News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

Ransomware Attacks on Scripps Health, Universal, and Utah Pathology Services Show Hospitals and Health Systems Are Increasingly in the Crosshairs

Recent attacks illustrate how costly a security breach can be and why clinical laboratories and pathology groups must work to protect their information systems from ransomware attacks

Recent ransomware attacks on Scripps Health, Universal Health Services, and Utah Pathology Services clearly illuminate the vulnerabilities within the healthcare industry to being targeted. These attacks left patients’ protected health information (PHI) exposed and the healthcare organizations open to federal scrutiny and possibly fines or other punitive actions.

Therefore, it is crucial clinical laboratories and pathology groups have a cybersecurity strategy in place for dealing with ransomware attacks. Running security drills may need to be part of that strategy. Managers and employees should undergo specific training and vendors must be vetted carefully. Without such a strategy, the question is not if an attack will happen, but rather when an attack will succeed.

Ransomware Attackers are Getting Better

“Ransomware is increasing in sophistication; it’s increasing in prevalence. The purveyors of ransomware are generally reinvesting the fees that they collect from the entities they extort to acquire more capabilities,” Beau Woods, Senior Advisor at the federal Cybersecurity and Infrastructure Security Agency (CISA), told The San Diego Tribune.

“They’re getting better, they’re getting more frequent, particularly during the pandemic where we’ve opened up more connectivity to allow more remote work,” he added.

The Scripps Health attack is notable for several reasons, with one being the length of the outage it caused. The attack was first detected on May 1 of this year. It took four weeks before Scripps could restore most of its network and get its Epic EHR back online, Health IT Security reported.

However, the ransomware attack on Universal Health Services (NYSE:UHS) may be the biggest attack so far. It took place on September 27, 2020, and caused a three-week outage. The company told The San Diego Tribune the incident had a $67 million impact on operations.

According to HIPAA Journal, “The phone system was taken out of action, and without access to computers and electronic health records, employees had to resort to pen and paper to record patient information. In the early hours after the attack occurred, the health system diverted ambulances to alternative facilities and some elective procedures were either postponed or diverted to competitors. Patients reported delays receiving test results while UHS recovered from the attack.”

At Utah Pathology Services, an employee e-mail hack resulted in the potential exposure of patient data. The malicious actors attempted to divert funds intended for a physician but failed to do so. However, the information of 112,000 patients was accessible to the hacker during the attempt.

“The compromised data varied by patient but could include names, contact information, insurance details such as ID and group numbers, medical and health information like internal records numbers and clinical and diagnostic information, and some Social Security numbers,” Health IT Security reported.

Bryan-S.-Ware-and-Christopher-Krebs

“We are seeing adversaries that are targeting our pharmaceutical companies, pharmaceutical research, laboratory companies, testing and really even out into the future manufacturing of the vaccine systems,” Bryan S. Ware (above left) Assistant Director for Cybersecurity for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) told CyberScoop. CISA Director Christopher Krebs (above right) added, “At the onset of the COVID-19 pandemic, we recognized just how vital the healthcare sector was to the response and we established Project Taken to bring to bear the government’s particular set of skills to protect those organizations.” (Photo copyrights: CyberScoop/Business Insider.)

Value of Patient Data on the Dark Web is Increasing

In the case of the Utah Pathology Services attack, the hackers were specifically after money. However, according to cybersecurity company SecureLink, patient records are “the new prize” for hackers. Healthcare data carries a value of its own on the digital black market. In fact, healthcare data is more valuable than credit card or banking data.

“Healthcare data is valuable on the black market because it often contains all of an individual’s personally identifiable information, as opposed to a single marker that may be found in a financial breach,” SecureLink wrote in a blog post.

In “Here’s How Much Your Personal Information Is Selling for on the Dark Web,” credit rating agency Experian estimated a stolen medical record could sell for between $1 and $1,000, while a Social Security number alone is worth about a dollar.

A 2018 Trustwave Global Security Report estimated that a healthcare record is worth about $250. Trustwave, however, estimated the value of a banking record at less than $5. That strongly suggests health records are increasing in value.

And even after a healthcare entity has regained control of its IT infrastructure, the hacker still has possession of the stolen patient information. It may take weeks or years for the hacker to sell that information, meaning the breach represents a continuing threat to the healthcare organization and its patients.

Clinical Laboratories Must Prepare for an Attack

Simply understanding the threat is not enough. Clinical laboratory and pathology group managers must have robust plans in place for both protecting patient information and for dealing with a security breach should one occur.

According to a Health IT Security report, “The ransomware attack that struck all 400 UHS care sites and caused three weeks of EHR downtime in September, cost the health system $67 million in recovery costs and lost revenue.”

The report added, “Security researchers have long-recommended the need for providers to shift into a proactive security model, like zero trust. Recent reports show successful cyberattacks on healthcare providers doubled in the last year, with at least 560 providers falling victim to ransomware.”

In “Three Federal Agencies Warn Healthcare Providers of Pending Ransomware Attacks; Clinical Laboratories Advised to Assess Their Cyberdefenses,” Dark Daily reported on an FBI, federal Department of Health and Human Services (HHS), and federal Cybersecurity and Infrastructure Security Agency (CISA) joint advisory (AA20-302A) that warned US hospitals, clinical laboratories, and other healthcare providers to prepare for impending ransomware attacks in 2020.

To deal with the ransomware attacks, we wrote, “CISA, FBI, and HHS advise against paying ransoms. ‘Payment does not guarantee files will be recovered,’ the advisory states. ‘It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.’ The federal agencies advise organizations to take preventive measures and adopt plans for coping with attacks.

“The advisory suggests:

  • Training programs for employees, including raising awareness about ransomware and phishing scams. Organizations should ‘ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.’
  • Regular backups of data and software. These should be ‘maintained offline or in separated networks as many ransomware variants attempt to find and delete any accessible backups.’ Personnel should also test the backups.
  • Continuity plans in case information systems are not accessible. For example, organizations should maintain ‘hard copies of digital information that would be required for critical patient healthcare.’”

Given the enormous amounts of money hackers can earn from selling protected health information on the Dark Web, it is a near certainty these attacks will continue. Clinical laboratory and anatomic pathology group managers would be well advised to plan for the inevitability that their health system will be targeted.

—Dava Stewart

Related Information:

It’s Not Just Scripps. Ransomware Has Become Rampant During Pandemic

Scripps Health Network Still Down, 2 Weeks After Cyberattack

Universal Health Services Ransomware Attack Cost $67 Million in 2020

112K Patients Impacted by Utah Pathology Services Email Hack

Healthcare Data: The New Prize for Hackers

Here’s How Much Your Personal Information Is Selling for on the Dark Web

Trustwave Global Security Report

UHS Ransomware Attack Cost $67M in Lost Revenue, Recovery Efforts

CISA Turns to Security Experts with Street Cred to Protect Health Sector

Three Federal Agencies Warn Healthcare Providers of Pending Ransomware Attacks; Clinical Laboratories Advised to Assess Their Cyberdefenses

UK’s NHS Will Use Amazon Alexa to Deliver Official Health Advice to Patients in the United Kingdom

Since Alexa is now programed to be compliant with HIPAA privacy rules, it’s likely similar voice assistance technologies will soon become available in US healthcare as well

Shortages of physicians and other types of caregivers—including histopathologists and pathology laboratory workers—in the United Kingdom (UK) has the UK’s National Health Service (NHS) seeking alternate ways to get patients needed health and medical information. This has prompted a partnership with Amazon to use the Alexa virtual assistant to answer patients healthcare inquiries.

Here in the United States, pathologists and clinical laboratory executives should take the time to understand this development. The fact that the NHS is willing to use a device like Alexa to help it maintain access to services expected by patients in the United Kingdom shows how rapidly the concept of “virtual clinical care” is moving to become mainstream.

If the NHS can make it work in a health system serving 66-million people, it can be expected that health insurers, hospitals, and physicians in the United States will follow that example and deploy similar virtual health services to their patients.

For these reasons, all clinical laboratories and anatomic pathology groups will want to develop a strategy as to how their organizations will interact with virtual health services and how their labs will want to deploy similar virtual patient information services.

Critical Shortages in Healthcare Services

While virtual assistants have been answering commonly-asked health questions by mining popular responses on the Internet for some time, this new agreement allows Alexa to provide government-endorsed medical advice drawn from the NHS website.

By doing this, the NHS hopes to reduce the burden on healthcare workers by making it easier for UK patients to access health information and receive answers to commonly-asked health questions directly from their homes, GeekWire reported. 

“The public needs to be able to get reliable information about their health easily and in ways they actually use. By working closely with Amazon and other tech companies, big and small, we can ensure that the millions of users looking for health information every day can get simple, validated advice at the touch of a button or voice command,” Matthew Gould, CEO of NHSX, a division of the NHS that focuses on digital initiatives, told GeekWire

The Verge reported that when the British government officially announced the partnership in a July press release, the sample questions that Alexa could answer included:

  • Alexa, how do I treat a migraine?
  • Alexa, what are the symptoms of the flu?
  • Alexa, what are the symptoms of chickenpox?

“We want to empower every patient to take better control of their healthcare and technology like this is a great example of how people can access reliable, world-leading NHS advice from the comfort of their home, reducing the pressure on our hardworking GPs (General Practitioners) and pharmacists,” said Matt Hancock, Secretary of State for Health and Social Care, in the press release.

MD Connect notes that the NHS provides healthcare services free of charge to more than 66-million individuals residing in the UK. With 1.2 million employees, the NHS is the largest employer in Europe, according to The Economist. That article also stated that the biggest problem facing the NHS is a staff shortage, citing research conducted by three independent organizations:

Their findings indicate “that NHS hospitals, mental-health providers, and community services have 100,000 vacancies, and that there are another 110,000 gaps in adult social care. If things stay on their current trajectory, the think-tanks predict that there will be 250,000 NHS vacancies in a decade,” The Economist reported.

UK’s Matt Hancock, Secretary of State for Health and Social Care (above), defends the NHS’ partnership with Amazon Alexa, saying millions already use the smart speaker for medical advice and it’s important the health service uses the “best of modern technology.” Click here to watch the video. (Video and caption copyright: Sky News.)

“This idea is certainly interesting and it has the potential to help some patients work out what kind of care they need before considering whether to seek face-to-face medical help, especially for minor ailments that rarely need a GP appointment, such as coughs and colds that can be safely treated at home,” Professor Helen Stokes-Lampard, Chairman at the Royal College of General Practitioners, and Chair of the Board Of Directors/Trustees at National Academy of Social Prescribing, told Sky News.

“However,” she continued, “it is vital that independent research is done to ensure that the advice given is safe, otherwise it could prevent people seeking proper medical help and create even more pressure on our overstretched GP service.”

Amazon has assured consumers that all data obtained by Alexa through the NHS partnership will be encrypted to ensure privacy and security, MD Connect notes. Amazon also promised that the personal information will not be shared or sold to third parties.

Alexa Now HIPAA Compliant in the US

This new agreement with the UK follows the announcement in April of a new Alexa Skills Kit that “enables select Covered Entities and their Business Associates, subject to the US Health Insurance Portability and Accountability Act of 1996 (HIPAA), to build Alexa skills that transmit and receive protected health information (PHI) as part of an invite-only program. Six new Alexa healthcare skills from industry-leading healthcare providers, payors, pharmacy benefit managers, and digital health coaching companies are now operating in our HIPAA-eligible environment.”

Developers of voice assistance technologies can freely use these Alexa skills, which are “designed to help customers manage a variety of healthcare needs at home simply using voice—whether it’s booking a medical appointment, accessing hospital post-discharge instructions, checking on the status of a prescription delivery, and more,” an Amazon Developer Alexa blog states.

The blog lists the HIPAA-compliant Alexa skills as:

  • Express Scripts: Members can check the status of a home delivery prescription and can request Alexa notifications when their prescription orders are shipped.
  • Cigna Health Today by Cigna (NYSE:CI): Eligible employees with one of Cigna’s large national accounts can now manage their health improvement goals and increase opportunities for earning personalized wellness incentives.
  • My Children’s Enhanced Recovery After Surgery (ERAS) (by Boston Children’s Hospital: Parents and caregivers of children in the ERAS program can provide their care teams updates on recovery progress and receive information regarding their post-op appointments.
  • Swedish Health Connect by Providence St. Joseph Health, a healthcare system with 51 hospitals across seven states and 829 clinics: Customers can find an urgent care center near them and schedule a same-day appointment.
  • Atrium Health, a healthcare system with more than 40 hospitals and 900 care locations throughout North and South Carolina and Georgia: Customers in North and South Carolina can find an urgent care location near them and schedule a same-day appointment.
  • Livongo, a digital health company that creates new and different experiences for people with chronic conditions: Members can query their last blood sugar reading, blood sugar measurement trends, and receive insights and Health Nudges that are personalized to them.

HIPAA Journal notes: “This is not the first time that Alexa skills have been developed, but a stumbling block has been the requirements of HIPAA Privacy Rules, which limit the use of voice technology with protected health information. Now, thanks to HIPAA compliant data transfers, the voice assistant can be used by a select group of healthcare organizations to communicate PHI without violating the HIPAA Privacy Rule.”

Steady increases associated with the costs of medical care combined with a shortage of healthcare professionals on both continents are driving trends that motivate government health programs and providers to experiment with non-traditional ways to interact with patients.

New digital and Artificial Intelligence (AI) tools like Alexa may continue to emerge as methods for providing care—including clinical laboratory and pathology advice—to healthcare consumers.

—JP Schlingman

Related Information:

“Alexa, How Do I Treat a Migraine?” Amazon and NHS Unveil Partnership

Amazon’s Alexa Will Deliver NHS Medical Advice in the UK

NHS Health Information Available Through Amazon’s Alexa

UK’s National Health Service Taps Amazon’s Alexa to Field Common Medical Questions

What Happens When Amazon Alexa Gives Health Advice?

Alexa, Where Are the Legal Limits on What Amazon Can Do with My Health Data?

Amazon Alexa Offering NHS Health Advice

A Shortage of Staff Is the Biggest Problem Facing the NHS

Need Quick Medical Advice in Britain? Ask Alexa

Alexa Blogs: Introducing New Alexa Healthcare Skills

Amazon Announces 6 New HIPAA Compliant Alexa Skills

Amazon Alexa Is Now HIPAA-Compliant: Tech Giant Says Health Data Can Now Be Accessed Securely

Can Artificial Intelligence Diagnose Skin Cancers More Accurately than Anatomic Pathologists? Heidelberg University Researchers Say “Yes”

Apple Updates Its Mobile Health Apps, While Microsoft Shifts Its Focus to Artificial Intelligence. Both Will Transform Healthcare, But Which Will Impact Clinical Laboratories the Most?

As Primary Care Providers and Health Insurers Embrace Telehealth, How Will Clinical Laboratories Provide Medical Lab Testing Services?

VA Engages Private Sector Companies in Major Telehealth Initiative to Bring Critical Healthcare Services to Thousands of Veterans Living in Remote Areas

17 Former Employees Accuse Orig3n of Clinical Laboratory Test Inaccuracies, Contamination, and Fabricated Test Results

This is not the first time genetic-testing company Orig3n has been scrutinized by state and federal investigators over its business practices

It’s not often that multiple employees of a clinical laboratory company go public with criticism about the quality of their lab company’s tests. But that is what is happening at Orig3n. Problems at the Boston-based genetic testing company were the subject of an investigative report published by Bloomberg Businessweek (Bloomberg).

In September, Bloomberg reported that 17 former Orig3n employees said the company’s Deoxyribonucleic acid (DNA) tests sometimes failed to deliver the intended results or were often contaminated or inaccurate. The individuals had been employed by the company as managers, lab technicians, software engineers, marketers, and salespeople between 2015 and 2018.

The former employees claimed that Orig3n “habitually cut corners, tampered with or fabricated results, and failed to meet basic scientific standards,” Bloomberg reported. The individuals also stated that advice intended to be personalized to individual consumers’ genetic profiles was often just generic information or advice that had no scientific basis.

According to Bloomberg, the individuals also alleged that Orig3n’s lab was careless in its handling of genetic samples in several ways, including:

  • Multiple samples being labeled with the same barcode;
  • DNA and blood samples for stem cell bank misplaced or mixed up;
  • No controls to ensure accuracy;
  • Handling methods that could lead to contamination; and
  • Fabricating results when a test outcome was unclear.

The former employees also stated that “Orig3n ran tests without proper authorization in its lab at the 49ers’ stadium, and that managers regularly compelled them to write positive reviews of Orig3n’s tests on Amazon.com and Google to offset waves of negative feedback,” Bloomberg reported.

“Accurate science didn’t seem to be a priority. Marketing was the priority,” said a former lab technician who spoke with Bloomberg on the condition of anonymity. Orig3n denied the accusations in a statement, describing them as “grossly inaccurate,” and claimed the former employees were simply disgruntled.

“In some cases, former employees are former employees for a reason,” Orig3n Chief Executive Officer Robin Smith told Bloomberg. “We’ve found after employees are gone that they have not done things appropriately.”

Jessica Stoll, MS, CGC (above), a certified genetic counselor and Associate Director of the Gastrointestinal Cancer Risk and Prevention Clinic at the University of Chicago Medicine, told NBC, “The majority of genetic testing is still a gray area and there’s always the possibility of uncertain results. I don’t find them particularly useful, and in some cases I can actually find them harmful.” (Photo copyright: Cancer Wellness Center.)

Is it Dog or Human DNA?

In 2018, NBC Chicago (NBC) conducted an investigation into various consumer DNA testing kits. NBC sent DNA samples to several different testing companies. This included non-human samples, which NBC’s investigators had obtained from a female Labrador Retriever.

With the exception of Orig3n, all of companies identified the DNA as non-human and did not process the kits. Orig3n did, however, process the canine DNA. It then returned a seven-page analysis that suggested the subject of the sample “would probably be great for quick movements like boxing and basketball, and that she has the cardiac output for long endurance bike rides or runs,” NBC reported.

This would be funny if it weren’t so concerning.

Following reports that it had processed dog DNA, Orig3n stated it had made changes and improvements to the company’s testing methodologies. Smith also stated Orig3n’s lab protocols had been improved as well.

“Sometimes we look at the accuracy of things and go, ‘Man, that’s not working,’” Smith told Bloomberg. “Our approach and our philosophy is [sic] to constantly improve the products.” 

Serious Accusations of Clinical Laboratory Malfeasance

Founded in 2014 with the intent of creating the world’s largest stem cell bank, by 2016, Boston-based Orig3n had refocused its attention on the burgeoning field of direct-to-consumer DNA testing. On its website, Orig3n sells several DNA-testing kits with varying costs.

Orig3n’s attempt to offer free genetic tests to large numbers of people at a professional sporting event in the fall of 2017 may be what caught the attention of federal investigators and led to a deeper investigation. Dark Daily previously covered this controversy, which centered around Orig3n’s plan to distribute free genetic testing kits to fans at a Baltimore Ravens football game.

In that situation, state and federal healthcare regulators blocked the giveaway over concerns about protected health information (PHI). Now, Orig3n is being accused of questionable business practices by 17 of its former employees. 

The former employees’ statements that the company’s genetic testing lab did not follow appropriate test protocols—and that it allegedly mishandled specimens and even reported false test results—are serious allegation of malfeasance and warrants an investigation.

Pathologists and clinical laboratory managers know that patient harm can potentially result from inaccurate genetic test results if used for clinical purposes. Dark Daily will continue to follow the investigation into Orig3n.

—JP Schlingman

Related Information:

DNA Company Tampered with Results, Former Employees Say

Home DNA Kits: What Do They Tell You?

Orig3n Holds Inaugural Ravens DNA Day on September 17 at M and T Bank Stadium to Kick Off the Season

Orig3n Partners with San Francisco 49ers to Reward Fans for Contributions to Advancing the Future of Medicine through Genetics and Regenerative Medicine Research

State and Federal Agencies Throw Yellow Flag Delaying Free Genetic Tests at NFL Games in Baltimore—Are Clinical Laboratories on Notice about Free Testing?

DOJ Pursues Organizations That Falsely Claim Compliance with Medicare’s EHR Incentive Programs

Clinical laboratories that interface with hospital EHR systems under scrutiny by the DOJ could be drawn into the investigations

Officials at the federal US Department of Justice (DOJ) continue to pursue fraud cases involving health systems that allegedly have falsely attested to complying with the Medicare and Medicaid electronic health record (EHR) adoption incentive programs (now known as the Promoting Interoperability Programs).

This is important for clinical laboratory leaders to watch, because medical labs often interface with hospital EHRs to exchange vital patient data, a key component of complying with Medicare’s EHR incentive programs. If claims of interoperability are shown to be false, could labs engaged with those hospital systems under scrutiny be drawn into the DOJ’s investigations?

Violating the False Claims Act

In May, Coffey Health System (CHS), which includes Coffey County Hospital, a 25-bed critical access hospital located in Burlington, Kan., agreed to pay the US government a total of $250,000 to settle a claim that it violated the False Claims Act.

CHS’ former CIO filed the qui tam (aka, whistleblower) lawsuit, which allows individuals to sue on behalf of the government and share in monetary recovery. He alleged that CHS provided false information to the government about being in compliance with security standards to receive incentive payments under the EHR Incentive Program.

According to a DOJ press release, “the United States alleged that Coffey Health System falsely attested that it conducted and/or reviewed security risk analyses in accordance with requirements under a federal incentive program for the reporting periods of 2012 and 2013. The government contended that the hospital submitted false claims to the Medicare and Medicaid Programs pursuant the Electronic Health Records (EHR) Incentive Program.”

“Medicare and Medicaid beneficiaries expect that providers ensure the accuracy and security of their electronic health records,” said Stephen McAllister (above), United States Attorney for the District of Kansas, in the DOJ press release. “This office remains committed to protecting the federal health programs and to hold accountable those whose conduct results in improper payments.” (Photo copyright: US Department of Justice.)

How Providers Receive EHR Incentive Program Funds

The original EHR Adoption Incentive Program was part of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The federal government enacted the program as part of the American Recovery and Reinvestment Act of 2009 (the Recovery Act), which was an amendment to the Health Insurance Portability and Accountability Act (HIPAA). 

The Recovery Act allocated $25 billion to incentivize healthcare professionals and facilities to adopt and demonstrate meaningful use (MU) of electronic health records by January 1, 2014. The federal Centers for Medicare and Medicaid Services (CMS) released the incentive funds when providers attested to accomplishing specific goals set by the program.

The website of the Office of the National Coordinator for Health Information Technology (ONC), HealthIt.gov, defines “meaningful use” as the use of digital medical and health records to:

  • Improve quality, safety, efficiency, and reduce health disparities;
  • Engage patients and their families;
  • Improve care coordination and population and public health; and
  • Maintain privacy and security of patient health information.

The purpose of the HITECH Act was to address privacy and security concerns linked to electronic storage and transference of protected health information (PHI). HITECH encourages healthcare organizations to update their health records and record systems, and it offers financial incentives to institutions that are in compliance with the requirements of the program.

When eligible professionals or eligible hospitals attest to being in compliance with Medicare’s EHR incentive program requirements, they can file claims for federal funds, which are paid and audited by the Department of Health and Human Services (HHS) through Medicare and Medicaid.

Institutions receiving funds must demonstrate meaningful use of EHR records or risk potential penalties, including the delay or cancellation of future payments and full reimbursement of payments already received. In addition, false statements submitted in filed documents are subject to criminal laws and civil penalties at both the state and federal levels.

EHR Developers Under Scrutiny by DOJ

EHR vendors also have been investigated and ordered to make restitutions by the DOJ. 

In February, Greenway Health, a Tampa-based EHR developer, agree to pay $57.25 million to resolve allegations related to the False Claims Act. In this case, the government contended that Greenway obtained certification for its “Prime Suite” EHR even though the technology did not meet the requirements for meaningful use.

And EHR vendor eClinicalWorks paid the government $155 million to settle allegations under the False Claims Act. The government maintained that eClinicalWorks misrepresented the capabilities of their software and provided $392,000 in kickbacks to customers who promoted its product. 

Legal cases such as these demonstrate that the DOJ will pursue both vendors and healthcare organizations that misrepresent their products or falsely attest to interoperability under the terms laid out by Medicare’s EHR Incentive Program.

Clinical laboratory leaders and pathology groups should carefully study these cases. This knowledge may be helpful when they are asked to create and maintain interfaces to exchange patient data with client EHRs.

—JP Schlingman

Related Information:

DOJ Pursues More Electronic Health Records Cases

Electronic Health Records Vendor to Pay $57.25 Million to Settle False Claims Act Allegations  

Electronic Health Records Vendor to Pay $155 Million to Settle False Claims Act Allegations

Kansas Hospital Agrees to Pay $250,000 to Settle False Claims Act Allegations

EHR Sales Reached $31.5 Billion in 2018 Despite Concerns over Usability, Interoperability, and Ties to Medical Errors

Sorting through EHR Interoperability: A Modern Day Tower of Babel That Corrects Problems for Clinical Laboratories, Other Providers

Despite the widespread adoption of electronic health record (EHR) systems and billions in government incentives, lack of interoperability still blocks potential benefits of digital health records, causing frustration among physicians, medical labs, and patients

Clinical laboratories and anatomic pathology groups understand the complexity of today’s electronic health record (EHR) systems. The ability to easily and securely transmit pathology test results and other diagnostic information among multiple providers was the entire point of shifting the nation’s healthcare industry from paper-based to digital health records. However, despite recent advances, true interoperability between disparate health networks remains elusive.

One major reason for the current situation is that multi-hospital health systems and health networks still use EHR systems from different vendors. This fact is well-known to the nation’s medical laboratories because they must spend money and resources to maintain electronic lab test ordering and resulting interfaces with all of these different EHRs.

Healthcare IT News highlighted the scale of this problem in recent coverage. Citing data from the Healthcare Information and Management Systems Society (HIMSS) Logic database, they note that—when taking into account affiliated providers—the typical health network engages with as many as 18 different electronic medical record (EMR) vendors. Similarly, hospitals may be engaging with as many as 16 different EMR vendors.

The graphics above illustrates why interoperability is the most important hurdle facing healthcare today. Although the shift to digital is well underway, medical laboratories, physicians, and patients still struggle to communicate data between providers and access it in a universal or centralized manner. (Images copyright: Healthcare IT News.)

The lack of interoperability forces healthcare and diagnostics facilities to develop workarounds for locating, transmitting, receiving, and analyzing data. This simply compounds the problem.

According to a 2018 Physician’s Foundation survey, nearly 40% of respondents identified EHR design and interoperability as the primary source of physician dissatisfaction. It has also been found to be the cause of physician burnout, as Dark Daily reported last year in, “EHR Systems Continue to Cause Burnout, Physician Dissatisfaction, and Decreased Face-to-Face Patient Care.”

Pressure from Technology Giants Fuels Push for Interoperability

According to HITECH Answers, the Centers for Medicare and Medicaid Services (CMS) has paid out more than $38-billion in EHR Incentive Program payments since April 2018.

Experts, however, point out that government incentives are only one part of the pressure vendors are seeing to improve interoperability.

“There needs to be a regulatory push here to play referee and determine what standards will be necessary,” Blain Newton, Executive Vice President, HIMSS Analytics, told Healthcare IT News. “But the [EHR] vendors are going to have to do it because of consumer demand, as things like Apple Health Records gain traction.”

Dark Daily covered Apple’s progress into organizing protected health information (PHI) and personal health records (PHRs) earlier this year in, “Apple’s Update of Its Mobile Health App Consolidates Data from Multiple EHRs and Makes It Easier to Push Clinical Laboratory Data to Patients.” It is one of the latest examples of Silicon Valley tech companies attempting to jump into the health sector and providing patients and consumers access to the troves of medical data created in their lifetime.

Another solution, according to TechTarget, involves developing application programming interfaces (APIs) that allow tech companies and EHR vendors to achieve better interoperability by linking information in a structured manner, facilitating secure data transmission, and powering the next generation of apps that will bring interoperability ever closer to a reality.

TechTarget reported on how University of Utah Hospital’s five hospital/12 community clinic health network, and Intermountain Healthcare, also in Utah, successfully used APIs to develop customized interfaces and apps to improve accessibility and interoperability with their Epic and Cerner EHR systems.

Diagnostic Opportunities for Clinical Laboratories

As consumers gain increased access to their data and healthcare providers harness the current generation of third-party tools to streamline EHR use, vendors will continue to feel pressure to make interoperability a native feature of their EHR systems and reduce the need to rely on HIT teams for customization.

For pathology groups, medical laboratories, and other diagnosticians who interact with EHR systems daily, the impact of interoperability is clear. With the help of tech companies, and a shift in focus from government incentives programs, improved interoperability might soon offer innovative new uses for PHI in diagnosing and treating disease, while further improving the efficiency of clinical laboratories that face tightening budgets, reduced reimbursements, and greater competition.

—Jon Stone

Related Information:

Why EHR Data Interoperability Is Such a Mess in 3 Charts

EHR Incentive Program Status Report April 2018

New FDA App Streamlines EHR Patient Data Collection for Researchers

AAFP Nudges ONC toward EHR Interoperability

A New Breed of Interoperable EHR Apps Is Coming, but Slowly

Top Interoperability Questions to Consider during EHR Selection

EHR Design, Interoperability Top List of Physician Pain Points

2018 Survey of America’s Physicians: Practice Patterns & Perspectives

ONC: 93% of Hospitals Have Adopted Most Recent EHR Criteria, but Most Lag in Interoperability

Open Standards and Health Care Transformation: It’s Finally Delivering on the Value It Promised

Apple’s Update of Its Mobile Health App Consolidates Data from Multiple EHRs and Makes It Easier to Push Clinical Laboratory Data to Patients

EHR Systems Continue to Cause Burnout, Physician Dissatisfaction, and Decreased Face-to-Face Patient Care

 

;