Oracle in Federal court class-action lawsuit on global privacy violations; Cerner VA EHR had 498 major outage incidents, 7% of time since rollout

August 25, 2022 | by

Oracle’s miseries multiply, both in Federal Court and with the VA. The first is taking place in the US District Court for the Northern District of California. Three plaintiffs in a class-action suit charge in a complaint filed on Friday 19 August that Oracle is running a giant ‘surveillance state’ on billions of people. From the complaint, “the regularly conducted business practices of defendant Oracle America, Inc. (“Oracle”) amount to a deliberate and purposeful surveillance of the general population via their digital and online existence. In the course of functioning as a worldwide data broker, Oracle has created a network that tracks in real-time and records indefinitely the personal information of hundreds of millions of people” and sells this information to third-parties, without consent of course.

The complaint, filed 19 August, states that Oracle’s BlueKai Data Management Platform, which includes the Oracle Data Marketplace–likely the world’s largest commercial data exchange–and to the point, the Oracle ID Graph “synchronizes the vast amounts of personal data Oracle has amassed; that is, it matches personal data that can be determined to share a common origin with other personal data.” The charge is essentially that Oracle spies on you and has set up the world’s largest surveillance database of billions of people using the billions of data points most everyone generates online over decades.

All three plaintiffs are privacy-rights advocates: Michael Katz-Lacabe of the Center for Human Rights and Privacy; Dr. Jennifer Golbeck, director of the University of Maryland’s Social Intelligence Lab; and Dr. Johnny Ryan, a Senior Fellow at the Irish Council for Civil Liberties (ICCL), and at the Open Markets Institute. 

Dr. Ryan’s organization, the ICCL, stated that “Oracle’s dossiers about people include names, home addresses, emails, purchases online and in the real world, physical movements in the real world, income, interests and political views, and a detailed account of online activity: for example, one Oracle database included a record of a German man who used a prepaid debit card to place a €10 bet on an esports betting site.”

No dates have been set for hearings or as requested, a jury trial.

In Europe, Oracle had faced similar action along with Salesforce on privacy violations under GDPR. The Privacy Collective’s case was ruled inadmissible by a judge in the Netherlands last year, but is being appealed.

If the action proceeds, this strikes at the heart not only of Oracle’s data business but also Google and any data analytics or brokerage company. Look over your shoulder…someone’s coming after you.  TechMonitor.ai

Meanwhile, back at the endless tsuris called the VA EHR implementation, Oracle Cerner got more verbal beatdowns from the VA’s Secretary of Veterans Affairs and Senate committee members. FedScoop, through a FOIA (Freedom of Information Act) request living up to its name, was able to quantify the system outages in the Cerner Millenium system between 8 Sept 2020 and 10 June 2022. Of the 640 days the system was in place, it was out or nearly out for about 45 days, or 7%, when time lost in all of the 498 incidents is calculated.

  • 428 incomplete functionality incidents (930 hours of the system partially not working)
  • 49 degradations (103 hours of degraded performance)
  •  24 outage incidents (40 hours of complete down time) 

Where responsible parties could be identified, Oracle Cerner was responsible for about two-thirds of the incidents. Interestingly, the remainder were attributed to the VA. As to root causes, the VA could not identify them in about 50% of the cases. There’s some squirreliness in VA’s internal reporting on multi-day outages, which are more serious because the longer the outage, the more damage and the harder it is to pin down a cause.

Secretary of Veterans Affairs Denis McDonough said to FedScoop: “The bottom line is that my confidence in the EHR is badly shaken.” which has to count as an understatement significant enough to hold off further implementation until 2023. House Veterans Affairs Subcommittee on Technology Modernizing Ranking Member Mike Bost, R-Ill., said: “The number of incidents listed in this disclosure is alarming. Some part of the Cerner system has been down more often than not for nearly two years.” 

The Showboat of Misery keeps Rollin’ Down the River: the 4 Aug outage, the Senate hearing with Oracle’s Mike Sicilia, the infamous ‘unknown queue’ 21 July and 21 June

Oracle’s ‘new sheriff’ moving to fix Cerner EHR implementation in the VA: the Senate hearing

July 28, 2022 | by

Last week’s (20 July) hearing on the VA’s increasingly wobbly EHR transition from VistA to Cerner showcased Oracle’s executive vice president for industries Mike Sicilia. His testimony to the Senate Committee on Veterans’ Affairs had a heaping helping of ‘the new sheriff has arrived in Dodge City’.  As of six weeks ago, after the Transformational Big Vision kvelling faded, Cerner’s painful stumbles became Oracle’s VA Migraine [TTA 21 July, 21 June]. Cerner is now part of the Oracle Global Health business unit that falls under him.

First, the pledge made in his statement: “Unlike Cerner alone, Oracle brings an order of magnitude more engineering resources and scale to this formidable challenge.” After outlining the work that Oracle has done for CDC and NIH on Covid-19, he testified:

You should consider that in effect the VA, the Department of Defense (DoD) and the Coast Guard obtained a new, vastly more resourced technology partner overnight to augment Cerner. We also strongly believe in this mission and consider it not only a contractual obligation but a moral one to improve healthcare for our nation’s veterans and their caregivers. We intend to exceed expectations. 

Of the list of 36 issues detailed by the committee to VA Deputy Secretary Remy, Sicilia condensed them into three main areas: performance, design, and functionality. The concrete moves are:

  • Oracle will move the implementation to the cloud and rewrite Cerner’s pharmacy module, completing both tasks within 6-9 months
  • They have set up a ‘war room’ consisting of Oracle’s top talent of senior engineers and developers, working on the entire DoD/VA EHR systems as priority #1, with the first order of work a top-to-bottom analysis. While integrating with the Cerner team, the statement makes it clear that Oracle “brings an order of magnitude larger engineering team than Cerner”.
  • The Cerner EHR system is currently running on a dated architecture with technology that is in some cases two decades old and thus will be moved within 6-9 months to Oracle’s Generation 2 cloud. (That must be reassuring to thousands of hospitals and practices!)
  • Shortly after the closing, Oracle fixed a database bug that caused 13 of the last 15 outages, and as of last week there were no further outages. 
  • Testifying on the status of the “unknown queue”,  he stated it was designed to account for human error rather than to mitigate it, so it will be redesigned–it will be automated more on the front end and on the back end will have a better process.
  • Oracle will “start over” with the Cerner pharmacy module, rebuilding it as a showcase of a cloud-optimized web application.

VA’s EHR leaders also testified at the Senate hearing. Terry Adirim, Executive Director of the Electronic Health Record Modernization Integration Office at the VA, confirmed that unsurprisingly, Cerner’s next rollouts scheduled for the Boise VA Medical Center and other centers have been postponed indefinitely due to multiple ongoing system stability issues: change control and testing; challenges with increased capacity; basic functionality; its resilience design, and its response in last resort disaster situations. These specific issues overlapped but were more specific than those covered in Sicilia’s statement, which focused on the actions that Oracle would take.

Adirim and Kurt DelBene, the VA’s CIO, were roasted by the senators as painting a “very rosy picture”. The OIG report itemized at least 60 recommendations before going further. Adirim, to his credit, noted that DoD had similar stability issues in its system which was a warning, but the VA’s system is far more complex and care oriented than DoD which presumably exacerbated those issues. FedScoop and especially HISTalk’s Monday Morning Update 7/25/22

More bad news for Cerner’s VA rollout–draft report cites 150 “cases of harm” due to the ‘unknown queue’

June 21, 2022 | by

A serious revelation that may derail the Cerner Millenium rollout. A draft report by the Department of Veterans Affairs (VA) Office of Inspector General (OIG) states that a flaw in Cerner’s software caused the system to lose 11,000 orders for specialty care, lab work, and other services – without alerting health care providers the orders (also known as referrals) had been lost. This created ‘cases of harm’ to at least 150 veterans in care. Moreover, the flaw was known prior to the Mann-Grandstaff VA Medical Center rollout in October 2020, and Cerner failed to either fix or inform the VA of it prior to the implementation.

The lost orders in the quaintly termed ‘unknown queue’ resulted in delayed care at minimum. The VA patient safety team classified dozens of cases of “moderate harm” and one case of “major harm.” The major harm cited affected a homeless veteran, aged in his 60s, who was identified as at risk for suicide and had seen a psychiatrist at Mann-Grandstaff in December 2020, after the implementation. After prescribing medication to treat depression, the psychiatrist ordered a follow-up appointment one month later. That order disappeared in the EHR and not scheduled. The consequences were that the veteran, weeks after the unscheduled appointment date, called the Veterans Crisis Line. He was going to kill himself with a razor. Fortunately, he was found in time by local first responders, taken to a non-VA mental health unit, and hospitalized.

The draft report implies that the ‘unknown queue’ problem has not been fixed and continues to put veterans at risk in the VA system.

There may be as many as 60 other safety problems. Other incidents cited in the draft report include one of “catastrophic harm” and another case the VA told the OIG may be reclassified as catastrophic. Catastrophic harm is defined by the VA as “death or permanent loss of function.”

The news broke in the Spokane Spokesman-Review today (20 June). Their reporters obtained the draft report from multiple sources. Mann-Grandstaff VA Medical Center is located in Spokane. The final report is expected to be released later this summer.

Those of us who have been following the migration from warhorse EHR VistA to Cerner Millenium recall that a year ago, OIG already had criticized the Mann-Grandstaff implementation for multiple “governance and management challenges” as well as patient safety concerns and system errors, resulting in a grilling of VA Secretary Denis McDonough and Cerner executives before the Senate Veterans Affairs Committee last July. A remark by the committee’s chair, Frank Mrvan, D-Indiana. that the three-month review at the time “raises more questions than it answers,” is proving to be remarkably prescient.

According to the article, “the department did not respond to questions about the draft report, but on Friday, after The Spokesman-Review sent the questions, VA officials told Military Times they would delay the system’s planned launch in Seattle, Portland and other large facilities until 2023″. Military Times noted that the congressional committees were not informed until Friday night. The delays are as follows: Puget Sound VA Health Care System (American Lake and Seattle VA Medical Centers) from August to March 2023 and VA Portland Health Care System (Portland and Portland-Vancouver VA Medical Centers) from November to April 2023. The Central Ohio Healthcare System implementation in May has gone as planned and the VA maintains that the two delays are not indicative of other problems.

Local Representative (R-5th Congressional District, eastern Washington state) Cathy McMorris Rodgers has already had at Cerner since last year. Her press release is illustrative of her activism around Mann-Grandstaff and further rollouts of the Cerner EHR, while Mann-Grandstaff continues to have problems and outages.

Oracle has a great deal riding on a smooth implementation of Cerner Millenium at the VA. More Congressional hearings are not a good look for Oracle and its ambitions of transforming healthcare. Damage control is snapping in place. This Editor noted that Oracle’s SVP for global corporate communications was quoted in the Spokesman-Review article, not a Cerner staffer. Also EHR Intelligence.

 

Oracle’s Big Healthcare Transformation: it’s all about ‘better information’ (sigh) (updated)

June 14, 2022 | by

“Better information is the key to transforming healthcare,” he [Larry Ellison] said. “Better information will allow doctors to deliver better patient outcomes. Better information will allow public health officials to develop much better public health policy and it will fundamentally lower healthcare costs overall.”

Larry Ellison’s Big Vision, now that Oracle’s acquired Cerner, has a distinct and familiar ring. ‘Better information’ was also the mantra of IBM Watson Health. It’s the meme of every healthcare company, from education to data analytics, that better and more accessible information means better outcomes and lower cost of care. For those of us who’ve hung our caps in healthcare for the past decade, it’s the dawning promise that like Andrew Wyeth’s Christina’s World, is on the top of the beautiful hill, within our sight, yet out of our reach. But we keep trying.

Mr. Ellison is smarter and richer than most of us, so let’s defer to his Vision and what seem to be the most obvious obstacles to interoperability and mass scaling:

  • A national health record database, in an open standards-based system, will be built by Oracle. It will sit on top and pull information from thousands of hospital and presumably practice-based EHRs. Once completed, in the non-defined future, a hospital or practice anywhere would be able to access patient information.
    • Obstacles: data fragmentation, health records not in an EHR, cooperation in providing information, security, Federal/state privacy regulations, and buy-in from other EHRs which were at last count 500 or so with hospitals running at least 5-10 different EMRs/EHRs.
  • From the national database, disease-specific research using anonymized data from it and AI-enabled analysis
    • This is potentially a big winner, as smaller models are already in use, e.g. between Ronin, a clinical decision support solution, and MD Anderson to create a disease-specific AI model for cancer patients in treatment. 
    • Gathering, anonymizing, and securing the data are the main challenges, plus those above

Big Visions don’t thrill us the way they used to because other than the newest among us, the new Big Promises sound all too familiar. It’s not that long ago that first EHRs, then health information exchanges were supposed to be the clearinghouses to make information interoperable. 21st Century Cures, which allowed members/patients to obtain their health information from payers and providers to the individual, was supposed to fix that portability gap in its next phase. The government also has its own national data exchange framework as part of the Cures Act. So what about that?

Updated. Lest this Editor be considered an outlier, a skeptic, and a general killjoy, there are other smart people far better grounded in IT Reality who are equally skeptical. Patrick Murta, who is now with BehaVR but formerly was co-chief architect for the Office of the National Coordinator for Health IT’s FHIR at Scale Taskforce (FAST), is quoted in FierceHealthcare. “Saying that you’re going to build a national database and bringing that to fruition is a different story. This particular model is going to face the same barriers that have been there for many years and there’s no easy path to overcome those barriers quickly.” His opinion is echoed by at least three others in the article. In short, Oracle is actually behind other vendors in the data interoperability area and the goal to knit together thousands of systems that don’t talk to each other may be admirable, but is likely to be the classic Bridge Too Far.

Tony Blair and his nonprofit Tony Blair Institute for Global Change, already partners with Oracle to use its cloud technology to tackle health issues.

Oracle did not answer queries on timing, cost, and access. 

The cynics among us will need no reminder that Cerner is having interoperability issues between DOD’s MHS Genesis and VA’s Cerner Millenium, both national systems that Oracle has now inherited.

In the short term, Cerner will be updated to include a built-in voice interface, more telehealth capabilities, and disease-specific AI models. It’s nice to have the short-term needs recognized while the Big Vision is being built. Healthcare Dive, FierceHealthcare

Thursday news roundup: bet on Oracle-Cerner closing next week, VA EHR progress reports mandated, Homeward-RiteAid rural care, Medtronic-DaVita kidney JV, Withings reenters RPM, Lightbeam buys Jvion AI

June 1, 2022 | by

The Oracle acquisition of Cerner will close as early as Monday next week, no later than mid-June. Mid-June is the prediction of Seeking Alpha. They based it on Oracle-Cerner already passing Australia’s Foreign Investment Review Board, no questions posed by the UK antitrust authority, and the US waiting period expiring in February. As rumored [TTA 25 May], European Commission regulators approved it today (Barrons, paywalled) which predicts the close will be next Monday. Hat tip to HISTalk for their alert yesterday.

Scrutiny of Cerner’s $16 billion EHR implementation with the Department of Veterans Affairs by Congress ramps up. New legislation due to be signed by the president shortly will require the VA Secretary to submit regular reports 30 days after the last day of each fiscal quarter on the VA’s Electronic Health Record Modernization (EHRM) program. Content will include spending, performance metrics, outcomes, safety, transitioning from VistA to Cerner Millenium, interoperability, and progress or issues with all. Text of Senate bill, FierceHealthcare  TTA’s previous article on Cerner EHR interoperability problems with DOD and VA

Bringing healthcare to rural America is Homeward with a freshly inked deal with RiteAid. Founded by former Livongo president Jennifer Schneider, MD, Homeward will set up distinctive purple mobile van clinics at up to 700 Rite Aid location parking lots in rural communities starting Q3 this year. Michigan will be the first market. Homeward will accept regional Medicare Advantage plans and Medicare.

The company is targeting the 60 million Americans who live in rural areas and have been losing access to basic medical care as local practices and clinics close. Their technology enablement will be for appointments, checkins, telehealth, remote patient monitoring, and scheduling home visits. Homeward announced its launch at the recent ViVE2022 in March including $20 million in funding from General Catalyst. Other Livongo alumni with the new company are Brian Vandenberg, former general counsel, Amar Kendale, former chief product officer, and Bimal Shah, MD, former chief medical officer at Livongo. Nice to know that they have moved to another healthcare chapter of real need, versus cruising the Caribbean in very large yachts. FierceHealthcare, Homeward release

Medical device giant Medtronic and DaVita are establishing a joint venture by next year to advance kidney care therapies and technologies, including new products to be used in clinics and in the home. The intent of the JV is to increase the availability of kidney care including dialysis. 10% of adults worldwide–700 million people–have chronic kidney disease. 2.6 million have kidney failure. The JV is expected to be formed in early 2023 with each company owning an equal share. Initial investment is not disclosed. According to the release:

  • Medtronic will contribute its Renal Care Solutions (RCS) business including the current product portfolio (renal access, acute therapies, and chronic therapies), product pipeline, and global manufacturing R&D teams and facilities.
  • Both companies will provide an initial investment to fund the new company (NewCo) and future certain operating capital.

FierceBiotech, Medtronic release

Withings reenters remote patient monitoring with Withings RPM. Their initial entry was with MedProCare back in 2019 but apparently in the repositioning of the company since the buyback from Nokia in 2018, it was back-burnered. The new RPM will be based on an app that will:

  • track time for CMS-compliant billing reports and uploadable to the provider EHR
  • support billing for CMS codes 99453, 99454, 99457, 99458
  • a digital patient-facing assistant
  • full connectivity to Withings devices such as scales, blood pressure monitors, and sleep monitors
  • implementation support by their Health Solutions teams

Withings RPM page, Outsourcing-Pharma

Looking hard for an M&A that relates to us in this very quiet market, Lightbeam Health Solutions, a population health software company, is acquiring Jvion Inc. Jvion has AI-enabled prescriptive analytics and social determinants of health (SDoH) solutions which will be combined with Lightbeam’s health analytics and outcomes for payers and providers. Terms of the acquisition and leadership transitions were not disclosed. Lightbeam release

Cerner EHR implementation with both DOD and VA running into interoperability, other problems: Federal audit

May 18, 2022 | by

DOD, VA Cerner implementations stumbling on their raison d’être–interoperability. Those of us with pre-Covid memories recall that the Department of Defense and the Department of Veterans Affairs had separate and ancient EHRs that didn’t speak well with each other. Going back to the Federal FY 2008 National Defense Authorization Act (NDAA), both DOD and VA had to become interoperable. Thus Cerner became the one-stop-shopping solution for both, after attempting to modernize their warhorse systems (AHLTA and VistA, respectively). DOD went first in 2015 and rolled it out through the Military Health System (MHS). The VA awarded it in 2018 and started to roll it out in 2020. (No one said that the US government works quickly.) This would also include the US Coast Guard, which is under the Department of Homeland Security.

Earlier this month, a joint VA and DOD audit by their respective Inspectors General (IG) found that both departments, plus the FEHRM (Federal Electronic Health Record Modernization) Program Office established by DOD and VA to oversee the process, as well as the joint health information exchange (HIE) established in 2020 by the FEHR, did not ensure interoperability between their systems. Specifically, they did not:

  • Consistently migrate patient healthcare information from the legacy electronic health care systems into Cerner to create a single, complete patient EHR
  • Develop interfaces from all medical devices to Cerner Millennium so that patient healthcare information will automatically upload to the system from those devices
  • Ensure that users were granted access to Cerner Millennium for only the information needed to perform their duties

Most of the audit pointed responsibility at the FEHRM for not taking an active role in the program, instead acting as a facilitator. The IGs recommended a review by DOD and VA of FEHRM’s procedures, develop processes and procedures to ‘comply with its charter’ and the recommendations of the audit, as well as the NDAA.

VA’s problems with the first implementation at Mann-Grandstaff VA Medical Center in Spokane, Washington in late 2020 blew up embarrassingly last year before the Senate Veterans Affairs Committee [TTA 28 July 2021]. GAO further barked at them in a ‘watchdog’ report published in January. It followed VA’s own “mea culpa/go forth and sin no more” reorganization plan in December. Healthcare IT News, Healthcare Dive

Cerner execs to VA Congressional committee: “We are committed to getting this right”

July 28, 2021 | by

Two Cerner executives had their say in testimony to the Senate Veterans Affairs Committee last week, and they hung on by, presumably, their fingernails in their commitment to having working tests and a workable rollout of the Cerner Millenium system. This will replace the warhorse VistA system in use for decades in the VA, but incompatible with the Department of Defense’s Cerner MHS Genesis and earlier EHRs in use in military care facilities.

The EHR implementation, which is at last report costing $16 billion, failed miserably at Mann-Grandstaff VA Medical Center in Spokane, Washington in late 2020 into this year. The three-month review of the program “raises more questions than it answers,” said Committee Chair Frank Mrvan, D-Indiana. Other members concurred in being less than impressed by Cerner. Ranking Member Matt Rosendale, R-Montana, wasn’t interested in “shoveling more money into a flawed program just to keep the paychecks flowing.”

However, Brian Sandager, senior vice president and general manager of Cerner government services, pointed out that wait times at Mann-Grandstaff, with nearly 70% of veterans seen within 15 minutes of their scheduled appointment time, with urgent care patients seen within 13 minutes of arrival. Opioid treatments were flagged for alternative treatments. HealthcareITNews   Our earlier coverage here.

Cerner Government Services has a great deal riding on the successful implementation of the VA contract, including their extensive government work with DOD on MHS Genesis and other healthcare organizations within the US Government, including those listed on their website: the US Coast Guard, CDC, HHS, and CMS. 

GAO tells VA to postpone Cerner EHR implementation–but VA will be continuing

February 19, 2021 | by

The US Department of Veterans Affairs (VA) is still in the long rollout of the Cerner/Leidos EHR system to replace their home-grown, once groundbreaking VistA and to be interoperable with the Department of Defense’s Cerner Millenium system. The Government Accountability Office (GAO) issued a report (PDF link) that concludes that “VA should postpone deployment of its new EHR system at planned locations until any resulting critical and high severity test findings are appropriately addressed.” These potential system failure points were brought up by GAO to Congress last October at the time of the first implementation in Spokane, Washington. The sidebar on GAO’s report states that VA agreed with the postponement, but a news report in FedScoop indicates that VA believes, per their comments in the report, that:

  • VA and Cerner have resolved the major issues (down to 55 from close to 400)
  • They will resolve the rest by January 2022
  • They will proceed with the scheduled rollout to the VA’s Puget Sound Health Care System in Q4 2021.

Hat tip to HISTalk, which managed to summarize this in seven short sentences (!).