TTA’s Hello Holiday! 2025 Quirky Predictions, a Santa wish list, Redesign, Precision BCI and other fundings, telehealth knocks down language barriers, UHG’s legal miseries, telehealth & the US budget, more!

 

 

 

 

We wind it up for 2025 with a year’s end newsletter to our Readers with a few Quirky Predictions and some Santa Wishes. A lot of news around telehealth in the continuing US budget wrangle (deadline Friday), raises making it inside the 2024 wire, UHG sued by Nebraska over Change and insider trading, Redesign Health’s fresh funding, Withings’ new BPM, removing language barriers using telehealth, and quite a bit more. 

We’ll be seeing you again on 6 January. Our last Alert will be on 23 December. Editor Steve and I wish you all the best for Christmas, Hanukkah, New Year’s, and all holidays you may celebrate! 

A year’s end newsletter to our Readers: a few wishes for Under the Tree, a few Quirky Predictions for 2025  (We stay true to being opinionated!)
News roundup: Precision’s $102M raise, more on BCI; Withings clears BPM Pro 2; Nebraska 1st state to sue Change/UHG, related insider trading update; VA Oracle go-lives may resume; ATA intros CODE; ClearDATA HITRUST certified (UHG’s Mound of Misery grows)
Rounding up last of 2024’s M&A/fundings: Redesign Health’s $175M, HEALWELL AI buys Orion Health, startup Tuva Health’s $5M (In the bank for 2024)
Federal budget continuing resolution battle could derail or delay telehealth extensions, physician fee increase, PBM reforms (updated 19 Dec) (Cut down by 90%, it may pass)
Perspectives: How Telehealth is Transforming Access for Limited English Proficiency (LEP) Patients (Removing a critical barrier)

The countdown to the holiday continues, with Walgreens working on a sale to a PE, kiosks reemerging, investigating a Masimo proxy war player, and shareholders sue HealthTap. CareMax sells the rest of itself, benefiting a 15% investor–and leaves 530 workers with coal in their stockings. Maternal monitoring in Malawi and healthcare workplace violence may make virtual nursing more attractive. And the tragedy of UnitedHealthcare’s CEO murder deepens with the suspect’s capture.

Short takes: improving healthcare worker safety; CareMax may ax 530 jobs in bankruptcy/sale, finds 2nd buyer; $15M Series A for Evidently, $35M Series B for Hyro AI (Both coal and presents in stockings)
Breaking: Walgreens in talks to sell out to PE Sycamore Partners (A speedy denouement?)
Perspectives: Virtual Nursing Optimism Grows, But Providers Remain in Early Stages (AvaSure guest editorial)
News roundup: OnMed to debut CareStation at January CES, former HealthTap employees sue investor MDV, maternal monitoring spotlight with PeriGen/Texas Children’s in Malawi, Ouma Health-Marani Health partner (Kiosks and lawsuits reemerge)
Breaking: suspect in UnitedHealthcare CEO’s murder arrested in Pennsylvania, to be arraigned tonight (updated) (The tragedy expands)
Masimo update: SEC announces investigation of RTW Investments and role in proxy war voting (Next act in Masimo drama)

Our kickoff towards the holiday season very sadly starts with the shocking murder of UnitedHealthcare’s CEO en route to a meeting in midtown Manhattan. There’s an abundance of other news. Black Basta and Salt Typhoon are hacking telecoms, there’s a brace of M&A action from healthcare staffing to RPM to PR, and technology action includes Neuralink and mood prediction to sleep activity. But the sad trombone continues to play for 23andMe and VillageMD.

Weekend short takes: Merative’s $25M funding, Risant closes on Cone Health, Aya buys Cross Country staffing for $615M, Supreme Group acquires Amendola PR
BT Group hacked by Black Basta, China’s Salt Typhoon breached 8 telecoms in dozens of countries, government records 
News roundup: VA’s 2025 EHR budget + vendor breach, Neuralink robot arm study, linking mood prediction to sleep, CoachCare buys Revolution Health RPM/CCM, Seen Health’s $22M launch, Spectrum.Life in Deloitte Ireland’s Fast 50
Breaking: UnitedHealthcare CEO Brian Thompson murdered in NYC
Wojcicki: I’m transforming 23andMe to be ‘viable’ and thriving–but had ‘no idea why her board resigned’ (Sad Trombone 1)
VillageMD’s co-founder/CEO resigns as Walgreens continues the brush-off after billions in losses (Sad Trombone 2)

From the short holiday week in the US, the stories range from Potential Big International Fraud to Neuralink’s Big Brain Implant Potential. Yet another CVS head departs. Congressional VA EHR controls also depart in new bill. And help fund the adventures of NeuroNinja, a comic superhero who just happens to be living with Parkinson’s. 

Short takes: Teladoc intros hospital bed fall risk detector, Veradigm’s AI scribe, Lucid’s pill-sized esophageal cancer diagnostic, Cortica’s $80M raise for autism treatment, LG NOVA startup winners
News roundup: Oak Street’s Pykosz departs CVS, Musk’s Neuralink gains Canadian clinical trial, VA healthcare improvement bill omits EHR oversight measures, 23andMe’s Mirador precision medicine partnership (Another CVS head departs, stage left)
Help fund the NeuroNinja comic–a superhero with Parkinson’s! (An unusual approach)
Breaking: Federal agents seize Steward Health’s CEO, international head’s mobile phones in widening US investigations (It’s big, it’s developing, it’s international
)

An unusual pre-Thanksgiving week focused on significant developments on ongoing Major Stories but little new. CVS Health bends the knee to investor Glenview. Controlled substances telehealth gets a 3rd extension. Revere Medical out of Steward ashes snaps up a broken MSO. Oura partners with Dexcom CGM and gets paid for it! What’s kind of new? HHS comes up short on cybersecurity leadership while accurate EHR notes are short in new VA study.

Government updates: GAO scores HHS on cybersecurity issues; patient issues largely omitted from EHR notes in VA study (Coming up consistently short)
News roundup: CVS Health cedes 4 new board seats to Glenview, Oscar’s strong Q3, telehealth controlled substance prescribing in 3rd extension, new Revere Medical to buy CareMax assets, Oura picks up $75M Dexcom financing and partnership (Further developments on Big Stories)

Cue the music…it’s the good, bad, and a ration of ugly this week. An under-the-radar company makes big buys in primary care and MSO. Veradigm might finally get itself sold. DOJ drags UHG to court over Amedisys–after the election. 23andMe continues to perhaps Destination Oblivion. Forward meets Oblivion after eight years. And Ali Parsa, one year after Babylon’s failure, serves up a new AI venture that gets a Gimlety view.

Bad News Roundup updates: UHG/Optum defends Amedisys buy fast via a website, digging deeper into Forward’s fast demise, former Masimo CEO Kiani booted–and sued (One lesson after another)
Bad News roundup: DOJ drops the hammer on UHG-Amedisys, 23andMe lays off 40% and closes therapeutics, Lyra Health lays off 2% in restructuring, Forward primary care + kiosks shuts down abruptly (We aren’t past it yet)
Babylon Health’s Parsa founds new AI medical assistant venture, Quadrivia, one year after Babylon Health’s failure (Parsa’s new AI-powered deal)
M&A action news: Astrana Health buys up Prospect Health for $745M after Centene MSO unit buy, Veradigm nears $1B+ sale, Sword Health lays off 17% of clinicians prepping for IPO using AI instead, Cigna is not buying Humana–really! truly! (M&A comes alive, with a new player)

The Big Race is over, 45 is now 47 come January, and health tech (plus related) news faces future. HLTH’s future is with UK’s Hyve Group. Cerebral faces an expensive DOJ/DEA Judgment Day for its Bad Behavior during the pandemic. 23andMe, CVS, and Walgreens face future survival. And what if in future healthcare sets a goal of zero failures, like aircraft makers and airlines?

News roundup: Cerebral forfeits $3.7M on federal Rx charges, Aetna president named, Stewardship Health sold to Rural Healthcare, Oura buys data company Sparta Science, Brook Health-Linus Health remote cognitive assessment 
Weekend reading: 23andMe’s up in the air future, including genetic data; Walgreens debates What To Stop and Start; what if healthcare pursued a zero-failure rate? (Some reckonings and a future view)
Surprise! HLTH conference group sold to UK’s Hyve Group Limited (Las Vegas barely a wrap)

Previous articles of enduring interest:

News roundup: Teladoc’s improved Q3, PursueCare resuscitates Pear’s apps, AMA removes 16-day RPM requirement in 2026, PatientPoint intros Innovation Network, PeopleOne’s $32B raise, Cigna-Humana again a no-go (Earnings season and post-HLTH announcements)
Some thoughts on the takeaways from HLTH (Not that many, strangely)

FTC drops the hammer on premerger notification requirements–what will be M&A and investment effects? (We told..and tell you so, no frills)


Have a job to fill? Seeking a position? See jobs listed with our job search partner Jooble in the right sidebar!


Read Telehealth and Telecare Aware: https://telecareaware.com/  @telecareaware

Follow our pages on LinkedIn and on Facebook

We thank our advertisers and supporters: Legrand, UK Telehealthcare, ATA, The King’s Fund, DHACA, HIMSS, MedStartr, and Parks Associates.

Reach international leaders in health tech by advertising your company or event/conference in TTA–contact Donna for more information on how we help and who we reach. 


Telehealth & Telecare Aware: covering the news on latest developments in telecare, telehealth, telemedicine, and health tech, worldwide–thoughtfully and from the view of fellow professionals

Thanks for asking for update emails. Please tell your colleagues about this news service and, if you have relevant information to share with the rest of the world, please let me know.

Donna Cusano, Editor In Chief
donna.cusano@telecareaware.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

News roundup: Precision’s $102M raise, more on BCI; Withings clears BPM Pro 2; Nebraska 1st state to sue Change/UHG, related insider trading update; VA Oracle go-lives may resume; ATA intros CODE; ClearDATA HITRUST certified

One more funding. A competitor of Elon Musk’s Neuralink, Precision Neuroscience. closed their Series C at $102 million. This round was led by General Equity Holdings, with participation from firms including B Capital; Duquesne Family Office, the investment firm of Stanley F. Druckenmiller; and Steadview Capital, bringing their total funding to $155 million. The total brings them according to their release as one of the best-funded brain-computer interface (BCI) company after Neuralink, whose funding is unknown. The funding will be used to advance its clinical research and expedite development of its cutting-edge brain implant. 

Precision is the developer of the Layer 7 Cortical Interface to treat motor paralysis. At the time of their last funding in January 2023, this Editor noted that their difference was to treat neurological illnesses and events such as stroke, traumatic brain injury, and dementia. Their focus remains largely there: severe spinal cord injury, stroke, ALS. So far, the investigational device has been tested its device in 27 patients through research partnerships and was designated by FDA as a Breakthrough Device.

More on BCI in this must-read article by Timmy Broderick for STAT. The upcoming issues around BCI now center around the engagement of CMS (Centers for Medicare and Medicaid Studies) for coding, coverage, and payment for devices after the investigational stage; privacy issues about neural data; and continued support after implantation. This last one is acute as these companies are young. There has already been the example of Second Sight’s bankruptcy, leaving subjects stranded with useless retinal devices in their eyes. BCI to this Editor will develop through 2025–and be a major focus of investment by 2026-2027.

Withings gains FDA clearance, intros BPM Pro 2. A professional-level product for hypertension and chronic heart failure (CHF) targeted to care teams to connect with their patients, the FDA clearance covers blood pressure and pulse rate measurement in adults with arm circumferences of 9 to 17 inches (22 cm to 42 cm) or 16 to 20 inches (40 to 52 cm). What is really interesting about the connected (Wi-Fi, cellular, BT) device is that care teams can program the device through the Patient Insights feature for the patient to interact with the device in real time. Through a small screen, it asks questions that help to track the patient’s condition, reinforce medication adherence, and assess their satisfaction. It also has a Retake Measure feature to retake a reading if results exceed predetermined thresholds and increases accuracy. Withings plans to upgrade the device to take a 1-lead ECG to detect atrial fibrillation; this is a separate clearance and expected to become available in 2025. The device is not yet CE Marked. Withings was named a CES 2025 Innovation Awards Honoree in the Digital Health category. (Photo, Withings website) Release, Mobihealthnews, MedCityNews

UHG’s Mound of Misery multiplies with Nebraska’s Change Healthcare lawsuit, plus separate but related insider trading. 

  • Nebraska became the first state to sue UnitedHealth Group, Optum, and Change Healthcare over those affected by the late February ALPHV/BlackCat hack of Change’s systems. In Nebraska alone, it affected 575,000 individuals. (It is actually hard to find someone who was not affected by the hacking of the leading exchange for major claims clearing and payments.) Nebraska’s attorney general Mike Hilgers is suing because of the company’s carelessness in handling data and, even worse, in its slow notification of those affected. Our Readers will recall that Change/UHG initially tried to push off notification on healthcare providers. When HHS threw the ball back to Change [TTA 5 June], notices didn’t go out until August-September. The charges in state law center on consumer law: financial data protection and consumer protection statutes, deceptive trade practices, and Federal standards on privacy (HIPAA, and HIT protection. The lawsuit was filed by the AG in the District Court of Lancaster County, Nebraska. Nebraska Examiner
  • The Change acquisition and later problems were possibly the catalyst for stock sales by senior/C-level UHG executives, including UnitedHealthcare CEO Brian Thompson. The $300 million Hollywood (Florida) Firefighters Pension Fund initiated a class action lawsuit alleging that the sales were made while the Department of Justice (DOJ) was considering an anti-trust action against UHG that would revisit the so-called ‘firewall’ between it and Change.  The complaint specifically mentions that UHG executives were aware of it as early as October 2023. The Wall Street Journal revealed the investigation on 27 February 2024–the same time as the Change breach was revealed, cracking the stock almost immediately. Executives including Thompson ($15 million), UHG CEO Andrew Witty, and board chairman Stephen Hemsley ($102 million) were named. The class action covers the period for stock purchased between 14 March 2022 and 27 February 2024. UHG has until 1 March 2025 to answer the complaint. Healthcare Finance News  (This is likely to affect the settlement of the Thompson estate–Ed.)

VA confirms that additional Oracle EHR implementations may go live in 2025, after 18 months of dead stop. The Oracle Cerner EHR is reportedly ‘running better’ at the current six sites where it is operating: five VA only (including 20 community clinics and about 100 support sites), and the sixth at Lovell jointly with the Military Health System (MHS). The restart of EHR Modernization (EHRM) was confirmed earlier during budget hearings by Kurt DelBene, assistant secretary for information and technology and chief information officer. Crash and lag downtimes are reduced by half and incident tickets by 60% since the last updates in August.  Timing remains indefinite for 2025 (FY ends 30 September 2025) but current VA Secretary Denis McDonough confirmed that primarily VA staff will continue to work on it under the Trump Administration. “The overwhelming majority of VA professionals who work on EHRM will be working on EHRM on January 21st, just as they were on January 19th,” McDonough said at an 11 December press conference. Federal News Network

Short takes:

  • The American Telemedicine Association (ATA) launched its new ATA Center of Digital Excellence (CODE) last week. CODE is constructed as an alliance with leading health systems for the development and implementation of digital health best practices that prioritize patient-centered care, equitable access, and improved clinical and operational outcomes. Tools span enhancement of workflows and patient engagement to improve healthcare accessibility. ATA release
  • ClearDATA’s CyberHealth platform and cloud managed services have earned Certified status by HITRUST for information security. ClearDATA provides healthcare specific managed cloud security, compliance and operations solutions. HITRUST, the Health Information Trust Alliance, is a non-profit that sets standards for data organizations through the HITRUST CSF framework. Release

BT Group hacked by Black Basta, China’s Salt Typhoon breached 8 telecoms in dozens of countries, government records

Telecoms, as linkages to digital health tools and remote patient monitoring, are vital–and lately the target of hackers.

BT Group’s BT Conferencing business division shut down some of its servers following a Black Basta RaaS ransomware breach. After an initial denial to Bleeping Computer, other reports confirmed that the breach was successful in snatching 500GB of data, including financial and organizational data, “users data and personal docs,” NDA documents, confidential information, and more (see screenshot of Black Basta’s leak site, left). BT confirmed that only some servers for the Conferencing business were taken offline and that live conferencing services were unaffected. According to Bleeping Computer, “The cybercrime group also published folder listings and multiple screenshots of documents requested by the company during the hiring process as proof of their claims. The ransomware gang also added a countdown to their dark web leak site, saying the allegedly stolen data would be leaked next week.” BT Group is continuing to monitor and is coordinating with international law enforcement entities. The Russian-based Black Basta since 2022 has been quite successful at its ransomware-as-a service business; its affiliates have breached over 500 organizations and collected $100 million in ransom payments from over 90 victims, according to CISA and the FBI.

Chinese state-sponsored hackers are no slouches in the telecom hacking business either. Their operation dubbed Salt Typhoon has breached at least eight telecom operations and their operations in dozens of countries. Anne Neuberger, deputy national security adviser to the currently expiring administration, seemed not to be overly alarmed that this activity has been going on for a year or two, stating that “at this time, we don’t believe any classified communications have been compromised. ” Companies confirmed by CISA and the FBI are T-Mobile, Verizon, AT&T, and Lumen Technologies. T-Mobile’s breach came via a connected wireline provider’s network, but their chief security officer stated that T-Mobile has no more attacker activity within its network.

Access to telecom allowed the Chinese hackers to intercept and steal internet traffic from internet service providers. Neuberger also confirmed that some government traffic had been compromised–that of government officials, the US government’s wiretapping platform, and there was theft of law enforcement request data and customer call records. Salt Typhoon has also used nom de plumes FamousSparrow, Earth Estries, Ghost Emperor, and UNC2286 to breach Southeast Asia government entities and telecom companies since at least 2019. FBI advice–encryption. Bleeping Computer

News roundup: VA’s 2025 EHR budget + vendor breach, Neuralink robot arm study, linking mood prediction to sleep, CoachCare buys Revolution Health RPM/CCM, Seen Health’s $22M launch, Spectrum.Life in Deloitte Ireland’s Fast 50

It’s $869 million for the EHR budget. The total budget for the Department of Veterans Affairs for FY2025, which started back on 1 October but is still unapproved by Congress, is $369 billion.

  • The overall EHR budget of $869 million includes current operations of VistA, Oracle Health, and exchange with the DOD/MHS system
  • Drilling down, the budget section for Oracle Cerner for the EHRM (EHR Modernization) has $375 million earmarked for the federal EHR contract. This addresses clinicians’ issues and supports healthcare deployment strategies that optimize resources throughout procedures.

VA decided in FY2023 that there would be no further deployments of Oracle Health’s EHR until the current multiple issues present at the existing six facilities using the Oracle Cerner EHR as well as the James Lovell joint MHS/VA implementation completed earlier this year were at least on a pathway to resolution. However, VA Secretary Denis McDonough said in April during early House Veterans’ Affairs Committee hearings on FY 2025 and 2026 budgets that there was the possibility that implementation may resume before the end of FY2025 using carryover funding, not FY2025 allocated funding. Whether Secretary McDonough will be remaining under the Trump Administration is, of course, subject to change.

In June, VA extended its contract with Oracle Health for another 11 months, not having much of a choice. In July, VA was sued by Laurette Santos, a VA clinical social worker in the White City, Oregon facility, over worker accessibility standards and lack of Federally mandated assistive technology in the Oracle EHR.

Additional funds are on request for IT–$6.2 billion for IT systems–and $10 million for AI research and development. ExecutiveGov

VA’s breach problem. It’s located with a vendor for medical transcription, DBP, Inc. According to the Veterans Health Administration release, the attack on DBP’s server encrypted files that were then potentially copied by the hacker. DBP shut down the server and disconnected it from the internet, preventing additional attacks. The vendor purchased new hardware and implemented new security controls. 2,302 veterans were affected with some or all the following information exposed: full name, medical record information, or Social Security number. It was also geographically wide: Maine, Boston, Connecticut, Baltimore Amarillo TX, and Minneapolis MN.

Neuralink moves forward with feasibility study with a robotic arm. Four months after Elon Musk proposed the N1 implant be capable of moving an Optimus (Tesla Bot) robotic arm or leg, Neuralink has an approved feasibility study, code named CONVOY, to investigate whether the N1 implant can move an Optimus robotic arm. Start date is not disclosed. This follows on the announcement of the clinical trial with Health Canada for the “Canadian Precise Robotically Implanted Brain-Computer Interface” (CAN-PRIME) for N1 brain implant and its R1 robot, which is used to place the 64-thread implant into the brain, and approval last month for Blindsight, an implant for sight restoration. [TTA 27 Nov]. Mobihealthnews

Quantifying the link between sleep and predicting moods. This relatively lean bit of research from South Korea uses machine learning (ML) to predict mood episodes in mood disorder patients using only sleep and circadian rhythm data from wearable devices including smartphones used by 168 patients generating 267 days of data. The researchers derived 36 sleep and circadian rhythm features to enable accurate next-day predictions for depressive, manic, and hypomanic episodes. A key finding that daily circadian phase shifts were the most significant predictors: delays were linked to depressive episodes, advances to manic episodes. The study has implications for symptom evaluation and for treatment effectiveness. Mobihealthnews, NPJ Digital Medicine

Acquisitions and funding:

CoachCare acquires Revolution Health Solutions in the busy RPM/CCM space. Both companies offer chronic care management (CCM) services enhanced by remote patient monitoring (RPM) and outsourced teams. CoachCare’s acquisition cost and staff transitions were not disclosed. CoachCare, based in NYC, has raised about $49 million over five rounds in an unusual way–four under $1 million, then in July a private equity round of $48 million from Topmark Partners and Integrity Growth Partners. They claim 150,000 patients and hundreds of healthcare organizations along with five other acquisitions. Revolution Health Solutions, based in Dallas, had no funding rounds listed on Crunchbase. They were founded and led by Jenn Gillette Tompkins who positions it as a partnership (her LinkedIn post).  Release

Seen Health comes out of stealth with $22 million. The Series A has five investors: Virtue, 8VC, Basis Set Ventures, Prime Time Partners, and Astrana Health. Seen is leveraging off the PACE model (Program of All-Inclusive Care for the Elderly) that helps chronically ill and infirm older adults remain in their homes and out of a nursing home by constructing a care team containing a social worker, nurse, dietician, primary care provider, and others. PACE models that started in San Francisco’s Asian and Pacific Islander communities in the 1970s have also been supplemented with digital health telemonitoring, such as QuietCare in 2006-9 (Editor’s note). Despite their advantages, PACE programs only cover 5% of older adults. Twin brothers Xing and Yang Su decided to build on PACE, creating culturally apt physical centers and equipping them with technology such as an EHR and geofencing that prevents wandering. Their programs will also include care at home coordinated with local agencies to provide low or no-cost care. The financing will be used to build out their first center in Los Angeles County’s San Gabriel Valley that focuses on the Asian and Pacific Islander (API) communities along with the needed technology and to build out their team. MedCityNews

Some nice recognition for Ireland’s Spectrum.Life. It ranked #41st in Deloitte Ireland’s 2024 Technology Fast 50 Awards, which recognize the fastest growing Irish tech companies. Spectrum.Life’s digital platform supports digital health, mental health, and wellbeing for employers and employees in the workplace, insurers, and educators. Their services are used by 9.8 million insurance members, 3,000 corporate clients, 60+ universities and 650,000 university students. WireNews

Two ‘oops’ at VA: OIG finds VA, Oracle performance misalignments, makes 9 recommendations; VP candidates’ EHR records improperly accessed by VA employees

Another OIG audit still finds plenty of inconsistencies between VA and Oracle Health in the EHRM implementation–and makes another set of recommendations. The VA’s Office of Inspector General (OIG) conducted a review of the ongoing EHR Modernization (EHRM) at the VA, and once again found shortcomings in processes not addressed in the May 2023 revision of the 10 year contract.

It’s all about controls and consistency in response. The report identified that VA and Oracle Health still do not have adequate controls to prevent system changes from causing major incidents. Regarding response, both organizations are not uniform nor thorough. Controls were not adequate to mitigate incident impact by providing standard procedures and interoperable downtime equipment. VA lacked a formal process for linking delays to specific major performance incidents.

The auditors analyzed 360 major performance incidents—outages, performance degradations, and incomplete functionality—that occurred between 24 October 2020 and 31 August 2022, plus additional incidents through March 2024. Even though deployments halted in VA facilities except for the joint MHS/VA rollout at Lovell Federal Health Care Center in March, major performance incidents continued, including at Lovell which experienced a major problem in filling 60% of prescriptions.

The OIG made nine recommendations in their report. Grouped together, they include the following actions:

  1. Real-time data sharing to give VA greater awareness of potential problems in system operations
  2. Prioritizing major performance incident response in a clear and consistent manner
  3. Developing and enforcing response and other performance metrics to hold the contractor accountable
  4. Requiring sufficient detail in post-resolution reports
  5. Raising staff awareness of procedures
  6. Acquiring appropriate backup systems for downtime
  7. Better identifying and addressing major performance incidents linked to negative patient outcomes.
  8. Identifying the appropriate backup system and develop a training strategy to ensure clinicians can use the system during downtime.
  9. Assessing facilities’ patient safety reports identified during this audit, determining if additional actions need to be taken and, if so, providing an action plan.

VA release, Healthcare IT News

Some VA employees got very naughty in looking up information on the two VP candidates. Both Ohio Senator JD Vance and Minnesota Governor Tim Walz are both veterans (Marines and Army National Guard, respectively). The breaches were discovered in August during a security sweep of high-profile health accounts held in the VA’s EHR. 

  • 12 employees used their VA computers to access information on Vance and Walz.
  • These included physicians and a contractor viewing for an “extended time”.
  • The curious employees may face charges including dismissal and criminal charges. The length of access and intent will be taken into account.
  • Unknown is whether any of the information was shared outside of VA.

Their respective campaigns were notified and the investigation continues. The VA sent a memo to all employees on 30 August from VA Secretary Denis McDonough with a restatement of official data privacy and conduct directives plus the results of a failure to comply. Original reports were in the Washington Post and CNN. Healthcare IT News, Becker’s

23andMe settles 6.9M data breach lawsuit for $30M. Breaking–all seven independent directors quit

23andMe settles, not fights. And their independent directors just quit. The troubled (understatement) company is paying $30 million to settle a massive class action lawsuit around the 6.9 million data breach that started a year ago. This infamous data breach that TTA timelined here was discovered last October, with 23andMe claiming it only affected 14,000 records. Reality dawned as it rapidly grew to millions through the 23andMe databases of over 14 million. By December, 23andMe then resorted to blaming users reusing previously breached passwords (credential stuffing) which was easily disproved. It was one of the worst corporate faux pas since Bud Light.

The hackers had also specifically targeted people with Chinese or Ashkenazi Jewish heritage which wasn’t disclosed until February, though part of the October 2023 hack. It added to the suspicion that those of Jewish heritage were specifically targeted.

Users as a group will receive $30 million along with three years of credit monitoring called Privacy & Medical Shield + Genetic Monitoring. The settlement reached 13 September requires approval by the Federal District Court in the Northern District of California, San Francisco division.

Notably, 23andMe spokesperson Katie Watson confirmed to The Verge that $25 million will be covered by cyber insurance, so most of the cash is there. The settlement document also refers to the extremely uncertain financial condition of the company and asks that the judge halt any further arbitrations by tens of thousands of other class members. 23andMe’s parlous financial status is publicly well known, but no other buyer since the board’s turndown in August of Anne Wojcicki’s offer of $0.40 per share has stepped up to make an acceptable offer. (Perhaps the board was premature–it closed today at $0.34.) Reuters 

Breaking: Wojcicki won’t have to worry about her independent directors anymore. They’ve resigned, effective today, leaving a board of one. The seven directors sent a letter today (Tuesday 17 September) to CEO Wojicki citing that the Special Committee of the board, after months of work, never received from Wojcicki a “fully financed, fully diligenced, actionable proposal that is in the best interests of the non-affiliated shareholders”. It was quite an ask, given that Wojcicki controls the company through a supervoting arrangement. She reportedly holds 22.5% of the company’s outstanding Class A common stock and 59.2% of outstanding Class B common stock (according to analyst TD Cowen)–other reports state that she has in total 49.99% of the voting power. In their letter, they made it clear that the differences were irreconcilable: “Because of that difference and because of your concentrated voting power, we believe that it is in the best interests of the Company’s shareholders that we resign from the Board rather than have a protracted and distracting difference of view with you as to the direction of the Company.” Your move, Anne. Release

(An examination of the board posted online reveals that only one of the resigning members, Richard H. Scheller, ever worked at 23andMe. According to his online bio, he joined 23andMe in 2015 as Chief Scientific Officer and Head of Therapeutics. According to his Caltech board of trustees bio, he retired from 23andMe in 2019.)

News roundup: VA extends Oracle Cerner for 11 months; Amwell founders swap jobs; Alphabet’s Verily pivots to Lightpath with GLP-1, retiring Onduo; UnitedHealth hasn’t notified on Change breach

To no one’s surprise, the Department of Veterans Affairs (VA) extended its contract with Oracle Cerner for another 11 months. This is per the new contract relationship that started last year, resetting from the original five-year contract that started in 2018 to five one-year terms, with mandatory annual reviews and renewals [TTA 18 May 2023]. Technically, the contract expired in May but VA extended it for one month as discussions continued over the next one-year term. This second option period expiring May 2025, according to the VA release, is focused on the following for the EHR modernization (EHRM):

  • Supporting the existing six facilities with the Oracle Cerner EHR
  • Achieving the goals of the reset and driving towards future deployments
  • Increased accountability across a variety of key areas, including minimizing outages and incidents, resolving clinician requests, improving interoperability with other health care systems, and increasing interoperability with other applications to ensure an integrated health care experience
  • Supporting value-added services, such as system improvements and optimizations
  • Achieving better predictability in hosting, deployment, and sustainment
  • Fiscal responsibility 

The plan is to resume site deployments in FY 2025, likely in year 2025, after reset goals are met. Seema Verma, Oracle Health’s new executive vice president and general manager, said that “VA’s intent to resume deployments in the next fiscal year is a significant milestone that reflects the hard work our collective teams have done to improve the system today, as well as confidence in our shared ability to continually evolve the EHR over time to meet the needs of both practitioners and patients.” NextGov/FCW, FierceHealthcare, Healthcare Dive, Oracle release

Is there much choice for the VA in the matter? Not really. VistA can be updated but remains non-interoperable with the Military Health System’s (MHS) Cerner-Leidos EHR. But can Oracle Cerner be fixed up and debugged to work for VA’s vastly different needs and smoothly deployed within the contract duration? That jury is still out in the view of the VA and Congress.

The Brothers Schoenberg swap positions at Amwell. Roy Schoenberg, MD, MPH, will transition immediately from his role as president and co-CEO to move to executive vice chairman of Amwell’s board of directors. Ido Schoenberg, MD, will become the sole CEO. The brothers co-founded the company in 2006. Ido’s quote closing the release is interesting in demonstrating the shift from investment without profits to getting on the path to profitability:  “This transition represents a natural evolution for our company as we shift from a period of intense R&D investment to an operational focus aimed at achieving greater efficiencies, optimizing cash flow and delivering profitable growth while maintaining our dedication to enabling our clients’ aspirations.” Roy is credited with developing Converge which is their next-generation integrated platform. If Teladoc is finding it difficult to transition from the stand-alone, transactional, urgent care service they and Amwell pioneered, into an evolved market that has incorporated virtual capabilities into multiple types of care models, whither Amwell’s future? More thoughts in TTA 2 May, 9 April

Alphabet (Google)’s once-visionary Verily now jumps on the GLP-1 bandwagon with Lightpath. Verily’s latest pivot to the highly trendy weight loss area is termed as a metabolic solution as part of a “personalized chronic care solution for health plans and members”.  Lightpath will start as Lightpath Metabolic, a four-part program that includes Metabolic Intensive (diabetes management), Weight Loss Intensive, Metabolic Improvement, and Metabolic Achievement. The Verily platform integrates data from health records, connected devices, and other care points to deliver “personalized pathways, suggestions, and nudges to health plan members” virtually along with health coaches and an advanced licensed clinical team. The current virtual chronic care management platform, Onduo, will be retired by 2025.

Once upon a time (2021, sigh), Verily was Google’s skunk works for advanced health tech with Google Health being the marketing and merchandising arm for clinical and consumer products. Google Health was broken up in August 2021 and Verily faded into the Alphabet background with the occasional joint venture and clinical pilots, with Onduo being their most marketable product. Google seems to have little direction for Verily other than to keep it alive. And given the competition plus a greater understanding of the long term effects of the GLP-1 drugs in the weight loss area, the GLP bandwagon is up for a shaky ride in the next year. Release, FierceHealthcare

And very strangely, UnitedHealth Group hasn’t notified Health and Human Services’ Office of Civil Rights (HHS-OCR) about the ransomware data breach at Change Healthcare, nor the individuals affected. The notification to OCR is required under HIPAA to be within 60 days of the date of the incident. UHG is over the deadline by two months, calculating from 21 February. CEO Andrew Witty wilted before double-barreled Senate and House hearings in May and UHG lost a fight to put the notifications for the breach onto providers [TTA 5 June]. Senators Margaret Wood Hassan (D-NH) and Marsha Blackburn (R-TN) sent a joint letter on 7 June to Andrew Witty, CEO of UnitedHealth Group, urging him to send a breach notification letter that notifies OCR, state regulators, Congress, the media, and health care providers that it intends to complete all breach notifications on behalf of all HIPAA-covered entities, individuals and businesses affected, by 21 June. That’s Friday. UHG continues to maintain that they still do not know the extent of the breach. The Medical Group Management Association (MGMA) also sent a letter to Mr. Witty on 12 JuneDon’t hold your breath for UHG sending millions of letters. Becker’s, HealthExec

Midweek news roundup: Optum exiting telehealth, laying off; Advocate Health selling MobileHelp; VA notifying 15M veterans re Change PHI breach, Oracle moving to Nashville–maybe? (updated)

Optum Virtual Care closing, staff layoffs in progress. Optum Everycare CEO Jennifer Phalen on an 18 April internal conference call announced that the unit would close. According to sources, some employees would have layoff dates in July. No further details were available on other layoffs or plans for integrating Virtual Care’s capabilities into other Optum units, except for generalities. “We are com­mit­ted to pro­vid­ing pa­tients with a ro­bust net­work of providers for vir­tu­al ur­gent, pri­ma­ry and spe­cial­ty care op­tions,” and “We con­tin­u­al­ly re­view the ca­pa­bil­i­ties and ser­vices we of­fer to meet the grow­ing and evolv­ing needs of our busi­ness­es and the peo­ple we serve.” a spokesper­son for Unit­ed­Health said to End­points, a biopharma publication from the University of Kansas which broke the story.

For Optum, this is the second shoe drop about layoffs and closures in less than two weeks. Reports from social media and layoff-specific boards indicated that thousands were being laid off, from their plans to urgent care and providers [TTA 23 Apr]. These were not confirmed by Optum nor by UnitedHealth Group. It’s not known if this unit’s closure was included in the total. 

The larger picture is that it is symptomatic of the sudden growth, then equally sudden consolidation, of general telehealth. Optum opened the unit in April 2021 as the pandemic entered year 2. Utilizing existing capabilities, UHG claimed it facilitated more than 33 million telehealth visits in 2020, up from 1.2 million in 2019. The number looks sky high but in that time of practices closing it was a free-for-all in telehealth–and ‘facilitating’ is a nebulous catchword that could mean a practice using Facetime, telephones, or an EHR/population health platform module. Commercial claims for telehealth have remained at 4 to 5% since (FAIR Health, Jan 2024). Even during the pandemic’s first year, telehealth claims hit a peak of 13 percent in April 2020 that dropped fast to 6% by August 2020. Well over 60% are for behavioral telehealth claims.

A leading indicator: Last June, Optum Everycare’s CEO from their 2021 start, Kristi Henderson, a former Optum SVP for digital transformation, departed to become CEO of Confluent Health, a national network of occupational and physical therapy clinics. It was about as far away as one could get from telehealth, digital transformation, and Amazon Care, her former employer that expired in 2022.

Apparently, UHG and Optum see no further need for a virtual care specialty unit, instead integrating it into plans and other Optum services. According to MedCityNews, industry analysts aren’t surprised. Both Amwell and Teladoc have had well-known struggles. The latest: Walmart, after investing millions into their unit that included full clinics and a virtual care service, also made news on 30 April that it is closing both. Also greatly on UHG’s mind: cleanup after the Change debacle, making Mr. Market happy, and the looming antitrust action by DOJBecker’s, Healthcare IT News, 

In another sign that healthcare investors are selling off ancillary businesses, Advocate Health is selling PERS provider MobileHelp. It “no longer fit the strategic priorities of Advocate Health” according to their 22 April audit report (see document pages 10 and 13) and was authorized last December.

Advocate, through its investment arm Advocate Aurora Enterprises, acquired both MobileHelp, one of the earliest mobile PERS, and sister company Clear Arch Health, a remote patient monitoring provider, in April 2022. Cost was not disclosed at that time but later was reported to be $290.7 million. The plan at the time was to combine both MobileHelp and Clear Arch with a senior care/home health provider earlier acquired by Advocate for $187 million, Senior Helpers. That company was sold in March to Chicago-based private equity firm Waud Capital Partners for an undisclosed amount. The MobileHelp sale is expected to close later this year. Buyer and price are not disclosed. The expected loss on the MobileHelp sale was figured into FY 2023 as part of an asset impairment write-down of $150 million, which Advocate said was “related to the expected loss on the sale of MobileHelp.” The PERS and RPM business is a largely consolidated ‘cash cow’ type of business that (Editor’s prediction) will be snapped up by another player like Connect America, Alert One, or a smaller player like ModivCare. Milwaukee Business Journal, Becker’s, Crain’s Chicago Business (requires subscription)

VA admits that some veterans may be affected by Change Healthcare data breach, PII/PHI disclosure. While Department of Veterans Affairs Secretary Denis McDonough at this time believes that “there’s no confirmation yet” that veteran data was exposed, the scope of the Change Healthcare breach has led VA to formally alert via email 15 million veterans and their families of the possibility. The email also included information “about the two years of free credit monitoring and identity theft protection” that Change Healthcare is offering to those affected by the attack. The VA maintains that the attack resulted in only a temporary delay in filling 40,000 prescriptions but did not cause “any adverse impact on patient care or outcomes,” according to a department spokesman. NextGov/FCW 26 April, 23 April 

In related news, HHS as of 19 April had not received any notification from Change Healthcare nor UHG. They are required to file a breach report as providers and also as covered entities. They have 60 days from the breach occurrence on 21 February to report, which is coming right up. Becker’s

If Larry said it, it must be true…assemble the moving boxes. At an Oracle conference in Nashville last week, Oracle chairman Larry Ellison said to Bill Frist of investment firm Frist Cressey Ventures that he planned to move the company to that city as “It’s the center of the industry we’re most concerned about, which is the healthcare industry.” It’s their second public Larry and Billy meetup in the last few months, the last in November at the Frist Cressey Ventures Forum where Ellison had previously touted Nashville. Ellison is investing in and building a 70-acre, $1.35 billion campus on Nashville’s riverfront. Oracle is currently HQ’d in Austin, Texas having moved in 2020 from Redwood City, California but with extensive facilities remaining in the state. Texas and Tennessee have one thing in common–a superior business climate. Both are long on lifestyle, though Austin is not as temperate (read, hot) as Nashville. What Nashville has that Austin doesn’t is being a healthcare hub. At least in Ellison’s view, healthcare is where it’s at and so is Nashville. So as long as he’s running Oracle from his manse on Lanai, Oracle does what Larry says. Healthcare Dive, Healthcare IT News, The Tennessean

More fun facts about Larry Ellison and Nashville: David Ellison, his son, is founder of Skydance Media, a major Hollywood production company (Mission: Impossible and others) and negotiating a zillion-dollar merger with Paramount Pictures. David’s wife is a singer trying to make it in Music City and they have a home there. Kind of like the age-old trend of moving the HQ near where the CEO’s living. On moving the HQ to Nashville from Austin, this would affect perhaps 2,500 workers based there currently. Most of Oracle’s workers are dispersed and work remotely. 6,400 of former Cerner-ites are still in Missouri and 7,000 remain in California. Big hat tip to HIStalk—scroll down and see more about Larry and Billy’s talk, which also covered cybersecurity, the NHS (which uses Cerner), and automating hospitals and the hospital-payer interface.

23andMe data breach may have targeted those of Jewish and Chinese heritage; company valuation crashes (updated)

23andMe’s hole gets deeper. And deeper. As more dots are connected on their data breach–and financial situation.

Part 1: The data breach that exposed 6.9 million records at genetic testing and data company 23andMe isn’t only being fought in the courts as to who to blame (customers recycling already corrupted passwords versus a site vulnerability to brute-force hacking). It appears the hackers had specifically targeted people with Chinese or Ashkenazi Jewish heritage. Worse, 23andMe is not addressing that. The evidence was there as early as October.

  • 1 October: an unknown person posts on the 23andMe subReddit that they had customer records, posting a sample of the stolen data. Supposedly this is how 23andMe found out that their user data had been hacked and stolen. (Editor’s note–this zero-trust breach beggars credibility in a tech-oriented company.)
  • 6 October: 23andMe’s blog post announcement of the initial 14,000 records hacked in their customer base, which later grew to 6.9 million records revealed through the links to MyHeritage, in adding functionality to Family Tree, or sharing their information by opting into 23andMe’s DNA Relatives feature. 
  • 6 October: Wired’s reveal that earlier in that week, a hacker posted on BreachForums a data sample of what they claimed were 1 million records exclusively on those of Ashkenazi Jewish heritage, plus hundreds of thousands of records on those of Chinese heritage. By Wednesday, the hacker was selling what was claimed as 23andMe profiles with information on display name, sex, birth year, and details on genetic ancestry results, but not raw genetic data. Pricing was between $1 and $10 per account depending on number purchased.
  • By December, 23andMe was squarely blaming users for reusing passwords (credential stuffing), even if they created a unique password, and denigrating their right to demand legal accountability from 23andMe on their lax security procedures. [TTA 6 Dec 23, 19 Jan]

None of the contacts that 23andMe has made with users since October, including the letter sent to breached users (via TechCrunch) refers to any specific ethnic group targeting. 

World events made this targeting and timing very important. The brutal attack by Hamas in the south of Israel was the very next day after the breach was disclosed, 7 October. It killed 1,200 civilians, with over 200 hostages. Israel declared war on Hamas in Gaza which still goes on, as do the demonstrations against Israel and overt anti-semitism. Given the targeting evident in this breach of individuals with information for sale, by 11 January Representative Josh Gottheimer (CD-5, NJ) sent a letter to the director of the FBI to investigate the hacking, specifically because the information could be purchased via sites used by hackers to merch this type of information–and used to target Jews globally.

Third-party data included in the hack? There is also the possibility that DNA information from third parties such as Sequencing entered 23andMe’s database. In Illinois and other states, this type of sharing is illegal without specific consent. This information could also have been stolen without the knowledge of the individual. This has sparked additional class action lawsuits. The Times of Israel

Part 2: 23andMe is in poor shape financially. Like all too many companies that went public in 2021, 23andMe is a cracked SPAC that debuted in February 2021 above $16, with a company valuation of $6 billion, and now is trading on Nasdaq at $0.73 which gives the company a negligible value. Revenue is upside down and the company is torching through the $1.4 billion it raised both in the market and through private investment. The WSJ’s estimate in a far-reaching article is that it is 80% gone. Founder Anne Wojcicki’s stock has supervoting privileges which means she effectively controls the company, not the shareholders.

Both Ancestry (remember them?) and 23andMe had ups and downs from 2015 but the hype, especially after the Theranos implosion that year, was stunning. Genetics became The Next Big Thing That Would Save Health Tech. The large flaw–the market for genetic testing for ancestry and/or health is a ‘one and done’, which TTA predicted back in 2020 and earlier. Wojcicki guessed early on that a revenue model lay in selling de-identified genetic information to pharma. But their five-year exclusive deal with GSK ended last year and led to an 11% layoff [TTA 10 Aug 23]. Subscriptions for lifestyle counseling starting at $200 and exceeding $1,100 never took off. Growing their $4oo million Lemonaid buy from fall 2021 into a more robust and integrated telehealth platform never happened. Her long-term bet was moving into drug discovery using all that DNA data, but only two drugs of 50 have reached early-stage human trials.

Whether 23andMe will climb out of this crater, both financial and data security, as they did several times in early days, is to be seen. But Wojcicki’s personal brand apparently remains in great shape, unlike their data security. Also Futurism

*Updated 2 Feb for additional references, content, and copy editing

Got a data breach? Blame the victims like 23andMe did!

23andMe wished its breached customers Happy New Year by putting the blame…on them!

The hacking that started with 14,000 records and grew to exposing the records and personally identifiable information (PII) of 6.9 million users, about half their customer database, has spawned over 30 class action lawsuits in the US, plus lawsuits in Ontario and British Columbia, Canada. 23andMe, in their responses to law firms and on their blog, told lawyers and users–not unexpectedly–that the data breaches were due to 23andMe users recycling log in credentials, such as passwords, that were used on other–breached–websites, and failed to update them on 23andMe after these incidents.

However, as this Editor noted when this first broke in December, this credential stuffing doesn’t account for the targeting nor the hacking of users who claimed they had unique credentials, including the US National Security Agency (NSA) cybersecurity director Rob Joyce who creates a unique email for each of his accounts (!). It also doesn’t account for how 14,000 brute-force hacked records grew exponentially to 6.9 million records. One reason may be data sharing with a partner, MyHeritage, in adding functionality to Family Tree, or sharing their information by opting into 23andMe’s DNA Relatives feature. 

It also does not account for how 23andMe squarely blamed users–that they were negligent in whatever passwords they used, that two-factor authentication was available since 2019 (but optional), that the information taken didn’t include highly sensitive information such as Social Security number, driver’s license number, or financial information. Therefore any lawsuits were futile, per a letter from 23andMe’s Greenberg Traurig to one of the class action firms, Tycko & Zavareei LLP. Afterwards, 23andMe reset all passwords and instituted mandatory multi-factor authentication, closing the barn door after the horse, cow, and goat got out and made it to the next county.

Playing into this is the weakness of US law around what constitutes ‘reasonable security procedures’ for securing personal information–and that is from the wording of the California Privacy Rights Act (CPRA), which may be the US’ toughest privacy law. On one hand, users have responsibility for a decent, unique password every time–but on the other hand, 23andMe bears responsibility for securing its shared data and not letting a breach get wildly out of hand like this one did. And what if next time it’s the actual DNA information?

The insult to injury: In December, 23andMe changed their terms of service to essentially indemnify themselves. Users had to agree, in the terms of service, exactly 30 days to opt out of the right to participate in a class action lawsuit and instead submit to private arbitration in the event of a dispute.

Not owning up to some fault is not the way to build customer confidence. Especially with a company in a faltering sector now trading around $0.70 per share. TechCrunch, ArsTechnica

Another turkey: potential 9M patients affected by medical transcription vendor data breach

Vendors are hot, hot, hot…with hackers. In another notable vendor data incident, Perry Johnson & Associates (PJ&A), a Henderson Nevada-based provider of transcription services for hospitals and physician practices, reported a data security incident to the US Health & Human Services (HHS) Office of Civil Rights (OCR) on 3 November. The breach occurred in the network and files were copied 27 March-2 May, when it was detected. 8.95 million individuals were affected, with over 4 million individuals in NYC and Syracuse at Northwell Health, the largest health provider in New York State, and Crouse Health. Northwell hasn’t had much luck with transcription providers, having been affected by Nuance Communications’ hack earlier this year by one of their vendors–the Progress Software MOVEit file transfer protocol (FTP) theft traced back to ransomwareistes CLOP [TTA 3 Aug].

Personal health information stolen for all included name, date of birth, address, medical record number, hospital account number, admission diagnosis, and date(s) and time(s) of service. While the records didn’t contain financial information, some patients may have had breaches of their Social Security numbers, insurance information and clinical information from medical transcription files, such as laboratory and diagnostic testing results, medications, the name of the treatment facility, and the name of healthcare providers.

PJ&A notified affected providers on 29 September and affected patients on 31 October. In addition to the 4 million+ in New York, 1.2 million individuals were served by Cook County Health in Illinois. The rest have not been identified. TechCrunch, News4NY, PJ&A notice 

Weekend news roundup: GE Healthcare spins off, adds CTO; Allscripts now Veradigm; NHS Brainomix AI stroke trial success; Withings home urine scanner; Careficient buys Net Health EMR; CommonSpirit’s class action suit on data breach

GE Healthcare now trading on its own. On Wednesday, GEHC rang Nasdaq’s traditional opening bell virtually on its first day of trading Wednesday (4 Jan). The bell ringing was unique as the first company in Wisconsin to do so from their plant in Waukesha. GE retained approximately 19.9% of the outstanding shares of GE HealthCare common stock with the remaining 80.1% distributed to current GE shareholders. Today it closed at $58.95 and remains headquartered in Chicago. (It moved from Amersham UK back in 2016.) Management is now independent, with Peter Arduini as CEO and adding yesterday a new chief technology officer, Taha Kass-Hout MD, MS, from Amazon’s health AI area to lead the company’s new science and technology organization through their four areas: Imaging, Ultrasound, Patient Care Solutions, and Pharmaceutical Diagnostics. Release, Yahoo Finance  Also Mobihealthnews

Remember back in 2019 when problematic EHR Practice Fusion was renamed Veradigm? Allscripts has now renamed the entire company as Veradigm, after expanding it to analytics and research. After two years of reorganizing and downsizing (plus paying off Practice Fusion fines), selling off their hospital/large practice EHRs to Constellation Software/N. Harris Group for $700 million last May, the slimmed-down Veradigm Network encompasses electronic health records, practice management systems, and patient communication platforms. Interestingly, a search first leads you to a main corporate website under Allscripts and doesn’t forward automatically to Veradigm, making this a softer-than-usual name change. Now Veradigm can pick up a few companies on the market, as they announced last year. Release    Hat tip to HISTalk

NHS using Brainomix AI to diagnose stroke faster, tripled near-full recoveries to 48%.  The key finding: patients diagnosed using AI made near full recoveries increased from 16 to 48%. The trial of e-Stroke Suite took place in 22 hospital trusts in England across 111,000 suspected stroke patients. The AI in the e-Stroke Suite cut average diagnosis to treatment time by an hour from 140 to 79 minutes. The AI technology was developed by UK company Brainomix. Daily Mail, Oxford Academic Health Science Network case study (Note: Oxford AHSN, Brainomix, and Royal Berkshire NHS Foundation Trust (RBH) are partners in the National Consortium of Intelligent Medical Imaging (NCIMI).)

Withings is debuting the U-Scan, an in-home urinalysis device, at CES. The 90 mm device sits in the toilet bowl and uses cartridges to analyze urine components, sending results to the Withings Health Mate app. Cartridges for Europe so far are Cycle Sync for menstrual period tracking and ovulation windows, and Nutri Balance for hydration and nutrition. Nutri Balance analyzes specific gravity, pH, vitamin C, and ketone levels. The U-Scan will debut in Europe at the end of Q2, with the U-Scan starter kit priced at €499.95.  Both await FDA clearance. Withings U-Scan page, Mobihealthnews

Careficient buys Net Health’s home health/hospice EMR. Careficient already is present in the home health, hospice and home care cloud EMR market. Net Health is selling its home health, hospice, home care and palliative solutions EMR, marketed under HealthWyse and Hospicesoft, as well as its revenue cycle management (RCM) division, to concentrate on wound care and rehabilitation therapy. This expands Careficient’s client base by 750 locations in 39 states. Transaction cost was not disclosed. Release

Add to the cost of hacking multiple class action lawsuits. CommonSpirit Health, based in Chicago and the second largest health system in the US covering 21 states under CHI and Dignity Health names, not only has to remedy a massive 600,000 patient data breach discovered last October [TTA 3 Dec], but also fight a class action lawsuit filed 29 December by a patient in the US District Court for the Northern District of Illinois. Financial, health insurance, and medical information were all breached. The suit requests damages exceeding $5 million and injunctive relief, including stronger data protection practices. It will be the first of many as a quick search indicates multiple law firms seeking claimants. FierceHealthcare, WGNRadio

Weekend review: FDA clears Apple Watch ‘AFib History’, OS9 adds health features; Amwell’s new CMO; 2M records breached at New England provider, largest this year

Apple Watch adding first-ever ‘AFib History’ in watchOS 9 software release. Announced 6 June, Apple received their FDA 510(k) clearance for this new feature which adds on to the existing ECG app and irregular rhythm notification. The History feature includes an estimate of how frequently a user’s heart rhythm shows signs of atrial fibrillation, including additional weekly notifications to understand and track this on a printable PDF. According to their release, users can view a detailed history in the Health app, including lifestyle factors that may influence AFib, like sleep, alcohol consumption, and exercise, which can be downloaded and printed.

Other health-related features on the watchOS9 release include:

  • Medications app for managing medications, vitamins, and supplements, including a medications list, schedules and reminders, and directly view medication information in the Health app
  • Sleep Insights, an add-on to the existing sleep tracking that informs users of sleep stages. Using signals from the accelerometer and heart rate sensor, it will detect and track when users are in REM, core, or deep sleep.

Apple release 6 June, FierceHealthcare

Amwell names new chief medical officer. Carrie Nelson will be working with payer and provider organizations in care delivery from Amwell’s new platform, Converge. In addition, she will be heading up the Amwell Medical Group, their clinical partner. Dr. Nelson was formerly Advocate Aurora Health’s senior vice president and CMO for Population Health and Health Outcomes, where she was also chief clinical officer for Advocate Physician Partners, their value-based care physician group. Amwell is transitioning practices from its prior platforms and needs to maintain their presence with both groups as many are finding alternative telehealth systems. Amwell release, Healthcare Dive

And what week wouldn’t be complete without a massive healthcare data breach? The leading event so far this year took place over two weeks in March at 60 healthcare facilities affiliated with Massachusetts-based Shields Health Care Group. While it was only 7 to 21 March and discovered 28 March, apparently the quaintly-titled ‘unknown actor’ was able to compromise data. The investigation by Shields and Federal and state regulators is ongoing as to what data was accessed and taken; to date, there is no evidence to indicate that any information from this incident was used to commit identity theft or fraud. The difference in breaches between now and the past is how rapidly it’s discovered.  Shields Health notice, Healthcare Dive

Digital health: why is it a luxury good in a world crying for health as a commodity?

Why digital health still struggles to find its stride. Those of us in the healthcare field, especially Grizzled Pioneers, have been wondering for the past decade why Digital Health’s Year is always Next Year. Or Next Decade. 

Looking back only to 2000, we’ve had 9-11, a dot-com bust, a few years in between when the economy thrived and the seed money started to pollinate young companies, a prolonged recession that killed off many, and now finally a few good economic years where money has flooded into the sector, to good companies and those walking the fine line of mismanagement or fraud. We’ve seen the rise/fall/rise of sensors, wearables, and remote monitoring, giants like Google and Microsoft out and back in, the establishment of EHRs, acceptance by government and private payers, quite a bit of integration, and more. All one has to look is at the investment trends breaking all records, with funding rounds of over $10 million raising barely a notice–enough to raise fears of a bubble. Then there’s another rising tide–that of cyberattack, ransomware, insider and outsider hacking.

Is it this year? It may not be. Despite the sunshine, interoperability holds it all back. Those giant EHRs–Cerner, Epic, Athenahealth, Allscripts–are largely walled gardens and so customized by provider application that they barely are able to talk to their like systems. There are regional health exchanges such as New York’s SHIN-NY, Maryland’s CRISP, and others, but they are limited in scope to their states. The VA’s VistA, the granddaddy of the integrated system, died of old age in its garden. Paul Markovich, CEO of Blue Shield of California cites the lack of interoperability and being able to access their personal health data as a major barrier to both patients and to the large companies who want to advance AI and need the data for modeling. (China and its companies, as we’ve noted, neatly solve this problem by force. [TTA 17 Apr]) Apple is back in with Health Records, but Mr. Markovich estimates it may take 10 years to gather the volume of data it needs to establish AI modeling. Some wags demand that Apple buy Epic, as if Epic was up for sale. BSC, like others, is testing interoperability workarounds like Notable, Ooda Health, and Manifest MedEx. Mr. Markovich cites interoperability and scaling as reasons why healthcare is expensive. CNBC

And what about those thriving startups? Hold on. During the Google Cloud/Rock Health 3 June event, one of the panelists–from Partners HealthCare, which works both side of the street with Pivot Labs–noted that hospitals have figured out their own revenue models, and co-development with hospitals is key. Even if validated, not every tech is commercially ready or lowers cost. And employers are far worse than hospitals at buying in because they ultimately look at financial value, even if initially they adopt for other reasons. In addition, the bar moved higher. The new validation standard is now provider-centric–workload, provider satisfaction, and implementation metrics, because meeting clinical outcomes is a given. Mobihealthnews

And still another barrier–data breaches and cyberattack–is still with us, and growing. Quest Diagnostics’ data breach affects nearly 12 million patients. It was traced to an individual at a vendor, American Medical Collection Agency, and it involved Optum360, a Quest contractor and part of healthcare giant Optum. The unauthorized person had access to the network for eight months – between 1 August 2018, and 30 March 2019–and involved both financial and some health records. Quest now is in the #2 slot behind the massive 79 million person Anthem breach, which, based on a Federal grand jury indictment in Indianapolis in May, was executed by a Chinese group in 2015 using spearfishing and backdoors that gathered data and sent it to China. There were three other US businesses in the indictment which are not identified. Securing health data is expensive — and another limitation on the cost-lowering effects of interoperability. Healthcare IT News

Digital Health’s Year, for now, will remain Next Year–and digital health for now will remain fractional, unable to do much to commoditize healthcare or lower major costs.

Hackers hit another Blue Cross, put 10.5 million members at risk (Breaking)

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]BREAKING NEWS This time the data breach is at Excellus Blue Cross Blue Shield, which covers upstate New York (Rochester-Syracuse area). It was discovered by Excellus on 5 August but dated back to 23 Dec 13, and reportedly has compromised members’ names, addresses, telephone numbers, Social Security numbers, financial account information and in some cases sensitive medical information. According to the AP/NBC, it also breached other divisions of Excellus and the corporate parent, Lifetime Healthcare: Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare. The source of the hack has not yet been determined.

Excellus joins fellow BCBS members Anthem [TTA 11 Feb], soon to be merging with Cigna, with 80 million; Premera Blue Cross [TTA 24 Mar] with 11 million, Care First with a ‘bag o’ shells’ 1.1. million [TTA 2 June]. The pattern has been such that the national Blue Cross Blue Shield Association (BCBSA) announced in July that it will offer all 106 million of its members identity protection starting next January. (Note for our mathematicians: Anthem has millions of non-BCBS members) Chinese hackers are suspected in the Anthem breach.

FierceHealthPayer broke the story, in this Editor’s estimation, to the healthcare trade area. Rochester Democrat & Chronicle. Excellus message to policyholders. The NBC/AP report also has a video interview with Eugene Kaspersky of the eponymous anti-virus software (and whose Kaspersky Lab was also a hacking victim earlier this year)

Updated via the Rochester Democrat & Chronicle:  FireEye is becoming the ‘go-to’ security company for health organization breaches–Excellus hired them in the wake of the Anthem breach and they discovered the vulnerability facilitating the breach.

Australian military health data went straight to China: report

[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]The Australian Defence Department confirmed to the Sydney Morning Herald that protected health data of hundreds of Defence Forces personnel went to (guess where!) China. However, as breaches go, this was an easy hack–it was sent by a health contractor, Luxottica Retail Australia, which contracts with manufacturer Tristar Optical in Dongguan, Guangdong province. Those affected included soldiers posted overseas to Afghanistan and special forces commandos who went on to be deployed to Iraq. Luxottica has since lost its contract with principal contractor Medibank Health Solutions. Both Medibank and Defence have had a lot of ‘splainin’ to do with the Government. According to the SMH, “the revelations raised particular concern within the Defence establishment because of China’s extensive involvement in state-sponsored hacking and cyber-espionage, with Beijing showing a particular interest in accessing personal records of government workers in the US.” A ‘twin-spin’ of Data Insecurity: healthcare and military! Hat tip to Malcolm Fisk of Coventry University via LinkedIn updates.