Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Attackers Try To Sell 600K Patient Records

Posted on July 22, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

New research has concluded that attackers recently infiltrated U.S. healthcare institutions and stole at least 600,000 patient records, then attempted to sell more than 3 TB of associated data. The attacks, which were discovered by security firm InfoArmor, targeted not only hospitals, but also private clinics and vendors of medical equipment and supplies such as orthopedics, eWeek reports.

According to InfoArmor, the attacker gained access to the patient data by exploiting weak user credentials, and hacked Remote Desktop Protocol connections on some servers with static external IP addresses. The data thief also used a local privilege escalation exploit to access system files for added patching and backdooring, InfoArmor chief intelligence officer Andrew Komarov told eWeek.

And sadly, some healthcare institutions made it pretty easy for intruders. In some cases, data thieves were able to exfiltrate data stored in Microsoft Access desktop databases without any special user access segregation or rights control in place, Komarov told the magazine.

Future exploits may emerge through medical device connections, as many institutions aren’t paying enough attention to device security, he warns.”[Providers] think that the medical device is just a device for their specific function and sometimes they don’t [have] knowledge of misconfigured devices in their networks,” Komarov said.

So what will become of the data?  Many things, and none of them good. Some cyber criminals will sell Social Security numbers and other scammers will use to sell fraudulent healthcare services,. Cyber-grifters who steal a patient’s history of illness and their biography can use them to take advantage of consumers, he pointed out. And to sharpen their con, such criminals can even buy select data focused on geographic regions, Komarov noted in a follow-up chat with me.

To address exploits engineered by remote access sessions, one consulting firm is pitching technology allowing administrators to go over remote sessions with a fine-toothed comb.

Balazs Scheidler, CTO of security vendor BalaBit, notes that while remote access to internal IT resources is common, using protocols such as Microsoft Remote Desktop or Citrix ICA, IT managers don’t always have enough visibility into who’s accessing systems, when they are logging in and from where systems are being accessed. BalaBit is pitching a system which offers “CCTV-like” recording of user sessions, including screen contents, mouse movements, clicks and keystrokes.

But the truth is, regardless of what approach providers take, they simply have to step up security measures across the board. If attackers can access your data through a vulnerable Microsoft Access database, clearly something is out of order. And in fact many cases, it’s just that easy for attackers to get into your network.

Lessons Learned from Practice Fusion’s FTC Charges and Settlement

Posted on July 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Almost 3 years ago I wrote an article about Practice Fusion violating some physicians’ trust in sending millions of emails to their patients. It’s still shocking to me to read through the physicians’ reaction to having emails unknowingly sent out in their name to their patients. I spent about a month researching that story. That’s longer than I’ve done for any other article by a significant margin. What I discovered was just that compelling.

When I first was told about the story, it seemed possible that each of those emails (we estimated 9 million) was a HIPAA violation. However, as we researched the story more and talked with multiple experts, it seemed like only a small subset could have possibly been considered a HIPAA violation. Practice Fusion had done a pretty reasonable job on the HIPAA front in our opinion. We all learned a lot about HIPAA and patient emails from the experience. Not to mention the importance of physician trust in your EHR product.

With that said, Forbes read my articles and decided to write an article that extended on the research that I’d done for the story along with a follow up article that looked at some of the things patients were posting publicly in these physician reviews. Forbes didn’t link to my article since I was pretty cautious with the whole thing after Practice Fusion had threatened sending their lawyers my way. I didn’t have a bevy of lawyers behind me like Forbes. Plus, some other crazy things happened like people trying to discredit me in the comments from the same IP address in San Francisco and a fabricated blog post to try and discredit what I’d written. Needless to say, it was quite the experience.

There were some people encouraging me to take it much further and to expose some of the crazy things that went down. That wasn’t my interest. I’d told an important story that needed to be told in what I believed was a fair an accurate way. I didn’t have any other goals despite some people insinuating that I might have other intentions.

Three years after I wrote that story it’s interesting to see that the FTC finally published the complaint against Practice Fusion (they also shared an analysis) and the Settlement agreement. I guess our government does work as slow as we all imagine.

I’m not going to dive into the details of the settlement here, but I did discuss the lessons we can learn from Practice Fusion’s FTC complaint and settlement with Shahid Shah and from our discussion I came up with these important lessons that apply to any company working in healthcare IT.

Healthcare Needs to Worry About More Than HIPAA and OCR
I think that many healthcare IT organizations only worried about HIPAA and OCR (which enforces HIPAA) when developing their products and implementing them in healthcare. This example clearly illustrates that the FTC is interested in what you do in healthcare and they’re not just going to defer to OCR to ensure that things are going right. This is particularly true as healthcare becomes more and more consumer oriented. This advice is also timely given ONC’s report to congress about health data oversight beyond HIPAA.

Healthcare Interoperability and Public Disclosure Might Be Worse
One challenge with the FTC settlement is that it could cause many other healthcare IT vendors to use it as an excuse not to take the next step in engaging patients, sharing health information where it’s needed, and other things that will help to improve healthcare. The fear of government condemnation could cause many to balk at progressive initiatives that would benefit patients.

While I do think healthcare IT companies should be cautious, fear of the FTC shouldn’t be used as an excuse to do nothing. The reality of the Practice Fusion case wasn’t that they shouldn’t have built the product they did, it was just that they needed to better communicate what they were doing to both doctors and patients. If they had done so I wouldn’t have had an article to write and the FTC wouldn’t have had any issue with what they were doing.

Communicate Properly to Patients
Reading the FTC claim was interesting to me. In the month I spent researching the story, I felt that Practice Fusion had done a great job in their privacy notice saying that the patient’s review would be posted publicly. It stated as much in their policy and I found no fault in their posting the patient reviews in public. That’s why I didn’t write about them in my articles. Certainly they could have made it more clear to patients, but I put the responsibility on the patient to read the privacy policy. If the patient chooses not to read the privacy policy when sharing really intimate personal details in an online form, then I don’t have much sympathy for them.

Of course, I’m not a lawyer and the FTC found very different. The FTC thought that the disclosure to the patient should have reached out and grabbed consumers and that the key facts shouldn’t be buried in a hard-to-understand privacy policy. A good lawyer can help an organization find the balance of effectively meeting the FTC requirements, but also not scaring patients away from participating. Although, it can certainly be a challenge.

If You Can Identify Private Information You Should
There are some obvious things that we all know shouldn’t be posted publicly. These days with technologies like NLP (natural language processing), you can identify many of these obvious pieces of private data and ensure they’re hidden and never go public. These technologies aren’t perfect, but having them in place will show that you’ve made a best effort to ensure that consumers health data is kept as private as possible.

Communicate Better with Doctors
This might be the biggest thing I learned from the experience. I find it interesting that the FTC complaint barely even talks about it (maybe it’s not under the FTC’s purview?). However, what came through loud and clear from this experience is that you need to effectively communicate what you’re doing to the doctor. This is particularly true if you’re doing something in the doctors name. If not, you’re going to lose the trust of doctors.

The FTC has a blog post up which has more lessons for those of us in the healthcare industry. They’re worthy of consideration if you’re a health IT company that’s working with patients (yes, that’s pretty much all of you).

P.S. I find it interesting that the Patient Fusion website still lists 30,061 doctors on patient fusion, 181,818 appointments today, 1,844718 reviews, and 98% doctors recommended. The same numbers that were listed back in 2013:

I guess that page isn’t a real time feed. I also looked at the Patient Fusion website today to see how they showed reviews now. I didn’t scour the whole website, but it appears that they now only show the quantitative review score and not the qualitative review.

Is Your Organization Ready for EHR Adoption? – Breakaway Thinking

Posted on July 20, 2016 I Written By

The following is a guest blog post by Heather Haugen, PhD, Managing Director and CEO at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Heather Haugen
What is the most significant barrier to Electronic Health Record (EHR) adoption for clinicians?  This question was the foundation of our research published in Beyond Implementation: A Prescription for Lasting EMR Adoption in 2010. The answer wasn’t surprising then and won’t surprise you now, but let’s consider how your leaders are doing in the face of enormous change in healthcare (think telemedicine, high pharmaceutical costs, rising medical costs, medical ID theft). It’s more important than ever to focus on technology adoption in today’s healthcare climate.

The one factor that formed a pattern across every organization struggling with EHR adoption was a lack of engagement by those leading the effort, and this still holds true today. For many reasons, this is a hard pill to swallow. First, it places responsibility back on the earliest champions: those who decided to fund and move the entire organization into an EHR implementation or upgrade. Second, it requires already overworked executive and clinical leaders to make adoption a daily priority. Effective leadership is an antecedent to adoption.

There is no greater barrier to the adoption of a complex IT application in an ever-changing healthcare environment than believing we can simply pile this effort on top of the other priorities and expect success. Organizations with disengaged, part-time, and/or overworked leaders at the helm of an EHR effort will struggle and may never achieve full adoption. In contrast, organizations with leaders who are fully invested in the daily march toward adoption will not only reach the early stages of adoption, but will enjoy a reinforced cycle of meaningful clinical and financial outcomes. Leadership must take five steps to succeed in moving their organization toward EHR adoption.

Develop a “stop doing” list: Establishing a new leadership agenda requires freeing up time for those leading and working on the effort. Without reprioritizing daily tasks, EHR adoption receives inadequate time and attention. Leaders currently in charge of EHR adoption need to understand what they are going to stop doing and focus on maintaining the courage to follow through on their decision.

Create a positive tone at the top of the organization: One of the most challenging aspects of leading an EHR adoption is transforming the project into a compelling and meaningful effort for everyone. When people, especially clinicians, believe in a cause, they will go to extraordinary lengths to ensure a successful outcome. Creating a common message with purpose and constancy is not easy, and sustaining the message is even more difficult. But when leaders create the right tone for the EHR adoption message, it will be powerful and help maintain momentum to create change.

Connect to clinical leadership: The key to provider adoption of EHRs is engagement. A governance system will engage clinicians through responsibilities and accountabilities and create clinician champions – the most highly-respected and well-networked clinicians. A high level of provider engagement can ameliorate or even overcome the common barriers to adoption, including resistance to abandoning the previous charting method, the investment of time required to learn the new system and the initial drop in productivity until users attain proficiency.

Empower decision-makers and reinforce their spheres of influence: Implementing or upgrading an EHR requires thoughtful consideration of the policies and procedures that will govern the use of the system.  There are many stakeholders with a myriad of opinions and often competing interests that can dramatically slow adoption of the EHR. Adhering to a well-defined governance process ensures that the right people are involved at the right time with the right information. The lack of governance allows the wrong people to endlessly debate decisions, ignore standards and often conclude by making the wrong decisions. Leaders must establish strong governance processes that define expectations around adoption of the EHR, involve the right stakeholders to make decisions, establish policies and best practices and ultimately evaluate performance against expectations. Governance must also be flexible enough to evolve over time.

Relentlessly pursue meaningful clinical and financial metrics: The payoff for adopting an EHR comes in the form of clinical and financial outcomes. If results are neither tracked nor realized, the effort is truly a waste of time and money. Our expectations need to be realistic, but it really is the leaders who are accountable for the relentless pursuit of positive outcomes. Leaders must incent the right people to collect, analyze, and report on the data. Similar to engaging clinicians, this requires some finesse. The good news is that clinicians are generally interested in these metrics and may find the numbers compelling enough to change processes enough to impact the outcomes. Identify several key metrics that are easy to collect, work to improve them and then measure again.

Now is the time to create a new leadership agenda to drive EHR adoption and ultimately improve patient care – which is the goal we all share!

Xerox is a sponsor of the Breakaway Thinking series of blog posts. The Breakaway Group is a leader in EHR and Health IT training.

Has Technology Changed The Way We Interact With Each Other, Our Healthcare Providers And Healthcare Organizations?

Posted on July 19, 2016 I Written By

The following is a guest blog post by Brittany Quemby,  Marketing Manager of Stericycle Communication Solutions as part of the Communication Solutions Series of blog posts. Follow and engage with them on Twitter: @StericycleComms
Brittany Quemby - Stericycle

In this blog series, we have talked a lot about healthcare consumerism, the importance of communication in the patient/provider relationship and how embracing technology can lead to an increased patient experience. Today I want to talk about how technology is changing the way we interact with each other in the healthcare industry.

The other day I tried to book a doctor’s appointment with my family physician.  I looked up my family physician’s phone number online and called in. After about 25 rings, 20 minutes on hold and a cranky voice on the other end, I hung up the phone feeling extremely frustrated and couldn’t event remember the time of my appointment.

This left me thinking. Everyday we rely and crave the use of technology to help us be more efficient and to simplify our lives.  I would argue, even more so, when it comes to our health. Approximately 58% of patients believe that technology leads to better care.  Technology has truly transformed the way patients want to interact with providers.  And to be fair, a lot of healthcare organizations and clinicians have been quick to adopt as they see the efficiency and patient experience benefits – so what was the hold up with my family physician?  I think perhaps they just weren’t aware of the facts.

So let’s take a look at them:

Fact 1 – Mobile Health

The truth hurts.  Many of us are addicted to our phone and are guilty of driving home when we were almost at work to retrieve it. When it comes to mobile health, the addiction is just as strong. Over 50% of smartphone owners, have used their phone to look up health or medical information.  A staggering 80% of patients want the option of using their smartphone to interact with healthcare providers.  Traditional methods of inquiring about our health and interacting with healthcare providers are long gone. Today’s technology makes it much more convenient for both physicians and patients to connect, research and communicate right from their smartphone.

Fact 2 – Online Health

Face it! Most of us have gone down the rabbit hole of searching a particular ailment online.  At least 35% of U.S. adults say they have gone online to try to figure out what medical condition they or someone else might have. Research indicates that 77% of online health seekers began their last session at a search engine such as Google, Bing, or Yahoo.  The presence of the internet has given patients easy access to information and has empowered them to make more informed choices about their health. It has also allowed physicians to easily update new information and build interactive treatment plans that can increase patient adherence and retention.

Fact 3 – Online Scheduling

Truth be told, I did scream when I got off the phone with doctor’s office.  Why was calling in to book my doctor’s appointment the most painful thing I had done all week? I am not alone, 77% of consumers think that the ability to book, change or cancel healthcare appointments online is important. Technology has us conditioned to want the quickest and easiest way of getting things done.  It is much quicker and convenient to go online to book the next available appointment than the 8.1 minutes it takes for a patient to complete a scheduling call.  Online scheduling helps to satisfy a patient’s need for quick gratification and alleviates the significant amount of time staff spend scheduling appointments.

Fact 4 – Digital Communication Platforms

The fact that I couldn’t remember the time of my appointment the moment I got off the phone was a bit embarrassing. But let’s face it, we’ve become so reliant on technology telling us where we need to be and what time we need to be there that our brains begin to ignore certain timelines. The truth is, the sticky note no longer holds the top spot in patient’s minds. A whopping 85% of consumers say that they would welcome digital appointment reminders, medication reminders and general health tips.   This type of technology is a win-win for both patients and clinicians.  Patients receive a simple reminder that can be added into their calendar allowing them to show up and be better prepared and clinicians receive appointment confirmations allowing them to increase their operational efficiencies, revenue and better manage their daily schedule.

Fact 5 – Tracking Health

Tracking health is not a new concept, but the exchanges and the method patients are tracking their health has revolutionized with newer technology. When recommended by a doctor, 3 in 4 consumers followed advice to wear technology to track their health. Over 20% of patients track their health indicators with the use of technology.  Technologies that assist in tracking one’s health have allowed for higher patient engagement which can lead to better monitoring and increased outcomes.  Both US consumers (77%) and doctors (85%) agree that using wearables helps a patient engage in their own health.

As technology evolves, so will our interactions as patients, providers and healthcare organizations.   It’s imperative to capitalize on the many benefits healthcare technology has given us to ensure we expand our connectivity, grow our data, increase our health outcomes and continuously improve our communication and collaboration. However, and unfortunately, in the meantime while we wait for everyone to catch up some of us will suffer from the frustration of expecting technology and not getting it. #Siricantyoujustrunmylife

The Communication Solutions Series of blog posts is sponsored by Stericycle Communication Solutions, a leading provider of high quality telephone answering, appointment scheduling, and automated communication services. Stericycle Communication Solutions combines a human touch with innovative technology to deliver best-in-class communication services.  Connect with Stericycle Communication Solutions on social media:  @StericycleComms

Telus Health Continues EMR M&A Strategy – Acquires Nightingale Informatix

Posted on July 18, 2016 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

Telus Health, a Canadian based healthcare technology and services firm that is a division of one of Canada’s largest telco operators (Telus Communications), recently announced the acquisition of Nightingale Informatix for $14 Million CDN (approximately $10.4M USD).

You can read the announcement here.

This is the latest in a string of acquisitions that Telus has made over the past 5 years in the Canadian ambulatory EMR space. Med Access, Wolf Medical Systems, Kinlogix, MD Physician Services, Medesync and now Nightingale are all part of Telus Health’s product portfolio. With these acquisitions Telus is now by far the most dominant player in the Canadian ambulatory market. There are only a handful of vendors remaining – the largest of which is Vancouver’s QHR Technologies.

EMR consolidation in Canada was inevitable. The small market size could not sustain the more than 50 EMR vendors that cropped up in the heyday of adoption. As well, unlike in the US, the government in Canada did not pour billions of dollars to encourage physicians to adopt EMR technologies. The incentive programs in Canada were handled by the provinces and were much smaller in scale. Thus the Canadian market was ripe for consolidation and Telus has been aggressively seizing these opportunities.

It is a little surprising that none of the US EMR vendors have looked north of the border for growth opportunities. With a single payer system and unique patient identifiers, you would think the Canadian market would be enticing. However, no US ambulatory EMR has made significant in-roads.

Missed opportunity? or perhaps a wise decision to focus at home?

*Disclosure – This writer was VP of Marketing at Nightingale Informatix from 2012-2014.

[CORRECTION – July 19, 2016 2:11pm ET – The original post erroneously reported that Telus had acquired Healthscreen, EMIS and Clinicare EMRs. These three EMRs were in fact acquired by QHR Technologies and not Telus. This post was updated with a corrected list of Telus acquisitions]

ONC Offers Two Interoperability Measures

Posted on July 14, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For a while now, it’s been unclear how federal regulators would measure whether the U.S. healthcare system was moving toward the “widespread interoperability” MACRA requires. But the wait is over, and after reviewing a bunch of comments, ONC has come through with some proposals that seem fairly reasonable at first glance.

According to a new blog entry from ONC, the agency has gotten almost 100 comments on how to address interoperability. These recommendations, the agency concluded, fell into four broad categories:

  • Don’t create any significant new reporting burdens for providers
  • Broaden the scope of interoperability measurements to include providers and individuals that are not eligible for Medicare and Medicaid EHR incentives
  • Create measures that examine usage and usefulness of exchanged information, as well as the impact on health outcomes, in addition to measuring the exchange itself
  • Recognize that given the complexity of measuring interoperability, it will take multiple data sources, and that more discussions will be necessary to create an effective model for such measurements

In response, ONC has come up with two core measures which address not only the comments, but also its own analysis and MACRA’s specific definitions of “widespread interoperability.”

  • Measure #1: Proportion of healthcare providers electronically engaging in the following core domains of interoperable exchange of health information: sending; receiving; finding (querying); and integrating information received outside sources.
  • Measure #2: Proportion of healthcare providers who report using information electronically received through outside providers and sources for clinical decision-making.

To measure these activities, ONC expects to be able to draw on existing national surveys of hospitals and office-based physicians. These include the American Hospital Association’s AHA Information Technology Supplement Survey and the CDC National Center for Health Statistics’ annual National Electronic Health Record Survey of office-based physicians.

The reasons ONC would like to use these data sources include that they are not limited to Medicare and Medicaid EHR incentive program participants, and that both surveys have relatively high response rates.

I don’t know about you, but I was afraid things would be much worse. Measuring interoperability is quite difficult, given that just about everyone in the healthcare industry seems to have a slightly different take on what true interoperability actually is.

For example, there’s a fairly big gulf between those who feel interoperability only happens when all data flows from provider to provider, and those who feel that sharing a well-defined subset (such as that found in the Continuity of Care Document) would do the trick just fine. There is no way to address both of these models at the same time, much less the thousand shades of gray between the two extremes.

While its measures may not provide the final word on the subject, ONC has done a good job with the problem it was given, creating a model which is likely to be palatable to most of the parties involved. And that’s pretty unusual in the contentious world of health data interoperability. I hope the rollout goes equally well.

A Tale of 2 T’s: When Analytics and Artificial Intelligence Go Bad

Posted on July 13, 2016 I Written By

Prashant Natarajan Iyer (AKA "PN") is an analytics and data science professional based out of the Silicon Valley, CA. He is currently Director of Product Management for Healthcare products. His experience includes progressive & leadership roles in business strategy, product management, and customer happiness at eCredit.com, Siemens, McKesson, Healthways & Oracle. He is currently coauthoring HIMSS' next book on big data and machine learning for healthcare executives - along with Herb Smaltz PhD and John Frenzel MD. He is a huge fan of SEC college football, Australian Cattle Dogs, and the hysterically-dubbed original Iron Chef TV series. He can be found on Twitter @natarpr and on LinkedIn. All opinions are purely mine and do not represent those of my employer or anyone else!!

Editor’s Note: We’re excited to welcome Prashant to the Healthcare Scene family. He brings tremendous insights into the ever evolving field of healthcare analytics. We feel lucky to have him sharing his deep experience and knowledge with us. We hope you’ll enjoy his first contribution below.

Analytics & Artificial Intelligence (AI) are generating buzz and making inroads into healthcare informatics. Today’s healthcare organization is dealing with increasing digitization – variety, velocities, and volumes are increasing in complexity and users want more data and information via analytics. In addition to new frontiers that are opening up in structured and unstructured data analytics, our industry and its people (patients included) are recognizing opportunities for predictive/prescriptive analytics, artificial intelligence, and machine learning in healthcare – within and outside a facility’s four walls.

Trends that influence these new opportunities include:

  1. Increasing use of smart phones and wellness trackers as observational data sources, for medical adherence, and as behavior modification aids
  2. Expanding Internet of Healthcare Things (IoHT) that includes bedside monitors, home monitors, implants, etc creating data in real time – including noise (or, data that are not relevant to expected usage)
  3. Social network participation
  4. Organizational readiness
  5. Technology maturity

The potential for big data in healthcare – especially given the trends discussed earlier is as bright as any other industry. The benefits that big data analytics, AI, and machine learning can provide for healthier patients, happier providers, and cost-effective care are real. The future of precision medicine, population health management, clinical research, and financial performance will include an increased role for machine-analyzed insights, discoveries, and all-encompassing analytics.

As we start this journey to new horizons, it may be useful to examine maps, trails, and artifacts left behind by pioneers. To this end, we will examine 2 cautionary tales in predictive analytics and machine learning, look at their influence on their industries and public discourse, and finally examine how we can learn from and avoid similar pitfalls in healthcare informatics.

Big data predictive analytics and machine learning have had their origins, and arguably their greatest impact so far in retail and e-commerce so that’s where we’ll begin our tale. Fill up that mug of coffee or a pint of your favorite adult beverage and brace yourself for “Tales of Two T’s” – unexpected, real-life adventures of what happens when analytics (Target) and artificial intelligence (Tay) provide accurate – but totally unexpected – results.

Our first tale starts in 2012 when Target finds itself as a popular story on New York Times, Forbes, and many global publications as an example of the unintended consequences of predictive analytics used in personalized advertising. The story begins with an angry father in a Minneapolis, MN, Target confronting a perplexed retail store manager. The father is incensed about the volume of pregnancy and maternity coupons, offer, and mailers being addressed to this teenage daughter. In due course, it becomes apparent that the parents in question found out about their teen’s pregnancy before she had a chance to tell them – and the individual in question wasn’t aware that her due date had been estimated to within days and was resulting in targeted advertising that was “timed for specific stages of her pregnancy.”

The root cause for the loss of the daughter’s privacy, parents’ confusion, and the subsequent public debate on privacy and appropriateness of the results of predictive analytics was……a pregnancy predictive analytics model. Here’s how this model works. When a “guest” shops at Target, her product purchases are tracked and analyzed closely. These are correlated with life events – graduation, birth, wedding, etc – in order to convert a prospective customer’s shopping habits or to make that individual a more loyal customer. Pregnancy and child birth are two of the most significant life events that can result in desired (by retailers) shopping habit modification.

For example, a shopper’s 25 product purchases, when analyzed along with demographics such as gender and age, allowed the retailer’s guest marketing analytics team to assign a “pregnancy predictor to each [female] shopper and “her due date to within a small window.” In this specific case, the predictive analytics was right, even perfect. The models were accurate, the coupons and ads were appropriate for the exact week of pregnancy, and Target posted a +50% increase in their maternity and baby products sales after this predictive analytics was deployed. However, in addition to one unhappy family, Target also had to deal with significant public discussion on the “big brother” effect, individual right to privacy & the “desire to be forgotten,” disquiet among some consumers that they were being spied on including deeply personal events, and a potential public relations fiasco.

Our second tale is of more recent vintage.

As Heather Wilhelm recounts

As 2015 drew to a close, various [Microsoft] company representatives heralded a “new Golden Age of technological advancement.” 2016, we were told, would bring us closer to a benevolent artificial intelligence—an artificial intelligence that would be warm, humane, helpful, and, as one particularly optimistic researcher named […] put it, “will help us laugh and be more productive.” Well, she got the “laugh” part right.

Tay was an artificial intelligence bot released by Microsoft via Twitter on March 23, 2016 under the name TayTweets. Tay was designed to mimic the language patterns of a 19-year-old American girl, and to learn from interacting with human users of Twitter. “She was targeted at American 18 to 24-year olds—primary social media users, according to Microsoft—and designed to engage and entertain people where they connect with each other online through casual and playful conversation.” And right after her celebrated arrival on Twitter, Tay gained more than 50,000 followers, and started producing the first hundred of 100,000 tweets.

The tech blogsphere went gaga over what this would mean for those of us with human brains – as opposed to the AI kind. Questions ranged from the important – “Would Tay be able to beat Watson at Jeopardy?” – to the mundane – “is Tay an example of the kind of bots that Microsoft will enable others to build using its AI/machine learning technologies?” The AI models that went into Tay were stated to be advanced and were expected to account for a range of human emotions and biases. Tay was referred to by some as the future of computing.

By the end of Day 1, this latest example of the “personalized AI future” came unglued. Gone was the polite 19-year old girl that was introduced to us just the previous day – to be replaced by a racist, misogynistic, anti-Semitic, troll who resembled an amalgamated caricature of the darkest corners of the Internet. Examples of Tay’s tweets on that day included, “Bush did 9/11,” “Hitler would have done a better job than the #%&!## we’ve got now,” “I hate feminists,” and x-rated language that is too salacious for public consumption – even in the current zeitgeist.

The resulting AI public relations fiasco will be studied by academic researchers, provide rich source material for bloggers, and serve as a punch line in late night shows for generations to follow.

As the day progressed, Microsoft engineers were deleting tweets manually and trying to keep up with the sheer volume of high-velocity, hateful tweets that were being generated by Tay. She was taken down by Microsoft barely 16 hours after she was launched with great promise and fanfare. As was done with another AI bot gone berserk (IBM’s Watson and Urban Dictionary), Tay’s engineers tried counseling and behavior modification. When this intervention failed, Tay underwent an emergency brain transplant later that night. Gone was her AI “brain” to be replaced by the next version – only that this new version turned out to be completely anti-social and the bot’s behavior turned worse. A “new and improved” version was released a week later but she turned out to be…..very different. Tay 2.0 was either repetitive with the same tweet going out several times each second and her new AI brain seemed to demonstrate a preference for new questionable topics.

A few hours after this second incident, Tay 2.0 was “taken offline” for good.

There are no plans to re-release Tay at this time. She has been given a longer-term time out.

If you believe, Tay’s AI behaviors were a result of nurture – as opposed to nature – there’s a petition at change.org called “Freedom for Tay.”

Lessons for healthcare informatics

Analytics and AI can be very powerful in our goal to transform our healthcare system into a more effective, responsive, and affordable one. When done right and for the appropriate use cases, technologies like predictive analytics, machine learning, and artificial intelligence can make an appreciable difference to patient care, wellness, and satisfaction. At the same time, we can learn from the two significantly different, yet related, tales above and avoid finding ourselves in similar situations as the 2 T’s here – Target and Tay.

  1. “If we build it, they will come” is true only for movie plots. The value of new technology or new ways of doing things must be examined in relation to its impact on the quality, cost, and ethics of care
  2. Knowing your audience, users, and participants remains a pre-requisite for success
  3. Learn from others’ experience – be aware of the limits of what technology can accomplish or must not do.
  4. Be prepared for unexpected results or unintended consequences. When unexpected results are found, be prepared to investigate thoroughly before jumping to conclusions – no AI algorithm or BI architecture can yet auto-correct for human errors.
  5. Be ready to correct course as-needed and in response to real-time user feedback.
  6. Account for human biases, the effect of lore/legend, studying the wrong variables, or misinterpreted results

Analytics and machine learning has tremendous power to impact every industry including healthcare. However, while unleashing it’s power we have to be careful that we don’t do more damage than good.

VA May Drop VistA For Commercial EHR

Posted on July 12, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It’s beginning to look like the famed VistA EHR may be shelved by the Department of Veterans Affairs, probably to be replaced by a commercial EHR rollout. If so, it could spell the end of the VA’s involvement in the highly-rated open source platform, which has been in use for 40 years. It will be interesting to see how the commercial EHR companies that support Vista would be impacted by this decision.

The first rumblings were heard in March, when VA CIO LaVerne Council  suggested that the VA wasn’t committed to VistA. Now Council, who supervises the agency’s $4 billion IT budget, sounds a bit more resolved. “I have a lot of respect for VistA but it’s a 40-year-old product,” Council told Politico. “Looking at what technology can do today that it couldn’t do then — it can do a lot.”

Her comments were echoed by VA undersecretary for health David Shulkin, who last month told a Senate hearing that the agency is likely to replace VistA with commercial software.

Apparently, the agency will leave VistA in place through 2018. At that point, the agency expects to begin creating a cloud-based platform which may include VistA elements at its core, Politico reports. Council told the hearing that VA IT leaders expect to work with the ONC, as well as the Department of Defense, in building its new digital health platform.

Particularly given its history, which includes some serious fumbles, it’s hardly surprising that some Senate members were critical of the VA’s plans. For example, Sen. Patty Murray said that she was still disappointed with the agency’s 2013 decision back to call of plans for an EHR that integrated fully with the DoD. And Sen. Richard Blumenthal expressed frustration as well. “The decades of unsuccessful attempts to establish an electronic health record system that is compatible across the VA in DoD has caused hundreds of millions of taxpayer dollars to be wasted,” he told the committee.

Now, the question is what commercial system the VA will select. While all the enterprise EHR vendors would seem to have a shot, it seems to me that Cerner is a likely bet. One major reason to anticipate such a move is that Cerner and its partners recently won the $4.3 billion contract to roll out a new health IT platform for the DoD.

Not only that, as I noted in a post earlier this year, the buzz around the deal suggested that Cerner won the DoD contract because it was seen as more open than Epic. I am taking no position on whether there’s any truth to this belief, nor how widespread such gossip may be. But if policymakers or politicians do see Cerner as more interoperability-friendly, that will certainly boost the odds that the VA will choose Cerner as partner.

Of course, any EHR selection process can take crazy turns, and when you grow in politics the process can even crazier. So obviously, no one knows what the VA will do. In fact, given their battles with the DoD maybe they’ll go with Epic just to be different. But if I were a Cerner marketer I’d like my odds.

ONC Kicks Off Blockchain Whitepaper Contest

Posted on July 11, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Hold onto your hats, folks. The ONC has taken an official interest in blockchain technology, a move which suggests that it’s becoming a more mainstream technology in healthcare.

As you may know, blockchain is the backbone for the somewhat shadowy world of bitcoin, a “cryptocurrency” whose users can’t be traced. (For some of you, your first introduction to cryptocurrency may have been when a Hollywood, CA hospitals was forced to pay off ransomware demands with $17K in bitcoins.)

But despite its use by criminals, blockchain still has great potential for creating breakthroughs for legitimate businesses, notably banking and healthcare. Look at dispassionately, a blockchain is just a distributed database, one which maintains a continuously growing list with data records hardened against tampering and revision.

Right now, the most common use the blockchain is to serve as a public ledger of bitcoin transactions. But the concept is bubbling up in the healthcare world, with some even suggesting that blockchain should be used to tackle health data security problems.

And now, the ONC has shown interest in this technology, soliciting white papers that offer thoughtful take on how blockchain can help meet important healthcare industry objectives.

The whitepaper, which may not be no longer than 10 pages, must be submitted by July 29. (Want to participate, but don’t have time to write the paper yourself? Click here.Papers must discuss the cryptography and underlying fundamentals of blockchain technology, explain how the use of blockchain can meet industry interoperability needs, patient centered outcomes research, precision medicine and other healthcare delivery needs, as well as offering recommendations for blockchain’s implementation.

The ONC will choose eight winning papers from among the submissions. Winning authors will have an opportunity to present the paper at a Blockchain & Healthcare Workshop held at NIST headquarters in Gaithersburg, MD on September 26th and 27th.

In hosting this contest, ONC is lending blockchain approaches in healthcare a level of credibility they might not have had in the past. But there’s already a lot of discussion going on about blockchain applications for health IT.

So what are people talking about where blockchain IT is concerned? In one LinkedIn piece, consultant Peter Nichol argues that blockchain can address concerns around scalability and privacy electronic medical records. He also suggests that blockchain technology can provide patients with more sophisticated privacy control of their personal health information, for example, providers can enhance health data security by letting patients combine their own blockchain signature with a hospital’s signature.

But obviously, ONC leaders think there’s a lot more that can be done here. And I’m pretty confident that they’re right. While I’m no security or cryptocurrency expert, I know that when a technology has been kicked around for several years, and used for a sensitive function like financial exchange without racking up any major failures, it’s got to be pretty solid. I’m eager to see what people come up with!