Quantcast
Channel: Healthcare IT News - Electronic Health Records (EHR, EMR)
Viewing all 1989 articles
Browse latest View live

Healthcare pros more suspicious of all EHR vendors after eClinicalWorks scandal

0
0

The eClinicalWorks scandal is eroding the trust that healthcare professionals, IT and others have in their electronic health records vendors, a new survey shows.

Thirty-five percent of respondents to a small research study said that they are now “significantly more suspicious of other EHR vendors,” than they were before the U.S. Department of Justice’s landmark $155 million settlement with eClinicalWorks.

[Also: Customer says eClinicalWorks holding patient data 'hostage']

What’s more, 27 percent indicated that the deal decreased their confidence in the EHR vendor they are currently using, according to Reaction Data, which polled 113 people. Respondents were comprised primarily of physicians that actually use EHRs, as well as CIOs, CEO, administrators and operations pros. 

“A big takeaway from this is the unfortunate level of distrust that providers generally feel toward all EHR suppliers,” the researchers wrote.

Almost immediately after word of the settlement spread on May 31, speculation arose that the DOJ would widen its investigations to include other electronic health records vendors to root out any potential wrongdoing under the False Claims Act. The attorney listed on DOJ settlement materials declined to comment on future cases for a previous article and, as of now, no ensuring cases have been announced.

[Also: CMS won't punish eClinicalWorks customers for meaningful use EHR attestations]

While hospitals, EHR vendors, government agencies and other healthcare professionals hold their breath hoping a DOJ probe doesn’t happen to them, 71 percent of participants said they are “extremely unlikely to consider eClinicalWorks in the future.”

Another big issue is how many existing clients will exercise the option mandated by the DOJ to either upgrade their eClinicalWorks software or have their data transferred to a competitor’s EHR.

That’s hard to say at this point -- particularly given that 61 percent of respondents using a rival’s EHR and the 41 percent of eClinicalWorks customers indicated they were not even familiar with the settlement yet.

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

Embattled eClinicalWorks racks up 3 more new customers

0
0

Even though eClinicalWorks recently was nailed with a $155 million settlement from the Department of Justice for falsely obtaining meaningful use certification, healthcare organizations are still signing up with the electronic health records vendor for technology and services.

The latest organizations to become eClinicalWorks clients include Central Florida ACO, NEXT ACO of Nature Coast and Space Coast ACO, all three contracts are for the vendor’s Population Health Management technology for their combined 90 providers and more than 17,000 beneficiaries. This will help all three organizations close gaps in the coordination of care, manage cost and utilization, and improve clinical quality outcomes, eClinicalWorks said.

[Also: eClinicalWorks scores federally qualified health center contract despite EHR fraud case]

Since the settlement, in fact, eClinicalWorks announced in mid-June that its client Eagle Physicians & Associates exchanged health data with hospitals running rival Epic’s EHR through the Carequality Interoperability Framework. The news came after the vendor said earlier in the month that federally qualified health center Ezras Choilim signed on for its EHR and population health cloud services.

Eagle Physicians needed a way to link with Cone Health to share patient records at the point of care, according to Robert Fried, MD, CMIO at Eagle Physicians. Fried said that eClinicalWorks put “significant resources into interoperability and providing it to users at no additional cost.”

Ezras Choilim CEO Joel Mittleman said the FQHC chose eClinicalWorks to advance patient and community outcomes. The eClinicalWorks platform, the organizations said, should streamline operations while offering Ezras Choilim’s 36 providers access to patients’ medical history. The population health and care planning for behavioral health services should allow the FQHC to improve care transitions across various settings and deliver preventative care to certain patients, the organizations added.

[Also: eClinicalWorks connects Eagle Physicians with Epic EHR at Novant, Wake Forest Baptist, Cone Health]

Central Florida ACO, NEXT ACO of Nature Coast and Space Coast ACO will be using the eClinicalWorks Population Health Management system, which was designed to provide healthcare organizations with visibility into a patient’s care across all settings, facilitate smooth transitions of care, engage patients and providers in preventative care, improve outcomes among populations, and reduce costs, the vendor said.

“We understand the delivery of healthcare is changing,” said Jay Chowdappa, MD, CEO of Central Florida ACO, NEXT ACO of Nature Coast and Space Coast ACO. “To improve the coordination and communication among providers, we have adopted the value-based care model. Partnering with eClinicalWorks has provided the tools to better understand our patient population and enable enhanced patient care.”

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

The biggest healthcare breaches of 2017 (so far)

0
0
Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20slideshow.png
Slideshow Description: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is, unfortunately, following suit. From organizations with exposed, unused websites to unencrypted storage drives, health organizations appear to still have much to learn about security.

This gallery highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

Updated July 10, 2017

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach108k2.png
Slideshow Title: 
Bupa global health insurance
Slideshow Description: 

A Bupa employee -- who has since been fired -- copied private information from global health insurance policies, which cover those who frequently travel or work overseas.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-IndianaMedicaid.png
Slideshow Title: 
Indiana Medicaid
Slideshow Description: 

Indiana’s Health Coverage Program said that patient data was left open via a live hyperlink to an IHCP report until DXC Technology, which offers IT services to Indiana Medicaid, found the link on May 10. That report, DXC said, contained patient data including name, Medicaid ID number, name and address of doctors treating patients, patient number, procedure codes, dates of services and the amount Medicaid paid doctors or providers.​

There were 1.1 million enrolled in Indiana's Medicaid & CHIP program in April 2017 according to KFF.org.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN-DataBreach-22k.png
Slideshow Title: 
Cleveland Medical Associates
Slideshow Description: 

While the compromised computer was both locked and encrypted, the forensic investigation team couldn’t determine with certainty if there was unauthorized access to patient data during the April 21 attack.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach500k.png
Slideshow Title: 
Airway Oxygen
Slideshow Description: 

Michigan-based Airway Oxygen was hit by a ransomware attack in April that may have compromised the data of 500,000 clients, the home medical equipment supplier reported to the U.S. Department of Health and Human Services on June 23. The hacker gained access to the network and installed ransomware, which shut employees out of the system where personal health information was stored.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-6K.png
Slideshow Description: 

Data has been dumped from two healthcare providers in a game the hacker, TheDarkOverlord, is calling: “A Business a Day.” The hacker leaked 6,000 patient records on June 8 from Feinstein & Roe MDs in Los Angeles and 6,300 patient records from La Quinta Center for Cosmetic Dentistry on June 9.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-1M.png
Slideshow Description: 

A hard drive containing the personal data of about 1 million people was stolen from Washington State University in April. The University discovered a locked safe that contained the hard drive was stolen from a WSU storage unit in Olympia. The stolen data is from survey participants and contained names, Social Security numbers and, for some, personal health data.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-undisclosed.png
Slideshow Description: 

California-based Torrance Memorial Medical Center notified patients that two email accounts containing work-related reports were hit by a phishing attack in April. Officials didn’t reveal how many patients were affected, and the incident is not on the Office of Civil Rights’ breach reporting site.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%204-8million.png
Slideshow Title: 
Molina Healthcare
Slideshow Description: 

Molina Healthcare, a major Medicaid and Affordable Care Act insurer, shut down its patient portal on May 26 in response to a security flaw that exposed patient medical claims data without requiring authentication, according to security researche Ben Krebs. At the time, it’s unclear how long the vulnerability was in place. Ben Krebs was first made aware of the security flaw in April through an anonymous tip, which could allow any Molina patient to access other patients’ medical claims by simply changing a single number in the URL.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/breaches-150-countries.png
Slideshow Title: 
National Health Service in England and Scotland
Slideshow Description: 

The National Health Service in England and Scotland was hit by a large ransomware attack that has affected at least 16 of its organizations on May 12. The organization launched an investigation and determined the ransomware is likely the Wanna Decrytor. It’s one of the most effective ransomware variants on the dark web, and at the moment, there is no decryptor available. Within two days, 150 countries were affected by the #wannacry ransomware.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014633k.png
Slideshow Title: 
New Jersey Diamond Institute
Slideshow Description: 

The third-party server that hosts the electronic health records of New Jersey Diamond Institute for Fertility and Menopause was hacked by an unauthorized individual, exposing protected health information of 14,633 patients.

The database and EHR system was encrypted, which prevented the hackers from gaining access, officials said. However, many supporting documents stored on the hacked server were left unencrypted and could have been accessed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2093k.png
Slideshow Title: 
Harrisburg Gastroenterology
Slideshow Description: 

Pennsylvania-based Harrisburg Gastroenterology is notifying patients that their records might have been breached. The Health and Human Services Department’s Office for Civil Rights’ Wall of Shame lists the breach at 93,323 records on a network server exposed because of a hacking/IT incident.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20millions.png
Slideshow Title: 
Bronx-Lebanon Hospital Center
Slideshow Description: 

Tens of thousands, and possibly up to millions, of patient records at Bronx-Lebanon Hospital Center in New York City were exposed in a recent data breach, according to the Kromtech Security Research Center, which uncovered the records on May 3. The records were part of a backup managed by iHealth Innovations, the research center said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20180k.png
Slideshow Title: 
Aesthetic Dentistry and OC Gastrocare
Slideshow Description: 

Dark Web hacker TheDarkOverlord has released 180,000 patient records from three hacks, DataBreaches.net revealed May 4. More than 3,400 patient records were released from New York City-based Aesthetic Dentistry, 34,100 from California’s OC Gastocare and 142,000 Tampa Bay Surgery Center. TDO used a Twitter account to post a link to a site that allows any user to download the patient databases from these organizations.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20500k.png
Slideshow Title: 
Children health records
Slideshow Description: 

The patient records of about 500,000 children are up for grabs on the dark web, a hacker named Skyscraper told DataBreaches.net on April 26. These records contain both child and parent names, Social Security numbers, phone numbers and addresses. DataBreaches didn’t name the breached organizations but also said that another 200,000 records were stolen from elementary schools. The amount of breached records for pediatricians reported to the Department of Health and Human Services’ Office of Civil Rights is not equal to that number, meaning many of these providers are likely unaware their data has been exposed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2020k.png
Slideshow Title: 
Lifespan
Slideshow Description: 

Providence-based Lifespan, Rhode Island's largest health network, has notified about 20,000 of its patients that a laptop theft may have exposed their sensitive information. The health organization said an employee's MacBook was taken after a car break-in on Feb. 25. The employee immediately contacted both law enforcement and Lifespan officials, who were able to change the employee’s credentials used to access Lifespan system resources.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20918k.png
Slideshow Title: 
HealthNow Networks
Slideshow Description: 

The personal health data of 918,000 seniors was posted online for months, after a software developer working for HealthNow Networks uploaded a backup database to the internet, an investigation by ZDNet and DataBreaches.net found. Boca Raton, Florida-based HealthNow Networks is a telemarketing company that used to provide medical supplies to mostly seniors who rely on diabetic equipment. However, it’s no longer a registered business as of 2015, when it failed to file an annual report with Florida authorities. The software developer was contracted to build a customer database for HealthNow Networks, but the developer told researchers it was "too much work."

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2055k.png
Slideshow Title: 
ABCD Children's Pediatrics
Slideshow Description: 

A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers. Investigators determined it was the Dharma virus, a variant of the Crisis ransomware family. While this virus doesn’t typically exfiltrate data, the provider was unable to rule it out, officials said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2080k.png
Slideshow Title: 
Washington University School of Medicine
Slideshow Description: 

A Washington University School of Medicine employee fell victim to a phishing attack that may have compromised 80,270 patient records. The medical school learned of the incident on Jan. 24 -- seven weeks after the phishing attack occurred on Dec. 2, officials said in a statement. The employee responded to a phishing email designed to look like a legitimate request. As a result, an unauthorized party may have gained access to employee email accounts that contained patient data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2017k.png
Slideshow Title: 
Metropolitan Urology Group
Slideshow Description: 

This Milwaukee-based provider began notifying patients that a November ransomware attack may have exposed their personal data. There were 17,634 patients affected, according to the U.S. Department of Health and Human Services' Office for Civil Rights. Two of Metropolitan Urology’s servers were infected by the virus, which may have exposed data of patients between 2003 and 2010. Officials said the data contained names, patient account numbers, provider identification, medical procedure codes and data of the provided services. About 5 percent of these patients had their Social Security numbers exposed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20years%20vuln.png
Slideshow Title: 
Denton Heart Group
Slideshow Description: 

An unencrypted hard drive that contained seven years of backup electronic health record data was stolen from the Denton Health Group, a member of the HealthTexas Provider Network. The backup files contained a hoard of patient data from 2009 until 2016: Names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014k.png
Slideshow Title: 
Brand New Day
Slideshow Description: 

In March, the Medicare-approved health plan notified 14,005 patients of a potential breach of electronic protected health information after an unauthorized access through a third-party vendor system. On Dec. 28, Brand New Day discovered that an unauthorized user had accessed the ePHI provided to one of its HIPAA business associates on Dec. 22. The access occurred through a vendor system used by a contracted provider, officials said.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2022k.png
Slideshow Title: 
Singh and Arora Oncology Hematology
Slideshow Description: 

In February, the Flint, Michigan, cancer center notified 22,000 patients of a breach discovered in August 2016. Hackers had access to the practice's server between February and July of 2016, local affiliate ABC12 reported. The files contained names, Social Security numbers, addresses, phone numbers, dates of birth, CPT codes and insurance information.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2010k.png
Slideshow Title: 
Verity Medical Foundation-San Jose Medical Group
Slideshow Description: 

Verity Medical Foundation-San Jose Medical Group website, part of the Verity Health System in Redwood City, California, was hacked, exposing the data of 10,164 patients. Verity includes six California hospitals, the Verity Medical Foundation and Verity Physician Network. An unauthorized user hacked into the website from October 2015 until it was discovered by Verity Health on January 6. The website was no longer in use.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20220k.png
Slideshow Title: 
CoPilot Provider Support Services
Slideshow Description: 

More than a year after discovering a potential breach to its websites, healthcare administrative services and IT provider, CoPilot Provider Support Services notified 220,000 patients and doctors who used its service. An unauthorized user breached one of CoPilot's databases, used by both healthcare providers and patients, in October 2015, according to officials. The hacker downloaded files that contained names, dates of birth, addresses, phone numbers, health insurers and some Social Security numbers of some users. No financial, medical treatment or other information was accessed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2043-ransom.png
Slideshow Title: 
Indiana-based Cancer Services
Slideshow Description: 

The server and back-up drive of Muncie, Indiana-based Cancer Services of East Central Indiana-Little Red Door were hacked and the data stripped, encrypted and taken for ransom by the cybercriminal organization, TheDarkOverlord, or TDO, the agency revealed Jan. 18. The hack took place on Jan. 11. TDO asked for 50 bitcoin, or about $43,000, in ransom, first in a text message to the personal cellphones of the company’s executive director, president and vice president. Officials said, TDO followed up in a form letter and several emails that contained extortion threats and promises to contact family members of the cancer patients, donors and community partners.

Read the full article.

Teaser: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is unfortunately following suit. This gallery highlights some of the biggest breaches in healthcare -- and points to mistakes to avoid in the future.

Thumbnail: 
biggest healthcare breaches 2017
Custom OAS pagetag: 
Primary topic: 
Disable Auto Tagging: 

Mayo Clinic kicks off massive Epic EHR go-live

0
0

Mayo Clinic officially hit a milestone in its $1.5 billion system-wide Epic implementation over the weekend: The first 24 sites went live on July 8. 

The organizations said on Monday that by 2018 Epic will replace Mayo’s current three EHRs, which include rivals Cerner and GE Healthcare, as the hospital system’s sole electronic health record platform. 

[Also: Silicon gurney: EHR go-lives turn hospitals into software shops]

"Health care has become significantly more complex and data intensive. Mayo Clinic’s reach has expanded from one location to dozens across several states. This meant that our teams needed to be fluent in multiple systems, in different locations, which could create inefficiencies and barriers to the collaboration so essential to the Mayo patient experience," Mayo CIO Christopher Ross said. "We are implementing a single, integrated electronic health record and revenue cycle management system (medical record and billing system) to better serve our patients."

While the EHR deployment began at Mayo’s sites in Wisconsin, campuses in Minnesota are scheduled to go live in November 2017, followed by Mayo’s Rochester facility in May 2018 and in Arizona and Florida in October 2018.

The Epic EHR rollout, known internally as the “Plummer Project” to honor the legacy of Henry Plummer, MD who created the world’s first patient-centered health record at Mayo Clinic more than a century ago, also involves training more than 51,000 Mayo employees. 

Once Epic is in place, patients and providers will have the information they need from a single system, including medications, allergies and other health issues, the organizations noted, while all billing will be conducted through one system such that patients receive a consolidated statement regardless of where at Mayo they receive care. 

Mayo officials first announced plans to implement Epic in early 2015.

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Specific Terms: 
Disable Auto Tagging: 
Disable Auto Tagging

Missouri hospital hands operational IT reins to Cerner

0
0

Western Missouri Medical Center, a county medical center the west-central portion of the state, will hand over responsibilities for information technology operations to Cerner, based in nearby Kansas City.

By enlisting Cerner to handle IT service delivery, WMMC will be able to optimize resources, drive efficiencies and get a better handle on technology costs, officials say.

The hospital has been a Cerner electronic health record client since 2013.

[Also: Cerner picking up big business from small hospitals]

"After several years working with Cerner through CommunityWorks, implementing and extending our use of Cerner Millennium to our ambulatory clinics and throughout the community, we decided that expanding our relationship to include Cerner’s IT services delivery and management gave us the best opportunity to deliver value and connect the health system," said Darinda Reberry, WMMC's president and CEO.

As the first CommunityWorks hospital to embrace such a partnership, WMMC will give Cerner operational responsibility for its IT department. Employees will all receive offers to become Cerner associates and continue working onsite at the Warrensburg, Missouri hospital.

In addition, Cerner will provide remote hosting, monitoring and system performance assessments to protect its EHR  data and system availability – and help position the hospital for improved community health and stronger financial efficiencies.

Through the initiative, Cerner will help "further connect the community and deliver excellent IT services today and into the future," said Mitchell Clark, president of Cerner CommunityWorks.

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

What my brother's fatal hospital stay taught me about EHR optimization

0
0
Advisory Board Senior Vice President Rob Barras shares a personal and tragic account that highlights the immediate need for technology that reduces dangerous variations in care.

I’ve been in healthcare IT for more than 25 years, but no amount of experience can prepare you for a personal health crisis. Yet, there are lessons in these moments that can teach about healthcare and the role of technology.

In September 2015, I lost my 40-year old brother, Paul, to a hospital-acquired condition. He’d collapsed on a soccer field from a heart attack. A teammate, an Army Reserve medical technician, administered CPR. Emergency responders arrived and continued CPR, while transporting him to the nearest community hospital. From there, he was medically evacuated to the closest trauma center.

Paul had a massive heart attack and two stents were needed to open the blocked arteries. He’d aspirated during CPR, resulting in lung damage. Two days later, he was stable enough to be moved to the city academic medical center’s ICU, where they had more experience with Paul’s conditions.

Paul began to stabilize, but we were notified that at some point he’d contracted a C-Diff infection. It caused circulation issues in his extremities, which led to gangrene and sepsis. Antibiotics and multiple amputations of his right leg weren’t enough to save him, and he died 10 days after the soccer match.

The nurses, doctors and staff were incredible, and our family doesn’t feel anything but gratitude toward them for their tireless efforts and compassionate care. But for better or worse, healthcare is a people business, and people make mistakes — though mistakes are precisely what healthcare technology is designed to minimize.

While I don’t believe any single mistake cost my brother his life, the experience added depth to my convictions on the importance of tailoring point-of-care technology to help care teams perform their best. Patient care is complicated. We must take advantage of existing technology to simplify clinicians’ work wherever possible.

Industry trends exacerbate the need for point-of-care IT optimization

Looking beyond the lens of personal history, there are two big industry trends that shed light on how clinicians use technology.

The first — provider consolidation is at an all-time high, with 19 percent growth in consolidation activities for the past 10 years. This contributes (informally) to the second trend — unwarranted variation in how care is delivered. I say informally as the industry lacks standard quality metrics and data that show whether mergers and acquisitions yield quality gains. However, variation is bound to increase any time two unique organizations, each with different practice standards, come together.

Repercussions of unwarranted care variation are widespread. For example, typical health systems have an increased length of stay by 1,200 extra inpatient days due to unjustified variation in total hip and knee replacements.

Unsurprisingly, the electronic health record, due to its prevalence and point-of-care influence, is the technology with the most opportunity to support reductions in care variation. So why isn’t it happening yet?

Strategic plan? Check. Follow-through? Not when it comes to the EHR.

Leadership has a list of what they plan to optimize within the EHR. However, what actually gets done is based on who is making the loudest noise and taking a “fly by the seat of your pants” approach to optimization.

Associated EHR-related activities need to top the list when organizational strategies include reducing care variation or consolidating with other entities — regardless of other needs. But most organizations struggle to appropriately prioritize EHR optimization projects. A programmatic approach to EHR optimization by assessing associated benefits or value of a particular project and overlaying that with the strategic plan creates a roadmap for where to apply resources.

Of course, this isn’t just true for care variation reduction or consolidation, but for any strategic objective. The health systems making the most of EHR investments are optimizing to further strategic priorities and making it easy for clinicians to do what is right for their patients. Taking a programmatic approach can point the way to simplifying workflow at the point of care and reducing unwarranted care variation.

I shared the excruciating detail of my brother’s hospital stay to show the impact on a life caused by the complexity of patient care. And simplicity in a world that seems to have endless change can have profound impacts on the lives of patients and their families.

Rob Barras is Senior Vice President of Consulting at Advisory Board.

Primary Topic: 
Specific Terms: 
Disable Auto Tagging: 
Disable Auto Tagging
Short Headline: 
What my brother’s fatal hospital stay taught me about EHR optimization

KLAS names top consultants for IT, staffing, go-live EHR support

0
0

With no shortage of firms angling to help them get their IT projects off the ground, providers have their work cut out for them deciding who to choose. A new report from KLAS sorts out the specific strengths and weaknesses of some of the most prominent healthcare consultancies.

From business solutions to enterprise implementations, staffing to go-live, KLAS names the best (and some less best) companies to help hospitals and practices make the most of their technology investments.

When it comes to helping implement business solutions, Deloitte is tops, according to the report. For installs of non-clinical systems – analytics, enterprise resource planning tools, HR/payroll – Deloitte offers "experienced consultants who give tailored recommendations for large and complex" projects.

[Also: This is the top tech for quality improvement under MACRA, KLAS says]

That's not to discount PwC, whose "reliable methodology and effective resource delivery simplify the implementation process," according to the report, which also noted that Conduent customers appreciate its "flexible negotiations and proactive communication." But researchers also spoke to some Infor clients who said they found its consultants sometimes "have limited expertise, offer little guidance, and mismanage resources."

Enterprise IT implementations require great leadership, and KLAS points to a handful of different consultants whose assistance could make the difference between smooth-sailing success and expensive slip-ups. For this area, the report spoke highly of Impact Advisors (lauded for a holistic approach, with best practice suggestions tailored to providers’ specific needs) and  Optimum Healthcare IT ("strategic expertise driven by engaged executives and effective training from knowledgeable consultants").

[Also: Best practices: How hospitals are making EHRs work]

Meanwhile, Deloitte and Accenture clients are able to tap those firms "vast number of resources" big IT implementations. KLAS also looked specifically at Epic ("drives customer satisfaction by establishing partner relationships and developing custom training plans") and Cerner clients, which it found are "least satisfied and say they receive little formal training and unqualified consultants."

As for staffing and support, a trio of firms get high marks from KLAS for "consistently exceeding expectations." It cites 314e, Galen Healthcare Solutions and Optimum for delivering high value and quality resources to customers. Various strengths include flexible negotiations (314e), a willingness to proactively offer more assistance than initially requested (Galen) and taking time to carefully evaluate the specifics of each provider's implementation steps early on (Optimum).

On the other hand, the report notes that Cerner and Sagacious are less consistent in this area. The former has improved its score over the past year, but some customers said they've had to replace consultants, leading to delays. Some Sagacious clients said they're concerned that the company is "more sales focused than customer-centric" since being acquired by Accenture in 2015.

To help prevent go-lives from going wrong, providers could turn to Optimum, the HCI Group and CSI Healthcare IT to help, especially for large-scale projects, said KLAS. Each offers "a vast number of resources" for big health systems, according to the report.

"While KLAS has validated only Epic go-live support for Optimum and CSI, HCI has been validated for Epic, Cerner, Allscripts, and McKesson. All three firms partner with clients and provide close contact with executives," researchers wrote.

Divurgent and Sagacious clients, meanwhile, saw lower client ratings. The former was generally well-received but some respondents noted "challenges with unfulfilled promises." The latter had some clients (again wary of the Accenture acquisition) concerned about consultant quality and the flexibility of contract negotiations.

Underscoring just how much variety there is in health technology project, and just how many outfits are there to offer help, KLAS notes that, while Optimum Healthcare IT leads its overall assessment, and while Leidos Health has the widest breadth of experience, plenty of other companies do well servicing specific areas and working with specific vendors.

"The HCI Group, Healthcare IT Leaders, Jacobus, and Nordic offer services in all implementation areas," according to the report. "Optimum, CSI, and Nordic have the most validations for Epic implementations. Cerner, Pursuit, and Leidos implement Cerner most. Santa Rosa, NHA, Leidos, and Jacobus have the most experience with MEDITECH."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

Athenahealth CFO out as company looks for new leadership amid financial troubles

0
0

Cloud EHR company athenahealth on Friday said Chief Financial Officer Karl Stubelis will leave the company to pursue other opportunities.

Jack Kane, a member of the athenahealth Board of Directors and chair of the board’s audit committee, will serve as interim chief financial officer, beginning July 21. The company has launched the search for a permanent CFO.

Stubelis will stay on board through the reporting of athenahealth’s 2017 second quarter results. The call with investors is set for July 21 at 8 a.m.

[Also: Is a takeover of athenahealth inevitable?]

Athenahealth posted a net loss of $1.4 million for the first quarter 2017, and by May 18 this year, the investment firm Elliott Associates had purchased almost a 10 percent share in the company, perhaps signaling an imminent sale or merger.

But the investment firm, led by activist investor Paul Singer, has been quiet in its plans.

“This CFO transition reflects our commitment to ensuring that athenahealth has world-class leaders to support the company and our increased scale and scope,”  athenahealth Chairman and CEO Jonathan Bush said in a statement.

The athenahealth board plans to reconstitute its Audit Committee and to appoint Tom Szkutak as chair.

Bush added he would work with the board, Kane and Szkutak, former CFO of Amazon, to find the best candidate for the CFO position.

Stubelis, who had served as athenahealth vice president and controller, was promoted to senior vice president and chief financial officer in May 2016.

He succeeded Kristi Matus who resigned at the end of May 2016 in response to a change in leadership structure, according to athenahealth.

Kane brings to athenahealth financial heft and more than 30 years of experience as a healthcare technology company CFO and board director. Since 2007, he has been a director and Audit Committee chair. Kane oversaw the company's several acquisitions and growth. He joined the athenahealth board just two months prior to the IPO in 2007.

Kane served as senior vice president, CFO and treasurer of IDX Systems until GE acquired the company in 2006. He had been with IDX for 22 years, guiding the company through its IPO and more than a dozen acquisitions.

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

Senate passes VA appropriations bill, omits Cerner EHR funding

0
0

The Senate Appropriations Committee passed the 2018 Military Construction and Veterans Affairs bill on Thursday, which provides the agency with $192.8 billion in total funding.

Included in the funds is $88.9 billion in discretionary funding - $6 billion more than the fiscal year 2017. But the amount is $568 million less than what was proposed in the President’s budget request.

While it allows $70.7 billion in the fiscal year 2019 advance funding for veterans healthcare -- including $1.3 billion for telehealth services -- there is no mention of funding to replace VA’s outdated VistA electronic health record with Cerner.

As the decision to move to Cerner was announced by VA Secretary Shulkin in June, the committee did not have had the time to adjust the budget for the fiscal year 2018.

“Given the lack of information about the cost of a new EHR, but the Committee’s awareness of the final cost estimate of the DoD acquisition, it can be assumed the VA total cost will exceed previous estimates for VistA Evolution,” the bill states.

“To that end, in its oversight capacity, the Committee will re-evaluate, with the Committee on Appropriations of the House of Representatives, the constraints on the obligation or expenditure of funding for the new acquisition at the appropriate time,” it continues.

What’s interesting is that when the House Appropriations passed the funding for VA soon after the announcement was made about the move to Cerner, the committee provided the agency with $65 million for the EHR modernization.

Much like with the House Appropriations bill, the Senate applied similar provisions for the EHR modernization. The committee expects the VA to share clear metrics and goals for interoperability -- including timelines.

Further, the VA must “ensure clinician feedback is sought and considered as the respective EHR systems are modernized, and to update the VA/DoD Interagency Program Office guidance to reflect agreed-upon metrics and goals.”

“The need for well-functioning, up-to-date EHR technology is absolutely critical as VA plans for a shift to a model of care that greatly expands its use of care in the community,” the bill states.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

The biggest healthcare breaches of 2017 (so far)

0
0
Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20slideshow.png
Slideshow Description: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is, unfortunately, following suit. From organizations with exposed, unused websites to unencrypted storage drives, health organizations appear to still have much to learn about security.

This gallery highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

Updated July 17, 2017

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach15k.png
Slideshow Title: 
UC Davis Health
Slideshow Description: 

An employee of UC Davis Health responded to a phishing email with login credentials, which officials said the hacker used to view patient data and send emails to other staff requesting large sums of money.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach14M.png
Slideshow Title: 
Verizon's data breach
Slideshow Description: 

As many as 14 million U.S. customers of the telecommunications company were exposed after a user mistake caused a database to go public online.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach108k2.png
Slideshow Title: 
Bupa global health insurance
Slideshow Description: 

A Bupa employee -- who has since been fired -- copied private information from global health insurance policies, which cover those who frequently travel or work overseas.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-IndianaMedicaid.png
Slideshow Title: 
Indiana Medicaid
Slideshow Description: 

Indiana’s Health Coverage Program said that patient data was left open via a live hyperlink to an IHCP report until DXC Technology, which offers IT services to Indiana Medicaid, found the link on May 10. That report, DXC said, contained patient data including name, Medicaid ID number, name and address of doctors treating patients, patient number, procedure codes, dates of services and the amount Medicaid paid doctors or providers.​

There were 1.1 million enrolled in Indiana's Medicaid & CHIP program in April 2017 according to KFF.org.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN-DataBreach-22k.png
Slideshow Title: 
Cleveland Medical Associates
Slideshow Description: 

While the compromised computer was both locked and encrypted, the forensic investigation team couldn’t determine with certainty if there was unauthorized access to patient data during the April 21 attack.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach500k.png
Slideshow Title: 
Airway Oxygen
Slideshow Description: 

Michigan-based Airway Oxygen was hit by a ransomware attack in April that may have compromised the data of 500,000 clients, the home medical equipment supplier reported to the U.S. Department of Health and Human Services on June 23. The hacker gained access to the network and installed ransomware, which shut employees out of the system where personal health information was stored.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-6K.png
Slideshow Description: 

Data has been dumped from two healthcare providers in a game the hacker, TheDarkOverlord, is calling: “A Business a Day.” The hacker leaked 6,000 patient records on June 8 from Feinstein & Roe MDs in Los Angeles and 6,300 patient records from La Quinta Center for Cosmetic Dentistry on June 9.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-1M.png
Slideshow Description: 

A hard drive containing the personal data of about 1 million people was stolen from Washington State University in April. The University discovered a locked safe that contained the hard drive was stolen from a WSU storage unit in Olympia. The stolen data is from survey participants and contained names, Social Security numbers and, for some, personal health data.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-undisclosed.png
Slideshow Description: 

California-based Torrance Memorial Medical Center notified patients that two email accounts containing work-related reports were hit by a phishing attack in April. Officials didn’t reveal how many patients were affected, and the incident is not on the Office of Civil Rights’ breach reporting site.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%204-8million.png
Slideshow Title: 
Molina Healthcare
Slideshow Description: 

Molina Healthcare, a major Medicaid and Affordable Care Act insurer, shut down its patient portal on May 26 in response to a security flaw that exposed patient medical claims data without requiring authentication, according to security researche Ben Krebs. At the time, it’s unclear how long the vulnerability was in place. Ben Krebs was first made aware of the security flaw in April through an anonymous tip, which could allow any Molina patient to access other patients’ medical claims by simply changing a single number in the URL.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/breaches-150-countries.png
Slideshow Title: 
National Health Service in England and Scotland
Slideshow Description: 

The National Health Service in England and Scotland was hit by a large ransomware attack that has affected at least 16 of its organizations on May 12. The organization launched an investigation and determined the ransomware is likely the Wanna Decrytor. It’s one of the most effective ransomware variants on the dark web, and at the moment, there is no decryptor available. Within two days, 150 countries were affected by the #wannacry ransomware.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014633k.png
Slideshow Title: 
New Jersey Diamond Institute
Slideshow Description: 

The third-party server that hosts the electronic health records of New Jersey Diamond Institute for Fertility and Menopause was hacked by an unauthorized individual, exposing protected health information of 14,633 patients.

The database and EHR system was encrypted, which prevented the hackers from gaining access, officials said. However, many supporting documents stored on the hacked server were left unencrypted and could have been accessed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2093k.png
Slideshow Title: 
Harrisburg Gastroenterology
Slideshow Description: 

Pennsylvania-based Harrisburg Gastroenterology is notifying patients that their records might have been breached. The Health and Human Services Department’s Office for Civil Rights’ Wall of Shame lists the breach at 93,323 records on a network server exposed because of a hacking/IT incident.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20millions.png
Slideshow Title: 
Bronx-Lebanon Hospital Center
Slideshow Description: 

Tens of thousands, and possibly up to millions, of patient records at Bronx-Lebanon Hospital Center in New York City were exposed in a recent data breach, according to the Kromtech Security Research Center, which uncovered the records on May 3. The records were part of a backup managed by iHealth Innovations, the research center said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20180k.png
Slideshow Title: 
Aesthetic Dentistry and OC Gastrocare
Slideshow Description: 

Dark Web hacker TheDarkOverlord has released 180,000 patient records from three hacks, DataBreaches.net revealed May 4. More than 3,400 patient records were released from New York City-based Aesthetic Dentistry, 34,100 from California’s OC Gastocare and 142,000 Tampa Bay Surgery Center. TDO used a Twitter account to post a link to a site that allows any user to download the patient databases from these organizations.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20500k.png
Slideshow Title: 
Children health records
Slideshow Description: 

The patient records of about 500,000 children are up for grabs on the dark web, a hacker named Skyscraper told DataBreaches.net on April 26. These records contain both child and parent names, Social Security numbers, phone numbers and addresses. DataBreaches didn’t name the breached organizations but also said that another 200,000 records were stolen from elementary schools. The amount of breached records for pediatricians reported to the Department of Health and Human Services’ Office of Civil Rights is not equal to that number, meaning many of these providers are likely unaware their data has been exposed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2020k.png
Slideshow Title: 
Lifespan
Slideshow Description: 

Providence-based Lifespan, Rhode Island's largest health network, has notified about 20,000 of its patients that a laptop theft may have exposed their sensitive information. The health organization said an employee's MacBook was taken after a car break-in on Feb. 25. The employee immediately contacted both law enforcement and Lifespan officials, who were able to change the employee’s credentials used to access Lifespan system resources.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20918k.png
Slideshow Title: 
HealthNow Networks
Slideshow Description: 

The personal health data of 918,000 seniors was posted online for months, after a software developer working for HealthNow Networks uploaded a backup database to the internet, an investigation by ZDNet and DataBreaches.net found. Boca Raton, Florida-based HealthNow Networks is a telemarketing company that used to provide medical supplies to mostly seniors who rely on diabetic equipment. However, it’s no longer a registered business as of 2015, when it failed to file an annual report with Florida authorities. The software developer was contracted to build a customer database for HealthNow Networks, but the developer told researchers it was "too much work."

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2055k.png
Slideshow Title: 
ABCD Children's Pediatrics
Slideshow Description: 

A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers. Investigators determined it was the Dharma virus, a variant of the Crisis ransomware family. While this virus doesn’t typically exfiltrate data, the provider was unable to rule it out, officials said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2080k.png
Slideshow Title: 
Washington University School of Medicine
Slideshow Description: 

A Washington University School of Medicine employee fell victim to a phishing attack that may have compromised 80,270 patient records. The medical school learned of the incident on Jan. 24 -- seven weeks after the phishing attack occurred on Dec. 2, officials said in a statement. The employee responded to a phishing email designed to look like a legitimate request. As a result, an unauthorized party may have gained access to employee email accounts that contained patient data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2017k.png
Slideshow Title: 
Metropolitan Urology Group
Slideshow Description: 

This Milwaukee-based provider began notifying patients that a November ransomware attack may have exposed their personal data. There were 17,634 patients affected, according to the U.S. Department of Health and Human Services' Office for Civil Rights. Two of Metropolitan Urology’s servers were infected by the virus, which may have exposed data of patients between 2003 and 2010. Officials said the data contained names, patient account numbers, provider identification, medical procedure codes and data of the provided services. About 5 percent of these patients had their Social Security numbers exposed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20years%20vuln.png
Slideshow Title: 
Denton Heart Group
Slideshow Description: 

An unencrypted hard drive that contained seven years of backup electronic health record data was stolen from the Denton Health Group, a member of the HealthTexas Provider Network. The backup files contained a hoard of patient data from 2009 until 2016: Names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014k.png
Slideshow Title: 
Brand New Day
Slideshow Description: 

In March, the Medicare-approved health plan notified 14,005 patients of a potential breach of electronic protected health information after an unauthorized access through a third-party vendor system. On Dec. 28, Brand New Day discovered that an unauthorized user had accessed the ePHI provided to one of its HIPAA business associates on Dec. 22. The access occurred through a vendor system used by a contracted provider, officials said.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2022k.png
Slideshow Title: 
Singh and Arora Oncology Hematology
Slideshow Description: 

In February, the Flint, Michigan, cancer center notified 22,000 patients of a breach discovered in August 2016. Hackers had access to the practice's server between February and July of 2016, local affiliate ABC12 reported. The files contained names, Social Security numbers, addresses, phone numbers, dates of birth, CPT codes and insurance information.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2010k.png
Slideshow Title: 
Verity Medical Foundation-San Jose Medical Group
Slideshow Description: 

Verity Medical Foundation-San Jose Medical Group website, part of the Verity Health System in Redwood City, California, was hacked, exposing the data of 10,164 patients. Verity includes six California hospitals, the Verity Medical Foundation and Verity Physician Network. An unauthorized user hacked into the website from October 2015 until it was discovered by Verity Health on January 6. The website was no longer in use.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20220k.png
Slideshow Title: 
CoPilot Provider Support Services
Slideshow Description: 

More than a year after discovering a potential breach to its websites, healthcare administrative services and IT provider, CoPilot Provider Support Services notified 220,000 patients and doctors who used its service. An unauthorized user breached one of CoPilot's databases, used by both healthcare providers and patients, in October 2015, according to officials. The hacker downloaded files that contained names, dates of birth, addresses, phone numbers, health insurers and some Social Security numbers of some users. No financial, medical treatment or other information was accessed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2043-ransom.png
Slideshow Title: 
Indiana-based Cancer Services
Slideshow Description: 

The server and back-up drive of Muncie, Indiana-based Cancer Services of East Central Indiana-Little Red Door were hacked and the data stripped, encrypted and taken for ransom by the cybercriminal organization, TheDarkOverlord, or TDO, the agency revealed Jan. 18. The hack took place on Jan. 11. TDO asked for 50 bitcoin, or about $43,000, in ransom, first in a text message to the personal cellphones of the company’s executive director, president and vice president. Officials said, TDO followed up in a form letter and several emails that contained extortion threats and promises to contact family members of the cancer patients, donors and community partners.

Read the full article.

Teaser: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is unfortunately following suit. This gallery highlights some of the biggest breaches in healthcare -- and points to mistakes to avoid in the future.

Thumbnail: 
biggest healthcare breaches 2017
Custom OAS pagetag: 
Primary topic: 
Disable Auto Tagging: 

Senators press CMS to recoup EHR overpayments under meaningful use

0
0

Senators Orrin Hatch, R-Utah, and Charles Grassley, R-Iowa, have sent a letter to Centers for Medicare and Medicaid Services Administrator Seema Verma with several questions about CMS’s plans to recover meaningful use overpayments.

“Given the estimated $729,424,395 in inappropriate incentive payments, why has CMS not made greater attempts to recover these funds?” Hatch and Grassley asked in the letter.

The Office of the Inspector General determined in June that, because of its failure to conduct appropriate reviews, CMS paid hundreds of millions more than it should have.

[Also: CMS overpaid nearly $730 million in meaningful use incentives, OIG says]

While CMS has not committed to recovering the money, the Senators noted, it did state that is has instituted risk-based audits to find errors.

Hatch and Grassley called on Verma to explain how CMS will use those audits to recover inappropriate payments as well as to prevent more from happening in the future.

The Senators also asked for updates about how much CMS has recovered from the 14 eligible providers OIG used for its report, what CMS has recouped from the eligible providers who switched between Medicare and Medicaid, and any attempts CMS has made to root out overpayments made since OIG’s audit.

“If CMS is capable of recovering taxpayer money that should have not have been spent, the agency should take all reasonable steps to do so,” the Senators wrote. “If it is incapable of fully recovering the money, Congress should know about those limitations.” 

Twitter: SullyHIT
Email the writer: tom.sullivan@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

Cerner hires VA technology expert to help with Vista overhaul strategy

0
0

As it begins to plan its massive electronic record health initiative at the U.S. Department of Veterans Affairs, Cerner has hired a professional with deep and varied experience in the ways technology is deployed at the VA.

David Waltman has recently signed on to Cerner's federal team, where he'll help with "efforts related to government strategy, innovation, engineering and compliance," according to a statement from the company.

Most recently, Waltman served as chief strategy officer at AbleVets, a company that develops technologies – VA protocol text messaging, security tools, telehealth, mobile apps – to help the VA and Department of Defense better serve their patients.

[Also: Senate passes VA appropriations bill, omits Cerner EHR funding]

But prior to that, between 2014 and 2016, he worked at VA and Veterans Health Administration as Chief Information Strategy Officer and Senior Advisor to the Under Secretary for Health.

There, he led VistA Evolution, the agency's earlier planned five-year multi-billion dollar EHR modernization program. He advised senior VA officials on IT strategy and and spearheaded development of the project's enterprise health management platform.

Before that, between 2011 and 2013, Waltman was chief UX architect for DoD-VA's since-abandoned iEHR project. He was responsible for developing that initiative's Joint Legacy Viewer,   which enables both DoD and VA clinicians to get integrated bidirectional views into patient records.

He's previously worked on federal systems integration projects for Accenture subsidiary ASM Research, and earlier as a software engineer for Microsoft. (He also has a masters degree in music from Western Washington University and was chief conductor at Washington State's Rainier Symphony for more than a decade.)

Having learned some things about what works and what doesn't when endeavoring to connect to massive government entities, Cerner officials say Waltman will bring "significant insight and experience with federal agency health IT systems, will help us build and deploy effective solutions supporting seamless care for service members and veterans."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Additional Topics: 
Disable Auto Tagging: 
Disable Auto Tagging

DoD rolls out Cerner EHR at second military site

0
0

Naval Hospital Oak Harbor in Washington State has transitioned to the MHS GENESIS electronic health record from Cerner, the U.S. Department of Defense announced today. 

Oak Harbor is the second site to come online as part of the Department of Defense’s initial operating capability program, and the go-live marks a significant milestone as the inpatient components of MHS GENESIS are now officially deployed, wrote Travis Dalton, senior vice president at Cerner, in a Cerner blog post. The first Cerner deployment occurred in February at a clinic at Fairchild Air Force Base.

[Also: DoD says Cerner EHR deployment to reach next milestone in July]

“The integrated system aggregates information into a single EHR, standardized across the branches of the military, to facilitate the safe transition of care across the spectrum of military operations to include garrison, theatre and en route care,” Dalton explained. “At its core, MHS GENESIS is the same commercially available, off-the-shelf electronic medical record that is deployed at thousands of facilities worldwide, operating on one code set.”

Cerner said this creates an integrated and longitudinal patient record and coordination across the continuum of care, regardless of environment, scope and size of military and dental treatment facilities. The ability to integrate and share interoperable patient information with the U.S. Department of Veterans Affairs health care enterprise and civilian health systems is critical and is inherently built into MHS GENISIS, Dalton added.

Naval Hospital Bremerton and Madigan Army Medical Center, both also in Washington State, are slated for the Leidos-led implementation later in 2017, MHS Genesis program executive officer Stacy Cummings said in a statement.

The DoD has promised the U.S. House appropriations committee it will complete deployment at Madigan Army Medical Center by October. The military will conduct tests once the Cerner system is installed at all four bases. It then will conclude if it’s ready to move forward with the remainder of the $4.3 billion Cerner project, slated for completion in 2022.

The Naval Hospital Oak Harbor go-live marks the debut of certain MHS GENESIS capabilities and applications designed, Cerner said, to improve patient safety and clinical efficiency.

According to Dalton, these include a single integrated record across ambulatory, acute and all other venues in the Oak Harbor medical enterprise; medical device interoperability via Cerner’s CareAware medical device connectivity platform; advanced clinical decision support capabilities; advanced specialty provider workflows and embedded clinical calculators; barcode medication administration; and a labor and maternity-specific module designed to create a new infant record upon barcode scan and treatment plans tailored to mother and child.

The U.S. Department of Defense’s MHS GENESIS project encompasses the replacement of three existing EHRs to create a single patient record. It is interoperable with 24 legacy systems and offers improvements designed to save clinicians and patients time, eliminate paper, and reduce potential medical errors and delays, Dalton wrote.

“It’s also engineered to enable interoperability between the private and public sectors,” he added. “MHS GENESIS is designed so that a record can follow a soldier once they leave active military duty or if they visit a civilian health facility.”

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Additional Topics: 
Disable Auto Tagging: 
Disable Auto Tagging

GAO official: VA must improve clinician productivity tracking

0
0

In testimony this past week before the House of Representatives' Committee on Veterans Affairs, Randall Williamson, director of healthcare at the U.S. Government Accountability Office, spotlighted the ways VA could improve its metrics around clinical productivity and efficiency.

With no shortage of attention focused on the VA's new partnership with Cerner to replace its VistA electronic health record, it's worth remembering that the EHR is only a means to an end. The real goal is delivering better care, and Williamson said VA could do better ensuring "high levels of productivity among its clinical services and operational efficiency to maximize veterans' access to care and minimize costs."

[Also: GAO: VA clinical quality measures are flawed, data incomplete]

Back in 2013, VA developed clinical productivity metrics to track the time and effort it took its providers to perform select procedures in 32 clinical specialties, as well as formulating statistical models to measure clinical efficiency at VA medical centers, designed to track utilization and expenditures for high-volume areas such as ED use and urgent care.

A recent report from GAO took a closer look at those tools, hoping to assess whether they give a complete and accurate picture, and look for ways to improve the efforts where they fall short.

The office found four big limitations with the VA's metrics, said Williamson:

Productivity metrics are incomplete since they don't take into consideration all the providers a veteran might see or clinical services they may use. "Due to systems limitations, the metrics do not capture all types of providers who deliver care at VAMCs, including contract physicians and advanced practice providers, such as nurse practitioners, serving as sole providers," he said. "In addition, the metrics do not capture providers’ workload evaluating and managing hospitalized patients because VA’s data systems are not designed to fully capture providers’ workload delivering inpatient services that do not involve procedures – in particular, evaluating and managing patients who are hospitalized."

The metrics don't necessarily reflect the "intensity" of clinicans' workload. Williamson noted that a VA audit from 2016 showed that providers "do not always accurately code the intensity – that is, the amount of effort needed to perform – of clinical procedures or services. As a result, VA’s productivity metrics may not accurately reflect provider productivity, as differences between providers may represent coding inaccuracies rather than true productivity differences."

They may not accurately depict staffing levels. "Officials at five of the six selected VAMCs we visited reported that providers do not always accurately record the amount of time they spend performing clinical duties, as distinct from other duties," said Williamson. "VA’s productivity metrics are calculated for providers’ clinical duties only."

Efficiency models could be skewed by inaccurate workload and staffing data. "To the extent that the intensity and amount of providers’ clinical workload are inaccurately recorded, some of VA’s efficiency models examining VAMC utilization and expenditures may also be inaccurate," he said. "For example, the model that examines administrative efficiency requires accurate data on the amount of time VA providers spend on administrative tasks; if the time providers allocate to clinical, administrative, and other tasks is incorrect, the model may overstate or understate administrative efficiency."

GAO recommends that VA "expand its existing productivity metrics to track the productivity of all providers of care to veterans," said Williamson, such as contract physicians who aren't employees of the agency or advance practice providers acting as sole providers. "VA agreed in principle with our recommendation and stated that it plans to establish productivity performance standards for advanced practice providers, using available productivity data, by October 2017," he said.

Moreover the office suggested VA improve its workload and staffing data by giving training for its providers on proper coding clinical procedures. "VA agreed in principle with our recommendation and reiterated its existing efforts to improve clinical coding accuracy. It also said that the department would reissue existing policy to VAMCs by June 2017 as well as continue to provide need-based, focused coding training to providers, as appropriate," said Williamson.
 

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Additional Topics: 
Disable Auto Tagging: 
Disable Auto Tagging

Cleveland Clinic names Ed Marx new chief information officer

0
0

Ed Marx will take the reins as chief information officer at Cleveland Clinic starting Sept. 1, building on more two decades as a CIO at hospitals around the country.

One of the more visible faces in the health IT industry, Marx most recently served at the Advisory Board Company, where he oversaw the Epic electronic health record rollout at NYC Health + Hospitals, the nation's largest public health system.

[Also: Ed Marx is 2013 CIO of the Year]

Before that, Marx served more than seven years as CIO at Texas Health Resources. He also spent eight years, first as deputy CIO and later as CIO, at University Hospitals in northeast Ohio. His first CIO job was in the mid-1990s at Parkview Medical Center in Pueblo, Colorado.

He also served 15 years in the U.S Army Reserve, both as a combat medic and a combat engineer officer.

In 2013, Marx was named the CHIME-HIMSS John E. Gall Jr. CIO of the Year.

In 2014, he wrote an autobiography, Extraordinary Tales From a Rather Ordinary Guy, in which he shared stories from his life and outlined leadership strategies.

That long experience and passion for leading will serve the Cleveland Clinic well as Marx returns to Ohio, said Cleveland Clinic CEO Toby Cosgrove, MD.

"Ed has spent his career fostering a culture of innovation and leading teams at the forefront of healthcare information technology," said Cosgrove in a statement. "As CIO he will advance the Cleveland Clinic’s 'Patients First' culture by providing information-enabled, data-driven technology focused on facilitating world-class patient care."

"Successful healthcare IT has to ask, 'How do we innovate to save lives?'" said Marx in a Cleveland Clinic statement. "Technology has such potential to save many, many more lives if we can innovate and impact patient safety and the quality of care we deliver."

At Cleveland Clinic, Marx replaces C. Martin Harris, MD, who served for two decades there as CIO and now serves as associate vice president of the health enterprise and chief business officer at UT Austin's Dell Medical School.

Primary Topic: 
Disable Auto Tagging: 
Disable Auto Tagging

Epic notches a first with Canadian EHR install

0
0

Mackenzie Health, a regional health network based in Richmond Hill, Ontario, has rolled out an Epic electronic health record, said to be the first full-suite Epic install in a Canadian hospital.

"The launch of the new electronic medical record is one of the largest transformational projects in Mackenzie Health's history and puts us at the forefront of care delivery," said Steven Jackson, MD, chief of staff at Mackenzie Health.

The build-out took two years and clinicians and staff were closely involved in the testing and education, the hospital said.

[Also: Mayo Clinic kicks off massive Epic EHR go-live]

"Physicians and volunteers have been working together as a team to ensure this journey is a success, and we are proud to be the first hospital in Canada to implement the end-to-end Epic system," said Jackson.

Two weeks before go-live, more than 100 staffers transitioned more than 15,000 scheduled appointments – for imaging tests, dialysis, cardiovascular procedures and more – into the new system. More than 1,500 scheduled surgeries and ambulatory procedures were also converted from the legacy system into Epic.

Before launch, Mackenzie set up a team comprising registration staff, nurses, pharmacists and others to ensure all admitted patients were captured within the EHR as of July 7 – helping ensure a seamless transition upon launch the next day. Officials said that process involved more than 70 people working together for more 20 hours.

Meanwhile, a technical command center was launched, staffed by 90 or so staffers, as well as an operations support center to oversee clinical operations and coordinate more than 260 additional support staff deployed across the organization.

One of the features the hospital likes is a faster registration process, enabled by patients' ability to swipe cards on a self-serve kiosks, according to Mackenzie. Those patients who plan ahead can also check in electronically via an improved version of Epic's MyChart portal, according to the hospital. Up to seven days before an appointment they can log on to get a barcode that's scanned upon arrival.

But quality and safety was of course the chief rationale for implementing the EHR, and Mackenzie officials say bedside documentation will help care teams more easily send orders directly to the lab and pharmacy, and will help prevent safety errors thanks to closed loop medication administration and bar code validation.

"Our vision at Mackenzie Health is to create a world-class health experience for our patients and families, and ensure they receive the highest quality care possible," said Altaf Stationwala, president and CEO of Mackenzie Health.

"As Epic's first enterprise community member in Canada, Mackenzie Health continues their commitment to delivering high quality, compassionate and timely care with this milestone," said Epic CEO Judy Faulkner. "We look forward to a long and successful relationship as we work toward our shared goal of helping people get well, helping people stay well, and helping future generations be healthier."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Additional Topics: 
Custom Tags: 
Disable Auto Tagging: 
Disable Auto Tagging

Unleash the True Value of Your EMR Investment with APIs

0
0
Sponsor: 
Sansoro Health
Resource Central: 
External url: 
http://www.himsslearn.org/unleash-true-value-your-emr-investment-apis?source=HITN_8_3
Thumbnail: 
Body: 

Today’s hospital CIOs and IT teams must keep pace with demands to innovate more, integrate faster and deliver even greater value. Deploying clinical applications to complement and unleash the power of your EMR investment is essential. Learn how modern API technology is making it possible for IT leaders to shorten integration time from months to days, deliver a better user experience, and realize value faster than ever before.

Disable Auto Tagging: 

Former athenahealth CFO joins Arcadia Healthcare Solutions

0
0

Just days after cloud-based EHR company athenahealth revealed that its chief financial officer would step down to pursue other opportunities, it was announced July 19 that Karl Stubelis has joined Arcadia Healthcare Solutions as CFO.

Stubelis will lead all financial operations at Arcadia, spearheading the company’s capital strategy in support of its growth plan, the company said. He will report to CEO Sean Carroll.

Carroll noted Stubelis' "impressive track record of driving organizational scalability to produce top and bottom line growth for health IT and SaaS businesses."

[Also: Athenahealth CFO out as company looks for new leadership amid financial troubles]

Stubelis has more than 20 years of experience in financial and operational executive leadership roles across a range of industries, including healthcare IT, and Carroll cited his track record shepherding companies through periods of rapid growth, .

As the CFO of $1 billion athenahealth, Stubelis led all aspects of finance for the publicly-traded, multi-national company. He had previously been vice president, corporate controller, and chief accounting officer at marketing and consulting firm SapientNitro Corporation. 

Burlington, Massachusetts-based Arcadia Healthcare Solutions develops tools for analytics, data integration, population health management  and more. It closed $30 million in new growth capital in a C-round in Q4 of 2016. The company followed this with its most productive first half of the year for new business.

"In my experience, working with companies like Arcadia that are experiencing significant growth, a dynamic financial strategy coupled with a keen focus on execution is a requirement for total company success," Stubelis said in a statement.  

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Additional Topics: 
Custom Tags: 
OAS Site Page: 
athena_CFO
Disable Auto Tagging: 
Disable Auto Tagging

Duke, Novant Health, Carolinas HealthCare System sign on with NC HealthConnex

0
0

North Carolina’s state-designated health information exchange grew significantly this week, as three of the biggest health systems in the area agreed to share data via NC HealthConnex.
 
The addition of Coastal Connect, a regional exchange the in southeastern part of the state, further fueled growth of the NC HealthConnex, which is managed by the North Carolina Health Information Exchange Authority, part of the state's Department of Information Technology.

The number of unique patients served by NC HealthConnex has grown by almost 30 percent, totaling close to 3.7 million, officials say.

[Also: Carolinas HealthCare adds Cerner for population health platform]

NC HealthConnex allows participating providers to access electronic health records across multiple providers, as well as review labs, diagnostics, history, allergies, medications and more to help decrease redundancy and allow for more efficient and accurate diagnoses, recommendations and treatment.

"Sharing records and connecting systems is the next step in the journey to providing more efficient, personalized care for our patients and communities," said A.J. Patefield, chief medical information officer for Novant Health, told Triad Business Journal.

The new members join UNC Health Care, the HIE's first participant, and more than two-dozen other hospitals that are either connected (or soon to be) to NC HealthConnex. The HIE is also connecting with hundreds of physician practices, health departments, federally qualified health centers, rural health clinics and other ambulatory facilities.

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn

Primary Topic: 
Additional Topics: 
Disable Auto Tagging: 
Disable Auto Tagging

The biggest healthcare breaches of 2017 (so far)

0
0
Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20slideshow.png
Slideshow Description: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is, unfortunately, following suit. From organizations with exposed, unused websites to unencrypted storage drives, health organizations appear to still have much to learn about security.

This gallery highlights some of the biggest breaches across the industry – and points to some mistakes to avoid in the future.

Updated July 17, 2017

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-15months-712.png
Slideshow Title: 
Peachtree Neurological Clinic
Slideshow Description: 

While Peachtree Neurological Clinic avoided paying ransom after a recent cyberattack, the investigation that followed revealed a hacker had access to its system starting in February 2016.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach15k.png
Slideshow Title: 
UC Davis Health
Slideshow Description: 

An employee of UC Davis Health responded to a phishing email with login credentials, which officials said the hacker used to view patient data and send emails to other staff requesting large sums of money.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach14M.png
Slideshow Title: 
Verizon's data breach
Slideshow Description: 

As many as 14 million U.S. customers of the telecommunications company were exposed after a user mistake caused a database to go public online.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach108k2.png
Slideshow Title: 
Bupa global health insurance
Slideshow Description: 

A Bupa employee -- who has since been fired -- copied private information from global health insurance policies, which cover those who frequently travel or work overseas.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-IndianaMedicaid.png
Slideshow Title: 
Indiana Medicaid
Slideshow Description: 

Indiana’s Health Coverage Program said that patient data was left open via a live hyperlink to an IHCP report until DXC Technology, which offers IT services to Indiana Medicaid, found the link on May 10. That report, DXC said, contained patient data including name, Medicaid ID number, name and address of doctors treating patients, patient number, procedure codes, dates of services and the amount Medicaid paid doctors or providers.​

There were 1.1 million enrolled in Indiana's Medicaid & CHIP program in April 2017 according to KFF.org.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN-DataBreach-22k.png
Slideshow Title: 
Cleveland Medical Associates
Slideshow Description: 

While the compromised computer was both locked and encrypted, the forensic investigation team couldn’t determine with certainty if there was unauthorized access to patient data during the April 21 attack.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach500k.png
Slideshow Title: 
Airway Oxygen
Slideshow Description: 

Michigan-based Airway Oxygen was hit by a ransomware attack in April that may have compromised the data of 500,000 clients, the home medical equipment supplier reported to the U.S. Department of Health and Human Services on June 23. The hacker gained access to the network and installed ransomware, which shut employees out of the system where personal health information was stored.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-6K.png
Slideshow Description: 

Data has been dumped from two healthcare providers in a game the hacker, TheDarkOverlord, is calling: “A Business a Day.” The hacker leaked 6,000 patient records on June 8 from Feinstein & Roe MDs in Los Angeles and 6,300 patient records from La Quinta Center for Cosmetic Dentistry on June 9.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-1M.png
Slideshow Description: 

A hard drive containing the personal data of about 1 million people was stolen from Washington State University in April. The University discovered a locked safe that contained the hard drive was stolen from a WSU storage unit in Olympia. The stolen data is from survey participants and contained names, Social Security numbers and, for some, personal health data.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITNDataBreach-undisclosed.png
Slideshow Description: 

California-based Torrance Memorial Medical Center notified patients that two email accounts containing work-related reports were hit by a phishing attack in April. Officials didn’t reveal how many patients were affected, and the incident is not on the Office of Civil Rights’ breach reporting site.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%204-8million.png
Slideshow Title: 
Molina Healthcare
Slideshow Description: 

Molina Healthcare, a major Medicaid and Affordable Care Act insurer, shut down its patient portal on May 26 in response to a security flaw that exposed patient medical claims data without requiring authentication, according to security researche Ben Krebs. At the time, it’s unclear how long the vulnerability was in place. Ben Krebs was first made aware of the security flaw in April through an anonymous tip, which could allow any Molina patient to access other patients’ medical claims by simply changing a single number in the URL.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/breaches-150-countries.png
Slideshow Title: 
National Health Service in England and Scotland
Slideshow Description: 

The National Health Service in England and Scotland was hit by a large ransomware attack that has affected at least 16 of its organizations on May 12. The organization launched an investigation and determined the ransomware is likely the Wanna Decrytor. It’s one of the most effective ransomware variants on the dark web, and at the moment, there is no decryptor available. Within two days, 150 countries were affected by the #wannacry ransomware.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014633k.png
Slideshow Title: 
New Jersey Diamond Institute
Slideshow Description: 

The third-party server that hosts the electronic health records of New Jersey Diamond Institute for Fertility and Menopause was hacked by an unauthorized individual, exposing protected health information of 14,633 patients.

The database and EHR system was encrypted, which prevented the hackers from gaining access, officials said. However, many supporting documents stored on the hacked server were left unencrypted and could have been accessed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2093k.png
Slideshow Title: 
Harrisburg Gastroenterology
Slideshow Description: 

Pennsylvania-based Harrisburg Gastroenterology is notifying patients that their records might have been breached. The Health and Human Services Department’s Office for Civil Rights’ Wall of Shame lists the breach at 93,323 records on a network server exposed because of a hacking/IT incident.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20millions.png
Slideshow Title: 
Bronx-Lebanon Hospital Center
Slideshow Description: 

Tens of thousands, and possibly up to millions, of patient records at Bronx-Lebanon Hospital Center in New York City were exposed in a recent data breach, according to the Kromtech Security Research Center, which uncovered the records on May 3. The records were part of a backup managed by iHealth Innovations, the research center said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20180k.png
Slideshow Title: 
Aesthetic Dentistry and OC Gastrocare
Slideshow Description: 

Dark Web hacker TheDarkOverlord has released 180,000 patient records from three hacks, DataBreaches.net revealed May 4. More than 3,400 patient records were released from New York City-based Aesthetic Dentistry, 34,100 from California’s OC Gastocare and 142,000 Tampa Bay Surgery Center. TDO used a Twitter account to post a link to a site that allows any user to download the patient databases from these organizations.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20500k.png
Slideshow Title: 
Children health records
Slideshow Description: 

The patient records of about 500,000 children are up for grabs on the dark web, a hacker named Skyscraper told DataBreaches.net on April 26. These records contain both child and parent names, Social Security numbers, phone numbers and addresses. DataBreaches didn’t name the breached organizations but also said that another 200,000 records were stolen from elementary schools. The amount of breached records for pediatricians reported to the Department of Health and Human Services’ Office of Civil Rights is not equal to that number, meaning many of these providers are likely unaware their data has been exposed.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2020k.png
Slideshow Title: 
Lifespan
Slideshow Description: 

Providence-based Lifespan, Rhode Island's largest health network, has notified about 20,000 of its patients that a laptop theft may have exposed their sensitive information. The health organization said an employee's MacBook was taken after a car break-in on Feb. 25. The employee immediately contacted both law enforcement and Lifespan officials, who were able to change the employee’s credentials used to access Lifespan system resources.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20918k.png
Slideshow Title: 
HealthNow Networks
Slideshow Description: 

The personal health data of 918,000 seniors was posted online for months, after a software developer working for HealthNow Networks uploaded a backup database to the internet, an investigation by ZDNet and DataBreaches.net found. Boca Raton, Florida-based HealthNow Networks is a telemarketing company that used to provide medical supplies to mostly seniors who rely on diabetic equipment. However, it’s no longer a registered business as of 2015, when it failed to file an annual report with Florida authorities. The software developer was contracted to build a customer database for HealthNow Networks, but the developer told researchers it was "too much work."

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2055k.png
Slideshow Title: 
ABCD Children's Pediatrics
Slideshow Description: 

A ransomware attack at San Antonio-based ABCD Children’s Pediatrics may have breached the data of 55,447 patients. Affected files may have included patient names, Social Security numbers, insurance billing information, dates of birth, medical records, laboratory results, procedure technology codes, demographic data, address and telephone numbers. Investigators determined it was the Dharma virus, a variant of the Crisis ransomware family. While this virus doesn’t typically exfiltrate data, the provider was unable to rule it out, officials said.

Read the full article

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2080k.png
Slideshow Title: 
Washington University School of Medicine
Slideshow Description: 

A Washington University School of Medicine employee fell victim to a phishing attack that may have compromised 80,270 patient records. The medical school learned of the incident on Jan. 24 -- seven weeks after the phishing attack occurred on Dec. 2, officials said in a statement. The employee responded to a phishing email designed to look like a legitimate request. As a result, an unauthorized party may have gained access to employee email accounts that contained patient data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2017k.png
Slideshow Title: 
Metropolitan Urology Group
Slideshow Description: 

This Milwaukee-based provider began notifying patients that a November ransomware attack may have exposed their personal data. There were 17,634 patients affected, according to the U.S. Department of Health and Human Services' Office for Civil Rights. Two of Metropolitan Urology’s servers were infected by the virus, which may have exposed data of patients between 2003 and 2010. Officials said the data contained names, patient account numbers, provider identification, medical procedure codes and data of the provided services. About 5 percent of these patients had their Social Security numbers exposed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20years%20vuln.png
Slideshow Title: 
Denton Heart Group
Slideshow Description: 

An unencrypted hard drive that contained seven years of backup electronic health record data was stolen from the Denton Health Group, a member of the HealthTexas Provider Network. The backup files contained a hoard of patient data from 2009 until 2016: Names, Social Security numbers, dates of birth, addresses, phone numbers, driver's license numbers, medical record numbers, insurance provider and policy details, physician names, clinic account numbers, medical history, medications, lab results and other clinical data.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2014k.png
Slideshow Title: 
Brand New Day
Slideshow Description: 

In March, the Medicare-approved health plan notified 14,005 patients of a potential breach of electronic protected health information after an unauthorized access through a third-party vendor system. On Dec. 28, Brand New Day discovered that an unauthorized user had accessed the ePHI provided to one of its HIPAA business associates on Dec. 22. The access occurred through a vendor system used by a contracted provider, officials said.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2022k.png
Slideshow Title: 
Singh and Arora Oncology Hematology
Slideshow Description: 

In February, the Flint, Michigan, cancer center notified 22,000 patients of a breach discovered in August 2016. Hackers had access to the practice's server between February and July of 2016, local affiliate ABC12 reported. The files contained names, Social Security numbers, addresses, phone numbers, dates of birth, CPT codes and insurance information.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2010k.png
Slideshow Title: 
Verity Medical Foundation-San Jose Medical Group
Slideshow Description: 

Verity Medical Foundation-San Jose Medical Group website, part of the Verity Health System in Redwood City, California, was hacked, exposing the data of 10,164 patients. Verity includes six California hospitals, the Verity Medical Foundation and Verity Physician Network. An unauthorized user hacked into the website from October 2015 until it was discovered by Verity Health on January 6. The website was no longer in use.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%20220k.png
Slideshow Title: 
CoPilot Provider Support Services
Slideshow Description: 

More than a year after discovering a potential breach to its websites, healthcare administrative services and IT provider, CoPilot Provider Support Services notified 220,000 patients and doctors who used its service. An unauthorized user breached one of CoPilot's databases, used by both healthcare providers and patients, in October 2015, according to officials. The hacker downloaded files that contained names, dates of birth, addresses, phone numbers, health insurers and some Social Security numbers of some users. No financial, medical treatment or other information was accessed.

Read the full article.

Slideshow Image: 
http://www.healthcareitnews.com/sites/default/files/HITN%20Data%20Breach%2043-ransom.png
Slideshow Title: 
Indiana-based Cancer Services
Slideshow Description: 

The server and back-up drive of Muncie, Indiana-based Cancer Services of East Central Indiana-Little Red Door were hacked and the data stripped, encrypted and taken for ransom by the cybercriminal organization, TheDarkOverlord, or TDO, the agency revealed Jan. 18. The hack took place on Jan. 11. TDO asked for 50 bitcoin, or about $43,000, in ransom, first in a text message to the personal cellphones of the company’s executive director, president and vice president. Officials said, TDO followed up in a form letter and several emails that contained extortion threats and promises to contact family members of the cancer patients, donors and community partners.

Read the full article.

Teaser: 

Healthcare proved itself a lucrative target for hackers in 2016, and so far 2017 is unfortunately following suit. This gallery highlights some of the biggest breaches in healthcare -- and points to mistakes to avoid in the future.

Thumbnail: 
biggest healthcare breaches 2017
Custom OAS pagetag: 
Primary topic: 
Disable Auto Tagging: 
Viewing all 1989 articles
Browse latest View live




Latest Images