Home » News » Currently Reading:

Monday Morning Update 12/16/19

December 15, 2019 News 9 Comments

Top News


Hackensack Meridian Health, New Jersey’s largest health system, admits that it has paid a ransomware hacker to regain access to its computer systems.

Some of those systems remain down two weeks after the attack began.

The health system did not reveal the amount paid, but says it carries insurance for that purpose.

Meanwhile, the city of New Orleans declares a state of emergency after shutting down all of its servers and websites following ransomware threats.

Reader Comments

From Student Union: “Re: new jobs listed in the ‘people’ section. Why do some of them not include a link to the announcement?” I learn of some of them via LinkedIn notifications from my 3,000 connections and I don’t link in those cases. My criteria for mentioning someone’s new job are: (a) I only list VP and above since I would be overwhelmed with job changes otherwise; and (b) the person has to be recognizable to many readers based on their healthcare history.


From Pleiades: “Re: Monarch Medical Technologies. FDA has recalled both of their EndoTool glycemic management / insulin dosing software products. They only offer these two products and can’t implement them at any hospital because of the open recall.” FDA recalled EndoTool IV in June 2019 because of calculation errors and and recalled EndTool Subq in November 2019 because it was distributed without FDA’s approval or clearance.

From Meaningless Use?: “Re: patient portals. A recent HIStalk interviewee said they were important because they were part of the Meaningful Use requirement. How is that important? Also, where would we be today without the HITECH Act and Meaningful Use? Many of those in the industry who started pre-MU know no other reality.” My thoughts:

  • The stimulus-focused MU program artificially goosed EHR demand similarly to the “cash for clunkers” program. Although to be fair, MU payments were tied to use rather than purchase – if you already had an EHR, you could get free money by simply using it per federal government requirements.
  • Sales jumped for products nobody wanted when they were spending their own money, encouraging vendors to lie and providers who were anxious to lap at the taxpayer trough to buy products without due diligence or commitment to process change.
  • Innovation was stifled because the industry’s collected wad was shot on the same old systems that weren’t selling before.
  • Health IT was chosen as a shovel-ready project that could pump a lot of stimulus money into the economy quickly, and those involved made an earnest but fumbled attempt to give taxpayers $35 billion worth of benefit by conditioning the payouts on accomplishments (or lies about accomplishments via unverified attestation) on metrics that did little to improve patient outcomes, access, or cost. Providers were thinking only of their taxpayer welfare payments rather than the welfare of their patients when they bought these systems and attested that they were using them magnificently.
  • Patient portals seemed sexy to an industry with a poor technology track record, but nobody bothered to ask patients if they wanted them or demanded that providers do more than to simply offer them to earn their taxpayer payday.
  • Portals also gave providers an excuse for doing nothing else to improve communication with their patients, They could simply pat themselves on the back and cash their checks for turning on a portal that few patients signed up for and far fewer actually used. People do what they are paid to do – no more, no less.
  • But as with most technology, it’s the people rather than the tools that are the problem. Providers like Kaiser embraced both EHRs and portals and have delivered pretty amazing benefits to patients, to the point that its portal is extensively used for patient-provider messaging, routine refill and appointment requests, and inquiries. They made their portal a competitive differentiator because it was profitable for them to do so.
  • Patient portals are the technological manifestation of healthcare paternalism – patients are expected to use them (a separate one for each provider) even though the doctors may or may not, those multiple providers don’t exchange information, they are just as provider-protective since providers don’t promise quick or detailed responses to portal-posted patient concerns, and users still get a clipboard full of blank forms shoved in their face when they show up for a visit. You would likely change banks if the best technology they could come up with looked anything like a patient portal.
  • Without MU, EHR sales would have picked up more gradually and smaller medical practices would probably have opted out. But that would have forced vendors to improve their products and encouraged new entrants to offer something better. The market was speaking before MU artificially manipulated it.
  • I would be uneasy claiming in the absence of evidence that EHR adoption has improved outcomes, access, or cost to any extent, much less $35 billion worth. I would also cite endless surveys showing minimal patient use of portals and minimal improvement in any type of outcome as a result.


From Darth Vader: “Re: UnitedHealth Group. With all this talk about reducing healthcare costs, why isn’t anyone in Congress talking about UHG, and in particular, Optum? How ingrained is this organization in every nook and cranny of the US healthcare ecosystem?” We’ve societally accepted that US healthcare is a business in which patients are the widgets of production, so it was inevitable that the whole mess (or at least the most profitable parts of it) would be controlled for maximum profit by publicly traded companies, private equity firms, and profit-admiring health system executives. Those groups are also big political donors and advertisers. The track record of a constituent-focused member of Congress dismantling a hated and excessively profitable monopoly, at least in the past few dozen years, isn’t very good. One person’s excess costs is someone else’s income and the latter don’t readily give it up.

HIStalk Announcements and Requests


Most poll respondents believe that patients own the data that providers record about them. Actually I should probably say that they wish it were true, but are aware that legally (and with ownership, that’s all that counts) patients have no such claim. Reader Conflated added a poll comment that provides a thorough overview of the issue:

It seems like three concepts are being conflated in this conversation. One is ownership of the records of the services performed by a provider (“the data”). The second is rights to access the data. The third is rights to “do stuff” with that data.

It would seem the original copy of the records stored on a provider’s EHR (or the paper records in their record closet) belong to the provider. The patient doesn’t own that copy of the records. It documents the work the provider did, the observations and results the provider captured, the medical recommendations the provider made, and is the basis of mounting a legal defense if the provider is sued for malpractice. Not to mention, there are record retention requirements the provider is required to follow, another hallmark that they own those records.

However, the patient also has a right to access and copy ALL of the provider’s records about them. That copy belongs to the patient.

Taking these two points together, then, it seems like the provider and the patient both have a right to own a copy of the same data. On a right to “do stuff” with the data, this is the more complicated thing, and the area in which HIPAA most needs a refresh. Just because a provider “owns” their copy of the records doesn’t inherently give them rights to “do stuff” with it. We have also seen some legislation that the provider has an obligation to do some stuff at the direction of the patient with said data (e.g., securely transmit it to another provider), but the provider still gets to retain a right of ownership of their copy of the data.

New poll to your right or here: What data sharing issues, if any, did you experience in your 2019 provider visits?


The “like” button you see on each article tells me that the most-liked HIStalk items in the couple of years I’ve been using it (like votes minus dislikes) are, in order:

  1. Pretzel Logic 9/30/19
  2. Readers Write: To Douse the Flames of Physician Burnout, Target the Four Biggest Time-Wasters in the EHR
  3. A Machine Learning Primer for Clinicians — Part 1
  4. Book Review: Bad Blood
  5. Readers Write: A Prescription for Poor Clinician Engagement with Health IT: Stop Communicating and Start Marketing
  6. Neal Patterson’s Final CHC Speech — November 16, 2016
  7. HIStalk Interviews Vince Ciotti, Retired HIS-torian
  8. The Smokin’ Doc Celebrates a Successful HIMSS
  9. Readers Write: The Big Fib
  10. CIO Unplugged 3/21/18


My Anonymous Vendor Executive (AVE) offered to provide more Donors Choose matching money, but I’m stymied since I still have nearly $10,000 of AVE’s previous donation in my account. Reason: most of the larger donations I’ve received came from HIMSS-related activities, such as lunch with a CIO or other promotional event, and I haven’t done those lately. I propose that we put that money to work as follows:

  • I will (since the AVE suggested it) match donations $2 for every $1, and other matching will surely increase the bang for your donation buck.
  • For company donations of $1,000 or more, I’ll include a text message of your choice in an HIStalk update email in addition to the usual thank-you message on the site.

I’m open to other ideas as well. Let’s spend AVE’s money on a great cause. If you want to donate, here’s how:

  1. Purchase a gift card in the amount you’d like to donate.
  2. Send the gift card by the email option to mr_histalk@histalk.com (that’s my DonorsChoose account).
  3. I’ll be notified of your donation and you can print your own receipt for tax purposes.
  4. I’ll pool the money, apply the matching funds, and publicly report here (as I always do) which projects I funded.


None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre to present your own.

Acquisitions, Funding, Business, and Stock


Blue Cross Blue Shield of Massachusetts integrates its member app with Amazon’s PillPack pharmacy, allowing members who take multiple medications to order their prescriptions, pay for them, and schedule their delivery. The app will encourage those patients to switch their pharmacy to PillPack, in which case all of their information will be automatically transferred.


  • DHR Health Institute for Research and Development (TX) joins the TriNetX global health network to improve clinical trials access to Hispanic residents of the Rio Grande Valley.



Rx Savings Solutions promotes Daron Sinkler to VP of sales.

Announcements and Implementations

Partners HealthCare announces a five-year digital health initiative that includes online appointment scheduling, video visits, implementation of OpenNotes, procedure and imaging cost estimates, improved interoperability, posting of ED wait times, and customized patient communications. The program also includes an incubator component. The Boston paper says the program will cost at least $100 million


An article in Wired predicts the end of drug trials that use a placebo group, i.e. patients who receive no actual treatment for their conditions to determine the benefit to those who do. EHR data can identify similar patients, then compare the new product’s results with those of the existing standard of treatment as a “synthetic control arm.” The author wisely notes that this is probably why drug company Roche paid nearly $2 billion to acquire oncology EHR vendor Flatiron Health in early 2018, having foreseen the use of real-world data for drug approvals now that EHRs are ubiquitous.


I like this proposed rework of HIPAA that appeared in the Health Affairs blog last week. It calls out HIPAA’s most glaring deficiencies in falling short of broad patient privacy protection – it regulates only covered entities and those covered entities get a free pass under “treatment, payment, and operations.” Not to mention that the US lags behind in failing to protect the information of its citizens via Europe’s GDPR.


Florida pain management practice chain Korunda Medical will pay $85,000 to settle HIPAA charges that it ignored a patient’s request to send an electronic copy of their medical records to a third party, then charged the patient an excessive amount for the paper copies it sent. The patient filed a complaint in March 2019, OCR provided penalty-free “technical assistance” to the practice and closed the complaint, but the patient filed a second complaint four days later when Korunda ignored the records request again.


Cigna will implement an AI-powered medication adherence monitoring program in January. The company says knowing whether patients are taking their meds as prescribed will allow it to improve care, while privacy experts worry that the objective of insurers is always to pay less and that the “digital dystopia masquerading as healthcare” will allow Cigna to cancel policies or avoid paying claims. Cigna paid $54 billion to acquire pharmacy services vendor Express Scripts earlier this year.


A PGY-1 osteopathic resident at AdventHealth Orlando and self-proclaimed “influencer” apologizes for pitching several healthcare products on his social media accounts, one of them a sketchy nutritional supplement for rave music festival attendees that he sells as a company rep. He explains, “It makes a lot of sense that I shouldn’t be using my medical degree as a platform to sell products. But no one teaches you this stuff.” He’s also planning to use his experience to start a business that will monitor medically related social media posts for appropriateness.


An interesting New York Times article describes how Amazon Web Services “strip mines” startups by copying their software, especially open source, and then selling it themselves. AWS generated $25 billion in revenue last year and is Amazon’s most profitable business.


In Pakistan, several cardiac inpatients die when hundreds of lawyers in their customary black suits storm a hospital, angered that one of their peers told them he had been mistreated when he brought a relative in for treatment. At least 200 lawyers vandalized hospital property, damaged vehicles, set fire to a police van, and beat several doctors. Physicians and employees then fled the hospital, leaving patients unattended, and the hospital then closed when the doctors mounted a protest strike.

Sponsor Updates

  • Redox releases a new podcast, “An interview with Dr. Fatima Paruk, Microsoft’s Chief Medical Innovation Officer.”
  • OmniSys launches the Pharmacy Talk newsletter.
  • PatientPing releases a new customer success video featuring UI Health Senior Director, Care Continuum, Rani Morrison.
  • Academic Radiology features an editorial from Visage Imaging’s MingDe Lin, “Accelerating the Translation of Artificial Intelligence from Ideas to Routine Clinical Workflow.”

Blog Posts



Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Contact us.


HIStalk Featured Sponsors


Currently there are "9 comments" on this Article:

  1. For the person talking about United Healthcare and nobody noticing how they have gone into every nook and cranny of the healthcare business, you can go to my blog and use the search button if you like, as I’m not advertising here by all means, but I have been doing that for exactly 12 years now and rolling. They are what I can the algorithmic modeling machine as you have CMS using so many of the business models United created and the open door to CMS/HHS began way back when Lois Quam (formerly of United Healthcare and now sits and collects money from the useless stink tank, the Commonwealth Fund that wastes the Harkness family endowment) was allowed full open door to the White House during the Hillary care thing while still at UNH, so they got a lot of information the others didn’t have and the door has not closed. But to answer your question as to nobody noticing, there were people that noticed and wrote about it, but it didn’t get enough attention as all were on the way to one click wonder world for lack of a better way to express myself:) That company is what I call Quantcare and is a huge and unfair Cartel.

  2. Re “Patient owns the data” poll: Since we are clearly in the “how things should be” vs how they are today, there might be several categories of “data” at play, each with its own ownership characteristics. For example:

    Vital Signs, simple Lab results (individual Analytes), EKGs, etc. 100% patient owned. Provider can access for HIPAA TPO purpose
    These are things the my body produces directly, they are converted into measurements by a piece of technology or a simple measurement technique. These to me clearly should belong to me and nobody else, I can’t imagine it would be legitimate for a provider to take my heart rate, temperature and EKG and decide they own it or can make any use of it or profit from it (they’ve already been paid to collect it) without my opt-in authorization, with the notable exception of course of the HIPAA-allowed Treatment/Payment/Operations (TPO).

    Diagnoses, Interpretations, treatment plans: Jointly owned by the patient and the provider. Subject to HIPAA TPO.
    The results of an imaging study, an EKG stress test, a pathology report, etc. These are the work output of a human expert who has spent years developing that expertise. They are akin to conducting a study and writing the results of that study. Different experts may decide to look at different inputs to derive their conclusions, request further tests they feel are pertinent, etc. These items typically take the form of a document, and the document typically includes the source observations/images/findings which were pertinent when writing the document. Clearly the Art of Medicine comes into play here and therefore it’s very conceivable that the Provider would be able to claim some ownership here. At the same time, the Provider is being compensated to produce this information, either by the patient directly or by an insurance company on behalf of the patient, so the logical ownership construct could be “joint ownership”, with of course HIPAA restrictions placed upon the provider. This “joint ownership” would benefit the provider’s research activities.

    Artists, authors, language interpreters and translators probably are very used to dealing with this type of ownership and copyright issues. What’s different in healthcare, of course, is that it’s usually not elective, so the default ownership should be in favor of the patient for the system to be fair.

    • Part of the problem comes from a very broad interpretation of “operations”. Ascension contracts Google to use Ascension’s database to develop ML models that Ascension will use to improve the operations of their health system. Since Google has a business relationship with Ascension and is therefore a “covered entity” this is completely above board. Ascension now has an ML model that they can license out to other organizations (for a fee obviously). It was trained with your data but does not contain your data.

      If this is how data ownership should work, why would this be limited to only healthcare. Credit rating agencies make huge amount of money buying, aggregating, and selling data about your credit worthiness. Online data brokers make even more money collecting and selling data about your online habits. Assuming that our society decides that “data about me” is automatically “data that belongs to me” for healthcare, does it stop there? Why would “data about my body” be more sacred than “data about my habits”?

      • We don’t know the details; Google could be the one owning the algorithm and licensing it for a fee. Google’s past behavior regarding patient consent and privacy has been inappropriate.[1]

        Again, the example of credit monitoring and online advertising are both terribly accurate examples of how this. Are these what you perceive as ethical, responsible companies? I don’t want Equifax to spew my health data all over the internet. I don’t want the Russian government to be able to target all the mentally ill people in the US with political advertising.

        To answer your question, it doesn’t stop with healthcare or my body. We need more protections for our data outside of healthcare and we need to not lose the current protections we do have in healthcare.


        • Personally I would love it if the debate over healthcare was a spark that started a larger conversation about data privacy in the US and eventually led to a large GDPResque reform of how data about people are handled across industries. Because, to answer your question, no I do not believe online advertising brokers are paragons of responsibility.

          What I’m curious about is that many people seem to feel that healthcare data are special. JF argues above that data produced by your body are in a different category than other data. It’s an interesting distinction that seems to be commonplace through out the larger conversation. Why would “data about my body” be more sacred than “data about my habits”?

  3. I believe one of the unstated goals of the meaningful use program was to reduce the number of EMR’s available by creating a certification process that required significant development investment. The ONC was clearly aware that interoperability was hard, and that by reducing the number of EMR’s, it becomes less of a burden. The result was a reduction in the total number of ambulatory EMR’s as smaller players couldn’t afford to develop the required capabilities.

    A conspiracy theorist might posit that this also aligns with the fact that smaller EMR companies are not funding campaigns and lobbying efforts. The benefit of MU primarily accrued to the large EMR vendors.

    • Notmeaningless, I agree. Also, the government has targeted the smaller EMR companies such as ECW and Greenway and assessed substantial fines for MU issues.

    • Re. “smaller players couldn’t afford to develop the required capabilities”

      I don’t know how it is in the EMR space; I’m in the imaging space. There the smaller players sometimes can, and do, develop the required capabilities. The hurdle is often in another place entirely: they can’t afford to invest in the certification process.

      That being said, not every smaller player is good in terms of capabilities; some are downright terrible. So certification has its place – if done right.

Text Ads

Recent Comments

  1. Care from the "Home Care" industry, housecleaninig, companionship, etc, is trying to move into the Hospital at Home space, but…

  2. There are many validated and published studies on patient satisfaction with "hospital at home" models, along with individual statistics presented…


Founding Sponsors


Platinum Sponsors






















































Gold Sponsors









Sponsor Quick Links