Home » News » Currently Reading:

News 7/3/19

July 2, 2019 News 8 Comments

Top News


Outpatient therapy EHR vendor Net Health acquires Optima Healthcare Solutions, which offers a contract therapy EHR.

Pittsburgh-based Net Health has quite a few industry long-timers on its management team:  Anthony Sanzo (TeleTracking), Kelley Schudy (Allscripts), Jason Baim (TeleTracking), and Mary Mieure (Vitera).

Reader Comments

From Rude Buoy: “Re: vendor gag clauses. Here’s an example.This is the most extreme example of a supplier looking to put parameters on impressions I’ve seen in decades as a CIO. Please keep confidential as the agreement is specific to our organization.” The agreement requires the health system to keep its “authorized users” from publishing falsehoods that are damaging to the vendor, which the vendor admits is subjective. The interesting aspects to me are:

  • The term doesn’t prohibit publishing negative content as long as it is factual, which should be the case in describing software problems that endanger patients. Therefore, I would argue that this is not a gag clause.
  • Health system users don’t sign the agreement and aren’t bound by it individually (as long as additional language isn’t buried in the system’s user agreement, if one exists). The health system might threaten to discipline an employee, but how would it deal with a community-based doctor (who is still its “authorized user”) who posts something untrue, perhaps without even naming the health system? Can the health system legally demand that the doctor either remove their comment or stop posting them?
  • I’m curious how terms like these have worked out in real-life examples where a vendor pressured a health system or practice over comments made by one of it users. I picture the vendor issuing a vague threat to the health system, who then issues a vague threat to whoever made the comment, who then removes or “corrects” their comment in fear of being fired or sued. Or maybe this has happened so rarely that nobody knows.


From Legal Beagle: “Re: Texas Health Resources. Here’s what its execs told the US Senate under oath.” I remember writing about this when it came up in 2014. The THR ED nurse didn’t ask the Ebola patient about his travel history because that wasn’t part of the ED triage process. The primary nurse saw him an hour later and documented that he had just traveled from Africa, but the nurse didn’t communicate that information verbally to the doctor. Records show that the ED doctor reviewed the patient’s complete EHR record several times, including the location in which the travel history was documented. The patient was new and thus his record contained only the nurse triage and travel history, so it’s not like that information was buried in a big chart. The doctor discharged the patient with a diagnosis of sinusitis and abdominal pain. THR initially claimed in a press release that Epic didn’t automatically display the travel history to the doctor, also explaining that THR’s IT staff “relocated the travel history to a portion of the EHR that is part of both workflows.” Then THR recanted its original claim by admitting that “there was no flaw in the EHR.” My takeaway is that many hospital EDs would have missed the connection between Africa travel and vague Ebola symptoms, but in this case, the story was muddied because of miscommunication or perhaps intentional obfuscation by THR’s clinicians or executives.


July 18 (Thursday) 2:00 ET. “Healthcare’s Digital Front Door: Modernizing Medicine’s Mobile-First Strategies That Are Winning Patient Engagement.” Sponsor: Relatient. Presenters: Michele Perry, CEO, Relatient; Michael Rivers, MD, director of EMA Ophthalmology, Modernizing Medicine. Providers are understandably focused on how to make the most of the 5-8 minutes they have on average with a patient during an exam, but what happens between appointments also plays a significant role in the overall health of patients. Modernizing Medicine is driving high patient engagement with best practice, mobile-first strategies. This webinar will describe patient engagement and the challenges in delivering it, how consumerism is changing healthcare, and how to get started and navigate the patient engagement marketplace.

July 25 (Thursday) 2:00 ET. “Meeting patient needs across the continuum of care.” Sponsor: Philips Population Health Management. Presenters: Cindy Gaines, chief nursing officer, Philips Population Health Management; Cynthia Burghard, research director of value-based healthcare IT transformation strategies, IDC. Traditional care management approaches are not sufficient to deliver value-based healthcare. Supplementing EHRs with advanced PHM technology and a scalable care management approach gives health systems proactive and longitudinal insights that optimize scarce resources in meeting the needs of multiple types of patients. This webinar will address the key characteristics of a digital platform for value-based care management, cover the planning and deployment of a scalable care management strategy, and review patient experience scenarios for CHF and diabetes.

Previous webinars are on our YouTube channel. Contact Lorre for information.

Acquisitions, Funding, Business, and Stock

Provider scheduling solutions vendor QGenda acquires OpenTempo, which offers clinical resource optimization tools.



UC Health (one of many, in this case Cincinnati) hires Michael Legg (Yale New Haven Health) to the newly created position of VP/chief data and analytics officer.


John Passchier (TAVHealth) joins Signify Health as RVP of community network strategy.


Sean Tuley (LifePoint Health) joins Global Medical Response as SVP/CIO.


Nat’E Guyton, RN, MSN, DM (Spok) joins University of Maryland Medical Center as VP of patient care services and chief nursing officer.

Announcements and Implementations


Cedars-Sinai welcomes 11 startups to its latest accelerator class:

  • AMPAworks – surgery inventory tracking.
  • ClinicianNexus – clinical rotation matching.
  • Feedtrail – pre-discharge patient surveys.
  • FocusMotion Health – tracking the activity and recovery of orthopedic surgery patients.
  • Hawthorne Effect – keeping clinical study enrollees engaged.
  • Health Note – pre-visit patient questionnaire that populates the EHR.
  • Lantum – provider scheduling.
  • Notisphere – recall tracking.
  • OMNY – hospital sharing of oncology drug usage and supplies.
  • Parker Isaac Instruments – pathology tissue separation instrument.
  • Virti – virtual clinician training.


Flexible office space vendor and WeWork competitor Convene will operate primary care clinics in most of its 28 locations, hoping to attract tenants by offering immediate access to health services similar to the onsite clinics offered by big employers. The clinics will be operated by Eden Health.



Researchers find that automatically generated EHR messages account for half of the 243 such messages the average doctor receives each week, with far fewer of their incoming messages originating with colleagues and patients. The auto-generated messages involved health maintenance reminders, prior authorization requests, and patient reminders. Researchers also found that doctors who say they are burned out are more likely to be receiving a higher number of automated messages. The study involve one health system using Epic, but that’s not the point – it’s yet another reminder that there’s a cost to “Revenge of the Ancillaries” where the desire of non-doctors to push information in the faces of doctors is allowed with the best of intentions but not necessarily the best of outcomes. A previous study found that PCPs spend 23% of their day managing their EHR inbox.


At least one hospital is using a company’s questionably accurate “aggression detection” voice analysis software, whose machine learning algorithms constantly monitor the sound patterns from publicly placed microphones in attempting to detect verbal aggression before it turns into violence. Netherlands-based Sound Intelligence also markets its system for hospital patient monitoring

UF Health (FL) adds a gender identity section in its EHR as recommended by a LGBTQ+ employee advisory committee, in which patients will be asked their gender identity and pronouns at registration.

The American Medical Association says the proposed interoperability rules of CMS/ONC “threaten patient privacy” by requiring providers to share their information with third parties that aren’t required to keep it private, potentially creating a market for patient data to be sold. 


Malaysia’s government hopes to implement EHRs at its 145 hospitals and 1,700 clinics at an estimated cost of $360 million, with an open tender to be posted later this year.


Non-profit NorthBay Healthcare (CA) explains to bondholders that three big insurers have terminated their contracts because “we’ve been able to maintain very lucrative contracts without the competition” in a startling admission that the health system uses its oligopoly power to charge high prices. The health system has increased revenue by 50% in the past five years due to lack of competition, leading experts to conclude that the benefits of price transparency are minimal when consumers have few hospital choices. I didn’t see anything fun in the health system’s tax records other than four of its highest-paid employees are staff nurses who made $400K each. The CIO was paid $500K.

Piedmont Healthcare (GA) will require patients who don’t have insurance, as well as those who have high-deductible plans, to pre-pay 25% of the estimated cost upfront for non-emergency services, explaining that bad debt represents 8% of the health system’s revenue because patients can’t afford to pay their high deductibles.

The city of Lake City, FL fires its IT director after an employee’s opening of a malware-containing email introduced ransomware into the city’s computer systems, after which its insurer agreed to pay the hacker’s demanded $460,000 ransom. The malware was identified as a Triple Threat attack, which runs an email-contained macro that loads several types of malware, after which it notifies the hackers so they can decide if the organization is worth holding for ransom. Another Florida city that experienced a similar attack recently paid a $600,000 ransom, while Baltimore complied with a law enforcement recommendation to refuse to pay a hacker’s demanded $80,000 and is still attempting to recover after spending $18 million. I’m picturing a teen hacker sitting in a coffee shop in Eastern Europe watching their account bump up by an untraceable, untaxable $460,000.


I’m thinking this DoD tweet trivializes the integration challenges ahead even as it uses “interoperability” in a bafflingly wrong way. I’m reminded of the absurdity of Allscripts CEO Glen Tullman proclaiming constantly a few years ago that all of the company’s multi-heritage EHRs were integrated by definition because they all used the Microsoft SQL database.

Sponsor Updates

  • Medicomp Systems CEO David Lareau is accepted into the Forbes Technology Council.
  • WebPT offers a report titled “The State of Rehab Therapy 2019.”

Blog Posts



Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "8 comments" on this Article:

  1. “The city of Lake City, FL fires its IT director ”

    What are the chances the city refused to spend money on IT security and hardening of their infrastructure? Watch them spend some more money after this IT directory sues them for wrongful termination and libel or something along those lines. The taxpayers will end up paying even more.

    • I’d like to see the results and recommendations of their security assessment, which surely their cyberinsurer required, and evidence that the IT person failed to request resources to implement the recommendations. I bet they either did a shoddy assessment or decided to accept the risk to save the expense required to mitigate it.

      • While those are some good points that would be interesting to know, I believe the firing was more likely related to what happened after the attack than anything that made the attack possible. The truth of the matter is even the most hardened of networks are susceptible to these attacks. In the end, you can educate users, which most experts state is the most important level of defense, but all too often they click before they inspect. The most effective mitigation is effective backup/recovery planning. The question I have is why were they not able to restore to pre-encryption state. Potentially it may have been a time bomb type attack that laid dormant, but even in that case, they should have been able to restore and mitigate before the crypto-locker activated. If backup/recovery was not executed properly or monitored well prior to the event, that would get an IT Director in hot water fast. I’ve seen both scenarios, too often companies disregard the warnings to save some money and then blame IT; however, I have also been there when after the attack is the first time the backups were checked only to find out they had been completing with errors for weeks. I think it potentially says something that he was terminated after a couple of weeks of attempted mitigation before paying the ransom. If it was a refusal to implement strong practices, that IT Director might be able to retire soon. I am sure the city will want to squash that publicity problem quickly.

  2. Re: Gag clauses. They’re very rare now. Have seen some creativity with the “Confidential Information” section found in every IT contact. Normally it protects legitimate interests in such areas as workflows, order sets, and the vendor’s development plans that it shares with customers.

    Every once in a while the term “Confidential Information” is defined with a lot of words, and buried in there somewhere is a clause like, “information describing defects or deficiencies in the Software identified through Customer’s regular use or testing of the Software.” That would be a gag clause.

    • Great example in calling out that section.

      It goes without saying that the customer can refuse to sign a contract that contains language it doesn’t like and few vendors would lose a sale over that particular clause, their legal team’s protests notwithstanding. The health system’s lawyer should balk at signing a contract giving it responsibility without authority, such as “authorized users” it does not employ.

  3. Enforcing a “gag clause” seems like it could be very tricky and not particularly beneficial for the vendor, especially if it does apply to the end users. To what extent would it apply and how far-reaching are the consequences? It’s not very beneficial to the vendor if it becomes an avenue for a disgruntled user to terminate the contract for software they really dislike. “What, I get to vent about the software AND make the organization stop using it? Sold.” Sounds like a win-win to me….

  4. Re Texas Health Resources and Ebola. From someone who was there, I can clarify your suppositions that “the story was muddied because of miscommunication or perhaps intentional obfuscation by THR’s clinicians or executives.” It was intentional obfuscation by the specific clinicians, and then a readinesss to leap on any excuse by the executives without worrying about getting the real facts.

  5. Regarding gag clauses: The Agreement requires the health system to keep its “authorized users” from publishing falsehoods that are damaging to the vendor….

    Mr. H is correct, the example is not a gag order, primarily because it is in essence a crude interpretation of existing law and should not be in any agreement. Defamation laws address libel where the defamation can be seen (writing, printing, movie), and slander (spoken); both prohibit defamatory “falsehoods.” However, if the language somehow prohibits publishing truthful defamatory statements it would have the horrible effect of eliminating an absolute defense in a defamation action, namely the truth. A truthful statement is not defamation, and quashing the truth is gagging.

    Note liability for libel applies throughout the publishing chain. An entity is responsible for republishing defamatory material just as the original publisher, provided that the entity had knowledge of the content of the defamatory statement. Consequently, because a media entity has editorial control over its content and communications, it is liable for republishing defamatory material.

    The authorized users aspect is important. Some vendors require individual end user agreements executed by the persons accessing the vendor’s system licensed by the provider entity. It is critical that the provider entity review and approve these end user agreements in conjunction with the main technology agreement, not afterward. Get all the paper on the table before any signature. With regard to the gag order topic, the end user agreement must be aligned with the main technology agreement.

    With regard to the confidential information comment and topic, yes, this can be a place to sneak in protective terms for the vendor, mainly because some people tend to glaze over when reading an extensive list of “what’s included” in the definition and skip to the next sentence (you know I’m right). Here is my method for breaking down and understanding these contract sections:

    Identify the definition of confidential information, which is usually a long and complicated list like “… including, but not limited to, plans, specs, algorithms, designs, patient and financial information …,” and set it aside. Review and negotiate the confidentiality obligations without the list of confidential materials, then work on the details within the definition. In my experience both sides understand the obligations of confidentiality and there is little contention, but the material subject to those obligations is the area for research and negotiation needed to arrive at what is fair and reasonable. If you find squirrely wording that looks like a gag order, question it. Everything in the list of confidential materials must make sense for the situation.

    Keep in mind that truthful statements are not defamation; public policy dictates that they are not suppressible by the subject entity and the law protects those that make such statements.

Text Ads

Recent Comments

  1. 100% agree about the remote employees - particularly in health care. If you think you can 100% work from home…

  2. Re: NEJM Article "The Solution Shop and the Production Line..." I totally agree that there can be a bias towards…

  3. In the NEJM piece that you pointed out, I wonder how you see the impacts of hospital-employed physicians, use of…

  4. You asked, "Readers, what is your experience with Oracle as a vendor?" Oracle is notorious for charging a LOT of…

  5. This quote from your article is just hilariously and provably wrong. "At the cost of millions to billions of dollars…


Founding Sponsors


Platinum Sponsors

























































Gold Sponsors











Sponsor Quick Links