Home » News » Currently Reading:

Monday Morning Update 6/3/24

June 2, 2024 News 6 Comments

Top News


HHS OCR updates its cybersecurity FAQ to include the Change Healthcare cyberattack:

  • Nobody has issued the breach notification that was due April 21, 60 days from when the incident occurred.
  • Covered entities should contact Change Healthcare if they expect the company to issue the mandatory breach notification to affected patients on their behalf.
  • Providers don’t have to issue a breach notification as long Change agrees to do so.
  • All parties are responsible for ensuring that affected patients are notified.
  • OCR’s interest in the business associates of the companies, including providers, is secondary.
  • Determining if a ransomware attack is a HIPAA breach involves whether the attack caused PHI to be encrypted and the likelihood that the PHI is identifiable or capable of being re-identified and whether the data was actually acquired or used.

Reader Comments


From Orator: “Re: Oracle. Does the company believe that sarcastic, confrontational pieces like Ken Glueck’s blog post panning the BI article will draw healthcare admiration or improve sales?” Larry Ellison is widely recognized as Silicon Valley’s biggest bully, and one might expect his underlings to share that trait. I don’t think that this type of argumentative swagger has ever worked in healthcare, although ironically Cerner’s Neal Patterson was probably the best example before Larry bought his former company, and even Neal learned that macho personal attacks on Epic and Judy Faulkner just made Cerner look worse. Our industry respects corporate drive, but only when it is backed by some level of humility and empathy for the patients and employees of mostly non-profit health systems. Ken didn’t help the cause of the obviously butthurt Oracle by launching a public peeing match against a minimally influential website, although he’s done it before. Far better would have been a professional, factual, accomplish-centered response from David Feinberg, who at least carries healthcare credibility and holds the title of “chairman of Oracle Health,” even though it seems to be a ceremonial role of glad-handing and selfie-snapping while while the real puppet masters are Oracle’s EVPs.

Just in case any other health IT executives are considering providing their angry hot take on negative reporting about the company, I’ll offer this:

  • Don’t give a negative story legs by mentioning it, unless most of the industry is buzzing about it and demands a response.
  • Focus on the unemotional correction of misinformation.
  • Acknowledge any claimed issues that are factual and commit to resolving them.
  • Consult the employees who are the most knowledgeable to identify the article’s errors and the validity of the company’s planned response.
  • Keep the tone professional and constructive since the company will be judged on it. Have a communications expert review and offer suggestions.
  • Don’t take shots at competitors, or even better, don’t even acknowledge that they exist unless they are the focus of the article.
  • Attribute the article to the executive who has the best credentials or highest recognition among the article’s audience.
  • Consider the article’s sources and examine whether a company disconnect exists caused them to convey erroneous or negative information.
  • Invite dialog and offer to continue the discussion.

HIStalk Announcements and Requests


It’s close to an even split among poll respondents about the federal government paying for the development of health system cybersecurity tools. Commenters expressed these supporting thoughts: the federal government needs to protect patient information because healthcare organizations aren’t doing it well and someone needs to do something drastic before a bad actor takes the entire health system down. Counterpoints: the feds should encourage / require health systems to effectively using existing security technologies and the government should not spend taxpayer money just because health systems haven’t.

New poll to your right or here: How has your opinion about Oracle Health changed in the past 12 months?

HIStalk turns 21 this week, started by me in 2003 as a hobby that would keep me current on the industry for my health system IT executive job. The time has flown by and filling the blank screen energizes me every single day. I’m thrilled to have readers and sponsors, but my selfish motivation has always been my own satisfaction, although it’s gratifying that influential readers make decisions based on what they read here.


June 6 (Thursday) noon ET. “From Data to Decisions: The Vital Combination of AI and Human Expertise in Patient Care.” Sponsor: DrFirst. Presenters: David Wetherhold, MD, CMIO of ambulatory systems, Scripps Health; Dana Darger, RPh, director of pharmacy, Monument Health Rapid City Hospital; Colin Banas, MD, MHA, chief medical officer, DrFirst. In this Epic Med Management Fireside Chat, two health system leaders will share real-world examples of how AI is working in concert with their clinicians to streamline medication management by populating medication histories into Epic. generating initial drafts of patient conversations, and summarizing complex information. The presenters will also cover the latest developments on the critical and expanding role of pharmacists in patient care.

Previous webinars are on our YouTube channel. Contact Lorre to present or promote your own.



Attorneys for a woman whose baby died during childbirth at Springhill Medical Center (AL) during a 2019 cyberattack ask the judge in her negligence lawsuit to force the hospital pay the settlement that they previously agreed to. The lawsuit claims that the ransomware attack took down the fetal monitoring system that should have alerted nurses to call the OB-GYN, who has said that she would have performed a C-section had she known that the baby’s umbilical cord was wrapped around her neck. The hospital said that the doctor had the responsibility to notify the patient. The lawsuit is believed to be the first in which a patient’s death was attributed to ransomware.


Mr. H, Lorre, Jenn, Dr. Jayne.
Get HIStalk updates.
Send news or rumors.
Contact us.

HIStalk Featured Sponsors


Currently there are "6 comments" on this Article:

  1. UHG/Optum/Change will determine what is the very least they can do regarding breach notifications, and then do less.

  2. Happy Anniversary! I guess HISTalk is all grown up now. Seriously, you’ve created and curated a great resource for everyone involved in healthcare information technology. Thank you!!

  3. Happy shared 21st Anniversary month! Mine is June 18, 2003. I am immensely grateful that you started this!

  4. Happy anniversary. HIStalk is easily my most durable, reliable, and stable source of healthcare industry information.

    Well done, and I wish you many more!

Text Ads


  1. Re: Epic responds to an Epic Care Everywhere infant matching issue. This is cool. Multiple people working together to solve…

  2. There was a time when I would have accepted such an argument. It's pithy, accurate, and has long been accepted…

  3. Re: "If there were objective and reasonable criteria to determine what ought to be a states right versus a national-level…

  4. RE: A federal judge will likely invalidate the FTC’s ban on non-compete agreements based on [states rights]. Ah yes, yet…

  5. If you are interested, I can recommend a music-themed set of YouTube videos. The author is a guy named Rick…

Founding Sponsors


Platinum Sponsors





































Gold Sponsors









RSS Webinars

  • An error has occurred, which probably means the feed is down. Try again later.