Rethinking the Role of Retail Clinics

HIStalk takes a deeper dive into a recent study that found retail clinics have a negligible impact on nearby ED admissions.
By @JennHIStalk

Retail clinics have gotten a bad rap lately, thanks to an Annals of Emergency Medicine-published study that found the clinics had a less-than-hoped-for impact on local ED visits. While that particular statistical nugget certainly made for good headlines, a deeper dive into the research finds that such clinics may well be on their way to not only alleviating low-acuity ED visits, but to finally becoming a trusted part of the care continuum.

Evolution of a Business Model

Since debuting in 2001, retail clinics seem to have grown exponentially, taking up valuable real estate in strip malls, pharmacies, shopping malls, and even the local commuter train station. Accenture predicts that their numbers will close in on 3,000 within the next several months – a 46 percent increase over 2014 figures. Patients – primarily those with private insurance – have become accustomed to their convenient hours, accessibility, and increasingly transparent pricing.

Health systems have certainly jumped on the retail clinic bandwagon for a variety of reasons. “Hospitals and health systems are employing a variety of strategies to reduce the use of emergency department and hospital readmissions,” says Nancy Foster, AHA’s vice president of quality and patient safety policy. “One such strategy is partnering with existing retail clinics or creating their own. This helps patients by giving them an additional access point for critical follow-up care after a hospitalization. And by having a formal partnership, the hospital or health system can more easily share follow-up instructions with clinical staff at the retail clinics.”

Mount Sinai Health System (NY) is one such health system that has recognized the need to offer additional access points as part of broader population health programs. The system, which has seven hospitals and over 140 physician practices, announced a partnership with urgent care company CityMD earlier this month, and seems intent on closing the loop between urgent care and primary and specialty care visits. The partners plan to jointly establish quality metrics for a shared network of preferred providers, ensuring that CityMD patients have immediate access to specialty care through Mount Sinai providers. They will also share EHRs for faster data access, though they haven’t gotten into specifics as to how their respective Epic and EClinicalWorks systems will talk to one another.

Some clinics, like the new Westmount Place Walk-in Clinic in Ontario, are opening with the express intent of alleviating the local ED’s physician shortage. “We know we are in a crisis from an emergency room perspective if our hospital is fundraising for an emergency room resident,” explains local government official Catherine Fife. “Having urgent care centers like this, which are community based, is an important asset we need to have in more communities across the province.”

Rethinking the Results

Though the Westmount clinic’s provenance puts it outside the purview of the AEM study, it provides a concrete example of the potential role retail and urgent care clinics can play in a community’s care continuum, including significantly reducing ED visits.

This potential did not show up in study results because, according to MinuteClinic President and CVS Health Executive Vice President and Associate Chief Medical Officer Andrew Sussman, MD, it looked at data from 2,053 EDs between 2007 and 2012 – a time when awareness and general usage of retail clinics was very early on.

“The results show statistically significant reductions in low-acuity ED use for commercially insured patients in communities where retail clinics were open,” he explains. “While the reduction may be small (1.2 percent), you should keep in mind that the old data evaluated in this study had only 1,200 clinics at its peak. MinuteClinic alone has 1,100 clinics today across 33 states. The effect of retail clinics today is far greater than the early phase of their development in this study.”

“The study also doesn’t take into account the presence of any urgent care clinic sites in a particular area,” he adds. “There are far more urgent care sites, around 9,000, than retail clinics in the US overall. Urgent care has been growing at about 8 percent annually, compounding their effect. Without knowing the precise location of the large number of urgent care sites, it is impossible to interpret the trends of low-acuity care seen in EDs.”

From Concept to Cost-Savings

Sussman goes on to point out that the study’s results should ultimately be viewed through the lens of today’s healthcare ecosystem rather than that of five years ago, when “coordinated care” was still in its infancy and “value-based care” was a concept confined to a cocktail napkin. “We have far more clinics, much higher levels of utilization, and higher awareness of retail clinic services,” he says. “Also, transparent retail clinic pricing is particularly attractive to today’s growing number of Americans with high-deductible health plans, not present prior to 2012, and as consumerism in healthcare grows. In addition to private insurance, today more retail clinics accept Medicaid than they did during the study period.”

Sussman brings up a good point: Retail clinics, which traditionally have opened in suburban communities with higher-income, privately-insured consumers, are seeing reimbursement opportunities increase thanks to Medicaid expansion. Couple that with the burgeoning interest of health systems – especially where shared referral networks and healthcare technology are concerned – and you have a recipe for retail clinic success when it comes to significantly impacting ED visits and even hospital readmissions.

Sussman sums up by saying, “in today’s retail clinic world, we would expect to see even more significant reductions in ED low-acuity visits due to retail clinic presence. Many millions of patients appreciate the access to care and cost savings that retail clinics provide.”

Morning Headlines 12/19/16

Final HHS Notice of Benefit and Payment Parameters for 2018

HHS updates the rules for health insurance marketplaces for the 2018 enrollment period.

The Great A.I. Awakening

The New York Times reports on the increasing sophistication of artificial intelligence, highlighting how Google used AI to transform its Google Translate feature into a tool capable of giving much more accurate results.

Dispatch from Israel

John Halamka, MD reports on a trip he took to Israel as part of a Massachusetts initiative to establish the state as an incubator for Israeli companies.

West Acquires 911 ETC

West Corporation, a communications and network infrastructure services company, acquires 911 ETC for $10 million. 911 ETC sells technology that shows 911 dispatch centers the location of callers dialing in from a cell phone.

Monday Morning Update 12/19/16

Top News

HHS tweaks the Health Insurance Marketplace rules for plan years starting January 1, 2018, assuming it’s still around then (670,000 people signed up on Healthcare.gov last Thursday alone in its busiest day ever). The new rules, most of them addressing risk pools, include:

• An interim final rule on the payment of premiums by third parties.
• A pilot program program to test whether it’s worth checking the eligibility of people who sign up during special enrollment periods.
• Risk models that take partial year enrollment and prescription drug utilization into account.
• Creating a high-risk enrollee pool.
• Increasing the out-of-pocket maximum to $7,350.
• Showing an indicator of each plan’s network breadth and flagging those plans offered by a provider delivery system.

Reader Comments

From Truven Watcher: “Re: Truven Health Analytics. Rumor was that new owner IBM was deep-sixing its Unify and Unify ACO population health initiatives, which never got off the ground. The website now shows no references to population health or those products – you get a 404 error. How long before CareEvolution, the engine for several of Truven’s products, goes away too?” Searching Truven’s site for “Unify” brings up links to now-deleted press releases and product pages. IBM acquired the company for $2.6 billion in February 2016 and rolled it into Watson Health, joining its mishmash of puzzlingly unrelated and expensive acquisitions that include Phytel, Explorys, and Merge Healthcare.

From Stock Doc: “Re: Athenahealth. It’s hard to believe that ATHN can sustain the price bump from this week. Upping earnings guidance after a year of misses reeks of desperation to placate the Street.”

From HIT-A-Go-Go: “Re: HIStalkapalooza. Where is it written that it must be a free event? I’d still go if there was a modest charge.” I’ve thought about requiring those who RSVP to put some financial skin into the game in hopes of reducing the maddening no-show rate of 40-60 percent, but the big challenge is that a modest payment doesn’t have much impact on the overall cost of $150-$200 or more per attendee. The facility’s minimum buy-out and the band’s fixed cost means I can’t really flex it down (I created a horrifically complex Excel worksheet to try to find the sweet spot in telling me how many people I can invite vs. the bar, food, and endless service charges). The amount of financial risk and work makes me yearn for my original vision – a do-it-yourself kind of keg and barbeque party with a marginally skilled but really loud local band blasting away in a vacant parking lot where anyone with a HIMSS conference badge is welcome to attend. Every year I swear I won’t do it again because it’s too much to manage, but then I see how much fun people have and I soften up.

HIStalk Announcements and Requests

Half of poll respondents expect their overall 2017 health spending to be modestly more than in 2016, while 29 percent say they’ll probably spend a lot more next year.

New poll to your right or here: Which inpatient EHR vendor seemed to gain the most ground in 2016? Your answer will be subjective, but that’s OK since perception is often reality in HIT-land.

Mrs. M says her Virginia third graders are using the science equipment we provided in funding her DonorsChoose grant request to make real-world connections to what they’re studying. They are working with a gemstone dig kit, a microscope, a terrarium, and a chain reaction kit.

While reading “Between You & Me: Confessions of a Comma Queen” last week, I was grammatically inspired to think about which conversational traits I find most puzzling. Maybe it’s blurting out “Yeah, no” or “No, yeah” in an excited response to a question or statement that the original speaker has barely completed. It’s often young uptalkers who do it, I’ve noted, and who are also prone to beginning sentences with “so.” It’s not so much the usage, but that it’s peculiar to their demographic, maybe due to sloppy phone-texting habits carried over from virtual social situations into real-life ones. I have my own conversational crosses to bear since I drop G’s at the end of words like “talking” due to being raised in a hardscrabble holler so far back that we had to pipe in daylight.

Listening: Blood Ceremony, 1970s-style, prog-influenced “flute-tinged witch rock” from Canada (think Jethro Tull mated with Coven). Singer, flutist, and organist Alia O’Brien is unsurprisingly eloquent and thoughtful given that she’s in her fourth year of her PhD studies in ethnomusicology at the University of Toronto with emphasis on the music of North American Muslims.

My broadband provider sent a tech out to investigate my connection speed problems, which he apparently resolved by replacing some of the wiring connectors out by the street. He also mentioned that my modem is dual band and thus puts out a faster 5 GHz Wi-Fi signal that my old laptop doesn’t recognize, so it defaults to the slower connection. He suggested I try a USB wireless adapter that supports higher speeds and the $25 Net-Dyn is doing the trick – obviously the broadband provider’s throttle won’t let me greatly exceed the speed I’m paying for, but it’s definitely faster than before.

HIMSS Conference

I’m struggling to believe that it’s just nine weeks until the HIMSS conference, meaning I should get some of my many to-dos out of the way now. I say it every year, but health IT newcomers don’t appreciate the seasonality of the industry in which 75 percent of the year’s work happens between January and April when companies spend a big chunk of their marketing budgets (because of the HIMSS conference), the first financial reports of the calendar year set the tone, and lots of job-hopping and acquisitions take place.

I’ve opened the HISsies nominations. It’s like the presidential elections – skipping the primaries means you lose the right complain about who’s on the final ballot. I’ll email the final voting ballot HIStalk readers who subscribe to my email updates (to avoid ballot box stuffing) in the next couple of weeks.

February 13-17 will be New Sponsor Intro Week on HIStalk, which I just made up. I’ll interview the CEOs of new Platinum sponsors who sign up between now and then during that prime, pre-HIMSS week (a maximum of five). Assuming they say something interesting, perhaps folks will drop by their expensive booths to check things out. Contact Lorre.

It’s not quite time to open up HIStalkapalooza invitation requests (even though I’m getting inquiries regularly), but look for that in the next 2-3 weeks.

Last Week’s Most Interesting News

• SocialWellth resurrects the mobile health app certification program of the former Happtique, which it acquired in late 2014.
• Scanadu ends support for its Scout, which was once touted as the early phase of tricorder-like development.
• Carequality and CommonWell Health Alliance announce plans to allow their users to exchange information.
• The American Heart Association, AMA, DHX Group, and HIMSS launch the non-profit Xcertia, which will establish best practices for mobile health apps.
• President Obama signs the 21st Century Cures Act into law.
• The consumer app of Quest Diagnostics is breached, exposing the information of 34,000 users.
• Cost estimates of California’s prison system implementation of Cerner are doubled to $400 million due to a poorly designed contract that omitted key items.
• The Wireless-Life Sciences Alliance trade group and the HIMSS-owned Personal Connected Health Alliance merge.

Webinars

None scheduled soon. Contact Lorre for webinar service

Acquisitions, Funding, Business, and Stock

West Corporation acquires 911 ETC — which allows companies to identify the location of 911 callers within their premises — for $10 million in cash.

Decisions

• Erlanger Bledsoe Hospital (TN) will go live on Epic in 2017.
• FirstHealth Richmond Memorial Hospital (NC) will switch from McKesson to Epic in 2017.
• NYC Health and Hospitals/Jacobi (NY) will go live with Epic In 2017.

These provider-reported updates are provided by Definitive Healthcare, which offers powerful intelligence on hospitals, physicians, and healthcare providers.

People

Henry Heimlich, MD, inventor of the namesake choking intervention, died Saturday at 96. He performed his own technique for the first time earlier this year in saving a fellow senior living resident.

Privacy and Security

From DataBreaches.net:

• LA County reports that more than 100 of its employees fell for a phishing attack in a single day this year, exposing the information of 756,000 people and resulting in felony charges against the Nigerian national behind the attack.
• A Florida man is sentenced to four years in federal prison for attempting to sell the information of 1,000 patients stolen as printed records from medical device vendor Rotech Healthcare.
• East Valley Community Health Center (VA) announces that it was attacked by ransomware in October, although it didn’t pay the ransom. The hackers used the Shade ransomware, whose control servers were seized by Dutch police in July 2016, allowing Intel Security and Kaspersky Lab to create free unlock tools as part of the “No More Ransom” project.

The latest Protenus breach report shows that 57 health data breaches were reported in November, although the number of records affected was lower than in June and August since no massive breaches were reported. Just over half of the breaches involved insiders, nine were due to hacking, and three of the hacks involved ransomware.

The Yahoo breach provides a reminder that everyone should use a password management program (it also reminds me how superior Yahoo Mail is to the incredibly clunky and frustrating Gmail, having used both for years). I use the free and life-changing LastPass. Benefits:

• You only need to remember the master LastPass password.
• Passwords are synched and shared not only among devices, but among other people you designate for accounts you share.
• It will automatically log you into sites if you choose.
• It will store multiple credentials for the same site, so that if you have both a business and personal Facebook or Twitter account, you choose which one to launch.
• Changing a password is no big deal since it’s invisible afterward – LastPass logs you in normally using the new password behind the scenes.
• Best of all, you can create complex passwords (or let LastPass create them for you) because you don’t have to remember them. Alt-G brings up a password generation menu, I just figured out. It even has a one-click change option where it logs into a site, changes the password to an automatically generated complex one, and then saves it.

Technology

A startup in Kenya is developing Flare, an Uber-like app for summoning an ambulance, hoping to reduce the two-hour delay involved with getting help from private ambulance companies in Nairobi. Users will be able to call an ambulance, stay in contact with the driver, and send their location with directions.

Other

A hospital in Canada blames a parking company’s software bug for charging a visitor’s credit card $320 for one hour of parking instead of the correct $6 shown by his receipt. The hospital is about as consumer friendly as most – it advised the man to fill out a form and wait 4-6 weeks, after which he “may” get a refund check.

@EricTopol always finds interesting articles to tweet about, including this brilliantly written one in the New York Times Magazine (so good, in fact, that I subscribed to the digital version of the paper for the first time since good journalism and sharp writing is nearly impossible to find – the holiday special is just $98 per year). It describes how Google has rebuilt its popular Translate service to use artificial intelligence — allowing it to provide results much closer to those of human translators — and the rapidly evolving state of AI in general. The article notes that artificial intelligence is built without rules or assumptions and “learns” from what it observes, just like children who learn to speak without studying dictionaries first. It provides the work of radiologists as an example:

Medical diagnosis is one field most immediately, and perhaps unpredictably, threatened by machine learning. Radiologists are extensively trained and extremely well paid, and we think of their skill as one of professional insight — the highest register of thought. In the past year alone, researchers have shown not only that neural networks can find tumors in medical images much earlier than their human counterparts but also that machines can even make such diagnoses from the texts of pathology reports. What radiologists do turns out to be something much closer to predictive pattern-matching than logical analysis. They’re not telling you what caused the cancer; they’re just telling you it’s there.

John Halamka visits Israel with a Massachusetts trade delegation, leaving impressed with the confidence and self-sufficiency of children there (vs. the US, where he says “we’ve become helicopter parents and consider child self-sufficiency a risk”) and the large number of students who participate in military service before going to college. He will create a program for Israel-based companies to pilot their software in Boston.

This is pretty cool: Visage Imaging sends up a drone inside the RSNA exhibit hall (before it opens) to provide an unusual perspective of their booth. I wonder if conferences will have to implement no-fly zones to prevent competitor espionage? It’s probably that or an overzealous vendor will shoot down another vendor’s drone and display it proudly in their booth. It would be cool to film HIStalkapalooza from a drone inside the House of Blues, but lawyers would have a field day if it came crashing down on the heads of unsuspecting attendees.

Bizarre: a panicked passer-by calls 911 when she spots what appears to be a elderly woman frozen to death in a car in Hudson, NY (a not-unreasonable assumption since it was only 8 degrees there). Police rush to the scene and smash through the car window hoping to save the woman, who turned out to be the very lifelike CPR dummy of a medical training aids salesman who indignantly explained that he always straps it into the front seat beside him for transport (want to bet he travels solo on highways with an HOV lane?) I’m skeptical of his story because nobody’s CPR dummy is that realistic and dressing them up doesn’t make sense.

‘Tis the season: Bethlehem, PA police arrest a local woman for stealing a baby Jesus from a nativity scene and dropping it off at the “safe space” of a hospital with a note signed by “concerned citizens” that said, “Child has a broken right foot which has been neglected. Parents Joseph and Mary Christ got a warning.” The woman says it was a joke, the long-tail humor of which she can contemplate during her court-mandated psychiatric evaluation.

Sponsor Updates

• KLAS names Talksoft the highest-rated vendor for outreach services in its patient outreach report.
• Computerworld recognizes TransUnion Chief Information and Technology Officer Mohit Kapoor as a 2017 Premier 100 Technology Leader.
• Consulting Magazine recognizes Huron Consulting Group for its commitment to corporate social responsibility.
• In England, Countess of Chester Hospital NHS Foundation Trust will pilot the Care Coordination Center Model using technology from TeleTracking to manage beds, patients, employees, and equipment.

Blog Posts

• Four Options to Ease MACRA Implementation (Forward Health Group)
• TierPoint Summit Keynote Provides Good Lessons for Developing Security Strategy (TierPoint)
• Post-election recap: the future of healthcare reform (Verscend)
• RSNA 16: Visage’s Top Five (Visage Imaging)
• Preparing for the mobile revolution. (Voalte)
• The New Bitter Pill: Patients Not Taking Medications (West Corp.)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

Morning Headlines 12/16/16

Happtique Reimagined – A Curated mHealth App Boutique

Happtique, a health app screening service that promised to bring clinical credibility to app stores but ultimately failed and shut down in 2013, relaunches at the HIMSS Connected Health Conference.

Pharmacies miss half of dangerous drug combinations

The Chicago Tribune tests 255 retail pharmacies by sending undercover reporters in and trying to fill two contraindicated prescriptions with potentially fatal drug interactions. The investigation found that 52 percent of the pharmacies filled the prescriptions without warning the patient of the dangerous drug combination.

Athenahealth shares soar on upbeat 2017 outlook

Athenahealth shares climbed 23 percent Wednesday after the company reported projected 2017 revenues of $1.29 to $1.33 billion and adjusted operating income between $170 million and $190 million.

Scanadu to shut down support for its Scout device per FDA regulation and customers are mad

Scanadu shuts down support of its once hyped Scout consumer medical device.

News 12/16/16

Top News

SocialWellth — whose parent company DHX on Monday revived the Xcertia mobile health app guidelines program with HIMSS, the AMA, and the American Heart Assocation – brings back the Happtique app certification program.

Happtique closed its doors in late 2013 after researchers found obvious security holes in apps that had passed Happtique’s certification criteria that included security. SocialWellth acquired the dregs of the company in December 2014.

Apparently SocialWellth stripped app certification out of the new Xcertia and is separately offering “to showcase their proprietary apps, offer promotions, and provide discounts and services” at an unstated cost. 

Reader Comments

From In Poor Taste: “Re: Epic VP Eric Helsher. He took to Twitter to throw shade at CommonWell once the CEQ/CW announcement was released. He then deleted the tweet. Wonder who got to him? It was mentioned in Politico’s daily email and that probably brought unintended attention. Don’t think for a minute that Epic doesn’t take an aggressive or competitive stance on the interop topic. Shame that at least he (if not all of Epic) are keeping score on such an important topic.” The deleted tweet apparently said, “Welcome @CommonWell to the interoperability party,” which seems innocent enough. His colleague, Epic VP Peter DeVault, left this comment on my Tuesday night post that explains the company’s position:

As for Epic’s ‘notorious’ non-participation in CommonWell, I’ve been saying for years that it’s likely there will always be multiple health information exchange networks such as Care Everywhere, CommonWell, various state-run HIEs, etc., and new ones not yet born. What Carequality neatly does is provide the governance and technical framework for any of those networks to communicate with each other. What that means is that not everyone needs to belong to everyone else’s networks in order to exchange information. That was never going to happen (just as it’s never happened, to my knowledge, in any other industry). What it means most importantly is that patients who receive care at facilities that belong to different networks that have implemented the Carequality framework are much more likely to have their complete record available at the point of care.

In addition to the networks themselves implementing the Carequality framework, individual organizations that are part of those networks have to agree to the Carequality rules of the road. Almost all Epic clients have already done so, as have clients of several other vendors. Assuming many CommonWell members’ customers also agree to those rules of the road, this will be seen as having been a great day for patients.

This has never been about us versus them, although that makes better copy for the press. It’s about deploying the right technology and agreeing on the right governance to make interoperability widespread, easy, and realistic – regardless of the endpoints, so that patients get the best care. 2016 has been a good year for that.

From Jack Polarity: “Re: rags rewriting press releases. The plagiarism checker I tried showed the so-called news item to be mostly just repurposed vendor verbiage.” And you were surprised?

HIStalk Announcements and Requests

Our long-time HIStalkapalooza red carpet sponsor Elsevier has declined to participate this year, so I’m looking for a replacement who will get a ton of invitations and exposure. I’ll even allow the red carpet sponsor CEO to greet attendees personally, hang around backstage or in my inner sanctum, and welcome guests from the stage – because otherwise I’m writing a scarily large (and probably NSF) personal check to cover a significant chunk of the event’s cost, which will then render this 10th annual HIStalkapalooza the last one since I’m not going into debt to throw a free party. Contact Lorre. Meanwhile, thanks to the several companies that are helping to underwrite the event — I’ll recognize them soon.

I need your advice: Should a health system’s vendor contract extension or product upgrade be listed in my "Sales" section? I set up a poll so you can tell me. I’m slightly leaning toward “no” since I think readers are mostly interested only in sales involving new products, but I’m torn because of new contracts like Soarian to Millennium or Meditech Magic to Web EHR, which require the customer to sign a new contract and implement a new system.

Mrs. G from Minnesota says her first graders are already using the new science books we recently provided in funding her DonorsChoose grant request, where she allows them to choose a book to read for 20 minutes each day and then take home to read with their families.

This week on HIStalk Practice: The Los Angeles County Dept. of Health Services selects the Ez-Cap managed care tool from Allscripts. GAO reports on a plethora of data-sharing practice challenges. Physician Retraining and Re-entry Program finds slow going in impacting physician shortage. McKesson Specialty Health expands. Seven health IT CEOs make the "Best Value" list. First Choice Healthcare Solutions CEO Chris Romandetti recounts the importance of disaster recovery preparedness in the wake of Hurricane Matthew. Marathon Health goes with Quippe documentation tech. Humana consolidates its quality metrics by 80 percent. Kansas City Care Clinic VP of Behavioral Health and Community Programs Dennis Dunmyer details the IT challenges involved with integrating primary care, behavioral health, and oral care.

Everybody has poetic songs that make them a bit sniffly. One that’s been one of my favorites for a very long time: “The Drinking Song” by the long-defunct, fantastic Moxy Fruvous. The band wouldn’t say if it’s about the obvious (alcoholism), the subtle (the AIDS epidemic), or perhaps even death-caused loss in general. On the other hand, when I want to raise some goose bumps, it’s usually the live version of  Rush’s “Working Man,” which I was fortunate to have seen played live with stunning virtuosity on their Time Machine tour.

Webinars

None scheduled soon. Contact Lorre for webinar services.

Here’s the recording of this week’s webinar, “Three Practices to Avoid Drift Between Audits.”

Acquisitions, Funding, Business, and Stock

Athenahealth raises 2017 earnings guidance, sending shares up 23 percent Thursday. They’re still down 26 percent in the past year.

Publicly traded physician practice EHR/PM/RCM vendor Medical Transcription Billing will sell $10 million in Series A Preferred shares to help pay for its October 2016 MediGain acquisition and to acquire more companies. Shares of the money-losing MTBC face Nasdaq delisting since they trade for $0.82, having dropped 33 percent in the past year, and are down 84 percent since the company’s July 2014 IPO. The company’s market value is $8.5 million.

CareSync will hire 350 people as it moves its headquarters to Tampa, FL. I interviewed CEO Travis Bond a few weeks ago.

Scanadu, the one-time disruption poster child for its Tricorder-like diagnostic device, ends support for its Scout product, explaining that it was an investigational device and the FDA required the study to be closed (the accuracy of last statement is questionable). It’s not much of a loss except to those who paid $150 and more to participate in the $1.6 million online fundraising project of Scanadu (or “Scamadu,” as upset users are calling it). Scout never lived up to the Tricorder hype anyway, having been stripped down to record just a few rather boring vital signs like temperature and heart rate for all the dozens of millions of dollars it spent on research. The company is now pitching Scanadu Vitals, which measures blood pressure, temperature, heart rate, and pulse oximetry (which it manages to spell wrong on its site). It’s not as shady as Theranos or as predictably flawed as Google Glass, but it the similarities are increasing. The product also didn’t give users access to their own data.

Sales

Workplace health center operator Marathon Health chooses Medicomp’s Quippe and its MEDCIN Knowledge Engine to transform unstructured data into meaningful information and to streamline encounter documentation with templates and workflow tools.

People

Rachel Neill (Nordic) joins Carex Consulting Group as president.

Privacy and Security

From DataBreaches.net:

• A single-doctor medical practice in New Jersey notifies 4,277 patients that it was hit with a ransomware attack on October 6. 
• Yahoo says 1 billion of its accounts have been breached in an incident going back to 2013, just three months after the company reported that the information of 500 million accounts was stolen in an unrelated breach. My bet is that this second huge breach will kill Verizon’s plan acquire Yahoo for $4.8 billion.

Kent Murphy, MD of Summit ENT Associates (TN) left a comment on a recent HIStalk post stating that his practice was hit by a ransomware attack on Wednesday. He paid the demanded $1,600 ransom but his EHR isn’t back up yet.

In India, hackers breach the systems of Apollo Hospitals, the country’s biggest private hospital chain, and gain access to the medical record from the recent 75-day stay of now-deceased Jayalalithaa Jayaram, chief minister of Tamil Nadu. The hackers also breached the accounts of several journalists and found emails suggesting that Jayalalithaa was given the wrong diabetes medication. Another article notes that  her stay will cost the government at least $2 million, as the entire floor of 30 rooms surrounding hers were vacated, 39 doctors were involved, and experts were brought in from the UK and Singapore.

Innovation and Research

Amazon announces completion of the first autonomous, GPS-directed drone delivery in its Prime Air service, which dropped the customer’s package in his yard 13 minutes after he placed his order.

Other

University of Louisville pays go-away money to two former executives who are targeted in a federal investigation. The university paid former VP of Health Affairs David Dunn, MD, PhD $1.15 million to leave the school, while former CIO Priscilla Hancock received $250,000 before she retired. Also under investigation is Russell Bessette, MD, former AVP of health affairs and health informatics. The FBI is reviewing the possible misuse of federal grant money. Dunn’s attorney says he was attempting to make U of L “a leader in healthcare informatics” as authorized by the university president. Dunn and Bessette previously ran the now-defunct Health DataStream, which sued SUNY Buffalo for stealing its health status-scoring algorithms.

MD Anderson Cancer System considers layoffs and research cutbacks as its losses hit $102 million during the first two months of its fiscal year. Officials name its Epic implementation as one of the four issues affecting its financials, but its president concludes, “The situation requires serious attention, but it is not out of control, our long term balance sheet is strong.”

As just about anyone could have predicted, Pokemon GO turned out to be a quickly-abandoned fad offering minimal long-term health benefits, with BMJ-published research concluding that while users moderately increased their daily step count right after installing it, they had returned to their old levels of inactivity within six weeks (at least those who weren’t run over by cars or shot for trespassing in wandering around in a zombie-like trance at a rate only slightly higher than among regular phone users). 

A newspaper’s field test of presenting prescriptions for two dangerously interacting drugs at 255 Chicago pharmacies finds that half them dispensed the medications with no warnings or intervention. Independent pharmacies failed 72 percent of the time vs. 49 percent for drugstore chains. The newspaper concludes that pharmacists cut corners to keep up with crushing workload demands and computer system alert fatigue may contribute, while one pharmacist said the pharmacy tech receives the warning and may or may not alert the pharmacist. “The patient will get mad if you call the doctor and take time, “ said a pharmacist who caught the potential error. “Sometimes they think it is fast food.” The report notes that while most Kmart pharmacists dispensed the risky drug combination without question, they were good about pestering the patient into signing up for the company’s loyalty program.

A fascinating New York Times article frames the US economy (and its world-leading inequality) around the much-ballyhooed 2013 revival of the Twinkie. Private equity firms bought the brands and bakeries of bankrupt and PE-owned Hostess for $186 million, then flipped the company four years later for $2.3 billion after closing plants, slashing the workforce from 8,000 to 1,200, eliminating union contracts and pension payments, and saddling the company with a $1.3 billion loan that was used to pay the PE owners and investors in advance. The article notes that the highest-earning CEOs in the country run private equity firms, with their one-year compensation listed above (note that the group is about as diverse as Hostess’s Wonder Bread). Those CEOs defend their activities by saying their firms provided much-needed capital and expertise to turn the companies around, which nearly always involves employee takeaways. You would think news like that would encourage people to start businesses rather than serve as wage slaves for others, but I’m not sure our educational and social system is geared to produce people willing and able to become something other than faceless widgets in the means of production.

The Pope — visiting a Vatican children’s hospital whose former president is charged with using $440,000 of its money for apartment renovations — urges its employees to resist the urge “to transform a good thing like a children’s hospital into a business, where doctors become businessmen and nurses become businessmen.” He apparently hasn’t seen the salaries that US children’s hospitals pay their executives.

The feel-good, viral story about a terminally ill five-year-old hospital patient who died in the arms of a man portraying Santa Claus turned out to be another example of sloppy journalism intended to draw eyeballs without editorial control. The Knoxville newspaper says it can’t stand behind its original story since it can’t verify anything written by its columnist, who took the fake Santa’s description of the event at face value even though he refused to provide identities, dates, or even the name of the hospital that was supposedly involved. The worst part is that the average Facebook user wants to be entertained, not informed, and probably will neither notice nor care that the story as written was crap. I bet both the editor and the columnist (not to mention the snotty big-name papers that ran the story without question) are secretly high-fiving each other for drawing clicks at the expense of accuracy and objectivity. Just because analytically challenged readers react emotionally to a story doesn’t mean it’s true.

Sponsor Updates

• The Orange County Register includes MedData in its list of Top Workplaces for 2016.
• Infor will offer its customers McKesson Strategic Supply Sourcing and McKesson EIS, in turn, will offer Infor CloudSuite Healthcare to its user base.
• Two hundred Meditech customers receive an ‘A’ hospital safety rating from The Leapfrog Group.
• GetWellNetwork will participate in the VA’s “Telehealth Education Delivered” mobile showcase that will visit 200 VA medical centers.
• Buyers Laboratory awards Lexmark its BLI PaceSetter 2017 award for Healthcare: Group Practices.
• PeriGen hosts a team-building bike challenge for Big Brothers Big Sisters.
• Surescripts recaps its video chat on the “abysmal” prior authorization process.

Blog Posts

• Productivity vs. Information Security: Balancing Offense and Defense (ID Experts)
• Physician Engagement for EHR Implementation (Impact Advisors)
• Influencer Perspective: Influence Healthcare with Your Leadership (Influence Health)
• What InstaMed Customers Need to Know About MasterCard’s New BIN Range (InstaMed)
• The EHR Implementation is Complete, Now it’s Time for Optimization (Optimum Healthcare IT)
• Why Columnar Databases are the Future of Business Intelligence (Dimensional Insight)
• Do you know how primary care providers make decisions about specialty referrals? (Kyruus)
• The Heart of Health: The Voice of the Patient (Spok)
• Data Sharing: Why Does It Remain Such a Struggle? (Aprima)
• Gartner releases top 25 Healthcare Supply Chains of 2016 (Infor)
• 3 Ways Data Blocking Threatens Patient Registries’ Impact on Healthcare (Liaison Healthcare)
• Epic Community Connect: 3 Executives Who Stand to Benefit From An Outreach Program (HCI Group)
• Progress: The Anna West Act Passes (Netsmart)
• Cocoa is for Coders (SayIt 11/2 is here!) (Nvoq)
• 5 Steps to Take Before Selecting Your Next Integration Engine (Orion Health)
• ICD-10 Changes are on the way. Are you ready? (Intelligent Medical Objects)
• Healthcare Trend #2: Demand Drives Adoption of Healthcare E-Commerce (PokitDok)
• 3 Key Delivery Channels of Effective Secure Communication Platforms (Uniphy Health)
• Phynd Expands Customer Base (Phynd Technologies)
• Five Things You Might Not Know About Medicare’s New Merit-Based Incentive Program (PMD)
• The 21st Century Cures Act and Health IT: A Birds’ Eye View (Point-of-Care Partners)
• Interoperability: Removing the Obstacles and Inefficiencies to Actually Improve Patient Care (Summit Healthcare)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

EPtalk by Dr. Jayne 12/15/16

Lots of vendors are sending holiday greetings. Although I appreciate the sentiment, there’s a lot of noise this time of year and I think a lot of the messages get overlooked. I’d like to recommend that vendors consider sending friendly greetings throughout the year. Perhaps cardiovascular solution vendors might consider National Tap Dance Day on May 25. Geriatrics vendors may want to consider As Young as You Feel Day on March 22, where storage vendors may want to consider World Backup Day on March 31.

I was glad to have a couple of extra days off the road this week since several of my clients are still struggling with how they’re going to wrap up their reporting for Meaningful Use attestation and other quality programs. I know organizations are busy and healthcare is a crazy changing place, but there’s no reason for leaving things until the last minute. I have two clients who have yet to select their clinical quality measures for the year. They can’t seem to understand that if their numbers haven’t improved throughout the course of the year, there is no magical force that is going to get them to the desired threshold with only 10 patient care days left.

I mentioned this phenomenon before. A reader shared his experience with using LogicStream to measure adoption of workflow best practices down to the clinician level. Designed to reduce unnecessary variation in care, it sounds like a great way to track compliance with specific clinical protocols and alerts. However, there are a lot of physicians out there who still struggle with the idea of “variation in care,” especially in the ambulatory space.

Let’s face it, we have a lot more compelling studies from the inpatient arena, and given volumes at many acute facilities it’s much easier to see when a specific clinical pathway is superior than it is at the average physician office. I have a lot of physicians that fight me about the EHR workflow being “contrary to how I practice medicine” and it’s always a battle to try to explain that the way they are practicing might just not be best practice. Most of the top-tier EHRs are designed with best practice and evidence-based workflows. I know I’ve mentioned in the past the physicians who argue about reconfiguring preventive care guidelines to match their own personal practice that isn’t supported by the US Preventive Services Task Force, the American Cancer Society, or anyone else who actually has data.

I feel for the organizations that have to try to rein these physicians in. On the other hand, the organizations are to blame because they allow this to go on. I’m not going to say it’s easy to get rogue physicians under control, but it can be done. Sometimes they will respond to targeted interventions and sometimes it takes a change in their contract to elicit the desired behavior. But if you can’t get a physician in line even with a contractual agreement, I would argue that it’s better for the practice to consider making them available to the workforce. In the new world of transparency around quality, the viability of keeping someone around because they’re productive or popular is less every day, especially if they’re doing something squirrely related to established protocols for patient care.

Another project taking a lot of my time this week is a strategic planning engagement for a midsized, hospital-owned provider group. For the past couple of years, they have been running on fear and adrenaline, acquiring as many small practices as they could in hopes of solidifying their referral base. Now they have a provider organization that looks like the Wild West. The only referral metrics they’ve been tracking are hospital admissions and surgical cases, leaving physician-to-physician referrals completely unaddressed. I’m not even sure the physicians know who their peers are since the acquisition strategy didn’t include much internal marketing to other members of the group. Some members have been migrated to the enterprise ambulatory EHR and some were allowed to stay on their own office systems, so interoperability isn’t what it needs to be, either.

Because they were so focused on building their provider base, they lost focus on other key projects such as staying current with EHR upgrades and making progress towards patient-centered medical home recognition. The coding and compliance staff was focused on onboarding the new providers and stopped their regular audits of existing physicians. Rather than having quarterly audits like they’re used to, some physicians haven’t had a coding audit for more than a year. If someone’s gone off the beaten path with their coding, that’s not the kind of thing you want a delay in uncovering.

I had several calls with them this week, trying to prepare an agenda for a strategic planning retreat in January. They’re struggling with their end-of-year ACO and PQRS reporting, however, and all they wanted to talk about was the perceived issues they’ve having with their vendor. I say “perceived” because I have other clients working with the same vendor who are doing just fine. They say they can’t give the quality reports to their providers because they’re not granular enough and the providers don’t understand them. I’ve seen the reports, and they’re extremely clear – they have the name and number of the measure and a brief synopsis. The providers can drill down into the individual patients to see why someone is passing or failing. It turns out the organization has been printing them out, so of course they’re not as impactful as delivering them electronically so they can be used interactively.

The reason for the printed reports is so the office managers can use highlighter on them and sit down and discuss them with the providers. I’m not sure why the red-yellow-green display in the EHR report package isn’t good enough or why they can’t sit down in front of a screen instead of a piece of paper. This is a classic case of “blame the vendor” for an operational problem. I said as much, trying to steer them back to the agenda at hand, but they continued to try to return again and again to their “pressing issues.” I’ve been working for months to help them understand that they have to get out of the weeds and start looking at the bigger picture and not continue to be ensnared in “pressing issues” because it’s simply a classic case of avoidance behavior.

They need to decide who they want to be when they grow up. Do they want to be a big fish and keep growing? Or are they happy where they are and ready to make the most of their provider membership? Are they ready to start working on quality in earnest and remediating any poor performers? Until they set some direction, they’re going to continue to struggle.

I’ve got another call with them tomorrow to try to continue to nail down the agenda, but it’s slow going. They “forgot” to invite the CFO to today’s call and I wasn’t willing to move forward without the right players on the call. I’m planning to bring a second facilitator with me to the onsite planning meeting because I can see already that it’s going to take a village to keep them corralled. Sometimes these clients make me want to give up, but once in a while, one starts to really get with the program and those bright spots keep me going.

Does your organization have a strategic plan for 2017? Email me.

Email Dr. Jayne.

Morning Headlines 12/15/16

National Scorecard on Rates of Hospital-Acquired Conditions 2010 to 2015: Interim Data From National Efforts To Make Health Care Safe

AHRQ releases a scorecard on hospital-acquired conditions which measures a 21 percent decline in HAC’s since 2010, representing an estimated 125,000 saved lives and $28 billion in saved healthcare costs.

PCORI Board Approves $42 Million for 19 New Patient-Centered Research Projects

PCORI approves $42 million in new research funding. The investments will fund thirteen projects, including studies focused on assessing the quality of communications between healthcare providers and patients, preserving patient privacy when data sets including medical information are linked, and measuring patients’ preferences.

Increased transparency and quality information via new Compare sites and data updates

CMS releases two new consumer compare websites, one comparing inpatient rehabilitation facilities and the other comparing long-term care facilities.

Telemedicine for PTSD no less effective than in-person therapy

In a study of 132 veterans with PTSD, researchers at the Ralph H. Johnson VA Medical Center (SC) find that PTSD treatment can be delivered remotely via telehealth services with no measureable differences in effectiveness.

CIO Unplugged 12/14/16

The views and opinions expressed are mine personally and are not necessarily representative of current or former employers.

Iron Sharpens Iron

My dad is 83 and once again will carve the Christmas turkey. Since I was a child, Dad ceremoniously stood at the table, and before slicing the bird, carefully clanged heavy pieces of steel together as if he were in a sword fight. Meticulously he rubbed the carving knife in his right hand against the steel rod in his left. Once the knife was sharp, the blade glistened while descending, separating bone from flesh. It was like Messi splitting two defenders scoring a goal.

The meat of the bird fell to the side and the celebratory feast began. I still hear the sound of steel upon steel, the smell of German spices, and see the smiles on hungry faces.

Soon after landing my first CIO gig, I helped lead our organization through an EHR implementation. My mentor suggested seeking advice from others who had led large, complex transformative projects for their organizations. I tracked down the members of our board of directors and reached out to their CIOs. Each accepted my offer for drinks and dinner. I learned while developing relationships that I leverage today.

I briefed my CEO the next day and he asked what compelled such an approach. I immediately responded with, “Iron Sharpens Iron.” Tom thought it was profound and appreciated the initiative and approach.

Since that time, I have embraced this concept highlighted in ancient Proverbs. Like my dad’s knife, my sharpness increased exponentially as I began to continuously seek others’ wisdom and evaluated experiences rather then to rely exclusively on my own knowledge. I needed to stay sharp, and in doing so, helped others be sharp as well.

If you live and die by the sword, you’d better be sure it is always sharp. As I reflect on my career since that time, I can taste the results, smell the success, and see the smiling faces. All from living out a simple phrase of iron sharpens iron and having the humility to admit my shortcomings and accept that I can’t be effective on my own.

This fall I was walking the streets of NYC fuming. I was hurt and I was headed to my day in court, where I would justify myself and extract punishment. I had the fix and I would administer judgment. I knew operating out of anger was wrong, but I could not think objectively.

I called a peer a few minutes prior to the meeting. He spoke wisdom. He helped me become rational. He reminded me who I was. My anger softened, my thoughts become clearer, and I entered the meeting at peace. The meeting turned out better than I imagined. The positive outcome was a credit to my peer who sharpened me.

When I was courting my wife, we had to work through a bunch of baggage we both carried with us. We had serious conversations with one another, but we also were sharpened by friends and mentors. Had we relied on ourselves, we might not have become engaged, or worse, we would have become engaged and started our marriage with all sorts of junk we did not need. Rather, the people around us sharpened us and helped us understand what was fake versus real and we began our marriage with a fairly clean slate.

In Texas I kept hitting obstacles with Finance and was unable to secure needed funds for critical investments. I finally got on the phone and dialed up some of my heroes. They taught me a few methods I had not yet deployed. It took time, but it worked. Ultimately it cost me a couple of glasses of wine, but it was well worth the price.

I made a bad hire once. I knew what to do, but was frozen. Tom from Sherwin-Williams looked me straight in the eye and said fire him. I was a softie and avoided the obvious, but I needed someone I respected to remind me to do the right thing. I fired my friend and the organization experienced immediate improvement.

You don’t have to wait for a need before you sharpen yourself. I have admired Daniel, a successful CIO for many years. As fate would have it, we both ended up in NYC. We met recently for a drink and soon for a run in Central Park. Chuck and I have met all over the country the past few years — Chicago, Dallas, Orlando, Las Vegas, and LA last week. Dang, I left both these leaders feeling refreshed and ready to face any challenges ahead of me. I did the same for them.

Where do you find your iron? Humble yourself and seek clarity and opportunity. I see someone I admire, I reach out to them, and I also try to give back. Someone reaches out to me, I serve them, and often I learn in return. I am fortunate to serve on the faculty of the CHIME Boot Camp, and wow! – I  am surrounded by men and women who sharpen me twice a year. Also, don’t be afraid to look outside of healthcare. Remember, in as much as you receive, give back to others in the same way.

If you don’t need anyone to sharpen you, I am sad for you. Not only are you missing out on increasing your effectiveness, but you are robbing those you serve. You are stealing joy from those who are called to sharpen you and stealing performance from those you are to sharpen. Pride is the ultimate act of selfishness.

I am thankful I have others in my life who sharpen me and whom I can sharpen. I unashamedly admit that I need others to help fulfill the calling that is placed on my life and career. To those who sharpen me, thank you. To those who will in the future, thank you. To those who have in the past, thank you. I would not be who I am today or who I become tomorrow without you.

Ed encourages your interaction by clicking the comments link below. He can be followed on LinkedIn, Facebook, Twitter, or on his web page.

Morning Headlines 12/14/16

Carequality and CommonWell Health Alliance Agree on Connectivity and Collaboration to Advance Interoperability

CommonWell will integrate its health information exchange network with Carequality, allowing customer organizations  to exchange health information through direct queries across both networks. Epic is a Carequality member, while Cerner and many other notable vendors are CommonWell members.

California Prison Record System Cost Doubles to $386 Million

The cost of a Cerner implementation aimed at modernizing the paper-based medical records system used by California’s prison system has doubled from the original budget of $182 million to nearly $400 million.

Chief data officer leaving Centers for Medicare and Medicaid Services

Niall Brennan, the chief data officer at CMS, will leave ahead of the change of administrations, and will be replaced by his deputy, Chris Cox.

Retired carer left to die after hospital replaced ‘old-fashioned’ whiteboard with computer system

In England, a woman dies when clinical staff inadvertently stop rounding on her after replacing their traditional unit whiteboard with an electronic patient census system.

News 12/14/16

Top News

CommonWell Health Alliance and Carequality will connect their respective systems, allowing their members to share information.

Most notable (but unstated) in the announcement is that Epic uses Carequality’s Interoperability Framework but is a notorious non-participant in CommonWell, with the agreement potentially allowing Epic to connect to other systems outside of its own proprietary connectivity suite. Likewise, Cerner is a CommonWell founding member but doesn’t participate in Carequality.

I’m not sure if the announcement can be accurately characterized as health IT’s version of the transcontinental railroad’s golden spike, but it has potential to become a significant joining of the patient data tracks, assuming of course that competing health systems are actually willing rather than conveniently unable to exchange patient information.

Reader Comments

From Much Too Much: “Re: HIMSS17 registration list. Vendors received it Friday. For the first time, this list does not include a postal address. Vendors wishing to send direct mail will have to have the campaign approved by HIMSS and then use HIMSS preferred mailing vendor. The cynic says this is just expanded vendor extortion, while the optimist says that maybe we’ll get less junk in the mail before the conference.” I surmise that the motivation was income rather than junk mail curtailment. However, from a purely economics standpoint, HIMSS should keep raising the exorbitant prices it charges vendors for the annual conference until they push back by not participating. The frenzy to rack up HIMSS points to allow spending even more money on prime exhibit hall square footage suggests that the supply-demand curves do not yet intersect.

HIStalk Announcements and Requests

HIStalk reader Mike sent a DonorsChoose donation that, with some pretty amazing matching money, will give Ms. A’s fourth grade class in Stone Mountain, GA an iPad Air, Amazon Echo, and Amazon Fire and also economics books and games for Mrs. M’s gifted classes in Springdale, AR. Mrs. M responded, “It is so exciting to have others help in providing amazing resources to my students. Your generosity is appreciated more than you can imagine! I can not wait to receive these resources to share with my students! Your help allows my students to experience hands-on real world economics.”

Mrs. G in Wisconsin says the best part of the day for her elementary school students is using the makerspace materials we provided in funding her DonorsChoose grant request, as their confidence is growing from making decisions together as teams. 

Listening: the latest album from Australia-based Wolfmother, which is down to just one of its three original members but still rocks it out well in the fashion of Black Sabbath or perhaps Led Zeppelin. If rock ever makes a comeback, these guys should be part of it.

Webinars

December 14 (Wednesday) noon ET. “Three Practices to Minimize Drift Between Audits.” Sponsored by Armor. Presenter: Kurt Hagerman, CISO, Armor. Security and compliance readiness fall to the bottom of the priority lists of many organizations, where they are often treated as periodic events rather than ongoing processes. How can they improve their processes to ensure they remain secure and compliant between audits? This webinar will cover the healthcare threat landscape and provide three practices that healthcare organizations can implement to better defend their environments continuously.

Here’s the recording of the recent webinar titled “Charting a Course to Digital Transformation – Start Your Journey with a Map and Compass.” 

Acquisitions, Funding, Business, and Stock

Analytics vendor Inovalon lowers full-year revenue and earnings guidance after a collaboration agreement with an unnamed partner fell through last week unrelated to the company’s offerings. Inovalon expects annual revenue of $426 million instead of $470 million and net income of $25 million vs. the previous guidance of $43 million. Shares were predictably hammered on the news, shedding 36 percent of their value by the market’s close on Tuesday. INOV shares are down 64 percent in the past year vs. the Nasdaq’s 12.5 percent increase.

EHR vendor IMedicor warns that three of its financial statements from 2014 and 2015 should not be relied on because they misstated liabilities that were later discovered in a year-end audit. The amount involved was only $471,000, however, caused by double-recording the same set of warrants in two accounts. The greater question might be how a money-losing company with a market cap of barely $1 million can afford to remain publicly traded with a current share price of $0.0009, which suddenly makes that $471K seem more significant.

Canada-based VSS Medical Technologies acquires a majority interest in Legato Healthcare Marketing. VSS also owns Sigmund Software, MedicFusion, VersaForm, DeviceTrak, and Health:PCP.

Sales

In Canada, Mackenzie Health chooses Orion Health’s Rhapsody integration engine.

AtlantiCare Health System (NJ) selects Santa Rosa Consulting to strengthen its analytics program.

Frances Mahon Deaconess Hospital (MT) will upgrade to Meditech’s Web EHR.

People

Tom Clark (Direct Recruiters) joins Direct Consulting Associates as VP of operations. He is a former US Army captain and Airborne Ranger.

Announcements and Implementations

The American Heart Association, AMA, DHX Group, and HIMSS launch the non-profit Xcertia, which will establish best practices for mobile health apps. It’s the second time around for Xcertia, having been originally announced a year ago under the direction of Columbia University and vendor Social Wellth, which bought the assets of defunct health app certification vendor Happtique in December 2014 and created its own app guidelines. SocialWellth CEO David Vinson created the non-profit DHX along with the AHIP insurance company trade group with the intention of offering app certification, which apparently isn’t a priority for Xcertia 2.0.

Black Book’s 2016 RCM survey finds that hospital outsourcing of complex claims has jumped from 20 percent to 40 percent in the past three years, with hospitals that previously wrote off those claims because of the effort and expertise required to pursue them realizing they were leaving significant money on the table.

Another Black Book survey finds that competing priorities have killed off hospital ERP implementations, with just a 29 percent penetration and 2 percent growth in 2015. Shockingly, more than one-third of those hospitals that have bought ERP systems aren’t keeping up with available upgrades, rendering those systems basically obsolete. More than half of hospital C-suite executives admit that they didn’t really understand their supply chain (which represents nearly a third of hospital budgets) until the move to value-based care forced them to dive deeper.

Consulting firm RTI International and Validic partner to optimize the use of wearable consumer sensors in health research.

Centralized tele-ICU programs can increase case volume by 44 percent and contribution margins by 665 percent, according to a journal-accepted study by UMass Memorial Medical Center (MA), which uses Philips eICU. 

Connected home software vendor Orbita releases a development tool for creating Amazon Echo-powered home health voice assistant apps.

Government and Politics

President Obama signs the 21st Century Cures Act into law.

CMS’s chief data officer Niall Brennan is among the federal political appointees leaving their jobs (voluntarily or otherwise) with the administration change. He will be replaced in interim by Office of Enterprise Data and Analytics Deputy Director Christine Cox.

The VA creates a website for its Digital Health Platform, which describes its approach and includes use case videos. Previously issued documents indicate that the VA plans to acquire five system components:

• An EHR
• An operation management platform (resource allocation, financial, supply chain, and HR system) integrated with the EHR
• A CRM system
• An analytics system
• An API framework

The FTC settles consumer deception charges it had brought against Aura Labs, which sold $600,000 worth of its $4, smartphone camera-based Instant Blood Pressure app that it falsely claimed to be as accurate as a blood pressure cuff.

Privacy and Security

Quest Diagnostics notifies 34,000 people that a hacker has breached its systems via a vulnerability in its MyQuest mobile app, exposing their demographic information and lab results. The app also allows users to record their provider contact information, prescription information, allergies, and health statistics.

Financial consulting firm PwC threatens legal action against a security advisory firm that had warned it of a vulnerability in a PwC-developed security tool, insisting that the company not go public with details. PwC says it has fixed the problem and says the security firm wasn’t licensed to work with its software. The security firm ignored the warning and published its security advisory anyway.

Grammar matters: Russian hackers were able to penetrate the Democratic National Committee’s email system even though a Clinton campaign aide intercepted a phishing email sent to Campaign Chairman John Podesta. In his haste to alert Podesta, the aide mistyped “illegitimate email” as “legitimate email” in his urgent warning, after which Podesta obligingly clicked the phony password update link that compromised his account.

Innovation and Research

Inova Health System (VA) launches a venture capital arm and its Personalized Health Accelerator.

Technology

A surgeon in England uses Snapchat’s Spectacles – $130, camera-equipped sunglasses — to record 10-second video clips of a surgery he performed, allowing medical students follow his progress live and afterward.

Other

Cost estimates for the California prison system’s implementation of Cerner have doubled to $400 million in the past three years as the state realized it signed a contract that omitted the cost of maintenance, hardware replacement, mobile devices, additional required software, and dental recordkeeping capability. The federally appointed receiver in charge of the system mostly blames Cerner, which is being paid $177 million over 11 years, but also says his own office bears considerable responsibility for the overrun in missing several required items. He also says employees are struggling to learn the system, doctors don’t like doing their own data entry and are seeing one-third fewer patients due to the extra work required, and the pharmacy system was “damn near unusable” due to design and implementation problems. The state turned control of the prison healthcare system to the federal government in 2006 to settle lawsuits claiming that poor inmate care constituted cruel and unusual punishment. The receiver’s budget has since doubled to $1.9 billion per year.

The imaging system used by hospitals in South Australia goes down for six hours due to unspecified technical issues. 

A report from Imprivata and the Ponemon Institute finds that misidentification of hospital patients is a regular occurrence and the average hospital loses $17 million per year due to rejected claims due to missing or incorrect patient information, with respondents favoring the implementation of biometric ID at registration to improve both situations.

In England, an woman dies after a hospital admits her for a broken arm but then fails to send anyone to treat her for several days. The hospital had changed the way it lets doctors know they have new patients, moving from an old-school whiteboard to an email-based program. The patient shared a first name with another patient and the unit secretary mistakenly removed the woman’s name thinking it was a duplicate entry.

AHRQ reports that hospital-acquired conditions are down 21 percent since 2010, with potential savings of 37,000 lives and $28 billion in costs. I guess the good news is that hospitals still harm and kill people every day with their screw-ups, but at least less often than they used to.

A city in Japan offers free barcoded, personalized fingernail stickers for people with dementia who are prone to wandering, allowing police to scan the QR code to find their families. Stickers were already being attached to shoes or items of clothing, but those weren’t always being worn when needed.

A study finds that veterans with dementia who use the VA healthcare system and who also receive Medicare benefits have twice the odds of medication problems due to lack of connectivity between VA and non-VA doctors.

The bond ratings agency of PeaceHealth (WA) notes that its $293 million Epic implementation costs have temporarily hurt its margins. The same agency reviews Seattle Cancer Care Alliance (WA), which it says is considering replacing its EHR  (it doesn’t say which one, but I think they’re running Cerner and they have listed Epic jobs).

Here’s a frontlines report from the war on drugs. The owner of a chain of “clean and sober” residential drug recovery centers called “I.C. Clean People” in Washington State is arrested for drug trafficking, with a raid on his office turning up crystal meth, heroin, marijuana, oxycodone, methadone, and a loaded pistol.

Strange: a mother sues the hospital where she gave birth in a 2012 incident in which employees mistakenly gave her newborn baby to another mom to be breastfed. Abbott Northwestern Hospital (MN) says it has since switched to electronic bracelet baby-mother matching.

Sponsor Updates

• EClinicalWorks employees help out families through Project New Hope, Project Just Because, and the United Way.
• Medecision launches population health management consulting services.
• CloudMine and Validic will partner to advance integration of patient-generated health data into clinical workflows.
• Healthgrades SVP Chris Baxley joins the Nashville Health Care Council Fellows.
• Santa Rosa Consulting publishes a white paper titled “Critical Aspects of a Successful BI and Analytics Program.”
• The Indo-UK Institute of Health names GE Healthcare a preferred technology partner in its IUIH Medicities program in India.
• Agfa HealthCare will implement enterprise imaging for radiology in the first Acibadem International Medical Center in the Netherlands.
• KLAS includes Bernoulli as a top vendor option for clinical alarm management and alarm reduction.
• Besler Consulting releases a new podcast, Epic Conversion – Revenue Cycle Lessons Learned.
• Elsevier Clinical Solutions offers predictions for the next 100 years of medicine.
• Evariant releases a series of best practice guides on a variety of topics.
• Built In Colorado features Healthgrades Director of Talent Acquisition Jenny Truax.

Blog Posts

• A 180-Degree Turn From Illness to Wellness (Arcadia Healthcare Solutions)
• What a Trump Presidency Could Mean for Population Health (Caradigm)
• Physician Engagement for EHR Implementation (Impact Advisors)
• Top 10 Reasons CareSync is Number 1 (CareSync)
• Post-Election Healthcare and the Future of the ACA (Optimum Healthcare IT)
• EHR Replacement – Can You Afford to Wait? (ECG Management Consultants)
• New Technology Connecting Patients & Providers (FormFast)
• Our Top 10 Blogs of 2016 (Galen Healthcare Solutions)
• A Veteran and Cancer Survivor Sits Down with VP Biden to Stand Up to Cancer (GE Healthcare)
• The MACRA Final Rule: Easing the Pain of Implementation (Hayes Management Consulting)
• Healthcare Innovation: Why You Need an Innovation Team (HCI Group)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

Morning Headlines 12/13/16

Building A System That Works: The Future Of Health Care

HHS Secretary Sylvia Burwell publishes a blog in Health Affairs outlining the achievements made since the passage of ACA, and her vision for the road ahead.

Improving the Quality of Care for Medicare Beneficiaries by Increasing Patient Engagement

CMS will test two patient engagement strategies from the CMS innovation Center, the Shared Decision Making Model and the Direct Decision Support Model, both of which offer a variety of patient-focused decision support tools to help create more educated and engaged beneficiaries.

Medicare Value Based Payment Models: Participation Challenges and Available Assistance for Small and Rural Practices

A GAO report finds that small and rural practices considering participation in value-based payment programs face financial challenges associated with EHR interoperability, and staff expertise challenges associated with optimizing EHRs and analyzing population data.

In five years, machine learning will be a part of every doctor’s job, Vic Gundotra says

Former Microsoft and Google executive and current AliveCor CEO Vic Gundotra argues that artificial intelligence will become a critical tool for physicians within the next five years.

Curbside Consult with Dr. Jayne 12/12/16

As we approach the end of the year, things continue to be a flurry with clients who didn’t plan well screaming for services. I’ve reached the limit of what I can deliver with my small team since this is the last week my partner and I are spending on site with customers. We’re willing to let some business go because we’re not willing to run ourselves ragged trying to be everything to everyone. That’s the perk of owning your own business, although it’s sometimes challenging when you have to agree to disagree with clients.

For those clients that we would like to be able to serve but just can’t, we have larger consulting firms that we can refer them to when it’s crunch time. You would expect that some of them might elect to stay with the group that met their needs when we couldn’t, but a good number of them come back to us because they appreciate the fact that we knew our limits and steered them into capable hands.

One of the prospective clients that I steered to a colleague was one who wanted to hire an external help desk because they felt that their vendor’s help desk wasn’t meeting their needs. They feel the vendor’s Tier 1 support is passive-aggressive, doing things like intentionally calling the office after hours so that they can say they called back and didn’t reach anyone. The vendor offers a discount on maintenance if clients provide their own Tier 1 support, so they did the math and decided to outsource to a third party if the price was right. My colleague happens to be a former reseller for the vendor in question and was happy to take their business, so it was a win for everyone.

Since this is my last week on the road, I plugged in a post-upgrade go-live for myself so I could work Monday through Thursday and start my holiday travel a bit earlier than last year. It meant that I had to fly on the weekend, which is always interesting given the change in mix from business travelers to family travelers. I was pleased to see Chicago’s Midway Airport decked out for the holidays, with lots of twinkle lights and giant ornaments. There were “take a sweet treat” stands with bowls of Skittles. As I made my way down the B gates, there was even a man on stilts dressed as a toy soldier handing out boxes of candy. It was unexpected and made me smile so, kudos to the folks that put it together.

The mood didn’t last long once I reached my destination and had frantic voice mails from my customer that their upgrade wasn’t going as planned. I had encouraged them to start the upgrade on Friday night so that if they had issues, they would have time to resolve them. Instead, they insisted on starting it Saturday afternoon, citing staffing issues. This is the challenge of scheduling major projects around the holidays, because people want time off and to be with their families and weekends are challenging if they’re not scheduled well in advance or if your teams don’t have a lot of backup. They had done a dry run of the upgrade and theoretically should have had enough time, but ran into some issues.

Whenever I give training on an upgrade, I reinforce (and reinforce, and reinforce) how important it is to follow the upgrade playbook line by line. There is zero room for the kind of errors that result when steps are performed out of sequence or missed. Certain applications are finicky, and their pre-upgrade scripts are looking for specific criteria to be met in the client environment before they proceed. Depending on where a missed step occurs, it can cost hours to get the timeline back on track. Although I provided some high-level project management for the client, they were running the upgrade process themselves and I wasn’t supervising them as closely as I do when I am personally responsible for the upgrade event.

There is a step in their upgrade plan that requires them to disable their disaster recovery solution a certain way, and an enterprising DBA decided to do it a different way than what was documented. The result was the failure of the upgrade package, which wasn’t finding the conditions it needed. Instead of rechecking the plan and following it, the DBA restarted the upgrade two additional times expecting a different outcome. By the time I landed they were significantly off the timeline, and it took a couple of calls to figure out what had gone wrong and how to fix it.

The relative comedy of errors pushed on through most of Sunday evening, when they still hadn’t brought the upgraded system back up because data integrity checks were failing. We spend several hours on the phone with the vendor’s team trying to figure out what went wrong and weren’t able to isolate a cause. At that point, we had some decisions to make. We could either keep working on it and prepare to open the offices on Monday using downtime procedures, or we could restore the system from a backup and move forward. As we were weighing the choices, there was a question of whether users had been accessing the system during the backup that took some investigation and stalled things further.

We needed to make a decision as we approached midnight, and ultimately my client opted to restore from the backup and try the upgrade again at a later date. I was crossing my fingers that their backup process was solid since we all know clients who never test their backups or go to restore from one and find out it’s corrupted, or even worse, blank. Fate was smiling on us because the backup restored not only without a hitch but in less time than anticipated, which allowed us to get the users back on the system without too much of a delay.

Of course the end users were disappointed at their inability to use the new features, and the organization has to reschedule. We spent several hours today in a post mortem discussion of the event and what went wrong, and they appear to have learned some important lessons about following the playbook exactly and in asking for help when you run into a problem rather than just repeating the same steps over and over.

There wasn’t much go-live for me to support, so I am headed back to the airport. Although they failed, they made a smart decision and can try it again either after the first of the year. These are the hard lessons that most organizations learn at one time or another, and now they can join the club with the rest of us who have been there and done that.

What’s your worst upgrade story? Email me.

Email Dr. Jayne.

Readers Write: The Six Bedrocks in a Post-Trump Healthcare Landscape

The Six Bedrocks in a Post-Trump Healthcare Landscape
By Steve Levin

With a Trump administration and Republican-led Congress on the horizon, a shift in the direction of national healthcare policy is a near certainty. But the exact nature and timing of that change might be, unfortunately, less clear. Based on the principles outlined by Trump’s team themselves, the history of appointees, and conversations with clients and industry pundits, it feels as if there are some bedrock themes to orient efforts while Washington turns over and argues its way forward.

1. Expect more creativity from payers. Multiple factors are at play here. Moving the locus of health insurance requirements from federal levels to the individual state organizations will promote flexibility. The pullback on the individual mandate means that the days of Bronze, Silver, Gold, and Platinum plans will go the way of the floppy disk drive. Couple this with increased incentives for consumers to set up HSAs and take control of their health insurance purchase means that payers can let loose their product design teams for new solutions to meet the range of consumer challenges.
2. Consumers will end up paying for a larger share of their healthcare. There is simply no money left in the checking accounts of government—federal, state, or city – or employers to fund the growth in healthcare costs. Add on more plan innovations, the disappearance of the individual mandate, and Medicaid expansion being reined in and the future for the consumer is pretty clear. If we have insurance, we are going to be paying more in the form of co-payments, co-insurance, and deductibles. More procedures will go from covered to un-covered. Many consumers will end up on the far end of the insured continuum —namely, uninsured.
3. Bundles and risk-based reimbursement will march forward. Over the past several years there have been pilots, tests, and more pilots and tests comparing and contrasting fee-for-service to something along the lines of pay-for-value. CMS has led the charge. While the incoming leadership has historically been less bullish on all the pilots and innovations, the results to date do suggest bundles can create positive care integration and control total costs. Readmission penalties, while still rough, are raising an issue that organizations know they need to tackle. Certainly the current risk programs are not polished and perfect, but they are driving integration around the patient and toward higher value at an overall lower cost. So build out those teams of contract modeling talents; continue the march toward building your own insurance solution; and figure out how you can process those contracts amid clinical workflows and revenue cycle in volume.
4. Time to become patient relationship experts. Combine items 1, 2, and 3 and a fourth bedrock principle emerges—specifically, figuring out how providers manage the patient relationship both clinically and financially before, during, and after treatment. This relationship will become of paramount importance. Moving forward, the patient is going to control a great deal of our cost structure and cash flow. Providers need to be proactive to shape patient decisions.
5. Extracting more value from every budget dollar will be table stakes. Every scenario comes back to the same operational mandate— lower operating costs and improve the impact of every activity. Eliminate the 20 to 30 percent of processing work that is predictably of no value or impact. The double whammy in my reading of the future is that every activity is more expensive when the counter party is the patient themselves and not a commercial or government payer. It is simply more expensive to manage patients than a large business partner. So regardless of how Washington reshuffles ACA, healthcare processes need to be more efficient at every turn.
6. Time to get more ROI from those EHR investments. Organizations spent millions on big-iron electronic health records and went through the agony of stabilizing processes. Now it is time to actually optimize those platforms using the higher quality information at hand. Using predictive analytics to reduce low and no-value efforts (see point five), optimizing insourcing and outsourcing logic, and targeting high-cost patient engagement processes are just examples of how these bedrock systems can begin to finally drive financial improvement.

Only time will tell what Washington actually decides and when those decisions truly have bearing on the thousands of hospitals and millions of patients. However, while the exact policies and processes are TBD, the six bedrock items listed here are most likely enabling and contributing regardless of the final rules and regulations.

Steve Levine is CEO of Connance.

Readers Write: How Trumpcare Could Win Big

How Trumpcare Could Win Big
By E. Todd Bennett

Government involvement in the healthcare industry has increased under HITECH, the Affordable Care Act (ACA), and now MACRA. The phrase, “large-scale change happens when customers demand it, suppliers agree on it, or the government mandates it,” certainly applies to healthcare and has played out in these legislative acts. These federal government initiatives, except MACRA (since the quasi-final rule was only recently published), have failed to improve quality and bend the cost curve in a broad and dramatic way to put the United States healthcare system unequivocally in a worldwide leadership position.

On the cusp of a new administration, it’s important to understand why these legislative acts aren’t dramatically improving healthcare quality and reducing costs.

Overall, incentives seem misdirected with the healthcare industry goals related to cost and quality. In fact, the definitions of the goals seem too fuzzy or missing altogether. For instance, we do not know the specific cost and quality goals to target for a total knee replacement or the defined cost and quality outcomes related to lifestyle-related chronic disease.

Instead of incenting attainment of specific cost and quality outcomes, existing regulation has incented the intermediate activities, behaviors, and organizational structures that some legislators and industry leaders believe will aid in reaching the outcomes. Even when the intermediate actions seem productive, the lack of compelling results leads to a conclusion that the actions are, at best, incomplete. The right combination of processes to achieve the desired cost and quality outcomes is not always clear, and in the absence of evidence-based clarity, practitioners need maximum flexibility to act in accordance with their training and experience.

By shifting to incentives based on optimal quality and cost outcomes, the Trump administration has an opportunity to reduce administrative burden from government agencies, reduce the compliance burden from healthcare organizations and practitioners, and create a competitive and innovative environment that is truly driven to achieve world-leading healthcare quality and cost-of-care goals.

Let me explain with some examples.

HITECH

While a digitized and connected ecosystem and at least aspects of electronic health records (EHRs) are surely part of the long-term solution to higher quality and lower costs, incenting adoption of EHRs and telling providers what stepwise features constitute Meaningfully Use is an industry-wide micro-management mandate. This movement to automate so many processes may be ineffective, inefficient, or both. The EHR is a tool— a complicated and expensive one – and like other tools available to providers, it has the potential to enhance certain clinical and administrative activities and/or become a source of frustration and waste.

Shifting incentives from Meaningful Use of EHRs to attainment of a desired combination of higher quality outcomes for care and lower cost gives providers the option to select and de-select the technologies that impact cost and outcomes the most. Providers who use EHRs or certain features may have a clear advantage, and if so, competition among providers would spur increased adoption of those features. In this scenario, the government defines the optimal quality/cost outcome at population and/or episode levels along with incentives for attainment and foregoes defining which EHR functionality is most important; the market will decide which technological features should be meaningfully used to help them achieve the goal.

ACA

Take the ACA’s formulation of Accountable Care Organizations (ACOs). ACOs use incentives and penalties to drive a more coordinated care delivery environment with the potential to reduce unnecessary care, increase patient safety, and lead to higher quality outcomes. An ACO has the best opportunity to impact quality and cost when patients get their care within the ACO network, but when patients go outside the ACO network of practitioners, care coordination wanes, reducing the opportunity to optimize quality and cost.

Unless incentives to coordinate care extend to every doctor who cares for a given member and not only to doctors who participate in the constrained provider organization, ACOs will continue to have blind spots that prevent their impact to the degree desired. The structure of the ACO and the incentives to coordinate care are not the ultimate goals, and even brilliantly coordinated care in the absence of other behaviors will fail to produce higher quality and lower cost. If healthcare providers are convinced of the benefits of coordinating care, they will facilitate care coordination regardless of whether the patient sees an in- or out-of-network provider and using whatever technology they deem appropriate. Once again, this reduces government involvement in managing care, reduces administrative and technical complexity for providers to what the provider deems appropriate, and creates a competitive and innovative environment where reaching the ultimate goal is rewarded.

MACRA

Incenting practitioners who treat Medicare patients with a potential bonus valued at less than a tenth of their total reimbursement from Medicare, using quality metrics reported two years prior to the incentive payment, and thinking that it will change practitioner behavior seems aspirational. Incentivizing process metrics and clinical practice improvement activities seems to have merit, but clinicians seem better positioned to define the process metrics and improvement activities themselves and incent their care delivery teams to operationalize them. Meanwhile, the federal government seems best suited to craft a measurement system for an optimal combination of quality and cost outcomes and a timely incentive program to reinforce those behaviors.

Resetting legislation and the associated rules to motivate our nationwide healthcare system to be the world-recognized leader requires understanding of granular outcome goals, prescribing fewer actions around how provider organizations function to give room for innovation, and aligning incentives that facilitate competition and reward successful attainment of the ultimate cost and quality goals.

If Trumpcare — whether a revision of Obamacare or something wholly different — can shift the role of the federal government to defining targets and driving the healthcare industry with incentives to reach them, American ingenuity, resourcefulness, and competitiveness will take over like never before and attainment of quality and cost containment goals will follow.

E. Todd Bennett is healthcare market leader for LexisNexis Risk Solutions.

Readers Write: Not Just Ransomware: Common EHR Threats You Need to Know

Not Just Ransomware: Common EHR Threats You Need to Know
By Robert Lord

It is no secret that data breaches are becoming more common and increasingly more expensive. New threats to patients’ electronic health records (EHRs) are constantly emerging, forcing healthcare organizations to be on the lookout for potential dangers so they can eliminate threats quickly. It is important for organizations to understand the array of potential threats to the EHR, allowing them to make decisions on how to best protect this sensitive data.

After talking with healthcare stakeholders inside hospital systems, the federal government, etc., and distilling themes that continually come up, I thought it would be useful share what I’ve learned.

Think Twice Before Opening That Email — Phishing and Social Engineering

Phishing scams represent a very real danger to EHRs, but they are often overlooked by healthcare organizations because they assume such threats cannot break through their security. Phishing scams are email or social engineering attacks that try to appear legitimate in order to get healthcare employees to release patients’ sensitive medical information. Such attacks often use email or website scams to either target patients’ information directly or to obtain an employee’s username and password, thereby gaining access to that organization’s entire EHR.

Just recently, a phishing email disguised as official OCR Audit communication about Phase 2 Audits went out to healthcare organizations. Thankfully, it was only a misguided attempt at marketing for a cybersecurity firm, but it could have been much worse. In December 2014, an employee of Seton Healthcare Family opened a scam email. The resulting breach released the medical record numbers, Social Security numbers, insurance information, demographic information, and clinical data of 39,000 patients.

Nevertheless, even if phishing attacks are not the cause of a breach, they can still represent a threat. After the massive breach of Anthem Inc., for example, affected patients began receiving scam emails that promised them free credit monitoring, thus demonstrating that phishing attacks remain a threat even in the wake of a data breach.

Star-Studded HIPAA Violations Can Be Costly — VIP Patient Privacy

The temptation to peek at the medical record of a celebrity or public figure represents a real threat to patient privacy. VIP patients deserve the same right to privacy as the general public, and steps need to be put in place to guarantee that their sensitive information is kept safe and the treating medical facilities out of the headlines.

In 2011, UCLA Health System came to a settlement with the federal government, agreeing to pay $865,000 after two unnamed celebrities alleged that UCLA employees had viewed their medical records without authorization. Two years before that, in 2009, California health regulators fined Kaiser Permanente $250,000 after some of its employees looked at the medical record of Nadya Suleman, the famous mother of octuplets. Unfortunately, there are many other examples of employees being fired or healthcare organizations being fined because they did not protect the privacy of their VIP patients.

The Family Doesn’t Need to Know Everything — Snooping Threat

The desire for relatives, friends, or even co-workers to snoop into patients’ records often result in messy – and costly – data breaches. In 2013, a nurse accessed the records of her nephew’s partner without authorization and saw that her nephew’s partner had given birth to a baby and put the child up for adoption five years earlier. The nurse then announced the news at a family funeral. After the victim sent a complaint to the hospital, the nurse was terminated and gave up her Florida nursing license.

A similar lawsuit involving Aspen Valley Hospital District and a former employee is currently ongoing. A former employee of the hospital, who was also a patient there, alleged that several employees of the hospital violated his privacy when they disclosed that he had HIV “as a piece of conversational gossip over drinks.” The unnamed patient is currently seeking an apology, compensatory damages, punitive damages, and attorney fees from the hospital. These are but two examples of how devastating these seemingly small breaches can be to the affected patients.

The Biggest Threat to Patient Privacy is Hiding in Plain Sight — Insider Threat

Some of the most dangerous threats to EHRs are criminal insiders. In this type of attack, an employee of a healthcare organization steals patient information from the inside, using his or her access to do so. Earlier this year, Jackson Healthcare Systems found out how dangerous these threats can be the hard way. In February, the health system reported that one of their employees had gone “rogue” and stolen the information of 24,000 patients over the course of five years. The stolen information included names, birth dates, home addresses, and Social Security numbers. As the Jackson Healthcare Systems example demonstrates, these breaches are so dangerous because they are so difficult to detect. In this case, it took five years before the organization was able to identify and eliminate the insider threat.

Business Associates and Contractors

Business associates and contractors within healthcare organizations represent a growing vulnerability for the EHR, especially in recent years. The US Health and Human Services (HHS) established the Omnibus Rule in 2013, which required the business associates of healthcare organizations to adhere to the HIPAA Rules. Unfortunately, there is still much work to be done to address this vulnerability.

In July of this year, Catholic Health Care Services, a business associate for six skilled nursing facilities, agreed to pay $650,000 for HIPAA violations after a mobile device was stolen. The data breach affected 412 patients. Moreover, this is not an isolated incident; according to a report from Protenus and DataBreaches.net, 30 percent of all data breaches in the first eight months of this year involved a business associate of a healthcare organization. In other words, 4.5 million patients have been affected by data breaches of third parties thus far in 2016.

Lost and Stolen Devices

One final threat to EHR is lost and stolen devices, including laptops and mobile devices. If the information on the lost device is not encrypted or the encryption is not working, all someone has to do is open the device and look at the information for a breach to occur. And if the device was stolen, the criminals do not even have to decrypt the information for them to be able to use it.

One example from this year involves Seim Johnson, an accounting and consulting services company. In February 2016, Seim Johnson reported to HHS that a laptop had been stolen. The encryption on the laptop malfunctioned, exposing the private information of almost 31,000 patients. And these types of breaches are becoming increasingly frequent, with Verizon’s 2015 Data Breach Investigation Report stating that 45 percent of all healthcare data breaches are the result of stolen devices.

Knowledge is Power

As more and more healthcare organizations make the switch from paper to electronic health records, it will become increasingly important for organizations to be able to protect their patient records. Of course, this also means that threats to EHR will become more varied and more sophisticated. Healthcare organizations must be well informed about the different types of threats that exist so they can put security measures in place to effectively combat them, and ultimately protect the privacy of their patients.

Robert Lord is co-founder and CEO of Protenus of Baltimore, MD.

HIStalk Interviews Hemant Goel, President, Spok

Hemant Goel, MBA is president of Spok.

Tell me about yourself and the company.

I have been in healthcare IT for over 30 years. I’ve worked for some large organizations, EMR providers, and I’ve worked for imaging solution companies as well. I joined Spok two years ago.

I’m very well conversant with all of the IT challenges for CIOs and hospitals and how it helps them. How IT has helped in patient care from "To Err is Human" to where we are now with Meaningful Use and all the advancement that has taken place in contributions of healthcare IT and helping clinicians out.

Spok is a player in healthcare IT, where we provide critical communication. Things that EMRs or other systems don’t do. This is fast paced, where minutes count in getting hold of nurses, physicians, alerts, codes, and who’s on call. Our mission is to provide critical communications in a timely basis to the right people so they can react to the situation.

Biomedical devices have evolved into IT or informatics systems. Will messaging follow that same path?

Pagers are going through a transformation as the messaging industry itself changes. Encrypted pagers are out there, two-way pagers, alpha-numeric. There has been an evolution of pagers. They have their own network. They don’t rely on the cellular networks like Verizon, AT&T, and Sprint kind of networks. They are their network with broadband and low frequency, so they are more reliable.

The change is that smart phone and the smart messaging technology are taking over, but reliability is still an issue. Oftentimes you say, I sent you my message, did you get it? They say, I didn’t see anything and the phone has been sitting right here. Those are some of the things that have to get better. When reliability improves, smart phones and smart messaging apps are the future. But pagers have a place right now.

The second thing is that for some employees – like cleaning staff or food staff — hospitals cannot give them smart phones because they are too expensive. Pagers are very convenient and suffice for them. We’re finding that there is a shift in pagers to the organization employees that are more staff. Pagers can help, they’re secure, and they maintain privacy.

There are also physicians who are not willing to give up the pagers. Just like if you go back to the imaging and PACS days, it took a long time before radiologists gave up film even though PACS systems were ready. Eventually it happened. That’s exactly what’s going to happen with pagers. Eventually the technology and reliability in messaging using smart phones and cellular coverage and Wi-Fi is going to be so much better that pagers will disappear. But I think that we are at least eight to 10 years out.

What kind of documentation of messaging activity and proof of delivery do hospitals need?

It’s a combination of both hospital and vendor-provided technologies, including carriers. One of the things we find is that hospital Wi-Fi coverage and overlap coverage is very important. It has to be there and coverage well tested.

On the technology side, I’ll give you a simple example. When I fly out of Minneapolis, there’s airport Wi-Fi that my phone picks up because I do it every day. If I don’t accept the terms and conditions, it kind of gets stuck there. When I don’t get an email after a while, I realize I did not accept terms and conditions. My phone is stuck because it’s defaulting to Wi-Fi data pickup as opposed to my cellular data pickup.

We are working with the providers and technologies to say, is it possible that if I subscribe to it in a way that says if my Wi-Fi is there but I’m not receiving data, switch to cellular and inform me that messages aren’t coming through based on some of my activities that I would expect. It’s a combination of us as vendors, infrastructure providers like cellular companies and their coverage, and of course Wi-Fi coverage inside the hospital. All three of them are advancing and they’ll get better and that will make a big difference in the reliability.

I read that cell phones are used a lot more for text messaging than for making or receiving voice calls. Does that provide any lessons learned for your business?

Millennials rely mostly on messaging and very little on voice calls. I’ve got kids who are millennials and they have WhatsApp and Facebook Messenger. I can’t tell you when they decide to use what, but they use both of them. Being  curious in the IT world myself, I’m trying to figure out the pattern as to what prompts them to use which one and where.

What we have found is that for some reason, messaging applications are more utilized. Texting is more utilized. It catches attention to respond right away in the transactional moment better than if you were either to send an email or have a phone conversation. One of the reasons for the demand for messaging applications is people saying, if I have an email or task that’s important or urgent, can you also text me? They respond to that much better.

I guess there is a human factor or psychology involved, but that is indeed true. People respond to messaging and texting and they are using it more for quick, urgent transactions and not emails and phone conversations that much.

Isn’t that phenomenon a technical validation of the pager model that people dismissed as primitive? The messages are once again asynchronous and text-based, with the only real difference being that they’re now sent and received on phones instead of on two-way dedicated pagers.

Sure, but it’s the consolidation of devices that drove it. Pagers were only doing paging. You couldn’t make a phone call on them. You had to look at the pager then you had to pick up the phone. Now you can look at a pager, send a  text message, and make a call to you without having to switch my devices.

The whole world of healthcare IT is about efficiency, quick access, integration, interoperability, single devices, what everyone would want. We have also found that the saturation is more than 100 percent of devices because most people now are starting to have two smart phones, professional and personal.

But you are right that at the end of the day, it’s going back. But because you can do more with your phone and more with the app and while pagers were just doing paging, the shift is there. For physicians, nurses, and emergency responders, pager reliability is still a reason to pick it up.

Is secure healthcare message a commodity? What are the differentiators?

I’ll broaden this a little bit because a lot of CIOs and CMIOs in my network have that question, too. You get secure messaging from IMessage. WhatsApp recently put up secure messaging. There are consumer applications that do secure messaging, but they don’t do it in the context of healthcare.

Now there’s a healthcare cadre of application providers that provide secure messaging, Spok being on of them. How do you differentiate yourself? The way we are approaching messaging is that messaging is one aspect of critical communication. It’s not just for physicians and nurses. Critical alerts are another one of them. The care team coordination, to help a patient get better — that’s what everyone is driving towards.

We will all eventually arrive at the same place, just like the EMR companies did. Cerner, Epic, Meditech, Allscripts, and McKesson all had their departmental solutions and eventually became a unified electronic medical record that everyone is driving towards. You hardly find any standalone pharmacy systems now. It just won’t happen with the advent of patient safety and Meaningful Use.

There are messaging companies that do messaging for physicians or for nurses. But eventually a critical communication that encompasses all stakeholders and role-players — physicians, nurses, patients themselves, family engagement like Meaningful Use talked about, the Affordable Care Act, plus other staff engagement and clinical engagement — all that should happen in a single platform with directory accessibility to drive efficiencies and clinical outcomes.

That’s what we believe and that’s what our drive is. Not just messaging for one stakeholder, but critical communication across the entire spectrum for all role-players. I believe everyone will end up there. Then, who’s got a good mousetrap?

What is the hospital demand for EHRs and other transaction systems to drive and document communication directly instead of requiring users to send messages manually?

Interoperability is going to be huge. You mentioned earlier that texting is more common than phone calls or emails. Electronic medical records initiate some things and we should be prepared as a technology to take that initiation and convert that into transactional messages that are needed.

On the flip side, sometimes our transactional messages can drive some of the things happening in the EMR, which is a system of record. We are a transaction in time that occurs. It can be driven by an EMR or we can help drive the EMR based on certain events. When there’s an emergency and there’s an ambulance coming in to the ED, nobody has the time to sit around and take a look at the EMR. You’re stabilizing the patient, you’re calling folks out, you’re calling the doctors, and codes are being initiated.

That’s where companies like Spok come in. The code message has to go to the right nurse, right physicians, and everyone has to come there. You don’t have time to sit down or the luxury to go research or pull up all the things that are happening in the system of record. That’s a clear example of how a messaging or a paging of those kinds of transactional systems can drive the EMR. Then you can go back and do your documentation into those.

Then there are situations in a hospital where you’re in the ICU or in other areas where the EMR can drive a text message to say the patient needs to be taken to radiology. Or there’s an urgent situation and you send a code out and everyone has to show up there.

You can have both sides of the equation. Interoperability is key to make sure we provide an open enough systems that those workflows are well accounted for.

What kind of hospital communications issue negatively impact patient satisfaction?

The biggest one we hear is alarm fatigue. The alarm annoyances in the quiet hospital — which is a big hospital initiative – is one of the most important areas when you’re in the acute care setting.

The second one is waiting on staff. Lots of times you’re waiting on somebody to show up. The care teams are big and there are lots of people and you are not sure who is coming to see you when. Something as simple as you’re ready to be discharged and you know you’re going to be discharged, but it takes three hours while you are waiting on someone to come in and say, "Yep, you’re good to go." That’s a problem. Many other things, but noise and wait times are the two biggest areas that we believe need to be addressed.

A quick text message that says, "You have discharged the patient, everything looks good, here is the discharge order that we can text securely” is a great way to get the patients out and get them feeling better about going home. As alarms thresholds go off or they are about to go off, it can alert the nurse and they can come and take a look at it, that’s even better. That’s a couple examples of how patient engagement and patient satisfaction are going to be hit directly by these kind of technologies.

Do you have any final thoughts?

It’s a great time to be in healthcare. The country and our healthcare system is going through a massive change. It’s always pivoting and changing, and for the better. The infrastructure of healthcare IT is in place, EMRs are in place. Now we have to take it to the next level of wellness and outcomes that are preventive healthcare and make our experience even better and better as the population gets older. I am very delighted to be in this field, have been for 30 years. I have seen a tremendous amount of changes. I’m glad to be a part of contributing to the way we treat patients and how we make lives better. It’s a good place to be.

Morning Headlines 12/12/16

Wireless-Life Sciences Alliance (WLSA) Combines Operations With The Personal Connected Health Alliance

HIMSS-owned Personal Connected Health Alliance merges with the Wireless-Life Sciences Alliance. Both organizations focus on promoting the use of technology in improving health and wellness.

21st Century Cures and the Road Ahead

John Halamka, MD presents his thoughts on the 21st Century Cures Act in a recent blogpost.

Partners posts $108m operating loss, its largest

Boston-based Partners Healthcare posts a $108 million operating loss, its largest in 22 years, despite a seven percent rise in revenue. Partners attributes its losses almost entirely to it low-income families and individuals on the state’s Medicaid program.

NIH competition seeks wearable device to detect alcohol levels in real-time

NIH launches a design competition with a $200,000 first place prize that challenges hardware developers to create a wearable that can actively monitor blood alcohol levels.