Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Study: Scribes Have Positive Financial Impact

Posted on May 22, 2015 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Many hospitals, and some larger medical practices, have been using scribes to capture medical documentation within EMRs — leaving the provider free to make old-fashioned eye contact with patients.

Using the scribe might sound like a crude workaround to techies, but it’s been a hit with emergency department doctors, who prefer to focus on their brief, critical encounters with patients rather than the hospital’s expensive toy.

While it was clear from the outset that doctors loved having a scribe to support them, there’s been scant evidence that the scribe was anything other than an added cost.

A recent study, however, has concluded that at least from a Case Mix Index standpoint, scribes can have a meaningful impact on a hospital’s revenue.  The study, which evaluated the use of scribes between 2012 and 2014 across a group of hospitals, concluded that the scribes save money and boost patient-doctor communication.

The study, which was designed to capture the impact of medical scribes on a hospital’s CMI, linked Best Practices Inpatient Care Ltd. with Advocate Good Shepherd Hospital, Advocate Condell Medical Center and hospitalist-specific medical scribes from ScribeAmerica LLC.

Kicking things off to a good start, ScribeAmerica and Best Practices put scribes through a jointly-developed course that emphasized workflow, productivity and accurate inpatient documentation. The researchers then tallied the results of using trained scribes over a two-year period in the two hospitals.

From 2012 to 2014, researchers found that for both Advocate Condell Medical Center and Advocate Good Shepherd Hospital, CMI values climbed after medical scribes came on board.  Advocate Good Shepherd’s CMI grew by .26 and Condell Medical’s CMI rose .28. These are pretty significant numbers given that a CMI growth of 0.1% typically translates to a gain of about $4,500 per patient. In this case, the hospitals gained roughly $12,000 per patient.

These findings make sense when you consider that using scribes seems to have served its purpose, which is to be extenders for providers who’d otherwise be hunched over an EMR screen.

Researchers found that inpatient physicians at the two hospitals studied were able to cut time spent on chart updates by about 10 minutes per patient on average. This profit-building effect is enhanced by the fact that scribes often get discharge summaries prepared immediately, rather than within 72 hours as is often the case in other hospitals.

That being said, it should be noted that the study we’ve summarized here was co-written by the CEO of Best Practices, which clearly invested a lot of time and effort training the scribes for the specific tasks important to the study.

Still, the study does suggest, at minimum, that scribes need not necessarily be written off as an expense, given their capacity for freeing providers for billable clinical activity. Ideally, IT vendors will develop an EMR that doctors actually want to use and don’t need an intermediary to work with effectively.  But until that happy day arrives, scribes seem like they can make a difference.

The Hospital With No EMR

Posted on May 20, 2015 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

This weekend, feeling a bit too ill to wait to see my PCP, I took myself to a community hospital in my neighborhood. For various reasons, I went to a hospital I don’t usually visit, one about 10 miles away from my home.

When I entered the emergency department lobby, nothing seemed amiss.

In fact, the light-filled, pleasantly-constructed waiting room was comfortable and modern, the staff seemed bright and knowledegeable, and the triage nurse saw me promptly.

But I got something of a surprise when I checked in with the triage nurse during my initial assessment. Noting that she had not taken my medication history, I told the nurse that I assumed someone would be entering it into their EMR later.

“We don’t have an EMR,” said the kind and sympathetic triage nurse apologetically. “Everything is still on paper. We might have an EMR in a year or so, but we’re not even sure about that.”

As it later turned out, she was mistaken. The hospital did indeed have an EMR in place, one by MEDITECH, but had put all new upgrades on hold, leaving the clinical staff to do almost all documentation on paper.  Regardless, the staff didn’t have access to the higher capabilities of an EMR, and that’s the message that the triage nurse had gotten. (And no one ever did take my list of medications.)

Now, it’s not necessarily the case that this hospital had no grasp of its data. In fact, to my surprise, the front desk was able to tell me that I had been seen there in 2002, something of which I had no memory.

But it’s hard to imagine that the very long wait I endured, which took place in the attractive lobby of a quiet, prosperous suburban hospital, was not due in part to the hospital’s lack of automation. It should be noted that within the next several months to a year, the chain to which the hospital belonged expects to bring the hospital I visited onto its Epic platform. But again, the staff was stumbling around in the dark, comparatively speaking, the day I visited the ED.

Now, hospitals survived on paper documentation for many years, and there’s no reason to think this one won’t survive for a year or so using paper charts. What’s more, it may very well be that the real problem this hospital faced had to do with patient mix and staffing concerns. I did note that many of the patients coming in seemed to be seeking weekend primary care, for which the hospital may not have been as prepared as it should have been.

That being said, an EMR is not just a clinical tool. Put coldly, it’s an instrument of industrial automation which can keep patients moving through the assessment and discharge process more quickly and effectively.

I’m not saying the facility needs to have a fully-launched marquee EMR just to impress patients like myself. In fact, postponing expanding the Epic EMR for a while may be a great financial decision, and from an IT standpoint, better to roll the Epic system out at a sustainable pace than throw it at an unprepared workforce.

But watching nurses and doctors record details on endless sheets of paper, and struggle to track down paper charts for acutely ill patients, was a harsh reminder of what the industry has left behind.

Erlanger Health System Takes A Chance On $100M Epic Plunge

Posted on May 11, 2015 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

The seemingly eternal struggle between EMR giants Cerner and Epic Systems has ended in another win for Epic, which was the final choice of Chattanooga, TN-based Erlanger Health System. The health system’s CEO, Kevin Spiegel, who said that Cerner had been its other finalist, announced last week that Erlanger would spend about $100 million over 10 years for the Epic installation.

Erlanger, a four-facility public hospital system with about 800 total beds, is an academic medical system and serves as a campus of the University of Tennessee College of Medicine. The system also partners with UT to operate the UT Erlanger Physicians Group, a 170-member multispecialty practice.

The health system, which fell in financial trouble in 2012, only recently saved itself and positioned itself for the massive Epic investment. It closed out FY 2014 with $618M in total operating revenue and $18M in operating income.

Erlanger’s turnaround is all well and good. But that being said, these numbers suggest that Erlanger is making something of a gamble by agreeing to an approximately $10M a year health IT investment. After all, the health system itself concedes that its return to financial health came in large part due to $20 million in new Medicare and Medicaid funding from CMS, along with new funding from the state’s Public Hospital Supplemental Payment Pool. And politically-obtained funds can disappear with the stroke of a pen.

The risky nature of Erlanger’s investment seems even more apparent when you consider that the system has an aggressive building plan in place, including a new orthopedic center, a $68M expansion of one of its hospitals, a 100,00 square foot children’s & women’s ambulatory center and a new health sciences center. Particularly given that Erlanger just completed its turnaround last year, does it make sense to squeeze in Epic payments alongside of such a large capital investment in infrastructure?

What’s more, the health system has a bond rating to rehabilitate. Faced with financial hardships in 2013, its bond rating was downgraded by Moody’s to a Baa2 and the system’s outlook was rated “negative.” By 2014, Erlanger’s had managed to boost the Moody’s outlook to “stable,” in part due to the influx of state and federal funds obtained by Erlanger execs, but the Baa2 rating on its $148.4 million in bond debt stayed in place.

While I imagine the hospital will realize a return on its Epic spending at some point, it’s hard to see it happening quickly.  In fact, I’d guess that it’ll be years before Erlanger’s Epic install will be mature enough to be evaluated for ROI, given the level of effort it takes to build a mature install.

In the meantime, Erlanger leaders may be left wondering, from time to time at least, whether they really can afford their expensive new EMR.

GE Phasing Out Centricity Enterprise, To Some Surprise

Posted on April 22, 2015 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Conceding that its competitors have the upper hand, GE is phasing out its Centricity Enterprise product, informing the world in a #HIMSS15 announcement which has gotten little play from our tech media colleagues.  As we’ve argued before, HIMSS is not only a great time to announce big plays, it’s also a great time to bury unpleasant news, and GE seems to have succeeded.

Not surprisingly, employees saw things coming long ago. More than a year ago, for example, a 10-year-plus employee of GE Healthcare called the vendor out on what they saw as low-wattage efforts on company rating site Glassdoor.com. The ex-employee cited a “lack of resources to deliver a good EHR product, [causing] a strong customer base to choose other EHR vendors.”

It’s little wonder that GE is backing out of Centricity Enterprise, which according to a report in MedCity News generated only 5 percent of its EMR revenue, according to Jon Zimmerman, general manager of clinical business solutions. “Is it in the best interest of our customers, shareholders and employees to (be) in a market where competitors are clearly ahead, or should we recognize the situation and go to where the market is going?” Zimmerman told MedCity.

But the fact is, Zimmerman’s comments are somewhat disingenuous. At HIMSS, the company admitted that it had begun the process of dumping Centricity Enterprise three years ago, though it’s not clear how long ago it began to let customers know about its plans. For example, I doubt that Continuum Health Partners CIO Mark Moroses, who as of summer 2013 was moving his organization to the Centricity enterprise EMR, expected to have it phased out less than two years later.

It’s worth wondering why a player with GE’s resources seemingly couldn’t hack the enterprise market. But the problem isn’t new. As far back  as 2011, GE was forced to admit that some of its ambulatory and enterprise customers wouldn’t be able to achieve Meaningful Use with their products. That was probably the beginning of the end for the Enterprise product, which ranked either fifth or sixth in the market recently depending on who you asked. But with Epic alone controlling 15% to 20% of the enterprise EMR market of late, and Cerner hot on its heels, giving up probably was a reasonable response.

The real question is what comes next. If Glassdoor.com posters are any indication, GE Healthcare is prone to frequent strategic changes as management shifts, so who knows what the future holds for its ambulatory Centricity EMR?

At the moment,  it seems that GE is firmly behind its ambulatory product. And that makes sense. After all, physicians are decommissioning their existing EMRs at a frantic rate, and are eager to find substitutes, and that gives GE plenty of sales opportunities. With 70% of physicians unhappy with their EMR, according to a study announced in February of last year, it should be easy pickins.

But given the way GE may have fumbled the ball on the enterprise side, I’d want some proof that leaders there had a long-term commitment to ambulatory care. Practices have a hard enough time finding EMRs that work for them; having to switch for reasons that have nothing to do with them makes no sense.

Tips for Community Hospitals at #HIMSS15

Posted on March 10, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Many in the healthcare IT community like me, are in full on HIMSS 2015 preparation mode. As I mentioned yesterday, it’s the biggest part of my spring conference schedule. If you’ve never been to HIMSS, it’s about 1200 vendors and close to 30,000 people all interested in healthcare IT.

Needless to say it’s a massive event and it’s really easy to get swallowed up in all the hustle and bustle of HIMSS. As we get closer to the event, I want to share some tips on how to get the most out of such a huge event, but I was really interested by this blog post by ICE Technologies that focuses on tips specifically for community hospitals that are attending HIMSS. Here are their 4 community hospital tips at HIMSS:

  1. It’s A Chance To Get Current. You’re inundated with your day-to-day tasks and demands. Sometimes you don’t even get a chance to read the latest Health IT news, understand the new EHR upgrade coming out, or make time for a demo of the latest piece of technology that you need. At HIMSS, all of the Health IT news, system vendors, new product demos, and more are at your fingertips. With 1200+ vendors and 300 education sessions, you definitely gain a broad perspective of the health IT industry, giving you a chance to soak in knowledge and evaluate how it all applies at your hospital.
  2. It’s a Place to Think About Your Hospital’s Health IT Future. HIMSS is a place to go to see the future of healthcare IT, which can be a huge benefit to planning and being ready for what is coming next.
  3. A Guide Through HIMSS

  4. It’s the Candy Store for Health IT Geeks. The Exhibit Hall is a way for a person to see, touch and hear a lot of different options that are available in the market to solve problems. You can see and experience things that just can’t be found on a website. For instance, let’s say you are looking for a BYOD (bring your own device) solution. Go to the HIMSS conference and you can see 5 options and hear the pitch from each vendor in a single afternoon. So, if you are anticipating a purchase of a new technology in the next year or so, it’s a perfect place to explore.
  5. Don’t Go It Alone.  HIMSS can be overwhelming.  There are so many solutions and products at HIMSS and some of it is so futuristic, it’s hard to see how it applies to your community hospital today.  So, how do you translate what you see into what your hospital realistically needs to be successful with IT?  Let us help.  Our core focus is helping community hospitals make sense of it all.  Make us a part of your team at HIMSS. It would be our pleasure to meet you and help you find the solutions you are looking for.

Some interesting suggestions. I could have sworn in the past that they had a community hospital meetup/round table/birds of a feather event, but I can’t find it now. Maybe ICE Technolgies should host one. Meeting people with similar interests to me is always the best part of HIMSS. I use social media to connect with many of those people. I hope this helps the HIMSS attendees from community hospitals.

Is Apple HealthKit Headed For Hospital Dominance?

Posted on February 12, 2015 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Even for a company with the cash and reach of Apple, crashing the healthcare party is quite an undertaking.  Not only does healthcare come with unique technical challenges, it’s quite the conservative business, in many cases clinging to old technologies and approaches longer than other data-driven industries.

Of late, however, Apple’s HealthKit has attracted the attention of some high-profile healthcare institutions, such as New Orleans-based Ochsner Medical Center and Stanford Healthcare. All told, a total of fourteen major U.S. hospitals are running trials of HealthKit. What’s more, more than 600 developers are integrating HealthKit tech into their own health and fitness apps.

What’s particularly interesting is that some of these healthcare organizations are integrating Apple’s new patient-facing, iOS HealthKit app with Epic EMRs and the HealthKit enterprise platform.  If this works out, it could vault Apple into a much more lucrative position in the industry, as bringing together health app, platform and EMR accomplishes one of the major steps in leveraging mobile health.

According to MobiHealthNews, the new app allows patients to check out test results, manage prescriptions, set appointments, hold video visits with Stanford doctors, review medical bills — and perhaps most significantly, upload their vital signs remotely and have the data added to their Epic chart. This is a big step forward for hospitals, but even more so for doctors, many of whom have warned that they have no time to manage a separate stream of mobile patient data as part of patient care.

For Apple leaders, the next step will be to roll out the upcoming Apple Watch and integrate it into its expanding Internet of Apple Healthcare Things. CEO Tim Cook is pitching the Apple Watch as a key component in promoting consumer health. While the iPhone gathers data, the smart watch will proactively remind consumers to move. “If I sit for too long, it will actually tap me on the wrist to remind me to get up and move, because a lot of doctors think sitting is the new cancer,” Cook told an audience at an investor conference recently.

All that being said, it’s not as though Apple is marching through healthcare corridor’s unopposed. For example, Samsung is very focused on becoming the mobile healthcare  technology provider of choice. For example, in November, Samsung announced relationships with 24 health IT partners, including Aetna, the Cleveland Clinic and Cigna.

At its second annual developer conference last December, Samsung introduced an array of software tools designed to support the buildout of a digital health ecosystem, including the Samsung Digital Health SDK and Gear S SDK, which lets app makers create software compatible with Samsung’s smart watches. Also, Samsung is already on the second generation of its Simband reference design for wearable device design, as well as the cloud-based Samsung Architecture for Multimodal Interactions, which collects sensor data.

And Microsoft, of course, is not going to sit and watch idly as a multibillion-dollar market goes to competitors. For example, late last year the tech giant launched a fitness tracking wristband and mobile health app. It’s also kicked off a HealthKit-like platform, imaginatively dubbed Microsoft Health, which among other things, allows fitness band users to store data and transfer it to the Microsoft Health app. Microsoft isn’t winning the PR war as of yet — Apple still has a gift for doing that — but have no doubt that it’s lurking in the swamps like an alligator, ready to close its powerful jaws on the next right opportunity to expand its healthcare presence.

Bottom line, Apple has captured some big-name pilot testers for its HealthKit platform and related products, but the game is just beginning. Having users in place is a good start, but Apple is miles away from being able to declare itself the leader in the emerging hospital mobile health market.

Hospitals Put Off RCM Upgrades Due To #ICD10, #MU Focus

Posted on December 29, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

If you look closely at the financial news coming out of the hospital business lately, you’ll hear the anguished screams of revenue cycle managers whose infrastructure just isn’t up to the task of coping with collections in today’s world. Though members of the RCM department — and outside pundits — have done their best to draw attention to this issue, signs suggest that getting better systems put in has been a surprisingly tough sell. This is true despite a fair amount of evidence from recent hospital financial disasters that focusing on an EMR at the expense of revenue cycle management can be quite destructive.

And a new study underscores the point. According to a recent Black Book survey of chief financial officers, revenue cycle upgrades at U.S. hospitals have taken a backseat to meeting the looming October 2015 ICD-10 deadline, as well as capturing Meaningful Use incentives. Meanwhile, progress on upgrades to revenue cycle management platforms has been agonizingly slow.

According to the Black Book survey, two thirds of hospitals contacted by researchers in 2012 said that they plan to replace their existing revenue cycle management platform with a comprehensive solution. But when contacted this year, two-thirds of those hospitals still hadn’t done the upgrade. (One is forced to wonder whether these hospitals were foolish enough to think the upgrade wasn’t important, or simply too overextended to stick with their plans.)

Sadly, despite the risks associated with ignoring the RCM upgrade issue, a lot of small hospitals seem determined to do so. Fifty-one percent of under 250 bed hospitals are planning to delay RCM system improvements until after the ICD-10 deadline passes in 2015, Black Book found.

The CFOs surveyed by Black Book feel they’re running out of time to make RCM upgrades. In fact, 83% of the CFOs from hospitals with less than 250 beds expect their RCM platforms to become obsolete within two years if not replaced or upgraded, as they’re rightfully convinced that most payers will move to value-based reimbursement. And 95% of those worried about obsolescence said that failing to upgrade or replace the platform might cost them their jobs, reports Healthcare Finance News.

Unfortunately for both the hospitals and the CFOs, firing the messenger won’t solve the problem. By the time laggard hospitals make their RCM upgrades, they’re going to have a hard time catching up with the industry.

If they wait that long, it seems unlikely that these hospitals will have time to choose, test and implement RCM platform upgrades, much less implement new systems, much before early 2017, and even that may be an aggressive prediction. They risk going into a downward spiral in which they can’t afford to buy the RCM platform they really need because, well, the current RCM platform stinks. Not only that, the ones that are still engaged in mega dollar EMR implementations may not be able to afford to support those either.

Admittedly, it’s not as though hospitals can blithely ignore ICD-10 or Meaningful Use. But letting the revenue cycle management infrastructure go for so long seems like a recipe for disaster.

Another Health System’s Finances Weighed Down By Epic Investment

Posted on December 26, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

While Memphis-based Baptist Memorial Health Care Corp. may intend to be “the high-quality and low-cost provider” in its region, spending $200 million on an EMR purchase has got to make that a bit more, shall we say, challenging.

While health systems nationwide are struggling with issues not of their own making, such as some states’ decision not to expand Medicaid, it appears that Baptist Memorial’s financial troubles have at least some relationship to the size of its 2012 investment in an Epic EMR platform.

Baptist, which let 112 workers go in September, has seen Standard & Poor’s lower its long-term rating on the health system’s bond debt twice since mid-2013.  Through June, the system’s losses totaled $124 million, according to S&P.

Baptist employs 15,000 workers at 14 hospitals located across the mid-south of the US, so the staffing cuts clearly don’t constitute a mass layoffs. What’s more, the layoffs are concentrated corporate services, Baptist reports, suggesting that the chain is being careful not to gut its clinical services infrastructure. In other words, I’m not suggesting that Baptist is completely falling apart, Epic investment or no.

But the health system’s financial health has deteriorated significantly over the past few years. After all, back in 2009, S&P gave Baptist Memorial a long-term ‘AA’ rating, based on its strong liquidity and low debt levels; history of positive excess income and good cash flow; and solid and stable market share in his total surface area, with favorable growth in metropolitan Memphis.

However, at this point Baptist is clearly struggling, so much so that is taking the extraordinary step of cutting the salaries of top executives in the system by 22% to 23%. That includes cutting the salary of health system CEO Jason Little. But this is clearly a symbolic gesture, as executive pay cuts can’t dent multimillion dollar operating revenue shortfalls.

So what will help Baptist improve its financial health? In public statements,  Baptist CEO Little has said that the hospitals’ length of stay has been excessive for the compensation that they get from payers, and that fixing this is his key focus. This problem, of course, is only likely to get worse as value-based reimbursement becomes the rule, so that strategy seems to make sense.

But Baptist is also going to have to live with its IT spending decisions, and it seems obvious that they’ve had long-term repercussions. I don’t think any outsider can say whether Baptist should have bought the Epic system, or how much it should have spent, but the investment has clearly been a strain.

CFO Pleads Guilty To Meaningful Use Fraud

Posted on November 24, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

It had to happen eventually — the money is just too good.  The former chief financial officer of a now-closed Texas hospital has plead guilty to charges that he defrauded the meaningful use program, in what may be the first prosecution of its kind.

According to Healthcare IT News the former CFO of Shelby Regional Medical Center in Center, TX, has been indicted on charges that he falsely attested that Shelby Regional met meaningful use requirements for fiscal year 2012. The alleged fraud garnered the medical center $783,655 in payments, according to the indictment.

It’s not that hospitals haven’t wrongly claimed large amounts of meaningful use cash before. In fact, Florida-based Health Management Associates seems to have wrongfully claimed $31 million in meaningful use payments last year prior to its acquisition by Community Health Systems, with 11 of 71 HMA hospitals failing to meet meaningful use criteria.

But it does seem to be unusual, if not unprecedented, for CMS to catch providers in the act of willfully falsifying meaningful use attestations. Either the self-attestation honor system is working or CMS  is failing to catch a great deal of monkey business.

In Shelby Regional’s case, the hospital relied on paper records throughout fiscal year 2012 and only minimally used an EMR, according to the feds. To make sure the facility still captured its meaningful use payout, CFO Joe White instructed the software vendor and employees of the hospital to input data from paper records into the EMR, sometimes months after patients were discharged and after the fiscal year. (If convicted, White faces five years in prison).

What makes the purported fraud at Shelby Regional seem all the more egregious is that it was apparently part of a much larger scheme. Tariq Mahmood, MD, who owned Shelby Regional and five other Texas hospitals, is also being investigated by federal prosecutors for alleged healthcare fraud. The six hospitals owned by Mahmood collected a total of $16.8 million in meaningful use incentives for fiscal 2011 and 2012.

The truth is, there’s probably a lot more fraud going on in the meaningful use program that hasn’t been caught. After all, a report by the Office of the Inspector General for HHS issued early this year concluded that CMS fraud auditors such as the Recovery Audit Contractors weren’t doing a great job of reviewing EMR records, failing to take basic steps such as reviewing EMR audit logs to verify that medical records support a claim. It’s little wonder they haven’t caught more providers deliberately gaming the meaningful use system.

Hospitals can do more to avoid accidental problems with meaningful use claims, too. Observers have noted that few hospitals have sufficient safeguards in place to catch attestation problems before they happen.

Large Health Facilities Have Major Patient Data Security Issues

Posted on July 2, 2014 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Many healthcare organizations have security holes that leave not only their systems, but their equipment susceptible to cyberattacks, according to two recent studies.

The researchers included Scott Erven, head of information security for multi-state hospital and clinic chain Essentia Health, and Shawn Merdinger, an independent consultant. According to iHealthBeat, the two presented their findings last week at the Shakacon conference.

Erven and his colleagues conducted a two-year study addressing the security of Essentia’s medical equipment. As part of their study they found that hackers could manipulate dosages of drugs provided by drug infusion pumps, deliver random defibrillator shock to patients or prevent medically needed shocks from taking place, and change the temperature settings in refrigerators holding blood and drugs.

The research team also looked for exposed equipment within other healthcare organizations, and the results were appalling. Within only 30 minutes, iHealthBeat notes, they found one healthcare organization which had 68,000 devices that exposed data.  Across all of the health systems they studied, they found 488 exposed cardiology systems, 323 PACS systems, 32 pacemaker systems, 21 anesthesiology systems and and several telemetry systems used to monitor elderly patients and prevent infant abductions.

Both Erven and Merdinger found that the organizations are leaking data because an Internet-connected computer had not been configured securely. Typically, data leaks occurred because sys admins had allowed Server Message Block –a protocol used to help admins find and communicate with computers internally — and allowed it to broadcast information turning private data into publicly-accessible data.

According to Erven, these issues are “global” and impact thousands of healthcare organizations. He suggests that too often, healthcare organizations focus on HIPAA compliance and don’t put enough effort into penetration testing and vulnerability protection.

This should come as no surprise. After all, Proficio’s Takeshi Suganuma notes, HIPAA was developed to protect PHI for a wide range of organizations, and as he puts it, “one size seldom fits all.”  While HIPAA compliance is important, collection, analysis and monitoring of security events are also critical activities for medium- to large-sized organizations, Suganuma suggests.

He also warns that healthcare organizations should be aware that cyberattackers are exploiting not only traditional network vulnerabilities, but also vulnerabilities in printers and medical devices. Networked medical devices are a particularly significant issue, since provider IT teams can’t upgrade the underlying operating system embedded in these devices — and too many of the devices are using older versions of Windows and Linux with known security holes.

The key point Suganuma, Erven and Merdinger are making is that while HIPAA compliance is good, healthcare organizations must pay greater attention to new attack vectors, or they face high odds of security compromise.  Seems like there’s a lot of work (and investment) afoot.