Thursday, 25 February 2016

At least former ONC chair Blumenthal now says "health IT can [even] cause safety issues." Other than that, it's unicorns and fairies in the Harvard Business Review.

The truth about healthcare IT, that it is perilously insecure, and is causing clinician despair and patient harm, is increasingly becoming mainstream. 

For example, seen at the eclectic, widely read, multi-author website of Beauchamp Brogan Distinguished Professor of Law at the University if Tennessee Glenn Reynolds, Instapundit (http://pjmedia.com/instapundit/):

REMEMBER THE HEALTHCARE.GOV LAUNCH? Apparently so did some hackers:

“To improve the quality of our health care while lowering its cost, we will make the immediate investments necessary to ensure that, within five years, all of America’s medical records are computerized,” President Obama said. “This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests.”  While the shift Obama and many others pushed may have improved care, electronic medical records led to quite the unique hostage situation in Los Angeles this week. There, a hospital fell prey to a cyberattack — and the hospital has escaped its plight by paying hackers a $17,000 ransom.

Government mandates and electronic security don’t seem to be a very good mix.
Posted at by Stephen Green on Feb 18, 2016 at 7:31 am Link

and this:

MY USA TODAY COLUMN: Futuristic Data Security With A Pen And A Pad. “If I were running an intelligence agency, I’d have all my important stuff done in handwriting or on mechanical typewriters (the old kind that type over the same fabric ribbon multiple times) and distributed in sealed envelopes. If I were setting up a voting system, I’d use paper ballots instead of electronic voting machines. And if I were running a hospital, I’d seriously consider doing everything on paper."

Posted at by Glenn Reynolds on Feb 22, 2016 at 1:21 pm Link


and this:

YES. NEXT QUESTION: Are Mandatory Electronic Medical Records Causing Doctor Burnout?

Posted at by Sarah Hoyt on Dec 17, 2015 at 4:39 am Link

However, former ONC chair David Blumenthal (now president of the Commonwealth Fund) apparently hasn't received the message.  He and a colleague wrote the following in the Harvard Business Review.


Speeding Up the Digitization of American Health Care
https://hbr.org/2016/02/speeding-up-the-digitization-of-american-health-care 
David Blumenthal
Aneesh Chopra
February 22, 2016

No more of those infuriating forms to fill out at doctors’ offices: the information is all in the computer. Doctors and hospitals don’t repeat tests you’ve had someplace else: they’re all in the computer. All your caretakers know exactly what medicines you’re on and what you’re allergic to: that’s in the computer. When your elderly mother moves from a hospital to a rehabilitation center, the nurses and doctors there know all about her before she arrives: all in the computer.

The usual utopian trope, and as usual it ignores the self-corrective effects of being asked to repeat information that would otherwise be taken as fact from a computer, which can and does propagate errors (which can and does have deadly effects).

These and many other feats of information management will soon be routine in the United States. Indeed, in some places they are already happening. Our health system is undergoing a digital revolution that will profoundly affect the health care of Americans.

"Soon" has been the mantra of the zealots since about 1950.  Further, the assumption in such articles is that the effects are all beneficent ("profoundly affect" means "in good ways only"), and the results are quite mixed on that score.

Many providers and policy-makers tend to see these issues as technical failings of the electronic records that have been recently been adopted with federal support. This has caused some critics to say that the federal investment – estimated at $31 billion over 10 years – is not paying off.

But this diagnosis is only partly correct. Underlying the challenges facing the digital health revolution are economic and social issues that must be addressed if the potential value of electronic records is to be realized.

Aside from the conflict of interest of such passages being written by a person who contributed to those tens of billions spent, in fact, the federal investment has largely been a huge waste for healthcare and a huge boon for the IT industry, disenfranchising the medical community (including physicians and nurses) and creating mayhem for patient care, e.g., http://hcrenewal.blogspot.com/2013/07/candid-nurse-opinions-on-ehrs-at.html and http://hcrenewal.blogspot.com/2013/11/another-survey-on-ehrs-affinity-medical.html).

I can also add that the "economic and social issues that must be addressed" were reasonably understood and needed to be addressed before the likes of Blumenthal and ONC put the cart before the horse, "ready, fire, aim"-style on nationsl rollout of health IT.  See my July 2010 post "Meaningful Use Final Rule: Have the Administration and ONC Put the Cart Before the Horse on Health IT?" , my Oct . 2010 post "Cart before the horse, again: IOM to study HIT patient safety for ONC; should HITECH be repealed?" and my June 5, 2012 post "Cart Before the Horse, Part 3: AHRQ's 'Health IT Hazard Manager'".

Further -

Some history on the issue of risk (this blog has a long memory):

Mr. Blumenthal, Feb. 22, 2016, in the new HBR article:

"... some electronic health records are complex and difficult to use. This is frustrating for doctors and nurses, slows them down, and can even cause safety issues."

Mr. Blumenthal, April 30, 2010:

http://www.massdevice.com/news/blumenthal-evidence-adverse-events-with-emrs-anecdotal-and-fragmented

http://hcrenewal.blogspot.com/2010/05/david-blumenthal-on-health-it-safety.html

... Blumenthal said that although an advisory committee concluded that more information was necessary, he called the evidence of the reports “anecdotal and fragmented” at best ... [Blumenthal's] department is confident that its mission remains unchanged in trying to push all healthcare establishments to adopt EMRs as a standard practice. "The [ONC] committee [investigating FDA reports of HIT endangerment] said that nothing it had found would give them any pause that a policy of introducing EMR's could impede patient safety," he said.

(Ironically and tragically, just weeks later, on May 19, 2010 my mother was severely injured and later died as a result of a dangerously faulty EHR.)

Mr. Blumenthal's views on risk of 2010 as ONC chair represent either deliberate mistruths or ignorance.  Both of those traits tend to be long term, so why should any physician believe the views he expresses in the Harvard Business Review in 2016?

I grant that the views of 2016 in the new article are somewhat more in line with reality, but with significant faults including but not limited to:

1) Since the magnitude of the "safety issues" that health IT can "even" cause are unknown (best estimates are from the ECRI Deep Dive study, which are alarming as at http://healthleadersmedia.com/print/index.cfm?content_id=290834&topic=TEC), it is reckless at best to promote the continued rapid expansion of this technology.

2) On causality, Mr. Blumenthal's views are either erroneous or deliberately misdirect to blame the "health care markets":

"If health care markets functioned well in the U.S, HITECH would have been unnecessary. The industry would have wired itself like our financial, travel, and retail sectors."

Mr. Blumenthal fails to realize, still, the primary reason why healthcare practitioners have resisted computerization: bad health IT.

http://cci.drexel.edu/faculty/ssilverstein/cases/

Bad Health IT ("BHIT") is defined as IT that is ill-suited to purpose, hard to use, unreliable, loses data or provides incorrect data, is difficult and/or prohibitively expensive to customize to the needs of different medical specialists and subspecialists, causes cognitive overload, slows rather than facilitates users, lacks appropriate alerts, creates the need for hypervigilance (i.e., towards avoiding IT-related mishaps) that increases stress, is lacking in security, compromises patient privacy, promotes evidentiary non-trustworthiness, or otherwise demonstrates suboptimal design and/or implementation. 

The Jan. 2015 letter to HHS from about 40 medical societies was clear on these issues:    http://mb.cision.com/Public/373/9710840/9053557230dbb768.pdf

The health IT industry needs to provide worthwhile products before they are shoved down physicians' and patient's throats.

Not to mention the outright peril such systems place patients under:

Feb. 18, 2016
Hollywood Presbyterian Medical Center: Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised
http://hcrenewal.blogspot.com/2016/02/hollywood-presbyterian-medical-center.html
Forbes Feb. 23, 2016:
White Hat Hackers Hit 12 American Hospitals To Prove Patient Life 'Extremely Vulnerable'
http://www.forbes.com/sites/thomasbrewster/2016/02/23/hackers-tear-hospitals-apart/#1b049f9c40d7

Then this statement is made:

Patients tend to be loyal to doctors and hospitals at least in part because that’s where they’re known – that’s where their records reside. If that information can travel to another hospital or doctor at the push of a button, patients can more easily leave current providers behind. That’s not good for business.

That's risible.  Patients don't hang around care they don't like because they can't "push a button" to transfer their records.  In fact, if anything, it's an impediment to cost-cutters that it's not easy for bureaucrats to force patients to go to the cheapest "provider" due to records "stuck" at one office or organization. 

Clinicians have very clearly stated their reasons for hating health IT.  See the Medical Societies letter linked above, for example.  There's no need to make up nonsensical reasons, such as doctors and hospitals holding patients "captive" through their records.

And as for vendors, if you can move information from one vendor system to another, providers can switch out or build upon records more easily in search of a better product. That’s lost revenue for the company.

On that point I am in agreement.

But technical fixes and better records won’t be enough. We need incentives that reward quality and safety improvement and cost reduction.

Not mentioned is reasonable regulation regarding compromised safety, for which "incentives" alone are insufficient.

And we need penalties for providers and vendors that slow-walk the digital revolution to protect their economic interests.

These words are totalitarian.  Responses to glaringly obvious adverse consequences, such as protecting patients from cybernetic harm and the ability to practice good medicine without distraction and burnout don't seem to count.  All that matters is the "revolution."

If we make the market for good health care work, a lot of our current [wicked (https://en.wikipedia.org/wiki/Wicked_problem), intractable - ed.]technical problems will melt away as providers and vendors compete to make service and care better for their customers: the nation’s patients.

My comment about this statement, that massive healthcare IT sociotechnical problems will simply "melt away" is best summarized in a picture of a land where that can plausibly occur:




Mr, Blumenthal seems unaware of the domain of Social Informatics, "the interdisciplinary study of the design, uses and consequences of information technologies that takes into account their interaction with institutional and cultural contexts" (see http://www.dlib.org/dlib/january99/kling/01kling.html).  Problems in fields as wickedly complex as at the intersection of healthcare and IT do not and will not "melt away."  However, they need to be managed.  What we have now is mismanagement of those problems, with imposition of painfully inappropriate mandates and lack of meaningful regulation and safety surveillance, among other defects.

"Speeding up" healthcare digitization as a national plan in 2016?  No. 

National implementation needs to be seriously rethought in 2016, and massively scaled back and slowed down until we have more of a handle on how to manage change correctly. 

Anything else is reckless.

End note: the grandiose term "revolution" with respect to health IT is a hyper-enthusiast's or zealot's term, is hyperbolic, hackneyed and no longer believed except by the most seriously deluded, and needs to be promptly abandoned.  Leave "revolutions" to the Lenins and Trotskys of the world.

-- SS

Baca selengkapnya

Sunday, 21 February 2016

Ho-hum, Another Month, Another Set of Multi-Million Dollar Settlements by Health Care Corporations Acting Badly

Ho-hum, Another Month, Another Set of Multi-Million Dollar Settlements by Health Care Corporations Acting Badly

Amazingly, with a US presidential election looming, there is finally some public discussion here of the impunity of top corporate executives.  Columnist Gretcher Moregenson wrote on February 6, 2016 in the New York Times,

Ho-hum, another week, another multimillion-dollar settlement between regulators and a behemoth bank acting badly.

Then,

As has become all too common in these cases, not one individual was identified as being responsible for the activities. Once again, shareholders are shouldering the costs of unethical behavior they had nothing to do with.

It could not be clearer: Years of tighter rules from legislators and bank regulators have done nothing to fix the toxic, me-first cultures that afflict big financial firms.

Similarly, but more broadly, Senator Elizabeth Warren (D - Massachusetts) published a report in January, 2016, entitled "Rigged Justice: 2016 - How Weak Enforcement Lets Corporate Offenders Off Easy." She summarized its main conclusions in a New York Times op-ed,

Corporate criminals routinely escape meaningful prosecution for their misconduct.

Furthermore,

In a single year, in case after case, across many sectors of the economy, federal agencies caught big companies breaking the law — defrauding taxpayers, covering up deadly safety problems, even precipitating the financial collapse in 2008 — and let them off the hook with barely a slap on the wrist. Often, companies paid meager fines, which some will try to write off as a tax deduction.

The failure to adequately punish big corporations or their executives when they break the law undermines the foundations of this great country. Justice cannot mean a prison sentence for a teenager who steals a car, but nothing more than a sideways glance at a C.E.O. who quietly engineers the theft of billions of dollars.

These enforcement failures demean our principles. They also represent missed opportunities to address some of the nation’s most pressing challenges.

In particular, she cited this example involving health care.

When Novartis, a major drug company that was already effectively on federal probation for misconduct, paid kickbacks to pharmacies to push certain drugs, it cost taxpayers hundreds of millions of dollars and undermined patient health. Under the law, the government can boot companies that defraud Medicare and Medicaid out of those programs, but when Novartis got caught, it just paid a penalty — one so laughably small that its C.E.O. said afterward that it 'remains to be seen' whether his company would actually consider changing its behavior.

Note that we discussed the Novartis settlement here.  The case referred to by Senator Warren was just the latest in a series of ethical misadventures by Novartis which led to legal actions in the US and around the world, but feeble penalties.

But while Ms Morgenson wrote about financial institutions, now we can also write:

Ho-hum, another month, another set of multimillion-dollar settlements between regulators and  behemoth health care companies acting badly.

In chronological order, since mid-January, 2016...

For $830 Million, Merck Settled Shareholders Lawsuit Alleging Deceptions by Corporate Management

On January 15, 2016, the Wall Street Journal reported,

Merck said Friday it agreed to pay $830 million to resolve a class-action lawsuit brought by shareholders, alleging the drug maker and its executives made false and misleading statements about the safety of Vioxx between its introduction in 1999 and its market withdrawal in 2004.

The shareholders alleged they paid inflated prices for Merck shares because of the company’s conduct.

Note that if the company misled its shareholders, it also misled health care professionals and the public about the harms of Vioxx,  putting many patients at risk. Of course, the Vioxx case is now old news, but it continues to be an example of a case in which the corporation paid fines, presumably at the expense of shareholders, employees and patients, but in which no one who authorized or directed the bad behavior paid any penalty.

As is typical in such cases,

Merck, which is based in Kenilworth, N.J., said Friday the settlement of the shareholders’ lawsuit doesn’t constitute an admission of liability or wrongdoing by the company or individual executives named as defendants in the case.

Merck has paid billions to settle multiple lawsuits related to Vioxx, yet what it paid was much less than the revenue produced by the drug.

The bulk of Merck’s Vioxx-related costs came from its 2007 agreement to pay $4.85 billion to settle thousands of product-liability lawsuits alleging that patients’ use of Vioxx caused heart attacks and strokes, and that Merck failed to properly warn people of the risks. Merck didn’t admit liability in that settlement.

In addition, Merck agreed in 2011 to pay $950 million to resolve allegations by the U.S. Justice Department and state governments that the company deceived the government about the safety of Vioxx, and marketed it for uses not included in the prescribing label approved by the Food and Drug Administration.

Merck recorded more than $11 billion in Vioxx sales during the drug’s years on the market from mid-1999 to September 2004.

The company did plead guilty to one criminal charge related to Vioxx.

 As part of the 2011 settlement, Merck pleaded guilty to a misdemeanor criminal violation of a federal drug law, admitting that it promoted Vioxx to treat rheumatoid arthritis before that use was approved by the FDA.

But apparently no Merck manager was ever charged with a crime, much less convicted.  We have discussed the Vioxx case here, and other issues with Merck here.

Note that this settlement comes soon after a smaller settlement in 2015 that was barely mentioned in the press,Merck to pay $5.9 million for misleading marketing of pink eye drug: U.S [Reuters]

For $785 Million, Pfizer Settled Suit Alleging Overcharging of Medicaid

On February 16, 2016, per the Wall Street Journal,

Drugmaker Pfizer Inc. on Tuesday said it reached an agreement in principle to pay $784.6 million to settle a long-running U.S. government investigation of allegations that its Wyeth unit overcharged government Medicaid health programs for the heartburn drug Protonix.

Of course,

Pfizer said the agreement doesn’t include any admission of liability by Wyeth.

Much less did the agreement include any penalties for anyone at Wyeth or Pfizer who authorized or directed the overcharging. Yet some people must have.

Note that this settlement did not seem informed by Pfizer's amazingly lengthy record of legal settlements, and some guilty pleas and/or convictions (for illegal marketing/ misbranding, and for violating the racketeering influenced corrupt organization [RICO]  statute), as most recently summarized here.

Note also, pertinent to the report by Senator Warren mentioned above, every week people pay severe penalties for defrauding Medicaid, Medicare, or other federal health programs.  Today, a quick Google search for "medicaid fraud prison" found such stories from the last month as a woman sentenced to five years in Louisville, and another women sentenced again to five years in Dallas. Yet no person at Pfizer paid any penalty for for practices that deprived the government of hundreds of millions of dollars.  

For $250 Million, Fresenius Settled Lawsuits Alleging it Withheld Information About the its Products' Hazards

Per the New York Times, January 18, 2016,

The world’s largest provider of kidney dialysis equipment and services has agreed to pay $250 million to settle thousands of lawsuits from dialysis patients and their relatives claiming that the company’s products had caused heart problems and deaths.

The settlement was announced by Fresenius Medical Care, a German company whose North American division is one of the two large dialysis providers in the United States.

The lawsuits arose after Fresenius’s own medical office sent an internal memo to doctors in the company’s dialysis centers saying that failure to properly use one of the company’s products appeared to be causing a sharp increase in sudden deaths from cardiac arrest.

But the company did not warn doctors in non-Fresenius clinics who were also using the product, called GranuFlo. It did so only after the internal memo was sent anonymously to the Food and Drug Administration, which began an investigation.

 The company conducted a recall, which was actually a change in the label, not the removal of the product from the market.

Note that this settlement was of allegations not of financial chicanery, but of behavior that put patients in harms way. Nonetheless,

Kent Jarrell, a spokesman for the company, said the initial internal memo was actually incorrect and contradicted by further careful analysis. He said the warning language added to the GranuFlo label in 2012 was eventually removed. GranuFlo, and a related product called NaturaLyte, are used in dialysis machines to help cleanse patients’ blood.

In the first case to go to trial, a jury in Massachusetts state court ruled that Fresenius was negligent, for not distributing the memo more widely, but that a patient’s death could not be attributed to GranuFlo, so no monetary damages were awarded, according to Mr. Jarrell and to Christopher Seeger, a lawyer who led the settlement negotiations for the plaintiffs.

But if the initial concern was unwarranted and Fresenius won the first trial, why would it pay $250 million to settle? Mr. Jarrell suggested that a reason was to put the more than 10,000 lawsuits behind it.

'Fresenius deeply regrets the confusion and concern temporarily generated by the November 2011 memorandum,' he said in an emailed statement.

Again, there were no admissions or findings of guilt, no apologies (except for causing "confusion and concern"), and no negative consequences for the corporate managers who authorized or directed the actions in question.  While the FDA apparently issued a recall notice for GranuFlo, no federal agency apparently took action against the company or any individuals within it.    Also, this settlement seemed uninformed by previous settlements made by Fresenius, which were made in 2011 of allegations of false claims, in 2010 again of allegations of false claims, and in 2007 of allegations of restraint of trade (look here).

Summary

We first discussed how legal settlements may serve as markers for misbehavior by large health care organizations, but not as deterrents to future bad behavior in 2006.  Then we wrote ...

 Why do the mainly monetary penalties seem mainly to come out of the hides of stock-holders and consumers, rather than the people who actually made the decisions that lead to the offenses?

In 2008, we wrote,

After all, a fine or settlement paid years later can just be written off as a cost of doing business. Furthermore, although such a payment may have a (minimal) effect on the company's bottom line, it has no real effect on the people whose decisions and actions lead to the problem.

So rather than repeating our usual verbiage about the impunity of health care leaders, let me defer to Senator Warren:

Laws are effective only to the extent they are enforced. A law on the books has little impact if prosecution is highly unlikely.

This country devotes substantial resources to the prosecution of crimes such as murder, assault, kidnapping, burglary and theft, both in an effort to deter future criminal activity and to provide victims with some degree of justice. Strong enforcement of corporate criminal laws serves similar goals: to deter future criminal activity by making would-be lawbreakers think twice before breaking the law and, sometimes, by helping victims recover from their injuries.

When government regulators and prosecutors fail to pursue big corporations or their executives who violate the law, or when the government lets them off with a slap on the wrist, corporate criminals have free rein to operate outside the law. They can game the system, cheat families, rip off taxpayers, and even take actions that result in the death of innocent victims—all with no serious consequences.

The failure to punish big corporations or their executives when they break the law undermines the foundations of this great country: If justice means a prison sentence for a teenager who steals a car, but it means nothing more than a sideways glance at a CEO who quietly engineers the theft of billions of dollars, then the promise of equal justice under the law has turned into a lie. The failure to prosecute big, visible crimes has a corrosive effect on the fabric of democracy and our shared belief that we are all equal in the eyes of the law.

Under the current approach to enforcement, corporate criminals routinely escape meaningful prosecution for their misconduct. This is so despite the fact that the law is unambiguous: if a corporation has violated the law, individuals within the corporation must also have violated the law. If the corporation is subject to charges of wrongdoing, so are those in the corporation who planned, authorized or took the actions. But even in cases of flagrant corporate law breaking, federal law enforcement agencies – and particularly the Department of Justice (DOJ) – rarely seek prosecution of individuals. In fact, federal agencies rarely pursue convictions of either large corporations or their executives in a court of law. Instead, they agree to criminal and civil settlements with corporations that rarely require any admission of wrongdoing and they let the executives go free without any individual accountability.

Keep in mind that the impunity of health care leaders, especially in contrast with the tough enforcement efforts against small fry health care offenders, not only has a corrosive effect on the fabric of democracy but endangers patients' and the public's health, and makes health care more expensive and inaccessible.

Maybe now that the impunity of corporate leaders is becoming a mainstream topic of discussion, we can start talking about, and then doing something about the impunity of corporate leaders in health care. 

Baca selengkapnya

Friday, 19 February 2016

Hollywood Presbyterian Medical Center:  Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised

Hollywood Presbyterian Medical Center: Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised

To the cybernetic idealists out there who think computers are the greatest thing next to sliced bread in the healthcare environment, I say, pray you are not on the operating table when something like this happens:

Hackers’ Ransom Attack On California Hospital More Proof Healthcare Cybersecurity Is Floundering
International Business Times
Jeff Stone
02/17/16
http://www.ibtimes.com/hackers-ransom-attack-california-hospital-more-proof-healthcare-cybersecurity-2309720

Who would have thought that, for healthcare professionals, performing surgery, working long hours and navigating the dense world of U.S. health law would be easier than protecting hospital computer networks? That, however, appears to be the case after yet another hospital was victimized in a cyberattack. It’s just the latest example of a U.S. medical provider on the wrong end of a digital assault made possible by a lack of security measures.

I, for one, would have thought that.  In fact, I've been writing about these issues for years (see my many posts at query links http://hcrenewal.blogspot.com/search/label/medical%20record%20confidentiality and http://hcrenewal.blogspot.com/search/label/medical%20record%20privacy).

Doctors at Hollywood Presbyterian Medical Center, in southern California, have been suffering serious computer issues for at least a week, the CEO announced Sunday. Doctors have been unable to digitally access patients’ medical records, staff has been communicating via fax machines and patients have reported long delays in receiving care. It’s all the result of a cyberattack carried out by unknown hackers who are demanding 9,000 bitcoins (roughly $3.4 million) to restore the system to normal.

Ransom for access to EHRs.  The hospital's IT leadership should be held accountable for this invasion of the clinic by cybercriminals.  It's not like the issue is unknown:

... “Hospitals are a veritable bullseye for hackers,” said Grayson Milbourne, security intelligence director at the cybersecurity company Webroot, which works with a number of hospitals and healthcare companies. Milbourne added that the value of patient records is an irresistible target for cybercriminals. “For starters, [hospitals] run on a tight budget and their IT infrastructure is often a very low priority when compared to affording new medical devices and staff. 

More from techtimes.com at http://www.techtimes.com/articles/133874/20160216/hackers-hold-hollywood-hospital-s-computer-system-hostage-demand-3-6-million-as-patients-transferred.htm:

... According to NBC, the damage has caused the hospital to be unable to continue day-to-day operations. To keep up activity at the medical center, the staff has turned to manual documentation using pen and paper to take down patient information and jammed fax lines and telephones to communicate from one department to another. The administration has forbidden the use of other computers for fear that the harmful software could spread to more workstations.  Allen Stefanek, President and CEO of the hospital, says that "significant IT issues" began to emerge last week, leading to a declaration of "internal emergency." He also mentions that the attack was random, not malicious, noting that the emergency rooms have been "sporadically impacted since Friday."

The realities of IT in 2016, when hospitals are increasingly dependent on IT command-and-control systems through which every transaction of care must pass, lead to the conclusion that "IT infrastructure is often a very low priority" reflects negligence.

Back to the IBT article.  The CEO at this hospital proffers the usual BS:

Hollywood Presbyterian’s CEO [Allen Stefanek] told NBC, “Patient privacy has not been compromised."  ...The intrusion  has been described as a ransomware attack, which is typically defined as an attack that involves a hacker infiltrating a victim’s computer, and encrypting their data until the victim agrees to pay a bitcoin ransom. The hospital denies any patient data has been compromised.

Right.  Hackers take control of information systems, but patient data has neither been altered, nor its privacy impaired.

From the second article:

... the patients are not safe from harm. Stefanek insists that the incident has no impact on the overall care for the patients, but some have spoken out to say otherwise. Jackie Mendez and her 87-year-old mother say that they have to drive to Palmdale to pick up medical tests, which takes them over one hour to do so. "It's bad. She's an older person. It's not right she has to do this," she says. Another patient named Belmont West is also affected by the incident. Belmont says he went to the hospital to get his grandmother's medical test results to no avail.

and there's this:

... some patients had to be transferred to other hospitals, as some of the medical equipment that need computers at the Hollywood Presbyterian Medical Center were rendered inoperable, including apparatuses for X-ray and CT scans, documentation and pharmacy and lab work.

These ridiculous executive canned lines, including "the incident has no impact on the overall care for the patients" a.k.a. "patient safety had not been compromised" (see query link http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised), are increasingly absurd, non-credible, and tiring.

The urgency [for hospitals to meet standards of care for IT security -ed.] is growing. One in three Americans had their health records breached in 2015, according to multiple reports released last month. Many of those records were breached as part of the nation-state hacks on health insurers Anthem and Primera, though experts predict hospitals will become more attractive targets as they begin to rely on insulin pumps, intravenous flows and other machines that are connected to the Internet.

I note that if hospitals cannot afford the required diligence, they need to get out of the IT business.  Paper cannot be hacked or held for ransom en masse.

In the end, the hospital appeased the hackers:

Hospital paid 17K ransom to hackers of its computer network
By ANDREW DALTON
Associated Press
http://bigstory.ap.org/article/d89e63ffea8b46d98583bfe06cf2c5af/hospital-paid-17k-ransom-hackers-its-computer-network
Feb. 17, 2016 11:44 PM EST

LOS ANGELES (AP) — A Los Angeles hospital paid a ransom of about $17,000 to hackers who infiltrated and disabled its computer network because paying was in the best interest of the hospital and the most efficient way to solve the problem, the medical center's chief executive said Wednesday.  Hollywood Presbyterian Medical Center paid the demanded ransom of 40 bitcoins — currently worth $16,664 dollars — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement. ... "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

They got off cheap for their negligence, relative to the initial demands.

Questions remain, however:

  • Was any patient data altered or corrupted, either deliberately or as a result of the hack?
  • Was any patient data copied or stolen?
  • Was any malicious code left behind by the hackers on any computer on the network, e.g., "back doors" or other malware that could cause future problems?  Put another way, after paying the ransom, does the hospital believe it is dealing with 'honorable criminals'?
  • One might presume the hospital, in an abundance of caution, is now paying after-the-fact for the expertise required to fully assure the integrity of its networks, computers and EHR and other business systems, but is this truly the case?
  • Were any patients harmed as a result of the disruptions to information flows, and of so, are the IT leaders in part liable? 
  • Will any patients suffer harm moving forward as a result of lost computer information during the episode, incomplete backloads of data on the paper that was resorted to during the crisis, or other factors?  Medical errors due to lost data can propagate forward in time, as I can attest to both personally and professionally.

It is my belief that, until and unless hospital leadership is held fully accountable for incidents such as this, such incidents will be one of many more moving forward.

Incidents like this are made more tragic by the increasing evidence that the benefits from healthcare cybernetics are not exactly what the zealots, pundits and industry opportunists advertised.

-- SS

Baca selengkapnya

Friday, 12 February 2016

Bio-Tech U, Version 2 - Current Board Member of Four Biotechnology Companies, Fomer Pfizer Director, Former Genentech Executive to be President of Stanford

Bio-Tech U, Version 2 - Current Board Member of Four Biotechnology Companies, Fomer Pfizer Director, Former Genentech Executive to be President of Stanford

Stanford University will soon have a new president.  According to the New York Times,

Stanford University’s incoming president, Marc Tessier-Lavigne, has developed a career that successfully melds science, business and academia.

Although he is now coming off a stint as president of Rockefeller University in New York starting in 2011,  his business connections are extensive.

A Genentech Executive

The NYT noted,

He may be best known, though, for his work at Genentech. As the No. 2 executive in research, he oversaw 1,400 scientists in one of the most innovative and successful companies in the biotech industry, known for the groundbreaking cancer drugs Avastin, Rituxan and Herceptin.

To expand that, his brief CV on the Rockefeller University website included,

1991 - 2001  increasingly senior faculty positions at UCSF
2001 - 2003  professor at Stanford

2003 - 2008  senior vice president, research drug discovery, Genentech Inc

2008 - 2009  exectuive vice president, research drug discovery, Genentech

2009 - 2011  chief scientific officer, Genentech

Member of Multiple Biotechnology Corporate Boards of Directors, Chairman of One

However, his involvement with the pharmaceutical and biotechnology industries hardly ends there.  He currently is on four biotechnology corporate boards of directors.  These include:

Agios 

For which he received compensation of $374,926 in 2014, according to the 2015 proxy statement.  His holdings in the company were then 130,122 shares.

Juno Therapeutics Inc

For which he received compensation of $30,000 in 2014, according to the 2015 proxy statement.  His holdings in this company were then 175,000 shares Series A2 convertible preferred.

Regeneron Pharmaceutical

For which he received compensation of $1,764,032  in 2014, according to the 2015 proxy statement.  His holdings in this compary were then 34,716 shares.

Pfizer, then Denali Therapeutics

Also, in 2011, he became a member of the board of directors of Pfizer, Inc.  He left in 2015 when he co-founded, and became chairman of the board of a new biotechnology company, Denali Therapeutics.  In 2014, according to the Pfizer 2015 proxy statement, he received compensation of $300,000.  His holdings in the company then were 104 shares of stock, and 24,307 stock units

He remains as chairman of the board of Denali, according to the company website.  Since this company is privately held, I could not find any information about the compensation or holdings of board members.

Discussion

To summarize, the incoming president of Stanford, on of the most prestigious American universities, one of the foremost US sites for biomedical research, and home to an equally prestigious medical school and academic health center, spent most of the last 15 years heavily involved with the pharmaceutical and biotechnology industries.  He was a top Genentech executive for eight of those years, served as a director of the then biggest US pharmaceutical company, and currently is a member of the boards of directors of four biotechnology companies, and is chairman of one of them.  He earned nearly $2.5 million dollars from these directorships in 2014, the last year for which such data is public, and owned hundreds of thousands of shares of stock in these companies.

How he had the time to executive all his fiduciary responsibilities as a director of four health care corporations while being the president of Rockefeller University, and apparently continuing to do his own research boggles the mind.  

However, Stanford's incoming president is a perfect example of how health care is now run by an interlocking group of insiders who have personally profited massively from their situated influence.   

So in whose interests will he act as president of Stanford?  The New York Times cited those who hailed his scientific prowess.

According to Susan K. McConnell, a professor of biology at Stanford, Dr. Tessier-Lavigne was responsible for a 'long list of amazing discoveries' involving identifying molecules that guide the growth of nerve connections in the developing brain.

On the other hand, he had important affiliations with two biotechnology companies that were known for leading the charge for stratospheric drug prices as much as they were known for developing innovative drugs.  By coincidence, or not, he was a top executive for the same company, Genentech, as was Dr Susan Desmond-Hellman, who later became the leader of the University of California - San Francisco.  As we noted here, Dr Desmond-Hellman was a public defender of such pricing, in particular, of the then (2007) stratospheric $55,000 a year price of bevacizumab (Avastin).

Prof Tessier-Lavigne also is currently on the board of Regeneron, which became known for charging $1850 per montly dose of Eylea, a drug for macular degeneration, while paying its board members and executives proportionately large amounts.  As we noted above, Professor Tessier-Lavigne got over $1.75 million in 2014 for his board service, and in 2014, the company's CEO received over $36 million.

In an interview with the NY Times, professor Tessier-Lavigne said,

We do have to ensure access [to Stanford], broadly, both in terms of access for people who are disadvantaged socioeconomically and, of course, diversity

But how easy would it be for a man with his biotechnology corporate connections and the riches they produced for him to step into the shoes of disadvantaged, diverse students (or patients)? 


When asked about his corporate background, he told the NY Times,

that before taking the reins at Stanford in September, he will review all his corporate relationships with the board to determine whether any conflicts of interest exist.

That suggests doubt about the existence of such conflicts. But as we first wrote in 2006,

Medical schools and their academic medical centers and teaching hospitals must deal with all sorts of health care companies, drug and device manufacturers, information technology venders, managed care organizations and health insurers, etc, in the course of fulfilling their patient care, teaching, and research missions. Thus, it seems that service on the board of directors of a such public for-profit health care company would generate a severe conflict for an academic health care leader, because such service entails a fiduciary duty to uphold the interests of the company and its stockholders. Such a duty ought on its face to have a much more important effect on thinking and decision making than receiving a gift, or even being paid for research or consulting services. Furthermore, the financial rewards for service on a company board, which usually include directors' fees and stock options, are comparable to the most highly paid consulting positions. What supports the interests of the company, however, may not always be good for the medical school, academic medical center or teaching hospital.

Last year, Anderson et al documented the prevalence of such board level conflicts of interests, and wrote,(1)

previous guidelines have emphasized the relationships of clinicians and researchers with industry, but institutional conflicts of interest, which arise when administrators, including executive officers, trustees, and clinical leaders have a financial relationship with industry, are increasingly recognized and pose a unique set of risks to academic missions.

If Professor Tessier-Lavigne has doubts whether his current service on four biotechnology boards of directors, as chairman of one of these companies, as former board member of Pfizer, and as former executive of Genentech could create any conflicts of interest, the students, faculty, patients and alumni of Stanford should be very wary of what direction he will take their university.

As we have said again and again, the web of conflicts of interest that is pervasive in medicine and health care is now threatening to strangle medicine and health care.  Furthermore, this web is now strong enough to have effectively transformed US health care into an oligarchy or plutocracy.  Health care is effectively run by a relatively small group of people, mainly professional managers plus a few (lapsed?) health care professionals, who simultaneously run or influence multiple corporations and organizations.

For patients and the public to trust health care professionals and health care organizations, they need to know that these individuals and organizations are putting patients' and the public's health ahead of private gain. Health care professionals who care for patients, those who teach about medicine and health care, clinical researchers, and those who make medical and health care policy should do so free from conflicts of interest that might inhibit their abilities to put patients and the public's health first.

Health care professionals ought to make it their highest priority to ensure that the organizations for which they work, or with which they interact also put patients' and the public's health ahead of private gain, especially the private gain of the organizations' leaders and their cronies.

Reference
1.  Anderson TS, Good CB, Gellad WF.  Prevalence and compensation of academic leaders, professors and trustees on publicly trade US healthcare company boards of directors: cross sectional study.  Brit Med J 2015; 351:h4826.  Link here
Baca selengkapnya

Monday, 8 February 2016

The Rich (Hospital Managers) Get Richer - Carolinas Healthcare Raises Executive Compensation Once Again

The Rich (Hospital Managers) Get Richer - Carolinas Healthcare Raises Executive Compensation Once Again

It's that time of year again.  Carolinas Healthcare has made public its executive compensation, and once again, its CEO got a big raise, and many other executives made more than a million dollars. And once again, the CEO's raise exceeds the rate of inflation, and seems totally unrelated to how well the health system fulfilled its mission.

The History of Executive Compensation at Carolinas Healthcare

About a year ago, we noted that CEO Michael Tarwater got $5.3 million in total compensation.  In fact, we have been following his compensation since 2009 (see also posts in 2011, 2012, and 2013).  It started big, and got bigger.

- $3.4 million in 2009
- $3.7 million in 2010
- $4.2 million in 2011
- $4.76 million in 2012
- $4.9 million in 2013
- $5.3 million in 2014

The Latest Increases

Now the yearly update by Karen Garloch writing in the Charlotte Observer:

-$6.6 million in 2015

That is a 26% increase in one year, and an almost 100% increase since 2009, increases far greater than inflation.  The 2015 compensation broke down as follows:

In 2015, Tarwater received a salary of $1.28 million, two bonuses totaling $5 million, and other compensation, including retirement and health benefits of $305,318....

In contrast, the bonuses given to non-management personnel by the system were orders of magnitude smaller:

Among nonmanagement employees, more than 22,000 in Carolinas HealthCare’s Charlotte-area hospitals received 2015 incentive bonuses of $1,000 each, and 7,674 others received bonuses of $300 or $600 each, Moore said. Another “special bonus” program benefited about 24,000 employees, who received $1,000 each, and 7,568 others, who got $300 or $600 each. Total bonuses for nonmanagement employees came to $53.4 million, in addition to annual pay raises that averaged 2 percent.

Although that total sounds large in isolation, consider that one person, the CEO, got a bonus equal to one-tenth of all the bonuses given to over 24,000 other employees.

Other top executives also did very well for themselves.  

▪ Joseph Piemont, former chief operating officer: $3,200,326
▪ Greg Gombar, chief financial officer: $2, 334,150
▪ Terrence Akin, CEO of Cone Health: $1,964,482
▪ Dr. Roger Ray, chief physician executive: $1,957,065
▪ John Knox, chief administrative officer: $1,507,984
▪ Paul Franz, executive vice president: $1,500,245
▪ Dennis Phillips, executive vice president: $1,400,487
▪ Keith Smith, general counsel: $1,317,919
▪ Debra Plousha Moore, chief human resources officer: $1,306,477

CHS hospital presidents - 2015
▪ Phyllis Wingate, president, CHS NorthEast: $1,045,784
 ▪ Spencer Lilly, president, Carolinas Medical Center: $868,610
▪ Christopher Hummer, president, CHS Pineville: $711,685
▪ Michael Lutes, president, CHS Union: $690,719
▪ Brian Gwyn, president, CHS Cleveland: $664,034
▪ William Leonard, president, CHS University: $530,493
▪ Peter Acker, president, CHS Lincoln: $475,758
▪ Alfred Taylor, president, Stanly Regional Medical Center: $455,665
▪ Robert Larrison, president, Carolinas Rehabilitation: $407,503
The Usual Talking Points for Justification

Hospital management used the usual talking points to justify the pay they received,  As I wrote last year 
It seems nearly every attempt made to defend the outsize compensation given hospital and health system executives involves the same arguments, thus suggesting they are talking points, possibly crafted as a public relations ploy. We first listed the talking points here, and then provided additional examples of their use. here, here here, here, here, and here, here and here

They are:
- We have to pay competitive rates
- We have to pay enough to retain at least competent executives, given how hard it is to be an executive
- Our executives are not merely competitive, but brilliant (and have to be to do such a difficult job).
So, as if on cue, according to an article in the Charlotte Business Journal,

Carolinas HealthCare said in a statement that its executive compensation program is 'designed to attract, recruit and retain high-performing executives by providing market-competitive, reasonable and fair compensation.'

It notes that recruiting and retaining talent enables the health-care system to pursue 'its mission, lead in the transformation of healthcare and provide best-in-class care to our communities.'
Despite Evidence of Less than High Performance


But some recent news articles suggested that Carolinas Healthcare management is not so high-performing.  For example, we found the following articles, discussed in chronological order,

"Lawsuit: Hospitals Cheated Medicare out of Millions" (Charlotte Observer, September 2, 2015)

A newly unsealed lawsuit alleges that Carolinas Medical Center and N.C. Baptist Hospital have fraudulently obtained tens of millions of dollars from Medicare and Medicaid through an arrangement that artificially inflated their expenses.

The federal suit, filed by Forsyth County whistleblower Joe Vincoli, contends that the two hospitals overstated their costs – and thereby extracted more money from Medicare – by using a company that they own to provide health benefits to their employees.

"Employee Satisfaction at Carolinas HealthCare System Dropped in 2015" (Charlotte Observer, November 6, 2015)

The system had been rated at the 99th percentile in 2012, the 95th percentile in 2013-4, and dropped to the 76th percentile in 2015. The article stated that employees blamed staffing issues and poor leadership.

"Rehab Center Drops Program" (WSOC-TV, January 5, 2016)

The inpatient drug treatment program at First Step at Carolinas Medical Center - Union was dropped for reasons said to be "part financial- and part research-based." The overseer of the local drug treatment court decried the loss of a "very valuable" program.

"Hospitals Failed to Report Outbreaks Linked to Tainted Scopes, Senate Report Says" (Los Angeles Times, January 22, 2016)

This article lead with the failure of Carolinas Medical Center to report an infection apparently caused by the use of an endoscope that later was implicated in multiple infections at multiple hospitals.  The article noted that

Federal law requires hospitals to report deaths from a medical device to the FDA within 10 days. If the device seriously injures a patient, the hospital must notify the manufacturer within 10 days. Both notices require hospitals to fill out what the FDA calls Form 3500A.

"Notice: 360 to Lose Jobs at Health Care Facility" (WSOC-TV, January 26, 2016)

The article noted layoffs at Carolinas Medical Center- Main Rehabilitation program but noted "it's not clear why the positions are being eliminated."

So instead of high performance, the recent track-record of hospital system management included allegations of defrauding the federal government, a marked decrease in employee satisfaction, the closing of an apparently valuable rehabilitation program, the failure to report apparent adverse effects of a medical device despite requirements in federal law, and layoffs at a rehabilitation facility.  

No wonder that Karen Garloch reported in her February, 2016 article,

On hearing about the latest CHS compensation report, Mecklenburg County commissioner Pat Cotham said, 'It’s kind of depressing. … Nothing against Mr. Tarwater personally. He’s led a successful organization. … Generally I struggle with these multimillion-dollar deals. Is anybody really that valuable?'

The question becomes more acute given that it is not even clear whether Carolinas Healthcare is a private non-profit organization or a government agency.  As we noted last year, per Ms Garloch,

The system is technically a hospital authority, created by state law in 1943, and is run by a self-perpetuating board that includes top community and business leaders whose nominations get approval from the commissioners’ chairman. Over the years, chairmen have acknowledged that action is basically a rubber stamp.

A recently closed investigation by the U.S. Department of Labor focused on whether the hospital system is a governmental agency, as it claims. On Thursday, commissioner Bill James said that question remains open and might have bearing on compensation.

James said documents in the investigation included a statement by a lawyer for CHS who said hospital debts 'have been and will be backstopped by the County’s taxing power.' But James said state law has given commissioners no oversight role in connection with CHS.

'I don’t know how CHS can expect taxpayers to ‘backstop’ their billions of debt with County tax dollars without any oversight over it,' James wrote in an email.

'I do not know what is just compensation for a hospital CEO,' James wrote. But he added that most government agencies have 'typical limitations on pay.'

You would think that all those people who loudly critique spending by the "gummint" would be loudly decrying pay at Carolinas Healthcare.  However, I can find no evidence of such protests.

Summary

Whether the top managers of Carolinas Healthcare are government bureaucrats or non-profit executives, they seem to manage to pay themselves more each year, regardless of what other employees are paid, regardless of inflation, and regardless of how well the organization is upholding its health care mission.  This is another example of ho hospital managers have become "value extractors."  The opportunity to extract value has become a major driver of managerial decision making.  And this decision making is probably the major reason our health care system is so expensive and inaccessible, and why it provides such mediocre care for so much money.

So to repeat, true health care reform would put in place leadership that understands the health care context, upholds health care professionals' values, and puts patients' and the public's health ahead of extraneous, particularly short-term financial concerns. We need health care governance that holds health care leaders accountable, and ensures their transparency, integrity and honesty.

Baca selengkapnya