EHR vendor Cerner Corp. is bringing an IT consulting firm into the fold to assist with its work with federal clients, particularly with the U.S. Department of Veterans Affairs.
Cerner is acquiring IT consulting and engineering firm AbleVets, a certified Service-Disabled Veteran-Owned small business. AbleVets will provide technical expertise to Cerner while the company implements its products for the federal government, according to a Cerner news release. Travis Dalton, president of Cerner Government Services, said that AbleVets has been a “trusted partner” to Cerner and is already providing “critical support” to Cerner’s federal programs, according to the press release. The acquisition is expected to be completed before the end of the year.
In 2018, Cerner was awarded a multi-billion dollar contract to implement its EHR for the VA over 10 years. The vision is to bring the VA, which currently uses a homegrown EHR called VistA, onto the same health record system as the Department of Defense in an effort to connect health records between the two departments. By November, the price tag for the EHR migration climbed from $10 billion to $16.1 billion, with a majority of additional funds needed to keep VistA up and running during the transition. Just last month, the VA announced plans to delay the rollout.
Chilmark Research founder John Moore called the EHR migration a “massive endeavor” but believes the acquisition will be useful. He said AbleVets will provide Cerner with “fairly deep expertise” about the VA and VA systems, as well as strengthen relationships within the VA, he said.
“It’s a very public endeavor… that has received a lot of scrutiny from Congress and will continue to receive a lot of scrutiny from Congress and others,” Moore said. “So Cerner’s going to do whatever it takes to make sure this relationship with the VA works for the VA and for who the VA serves: our veterans.”
Last month, Cerner laid off 255 employees in a move to refine its operating model. Moore doesn’t see the acquisition and layoffs as being related, describing the layoffs as an organizational “realignment.” Cerner’s statement on the layoffs said the company has already onboarded 3,000 associates in 2019 and has plans to hire hundreds more.
According to the news release, AbleVets employs 350 professionals who are skilled in cybersecurity, technology enablement and analytics. Many of the employees are veterans, the release said.
“I launched AbleVets to deliver health IT solutions that improve veteran health,” Wyatt Smith, M.D., founder and CEO of AbleVets and a Navy veteran, said in the release. “By working with Cerner over the past year, we’ve been able to make important strides in laying the groundwork on our shared mission to transform care for those who served our country…We’re excited to join forces with Cerner and bring even more value and quality healthcare to those who have served.”
Clinical Pathology Laboratories Inc. is the latest victim of a massive data breach that occurred at the American Medical Collection Agency, increasing the number of potentially affected patients to roughly 22 million.
Clinical Pathology Laboratories (CPL), based in Austin, Texas, notified patients of the AMCA breach and data security incident on July 12. According to the notification on the clinical laboratory’s website, AMCA notified CPL in May of the data breach but didn’t provide the organization with enough information at the time to identify potentially affected patients or the nature of patient information affected. Now, it is being reported that CPL says 2.2 million patients may have had their information stolen.
While its investigation is ongoing, CPL stated that based on information provided by AMCA, patient names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information and treatment provider information could have been affected by the breach. Patient Social Security numbers were not affected, and CPL doesn’t share healthcare records such as laboratory results and clinical history with AMCA, according to the statement.
CPL’s statement indicates that the AMCA data breach is to blame for the sharing of patient data, not CPL systems. AMCA is a collections agency that works with laboratories, billing services, hospitals and medical providers across the nation.
CPL is the fourth medical testing company to come forward following the AMCA breach. Quest Diagnostics first reported that 11.9 million of its patients could have been affected, followed by Laboratory Corporation of America Holdings with 7.7 million patients and BioReference Laboratories, with 422,600 patients.
AMCA was first made aware of the breach in March, after an unauthorized user accessed AMCA’s systems through its web payments page between Aug. 1, 2018, and March 30, 2019. In the face of multiple lawsuits following the breach, AMCA has filed for Chapter 11 bankruptcy and has laid off a substantial amount of its workforce.
The Office of the National Coordinator for Health IT will have a new deputy leader starting next month.
ONC announced Monday that Jon White, M.D., deputy national coordinator for health IT, will take on a new role outside of ONC as associate chief of staff of research at the Veterans Administration Salt Lake City Health Care System. White spent nearly five years at ONC, leading the agency’s interoperability priorities and the publication of federal regulations and the Shared Nationwide Interoperability Roadmap.
Starting Aug. 19, longtime ONC leader Steve Posnack will assume the role of deputy national coordinator for health IT. Don Rucker, national coordinator for health IT, informed staff in an email that Posnack will provide vision and direction for the agency. Posnack has served 14 years with ONC, and will continue in his role as executive director of the office of technology as ONC looks for his replacement.
“Steve has become a central part of ONC’s leadership team during his 14-year tenure,” Rucker said in the email. “His unique experience and depth of knowledge will provide steady direction for our ONC team, continuity for our stakeholders, and vision for the work ahead of us.”
The deputy national coordinator for health IT role involves leading ONC programs and policies, as well as advancing the agency’s key priorities, according to ONC’s website.
Peter Ashkenaz, director of content and media for ONC, said in an email that the agency is not scheduling interviews with Posnack as he works with White to transition to the role of deputy national coordinator for health IT. Ashkenaz said Posnack will continue to work with ONC to finalize the agency’s proposed interoperability rule, as well as the Trusted Exchange Framework and Common Agreement (TEFCA).
The interoperability rule, created in conjunction with the Centers for Medicare and Medicaid Services (CMS), aims to foster greater data sharing in healthcare. TEFCA outlines terms and conditions to support creation of a common agreement that would facilitate better health information exchange between health systems on different networks.
The Centers for Medicare and Medicaid Services said it is committed to the role of federal chief health informatics officer, despite the sudden departure of its first appointment.
Mark Roche, M.D., left the role as CHIO after less than four months on the job, according to news reports.
Roche, who has plenty of EHR and interoperability experience in the public and private sectors, was appointed to the CHIO role in March, almost a year after CMS announced the creation of the position. It’s unclear why he departed so suddenly, but it comes at a time when CMS and ONC are sorting through more than 2,000 comments on interoperability and information blocking rules it proposed in February.
Johnathan Monroe, director of the office of communications for CMS, said the agency remains “committed to this new role” and is currently looking at how to move forward. Monroe wouldn’t comment on Roche’s departure, saying it was against the organization’s personnel policy to do so.
CMS created the CHIO position last year as a way to change the “way-we-have-always-done-it” manner and bring a health IT expert to the helm, according to a blog post that introduced the new role to the health IT community and was written by CMS Administrator Seema Verma.
Verma said the aim for the CHIO role is to tackle data, develop an application programming interface (API) strategy enabling the agency to share data securely, and lead the agency’s interoperability strategy, according to the blog post.
Indeed, one of the main focal points of the interoperability rule proposed by CMS earlier this year centers on requiring healthcare organizations to implement and use APIs for easier data sharing.
“We anticipate the CHIO role will help drive forward the many health IT initiatives we have begun,” Verma wrote in the blog. She cited the Medicare Blue Button 2.0 program, which she described as “a universal digital format for personal health information,” and an “overhaul of the CMS EHR Incentive Programs to focus on interoperability,” as two examples.
A third medical testing company announced it has been impacted by the American Medical Collection Agency data breach, putting the total number of patients potentially affected at 20 million.
In an 8-K form filed with the U.S. Securities and Exchange Commission, OPKO Health, Inc., said 422,600 customers may have been impacted by a data breach through its subsidiary, BioReference Laboratories, Inc.
BioReference, based in Elmwood Park, N.J., was notified by the American Medical Collection Agency, a bill collection service provider, about unauthorized activity on the collection agency’s online payment page between Aug. 1, 2018 and March 30, 2019. Data for approximately 422,600 of its patients was stored in the affected system, according to the SEC filing.
Earlier this week, medical testing companies Quest Diagnostics Inc., and Laboratory Corporation of America Holdings (LabCorp) filed 8-K forms that announced they, too, were affected by the data breach, which brings the total of potentially impacted patients to roughly 20 million.
For BioReference patients, data that could have been affected includes patient names, dates of birth, addresses, phone numbers, dates of service, and provider and balance information. The affected American Medical Collection Agency system also included credit card information, bank account information, not including passwords and security questions, and email addresses provided by customers to the collection agency, the filing said.
American Medical Collection Agency said no Social Security numbers were compromised. In the SEC filing, BioReference noted it did not provide laboratory results or diagnostic information to the collection agency.
American Medical Collection Agency is sending notices to 6,600 patients whose credit card or bank account information was stored in its system, and for whom BioReference performed laboratory testing, according to the filing.
BioReference has not sent any collection requests to American Medical Collection Agency since October 2018, and it noted in the SEC filing that it will not send any new collections requests to the agency. It has requested that the collection agency cease working on any pending collections requests involving its patients.
The filing noted that BioReference hasn’t been able to verify the accuracy of the information it received from AMCA.
In a statement, the American Medical Collection Agency said it is investigating a data incident that involved an unauthorized user accessing its system. The collection agency said it was notified of a potential security compromise by a security compliance firm that works with credit card companies, which resulted in the collections agency conducting an internal review and then taking down its web payments page.
Kristina Podnar, digital policy consultant and author of The Power of Digital Policy, called the current 8-K filings “just the tip of the iceberg.”
“I think we’re going to see a lot more coming out in terms of 8-K filings,” she said.
According to its website, the American Medical Collection Agency works with laboratories, physician groups, billing services, hospitals and medical providers across the country and manages more than $1 billion in annual receivables.
DirectTrust, a nonprofit association of health IT and healthcare organizations, has taken a step forward in developing health data exchange standards.
The nonprofit announced Tuesday that it has been accredited by the American National Standards Institute (ANSI) to develop health data exchange standards to increase data sharing using Direct exchange and trust frameworks.
DirectTrust has created a trust framework, which extends data exchange to more than 106,000 healthcare organizations and supports provider-to-provider information exchange, as well as data exchange between patients and providers.
More than 300 electronic health record and personal health record vendors and 50 health information exchanges (HIEs) participate in the DirectTrust network, which aims to support interoperable health information exchange through its Direct message protocols. Direct is similar to email, except the Health Internet Service Provider (HISP) handles email exchanges rather than an email provider such as Google or Yahoo.
DirectTrust began its application last year for ANSI accreditation and was approved in March. ANSI coordinates and facilitates the development of standards used worldwide by the healthcare industry, government agencies and consumers.
The Direct messaging exchange is a set of specifications and protocols known as the Direct standard, which was developed by a public-private collaboration called the Direct Project that was sponsored by the Office of the National Coordinator for Health IT (ONC) starting in 2010.
Don Rucker, national coordinator for health information technology, said in a news release that ONC initiated the Direct Project as a new option for exchanging electronic health information. The Direct Project grew from stakeholder meetings and was structured as a consensus-based standards development organization. The Direct Project had participation and the sanction of the U.S. Department of Health and Human Services and ONC, but no affiliation with an accrediting authority.
“DirectTrust’s accreditation by ANSI is an important step forward for this decade-long public-private effort to advance interoperability nationwide,” Rucker said in the release.
DirectTrust has also issued a call for participation for the Direct Standard Consensus Body, a group of healthcare industry stakeholders to help develop DirectTrust standards.
Earlier this month, the VA teamed up with DirectTrust to improve interoperability with community hospitals through DirectTrust’s health data exchange services. The VA joined the DirectTrust Accredited Trust Anchor Bundle, which gives VA healthcare providers access to 1.8 million endpoints in DirectTrust’s national network.
DirectTrust will also be hosting its first conference in June. The DirectTrust Summit will offer panels focused on FHIR and the future of trust in healthcare as well as the role of identity in healthcare exchange.
The Centers for Medicare and Medicaid Services appointed a new leader to drive change and interoperability in healthcare from the federal level.
Mark Roche, a physician informaticist, will take on the newly formed role as chief healthcare informatics officer, a position created last year by the Centers for Medicare and Medicaid Services. He is set to lead CMS’s core initiatives, including its push for interoperability in healthcare and the MyHealthEData Initiative.
Roche spent more than 16 years working on initiatives such as semantic interoperability, which would enable healthcare systems to share data in a way that’s useful. He also served as a physician adviser to the Office of the National Coordinator for Health IT, according to an email from CMS Administrator Seema Verma to her staff. He aided in developing components of measures like the 2015 E-Certification Rule supporting CMS’ Meaningful Use Stage 3 program, renamed now to the Promoting Interoperability program.
Along with his work on the federal level, Roche also served as an adjunct professor for Northwestern University’s medical informatics program and worked at the U.S. National Cancer Institute.
CMS started its search for a CHIO last summer, a move Verma said was overdue. “The truth is, as the largest healthcare payer in the country, CMS should have had a [chief healthcare informatics officer] function long ago,” she said in a blog post announcing the search.
The decision to create a chief healthcare informatics officer position is an acknowledgement by CMS that the agency couldn’t continue to operate in a business as usual kind of way and hope for different results, according to Verma’s blog post. Roche’s mission will be focused on data — how it could better be shared and used to improve healthcare delivery and outcomes, she said.
Interoperability in healthcare isn’t just a buzzword for the healthcare community, it’s also something technology companies are talking about.
Patrick Combes, technology leader for healthcare and life sciences at Amazon Web Services (AWS), said interoperability in healthcare is one of the biggest trends he’s paying attention to this year. While AWS is a major provider of cloud computing services, its healthcare and life sciences track focuses specifically on simplifying technology integration for healthcare organizations, where improving care delivery to patients is part of its underlying mission statement for healthcare providers.
In an interview with Combes at HIMSS 2019, he said he’s seen a push toward greater interoperability both from federal regulators and demand from AWS customers.
“People are beginning to realize the value of bringing this data together,” he said, citing this as the reason for the uptick in interoperability interest.
“We see this not only as a trend, but the only path forward,” he said. “To build a better collective understanding of all the data that’s being pulled in, we have to at least be able to talk about the same things in the same way.”
When it comes to increasing interoperability in healthcare, Combes said AWS is particularly focused on creating the technology backbone necessary for interoperability to take root.
“What we’re trying to do is make sure the machinery for a lot of this works,” he said. “And then surface that machinery so our partners can develop these very specific interoperability solutions.”
One of the biggest interoperability challenges Combes sees for the healthcare community is expanding interoperability standards, such as Fast Healthcare Interoperability Resources standards developed by Health Level Seven, and making them applicable on a larger scale.
“When we work with our partners to scale out these solutions we help build, one of the bigger issues we find is that there’s not a complete understanding of how best to scale,” he said.
Though bringing interoperability to scale can be a challenge, Combes said it’s valuable in the long run because it allows further reach to a greater number of patient records as a result.
Stan Huff has spent years helping create what he believes is now one of the best standards for moving healthcare closer to interoperability. The Fast Healthcare Interoperability Resources (FHIR) standard, developed by standards organization Health Level 7 International (HL7) for the purpose of exchanging clinical data electronically, saw its fourth release last month. From Huff’s point of view, the FHIR standard takes the healthcare industry to a “new level of interoperability.”
Huff, chief medical informatics officer for Intermountain Healthcare in Utah and co-chairman for an HL7 working group, said FHIR R4 addresses a major pain point for developers.
The most important development in FHIR R4 is that much of its base platform is now normative and backward compatible. The designation indicates a level of maturity and stability and, for developers, promises fewer changes to the base platform’s structure going forward so that programs written against FHIR R4 will work in future versions, Huff said.
Before this, programmers who built applications on an earlier version of the standard were forced to go back and make significant changes to the program to accommodate the release of a new version, according to Huff.
“Now when we go from version four to version five, there should be few if any changes to those resources, so you don’t have to anticipate or expect that you’re going to have that programming burden when the next version of FHIR comes out,” he said.
The FHIR standard still faces its share of hurdles, such as making additional resources normative and standardizing more medical terminology, Huff said. Semantic interoperability is a general sticking point for the healthcare community, and the FHIR standard is no different. For example, a field in the FHIR standard called the “observation resource,” allows programmers to input codes for medical observations such as blood pressure. But, because multiple codes for blood pressure exist, medical professionals risk how effectively systems can talk to each other, he said.
“If you’re not careful, people implementing the standard will choose different codes and then you don’t end up with a high level of interoperability that people expect,” Huff said. “We’re working right now, trying to include clinical societies and others to converge around exactly the way we use that standard and the way we use terminology to get us to a higher level of interoperability.”
Huff said with the new release of the FHIR standard, he’s looking forward to broader implementation, which will only help improve future versions of the standard.
“I think what we need to do is continue to improve FHIR, to use FHIR and add information models and terminology that we need to make it even more interoperable,” he said. “And that’s the path we should be on.”
Rules and regulations proposed by the Office of the National Coordinator for Health Information Technology hang in limbo, thanks to the government shutdown. But that isn’t stopping the federal organization from pushing forward on addressing a significant pain point for the healthcare industry.
ONC released updates to its Interoperability Standards Advisory (ISA), a living document focused on improving the exchange of data between healthcare systems. The updates are based on recommendations from the Health IT Advisory Committee and feedback from the healthcare community.
ONC has added interoperability needs the healthcare industry should address to further information-sharing to ISA 2019, including several electronic prescribing-related interoperability standards that would allow pharmacies to request additional refills and prescribers to send prescriptions for controlled substances to a pharmacy.
ONC included the updates in its release of the 2019 ISA Reference Edition, which provides a snapshot of the document, and the healthcare community can also tap into an ISA RSS feed when the document is changed.
ONC received 74 comments on the document in 2018, resulting in around 400 revision recommendations, according to an ONC news release. ONC uses the ISA to identify and assess interoperability standards and implementation specifications the healthcare industry can use to address interoperability needs, the release said.
The federal organization believes the ISA should be considered an open resource for healthcare industry leaders that reflects the latest thinking around standards aimed toward nationwide interoperability.