Morning Headlines 10/7/14

BD to Acquire CareFusion for $12.2 Billion

Becton Dickinson will acquire smartpump manufacturer CareFusion for $12.2 billion in cash and stock. The deal comes out to $58 per share, a 28 percent premium on Friday’s closing price.

NantHealth Completes $320M Series B Equity Investment and Expands Leadership Team with Healthcare Industry Veterans

NantHealth, the health IT startup of healthcare billionaire Patrick Soon-Shiong, raises a $320 million Series B round to accelerate development of its EHR, which it claims will deliver “integrated, evidence-based, genomically-informed, personalized care.”

Can Telemonitoring Reduce Hospitalization and Cost of Care? A Health Plan’s Experience in Managing Patients with Heart Failure

A Geisinger report set to be published in the December issue of Population Health Magazine finds that telemonitoring programs targeting heart failure patients reduced overall hospitalization rates and led to a savings of $3.30 for each dollar spent.

Progress report: Open Test Method Development Pilot Program

The ONC publishes an update on its Open Test Method Development program, in which EHR certification testing standards for ePrescribing and clinical decision support features are being created through a community-led development process.

Morning Headlines 10/6/14

Facebook plots first steps into healthcare

Reuters reports that Facebook is exploring health care solutions, including disease-specific online support groups, and Facebook connected digital health apps.

Hewlett-Packard Plans to Break in Two

The Wall Street Journal reports that HP will split into two separate companies, with an announcement expected Monday. The company will split its personal-computer and printer business away as one entity, and establish the other with its corporate hardware and services operations. 

Clarification from Texas Health Resources

Texas Health Resources retracts an earlier statement it made blaming its EHR (Epic) for allowing an Ebola patient to be discharged after an ED physician failed to notice that nurses had documented recent West African travel in the system.

Ebola dropped-ball diagnosis linked to hospitals’ IT culture

Athenahealth CEO Jonathan Bush jumps at the opportunity to mention that if the country ran its health IT platform on the cloud then time sensitive alerts, like warning of recent West African travel in patients with flu-like symptoms, could be built into physician workflows at a national level very quickly, rather than at each individual hospital. He says, “I hope soon that nobody will be on enterprise software and these things will be managed by people across thousands of hospitals."

Monday Morning Update 10/6/14

Top News

A Reuters report says Facebook is working on healthcare tools that include chronic disease support communities and health apps. It adds that the company has been meeting with healthcare experts and entrepreneurs and is setting up a health app R&D unit. Mark Zuckerberg’s wife is a doctor, so maybe it will do more than just the usual privacy invading and ad serving. Meanwhile, the company apologizes that it performed mood manipulation experiments on unwitting users by tweaking their news feeds to show extra-cheery or extra-depressing items to see how they reacted.

Reader Comments

From David: “Re: CMS Open Payments. ProPublica has downloaded the database and made it searchable as Dollars for Docs. They’ve also done a great job with Treatment Tracker, which breaks out Medicare payments to doctors.” It’s pretty funny (or sad if you’re a taxpayer) that the non-profit newsroom quickly whipped up a perfectly fine consumer-friendly version of the mess that CMS and its army of highly paid contractors created.

From WhoopsInVA: “Re: Anthem BCBS in Virginia. Forgot that ICD-10 wasn’t actually going live this month and are rejecting all incoming claims because of diagnosis. Our athena rep just emailed us about this.”

From The PACS Designer: “Re: new iPad Air and Mini. Apple will be holding its next event on October 16 for the new versions of its iPad Air and Mini devices. It will interesting to see the changes they are making with the its iOS 8 system installed.” Maybe it’s just me, but I’m losing interest in Apple’s overly dramatic announcements of incremental product tweaks. The fanboys still achieve mandatory technical arousal and obediently line up outside the Apple Store as they’ve always done (ironically resembling the Big Brother-obeying monochromatic drones from Apple’s famous “1984” commercial), but Apple is a lot less interesting without Steve Jobs. I’m pretty sure I’ll do the same in eventually replacing my phone as I did with my iPad: buy a more innovative product for a less money even though it won’t come with the self-congratulatory hipster delusions in hanging around the Apple store pretending to be artsy and cool.  

HIStalk Announcements and Requests

Most readers say it’s not OK for an EHR vendor to deny a hospital or practice access to its patient information in a billing dispute. New poll to your right or here: What’s your reaction to HIMSS announcing President George W. Bush as a keynote speaker for HIMSS15?

Here’s my opinion on Bush as a HIMSS keynote: he wasn’t interesting as President, so I don’t really care what he has to say now that he’s cashing in on his pitiful legacy (unless he’s announcing that he finally turned up those pesky WMDs.) The HIMSS strategery is probably to scratch his back in return for his industry-enriching 2004 declaration that every US citizen would have an electronic medical record by 2014, so perhaps he will strut out in a flight suit and yet again prematurely declare “Mission Accomplished.”

We’re putting together our MGMA guide featuring sponsors of HIStalk, HIStalk Practice, and HIStalk Connect that will he exhibiting or will be available to meet with interested attendees. Contact Jenn by Monday evening if your company sponsors and hasn’t already provided information.  

Thanks to the following sponsors, new and renewing, that recently supported HIStalk, HIStalk Practice, and HIStalk Connect. Click a logo for more information.

Last Week’s Most Interesting News

• The CMS Open Payments database goes live with inaccurate physician payments information and usability criticism.
• CMS announces that it will miss its date to move Healthcare.gov’s hosting to HP, with its only option to leave it running on the previously problematic Verizon infrastructure through the open enrollment period.
• UnitedHealth Group’s Optum division acquires MedSynergies, which offers physician practice billing and quality services.
• Informatics pioneer Morris Collen, MD of Kaiser Permanente dies at 100 years old.
• Experts warn health systems to test for the newly discovered Shellshock Unix vulnerability.
• Epic CEO Judy Faulkner says in a rare interview that the company developed its own interoperability tools only when it became clear that the federal government wasn’t going to set clear standards.
• Apple restores its HealthKit health data aggregation system and third-party apps that use it in an iOS 8 update.

People

Spok names Hemant Goel (Siemens Health Services) as COO.

Jim Dwyer (Santa Rosa Consulting) joins RCG Global Services as SVP and healthcare practice leader.

Government and Politics

   
   
 

ONC loses another of its leadership team as Chief Nursing Officer Judy Murphy will resign to take the same position with IBM Healthcare Global Business Services. To quantify the turnover, I looked back at the ONC leaders who presented at HIMSS13: Farzad Mostashari (gone), Judy Murphy (gone), Doug Fridsma (gone), David Muntz (gone), Jacob Reider (still there), Jodi Daniel (still there), Lygeia Ricciardi (gone), Mat Kendall (gone), Joy Pritts (gone), and Kelly Cronin (still there).

Technology

The FCC fines Marriott for blocking personal hot spots in its conference center to force attendees to buy its overpriced Wi-Fi services. Marriott issued a lame statement of protest, claiming that its actions were intended to protect guests from “rogue wireless hot spots” (at a larcenous price, of course) and blaming the FCC for “ongoing confusion.” The FCC took action after a Gaylord Opryland attendee claimed the hotel was “jamming mobile hot spots so that you can’t use them in the convention space.” Let’s see how this plays out at the HIMSS conference. Since my ATT wireless plan includes free tethering and 10GB of data transfer, I don’t even bother with airport Wi-Fi any more and I will quickly switch to my hotspot in a hotel if their Internet service is poor or expensive (or, as is often the case, both). Rumors abound that convention centers play games with cellular and Wi-Fi coverage in the exhibit hall to force exhibitors to buy their expensive network access.

Other

This is bizarre. Texas Health Presbyterian Hospital (part of Texas Health Resources) initially said it discharged Ebola patient Thomas Duncan from its ED because of an EHR setup problem, explaining in considerable detail that the patient’s travel history was located only in the nursing workflow part of Epic where the physician didn’t see it. News media were all over that statement, leading THR to issue a a hurried retraction at 9 p.m. local time Friday evening saying it was correcting the previous day’s release and the EHR was fine after all. My speculation is that Epic complained vigorously about being thrown under the bus (but not by name) and threatened legal action, forcing THR to claim that its detailed, carefully explained statement was incorrect. My biggest concern – could the doctor have been so robotized by the EHR that he or she slipped on critical thinking? EHR or not, the patient sitting right there in front of you is telling you a story that you’d better listen to. What about the nurse, who had just been told by a patient with fever that he’d just come from Liberia? That information would seem to suggest a higher level of response than just dutifully entering the information in Epic and moving on. Computers sometimes fail, but not nearly as often as people. At least THR’s problem raised an industry red flag that had clinicians and programmers all over the country working this weekend to evaluate their processes and systems to make sure it doesn’t happen to them.

Update: a reader’s comment about the use of scribes sent me Googling and it turns out that Texas Health Presbyterian Hospital Dallas uses scribes in its ED. It would be interesting to know whether scribes were involved in this instance.

Meanwhile, a poorly and smugly written piece in The Atlantic declares that, “The Ebola Patient Was Sent Home Because of Bad Software.” The author collected all of her inexpert healthcare IT opinions into one unfocused article, proclaiming the “atrociousness” of many EHRs and their “gaping loopholes,” complaining that the hospital was blaming “the robots,” opining that “a flawed EHR might have lead to the spread of an incurable virus,” and then veering off into a rant about interoperability, which has zero to do with anything. Author credentials are fair game if you’re going to editorialize, so let’s check hers: an intern until 2010, moved down from global editor to staff writer after 10 months in the higher position, wrote about home design and architecture, and listed her most recent accomplishment on LinkedIn as, “Talk about beards on the radio.” Nothing makes me angrier than people who’ve never spent a day working in either IT or healthcare blasting out their entirely unqualified opinions in passing themselves off as authoritative. The Atlantic should be ashamed for letting this dreck hit the airwaves just to get something reactionary up quickly. HIStalk Reader Tom called her piece “more than ridiculous,” observing that “highly configurable EMR software was used to ensure a medical mistake in clinician workflow never happens again.”

Athenahealth’s Jonathan Bush, using his limelight-seeking power to ride the Ebola story in touting his company at Epic’s expense (while claiming he’s not) from his second home on the set of CNBC, trots out his stump speech to easily charmed reporters about “pre-Internet software” with no “network effect,” wrapping up with his company commercial in saying, “I hope soon that nobody will be on enterprise software and these things will be managed by people across thousands of hospitals.” He omitted the obvious rest of the sentence, “ … and instead will be running the sort-of cloud system and offshore-powered mailroom I sell that allows ATHN shares to trade at 1,220 times earnings.”

The government of India announces plans to make e-prescribing mandatory for all doctors to reduce corruption and inefficiency.

Attorneys consider a plea deal for a third-year medical student who is accused of stealing a breast cancer patient’s iPad during a Code Blue in which the patient died at UCLA Medical Center. The patient’s family is most upset by the fact that the student allegedly wiped off the patient’s information before re-registering it to herself, depriving them of the chance to see the thoughts the patient had left for them.

A 38-year-old Russian billionaire bank founder releases plans for “the world’s most pleasant hospital” that he will erect in the Dubai-inspired, purpose-built Tunisian Economic City. The hospital will sit on a man-made lake, look like a cruise ship, and require employees to dress (but not swear) like sailors.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 10/3/14

HealthCare.gov Delays Web Host Switch

CMS misses its opportunity to switch web hosts for Healthcare.gov, and will now have to stay with Verizon through the remainder of the 2014/2015 enrollment period. Verizon’s hosting platform was cited as one of the problems that caused outages during last years failed launch.

Update on VA’s scheduling software system

VA CIO Stephen Warren clarifies that a new scheduling system will be installed across the organization’s 163 facilities by 2017, contradicting reports earlier this week that the system may not be live until 2020.

How Much? A Glaxo Goof Remains in the Sunshine Database

CMS’s new Open Payments may be live, but much of the data populating it is reportedly either missing important details, or outright erroneous.

ONC Chief Medical Officer

The ONC posts a job opening for a new Chief Medical Officer to replace Jacob Reider, MD who vacated the position to take over as the deputy national coordinator.

News 10/3/14

Top News

CMS will miss its planned dates to move Healthcare.gov’s hosting to HP and instead will leave the site on Verizon’s infrastructure through the November to February enrollment season. CMS signed a contract last year to move off Verizon after a series of outages. Verizon has upgraded its servers and will offload some of the processing to Amazon Web Services, but testing suggests that users will still be forced into “waiting rooms” during peak use times.

Reader Comments

From Disruptured: “Re: athenahealth’s More Disruption Please annual conference. This is my first time attending the conference. I’m here as a newly established partner in athena’s MDP program. Didn’t know what to expect when I signed up. The meeting has turned out to be a great blend of athena folks, customers, investors, and CEOs from young companies. Helpful sessions and a great opportunity to connect with investors, customers, and possible partners in a small, intimate environment. Athena has been a pleasure to work with, especially compared to other big PM/EMR companies.” 

From LND Generis: “Re: Allscripts. This is being emailed to clients. ‘Yesterday we communicated that there was a potential for affected data between FollowMyHealth and Allscripts EHRs. This would affect the Stage 2 View / Download / Transmit measure by indicating that some patients had viewed their chart, when in fact they had not.’” The purported support email says the information has been fixed but an urgent report update needs to be applied for those who are applying for MU Stage 2 for the first time.

HIStalk Announcements and Requests

This week on HIStalk Practice: WRS Health introduces new products for pediatric practices. Philips gains FDA clearance for new digital health applications. Quillen ETSU Physicians goes live on Allscripts. The Hutchinson Clinic implements a new telemedicine program. Code for America makes open-source health data a priority. Thanks for reading.

This week on HIStalk Connect: Rock Health reports that the digital health sector has raised $3 billion in VC funding so far in 2014. Basis unveils its next-generation activity tracker, called the Basis Peak. WiserTogether, a consumer health startup focused on pricing transparency, raises a $9 million Series B.

Acquisitions, Funding, Business, and Stock

Cohealo raises $9 million in financing. The Boston-based company allows hospitals to share medical technology among multiple locations with online resource booking and equipment transportation.   

 

Specialty EHR vendor Nextech acquires ophthalmology EHR vendor MDIntelleSys.

Silicion Valley-based precision medicine data platform vendor Synapse will open a Philadelphia office.

Israel-based MedAware, which offers machine learning-powered CPOE drug warnings, raises $1 million in Series A financing. Its self-learning product (“a spell-checker for medical prescriptions”) analyzes prescription databases to identify deviations from normal treatments prescribed for similar patients, although it’s not clear to me how it connects to the prescribing system.

Athenahealth unveils its 60,000-square-foot Atlanta office that will house 200 employees initially and hundreds more later.

A poorly sourced rumor, resurrected from a few months ago, suggests that Samsung may be talking to Nuance about acquiring the company, which would give Samsung control of the speech recognition technology used by Apple’s Siri.

People

Nick Bonvino (CTG) is named CEO of Greater Houston Healthconnect.

Peter Witonsky, formerly president of iSirona, is now president of the Ionic Division of St. Louis-based Asynchrony. The company seeks 100 engineers who know Ruby, Scala, C#.NET, Java, and mobile programming.

Huffington Post profiles Laurie McGraw, president and CEO of Shareable Ink, in its “Women in Business” Q&A series.

Consulting firm ICF Internation names John Guda (CSC) as SVP/GM of its commercial healthcare business.

I missed this from the new Forbes 400 list of richest Americans: Terry Ragon, founder of InterSystems, is #390 on the list with an estimated net worth of $1.58 billion.

---

Announcements and Implementations

The Memphis business paper profiles S2 Interactive, which sells software that optimizes tray setup and instrument sterilization in the OR. The company was founded by Larry Foster, RN.

NextGen will offer its customers the Plexus IS Anesthesia Touch anesthesia documentation system.

Two Philips chronic care management telehealth applications developed with Salesforce.com (care coordination and a patient portal) receive FDA 510(k) marketing approval.

• Voalte will integrate its Voalte One mobile communications solution with Spectralink’s Android-based handset and will sell and support the offering.
• Impact Advisors is ranked as the top Enterprise Implementation Leadership Epic Partner by KLAS.
• Verisk Health creates an infographic about the cost of claims errors.
• Health Catalyst is offering a free PDF copy of its eBook, “Healthcare: A Better Way.”
• Castro County Healthcare-Plains Memorial Hospital (TX) is implementing Holon’s CollaborNet HIE.
• Forbes discusses how UnitedHealth’s acquisition of MedSynergies will strengthen its Optum division.
• Nuance will participate in the Health Connect Partners Hospital & Healthcare IT convention in Chicago October 13-15.
• Royal Solutions Group announces the integration of its kiosk platform with Merge RIS and OrthoEMR.
• NoteSwift joins Allscripts developer program with a bridge between Allscripts Pro EHR and Dragon Medical.
• ICSA Labs certifies HIStalk sponsors Healthtronics, Iatric Systems, Medseek, PatientSafe Solutions. Quest Diagnostics, Shareable Ink, and Wellsoft in September.

October 1 has come and gone, forcing many organizations to make hard decisions about their participation in the Meaningful Use program. Several of our recent acquisitions are planning to attest for Stage 1 and this quarter is their last chance. It’s been quite a battle to even get them live on EHR in the most rudimentary fashion. Saying that we ran out of time to deliver the kind of workflow redesign needed for true clinical transformation is an understatement.

Our organization was a fairly early adopter of EHR. Our original employed practices went through an intense program of workflow analysis, development of policies and procedures to support new workflows and technologies, and continuous process improvement. We were “doing EHR” for all the right reasons and were seeing good outcomes. Practices that weren’t ready for the transition progressed through more slowly or chose to leave the group. Along came Meaningful Use, however, and we were forced to push everyone through the same funnel.

At this point we’re dealing with a subset of physicians who don’t care and aren’t ready, yet our administration has made it clear that we must make them succeed at any cost. Our operations team has responded by “reporting” them to death. They’re delivering a full spread of Meaningful Use reports to each physician, office manager, and practice lead every Friday in the effort to ensure compliance.

Unfortunately, what they’re not delivering is support for operational and practice policies and workflows to actually lead to a successful outcome. It’s the hospital administrator equivalent of yelling at your teenager for having a loud party, but refusing to stay home on Saturday night to ensure it doesn’t happen again.

My favorite nonsensical example of the week is a practice that is documenting in two EHRs as of Wednesday. Their old system isn’t certified and our employer refuses to pay for a data conversion, so they’re continuing to see patients in the old system while documenting the barebones data needed for Meaningful Use in the certified system. Penny wise and pound foolish – discovery alone on a single lawsuit from this patient safety nightmare would easily cost triple the amount we’d have spent on the conversion. Instead, we’re relying on the practice to abstract patient data on its own and transition “when the practice is ready.”

In other CMS-related news, the first round of Open Payments data has been released to the public. By the time I made it to the website, there were over 21,000 hits on the General Payment Data for 2013. I wanted to dig more deeply in the data, but the website was painfully slow and I didn’t have time to download the dataset before I had to run off to meetings. Some weekend entertainment, perhaps?

As many of you know, my second language is Administralian. I have to admit this reader submission is a puzzler, and not the fun kind heard on Car Talk:

Our recently announced operating model reflects our transformation to an integrated technology company dedicated to building a software-defined network with an engaged, agile workforce whose well-being is a top priority.

I asked the reader what that might mean and received this response: “I wish I knew, because I’m being transformed into it, whatever it is.”

That, dear readers, is what happens when you allow buzzword-happy consultants to write communications snippets. I even tried to use my old-school English class skills to diagram the sentence but couldn’t make a go of it. Is the company using their engaged, agile workforce to build the network, or are they building a network that has the engaged, agile workforce as its members? Whose top priority is the well-being of said workforce and how will it be supported?

I feel bad for the employees at this company. If leadership is willing to economize the use of words to the point where they no longer make sense, leadership is also likely to over-economize in other areas.

Do you have a favorite example of Administralian? Email me.

Lorre’s Healthcare Analytics Summit 14 Report

Being a bit of a data and analytics geek, I looked forward to attending Healthcare Analytics Summit 14. I have attended enough conferences over the years to keep my expectations realistic since I have almost always been disappointed. Admittedly, I have a short attention span and often end up thinking about better uses of my time, but that wasn’t the case at HAS14.

Opening keynote presenter Billy Beane is an excellent speaker and the type of storyteller that I can connect with. He injected humor and anecdotes while taking the audience through formulating his hypothesis about using data and analytics to win baseball games to the outcomes and validation of his theory. He was a brilliant choice by Health Catalyst in creating optimism, a longing for similar outcomes in healthcare IT, and a vision that it is possible.

The next two speakers — Glenn Steele, Jr. MD, PhD, president and CEO of Geisinger Health System, and James Merlino, MD, chief experience officer, Cleveland Clinic — described how their organizations use analytics to transform healthcare and transform the patient experience, respectively. Their case study-like narratives reinforced that not only is it possible to improve outcomes with analytics in healthcare, it is already happening.

Google’s Ray Kurzweil rounded out the day with an enthusiastic discussion about the acceleration of technology is the 21st century and how we can expect that to impact healthcare and medicine.

Day Two brought fresh speakers with more case studies to reinforce the overarching message — data and analytics can transform care and improve outcomes. Breakout sessions were mostly interesting, but I didn’t leave any of them feeling like I learned anything I could use.

Before Health Catalyst CEO Dan Burton delivered the closing keynote, we viewed a 30-minute documentary, From the Heart: Healthcare Transformation from India to The Cayman Islands. It was impressive to see what health systems in other countries have been able to accomplish. It tugged at my heartstrings when one of the Indian cardiologists said, “The first question a mother asks is how much it (open-heart surgery to save her child’s life) is going to cost. The doctors are putting a price on human life.” After learning about how they were able to cut the cost of the surgery in half and maintain it, another physician drove the message home when he said, “The object of technology should be to bring cost down … In healthcare, technology takes the cost up. That can change only by a data-driven, facts-driven medicine where the decision making process itself is driven by technology.”

The logistics of the summit were unlike any I have ever experienced. There were genius bars staffed with technical people to help with everything from installing the custom application to providing directions. My HAS14 app froze and I raised my hand and had a technical person at my side within seconds. Pre-charged chargers the size of playing cards were placed at every seat to keep mobile devices running through the day

Analyst teams were present in every in every session to present real-time data gathered from participants. Attendees voted ahead of time on their seating preference at Wednesday night’s dinner – sitting with similar attendees, sitting with dissimilar attendees, or open seating. Table assignments were pushed out via the app before dinner. It seems like a small thing, but it demonstrated how gathering data could allow for real-time decision making and the ability to create a more desirable outcome based on it.

When Dan Burton took the stage during the opening keynote, he told us we would have the opportunity to learn from innovators in and out of healthcare and he promised there would be no long-winded CEO speeches. That was what Health Catalyst delivered. It was a fun, engaging, and informative summit. I left with a copy of their book, “Healthcare: A Better Way,” a few new connections, and excitement about the future of data and analytics in healthcare.

(Presentations and recordings from the conference are available to all online.)

 Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 10/2/14

‘Data dump’ reveals billions in pharma payments to docs, hospitals

CMS’s Open Payments website goes live, publishing transactional data on $3.5 billion worth of payments made by pharmaceutical and medical device companies to doctors and hospitals over the last five months of 2013.

Information Governance: Principles for Healthcare (IGPHC)

At its annual conference, AHIMA publishes an information governance framework to help health systems establish “an organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

About 44,000 apply for MU hardship exception

CMS reports that it received 44,000 hardship exception applications from providers prior to the July 1 deadline.

PQRS GPRO Registration Extended Until October 3rd

The Physician Quality Reporting System enrollment window for the Group Practice Enrollment Option will remain open until October 3 due to a software glitch that prevented some provider groups from enrolling by the September 30 deadline.

Health IT from the CIO’s Chair 10/1/14

Fine print: The views and opinions expressed in this article are mine personally and are not necessarily representative of current or former employers.

Security Might Be the One Thing

I often get questions like, “What keeps you up at night?” or “What are your top priorities?” Invariably I cite items from our IT strategy, and almost always I remember to add security.

But I think it is time for me to admit I have it wrong. Security should be at the top of my list, not just on the list. It should have an etched place in the number one spot. If I was going to be kept up at night, there is no better topic to evoke fear than security.

Let’s face it: the healthcare industry has been terrible at managing security. Since 2009, more than 900 reports of breach have occurred, covering a staggering 30 million patients. Half of the data loss is a result of us losing things, which essentially translates to the realization that we are not very good at keeping our patients’ data safe when practically no one is trying to take it.

But that is changing. Statistics are a little shaky, but let’s say that roughly 3 percent of reported data loss is a result of people intentionally trying to take it. This Pandora’s box has been opened and we should expect it to stay open and become a growing threat. The incidents with Boston Children’s, Community Health, and the “playful” attack on Healthcare.gov are all windows into our future.

Bad people will try to get data from an industry that has minimally demonstrated its ability to hold onto it. If there ever was a time to get our ducks in a row, it is now.

We have moved from the ‘70s, ‘80s, and ‘90s — when healthcare’s IT data was made up of registration, scheduling, lab, radiology, and maybe some pharmacy — to the 2000s with robust EMR data. But the stakes are rising as we are duplicating the EMR data outside of our transaction systems into massive stores for mining. We are setting the data free by making it available any time from any place and from practically any device – hello, BYOD. The risks are greater and stakes are high. We will need to climb the learning curve rapidly and without a net as each breach is a CEO, board, and/or public event.

Luxury goods manufacturers long ago realized they don’t just sell products, but rather an experience. Similarly, healthcare organizations might say that they don’t just provide care, but trust. With so much talk about healthcare’s move into patient engagement, let’s start with the most basic way to engage our patients – keeping their data safe and maintaining their trust.

We all have work to do.

Vendors

1. Innovate. We need new products. We don’t need more companies built around missing bells or whistles for our EMRs. We need new product in a category underserved – security and privacy.
2. Build your products with security baked into the DNA of the product to promote doing the right thing. Make it impossible to download an unencrypted file or develop ways to track and remote erase lost data.
3. Accelerate your plans to host our data. We clearly need your help. But once you get our data, do a better job protecting it than us.
4. Almost 20 percent of reported breaches came from issues with a business associate. Don’t be one of those — we are depending on you. You can build the scale and make the investments in security that are not always practical for individual healthcare organizations.
5. If you are not in the healthcare space, come on in. We need your help.

Providers

1. Partner with vendors to innovate. They need our help to understand the nuances and complexity of healthcare.
2. Make security not just a priority, but the priority.
3. Allocate spending like it matters.
4. Differentiate between security and privacy and focus on each separately.
5. Providers contributed to a greater than 130 percent increase in patient records lost in 2013. We all know we can do better. Let’s bend the curve.
6. Treat patient data security with a similar focus to how we treat patient safety.

Government (yes, it has a role, too)

1. Modify the breach notification rules to be more specific to the types of breaches. We have desensitized a nation to data loss warnings. I would bet that most readers or someone they know has received a letter regarding a loss or breach of their data and offering a credit monitoring service. These notifications are essentially based on the theory that we can’t prove something did not happen, so we must notify. Let’s focus our attention on when we know something has happened. This is the important place that needs our collective attention.
2. Create a safe harbor for healthcare organizations to use advanced tools to proactively determine if risks or breaches have occurred. Here are a couple of examples. Tools exist to retrospectively scan if PHI was shared from our email systems. If we run these tools to educate and teach ourselves how to do better, we are open to reporting. Security experts say there are two types of organizations, ones that have had their networks penetrated and those that don’t know it yet. If we deploy advanced tools to study our networks in partnership with the best companies, we would be open to massive reporting requirements.

I had the pleasure recently to speak to an audience hosted by NIST, OCR, and HHS. I asked the audience how many have received a text, email, or call relating to possible fraud on a credit card. Most raised their hands. I asked how many had ever received the same notification related to their own electronic health data. No one had.

Like barcodes from manufacturing and real-time alerting from the financial sector, let’s adapt tools and products that work in other sectors to help healthcare become excellent.

Let’s engage our patients by building and keeping their trust!

Darren Dworkin is chief information officer at Cedars-Sinai Health System in Los Angeles, CA. You can reach Darren on LinkedIn or follow him on Twitter.

HIStalk Interviews Mike “The PACSman” Cannavo

Mike Cannavo, aka “The PACSMan,” is founder and president of Image Management Consultants.

You recently spent time working for a major vendor after years of solo consulting, but now you’re back on your own again. What was it like on the dark side?

I was always curious on what it would be like to work for a vendor again, but I didn’t want a job that required me to be away from my kids while they were growing up. My father worked three jobs during my own youth and I really didn’t get to know him until after my mom passed away in my mid-30s. As tempting as some of the offers I had from major companies were, I swore there would not be another “Cat’s in the Cradle” scenario in my own life, so I chose instead to balance my own work life with fatherhood. My youngest son graduated high school in May 2011 and I accepted a position with a major vendor in July 2011.

The market had changed a lot since I last had a real job with a steady paycheck. Some things, like corporate politics, remained the same. I stuck it out almost 2.5 years until I looked in the mirror, didn’t like what I saw, and then played Roberto Duran and finally said “No Mas.” Besides, I had at least 50 bets out there that I wouldn’t last more than two days in a big company setting.

On the positive side, I learned the value of service, how important having a good project manager really is, why managing expectations is key, why you need to get everything in writing, and the importance of a strong IT department. On the minus side, I learned that simply doing your job often isn’t enough. The blame game is alive and well and people often rise to the level of their incompetence.

How has PACS changed in the last four years since we last spoke in an interview?

PACs is no longer an independent system, but is instead looked at as a crucial part of the EHR. Vendor neutral archives, once considered a central data repository for radiology images only, have been expanded out to included cardiology, medical records, and numerous other ‘ologies. Large healthcare systems are either planning or implementing the sharing of images and images locally as well, both on a regional and even national basis with establishment of HIEs. Interestingly, private HIEs are growing at the rate of three to one over public ones, with over one-third of all hospitals and about 10 percent of all private practices sharing data.

We still have a very long way to go, but as we both know, all progress in healthcare is slow.

You mentioned in an article I read that the PACS sales process has changed as well.

For all intents and purposes, large-scale capital doesn’t exist. What little does exist is being used to replace things that should have been replaced years ago. The name of the game is finding ways to implement new technologies by either offsetting costs from operating budget or showing a return on investment out of the box by obtaining either increased reimbursement or decreased costs.

As controversial and possibly upsetting as this statement might be, improving patient care, while important, can’t be done at increased cost. You have to somehow show an ROI for the facility or it’s usually a no-go.

Healthcare profits are getting eaten alive by the need to implement federally mandated programs, from MU to shoring up internal security. Nearly all of these involve IT departments that have their own staffing and budget cuts to deal with.

What’s funny in a not so funny way is that MU encourages hospitals to share data with a laundry list of people, yet it also needs to be secure enough that no unauthorized access happens lest you incur a $10,000 per event HIPAA penalty. Look at the Community Health Systems breach. This will cost them a fortune if the feds don’t take into account they did all they could from a security standpoint, assuming they really did do all they could to prevent the breach. This will take years to sort out, all the while with the organization having the sword of Damocles dangling over their heads.

What would you do differently as a health system?

Implement solutions that make sense, recognizing that many solutions don’t have to involve technology at all, but instead require workflow or process changes. I can’t begin to tell you how much trouble employing a common sense approach to problem solving has gotten me into over the years working for companies that sell technology-based solutions. Sometimes you just need to step back though and examine the problem before throwing hardware and software at it in the hope that solves the problem.

Companies typically sell products instead of solutions. End users buy products they hope provide solutions. Never the twain shall meet. End users need to be more educated before they make decisions because those decisions will last a lot longer than expected. For the most part, companies sell products and services and do not necessarily ensure that what you are buying or have already bought is what you need or is being properly used.

What’s the status of the PACS marketplace?

There is lots of interest in VNAs, especially those that can be used as an enterprise solution that takes images from all the ‘ologies as well as the EMR. Medical image sharing, where images are securely transferred between sites and patients as a cost-effective alternative to CDs, is also hot, especially after Nuance’s purchase of Accelarad.

Software add-ons such as radiation dose management, peer review, critical results reporting, and ED discrepancy are also hot. So are PACS dashboards, although most sites want the dashboards for free stating it’s like a speedometer in the car. For that matter. most sites want everything nearly for free, but it’s simply not going to happen. Data analysis is smoking hot right now, but finding time to review the analysis remains to be seen.

What’s not hot are upgrades for the sake of upgrading without a distinct advantage or improved feature/functionality. All the big companies want you to do this. Solutions that have anything proprietary in nature. Solutions that doesn’t interface easily with the other clinical systems in use. Anything that doesn’t show a value or ROI out of the box.

What about the cloud?

Depending on whose survey you believe, up to 80 percent of all hospitals have at least a few cloud-based applications running. Adoption is much slower than expected, but that is because there are so many unknowns, including security.

As was pointed out in a recent HIStalk article, running a data center isn’t the strength most providers have. Cloud providers can offer higher reliability and redundancy at a better price point than a facility maintaining its own hardware. Cost-effective high-bandwidth networks have also eliminated most of the barriers to using the cloud as well.

Once we are comfortable with the security aspect of having images and information stored in the cloud, usage should take off. Sadly, HIPAA penalties and the limits of business associate agreements in protecting the end user have made providers gun shy.

Has radiology embraced Meaningful Use?

With few exceptions, not at all. The vast majority of clients I am dealing with are taking a wait-and-see approach to MU before investing money due to the never-ending changes in the rules. This reflects the general population as well, where only 4 percent or so of all eligible providers have attested to Stage 2 so far.

The cost to implement MU has, in many cases, exceeded any return on investment that a group or imaging center will see. When you add the aggravation factor, you are definitely in the red.

What will we see in the future?

No one really knows what is going to happen with Meaningful Use, ACA, HIEs, and a whole lot more. Vendors are pulling their hair out trying to get any decisions from end users — positive or negative — while end users take the Holiday Inn approach — where the best surprise is no surprise — and choose to remain in limbo doing nothing. In the mean time, IT stands at attention waiting for something to happen so it knows what resources need to be dedicated when and where.

What is frustrating is that even if something shows a ROI right out of the box, a lot of end users are still afraid to pull the trigger. If we can’t overcome the paralysis by analysis, you are going to see a lot of companies go belly up, and soon. Add to this the market consolidation that is going to happen in the next few years with at best a few dozen companies left to provide PACS solutions and it’s a scary time, especially since all of those will need to be integrated into the EHR as well.

Readers Write: Will You be Shocked by Shellshock?

Will You be Shocked by Shellshock?
By John Gomez

Here is a riddle for you. What is old yet new, and at the same time scary yet contained, while being known yet potentially a big surprise?

If you answered Shellshock, you collect $200 and go to the front of the class. Shellshock is a new computer exploit that was discovered in the past few weeks, but “new” isn’t exactly right. The actual vulnerability, which may compromise Linux- and Unix-based systems, has actually been around for 25 years. While newly discovered, it is actually rather old.

Shellshock is scary because it allows someone to take over a Linux- or Unix-based computer (such as your Mac, iPhone, iPad, BSD, Red Hat, Ubuntu system) and bypass all security. This is accomplished by accessing the old-school command line shell known as Bash and executing commands that to most of us make no sense at all in this day of graphical interfaces.

Want to see if your Mac, Linux, or Unix system is vulnerable? Open a terminal or command shell and type in the following (no, it won’t give me super secret ninja access to your system):

env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’

If you see the word “vulnerable” after you hit enter, your system is at risk.

Before you get worried, keep in mind that in most cases, if you have a firewall up and running, you are more than likely safe (assuming your firewall isn’t at risk of Shellshock, but that is beyond our focus in this article). 

Shellshock exists because a programmer 25 years ago made a coding error in a fundamental part of the operating system. Shellshock isn’t some trick or hack — it’s just exploiting a bug. Unlike a worm or virus that is purpose built, Shellshock is really just a how-to for hackers to embrace.

Most vendors of Unix/Linux-based systems such as Apple, Red Hat, and others have already released patches to fix the bug. The challenge you face is making sure that you deploy these patches quickly. A smart hacker could take control of your system and prevent the patch from being effective, so time isn’t on your side. You need to move fast.

You can ask your security team to check their IDS and other logs to see if someone has attempted to gain access to your system using the Shellshock vulnerability. If your team sees active Shellshock scans, you should really do a triple check of your systems and determine if you were penetrated. It isn’t easy to figure out, and more than likely you should get professional support if you suspect you were scanned and successfully attacked.

We have covered why Shellshock is old yet new and scary yet contained. What about known and yet a surprise? It is known simply because we know the targets. Most hackers are going to attack web, database, and other IP-based servers on your network that run on Linux/Unix. Where is the surprise?

The surprise is that what may be most vulnerable are those things we think of the least. Most connected devices we find in a healthcare environment (from a lab to a clinic to a retail pharmacy to a doctor’s office and everything in between) are based on some form of Linux/Unix. This not only includes your medical devices and diagnostic equipment, but also things like your security system, CCTV cameras, and smart door locks.  

Being we live in the age of the Internet of Things (IOTS), chances are that if your device or system has an IP address or a call-home feature, it is running some form or Linux/Unix. That means that you could be in a for a big surprise if a hacker gains control of your MRI, CT scanner, or something less critical like your CCTV cameras.

The good news in all this (if there is good news) is that most devices run a form of Linux/Unix known as BusyBox, which is not vulnerable to Shellshock. Also, most devices in healthcare environments do not make use of Bash, which is the component that is vulnerable.  

That said, you really shouldn’t just hope that your devices are running BusyBox or that Bash isn’t present. It would be wise and prudent (and some may say legally responsible) to evaluate your risk by contacting your vendors to see what devices are vulnerable. Ask the vendor directly what they intend to do and how quickly if they have an at-risk system. Don’t be surprised if many of your device vendors don’t know if they are at risk or not — many deploy Linux/Unix systems and cannot clearly detail if Bash is enabled or not.

If the device you are concerned about involves patient care, you have a critical decision to make and need to clearly understand if there was an attack. For the most part, patient care devices such as an MRI are behind (or should be behind) several layers of network protection or only have a one-way connection using a trusted tunnel. While hoping that is true, check, double-check, and triple-check because lives are at stake.

You should also make sure your physical security organizations understands the impact of Shellshock on their systems. In this IOTS world, many of the devices that could be vulnerable may have nothing to do with traditional IT. For instance webcams allowing security teams to monitor infrastructure are IP based and many are now accessible to security officers from smartphones. Most webcams have built-in web servers based on Linux/Unix and live on your network in some form or fashion.  It is important that those who are responsible for non-IT/HIT electronic devices also make sure that their devices are secure and not vulnerable to Shellshock.

Lastly, you should be checking with your HIPAA business associates to understand their response to Shellshock. You have an ongoing requirement to ascertain your BA’s ability to protect patient health information. Like Heartbleed, Shellshock is considered a significant threat and could easily be used to compromise PHI. Failure to assure that your BA is taking steps to secure your PHI on their networks from Shellshock could be an issue for your organization.

So there you have it. Shellshock is all at once old and new, scary and contained, and known. Because of this brave new world of connected everything, it could very well provide you with the surprise of your life.

John Gomez is CEO of Sensato of Asbury Park, NJ.

Morning Headlines 10/1/14

Optum To Acquire MedSynergies To Help Physician Groups Enhance Patient Care, Improve Practice Performance

Optum will acquire MedSynergies, a physician practice management, revenue cycle management, and referral management software platform with 9,300 customers across the US.

Doctors Find Barriers to Sharing Digital Medical Records

The New York Times interviews Epic CEO Judy Faulkner in a piece addressing problems with interoperability between EHRs, and the accusations that have been leveled at Epic specifically.

An Interview With George Halvorson: The Kaiser Permanente Renaissance, And Health Reform’s Unfinished Business

Health Affairs interviews Kaiser Permanente ex-CEO George Halvorson, who discusses a variety of topics, including the rise and fall of HMOs, the implementation of its $6 billion health IT infrastructure, and the state of health reform in the US.

Effect of a Postdischarge Virtual Ward on Readmission or Death for High-Risk Patients

A study published in JAMA finds that discharging patients directly home, versus transferring them into a post-discharge “virtual ward,” where elements of acute care are carried out in the community setting, has no effect on readmissions or death rates.

News 10/1/14

Top News

UnitedHealth Group’s Optum division acquires MedSynergies, which offers physician practice billing and quality services. MedSynergies was founded in 1996 by a group of Texas ophthalmologists. Its board chair is Joe Boyd, whose history includes being GM of the healthcare practice of Perot Systems, board chair of Healthlink until it was sold to IBM in 2005, and board chair of Encore Health Resources until it was sold to Quintiles earlier this year. I interviewed him in 2012.

Reader Comments

From CloudedCare: “Re: CareCloud. Recently laid off a number of their implementation team and the senior leader running that department. The venture debt must be creating pain or their onboarding process needs a revamp.” The company provided this response to my inquiry: “CareCloud is increasingly gaining traction among larger medical group clients, and optimizing our organization to best support their needs. This includes an expansion of professional services offerings and realignment of the team to deliver them.”

From Bloomington Onion: “Re: health system bond downgrades following EHR implementation. They always blame billing issues and reduced productivity due to revenue loss. I wonder how many of them expect it going in?” I would imagine most health systems expect a short-term jump in AR days, but not to the extent that would cause bond raters to question their financial outlook. Hospitals can’t seem to survive without constantly borrowing money and downgrades mean they pay higher interest rates.

HIStalk Announcements and Requests

Welcome to new HIStalk Platinum Sponsor Zynx Health, healthcare’s pioneer and leader in evidence-based clinical solutions. Solutions include ZynxAnalytics (pinpoints opportunities to reduce care variation), ZynxOrder (evidence-based order sets), ZynxCare (patient-focused plans of care), ZynxAmbulatory (evidence-based order sets for primary care), and ZynxEvidence (online library of clinical evidence guidelines, and quality measures). A brand new product is ZynxCarebook, a mobile platform that connects care team members and guides them to best practices with clinical evidence while making communications more efficient (the “virtual huddle” capability is a cool idea) and eliminating HIPAA concerns related to text messaging. ZynxCarebook stratifies discharge risks and suggests interventions as it supports care transition plan collaboration – clients have experienced a 22 percent reduction in 30-day readmissions, an 18 percent improvement in HCAHPS scores, a LOS decrease of 0.5 days, and a 40 percent increase in referrals of high-risk patients to post-discharge care management. Zynx is part of Hearst Health, which also includes First Databank, MCG, and Homecare Homebase. Learn more by signing up for a demo. Thanks to Zynx Health for supporting HIStalk.

I found this new Zynx Health video on YouTube, which features customer testimonials.

Listening: new from Sloan, an underrated Canada-based power pop band that’s been around for almost 25 years with no lineup changes and with all four members writing hook-heavy songs that sometimes sound like the Beatles (and still sound good even when they don’t).

Acquisitions, Funding, Business, and Stock

Hospital financial management software vendor Healthcare Insights will merge with NOMISe Systems, which offers hospital cost accounting and analytics software. Business will continue under the Healthcare Insights name.

Forbes names its 400 richest Americans, with Microsoft’s Bill Gates leading the list at $81 billion of net worth. Facebook’s Mark Zuckerberg jumps to #11 as the company’s share price increase boosts his wealth to $34 billion, while the founder of the GoPro wearable video camera clocks in with $3.9 billion. New to the list is Elizabeth Holmes, the 30-year-old Stanford dropout who founded lab testing company Theranos and owns half of the company, which is valued at $9 billion. Patrick Soon-Shiong of NantHealth is #39 with $12 billion, while Epic’s Judy Faulkner is listed at #261 with an estimated worth of $2.4 billion. Cerner’s Neal Patterson comes in at #395 with $1.55 billion.

Google Glass healthcare telepresence vendor Pristine raises $5.4 million in Series A financing.

The state of Ohio offers CoverMyMeds $482,000 in incentives to execute its plans to add 116 jobs, move to a larger Columbus office, and create a $2 million training program for software engineers.

Sales

Christopher Rural Health Planning Corporation (IL) selects eClinicalWorks EHR for its 13 locations.

In England, Wrightington, Wigan and Leigh NHS Foundation Trust chooses Allscripts Sunrise.

People

Connie D’Argenio, RN, MSN (Philips Healthcare) joins Huron Consulting Group as managing director of its healthcare practice.

PerfectServe names Travis Hiscutt (CRI) as sales director for the southeast.

Bimal Shah, MD, MBA (Duke University Health System) joins Premier Research Services as VP.

Katherine Schneider, MD (Medecision) is named president and CEO of the Delaware Valley ACO (PA).

The Cal Index HIE announces two new board members: Mark Savage (National Partnership for Women & Families) and Beth Ginzinger, RN, MBA (Anthem Blue Cross – above).

Morris Collen, MD died last week at 100 years old. He was the last of the seven original partners who created Permanente Medical Group, founded its Division of Research more than 40 years ago, and later embraced a second career as an a medical informatics expert after developing a health assessment tool in the 1950s that was automated as a patient screening tool. He said on his 100th birthday that his proudest accomplishment was his involvement with Kaiser’s EHR. AMIA’s annual excellence award is named after him.

Announcements and Implementations

Cerner announces that its HealthyNow app with newly added Apple HealthKit integration is available to Sharp Health Plan members. It allows users to set health goals, earn rewards, share information with providers, and manage medication schedules.

MModal announces availability of computer-assisted physician documentation for its Fluency Direct speech recognition system. The cloud-based solution gives physicians feedback about possible documentation deficiencies as they type or dictate. 

Beaumont Medical Group (MI) goes live on Wellcentive’s PQRS Enterprise Solution, aggregating information from its Epic EMR.

Nuance expands its consulting services to include coding and abstracting compliance monitoring.

HCA International will distribute physical therapy and pathology images using Picsara from Sweden-based Mawell. A pilot project found savings of up to an hour per day per clinician when physical therapy sessions were recorded and reviewed using video instead of writing and reading notes.

Two North Carolina-based HIEs, Carolinas HealthCare System CareConnect and Mission Health Connect, will share their 3.5 million patient records. They will fill a need in the western part of the state since North Carolina’s first HIE, WNC Data Link, will shut down on September 30 after running out of money.

AirWatch debuts AirWatch Video, an enterprise application integrating content delivery network operators to secure companywide video initiatives.

Technology

Dartmouth College will use a telehealth robot from Dartmouth-Hitchcock’s Center for Telehealth on the sidelines of home football games as part of a remote concussion assessment program.

HITRUST warns that the newly discovered Shellshock Unix shell vulnerability could be even more dangerous than Heartbleed since it gives hackers complete control of a server and thus the network on which it resides.

Intel introduces the Basis Peak smartwatch that includes step counting, an optical heart rate sensor, sleep tracking, and smart phone notifications. It has a Gorilla Glass touch screen, works with both iOS and Android, is waterproof, claims a four-day battery charge life, and costs $199.

Bizarre: Microsoft decides to name the new Windows release Windows 10, skipping a number. Every other Windows version is problematic, so maybe it’s hoping to dodge the bullet even though Win 8 was the disappointing follow-up to Win 7. The new version downplays the much-reviled Metro tile interface, brings back the start menu, and finally shows evidence that Microsoft understands that few users have or want touch screen laptops and desktops no matter how convenient it might be for Microsoft to design one OS for all platforms.

Other

Alabama’s medical association registers its displeasure with ICD-10 with its “Top 10 Craziest ICD-10 Codes” social media campaign.

The local TV station covers the rollout of the MedaVet app by Washington State University’s veterinary hospital, which allows pet owners to have around-the-clock access and review their care plans. The company’s site says the cloud-based service includes a customized site for the veterinary practice, creation of templates and health plans, incorporation of promotional and wellness information, a calendar of daily tasks with learning material and appointments, a shared health journal that shows task status with an optional photo, and a social support network. It costs $239 for up to three vets. What’s interesting is that the same company – MedaNext – offers care plans for humans, too.

The local paper highlights the implementation by Floyd Memorial Hospital (IN) of CrossChx, a fingerprint-based biometric solution for spotting patient identity theft. Founder and CEO Sean Lane was an Air Force captain and NSA Fellow, serving five tours of duty in Afghanistan and Iraq before founding Battlefield Telecommunications Systems. CrossChx, which is based in Columbus, OH, says its solution is live in 28 health systems (of 61 signed) and that it has verified 6 million identities. 

The New York Times interviews Epic CEO Judy Faulkner in covering the challenge of EHR interoperability. She says the government should “do some of the things that would be required for everybody to march together,” adding that Epic created Care Everywhere only when it became clear that the government wasn’t going to go far enough.

A Toronto study finds that assigning patients to a post-discharge “virtual ward” (at-home care coordination, visits, care plans, home care, and follow-up) failed to improve the rate of readmission or death compared to just sending the patients home as usual. The authors suggest these issues caused the surprising failure of all that clinical attention to make any difference: (a) it was hard to get in touch with the patient’s PCP and their in-home support workers; (b) the variety of EMRs used made it hard to figure out who was doing what; and (c) the intervention was started after discharge instead of before.

Amazing Charts apologizes for long customer support wait times, blaming a Meaningful Use services rush. Users unhappy after the company’s 2012 acquisition by Pri-Med are venting their frustration on the company’s discussion boards, with one summarizing, “AC has created these logjams by being unable to prioritize what is important, continuing to partner with NewCrop, releasing buggy new versions, and offering unlimited support for a flat price which may create abuse.” Users are also upset that the company is charging them to watch Meaningful Use webinars.

Beth Israel Deaconess Medical Center CIO John Halamka tells a local business group that, “The academic medical center is a dying beast,” urging those systems to reinvent themselves in the face of competition from retail clinics and community-based hospitals and practices.

Walgreens CIO Tim Theriault, speaking at Oracle OpenWorld this week, says the company has distinct IT strategies for the retail and healthcare sides of its business. The retail initiatives are focused on a customer loyalty program, determining what items each store stocks, and using analytics and personalization to connect more closely with customers. For its healthcare business, the company plans to perform in-store lab tests and to exchange information with doctors and hospitals collected through its health cloud.

Former Kaiser Permanente CEO George Halvorson says in a Health Affairs interview by healthcare expert Jeff Goldsmith that the organization spent $6 billion implementing Epic:

Halvorson: When I got to Kaiser Permanente, one of the things that I told the board was that we were going to do what I did when I helped build health plans in Uganda. We were going to have every single element of the care system connected electronically, so there would be no paper record.

Goldsmith: So you told them you wanted to catch up to Uganda?

Halvorson: I’m not kidding.  I actually learned in Uganda that to strip the whole process down to its most elegant essence was to have no paper anywhere. In Uganda, we couldn’t afford to pay a claim or for patients to show an ID card.

A New York Times article highlights hospitals that use out-of-network ED physicians who stick patients with huge bills even when the patient is careful to use an in-network hospital’s ED in a crisis. Texas lawmakers found that the state’s three largest insurance companies had no in-network ED doctors at all. The article points out that 1980s emergency medicine board certification pushed hospitals to contract out their ED coverage and bill the physician services separately. One patient observes, “It never occurred to me that the first line of defense, the person you have to see in an in-network emergency room, could be out of the network. In-network means we just get the building? I thought the doctor came with the ER.”

Weird News Andy says he plays golf like this, too. A previously profanity-hating grandmother recovering from a stroke finds herself swearing involuntarily when things upset her, including poor performance on the golf course. WNA also notes this story, in which coroners are determining whether high chlorine levels in the water supply of England’s second-largest hospital caused the deaths of two dialysis patients. Meanwhile, an anonymous WNA-wannabe contributes this story, in which surgeons saved a teen whose hair-eating psychological disorder caused her digestive system to be blocked by a world record nine-pound hairball.

Sponsor Updates

• DataMotion announces that 37 EHR vendors have used its Direct secure messaging service to achieve 2014 ONC-ACB certification.
• PatientSafe delivers three areas of consideration for bringing contextual communication to clinicians in a follow-up blog regarding clinicians struggling to find the context.
• PMD announces that its mobile patient status verification is accelerating hospital reimbursements.
• GetWellNetwork’s O’Neil Center publishes an e-book entitled“Patient Engagement: Beyond the Buzz” including ten interview and articles with provider perspectives and insider insights.
• HealthEdge partners with NTT DATA to offer a migration program from TriZetto Facets technology due to Cognizant’s acquisition of TriZetto.
• Judy Starkey (Chamberlin Edmonds & Associates) joins Streamline Health’s board of directors.

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Dr. Gregg, Lt. Dan, Dr. Travis.

More news: HIStalk Practice, HIStalk Connect.

Get HIStalk updates.
Contact us online.

Morning Headlines 9/30/14

Shellshock bug could threaten millions. Compared to Heartbleed.

An old, but newly discovered command shell vulnerability called Shellshock has left millions of computers and servers vulnerable to hackers. The National Institute of Standards and Technology rates it a 10 out of 10 in terms of severity, compared to the Heartbleed vulnerability which had only been rated a 5 out of 10.

No New VA Patient Schedule System Until 2020

New contract documents published by the VA reveal that the department will not complete the roll out of new scheduling software to its 153 hospitals until 2020, contradicting acting VA Secretary Sloan Gibson’s claim that the software would be installed by 2016.

Obama presents public health strategy at summit meeting

During a public health summit in Washington focused on the current Ebola outbreak, President Obama cited syndromic surveillance tools as a critical component of his plan to prepare for future outbreaks.

Readers Write: Feeling the Pain of Meaningful Use? Try Vicodin

Feeling the Pain of Meaningful Use? Try Vicodin
By David Ting

Meaningful Use Stage 2 requirements state that eligible professionals must transmit more than 50 percent of all permissible prescriptions electronically using a certified EHR system, an increase from a 40 percent threshold in Stage 1.

Although the use of e-prescribing continues to increase (Surescripts reports adoption rates of about 73 percent), many CIOs and other healthcare leaders I meet think they will struggle to achieve the 50 percent threshold without including controlled substances, which are almost always prescribed using paper-based prescriptions.

In today’s frenetic healthcare environment in which clinicians are constantly pressed for time, many default to a single workflow of using paper prescriptions for all medications for simplicity. This decreases utilization of e-prescribing and makes it harder to meet the required 50 percent threshold. In addition, it decreases patient safety and provider efficiency and results in greater inconvenience for patients who are forced to not only pick up a prescription at the provider’s office, but also endure longer wait times at the pharmacy.

For those CMIOs feeling the pain of trying to meet Meaningful Use e-prescribing requirements, Vicodin might provide the answer.

In August, DEA issued a ruling to reclassify hydrocodone combination products such as Vicodin from a Schedule III to a Schedule II controlled substance. This ruling puts tighter controls on how these highly addictive medications can be prescribed. For instance, doctors can prescribe a maximum three-month supply (previously it was six months) before patients need another prescription to be written.

Consider that in 2012, 135 million prescriptions were written for hydrocodone combination products in the US. The ruling could conceivably double this number, which would increase the total number of prescriptions for controlled substances by 25 percent or more. This increase in volume will exacerbate the challenges created by the inability to e-prescribe controlled substances, particularly as it relates to dual workflows for prescribers and the consequential impact on meeting Meaningful Use requirements.

For this ruling to be successful and have the desired impact on reducing drug abuse, systems like electronic prescribing of controlled substances (EPCS) must be implemented to ensure the tighter restrictions are enforced without creating barriers for physicians to write and refill prescriptions for patients truly in need. EPCS makes it far more difficult to obtain highly addictive prescription medication for illicit purposes without placing any undue burden on patients with legitimate needs.

Now that EPCS is allowed by the DEA, providers can choose to include controlled substances as part of their equation for Meaningful Use, as long as the decision applies to all patients and for the entire reporting period. With an EPCS system in place, healthcare providers and organizations can more easily meet Meaningful Use Stage 2 requirements for e-prescribing while also realizing all of the additional benefits of EPCS. 

David Ting is founder and chief technology officer of Imprivata of Lexington, MA.

Readers Write: The Key to Transitioning from PQRS to Risk-Sharing Agreements

The Key to Transitioning from PQRS to Risk-Sharing Agreements
By Mason Beard

If you, Dr. X, report on quality for your Medicare patients, you’ll get a nice bonus. That’s how PQRS started out—a purely pay-for-reporting initiative.

The bar for this program was set fairly low to encourage providers to meet the requirements. But in its crafty way, the federal government has steadily shifted the program away from the carrot and toward the stick. In fact, the incentive phase of the program ends next year. Providers who don’t measure up will simply experience the stick. In other words, the government has moved its focus from reporting to performance.

I don’t want to paint CMS as conniving to punish poorly performing providers. The truth is that PQRS has been a very successful program and is driving an important focus on the quality of care delivered to Medicare beneficiaries. Another quite evident truth is that CMS is not stopping here.

CMS isn’t just creating government programs and regulations; they’re trying to change provider behavior to rally around outcomes reporting and better care. They’re pushing providers inexorably toward value-based reimbursement (VBR). Reading the tea leaves of what’s happening with PQRS—and considering the proposed Merit-Based Incentive Payment System (MIPS)—the government is going all in on this.

Technology can help providers who are doing PQRS reporting prepare to move successfully into more sophisticated VBR arrangements. From the beginning of PQRS (PQRI at the time), it was evident that providers would need HIT tools to help them track, measure, and report on quality measures. PQRS has been around long enough that there are now a variety of tools providers can use to help them fulfill this requirement.

Not all of these tools can help providers meet PQRS requirements and transition to more sophisticated VBR arrangements using the same infrastructure. Make no mistake — such a transition is essential. To manage it successfully, organizations don’t need a point solution, they need a platform.

Here’s why. The new PQRS, the MIPS of the future and other VBR arrangements don’t focus on reporting outcomes; they focus on improving outcomes. The only way organizations will be able to improve outcomes is by implementing what I call the 4 As:

• Aggregation. Providers need to be able to gather clinical and administrative data from the disparate technologies across their system.
• Analytics. Providers need some level of analytics to understand their population, identify gaps in care, and assess risk.
• Action. Providers can’t just aggregate data and analyze it and then not do anything about it. They need some system in place to engage their patient population (via care management workflows, automated outreach, reminder letters, etc.) and fill gaps in care.
• Accountability. They need to be able to prove the value back to the stakeholder. Simply put, this means reporting the outcomes for a variety of initiatives to CMS and other payers.

It’s important to note that PQRS point systems only address the fourth A: accountability. (Even then, they may not have the flexibility to adapt to the various reporting initiatives that will be required by multiple payers as time goes on). If a PQRS solution only addresses the fourth A, it can’t prepare an organization for risk. It doesn’t create processes that move the organization away from a fee-for-service world.

A platform, on the other hand, enables provider organizations to enter the value-based world. Performing PQRS reporting on a platform is the perfect starting point. As providers fulfill the PQRS reporting requirements, they can layer in processes that help them transition from a reporting workflow to a more proactive workflow focused on population health management. With the aggregated data and intelligence they build up around their performance in the process, they become equipped to enter into VBR arrangements with commercial payers.

A platform delivers an easy, turnkey way to branch out from PQRS to address other, more sophisticated payer initiatives. The time to plan for this transition is now because the stakes are rising. Every plan—both government and commercial—is developing some kind of risk- or performance-based initiative. With a platform, providers don’t have to take the plunge immediately. They can first dip their toes in the waters of PQRS and then move steadily into a world of improved outcomes and value-based reimbursement.

Mason Beard is senior vice president of solutions and co-founder of Wellcentive of Alpharetta, GA.

Readers Write: EHR Divorce Rates on the Rise – Four Factors that Predict Electronic Health Record Adoption Success

EHR Divorce Rates on the Rise – Four Factors that Predict Electronic Health Record Adoption Success
By Heather Haugen, PhD

Despite healthy growth in the implementation of EHRs, the lack of effective adoption plans is impeding their intended purpose of helping healthcare providers improve care.

In 2013, nearly six in 10 hospitals have adopted at least a basic EHR system. But not all EHR users are happy with their purchase. In fact, 30 percent of hospital executives admit they are dissatisfied with their system, and 30 percent of current EHR solutions are replacements of another product.

Research reveals that a myopic focus on the go-live event is the root cause of low EHR adoption rates and increases the chances of organizations’ divorcing their EHR vendor. In contrast, those healthcare leaders who focused on the processes and discipline required to achieve adoption and maintain it over the long run were more likely to achieve the clinical and financial outcomes they expected from the EHR.

EHRs have the potential to improve both patient care and work efficiencies in delivering care, but these outcomes are only possible when clinicians adopt the best practices and workflow needed to continually improve how the system serves the organization.

The research published in “Beyond Implementation: A Prescription for Long-Term EHR Adoption” revealed four key factors that predict EHR adoption:

Engaged Clinician Leadership

Engaged clinician leadership is the most important predictor of successful EHR adoption. IT leaders are often given primary responsibility for the organization’s EHR system. While their skills and experience are necessary for functionality of the EHR system, the input and expertise of nurses, physicians, pharmacists, and other clinical staff is essential to driving staff’s proper use of the EHR and improved clinical and financial outcomes.

Moreover, leaders of EHR adoption efforts need to be highly engaged through and beyond go-live. While this may seem like a given, competing priorities make it difficult to maintain the degree of engagement required after the go-live event. When comparing organizations with successful implementations and those who have become dissatisfied with their system, our research shows that engaged leaders:

• are well informed and aligned in how they communicate the value of the EHR;
• empower clinicians to make decisions about how the EHR should be implemented and used;
• understand the degree of change required and set priorities appropriately; and
• stay engaged for the life of the application.

Effective Training to Ensure Proficient Users

The way in which clinicians and users are trained impacts their level of proficiency. In healthcare, we often use traditional methods – one-time “training events” that occur at a certain time and place. The trainers focus on teaching the hundreds of features and functions available in the system over multiple days with the goal of reaching “mastery” by the session’s end. But this is an ineffective, insufficient, and unrealistic method.

Bill Rieger, CIO of Flagler Hospital (FL) originally thought that implementing his health system’s new EHR would include traditional, classroom-style training. This approach required training sessions to begin a full six months prior to go-live due to limited classroom space and a large clinical staff. By making the switch to using scenario-driven simulations – a hands-on method – the hospital was able to begin the initial training program just six weeks prior to go-live, resulting in increased retention and a more successful launch.

Simulation-based training that focuses on helping users become proficient in new workflows and best practices results in dramatically better outcomes compared to traditional training and takes about half the time. This style emphasizes an accumulation of experience over time. It happens continuously in the specific work environment and leverages role-based content to provide a level of individualized fluency. Critical thinking skills and retention of content improve significantly when the goal is proficiency, in contrast to attending a more passive training event.

Measuring for Improvement

Defining metrics to track proficiency in EHR use and communicating them with clinicians is another critical step for adoption. Without it, improper use of the system is more likely to continue. Through a process of peer-to-peer auditing and regular progress reports, clinicians can track their performance and improve in necessary areas – ultimately enhancing patient care in the process.

In addition to providing feedback for clinicians, measurement can help optimize the EHR platform. For example, if simulation reports reveal that a large percentage of users click in the wrong area when completing a certain task, it would indicate a point of non-intuitive design. Armed with such data, the EHR vendor may be able to modify the system for improved use.

Adequate Resources and Prioritization Beyond Go-Live

A focus on the people, processes, and evaluations to improve adoption over the lifecycle of the application is required for long-term success, yet very little attention is typically paid to sustainment efforts.

Even when a new EHR is well accepted by clinicians and they become proficient in the application, adoption is a process that can never be finished for two reasons:

• There will always be new clinicians and residents entering the healthcare organization. An organization with a successful EHR program will ensure that these individuals receive every bit of guidance and have the ability to be just as successful in their use of the EHR as those clinicians who had been present at the go-live event.
• EHR systems will always be subject to upgrades and changes. While the changes are meant to enhance the system, they will do more harm than good if end users do not receive the appropriate level of guidance when being introduced to new workflows and processes. 

Too often, people that are recruited to work on EHR adoption efforts eventually revert back to their previous roles and work on their former projects, leaving the organization without proper resources to account for this inevitable cycle brought on by time and turnover. Flagler Hospital overcame this tyranny of time by keeping implementation committees in place and by focusing on long-term, ongoing education even through multiple EHR upgrades.

Moving from an EHR implementation focus to an EHR adoption focus requires a significant overhaul in how we think, how we lead, and how we behave. Now is the time for healthcare leaders to evaluate their organization’s performance in these four key areas that predict EHR adoption.

Heather Haugen, PhD is managing director and CEO at The Breakaway Group, A Xerox Company of Greenwood, CO, which recently delivered an HIStalk webinar on this topic that can be viewed as YouTube replay.

Curbside Consult with Dr. Jayne 9/29/14

As a CMIO, I often feel my attention is all over the place. I’m dealing with clinical documentation needs for various constituencies while trying to ensure compliance with a host of federal, state, and other quasi-regulatory standards bodies. I’m also trying to implement tools to measure patient, physician, and employee satisfaction while maintaining my sanity in what seems like an upside-down healthcare world.

Given that background, you can’t imagine the serendipity I found when Dr. Andy’s recent CMIO Rant coincided with my weekend project to review E&M coding.

Due to some discrepancies in coding volumes after a recent ambulatory EHR upgrade, our compliance officers asked for a thorough review of the system’s E&M calculation tools. There are quite a few nuances to how the system codes and we’ve also had some recent coding education outside of the EHR, so I wasn’t convinced we weren’t dealing with another variable.

Our system is flexible and allows physicians to choose either 1995 or 1997 guidelines for each encounter. What if the recent coding class had physicians making different choices than they did previously? What if they were scared by the gloom-and-doom predictions of a RAC audit and undervalued their documentation?

I had been sitting for several hours with my trusty-rusty paper coding review forms, scoring visit documentation based on the guidance from our coding and compliance team. Once a visit was scored, I compared the results to the EHR’s calculations. Our EHR breaks down its coding suggestions parallel to E&M guidelines, so it is fairly easy to compare the bullets it counted vs. what I counted on paper.

Fortunately, our system does not advise on the level of Medical Decision Making, but rather requires providers to select that coding component. I can’t imagine how controversial the review would be if the EHR was prompting it.

There’s so much going on with HIStalk I tend to get behind from time to time. When I couldn’t handle any more bullet-counting, I took a break to catch up on HIStalk Connect and HIStalk Practice. Imagine my delight when I found Dr. Andy’s response to the AMA’s comments on EHR design. His first counter-request for the AMA is for them to help us fight “regulations that require overly detailed physician documentation, like the CMS E&M coding guidelines, which really set a floor of complexity below which we cannot sink.”

I laughed out loud, as I do every time I receive an email from CMS advocating their brand of “administrative simplification,” which has to be the biggest oxymoron ever. Just that morsel would have been enough to make my day, but then he covered their seemingly contradictory request for EHRs to lower cognitive workload while requiring them to enable dozens more tasks than we ever handled on paper. “Massive cognitive workflow” were the words he chose. Having had a 40+ patient clinic day this week, I can attest to the massive nature of the volume of information I had to process to care for them.

Note that I didn’t say data. Data implies the information is in the EHR or another accessible system that I could theoretically review. The reality is that physicians have to handle information on a much broader scale – the patient’s history, family members’ version of the same events, stories about what the patient read on Google, the physical exam itself, in-office testing, and more – on top of the actual electronic data available. Add to that mountain of information the fact that we’re now caring for patients in the office that would have been cared for in the hospital five years ago and it would be easy to become buried.

Reflecting on this massive cognitive workload inspired my new and improved “guidelines” for E&M coding. I didn’t have enough time (or martini fixings) to flesh out the entire scheme, so let’s confine our thoughts to established patient office visits.

Traditional E&M coding poses five levels of service – 99211, 99212, 99213, 99214, and 99215. The value of the visit (and thus the payments) increase as the level of service increases. Typically 99211 and 99212 are not used to bill actually physician services, so I threw them out. Talk about administrative simplification – I just slashed the number of things I have to think about by 40 percent.

Looking at the rest of the codes and what you have to have to justify documentation in the traditional coding construct, I identified some sample visits that were reflective of the codes even by conservative standards. They fell into nice groupings based on the amount of information the physician had to interact with during the visit. I’m not just talking about information that one would have to review, but also information one might have to deliver. Out of ten charts reviewed for each level of coding, I had a 90-100 percent concordance when using the “information burden” scheme to value my efforts.

Here’s how it works.

99213 – Now called “Mild Information Burden”

• Patient has fewer than three issues he/she wants to be seen for today.
• Patient has been seen at fewer than three healthcare facilities/providers in the last three months.
• None of today’s issues will cause death or serious consequences if left untreated.
• Determination of proper treatment requires review of fewer than three data sources (EHR, clinical data warehouse, HIE, antibiogram, CDC bulletin, guidelines website, Sanford guide, discussion with colleague, etc.)
• Treatment requires fewer than three instructions, outside orders, or documents (patient education handouts, prescription, therapy order, referral, prior-auth, FMLA papers, etc.)
• Visit requires less than 15 minutes for documentation.

99214 – Now called “Moderate Information Burden”

• Patient has more than three issues he/she wants to be seen for today.
• Patient has been seen at three or more healthcare facilities/providers in the last three months.
• At least one of today’s issues will cause death or serious consequences if left untreated.
• Determination of proper treatment requires review of three or more data sources.
• Treatment requires three or more instructions, outside orders, or documents.
• Visit requires more than 15 minutes for completion, including documentation.

At this point, based on my “rules of three” and the two levels of coding, you could quit. However, neither category covers what I had to manage for several patients seen in this week’s clinic. I decided to reserve the highest coding level for those special circumstances, but in keeping with the rules of three:

99215 – Now called “Severe Information Burden”

• There are three or more non-office personnel in the exam room (patient, family members, children, interpreter, etc.)
• Patient has been seen by facilities/providers that are members of three or more ACOs.
• At least one of today’s issues will lead to hospitalization in the next three months.
• There are three or more possible ways to treat one of today’s issues, depending on the patient’s insurance status and/or ability to pay for non-covered services.
• More than three separate logins and passwords are required to access the data needed to care for the patient.
• Visit takes long enough that it requires cutting three or more subsequent appointments short in order to catch up.

Maybe it’s just me, but those rules would be much easier to follow than what we currently have. I’d rather use my cognitive skills to deliver quality care and build relationships with patients than to remember whether I’m supposed to be documenting by organ systems or body areas. What does “expanded problem focused” mean anyway? Or “detailed”? I like to think that all my visits are detailed, if not comprehensive. Current E&M coding turns those perfectly good words into something incomprehensible.

Give it a shot – pull a couple of visits and see whether my proposed coding system holds up under the stress of your clinic day.

Do you dream of a world without E&M coding? Email me.

Email Dr. Jayne.

Morning Headlines 9/29/14

HealthKit support added to WebMD, Carrot Fit, Yummly, more

A week after a bug forced Apple to pull HealthKit from its iOS 8 release, the feature is back up and running with a growing list of optimized health apps feeding data into it.

Citizen Hackers Tinker With Medical Devices

The Wall Street Journal covers the concerning rise in consumers hacking their own medical devices to add functionality that the FDA has yet to approve.

Deaths fall ‘with use of software’

In England, death rates drop at two NHS hospitals after a risk score-based alert system was implemented that monitors vital signs, calculates an “early warning score,” and then alerts nurses when the score trends outside of an acceptable threshold.