Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

What Would A Community Care Plan Look Like?

Posted on November 16, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Recently, I wrote an article about the benefits of a longitudinal patient record and community care plan to patient care. I picked up the idea from a piece by an Orion Health exec touting the benefits of these models. Interestingly, I couldn’t find a specific definition for a community care plan in the article — nor could I dig anything up after doing a Google search — but I think the idea is worth exploring nonetheless.

Presumably, if we had a community care plan in place for each patient, it would have interlocking patient-specific and population health-level elements to it. (To my knowledge, current population health models don’t do this.) Rather than simply handing patients off from one provider to another, in the hope that the rare patient-centered medical home could manage their care effectively on its own, it might set care goals for each patient as part of the larger community strategy.

With such a community care strategy, groups of providers would have a better idea where to allocate resources. It would simultaneously meet the goals of traditional medical referral patterns, in which clinicians consult with one another on strategy, and help them decide who to hire (such as a nurse-practitioner to serve patient clusters with higher levels of need).

As I envision it, a community care plan would raise the stakes for everyone involved in the care process. Right now, for example, if a primary care doctor refers a patient to a podiatrist, on a practical level the issue of whether the patient can walk pain-free is not the PCP’s problem. But in a community-based care plan, which help all of the individual actors be accountable, that podiatrist couldn’t just examine the patient, do whatever they did and punt. They might even be held to quantitative goals, if the they were appropriate to the situation.

I also envision a community care plan as involving a higher level of direct collaboration between providers. Sure, providers and specialists coordinate care across the community, minimally, but they rarely talk to each other, and unless they work for the same practice or health system virtually never collaborate beyond sharing care documentation. And to be fair, why should they? As the system exists today, they have little practical or even clinical incentive to get in the weeds with complex individual patients and look at their future. But if they had the right kind of community care plan in place for the population, this would become more necessary.

Of course, I’ve left the trickiest part of this for last. This system I’ve outlined, basically a slight twist on existing population health models, won’t work unless we develop new methods for sharing data collaboratively — and for reasons I be glad to go into elsewhere, I’m not bullish about anything I’ve seen. But as our understanding of what we need to get done evolves, perhaps the technology will follow. A girl can hope.

Apple’s Healthcare Data Plans Become Clearer

Posted on October 3, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Though it’s not without competitors, I’d argue that Apple’s HealthKit has stood out since its inception, in part because it was relatively early to the game (mining patient-centered data) and partly because Apple products have a sexy reputation. That being said, it hasn’t exactly transformed the health IT industry either.

Now, though, with the acquisition of Gliimpse, a startup which pulls data from disparate EMRs into a central database, it’s become clearer what Apple’s big-picture goals are for the healthcare market – and if its business model works out they could indeed change health data industry.

According to a nifty analysis by Bloomberg’s Alex Webb, which quotes an Apple Health engineer, the technology giant hopes to see the health data business evolve along the lines of Apple’s music business, in which Apple started with a data management tool (the iPod) then built a big-bucks music platform on the device. And that sounds like an approach that could steal a move from many a competitor indeed.

Apple’s HealthKit splash
Apple made a big splash with the summer 2014 launch of HealthKit, a healthcare data integration platform whose features include connecting patient generated health data with traditional systems like the Epic EMR. It also attracted prominent partners like Cedars-Sinai Medical Center and Ochsner Health System within a year or so of its kickoff.

Still, the tech giant has been relatively quiet about its big-picture vision for healthcare, leaving observers like yours truly wondering what was up. After all, many of Apple’s health data moves have been incremental. For example, a few months ago I noted that Apple had begun allowing users to store their EMR data directly in its Health app, using the HL7 CCD standard. While interesting, this isn’t exactly an earth-shattering advance.

But in his analysis — which makes a great deal of sense to me – Bloomberg’s Webb argues that Apple’s next act is to take the data it’s been exchanging with wearables and put it to better use. Apple’s long-awaited big idea is to turn Apple’s HealthKit into a system that can improve diagnoses, sources told Bloomberg.

Also, Apple intends to integrate health records as closely with its proprietary devices as possible, offering not only data collection but suggestions for better health in a manner that can’t be easily duplicated on Android platforms. As Webb rightly points out, such a move could undermine Google’s larger healthcare plans, by locking consumers into Apple technology and discouraging a switch to the Google Fit health tracking software.

Big vision, big questions
As we know, even a company with the reputation, cash and proprietary user base enjoyed by Apple is far from a shoo-in for consumer health data dominance. (Consider the fate of Microsoft HealthVault and Google Health.) Its previous successes have come, as noted, by creating a channel then dominating that channel, but there’s no guarantee it can pull off such a trick this time.

For one thing, the wearables market is highly fragmented, and Apple is far from being the leader. (According to one set of stats, Fitbit had 25.4% of the global wearables market as of Q2 ’16, Xiaomi 14%, and Apple just 7%.) That doesn’t bode well for starting a health tracker-based revolution.

On the other hand, though, Apple did manage to create and dominate a channel in the music business, which is also quite resistant to change and dominated by extremely entrenched powers that be. If any upstart healthcare player could make this happen, it’s probably Apple. It will be interesting to see whether Apple can work its magic once again.

Can Machine Learning Tame Healthcare’s Big Data?

Posted on September 20, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

Big data is both a blessing and a curse. The blessing is that if we use it well, it will tell us important things we don’t know about patient care processes, clinical improvement, outcomes and more. The curse is that if we don’t use it, we’ve got a very expensive and labor-hungry boondoggle on our hands.

But there may be hope for progress. One article I read today suggests that another technology may hold the key to unlocking these blessings — that machine learning may be the tool which lets us harvest the big data fields. The piece, whose writer, oddly enough, was cited only as “Mauricio,” lead cloud expert at Cloudwards.net, argues that machine learning is “the most effective way to excavate buried patterns in the chunks of unstructured data.” While I am an HIT observer rather than techie, what limited tech knowledge I possess suggests that machine learning is going to play an important role in the future of taming big data in healthcare.

In the piece, Mauricio notes that big data is characterized by the high volume of data, including both structured and non-structured data, the high velocity of data flowing into databases every working second, the variety of data, which can range from texts and email to audio to financial transactions, complexity of data coming from multiple incompatible sources and variability of data flow rates.

Though his is a general analysis, I’m sure we can agree that healthcare big data specifically matches his description. I don’t know if you who are reading this include wild cards like social media content or video in their big data repositories, but even if you don’t, you may well in the future.

Anyway, for the purposes of this discussion, let’s summarize by saying that in this context, big data isn’t just made of giant repositories of relatively normalized data, it’s a whirlwind of structured and unstructured data in a huge number of formats, flooding into databases in spurts, trickles and floods around the clock.

To Mauricio, an obvious choice for extracting value from this chaos is machine learning, which he defines as a data analysis method that automates extrapolated model-building algorithms. In machine learning models, systems adapt independently without any human interaction, using automatically-applied customized algorithms and mathematical calculations to big data. “Machine learning offers a deeper insight into collected data and allows the computers to find hidden patterns which human analysts are bound to miss,” he writes.

According to the author, there are already machine learning models in place which help predict the appearance of genetically-influenced diseases such as diabetes and heart disease. Other possibilities for machine learning in healthcare – which he doesn’t mention but are referenced elsewhere – include getting a handle on population health. After all, an iterative learning technology could be a great choice for making predictions about population trends. You can probably think of several other possibilities.

Now, like many other industries, healthcare suffers from a data silo problem, and we’ll have to address that issue before we create the kind of multi-source, multi-format data pool that Mauricio envisions. Leveraging big data effectively will also require people to cooperate across departmental and even organizational boundaries, as John Lynn noted in a post from last year.

Even so, it’s good to identify tools and models that can help get the technical work done, and machine learning seems promising. Have any of you experimented with it?

Improving Clinical Workflow Can Boost Health IT Quality

Posted on August 18, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

At this point, the great majority of providers have made very substantial investments in EMRs and ancillary systems. Now, many are struggling to squeeze the most value out of those investments, and they’re not sure how to attack the problem.

However, according to at least one piece of research, there’s a couple of approaches that are likely to pan out. According to a new survey by the American Society for Quality, most healthcare quality experts believe that improving clinical workflow and supporting patients online can make a big diference.

As ASQ noted, providers are spending massive amounts of case on IT, with the North American healthcare IT market forecast to hit $31.3 by 2017, up from $21.9 billion in 2012. But healthcare organizations are struggling to realize a return on their spending. The study data, however, suggests that providers may be able to make progress by looking at internal issues.

Researchers who conducted the survey, an online poll of about 170 ASQ members, said that 78% of respondents said improving workflow efficiency is the top way for healthcare organizations to improve the quality of their technology implementations. Meanwhile, 71% said that providers can strengthen their health IT use by nurturing strong leaders who champion new HIT initiatives.

Meanwhile, survey participants listed a handful of evolving health IT options which could have the most impact on patient experience and care coordination, including:

  • Incorporation of wearables, remote patient monitoring and caregiver collaboration tools (71%)
  • Leveraging smartphones, tablets and apps (69%)
  • Putting online tools in place that touch every step of patient processes like registration and payment (69%)

Despite their promise, there are a number of hurdles healthcare organizations must get over to implement new processes (such as better workflows) or new technologies. According to ASQ, these include:

  • Physician and staff resistance to change due to concerns about the impact on time and workflow, or unwillingness to learn new skills (70%)
  • High cost of rolling out IT infrastructure and services, and unproven ROI (64%)
  • Concerns that integrating complex new devices could lead to poor interfaces between multiple technologies, or that haphazard rollouts of new devices could cause patient errors (61%)

But if providers can get past these issues, there are several types of health IT that can boost ROI or cut cost, the ASQ respondents said. According to these participants, the following HIT tools can have the biggest impact:

  • Remote patient monitoring can cut down on the need for office visits, while improving patient outcomes (69%)
  • Patient engagement platforms that encourage patients to get more involved in the long-term management of their own health conditions (68%)
  • EMRs/EHRs that eliminate the need to perform some time-consuming tasks (68%)

Perhaps the most interesting part of the survey report outlined specific strategies to strengthen health IT use recommended by respondents, such as:

  • Embedding a quality expert in every department to learn use needs before deciding what IT tools to implement. This gives users a sense of investment in any changes made.
  • Improving available software with easier navigation, better organization of medical record types, more use of FTP servers for convenience, the ability to upload records to requesting facilities and a universal notification system offering updates on medical record status
  • Creating healthcare apps for professional use, such as medication calculators, med reconciliation tools and easy-to-use mobile apps which offer access to clinical pathways

Of course, most readers of this blog already know about these options, and if they’re not currently taking this advice they’re probably thinking about it. Heck, some of this should already be old hat – FTP servers? But it’s still good to be reminded that progress in boosting the value of health IT investments may be with reach. (To get some here-and-now advice on redesigning EMR workflow, check out this excellent piece by Chuck Webster – he gets it!)

E-Patient Update:  Registration Can Add Value To Care 

Posted on August 15, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For those of you who end up seeking care in hospital emergency departments now and again, the following will probably be familiar. You’re spending the precious few minutes you get with the ED doc discussing your situation, having a test done or asking a nurse some rather personal questions, and a hapless man or woman shows up and inserts themselves into the moment. Why? Because they want to collect registration information.

While these clerks are typically pleasant enough, and their errand relatively brief, their interruption has consequences. In my case, their entry into the room has sometimes caused a nurse or doctor to lose their train of thought, or an explanation in progress was never finished. As if that weren’t irritating enough, the registration clerk – at least at my local community hospital – typically asks questions I’ve already answered previously, or asks me to sign forms I could easily have reviewed at an earlier stage in the process.

Not only that, there have been at least a couple of situations in which a nurse or doctor was so distracted by the clerk’s arrival that some reasonably important issues didn’t get handled. Don’t get me wrong, the skilled team at this facility recovered and addressed these issues before they could escalate, but there’s no guarantee that this will always happen, particularly if the patient isn’t used to keeping track of their care process.

Also, given that alarm fatigue is already leading to patient care mistakes and near-misses, it seems odd that this hospital would squeeze yet another distraction into its ED routine. At least the alarms are intended to serve as clinical decision support and avoid needless errors. Collecting my street address a second time doesn’t rise to that level of importance.

Of course, hospitals need the information the clerk collects, for a variety of legal and operational reasons. I have no problem signing a form giving it permission to bill my insurer, affirming that I don’t need disability accommodations or agreeing to a facility’s “no smoking on campus” policy. And I certainly want any provider that treats me to have full and accurate insurance information, as I obviously don’t want to be billed for the care myself!  But is it really necessary to interrupt a vital care process to accomplish this?

As I see it, verifying registration information could be done much more effectively if it took place at a different point in the sequence of care – at the moment when physicians decide whether to discharge or admit that patient.  After all, if the patient is well enough to answer questions and sign forms while lying in an ED bed, they’re likely to remain so through the admissions process, and verify their financial and personal information once they’re settled (or even while they’re waiting to be transported to their bed). Meanwhile, if the patient is being discharged, they could just as easily provide signatures and personal data as they prepare to leave.

But the above would simply make registration less intrusive. What about adding real value to the process, for both the hospital and the patient? Instead of having a clerk gather this information, why not provide the patient with a tablet which presents the needed information, allowing patients to enter or edit their personal details at leisure.

Then, as they digitally sign off on registration, it would be a great time to ask the patient a few details which help the facility understand the patient’s need for support and care coordination. Why not find out, before the patient is discharged, whether they have a primary care doctor or relevant specialist, whether they can afford their medications, whether they can get to post-discharge visits and the like? This improves results for the patient and ties in with a value-based focus on continuity of care.

These days, it’s not enough just to eliminate pointless workflow disruptions. Let’s leverage the amazing consumer IT platforms we have to make things better!

VA May Drop VistA For Commercial EHR

Posted on July 12, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

It’s beginning to look like the famed VistA EHR may be shelved by the Department of Veterans Affairs, probably to be replaced by a commercial EHR rollout. If so, it could spell the end of the VA’s involvement in the highly-rated open source platform, which has been in use for 40 years. It will be interesting to see how the commercial EHR companies that support Vista would be impacted by this decision.

The first rumblings were heard in March, when VA CIO LaVerne Council  suggested that the VA wasn’t committed to VistA. Now Council, who supervises the agency’s $4 billion IT budget, sounds a bit more resolved. “I have a lot of respect for VistA but it’s a 40-year-old product,” Council told Politico. “Looking at what technology can do today that it couldn’t do then — it can do a lot.”

Her comments were echoed by VA undersecretary for health David Shulkin, who last month told a Senate hearing that the agency is likely to replace VistA with commercial software.

Apparently, the agency will leave VistA in place through 2018. At that point, the agency expects to begin creating a cloud-based platform which may include VistA elements at its core, Politico reports. Council told the hearing that VA IT leaders expect to work with the ONC, as well as the Department of Defense, in building its new digital health platform.

Particularly given its history, which includes some serious fumbles, it’s hardly surprising that some Senate members were critical of the VA’s plans. For example, Sen. Patty Murray said that she was still disappointed with the agency’s 2013 decision back to call of plans for an EHR that integrated fully with the DoD. And Sen. Richard Blumenthal expressed frustration as well. “The decades of unsuccessful attempts to establish an electronic health record system that is compatible across the VA in DoD has caused hundreds of millions of taxpayer dollars to be wasted,” he told the committee.

Now, the question is what commercial system the VA will select. While all the enterprise EHR vendors would seem to have a shot, it seems to me that Cerner is a likely bet. One major reason to anticipate such a move is that Cerner and its partners recently won the $4.3 billion contract to roll out a new health IT platform for the DoD.

Not only that, as I noted in a post earlier this year, the buzz around the deal suggested that Cerner won the DoD contract because it was seen as more open than Epic. I am taking no position on whether there’s any truth to this belief, nor how widespread such gossip may be. But if policymakers or politicians do see Cerner as more interoperability-friendly, that will certainly boost the odds that the VA will choose Cerner as partner.

Of course, any EHR selection process can take crazy turns, and when you grow in politics the process can even crazier. So obviously, no one knows what the VA will do. In fact, given their battles with the DoD maybe they’ll go with Epic just to be different. But if I were a Cerner marketer I’d like my odds.

FHIR Product Director Speaks Out On FHIR Hype

Posted on June 6, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

To date, all signs suggest that the FHIR standard set has tremendous promise, and that FHIR adoption is growing by leaps and bounds. In fact, one well-connected developer I spoke with recently argues that FHIR will be integrated into ONC’s EHR certification standards by 2017, when MACRA demands its much ballyhooed “widespread interoperability.”

However, like any other new technology or standard, FHIR is susceptible to being over-hyped. And when the one suggesting that FHIR fandom is getting out of control is Grahame Grieve, FHIR product director, his arguments definitely deserve a listen.

In a recent blog post, Grieve notes that the Gartner hype cycle predicts that a new technology will keep generating enthusiasm until it hits the peak of inflated expectations. Only after falling into te trough of disillusionment and climbing the slope of enlightenment does it reach the plateau of productivity, the Gartner model suggests.

Now, a guy who’s driving FHIR’s development could be forgiven for sucking up the praise and excitement around the emerging standard and enjoying the moment. Instead, though, it seems that Grieve thinks people are getting ahead of themselves.

To his way of thinking, the rate of hype speech around FHIR continues to expand. As he sees it, people are “[making] wildly inflated claims about what is possible, (wilfully) misunderstanding the limitations of the technology, and evangelizing the technology for all sorts of ill judged applications.”

As Grieve sees it, the biggest cloud of smoke around FHIR is that it will “solve interoperability.” And, he flatly states, it’s not going to do that, and can’t:

FHIR is two things: a technology, and a culture. I’m proud of both of those things…But people who think that [interoperability] will be solved anytime soon don’t understand the constraints we work under…We have severely limited ability to standardise the practice of healthcare or medicine. We just have to accept them as they are. So we can’t provide prescriptive information models. We can’t force vendors or institutions to do things the same way. We can’t force them to share particular kinds of information at particular times. All we can do is describe a common way to do it, if people want to do it.

The reality is that while FHIR works as a means of sharing information out of an EHR, it can’t force different stakeholders (such as departments, vendors or governments) to cooperate successfully on sharing data, he notes. So while the FHIR culture can help get things done, the FHIR standard — like other standards efforts — is just a tool.

To be sure, FHIR seems to have legs, and efforts like the Argonaut Project — which is working to develop a first-generation FHIR-based API and Core Data Services specification — are likely to keep moving full steam ahead.

But as Grieve sees it, it’s important to keep the pace of FHIR work deliberate and keep fundamentals like solid processes and well-tested specifications in mind: “If we can get that right — and it’s a work in process — then the trough of despair won’t be as deep as it might.”

Vendors Bring Heart And Lung Sounds To EHR

Posted on June 3, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

In what they say is a first, a group of technology vendors has teamed up to add heart and lung sounds to an EMR. The current effort extends only to the drchrono EHR, but if this rollout works, it seems likely that other vendors will follow, as adding multimedia content to patient medical records is a very logical step.

Urgent care provider Direct Urgent Care, a Berkeley, CA-based urgent care provider with 30,000 patients, is rolling out the Eko Core Digital Stethoscope for use by physicians. The heart and lung sounds will be recorded by the digital stethoscope, then transmitted wirelessly to a phone- or tablet-based mobile app. The app, in turn, uploads the audio files to the drchrono HR.

Ordinarily, I’d see this as an early experiment in managing multimedia health data and leave it at that. But two things make it more interesting.

One is that the Eko Core sells for a relatively modest $299, which is not bad for an FDA-cleared device. (Eko also sells an attachment for $199 which digitizes and records sounds captured by traditional analog stethoscopes, as well as streaming those files to the Eko app.) The other is that the recorded sounds can be shared with remote specialists such as cardiologists and pulmonologists, which seems valuable on its face even if the data doesn’t get stored within an EMR.

Not only that, this rollout underscores a problem just been given too little attention. At present, what I’ve seen, few EMRs incorporated anything beyond text. Even radiology images, which have been digital for ages (and managed by sophisticated PACS platforms) typically aren’t accessible to the EMR interface. In fact, my understanding is that PACS data is another silo that needs to be broken down.

Meanwhile, medical practices and hospitals are increasingly generating data that doesn’t fit into the existing EMR template, from sources such as wearables, health apps and video consults. Neither EMR developers nor standards organizations seem to have kept up with the influx of emerging non-text data, so virtually none of it is being integrated into patient records yet.

In other words, not only is it interesting to note that an EMR vendor is incorporating audio into medical records, at a modest cost, it’s worth taking stock of what it can teach us about enriching digital patient records overall.

Eventually, after all, patients will be able to capture — with some degree of accuracy — multimedia content that includes not only audio, but also ultrasound recordings, EKG charts and more. Of course, these self-administered tests and will never replace a consult by a skilled clinician, but there certainly are situations in which this data will be relevant.

When you also bear in mind that the number of telemedicine consults being conducted is growing dramatically, and that these, too, offer insights that could become part of a patient’s chart, the need to go beyond text-based EMRs becomes even more evident.

So maybe the Eko/drchrono partnership will work out, and maybe it won’t. But what they’re doing matters nonetheless.

Time To Leverage EHR Data Analytics

Posted on May 5, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

For many healthcare organizations, implementing an EHR has been one of the largest IT projects they’ve ever undertaken. And during that implementation, most have decided to focus on meeting Meaningful Use requirements, while keeping their projects on time and on budget.

But it’s not good to stay in emergency mode forever. So at least for providers that have finished the bulk of their initial implementation, it may be time to pay attention to issues that were left behind in the rush to complete the EHR rollout.

According to a recent report by PricewaterhouseCoopers’ Advanced Risk & Compliance Analytics practice, it’s time for healthcare organizations to focus on a new set of EHR data analytics approaches. PwC argues that there is significant opportunity to boost the value of EHR implementations by using advanced analytics for pre-live testing and post-live monitoring. Steps it suggests include the following:

  • Go beyond sample testing: While typical EHR implementation testing strategies look at the underlying systems build and all records, that may not be enough, as build efforts may remain incomplete. Also, end-user workflow specific testing may be occurring simultaneously. Consider using new data mining, visualization analytics tools to conduct more thorough tests and spot trends.
  • Conduct real-time surveillance: Use data analytics programs to review upstream and downstream EHR workflows to find gaps, inefficiencies and other issues. This allows providers to design analytic programs using existing technology architecture.
  • Find RCM inefficiencies: Rather than relying on static EHR revenue cycle reports, which make it hard to identify root causes of trends and concerns, conduct interactive assessment of RCM issues. By creating dashboards with drill-down capabilities, providers can increase collections by scoring patients invoices, prioritizing patient invoices with the highest scores and calculating the bottom-line impact of missing payments.
  • Build a continuously-monitored compliance program: Use a risk-based approach to data sampling and drill-down testing. Analytics tools can allow providers to review multiple data sources under one dashboard identify high-risk patterns in critical areas such as billing.

It’s worth noting, at this point, that while these goals seem worthy, only a small percentage of providers have the resources to create and manage such programs. Sure, vendors will probably tell you that they can pop a solution in place that will get all the work done, but that’s seldom the case in reality. Not only that, a surprising number of providers are still unhappy with their existing EHR, and are now living in replacing those systems despite the cost. So we’re hardly at the “stop and take a breath” stage in most cases.

That being said, it’s certainly time for providers to get out of whatever defensive crouch they’ve been in and get proactive. For example, it certainly would be great to leverage EHRs as tools for revenue cycle enhancement, rather than the absolute revenue drain they’ve been in the past. PwC’s suggestions certainly offer a useful look on where to go from here. That is, if providers’ efforts don’t get hijacked by MACRA.

Breach Affecting 2.2M Patients Highlights New Health Data Threats

Posted on April 4, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A Fort Myers, FL-based cancer care organization is paying a massive price for a health data breach that exposed personal information on 2.2 million patients late last year. This incident is also shedding light on the growing vulnerability of non-hospital healthcare data, as you’ll see below.

Recently, 21st Century Oncology was forced to warn patients that an “unauthorized third party” had broken into one of its databases. Officials said that they had no evidence that medical records were accessed, but conceded that breached information may have included patient names Social Security numbers, insurance information and diagnosis and treatment data.

Notably, the cancer care chain — which operates on hundred and 45 centers in 17 states — didn’t learn about the breach until the FBI informed the company that it had happened.

Since that time, 21st Century has been faced with a broad range of legal consequences. Three lawsuits related to the breach have been filed against the company. All are alleging that the breach exposed them to a great possibility of harm.  Patient indignation seems to have been stoked, in part, because they did not learn about the breach until five months after it happened, allegedly at the request of investigating FBI officials.

“While more than 2.2 million 21st Century Oncology victims have sought out and/or pay for medical care from the company, thieves have been hard at work, stealing and using their hard-to-change Social Security numbers and highly sensitive medical information,” said plaintiff Rona Polovoy in her lawsuit.

Polovoy’s suit also contends that the company should have been better prepared for such breaches, given that it suffered a similar security lapse between October 2011 and August 2012, when an employee used patient names Social Security numbers and dates of birth to file fraudulent tax refund claims. She claims that the current lapse demonstrates that the company did little to clean up its cybersecurity act.

Another plaintiff, John Dickman, says that the breach has filled his life with needless anxiety. In his legal filings he says that he “now must engage in stringent monitoring of, among other things, his financial accounts, tax filings, and health insurance claims.”

All of this may be grimly entertaining if you aren’t the one whose data was exposed, but there’s more to this case than meets the eye. According to a cybersecurity specialist quoted in Infosecurity Magazine, the 21st Century network intrusion highlights how exposed healthcare organizations outside the hospital world are to data breaches.

I can’t help but agree with TrapX Security executive vice president Carl Wright, who told the magazine that skilled nursing facilities, dialysis centers, imaging centers, diagnostic labs, surgical centers and cancer treatment facilities like 21st are all in network intruders’ crosshairs. Not only that, he notes that large extended healthcare networks such as accountable care organizations are vulnerable.

And that’s a really scary thought. While he doesn’t say so specifically, it’s logical to assume that the more unrelated partners you weld together across disparate networks, it multiplies the number of security-related points of failure. Isn’t it lovely how security threats emerge to meet every advance in healthcare?