- HIStalk - https://histalk2.com -

Monday Morning Update 12/16/19

Top News


Hackensack Meridian Health, New Jersey’s largest health system, admits that it has paid a ransomware hacker to regain access to its computer systems.

Some of those systems remain down two weeks after the attack began.

The health system did not reveal the amount paid, but says it carries insurance for that purpose.

Meanwhile, the city of New Orleans declares a state of emergency after shutting down all of its servers and websites following ransomware threats.

Reader Comments

From Student Union: “Re: new jobs listed in the ‘people’ section. Why do some of them not include a link to the announcement?” I learn of some of them via LinkedIn notifications from my 3,000 connections and I don’t link in those cases. My criteria for mentioning someone’s new job are: (a) I only list VP and above since I would be overwhelmed with job changes otherwise; and (b) the person has to be recognizable to many readers based on their healthcare history.


From Pleiades: “Re: Monarch Medical Technologies. FDA has recalled both of their EndoTool glycemic management / insulin dosing software products. They only offer these two products and can’t implement them at any hospital because of the open recall.” FDA recalled EndoTool IV in June 2019 because of calculation errors and and recalled EndTool Subq in November 2019 because it was distributed without FDA’s approval or clearance.

From Meaningless Use?: “Re: patient portals. A recent HIStalk interviewee said they were important because they were part of the Meaningful Use requirement. How is that important? Also, where would we be today without the HITECH Act and Meaningful Use? Many of those in the industry who started pre-MU know no other reality.” My thoughts:


From Darth Vader: “Re: UnitedHealth Group. With all this talk about reducing healthcare costs, why isn’t anyone in Congress talking about UHG, and in particular, Optum? How ingrained is this organization in every nook and cranny of the US healthcare ecosystem?” We’ve societally accepted that US healthcare is a business in which patients are the widgets of production, so it was inevitable that the whole mess (or at least the most profitable parts of it) would be controlled for maximum profit by publicly traded companies, private equity firms, and profit-admiring health system executives. Those groups are also big political donors and advertisers. The track record of a constituent-focused member of Congress dismantling a hated and excessively profitable monopoly, at least in the past few dozen years, isn’t very good. One person’s excess costs is someone else’s income and the latter don’t readily give it up.

HIStalk Announcements and Requests


Most poll respondents believe that patients own the data that providers record about them. Actually I should probably say that they wish it were true, but are aware that legally (and with ownership, that’s all that counts) patients have no such claim. Reader Conflated added a poll comment that provides a thorough overview of the issue:

It seems like three concepts are being conflated in this conversation. One is ownership of the records of the services performed by a provider (“the data”). The second is rights to access the data. The third is rights to “do stuff” with that data.

It would seem the original copy of the records stored on a provider’s EHR (or the paper records in their record closet) belong to the provider. The patient doesn’t own that copy of the records. It documents the work the provider did, the observations and results the provider captured, the medical recommendations the provider made, and is the basis of mounting a legal defense if the provider is sued for malpractice. Not to mention, there are record retention requirements the provider is required to follow, another hallmark that they own those records.

However, the patient also has a right to access and copy ALL of the provider’s records about them. That copy belongs to the patient.

Taking these two points together, then, it seems like the provider and the patient both have a right to own a copy of the same data. On a right to “do stuff” with the data, this is the more complicated thing, and the area in which HIPAA most needs a refresh. Just because a provider “owns” their copy of the records doesn’t inherently give them rights to “do stuff” with it. We have also seen some legislation that the provider has an obligation to do some stuff at the direction of the patient with said data (e.g., securely transmit it to another provider), but the provider still gets to retain a right of ownership of their copy of the data.

New poll to your right or here: What data sharing issues, if any, did you experience in your 2019 provider visits?


The “like” button you see on each article tells me that the most-liked HIStalk items in the couple of years I’ve been using it (like votes minus dislikes) are, in order:

  1. Pretzel Logic 9/30/19
  2. Readers Write: To Douse the Flames of Physician Burnout, Target the Four Biggest Time-Wasters in the EHR
  3. A Machine Learning Primer for Clinicians — Part 1
  4. Book Review: Bad Blood
  5. Readers Write: A Prescription for Poor Clinician Engagement with Health IT: Stop Communicating and Start Marketing
  6. Neal Patterson’s Final CHC Speech — November 16, 2016
  7. HIStalk Interviews Vince Ciotti, Retired HIS-torian
  8. The Smokin’ Doc Celebrates a Successful HIMSS
  9. Readers Write: The Big Fib
  10. CIO Unplugged 3/21/18


My Anonymous Vendor Executive (AVE) offered to provide more Donors Choose matching money, but I’m stymied since I still have nearly $10,000 of AVE’s previous donation in my account. Reason: most of the larger donations I’ve received came from HIMSS-related activities, such as lunch with a CIO or other promotional event, and I haven’t done those lately. I propose that we put that money to work as follows:

I’m open to other ideas as well. Let’s spend AVE’s money on a great cause. If you want to donate, here’s how:

  1. Purchase a gift card in the amount you’d like to donate.
  2. Send the gift card by the email option to mr_histalk@histalk.com (that’s my DonorsChoose account).
  3. I’ll be notified of your donation and you can print your own receipt for tax purposes.
  4. I’ll pool the money, apply the matching funds, and publicly report here (as I always do) which projects I funded.


None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre to present your own.

Acquisitions, Funding, Business, and Stock


Blue Cross Blue Shield of Massachusetts integrates its member app with Amazon’s PillPack pharmacy, allowing members who take multiple medications to order their prescriptions, pay for them, and schedule their delivery. The app will encourage those patients to switch their pharmacy to PillPack, in which case all of their information will be automatically transferred.




Rx Savings Solutions promotes Daron Sinkler to VP of sales.

Announcements and Implementations

Partners HealthCare announces a five-year digital health initiative that includes online appointment scheduling, video visits, implementation of OpenNotes, procedure and imaging cost estimates, improved interoperability, posting of ED wait times, and customized patient communications. The program also includes an incubator component. The Boston paper says the program will cost at least $100 million


An article in Wired predicts the end of drug trials that use a placebo group, i.e. patients who receive no actual treatment for their conditions to determine the benefit to those who do. EHR data can identify similar patients, then compare the new product’s results with those of the existing standard of treatment as a “synthetic control arm.” The author wisely notes that this is probably why drug company Roche paid nearly $2 billion to acquire oncology EHR vendor Flatiron Health in early 2018, having foreseen the use of real-world data for drug approvals now that EHRs are ubiquitous.


I like this proposed rework of HIPAA that appeared in the Health Affairs blog last week. It calls out HIPAA’s most glaring deficiencies in falling short of broad patient privacy protection – it regulates only covered entities and those covered entities get a free pass under “treatment, payment, and operations.” Not to mention that the US lags behind in failing to protect the information of its citizens via Europe’s GDPR.


Florida pain management practice chain Korunda Medical will pay $85,000 to settle HIPAA charges that it ignored a patient’s request to send an electronic copy of their medical records to a third party, then charged the patient an excessive amount for the paper copies it sent. The patient filed a complaint in March 2019, OCR provided penalty-free “technical assistance” to the practice and closed the complaint, but the patient filed a second complaint four days later when Korunda ignored the records request again.


Cigna will implement an AI-powered medication adherence monitoring program in January. The company says knowing whether patients are taking their meds as prescribed will allow it to improve care, while privacy experts worry that the objective of insurers is always to pay less and that the “digital dystopia masquerading as healthcare” will allow Cigna to cancel policies or avoid paying claims. Cigna paid $54 billion to acquire pharmacy services vendor Express Scripts earlier this year.


A PGY-1 osteopathic resident at AdventHealth Orlando and self-proclaimed “influencer” apologizes for pitching several healthcare products on his social media accounts, one of them a sketchy nutritional supplement for rave music festival attendees that he sells as a company rep. He explains, “It makes a lot of sense that I shouldn’t be using my medical degree as a platform to sell products. But no one teaches you this stuff.” He’s also planning to use his experience to start a business that will monitor medically related social media posts for appropriateness.


An interesting New York Times article describes how Amazon Web Services “strip mines” startups by copying their software, especially open source, and then selling it themselves. AWS generated $25 billion in revenue last year and is Amazon’s most profitable business.


In Pakistan, several cardiac inpatients die when hundreds of lawyers in their customary black suits storm a hospital, angered that one of their peers told them he had been mistreated when he brought a relative in for treatment. At least 200 lawyers vandalized hospital property, damaged vehicles, set fire to a police van, and beat several doctors. Physicians and employees then fled the hospital, leaving patients unattended, and the hospital then closed when the doctors mounted a protest strike.

Sponsor Updates

Blog Posts



Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Contact us.