Hackensack Meridian Health, New Jersey’s largest health system, admits that it has paid a ransomware hacker to regain access to its computer systems.
Some of those systems remain down two weeks after the attack began.
The health system did not reveal the amount paid, but says it carries insurance for that purpose.
Meanwhile, the city of New Orleans declares a state of emergency after shutting down all of its servers and websites following ransomware threats.
From Student Union: “Re: new jobs listed in the ‘people’ section. Why do some of them not include a link to the announcement?” I learn of some of them via LinkedIn notifications from my 3,000 connections and I don’t link in those cases. My criteria for mentioning someone’s new job are: (a) I only list VP and above since I would be overwhelmed with job changes otherwise; and (b) the person has to be recognizable to many readers based on their healthcare history.
From Pleiades: “Re: Monarch Medical Technologies. FDA has recalled both of their EndoTool glycemic management / insulin dosing software products. They only offer these two products and can’t implement them at any hospital because of the open recall.” FDA recalled EndoTool IV in June 2019 because of calculation errors and and recalled EndTool Subq in November 2019 because it was distributed without FDA’s approval or clearance.
From Meaningless Use?: “Re: patient portals. A recent HIStalk interviewee said they were important because they were part of the Meaningful Use requirement. How is that important? Also, where would we be today without the HITECH Act and Meaningful Use? Many of those in the industry who started pre-MU know no other reality.” My thoughts:
- The stimulus-focused MU program artificially goosed EHR demand similarly to the “cash for clunkers” program. Although to be fair, MU payments were tied to use rather than purchase – if you already had an EHR, you could get free money by simply using it per federal government requirements.
- Sales jumped for products nobody wanted when they were spending their own money, encouraging vendors to lie and providers who were anxious to lap at the taxpayer trough to buy products without due diligence or commitment to process change.
- Innovation was stifled because the industry’s collected wad was shot on the same old systems that weren’t selling before.
- Health IT was chosen as a shovel-ready project that could pump a lot of stimulus money into the economy quickly, and those involved made an earnest but fumbled attempt to give taxpayers $35 billion worth of benefit by conditioning the payouts on accomplishments (or lies about accomplishments via unverified attestation) on metrics that did little to improve patient outcomes, access, or cost. Providers were thinking only of their taxpayer welfare payments rather than the welfare of their patients when they bought these systems and attested that they were using them magnificently.
- Patient portals seemed sexy to an industry with a poor technology track record, but nobody bothered to ask patients if they wanted them or demanded that providers do more than to simply offer them to earn their taxpayer payday.
- Portals also gave providers an excuse for doing nothing else to improve communication with their patients, They could simply pat themselves on the back and cash their checks for turning on a portal that few patients signed up for and far fewer actually used. People do what they are paid to do – no more, no less.
- But as with most technology, it’s the people rather than the tools that are the problem. Providers like Kaiser embraced both EHRs and portals and have delivered pretty amazing benefits to patients, to the point that its portal is extensively used for patient-provider messaging, routine refill and appointment requests, and inquiries. They made their portal a competitive differentiator because it was profitable for them to do so.
- Patient portals are the technological manifestation of healthcare paternalism – patients are expected to use them (a separate one for each provider) even though the doctors may or may not, those multiple providers don’t exchange information, they are just as provider-protective since providers don’t promise quick or detailed responses to portal-posted patient concerns, and users still get a clipboard full of blank forms shoved in their face when they show up for a visit. You would likely change banks if the best technology they could come up with looked anything like a patient portal.
- Without MU, EHR sales would have picked up more gradually and smaller medical practices would probably have opted out. But that would have forced vendors to improve their products and encouraged new entrants to offer something better. The market was speaking before MU artificially manipulated it.
- I would be uneasy claiming in the absence of evidence that EHR adoption has improved outcomes, access, or cost to any extent, much less $35 billion worth. I would also cite endless surveys showing minimal patient use of portals and minimal improvement in any type of outcome as a result.
From Darth Vader: “Re: UnitedHealth Group. With all this talk about reducing healthcare costs, why isn’t anyone in Congress talking about UHG, and in particular, Optum? How ingrained is this organization in every nook and cranny of the US healthcare ecosystem?” We’ve societally accepted that US healthcare is a business in which patients are the widgets of production, so it was inevitable that the whole mess (or at least the most profitable parts of it) would be controlled for maximum profit by publicly traded companies, private equity firms, and profit-admiring health system executives. Those groups are also big political donors and advertisers. The track record of a constituent-focused member of Congress dismantling a hated and excessively profitable monopoly, at least in the past few dozen years, isn’t very good. One person’s excess costs is someone else’s income and the latter don’t readily give it up.
HIStalk Announcements and Requests
Most poll respondents believe that patients own the data that providers record about them. Actually I should probably say that they wish it were true, but are aware that legally (and with ownership, that’s all that counts) patients have no such claim. Reader Conflated added a poll comment that provides a thorough overview of the issue:
It seems like three concepts are being conflated in this conversation. One is ownership of the records of the services performed by a provider (“the data”). The second is rights to access the data. The third is rights to “do stuff” with that data.
It would seem the original copy of the records stored on a provider’s EHR (or the paper records in their record closet) belong to the provider. The patient doesn’t own that copy of the records. It documents the work the provider did, the observations and results the provider captured, the medical recommendations the provider made, and is the basis of mounting a legal defense if the provider is sued for malpractice. Not to mention, there are record retention requirements the provider is required to follow, another hallmark that they own those records.
However, the patient also has a right to access and copy ALL of the provider’s records about them. That copy belongs to the patient.
Taking these two points together, then, it seems like the provider and the patient both have a right to own a copy of the same data. On a right to “do stuff” with the data, this is the more complicated thing, and the area in which HIPAA most needs a refresh. Just because a provider “owns” their copy of the records doesn’t inherently give them rights to “do stuff” with it. We have also seen some legislation that the provider has an obligation to do some stuff at the direction of the patient with said data (e.g., securely transmit it to another provider), but the provider still gets to retain a right of ownership of their copy of the data.
New poll to your right or here: What data sharing issues, if any, did you experience in your 2019 provider visits?
The “like” button you see on each article tells me that the most-liked HIStalk items in the couple of years I’ve been using it (like votes minus dislikes) are, in order:
- Pretzel Logic 9/30/19
- Readers Write: To Douse the Flames of Physician Burnout, Target the Four Biggest Time-Wasters in the EHR
- A Machine Learning Primer for Clinicians — Part 1
- Book Review: Bad Blood
- Readers Write: A Prescription for Poor Clinician Engagement with Health IT: Stop Communicating and Start Marketing
- Neal Patterson’s Final CHC Speech — November 16, 2016
- HIStalk Interviews Vince Ciotti, Retired HIS-torian
- The Smokin’ Doc Celebrates a Successful HIMSS
- Readers Write: The Big Fib
- CIO Unplugged 3/21/18
My Anonymous Vendor Executive (AVE) offered to provide more Donors Choose matching money, but I’m stymied since I still have nearly $10,000 of AVE’s previous donation in my account. Reason: most of the larger donations I’ve received came from HIMSS-related activities, such as lunch with a CIO or other promotional event, and I haven’t done those lately. I propose that we put that money to work as follows:
- I will (since the AVE suggested it) match donations $2 for every $1, and other matching will surely increase the bang for your donation buck.
- For company donations of $1,000 or more, I’ll include a text message of your choice in an HIStalk update email in addition to the usual thank-you message on the site.
I’m open to other ideas as well. Let’s spend AVE’s money on a great cause. If you want to donate, here’s how:
- Purchase a gift card in the amount you’d like to donate.
- Send the gift card by the email option to email@example.com (that’s my DonorsChoose account).
- I’ll be notified of your donation and you can print your own receipt for tax purposes.
- I’ll pool the money, apply the matching funds, and publicly report here (as I always do) which projects I funded.
Acquisitions, Funding, Business, and Stock
Blue Cross Blue Shield of Massachusetts integrates its member app with Amazon’s PillPack pharmacy, allowing members who take multiple medications to order their prescriptions, pay for them, and schedule their delivery. The app will encourage those patients to switch their pharmacy to PillPack, in which case all of their information will be automatically transferred.
- DHR Health Institute for Research and Development (TX) joins the TriNetX global health network to improve clinical trials access to Hispanic residents of the Rio Grande Valley.
Rx Savings Solutions promotes Daron Sinkler to VP of sales.
Announcements and Implementations
Partners HealthCare announces a five-year digital health initiative that includes online appointment scheduling, video visits, implementation of OpenNotes, procedure and imaging cost estimates, improved interoperability, posting of ED wait times, and customized patient communications. The program also includes an incubator component. The Boston paper says the program will cost at least $100 million
An article in Wired predicts the end of drug trials that use a placebo group, i.e. patients who receive no actual treatment for their conditions to determine the benefit to those who do. EHR data can identify similar patients, then compare the new product’s results with those of the existing standard of treatment as a “synthetic control arm.” The author wisely notes that this is probably why drug company Roche paid nearly $2 billion to acquire oncology EHR vendor Flatiron Health in early 2018, having foreseen the use of real-world data for drug approvals now that EHRs are ubiquitous.
I like this proposed rework of HIPAA that appeared in the Health Affairs blog last week. It calls out HIPAA’s most glaring deficiencies in falling short of broad patient privacy protection – it regulates only covered entities and those covered entities get a free pass under “treatment, payment, and operations.” Not to mention that the US lags behind in failing to protect the information of its citizens via Europe’s GDPR.
Florida pain management practice chain Korunda Medical will pay $85,000 to settle HIPAA charges that it ignored a patient’s request to send an electronic copy of their medical records to a third party, then charged the patient an excessive amount for the paper copies it sent. The patient filed a complaint in March 2019, OCR provided penalty-free “technical assistance” to the practice and closed the complaint, but the patient filed a second complaint four days later when Korunda ignored the records request again.
Cigna will implement an AI-powered medication adherence monitoring program in January. The company says knowing whether patients are taking their meds as prescribed will allow it to improve care, while privacy experts worry that the objective of insurers is always to pay less and that the “digital dystopia masquerading as healthcare” will allow Cigna to cancel policies or avoid paying claims. Cigna paid $54 billion to acquire pharmacy services vendor Express Scripts earlier this year.
A PGY-1 osteopathic resident at AdventHealth Orlando and self-proclaimed “influencer” apologizes for pitching several healthcare products on his social media accounts, one of them a sketchy nutritional supplement for rave music festival attendees that he sells as a company rep. He explains, “It makes a lot of sense that I shouldn’t be using my medical degree as a platform to sell products. But no one teaches you this stuff.” He’s also planning to use his experience to start a business that will monitor medically related social media posts for appropriateness.
An interesting New York Times article describes how Amazon Web Services “strip mines” startups by copying their software, especially open source, and then selling it themselves. AWS generated $25 billion in revenue last year and is Amazon’s most profitable business.
In Pakistan, several cardiac inpatients die when hundreds of lawyers in their customary black suits storm a hospital, angered that one of their peers told them he had been mistreated when he brought a relative in for treatment. At least 200 lawyers vandalized hospital property, damaged vehicles, set fire to a police van, and beat several doctors. Physicians and employees then fled the hospital, leaving patients unattended, and the hospital then closed when the doctors mounted a protest strike.
- Redox releases a new podcast, “An interview with Dr. Fatima Paruk, Microsoft’s Chief Medical Innovation Officer.”
- OmniSys launches the Pharmacy Talk newsletter.
- PatientPing releases a new customer success video featuring UI Health Senior Director, Care Continuum, Rani Morrison.
- Academic Radiology features an editorial from Visage Imaging’s MingDe Lin, “Accelerating the Translation of Artificial Intelligence from Ideas to Routine Clinical Workflow.”
- Seasonal Depression Awareness Month (Lightbeam Health Solutions)
- Hospital Budgets 2020: Resist the Cost-Cut Bias and Invest for Success (Loyale Healthcare)
- Helping organizations focus on care, not IT: Discussing Meditech’s cloud journey (Meditech)
- Survey Points to Major Burnout Concerns Among Clinicians (Health Catalyst)
- Enable Multidisciplinary Care with Smarter Team Tools (Mobile Heartbeat)
- Physical Therapists, Physical Therapy Assistants, Physical Therapy Aides – Looking at the Core Clinical Workforce of a Practice (MWTherapy)
- Top integration challenges in healthcare IT (OpenText)
- Five Keys to Planning EHR Go-Live Support for Providers (CereCore)
- 4 ways to boost patient engagement (Experian Health)
- What Are Millenials Looking for During Patient Payment Collections? (PatientBond)
- Three Decades of Nursing: Looking Back to Move Forward (PatientSafe Solutions)
- Satisfied Patients Say What??? (Patientco)
- #GetToThePoint: Six strategies to take action on tests pending at discharge (TPADs) and prevent potential harm. (Pivot Point Consulting)
- The Role of Patient Engagement in Remote Patient Monitoring (PerfectServe)
- Identity Goes to Vegas: Gartner IAM (SailPoint Technologies)
- Managing diabetes: High-touch, high-tech collaboration between patient and care team (StayWell)
- The Critical Importance of Patient Matching Capabilities (Summit Healthcare)
- 2018 Progress Report Myths v. Reality: How Healthcare Providers are Using Powerful Solutions to Deliver Better Care Nationwide (Surescripts)
- Beyond the Electronic Health Record: Human-Centered Design to Reduce Clinicians’ Cognitive Burden (Vocera)
- 4 Facts Every PT Should Know About Telehealth Compliance (WebPT)