News roundup: 4.3M HealthEquity member data breach, CrowdStrike health fallout, more Congress pounding of VA/Oracle; Flo app now unicorn (UK), fundings for Clarapath, CoachCare; AvaSure buying Ouva

Health savings account (HSA/FSA) provider HealthEquity had a three-month breach that compromised 4.3 million member accounts. The breach originated with an undisclosed third-party vendor, in a pattern that has become familiar. According to HealthEquity’s filing with the Maine attorney general (though HQ’d in Utah), the breach occurred in that vendor’s “unstructured data repository” at HealthEquity, outside of their core systems, after the hacker stole the password out of a vendor user account. Unfortunately for HealthEquity, the hack that started in March wasn’t discovered until 26 June, giving the hacker free rein in that database for three months. What’s surprising is that the breach wasn’t worse.

HealthEquity is a third-party administrator for companies of FSA/HRA, Commuter, COBRA, and Lifestyle plans.

The Maine AG filing states that information stolen may include customer names, addresses, phone numbers, their Social Security number, information about the person’s employer, benefit type, diagnoses, prescription details, the person’s dependent (if any), and some payment card information. With HealthEquity claiming 15 million+ members, the breach affects a substantial 29% of its membership. Actions they are taking are to notify members and provide them with credit monitoring services through Equifax with a reference guide. HealthEquity notification page, TechCrunch, HealthcareITNews

CrowdStrike’s antivirus software update that went waaaay sideways continues its fallout. As most know, it happened when they pushed an update and patch to Falcon, a cloud-based anti-cyber attack product that uses AI to detect intrusions. Well, Falcon’s AI wings were fractured on that 19 July push where testing was apparently lacking. BSOD became their new thing. What made the news was the devastating effect on 8.5 million Windows devices, only about 1%–on Delta Air Lines’ aircraft scheduling and the shutdown of many systems such as 911 and police within cities and states, but apparently a curtain was drawn around the healthcare bed. EHRs were affected at major systems such as Kaiser Permanente, Providence, Henry Ford Health, Nationwide Children’s Hospital, the Dana-Farber Cancer Institute, Mass General Brigham, RWJBarnabas Health, Penn Medicine, and Seattle Children’s Hospital, causing postponements of medical procedures. At Providence, it totaled 15,000 of the organization’s servers, as well as about 40,000 of its 150,000 computers. It was the equivalent of a cyberattack without being a cyberattack. According to industry analyst Parametrix, US Fortune 500 companies (excluding Microsoft) lost a total of $5.4 billion. MedCityNews

With this kind of devastation, it’s no surprise that these companies and the government are rethinking their approach to cloud computing. They’re very concerned about the oligopoly of three providers: Google, Microsoft, and Amazon. Microsoft has 40% of the cybersecurity market with CrowdStrike 15% concentrated in larger organizations.“We’re reaching the point where over-centralization makes us less ‘healable,’ and less resilient,” Robert Thomas, owner of cybersecurity company 180A Consulting said. “We’re losing our resiliency as a nation.”  Systems are still not back up and neither is the CrowdStrike stock. Rumors do persist that they were hacked. Epoch Times   Microsoft also published a recovery tool for IT administrators to expedite the repair process. FierceHealthcare

The House Committee on Veterans’ Affairs Subcommittee on Technology Modernization hearing on 22 July had some further flak-gathering from committee members. Most of the criticism concentrated on the joint MHS/VA rollout at Lovell Federal Health Care Center and the amount of work it required to get the Oracle Cerner EHR to work mostly right. While VA and Oracle leaders insist that Lovell went better than anyone expected, the resources used at Lovell cannot be duplicated at the remaining VA facilities. VA is already facing a $15 billion shortfall for FY 2024 and 2025. The Lovell center had a persistent problem in processing prescriptions, with 60% going unfilled. In member Sheila Cherfilus-McCormick (D-Fla.) words, “I think we are far from ready to endorse further go-live activities. The two departments threw more resources at this go-live than will ever be available at any future VA facility.” Healthcare Dive  Earlier coverage TTA 24 July

The UK women’s health app Flo is now a unicorn. Their Series C of $200m (£156m), funded solely (and unusually) by General Atlantic, put them at a valuation of over $1 billion. Their total funding is $275 million. Two General Atlantic executives will be joining Flo’s board, Tanzeen Syed, managing director, and Jessie Cai, principal. Flo helps users track ovulation and menstrual periods, enabling calendaring of fertility, and monitoring of over 70 symptoms. It also assists with pregnancy health guidance. The raise will be used to expand into new user segments including perimenopause and menopause. Its current base is 70 million monthly active users (MAUs) and close to 5 million paid subscribers. Flo is marketed in 66 countries, including the US, India, Indonesia, and Nigeria, with centers in Lithuania and the Netherlands.  Release, UK Tech News

Funding/M&A wrap:

Clarapath, a medical robotics developer based in White Plains, NY, scored $36 million in a Series B-1 funding round from Northwell Ventures with participation from new investors Ochsner Ventures, CU Healthcare Innovation Fund, and Mayo Clinic. Clarapath automates pathology lab work. Its SectionStar platform sections biopsy tissue with improved accuracy. It is pre-revenue with a total of $75 million in funding. Axios, Mobihealthnews

CoachCare, a remote patient monitoring/virtual health monitoring developer for practices and health systems, added $48 million in an unlettered venture round funding led by Integrity Growth Partners with participation from Topmark Funding. The platform combines software and connected devices with outreach for RPM, chronic care management, and other virtual care for about 150,000 patients. Funding to date is $49 million. It has acquired four companies in the past year: NVOLVE, CareSpan Health, Alertive (formerly part of Carbon Health), and WebCareHealth. Release, Mobihealthnews

Another virtual care company, AvaSure, is acquiring Ouva’s smart hospital room solutions. Ouva has been partnering with AvaSure to supply AI-enhanced care automation technology. The acquisition will expand the ambient AI capabilities of AvaSure’s Intelligent Virtual Care Platform and double in-house AI engineering resources. AvaSure’s primary market is hospitals. Ouva will continue as a separate company with its pediatric and wayfinding business. Cost is not disclosed. Release, HIStalk 7/31

The DOD-MHS/VA Lovell ‘success story’ can’t process 60% of pharmacy prescriptions: House Committee

Here we go again. The Department of Defense’s Military Health System (MHS), the Department of Veterans Affairs (VA), and Oracle have all cited the Captain James A. Lovell Federal Health Care Center in North Chicago as a successful joint implementation. It is the only joint, fully integrated MHS/VA facility, was the only exception to the full pause on Oracle Cerner implementations in going live on 9 March, and so stands alone in complexity and importance. Oracle EVP Ken Glueck, in excoriating Business Insider, pointed to Lovell as a successful implementation to prove It Could Be Done! [TTA 31 May].

Except…except. House Representative Matt Rosendale (R-Mont.), the chairman of the House Committee on Veterans’ Affairs Subcommittee on Technology Modernization, a skeptic from Day One, investigated with other committee members. Several unnerving findings: 

  • “The pharmacy is completely reliant on outside help to operate”. 
  • “The Oracle Cerner pharmacy software functions so poorly that the permanent pharmacy staff can only process about 40% of the prescriptions.”. That means 60% of prescriptions go unfilled.
  • “The Committee staff visited James A. Lovell twice, and the employees are reporting the same frustration, hypervigilance, and burnout that the managers of the other four facilities testified about last September.”
  • 100 new staff have been hired at Lovell, with another 100 on the way.
  • About 800 experienced staff from other facilities and VA’s central office pitched in after the 9 March go-live.

Rosendale, in his opening remarks, expressed great concern that VA Secretary McDonough could realistically resume Oracle Cerner EHRM go-live at any scale, given the Lovell experience. He also noted that “the Veterans Health Administration is facing a $12 billion budget deficit, the financial impacts of the EHR on the organization’s staffing have never been budgeted or seriously reckoned with.” 

His conclusion was strong language: “Veterans and taxpayers deserve to know how large the Oracle Cerner bill truly is. Congress as well as the public need all of the information in order to make an informed decision about whether this is worth it, and whether the inevitable sacrifices are truly justified. Anything less is dereliction of duty.” Hat tip to HIStalk 7/24/24

News roundup: UHG’s cyberattack hit now $2.3B, Senate bill on cyberattacks intro’d, VA’s AI tech sprint awards, AliveCor’s new CPT codes

UHG reported earnings, profit reduced by $1 billion due to Change Healthcare cyberattack costs. On Tuesday 16 July UnitedHealth Group reported Q2 (ending 30 June) earnings of $98.9 billion, up $6 billion or 7% versus Q2 last year. Profit though didn’t move the same way, instead taking a hit at $7.9 billion, down from last year’s $8.1 billion. Despite strong performances in the UnitedHealthcare and Optum units, the drag from the Change Healthcare cyberattack is now estimated at an additional $1 billion from last quarter’s guesstimate, now at $2.3 billion. Also affecting the profit bottom line is inflating healthcare costs that are reflected in rising medical loss ratios (MLRs). Change is also obliged to do the patient notification which will start by the end of this month [TTA 21 June], having already started notifications of hospitals, providers, insurers, and other customers. Release, Healthcare Dive

But hey, now the Senate has a bill to coordinate agencies with the purpose of reducing those darn cyberattacks. The Healthcare Cybersecurity Act, sponsored by Senators Jacky Rosen (D-Nev.), Todd Young (R-Ind.), and Angus King (I-Me.), would direct the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to collaborate on improving cybersecurity. One important change would be creating an HHS liaison within CISA to coordinate incident response specifically for healthcare entities. An earlier version introduced by Sen. Rosen in 2022, S. 3904 (117th Congress), never made it into committee.  Sen. Jacky Rosen release, Healthcare Finance   But aren’t there other agencies involved in cyberattacks and ransomware like the FBI and the Department of Justice? And international agencies like the NCA and Europol since so many come from the darker parts of Europe and Asia? (The devil’s in the details…)

The Department of Veterans Affairs (VA) is taking a modest dip into the AI ocean. The award late last week of pilots for an AI-assisted healthcare dictation tool went to Abridge AI and Nuance Communications. The non-competitive, fixed-price contracts are as a result of the two companies winning the first track of the VA’s AI Tech Sprint which launched last October. The tools are designed to generate transcriptions from ambient recordings of patient encounters within specialty care, mental health care, and primary care settings, as well as integrating into the Oracle Cerner EHR. The notice does not specify start or end date. There is also a second sprint around developing an AI system to process documents generated in patient-provider encounters and other complex medical documents for continuity of care and sharing information with VA providers. FedScoop

AliveCor received CPT codes applicable to the company’s Kardia 12L ECG System. The Category III Current Procedural Terminology (CPT) codes are assigned by the American Medical Association (AMA).  The 12-lead system a few weeks ago gained FDA clearance for the combination of the Kardia 12L ECG System (left), a single cable with five electrodes that acquires 8 high-quality diagnostic bandwidth leads, with their KAI 12L AI-assisted diagnostic technology for clinician use only. The three new codes will be effective 1 January 2025 and will be published in the 2025 CPT Code book. Release

VA sued in Federal court on Oracle Cerner EHR accessibility issues

What you may have missed over the holiday–another one to add to the VA’s Mound of Misery with the Oracle Cerner rollout. The Department of Veterans Affairs (VA) is being sued on the choice of Oracle Cerner as the successor to VistA and its inability to accommodate Federal accessibility requirements. The new EHR apparently does not accommodate assistive technology, such as screen readers that enable the visually impaired to read and direct input on computer screens and thus perform their work. The lawsuit was filed on 21 June in the US Federal District Court for the District of Columbia by Laurette Santos, a clinical social worker at VA’s White City, Oregon, facility.

Ms. Santos is a 10+ year veteran of the VA. In her job as Visual Impairment Services Team (VIST) Coordinator since 2019, she relies on the Job Access With Speech (JAWS) screen reader application. Like the veterans she counsels, she is also legally blind and has been since 1988.  She requires access to the EHR in order to obtain veterans’ histories, determine their needs, and input notes. JAWS converts the screens into spoken words (or Braille output through a connected device) and allows blind users to access and interact with applications using the computer keyboard. In planning for the Oracle Cerner transition in June of 2022, she reported in 2019 that the JAWS screen reader did not work with the new EHR and didn’t even allow her to sign in. At work, she continues to use VistA in a read-write-only format but cannot use Oracle Cerner and must delegate tasks to sighted employees. Bottom line, she cannot independently perform her work whereas previously she was able.

The lawsuit charges that the VA did not ensure that the Oracle Cerner EHR complied with the Section 508 accessibility standards per the contract and that it worked before its implementation. Section 508 has been part of every Federal contract since 1998, when the Rehabilitation Act of 1973 was amended to make electronic and information technology accessible to people with disabilities. Between November 2020 and November 2021, the VA’s Section 508 Office conducted several audits and found the Cerner EHR was inaccessible. The lawsuit alleges that this constitutes ongoing violations of both Section 508 and Section 501 of the Rehabilitation Act; Section 501 prohibits discrimination against individuals with disabilities. Veterans also cannot use features tied into Oracle Cerner as they are non-compliant.

In the lawsuit, Ms. Santos is represented by The National Federation of the Blind and Brown Goldstein & Levy partners Eve Hill and Chelsea Crawford. The VA does not comment on pending litigation. HIT Consultant, Federal News Network

News roundup: VA extends Oracle Cerner for 11 months; Amwell founders swap jobs; Alphabet’s Verily pivots to Lightpath with GLP-1, retiring Onduo; UnitedHealth hasn’t notified on Change breach

To no one’s surprise, the Department of Veterans Affairs (VA) extended its contract with Oracle Cerner for another 11 months. This is per the new contract relationship that started last year, resetting from the original five-year contract that started in 2018 to five one-year terms, with mandatory annual reviews and renewals [TTA 18 May 2023]. Technically, the contract expired in May but VA extended it for one month as discussions continued over the next one-year term. This second option period expiring May 2025, according to the VA release, is focused on the following for the EHR modernization (EHRM):

  • Supporting the existing six facilities with the Oracle Cerner EHR
  • Achieving the goals of the reset and driving towards future deployments
  • Increased accountability across a variety of key areas, including minimizing outages and incidents, resolving clinician requests, improving interoperability with other health care systems, and increasing interoperability with other applications to ensure an integrated health care experience
  • Supporting value-added services, such as system improvements and optimizations
  • Achieving better predictability in hosting, deployment, and sustainment
  • Fiscal responsibility 

The plan is to resume site deployments in FY 2025, likely in year 2025, after reset goals are met. Seema Verma, Oracle Health’s new executive vice president and general manager, said that “VA’s intent to resume deployments in the next fiscal year is a significant milestone that reflects the hard work our collective teams have done to improve the system today, as well as confidence in our shared ability to continually evolve the EHR over time to meet the needs of both practitioners and patients.” NextGov/FCW, FierceHealthcare, Healthcare Dive, Oracle release

Is there much choice for the VA in the matter? Not really. VistA can be updated but remains non-interoperable with the Military Health System’s (MHS) Cerner-Leidos EHR. But can Oracle Cerner be fixed up and debugged to work for VA’s vastly different needs and smoothly deployed within the contract duration? That jury is still out in the view of the VA and Congress.

The Brothers Schoenberg swap positions at Amwell. Roy Schoenberg, MD, MPH, will transition immediately from his role as president and co-CEO to move to executive vice chairman of Amwell’s board of directors. Ido Schoenberg, MD, will become the sole CEO. The brothers co-founded the company in 2006. Ido’s quote closing the release is interesting in demonstrating the shift from investment without profits to getting on the path to profitability:  “This transition represents a natural evolution for our company as we shift from a period of intense R&D investment to an operational focus aimed at achieving greater efficiencies, optimizing cash flow and delivering profitable growth while maintaining our dedication to enabling our clients’ aspirations.” Roy is credited with developing Converge which is their next-generation integrated platform. If Teladoc is finding it difficult to transition from the stand-alone, transactional, urgent care service they and Amwell pioneered, into an evolved market that has incorporated virtual capabilities into multiple types of care models, whither Amwell’s future? More thoughts in TTA 2 May, 9 April

Alphabet (Google)’s once-visionary Verily now jumps on the GLP-1 bandwagon with Lightpath. Verily’s latest pivot to the highly trendy weight loss area is termed as a metabolic solution as part of a “personalized chronic care solution for health plans and members”.  Lightpath will start as Lightpath Metabolic, a four-part program that includes Metabolic Intensive (diabetes management), Weight Loss Intensive, Metabolic Improvement, and Metabolic Achievement. The Verily platform integrates data from health records, connected devices, and other care points to deliver “personalized pathways, suggestions, and nudges to health plan members” virtually along with health coaches and an advanced licensed clinical team. The current virtual chronic care management platform, Onduo, will be retired by 2025.

Once upon a time (2021, sigh), Verily was Google’s skunk works for advanced health tech with Google Health being the marketing and merchandising arm for clinical and consumer products. Google Health was broken up in August 2021 and Verily faded into the Alphabet background with the occasional joint venture and clinical pilots, with Onduo being their most marketable product. Google seems to have little direction for Verily other than to keep it alive. And given the competition plus a greater understanding of the long term effects of the GLP-1 drugs in the weight loss area, the GLP bandwagon is up for a shaky ride in the next year. Release, FierceHealthcare

And very strangely, UnitedHealth Group hasn’t notified Health and Human Services’ Office of Civil Rights (HHS-OCR) about the ransomware data breach at Change Healthcare, nor the individuals affected. The notification to OCR is required under HIPAA to be within 60 days of the date of the incident. UHG is over the deadline by two months, calculating from 21 February. CEO Andrew Witty wilted before double-barreled Senate and House hearings in May and UHG lost a fight to put the notifications for the breach onto providers [TTA 5 June]. Senators Margaret Wood Hassan (D-NH) and Marsha Blackburn (R-TN) sent a joint letter on 7 June to Andrew Witty, CEO of UnitedHealth Group, urging him to send a breach notification letter that notifies OCR, state regulators, Congress, the media, and health care providers that it intends to complete all breach notifications on behalf of all HIPAA-covered entities, individuals and businesses affected, by 21 June. That’s Friday. UHG continues to maintain that they still do not know the extent of the breach. The Medical Group Management Association (MGMA) also sent a letter to Mr. Witty on 12 JuneDon’t hold your breath for UHG sending millions of letters. Becker’s, HealthExec

Oracle’s Q4/FY 23 earnings push Cerner to background, stock price soars on AI deals; 81% of VA clinicals really can’t stand Cerner

Oracle keeps blue side up but disappoints Mr. Market, Cerner results now fall into the background as stock price soars despite misses. Oracle kept it upbeat in reporting its Q4 and FY2023 results this past Tuesday 11 June, and it paid off.

  • Its Q4 revenue of $14.3 billion was up 3%, with Q4 GAAP earnings per share was $1.11 while non-GAAP (adjusted) earnings per share was $1.63.
  • FY23 revenue totaled $53.0 billion, up 6%, with GAAP earnings per share at $3.71, while non-GAAP earnings per share was $5.56. 

Overall results were disappointing for Wall Street analysts. The blue side is that the stock has surged big time with a YTD high yesterday, closing above $140. The secret sauce? New AI-related contracts and demand for Oracle Cloud Infrastructure. On the call and in the release Oracle CEO Safra Catz announced new cloud sales to Google and Microsoft for OpenAI and ChatGPT. OpenAI will run deep learning and AI workloads on Oracle Cloud. Oracle also sold 30 contracts worth $12 billion in Q4.

The surprise on the call for this Editor? The Cerner business will no longer be identified and broken out, which is major league unusual for a specific, large product line. From HIStalk News 6/12/24: CEO Safra Catz said, “I will no longer be breaking out the Cerner business in my results. And even though it will begin to grow modestly throughout the year in both revenue and operating margins, it’s not necessary to break it out anymore because it is now operating in a growth mode.” A way of concealing ongoing bad news? Major hat tip to HIStalk on the earnings call summary, Investors Business Daily, Oracle earnings release

Not that many at the VA, MHS, or elsewhere actually like Cerner. An internal and unpublished survey for the Department of Veterans’ Affairs (VA) by KLAS, obtained by Bloomberg News, reported results for Oracle Cerner, and they were close to disastrous. On the metric “Users who feel the health software enables “high-quality care”, here were the results on positive answers by the doctors, nurses, and other users of Oracle’s EHR:

  • 19% for VA Oracle Cerner
  • 30% for DOD Oracle Cerner (MHS–Ed.)
  • 49% Average US Oracle Cerner
  • 71% Average Epic Systems Customer

That means that 81% of VA users, in the five facilities and offsite center where it’s been deployed, now for over a year and with consultants over it like paint on a brand new car, believe the Oracle Cerner system does not do Job #1 of healthcare–enabling high-quality healthcare. “There is a trend toward improvement, however, most users still indicate a negative experience,” according to VA researchers quoted in the report.

The other big surprise is that 70% of MHS users believe exactly the same. MHS is the ‘success story’ implementation, jointly with Leidos, and now complete. (Ken Glueck, please take note)

KLAS also contrasted this to their existing information for US EHR users. 49% of Cerner US users believe it facilitates high-quality care–contrasting unfavorably with 71% of Epic customers. However, these numbers are not comparable to either the VA or MHS as most hospital systems have been in place for years/decades, and have had abundant time to shape them against system needs plus work out the inevitable ‘bugs’. But the performance of Cerner versus Epic on this metric translates to preference in the small world of healthcare. 

Drilling down into the survey:

  • About 22% of VA respondents said their training on the new system was helpful
  • About 45% said they had received communication about why the VA was moving to the new EHR

The survey was conducted in March-April 2024 as part of VA’s ongoing evaluation of the Oracle Cerner EHR. Responders were 2,000 Cerner EHR users, with a 25% response rate of those solicited. The report was for VA leadership and for Congress. In a response to Bloomberg, Terrence Hayes, press secretary for the VA, said “That’s why we conduct surveys like this: to better understand the experience of our providers in the field, so we can make the EHR better for staff and veterans alike.”

Seema Verma has a long and troubled row to hoe to make this work for VA, MHS, and all Cerner users. Nowhere to go but up. Becker’s

Oracle’s Glueck kicks back hard at Business Insider’s ‘deadly gamble’ article, Epic’s Faulkner (now with additional audio commentary)

Oracle is making great progress at the VA. And they want EHR interoperability. Epic doesn’t. Take that, Business Insider! And Judy Faulkner! Ken Glueck, an EVP at Oracle, authored an Oracle blog post (or at least one written under his name) that has generated much industry controversy. It first goes after Business Insider for daring to criticize the problems on the Oracle Cerner rollout that made it into five (count ’em, five) VA regional systems, calling it a ‘regurgitated story’. It calls the ‘deadly gamble’ headline ‘clickbait’, moves to patting itself on the back for the apparently non-problematic EHR rollout in about 3,900 locations in the DOD-Military Health System (partnering with Leidos), then swerves to stating the obvious in kicking around poor old, outdated VistA that meets very different needs and a massive population at the VA, and ends with a tap dance around the Oracle Cerner EHR problems at the VA citing all the progress that Oracle is making. It builds to a final slam fest, taking a minor quote in the article regarding why Oracle’s Larry Ellison preferred to buy Cerner–a ‘more relaxed approach to data privacy’–and expanding that to hard personal takedowns of Epic and its founder Judy Faulkner.  It then gets personal with BI, depicting the publication as “rooting against us” which he finds “invigorating”.

One can understand the craving for Oracle management to respond to BI. It’s a media outlet that apparently doesn’t have the most friendly relationship with Oracle. (But since when is that a feature of the Fourth Estate?) The article vividly takes Oracle to task, weaving together an accessible story out of dry facts and the many technical failures well documented by the VA, the OIG, and in Congressional hearings. It’s framed in the noble ambitions of Oracle’s founder Larry Ellison to transform healthcare which, in this Editor’s view, are treated sympathetically. The extremely well-read review last week of the BI article notes all, as well as the lack of contrast with the non-eventful DOD-Military Health System’s implementation and why it went largely according to plan, including the joint Lovell MHS/VA EHR. While this Editor tends to cast a gimlet eye at the clichéd mention of ‘transforming healthcare’, she still has some hope that progress in simplification, transparency, better-informed decisions, and truly intelligent assistance that enables human providers to heal their patients will be made in the next decade. And in that, she is on the side of Mr. Ellison as well as most founders and companies in health tech chronicled in TTA’s articles since 2005.

You have to give Mr. Glueck some credit for not holding back on how he really feels. Unfortunately, he was writing a corporate communication even if it was slotted in Oracle’s blog pages. He’s worked in corporate for decades and early in his career in government in the late Senator Joe Lieberman’s (D-CT) office. From the blunt view of a marketer, he should know better. Tone matters. And the frostier the tone, the better. If even a response is needed. Consider: is responding to this a smart move? What are the knock on effects?

In fact, it’s almost a textbook on how not to respond to negative press.

  • The headline sets up a straw man argumentBusiness Insider is not responsible for healthcare modernization, nor conceivably will ever be. It’s a cheap shot. 
  • The overly personal tone, written (one can guess) as he was seething about the BI article, undermines the response.
  • Nearly all of the same points could have been made in a concise, objective, fact-by-fact rebuttal that would be far more powerful in its restraint.
  • It meanders. It’s defensive. It’s easy to read into the Congressional Record or at the next hearing of the Veterans Affairs committee by a House member or Senator who’d like to see Oracle Cerner derailed at the VA. 
  • Where it truly goes off the rails is the personal invective directed at their competition. “…Epic’s CEO Judy Faulkner is the single biggest obstacle to EHR interoperability. She opposes interoperability because it threatens Epic’s franchise.” Mr. Glueck goes further in stating that Oracle enables provider collaboration across silos, while “Epic’s contracts expressly appropriate all patient EHR data as Epic’s own.” This is a fair criticism if true but maybe Epic’s hospital customers like it that way for their own reasons like security.

The blog comes across as barely restrained and defensive, especially versus Epic, the #1 EHR. When your EHR is losing ground to the competition, this is not a good look. It hands Epic another club to beat Oracle with. When your audience consists of professional hospital and practice executives, plus the VA and Congress, who right now aren’t overly happy with your EHR and are firing Oracle or considering it, this is almost guaranteed to backfire. It also gives a provocative article in a small online publication (ask Elon Musk) what Oracle doesn’t want–very long legs and a long shelf life. Plus now, there is even more reason for BI to beat up on Oracle.

Perhaps ignoring it, coupled with a sober internal communication (email/intranet/Slack) on the progress being made with the VA EHR (given that internal comms leak onto Reddit and similar), would have been the best response choices. And what about a conversation with BI? 

Like the old Sicilian saying about revenge, dishes like this should be served cold. 

Some interesting responses to the Oracle blog post are in HIStalk Reader Comments 5-31-24   Also Becker’s

And if anyone at Oracle wants a free tutorial in what not to do to respond to negative press, from the perspective of someone who’s had to deal with it in two industries….donna.cusano@telecareaware.com

Listen to Editor Donna provide extra commentary–a take on this take–on the Ken Glueck blog and this article. Now on Soundcloud (~18 minutes).

News roundup: 100+ medical orgs pile on Change/UHG; Teladoc hit with second class-action suit; Congress demands Oracle EHR improvement–or else; Transcarent intros WayFinding; Centivo buys Eden Health

The fallout from the Change cyberhack hangs like smog over UHG. On Monday, the American Medical Association (AMA), along with about 100 other signatories from nationwide medical associations including CHIME and AHIMA, sent a strongly worded letter to Health and Human Services Secretary Xavier Becerra. It requested a clear delineation of responsibilities for breach reporting requirements created by the 21 February Change Healthcare ALPHV/Blackcat ransomware attack. Reporting is required by HHS’ Office of Civil Rights (OCR) under HIPAA.

Specifically, the AMA letter requested 1) more public clarity around reporting responsibilities to patients for the data breach and 2) that all reporting and notification responsibilities will be handled by Change Healthcare, not the providers. “OCR should publicly state that its breach investigation and immediate efforts at remediation will be focused on Change Healthcare, and not the providers affected by Change Healthcare’s breach”. To date, this doesn’t seem to be OCR’s position.

  • The AMA and signatory organizations maintain that it “is the responsibility of the covered entity which experienced the breach—UHG—to fulfill its obligations in regard to reporting the breach to OCR, notifying each affected individual, as well as any further HIPAA breach reporting requirements that may be applicable, such as notifying state Attorneys General and media outlets.”
  • OCR, on the other hand, has gone on the record in April as stating in their FAQs that “while the covered entity is ultimately responsible for ensuring individuals are notified, the covered entity may delegate the responsibility of providing individual notices to the business associate. Covered entities and business associates should consider which entity is in the best position to provide notice to the individual, which may vary, depending on the circumstances, such as the functions the business associate performs on behalf of the covered entity and which entity has the relationship with the individual.” (Providers can be considered business associates)

In other words, the providers want the full responsibility of contacting patients, state attorneys general, media, and others (e.g. class action lawyers) to be Change Healthcare’s. They do not want to be forced to contact their patients and, in all fairness, at this point do not know which patients were affected because they are not privy to Change Healthcare’s information. UHG has not yet produced a breach report to OCR. AMA letter to Becerra, Healthcare Finance News

When the stock falls, blame the marketing spend! The latest class-action lawsuit filed against Teladoc blames the company for spending money in digital and other media advertising promoting BetterHelp, their telementalhealth unit. The suit cites Teladoc’s public statements such as a “long runway” for BetterHelp’s membership growth and that spending would be inefficient due to the saturated category. Yet spending increased in 2023. The lawsuit charges that this directly deteriorated the company’s revenue, leading to a substantial fall in its stock price. Charged are Teladoc, and at the time CEO Jason Gorevic and CFO Mala Murthy. Stary v. Teladoc Health, Inc. et al., was filed on May 17 in the US District Court for the Southern District of New York. No response yet from Teladoc. Docket on Justia, Mobihealthnews

The House and Senate Veterans’ Affairs Committees jointly introduce legislation on VA’s EHR modernization. The Senator Elizabeth Dole 21st Century Veterans Healthcare and Benefits Improvement Act would require the Department of Veterans Affairs to exercise even greater oversight of the Oracle Cerner implementation in these areas:

  • The quarterly reports to Congress would include additional quality metrics on user adoption, employee satisfaction, and employee retention/turnover where the Oracle Cerner EHR is introduced. This adds to existing required reporting on spending and performance.
  • Regarding additional rollouts, the VA secretary must certify that the sites are ready. He also must furnish corroborating data to Congress “demonstrating that all facilities currently using the Oracle Cerner EHR system have recovered to normal operational levels.”
  • If there is no improvement (presumably to this standard) at Oracle Cerner locations within two years of the bill’s enactment, the program will be terminated.
  • VA must also report on the status of VistA with details about “the operation and maintenance costs and development and enhancement costs” of the software and “a list of modules, applications or systems” within VistA that VA plans to retire or continue to use. 

HIStalk 17 May, NextGov/FCW

‘Not for sale’ Transcarent introduces an AI-assisted platform, WayFinding. The platform designed for end users of Transcarent’s enterprise health navigator combines generative AI with instant access to care providers to integrate benefits navigation, clinical guidance, and care delivery on a single platform. The personalized guidance enables the member to find a provider, find out costs, and guides to the best clinical action to take next. It then connects them to medical professionals or provides direct access into digital point solutions. It integrates information on details of the employer plan, ancillary benefits, the member’s medical history, and connection to clinical specialists. There is no information in the overly padded release on when the new platform will be available or how it will be offered to existing and new customers. This follows on Transcarent’s $124 million Series D funding two weeks ago.  FierceHealthcare, Mobihealthnews, TTA 8 May

Centivo acquires Eden Health virtual care. The purchase price was not disclosed. Centivo, headquartered in Buffalo NY, is  a health plan for self-funded employers. Eden, also providing services to employers, is a concierge provider that offers through a mobile app primary care, mental health, and care navigation services, plus workplace pop-up clinics. Eden also has technology that connects providers’ EMRs to their app. Eden’s services will be fully integrated into Centivo, which will enable it to expand to 50 states and increase from its current 120 employer base to 160. The combined organizations cover about 2 million eligible patients in companies ranging from Fortune 100 size to small businesses. Eden’s CEO will serve as a senior advisor to Centivo, but there is no other indication of employee transition.  Release, FierceHealthcare

Must read: Oracle’s ‘deadly gamble’ on Cerner (new with audio file!)

Larry Ellison’s $28 billion bet on Cerner is drawn and quartered in this Must Read. If any further confirmation is needed that Cerner was the proverbial pig-in-poke for Ellison’s Big Vision of welding all that Cerner EHR data with Oracle’s massive technology, it is right here. Ashley Stewart and Blake Dodge, writing for Business Insider, do a masterful job of painting how badly Ellison and Oracle misjudged what they were getting into with what proved to be Cerner’s “broken and dysfunctional system” that in the VA implementation has been put on hold, with one exception, for a year or maybe more.

What Ellison thought he was buying in 2021 could be summarized by what he said at Oracle CloudWorld in fall 2023. FTA: What if, instead of guesswork, doctors could lean on generative AI to comb through a patient’s medical records, along with those of millions of other patients? With such a massive database, doctors could spot the warning signs of disease faster, reduce the need for trial and error, and make better-informed decisions about treatment. In other words, pump all that massive data into Oracle’s AI models and watch all that data, now going to waste, transform healthcare.

The problem was Cerner itself. Its EHR was not the wonder that Ellison saw circa 2005 when he first approached them and was rebuffed as a Silicon Valley interloper. It had become a system that wore lead boots compared to Epic. In the provider market, it was sinking to a distant #2. But one revelation in the article is that by 2020 Oracle saw Cerner as a must-have. As a smaller system, it was perceived as more interoperable between health systems, providers, and with third parties. Data would be more readily accessible. Pandemic-era relaxations on data sharing further loosened restrictions on access. The looseness appealed to Ellison and Company–and Cerner’s book of business would also help Oracle compete in cloud computing with Amazon (AWS) and Microsoft.

But Healthcare Reality dawned with the first implementations in the VA that started in 2020, a big win that turned into a rolling disaster that led to unknown queues, vanishing prescriptions, records, and appointments, and much more as chronicled here in the past four years, by Congressional investigations, and the VA’s OIG. No, the problems weren’t easily ‘fixable and addressable’ in Mike Sicilia’s (Oracle) words to Congress in hearings shortly after the acquisition closed. In fairly short order, the rollout came to a screeching halt after thousands of Oracle fixes, with only five systems implemented through last June, no end of disasters, patient deaths, and exacerbated illnesses. Other than the Lovell/MHS joint facility March rollout, there will be no further installations planned by the VA until the next fiscal year that starts in October. The most optimistic timeline for resumption is by end of this calendar year. As Congress is making clear, without proof of improved performance par with VistA in the current systems, do not hold your breath for any new ones.

An additional revelation in the article is that over time, VistA had become so customized to each VA medical center that Cerner could never meet those demands expected by the staff. It stopped trying, leading to more dissatisfaction. Perhaps that standardization looks good at the 40,000 foot level, but there were reasons for the customizations based on the veteran population and practice. Things that took two minutes in VistA now took ten in Cerner–if you were lucky. In the closed VistA system, those customizations were passed around other centers and regions–in VA-speak, Veterans Integrated Services Networks or VISNs. (Editor’s note: recalling from one of her former companies, any IT vendor implementing a system VISN by VISN soon learned about each one’s unique demands at multiple levels.)

“Oracle is still learning what they have actually acquired from Cerner,” according to an Oracle executive quoted in the article. The VA has become a ‘shackle’ trapping the Ellisonian Grand Vision of Oracle’s Transforming Healthcare–in time for him to enjoy his victory. Cerner’s slide to a distant #2 has reduced All That Data that made Cerner worth $28 billion, adding to a crushing debt load that this Editor and others noted in 2022. Layoffs and freezes haven’t made much difference, but have led to the loss of experienced Cerner support. The VA failures and drain of resources to fix it, the vacuum in support, and technical problems have led to, in a Providence system executive’s words, the perception that Cerner is ‘circling the drain’. And perception becomes reality. Health systems are choosing the costly route of moving now rather than later. The article mentions two major systems defecting to Epic, Intermountain and UPMC, but they are only two out of the 12 that announced in 2023. 

The narrative succeeds in bringing together many threads, but most of all in bringing to life the dry facts of Cerner’s many patient failures in the VA, including the individual deaths from the unknown queues [TTA 18 Mar 2023] and the human story of the Two Charlies–Charlie Bourg (himself affected by the unknown queue) and Charlie Monroe, both veterans near Spokane’s Mann-Grandstaff VA medical center. They advocate for veteran patients affected by the Cerner EHR’s many flaws.

One of the flaws not mentioned is Cerner’s odd lack of concentration on training criticized by Congress in 2023 [TTA 19 Apr 2023]. Another sequel or extension to this article could delve into the DOD-Military Health System’s implementation, a Leidos-Cerner project that has had few of the reported problems of Cerner Millenium in the VA. This was quoted by a former VA official as a ‘terrible decision’ that knocked onto the VA in implementing into a much larger and more complex healthcare system. Hat tip to HIStalk 5/22/24

Editor’s Closing Note: A wise doctor told me once that most errors in practice are made at the beginning and at the end of one’s career. In business, your Editor has seen this parallel happen time and time again. Even the smartest of chairmen and CEOs, when they stay too long at the fair, often make poor decisions. Is it age? Illness? No one left with the courage to tell them no, this is a bad move, this isn’t working? I think of the last years of Centene’s leader Michael Neidorff, 25 years in leadership, ousted by an activist shareholder. Mark Bertolini of Aetna, shoved aside from the merger with CVS he engineered. Frank Lorenzo, who created the biggest airline combine ever, Texas Air Corporation. Even legends like Larry Ellison at 79 may not be what they were. In attempting to capstone his storied career, and with the best of intentions in transforming the broken, dysfunctional healthcare system, has he made a gamble that could bring Oracle to its knees?

Listen (for the first time!) to Editor Donna read this article with extra asides and comments (plus a small flub or two). Now on Soundcloud.

Our view from last week: Is Oracle Health’s Big Vision smacking into the wall of Healthcare Reality? Their business says so. 

Midweek news roundup: Optum exiting telehealth, laying off; Advocate Health selling MobileHelp; VA notifying 15M veterans re Change PHI breach, Oracle moving to Nashville–maybe? (updated)

Optum Virtual Care closing, staff layoffs in progress. Optum Everycare CEO Jennifer Phalen on an 18 April internal conference call announced that the unit would close. According to sources, some employees would have layoff dates in July. No further details were available on other layoffs or plans for integrating Virtual Care’s capabilities into other Optum units, except for generalities. “We are com­mit­ted to pro­vid­ing pa­tients with a ro­bust net­work of providers for vir­tu­al ur­gent, pri­ma­ry and spe­cial­ty care op­tions,” and “We con­tin­u­al­ly re­view the ca­pa­bil­i­ties and ser­vices we of­fer to meet the grow­ing and evolv­ing needs of our busi­ness­es and the peo­ple we serve.” a spokesper­son for Unit­ed­Health said to End­points, a biopharma publication from the University of Kansas which broke the story.

For Optum, this is the second shoe drop about layoffs and closures in less than two weeks. Reports from social media and layoff-specific boards indicated that thousands were being laid off, from their plans to urgent care and providers [TTA 23 Apr]. These were not confirmed by Optum nor by UnitedHealth Group. It’s not known if this unit’s closure was included in the total. 

The larger picture is that it is symptomatic of the sudden growth, then equally sudden consolidation, of general telehealth. Optum opened the unit in April 2021 as the pandemic entered year 2. Utilizing existing capabilities, UHG claimed it facilitated more than 33 million telehealth visits in 2020, up from 1.2 million in 2019. The number looks sky high but in that time of practices closing it was a free-for-all in telehealth–and ‘facilitating’ is a nebulous catchword that could mean a practice using Facetime, telephones, or an EHR/population health platform module. Commercial claims for telehealth have remained at 4 to 5% since (FAIR Health, Jan 2024). Even during the pandemic’s first year, telehealth claims hit a peak of 13 percent in April 2020 that dropped fast to 6% by August 2020. Well over 60% are for behavioral telehealth claims.

A leading indicator: Last June, Optum Everycare’s CEO from their 2021 start, Kristi Henderson, a former Optum SVP for digital transformation, departed to become CEO of Confluent Health, a national network of occupational and physical therapy clinics. It was about as far away as one could get from telehealth, digital transformation, and Amazon Care, her former employer that expired in 2022.

Apparently, UHG and Optum see no further need for a virtual care specialty unit, instead integrating it into plans and other Optum services. According to MedCityNews, industry analysts aren’t surprised. Both Amwell and Teladoc have had well-known struggles. The latest: Walmart, after investing millions into their unit that included full clinics and a virtual care service, also made news on 30 April that it is closing both. Also greatly on UHG’s mind: cleanup after the Change debacle, making Mr. Market happy, and the looming antitrust action by DOJBecker’s, Healthcare IT News, 

In another sign that healthcare investors are selling off ancillary businesses, Advocate Health is selling PERS provider MobileHelp. It “no longer fit the strategic priorities of Advocate Health” according to their 22 April audit report (see document pages 10 and 13) and was authorized last December.

Advocate, through its investment arm Advocate Aurora Enterprises, acquired both MobileHelp, one of the earliest mobile PERS, and sister company Clear Arch Health, a remote patient monitoring provider, in April 2022. Cost was not disclosed at that time but later was reported to be $290.7 million. The plan at the time was to combine both MobileHelp and Clear Arch with a senior care/home health provider earlier acquired by Advocate for $187 million, Senior Helpers. That company was sold in March to Chicago-based private equity firm Waud Capital Partners for an undisclosed amount. The MobileHelp sale is expected to close later this year. Buyer and price are not disclosed. The expected loss on the MobileHelp sale was figured into FY 2023 as part of an asset impairment write-down of $150 million, which Advocate said was “related to the expected loss on the sale of MobileHelp.” The PERS and RPM business is a largely consolidated ‘cash cow’ type of business that (Editor’s prediction) will be snapped up by another player like Connect America, Alert One, or a smaller player like ModivCare. Milwaukee Business Journal, Becker’s, Crain’s Chicago Business (requires subscription)

VA admits that some veterans may be affected by Change Healthcare data breach, PII/PHI disclosure. While Department of Veterans Affairs Secretary Denis McDonough at this time believes that “there’s no confirmation yet” that veteran data was exposed, the scope of the Change Healthcare breach has led VA to formally alert via email 15 million veterans and their families of the possibility. The email also included information “about the two years of free credit monitoring and identity theft protection” that Change Healthcare is offering to those affected by the attack. The VA maintains that the attack resulted in only a temporary delay in filling 40,000 prescriptions but did not cause “any adverse impact on patient care or outcomes,” according to a department spokesman. NextGov/FCW 26 April, 23 April 

In related news, HHS as of 19 April had not received any notification from Change Healthcare nor UHG. They are required to file a breach report as providers and also as covered entities. They have 60 days from the breach occurrence on 21 February to report, which is coming right up. Becker’s

If Larry said it, it must be true…assemble the moving boxes. At an Oracle conference in Nashville last week, Oracle chairman Larry Ellison said to Bill Frist of investment firm Frist Cressey Ventures that he planned to move the company to that city as “It’s the center of the industry we’re most concerned about, which is the healthcare industry.” It’s their second public Larry and Billy meetup in the last few months, the last in November at the Frist Cressey Ventures Forum where Ellison had previously touted Nashville. Ellison is investing in and building a 70-acre, $1.35 billion campus on Nashville’s riverfront. Oracle is currently HQ’d in Austin, Texas having moved in 2020 from Redwood City, California but with extensive facilities remaining in the state. Texas and Tennessee have one thing in common–a superior business climate. Both are long on lifestyle, though Austin is not as temperate (read, hot) as Nashville. What Nashville has that Austin doesn’t is being a healthcare hub. At least in Ellison’s view, healthcare is where it’s at and so is Nashville. So as long as he’s running Oracle from his manse on Lanai, Oracle does what Larry says. Healthcare Dive, Healthcare IT News, The Tennessean

More fun facts about Larry Ellison and Nashville: David Ellison, his son, is founder of Skydance Media, a major Hollywood production company (Mission: Impossible and others) and negotiating a zillion-dollar merger with Paramount Pictures. David’s wife is a singer trying to make it in Music City and they have a home there. Kind of like the age-old trend of moving the HQ near where the CEO’s living. On moving the HQ to Nashville from Austin, this would affect perhaps 2,500 workers based there currently. Most of Oracle’s workers are dispersed and work remotely. 6,400 of former Cerner-ites are still in Missouri and 7,000 remain in California. Big hat tip to HIStalk—scroll down and see more about Larry and Billy’s talk, which also covered cybersecurity, the NHS (which uses Cerner), and automating hospitals and the hospital-payer interface.

Short takes: VA seeks vendor to support EHR testing; Defense Health seeks ‘digital front door’ vendor; GAO recommendations to Oracle; Nonin partners with Finland’s Medixine; Lumeris gains $100M equity funding

VA needs support for testers of the Oracle Cerner EHR. Formally, this is called the Independent Enterprise Testing and Support Services Contract for the Department of Veterans Affairs. This will support the testing community overseen by the VA Electronic Health Record Modernization (EHRM) Integration Office Program which is part of the transition/deployment to the Oracle Cerner EHR. The IETSS covers project management, test and evaluation support, testing and technology support, test systems engineering and implementation support and test process, and quality management support. As is typical of Federal/VA contracts, it is a hybrid firm-fixed-price and time-and-materials contract with a 12-month base period of performance, four 12-month options, with an optional transition support period at the end of the period of performance. Responses are due by 3 May. ExecutiveGov, contract/application details on SAM.gov

The Defense Health Agency (DHA) wants to build a ‘digital front door’ for health services. Partnering with the Defense Innovation Unit (DIU) at the Pentagon, what’s required is creation of a “technology-enabled framework” in a “new model for delivering care’ integrated with or replacing their current system and that “removes administrative, cognitive and repetitive burdens from the workforce.” This can be supplied by a single vendor or a team of vendors. The change areas are patient experience, provider-supported technology in the health ecosystem, and data management support. NextGov/FCW, DHA press release  The Digital Front Door Plus solicitation with details has a response due by 1 May

The US Government Accountability Office (GAO) has recommendations coming out of their ongoing user satisfaction study of MHS Genesis that impact the joint MHS/VA implementation at the MHS Genesis Lovell FHCC implementation. This went live in March. The recommendation for the VA side is that “the Secretary of Veterans Affairs should direct the Federal EHR Modernization Office to identify and address specific barriers to maximizing integration at the FHCC, consistent with the FHCC executive agreement.” GAO report summary

Shifting away from government work…

Finnish health tech company Medixine is expanding its partnership with Nonin’s med monitors. Medixine will be co-developing with Nonin Medical remote digital monitoring services for patient diagnoses of chronic conditions. The first usage combines the Medixine monitoring platform with Nonin’s pulse oximetry devices in areas such as sleep screening using overnight sleep oximetry. This can determine if patients need and qualify for supplemental oxygen or require further testing for sleep apnea in a single night’s test. Medixine release

 

Lumeris completes a $100 million equity capital raise. The 2 April round announced on Monday was led by lender Deerfield Management and new investor Endeavor Health. Also participating were existing investors Kleiner Perkins, Sandbox Industries, BlueCross BlueShield Venture Partners, and JDLinx (an investment company owned by John Doerr). Total funding now tops $325 million (Crunchbase). Lumeris describes itself as a care strategy, technology, and operations provider for large provider groups to manage all value-based populations, including Medicare Advantage, traditional Medicare, commercial, and Medicaid. The new funding will support expanded partnerships with health systems and physician groups to move them into value-based care models. Mobihealthnews, release

News roundup: VillageMD sued on Meta Pixel trackers; Cerebral pays $7.1M FTC fine on data sharing, cancellation policy; VA may resume Oracle Cerner implementation during FY2025; Epic-Particle Health dispute on PHI sharing

It’s all about personal health data–sharing, bad sharing, and bad transfers in this roundup.

VillageMD takes another hit, this time on Meta Pixel ad tracker issues. A class-action lawsuit filed on 10 April charges VillageMD (formally Village Practice Management Company), via its Village Medical website, of using the Meta Pixel ad tracker for disclosing user-protected health information (PHI) and other identifiable information generally classified as PII. This included visitors to their website villagemedical.com seeking information and patient users of Village Medical’s web-based tools for scheduling and the patient portal. The lawsuit by a “John Doe”, a patient since January 2023 resident in Quincy, Massachusetts but brought by three Midwest law firms in the US District Court for the Northern District of Illinois, states that VillageMD used trackers that transferred this personal information to Meta Networks’ Facebook and Instagram, as well as other third parties like Google, for use in targeted advertising, in violation of HIPAA and other regulations. The lawsuit seeks 1) an injunction stopping Village Medical from using ad trackers and 2) monetary redress via damages–actual, compensatory, statutory, and punitive for the entire affected class. The suit also alleges that VillageMD violated its own internal procedures. Crain’s Health Pulse, Healthcare Dive

Readers will recall that in June 2022, STAT and The Markup published a study and follow-ups on Meta Pixel and ad tracker use by healthcare organizations. Ostensibly, the ad trackers were there to better track website performance and to tailor information for the patient [TTA 17 June, 21 June 2022], but they sent information to third parties that violated HIPAA and privacy guidelines. Ad trackers were also monetized. Meta blamed the health systems [TTA 16 May 2023] for misuse though they used the data for ad serving.  Congressional hearings, FTC, and DOJ followed later in 2022 and 2023. Multiple class action lawsuits against providers large and small have ensued. Providers have pushed back on FTC and HHS rules on ad trackers, stating the restrictions hamper their ability to build better websites based on customer usage and to serve individuals with useful information. 

Another ‘oversharing’ company, troubled telemental Cerebral, whacked with $7.1 million FTC fine on disclosing consumer information via ad trackers plus ‘negative option’ cancellation policy. The proposed order for a permanent injunction filed by the Department of Justice (DOJ) and docketed on 15 April has to be approved by the Federal District Court for the Southern District of Florida. The fine for the company only penalized the following:

  • Cerebral released 3.2 million consumers’ information to third parties such as practices, LinkedIn, and TikTok. This included PHI and PII such as names, medical histories, addresses, IP addresses, payment methods including insurance, sexual orientation, and more. Even more outrageously, they also used the mail for postcards that had sensitive information such as diagnosis printed on them. The insult on injury was that Cerebral failed to disclose or buried information on data sharing to consumers signing up for their ‘safe, secure, and discreet’ services. Cerebral now has to restrict nearly all information to third parties.
  • Cerebral also set up their service cancellation as a ‘negative option’ cancellation policy, which in reality meant that it was renewed indefinitely unless the customer took action to cancel. It was not adequately disclosed in violation of the federal Restore Online Shoppers’ Confidence Act (ROSCA). Then Cerebral made it extremely difficult to cancel by instituting a complex procedure that required multiple steps and often took several days to execute. They even eliminated a one-step cancel button at their then-CEO Kyle Robertson’s direction. The order requires this to be corrected including deleting the negative option.
  • Former employees were not blocked from accessing patient medical records from May to December 2021. It also failed to ensure that providers were only able to access their patients’ records.

Cerebral’s settlement with the FTC and DOJ breaks down to $5.1 million to provide partial refunds to consumers impacted by their deceptive cancellation practices. They also levied a civil penalty of $10 million, reduced to $2 million as Cerebral was unable to pay the full amount. The decision and fine do not cover charges to be decided by the court against the former Cerebral CEO Robertson due to his extensive personal involvement in these practices. Those have not been settled and apparently were severed from the company as a separate action (FTC case information). Since 2022, Mr. Robertson has consistently blamed company management and investors for pushing for bad practices such as prescribing restricted stimulant drugs. Cerebral countersued him for defaulting on a $49.8 million loan taken in January 2022 to buy 1.06 million shares of Cerebral common stock. More to come, as the order also does not address other Federal violations under investigation, such as those under the Controlled Substances Act.  FTC release, FierceHealthcare  

VA to possibly resume Oracle Cerner EHR implementation at VA sites before the end of FY 2025, even if not in budget. During House Veterans’ Affairs Committee hearings on FY 2025 and 2026 budgets, VA Secretary Denis McDonough last Thursday (11 April) said that the VA intends to resume deploying the Oracle Cerner EHR as part of VA’s Electronic Health Records Modernization (EHRM) before the end of FY 2025. As Federal years go from October to September, FY 2025 starts October 2024 and ends September 2025. When asked if VA plans to maintain the “program reset” as they termed it in April 2023 for all of FY25, Secy. McDonough said that “we do not.”However, there is no budget allocated for additional implementations in either FY. The plan is to use carryover funding.

Oracle Cerner’s Millenium EHR was implemented at five VA locations before suspending in April 2023 for a massive re-evaluation which involved reworking systems such as the Health Data Repository which created critical scheduling and pharmacy problems detailed by the Office of Inspector General (OIG)  [TTA 28 Mar]. The joint VA and MHS/Genesis Lovell FHCC implementation, which went live in March, is not included.  NextGov/FCW, Healthcare Dive

And in another dispute about data sharing, leading EHR Epic cut off requests made by some Particle Health customers, expressing concern about privacy risks. Particle Health is a health data exchange API platform for developers. Both Epic and Particle are part of Carequality, a large scale data exchange group that connects 600,000 care providers, 50,000 clinics, and 4,200 hospitals to facilitate the exchange of patient medical records On 21 March, Epic filed a dispute with Carequality that some of Particle’s users “might be inaccurately representing the purpose associated with their record retrievals.” and stopped responding to some Particle Health customer queries. This has now degenerated into a ‘who said what‘ dispute, with Particle and their CEO alleging that Epic implied that it completely disconnected Particle Health and its customers from Epic’s data, while Epic has said that after a review by its 15-member Care Everywhere Governing Council, they flagged three companies who were using Particle’s Carequality connection to access data not related to patient care or treatment. There’s also a larger concern being brought up by providers on the use of these mass data exchanges for fraudulent extraction of data or use that would violate HIPAA guidelines. FierceHealthcare, CNBC, Becker’s, Morningstar

Short takes: PocketHealth, Brightside fundings; VA OIG reports hit Oracle Cerner; Change cyberattack/legal updates; UHG-Amedisys reviewed in Oregon; Optum to buy Steward Health practices

It’s a relatively quiet week before the Easter holiday, with a few fundings, more drama at the VA around Oracle Cerner, updating Change Healthcare’s comeback, and the continuing scrutiny around UnitedHealth’s acquisitions:

PocketHealth garners a US$33 million Series B. The Toronto-based company markets an AI-assisted platform to health systems and providers that allows patients to access their medical imaging and reports as well as for providers to easily share imaging information. The funding was an all-equity round by Round13 Capital with participation from Deloitte Ventures, Samsung Next, and existing investors Questa Capital and Radical Ventures to bring total funding since 2020 to $55.5 million. The fresh funding will be used to grow further within the US and Canada and develop new platform functions. Patients have access to three platforms:  Report Reader to explain medical terms in the patient’s report, Follow-Up Navigator for follow-up imaging recommendations, and MyCare Navigator to equip patients with relevant, personalized questions to ask their doctor. The platform is available in 775 hospitals and imaging centers across North America and is used by more than 1.5 million patients.  PocketHealth release, Mobihealthnews

Brightside Health moves to a Series C of $33 million. This round for the telemental health company was led by S32, along with Kennedy Lewis, Time BioVentures, and Anne Wojcicki (Redwood Pacific) with existing investors ACME, Mousse Partners, and Triventures. Total funding since 2018 is $114 million. Brightside provides telemental health through payers in 50 states such as CareOregon, Blue Cross and Blue Shield of Texas, and Centene. The new funding will be used to expand into the usual new markets and offerings. Trip Hofer, who was former CEO of Optum Behavioral Health Solutions and now with .406 Ventures, will join the Brightside board of directors. Their most recent moves are expansion into Medicare and Medicaid programs for psychiatry, therapy, and their Crisis Care program for individuals with elevated suicide risk. Release

The Department of Veterans Affairs Office of Inspector General (OIG) released three reports last Thursday (20-21 March) that were sharply critical of the new Oracle Cerner EHR. While Oracle Cerner Millenium operates in only five VA locations, not including the joint MHS/Genesis Lovell FHCC, each one has been problematic from training to implementation–and are on hold. The OIG reports available here on the Electronic Health Records Modernization (EHRM) are scathing on the EHR’s scheduling and pharmacy features leading to patient safety and staff usability issues.

  • At VA Central Ohio Healthcare System (facility) in Columbus and elsewhere, this led to inaccurate medication and allergy information transmission from new EHR sites to legacy EHR sites that staff and pharmacists had to work around to provide adequate safety checks.
  • Also at VA Central Ohio, the Cerner EHR system error in 2022 led to a patient’s missed appointment since it was not routed to a queue to prompt rescheduling efforts. Subsequently, a nurse practitioner never evaluated the medication refill request, nor did a psychologist evaluate mental status and critical clinical information. The veteran patient died by accidental overdose approximately seven weeks after that missed appointment.
  • Regarding future implementations, the OIG was specific on what had to be fixed on both: “These concerns include the need for additional staffing and overtime to meet or exceed pre-deployment appointment levels, displaced appointment queue functionality, challenges related to providers and schedulers sharing information, inaccurate patient information, difficulties changing appointment type, and the inability to automatically mail appointment reminder letters. At facilities currently relying on the EHR, these issues have resulted in inconsistent workarounds and additional work, increasing the risk for scheduling errors.” 

Healthcare IT News, Healthcare Dive, EHR Intelligence, TTA 22 Feb

Change Healthcare’s systems are gradually returning. Since our last update on 14 March, UnitedHealth Group confirmed that 99% of pharmacy network services were up and running–and that they have fronted $2 billion to providers. Separately, they launched workaround software for medical claims preparation.

  • On 15 March, the electronic payments platform was restored.
  • On 20 March, UHG restored Amazon Web Services. It was backed up from Assurance, a claims and remittance management program, and claims clearinghouse Relay Exchange.
  • Relay Exchange went back online by 24 March to begin processing $14 billion in medical claims.

But on the legal and Federal fronts, UHG will be keeping its legal department busy. Starting the week of 11 March, the first class action lawsuit was filed by a women’s health practice in Albany, MS–Advanced Obstetrics & Gynecology PC. Another class action suit was filed on 18 March by Gibbs Law Group on behalf of providers to be named. Patients who have had compromised PII and PHI will be next from the 4 or 6 terabytes of payer information held by ‘notchy’ and other affiliates from the BlackCat/ALPHV masterminded attack as this is confirmed. Expect these to multiply like weeds in May. HIPAA Journal  And the American Hospital Association, Senators and House Representatives are jumping all over Health and Human Services (HHS) to ensure that payments are made to Medicare, Medicaid, and Medicare Advantage plans–as well as calls for investigating UnitedHealth. Becker’s, FierceHealthcare

As expected, UHG’s acquisition of Amedisys home health is running into more opposition at the state level. In this case, it’s the Oregon Health Authority (OHA) that will be conducting a full review. The Department of Justice (DOJ) has been investigating the acquisition on antitrust grounds almost since it was announced in June 2023. Shareholders approved the $3.3 billion buy the following September, but it has not closed. UHG’s plan is to merge it into Optum’s home health providers Contessa Health and LHG Group, creating a home health juggernaut. As noted earlier this month when DOJ announced a further antitrust probe of UHG around the UnitedHealth plan relationships with Optum services, “DOJ has a long memory, a Paul Bunyan-sized ax to grind, and doesn’t like losing. One wonders if now UHG has buyer’s remorse after fighting for two years to buy Change.” (And winning versus DOJ!) Fierce Healthcare

Yet UHG goes on buying providers, DOJ scrutiny or not. Optum is bidding for Steward Health Care’s Stewardship Health practices over nine states. For-profit Steward, headquartered in Dallas, needs to raise funds as it is in debt overall and facing major problems in Massachusetts, with several hospitals at risk of closure. In any case, the company wants to exit the state. A purchase price was not announced. The transaction is under review by Massachusetts’ Health Policy Commission (HPC) over the next 30 days. The Stewardship transaction would add to OptumCare’s total of 90,000 physicians–10% of US physicians, a number that is raising red flags on the state and Federal levels. FierceHealthcare, WBUR

News roundup: Cerner goes live at VA, DOD Lovell Center; WebMD expands education with Healthwise buy; Dexcom has FDA OK for OTC glucose sensor; Centene may have buyer for abandoned Charlotte HQ

In news other than Walgreens and Optum/Change Healthcare–with more to come out of HIMSS in Orlando this week…

The DOD/VA Cerner EHR went live on Saturday 9 March in the Capt. James A. Lovell Federal Health Care Center (Lovell FHCC), right on scheduled time. This EHR which will serve both active duty service members in the Military Health System (MHS) and veterans through the VA is being watched closely. While MHS Genesis has been rolled out in most military health facilities in the US and overseas, the VA’s has stalled at five. As of now, Lovell is the only VA implementation planned for this year and its functionality and interoperability with MHS is under a microscope. Training has been intensive and VA reports having made many changes from the earlier implementations. The MHS Genesis team from DOD have also been a key part of the training.

VA has shown improvement with no full outages in 300+ days and with the nagging smaller incidents greatly reduced. But the VA’s deputy inspector general reported significant and dangerous faults in the Oracle Cerner Millenium medication record system only last month to the House Subcommittee on VA Technology Modernization [TTA 22 Feb]. While the fixes are in effect in the five VA locations with Millenium, Genesis at Lovell will not have them yet.

Lovell FHCC is located in north Chicago, has a combined DOD/VA staff of 3,200, and serves 75,000 patients per year: 25,000 veterans, over 10,000 TRICARE enrollees, and 30,000 Navy recruits from Great Lakes with a 300-bed main facility and clinics in the Chicago area. Federal News Network

WebMD buys health education developer Healthwise. The company’s patient education assets including content and technology that integrate into care management platforms for both health systems and payers will become part of WebMD Ignite, which was formed last April to unite Krames, also in health education, Mercury Health data analytics, Wellness Network videos, Vitals provider scheduling, in addition to Medscape and WebMD. According to the release, the combination of Krames and Healthwise will reach 650 healthcare organizations, comprising more than 50% of hospitals in the U.S. and 85% of the top 20 payers, which is a dominant market share with limited other competition such as Wellframe, owned by HealthEdge. Transaction cost, surviving name, and management/staff transitions were not disclosed.

Healthwise is unusual in that it was formed as a non-profit in Boise, Idaho in 1975. In the 2024 Best in KLAS Report, Healthwise was ranked first in health education for value-based care. While the education assets are being sold to WebMD, the non-profit will go on, according to Healthwise. Healthcare IT News (Editor’s disclaimer: Donna was a consultant for Krames on marketing projects during 2021-22, prior to Ignite.)

WebMD is also integrating into Ignite personalized medication instructions from First Databank (FDB)’s Meducation through WebMD Ignite’s Krames On FHIR platform. It will then go into prescribers’ EHRs and patient portals. FDB release

Dexcom receives FDA clearance for Stelo, the first over-the-counter (OTC) continuous glucose monitor cleared in the US. Like the prescription version, the biosensor attaches to the arm to monitor blood glucose without skin penetration and connects to a Dexcom phone app. The sensor is the same as the prescription Dexcom G7, with a battery life of about 15 days. Stelo was cleared for use by adults 18+ who have Type 2 diabetes but not on insulin therapy–over 25 million people in the US. Release is scheduled for online-only release this summer as a cash-pay purchase (cost not disclosed), with insurance reimbursement TBD over the next few years. Mobihealthnews, Healthcare Dive

Centene may be close to selling its ‘dream’ Charlotte, North Carolina headquarters building. The now near-complete 800,000-square-foot building in Charlotte’s University City would have been Centene’s East Coast HQ. It was planned by the previous CEO in 2020 to be the center of a campus with over 6,000 employees, 3,200 to be hired locally. The plan was abandoned in August 2022 due to a shrinking office-based workforce primarily in St. Louis with some in plan locations throughout the country. Cushman & Wakefield is marketing the building with word being that a single company is interested in purchase. New Class A space is reportedly relatively rare in Charlotte, though the vacancy rate in the immediate area is at 25%. There is also undeveloped land on the site that has attracted interest from a locally active multifamily developer, although that would require a rezoning. Centene purchased the land in 2020 for $19 million, not including a separate 51-acre parcel purchased later in 2020. In addition to reducing its real estate pattern, Centene has also been reducing its staff with two 2,000-person layoffs in 2023, one in the summer and the second in December.  Charlotte Business Journal, Becker’s

Mid-week roundup: Cotiviti’s $10.5B stake to KKR; Cigna buys back $3.2B shares; VA Oracle Cerner faulty med records; LockBit ransomware websites cold-busted at every level, principals indicted; Trualta partners with PointClickCare

Investor KKR announced their buy of a $10.5 billion stake in healthcare analytics Cotiviti. The stake comes from Veritas Capital, creating an equal share of ownership. The recapitalization will be used for commercial expansion, new product development, and technology-related opportunities. It is expected to close subject to regulatory approvals in Q2 this year. According to Axios and Bloomberg, it is financed by a $5 billion leveraged loan sale launched last week, with a $4.4 billion floating rate term loan led by JPM and a $600 million fixed rate term loan led by Goldman Sachs. This is Veritas’ second attempt to exit. While money is leaking back into private equity deals, the new trend is to finance them with more cash than debt. Cotiviti release

Cigna, having sold off its Medicare Advantage plans for $3.7 million to HCSC, is repurchasing $3.2 billion in stock (7.6 million shares) through agreements with Deutsche Bank and Bank of America. Cigna’s plan remains to repurchase $5 billion of common stock over H1 2024 after ending merger talks with Humana. FierceHealthcare, Cigna release

VA warned about faulty medication records in the Oracle Cerner Millenium EHR. The culprit is in the Health Data Repository, according to a government watchdog. David Case, deputy inspector general for the VA, reported at a House Veterans Affairs Committee Technology Modernization Subcommittee meeting last week, that while VA had no reports of harmful drug interactions, Case had at least one instance of a veteran not given a critical medication for adrenal insufficiency, leading to a near-disastrous outcome. The VA has also not informed the 250,000 veterans with prescription records in the Oracle Cerner system that the records may have errors.. In the VA facilities that have Oracle Cerner, providers, pharmacists, and frontline staff must perform complex manual medication safety checks to replace automated checks.

The Oracle Cerner rollout has been put on hold till summer this year–maybe [TTA 1 Nov 23]. At this hearing, Mike Sicilia of Oracle did show up and attributed the problems in the HDR to multiple systems being involved from VistA and other EHRs, into Oracle Cerner. However, after 10 separate fixes, the most recent software update had a similar data issue during final testing and was quickly pulled. Military.com

A victory versus ransomware. Updated. The LockBit ransomware group has been cold-busted “at every level” by the UK, US, and international law enforcement. According to the Department of Justice release and other sources, the UK’s National Crime Agency’s (NCA) Cyber Division led Operation Cronos, working in cooperation with the Justice Department, Federal Bureau of Investigation (FBI), and other law enforcement agencies worldwide. They seized numerous public-facing websites and domains used by LockBit to connect to the organization’s infrastructure along with servers used by LockBit administrators. Russian nationals Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, were indicted in the US District Court of New Jersey in Newark, charged with deploying LockBit against numerous victims throughout the United States. Sungatov was also indicted in the Northern District of California. According to Europol, “Two LockBit actors have been arrested in Poland and Ukraine at the request of the French judicial authorities. The French and US judicial authorities have also issued three international arrest warrants and five indictments.” LockBit’s ‘heart’ is of course in Russia, where nearly all cybercrime is located–they are free to operate there as long as they don’t target anything in RU. Cybernews

Trualta partners with PointClickCare for family caregiver education and support. PointClickCare is a leading EHR for long-term and post-acute care (LTPAC) providers. Trualta provides educational resources to support family caregivers when a patient is discharged through logging in to the resource site, with the ability to access articles, videos, and modules that cover a variety of care topics including preparing for discharge, transitioning from hospital to home, and life after discharge.  Trualta’s information will be offered through PointClickCare’s Marketplace. A recent study by Trualta of caregivers using their materials found that 30 days of Trualta use can decrease annual unexpected hospital visits among care recipients by 20%. Trualta release

Mid-week short takes: Ireland’s HealthBeacon bought by Hamilton Beach (!), Ambience AI raises $70M, VA to develop VR mental health app with Mynd Immersive

Dublin’s HealthBeacon PLC has been sold to Hamilton Beach Health. HealthBeacon is an app platform/device/injection care management system that integrates with patient support programs to remind them to inject their medications on schedule. Since its formation in 2021, Hamilton Beach Health has marketed the HealthBeacon Smart Sharps Bin in the US. HealthBeacon was founded in 2013, currently has 50 employees and operates in the UK, Europe, North America, and Australia. Acquisition cost was not disclosed, but HealthBeacon’s current investors over 10%, according to their investor page, are Cantor Fitzgerald Ireland Client Nominees Limited, Oyster Capital Investments Limited, James Joyce (CEO), and Canaccord Genuity Wealth Management.

Kieran Daly, a co-founder of HealthBeacon, will run day-to-day operations reporting to Rob George, VP of Hamilton Beach Brands, now Global General Manager. This Editor had surprisingly never heard that Hamilton Beach, associated more with kitchen appliances, had a Health division among the mixers, electric kettles, and garment steamers. Release

Ambience Healthcare raised a healthy $70 million Series B. It was led by Kleiner Perkins and OpenAI Startup Fund. Ambience Healthcare is (naturally) in the hot healthcare AI sector with four applications (soon to be five) described as an ‘operating system’ for the end-to-end patient journey through nearly all specialties and integration with six major EHRs. Current deployments are with UCSF, Memorial Hermann Health System, John Muir Health, The Oncology Institute, GI Alliance, Midi Health, and Eventus WholeHealth. Results claimed are reduction in documentation time by an average of 78%, improvement in coding integrity, and at least a 5X return on investment. Release

VA to develop VR extended reality (XR) mental health app with Mynd Immersive. Mynd’s market has generally been in senior and post-acute care as a digital therapeutic using the HTC Vive VR glasses and programming ranging from speech, cognition, and behavioral therapies to recreation and pleasant distraction. Mynd is used by the VA in 100 long-term care facilities across the country. The new VA/Mynd partnership is targeted to Vietnam veterans to provide them with virtual journeys created specifically for Vietnam veterans via a project titled “Virtual Vietnam: A Path to Peace.” As this generation is now reaching their senior years, old conditions such as PTSD and new ones such as isolation occur, reviving or exacerbating Vietnam War memories. The Virtual Vietnam project is a three-year cooperative research and development agreement. Healthcare IT News, VA/Mynd release  TTA 9 Nov 23 on Mynd’s recent study on effectiveness with Stanford University’s Virtual Human Interaction Lab.