened, and then promptly forgot to do so, and now I feel kind of dumb…
If you think blockchain is a bubble you are sorely mistaken, and clearly have no understanding of what is going on. Now bitcoin and all the other cryptocurrencies are one thing…and may surely be in a bubble, but blockchain is simply the underlying technology that creates unique non replicateable digital items.
That concept is something that can be applied across industries. I mean in healthcare alone, a blockchain backed single master patient index would allow for the first truly “patient centric” system where all patient data can actually exist in a single spot, reliably, and across vendors/instances.
The number one thing around bitcoin is not so much what it is from a tangible perspective, but what it represents. Decentralized currency from a philosophical perspective has huge implications. Even further simply the idea of being able to create something digitally that cannot be copied will change the way see interact with the digital realm.
If there is a bubble (there definitely is in the cryptocurrency market) it is simply because of over investing in cryptocurrencies, not because of blockchain technology. But yet again, I think you are failing to see the practical applications that may stabilize the market.
For example, Perkscoin is another type of ecurrency. Because of the discrepancy with federal law and state law, many marijuana companies are unable to use traditional banking methods. They are turning to perkscoin as a way to hold their money as opposed to U.S. dollars. A U.S. dollar is just a promise of value, ecurrency holds the EXACT same power on a physical level. The only reason it is not widely adopted is because of a lack of buy in and consumer confidence. That promise of value holds less weight. If you get major companies and organizations such as the marijuana industry, which is looking like the next gold rush in the U.S., adopting and putting confidence into ecurrency you will see more widespread adoption, and less of this “bubble” feel.
Long story short, invest in ecurrency now. Don’t pour your life savings into it, but get in early, and dabble in some secondary currency markets. Bitcoin is expensive, other cryptocurrencies are more accesible.
As a blockchain know nothing, my understanding of the failings of the blockchain technology are transaction speeds, cost per transaction, limited transaction data capacity and dependence on “miners” to recalculate all transactions into a new blockchain. The advantage of independence from central authority and difficulty of corrupting the transaction records are important, but hard to balance against the negatives.
Apparently you can only do 7 transactions per second compared with orders of magnitude faster traditional speeds, each transaction costs $.20 and contains only 80 bytes of date. It is hard to see this speeding up to compete with traditional methods and create a new widespread stable monetary system or other data recording system. The recent wild fluctuations in price are another axis of instability.
Would love to hear someone who actually understands the technology discuss these factors.
A company changed their name, made a press announcement, and their stock price doubled. Call me when someone has actually implemented a practical application of blockchain at a company that makes money. That would be the investment worth making. Cryptocurrencies are an okay investment strategy if you’re willing to put your money away for years – you should consider it a store of value rather than a currency proper given the high trading fees.
This is almost exactly like the dotcom bubble where people were investing in the “concept” rather than actual results. The practical internet innovations that impacted day to day life came long after the dotcom crash. Right now we’re in 1999. Blockchain will probably become ubiquitous as a technology in the next decade – but not this year or next.
The posting of the Apple story on how they slow down performance on older phones just saved me $1000 for now. I went out and got a new battery for $60 and my 6s is like new again.