Secure Channels Inc

(855) 825-6766

CEO Blech Quoted On Blue Cross Hack By Politico

Epic performance at Senate HELP hearing infuriates CommonWell; members and senators promise action on MU

 

EPIC OFFICER KICKS A WASP NEST: Peter DeVault, the lone vendor representative on a panel before the Senate HELP Committee yesterday, generated a wave of anger by dismissing the Commonwell Health Alliance. He called it an “aspiring network” for interoperability that Epic refused to join because it was expensive, lacked transparency and planned to sell patient data. Commonwell, which includes most of the other large EHR vendors, is creating an electronic hub for providers to locate and share information with each other. Some members and the group’s leadership objected sharply. Dan Haley of athenahealth dismissed DeVault’s claim as “nonsense. The Commonwell association is non-profit and the costs of participation are extraordinarily reasonable compared to the costs of, say, hiring platoons of Epic implementation consultants. … The main difference between Carequality and Commonwell is the latter is actually enabling cross-platform sharing. The former is just talking about it,” Haley said.

Cerner, the biggest Commonwell member, said, “Today’s rhetoric is a slap in the face to many parties working to advance interoperability. It was discouraging to hear more potshots and false statements when it’s clear there is real work to be done.” Commonwell itself said it was “conceived to foster collaboration among health IT stakeholders because we believe it’s the only way to achieve nationwide interoperability. We are committed to openness and transparency. Accordingly we publish our services and use case specifications, along with our nominal membership and service fees on our website for everyone to see.” Just a few days ago, Commonwell official Jitin Asnaani told us he hoped Epic would join the alliance. Breathe, Jitin. Breathe.

 

The first HELP hearing on the meaningful use program in six years didn’t disappoint, but the upshot isn’t clear, as colleagues David Pittman and Ashley Gold write here http://politico.pro/1FzVcGR Senators Sheldon Whitehouse (D-R.I.) and HELP chair Lamar Alexander (R-Tenn.) agreed to set up an informal group to consider changes to meaningful use, and suggested that more hearings were in the offing. But when we asked the committee for details, they would say only that the committee was “beginning to examine the issues.” Beginning to? Really? See more of our coverage here http://politico.pro/1xbMBZK

 

Welcome to Wedneday eHealth, where we were very excited to hear HELP Committee senators talking about interoperability and meaningful use for the first time in many moons. Interesting witnesses, too — Epic’s man was appropriately haughty, and we enjoyed listening to Robert Wergin, president of the American Academy of Family Physicians, describing his last-minute scramble to qualify for MU Stage 2.

 

Ehealth tweet o’ the day: Fawn Mac ‏@fawn_mac OH GREAT Primera Blue Cross ~ up to 11 Million customers may have had their records hacked ….. OH Wonderful ~ 1st happened about 1 yr ago

 

The ONC’s Standards Committee has a daylong meeting. Sundry details here. http://bit.ly/1O5zsX9

 

We’ll be monitoring an Atlantic Health Forum featuring Fitbit Founder James Park, NIAID Director Tony Fauci, Dr. Ezekiel Emanuel, ZocDoc President Oliver Kharraz and others.

 

An Atlantic Council session will discuss the Health Internet of Things. Discussants include Rep. Diana DeGette (D-Colo.); FDA’s Suzanne Schwartz, and Pat Calhoun of Intel Security. Prepare for the event with this new McAfee report: http://bit.ly/1Dy2sUm

 

The House Oversight Committee timed its cyber threats hearing just in time for a fresh health care mega-hack; more details here: http://1.usa.gov/1Fq4FRa

 

** A message from the Leidos Partnership for Defense Health: More than 400 health facilities are saving lives with innovative data analytics that support early identification and treatment of sepsis, a life-threatening inflammation. Learn more about how we’re using big data to deliver big health care solutions: http://bit.ly/1822TrP **

 

PREMERA BLUE CROSS FALLS VICTIM TO HACKERS: The Seattle-based company says a cyberattack beginning last May compromised the personal information of as many as 11 million patients. The company discovered the attack Jan. 29 but didn’t report it until Tuesay because it first wanted to make sure its networks were clean. In addition to names, dates of birth, social security numbers, and bank account information, the attackers might have gotten hold of clinical information dating back to 2002, Premera said. It had no evidence that data had been stolen or used illegally, but was offering two years of credit monitoring and identity theft support to anyone who provided personal information to the company. As it did following earlier breaches of Anthem and Community Health, the FBI praised Premera for quickly reporting the breach to the FBI after detecting it, calling it “a model for other companies facing cyber intrusions, as rapid notification allows the FBI to quickly deploy our cyber experts to preserve evidence.” Others weren’t so sanguine: BitSight co-founder Stephen Boyer said he was surprised the hack hadn’t been noticed for nearly 270 days — the average organization took approximately 25 days to detect a breach in 2014. But Premera spokesman Eric Earling said the duration was “not uncommon given the sophistication of the attack.” Security expert Richard Blech, CEO of Secure Channels, said the Premera breach “once again demonstrates the failure of flawed, outdated assumptions: over-reliance on ‘guard the door’ entry point security and early technologies such as simplistic single-key encryption schemes.”

 

WAS THIS CREATED BY LEMONY SNICKET, OR J.K. ROWLING?: Neither — it’s the HHS Office of the Inspector General’s “Top 25 Compendium of Unimplemented Recommendations.” Released late Tuesday, the report http://1.usa.gov/1BPcvRF singles out the unaddressed fraud vulnerabilities in electronic health records. Something we’ve been hearing about in relation to malpractice suits lately: not all EHR technology keeps automatic audit logs, although the OIG reported the failure in a December 2013 report. In addition, the report says “CMS should develop guidance on the use of the copy-paste feature in EHR technology. … HHS must do more to ensure that all hospitals’ EHRs contain safeguards and that hospitals use them to protect against electronically enabled health care fraud. We found that nearly all hospitals with EHR technology had … audit functions in place, but they may not be using them to their full extent.”

 

RESPONSE TO BURGESS BILL STILL TRICKLING IN: Bettina Experton of Humetrix, which provides iBlueButton for consumers, says Rep. Burgess is barking up the wrong tree if he thinks technical problems are what’s blocking interoperability. “The current lack of provider-to-provider health information exchange is mainly caused by business barriers,” she wrote in a letter. “All certified EHRs are able to transmit data using the DIRECT standard, as well as produce usable C-CDA records which can be received by certified EHRs and/or standards-based PHRs. These standards are simply poorly used, and new standards incorporating ‘published’ APIs will not address the vendor or provider coding errors present with current EHR C-CDAs, nor the lack of “trust” that inhibits data flow between provider systems. … We believe that Congress should urge the Office of the National Coordinator for Health IT (ONC) to immediately use its existing authority to decertify products that do not incorporate and/or “turn on” required functionalities, such as DIRECT messaging.”

 

SPEAKING OF DIRECT — HERE’S A DIRECT QUOTE: DirectTrust, which developed DIRECT messaging, has published a new report [http://politico.pro/1GWq3Mc] that lays out some of the problems the “push” system it is having. While 35,000 health care organizations have joined the network, “the ‘last mile’ problems that we are experiencing are occasioned by EHRs that do things in non-standard ways,” says DirectTrust CEO David Kibbe. “An analogy would be sending a postcard to another person, but in a language she didn’t speak. Transport gets the message delivered just fine, but occasionally the receiver can’t interpret it …. We need to collaboratively work on the solution of a few ‘last mile’ issues, and that collaboration includes working with ONC, with the EHR vendors, with federal agencies, and, perhaps, with Congress. An ONC spokesman said his office was “looking forward to reading the Direct report.”

 

REPORT SIGNALS SAVINGS THROUGH ELECTRONIC TRANSACTIONS: U.S. healthcare could save $8 billion annually by transitioning six routine business transactions from manual to electronic, according to the newly published 2014 CAQH Index http://bit.ly/1CshjhH . The CAQH Index tracks progress from manual to electronic administrative transactions between health plans and healthcare providers.

 

REPORT: RURAL COMMUNITIES STILL BROADBAND-STARVED: The U.S. has made great strides toward connecting schools, libraries and health facilities to broadband, but there’s still a long way to go, according to a report [http://politico.pro/1Eqq2NY] released Tuesday by the Schools, Health & Libraries Broadband Coalition. “Community anchor institutions” in rural areas are still struggling, the report says. The group says it knows of no government agency collecting adequate data on the broadband capabilities of health clinics, particularly those in rural areas.

 

Find the original article here.

 

For more articles featuring CEO Blech and Secure Channels Inc, visit the company website here.

Share: