Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Cerner, Leidos, and Accenture Win DoD EHR Project – $4.3 Billion

Posted on July 30, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

All the news at the end of the day yesterday was around Cerner (and their major partners Leidos, Accenture) winning the DoD EHR project. We’d been told the decision would come by the end of the month and you knew a decision was close once the major news organizations started writing about what a waste the DoD EHR project will be before they’d even named the winner. That’s called priming the pump. Of course, the critics make some good points about the DoD EHR project dealing with today instead of the future, and they also suggested that “We’re going to make Epic or Cerner the Standard Oil of health IT. It will become a monopoly at a time when we need to be moving to solutions that allow everyone to participate.”

I guess now that we know that Cerner has won the DoD contract, does that make them the Standard Oil of Health IT?

What we do know is that Cerner, Leidos, and Accenture were awarded the $4,336,822,777 (Our government’s so precise they got a 10 year project down to the dollar?) EHR contract with it projected to be around $9 billion over the life of the 10 year contract. That’s massive by any terms. It’s also much less than the projected $11 billion that was previously discussed. I guess competition for the DoD EHR contract brought the price down? Although, how often does the government project the costs for a project and then they balloon over the life of the project. According to Healthcare IT News, they’ll be working on bringing their first sites live in the Pacific Northwest by the end of 2016 and 1000 sites by 2022.

A lot of people have been commenting how this is a big win for Cerner and a big loss for Epic. Of course, I wrote a little over a year ago that the best thing for Epic might be to NOT win the DoD EHR contract. You can be sure that many hospital systems won’t be selecting Cerner now that they’re going to be tied up with the massive DoD EHR contract. Who does that leave? In most cases, that will leave Epic. I can’t help but wonder how many Soarian users will now decide to go to Epic instead of Cerner as well because of the Cerner win. Cerner should start working on this potential perception problem.

You can imagine the celebrations happening at the companies that won this contract. HIStalk posted a great image that shows all the partners that will be involved in the bid:
DoD EHR Partners

While they may be celebrating the contract now, it reminds me of startup companies who do big celebrations when they raise a round of funding. Those celebrations are premature since it’s really the start of all the hard work to come.

I personally lean more towards G Gordon Liddie’s comment on the HIStalk post on this subject:

Cerner will do as good a job as Epic would have done…which won’t be great. The federal government can’t pull off something like this.

I think this shares many people’s fears of a project this size. Others might suggest, if the government can’t roll out an insurance exchange website without major issues, how are they going to make an EHR roll out which is much more complex a success. I’m sure Cerner, Leidos, and Accenture will be thinking about this every day for the next 5-10 years.

Other DoD EHR Coverage:
Healthcare IT News

How Do We Balance Improved Outcomes with Protecting Personal Information?

Posted on July 29, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

There’s an interesting article by the Pacific Standard (never heard of them before now) about the “hidden market” of medical data that exists. The final paragraph provides a great summary of the challenges we face when it comes to health data:

There is no perfect way to balance the competing priorities of using big data for improved health outcomes and protecting our personal information. Opinions on which interests should come first will differ—and should. But the debate cannot be open, honest, or effective if major companies like Walgreens or Safeway are secretive about what they do. People are often generous when it comes to volunteering personal data for the purpose of advancing medicine. They are less so when it comes to enriching sellers of information. Either way, the proper course of action is disclosure. Simply put, if our medical data is being bought and sold, we deserve to know it—and have a say. Perhaps making our data available to others is as helpful to medicine as IMS claims. But shouldn’t that be up to us?

That’s the best summary of balancing improved outcomes and personal information that I’ve ever read. We all want better outcomes and I think that most of us believe that the right healthcare data will get us to better outcomes. We also all want our data to be protected from people who will use it inappropriately. The balance between the two competing priorities will never be perfect.

The reality is that there’s going to be more and more healthcare data available about all of us. Much of that data is going to be shared with a large number of organizations. Most people are just fine with that sharing assuming they believe the sharing will help them receive better care. However, there does need to be some mechanism of transparency and disclosure about when and how data is used. That doesn’t happen today, but it should happen.

The challenge is that pandora’s already out of the box. The data is already flowing a lot of places and putting in accountability now will be a real challenge. Not that I’m against challenging things, but we’re kidding ourselves if we think that accountability and transparency around where and when are data is shared is going to be easy to accomplish. First, companies are going to be dragged kicking and screaming to make it happen. Some because they know they’re doing some things that are at least in the grey area and some are totally shady. Others aren’t doing anything inappropriate, but they realize the costs to implement transparency and accountability for the health data they share is going to be very high. A high cost project that doesn’t add any more revenue is a hard business proposition.

While I’m not hopeful that we’ll see a widespread transparency about what health data’s being shared where, I do think that some forward thinking healthcare companies could push this agenda forward. It will likely happen with some of the companies who have avoided the grey and shady areas of health data sharing that want to create a competitive advantage over their competitors and build trust with their users. Then, some others will follow along.

What do you think that could be done to make health data sharing that’s happening today more transparent?

Ashley Madison Data Breach – A Lesson for Health IT

Posted on July 28, 2015 I Written By

Colin Hung is the co-founder of the #hcldr (healthcare leadership) tweetchat one of the most popular and active healthcare social media communities on Twitter. Colin is a true believer in #HealthIT, social media and empowered patients. Colin speaks, tweets and blogs regularly about healthcare, technology, marketing and leadership. He currently leads the marketing efforts for @PatientPrompt, a Stericycle product. Colin’s Twitter handle is: @Colin_Hung

The recent hack of the Ashley Madison, Cougar Life and Established Men infidelity/hookup websites has been front page news. Overnight the lives of 50 million site members (pun intended) were potentially stolen by a hacker group calling itself “The Impact Team”. The Washington Post and CNBC have great articles on the details of the hack.

As the story unfolded I became more and more fascinated, not because of the scandalous nature of the data, but because I believe this hack is a lesson for all of us that work in #HealthIT.

The value of the data that is held in EHRs and other health apps is somewhat debatable. There have been claims that a single health record is worth 10-200 times more than credit card data on the black market. The higher value is due to the potential access to prescription medications and/or the potential to use health data to commit Medicare fraud. A recent NPR post indicates that the value of a single patient’s record is approximately $470 but there is not a lot of strong evidence to support this valuation (see John Lynn’s post on this topic here).

While $470 may seem like a lot, I believe that for many patients, the reputational value of their health data is far higher. Suppose, for example you were a patient at a behavioral health clinic. You have kept your treatment secret. No one in your family or your employer know about it. Now suppose that your clinic’s EHR was breached and a hacker asked you for $470 to keep your data from being posted to the Internet. I think many would seriously consider forking over the cash.

To me this hypothetical healthcare situation is analogous to what happened with Ashley Madison. The membership data itself likely has little intrinsic value (even credit card data is only worth a few dollars). HOWEVER, the reputational value of this data is extremely high. The disruption and damage to the lives of Ashley Madison customers is enormous (though some say well deserved).

The fall-out for the company behind Ashley Madison (Avid Life Media – a Canadian company) will also be severe. They have completely lost the trust of their customers and I do not believe that any amount of market spin or heart-felt apology will be enough to save them from financial ruin.

I believe what Avid Life Media is going through is what most small-medium sized clinics and #HealthIT vendors would face if all their patient data was exposed. Patients would utterly lose faith and take their business elsewhere (though admittedly that might be a little harder if other clinic choices were not covered by your insurance). Even if the organization could afford the HHS Office for Civil Rights fines for the data breach, the impact of lost patients and lost trust would be more devastating.

With the number of health data breaches increasing, how long before healthcare has its own version of Ashley Madison? We need to do more to protect patient data, it can no longer be an after-thought. Data security and privacy need to be part of the design process of software and of healthcare organizations.

Life’s short. Secure your data!

Funny Codes Exist in ICD-9 Too…And It Hasn’t Been An Issue

Posted on July 27, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I was recently thinking about ICD-10 and how in many ways it’s been a punchline of jokes since there are some pretty crazy ICD-10 codes. I’ve enjoyed the crazy and funny ICD-10 codes as much as the next person (we all need a good laugh on occasion), but I think it’s generally been bad for the move of ICD-10. Now that I think ICD-10 will not be delayed again, ICD-10 is no joke.

With that in mind, I wanted to put the funny ICD-10 code discussion to rest. So, I asked on Twitter if there were any “funny” ICD-9 codes (of course if you have any of these things, it wouldn’t be too funny). In response to my tweet, Jennifer Della’Zanna created this great post that puts the “funny” ICD-10 codes in perspective. She also provided me this list of ICD-9 codes that could possibly be considered funny codes as well:

E928.4 External constriction caused by hair
E918 Caught accidentally in or between objects
E005.1 Injury from activities involving yoga
E913.3 Accidental mechanical suffocation by falling earth or other substance
E018.2 Injury from activities involving string instrument playing
E827.4 Animal drawn vehicle accident injuring occupant of streetcar
E845.0 Accident involving spacecraft injuring occupant of spacecraft
E905.4 Centipede and venomous millipede (tropical) bite causing poisoning and toxic reactions
E917.7 Striking against or struck by furniture with subsequent fall
E927.1 Overexertion from prolonged static position
E927.2 Excessive physical exertion
E928.0 Prolonged stay in weightless environment

You could see a nice sticker with a picture for E905.4 as a centipede bite, that’s funnier than the full description. That’s what’s happened with many of the ICD-10 codes that are made into jokes. However, that misses my point. My point is that we’ve had some funny ICD-9 codes for a long time and it’s never been an issue. The ICD-10 codes that have been made into jokes won’t be an issue either. It’s time to move on to the ICD-10 codes that do matter and make sure we’re ready for ICD-10 come October 1st.

Healthcare Standard Proliferation Comic

Posted on July 24, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

It’s Friday and I’m in Utah where today is a state holiday (think a second July 4th party). What does all that mean? It’s time for another Fun Friday post. I thought this comic that Dan Munro shared would be perfect:

I think the only modification we need is to have it say “See: Healthcare.” If you want to make this educational, the comic does point out some other places we could look to see where standard proliferation has been a problem. Or you could just enjoy the humor and head for the weekend. Either way, Happy Friday!

More EHR Consolidation – Modernizing Medicine Acquires gMed

Posted on July 22, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve been writing and tracking the EHR consolidation world for a long time. It’s always fascinating to me to see how various EHR companies merge, shut down, or build their own little (and sometimes big) empire. Today I was greeted by the announcement that Modernizing Medicine had acquired gMed. I found the announcement pretty ironic since I keynoted both companies EHR user conference last year. So, I know both companies really well.

On face, they are both companies in southern Florida and so that’s going to make the transition a lot easier. Not to mention the competition for talent in the area as they grow will be a lot easier with the combined company. I talked to Dan Cane, CEO and co-founder of Modernizing Medicine, and Joe Rubinsztain, MD, CEO and founder of gMed, today about the acquisition. They told me that the combined companies will have roughly 10,000 specialty providers and 420 employees. Plus, Dan Cane commented that they expect to add over 50 to that head count over the next little while. Dan also noted that if you use meaningful use attestation data (which is a decent, but faulty proxy for EHR market share) then it puts the combined companies in the top 15 of EHR vendors. That’s pretty interesting considering they only serve a handful of medical specialties.

I’ve recently written about the power of a specialty EHR company and both of these companies had been executing the specialty specific EHR approach with great success. Who doesn’t like a piece of software that’s customized uniquely for their needs?

I asked Dan and Joe about the future plans for the two software platforms. They’re cognizant that gMed has been so successful in the marketplace because of the tight integration between its PM, EHR, and endoscopy report writer. So, I got the feeling that Modernizing Medicine will be very careful to not “disrupt the apple cart.” Although, I think Modernizing Medicine is keenly interested in taking gMed’s 18 years of experience in gastroenterology and incorporating that knowledge and expertise into the Modernizing Medicine technology. So, I think we’ll see this play out slowly and once Modernizing Medicine has caught their product up to gMed, we’ll see them sunset the gMed software. That could be a year or two at least.

There’s one caveat to all of that though. First, gMed has a PM and Modernizing Medicine doesn’t have one. I asked if Modernizing Medicine would start using the gMed PM. They won’t (at least for now) and I think that’s because Modernizing Medicine wants a truly integrated PM if they’re going to roll out their own PM. Plus, gMed’s PM has so many gastro specific features that I’m not sure it would be a good fit for a dermatologist (one of Modernizing Medicine’s best specialties). My guess is that Modernizing Medicine will utilize gMed’s PM experience to finally roll out their own PM, but we’ll see. They certainly have plenty to tackle when it comes to gastro EHR and deciding what they want to do with the endoscopy report writer which is very popular and important part of what set gMed apart from other EHR vendors.

I respect both gMed and Modernizing Medicine. So, I’m really interested to see what’s going to happen with the combined companies.

Eyes Wide Shut – Making the Most of Meaningful Use, for Healthcare Providers, Insurers, and Patients

Posted on July 21, 2015 I Written By

Mandi Bishop is a hardcore health data geek with a Master's in English and a passion for big data analytics, which she brings to her role as Dell Health’s Analytics Solutions Lead. She fell in love with her PCjr at 9 when she learned to program in BASIC. Individual accountability zealot, patient engagement advocate, innovation lover and ceaseless dreamer. Relentless in pursuit of answers to the question: "How do we GET there from here?" More byte-sized commentary on Twitter: @MandiBPro.

When I ask a room of 100 health plan leaders, “how many of you know what HL7 is,” and only a third raise their hands, I realize there had been a “Meaningful Use” for my recent travels through the healthcare provider system and its maze of regulatory and payer mandates. I navigated change management hell in order to inform my future endeavors. I came out on the other side of an attestation nightmare with the knowledge to educate others who are embarking on extensions of that journey. This “Eyes Wide Shut” series has come full-circle.

For those who have followed this series, a quick update on the fate of the IDN highlighted throughout earlier posts: they have not yet successfully attested to all Meaningful Use Stage 2 measures across all the inpatient facilities and ambulatory practices. However, the continuing changes to attestation criteria (specifically, the engagement measures that caused so much consternation) may allow them to squeak in under the wire in fiscal year 2016 before penalties kick in. Although I’m no longer directly involved in the IDN’s pursuit of multi-EMR integration excellence, I am a “beneficiary” of those encounter data normalization efforts, as I am back to working with payer clients who are leveraging this clinically-integrated network. And I’m still having to adjust for inconsistencies in identity management rules, coding practices, and clinical workflow differences across each of the offices (and departments within offices), as I integrate their information with the insurer’s data ecosystem.

I began this series on my (woefully neglected) personal blog, almost 2 years ago: Eyes Wide Shut: Seeing the Dark Side of Health IT Mandates and Meaningful Use. Coming from the health insurance world, I had no idea of the magnitude of healthcare provider process impacts resulting from regulatory and payer demands (nee, mandates). I was insensitive to the plight of the independent general practitioner, and the size of the budget required to implement a certified EMR, let alone populate it with any patient history or integrate it with existing scheduling or billing processes. I didn’t realize that my request for chart data to support HEDIS measures would involve more work than simply clicking an indicator in an EMR configuration screen to suddenly send me my heart’s desire of data elements. I would never have believed that certified software would not be tested for conformance to code-level specifications (only visual output tests).

To all my clinician and provider office-worker friends: I am sorry for all the ways in which this ignorance may have contributed to the new reality forced on practitioners of medicine to also be data-entry clerks/contract lawyers/IT experts. Personally, I want my doctor to be my doctor. So, I’m dedicating the next leg of my career journey aligning all healthcare system actors to what should always have been our higher purpose: contributing positively to the health and well-being of the individuals and populations we serve.

When I initially began writing this post, I thought I’d be using it to end the series.

Instead, I’m just embarking on a new chapter: the post-provider world of healthcare actor convergence.

Interview with Dell’s New Chief Medical Officer, Dr. Nick van Terheyden

Posted on July 20, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Long time readers will know that we’ve regularly done videos with Dr. Nick (@DrNic1). He’s one of my favorite people to sit down with and talk healthcare IT. I first met Dr. Nick when he was CMO of MModal, but our relationship really flourished when he was CMO at Nuance and we shared a cab together to the airport at one of the healthcare IT conferences. Ever since then I’ve counted him a good friend and someone I enjoyed talking about anything healthcare IT related. The beauty with Dr. Nick is that you can go pretty deep with him on any science and technology topic.

With this in mind, I was excited to hear that Dr. Nick was just announced as Dell Healthcare & Life Sciences new Chief Medical Officer (CMO). Dell has a really large healthcare practice thanks to their acquisition of Perot Systems and a number of other acquisitions. Dell will be lucky to have Dr. Nick on their team.

As part of the announcement, I did a short interview with Dr. Nick (see below) to talk about what excited him about the opportunity to work at Dell and the place social media played in his hire. We’ll let Dr. Nick get a few months under his belt at Dell and then I’m sure I’ll have him on for another live G+ video hangout as well.
Dr Nick - CMO at Dell Healthcare
What excited you about Dell that inspired you to switch jobs and become CMO of Dell?
This was such an exciting opportunity with a dynamic company that has a big focus on healthcare that starts at the top with Michael Dell and traverses all the way through the organization that has assembled an outstanding collection of technology, resources but above all talented people that are dedicated to solving the issues we face in healthcare. When I looked at the breadth of what Dell could offer its customers, paired with amazing talent, it felt like a perfect match and one that offered me personally an incredible opportunity to have a positive impact on healthcare delivery systems around the world.

You’re only a few days on the job, but as you’ve gone through the process are their misconceptions about Dell that you now realize that aren’t true?
Yes. Of course the first thought everyone has is that Dell is a PC and hardware company and while this remains a major part of the organization, they have also received the ranking of number one provider of healthcare services in the world by Gartner! That position was achieved by assembling a first class talented team that have a wide range of skills and deep industry knowledge that is broader than healthcare and taps into the success and knowledgeable from many other vertical markets and industries. As one of the healthcare interoperability experts shared with me “I’ve been making systems talk to each other that aren’t supposed to for 20+ years”. His passion is achieving that goal to free data from the confines of individual systems and is typical of the skills and passion of the people working here. Interoperability is a major focus area for healthcare systems and rightly subject to significant scrutiny and pressure form regulatory bodies – working side by side people who come from other industries and bring new ideas and an urgency to solving problems is exhilarating for me. Tie that to a Unified Clinical Cloud archive that has over 9 Billion images today stored for customers designed to allow frictionless sharing of images and you can see this is an organization that can offer solutions to some of the most fundamental and pressing issues we face today

As Michael Dell puts it: Technology has always been about enabling human potential

And this is especially true in medicine where we have struggled to maintain the physician patient interaction that is the central tenet of good care. Clinicians want to focus on the patient and not the technology and that’s what the patients want too – they like the technology but not when it intrudes on their personal relationship with the doctor. This is one of the key drivers at Dell throughout their business and I’m excited to be bringing this to healthcare

You and Dell have both been doing a lot more work with healthcare internationally. What excites you about healthcare IT internationally?
Healthcare is personal for all of us and this is true worldwide. The problems and success we have here in the US are similar to those in other countries but colored by local customs, historical differences in building out healthcare in the country and varying levels of resources. We stand to learn so much from each other, learning from mistakes and benefiting from each other’s successes. I have had the privilege and fortune of working in many countries and am always amazed at the ingenuity and resourcefulness applied with pragmatic solutions that offer useful insights that can be applied elsewhere. Dell has huge presence in so many countries and markets that is combined with a brand name recognition that offers remarkable scope to share our knowledge and experiences around the world and for me personally the opportunity to learn from them and gather market insights from the widest stet of stake holders to guide our future direction.

It seems like Dell has hired some real social media rockstars starting with @MandiBPro and now you.  How do you think your social presence impacted your hire for good or bad?
Dell has been a stand out for me in Social Media – so much so I called them out in my presentation at HIMSS15: MasterChef in Healthcare – Integrating Social Media as a company demonstrating the value of social media engagement and showing others how to effectively capitalize on this untapped resource.

My social media activity has opened so many doors for me and was an important factor in landing the job at Dell and a positive aspect that attracted me to working at the company. Social media has allowed me to stay connected to people, learn a ton from others and build a community online that I wouldn’t otherwise be able to reach.

I could not be more excited to be joining an incredible pioneer, mentor and innovator in healthcare social media @MandiBPro. I’m excited to be here at Dell to see how they do it and learn from the experts and at the same time share my own thoughts and ideas around the value and contribution I think this medium can have to doctors, health systems and patients.

Are you excited to be working with someone as passionate as Mandi Bishop (@MandiBPro)?
Who wouldn’t be – Mandi is such an inspiration and so much fun to be around online and IRL. Now I get to hang out with her more often and with more learning opportunities. Her drive, insights and positive energy is infectious. In fact it was one of her many posts talking about how excited she was working at Dell that were instrumental in steering me towards the company and this role.

How would you describe your job duties as CMO at Dell?  Will we still see you around at all the major conferences?
You bet – I will be present at many of the major conferences sharing the Dell vision and strategy and helping get the message out that Dell is the partner to be working with helping you navigate the challenging waters in healthcare. I will be responsible for providing strategic insight to help Dell advance its support of healthcare organizations, medical professionals and patients through information-enabled healthcare and working with our clients gathering insights and direction and helping them navigate clinical issues and applying innovative solutions in an increasingly complex healthcare industry.

What would you describes as Dell’s top healthcare initiatives?
Dell has a wide range of services that span EHR Application Services, Strategy Consulting, Integration/Interoperability, Imaging, Revenue Cycle, Cloud Based secure storage and Business Intelligence and Analytics

But it extends to new and emerging areas that include Patient Engagement, social media and mobility and includes the FDA-approved personalized medicine clinical trial for pediatric cancer and work on a genomics cloud storage and analysis system.

The wow for me was that Dell already has a vast amount of products, solutions and data along with insights that they are already integrating across multiple platforms. I can’t wait to share more on some of the projects the Dell team are working on soon.

Assuming I’m invited back to another Dell Healthcare Think Tank, describe what it will be like having Mandi, you, and me on the same panel. #DoMoreHIT
It’s like plutonium – separately plutonium is interesting, produces some interesting and exciting results and has some fascinating properties….but when you put enough of it together you get something huge and impressive. Sharing the stage and building on each other’s strengths, insights, energy and enthusiasm will be an electrifying session.

Patient Data Breach at UCLA Hospital System Possibly Impacting 4.5 Million Patients

Posted on July 17, 2015 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The LA Times is reporting that UCLA Health System has had a data breach possibly affecting 4.5 million patients. It’s the usual story of a HIPAA breach of this size. They saw some abnormal activity on one of their systems that contained a large amount of patient records. They don’t have any evidence that such data was taken, but hackers are usually really good about not leaving a trail when they take records.

Here’s some comments from UCLA Health as quoted in the LA Times article linked above:

“We take this attack on our systems extremely seriously,” said Dr. James Atkinson, interim associate vice chancellor and president of the UCLA Hospital System.

In an interview, Atkinson said the hospital saw unusual activity in one of its computer servers in October. An investigation confirmed in May that the hackers had gained access to patient information.

“They are a highly sophisticated group likely to be offshore,” he said. “We really don’t know. It’s an ongoing investigation.”

I have yet to see a hospital say they don’t take a breach seriously. I’ve also never seen a hospital say that they were hacked by unsophisticated hackers that exploited their poor security (although, you can be sure that happens in every industry). Of course it had to be a sophisticated attack for them to breach their amazing security, right?

What’s not clear to me is why it took them so long to confirm they’d been hacked. The LA Times article says that they saw the unusual activity in October and it took until May to confirm that “the hackers had gained access to patient information.” Now we’re just getting the public notification in July? All of that seems long, but maybe the attack was just that sophisticated.

What’s scary for me is that these types of breaches have become so common place that I’m not surprised and it’s not shocking. In fact, they’ve almost become standard. Next up will be UCLA Health System setting up some type of credit protection service for their patients assuming there was some financial data there as well. I don’t think we should treat these breaches as normal. They should be a wake up call to everyone in the industry, but I’m sorry to say that it feels more like the norm than the exception.

Patient Safety and EHR’s: Q&A with Two Companies Striving to Make a Difference – Breakaway Thinking

Posted on July 15, 2015 I Written By

The following is a guest blog post by Lori Balstad, Learning and Development Specialist at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Lori Balstad
While electronic health records (EHRs) have been in existence since the late 1960s, it wasn’t until almost 30 years later that the Institute of Medicine (IOM) concluded that healthcare would be safer with computerized physician order entry, estimating that 100,000 Americans die each year from preventable adverse events. Now in 2015, most have heard the frightening number of deaths per year due to medical errors—400,000—or more than 1,000 lost lives in the U.S. every day. Preventable medical errors cause the third most deaths in the U.S., right after heart disease and cancer. With many organizations either upgrading old systems or making the decision on their first EHR, it is critical that patient safety is the ultimate goal.

Enter two companies striving towards this goal on both sides of the process:  The Breakaway Group and Sociotechnologix.

The Breakaway Group, A Xerox Company, is committed to ensuring healthcare organizations gain value from technology.   Our innovative approach using “flight simulators” allows users to practice new workflows and reinforce the handoffs required to achieve the quality and safety outcomes they expect. Our research-based solution expedites end-user adoption of new technologies and using the EHR system to its full potential.  This results in fewer errors, and a higher level of care.  Healthcare professionals adopt new applications faster, giving back critical time for providers to do what they do best – care for patients.

Sociotechnologix works to help healthcare organizations understand the influence of culture and leadership on safety and quality of care.  The implementation of technology can create significant patient risk when not used correctly or when system issues are ignored post go-live.  Sociotechnologix uses a validated assessment to measure HIT safety.  This focus on organizational culture drives organizations to integrate quality initiatives into every aspect of care.  They recently launched a tool that allows providers to quickly and easily identify patient safety risks in their EHR.  The application called SafeHIT, provides detailed analytics on the safety, usability, and workflow, from the perspective of clinicians to prioritize safety issues. As sighted by Westat in a report for The Office of the National Coordinator for Health IT (ONC), “Examining health IT incidents within the context of the socio-technical model enables organizations to look beyond the incident to understand it in the context of the people who use the system and the other technologies and processes affected by health IT. Understanding these interactions enables high-reliability organizations to make improvements to their health IT systems when flaws in the systems are identified that can lead to patient harm.”

In the following Q&A, we discuss how EHRs impact patient safety and how each company hopes to improve it. The individuals interviewed from each company are Dr. Heather Haugen, CEO and Managing Director of The Breakaway Group, and Dr. Michael Woods, a Principal of Sociotechnologix, LLC.

Question #1: How must healthcare change to ensure proper use of EHRs for improved safety?

Heather: We must move beyond an implementation mindset.  The hard work begins when the technology is installed.  An EHR is simply one tool we can use to improve care processes.  It requires clinical leadership and a long term commitment to achieve the promise of the EHR- improved quality and safety.

Michael: No one would give their child a medication the FDA had not approved as safe and effective, yet we don’t think twice about having our child cared for in a hospital that has implemented an EHR whose safety and efficacy for patients (and users) hasn’t been systematically demonstrated. Clinical leaders and their organizations will not be able to optimize quality and patient safety without committing to a structured methodology to capture, track, and fix the EHR safety, usability, and workflow issues encountered daily on the frontline of care.

Question #2: Can you share examples of how your company helps improve patient safety?

Heather: We are witnessing a unique time in healthcare.  Healthcare leaders face an increasing number of competing priorities with fewer resources every year.  If we continue to quickly push more technology into clinical care processes without ensuring users are proficient, we will experience an increase in errors and negative impact on quality and safety.  By mimicking the clinical environment, we can easily assess end user proficiency in their actual workflow before they use the live system.  These clinicians are less likely to make an error and learn the system faster.  Giving clinicians time back to focus on the patient and properly use the tools results in safer care.

Michael: We use a sociotechnical approach to assess an organization’s overall patient safety. HIT is one of three components in our model, but it has profound impact on the other two, culture and process. In consulting to a number of organizations, we consistently found EHRs leave frontline caregivers frustrated, cognitively burdened (culture), and forcing workarounds (processes) to the EHR to ensure their patients aren’t harmed. We’ve never heard a frontline caregiver say, “Gosh, our HIT system is just so awesome — it’s so intuitive, easy to use, and safe for our patients.” On the other side of the fence, our data tells us our information technology (IT) colleagues are paralyzed by the sheer volume of (legitimate) frontline complaints (“tickets”), often with no way to categorize, prioritize, and track what issues are creating real safety risks, or which HIT usability issue is costing 10’s or even 100’s of thousands of dollars per year in lost efficiency. It’s for these reasons we created SafeHIT™, a mobile, SaaS-based application for real-time, frontline reporting and advanced analytics of HIT safety, usability, & workflow issues. SafeHIT brings the clinical and IT folks together collaboratively to solve HIT problems, leveraging in-App, bi-directional, highly secure communication.

Question #3: How can companies like The Breakaway Group and Sociotechnologix work together to improve patient safety?

Heather: Both organizations are passionate about improving patient safety through research-based solutions.  We understand patient safety is a complex issue that must be addressed from multiple touch points in the organization.  By pairing our solutions, an organization can address safety across the care continuum – from the leadership culture of safety to how providers use technology to deliver the highest quality of care.

Michael: Heather is spot-on. Sociotechnologix talks about EHR ROS – return on safety – an EHR system that actually helps the entire sociotechnical environment (culture, processes, and technology) be safer. Combining the methodologies and data streams from The Breakaway Group and Sociotechnologix creates a truly unique — and frankly, for the first time — complete approach to not just the initial EHR implementation, but ongoing and sustained EHR proficiency, safety, usability, and workflow optimization, while stopping the pandemic, ongoing lost efficiency costs associated with sub-optimal adoption and usability.

Many government organizations and institutions have also recognized the need to evaluate health IT’s role in patient safety over the last few years. The ONC has funded numerous reports and projects for this very reason and holds meetings with the Agency for Healthcare Research and Quality (AHRQ) to coordinate health IT and patient safety.  AHRQ has recently awarded $4 million in new research grants to improve the safety of health IT. More information can be found at

Focusing on processes to ensure better use of health IT, from the true adoption of applications to how they are being used in real time and what issues arise, will make us all safer and provide a better patient experience. The right intentions have been there for 50 years.  We’ve had successes and growth, and are getting better at defining the needs of patients, providers, and organizations to reach the ultimate goal of safety.

Xerox is a sponsor of the Breakaway Thinking series of blog posts. The Breakaway Group is a leader in EHR and Health IT training.