I read about that last week and it was really one of the most evil-on-a-personal-level things I've seen in a…
News 1/31/24
Top News
A district attorney in New York charges a 21 year-old Florida man with stealing the prescribing credentials of hundreds of doctors, which he used to fill and sell tens of thousands of prescriptions for narcotics across pharmacies in multiple states. He faces 19 charges, including illegally selling controlled substances and diverting prescription medications.
Devin Magarian sold prescriptions that customers picked up themselves or would provide the actual drugs that his team of runners obtained from the pharmacies. He charged premium prices to customers, who he recruited via a Telegram advertisement board, because the drugs came directly from pharmacies with no chance of adulteration.
He was arrested while visiting New York to collect $14,000 from a customer who had bought 630 Oxycodone pills using one of the fake prescriptions.
The Nassau County, NY district attorney warns that drug dealers have turned into cybercriminals who know how to exploit e-prescribing systems, noting that the defendant issued 18,500 phony prescriptions to pharmacies in 18 states in a single five-hour period. Authorities have not provided details on which system he compromised or how he did it.
Reader Comments
From Force of Nature: “Re: Summa Health. I heard the podcast stumble that you mentioned about their cost of implementing Epic. Summa has corrected the transcript to $85 million.” Thanks.
HIStalk Announcements and Requests
Sponsors: you still have time to complete my information form for ViVE and/or HIMSS if you are participating.
Webinars
None scheduled soon. Previous webinars are on our YouTube channel. Contact Lorre to present or promote your own.
Sales
- HHS’s Advanced Research Projects Agency for Health selects IT support, design, development, and implementation services from Leidos.
- Torbay and South Devon NHS Foundation Trust in England will replace 25 systems with Epic.
- Vytalize Health will use WellSky’s Next Generation Provider technology to enable bi-directional communication and care coordination between Vytalize’s ACO members and acute and post-acute care providers.
People
Unlock Health names Kevin Thilborger, MHA (Huron) chief managed care officer and chief revenue strategy officer.
Kerry Armstrong (Care.ai) joins LookDeep Health as VP of sales.
Glytec names Patrick Cua (HealthStar Growth Partners) CEO; Erik Eaker, MHA (LetsGetChecked) COO; and Ashley Reynolds, PhD, RN, MSN (Vault Coaching and Consulting) chief product and experience officer.
Keith Eggert, MHA (University of Miami Health System) joins Abax Health as chief strategy officer.
Aaron Rucker, MBA (University Clinical Health) joins Murray-Calloway County Hospital as CIO.
Manhattan Surgical Hospital (KS) hires Joe DeSimone (Umbrella Managed Systems) as CIO.
Katie Peppler (Tegria) joins B.well Connected Health as VP of strategic accounts.
Retired industry long-timer Matt Atwood, MBA, MSHI, who was most recently global implementation leader of Philips Connected Care Informatics, died of colon cancer last week. He was 55.
Announcements and Implementations
Israel’s Health Ministry confirms that at least 20 hospitals have been affected by a software glitch within Elad Health’s Chameleon EHR that has led to dozens of patients being given incorrect medications. Ministry officials were first alerted to the problem 10 days ago, when hospitals began reporting that patient discharge letters contained the wrong prescriptions. Elad Health says the malfunction has been fixed. The EHR is used by 75% of Israel’s hospitals.
Atropos Health collaborates with Google Cloud to connect its de-identified patient database to Google Cloud’s tools.
Philips will stop selling its Respironics sleep apnea machines in the US to settle federal charges that the devices contained noise-reducing foam that the company knew could disintegrate and cause cancer in users. The company recalled the machines in mid-2021, several years after it was made aware of the problem. Users were advised to stop using the machine during the recall period that lasted more than a year. Philips, whose CPAP machines held a 37% market share in the US, could also face criminal charges.
Government and Politics
The Justice Department is reportedly issuing subpoenas to drug companies and EHR vendors to determine if AI is being used to influence prescribing in ways that breach anti-kickback and false claims violations. EHR vendor Practice Fusion, now owned by Veradigm, paid $145 million in 2020 for using EHR alerts to push the prescribing of opioids in a contract with drug maker Purdue Pharma. The lead investigator who pursued Practice Fusion and four other EHR vendors says that Practice Fusion made some attempt at compliance, AI-driven recommendations could be harder to track and could make more persuasive recommendations using personalization.
Texas Attorney General Ken Paxton requests medical records from a second out-of-state provider, seeking information from a Georgia telehealth clinic to verify that it does not offer gender-affirming care to Texas minors. The state requested extensive records from Seattle Children’s Hospital in November, and the Georgia clinic owner says she has seen similar letters that were sent to other organizations. The requests raise questions about the Texas AG’s authority over other states and HIPAA’s requirement to provide patient records only in response to a court order or subpoena after notifying the patient.
Other
Meritus Health (MD) credits its Epic system for helping it reduce opioid prescriptions by 55% over the last five years. The switch to Epic in 2018 allowed doctors to see facility-wide prescriptions in real time and yielded data that was used to create the policies of its new Pain Management and Opioid Stewardship Committee.
Sponsor Updates
- CereCore publishes a new e-book, “The Buyer’s Guide to IT Managed Services: Elevating Healthcare Excellence.”
- Agfa HealthCare celebrates a 20-year image management partnership with Amiri Hospital in Kuwait.
- Cardamom Health names Jennifer Riffle (Nordic) a senior consultant.
- Censinet will support healthcare organizations interested in assessing, managing, and improving coverage of and compliance with the Healthcare and Public Health Sector Cybersecurity Performance Goals recently released by HHS.
Blog Posts
- Underpayment Management: Strategies and Best Practices (AGS Health)
- Population Health Management Software: The Ultimate Guide (Arcadia)
- Facilitating Project Team Dynamics with a DRE (Arhidia Informatics)
- Ten Years Dedicated to Movement Health (Bardavon Health Innovations)
- Improving post-acute care and cost with technology (CarePort)
- Network Cybersecurity Starts with Network Maintenance (Clearwater)
- Navigating the Healthcare Technology Landscape: Embracing Digital Transformation for Long-Term Cost Savings (Direct Recruiters)
Black Book’s list of top, physician-rated ambulatory EHR vendors include the following HIStalk sponsors:
- Netsmart – behavioral and mental health / geriatrics / physical therapy and rehab / psychiatry
- Medhost – emergency medicine
- Experity – urgent care and occupational medicine
Contacts
Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Contact us.
Re: Stealing provider EPCS credentials – This article highlights the importance of providers and their administrators monitoring their EPCS reports daily! I’ve had many clients complain about the daily report being delivered to them in our system. If the Florida provider was monitoring his EPCS prescriptions written daily, they would have caught this activity early on (day 1).
RE prescription credential theft story: does New York not use two factor identification for controlled substance prescriptions?
Even if it does have 2FA, did it stop this guy (Devin Magarian)? He was arrested with the Oxycodone in hand, and he expected a big payout in return.
Even if 2FA was the Be-All to End-All of security solutions, I’d need to see 2FA in at least 20 states before I was satisfied that help was on the way. And clearly 2FA is NOT the Be-All to End-All of security solutions.
No, I’ve been around long enough to see an endless parade of technical responses to various persistent security problems. Not one of those technical responses has been a magic bullet. And several were touted as being magic bullets!
– Strong encryption, available by default (a Clinton initiative way back in the day);
– Windows NT, which both put an end to anonymous logins, and contained auditable logs;
– Removal of both IE 5 and Flash. Both were notorious sources of security flaws;
– Automated patching, notably with SUS and WSUS;
– Near universal implementation of SHTTP;
– Routine hardening of both the OS and most applications (notably, Microsoft Office);
– Widespread implementation of VPNs;
– Near universal lockdown of Wi-Fi APs;
2FA is just another technical response, and it will meet with the same outcome. A modest improvement in security, but really? Does it actually change things? No, it won’t change a thing.