Home » News » Currently Reading:

News 1/17/18

January 16, 2018 News 21 Comments

Top News


Hancock Health (IN) pays a hacker’s demanded four bitcoin in ransom – worth $55,000 at the time of payment — to regain access to its systems. The health system’s CEO says it made business sense to pay the hacker instead of taking weeks to recover its systems.

Once paid, the hackers restored the hijacked files within two hours, allowing the health system to bring its systems back up Monday after four days’ of downtime.

Hancock Health says the hacker penetrated its systems via its remote access portal — using the login credentials of one of the health system’s vendors — to manually deploy the SamSam ransomware. That same malware took down Erie County Medical Center (NY) in May 2017 and Hollywood Presbyterian Medical Center (CA) in early 2016, both of which also paid the ransom.

Hancock Health  did not mention the attack on its website or social media until after it had recovered its systems, with the announcement saying nothing about paying ransom. The explanation is ironically positioned on its website right above the hospital’s press release touting its award for “Most Wired.”

Reader Comments

From Watcher of the Skies: “Re: tax reform’s pass-through provision. I’m wondering if more health IT consultants are setting up shop as independent contractors rather than consulting firm employees?” Readers, please weigh in. The tax bill slashed corporate tax rates from a maximum of 39 percent to a flat 21 percent. Congress then added the pass-through tax to provide similar benefits to small businesses such as sole proprietorships, partnerships, LLCs, and S-corporations, giving high earners who pay individual tax rates of up to nearly 40 percent an incentive to pass that income through a lower-taxed business entity they control. 

HIStalk Announcements and Requests


You can join my Rolodex if you’re willing to provide occasional reaction to news items and to give me ideas about things I should write about. I won’t spam you and I’ll use whatever method of communication you prefer. Example: suppose the VA announces something about Cerner – I would go to my Rolodex to see who might knowledgably comment (anonymously or not) for my write-up. Thanks.


January 24 (Wednesday) 1:00 ET: “Location, Location, Location: How to Deploy RTLS Asset Management for Capital Savings.” Sponsor: Versus Technology. Presenter: Doug Duvall, solution architect, Versus Technology. Misplaced or sub-optimally deployed medical equipment delays patient care and hampers safety-mandated preventive maintenance. It also forces hospitals to buy more equipment despite an average utilization that may be as low as 30 percent, misdirecting precious capital dollars that could be better spent on more strategic projects. A real-time locating system (RTLS) cannot only track asset location, but also help ensure that equipment is properly distributed to the right place at the right time. This webinar will provide insight into the evaluation, selection, and benefits of an RTLS-powered asset management solution.

February 13 (Tuesday) 1:00 ET. “Beyond Sliding Scale: Closing the Gap Between Current and Optimal Glycemic Management Practices.” Sponsor: Monarch Medical Technologies. Presenter: Laurel Fuqua, BSN, MSN, EVP/chief clinical officer, Monarch Medical Technologies. The glycemic management practices of many hospitals and physician staff differ from what is overwhelmingly recommended by experts and relevant specialty societies. As a result, they are missing an opportunity to improve the quality, safety, and cost of care for their patients with diabetes and hyperglycemia, which commonly represent more than 25 percent of their inpatient population. Hospitals that transition from sliding-scale insulin regimens to consistent use of basal / bolus / correction protocols are seeing reductions in hyperglycemia, hypoglycemia, and costs. Making this shift more effective and efficient is the use of computerized insulin-dosing algorithms that can support dedicated staff using a systematic approach.

Previous webinars are on our YouTube channel. Contact Lorre for information.

Acquisitions, Funding, Business, and Stock

Nordic acquires the revenue cycle transformation practice of The Claro Group. which says it will refocus on its core businesses of disputes, claims, and investigations.



Mon Health (WV) hires Mark Gilliam (Owensboro Health) as CIO.


Sam Adams (Image Stream Medical) joins Patientco as chief growth officer.


FormFast hires Art Nicholas (NoteSwift) as chief revenue officer.

Announcements and Implementations

EHNAC releases its 2018 accreditation criteria for electronic data exchange.

In China, Amcare Women’s & Children’s Hospital’s Wanliu Campus goes live on InterSystems TrakCare.

Government and Politics

Politico says the DoD is placing its MHS Genesis Cerner project on hold for eight weeks because of a large number of open problem tickets and doctor complaints about poor workflows that those doctors say were copied directly from fellow Cerner customer Intermountain Healthcare. I don’t understand Politico’s statement, however, that further installations won’t go forward until fall – the DoD’s project plan had already called for no further implementation beyond the four initial sites until late 2018 pending completion of the required independent review of cost and suitability.


Gallup finds that 2017’s 1.3 percent increase in the number of uninsured Americans is the largest single-year jump since it starting tracking the number in 2008. The number, now at 12.2 percent, peaked at nearly 18 percent in January 2014 just before the ACA’s individual mandate and Medicare expansion took effect. Subgroups with the highest rate of uninsured include Hispanics, people in households with incomes under $36,000, and those aged 26-34. The percentage of people who bought their own insurance plans – such as through exchanges – dropped 1 percentage point in the past year, the first time that number has gone down since the ACA was enacted.



The CEO of Fairview Health Services (MN) tells a healthcare CEO panel that Epic is an “impediment to innovation” and calls for customers to “march on Madison.” The Twin Cities business paper quotes James Hereford as saying,

I will submit that one of the biggest impediments to innovation in healthcare is Epic, because the way that Epic thinks about their [intellectual property] and the IP of others that develop on that platform. There are literally billions of dollars in the Silicon Valley chasing innovation in healthcare, and yet Epic has architected an organization that has its belief that all good ideas are from Madison, Wisconsin. And on the off chance that one of us think of a good idea, it’s still owned by Madison, Wisconsin … There is an opportunity for us to go to Epic and say, look, you have to open up this platform. It’s for our benefit in terms of having an innovative platform where all these bright, amazing entrepreneurs can actually have access to what is essentially 80 percent of the US population that is cared for within an Epic environment. I would love for us to get together to see how we march on Madison.

Amazon posts a job for HIPAA Compliance Lead for “a new initiative,” listing among its preferred qualifications experience with FDA’s medical device approval process.


Coalinga State Hospital (CA) – a 1,500-bed, state-run psychiatric hospital for repeat sexual offenders who are receiving extended treatment — goes on lockdown when inmates riot following the hospital’s ban on electronic devices that can play media from sources other than commercially produced CDs and DVDs.


Fans watching the dramatic finish of Sunday’s Saints-Vikings football playoff game say their Apple Watches warned them they might be having heart attacks. Previous studies have proven that rabid fans, especially those with coronary artery disease, are more likely to have heart attacks when game intensity hikes their pulse rates by as much as 100 percent. Maybe people who are bored by watching sports should tune them in to lower their pulse and BP as they nod off in front of the TV.

Sega announces Two Point Hospital — a hospital management simulation game from the creators of 1997’s Theme Hospital — with a funny, infomercial-like video teaser.

Sponsor Updates

  • Audacious Inquiry will exhibit at the DVHIMSS Winter Symposium January 18 in Philadelphia.
  • Besler and Culbert Healthcare Solutions will exhibit at the MA/RI HFMA Revenue Cycle Conference January 18-19 in Foxborough, MA.
  • Iatric Systems will exhibit at the HCCA Charlotte Regional Conference January 19 in North Carolina.
  • InstaMed will exhibit at the MA/RI Chapter HFMA Revenue Cycle Conference January 18-19 in Foxborough, MA.

Blog Posts


Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "21 comments" on this Article:

  1. Jame’s assertion that Madison (Epic) owns every good idea in healthcare is insane.

    Epic doesn’t assert ownership over any the apps on their App Orchard or the hundreds and hundreds of third party apps that work with Epic. Their model is just like Apple.

    And, if there are literally billions of dollars and so many smart people in Silicon Valley, why didn’t they solve healthcare automation in a hugely, bigly amazingly way by now? They’ve had that money and those smart people for a while. How did a podunk outfit out of Madison Wisconsin get the drop on all of them? Good thing they haven’t found Kansas City yet.

    Give us a break James. What specific innovation do you feel is being impeded? And, how does that compare to the innovation that is being enabled and fostered by the thriving community of third party developers and products around the Epic orbit?

    • Epic’s model does assert the ability to use any IP in App Orchard without compensation or limitation, it’s why the few vendors I’ve spoken to are hesitant to use it. The only reason that they’re considering it is because Epic has a stranglehold on their customers. That atmosphere isn’t really innovation-encouraging.

      The most recent Epic trick I heard is that, now that Epic is requiring every customer to move to quarterly updates instead of the annual one, and to stay up-to-date, smaller sites are swamped with change management. Many have outsourced their test environments to be hosted by Epic. Do you know the only way an external vendor can get installed in one of those test environments? Be part of App Orchard.

      Also, comparing them to Apple’s model misses a key point – Apple makes their money off of hardware, while Epic is a software company. Apple has taken IP from some of their app developers to incorporate into their OS, but they understood early on that a robust app store supports their hardware more than they ever could, so they’ve been judicious in taking IP. Epic has no such limitations, and since they make their money by selling software, it makes sense that they would take whatever suits them, the same way they’ve been reselling their customers’ innovations to other customers for years.

      A cynical view of all this is that Epic set up App Orchard to be able to say “see, we’re open!”, exactly like they did in response to this article, while at the same time getting access to all the IP of every vendor selling based off of Epic’s product and pick and choose what they want to use. It’s no secret that they haven’t been happy with others “standing on their shoulders”, and they went after the consultants a few years ago and now developers. Ayn Rand would be proud.

      • To claim that Apple is a hardware company and not a software company is quite odd. Without their software, Apple’s hardware would hardly sell…

      • Even though Apple could take IP directly from the Apple ecosystem developers, their usual model is to just buy the companies. Same is true for Google and Microsoft. The big guys get the IP in the end, but developers get an exit strategy. Because of Epic’s stance against acquiring, that option isn’t available to Orchard developers. I would be hesitant, too.

        • Great point Bob. Cerner and Epic are both organic companies that value a “one big honking system” approach to things. Acquisitions that have point of care innovation just won’t happened with these vendors. Thus the entire industry is waiting on roughly a few thousand engineers for real innovation, of which most are working on compliance, stability, and maintainence, etc.

          Since the physician at the point of care drive 80% of the healthcare spend, point of care innovation and CDS is a must. Based off point above, I would say innovation is nearly non-existent.

      • “The most recent Epic trick I heard is that, now that Epic is requiring every customer to move to quarterly updates instead of the annual one”

        Found the guy who knows nothing about the pace of change in modern enterprise IT. I wouldn’t call regular patching a “trick”. Ask everyone who got bit by WannaCry whether their glacial change control process was worth it.

        • Found the person who knows nothing about user change management. (Did I do it right, is this how we play the game?)

          Seriously, there’s a world of difference between updating the OS or AV software, where users shouldn’t be affected at all, and updating software that affects of the UI and workflow of knowledge workers. The number of decision-makers involved is an order of magnitude different, and simply understanding the effects of workflow changes can take far more than 3 months.

          • So “pace of change and innovation is stifled” and “pace of change in software is too fast”?

            I’m confused.

          • – Please tell me more about Epic’s enforcement mechanism for forcing people to update 4x/year.
            – Do you know what a special update is? How often Epic releases them? Or how Epic organizations manage these? Do you believe organizations only updated their application code once/year?
            – Do you believe it’s possible to configure an application regardless of the release cycle of the vendor? Is it possible that organizations implement changes to software on their own schedule?
            – Do you think Epic has magically figured out a way to update their software 4x faster such that the same amount of disruption will be introduced 4x more frequently?
            – Do you believe that Epic just changes code for their hosted customers without any input on the scope or frequency from the customer? Or without any amount of collaboration on testing around those events? And that they somehow use this as their selling point to entice people into their hosted model so that they can control 3rd party integration?

            You can keep seeing the world how you want it.

          • Also interesting that you talk about the need for innovation then point to smaller organizations “swamped with change management”.

            So do you think that if Epic completely opened up all of their IP that these smaller sites would somehow be better equipped to handle change management? That third party apps built on Epic APIs would somehow be less disruptive from a user workflow standpoint?

      • Epic DOES NOT claim ownership of others IP. The simply reserve the right, to do similar things in the future. Just like Apple, just like Microsoft and just like Google and Amazon. Can you imagine Apple making the promise to NEVER DEVELOP ANYTHING AN APP DEVELOPER SUBMITTED? How foolish would that be?

        The App maker can always get a patent on their unique elements.

        They don’t have to use the App Orchard at all if they’re concerned.

        Also, those other companies don’t buy every innovator under the sun. Most of those guys seek an IPO independently in the first place. Public money is the most foolish money after all.

        You guys are just making stuff up.

        • Having talked to developers who have considered the Orchard, it’s a concern that has prevented people from getting in.

          Regarding change management, if it is functionality around the edges through standard interfaces, it should be independent of updates (in theory). If it is Epic developed, you many times need to do a big honking update to get it.

    • @ What’s with the Fairview guy? I don’t think this Apple comparison is helping your case any. I bet if you spoke with developers in the apple app world they would explain the limitations they face with regards to getting their app into the store. Apple has some pretty strict regulations/payment terms for the store, and one could very much argue it has hampered app development over the past few years (and I don’t mean hampered the volume of apps, but like we see in healthcare…the quality and usefulness of them).

      Also as someone who has ATTEMPTED to create a mobile health app…from a sole economic perspective EPIC does hamper innovation, but it isn’t just them, it is the whole industry. The economies of scale as a barrier to entry in Health IT is so large that most small companies cannot compete.

    • I’ve actually worked for several companies that are not even competitors to Epic but have needed to interact with Epic in some way shape or form. The number of Cease and Desists and legal threats made by Epic or made to the healthcare system client have numbered in the dozens.

      I can count all the legal threats or impediments I’ve received from every other major EHR vendor on the fingers of my third hand. If you’re not in on the joke – it’s zero.

    • Those “smart guys” in Silicon Valley have already brought you Watson. Personally I think they are just getting started and soon we will discuss EMR’s as only one bit of a much bigger picture. To fault them for not fixing it already seems disingenuous.

  2. James Hereford’s call for change from Epic aristocracy reminds me of English History, (or more specifically Season 2, Episode 5, of The Crown) where Lord Altrincham calls the national maternal figurehead (QE) old-fashioned. He prints it in the press and repeats it on national air. Sniveling and grabbling, he basks in the attention and tells anyone who’ll listen that his is not a disrespect for the crown but a recognition that it is time for change. And while some want (and do) punch him in he face for his insolence, many more are unable to look beyond the chord of truth he had uncovered within them.

    That particular episode of The Crown also boasts an entire monologue from the Queen Mother as she laments the death of the monarchy, the way it’s being stolen out from under them, and the slow humiliation of democratic governments. “First the barons, then the merchants, now the journalists,” she sighs, before essentially turning straight to the camera and saying, “That’s all we are now — marionettes.” Maybe it’s Judy’s fear and that of the munchkins of Emerald City too. To have the providers – or worse the free market – drive innovation.

    If you’d like to learn more about what I am referring to, search on Lord Altrincham to learn more about his impact on Queen Elizabeth’s modern social adoptions and adaptations. Maybe James Hereford will be our era’s catalyst towards a better, safer, more efficient nation of healthcare through healthcare IT.

  3. I played Theme Hospital as a child and always thought it was a joke that the hospital systems were out for profit. Now I write EMR software. It was the longest, darkest punchline.

  4. FWIW, McAfee SiteAdvisor doesn’t like the URL link embedded in last night’s “New On HIStalk” email. Is McAfee overreacting or is something amiss??

    I can send you a screen print of the SiteAdvisor page and the site report if you want…

    • Nothing’s amiss other than the never-ending challenge of trying to get email updates to subscribers through the malware-mandated increased security on the recipient’s mailserver. Which oddly enough, as you experienced, sometimes works and sometimes doesn’t as the malware detection rules are invisibly tweaked.

      In this case, the email contains just two links, both to the HIStalk news page as usual, but McAfee is apparently concerned about the link to the Greenfield Reporter page within the actual news post on the site (the ransomware story). I don’t see that the newspaper’s site is blacklisted or otherwise questionable, so I can’t explain the warning, nor was I aware that McAfee checks links on the destination page and not just the actual click link itself. I use Bitdefender and did not receive a warning when I clicked the email links.

      At least the email got through. You would be shocked at how many long-time email subscribers suddenly stop getting the email updates, and when I look them up, they show “bounced,” meaning their email server rejected the email after years of working fine. That’s a hidden effect of malware and spam — you can no longer assume an email wended its way through the electronic maze to reach the intended recipient.

  5. Can anyone with access to the full DoD article share what details, if any, it gives re: interoperability? Cerner has yet to answer anywhere publicly. Is GENESIS live on CommonWell? Carequality? ANY connection to the outside world? (PowerPoint?)

  6. Amused by the fact that the most engagement an Histalk post has received in months is due to a hospital executive saying something critical of Epic.

    Thin skin in Madison.

    Epic is Big Healthcare. With that kind of company financial success, you are going to have your critics. Comes with the turf, guys.

Founding Sponsors


Platinum Sponsors



















































Gold Sponsors














Reader Comments

  • Plucky Brit: KLAS: Is it me or does it seem odd to rank vendors based on such small sample sizes? n = 6 is not exactly a big sample w...
  • Obfuscator: This sounds like a cry for help. I don't know how I can help, but here's some resources with which I'm slightly familiar...
  • Samantha: I read all of these and Im at a total loss. I want out so bad but Im a mother of 3 and a wife and sister. Ifeel so compl...
  • Ed Chung: As one of the couple dozen companies sending a petition to HIMSS, I'll just say that some large companies (some very lar...
  • Lazlo Hollyfeld: Re: Optum Buying Navihealth "Optum are the healthcare Borg. Now they add Navihealth's service and technological disti...

Sponsor Quick Links