News 12/31/14

Top News

CSC will pay $190 million and will restate previous years’ financial statements to settle a variety of SEC fraud charges that includes its participation in the UK’s NPfIT program. That’s a minor amount compared to the $2.75 billion the company already wrote off for its work on the failed NPfIT project. CSC will change its 2011 balance sheet to reflect a $1.16 billion impairment charge.

Reader Comments

From Brandom: “Re: Barnes Jewish Christian. Rumor is it they will be installing Epic.” Unverified, but I ran a reader’s rumor saying the same thing on December 5. Often the earliest confirmation is a health system’s posting of a ton of open Epic positions, but BJC doesn’t have any of those on its recruitment site.

HIStalk Announcements and Requests

I have to disclose a brilliant idea I heard in listening to the rehearsal of the Versus webinar I mention below, which I honestly think is the most interesting webinar I’ve ever watched. John Olmstead of Community Munster captivated me all the way through on the hospital’s use of ED technology, but he really grabbed me at the end when he suggested technology tools he needs. His holy grail is a way-finding, GPS-type app that patients and visitors can use on their own devices to locate themselves precisely on a hospital floor plan, then receive directions to get them to a desired location. Example: I’m in room 4401 with my mom and I want to go to the cafeteria, then to the financial counselor, then to the gift shop, and then back to 4401, so give me turn-by-turn directions like I get with my car GPS. His take is interesting: patients will become so attached to hospitals that offer this app that they won’t consider going elsewhere, where they’ll go back to stumbling around lost or trying to follow decades-old red vs. green lines on the floor that lead to confusing elevators. Hospitals are always a poorly conceived patchwork of added-on construction that went up quickly as funding allowed, so visitors spend a lot of time wandering and wasting the time of employees who have to assist them. Turning that universally embarrassing situation into a competitive advantage is brilliant.

What’s really bugging me lately (it always has, but even more so now): companies that make portions of their name incorrectly upper or lower case, defying all of the civilized rules of spelling just because someone in marketing who’s never run a business has decided that being flagrantly incorrect is a desperate way to distinguish a company from its competitors. I’ve always refused to recognize all-caps vendor names like Meditech, Medseek, and Medhost, but I’ve also decided that I’m also no longer letting Athenahealth slide with the oh-so-cute small “a” at the beginning of the company’s name. Names in America start with a capitalized letter and then have all lower case letters following, so now I have to decide what to do with the many cutesy company names that stick capitalized letters midstream (even providers like Partners HealthCare mistakenly think that’s cool). I’ll even concede that HIStalk should really be Histalk if that will convince other companies to value conformity to accepted rules over marketing nonsense.

Webinars

January 13 (Tuesday) 1:00 ET. “The Bug Stops Here: How Our Hospital Used its EHR and RTLS Systems to Contain a Deadly New Virus.” Sponsored by Versus Technology. Presenter: John Olmstead, RN, MBA, FACHE, director of surgical and emergency services, The Community Hospital, Munster, Indiana. Community Hospital was the first US hospital to treat a patient with MERS (Middle East Respiratory Syndrome). It used clinical data from its EHR and staff contact information from a real-time locating system to provide on-site CDC staff with the information they needed to contain the virus and to study how it spreads. Employees who were identified as being exposed were quickly tested, avoiding a hospital shutdown.

Acquisitions, Funding, Business, and Stock

Fortune describes Athenahealth’s “More Disruption Please” conference as “the Animal House of corporate gatherings,” with the company’s 387-acre Maine resort hosting drinking games and an after-party cabin for investors and corporate hangers-on led by CEO Jonathan Bush, described as a “hyperactive, no-filter goofball of a chief executive.” The article contrasts the party atmosphere to skeptical investors who believe that Athenahealth shares are massively overvalued, especially since the company just announced that revenue growth has slowed as it continues to lose money. Bush says those naysayers don’t understand the company’s business model and will miss the building of a Salesforce-like technology company that will “create and curate the healthcare Internet.” Hedge fund manager and ATHN short-seller David Einhorn isn’t buying it (literally), saying, “They’re a niche provider way out on the periphery with a tiny market share. I don’t see how they’re going to become a backbone of anything.” My take is that Athenahealth would have been an obscure, offshore-powered medical paper pusher without the cult of Bush’s personality; investors had better hope he sticks around and keeps his mojo since that’s the only way shares can continue to trade independently of tepid company performance as a self-proclaimed Internet high flyer. The money gods would lose interest quickly if recommending or owning ATHN stock no longer paid the dues for being a member of JB’s frenetic fraternity.

Athenahealth shares (in blue above) did OK in the past year, falling a bit short of the Nasdaq’s 15.6 percent gain but 25 percent off their March 2014 highs. The company is valued at $5.6 billion on annual revenue of $711 million and a negative operating margin. Jonathan Bush hold shares worth $46 million.

The Forbes article on Athenahealth mentions that the company’s $1.1 million investment in Castlight Health was worth $75 million at the end of Q1, allowing Athenahealth to buy a private plane it calls “the Castlight jet.” At least Athenahealth ended up with something more high flying than CSLT shares — above is the CSLT price chart since its March IPO (blue, down 71 percent) vs. the Dow (up 12 percent).

Cincinnati-based revenue cycle management firm The Consult Inc. (TCI) will acquire RCM software and services vendor Physician Management Information Services of Denver.

Specialty EMR vendor Modernizing Medicine acquires Aesyntix Health, which offers dermatology practice RCM, inventory management, and group purchasing services.  

Sales

The federal government awards Accenture a five-year, $563 million contract to continue the work it started on Healthcare.gov after CGI Federal was fired.

Medical practice performance management company GloStream chooses DrFirst’s EPCS Gold 2.0 controlled drug e-prescribing system to comply with New York’s I-STOP mandatory e-prescribing requirement.

People

Tom Palermo, a 41-year-old senior software engineer at The Johns Hopkins Hospital (MD), was killed in a bicycling accident Saturday. Memorial Mass will be celebrated Saturday in Towson, MD.

Announcements and Implementations

Lafayette General Medical Center (LA) donates a telemedicine station to a local elementary school, allowing ill students to be evaluated by a physician without leaving school.

Government and Politics

An ONC-commissioned report studying HIEs in six states finds that they commonly offer care summary exchange, lab results reporting and exchange, public health reporting, and ADT messaging, but otherwise their technologies and strategies vary. Lessons learned include setting attainable short-term goals to maintain stakeholder interest, recognizing that big health systems can be either supporters or competitors of grant-funded HIEs, and data standards are often voluntary but need to be standardized to achieve real interoperability. Five of the six states plan to charge subscription fees but haven’t set rates (the sixth HIE already shut down). The study found that Direct is still a confounder, with HIEs originally seeing it as a competing model but are now looking at Direct as an easier workaround to problems they found with query-based services, but Direct is still poorly integrated with EHRS (usually requiring providers to log in to a separate portal) since it wasn’t required of vendors until Meaningful Use Stage 2 and they’ve been slow to incorporate it. Wyoming’s HIE gets a special mention for shutting down immediately once its federal grant money ran out. The issue of sustainability is nicely summarized by this statement: “In the short term, grantees are trying to identify use cases that align with the market” (i.e., we built it and they didn’t come before the government money ran out, so it’s like being the owner of a tattoo shop when the local military base closes).

Technology

Iltifat Husain, MD names his best medical apps for 2014:

• ASCVD Risk Estimator (#1)
• JAMA Network Medical Image Challenge
• Medscape MedPulse
• UMEM Pearls
• Multiple Sclerosis @Point of Care
• PreopEval14
• Pediatric Quick Reference
• Eye Emergency Manual
• Blood Donor by American Red Cross
• CDC Vaccine Schedules
• Family Practice Notebook
• Change Talk: Childhood Obesity and Motivational Interviewing

A German hacker replicates a politician’s biometric thumbprint using only a press conference photo and off-the-shelf software. The politician, ironically, was speaking at a hacker’s convention. The hacker, who’s apparently not a fan of biometric security, says he assumes that politicians will start wearing gloves when speaking in public.

Siemens has been caught countless times over at least 100 years for bribing people to earn government bids, so this is hardly news: Israel’s securities regulator arrests six electric company employees for accepting $20 million in Siemens bribes related to a power station turbine bid.

Other

Geisinger Health System CEO Glenn Steele, Jr., MD, PhD, who is retiring next year, comments on physician complaints about health IT in a Modern Healthcare interview:

Here’s my Jonathan Gruber statement: This is an issue of stupidity. If people believe that you can put IT in, continue working the same way you did before IT, and not get inefficiency, we are talking double-digit IQs here. What everybody’s learned over the last 15 to 20 years is if you put IT in, whether it’s hospital-based or ambulatory, you have to look at the entire workflow and use the IT implementation as an excuse for re-engineering your workflow from beginning to end. If you don’t do that, it’s going to create havoc. You’ve got to look at your patient-care processes from beginning to end and say, “How are we going to do it differently? How is this going to make it better?”

On the benefits of health IT, we couldn’t do point-of-service care innovation without having near real-time data fed back to us. You’ve got to have data both from the insurer side and the provider side to predict which patients or cohorts of patients are most likely to need the highest-intensity vigilance. If you don’t have feedback in a timely fashion, it’s not going to work.

The president and CEO of Campbell Soup Company says she’s a fan of the quantified self movement, in which people will “[take] charge of their well-being through the use of data and digital sensors, wearable health bands, and smartphone apps that can track and quantify everything from their heart rate, blood pressure, and sleep quality to steps walked and calories consumed. The word ‘quantify’ is what’s really important because people will use the personal data and feedback from these devices to make healthier lifestyle choices and adjust the way they eat, exercise, work and rest.”

I’m not interested enough to look up the details, but somehow Cerner and Allscripts are both involved in a patent dispute with RLIS, which apparently took a stab at the EMR market in the late 1990s but then folded. I mentioned a reader’s report of the lawsuit in mid-2012, so apparently it’s still churning its way through the court system.

CDC declares the 2014-15 flu season as an epidemic, with 22 states reporting significant influenza-like activity vs. 13 last week. Flu vaccine doesn’t seem to be working well against this year’s strain.

This is sad: a hospital Santa of 30 years hangs up her red and white suit, saying the drug test, background check, fingerprinting, and HIPAA requirements make it too much trouble to give young inpatients their December dose of Christmas cheer. At least a new Santa is happy to take over the suit, which the former Santa donated.

Only in America, home of too many lawyers trying to drum up work and too many righteously indignant people convinced that everything that happens to them is an egregious injustice wrought by deep-pockets defendants: the family of  a woman killed when a driver allegedly high on nitrous oxide rear-ends her as she slows for a traffic light sues: (a) the driver, which makes sense; (b) Toyota, because the family claimed the victim’s car was defective; (c) the driver’s sister, a doctor the family claimed helped the woman get drugs; (d) the towing company who released the driver’s car to her; and (e) a local ambulance company, who the family says caused the crash by responding to an accident with flashing lights on, causing cars to pull over right before the crash.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 12/30/14

Accenture wins $563M contract to continue with HealthCare.gov

Accenture signs a $563 million five-year contract extension with HHS to manage and continue developing healthcare.gov.

ICD-10 Testing Results and DMEPOS Competitive Bidding Registration Reminder

CMS reports that during its November ICD-10 open testing period more than 500 providers, suppliers, billing companies, and clearinghouses submitted test claims, resulting in a 76 percent claim acceptance rate. The test checked that claims had a valid diagnosis code, ICD-10 companion qualifier code, national provider identifier, and date of service, and returned an automated acceptance notification when all criteria were met.

Startup Health Insights Annual Report 2014: The Year Digital Health Broke Out

Startup Health reports that $6.5 billion in startup funding flowed into the digital health sector during 2014, a 125 percent increase over 2013.

The National Patient-Centered Clinical Research Network: Clinical Data Research Networks (CDRN)—Phase II

PCORI will award $87 million to establish 13 clinical data research networks and $26 million to establish 22 patient-powered research networks as part of the second phase of its PCORnet project.

Curbside Consult with Dr. Jayne 12/29/14

Whenever something happens with our EHR that physicians don’t immediately like, there is bound to be grumbling. Sometimes it doesn’t even have anything truly to do with the EHR, such as a change in requirements for Patient-Centered Medical Home recognition or with Joint Commission accreditation.

Physicians and clinical staff would have had to comply in the paper world, but they don’t see it that way. They seem to perceive such mandates as uniquely burdensome and EHR related despite our attempts to educate.

We’re going through one of those periods now. Our accountable care team has decided that we need to collect certain information in a specific way that doesn’t fit very well with some of our workflows. That’s the problem in an organization like ours – each hospital has its own CMIO, but we don’t have one over-arching person who can cut through the noise and make decisions that fully take into account the limitations of our various systems and vendors. The accountable care team has good intentions, but I doubt half of them have even seen the workflow of some of our clinical systems.

On the ambulatory side, we’re trying to make it as smooth as possible, even using some programming sleight of hand to get the data into the right format without clinicians having to enter it twice. The problem of non-clinicians dictating data that clinical staff must document certainly isn’t new. It goes back to the creation of ICD codes and E&M coding requirements. Anyone who has ever had to formally diagnose a patient with “Bone and Mineral Disease, NOS” rather than osteopenia simply to get it billed will know what I’m talking about.

In some ways, Meaningful Use has helped with this, allowing us to use SNOMED codes to capture that level of clinical granularity. We do still have to translate them into billing codes, however, resulting in parallel diagnosis lists in the chart. That can have issues as well.

When we first started using SNOMED, we found out there were issues with some of our mappings to ICD-9. As long as the data flowed from SNOMED to ICD, we were fine. But if clinicians tried to pull diagnoses off the billing list and convert them to SNOMED, detail was frequently lost.

Physicians immediately jumped on this as a patient safety issue. The financial team jumped on it because the loss of specificity could lead to decreased reimbursement. Those two forces combined made it easy to get access to resources to fix the problem quickly. One of our most vocal EHR haters used it as a reason to again call for discontinuing use of the EHR because of its many safety flaws.

We hear that chorus all the time. Although there are many valid points about EHR design and patient safety, there are also numerous points where EHR makes our work safer as well as more efficient.

I was thinking about this last night as I worked in the ER. There is a great deal of attention to EHR-related patient safety and people are always crying out for regulation. How much attention is there to financially-driven patient safety risks?

One of the patients I treated was a prime example of what happens as more and more of our decisions are financially driven. The patient was a young woman who came in because she couldn’t reach the on-call nurse covering her case. That’s the first point of failure – that physicians are no longer taking their own call because it’s more cost effective (and burnout reducing) to have a nurse cover your call.

Unfortunately, she has four different specialists involved in her care and didn’t actually have a problem that we could address in the ER. Her condition is complex and still partially undiagnosed. Her visit was more about coming to us as the place of last resort. She thought that if we tried to call her specialists, we’d have some magical ability to get her some answers.

If she had come into the medical system when I was a student, she would have been admitted to the hospital until the full workup was complete and we had a plan of care. Each of her specialists would have seen her daily and seen each other in the halls and at the nursing station. However, it’s cheaper to care for people as outpatients, so money was saved by sending her home. Unfortunately, her care was fragmented by this decision – the second point of failure.

During the course of her care, she developed a serious infection that required weeks of intravenous antibiotics. Her insurance company has a policy that patients under Medicare age be “trained” to administer their own infusions at home to save on the cost of the home health nurse. There is no regulation in my state about this practice, which gives payers the ability to make these determinations.

Apparently the patient either didn’t understand or didn’t receive the information that the antibiotic packets had to be kept refrigerated. When she went to the infectious disease physician’s office each week to have her IV line and dressing checked, it didn’t come up there, either. This resulted in the patient infusing 21 days of non-effective medication, which likely contributed to the recurrence of her infection, which was why she was in the ER — she was worried about whether it was extending.

Failure point number three is assuming that just because it’s statistically likely to be OK to allow a patient to administer their own IV antibiotics, that doesn’t make a clinical treatment plan applicable to all patients.

For each person demanding regulation of EHRs, where is the demand for regulation of situations like this? She did determine five days ago (after talking to the on-call nurse about her IV line) that the medication had to be refrigerated and a new supply was sent out, but the infection isn’t looking any better, which was why she was trying to reach her physician in the first place.

In talking to her, I struggled to figure out the best person to call. The infectious disease specialist was out of the country. His primary nurse had gone into labor and was being covered by a nurse who initially told the patient to call the surgeon and then didn’t return subsequent pages. The surgeon was also out of the country, but the patient didn’t think he was the right person to call since he wasn’t involved in the antibiotics. The primary care physician hadn’t seen her in six months. The other specialist involved is a plastic surgeon, who wouldn’t be of much assistance in this situation.

Failure point number four is lack of ownership of this patient and her complex situation, again in part due to cost-cutting maneuvers. Physicians just aren’t likely to spend hours playing phone tag with various specialists when that time isn’t reimbursed and payments are being cut.

I had the charge nurse put out a couple of pages to different specialists involved in her care, figuring there was an equal chance that whoever called back wouldn’t know anything about her, so might as well cast a broad net. In the mean time, I went back in and looked at the patient’s medication that she had brought with her. Sure enough, nowhere on the labeling did it indicate that it was to be refrigerated. It was from a compounding pharmacy contracted by an infusion company contracted by the insurance company. Many cooks in the kitchen always make for a questionable dish.

Ultimately one of the infectious disease nurses called back and we made a plan for the patient. Since she was clinically stable, fever-free, and had no new symptoms, she was stable to go home and the nurse would see her first thing the next morning. I reassured the patient and explained that our goal in the ER is to take care of any critical issues and make sure that patients are stable and that follow-up has been arranged. I chose my words carefully. Usually I say something about making sure any life-threatening conditions have been addressed. In this situation, there are still multiple factors that may threaten her health (and ultimately her life), but they were completely beyond my scope.

I’ve been thinking about her all day today and wondering how things turned out this morning. That’s the problem with putting a family physician in the ER. I always wonder about the follow up since continuity of care is one of the reasons I wanted to be a physician in the first place.

I’ve also been thinking about the ways that the system failed this patient. I can’t help but draw a parallel to all of the people out there who think that more technology is going to solve all the problems and that regulating the technology is the answer. Dealing with technology is just the tip of the iceberg in healthcare. This case is a prime example of everything out there that also needs to be addressed.

To the people who demand broad regulation of health information technology by the FDA as the solution to patient safety problems, I’ll get on board with that at about the same time the FDA gets oversight of compounding pharmacies, home infusion agencies, and payer executives squeezing the maximum profit out of the system. Based on the 50 patients I saw yesterday, they’re a much greater threat to patient safety than my EHR.

Email Dr. Jayne.

Readers Write: The Eve of War

The Eve of War
By John Gomez

Steve Lewis arrived at his office at 7:03 a.m., draining the last remains of his grande mocha as he finished chewing on his blueberry scone. These were his last few minutes of peace before the day started. He did all he could to savor them as his laptop booted. He began the login to his corporate network.

Username:
Password:

WHAT THE HECK?

There on the screen in front of him was an image a red skeleton and the words “Hacked by #GOP.”

Steve pressed Escape, F1, ALT-TAB, CTRL-ALT-DELETE. Nothing. The skeleton just starred back at him. Power off. No luck — the skeleton remained. He closed the laptop and opened it. The skeleton was still there.

The sudden ringing of the phone made Steve jump. He noticed that every line on his phone was lit up with inbound calls. He randomly choose one and answered, “Sony Pictures network support, Steve speaking …”

Steve would handle hundreds of calls that morning, as would his colleagues. Everyone reported that their computer bore the image of a skeleton. Within minutes, word had spread across the corporation of the computer attack.

Managers scrambled to calm employees and asked them to remain, though many decided to take immediate time off as they didn’t feel safe. If you were to have asked Steve’s colleagues that morning, not one of them would have said, “I feel safe and secure.” 

In the coming days, Sony Pictures executives would make a gutsy choice and agree to the demands of the company’s attackers. Meanwhile, several hundred miles away, members of the Department of Defense Cyber Command were spending their time analyzing cybermunitions and strategies to provide the President of the United States with options in the event he ordered cyberattack on North Korea.

As the dawn of 2015 appears on the horizon, the United States is poised to engage in the first cyberwar in the history of mankind. If there is any irony to all of this, it would be that it all reads very much like a Tom Clancy script. Unfortunately, all of the events and the situation we find ourselves in as the year comes to an end are all too real.

The attacks on Sony Pictures by North Korea are interesting. Studying what happened is critical to protecting our own infrastructure and systems. The key takeaways are that although the attacks were not sophisticated or highly technical, the strategy by those who executed the attack was advanced.

We now know that Sony was being probed and scanned for months, with the sole purpose being to gather massive amounts of intelligence that could be used to formulate escalating attack strategies. We also know that as a result of this intelligence gathering, the attackers were able to carefully and selectively control the attacks and the resulting damage.

We should also keep in mind that since the attacks themselves were not highly advanced, it does show that the use of proactive security hardening measures could have helped Sony minimize or defend against the attacks.

What do we do now? We as an industry and nation have never had to prepare for a cyberwar. The battle is now all of ours. The actions we take in the coming days and weeks will be critical to how we navigate and survive whatever may occur on the cyberfront.

The top three targets for cyberterrorism and warfare are finance, utilities, and healthcare. Attacking any of those areas creates extreme consequence to the citizens. Of the three, the most damaging would be healthcare. The worst case would be affecting patient outcomes in some form or manner. In my eyes, this could be done.

My prescription is as follows.

Top-Down Education

Educate the C-suite and board of directors to provide clarity in terms of what occurred and the reality of the attack types and strategy. Clarify the resources and support needed to harden systems.

Little Things Matter

The technically simple attacks on Sony were effective because Sony didn’t do the little things: using old technology like Windows XP; not enforcing security policies or policies, and giving in to the screaming user or privileged executive while compromising the overall welfare of the organization.

Holistic Approach

Fight as a team. Cyberattacks aren’t about singling out one system. They involve finding a vulnerability anywhere and exploiting that for all it’s worth. If someone can exploit security cameras to gather compromising information that leads to greater exploits, they win. Think of the entire organization, physical and digital, as a single entity and then consider the possible risks and threats. What if someone shut down the proximity readers? What if they disabled the elevators? What if biometric devices or medical devices running Linux were infected with malware?

Monthly War Games

This is a fun way to build a security-minded culture. Once a month, gather the security team (which should represent the physical and digital world) and start proposing attacks and how the organization would respond or defend. Invite someone from outside.

Fire The Professionals

Organizations rely on those who help them feel good by saying all the right things – clean-cut consultants with cool pedigrees and fancy offices. Those might be the right people to review financials, but for security, look for crazy, go-for-broke, “been there, done that” people. The ones who make you a little scared when you meet them that maybe they bugged your office while you stepped out for a minute. When it comes to testing systems and infrastructure, be liberal with the rules of engagement and highly selective in who to engage. Get someone who makes everybody uncomfortable but who can also provide guidance.

Admit You Need Help

For most people, cybersecurity is not something they do day and night. Even a dedicated team won’t see everything outsiders see because they are exposed only to a single organization. Consider getting help from people who do this every second of the day, regardless of if the help entails remote monitoring, managed services, surprise attacks on a subscription basis, or delivering quarterly educational workshops. The SEAL teams of cybersecurity exist.

Education Matters

Cybersecurity education is as critical as that for infection control and privacy. It could be that last line of defense before becoming the next Sony, Target, Kmart, Staples, or Sands Casino. Also consider providing ongoing education for the in-house technologists.

Integrate Business Associates

Don’t let business associates do whatever they want. Set standards and insist that they be followed. Minimize shared data with them, enforce strong passwords, require surprise security assessments, and get the board and C-suite to understand that they are the weakest link.

The Technology Vendor Exposure

Hardware or software doesn’t matter — most vendors do not design or engineer secure systems. Not because they don’t want to, but they overlook things when trying to get hundreds of features to market and dealing with client issues and priorities. Not to mention many of today’s HIT systems were designed and developed decades ago, well before the words “buffer overflow”, “SQL injection,” or “cyberwarfare” were known. Push vendors hard to demonstrate how they are designing and developing highly secure systems that keep customers and patients safe and secure.

Security Service Level Agreement:

Do this is nothing else – it will make sure the other stuff gets done. Set a clear and aggressive Security Service Level Agreement (SSLA). This should be a critical success factor that holds the CIO, CISO, COO, and CEO accountable. Defining what is part of the SSLA should be a joint venture between the C-suite and the board, but it should clearly dictate the level of security to be maintained and how it will be measured.

These aren’t earth-shattering suggestions. However, had someone from Sony read this last year, they would have said, “We already do this,” yet Sony may very well end up being a case study for cybersecurity (and depending what happens in the coming days, a key part of our history lessons for centuries to come).

The bottom line is that HIT is an insecure industry that has not done enough to pull forward and become the standard of cybersecurity that everyone outside the industry expects (and thinks we are already doing).

Now is the time to set a standard, fight back, and take things to a new level. Sony provides an opportunity to educate the board, create a partnership with the CEO, reexamine trusted partnerships, and push vendors to step up their game. Let’s hope that Sony is more than enough to be a call to action for our industry.

John Gomez is CEO of Sensato of Asbury Park, NJ.

Readers Write: EHR Vendors: Barriers to Interoperability

EHR Vendors: Barriers to Interoperability
By King Coal

As patients and taxpayers, I encourage everyone to contact your Congressional members about this topic. Mention that the barriers to EHR interoperability are not just technical — they are contractual as well.

EHR vendors that enjoy the benefit of our tax dollars under the HITECH Act are preventing interoperability — and innovation around the edges of their EHR products by third-party developers — by placing limitations and threats in their contracts with clients. The vendors who are engaged in this antitrust behavior can point to their technology and say, "See? We can share data. We follow data sharing technical standards. Quit criticizing us."

But when you look at these vendors’ contracts, the license fees associated with interoperability are cost prohibitive. In addition, the interoperability clauses are surrounded by onerous contractual obstacles that are veiled to protect the vendors’ intellectual property, but are actually ensuring the vendors’ continued monopoly and preventing innovation around their products.

This behavior on the part of some EHR vendors is strikingly ironic given the enormous success of open source, easily accessible APIs that benefit interoperability. The more open products are from a software architecture perspective, the more value that accretes to a product’s intellectual property. Open, transparent APIs create a larger dependence and ecosystem around products, not less.

Several years ago, I sponsored a meeting with senior executives from three large EHR vendors, lobbying them to open their APIs and migrate their software engineering architecture from tightly coupled, difficult to modify and upgrade, message-oriented architectures to loosely coupled, flexible, services-oriented architectures with open, published APIs so that my development teams could write innovative products around the edges of these EHR products. 

I will never forget the response from one of those EHR vendor’s senior executives: “We see ourselves as more than a database vendor.” Meaning, of course, “Our closed APIs are a market advantage.” 

Bill Gates and Microsoft used to think the same thing about Windows, Office, and Internet Explorer. You can see how that worked out for them when you compare what’s happened with the openness of Android, iOS, the browser market, and office suite products. Salesforce.com is the supreme example of business success based upon an open API and open culture.

A colleague described his thoughts in an email:

Current interoperability standards selected by the ONC and required by MU-S2 do not contain an adequate amount of data/data types to support the quality measurement requirements of the same MU-S2 program. This gap in data is what enables the EHR suppliers to continue the veil of interoperability while still protecting their proprietary intellectual property, serving the interests of the owners of these companies with little regard to what may be best for care, providers, patients, or consumers.

Several EHR vendors are banning together around a new magic bullet technical standard called HL7-FHIR based on JASON technology. While this new standard is great from a technical perspective (XML, REST, etc.), in its current form based largely on existing HL7 v2, v3 and CDA concepts, it does not improve the accessibility of proprietary EHR data types and those data types are needed for quality and cost performance improvement in healthcare. While FHIR could be expanded to include this type of data, it appears the first efforts are focused on reinventing the technology for currently defined interoperability data types.

I’m not sure what if anything Congress can do at this point to fix the ills of Meaningful Use Stage 1, which rewarded existing vendors with billions of dollars in tax money to maintain those vendors’ closed and proprietary APIs. Decertification by ONC will become a bureaucratic mess, but I appreciate the symbolic stance taken by Congress around decertification nonetheless.

One thing that must happen—and maybe our legal courts are the only option for this—the contractual threats and barriers in EHR vendor contracts that stand in the way of interoperability and innovation must be removed.

Interoperability and innovation in healthcare IT are suffering, both technically and contractually, by old-fashioned, old-school thinking on the part of EHR vendors. As a consequence, our healthcare system and patient care are suffering, too. ​

Readers Write: What Physicians Want From Their Medical Software

What Physicians Want From Their Medical Software
By Charles Settles

Physicians looking for medical software have many options. With hundreds of healthcare IT vendors and bloated feature sets, making a decision can be difficult. Especially when purchasing a system for the first time.

Many physicians are skeptical of vendor claims (especially regarding workflow efficiency) and healthcare IT in general. Additionally, learning a new system can be a daunting task for busy providers who have spent years managing patient encounters with paper charts. Some providers are opting out of healthcare IT entirely and are accepting reimbursement reductions or taking early retirement in order to avoid electronic health records and other systems.

Conventional wisdom (and the marketing material from vendors) would lead healthcare IT buyers to believe that Meaningful Use incentives are the number one reason to buy medical software. Based on responses we’ve received, fewer than 10 percent of physicians care whether or not their electronic health records system is certified for Meaningful Use. The latest data from CMS would seem to confirm this; less than 1.5 percent of physicians and organizations that attested for Stage 1 of the program have successfully attested for Stage 2.

The biggest factor for most physicians is effective document management. This should come as no surprise. It is difficult to achieve the goal of a paperless office without such tools. Despite requirements for health information exchange, interoperability between medical systems remains difficult. Many providers still use fax machines to coordinate care and share notes. An electronic health records system with built-in fax capabilities allows providers to bypass this. Additionally, the role- and user-based access capabilities provided by these systems keep health information secure in a HIPAA-compliant manner.

The second-most requested feature for medical software is template-based progress notes and orders. Despite concerns with upcoding or indecipherable template-based notes, most physicians want to be able to use customized templates to save time during encounters. One otolaryngologist said he performed “the same three procedures for over 90 percent of patients.” Using a template makes the most sense for providers who find themselves in a similar situation. Primary care providers were the only specialists to show an aversion to template-based notes, which makes sense, as a primary care provider is likely to deliver a much wider variety of care than a specialist.

Other features are less of a surprise: a patient portal, e-prescribing, and tablet or mobile-based access round out the top five most-requested features by providers using our service. Also, despite security and uptime concerns with cloud-delivered systems, it’s worth noting that fewer than 15 percent of providers asked for medical software that could be installed on their own server; 56 percent of providers requested cloud-based software; and the rest had no preference.

Despite the trend of providers opting out of the Meaningful Use Incentive Program, the market for electronic health records and other medical software systems remains significant. With estimates of healthcare IT adoption rates rising above 80 percent, many of these purchasers are replacing an existing system. This could explain some of the feature preferences, especially the significant preference for strong electronic document management capabilities.

Charles Settles is a product analyst at TechnologyAdvice.

Morning Headlines 12/29/14

Cerner Corp (CERN): $65.71

Cerner stock closes at $65.71 Friday, an all time high for the company.

Disneyland trip, Beyonce tickets were ‘inappropriate gifts’ to official, judge rules

The government upholds a VA decision to fire the former director of the Phoenix VA Health System,  not because of the wait-time scandal that was discovered at her facility, but because she accepted “inappropriate gifts,” including an 8-night family vacation to Disneyland for herself and six of her family members, from a consulting firm whose core business is helping vendors secure lucrative government contracts from the VA.

Why It’s So Hard to Fix Medicare Fraud

The Wall Street Journal analyzes Medicare fraud detection, explaining that the problem is complicated by the fact that 45,000 new providers enroll in Medicare every month and CMS does not have the resources to verify that every one is legitimate.

Jeb Bush quits hospital chain before possible White House run

Jeb Bush resigns from his position on the board of directors at Tenet Healthcare in preparation for a widely-speculated run in the 2016 presidential elections. Tenet is a for-profit health system that has publically attributed strong financial gains to the rollout of Obamacare, legislation that Bush formally opposes.

Monday Morning Update 12/29/14

Top News

Cerner shares hit a 52-week high last week, closing Friday at $65.71 and valuing the company at $22 billion. The end-of-year rise sounds impressive until you examine the one-year share price graph that shows CERN shares rising 18.2 percent (blue) vs. the Nasdaq’s 15.6 percent (red), so it barely beat the Nasdaq composite index. 

Reader Comments

From Pango: “Re:  vendor employee provider experience. My company developed a rounding program where our software developers, project managers, product managers, and QA team members spent time observing a clinician in hospital departments. It was valuable because it provided insights into workflows and usability that we could not have understood other than by on-site observation. The programs were in place at several client hospitals and we maintained an active rotation of our team members who wished to participate.”

From Patti Melt: “Re: Epic. I just spent all day interfacing it to other systems. Since Neal Patterson says it can’t be done, should I buy a lottery ticket?”

From Urban Cowboy: “Re: Madison airport. If Epic is trying to eliminate consultant advertising within 50 miles of Verona, someone should tell the airport since it’s about all they have. With fewer implementations, they need all the help they can get.” Someone mentioned previously that perhaps the airport wasn’t within Epic’s rumored no-fly-ads zone since it’s a long cab ride, but Google Maps says it’s only 21.9 miles.

HIStalk Announcements and Requests

News is predictably (and thankfully) skimpy, so the biggest takeaway from this post is that you haven’t missed anything over the post-Christmas weekend.

Dave Miller, CIO of Optimum Healthcare IT and formerly CIO of University of Arkansas for Medical Sciences, sent out an email suggesting Christmas donations to the Salvation Army, recounting how as a child the organization got his family of seven through their temporarily homelessness. Bitdefender wouldn’t let me bring up Dave’s fundraising campaign page at OnlineRedKettle.org because of a phishing warning, but I matched Dave’s $250 donation online in honor of HIStalk’s readers. Salvation Army is my #1 overall charity choice, with DonorsChoose.org running a close second.

I’m ecstatic to report that three-quarters of respondents to my poll say they’re happier now than they were a year ago. New poll to your right or here: what is your overall impression of HIMSS? Click the poll’s “comments” link after voting to explain.

Last Week’s Most Interesting News

• The executive director of the Connecticut Health Policy Project observes that the state’s now-defunct HIE oversight organization spent $4.3 million in federal grant money without accomplishing anything.
• Pennsylvania’s HIE organization asks the state for $4.7 million to keep it running now that its ONC grants have expired and its efforts to bring paying organizations online and to solicit charitable donations have failed.
• The FDA announces plans to require drug manufacturers to publish prescribing information for professionals electronically on an FDA-maintained website, eliminating the paper versions.
• HTC Global Services acquires CareTech Solutions.
• Boston Children’s Hospital (MA) pays $40,000 to settle state charges over the theft of an unencrypted laptop, while Northwestern Memorial Healthcare Group notifies 3,000 people that their information has been exposed by the theft of an unencrypted laptop from an employee’s car.

People

Oneview Healthcare names Samir Batra (CareInSync) as VP of patient engagement.

Announcements and Implementations

TEDMED is offering a $1,000 discount for registrations completed by December 31 for next fall’s event, dropping the cost of the refundable, transferrable delegate pass to $3,950. This year’s event was split between San Francisco and Washington, DC and connected by video. No way I’m paying thousands of dollars to watch a big screen meeting from the other side of the country, but to each his own. The only names I immediately recognized from last year’s speaker list were swimmer Diana Nyad and Theranos CEO Elizabeth Holmes, neither of which would cause my hand to move toward my wallet.

Government and Politics

Jeb Bush will resign from the board of for-profit hospital operator Tenet Healthcare as he explores a 2016 Presidential run. He made $300,000 from that gig last year. Tenet is worth $5 billion, with CEO Trevor Fetter holding shares worth $42 million.

A Wall Street Journal report says that Medicare is hard to fix because the agency doesn’t want to restrict care, adding that new providers aren’t vetted and inspectors never visit provider locations to see if they are real. The article points out that 45,000 new providers sign up to deliver Medicare services every month and CMS doesn’t have the resources to vet them.

Technology

My most-used iPhone app is the outstanding, 99-cent MotionX GPS Drive navigation system. I just noticed that the company offers the also-99 cent MotionX 24/7, which includes a sleep tracker, step counter, heart rate monitor, and wake-up alarm, all integrated with Apple Health. I didn’t realize until I looked up their site that the company’s emphasis is on and quantified self rather than GPS navigation. It holds dozens of patents and licenses its technology to wearables vendors such as Nike. MotionX’s CEO and co-founder is Philippe Kahn, who invented the phone camera, founded the powerhouse 1980s software vendor Borland (Turbo Pascal, Quattro, TopSpeed/Clarion, dBase, Delphi, and Paradox), and earned simultaneous master’s degrees in mathematics and classical flute. I’m installing MotionX 24/7 now and will report back, but I can already see that it’s as well designed as I expected.

Since I mentioned my most-used iPhone app, here’s another highly used one on the phone, desktop, and laptop: the LastPass password manager and single sign-on utility, which allows me to log on to a single Web page and have instant auto log-in to everything I use online (and to easily and centrally maintain complex and mandatory-change passwords) from any device. It’s free for personal desktop use, or an extra $12 per year to run it from mobile devices.

This should annoy everyone smart enough to use their phone as a personal hotspot instead of paying $15 for crappy hotel Internet access: Marriott and its hotel lobbying group ask the FCC for permission to block tethering, using the extraordinarily stupid and self-serving excuse that guests might use their personal Wi-Fi connections to attack the hotel’s network, steal information from other online guests, or slow down the hotel’s Wi-Fi (all of which are arguments hotels should make for NOT using their own in-house networks, other than the fact that they profit handsomely from it). Microsoft and Google are urging the FCC to deny Marriott’s lame idea. Somehow cheap roadside hotels can offer free parking, Internet, and breakfast but the snootier, big-city ones milk their business travelers hard. Marriott’s Springhill Suites is still my favorite chain, though.

Other

The board of Massena Memorial Hospital (NY) approves spending $49,000 for a Medhost upgrade and $29,000 for a Meditech/LSS purchase. The CEO explained that the Medhost upgrade is required for complying with New York’s I-STOP mandatory electronic prescribing law, adding, “The last thing we want to do is end up sideways with the state and DEA. That would be extremely unpleasant.” 

Eric Topol, MD tweeted this graphic of his medical smartphone concept from his new book, “The Patient Will See You Now.” Amazon’s “look inside” preview contains generous sections of the book’s content – it looks good.

This YouTube video of Derby the dog running for the first time after being fitted for 3D-printed prosthetics has received 6.8 million views for its producer, 3D Systems. The company, based in Rock Hill, SC , is traded on the New York Stock Exchange and is valued at almost $4 billion even after shares dropped 64 percent in the past year.

The children of “American Top 40” host Casey Kasem, who died of dementia last June at 82, will share his hospital records with his widow, who is suing the hospital that cared for him. Kasem’s widow is the former Jean Thompson, who played Nick Tortelli’s curvaceous wife Loretta (with the “I Dream of Jeannie” hairdo) on “Cheers.”

The federal government upholds the firing of the head of the Phoenix VA, not because of the wait times scandal that erupted there, but because she accepted gifts from a consultant that included a family trip to Disneyland and Beyonce concert tickets.

‘Tis the season for intolerant lunatics: American Airlines removes a disruptive La Guardia passenger who was loudly berating the flight attendants and crew who had wished him “Merry Christmas.” The man, who wouldn’t calm down, said nobody should ever say Merry Christmas because not everyone celebrates it. His fellow passengers cheered when he was escorted off the plane.
 

UPMC’s Magee –Women’s Hospital (PA) gives keepsake Christmas stockings and caps knitted by volunteers to the parents of newborns who are in the hospital over the holiday.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 12/24/14

AMN Healthcare Acquires Avantas

AMN Healthcare, a healthcare-focused staffing firm, acquires Avantas, which builds data analytics tools for optimizing staffing and scheduling.

Medicine Is About to Get Personal

TIME reports on direct-primary care provider Qliance Health, and their efforts to provide direct to consumer primary care for a flat monthly fee, and without involving insurance.

Health IT In Connecticut – Learning From Mistakes

A director from HITE-CT, Connecticut’s quasi-public organization tasked with building its health information exchange, explains that the organization was dissolved after “wasting $4.3 million in federal grants and four years, without accomplishing anything.”

Pennsylvania eHealth Partnership Authority Annual Report to the Governor and General Assembly

The organization responsible for Pennsylvania’s HIE reports that despite very lean staffing, finding a business model capable of delivering financial sustainability remains its biggest challenge.

News 12/24/14

Top News

Healthcare workforce services vendor AMN Healthcare acquires Avantas, saying its clients need staffing forecasting analytics.

Reader Comments

From Sonoran Dog: “Re: Maricopa Integrated Health System. Veiled rumors from administration suggest it will have to shut down in July 2015 due to lack of funds after receiving a large bond in the November elections. Any truth to the rumors? A lot of us medical personnel are working hard to comply with every cost-cutting feature we can come up with to help.” Voters overwhelmingly approved a $935 million bond to upgrade the facilities of the 515-bed public health system that includes Maricopa Medical Center, the Arizona Burn Center, and the Level One trauma center. The CEOs of the four largest private hospitals in Phoenix (Abrazo, Banner, Dignity, and Scottsdale Lincoln) say the huge construction expense is unnecessary given the sufficient bed capacity already in place (theirs, of course.) Readers comments are welcome. Surely there’s little chance of MIHS shutting down given public support, but some sort of public-private partnership with the those other Phoenix systems would make sense.

From Czarina: “Re: vendor-provider contact. What do HIStalk readers suggest for giving vendor employees exposure to the clinical workflow and technical challenges that providers face? We want every one of our people to get out in the field, but just taking a hospital tour doesn’t seem to have much value. We’re considering encouraging volunteering, attending a local or national conference, or taking a clinician to lunch.” I should note that this isn’t a huge company, so their employees won’t overwhelm the local health systems. Ideas? I’ll be honest that in my health system IT experience, I wouldn’t see the benefit to my department in having vendor people underfoot so they could learn on my dime, so I would be somewhat resistant to committing. I like the idea of setting up a volunteer program specific to the IT department if the hospital is willing to support it – our desk-bound IT department people learned a lot just going out with the field services techs or sitting with the help desk people.

From HITPro: “Re: cyberdefense training system. Can’t mimic real-world health system security because it is virtually non-existent.” CyberCity, created to train federal government employees to defend against cyberattacks, had to artificially boost the security capabilities of its prototype hospital because it otherwise would have been “too trivial to hack.”

HIStalk Announcements and Requests

I’ll probably slack off a bit over the next week by posting less frequently. Merry Christmas, Happy Hanukkah, and Habara Gani (and if you don’t celebrate any of these holidays, those of us who do thank you in advance for respectfully tolerating that fact).

Acquisitions, Funding, Business, and Stock

Provider secure messaging app vendor GroupMD renames itself Flow Health, or at least that’s what I infer from the maddeningly vague company blog post announcing a change without really describing it. I probably shouldn’t be surprised given that Flow Health’s “About Us” page on its we’re-so-hip, scroll-happy website doesn’t list its founders, physical location, or history.

Sales

Porter Medical Center (VT) chooses Summit Healthcare’s data exchange platform to meet Meaningful Use Stage 2 Direct messaging requirements.

People

 

Explorys hires Greg Yarrington (Truven Health Analytics) as VP of operations and Patrick Wells (Deloitte) as VP of solutions.

Home medical equipment manufacturer Invacare appoints Cleveland Clinic CIO Martin Harris, MD as interim board chair following the retirement of Mal Mixon. The publicly traded Ohio-based company has 5,200 employees and a market value of $533 million, with Harris holding shares worth $327,000. The company’s share price has dropped 28 percent in the past year.

J. Robert Beyster, PhD, founder of SAIC and Leidos, died Monday at 90. He left his job working on nuclear submarines for Westinghouse in 1969 and founded SAIC at age 45.

Announcements and Implementations

The Cal INDEX HIE connects to Blue Shield of California via Orion Health.

India’s state of Telangana rolls out the country’s first healthcare app.

Sagacious Consultants announces an Epic report-writing annual subscription that provides a fixed number of hours each month with discounts of up to $50 per hour.

Government and Politics

The executive director of the Connecticut Health Policy Project says the now-defunct state HIE oversight organization (Health Information Technology Exchange of Connecticut, or HITE-CT) was shut down “after wasting $4.3 million in federal grants and four years without accomplishing anything.” She references a state auditor’s report that concluded that the organization was slow to react, couldn’t figure out how to fund itself, and failed to renegotiate a bad vendor contract it had signed with Axway and GE Healthcare. At its peak expense year of 2013, the organization paid $343,000 in salaries. Auditors also noted that some of the 20 members of its board often missed meetings, vacant board positions weren’t filled, and with zero revenue the organization couldn’t pay the paltry matching funds required by the federal government ($1 for each $10 in federal grant money received). The editorial’s author is correct: the only accomplishment of the group was to squander federal money.

Acting HHS Assistant Secretary Karen DeSalvo, MD writes a Huffington Post blog post welcoming home the US Public Health Service officers who returned from fighting Ebola in Liberia this past Saturday.

The FDA issues a proposed rule that would require drug manufacturers to provide prescribing information for professionals in electronic form, which would then be posted on an FDA reference site. Paper versions would no longer be allowed since they can’t be updated with new information, but manufacturers would be required to staff a telephone service that would send paper copies on request.

Privacy and Security

Mercy Medical Center  (CA) announces that a third-party transcription vendor unintentionally opened up its server to the Internet for several weeks, making the physician notes of 620 oncology patients visible in web searches. The hospital has apparently fired the responsible contractor.

The Michigan appeals court dismisses a privacy brought by 159 people whose medical records were unintentionally made available online by a contractor for Henry Ford Health System (MI). The three-judge panel ruled that an invasion of privacy claim isn’t valid unless the plaintiff’s actions are intentional.

Other

Time magazine profiles Qliance, a Washington-based nationally expanding concierge primary care practice that has lowered its cost to the point that it covers entire businesses (Expedia and Comcast) and even Medicaid groups for a flat monthly per-patient fee based on age. Billionaire investors include Amazon’s Jeff Bezos and Michael Dell. I really like this snip:

At the tangled heart of this dysfunction is Medicare, which by its sheer size sets the standards for insurance reimbursements. Specialists dominate the panel that sets its payment rates. Thus the system values surgeries, scans and other procedures more than it values checkups and management of existing conditions. West, a primary-care doc, explains it this way: “If I put in an hour with a patient, I will be reimbursed for one exam–the same payment I would get for seeing that patient for 11 minutes. Meanwhile, an ophthalmologist might perform three cataract surgeries in that same hour, and each surgery might be reimbursed at twice the rate of my exam. So that doctor is making six times as much money.”

And if the eye patient has questions after the surgery about her medicine or her recovery, the specialist’s office is likely to suggest that she consult with her primary caregiver. After all, neither doctor gets reimbursed for answering questions on the phone, so the chore is often traded like a hot potato. “We say primary care is critical to a healthier future,” West says, “but in every way we show value, it is at the lowest level.”

Doctors without Borders is using donated advertising on free medical imaging social network Figure 1 (“Instagram for doctors”) to recruit Ebola volunteers. The app automatically detects faces in submitted photos and blocks them for privacy and allows users to manually block other identifying features. Images are also moderated before posting to make sure they have been de-identified. The Toronto-based company has raised $6 million in funding and was founded by (a) a professor and writer with a JD and Columbia MBA; (b) an internist who describes himself as having an “above-average sense of humor and below-average physical fitness”; and (c) an iOS app developer.

A Harvard Business Review article called “The Antidote to Fragmented Health Care” contains as  one of its recommendations universal EHRs. It doesn’t define exactly what that means, but references the VA’s VistA, Kaiser’s HealthConnect, and the OpenNotes initiative. Looking back at all the money (taxpayer and otherwise) spent on EHRs and HIEs, maybe the better and cheaper alternative would have been to buy or create a nationalized EHR. Or, as I proposed years ago, mandate use of a standardize EHR database structure with rule-defined fields and let vendors compete based on the user interfaces and add-on capabilities they sell beyond the basic database-populating parts of the EHR.

Trustees of Regional Medical Center (SC) approve an extra $500,000 to implement Cerner’s document imaging system, with its president explaining that the hospital had underestimated the number of departments that would use the system and the volume of documents to be converted.

The annual report of the Pennsylvania eHealth Partnership Authority says its biggest challenge is funding (duh) after its ONC grant ran out earlier this year, when it asked for $1.85 million in state support. Now it wants $4.7 million for the next fiscal year, explaining that it failed to generate the charitable donations it expected, user fees that were supposed to start kicking in earlier in 2014 won’t start until mid-2015, and even then those fees “will not reach levels that contribute significantly to Authority sustainability until most HIOs are onboarded to the P3N in 2016.” Translation: we don’t don’t know how to run a business, every one of our plans and projections were wrong and have been scrapped, and it’s highly doubtful anyone will ever pay us for the services we may eventually offer. Therefore, taxpayers should provide a never-ending flow of money so a poorly conceived, ever-changing, and incompetently executed idea can be pushed onto a market that doesn’t want it.

An apparently serious study finds that the 30-day mortality rate of high-risk heart failure and cardiac arrest patients admitted to teaching hospitals is lower when cardiologists leave to attend national conferences. I remember reading years ago that death rates dropped when hospitals were closed due to strikes.

---

Sponsor Updates

• Greenway Health releases version 3.1 of PrimeMOBILE.
• EDCO Health Information Solutions posts two new case studies involving its Solarity medical records scanning and indexing solution.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 12/23/14

Supreme Court to Hear Arguments in Big Health Care Case on March 4

The Supreme Court will hear King v Burwell on March 4. The case argues that the Obama administration overstepped its authority by providing federal subsidies to Healthcare.gov users when the ACA’s language only authorized subsidy payments for insurance acquired through state-run exchanges.

89 ACOs will join Medicare Shared Savings Program in January

CMS announces that 89 new ACOs will join the Shared Savings Program effective January 1, 2015.

Accretive Health Provides Updated Timeline for Completion of Restatement

Accretive Health, a Chicago-based revenue cycle management company, will file its long overdue 2012 and 2013 year-end financial statements next week. The company will also publish restated 2011 statements.

Electronic Distribution of Prescribing Information for Human Prescription Drugs, Including Biological Products

A proposed rule by the FDA will require that pharmaceutical companies replace the paper-based prescription drug handouts written for doctors with electronic ones that can be updated in real-time.

Curbside Consult with Dr. Jayne 12/22/14

As the year closes out, my hospital’s employed physician group continues to acquire physician practices under the guise of building its accountable care network. At this stage in the game, however, the strong independent practices have either grown to a point where acquisition isn’t a viable option or have banded together as part of IPA groups and aren’t interested in being employed. For the rest, however, it seems there’s no practice too questionable for us to purchase.

I was out of the office last month when the operations leaders did due diligence on a small pediatric practice. I had heard that there were some “interesting” things noted on the site visit, but leadership was bent on purchasing it anyway. The physician is close to retirement and they figure they can just plug a new physician (straight out of residency) in July and absorb the patient volume as the owner steps away into the sunset. In the mean time, my team’s job is to get the EHR live, transform care delivery to bring them up to MU-ready standards, and deal with all the fallout.

I went to the office on Friday for an initial workflow review. One of the implementation team members is fairly new, and although skilled with EHR, has never converted a practice from paper. The team lead who was supposed to be running this one ended up having her first grandbaby arrive, so I stepped in to cover the day of shadowing.

We have a checklist of things to review and we also shadow office staff as they go through their daily activities. Ultimately we’ll create current state workflow maps and use those to derive a future state. We’ll take that back out to the practice and validate it with the physician and office manager, put together a Team Operating Agreement, and then schedule them for implementation.

Often there is a fair amount of clean-up that has to be done with the workflows and addressing that is within the purview of our implementation team. Our operations staff initially fought us on this, but finally conceded that practice roles and responsibilities, patient flow, and EHR workflow are so intertwined that they can’t be addressed separately (especially if you’re trying to bring practices live on a rapid cycle). They also didn’t have the resources to adequately handle process improvement, so it was an easy “poach” when I decided it needed to live on my team.

My initial impression from the waiting room was a good one – freshly remodeled, new furniture, adequate space, and a cool salt water fish tank that the patients were enjoying. The receptionists were friendly and using computers proficiently. The exam rooms were large, with plenty of space to add a computer workstation and not lose the room needed to park strollers and the extra family members who often come to visits with new babies. I liked the way the layout clearly separated the “on stage” patient care areas from the “off stage” staff work areas, which not only helps control clutter, but reduces risk of patients overhearing phone conversations.

Once I stepped into the staff area, a veritable house of horrors awaited me. I wasn’t sure whether they over-spent on the furnishings and remodel and tried to make it up by skimping on the rest of the office or whether they just didn’t care. The back half of the office was just dirty. From the stained butcher block table in the staff lunch room to the piles of trash bags by the back door, I couldn’t believe what I was seeing. They knew we were coming, and if this is how they present the office for an assessment, I couldn’t imagine what it would look like if we showed up unannounced.

The counters and workspaces were crowded, with open drinks and snacks in the lab area, food crumbs in the keyboard of the computer they use to access the state immunization registry, and trash on the floor. Really, trash on the floor. Not the “oops, I dropped the cap to that needle while I was drawing up that injection” kind of trash, but the “I just don’t care and can’t be bothered to walk to the can because it’s on the other side of the room” kind of piles.

The cabinets and walls were covered with so many “don’t forget to do this” or “X insurance requires that” notes and stickies that you couldn’t even see the walls. More than two-thirds of them were obscured and some of them had been there for years based on the dates.

We started the assessment and quickly determined that no staff member had been there more than a year. Most had been there less than six months and two were new that week. That’s a red flag, as was the presence of the owner’s son as office manager.

In the positive column, we knew all the clinical staff would be at least minimally tech savvy because they were using their smart phones constantly, even when work piled up and patients were waiting.

We went through our usual questions about training and on-boarding, how work is divided, patient flow, and so on. I also asked about the remodel of the front half of the office (14 months ago) and how long the son had been managing the practice (18 months).

The timing of the son’s arrival and its association with staff tenure was suspicious, as was the timing of the remodel. Pediatric practices are not exactly centers of profit, especially small solo ones. They’re a labor of love for most physicians, and if not run right, can be more chaotic than other specialties. I wasn’t sure whether the son had been brought in to try to remediate a problem or whether he was the cause. Unfortunately, the latter was confirmed when we had a chance to sit down with the physician later in the day.

I haven’t heard such a sad story in a long time. The owner’s son had gone to college with the goal of being pre-med and eventually taking over the practice. His grades weren’t good enough to get into med school, so Dad financed an MBA at a for-profit university and hired him to manage the office instead. With no understanding of medical practice management or the realities of office cash flow, he embarked on an aggressive campaign to improve the office’s appearance.

Driving them further into debt, he terminated the seasoned staff because they were costly and he assumed they were replaceable. The office spun further and further out of control and for love of family the owner didn’t want to reach out to a consultant or anyone else who could help. Ultimately, they felt they needed to sell to remain viable. He saw the purchase by the medical group as a way to continue doing what he loves and apparently wasn’t aware of the plan to add a physician to the practice in six months.

Having been in this business as long as I have, none of this should be surprising. Still, every time I hear one of these stories, it shocks my sensibilities. First, that there are physicians in this day and age of regulatory complexity that still think a practice can be family run without specific training and administrative support by someone who actually knows what they are doing. Second, that the son was still in the practice even though we had acquired it. Usually we have a pretty good track record of buying out those kinds of situations when we take over. And third, that my own employer actually thought acquiring this practice was a good idea.

Looking at reimbursement rates for general pediatrics, we won’t break even for a decade. It may be the right thing for the community, though, and I hope they acknowledge this and react accordingly when the negative financial statements start documenting what our guts already know. In the past, they haven’t been sensitive to the realities of acquiring damaged goods. Their knee-jerk reaction will likely be to push the physician out, replace him with a younger model, close the office proper, and move the “practice” (aka patient base) to an on-campus office.

In the midst of all this chaos, we’re supposed to deploy EHR and have happy satisfied end users without expending more resources than are budgeted. Good thing the OSHA, CLIA, HR, and regulatory remediation won’t come out of my budget.

We’re going to do our best with this practice. Although I’m not terribly hopeful, we’re in it to win it. As for our operational leadership, however, I’d like to throttle them.

Does your employer make business decisions that leave you shaking your head? Email me.

Email Dr. Jayne.

HIStalk Interviews John Gomez, CEO, Sensato

John Gomez is CEO of Sensato of Asbury Park, NJ.

Tell me about yourself and the company.

Security has been a huge passion for me. It’s something that I was involved in earlier on in my career and then drifted away from and most recently got back into. Sensato is an outcome of that passion. 

The unique part of Sensato is that it focuses specifically on healthcare cybersecurity and privacy, the entire ecosystem of healthcare and healthcare information technology.

How would you characterize the current state of security in healthcare?

It’s scary overall. People are trying, but healthcare is unique. I’ve talked at industry events outside of healthcare in finance and telecom, and when I talk to people about healthcare, they are often shocked about the challenges that a CIO faces.

When I put it into context for people, the average hospital has 300 to 400 systems between HR, finance, and clinical systems. Then you lay on top of that security like webcams and remote door controls and patient access systems and things like that. 

It’s just such a huge attack surface for security that for it not to be overwhelming to any CIO would be surprising. That translates into what many would consider a target-rich environment, which translates into a lot of fear.

The Sony Pictures breach proved that any organization is vulnerable if someone decides there’s incentive for them to get into your systems. The FBI had already called out healthcare as being specifically targeted because PHI is valuable. Does that raise the stakes or the level of urgency to do something?

It does in some. If we step back, there’s multiple layers of cybersecurity and cyberterrorism. One area that we don’t talk a lot about is cyberwarfare. The challenge, and I think we’ll probably hear more and more about this from the Department of Homeland Security and the FBI, is that PHI is very valuable and very important. The challenge we have seen with Sony it that it’s almost cyberwarfare, where a foreign state attacks a corporation.

It opens your eyes to the fact that what if through cyberwarfare, hospitals, physician practices, labs, clinics, or retail pharmacies were attacked? What could be done there? It is scary when you think about the amount of systems in healthcare that are Unix-based and how many hospitals still run XP. Sony becomes wake-up call to what can happen if a foreign state decides to target the infrastructure of another country.

If someone wanted to cripple a hospital’s systems, what are the odds they could do it?

I would say it’s extremely high, whether it’s cripple the system or compromise it. The challenge of hospitals is to embrace patients and provide access to family members, that sterile vs. community-and family-oriented-environment. It does open them up to threats.

Also the entire concept that somebody that is disgruntled, whether that be a patient that feels that they were done wrong, a family member who was treated wrong, or an employee. In many communities, hospitals are the largest employers. That opens them up to a lot of challenges. 

I get worried about stating things like this because I don’t want to give people ideas, but hospitals are extremely vulnerable in my eyes. I don’t think it would take much to compromise most hospitals, whether that be through electronic attack or a physical attack that leads to an electronic attack.

Physician practices don’t have a lot of security resources or corporate support, while hospitals have richer data but are better secured. Which is the bigger target for hackers?

If you step back for a moment and you look at the dynamics of what’s occurring in our industry, as physician practices are becoming more involved in patient engagement and putting patient portals out there, they’re suddenly going to become much more vulnerable. In the past, they didn’t have exposed systems. You had to get in the office to launch an attack in most cases. Maybe they’re doing some faxing and things of that nature, but today a lot of physician practices either have hosted systems or patient portals.

The challenge there is a lot of these practices also have affiliations with the hospitals and pharmacies. As we start to increase the concept of population health and coordinated care, we’re having more and more of the healthcare population touching electronic systems. The vulnerability of going after a small physician practice and that launching into an attack inside of a hospital is becoming very real and very possible. It’s a scary thing that as we’re doing the right things to provide tools to our caregivers to help them do much better quality care for patients, we’re also vastly increasing the vulnerability across the spectrum of care.

Are the tools sophisticated enough, even if employees themselves aren’t, to prevent someone from clicking a link that installs malware that compromises entire systems?

Probably the biggest weak link is the employee or the user. They click on something or download something and it becomes an exploit. There are tools out there, but the reality is that as we learned long ago, a good offense is your best defense. Educating employees, making sure they’re up to speed, and putting policies in place that hopefully restrict them make a ton of sense.

The challenge in this industry is that we do things to make things easier without realizing the ramifications. For example,a lot of hospitals use a “bring your own device to work” or “bring your own device” policy for the physician. That’s probably one of the easiest, fastest ways to become compromised. You have devices that you don’t know what’s on them. You have no clue what that clinician has loaded on their personal device and what that can do to your network.

It becomes scary when you start thinking about other secure environments. No other real secure environment with so much at stake like healthcare would allow a “bring your own device” kind of strategy, but yet we do it. That translates into a weakened posture overall.

Sony Pictures failed to enforce basic security steps, such as not allowing massive data downloads or remote, anonymous e-mail logins. Is the average hospital prepared?

The challenge to hospitals or Sony or whoever it may be is that there are a lot of myths or a lot of beliefs that “this is good enough.” There are a lot of myths about security and a lot of things that people believe make them secure, when in reality, they don’t make them secure or they don’t truly provide the coverage blanket that they need.

For example, many hospitals will hide the name of their wireless access points, their SSID. They think if you can’t see my SSID, you can’t see my wireless access point, so I’m secure and people can’t get to my wireless unless it’s a guest wireless network. That’s a myth. The reality is that within 5 to 10 minutes you can figure out a hidden SSID or a hidden wireless access point. From there, you can launch a “man in the middle” attack. 

People take the basic steps and don’t realize those basic steps don’t do enough for you. In many cases, they don’t even take the basic steps, like not blocking anonymous email accounts or blocking or whitelisting certain websites or IT addresses. People just don’t know. They believe that they are doing everything they can and they don’t realize that it’s just not enough.

The attacks against Sony weren’t as sophisticated as everybody thinks. They were basic attacks. That’s scary because that continues to show that Sony just didn’t do enough to harden the environment and could have done some very, very simple things to get a much better return.

For many organizations, especially in healthcare, you feel more secure if you put things like DLP, firewalls, and intrusion detection in place, but then you forget that there are some really basic things you need to be able to deal with and do. If you don’t do them, you are susceptible to attacks.

How does the security exposure change if a hospital moves its EHR to a hosted system? Is it good, bad, or just a different set of issues when not running servers in a local data center?

It’s different issues. A lot the insecurity we see originates with the vendors. A lot of the products that have been developed in healthcare are old products — 10, 15, 20 years old in some cases — and never had to deal with these threats. Suddenly the base code, base logic, and approaches are moved to different environments, such as the cloud. We find that now they’re susceptible to attacks. The issues are a little bit different because we now are placing systems into environments that they may not ever been designed to support or designed to secure.

Certainly I don’t think you are more secure one way or the other.  It’s a whole bunch of different issues. You really have to step back and start thinking about how is this designed and am I exposing something new or not exposing something new.

Heartbleed and the Sony Pictures breach were calls to action. How are healthcare users reacting?

Things are being divided into two battle lines. There is one group of people that are thinking that Sony’s an example of if somebody wants to get to you, they’re going to get to you. There is nothing you can do about it, so why bother? Which I think is absolutely the wrong approach, especially in healthcare, because ultimately a bad enough breach could cost somebody a life.

The other side of the equation, which I think is understandable and more appropriate, is that Sony is creating a very serious wake-up call for a lot of people in the industry. They are saying, I think I’ve done everything I can, but what more can I do? Because obviously there is always a way in. How do I continue to close down those opportunities to people? 

There is a distinct parting of the ways. My hope is truly deep down that more and more people take the “what else can I do to protect the people that I’m responsible for, my employees and my patients” and less and less people take the “there is nothing I can do — eventually they’re going to get to me if that’s what they want.”

How does a provider make the decision as to where to focus knowing they can never be 100 percent secure?

There are some clear strategies and best practices around, how do I keep myself on top of things? How do I continually refresh my intelligence so that I can minimize the attack surface and the threats? What I would tell people — and we don’t do some of these things – is go to managed care. Think about outsourcing your security team.

The reason for that kind of stuff is that the space is so complicated that you want people who are continually the best of the best looking at your systems and looking at your security strategy on a continual basis and looking for things that digital protection strategies can’t capture.

The other thing is rotating who is doing your assessments and penetration tests. If you’re always using the same organization to do your assessments and your penetration testing, chances are your going to get the same results or very similar results over time. Mix things up. Try to use different assessment organizations and strategy consultants around security. The more you can do to get different people, different organizations to look at what’s going on in your environment, the more perspective you’re going to get.

There are a lot of people out there who are doing these kinds of things. There are a lot of good people and a few great people. The more you can change up the people that your working with and partnering over time, the better chance you’re going to find great people who can say, here’s something that you didn’t think about and you need to address it because it’s a big, big problem for you.

The other thing is as organizations are looking at their security strategies is there seems to be a separation of church and state in the hospitals. The CIO is looking at technology systems and then you have the physical security people who are looking at things like cameras and remote monitoring of infrastructure. Those two teams need to come together. 

We need to learn that from a hacker’s perspective, the hospital is one big target, whether they are coming from a physical attack and place a USB drive on a machine and gather things or hack your remote cameras or directly go after your patient portal, EMR, or lab system. To the hacker, it’s all one thing. Within the hospital, it’s important that cybersecurity and physical security worlds come together and think about a cohesive and holistic strategy.

Health systems worry about international hackers, yet run unencrypted laptops. Would you focus more on employee and guest defenses that are based on physical security?

I would take a leapfrog strategy where I would try to cycle through things if I were the CIO responsible for hospital security. I would try to cycle through things where there’s a period of time where we focus a lot on end user education, minimizing end-user disturbance of systems, and thinking about how do we minimize that threat. Doing things like we need to encrypt our laptops. We need to or catalog our data at rest because we don’t know what’s really out there and scan for data at rest. Because that is a big vulnerability and that’s something that an employee is going to walk away with and now we’re at risk.

The second cycle is to keep thinking about is there a external threat that’s going to compromise this, and if so, how is that going to happen? The challenge to a hospital system is that it’s such a big target compromising so many different areas. 

You’ve got to continue to look at both sides of that equation. If you could cycle back and forth and say, look at the human element of this and what’s that threat from inside the four walls and what’s the external threat, it probably would pay dividends over time.

Do you have any final thoughts?

Some short, quick hit strategies. Educate boards let them know what’s going on. Don’t be scared of what’s occurring. Like anything else that’s big and scary, it’s better off to face it and be very aggressive about it and deal with it. At the end of the day, nobody is ever going to regret trying their best. The only thing that you’re ever going to regret is not having tried your best.

In this world, given the stakes of patient lives, it’s something that’s important that those in charge of cybersecurity and physical security in hospitals do everything they can to try and minimize that risk.

Morning Headlines 12/22/14

HTC Global Services of Troy buys Troy-based CareTech

HTC Global Services acquires CareTech, a consulting firm that focuses on health IT consulting. Both companies are headquartered in Troy, MI.

Rep. Renee Ellmers Letter to HHS

House Rep. Renee Ellmers (R-NC) and 29 other House representatives send a letter to HHS imploring Secretary Sylvia Burwell to reduce the MU Stage 2 reporting period from 365 days to 90 days.

Merge Healthcare Reaches New 12-Month High at $3.63

Merge shares reach a 52-week high, closing Friday at $3.63. Shares are up 54 percent year to date.

The NHS’s chaotic IT systems show no sign of recovery

The Guardian reports on health IT in the NHS, focusing on anecdotal tales from the recent troubled Epic implementation at Addenbrooke’s Hospital.

Monday Morning Update 12/22/14

Top News

HTC Global acquires CareTech Solutions. Both companies are in Troy, MI. I reported on November 24 (tipped off by a reader) that the Federal Trade Commission had approved the acquisition.

Reader Comments

From Vermonty: “Re: UVM and patient poaching. The fertility clinic’s staff accessed the EHR looking for candidates to contact and one of those patients complained, triggering an EHR audit that revealed the unauthorized access. Lucky for UVM it was fewer than 500 patients. UVM has filed complaints with the state and the medical society and is suing the practice. This will get ugly.” Unverified.

From The PACS Designer: “Re: health clinic of the future. Forbes had an interesting article about data inhaling, where patients and everyone in the health treatment process work from the same platform. The key element of the concept is everyone has ownership of the same data.” I didn’t get anything from it other than some very brief and generic pie in the sky thoughts, but to each his own.

Anonymous Reader Report: Being a Patient in my Own Hospital System

My husband has a tendency  for vertigo. We called 911 for a severe episode and he was taken to the ED at 10 p.m. They said the CT scan showed a brain anomaly (which our PCP later said was normal) and sent us to Hospital B at 4 a.m.  We ended up in the stroke unit, which we found out only because of the sign on the door – nobody told us. The neurologist said he was OK and discharged him. Radiology showed up at noon to do a test that we hadn’t been told about.

I started getting anxious at 4 p.m. and asked to see the hospitalist, but was told she was too busy. I paged the nurse supervisor and she could get no action either. At 9 p.m. I asked to speak to another nurse supervisor and again was told that the hospitalists was too busy. I gave up at 10 p.m and went home since my husband was feeling OK.

The next morning he was served a breakfast of straight sugar and carbs as a non-insulin dependent diabetic. Not surprisingly, his blood sugar showed a little high and they gave him insulin, which we objected to. At 9 a.m. the neurologist poked his head in wondering why we were still there after 24 hours of no contact with a physician. I again called the nurse supervisor, who finally did get the hospitalist to say he could go home.

HIStalk Announcements and Requests

Two-thirds of poll respondents say ONC should focus on interoperability, with less than 4 percent excited at the prospect of an ONC-run health IT safety center. New poll to your right or here: as 2014 draws to a close, are you personally happier now than a year ago?

Hot coffee was the easy winner in my poll asking which beverage readers most preferred to drink at work, racking up 56 percent of the vote. It was followed by water (16 percent) and hot tea (14 percent). The least-favorite drink from my list was non-diet soda, with only 2 percent of respondents favoring it.

Reluctant Epic User provided his own suggestion for those whose employer doesn’t provide free java: “Use only fresh, unground medium roast beans, get an AeroPress, a grinder, and a tea kettle. Leave the milk in the cows and the sweeteners at the chemical plant.” The $25 Aeropress coffee and espresso maker has 3,300 Amazon reviews and a rating of 4.5 stars, which sounds great other than it’s a bit of a pain compared to turning on the coffee maker, it makes only  four cups (which is probably really two of the size I like) per pressing, and you would have to keep the extra amount warm yourself.

Here’s the video from Ed Marx’s book launch last week for “Extraordinary Tales from a Rather Ordinary Guy.”

Last Week’s Most Interesting News

• An Advisory Board analyst’s review of Eligible Hospital attestation numbers for Meaningful Use Stage 2 finds that 66 percent that are eligible to attest have already done so, projecting that 95 percent will have achieved MU Stage 2 by the time information from the last quarter of 2014 is available.
• Consumer Watchdog urges Californians to opt out of the state’s HIE because the group hasn’t explained its privacy policy clearly.
• Sony Pictures warns that HIPAA-protected information from its health plan was stolen by the hackers responsible for its huge data breach.
• Karen DeSalvo gets a new employee as Vivek Murthy, MD, MBA is confirmed as surgeon general by the Senate.
• The FY15 Omnibus bill includes $32 billion for DoD health programs (including its EHR project) and $344 million for the VA to modernize Vista, but keeps ONC’s budget flat at $60 million instead of the $75 million it requested.

Acquisitions, Funding, Business, and Stock

Healthcare technology services investor Carrick Capital Partners names retired Senator William H. Frist, MD as a special advisor.

Merge Healthcare shares hit a 52-week high Friday, closing at $3.59 and valuing the company at $344 million. Above is the one-year MRGE share price (blue, up 56 percent) vs. the Nasdaq (red, up 16 percent.)

Sales

MultiCare Health System (WA) joins Premier.

People

 

Huntzinger Management Group promotes Nancy Ripari and William C. Reed to partner.

CompuGroup Medical US promotes Chris Lohl to VP of R&D, ambulatory information systems.

Alice Peck Day Memorial Hospital (NH) hires Kristen Kneisel (Cornerstone Advisors) as AVP of information services.

Anthelio names co-founder Chick Young to its board.

Announcements and Implementations

Blood glucose tracking capabilities will return to the iPhone and iPad with the release of iOS 8.2, in which an Apple Health patch was added to support a measurement unit common in Europe (mmol/L) in addition to the US standard unit of mg/dL.

CIO Review names CitiusTech as one of “50 Most Promising IT Services Companies.”

Government and Politics

Rep. Renee Ellmers (R-NC) and 29 of her House colleagues urge HHS Secretary Sylvia Burwell to reduce the 2015 Meaningful Use Stage 2 reporting period from 365 days to 90.

Privacy and Security

Boston Children’s Hospital (MA) will pay $40,000 to settle charges brought by the state’s attorney general following the theft of an unencrypted, PHI-containing hospital laptop from a physician presenting at a conference in Argentina. The physician mistakenly thought he had erased the information of more than 2,000 patients and failed to follow BCH’s encryption policy.

Northwestern Memorial Healthcare Group (IL) notifies almost 3,000 people that their medical information was contained on an unencrypted laptop that was stolen from an employee’s car in October.

Other

An editorial in London’s The Guardian says that the Epic-related problems at Addenbrooke Hospital are “the latest installment in a long-running saga in which British public institutions display their inability to introduce complex IT systems without causing chaos and distress.”It adds that Epic’s user interface has progressed from “abysmal and dysfunctional” to “merely ugly” but at least it works. Update: a reader pointed out that the user interface comments were directed at the physician practice system, not Epic, thus the timeframe referenced in years vs. Epic’s October go-live. The article combined both the Epic issues and other healthcare software in general. 

I mentioned last time that I tried First Opinion, which offers free texting to physicians, and listed the pluses and minuses. Here’s an addendum: Dr. Kia did indeed text me back from India the next day to see how I was doing and we had a nice chat. I was impressed even though I don’t entirely see the point since non-US doctors can’t diagnose or prescribe.

Patient advocate and The Walking Gallery founder Regina Holliday is trying to raise $75,000 to create the Walking Gallery Center for Art and Healing in Grantsville, MD. Donate $10,000 and she’ll deliver a keynote address and workshop at your meeting.

A Black Book survey of small-hospital CFOs finds that revenue cycle system upgrades have been deferred in favor of ICD-10 and Meaningful Use projects. Two-thirds of small hospitals that said in 2012 that they would replace their RCM system still haven’t done so.

Nurses, doctors, and pharmacists (in that order) are named as the most honest and ethical professions (and this the most trusted) in a Gallup poll. At the bottom of the list are care salespeople and members of Congress.

A study finds that less than half of the recommendations of TV huckster-doctor Dr. Oz are supported by medical evidence, while 39 percent of his recommendations were not backed by evidence and 15 percent were contradicted by it. The authors conclude that TV doctors rarely address their own conflicts of interest.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 12/19/14

First real-world trial of impact of patient-controlled access to electronic medical records

In a small study, 105 patients are given the ability to hide certain parts of their medical record from their doctors, with a “break incase of an emergency” feature built in so that doctors could bypass the lock if needed. By the end of the six-month study, 49 percent of the patients had decided to hide some portion of their record.

Many say meaningful use Stage 2 is disastrous, but the data say otherwise

While the numbers on Meaningful Use Stage 2 seem grim, Advisory Board Senior Consultant Tony Panjamapirom says that 65 percent of the hospitals scheduled to attest to stage 2 this year have already done so, with many more expected to attest before December 31. He says that between these attestations, and those that are pursuing hardship exceptions, more than 95 percent of stage 2 eligible hospitals will be in compliance by the end of the year.

Medfusion names Allscripts and M*Modal vet as CEO

Medfusion founder Steve Malik will step down as CEO of the company, passing the reigns to Vern Davenport, formerly of MModal and Allscripts. Malik will stay on as the executive chairman.

News 12/19/14

Top News

The research wasn’t all that great, but the methods were pretty cool. A Regenstrief study finds that half of urban clinic patients who were able to selectively hide parts of their EHR information chose to do so. That’s from a ridiculously small study cohort of 105 patients, so don’t get excited about the results just yet. What was interesting is that Regenstrief developed a system in which patients can lock clinicians out of specific sections of their own EHR information, such as as those involved sexually transmitted disease or mental health. However, the system also contains an audited  “break the glass” button that allows clinicians to override the patient’s preference in urgent situations. I like the elegance of that solution, although the challenge would seem to be adding granularity so that specific types of clinicians could see information without having to use the “break the glass” option (allowing a gynecologist to see the STD information, for example).

Reader Comments

From Sell Sider: “Re: JPMorgan healthcare investor conference in early January. Half of healthcare is there. HIStalk should have coverage or attendee Q&A or something.” The San Francisco conference is by invitation only, so I would have to rely on an attendee to write up their experiences. I’m up for it if someone is willing to share their experience. JPM covers all of healthcare, but I’m sure plenty goes on related to IT. Ben Rooks provided some background in an “Investor’s Chair” post five years ago (where has the time gone?) JPM is also one of the scumbag “too big to fail” banks that ripped off American taxpayers in creating the 2008 financial crisis through greedy speculation, earning it massive profits, $25 billion in bailout money, a $13 billion slap on the wrist, and no criminal charges.

From Tilde Squiggle: “Re: fertility clinic competition. Efforts to reduce cost appear to be stymied by The Man. What happened to free markets?” A dozen doctors and other professionals from University of Vermont Medical Center open a fertility clinic whose costs are 30 percent less than UVM’s, which is great for everybody except UVM, which is suing the group. UVM says the clinic’s employees have access to its EHR and could be using that information to poach its patients, which the clinic denies.

HIStalk Announcements and Requests

I’m interested in running a regular column by either a startup CEO or a venture capitalist who wants to share their keen insight and sharp writing skills with the world. Let me know if you are interested.

There’s only so many ways companies can try to stand out at the HIMSS conference. Most of them are expensive and don’t work anyway, so here’s an alternative: sponsor the highly anticipated HIStalkapalooza event. I’m offering three sponsorship levels: Platinum (includes 100 invitations for customers, prospects, and employees; an information table in the welcome area; and a private opera box for entertaining); Gold (50 invitations and an information table); and Silver (a private opera box and invitations for 12-14 guests). Sponsors at all three levels will be recognized at the event and on HIStalk before and after. I don’t usually announce the venue until later, but here’s the scoop: I bought out the entire House of Blues Chicago (just off the river on North Dearborn behind the Trump) and the deal includes the ultra-swanky, members-only Foundation Room. Your company is spending a fortune to exhibit at HIMSS, so spend a little bit extra and you’ll get major exposure to the industry’s movers and shakers who read HIStalk. Contact Lorre and she’ll send information, but hurry because we’re about to close the window on new sponsors. The event is break-even at best for me and is frankly a pain in the butt to put together (I swear every year that I’m done with it), but people seem to enjoy it and I got sucked back in again in a weak moment.

This week on HIStalk Practice: Compleat Rehab and Sports Therapy Center and Hot Springs Sports Medicine select Clinicient services. CMS consultants travel to Micronesia. Fremont Family Care receives the HIMSS Ambulatory Davies Award of Excellence. Sony and Snapchat get into smartglasses. Dr. Gregg pontificates upon pain, EMRs, and appreciation. Toby Sadkin, MD puts plans for EHR replacement in perspective.

This week on HIStalk Connect: Google Ventures goes all in on digital health, quadrupling its investments in the sector during 2014. Investment funds and startup accelerators focused on digital health companies are also on the rise. In Colorado, the Quality Health Network, one of the nation’s first health information exchanges, forms a trade group with 20 other HIEs to advocate for the struggling HIE industry and explore new revenue opportunities.

Acquisitions, Funding, Business, and Stock

Online doctor visit provider American Well closes an $81 million Series C round, raising its total to at least $128 million. I was thinking about the popularity of those $49 visits and had the same reaction as when I see two of four corners of major intersections taken up by chain drugstores and pharmacy-containing grocery stores: where are they getting all those professionals? The schools aren’t cranking out doctors and pharmacists any faster, and yet the retail demand for them keeps going up.

Analytics vendor Predilytics raises $10 million in a Series C round. I’m trying to stay interested in the analytics marketplace, but everybody and his brother are starting up companies with splashy websites and buzzword-laden assurances of competence. This one is a real company, but I suspect that the only revenue many of the newcomers will book will come from investors rather than customers. Check back on the HIMSS15 exhibitor list of analytics vendors three years from now and I bet 80 percent of them will have failed.

First Opinion, which offers 24×7 access to a permanently assigned physician via text messaging, raises $6 million in Series A funding. The service costs $9 per month for a guaranteed service level of 5 minutes, but is free otherwise. I downloaded the app, submitted a profile consisting only of age and gender, and was connected to Dr. Kia in India. Her profile didn’t say where she went to medical school, but it did offer that she has “1 kid” (I’ve eaten curry goat several times on Indian buffets, but I don’t think she was talking about that). I texted that I was sneezing and congested, which is true since I’m getting over a cold. She asked some questions that sounded like they were composed in advance by an English as a second language layperson to avoid wasting the doctor’s time. I received responses quickly, just like a real text messaging conversation except with oddly excited reactions to my responses (like “Alright!” and “Oh okay!”). Our conversation ended with a little personal note: “I love to take some chicken soup when I am down with a cold. With a dash of pepper the soup can make you feel much better.” She promised to check on me later and I did indeed eat (take?) a can of Progresso Light Chicken Pot Pie soup onto which I added many dashes of pepper, although in full disclosure I had already done that before I texted Dr. Kia. My analysis of First Opinion is reasonably positive, but the service has significant limitations:

Pluses

• The app was quick to install and use. It looks like text messaging, but it’s a separate app that vibrates the phone like a new text message when the doctor responds.
• Connection and the doctor’s response were nearly instantaneous.
• The doctor was about as interactive and caring as you can get when texting with a stranger half a world away.
• Her suggestions, while somewhat generic, were pretty good.
• Promising to check back later was a nice touch regardless of whether she actually does.
• I would have felt comfortable asking prevention-type questions: diet, exercise, etc.
• When I restarted the app, the previous conversation was still there, plus it offered to sync with Apple Health and push the information to Dr. Kia, which was pretty cool even though I don’t know what she would have done with it.
• I don’t know if I could have texted a photo of one relevant body part or another if the situation warranted (I was snickering at the idea of texting over something inappropriate and getting a computer-assisted “Oh okay!” from Dr. Kia.)

Minuses

• The doctors aren’t licensed in the US, so they can’t prescribe or diagnose. The user agreement suggests that even though you’re chatting with a doctor, they’re only offering personal, anecdotal suggestions and not medical advice.
• I’m not sure what happens for anything but the simplest conditions other than “contact your doctor,” like if I claimed to be coughing up blood or running a 104-degree temperature.
• The doctor has zero information other than age and gender, although perhaps she would have asked if she needed anything additional.
• She recommended decongestants and antihistamines without asking about allergies, hypertension, glaucoma, etc. A Walgreens pharmacist would have ruled those out before suggesting potentially conflicting non-prescription meds.

People

Quality Systems names Zachary Sherburne (Spectrum Brands) as global CIO.

LifeLabs Medical Laboratory Services hires Brian Forster (OntarioMD) as SVP/CIO.

Medfusion promotes Vern Davenport to CEO. Founder Steve Malik, who sold the company to Intuit and then bought it back, will stay on as executive chairman. The company says it has 10 million patients using its portal.

Announcements and Implementations

Premier, Inc. joins the Coalition for ICD-10.

Government and Politics

Tony Panjamapirom, PhD with The Advisory Board Company says hospital Meaningful Use Stage 2 attestation numbers are being misinterpreted to mean the program is failing. He says it’s true that only 35 percent of all Eligible Hospitals have met Stage 2 standards through December, but 66 percent of hospitals that were scheduled to attest in 2014 have done so. He concludes that the flexibility rule that allows hospitals to attest to Stage 1 requirements in 2014 if they have software problems means that 95 percent of hospitals will attest in 2014. The EP numbers are too preliminary to call since most of them will use the October – December 31, 2014 reporting period. In a nice finish, he says, “The MU program is not just about what providers can or should do. It is about all of us. We all need to keep in mind that the ultimate goal of the MU program is to promote better care and better health for consumers/patients, including ourselves.”Actually, the ultimate goal of the MU program was to defibrillate a wheezing US economy and get providers to buy EHRs they weren’t willing to spend their own money on, but I’ll go with Tony’s more poetic words.

Privacy and Security

The CEO of Sony Pictures was warned about IT security problems three weeks before hackers gutted its systems. The company had software problems that it blamed on software bugs and incompetent IT people, the CEO himself sent his passwords to his assistant in unsecured email, sensitive documents were stored unencrypted, and company policy required employees to keep too many old emails. An email from the CFO to the CEO (exposed, ironically, by the hackers) noted, “significant and repeated outages due to a lack of hardware capacity, running out of disk space, software patches that impacted the stability of the environment, poor system monitoring, and an unskilled support team.”

With regard to Sony, which is worse: (a) having such sloppy IT processes that a 100TB hack wasn’t noticed, or (b) buckling to demands and threats from anonymous hackers that a major film be pulled just because they invoked 9/11? As Newt Gingrich said in a tweet, “With the Sony collapse, America has lost its first cyberwar. This is a very very dangerous precedent,” although a waggish response tweet said maybe it’s Japan that lost since Sony isn’t an American company. Skeptics doubt that it was really North Korea behind the breach since the hackers didn’t mention the movie until later and the extent of the hack make it likely that it was initiated long before anybody heard about now-mothballed and apparently awful “The Interview,” of which no trace remains on the company’s site. In any case, if you needed further motivation beyond never-ending announcements of breaches and unencrypted laptops to review your organization’s security, this should do it.

Innovation and Research

A physician-authored editorial explains why most healthcare IT startups are neither disrupters or the Uber of anything: they are focusing on the wrong patients and wrong problems using technology that has limited ability to benefit the sickest and most expensive patients. He likes the Swasthya Slate diagnostic testing add-on for Android devices (which I was fascinated by and mentioned a few weeks ago) and the “hot spotting” concept of providing intensive outreach therapy to the most expensive patients.

Technology

This might make Dr. Jayne’s Christmas wish list: the $125 lab coat of travel vest company SCOTTeVEST, which contains 16 technology-enabled pockets, a system of distributing weight so that heavy pockets don’t pull, and a personal area network that connects headphones to pocketed devices.

Other

Consumer Watchdog urges Californians to opt out of the insurance company-backed Cal Index HIE, saying that it hasn’t explained its privacy policy clearly.

Lt. Dan writes a nice piece called “HIE 2.0: Data Exchanges Face Consolidation or Elimination” on HIStalk Connect. Lt. Dan (he’s a veteran and chose that nom de plume to avoid getting fired by his full-time employer) also writes the morning headlines on HIStalk, so if you like those — and many people do, according to my reader survey results — then he’s the guy to hat tip.

Epic claims it doesn’t market itself, but this DoD pitch on its site suggests otherwise. I get the feeling that Epic is bending quite a few of its previously sacred rules (lobbying, press contact, non-compete clause) to pretty itself up in vying for the massive federal contract.

I was thinking about continuity of care and EDs for some reason. It’s tough to be both an ED patient and an ED doc because it’s the medical version of speed dating. The patients show up unannounced, they are quickly evaluated based on mostly physical characteristics, and just enough medicine is practiced to patch them up and get them out the door quickly and into someone else’s office later for the tougher slog of managing their costly and lifestyle-crippling chronic conditions. The fact that EDs exist means that both patients and doctors accept several principles: (a) it’s OK that physician practices keep 9-5 hours and let someone else deal with problems that arise the other 16 hours of the day; (b) ED docs have confidence, misplaced or not, that they can safely and accurately decide who can go home vs. who needs to stay; and (c) patients assume that given their particular symptoms and their brief narrative, the faceless provider who may have access to little of their medical history can fix them up just as well as anyone else. We’re trying to move the industry toward doctors and patients having an ongoing, committed relationship, but patients who aren’t really sold on the benefit seem to prefer zipless, unemotional encounters via video apps, kiosks, and doc-in-the-box drugstore clinics (that in fact have only the box, not the doc). Either we’re polarizing toward two radically different kinds of encounters or some serious marketing needs to be performed to help consumers understand the value of each (never underestimate the power of convenience over everything else, as evidenced by the drive-through breakfast line at McDonald’s).

I was also thinking about labeling people as “patients,” which I struggle with every time I write. Are you a practice’s patient if you choose them as your PCP but haven’t seen them yet? If you were last hospitalized 10 years ago, are you still considered to be that hospital’s patient? We’re all patients at one time or another, so maybe the term should be retired in favor of something more descriptive of the many flavors of healthcare delivery. Or maybe less descriptive, since all patients are people or (arguably) consumers. My mental reaction to the word “patient” after decades of working in hospitals is, unfortunately, of someone who is dumped involuntarily into a confusing, paternalistic medical system that was designed for providers, not them, and where their job is to do as we tell them without complaining, wasting our time, or even participating so we can make everybody happy by sending them out the door at first opportunity. Even people who have spent a lifetime working in a hospital or practice feel vulnerable, marginalized, or poorly treated when forced into the temporary role of someone’s patient, no different than the rude awakening law-abiding citizens get when encountering the wrong side of law enforcement for the first time. I’m interested in hearing stories about what it’s like being a hospital employee who is hospitalized. I’ve only spent one night in a hospital and my reaction was somewhere between appreciation (toward caring individuals) and frustration (being treated impersonally like a widget and annoyed by the ever-present and sometimes smug inefficiency).

Lodi Health (CA) will affiliate with Adventist Health as the latter promises to invest $100 million in an EHR and to help the hospital meet earthquake requirements.

HIMSS runs yet another list of all-too-obvious (and self-serving) tips for attending its annual conference. Here are some from me.

• Don’t attend any educational sessions that feature even one vendor presenter because it will end up being a sales pitch. In fact, given the quality of educational sessions over the past years, seriously consider not going to any educational sessions.
• Bring a cheap external battery charger for your phone because it will run down trying to find a signal among a zillion attendees.
• Don’t make appointments to see vendors. You’ll regret having a fixed slot messing up your day, especially with it’s a 20-minute hike away. You’re the prospect – they’ll free up time when you show up.
• Don’t believe anything you see or hear in the exhibit hall.
• Use your phone’s tethering capability in the convention center for a better and faster connection. Use it in the hotel to avoid the ridiculous $15 per day charge tacked on to an already overpriced room (unless HIMSS negotiates free service again this year, which is nice.)
• Use the opportunity to pitch yourself for your next job. It’s a target-rich environment with all those companies and employees casting lustful glances at each other and it’s always nice to feel wanted even if you spurn the employment advances.
• Lunch options in the exhibit hall are poor, unhealthy, and overpriced (unless you’re enjoying the CIO-only luxury track for the same registration fee the rest of us peons pay for steerage class). Book a hotel that offers a free breakfast (if such a thing exists in Chicago), then graze through the day at booths giving away snacks.
• Load up on enough sticky notes, lip balm, and thumb drives to last until next year.
• Don’t hang around the exhibit hall until late in the afternoon just to get free happy hour food. The lines can be long and the snacks aren’t usually that great.
• Guys, don’t flirt aggressively with women working the booth. You’re putting them in an extremely awkward situation and as hard as it is to believe, they’re not that into you.
• Providers, don’t do anything you wouldn’t want your ED patients to see. They’re paying for your junket.
• Don’t wear a suit unless you’re at the C level because you’ll look like a self-important douchebag. On the other hand, don’t (even on the last day of the conference) show up wearing shorts or leading toddlers.
• Leave all the handouts you took just to be nice in your hotel room’s trash, along with your conference tote, badge, and other useless crap you accumulated. It’s not worth hauling home.
• Stop by the microscopic HIStalk booth, which is always in almost-affordable exhibit hall Siberia near the restrooms. It’s the size of a Yugo, but usually has fun people stopping by since it gets lonesome back there.

Weird News Andy says we should fight global warming by eating chocolate chip cookies. A new study answers the age-old question: where does the fat go when you lose weight? Answer: most of it is breathed off as carbon dioxide. The author says that doesn’t contribute to global warming because humans don’t exhale ancient carbon atoms.

Vince put together a Christmas special “CIO Letters to Santa.”

Sponsor Updates

• RazorInsights celebrates its Founder’s Day by donating solar-powered study lamps, books, and snacks to students in a school near Bangalore, India.
• HDS offers a white paper called “6 EHR Trends to Watch in 2015.”
• E-MDs becomes the first EHR to exchange provider information with the infectious disease registry of the Kansas Health Information Network, helping users comply with Meaningful Use Stage 2 requirements.
• EClinicalWorks congratulates Fremont Family Care (NE) for winning a HIMSS Davies Award of Excellence, the twelfth eCW user to win in the past seven years.
• Greenway Health will sponsor pro golfer Blayne Barber, who will wear the company’s logo on his shirts.

EPtalk by Dr. Jayne

I ran across this piece on facility fees today. For those who have not yet encountered them, you’re lucky. The basic theme is that when hospitals employ providers to work in an “outpatient department,” they are billing in a way that charges both a facility fee and a provider fee. This may occur even if the provider’s office is not within the hospital proper, but is still identified as a department of the hospital. The principle is that the charges are to cover what CMS requires of hospitals rather than offices. The problem is that patients wind up paying on two different deductibles.

This reminded me of something that is glaringly missing in most EHR systems – easy access to cost data for tests and procedures. Most systems have formulary information that displays pricing – even if it’s just $, $$, $$$, and $!$!$!$!$ like a restaurant guide. What we really need to keep costs down is that kind of information for everything we order, including laboratory and diagnostic testing. The proliferation of so many insurance plans and product offerings makes it technically challenging to display the information in a usable fashion without negatively impacting system performance. The difficulty is compounded by the way that some of the costs are less than intuitive.

For example, if I want a glucose level and a potassium level to monitor drug therapy, it’s actually cheaper to order a basic metabolic profile (seven tests that include the two I want) instead. Now I’m forced to order tests I don’t want and that might have incidentally abnormal values that lead to more tests and greater overall cost. How do you represent that in the EHR? We’re trained to only order tests if the results will change the plan for the patient or influence the outcome, but here we are being pressured to violate that for financial reasons.

There is also a generalized concern that having cost information at the point of care will influence physicians to withhold care rather than using the information as a tool to discuss the pros and cons of a particular approach with the patient to arrive at a mutual decision. Of course such a discussion also requires time that we don’t have during a typical office visit, which skews the cost curve even further. With the potential for Meaningful Use Stage 3 requirements about to be dropped on us, I don’t look for software vendors to spend their development dollars helping us solve this problem.

In other news, Glassdoor published its list of the Top 50 places to work as determined by employees. Interesting members of the top 10 include Google, Nestle Purina PetCare (bring your dog to work!), In-N-Out Burger, and Mayo Clinic. Although several major health systems and pharmaceutical firms made the top 50, health IT vendors were decidedly missing.

Speaking of lists, results are out for the subspecialty certification exam in Clinical Informatics. Although one of my protégés reported a pass, the other two have been noticeably silent. I’ve been keeping my eye out for the full list but haven’t seen one yet. Looks like AMIA still has last year’s cohort listed on their website. If anyone has the full list, I’d appreciate being pointed in the right direction. I’d like to have my celebratory champagne (or sorrow-drowning bourbon) at the ready.

I’ve written quite a bit about wardrobe choices for conference attendees and presenters. Several readers shared from The Atlantic a piece about physicians and their clothing choices. The author specifically mentions primary care and being somewhat put off when her new physician “clicked into the room in stilettos and a tailored expensive-looking suit.” Primary care physicians in our medical group run the gamut, from jackets and ties to wrinkled scrubs. The residency program faculty members who are women tend to favor Birkenstocks and broomstick skirts, which although stereotypical, seems to work for them. My favorite physician wears scrubs from competitor hospitals just to be ironic.

The author links out to a New York Times piece that discusses enclothed cognition, which describes the way clothing can impact thought processes. Researchers studying the phenomenon note that wearing a white coat that you believe is a physician jacket increases attention. Believing it belongs to a painter does not. Apparently it’s a subset of embodied cognition, where thought processes are based on physical experiences (including clothing) that can influence abstract concepts.

I had never heard of it using those terms, but admit it’s something I’ve experienced. Back in the days of pagers and being on call every third night during residency, it was almost a dressing ritual to receive sign-off from the outgoing call team. They’d hand off the code pager, the on-call pager, and any other pagers they might be holding while talking about the patients on the service. By the time you were done hearing about all the patients, you felt like you were wearing Batman’s utility belt and could handle whatever came your way.

At one of the offices where I see patients, the physicians wear matching scrubs and have desk space in a shared bullpen. As I pull on my white coat and head out to see patients, it’s like readying for a sporting event. Some days are definitely more of an athletic contest than others, that’s for sure. On the flip side, I’m a sucker for black-tie events – there’s just something about putting on a floor-length ball gown that is transformative, whether you spent your day knee-deep in flu patients or up to your eyeballs in EHR documentation. Add a pair of killer shoes and a little bling and it’s even better.

Are you ready for some holiday sparkle? Email me.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.