Weekend news roundup: GE Healthcare spins off, adds CTO; Allscripts now Veradigm; NHS Brainomix AI stroke trial success; Withings home urine scanner; Careficient buys Net Health EMR; CommonSpirit’s class action suit on data breach

January 7, 2023 | by

GE Healthcare now trading on its own. On Wednesday, GEHC rang Nasdaq’s traditional opening bell virtually on its first day of trading Wednesday (4 Jan). The bell ringing was unique as the first company in Wisconsin to do so from their plant in Waukesha. GE retained approximately 19.9% of the outstanding shares of GE HealthCare common stock with the remaining 80.1% distributed to current GE shareholders. Today it closed at $58.95 and remains headquartered in Chicago. (It moved from Amersham UK back in 2016.) Management is now independent, with Peter Arduini as CEO and adding yesterday a new chief technology officer, Taha Kass-Hout MD, MS, from Amazon’s health AI area to lead the company’s new science and technology organization through their four areas: Imaging, Ultrasound, Patient Care Solutions, and Pharmaceutical Diagnostics. Release, Yahoo Finance  Also Mobihealthnews

Remember back in 2019 when problematic EHR Practice Fusion was renamed Veradigm? Allscripts has now renamed the entire company as Veradigm, after expanding it to analytics and research. After two years of reorganizing and downsizing (plus paying off Practice Fusion fines), selling off their hospital/large practice EHRs to Constellation Software/N. Harris Group for $700 million last May, the slimmed-down Veradigm Network encompasses electronic health records, practice management systems, and patient communication platforms. Interestingly, a search first leads you to a main corporate website under Allscripts and doesn’t forward automatically to Veradigm, making this a softer-than-usual name change. Now Veradigm can pick up a few companies on the market, as they announced last year. Release    Hat tip to HISTalk

NHS using Brainomix AI to diagnose stroke faster, tripled near-full recoveries to 48%.  The key finding: patients diagnosed using AI made near full recoveries increased from 16 to 48%. The trial of e-Stroke Suite took place in 22 hospital trusts in England across 111,000 suspected stroke patients. The AI in the e-Stroke Suite cut average diagnosis to treatment time by an hour from 140 to 79 minutes. The AI technology was developed by UK company Brainomix. Daily Mail, Oxford Academic Health Science Network case study (Note: Oxford AHSN, Brainomix, and Royal Berkshire NHS Foundation Trust (RBH) are partners in the National Consortium of Intelligent Medical Imaging (NCIMI).)

Withings is debuting the U-Scan, an in-home urinalysis device, at CES. The 90 mm device sits in the toilet bowl and uses cartridges to analyze urine components, sending results to the Withings Health Mate app. Cartridges for Europe so far are Cycle Sync for menstrual period tracking and ovulation windows, and Nutri Balance for hydration and nutrition. Nutri Balance analyzes specific gravity, pH, vitamin C, and ketone levels. The U-Scan will debut in Europe at the end of Q2, with the U-Scan starter kit priced at €499.95.  Both await FDA clearance. Withings U-Scan page, Mobihealthnews

Careficient buys Net Health’s home health/hospice EMR. Careficient already is present in the home health, hospice and home care cloud EMR market. Net Health is selling its home health, hospice, home care and palliative solutions EMR, marketed under HealthWyse and Hospicesoft, as well as its revenue cycle management (RCM) division, to concentrate on wound care and rehabilitation therapy. This expands Careficient’s client base by 750 locations in 39 states. Transaction cost was not disclosed. Release

Add to the cost of hacking multiple class action lawsuits. CommonSpirit Health, based in Chicago and the second largest health system in the US covering 21 states under CHI and Dignity Health names, not only has to remedy a massive 600,000 patient data breach discovered last October [TTA 3 Dec], but also fight a class action lawsuit filed 29 December by a patient in the US District Court for the Northern District of Illinois. Financial, health insurance, and medical information were all breached. The suit requests damages exceeding $5 million and injunctive relief, including stronger data protection practices. It will be the first of many as a quick search indicates multiple law firms seeking claimants. FierceHealthcare, WGNRadio

Weekend review: FDA clears Apple Watch ‘AFib History’, OS9 adds health features; Amwell’s new CMO; 2M records breached at New England provider, largest this year

June 10, 2022 | by

Apple Watch adding first-ever ‘AFib History’ in watchOS 9 software release. Announced 6 June, Apple received their FDA 510(k) clearance for this new feature which adds on to the existing ECG app and irregular rhythm notification. The History feature includes an estimate of how frequently a user’s heart rhythm shows signs of atrial fibrillation, including additional weekly notifications to understand and track this on a printable PDF. According to their release, users can view a detailed history in the Health app, including lifestyle factors that may influence AFib, like sleep, alcohol consumption, and exercise, which can be downloaded and printed.

Other health-related features on the watchOS9 release include:

  • Medications app for managing medications, vitamins, and supplements, including a medications list, schedules and reminders, and directly view medication information in the Health app
  • Sleep Insights, an add-on to the existing sleep tracking that informs users of sleep stages. Using signals from the accelerometer and heart rate sensor, it will detect and track when users are in REM, core, or deep sleep.

Apple release 6 June, FierceHealthcare

Amwell names new chief medical officer. Carrie Nelson will be working with payer and provider organizations in care delivery from Amwell’s new platform, Converge. In addition, she will be heading up the Amwell Medical Group, their clinical partner. Dr. Nelson was formerly Advocate Aurora Health’s senior vice president and CMO for Population Health and Health Outcomes, where she was also chief clinical officer for Advocate Physician Partners, their value-based care physician group. Amwell is transitioning practices from its prior platforms and needs to maintain their presence with both groups as many are finding alternative telehealth systems. Amwell release, Healthcare Dive

And what week wouldn’t be complete without a massive healthcare data breach? The leading event so far this year took place over two weeks in March at 60 healthcare facilities affiliated with Massachusetts-based Shields Health Care Group. While it was only 7 to 21 March and discovered 28 March, apparently the quaintly-titled ‘unknown actor’ was able to compromise data. The investigation by Shields and Federal and state regulators is ongoing as to what data was accessed and taken; to date, there is no evidence to indicate that any information from this incident was used to commit identity theft or fraud. The difference in breaches between now and the past is how rapidly it’s discovered.  Shields Health notice, Healthcare Dive

Digital health: why is it a luxury good in a world crying for health as a commodity?

June 5, 2019 | by

Why digital health still struggles to find its stride. Those of us in the healthcare field, especially Grizzled Pioneers, have been wondering for the past decade why Digital Health’s Year is always Next Year. Or Next Decade. 

Looking back only to 2000, we’ve had 9-11, a dot-com bust, a few years in between when the economy thrived and the seed money started to pollinate young companies, a prolonged recession that killed off many, and now finally a few good economic years where money has flooded into the sector, to good companies and those walking the fine line of mismanagement or fraud. We’ve seen the rise/fall/rise of sensors, wearables, and remote monitoring, giants like Google and Microsoft out and back in, the establishment of EHRs, acceptance by government and private payers, quite a bit of integration, and more. All one has to look is at the investment trends breaking all records, with funding rounds of over $10 million raising barely a notice–enough to raise fears of a bubble. Then there’s another rising tide–that of cyberattack, ransomware, insider and outsider hacking.

Is it this year? It may not be. Despite the sunshine, interoperability holds it all back. Those giant EHRs–Cerner, Epic, Athenahealth, Allscripts–are largely walled gardens and so customized by provider application that they barely are able to talk to their like systems. There are regional health exchanges such as New York’s SHIN-NY, Maryland’s CRISP, and others, but they are limited in scope to their states. The VA’s VistA, the granddaddy of the integrated system, died of old age in its garden. Paul Markovich, CEO of Blue Shield of California cites the lack of interoperability and being able to access their personal health data as a major barrier to both patients and to the large companies who want to advance AI and need the data for modeling. (China and its companies, as we’ve noted, neatly solve this problem by force. [TTA 17 Apr]) Apple is back in with Health Records, but Mr. Markovich estimates it may take 10 years to gather the volume of data it needs to establish AI modeling. Some wags demand that Apple buy Epic, as if Epic was up for sale. BSC, like others, is testing interoperability workarounds like Notable, Ooda Health, and Manifest MedEx. Mr. Markovich cites interoperability and scaling as reasons why healthcare is expensive. CNBC

And what about those thriving startups? Hold on. During the Google Cloud/Rock Health 3 June event, one of the panelists–from Partners HealthCare, which works both side of the street with Pivot Labs–noted that hospitals have figured out their own revenue models, and co-development with hospitals is key. Even if validated, not every tech is commercially ready or lowers cost. And employers are far worse than hospitals at buying in because they ultimately look at financial value, even if initially they adopt for other reasons. In addition, the bar moved higher. The new validation standard is now provider-centric–workload, provider satisfaction, and implementation metrics, because meeting clinical outcomes is a given. Mobihealthnews

And still another barrier–data breaches and cyberattack–is still with us, and growing. Quest Diagnostics’ data breach affects nearly 12 million patients. It was traced to an individual at a vendor, American Medical Collection Agency, and it involved Optum360, a Quest contractor and part of healthcare giant Optum. The unauthorized person had access to the network for eight months – between 1 August 2018, and 30 March 2019–and involved both financial and some health records. Quest now is in the #2 slot behind the massive 79 million person Anthem breach, which, based on a Federal grand jury indictment in Indianapolis in May, was executed by a Chinese group in 2015 using spearfishing and backdoors that gathered data and sent it to China. There were three other US businesses in the indictment which are not identified. Securing health data is expensive — and another limitation on the cost-lowering effects of interoperability. Healthcare IT News

Digital Health’s Year, for now, will remain Next Year–and digital health for now will remain fractional, unable to do much to commoditize healthcare or lower major costs.

Hackers hit another Blue Cross, put 10.5 million members at risk (Breaking)

September 9, 2015 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]BREAKING NEWS This time the data breach is at Excellus Blue Cross Blue Shield, which covers upstate New York (Rochester-Syracuse area). It was discovered by Excellus on 5 August but dated back to 23 Dec 13, and reportedly has compromised members’ names, addresses, telephone numbers, Social Security numbers, financial account information and in some cases sensitive medical information. According to the AP/NBC, it also breached other divisions of Excellus and the corporate parent, Lifetime Healthcare: Lifetime Benefit Solutions, Lifetime Care, Lifetime Health Medical Group, The MedAmerica Companies and Univera Healthcare. The source of the hack has not yet been determined.

Excellus joins fellow BCBS members Anthem [TTA 11 Feb], soon to be merging with Cigna, with 80 million; Premera Blue Cross [TTA 24 Mar] with 11 million, Care First with a ‘bag o’ shells’ 1.1. million [TTA 2 June]. The pattern has been such that the national Blue Cross Blue Shield Association (BCBSA) announced in July that it will offer all 106 million of its members identity protection starting next January. (Note for our mathematicians: Anthem has millions of non-BCBS members) Chinese hackers are suspected in the Anthem breach.

FierceHealthPayer broke the story, in this Editor’s estimation, to the healthcare trade area. Rochester Democrat & Chronicle. Excellus message to policyholders. The NBC/AP report also has a video interview with Eugene Kaspersky of the eponymous anti-virus software (and whose Kaspersky Lab was also a hacking victim earlier this year)

Updated via the Rochester Democrat & Chronicle:  FireEye is becoming the ‘go-to’ security company for health organization breaches–Excellus hired them in the wake of the Anthem breach and they discovered the vulnerability facilitating the breach.

Australian military health data went straight to China: report

August 7, 2015 | by
[grow_thumb image=”https://telecareaware.com/wp-content/uploads/2015/02/Hackermania.jpg” thumb_width=”150″ /]The Australian Defence Department confirmed to the Sydney Morning Herald that protected health data of hundreds of Defence Forces personnel went to (guess where!) China. However, as breaches go, this was an easy hack–it was sent by a health contractor, Luxottica Retail Australia, which contracts with manufacturer Tristar Optical in Dongguan, Guangdong province. Those affected included soldiers posted overseas to Afghanistan and special forces commandos who went on to be deployed to Iraq. Luxottica has since lost its contract with principal contractor Medibank Health Solutions. Both Medibank and Defence have had a lot of ‘splainin’ to do with the Government. According to the SMH, “the revelations raised particular concern within the Defence establishment because of China’s extensive involvement in state-sponsored hacking and cyber-espionage, with Beijing showing a particular interest in accessing personal records of government workers in the US.” A ‘twin-spin’ of Data Insecurity: healthcare and military! Hat tip to Malcolm Fisk of Coventry University via LinkedIn updates.

Healthcare vulnerability in a concatenation of data breaches

June 2, 2015 | by

Concatenation is one of those lovely English words that express far more than its simpler synonyms: sequence, series or chain of events. Perhaps we have experienced that concatenation of data breaches which connect and demonstrate a critical mass that motivate healthcare organizations, including insurers, to ensure that data security and privacy gets primacy in HIT. Our Readers know we’ve been on the case since 2010; we’ve been noting Ponemon Institute and ID Experts studies since then.

While simple, straightforward theft can be the cause of smaller breaches and not part of a Big Hack, it’s not as Three Stooges or Benny Hill-esque as perhaps the JAMA study earlier this year made it out to be, especially if it’s your personal record, or your patient’s, which is breached, identity and financials damaged. (See this Security Intelligence article on a minor health breach and how it affected an individual who happens to be in IBM’s security arm.)

Just in the past few weeks, in the US we have experienced the following major and minor breaches:

  • CareFirst BlueCross BlueShield in Maryland–an insurer, not a hospital or practice–had a Big Hack of 1.1 million health records, with names, birth dates, email addresses and insurance identification numbers (but not SSI or credit card numbers) revealed.
  • Beacon Health Systems (Indiana) had a phishing attack into employee email boxes dating back to 2013. This was a Medium Hack that affected about 220,000 patients. Data taken included SSI and driver’s license. Health Data Management today.
  • Advantage Dental in Redmond, Washington had a 152,000 patient hack during three days in February.
  • Also in February, a New York City Health and Hospitals Corporation employee transferred patient files to her personal and new work email. 90,000 patients may have compromised data as a result. Becker’s

More breaches are listed today in iHealthBeat and the ever-growing list on Privacy Rights Clearinghouse.

Ponemon Institute’s 2015 Cost of a Data Breach Study: Global Analysis, with IBM, was published last week. (more…)

News highlights for Friday

February 6, 2015 | by

AnthemHealth didn’t encrypt, Blueprint Health collects, HealthSpot funds again, Sense4Baby goes to Europe, Apple Health pilots in hospitals and buddi gets bigger still.

Another hack attack claimed major US health insurer AnthemHealth, the former WellPoint. It’s estimated that 80 million of its customers, former customers and employees had data breached: names, addresses, dates of birth, emails, employment information, income, medical IDs and SSIs. The Wall Street Journal reports that Anthem didn’t encrypt data for analytics reasons. It’s unconfirmed where the hackers originated but Bloomberg’s latest report tags the usual Chinese state-sponsored suspects. Unusually, it was reported within days of discovery; Anthem has called in Mandiant (FireEye) to beef up its cybersecurity. Other reports: WSJ, Modern Healthcare….The Blueprint Health accelerator has a new initiative, the Collective. It is designed to pair up major healthcare providers and payers with startups and early stage companies. So far signed up are Aetna, AstraZeneca, HP, Montefiore, North Shore LIJ, New York-Presbyterian, Samsung, EmblemHealth, Philips and Razorfish Healthware. More information here….The HealthSpot Station telehealth/telemedicine kiosk is readying a $11.6 million funding round from four investors soon, based on (more…)

Staying up at night with telemedicine (and telehealth)

June 19, 2013 | by | 1 Comment

Our readers have many things which keep them up at night, including that extra taco, but René Quashie of leading healthcare/life sciences law firm Epstein Becker Green adds a few more to the list. While muddling telemedicine (remote consults) with telehealth (vital signs tracking and monitoring), he outlines the legal pitfalls (and consequences) that both are facing: non-compliance with state prescribing and licensure laws (physical examination requirements); lack of highly developed protocols and guidelines (liability exposure); lack of greater coverage and reimbursement by payers (low credibility=low/no pay); HIPAA compliance in privacy and security (lack of protection against unauthorized data access). However, how many of these have already experienced accomodation by state regulators, or have started to modify to follow regulations?  Awake yet? This is only Part 1. Things That Should Keep the Telehealth Community Awake at Night (Part 1) (TechHealth Perspectives/EBG blog) Hat tip to reader Ellen Fink-Samnick of Ellen’s Ethical Lens.

VA networks breached from overseas; 20 million records affected (US)

June 19, 2013 | by

Department of Veterans Affairs IT systems have been breached since 2010 by eight ‘nation-state-sponsored organizations’, affecting records of 20 million veterans, according to recent testimony in hearings held earlier this month by the House Veterans Affairs Oversight and Investigations Subcommittee. While the normal ‘hack’ is due to theft or an inside job for financial gain, these likely have a far more sinister nature. According to former VA Chief Information Security Officer Jerry Davis (now at NASA), the attacks continue from these countries, and according to Subcommittee Chairman Rep. Coffman, may include China and Russia. Testimony and evidence also revealed that those responsible for informing Secretary Shinseki may have understated the problem. The VA has certainly been taking its lumps with a Magic 8 Ball of late, with a derailed joint EHR project with the Department of Defense and wrangling on who’s leading integration [TTA 3 April; iHealthBeat]. VA Systems Hacked From AbroadWas VA Secretary Misled About Breaches? (HealthcareInfoSecurity)

Healthcare data breaches show 25% fraud risk: study

April 30, 2013 | by

For healthcare institutions, that data breach can really cost. Javelin Strategy & Research has been tracking the cost of data breaches, including healthcare, for the past ten years. Using its data across all their industries tracked (data here), the threat of identity fraud as of 2012 is up to 1 in 4, from 1 in 9  in 2010. In commenting on the big breach last year at the Utah Department of Health (780,000 records, TTA 22 Dec), a Javelin spokesperson has made some news by estimating the additional fraud cost at $406 million–and that is in addition to the estimated $9 million that the state has spent on security audits, upgrades and credit monitoring for victims.  Hackers seem to be more targeted than ever, but often even simple precautions are not taken–in Utah, the factory password to the server was never changed. A cautionary note–no, symphony–to developers and to HIT departments. Healthcare IT News, Salt Lake Tribune, Javelin release

Could iris scans be a solution? Biometrics makers, such as Safran, Fujitsu, AOptix Technologies and M2Sys Technology, are finding new customers in hospitals and large providers. HCA Holdings, the largest US for-profit hospital chain, is testing Eye Controls’ system at their private clinics in London. Medical ID theft is also a problem in the UK, with ‘shame-based theft’ (to conceal an illness) and private billing the given reasons. Iris scanning units cost about $200-300–a moderate cost. According to the World Privacy Forum, iris scanning will rule out hacking, but not ‘inside jobs’–progress of a sort. But an open question is how this integrates into current EHRs. Iris Scans Seen Shrinking $7 Billion Medical Data Breach (Bloomberg)  Editor’s note: The Gimlet Eye is…envious.