Home » News » Currently Reading:

Monday Morning Update 11/25/19

November 24, 2019 News 6 Comments

Top News


Wisconsin-based nursing home IT vendor Virtual Care Provider, Inc. is hit by ransomware, taking down electronic patient records, Internet service, email, billing, and phone systems across 80,000 PCs and servers running hundreds of nursing homes in 45 states.

The hacker is demanding $14 million to provide the encryption key, which the company says it can’t afford.

VCPI says some of its client facilities may be forced to shut down due to their inability to order drugs, generate bills, and pay employees.

Ironically, VCPI sells IT security and HIPAA risk analysis services.

HIStalk Announcements and Requests


Over 80% of poll respondents think that Ascension’s data analysis agreement with Google is legal, but two-thirds also think the relationship is unethical.

New poll to your right or here: Have you ever been laid off or otherwise lost a job other than for performance issues? Click the poll’s Comments link after voting to share your experience.

I regularly worry that my 2.5-year-old, inexpensive Acer laptop will fail and leave me without a backup other than my Chromebook, which works great but doesn’t run some niche Windows apps that I need. I’ve been watching for a deal on something similar and saw a pre-Black Friday offer on an HP Pavilion 15z with AMD Ryzen 5, 16 GB of memory, 256 GB SSD storage, and a 15.6” touch display. I wanted 16 GB (which isn’t as common or cheap as it was a couple of years ago for some reason) and SSD since I’ve become spoiled by both, so my $480 order is in. I’ll report back after it arrives early next month.


None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre to present your own.

Acquisitions, Funding, Business, and Stock


Google’s venture fund provides $4 million in seed funding to Rad AI, a radiology workflow optimization software company that was started in 2018 by a radiologist who entered medical school at 16 and now practices in North Carolina.


  • SCL Health will offer virtual services using Bright.md’s SmartExam asynchronous virtual care platform.
  • Steward Health Care chooses Health Catalyst’s Data Operating System and Rapid Response Analytics. 
  • Humber River Hospital chooses CloudWave to support Meditech and its infrastructure.


Cooper University Health Care promotes interim CIO Dustin Hufford, MBA to SVP/CIO

Government and Politics


The VA says that it hasn’t worked out jurisdictional issues with the Department of Defense over patient information that will be stored in their respective Cerner systems, admitting that nobody really thought about data sharing issues when the projects were conceived. Existing laws may require veterans to make separate requests to the VA and DoD to obtain their health records despite the goal of a single record for each patient. The VA also acknowledges that its March go-live at Mann-Grandstaff VA Medical Center (WA) will involve a limited implementation that will require employees to toggle between Cerner and VistA. 

Privacy and Security

Medical researchers observe that European Union’s General Data Protection Regulation has caused problems for their studies that cross national borders outside the EU. NIH Director Francis Collins says his study of diabetics in Finland ground to a halt when NIH could not meet the privacy requirements of its national equivalent in Finland. Neither the US nor Canada are recognized by the European Union as providing adequate data protection, so researchers must sign contracts to accept Europe-based audits or to cede legal jurisdiction to the originating country’s courts. GDPR isn’t an issue when patient information is anonymized, but countries haven’t agreed on how that anonymization can be performed and some studies include sample data that cannot be stripped of identifying characteristics.



Bloomberg notes that Inovalon Chairman and CEO Keith Dunleavy, MD is a billionaire once again following a 60% run-up in the analytics platform vendor’s stock price in the past year. Timing is everything, though — the company went public in early 2015 at $27 per share and is down 36% since, while the Nasdaq rose 74% in the same period.

Allscripts defends its work on an $18 million software implementation in the Bahamas that has resulted in no applications live after three years and $8 million in payments. The company responded to a newspaper’s request for comment that it is in full compliance with the contract and is waiting on approval from the government, which says it is looking for a replacement system. Allscripts misidentified its client in the response as the “Public Housing Authority” rather than the “Public Hospitals Authority.”

Medical residents in South Korea complain that while their weekly work hours are newly capped at 80, they are seeing more patients without much help from specialists in learning new procedures. They also claim that hospitals shut off after-hours EHR access to make it look like they are complying with the hours cap, but give them other work to perform instead.

In Australia, a government review of misused private data looks at Queensland Health’s Cerner IEMR, which allows employees and staff at any of its 14 hospitals to view the records of all patients. The government worries that the hospitals don’t fully understand how to configure the system’s privacy controls, such as flagging high-profile records to warn users that any inappropriate access will be investigated. However, one hospital’s HR director says its P2Sentinel access monitoring system issues reports that aren’t that useful, leading to a huge backlog of potential inappropriate viewing incidents that the hospital doesn’t have time to investigate. 

Two Colorado state agencies announce that a bug in their tracking system allowed several batches of contaminated medical and recreational marijuana to be sold, triggering a recall of such products as Ghost Cake Killah and Grape Ape.

Sponsor Updates

  • Chilmark Research highlights Bright.md in its new report, “Primary Care for the 21st Century: Technology-enabled and On Demand.”
  • Greenway Health’s Intergy EHR receives five industry accolades in 2019.
  • Nextech Systems gives its customers access to Relatient’s patient self-scheduling, automated waitlist, and patient intake capabilities.
  • The Chartis Group announces the winners of The Chartis Center for Rural Health 2019 Performance Leadership Awards.
  • Hyland Healthcare’s Advisory Councils share insight into top health IT trends including AI, cloud, and optimization.
  • LiveProcess will exhibit at the National Healthcare Coalition Preparedness Conference December 2-4 in Houston.
  • Gartner recognizes NextGate as a ‘Notable Next-Generation EMPI Vendor.’
  • Nordic staff volunteer at The River Food Pantry and donate gifts for 65 local children.
  • KLAS Research recognizes PatientPing as a high-performing, emerging healthcare IT company.
  • SailPoint will exhibit at AWS re:Invent December 2-6 in Las Vegas.
  • Visage Imaging will exhibit at RSNA December 1-5 in Chicago.
  • Wolters Kluwer Health publishes a new report, “Mending Healthcare in America 2020: Consumers & Cost.”

Blog Posts



Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates. Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "6 comments" on this Article:

  1. Nice call on the laptop. It seems this shouldn’t be a complicated decision, given that everything has standardized on just a couple of features, but the pricing is all over the place. I shopped recently for my son and your price is probably about $200-250 less than the best deal I found for him with comparable specs

  2. The Google/Ascension thing has a lot of people echoing the chorus of “it’s the patient’s data”, and I never see that concept challenged. Given that a) all concepts should be challenged and b) deep down in my heart lives an obstinate contrarian, I present the following devil’s advocate’s argument. (To be clear, I believe that the ability for health systems to disclose data for “operations” purposes is very much overly broad. A much narrower definition would improve the security of the data and the public’s trust.)

    There is a fundamental difference between “data that is about you” and “data that belongs to you”. Simply being the first does not also mean it’s the second, and no other realm of our society operates like this. Examples:

    I have a frequent shopper card for a supermarket chain, I use it because it gets me discounts on gas. As a result, the supermarket has a huge amount of data on my shopping habits and the supermarket uses it for marketing/purchasing/promotional/whatever purposes they want.

    If I’m walking down the street and someone take a picture that includes me, I have no claim to the ownership of that picture. I’m in it. It’s a picture of me (among other things). IP law is very firm that the photographer owns the picture, not the subject. This is true even if I’m paying the photographer specifically to take pictures of me, I still don’t own the IP that is created.

    And of course I can’t just walk into a police department / FBI / other law enforcement office and demand that they give me any and all information they have on me.

    “Data about me” is not by default “data that belongs to me”.

    And why should it be? In all of the examples above, and in healthcare, the data gains value because of the professionals that are working on it. If I made a spreadsheet of all my health issues, the medications I take, my blood pressures from the $7.99 cuff I got at CVS, etc. and tried to sell it, I’m unlikely to get any takers. The data is valuable because the health systems have trained professionals gather the data & validate it. It’s generated from verifiable objective tests that get run. They have teams of people supporting the infrastructure needed to enter, aggregate, and use it. All of this is a huge investment on their part, and the fact that they do it raises value of the data. “My data” as collected by me is not valuable, “My data” as validated by a doctor, and aggregated into a data set, and cleaned up by a pre-processing function, etc. etc. has become valuable.

    We can carve out healthcare data from the norm and say that it does automatically belong to the patient, and it seems like consensus that that should be the case. That does open a can of worms in lots of other areas.

    • “If I’m walking down the street and someone take a picture that includes me, I have no claim to the ownership of that picture.”
      That may be, but the photographer doesn’t have the right to use that image in large billboard advertising say incontinence. They would need a model release from you. So it’s not just the data, it’s also how it’s used.

      • Yeah you aren’t allowed to make money from a photograph of someone without their consent even if it was taken in public. That’s the low bar; some states have more restrictions. I say we just open the can of worms. Other developed countries have. Why does the US gov always have to bend over to corporate interests rather than their own people?

        • At the risk of getting bogged down in discussion of IP rules around photography, this is partially true. You can’t use a headshot of someone taken on the street for billboard ads.

          However if the photo has artistic or journalistic value, it can still be published. Newspapers (for-profit private companies) can publish them on the front page without your consent. An artist can enter it into a contest and win prize money.

          On top of that, you can frequently find crowd shots in marketing campaigns. If you happened to be walking down the street the day they decided to fly the drone over to get their establishing shot of “look how busy this street is” you may find yourself in any number of commercial products. Check out madi.sn (a promotional campaign for how awesome the city of Madison WI is) for examples of this. I guarantee you that the marketing company who put the video together did not get releases from everyone in all of those shots.

          I think the analogy is apt. The health system can’t sell a single person’s health data But when aggregated into a crowd, it’s considered ethical, legal, and appropriate.

          • In America, property > everything.

            US property and money are extremely well protected. If someone steals from you, you can get the police to force them to give it back – provided you have enough money for a good lawyer. This won’t ever change in the US, because Coca Cola, Manhattan, and resident children of third world dictators rely on the fact that property in the US is sacrosanct and they spend heavily to defend those property rights.

            The US public understands this; the people writing think pieces know that the US public understands this. “Patients own their data” is the slogan because it accomplishes the goal within the constraints of the existing political system and it sounds good to the unwashed masses.

            The legality of patient ownership vs similar copyright law doesn’t matter for you or me, just like it doesn’t matter if we work for soviets or corporations. Those details will be arranged by a Washington bureaucrat and somebody writing fat checks. What matters to people like you and me is that we have to get the idea into the public consciousness and nobody beats Goldman Sachs. You own the body – you control the data.

Founding Sponsors


Platinum Sponsors



















































Gold Sponsors












Reader Comments

  • IANAL: Your employer/insurance wants to decrease your use of healthcare so that they don't pay as much. Sending you advertising...
  • Jayne HIStalk MD: Good question - it was an evening appointment (which I thought was odd in the first place) on a night I have a standing ...
  • John Lynn: I hate the automatically scheduled appointment like that too. Although, I'm more intrigued how you knew that an appoint...
  • US_MedicalCare: Re: Dina Spotlight I clicked through Dina's spotlight and that triggered a chain of thoughts that I don't have any answ...
  • Mr. HIStalk: I haven't seen it mentioned in the Bob Loblaw Law Blog....

Sponsor Quick Links