Home » News » Recent Articles:

News 4/13/16

April 12, 2016 News 8 Comments

Top News

image

CMS announces a five-year, 5,000-practice test of Comprehensive Primary Care Plus (CPC+), a new medical home model that moves payments further away from fee-for-service. Eligible practices can apply to participate in one of two tracks, both of which require use of a certified EHR.

Track 1 practices will be paid $15 per month per Medicare patient plus performance-based incentives in return for providing 24/7 patient access and supporting quality improvement activities. Track 2 practices will be paid $28 per Medicare patient plus performance-based incentives and must also follow up after ED or inpatient discharge, connect patients to community resources, and have their EHR vendor sign an agreement that “reiterates their willingness to work together with CPC+ practice participants to develop the required health IT capabilities.”

CPC+ will begin in January 2017. 


Reader Comments

image

From Bob: “Re: Meditab. Any news? Emails are bouncing and phone numbers are disconnected.” I’ve barely heard of the ambulatory EHR vendor, so I don’t have a lot of interest or knowledge about whether they are defunct or not. I tried to contact sales and got into an endless PBX loop.

From Lance Carbuncle: “Re: Vocera. Lawsuits are flying after an infringement on the privacy (and dignity) of a patient. A mother whose baby passed away was subjected to an open communication between the transplant team and the nurse wearing her Vocera badge. Then the worst part was the care team disclosed that the mother has HIV to the family over a ‘speakerphone’ Vocera badge.” Unverified. A patient sues Tampa General Hospital (FL) for disclosing HIV test results without authorization, claiming that a nurse spoke to the transplant team on speakerphone. The hospital has announced its intention to replace Vocera with Voalte.

image

From Portobello: “Re: Arkansas Children’s Hospital. Is walking away from its Meditech 6.1 implementation for Epic. I am wondering if the hospital is being acquired by a larger health system and it just hasn’t been announced yet or if the ambulatory product was so poorly implemented that it pushed them away.” Sources tell me the hospital is not happy with Meditech’s new ambulatory system, to the point they had to halt its rollout. Ambulatory has been the Achilles heel of Meditech and lack of a competitive offering is further marginalizing company as the choice of small hospitals that would rather have Epic or Cerner but can’t afford them. It’s a shame because we really could use more inpatient EHR competition. Meditech’s executives and directors average 65 and 77 years of age, respectively, and while I admire that the company has rigidly stuck to its knitting for 50 years, sometimes it feels like the rich, Boston-society guys in charge are no longer fully engaged enough to successfully run a technology company in the face of better competition than they had in 1990. It would have been interesting if Athenahealth had bought Meditech in its effort to penetrate the inpatient market, but that would have probably been a $1 billion acquisition loaded with legacy baggage and a customer base of small hospitals that are being bought out by larger health systems who want everybody running the same system.

image

image

image

From Diametric: “Re: Bill Childs. He published this document in April 1968 when he was at Lockheed. I’ve always kept this document to remind me what’s important. While the technology has changed, I think this can still serve as a supplemental guide for rational development. I have interacted with perhaps 200 vendors over the years and found those that held close to this philosophy made the best partners.” I set up the document for downloading here. It’s a remarkable manifesto written nearly 50 years ago that spells out the still-valid requirements for hospital clinical systems. Bill started at Lockheed doing missile programming, then in 1968 moved over to the company’s new project of building a hospital information system. He later joined Technicon Data Systems. Not only was he a healthcare IT technology pioneer, he then started what became Healthcare Informatics magazine and ran that from 1980 to 1995 before getting back into the vendor world. Somehow he hasn’t yet won the HIStalk Lifetime Achievement Award despite being amply qualified. Thanks for sending over the document – it made my day.


HIStalk Announcements and Requests

image 

I uncharacteristically funded a non-STEM DonorsChoose project from Ms. A from Texas, whose grant request asked for two trumpets for her music classes that are creating the area’s first school band. She reports, “While many of our scholars have very little material possessions, I truly believe we are providing them with something that cannot be purchased with money. We are offering them something that goes beyond what they can buy, which is confidence, creativity, and self-expression.”


Webinars

None scheduled soon. Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

GE Ventures and Mayo Clinic create Vitruvian Networks, which will offer software and manufacturing capabilities to support personalized medicine in the treatment of cancer, specifically those blood diseases that can be treated by reengineering the patient’s own blood cells.

image

Diabetes management software vendor Livongo Health, founded by former Allscripts CEO Glen Tullman, raises $44.5 million in a Series C round, increasing its total to $77.5 million. 


Sales

North Memorial Health Care (MN) goes live on the VitraView enterprise image viewer from Vital Images. 

image

Tift Regional Health System (GA) chooses Cerner’s clinical and financial systems.

image

University of Kansas Hospital (KS) will replace Cisco phones and Vocera voice badges with Voalte’s clinical communication and alert notification system.

image

The State of Vermont will offer PatientPing to all state providers to give them real-time alerts when their patient is being seen by another provider.


People

image

Susan Pouzar (Versus Technology) joins H.I. S. Professionals as SVP of sales and marketing.

image

NIH hires Eric Dishman (Intel) as director of its Precision Medicine Initiative Cohort Program.

image

Adrienne Edens (Sutter Health) joins CHIME as VP of education services.

image

Forward Health Group hires Subbu Ravi (Amphion Medical Solutions) as COO.

image

Streamline Health Solutions names Shaun Priest (Influence Health) as SVP/chief growth officer.

image

GetWellNetwork hires Scott Filion (Digital Health Innovations) to the newly created role of president.


Announcements and Implementations

Kaiser Permanente launches Research Bank, where volunteer KP members will contribute their genetic information as well as behavioral and environmental factors to allow researchers to study their effect on health. 

Presbyterian Homes of Georgia (GA) goes live with the HCS Interactant EHR.

Logicalis will offer its healthcare clients single sign-on and biometric ID solutions from HealthCast Solutions to support e-prescribing.


Technology

Boston Children’s Hospital (MA) launches cloud-based parent education for Alexa-powered devices such as Amazon Echo. KidsMD will be packaged as an Alexa “skill” that can be enabled by saying phrases such as, “Alexa, ask KidsMD about fever.”


Other

A former Michigan house majority whip who is also a physician is charged with healthcare fraud for providing nerve blocks for patients he hadn’t examined, then billing for his services although nurse practitioners staffed his clinics. Paul DeWeese is accused of storing his signature electronically in the EHR and then giving employees his login credentials to falsely indicate that he had met the insurance company’s requirement of reviewing the clinical documentation before being paid. He lost his medical license last summer for writing narcotics prescriptions for patients he hadn’t examined.

Former University of Missouri Chancellor R. Bowen Loftin, forced out of his job and into a newly created position with the joint MU-Cerner project called Tiger Institute for Health Innovation, never took the promised job after Cerner complained that the university didn’t consult them before announcing it. 


Sponsor Updates

  • PatientKeeper will exhibit at the 2016 International MUSE Conference in Orlando, May 31-June 3.
  • AirStrip will exhibit at the Regional CEO Forum April 13-15 in Chicago.
  • Frost & Sullivan recognizes Bernoulli with the 2016 North American Frost & Sullivan Award for Product Leadership.
  • PatientPay will plant a tree through The Nature Conservancy for every patient payment the company receives on Earth Day, April 22.
  • Besler Consulting is named a finalist in several B2B Marketer Awards categories.
  • CapsuleTech will exhibit at the 2016 American Nursing Informatics Association Conference April 21-23 in San Francisco.
  • CoverMyMeds will exhibit at the North Carolina HIMSS Annual Conference April 20-21 in Raleigh.
  • Direct Consulting Associates will exhibit at the Health IT Summit April 19-20 in Cleveland.
  • EClinicalWorks joins the National Patient Safety Foundation’s Patient Safety Coalition.
  • Form Fast, Health Data Specialists and Healthwise will exhibit at the Cerner Southeast Regional User Group Meeting April 20-22 in Charlotte, NC.
  • Galen Healthcare Solutions wins the #HITMC 2016 Best Content Marketing Award.
  • Healthfinch CEO Jonathan Baran will serve as a judge during Madison Startup Weekend April 22 in Wisconsin.

Blog Posts

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Monday Morning Update 4/11/16

April 10, 2016 News 6 Comments

Top News

 image

Dell’s security business finds that the going rate for hiring a hacker to penetrate Gmail, Hotmail, or Yahoo email accounts is $129, while breaching a corporate email account runs $500. They will hack into a Facebook or Twitter account for $129, provide a complete US identity (driver’s license, Social Security Card, and utility bill) for $90, or provide a Visa or MasterCard for $7. They’ll even turn over a US bank account with a $1,000 balance for just $40.

image

The enterprise price list is even more sobering – hackers will launch a denial-of-service attack for as little as $5 or will install a remote access Trojan for $5 to $10. Security sites have noted that hackers are selling Ransomware as a Service for $50 plus a 10 percent commission on the ransom money paid, allowing non-technical criminals to easily and immediately launch their own extortion business.


Reader Comments

From Twidiots: “Re: [publication name omitted]. Stole your story about the DoD’s EHR project name without giving credit. I’m going to email them.” It’s common for sites to miss subtle but significant news items until they read about them on HIStalk, but it’s obvious this time because I ran the Tuesday evening announcement in my Thursday night news and suddenly everybody’s running it first thing Friday, pretending they found the days-old announcement themselves. That’s OK, but it’s still lazy to reword the DoD’s announcement without linking to it and to cite the published quotes as “US Department of Defense officials said” like some general called them up with a scoop. I guess they get lots of readers, just like those clueless “9 things you need to know” sites that rarely contain anything you might actually need to know. I think HIStalk readers are smarter than that, so there’s no need to email the publication.

image

From Vince Ciotti: “Re: Leapfrog’s tests that showed CPOE systems missed 39 percent of harmful drug orders and 13 percent of potentially fatal ones. That means they flag 61 percent and 87 percent, respectively – great progress since paper charts caught none of them!” Leapfrog took a measured approach in describing its findings as it does every year during Medication Safety Awareness Week, noting that CPOE warnings are doing a pretty good job. It’s nice that we’ve moved from questioning whether such warnings work at all to urging that it work 100 percent of the time.

From boyfrommer: “Re: Decision Resources Group. CEO Jim Lang quit and will be replaced with Jon Sandler of IndUS Group, the private equity arm of the group that purchased (and overpaid for) DRG in 2012. Jon has no operating experience and neither does his COO, who also comes from IndUS.” I’ve never heard of the company, which appears to provide medically related research reports.

From The PACS Designer: “Re: ICD-10-PCS. It’s an exciting time for healthcare as the ICD-10-PCS Procedure Codes will be updated with 3,651 additions by CMS to further enhance it starting October 1. Here’s a sample: 0273356 Dilate 4+ Cor Art, Bifurc, w 2 Drug-elut, Perc (abbreviated version) or Dilation of Coronary Artery, Four or More Arteries, Bifurcation, with Two Drug-eluting Intraluminal Devices, Percutaneous Approach.”


HIStalk Announcements and Requests

image

Poll respondents would fell safest having their medical information in the hands of Apple and an EHR vendor, placing the least trust with Microsoft and an HIE. My suspicion is that the spate of health system breaches of many kinds has cause people in general (and healthcare IT people in particular) to lose faith that their information will remain confidential. New poll to your right or here: have you had a virtual visit in the past 12 months?

image image

Ms. Chestnut from Indiana says her fourth graders are becoming better world citizens by studying the library of nearly 100 books we provided in funding her DonorsChoose grant request.

image image

Also checking in is Mrs. P from Virginia, who says she has “been laminating like a mad woman and our new printer is SO FAST” in describing some of the supplies that we provided, from which her elementary school students are creating their own math and reading games that they play independently.

Listening: The Raconteurs, the possibly defunct Detroit-Nashville supergroup foursome that includes Jack White, formerly of The White Stripes. It’s catchy, has big horns, and pushes into acid rock/Led Zeppelin in its experimentation. That sent me back (as happens frequently) to one the greatest (and most intelligent) live rock and roll bands in the world, Sweden’s Howlin’ Pelle Almqvist and The Hives.


Last Week’s Most Interesting News

  • The Department of Defense gives its Cerner project the name MHS Genesis.
  • MedStar Health (MD) disputes reports that its ransomware attack was made possible by unpatched server software.
  • HHS asks for suggestions for interoperability measures that it should incorporate into MACRA objectives.
  • Massachusetts General Hospital (MA) and two hospitals of NYC Health + Hospitals go live on Epic.
  • At least two more hospitals are taken offline by ransomware attacks, this time in California and Indiana.

Webinars

One of the best (and most timely) webinars we’ve done was last week’s “Ransomware in Healthcare: Tactics, Techniques, and Response” by Sensato CEO John Gomez. We had a big, engaged crowd that asked John so many questions that we didn’t have time to address them all in our scheduled one hour. It’s worth watching — we asked John to put this together purely as a public service, so there’s zero pitch or commercial influence involved.

None scheduled soon. Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

Medical equipment and workflow vendor Midmark Corporation will acquire RTLS vendor Versus Technology to enhance its clinical workflow offerings.

Asset, facilities, and real estate management software vendor Accruent acquires Mainspring Healthcare Solutions, which offers equipment maintenance and asset management systems.

Oncology EHR vendor Flatiron Health announces strategic partnerships with its drug company customers Celgene and Amgen, both of which participated in the company’s $175 million funding round in January 2016.


People

image

St. Peter’s Health Partners (NY) promotes interim VP/CIO Chuck Fennell to the permanent position.


Announcements and Implementations

IBM and drug company Pfizer will collaborate to remotely monitoring sensor data from people with Parkinson’s disease to look for new diagnostic and treatment insights.


Privacy and Security

Einstein Healthcare Network (PA) notifies 3,000 people who filled out a web form requesting information that their entries were exposed when the form’s underlying database was inadvertently opened up to the Internet.

Target says in a securities filing that it has spent $300 million cleaning up the mess from its 2013 data breach, of which it expects only $90 million to be covered by cyberinsurance.

Adobe urges computer users to upgrade to the latest level of Flash released last week after finding flaws that allow delivery of ransomware. Steve Jobs was right when he said in 2010, “Symantec recently highlighted Flash for having one of the worst security records in 2009. We also know first hand that Flash is the number one reason Macs crash. We have been working with Adobe to fix these problems, but they have persisted for several years now. We don’t want to reduce the reliability and security of our iPhones, iPods, and iPads by adding Flash.”


Other

Want to make it obvious you don’t really know healthcare IT? Refer to inpatient drug “orders” as “prescriptions.”

image

Wired profiles artificial intelligence technology vendor Sentient Technologies, which has raised $143 million in funding since 2008 to create financial applications. The company is developing an “AI nurse” that can predict patient condition changes. The co-founder describes how such a system can teach humans:

One of the good things about evolutionary AI is that — if you know how to read it — you can actually see the rule sets. In the case of traders or of AI nurses (on which we are working, too), they are fairly complex beings. A trader may have up to 128 rules, each with up to 64 conditions. Same thing for an AI nurse. So, they are pretty complex systems and the interplay among these rules is not always linear. But if you spend some time on it, you can still understand what this thing is doing, because it’s declaratory — it says what it is doing, in other words. So we can certainly take this and learn from this what works and what doesn’t work when it comes to solving a certain problem. AI can teach people to make better decisions.

image

Authors from Kaiser Permanente describe what the organization has learned from having many of its patients use its patient portal over several years.

  • Seventy percent of KP’s eligible adult patients, 5.2 million people, have registered to use its Epic MyChart-powered portal called My Health Manager.
  • KP providers and patients exchanged 23 million secure emails in 2015, representing one-third of all PCP encounters in the first half of 2015.
  • Use of secure email was associated with a 2 to 6.5 percent improvement in HEDIS measures and a 90 percent approval rate by users with chronic conditions.
  • My Health Manager users are 2.6 times more likely to remain KP members.
  • KP is studying the disparities introduced by e-health technologies after its studies found that a disproportionate number of users are white, older, and better educated.

Weird News Andy says he’s a sucker for stories like this. Wichita, KS police arrest a 36-year-old man for child abuse after the two-year-old son of his 21-year-old girlfriend is brought to the ED not breathing due to a two-inch dead octopus blocking his throat. The boyfriend claims the child swallowed the octopus while the mother was at work. Police say it wasn’t a pet – it was intended for sushi. The child is OK.


Sponsor Updates

  • DrFirstwill exhibitat the 2016 International MUSE Conference May 31 – June 3 in Orlando, FL.
  • T-System will exhibit at the UCAOA National Urgent Care Convention April 17-20 in Orlando.
  • TierPoint will host a seminar on Emerging Threats & Strategies for Defense April 13 in Liberty Lake, WA.
  • TransUnion CMO Julie Springer is inducted into Direct Marketing’s 2016 Marketing Hall of Femme.
  • Valence Health will exhibit at the First Illinois HFMA Spring Symposium April 11-12 in Chicago.
  • Visage Imaging will exhibit at the 2016 Spring Radiology & Imaging Conference April 13-15 in Atlanta.
  • VitalWare will exhibit at the 2016 Vizient Supplier Summit April 11-13 in Las Vegas.
  • Huron Consulting Group will exhibit at the 2016 AAPL Annual Meeting and Spring Institute April 11-17 in Washington, DC. 
  • West Corp. will exhibit at the World Health Care Congress April 10-13 in Washington, DC.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

News 4/8/16

April 7, 2016 News 9 Comments

Top News

image

The Department of Defense christens its Cerner-centered EHR project as MHS Genesis. The functional project champion explains, “We want people to know MHS Genesis is a safe, secure, accessible record for patients and healthcare professionals that is easily transferred to external providers, including major medical systems and Department of Veterans Affairs hospitals and clinics. When our beneficiaries see this logo or hear the name, they’ll know their records will be seamlessly and efficiently shared with their chosen care provider.”

image image

I might quibble that the DoD’s new logo incorrectly contains all capital letters in spelling GENESIS and looks like something a Photoshop newbie might design, but at least it uses the correct Greek mythology symbol of the wingless Staff of Asclepius – which denotes healing and medicine –rather than the oft-mistaken winged Staff of Caduceus, which is symbol of commerce. Still, I  can understand how the latter is more appropriate than the former in our convoluted healthcare system, where the lines at the financial trough are often serpentine.


Reader Comments

image

From ZenMaster: “Re: Sandlot Solutions. Website down. Phone not working. Clients frantic. A cautionary tale for all the start up Population Health Analytics companies out there. HIE / Healthcare Data Aggregation / Population Analytics is hard. Proceed with caution.”

image

From A Vendor That Also Finds Email Tracking Slimy: “Re: vendors being informed when you open their spam email and then contacting you directly. Most of these programs function by embedding a one-pixel image into emails and tracking when that image is loaded. Disable the automatic download of images in your mailbox settings or contact your organization’s IT team about blocking or filtering items that are created using similar methods like Tout, Sidekick, Yesware, Streak, etc.” Promos for the Yesware tracker shows why aggressive companies keep using it for “prescriptive analytics” to pester prospects – unfortunately, it works, just like other sales techniques that range from cold calling to outright lying.


HIStalk Announcements and Requests

image

We funded the DonorsChoose grant request of Ms. S in Texas, who asked for five animation studio kits for her elementary school class to produce STEM-related movies.

image image

Also checking in is Mrs. S from Connecticut, whose middle schoolers are using the Chromebooks we provided to publish and discuss their writing, with some of the most active participants being those students who don’t otherwise engage.

image

Speaking of Chromebooks, I decided to round out my little technology arsenal of everything I use to research and write HIStalk (a $300 Toshiba laptop and a $200 iPad Mini) with a Chromebook. The Asus C201 has an 11.6-inch monitor (perfect for traveling), 4 GB of memory, a 16 GB solid state drive, a very nice Chiclet keyboard (I’m not a fan of on-screen and tiny Bluetooth keyboards), and a battery life of around 10-12 hours. It weighs about 2 pounds and is 0.7 inches thick. It powers on and off almost instantly and took almost no time to set up, automatically updating itself as needed in the background with no third-party antivirus needed. The learning curve is pretty much zero – the only workaround I had to look up was how to regain Delete-key function since that key is omitted from most Chromebooks for space reasons. Best of all, it was only $200 complete with a nice padded sleeve and a wireless mouse with nano receiver. Chromebooks use the Chrome OS operating system instead of Windows or Linux, so they won’t run most desktop apps, but the Chrome browser is very fast (as are Google Docs and Gmail), Dropbox works fine, and thankfully my most valuable program LastPass works great on it for automatically logging me in password-protected sites I’ve saved, like Amazon. I even installed the Chrome OS version of Teamviewer in case I need to remote back into the laptop to do something. It’s not for everyone – for example, folks who rely on desktop versions of Office – but you might be surprised at how much of your work is online once you think about it and this is an inexpensive, lightweight, headache-free alternative to Windows or Apple laptops. 

This week on HIStalk Practice: KAI Innovations acquires Trimara Corp. Family physician Kim Howerton, MD stumps for direct primary care in Tennessee. DuPage Medical Group expands relationship with PinpointCare. Cable and home security business Connect Your Home gets into the telemedicine business. Culbert Healthcare Solutions VP Johanna Epstein offers advice on improving patient access (and ROI to boot). Kaiser Permanente Northwest puts medical record access at patient fingertips. Tribeca Pediatrics founder details the drastic steps he took to revitalize his failing practice. Biotricity CEO Waqaas Al-Siddiq offers his take on what’s holding physicians back from making the wearables leap.


Webinars

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

Andover, MA-based National Decision Support Company opens a research and development headquarters in Madison, WI.

image

Population health management systems vendor Lightbeam Health Solutions acquires Browsersoft, which offers an HIE solution built with open source tools.

image

Digital check-in vendor CrossChx raises its second $15 million round in two years, increasing its total to $35 million.


Sales

image

Tampa General Hospital (FL) will implement the Voalte Platform for caregiver communication.

Universal Health Services will replace the former Siemens Invision revenue cycle solution with Cerner’s revenue cycle solution, integrating with UHS’s existing Millennium products. For-profit hospital management company UHS operates 25 hospitals.

The Department of Defense awards a five-year, $139 million contract to McKesson’s RelayHealth for patient engagement and messaging solutions. I assume that’s an extension or expansion since the military was already using RelayHealth.

Ernest Health (NM) will expand its use of NTT Data’s Optimum Clinicals suite in four facilities. The organization uses Optimum RCM in its 25 locations.

image

Queensland, Australia’s Metro North chooses the referrals management system of Orion Health.


People

image

Influence Health names Michael Nolte (MedAssets) as CEO. He replaces Peter Kuhn, who remains as president, chief customer officer, and board member.


Announcements and Implementations

image

Franciscan Alliance (IN) uses InterSystems HealthShare to create a vital signs viewer for legacy data that can be accessed from inside Epic by its 140-physician group.

image

India-based doctor finding and appointment scheduling app vendor Practo begins answering medical questions from India, the Philippines, and Singapore at no charge via Twitter using the @AskPracto account.


Government and Politics

image

National Coordinator Karen DeSalvo, MD, MPH says of information blocking in a Wall Street Journal interview, “We don’t have all the authority we need to really be able to dig into the blocking effort. We have put forward a proposal to Congress asking for more opportunities to address the issue.” She says that it’s a big step that the major inpatient EHR vendors have pledged to not participate in information blocking vs. a year ago when “people said blocking is a unicorn and not happening.” She adds consumers are interested in third-party apps that can extract data from elsewhere to create their own longitudinal health record and says that person-centric medical records will shift “very deliberately away from the electronic health record as being the source or center of the health IT universe.”

image

HHS asks for ideas about how to measure interoperability within MACRA objectives, with responses due June 3. The most interesting part of the information published in the Federal Register is that ONC is considering analyzing the audit logs of EHR users to determine how often they exchange information.

AMIA says proposed HHS changes that would give drug and alcohol abuse patients more control over their medical records aren’t adequate and fail to address electronic information exchange. AMIA wants HHS to revisit the idea of giving patients granular sharing control over their entire medical record, saying that managing substance abuse data differently is “a dated concept and flawed approach.” Doug Fridsma, MD, PhD, AMIA president and CEO, said in a statement, “Clearly, the trend in healthcare is to make patients first-order participants in their care. This means giving them complete access to their own medical records, and it should mean giving them complete control over who sees their medical information.”


Privacy and Security

MedStar Health (MD) disputes earlier Associate Press reports indicating that an unpatched JBoss server allowed hackers to take its systems down with ransomware. MedStar says Symantec, which it hired to investigate the attack, has ruled out unapplied 2007 and 2010 JBoss patches as the problem. The AP stands by its earlier report and adds that experts say that the Samsam ransomware that infected MedStar can be prevented by keeping updates current.

Google’s Verily Life Sciences biotechnology company comes under fire for awarding a research contract to a company its own CEO owns and for failing to tell its Baseline health study volunteers that it is planning to sell their data to drug companies for a profit.

image

Metropolitan Jewish Health System (NY) announces that an employee of one of its participating agencies responded to a phishing email in January 2016, with the unidentified hacker gaining access to the email account that contained PHI.


Other

Leapfrog Group  finds that CPOE systems still miss a significant number of drug ordering errors, failing to warn the prescriber of potentially harmful orders 39 percent of the time and also missing 13 percent of potentially fatal orders. Leapfrog collects voluntary CPOE test results from hospitals that use its testing tool.

The AMA publicly supports AllTrials, a global campaign that calls for every past and present clinical trial to be registered with their methods and summary results reported. The campaign says it’s not fair to study participants to hide study results that are inconclusive or unfavorable to the sponsoring organization, such as a drug company buying a study that finds one of its products ineffective. Commendably, the AMA’s involvement came from a proposal from its Medical Student Section. 

image

The COO of BCBS of North Carolina, promoted from CIO four years ago, resigns abruptly after the botched rollout of a billing and enrollment system last November during Healthcare.gov’s open enrollment period. The company is scrambling to rewrite the system in time the next open enrollment that starts November 1. It found an unspecified “fatal problem” in its software before last year’s open enrollment began, but continued anyway thinking it could fix problems as they arose, causing 147,000 customer calls on November 1 alone and 500,000 in the first week. The company imposed emergency measures in January 2016 after projecting that it will lose $400 million in North Carolina Healthcare.gov business, turning off the ability for consumers to apply online since they had no way to determine whether the applicant was actually eligible to purchase insurance.

image

The always-hustling Newt Gingrich pens an editorial criticizing his home state of Georgia for proposing to outlaw people doing their own eyeglass exams at home via a company’s app. USA Today got the assurance of Newt’s people that he had no financial interest in any related firms before running his op-ed piece, only to find out afterward that he’s running a $100 million tech fund with a private equity firm.

image

I missed a great April Fool’s prank by MedData, who announced the April 1 hiring of Hayden Siddhartha "Sidd" Finch as chief experience officer, slyly referencing a 1985 George Plimpton April’s Fool fake story in Sports Illustrated involving a Tibetan pitcher with a 168 mph fastball. The brilliant Plimpton even led off the 1985 story with a clever clue in spelling out “Happy April Fool’s Day” with the first letters of each word in the opening sentence, but still duped a significant number of people who should have known better (including a Senator, reporters, and Mets fans looking for hope).

An article questions whether it’s OK for sexting-comfortable teens to send genitalia photos to their doctors for diagnosis, wondering whether those images should be sent securely or whether the doctor receiving them might even be charged with possessing child pornography.

image

A woman who recorded her hernia operation with a hidden recorder captures OR staff making fun of her belly button and calling her “Precious” from the movie about an overweight teen. Harris Health System (TX) declined to comment citing HIPAA, but told the woman they had reminded OR staff to watch their comments and that was enough. She says she was racially profiled and is considering suing.

A primary care physician at Massachusetts General Hospital (MA) says the lack of patient narrative in EHRs dehumanizes patients and hampers the diagnostic abilities of physicians, noting that the story of Cinderella, if entered into the hospital’s newly implemented Epic system, would be a problem list consisting of “Poverty, Soot Inhalation, Overwork, and Lost Slipper.” She describes Epic (and thus EHRs in general) as:

Epic features lists of diagnoses and template-generated descriptions of symptoms and physical examination findings. But it provides little sense of how one event led to the next, how one symptom relates to another, the emotional context in which the symptoms or events occurred, or the thought process of the physician trying to pull together individual strands of data into a coherent narrative. Epic is not well-suited to communicating a patient’s complex experience or a physician’s interpretation of that experience as it evolves over time, which is to say: Epic is not built to tell a story.

A Boston Globe article ponders why the medical schools of Harvard and nine of its prestigious peers like Yale, Johns Hopkins, and Columbia don’t have a department of family medicine. Harvard blames lack of costly participation by its affiliate hospitals to support a residency. However, a Harvard medical student says doctors specializing in internal medicine and pediatrics often bolt for more lucrative subspecialties while most family medicine practitioners remain in primary care, adding that Harvard Med thinks, “You’re less competitive or you’re less rigorous if you’re interested in primary care.” Ironically, Harvard launched one of the first family practice residencies in 1965, but the federal government ended its funding 10 years later due to poor quality. The chair of the recently created family medicine program at Icahn School of Medicine says bluntly, “It’s bizarre to me that you have these institutions that don’t really feel that there’s a requirement to introduce their students to the second-largest specialty in the United States.”

The department of physical and occupational therapy at Massachusetts General Hospital (MA) create a video just before its April 2 go-live with Epic.


Sponsor Updates

  • CloudWave joins the Microsoft Cloud Solution Provider program.
  • Experian Health will exhibit at the SE Managed Care Conference April 7-8 in Charleston, SC.
  • PeriGen publishes its annual review of labor and delivery malpractice awards.
  • Red Hat announces the winners of its 2015 North American Partner Award Winners.
  • The SSI Group will exhibit at the Texas Ambulatory Surgery Center Society 2016 Annual Conference April 7-8 in San Antonio.
  • Streamline Health will exhibit at the 2016 HASC Annual Meeting April 13-15 in Dana Point, CA.
  • Surescripts announces its 2015 White Coat of Quality Award winners for excellence in e-prescribing quality.
  • Iatric Systems will exhibit at the Hospital & Healthcare IT Reverse Expo April 13-15 in Atlanta.
  • RTLS technology from Versus earns Cisco Compatible Extensions certification.
  • A record number of attendees gather at InstaMed’s annual user conference.
  • InterSystems will host its annual Global Summit April 10-12 in Phoenix.
  • Intelligent Medical Objects will exhibit at HealthCon2016 April 10-13 in Lake Buena Vista, FL.
  • Netsmart will exhibit at the Texas Public Health Association Conference April 11 in Galveston.
  • Obix Perinatal Data System will exhibit at the SSMHealth Annual Perinatal Nursing Conference April 14 in Fenton, MO.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Morning Headlines 4/6/16

April 5, 2016 News Comments Off on Morning Headlines 4/6/16

Variation in Quality of Urgent Health Care Provided During Commercial Virtual Visits

A study published in JAMA finds significant clinical variation among care delivered by commercial telehealth vendors. Researchers suggest vendors begin developing industry best practices aimed at standardizing care.

Mass. General launches Epic health records upgrade

Massachusetts General Hospital, Massachusetts Eye and Ear, and Newton-Wellesley Hospital all go live on Epic over the weekend as part of Partners Healthcare’s $1.2 billion Epic implementation.

Hackers Broke Into Hospitals Despite Software Flaw Warnings

The Associated Press reports that MedStar Health’s recent ransomware attack was executed by exploiting known vulnerabilities from as far back as 2007. MedStar’s failure to apply security patches in time could leave them legally exposed.

Survey Finds Hospital Executives Increasing Focus on Patient Expectations and Engagement

An Advisory Board Company survey of healthcare CEOs finds that the most common executive action items include minimizing clinical variation, redesigning services for population health, meeting rising consumer expectations, deploying patient engagement strategies, and controlling avoidable utilization.

News 4/6/16

April 5, 2016 News 8 Comments

Top News

image

A study of scripted standardized patient encounters performed by physicians of six virtual visit companies finds significant clinical variation. Remote physicians didn’t ask the right questions or didn’t perform the correct examination steps in 30 percent of visits and gave the wrong diagnosis or no diagnosis at all 23 percent of the time. They ordered urine cultures for only 34 percent of recurring urinary tract infection patients and failed to order the recommended X-rays for ankle pain 84 percent of the time. The authors conclude that while virtual visits may involve lower rates of inappropriate testing, remote physicians often don’t order even medically indicated tests, possibly because of the complexity involved in following up on test results from the patient’s home location or concerns about insurance coverage.

The authors also note that some of the companies performed better than others and suggested they share best practices. The virtual visit companies tested were Ameridoc, Amwell, Consult a Doctor, Doctor on Demand, MDAligne, MDLIVE, MeMD, and NowClinic.

While the virtual visits weren’t perfect, they were not compared to face-to-face visits. Those probably have a similar lack of conformance to best practices, but there’s no good way to send standardized (i.e., fake) patients into an exam room to serve as mystery shoppers.


Reader Comments

image

image

From PHE: “Re: Sandlot Solutions. Has ceased operations. They were down to a skeleton crew as of last week, looking for last-minute funding to maintain core operations, but I was told that the board had already voted to close down if nothing came through as of Friday. No evidence of ongoing operations this morning.” Unverified. However, the logo of Sandlot Solutions was recently removed from the banner of parent company Santa Rosa Holdings – it was there in a March 13, 2016 cached copy but is gone now.

image

From Luxardo: “Re: NYC Health + Hospitals going live on Epic. Reports say it went OK, but 900 Epic installers were on site at the two facilities whose combined census was 700. No wonder these installs cost a small fortune – that has to be at least $2 million per day to have a tech person standing next to each clinical person all day. The real test will be 30 days from now when all those installers have gone back to Wisconsin.”

image

image

From Concerned Customer: “Re: Vocera. Do you put in any stock into this?” SkyTides, which sells “deep due diligence” to hedge funds in “targeting over-hyped stocks and outright frauds,” calls Vocera and Chairman Robert Zollars “purveyors of fraud and obsolete, defective products.” It says Zollars previously ran two companies that paid $591 million to settle fraud charges (Neoforma alone paid $586 million, it says) and claims Vocera strong-armed customers into accepting early product shipments so that the resulting revenue could help the company hit forecasts. It says insiders have been aggressively selling their shares and that Vocera’s one product hasn’t had a major upgrade since 2011 and “appears to be inferior” even though it’s the most expensive. SkyTides accuses Vocera of committing accounting fraud in the three of 16 quarters it reported a profit, says the company has lost $110 million, and predicts that Vocera will have to cut prices to compete. Vocera shares had little reaction to the announcement and have risen 29 percent in the past year vs. the Dow’s decrease of nearly 2 percent. A federal judge gave initial approval a month ago for Vocera to pay $9 million to settle securities class action litigation that accused it of telling investors during its March 2012 IPO that the Affordable Care Act would boost its business, then admitting in May 2013 that ACA was actually hurting sales, sending shares down 37 percent. I’ll be interested to see if Vocera responds, although since it’s an analysis firm making the claims rather than a regulatory agency or litigant, they wouldn’t have much to gain and would instead call attention to the unflattering charges.


HIStalk Announcements and Requests

image image

We funded the DonorsChoose grant request of Mr. Cho in providing 15 scientific calculators for his Bureau of Indian Affairs high school math classes in South Dakota, replacing the 99-cent models he was using. He reports, “These calculators have made it easier for us to do more in the 47 minutes I’m allotted each day per class. The students are now able to move into higher level math. We just started 4th quarter on Monday and your calculators have, over the past three months, allowed us to go into pre-calculus in my Algebra 2 class. My Algebra 1 students were able to use the calculators and fly through it and are now starting Algebra 2! We will continue to use these calculators weekly for many years.”

image image

Also checking in is M. Feeley from New York, whose pre-schoolers are experimenting with the light kits and games we provided.


Webinars

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

Sunquest acquires GeneInsight, a genetic testing software firm created by Partners HealthCare (MA). Sunquest had previously invested in the company. which will operate as a wholly-owned subsidiary from its Boston office.

image

Cumberland Consulting Group acquires 50-consultant  Oleen Pinnacle Healthcare Consulting, expanding the company’s payer market capabilities.

image

Credentialing software vendors Symplr and Cactus Software merge.

image

Healthcare software vendor Ability Network acquires EHealth Data Solutions, which offers software for senior living providers. Minneapolis-based Ability, whose chairman and CEO is former McKesson President and CEO Mark Pulido, has made four other acquisitions in the past two years following a $550 million investment by Summit Partners.


Announcements and Implementations

image

St. Luke’s University Health Network (PA) goes live on Bernoulli’s medical device integration and connectivity in six of its hospitals as part of its Epic implementation.

image

NYC  Health + Hospitals goes live on Epic at its Elmhurst and Queens hospitals, reporting no major problems.

Massachusetts General Hospital and two other Partners HealthCare (MA) facilities go live on Epic, with 1,000 Epic employees participating in Boston.

ESD celebrates its 26th year in the consulting business, noting that its implementation team members worked 30,000 hours in March.

image

McKesson signs up 2,111 of its employees to the Gift of Live Bone Marrow Foundation’s donor registry.


Government and Politics

image

The Federal Trade Commission creates an online tool for developers of health-related software that asks questions about how their software works and then suggests specific federal laws and regulations (such as HIPAA and the FDA) that might apply to them.


Privacy and Security

image

The Associated Press reports that MedStar Health’s ransomware attack exploited known flaws in the Red Hat’s JBoss Application Server that date back to at least 2007. Red Hat and the federal government have for years urged JBoss users to apply patches that correct a common configuration error that allows external users to take control of the server. The article notes that MedStar may be fully exposed to lawsuits or sanctions if it (or its vendors) failed to apply the patch and therefore could be construed as not having exercised reasonable diligence in protecting its systems and data. MedStar criticized media coverage of its attack, saying the publicity will encourage copycat hackers.


Other

Epic’s trade secrets lawsuit against India-based Tata Consultancy Services goes to trial in federal court.

A Wall Street Journal op-ed piece called “How Not to End Cancer in Our Lifetimes” says the White House’s proposed changes to patient consent policies may impede research. The author, dean of Weill Cornell Medicine, says proposed HHS regulations will limit the number of patients who consent to having their leftover medical samples de-identified and stored for future research. It would also require providers to obtain new specimens from each patient every 10 years and to manage their consent documents.

Hospital executives surveyed by The Advisory Board Company state their top concerns as minimizing clinical variation, retooling for population health management, meeting rising consumer expectations, developing patient engagement strategies, and controlling avoidable utilization.


Sponsor Updates

  • AirStrip will exhibit at the Health Evolution Summit April 13-15 in Dana Point, CA.
  • Besler Consulting will exhibit at the HFMA Hudson Valley Annual Institute 2016 April 7 in Tarrytown, NY.
  • Crossings Healthcare Solutions will attend the Cerner Southeast RUG April 20-22 in Charlotte, NC and the Great Lakes RUG May 31-June 2 in Chicago.
  • Crain’s Chicago Business names Burwood Group as one of the Best Places to Work for Women Under 35.
  • Caradigm will exhibit at the Care Coordination Institute April 7-9 in Greenville, SC.
  • Clockwise.MD will present at the 2016 Spring Healthcare Tour and Conference April 5-6 in Nashville, TN.
  • CompuGroup Medical will exhibit at G2 Lab Revolution April 7-8 in Phoenix, AZ. 
  • Direct Consulting Associates will exhibit at Health Connect Partners – Hospital & Healthcare IT Conference April 13-15 in Atlanta.
  • Divurgent will exhibit at the Health Information Technology Summit April 10-13 in Washington, DC.
  • EClinicalWorks will exhibit at the NCCHC Spring Conference on Correctional Health Care April 10-12 in Nashville, TN.
  • HCI Group CEO Ricky Caplin earns recognition from Consulting Magazine, KPMG, and the University of Florida Entrepreneurship & Innovation Center.
  • Healthgrades releases its 2016 Outstanding Patient Experience Award and 2016 Patient Safety Excellence Award recipients.
  • HealthMEDX will host its annual user group meeting April 12-14 in St. Louis.
  • Healthwise will exhibit at the Allscripts Central Region User Group April 13-15 in Minneapolis.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Could Ransomware’s Rise Be Healthcare’s Downfall?

April 4, 2016 News 7 Comments

We look at the evolution of what’s turning out to be the hottest health IT buzzword in 2016 and talk with several cybersecurity experts to gain a technical understanding of the problem.
By
@JennHIStalk

image

Ransomware. It’s a word that didn’t make most lists of healthcare IT buzzwords to watch in 2016, yet it has become synonymous with industry headlines in the last several weeks. Its mere mention is now perking up the ears of mainstream journalists and evoking a healthy level of fear from hospital CIOs.

Around 10 hospitals in North America (that we know of) have made news due to ransomware attacks. In February, Hollywood Presbyterian Medical Center (CA) became ransomware’s poster child as it went public with its attack and subsequent decision to pay $17,000 in bitcoin to regain control of its hijacked computer systems. MedStar Health (MD) is nipping at the headline heels of HPMC thanks to a late-March attack similar in nature. While the health system has not formally acknowledged the hack as one of the ransomware variety, media reports indicate that its files have indeed been held captive for $18,500.

image

MedStar is still attempting to get back to business as usual with fax machines and paper records. Representatives have been quick to publicly state that care quality — and in most cases, access — have not been compromised, though anonymous hospital employees have indicated otherwise. There’s also the certain mess to clean up once systems are restored and manually recorded information is backloaded and old charges are posted.

As 2016 progresses, hackers and their victims are learning the ransomware ropes. Varieties of attacks are evolving as cybercriminals experiment with new methods of socially engineered phishing campaigns and the levels of extortion their victims will find acceptable. Providers – even smaller physician practices – are reevaluating their IT infrastructure, pointing an especially critical eye at breach protocols already in place and the integrity of their backups.

In addition to these evaluations, the healthcare community is no doubt wondering who will be next and how can these attacks be prevented? Should ransoms be paid? As insidious ransomware spreads, so to do the concerns of providers.

An Evolving Internet Helps Hackers Thrive

As cybersecurity professionals already know, ransomware attacks are nothing new. Late 1980s versions of the business model were spread by floppy disks that locked down files – a highly inefficient method that prevented early attempts at ransomware attacks from becoming widespread. Internet availability helped it creep back in around 2005/2006, and to then take off between 2011 and 2012 as use of the the World Wide Web became more widespread.

image

“What really changed the game was the first CryptoLocker malware introduced in 2013, which is what we see almost exclusively now for ransomware,” explains Ryan Olson, intelligence director at Palo Alto Networks. “What’s changed since then is an apparent shift in the minds and methods of cybercriminals. They’ve realized that using bitcoin for payment is very profitable, a method much less likely to get them arrested. It’s certainly a far cry from the days of dealing directly with banks and stealing people’s credentials.”

image

Olson also attributes the rise in ransomware attacks to a corresponding explosion in tools aimed at making the exploits of hackers more effective. “We’re tracking about 30 different types of ransomware right now – from CryptoLocker to Cryptowall to TeslaCrypt – and many of them are being provided to hackers as a service,” Olson says. “If you have a criminal actor who can’t write malware, but who wants to get people’s money through this business model, all they have to do is go out and find a service that will do it for them. All they have to do is distribute the malware and collect the money.”

Thanks, MU (Healthcare Becomes an Easy Target)

It’s not hard to understand why hackers have begun targeting healthcare organizations. The transition away from paper records to digital systems has helped hospitals become a hacker’s sweet spot. “In the past, infecting a bunch of health systems wasn’t very lucrative because trying to monetize stolen healthcare records was pretty challenging,” Olson says. “Most of those computers didn’t have financial information on them. But with ransomware, any system that a hospital needs access to can be a source of monetization. I think that’s something that criminals have realized. Hospitals in particular are a relatively soft target because nearly any system inside their network can be monetized since it is necessary to daily operations and contains sensitive information that hackers can encrypt.”

image

Patrick Upatham, director of threat intelligence at Digital Guardian, sees hospitals as the latest flavor of the month. “It’s mostly just a numbers game,” he says. “Public services like hospitals ride the double-edged sword of having to publish information about themselves to service their customers, while at the same time providing a map of ingress avenues of attack that can be exploited. The problem stems from when these normal avenues of contact with hospital personnel are leveraged in an attacker’s favor and lead to that one point of weakness that allows them to get their criminal foot in the door.

“This lopsided, or asynchronous, attack model can be easily automated by an attacker to identify and gather contact information for hundreds if not thousands of hospitals,” he adds, “which could then lead to a malicious email sent through an anonymized service. All it would take is one user to click one link, visit one page, or open one document crafted with certain healthcare terminology to infect a machine. Combined with a self-propagating mechanism, a single infection could take its toll on a hospital.”

“Economically speaking,” Upatham adds, “the cost for sending tens of thousands of emails can be recouped 100 times over from a single hospital willing to pay the ransom. Statistically speaking, with the average success rate of a targeted phishing email hovering around 40-50 percent, even at 1 percent, with one hospital out of a 100 falling for it, that can still be good business. These hits are probably just happenstance from the statistical approach of phishing attacks.”

Worming Its Way In

image

While security firms are monitoring dozens of types of ransomware, most experts agree that the attacks occur in two main ways – phishing emails, as Upatham alluded to above, and exploit kits. “Phishing emails are typically sent indiscriminately to a lot of different people,” Olson explains. “In some cases, they prompt the recipient to open up a file that’s attached to an email. When opened, the file exploits a vulnerability on their computer to infect the system, or tells them to enable macros in Word. We used to have a lot of trouble with macro malware back in the early 2000s, after which Microsoft turned them all off by default so that people weren’t getting infected any more. In 2014, we started seeing attackers use these again in trying to trick people to enable them. The macro is really simple in that it just downloads the malware and puts it on the victim’s computer.” Olson adds that the themes of phishing emails vary. They can include fake package notification messages, fake order reports, and fake travel reports.

While less common than phishing emails, exploit kits are another common method used in ransomware attacks. “Exploit kits are an attacker code that hackers try to inject into Web pages by compromising the Web servers that are hosting them,” he says. “They exploit code by taking advantage of a vulnerability on a victim’s computer to automatically install malware. We call these ‘drive-by downloads’ because they install the malware so quickly and stealthily.”

The Realities of Successful Prevention

When it comes to preventative measures, healthcare systems can’t rest on their IT laurels. Neither can they settle for the advice of the latest “listicle” and its high-level admonitions to educate, back up, and prepare. Enterprise healthcare IT environments are far more nuanced than a 10-bullet-point list and it seems that no amount of investment will successfully overcome human nature’s inclination to click.

image

“It’s all great advice, but some of it is totally impractical,” says David Finn, health information technology officer at Symantec and recently appointed member of the new HHS Cyber Security Task Force. “Healthcare isn’t going to stop using email. You can’t tell physicians and nurses they can’t get on the Web. There are a couple of steps you have to take. The first thing is look at the battle today – the good guys versus the bad guys. The battleground is really the end point again, so you have to start there with good security on all your end points. It has to be installed, updated, and patched regularly, which is where a lot of organizations fall down.”

“The second step,” Finn continues, “which is almost as important as the first, is user education. Computers don’t click on dangerous links and tablets don’t open emails they’re not supposed to – people do. In Hollywood Presbyterian’s case, for example, every employee at that organization received an email with what appeared to be a legitimate invoice. It’s really hard for people, when they think they’re getting a bill for something, to not open it even though they may not have bought anything.”

Upatham likens the need for user education to good hygiene: “Educating users about possible attack attempts and making sure they practice good online hygiene should go hand in hand with hospital hygiene. If any place of employment should understand the implications of introducing viruses to a healthy system through dangerous means, it should be in a hospital. The same stress and education should be extended to online access.”

Once good online hygiene and end-point security are addressed, providers still must deal with a laundry list of other less sexy but just as important preventative measures. “You do have to have content scanning and filtering under your email systems and on your Internet gateways,” Finn adds. “Attackers frequently use old vulnerabilities to use filter command and control structures to send data out, so you have to have all your servers and all your storage patched and current with your operating systems, and all the utilities that should be on those devices.”

“Then of course you need to have some kind of advanced threat protection looking at intrusion prevention or intrusion detection, because a lot of times malware comes in and lives on your network for extended periods – months and months, even up to a year, while it’s mapping data and networks. It’s probably doing a better job than most of our organizations actually do when it comes to that. You pretty much have to be on the lookout for anomalous activity all the time. And that brings us back to end-point security again so that the worm isn’t working through and propagating itself across the whole network.”

“Last but certainly not least,” says Finn, “and this is the one everyone hollers about, is the need to deploy and maintain a comprehensive backup solution. That includes having protection and anti-malware on the storage itself. If you’re relying on the backup groups, and the backup PC gets infected, you’re shooting yourself in the foot because this new malware is pretty sophisticated. It will look for those backups, find where those backups are going, and then it will encrypt them, too. You need to look at the storage and the storage needs to be completely offline from the typical point of entry for these malware devices.”

Olson believes that the biggest preventative challenge healthcare organizations are running into involves shared storage systems. “When a system gets infected and it’s attached to a shared storage system – a network drive of some kind that’s configured so that any user can write files to it – in those cases, the malware will actually go in and find that network storage drive where everybody is sharing all of their files and encrypt all of them. That’s where the biggest impact occurs. At that point, you’ve gone from a single system that was impacted to suddenly all of the systems that rely on that shared data. Now none of them can access the data, and you have a much bigger problem than you had before. Limiting access to those shared drives is another component of protection against ransomware.”

Ransomware Requires Rethinking Strategy and Budgets

The MedStar attack – the fourth such healthcare breach to occur in just a few weeks – should serve as a wakeup call to healthcare executives across the country, according to Upatham. “Hackers are after the healthcare industry now more than ever,” he notes. “Now that they’ve easily cracked a handful of hospital firms, and many have paid the ransom fees, hackers will continue to attack for additional monetary gain.”

Finn concurs that the time is now for the healthcare C-suite to wake up: “Everyone needs to be rethinking their strategy, and not just around ransomware. We complain about the pace of change in healthcare, but the bad guys are moving way faster than us. They don’t have the constraints of regulations, taxes, and budgets. It’s easier for them to get ahead of us than it is for us to get ahead of them. If there’s one lesson we can take away from all this, and not to kick someone when they’re down, but if you look at Hollywood Presbyterian, they didn’t pay that ransom to get access to computers or to get data back, though that was ostensibly what was happening. They paid the ransom because they couldn’t take care of sick people. That’s a business issue. That’s not an IT issue. Until the CEOs, CFOs, CNOs, and CMOs recognize that this is really a threat to their business and ability to care for patients, I don’t think IT will get the support it needs in terms of staff, budget, tools, and training.”

image

In terms of budget priorities, Sensato CEO John Gomez suggests making two immediate purchasing decisions. “Invest in the latest backup software available,” he says, “and, beyond that, get someone to do a backup and recovery assessment. Make sure it is holistic and frequent, and make sure you test your ability to recover. If you can’t back up, you will pay your attackers. The second investment is in user education. Every independent software vendor, independent hardware vendor, provider, and payer should be informing their users about what to look for, and that should come from the CEO. Users need to understand that being aware is critical to avoiding attacks.”

Preparing for What Comes Next

As Finn previously mentioned, cybercriminals are always one step ahead of the game, unencumbered by the constraints of law-abiding organizations. Thus, it’s nearly 100-percent guaranteed that ransomware attacks will continue to evolve in an attempt to develop an immunity to healthcare’s defenses.

“I wish I could say that all providers have to do is back up, test, and educate,” says Gomez, “but ransomware is evolving. Last week, the FBI issued a warning about a new strain of ransomware that doesn’t use phishing attacks as the attack vector. Although back up, test, and educate is a short-term fix, the reality is that you either decide cybersecurity is a top three priority for your organization and take aggressive steps to lock things down, or you’re pretty much rolling the dice.”

“The last thing to keep in mind,” he says, “is that ransomware is just the attack du jour. It’s not like attackers will say, ‘Ok, we’ve messed with healthcare enough, now let’s go mess with finance for a while.’ Attacks will evolve and a whack-a-mole approach to cybersecurity is not going to work. You need a holistic, long-term, and aggressive strategy.”

Olson sees the evolving Internet of Things as the perfect conduit to a corresponding evolution of the ransomware business model. “If an attacker is able to compromise some sort of device, even though it’s not a traditional computer, one of the monetization mechanisms they might have for that is to hold it for ransom. That’s something we really haven’t seen before, but I fully expect to see it in the future as these devices come online and attackers start to search for new systems they can infect, take over, and turn into a profit. It would not surprise me if we saw ransomware attacks against medical devices. I hope that’s not the direction that attackers go, simply because they’re preying on the most vulnerable people.”

“We know that medical devices have fallen victim to ransomware,” Gomez confirms. “As best we can tell, the devices were not the target of the attack, but rather fell victim to a form of ransomware that attacks much like a virus, for lack of a better term. The virus spreads and just does its thing across the network. As scary as that is, the bigger issue we will no doubt soon face is the purposeful attack of a medical device. I started the Medical Device Cybersecurity Task Force, an open-source nonprofit, to specifically address the challenges faced by the industry in securing medical devices. We are currently working on compiling 25 short-term steps that a healthcare organization should consider to secure their devices. We are also conducting research in our labs and running several pilots with three different healthcare organizations.”

Best Practices Can Only Come From Learning Experiences

Healthcare, unfortunately, will likely have to suffer through several dozen or more ransomware attacks before providers can definitively say what worked and what didn’t in terms of prevention and remediation. Finn is hopeful that the nascent HHS Cyber Security Task Force will help the healthcare community share recommendations that will ultimately influence federal legislation.

“You know that in healthcare, we’re not only siloed within the four walls of the hospital, but across the industry,” he says. “In terms of new care models and new security models, that is going to have to change. It’s going to take all of us. Whether we’re providers, vendors, or business associates, we’re all going to have to come together and decide what the addressable items need to be. We’re going to have to have some way of knowing what everyone else is doing to prevent their organizations from becoming the next victim. If there’s one thing we do know, it’s that everyone trying to solve security issues by themselves doesn’t work. We’ve all got to come together and drive a consistent message across this industry.”

Monday Morning Update 4/4/16

April 3, 2016 News 5 Comments

Top News

image

The San Diego newspaper reports that Alvarado Hospital Medical Center (CA) has been hit by an unspecified “malware disruption.” The hospital declines to say whether it was ransomware, but states that it has not paid a ransom. The FBI is investigating. The hospital is owned by Prime Healthcare Services, which had two other of its hospitals recently disrupted by ransomware.

image

Meanwhile, Kings Daughters Health (IN) is hit by ransomware, with some systems remaining down since Wednesday morning. A hospital user opened an email attachment infected with the Locky malware.

image

The US Department of Homeland Security’s US-CERT, in collaboration with the Canadian Cyber Incident Response Centre, issues a ransomware alert that specifically calls out hospitals. It recommends that individuals and organizations:

  • Perform and test backups and store them offline.
  • Use application whitelisting that allows only specified programs to run.
  • Apply patches and antivirus updates.
  • Restrict user install and run privileges.
  • Block suspicious attachments and avoid enabling macros from all email attachments.
  • Don’t click unsolicited Web links.

Reader Comments

From Jack: “Re: MedStar Health. Has a major portion of their infrastructure and server management outsourced to Dell, which manages them with offshore IT people. I find myself wondering if Dell is at risk here, and if so, are there others who are vulnerable to ransomware attacks.” Unverified.

From Kermit: “Re: whales. Sure, they get personal health records. Just not us.” Researchers propose creating electronic records for the 84 endangered whales that live in Puget Sound from spring to fall, explaining, “The goal is to really start getting a lot of data and pull them together in a way that permits easier analysis. Ultimately, the real benefit of any health record is to help make management decisions.”

From Boy Blunder: “Re: Epic 2015. I was on the call when an Epic support executive asked us to delay, with similar talking points to what was stated on HIStalk. He tried to minimize things, saying they’ve found fewer problems for each project released in 2015 and that waiting for a couple of fix packages would be better. That doesn’t square with the situation since we were discouraged from pursuing 2015 when it was released and have been warned on various pieces of broken functionality for months. An experienced TS’er  said her colleagues testing these packages are worried about unrealistic timelines and the likelihood of newly created problems. She also expressed a lot of skepticism about the message we’d been getting from Epic’s leadership about things being on the right track given how long 2015 has been on the market, and encouraged us to consider delaying a bit further. It concerns me greatly that I’m getting a more realistic view of what’s happening from people that aren’t leading Epic than from those that are.” Unverified.

From Just HIT On: “Re: healthcare IT. I’m an undergrad in an unrelated major and just accepted a job with a big health IT vendor’s corporate development arm. I asked an associate there what I should read as a helpful daily news source and he suggested HIStalk. Do you recommend books or starter material so I can get my feet wet before starting?” I haven’t seen any books that would be a timely overview of the entire health IT industry. I would probably suggest reading all HIStalk posts going back six months or so – headlines, news posts, interviews, Dr. Jayne, our posts from the HIMSS conference, etc. Make notes about concepts that are unclear – say, clinical decision support or patient identifiers – and then search to find previous HIStalk posts on those topics. That will give you an immersion into what’s going on right now with some context and often a link to an article that I found acceptably authoritative. I’ll offer readers the chance to weigh in as well.

image 

From Lantana: “Re: Epic. I’d to offer a shout-out to the Open.Epic team and give them credit for their openness (pun intended) in responding to another vendor’s very detailed requests related to how they integrate, in this case related to pushing CCDs. Unlike so many other vendors, they’re willing to invest time, answer progressively more detailed questions, and, it seems, always do so with a smile. This was all done simply through the website, with no clients involved and no clients even named. Simply open information sharing. So many other vendors, though not all, approach integration grudgingly and usually would only engage with another vendor if required or paid by their client. I’m grateful Epic has taken a different tack.” Verified, as this report came from a non-anonymous vendor executive.


HIStalk Announcements and Requests

Thanks to the following sponsors, new and renewing, that recently supported HIStalk, HIStalk Practice, and HIStalk Connect. Click a logo for more information.

image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image
image

image

Fifty-nine percent of non-profit employees admire and respect their organization’s highest-ranking executive, while in the for-profit world, it’s a 71 percent approval rating. That might be surprising to folks who assume that non-profit leaders earn more respect. New poll to your right or here: who would you trust most to protect your personal health data?

image image

Ms. Lacey says her Texas elementary school class is using the two tablets we provided in funding her DonorsChoose request for before-school skills practice, in activity stations, and in after-school tutorials, with students asking her even before she arrives in the classroom if they can use them.

image image

Also checking in is Ms. Alley of Virginia, whose elementary school class received an iPad Mini and accessories via our donation. Students are required to spend 20 minutes with the Imagine Learning program and previously could rarely get time with the school’s few iPads. They are also using it to practice math skills and she is using  an app called Class Dojo to communicate with parents. She concludes, “The iPad mini has become an integral part of our classroom. I can’t imagine the days before we had it. Thank you so much for your generosity. You have truly made a huge difference to our classroom and our lives.”


Last Week’s Most Interesting News

  • MedStar Health becomes the latest health system to have its systems taken down by ransomware.
  • Orion Health lays off 10 percent of its US workforce.
  • Southcoast Hospital (MA) will lay off 95 employees after a Q1 loss of $10 million that it blames on Epic project cost overruns.
  • Dell announces that it will sell its IT services business, the former Perot Systems, to Japan’s NTT Data for $3.05 billion, 20 percent less than it paid for the business in 2009.
  • Mandatory electronic prescribing takes effect statewide in New York.

Webinars

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Here’s the recording of Vince and Frank doing “rise of the small-first-letter vendors.”

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

E-MDs closes its acquisition of McKesson’s ambulatory PM/EHR products.

image

Valence Health lays off 75 employees, half of them in Chicago. Nathan Gunn, MD, president of the company’s population health and risk services, has left for unspecified reasons.


Other

The bond ratings agency of Baptist Health Care Corporation (FL) affirms its A- rating, but notes that profits will be hit by EHR training costs. Its Allscripts project will require $40 million in capital over the next five years for a March 2017 go-live, with Allscripts providing a $22 million, 10-year, interest-free loan.

The Cincinnati newspaper notes that Major League Baseball’s EHR allows players or their doctors to send their electronic health information to wherever they like, allowing a team’s physician to review a player’s medical history before recommending that the team acquire him. A snippet:

But in 2010, MLB introduced its Electronic Medical Records system, housing medical information on every player on every team in one centralized, online location. When a trade is being discussed, one team doctor can give another an electric key to access the records of a specific player. (Players are also given this key to distribute to whomever they wish once they reach free agency.) Access to such records usually shuts off after 24 hours, underlining how streamlined MLB has made a process that used to take at least several days. “We could do it the same day now,” Kremchek said. “The girls who work in my office can pull it up on a computer, and I can do it in the matter of 10 minutes.”

Those records are also dizzyingly complete. All available medical information on every player at every level of every organization is included, and go far beyond the scans taken when players first report to spring training each February. If a player sought treatment for any issue at any point in the season – even if he was issued two ibuprofen for a headache – that information is included. That’s a stark contrast from years ago, when a team didn’t know much about its own players, much less anyone else’s. “Twenty years ago when we started doing this, we had our own minor-league players showing up who had surgeries,” Kremchek said. “We never knew who had what, and they’d show up and have bandages on.”

image

Boston Children’s Hospital will roll out an Amazon Echo voice-powered system in the next few weeks that will “embed Children’s Hospital know-how” in the device.

image

Hospitals in Croatia entertain pediatric patients by having clown-physicians put on shows via Skype every Thursday at 5:00 p.m.

image

The Boston newspaper discovers that the Massachusetts Department of Health cited Brigham and Women’s Hospital (MA) last year for breaking its own policies in caring for a Middle Eastern prince who brought his personal chef and a seven-person entourage along with him for a seven-month stay in two penthouse suites. In a good example of VIP Syndrome, the patient had a drug-resistant infection but hospital management ordered employees not to wear mandatory protective gowns because the prince found them “offensive.” The hospital allowed him to leave for overnight hospital stays and allowed members of his entourage to administer his medications and clean his IV site. Employees were also alarmed by the large number of narcotics ordered for him and delivered to his penthouse.

image

Epic’s April Fool’s home page makeover was even wittier than usual, featuring clever humor from obviously well-read recent liberal arts grads. A faux news item involving a rebranding of the company’s Cogito ergo sum reporting system to its French translation of Je Pense Donc Je Suis explained with the drollest of humor, “Most customers simply found it too challenging to pronounce correctly a phrase from an irrelevant lingua mortua – ergo the name change …There was a certain a priori knowledge of Latin that was, ipso facto, just not present for most people.” An article citing an HIStalk interview with Athenahealth’s Jonathan Bush claims he’s been using MyChart while thinking it’s his own company’s portal, commending its “chill vibe” and adding, “I pulled my phone out after my duet with Erykah Badu at SXSW because I remembered I needed to schedule some vaccinations. Tom Hardy and I are running an ultramarathon in Madagascar next month. Anyway, I had them scheduled in under a minute. See, this kind of positively disruptive patient empowerment is exactly what Athenahealth is about.”

Another pretty good April Fool’s thing is Twine Health’s “Introducing Snapchart,” the EHR that immediately destroys the information you enter (if you’re over 30, Snapchat text messages self-destruct once read). It would have been nearly perfect had they wired CEO John Moore, MD, PhD with a lapel mike or used a directional one for better audio. Watch for cameos by John Halamka and ZDoggMD.


Sponsor Updates

  • TeleTracking will exhibit at the AORN Surgical Conference & Expo 2016 April 3-5 in Anaheim, CA.
  • Zynx Health announces call for nominations for the 2016 Clinical Improvement Through Evidence Award.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Morning Headlines 4/1/16

April 1, 2016 News Comments Off on Morning Headlines 4/1/16

Hackers offering bulk discount to unlock encrypted MedStar data

MedStar confirms that the cyberattack responsible for bringing down its network was the result of a ransomware attack in which hackers are demanding $1,250 per computer or $18,500 for all computers to restore access to files. The FBI continues to investigate, meanwhile hackers have given the hospital 10 days to pay before encrypted data will be permanently destroyed.

Southcoast Health cutting dozens of jobs on heels of expensive IT upgrade

Southcoast Health (MA) lays of 95 employees as part of cost saving measures put in place after the health system went over budget on their $100 million Epic install.

May 2016 FHIR Release

FHIR publishes release notes for its newest version.

CareFusion Pyxis SupplyStation System Vulnerabilities

The Department of Homeland Security finds security vulnerabilities in versions of CareFusion’s Pyxis SupplyStation, most attributed to outdated third-party software.

News 4/1/16

March 31, 2016 News 10 Comments

Top News

image

Insiders and the FBI confirm that ransomware is behind the MedStar Health total downtime that continues after several days. The 10-hospital system says it has regained read-only access to its clinical systems and hopes to restore them completely. The hackers are demanding $1,250 per PC to remove the encryption they installed or $18,500 to restore access to all of them. The hacker’s message says the information will be permanently destroyed after 10 days.

MedStar says it has been able to treat patients in all but a few cases, although doctors there report that faxes are flying back and forth as they try to re-create patient records manually. The Washington Post contacted nine MedStar ED departments and four of them indicated that their systems were still offline as of Wednesday evening.

image

Sources indicate that the ransomware involved is SamSam or Maktub, which are the subject of a March 25 urgent alert from the FBI. They appear to specifically target hospitals. The malware probes the network looking for unpatched enterprise servers and requires no communication with external systems once installed, so unlike most forms of malware, it does not use phishing attacks. SamSam allows communication between the hackers and their victims, allowing them to negotiate payment terms. Hackers appear to be experimenting with the value of their services, pricing initial attacks low but escalating to see how much victims are willing to pay to restore their data.

An apparent network entry point is JexBoss, a testing tool for JBoss application servers.

image

image

As of Thursday afternoon, MyMedStar.org is down despite status updates whose links refer to it.

Note that if your backups are attached to the network, ransomware is often smart enough to find and delete them. Also, an astonishing percentage of organizations perform backups without actually testing whether they can be restored. Any time you see hospitals down for days you can assume their backups weren’t easily restorable. There’s also the issue of how to re-image encrypted PCs that could number in the hundreds or thousands, so recovering from a ransomware attack isn’t easy even when good backups are available.


Reader Comments

From Annoyed: “Re: vendor spam. Someone must have sold my hospital email address because all I’m doing lately is unsubscribing from mass vendor solicitations. I opened one email just to click the unsubscribe link – the vendor emailed me saying they noticed I opened their email and wanting to schedule a call. Do vendors really think this aggressive tactic will make me consider their product?” Send me the email you’re referring to and I’ll run it here for everyone to see. Perhaps that will elicit a company explanation.

From Salty Dog: “Re: 3M 360 CAC encoder. It has a memory leak that is causing issues with implementations via Citrix. They are aware of the issue and have yet to produce a fix. This has to be impacting multiple users across the US. We need this fixed now … it is impacting revenue.” Unverified.

image

From Epic QA: “Re: Epic’s arbitration clause. Employment contracts have been updated to require arbitration rather than litigation for concerns about wages and hours. The company will apparently cover all fees except for the initial filing fee of the employee initiating arbitration. It’s an opt-out change – if you haven’t quit by April 12, you have agreed to the changes by default. This is apparently the last group of employees to be affected and is in response to a previous class action lawsuit about whether QA is entitled to overtime pay.”


HIStalk Announcements and Requests

image image

Mrs. Sowers from Oklahoma says her elementary school class is using the STEM projects boxes we provided in funding her DonorsChoose grant request, providing new activities for her literacy station and science time.

image

Also checking in is Ms. Mohlman from Florida, who reports, “Thanks to your donations, the students have found their love of reading and math again. My boys love the completing the center that deals with cars and helicopters. Most of my girls enjoy the ‘Read All About It’ center. They love doing Reader’s Theater to each other during our small group time. They’re favorite educational game in the pack was Bingo. They love trying to get blackout, where they have to have their card all covered. It really helps practice their basic math and reading skills.”

This week on HIStalk Practice: CVS Health awards $1.5 million in grants to community health centers and free clinics. Office-based physicians outperform Teladoc MDs when it comes to appropriate prescribing practices. National Association of ACOs urges CMS to incorporate regional cost data into MSSP ACO benchmarking. Vice and Vanilla Ice inspire inaugural HIStalk Practice Headline of the Day awards. Dr. Gregg pontificates upon settled dust and workflow friendliness post-HIMSS16. Healthcare community celebrates National Doctors Day. Illinois Cancer Specialists relies on quality and cost data for new oncology medical home pilot. Dominic Mack, MD outlines his plans for the Morehouse School of Medicine’s National Center for Primary Care.


Webinars

April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

New Zealand-based Orion Health will lay off 36 of its US-based employees, around 10 percent of its US workforce, in a cost-cutting effort. The company says implementations and upgrades take less time than before and thus require fewer FTEs. CEO Ian McCrae also says having employees spread throughout the US, including some who work from home, hasn’t been successful. The company will centralize its US workforce in Phoenix, AZ while maintaining small branch offices in Boston, Nashville, and Santa Monica.


Sales

image

Onslow Memorial Hospital (NC) chooses PatientSafe Solutions for clinical communications and workflow.

PinnacleHealth (PA) chooses Strata Decision’s StrataJazz for financial analytics and performance.

image

University Hospitals (OH) will expand its use of Allscripts Sunrise Clinical Manager and will install it in five recently acquired hospitals, also increasing its rollout of Allscripts dbMotion.

In England, Salford Royal NHS Foundation Trust chooses Allscripts CareInMotion population health management system.


People

image

The SSI Group names Eric Nilsson (NexTech) as CTO.


Announcements and Implementations

image

The FHIR team announces changes and new features that will be included in the May release.

HCS announces its readiness for the April 1 CMS LTCH CARE Data Set Version 3.00 for long-term acute care hospitals.


Privacy and Security

image

Department of Homeland Security’s ICS-CERT finds hundreds of remotely exploitable security vulnerabilities in end-of-life versions of CareFusion’s Pyxis SupplyStation, most of them attributable to outdated third-party software such as Windows XP, SQL Anywhere 9, and pcAnywhere 10.5. CareFusion urges customers to upgrade from its old versions, with specific recommendations to:

  • Isolate the products from the Internet.
  • Use a VPN when remote access is required.
  • Monitor network traffic.
  • Close unused device ports.
  • Make sure the devices are behind firewalls and isolated from the business network.
  • Update Microsoft patches.
  • Require strong, expiring passwords and enable password history tracking.

image

Apple admits that despite its promise not to collect user data from ResearchKit for its own purposes, it has starting doing so. Apple will collect and store de-identified information from some studies, which it explains as, “For certain ResearchKit studies, Apple will be listed as a researcher, receiving data from participants who consent to share their data, so we can participate with the larger research community in exploring how our technology could improve the way people manage their health.” Two apps, including Mole Mapper from OHSU, have amended their terms to list Apple as a secondary researcher.


Innovation and Research

image

In the UK, University of East Anglia launches a four-year study of provider data to identify factors affecting how long people live, including medical treatments, conditions, and lifestyle choices. The researchers will focus on the effect on lifespan of specific chronic disease treatments.

Researchers that include Harvard’s Ken Mandl, MD, MPH and Zak Kohane, MD, PhD of the SMART Platform develop SMART PCM, a prototype precision medicine app created by Vanderbilt University that connects to any SMART- or FHIR-enabled EHR to compare a patient’s gene mutations to those of a comparable population.


Other

image

Southcoast Health (MA) will lay off 95 employees, 1.3 percent of its workforce, after reporting a $10 million Q1 loss that it blames on unbudgeted expenses in its $100 million Epic implementation. The hospital says the unplanned costs have continued into the current quarter, with the president and CEO adding, “These financial challenges are attributable to higher-than-budgeted operating expenses, largely a result of our Epic implementation.”

An analysis of clinical decision support systems at Brigham and Women’s Hospital (MA) finds that CDS malfunctions are common and are often undetected. Examples include a drug setup changes that caused alerts to stop firing; a rule editing mistake that caused a lead screening alert to stop working; an EHR upgrade that triggered numerous inappropriate alerts; and a change to a vendor’s drug file that caused the system to recommend antiplatelet drugs for patients already on them. The authors surveyed CMIOs and found that 93 percent worked for a hospital that experienced at least one CDS malfunction, with two-thirds of them reporting problems at least once per year.

image

I visited Epic’s site to see if they’ve planted any hints about their always-witty April 1 fake news items. They haven’t, but I noticed that they have made major site changes with a lot of casual stories, photos, a “Art at Epic” series that explains some of the campus artwork, and even recipes from the campus culinary team. Some of their folks may be too busy for April Fool’s pranks given that NYC Health + Hospitals will be going live early Saturday morning.


Sponsor Updates

  • PDR will exhibit at Computer Rx April 1-2 in Oklahoma City, OK.
  • LifeImage will exhibit at SBI 2016 April 7-9 in Austin, TX.
  • A Spok case study finds that Presbyterian Healthcare Services reduced nurse response time to under three minutes and reduced communication-related complaints by 75 percent by using Spok Messenger for clinical alerting.
  • Clockwise.MD will exhibiting at the UCAOA Spring Convention in Kissimmee, FL April 17-19.
  • MedData will host a job fair April 7 in Grand Rapids, MI.
  • NVoq will exhibit at ACC 2016 April 2-4 in Chicago.
  • Obix Perinatal Data System will exhibit at the Annual Iowa Conference on Perinatal Medicine April 5-6 in Des Moines.
  • CloudWave joins the CHIME Cooperative Member Services Program.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Morning Headlines 3/30/16

March 29, 2016 News Comments Off on Morning Headlines 3/30/16

Statement from MedStar Health Regarding Computer Downtime

10-hospital system MedStar Health is hit with a computer virus that has restricted access to its network and EHR system, forcing users back to paper documentation. Officials from the hospital have not confirmed whether a ransom has been demanded.

Banner to invest $1 billion for facilities in Tucson, Phoenix

Banner Health will implement Cerner at the recently acquired University of Arizona Health Network by 2017, replacing Epic.

Contracts: Defense Logistics Agency

DoD signs a one-year, $77 million extension with Philips Medical Systems to continue using its “patient monitoring systems, subsystems, accessories, consumables, spare/repair parts, and training.”

Security alert! New ransomware found inside Microsoft Word

A new healthcare-focused ransomware package is being passed around within Microsoft Word macros that uses Microsoft’s PowerShell framework to download malicious code and initiate the ransomware attack.

News 3/30/16

March 29, 2016 News 15 Comments

Top News

image

Ten-hospital MedStar Health, the largest health system in the Baltimore-Washington corridor, shuts down its electronic systems and turns away elective patients and after what appears to be a ransomware attack that began Monday morning. The systems remain down. The FBI is investigating.

image

Despite MedStar’s assertion that it is unaware of any demands for ransom, some of its employees reported seeing a pop-up window demanding payment in bitcoin.

image

Senate HELP Committee Chair Lamar Alexander (R-TN) says the MedStar attack proves that HHS should quickly implement requirements from the Cybersecurity Information Sharing Act of 2015, which calls for HHS to:

  • Appoint a cybersecurity leader.
  • Create a healthcare cyberthreat report.
  • Create a task for to submit recommendations and to disseminate federal cyberintelligence threat information.
  • Publish voluntary best practices.

Reader Comments

From MD Prof: “Re: NY e-prescribing. You mentioned an exemption for patient-requested paper prescriptions. Can you provide a link to the regs?” I had run across a source that said patients can request paper prescriptions, but upon reviewing the regulations and the stated exceptions, I don’t see such language, so I don’t believe patients have that option after all. Patients and prescribers could see some problems:

  • Patients may want to price-shop multiple pharmacies and can’t without having a paper prescription.
  • They might not have a particular pharmacy in mind at that moment.
  • They may want to send some prescriptions to one pharmacy and others to a different one to save money and new electronic prescribers may struggle with how to do that.
  • If the requested pharmacy doesn’t have the medication in stock, the prescriber will have to issue a new electronic prescription to a different pharmacy.
  • Patients might choose a pharmacy that is closed for a holiday or for normal hours of operation.

All of these are especially problematic for ED physician prescribers, who would be hard to reach if prescription changes are needed. I’m also not clear of pharmacies can still transfer prescriptions among themselves, which I assume they can once it has been created electronically. MD Prof also notes that it’s a pain for doctors to perform the required manual patient lookup on the I-Stop website to identify possible doctor shoppers and suggests further integration of that database with prescribing systems.

From Circular Logic: “Re: site. I wasn’t able to get on for part of Monday.” Me neither, at least for a few minutes mid-morning. It was really busy yesterday for some reason, with more daily page views than even during the HIMSS conference. In fact, it was the busiest day since July 30, 2015 when the DoD contract winner was announced and when I decided I needed to upgrade to a bigger dedicated server. Maybe it’s time again.

image

From C. Cortez: “Re: rumors. I hope you don’t listen to the comments of people complaining about running industry rumors. Those rumors are usually correct.” My survey shows that only 1.3 percent of readers don’t enjoy reading rumors on HIStalk, which is not really surprising given that I’ve been running them since 2003 and therefore the audience is somewhat self-selecting. What I’ve learned in that 13 years is that nearly everybody loves reading well-placed “rumors” until they hit too close to home, at which time the indignant commenter suddenly proclaims them to be “gossip.” Many big stories have been broken here from reader rumors, while the rest are still entertaining.

From Sue Veed: “Re: interoperability. Judy Faulkner is still describing technical problems and calls for national standards. The problem is now 40 years old with no resolution in sight. The banking industry adopted MICR check standards in no time and healthcare is still dithering. Why?” I heard a keynote years ago by Dee Hock, a local banker who almost single-handedly created what was then BankAmericard (now the Visa credit card system after which competitors are modeled). He explained that it was tough to convince banks (which were local and regional rather than national back then) that it was in their best interest to work together in a decentralized way to create a nationally available electronic credit card network for their shared customers, which he later described as the prototype for “chaordic” organizations that “blend competition and cooperation to address critical societal issues.” Healthcare IT is stuck in the mid-1960s with no heir apparent to Dee Hock available to convince providers and IT vendors that everybody wins (especially the customer) if they share information.


HIStalk Announcements and Requests

image image

We provided Mrs. Openlander from Missouri with several sets of math and reading flash cards for her K-5 school in funding her DonorsChoose grant request. The cards are placed in high-traffic areas so that hallway waiting downtime can be used for extra instruction.

image image

Also checking in is Ms. Wilson from Virginia, who passes along to HIStalk readers that the five human anatomy models we provided are being used for class demonstrations and “center time,” where the teachers have created add-on learning exercises such as an interactive anatomy whiteboard game. She concludes, “Our students have grown so much in the short time we have had the new materials. I cannot tell you how good it makes us feel to watch them interacting and striving to learn in ways that before you gift we never thought possible … your gift has changed the lives of our students and us forever.”

A quote I can’t get out of my head: “There’s no such thing as a cloud. It’s just someone else’s server.”

Listening: Built to Spill, Boise-based indie rockers who start a small-hall tour in late May as they approach 25 years of bandom. Also, new Italy-based symphonic metal from Rhapsody of Fire.


Webinars

March 30 (Wednesday) 1:00 ET. “Coastal Connect Health Information Exchange: Igniting the Power of Events-based Notifications Webinar.” Sponsored by Medicity. Presenters: Cory Bovair, application specialist. CCHIE; Andy Biviano, director of product management, Medicity. Wilmington, NC-based CCHIE, which covers 800 physicians and 1.4 million patients, implemented Medicity Notify for real-time clinical event notifications to help reduce ED utilization, improve care quality, and enhance patient satisfaction. In the first 30 days, physicians and care managers received more than 3,000 admission and discharge notifications.

April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

image

Dell will sell its IT services business, the former Perot Systems, for $3.05 billion to Japan’s NTT Data to help pay for Dell’s planned $60 billion takeover of data storage vendor EMC. Dell bought Perot Systems for $3.9 billion in 2009. NTT Data, a subsidiary of Japan’s national telephone company, acquired IT systems and services vendor Keane for $1.2 billion in 2010, giving it the Optimum hospital product suite.

image

Alphabet’s (Google) Verily Life Sciences is losing top executives and its governmental connections with FDA and HHS due to the abrasive management style of CEO Andrew Conrad, STAT reports. The company has apparently abandoned its project for connecting medical devices to the cloud, with all of its team members departing the organization. Also gone is the co-founder of the project to develop a glucose-monitoring contact lens. A biotech consultant who previously worked for a research institute Conrad founded describes him as, “We used to joke and call him the seagull of science. He used to fly in, squawk, crap over everything, and fly away. You couldn’t engage him for more than 10 minutes. It was sort of the overpromise, under-deliver.”


Sales

The Department of Defense issues a $77 million, one-year contract extension to Philips for “patient monitoring systems, subsystems, accessories, consumables, spare/repair parts, and training.”


Announcements and Implementations

image

Boston Children’s Hospital (MA) launches Feverprints, an iPhone app powered by Apple ResearchKit that will use crowdsourcing to explore normal temperature variation and evaluate the effectiveness of fever medications.

image

Carolinas HealthCare (NC) will implement Epic at Southeastern Health (NC) via a shared services agreement. I believe Southeastern runs McKesson Horizon for inpatient and eClinicalWorks for ambulatory.

AARP Health Innovation@50 announces the ten finalists for its April 27 pitch event:

  1. Cake (end of life planning)
  2. Medvizor (patient instructions)
  3. Penrose Senior Care Auditors (senior check-up app)
  4. PicnicHealth (personal health record)
  5. Savor Health (nutrition)
  6. SeniorHabitat (senior care facility selection)
  7. SensaRx (wandering sensor)
  8. SingFit (music as medicine – video above)
  9. UnaliWear (fall detection and medication reminder watch)
  10. Well Beyond Care (non-medical assistant finder)

Privacy and Security

A new ransomware variant called PowerWare is discovered to be targeting healthcare specifically in spreading itself via macros embedded in Microsoft Word documents posing as email-attached invoices. It’s smarter than similar types of ransomware, invoking the “fileless” native automation tool Windows PowerShell to download a script and then encrypt the PC’s files. This would be another great reason to demote users who have Administrator privileges or who can run programs with elevated permissions.


Other

image

Peer60 releases “Trends in Revenue Cycle Management.” Some of its findings: (a) cost is the top criterion for selecting a RCM vendor; (b) collections is the most-outsourced provider service; and (c) the most-unmet RCM needs are denials management, contract management, and value-based reimbursement.

image

A 60-patient study finds that the fingerstick blood tests previously offered directly to Arizona consumers by Theranos give results that vary significantly from results obtained from venipuncture samples that were sent to Quest and LabQuest.

image

Banner Health (AZ) will complete by fall of 2017 the replacement of Epic by Cerner at the two Tucson hospitals formerly owned by University of Arizona Health Network, which it acquired in 2015. Banner says the switch will provide “significant savings” to the hospitals, which spent an unbudgeted $32 million and a total of $115 million on their 2013 Epic project, causing a $29 million fiscal year loss that was followed by the sale of UAHN to Banner.  


Sponsor Updates

  • Aprima will exhibit at the Texas MGMA Annual Meeting March 30-April 1 in Dallas.
  • The Baltimore Business Journal lists Audacious Inquiry as one of the five largest software developers in the Baltimore area.
  • Catalyze publishes a new e-book, “Innovation Doesn’t Follow Rules.”
  • Besler Consulting will exhibit at the HFMA Hudson Valley Annual Institute 2016 April 7 in Tarrytown, NY.
  • Burwood Group Justin Flynn will present at the Palo Alto Networks Ignite 2016 Conference April 4 in Las Vegas.
  • Carevive Systems shares its latest presentation, Survivorship Care and Care Plans: Transforming Challenges into Opportunities.
  • Direct Consulting Associates sponsors the HonorHealth Charity Golf Classic in support of the HonorHealth Military Partnership.
  • Divurgent will exhibit at the AEHIS/CHIME Cyber Security Lead Forum April 4 in San Francisco.
  • EClinicalWorks will exhibit at the 2016 Health Care Symposium April 1 in Costa Mesa, CA.
  • Healthwise will present at the Society of Behavioral Medicine meeting March 30-April 2 in Washington, DC.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

OpenNotes: From Grassroots Effort to Nationwide Movement

March 28, 2016 News Comments Off on OpenNotes: From Grassroots Effort to Nationwide Movement

We look at the evolution and future of OpenNotes — from the impact it has had on patient engagement, medication adherence, and physician workflows to the technological challenges of implementing a truly vendor-agnostic tool.
By @JennHIStalk

image

Six years ago, the notion that patients could have electronic access to their doctor’s notes was almost unheard of. The note was a safe, private place where providers could document a clinical encounter without worrying about a patient’s reaction to their accompanying commentary. The note was for internal use only, which no doubt gave providers a certain poetic license to describe patient ailments and mindsets in the bluntest of terms. Enter OpenNotes, now a national movement that encourages providers to adopt open access to clinician notes as a standard practice of care.

A Grassroots Beginning

The movement began in 2010 as a year-long study funded by the Robert Wood Johnson Foundation that tested the OpenNotes concept with 105 PCPs and over 13,000 patients at Beth Israel Deaconess Medical Center (MA), Geisinger Health System (PA), and Harborview Medical Center (WA). The trial was considered a success, with patients reporting that access to physician notes helped them feel more educated about and in control of their care. They were also more apt to take their medications, share their notes with other caregivers, and communicate and collaborate more with their physicians.

Participating physicians experienced similar positive results, with just a handful reporting longer visits and taking extra time to address patient questions outside of regular visits. While a larger percentage reported taking more time to write notes and change documentation content, none of them stopped providing access once the trial ended.

As RWJF President and CEO Risa Lavizzo-Mourey, MD said at the trial’s conclusion, “The evidence is in. Patients support, use, and benefit from open medical notes. These results are exciting and hold tremendous promise for transforming patient care.”

Growth Gets Underway

Since results from the initial OpenNotes trial were published in 2012, the movement has expanded almost exponentially across the country. Twenty-six healthcare organizations — including the VA and most recently Duke Health (NC) — are now providing open-note access to over 6 million patients.

The movement shows no signs of slowing down thanks to an additional $10 million in funding from RWJF, Cambia Health Foundation, Gordon and Betty Moore Foundation, and Peterson Center on Healthcare that will be used to roll out OpenNotes access to 50 million patients across the country.

The investment doesn’t stop there. We Can Do Better, a nonprofit OpenNotes advocacy group that works alongside the NorthWest OpenNotes Consortium, received a grant earlier this year from the Oregon Health Authority Office of Health IT to help spread OpenNotes to small to medium-sized physician practices in Oregon, and to work with healthcare IT vendors on making OpenNotes easy to access via their EHRs and patient portals.

CHIME has also thrown its support behind the initiative, announcing last month its intent to collaborate with the OpenNotes movement on accelerating health data sharing as part of its participation in the Precision Medicine Initiative.

Change Management Trumps Technical Necessity

image

“There is very little funding needed for OpenNotes rollouts,” says Amy Fellows, MPH, executive director at We Can Do Better and an OpenNotes team member. “The main effort is around change management – convincing providers that this is going to be a good thing and something that won’t add to their workload. We hear that OpenNotes is a much easier and smoother rollout process than many previous facility implementations. It really is all about the upfront change management, then ripping the Band-Aid off and getting it turned on. In some cases, a small number of skeptics can delay or moderate an implementation. The issues are cultural, not technical.”

Technical requirements do, of course, need to be taken into consideration. According to Fellows, facilities using Epic and Cerner should be able to easily configure their systems to support OpenNotes. “We attended HIMSS16,” she adds, “and spoke to many other vendors about their capability to offer OpenNotes, including EClinicalWorks, Allscripts, and NextGen.”

Fellows adds that OpenNotes is working to develop a best-practices sheet with recommendations for vendors on how to configure OpenNotes so that it is patient and physician friendly.

Digging Into Provider Best Practices

Fellows and her OpenNotes colleagues in the Northwest have had ample opportunity to discuss provider best practices at Northwest Open Notes Consortium quarterly meetings. “OpenNotes seems to be an evolutionary process, so even those that have done it come to learn about national efforts bringing it to mental health, inpatient, and other specialties,” she explains. “We know about 1 million patients [in the Northwest] have the ability to access their notes, but it is dependent on each organization’s strategy in promoting their patient portal, and how easy they make it to access the note, i.e. do they send an email tickler inviting patients to access their notes with a link taking them directly to that part of the patient portal after log in?”

“We believe best practice includes internal and external promotions, reminders, and easily accessible notes,” Fellows adds. “Initial implementation should include some time spent with clinicians on avoiding documentation practices that can confuse patients – acronyms, cut-and-paste approaches, confusing medication lists or problem lists. Avoiding jargon can also be helpful, i.e. ‘patient denies,’ or ‘patient complains.’ Sensitizing clinicians to terms that activate patients, like ‘obese’ or ‘addicted,’ is worthwhile, too.”

Geisinger Sets the Bar

image

Geisinger, an original OpenNotes trial participant, has expanded its involvement with the program by rolling it out to new physicians as part of best practices. “Right now, we’re looking at 1,700 providers including advanced practitioners and case managers across the system who access OpenNotes as part of their care,” says Rebecca Stametz, senior director of clinical innovation at Geisinger. “Looking at it from mobile utilization, we have gone from 2,005 unique users to about 150,000 with about 550,000 unique hits off of our portal.”

“Since the trial, we’ve rolled it out as a best practice across care settings, with the exception of pockets across our system like psychiatry, maternal-fetal medicine, and EENT,” Stametz says. “We’ve decided to pause on areas where we were unsure of any implications and where we felt we needed to take a deeper look. That being said, new physicians that get on-boarded, especially those in ambulatory, have access to OpenNotes. It’s now part of our care process.”

Serving up OpenNotes to patients is as easy as a visit to Geisinger’s patient portal. “It’s really one of the benefits that [they] have when enrolling with MyGeisinger or our patient portal, both Epic,” she explains. “It’s really about word of mouth – marketing it as a best practice and utilizing it via internal systems. There really isn’t anything to purchase outside of the EHR and maybe a patient portal, which most of the systems who are implementing OpenNotes already utilize.”

Measuring Success Now and Later

image

Given Geisinger’s track record with OpenNotes, Stametz is well poised to offer what success with OpenNotes means to the organization. “Success means that patients feel more connected to their care,” she explains. “They want OpenNotes. They feel like there’s open communication and they have confidence in their ability to manage their own care. Studying the long-term implications of end users is something that we’re going to begin to tackle now with our national partners.”

Stametz adds that little to no impact on physician workflow is also a part of Geisinger’s definition of success. “We were wondering about disruption to workflow and whether or not people actually utilize those notes if they became open,” she says. “We know that 99 percent of those patients wanted the practice to continue, so there were benefits we didn’t anticipate. We observed that some patients began to gravitate towards physicians that offered note access. I think one of the big things from a Geisinger perspective is that there was little concern or complaints from providers or patients.”

OpenNotes is just beginning to reach a maturity level that will enable researchers to determine its effect on outcomes. Thus far, the only hard data available is a paper published last fall in the Journal of Medical Internet Research that shows patients with open-note access have better blood-pressure control than those who don’t.

Fellows adds that several implementers have evaluated their efforts with surveys similar to the original OpenNotes research surveys. “Patient-reported outcomes have been very similar in each one,” she explains. “All of the implementations we are aware of have gone well with no physician workflow disruptions. Email traffic has been flat, and when made available, portal traffic has increased.”

“The most revealing metric,” Fellows adds, “has been the rate of patients opening notes and the rate of physicians hiding notes. Patients viewing notes are highly dependent on patient reminders and internal/external promotion. Hiding notes is unusual and mostly done by a small number of physicians. The incidence of hiding notes decreases with time.”

Moving Beyond Primary Care

image

Many OpenNotes participants are venturing into new territory. Several organizations, including BIDMC, have launched mental health pilots to gain a better understanding of how increased transparency could potentially benefit psychiatric care. Vancouver Clinic is exploring the value in allowing adolescents to view their notes with or without parental proxy access. Fellows also foresees eventually rolling out OpenNotes to more vulnerable patient populations, such as non-English speakers, those with health literacy issues, and underserved and safety net populations.

For Geisinger, the next phase of OpenNotes is about expansion and better understanding what patients want to get from its access. “What are the long-term implications for end users who have been using OpenNotes for the past five or six years?” Stametz asks. “We don’t know those answers, but we’re beginning to work with national partners like BIDMC to find out. For example, if patients and family caregivers were able to write their own narrative within the note, what would that do for goal setting, treatment planning, communication, encounter time, etc.? We’re at the tip of the iceberg with the ways we could leverage the impact OpenNotes has had and its potential in other areas.”

Dell Sells Its IT Services Business

March 28, 2016 News Comments Off on Dell Sells Its IT Services Business

image

Japan’s NTT Data will buy Dell’s IT services business, the former Perot Systems, for $3.05 billion. Dell is selling the business, which it acquired for $3.9 billion in 2009, to raise money to finance its $60 billion acquisition of storage vendor EMC.

Monday Morning Update 3/28/16

March 27, 2016 News 7 Comments

Top News

image

New York’s mandatory e-prescribing mandate took effect Sunday despite a questionable level of prescriber readiness even after the one-year postponement a year ago. Allowed exceptions are drug items that require pharmacy compounding, parenteral drugs, items requiring lengthy patient instructions, or non-patient specific prescriptions. Paper or call-in prescriptions can be issued upon patient request or given technology failure, which then requires the prescriber to report the prescription to the state’s Department of Health, but the department has not implemented such reporting technology and suggests that prescribers just note it in the EHR instead.


Reader Comments

image

From No Flipping: “Re: ransomware. I searched HIStalk and there was an example from 2012, so it’s not a new problem.” I wrote about a clinic in Australia whose files were encrypted by ransomware in December 2012. I don’t recall hearing if the clinic paid the demanded $4,000 ransom, but I expect it did. Meanwhile, a ridiculously useless Wall Street Journal article manages to ask the wrong questions (or perhaps fails to understand the answers) of those it interviewed in claiming to share healthcare security best practices to prevent ransomware. The pearls of wisdom provided are: (a) assume malware will get through; (b) perform backups; (c) apply patches; and (d) educate employees. CIOs who learn anything from this breezy waste of time should probably just go ahead and quit or at least attend our webinar described below.  

From The_Epic_Guy: “Re: Epic. The company is having their implementation consultants put their Starbucks coffee into non-labeled containers to avoid reminding customers that its inexperienced people are costing a small fortune.” Unverified. I would have expected contracts to specify a per diem rate rather than individual charges so that Starbucks vs. McDonald’s coffee wouldn’t matter, but maybe that’s not the case.

image

From MCK Auto Pilot: “Re: McKesson. This site has interesting layoff rumors. All are unsubstantiated from employees who have been laid off, but in every exaggeration there is a kernel of truth.” Comments from claimed current or former McKesson employees complain about clueless upper management, the failed Better Health 2020 initiative, the cold manner in which employees were informed that their services would no longer be required, offshoring to India, and the likelihood that MCK will sell off what’s left of its IT business and whether anyone would want to buy it.

From Nasty Parts: “Re: Greenway layoffs. Four sales VPS have been downsized. Looks like the company is moving into a ‘protect the install base’ mode of operation.” Unverified. The four named VPs still list Greenway as their employer on LinkedIn, but most people don’t rush there first after they’ve been forcibly re-workforced.


HIStalk Announcements and Requests

image

Half of poll respondents work for a company that has laid people off in the past 12 months. New poll to your right or here: do you personally admire and respect the highest-ranking executive of your employer? I’ve divided the answers out into not-for-profit and for-profit choices to see if that makes a difference (which I should have done on the previous poll, too). Click the Comments link on the poll after voting to explain.

image

FHIR Family donated $500 to my DonorsChoose project, explaining, “HL7 has a big deadline on Monday, March 28 and I am in awe of all the work Grahame Grieve does in the background. This donation is in his name.” Through the magic of matching funds, the donation fully satisfied these teacher grant requests:

  • An iPad and case for Ms. Markussen’s first grade class in Dallas, TX
  • A laptop and document camera for Mrs. Lark’s middle school class in Brooklyn, NY
  • Math games for Ms. Burkett’s elementary school class in Independence, MO

image image

Mrs. Hale from Indiana says her third graders were so excited about the kid-friendly biographies we provided in funding her DonorsChoose grant request that they finish their other work early so they can work on biography projects.

image image

Also checking in is Mrs. Ortego, who says the headphones we provided for her Louisiana special needs elementary school class not only allow students to work without distraction, but also, “One of my greatest joys is that I have a hearing impaired student and he is able to put the headphones over his ears with no feedback from his hearing aids. This is the most amazing thing to experience. There is no frustration for this student.”


Last Week’s Most Interesting News

  • Allscripts and a private equity firm form a joint venture to acquire post-acute care EHR vendor Netsmart for $950 million.
  • The CEO of NYC Health + Hospitals denies rumors that he will be fired if the organization doesn’t go live on Epic on April 1 and dismisses reports by the former CMIO of one of its hospitals that a lack of readiness will endanger patients.
  • Three more hospitals report ransomware attacks.
  • AHIMA petitions the White House to allow HHS to work on a national patient identifier.
  • Apple announces CareKit, which will allow developers to create person health apps for the iPhone.

Webinars

April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?

April 8 (Friday) 1:00 ET. “Ransomware in Healthcare: Tactics, Techniques, and Response.” Sponsored by HIStalk. Presenter: John Gomez, CEO, Sensato. Ransomware continues to be an effective attack against healthcare infrastructure, with the clear ability to disrupt operations and impact patient care. This webinar will provide an inside look at how attackers use ransomware; why it so effective; and recommendations for mitigation.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.

Here’s the recording of last week’s webinar, “Six Communication Best Practices for Reducing Readmissions and Capturing TCM Revenue.”


Sales

Dell Services announces recent big contracts that Dubai Health Authority and BCBS of Rhode Island.


Government and Politics

The president of the New York State Medical Society politely asks for two changes to the just-implemented requirement that all state prescriptions be issued electronically rather than on paper or by telephone. He would like to see an exemption for those doctors who write fewer than 25 prescriptions per year and a reduction in documentation requirements when technical issues require issuing a paper prescription. Both seem reasonable to me.


Privacy and Security

image

Hackers steal and offer for sale the information of 1.5 million customers of Verizon Enterprise Solutions, whose services (including an extensive set of security offerings) are used by 99 percent of Fortune 500 companies.


Other

Epic removes regular and diet soda from its vending machines and cafeterias to promote health, so bring your own supply from a local convenience store if you’re a Diet Coke fan taking classes in Verona.

Another medical transport helicopter goes down, killing all four occupants (including the patient) in Alabama. The for-profit company’s site boasts that it has a “proven clinical tract record.”

image

An interesting article describes the online problems experienced by people with unusual names: those who go by a single name, those with very long or short names that don’t pass field edits, and most interesting to programmers, people whose last name is Null. These folks often have to resort to telephone calls or snail mail to do tasks everybody else can accomplish online.


Sponsor Updates

  • Forward Health Group shares the wall-sized, hand-drawn graphics created in its UnBooth at the HIMSS conference, including population health management questions posed by visitors. 
  • EClinicalWorks releases a podcast recapping EClinicalWorks Day.
  • Extension Healthcare and FormFast will exhibit at the AONE Annual Conference March 30-April 2 in Fort Worth, TX.
  • The Upstate Business Journal recognizes Glytec as an Upstate biotech player.
  • The Boston Globe features Healthwise CMO Adam Husney, MD in an article on how perks from pharmaceutical companies influence prescribing medicine.
  • Cumberland Consulting Group expands its business processing outsourcing services to pharma in a partnership with revenue acceleration software vendor Revitas.
  • Recondo Technology will exhibit at the HFMA Texas State Conference on March 29 in Dallas.
  • Experian Health will exhibit at NAACOs March 28-30 in Baltimore.
  • PatientSafe Solutions and PerfectServe will exhibit at the AONE Annual Meeting March 30-April 2 in Fort Worth, TX.
  • The Doctor Freedom Podcast features PatientPay founder and CEO Tom Furr.
  • Point-of-Care Partners ECare Management Practice Lead Michael Solomon discusses optimizing EHRs.
  • Streamline Health will exhibit at the 2016 WV HIMA Annual Convention March 30-April 1 in White Sulphur Springs, WV.
  • T-System awards its Client Excellence Award to Dosher Memorial Hospital (NC) for excellence in sustainable outcomes.
  • TeleTracking, Versus Technology, and Zynx Health will exhibit at the AONE 2016 annual conference March 30-April 2 in Fort Worth, TX.
  • TeraMedica will host a healthcare IT symposium April 7 in San Francisco.
  • Huron Consulting Group releases 2016 Healthcare CEO Forum report.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

News 3/25/16

March 24, 2016 News 1 Comment

Top News

image

Allscripts and private equity firm GI Partners form a joint venture to acquire human services and post-acute care EHR vendor Netsmart, which will be combined with the homecare software business of Allscripts. Allscripts also contributed $70 million to the joint venture, which will pay $950 million for Netsmart. The company’s name and management team will remain in place. Allscripts says the JV will have an annualized revenue of $250 million and operating income of $60 million.

Netsmart has gone through several name changes, ownership changes, and acquisitions in its 20-year direct history and earlier connections going back to 1968. It went public in 1996, sold itself to private equity buyers for $115 million in 2006, and then was then sold for an unspecified price in 2010 to another private equity firm, Genstar Capital, which is rumored to be making 4.4 times its investment in the newly announced sale.


Reader Comments

image

From PM_From_Haities: “Re: Allscripts paying $70 million for a joint venture. It’s hard to imagine Allscripts giving up assets with out corresponding liabilities (debt). I’m looking forward to their audited financial results since they might require certain items to be disclosed, such as whether one customer represents more than 10 percent of revenue. The other item of interest with audited results is mark-to-market accounting of the Allscripts investment in NantHealth, which delayed its IPO due to unfavorable market conditions. Allscripts’ debt covenants contain asset-to-liability requirements and an unanticipated decline in asset value could seriously impact their delicate financial picture. The bright side of this JV is that Allscripts may be allowing a product that would languish with its other zombie EHRs to blossom into something good for home health.” Unverified. MDRX shares didn’t react much following the announcement, meandering down a bit Wednesday and then down a bit more Thursday.

image

From Green about the Gills: “Re: Greenway. Starting a layoff cycle this week. Right-sizing post the Vitera purchase and the EHR land grab of the MU era.” Unverified. However, I do see the company has “rebranded” itself.

From The PACS Designer: “The ICD-10-CM Clinical Modifications has a code J62 for silica related disease, and under this classification falls the longest word in the English dictionary. Silicosis is a form of occupational lung disease and within this category is the 45 letter word ‘Pneumonoultramicroscopicsilicovolcanoconiosis.’”


HIStalk Announcements and Requests

image

Mrs. Pryor from Oklahoma says her kindergartners love the programmable robots we provided in funding her DonorsChoose grant request, adding that they are a “huge motivator” that she has integrated into her reading and math curriculum.

image

Also checking in is Mr. Jewell of Arkansas, who says his sixth graders have gotten a lot more excited about engineering after working with the Lego Mindstorm kits we provided. He has conducted two enrichment classes that involved building and programming the robots and now there’s a waitlist for the next class.

This week on HIStalk Practice: Signallamp Health adds CCM jobs in Scranton. Mend wins big at SXSW. PCAST advocates for the advancement of telemedicine. Wearables earn dubious accolades for their inconsistencies. Telerehabilitation startup RespondWell celebrates a $2 million funding round. Night Nurse COO Stuart Pologe offers tips on balancing HIPAA compliance with efficiency across EHRs and paper records. GAO brings Healthcare.gov cyberattacks to light on the ACA’s sixth anniversary. OneCare Vermont selects care management software from Care Navigator. The US Oncology Network’s David Fryefield, MD lays out the strategy behind empowering value-based technologies.


Webinars

April 1 (Friday) 1:00 ET. “rise of the small-first-letter vendors … and the race to integrate HIS & MD systems.” Sponsored by HIStalk. Presenters: Frank L. Poggio, president and CEO, The Kelzon Group; Vince Ciotti, principal, HIS Professionals. Vince and Frank are back with their brutally honest (and often humorous) opinions about the rise of the small-first-letter vendors. Athenahealth and eClinicalWorks are following a growing trend toward real integration between hospital and physician systems, but this is not a new phenomenon. What have we learned from these same efforts over the last 30 years? What are the implications for hospital and ambulatory clients? What can clients expect based on past experience?

Contact Lorre for webinar services or for one final chance at her post-HIMSS discounts. Past webinars are on our HIStalk webinars YouTube channel.


Sales

Statewide ACO OneCare Vermont chooses Care Navigator’s care management software.

Thomas Health System (WV) will implement Meditech 6.1, replacing Cerner/Siemens Soarian and Meditech Magic.

image

Palomar Health (CA) chooses Ascend Software for accounts payable electronic imaging automation.


People

image

Lane Regional Medical Center (LA) hires Paul Murphy (Geocent) as CIO.


Announcements and Implementations

DrFirst publishes “The Evolving EPCS Landscape 2016: A Prescription for Stopping Opioid Abuse,” which finds that most pharmacies can accept electronic prescriptions for controlled substances while only 5.8 percent of prescribers are similarly EPCS-capable.

image

Boehringer Ingelheim Pharmaceuticals will offer users of its asthma inhalers the chance to sign up for health system studies to determine the effectiveness of Propeller’s usage tracking inhaler sensors.


Privacy and Security

Rep. Ted Lieu (D-CA) may propose a modification to the HITECH act that would require healthcare organizations to notify patients if they’re hit by ransomware.

image

The New York Times, explaining how it “decoded the NFL database” to debunk the National Football League’s concussion studies, admits that it was able to re-identify many of the 887 players that were listed only by an NFL-assigned code by reviewing the concussion date, whether the game was home or away, and whether it was being played on natural or artificial grass. The paper seems pretty pleased with itself for working around the method used to protect the privacy of the players.

Walmart confirms that a programming error caused the prescription records of 5,000 of its online pharmacy customers to be displayed to the wrong user.

image

Do this now to help prevent having your PC infected with the Locky ransomware: allow only digitally signed macros to run. Instructions are here.

The Ohio Supreme Court rules that patients are entitled to receive all information stored about them by providers, not just those data elements the provider intentionally filed in the medical record. A hospital that was involved in a wrongful death lawsuit unsuccessfully argued that it was not required to release the deceased patient’s EKG strips because they had been stored by its risk management department.


Technology

image

Google registers two healthcare-related images that may or may not have something to do with new medical apps.


Other

image

NYC Health + Hospitals President and CEO Ram Raju, MD says the organization’s April 1 Epic go-live date is flexible and he won’t be fired for missing the date if the system isn’t ready. He says former Elmhurst CMIO Charles Perry, MD, MBA, who resigned in comparing the upcoming go-live with the Challenger disaster, took a parting shot as a “disgruntled” employee. Raju says previous CIO Bert Robles left shortly after the Epic project started because, “I didn’t want someone learning on the job,” leading him hire Ed Marx, who was recommended by Epic CEO Judy Faulkner. NY Health + Hospitals, which is projecting a $2 billion deficit, is rumored to be spending $1.4 billion on the Epic project.

image

Lancaster General Health (PA) investigates a 12-hour EHR outage of unspecified origin.


Sponsor Updates

  • Medicity CEO Nancy Ham writes for the HFMA blog on “Determining the ROI of Clinical Care Technology.”
  • A record number of providers, payers, and partners gathered at the InstaMed 2016 User Conference.
  • Live Process will exhibit at the AONE Annual Conference March 30-April 2 in Fort Worth, TX.
  • Navicure will exhibit at the Office Practicum User Conference March 31-April 2 in Atlantic City, NJ.
  • Obix Perinatal Data System will exhibit at the Sanford Health Perinatal, Neonatal, and Women’s Health Conference March 31 in Sioux Falls, SD.
  • The Irish Times profiles Oneview Healthcare founder Mark McCloskey.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

News 3/23/16

March 22, 2016 News 6 Comments

Top News

image

AHIMA petitions the White House to support development of a voluntary national patient identifier. Patients who opt in would be able to choose their own identifier. The petition will earn an official White House response if it gets 100,000 signatures by April 19. It calls for removing a late-1990s HHS funding restriction that prohibits the department from working on a national patient identifier.


Reader Comments

From Suzie HR: “Re: Cerner. A 20+ year SMS/Siemens/Cerner employee gets terminated after six months of personal leave taken for treatment of stage 4 colon cancer. Wonder if Neal Patterson is worried what will happen to him during his cancer treatment?” Unverified.

From Helium: “Re: Epic 2015 upgrades being delayed. Not true here. We’ve discussed the fixes coming out from Epic with our technical lead at Epic and will take them when released. We are still on track for our mid-May upgrade to their latest version (v2015).” Unverified, but this is from a non-anonymous CIO who asked not to be named.

From A Friend: “Re: Epic. Notified their customers Friday that they have become aware of a major security hole and would be distributing emergency SU’s (Epic jargon for patches) soon.” Unverified.

From Dueling Banjos: “Re: your comment about flame-related FHIR puns. It hit my funny bone as I was reading your news update while riding BART. I was having such a good, hearty laugh over that comment that the man next to me thought I was crying and asked if I was OK. Thank you for making my day!” 


HIStalk Announcements and Requests

image

Welcome to new HIStalk Platinum Sponsor HealthCast. The Boise, ID-based company offers enhanced sign-on solutions that provide fast, secure access to EHRs and other software. That includes enterprise single sign-on that has a 100 percent success rate in integrating with applications; proximity card-based VDI access; and two-factor authentication for DEA-compliant electronic prescribing of controlled substances via biometrics or tokens. Physicians report that they save up to 45 minutes per day with fast-user switching, click-reducing automated workflow, and remote and roaming access to their systems. The company’s patented Qwik-Start helps community-based physicians who admit patients infrequently and therefore don’t necessarily remember their user IDs and passwords to log on to hospital systems using biometrics-activated proximity badges. Thanks to HealthCast for supporting HIStalk. 

image image

Vivian, who is a member of Mr. Chen’s robotics team in Massachusetts, emailed her thanks for funding their DonorsChoose grant request for pizza gift cards for feeding the team on evenings and weekends while they prepared for competition. She says, “We are so grateful that you helped us out! We needed energy to keep us going as we were very charged on getting the robot built for our competition. We have learned so much about mechanical engineering, software engineering, teamwork, and how to run the club as if it is a small business. Your donation has enhanced our learning and made it so much more enjoyable!”


Webinars

None scheduled soon. Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.

Here’s the video from last week’s webinar, “Looking at the Big Picture for Strategic Communications at Children’s Hospital Colorado,” sponsored by Spok.


Acquisitions, Funding, Business, and Stock

image

Denver-based CirrusMD, which offers a white label app that allows consumer users to send messages to on-call and ED doctors, raises $1 million.

image

Practice Unite and Uniphy Health will merge to offer secure messaging and collaboration solutions under the Uniphy Health name.


Sales

In the UK, Wirral Partners chooses Cerner’s HealtheIntent for population health management.


People

image

Indiana University Health names Mark Lantzy (Gateway Health) as SVP/CIO.

image

Andy Grove, the former CEO and chairman of Intel, died Monday at 79.


Announcements and Implementations

image

image

Apple announces CareKit, a developer’s framework for creating personal health apps for the iPhone. Its first four modules will support health to-do lists, symptom logging, a dashboard to map symptoms to the to-do lists, and an information sharing function. The company says early adopters are using CareKit to build apps for Parkinson’s patients, post-surgery progress, home health monitoring, diabetes management, mental health, and maternal health.

23andMe integrates with Apple’s ResearchKit, allowing developers to create apps in which study participants can upload their genetic testing results from their iPhones. It also allows researchers to offer 23andMe testing at their own expense to expand study access to non-23andMe customers. 


Privacy and Security

image

A cybersecurity firm finds that the public website of Ontario, Canada-based Norfolk General Hospital has been infecting its visitors with the TeslaCrypt ransomware. Hackers gained access to the site via an exploit in its outdated Joomla content management system.

Methodist Hospital (KY) recovers its systems from a ransomware attack that lasted several days, saying that it was able to regain access without paying the demanded ransom.

Two California hospitals owned by Prime Healthcare Services have been hit by an unspecified cyberattack that sounds like ransomware. The hospitals are working to restore their systems and the FBI is investigating.

image

Ruby Memorial Hospital (WV) goes into lockdown mode for several hours after unspecified malware affects its clinical and security systems.


Other

A doctor in Canada is punished for overbilling and for keeping inaccurate electronic medical records, the latter of which he blames on not understanding the EHR of the practice he joined. He told the tribunal that he failed to change a pre-populated EHR template, but later switched EHRs.

JAMIA issues a call for articles on the safety of health IT, with manuscripts due June 1.

Expedia offers patients of St. Jude Children’s Research Hospital the chance to experience their “Dream Adventures” in which Expedia dispatches teams carrying live-streaming 360-degree cameras to display the adventures the children request in a virtual reality room installed at the hospital. 


Sponsor Updates

  • Besler Consulting releases a new podcast, “Compliance pitfalls and how to understand RAC findings on your discharge status.”
  • Burwood Group will exhibit at the AONE 2016 nursing leadership conference March 31 in Fort Worth, TX.
  • Elsevier launches a history of medicine site to celebrate the 100th anniversary of its Medical Clinics clinical review publication.
  • CTG will exhibit at the 2016 Annual Health Care Symposium April 1 in Costa Mesa, CA.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Monday Morning Update 3/21/16

March 19, 2016 News 5 Comments

Top News

image

Methodist Hospital (KY) is hit by ransomware, forcing it to run from a backup system while it decides whether to pay an unspecified ransom to regain access to its patient records. The hospital has declared an internal state of emergency and warns that it has “limited access to Web-based services and electronic communications.” The FBI is investigating.


Reader Comments

From Certifiable: “Re: Epic 2015. All upgrades are being delayed for 1-2 months until fixes can be delivered. Unusual!” Unverified.


HIStalk Announcements and Requests

image

It’s easy to describe the HIMSS keynoters that poll respondents want to see – they are the ones HIMSS doesn’t invite. The least-attractive speakers are government officials (HIMSS16 — Sylvia Burwell), authors (HIMSS16 — Jonah Berger), celebrities or athletes (HIMSS16 – Peyton Manning), and for-profit business leaders (HIMSS16 – Michael Dell). Topping the most-desired but rarely offered list are public health experts, patients, and not-for-profit provider leaders. Furydelabongo wants to hear from inspirational people who remind us of why we’re connected to healthcare and who can convey urgency, while Tracy wants to be inspired by what’s possible in transforming healthcare rather than hearing from a celebrity.

New poll to your right or here: has your employer laid anyone off in the past 12 months?

I was thinking about how the most prevalent form of healthcare ransomware is being distributed by hospitals – the kind that holds your own medical information hostage unless you’re willing to pay to get it back.

image image

We fulfilled the DonorsChoose grant request of Mr. Blachly in Indiana, whose high school advanced placement calculus and physics students experience “abysmal conditions and poverty” that cause them to miss classes. The video camera and accessories we provided has allowed him to archive his lectures so that absent students can watch them online, allowing them to return to class fully caught up. It also frees up his time for questions rather than re-teaching missed lessons.

image image

Also checking in is Mrs. Beggs from Maryland, who teaches a middle school math class for students with educational disabilities. She says of the math tools we provided, “My students could not believe that people that have never met them were willing to purchase items for them. We had a wonderful conversation about giving to others and why its so important. We are currently working on integers and absolute value. We will continue to practice our basic math facts while we learn integer skills. These skills are essential for the every day world and are helping prepare my students for life.”


Last Week’s Most Interesting News

  • HHS OCR settles two lost laptop HIPAA incidents for $5.4 million, one of them involving a non-hospital employee whose employer hadn’t signed a business associate agreement with the hospital.
  • The CMIO of two NYC Health + Hospitals hospitals resigns, warning that the system isn’t ready for its April 1 Epic go-live and that patients will be harmed if it isn’t moved back.
  • St. Joseph Health (CA) settles for $15 million a privacy class action lawsuit involving a 2012 incident in which a PHI-containing server was inadvertently opened up to the Internet. It states the total cost of the incident at $40 million.
  • Dell appears close to be selling its services business to Japan’s NTT Data for $3.5 billion.
  • The Senate’s HELP committee passes the MEDTECH act that exempts several types of health-related software from the FDA’s oversight.

Webinars

March 22 (Tuesday) 2:00 ET. “Six Communication Best Practices for Reducing Readmissions and Capturing TCM Revenue.” Sponsored by West Healthcare Practice. Presenters: Chuck Hayes, VP of product management, West; Fonda Narke, senior director of healthcare product integration, West Healthcare Practice. Medicare payments for Transition Care Management (TCM) can not only reduce your exposure to hospital readmission penalties and improve patient outcomes, but also provide an important source of revenue in an era of shrinking reimbursements. Attendees will learn about the impacts of readmission penalties on the bottom line, how to estimate potential TCM revenue, as well as discover strategies for balancing automated patient communications with the clinical human touch to optimize clinical, financial, and operational outcomes. Don’t be caught on the sidelines as others close gaps in their 30-day post discharge programs.

Contact Lorre for webinar services. Past webinars are on our HIStalk webinars YouTube channel.


Acquisitions, Funding, Business, and Stock

An analysis of privately held Dell’s financial forms finds that sales are down across most of its divisions and it’s still largely a PC company, with 65 percent of its revenue coming from hardware sales. Revenue for the services business it is trying to sell was down 5 percent for the fiscal year.

image

Staffing and services firm HCTec Partners acquires Colorado-based professional services firm HIMS Consulting Group.

McKesson will take a $300 million charge for its cost-cutting restructuring plan that involves 1,600 layoffs.


Privacy and Security

image

Developers of the TeslaCrypt ransomware toolkit update their product to remove the ability of cybersecurity firms to use a known exploit to restore the encrypted files without paying the ransom. The FBI warned last month that ever-smarter ransomware can now search a network to locate and delete backups, leaving the victim with only one choice if they want their systems back. I’ll repeat my prediction that hospitals will have no choice but to block access to Web-based email services like Gmail that employees use to check personal email, bypassing IT security.


Other

image

Cerner holds a topping-out ceremony for its $4.45 billion Cerner Trails campus in Kansas City, MO. The 16-building, 4.7 million square foot complex with two, 15-story towers will house up to 16,000 employees. Kansas City will pay $1.1 billion of the project’s cost.

The two surviving original members of The Who, Roger Daltrey and Pete Townshend, open a teen lounge at Memorial Sloan Kettering Cancer Center (NY). The space was created using $1 million raised by a concert in which Daltrey and Townshend performed via Teen Cancer America, a charity they founded in 2012.

A profile of India-based 32-hospital chain Narayana Hrudayalaya describes its mission to “dissociate healthcare from affluence” in proving that “the wealth of the nation has nothing to do with the quality of healthcare” in a country where most residents can’t afford drugs or surgery. It offers CABG surgery for as little as $2,700 and surgery insurance for $3.60 per year. Some of its cost-cutting methods:

  • Do as much as possible in an outpatient setting.
  • Focus on high-volume procedures to gain economy of scale. Its 16 cardiac surgeons each perform 400-600 procedures per year.
  • Minimize facility expense by not investing in fancy buildings, artwork, or even air conditioning.
  • Competitively bid for drugs and medical equipment.
  • Use top-of-license practices to shift less-critical work to junior employees.
  • Use iPad-based ICU monitoring software called iKare to update patient records and provide alerts.
  • Connect all hospitals via a cloud-based information system that includes ERP and EHR.
  • Teach patient families to deliver post-op care at home.
  • Offer free telemedicine services via Skype, including consultations, radiology reports, EKG, and second opinions.

An anesthesiologist in England faces dismissal for having sex with a prostitute in a maternity hospital. He was blackmailed by the woman’s “associates,” who threatened to tell his wife if he didn’t pay them $15,000. He worked with police to set up a sting operation to capture the blackmailers, and as it was underway, he showed officers an X-ray showing a patient with a bottle lodged his most private of areas.


Sponsor Updates

  • TierPoint will exhibit at the Boston Premier CIO Forum March 22-23.
  • VitalWare will exhibit at HFMA Dixie 2016 March 20-23 in Nashville, TN.
  • PatientMatters will exhibit at the HFMA Northern California – Spring Conference March 20-22 in Sacramento.
  • Sagacious Consultants publishes the March 2016 edition of its Sagacious Pulse newsletter
  • The SSI Group and Streamline Health will exhibit at the Region 5 Dixie HFMA meeting March 20-23 in Nashville.

Blog Posts


Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates.
Send news or rumors.
Contact us.

125x125_2nd_Circle

Text Ads


RECENT COMMENTS

  1. Going to ask again about HealWell - they are on an acquisition tear and seem to be very AI-focused. Has…

  2. If HIMSS incorporated as a for profit it would have had to register with a Secretary of State in Illinois.…

  3. I read about that last week and it was really one of the most evil-on-a-personal-level things I've seen in a…

Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

RSS Industry Events

  • An error has occurred, which probably means the feed is down. Try again later.

RSS Webinars

  • An error has occurred, which probably means the feed is down. Try again later.