Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

8 Million Virginia Patient Records for $10 Million

Posted on May 5, 2009 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’m not sure how many of my readers have heard about the Virginia Prescription Monitoring Program being hacked yesterday. The Prescription Monitoring Program is used by pharmacists and others to discover prescription drug abuse. The story gets really interesting since it looks like the hackers encrypted over 8 million patient records and over 35 million prescriptions. Then, the hackers posted the following note on the Virginia Prescription Monitoring Program website (according to wikileaks):

“I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.”

The website has now been entirely disabled and just times out if you try to visit the site.

The Washington Post blog has reported the following:

Sandra Whitley Ryals, director of Virginia’s Department of Health Professions, declined to discuss details of the hacker’s claims, and referred inquires to the FBI.

“There is a criminal investigation under way by federal and state authorities, and we take the information security very serious,” she said.

A spokesman for the FBI declined to confirm or deny that the agency may be investigating.

Whitley Ryals said the state discovered the intrusion on April 30, after which time it shut down Web site site access to dozens of pages serving the Department of Health Professions. The state also has temporarily discontinued e-mail to and from the department pending the outcome of a security audit, Whitley Ryals said.

“We do have some of systems restored, but we’re being very careful in working with experts and authorities to take essential steps as we proceed forward,” she said. “Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete.”

Seems interesting that 5 days after they discovered the intrusion the website is still not back online. Must have been a pretty serious hack job.

The Washington Post also explained that this is the second such extortion attack using patient health care data.

In October 2008, Express Scripts, one of the nation’s largest processors of pharmacy prescriptions, disclosed that extortionists were threatening to disclose personal and medical information on millions of Americans if the company failed to meet payment demands. Express Scripts is currently offering a $1 million reward for information leading to the arrest and conviction of the individual(s) responsible for trying to extort money from the company.

Stories like this will set back any sort of RHIO or national HIE movement. Sure makes you think about the security of it all. What is interesting is that the patient data doesn’t seem to have much value outside of extortion. Otherwise, I’d think those who breached the system would have used it in some other way.

Definition of Meaningful Use

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’re all still sitting here waiting for the government to finally decide two key terms in regards to gaining access to the $18 billion in stimulus money in the HITECH act (ARRA). I’ve been interested in the subject myself since before it was even settled that we’d call it meaningful use as opposed to meaningful EMR user. From the looks of that post back in February, there was still a lot of confusion about “meaningful use” and “certified EHR.”

Turns out that a few months later, we still have very little clarification about what these two terms mean. Certified EHR discussion has really revolved around CCHIT certification or some other alternative. We’ll try to leave that discussion for other posts. What has been interesting is in just the past week or two there has been a literal flood of people offering their perspective on meaningful use. Sometimes I like to be on the cutting edge of these definitions (like I was in the link above) and other times I like to sit back and let them play out. This time I’ve been letting it play out and it’s really interesting to see the multitude of perspectives.

I’m not planning on writing my own plan for how they should do meaningful use. I may do that at a later time if so inclined. For now, I’ll just focus on highlighting points from what other people have suggested and provide commentary that will hopefully enhance people’s understanding of this complicated mandate (yes, that means this post will be quite long).

I think it’s reasonable to first point you to the NCVHS hearing on “Meaningful Use” of Health Information Technology. This matters, because at the end of the days hearings like these are where most of the information are going to come. Then, with the information from these hearing decisions will be made. The other sources like blogs won’t carry nearly as much weight (although it’s unfortunate that more politicians aren’t listening).

John Chilmark on Meaningful Use
Next, I’ll go to one of my newly found favorite bloggers named John Chilmark (any coincidence we’re both named John). John from Chilmark Research commented that HHS is bringing together the “usual suspects” to discuss “meaningful use. Chilmark also states that the following criteria are what’s required for meaningful use:

  1. Electronic Prescribing
  2. Quality Metrics Reporting
  3. Care Coordination

I’m not sure where he got this list, but this list feels kind of weak if you ask me. In fact, John suggests that these requirements will be simple and straightforward and first and then ratcheted-up in future years. Interesting idea to consider. I hope that they do draft the requirements for meaningful use in a way that it can be changed in the future if it turns out to not be producing the results it should be producing.

John Halamka on Meaningful Use
Next up, the famous John (another John) Halamka, Chief of every Health IT thing (at least in Boston), calls defining “meaningful use” “the most critical decision points of the new administration’s healthcare IT efforts.” He’s dead on here. In fact, it might not be the most critical decision for healthcare IT, but for healthcare in general as well. Here’s John Halamka’s prediction for how “meaningful use” will be defined:

My prediction of meaningful use is that it will focus on quality and efficiency. It will require electronic exchange of quality measures including process and outcome metrics. It will require coordination of care through the transmission of clinical summaries. It will require decision support driven medication management with comprehensive eRx implementation (eligibility, formulary, history, drug/drug interaction, routing, refills).

Basically, he’s predicting inter operable EMR software and ePrescribing with a little decision support sprinkled on top. I won’t be surprised if this is close to the final definition. The only thing missing is the reporting that will be required to the government. The government needs this data to fix Medicare and Medicaid (more on that in another post).

Blumenthal Comment to Government Health IT
Government Health IT has a nice quote from David Blumenthal that says: “The forthcoming definition of the “meaningful use” of health information technology will set the direction of the Obama administration’s strategy for health IT adoption, said David Blumenthal, the new national coordinator for health IT.”

I think there’s little doubt that David Blumenthal has a good idea of the importance of the decisions ahead. What should be interesting is to see how involved Obama is in these very important decisions. I’m guessing Obama won’t do much more than sign a paper to make it happen. I just hope I’m wrong.

HIMSS Definition of Meaningful Use
Here’s a short summary of the HIMSS definition of “meaningful use”

According to HIMSS officials, EHR technology is “meaningful” when it has capabilities including e-prescribing, exchanging electronic health information to improve the quality of care, having the capacity to provide clinical decision support to support practitioner order entry and submitting clinical quality measures – and other measures – as selected by the Secretary of Health and Human Services.

Basically, e-prescribing, interoperability and clinical decision support. Turns out a BNET Healthcare article suggested the same conclusion “The consensus of physician and industry representatives was that meaningful use should include interoperability, the ability to report standard quality measures, and advanced clinical decision-making.”

I think we’re starting to see a bit of a pattern here. I should say that these are all very good things, but the challenge I see is that any requirement needs to be easily and consistently measured. Interoperability and clinical decision support are both very difficult to measure. Just wait until they see the variety of software that tries to do those two things. It’s very difficult to measure it consistently across so many EHR software.

Wow!! I barely even got started on this subject. Instead of belaboring the point, let me just point you to some other interesting readings about the HITECH Act, ARRA, and “meaningful use.”

Please let me know if there are other good sources for perspectives on defining “meaningful use.” This really is a landmark decision for healthcare IT.

New EMR, EHR and Voice Recognition Advertisers

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Over the past 6 months, this blog has grown beyond anything I thought was imaginable. Being a blogger definitely has its ups and down, but overall I just love being able to share my perspectives on what’s become the incredibly interesting area of electronic medical record.

Along with the growth in visitors to EMR and HIPAA, I’m also glad to welcome a couple new advertisers. You may have already seen their ads in the sidebars, but I’m really proud to have this group of quality advertisers on EMR and HIPAA. Here’s a quick look at the latest additions:

DigiDMS EHR – This EHR company calls themselves “Your Virtual Medical Practice Secretary.” Originally started in 2001 and built for a specific doctor’s office, they’re a rather new EHR company that can benefit from having built on some later technology. A young energetic group that I’ve really enjoyed working with. Take a look and see what their EHR has to offer.

EMR Consultant, EHR Scope, EHR TV and Speech Recognition – This family of websites is a really nice addition to the EMR and HIPAA advertisers. I’ve known the owner of these websites for almost the entire time I’ve done this blog and he’s a stand up doctor who really cares about the EMR industry. That’s really reflected in the quality of the tools he offers.

Welcome to these new advertisers! Looking forward to continued growth of EMR and HIPAA.