This often occurs due to poor project planning, overconfidence, underestimation of complexity and even incompetence, that drives up electronic records system costs way over estimates.
It's happened again:
Southcoast Health cutting dozens of jobs on heels of expensive IT upgrade Mar 30, 2016, 11:25am EDT Updated Mar 30, 2016, 11:31am EDT
Stung by losses linked to costly technology upgrades, Southcoast Health is laying off 95 employees just a year after finalizing a similar staffing cut.
The cuts represent 1 percent of Southcoast’s 7,251 workforce, and will happen across the care provider's three hospitals in Fall River, Wareham and New Bedford. All levels of hospital staff will be affected, officials said.
Southcoast employees were notified of the cut Wednesday morning. The cuts come as the hospital negotiates a merger with Care New England, a four-hospital system in Rhode Island.
The care provider said the cuts stemmed from training costs associated with the installation of a $100 million records system, known as Epic.Similar operating challenges have been reported by other Massachusetts care providers in the midst of Epic upgrades and installations.
I note that $100 million can purchase an entire new hospital wing or facility.
Training costs, of all things, should have been factored into the original project plans. It's not as if this issue is an unknown in an industry and product extant for several decades now.
Also, IMO the word "challenges" should be altered to "challenged" to describe the institutional geniuses responsible for debacles like this.
Training costs for the system, which went live in October, contributed to a $9.9 million operating loss in the first quarter of fiscal 2016, which ended Dec. 31. Hospital executives said similar expenses have impacted the bottom line in the current quarter, which ends Thursday.
So, training costs for the EHR devoured profits from an increasing revenue stream as below, plus consumed enough to leave a near $10 million loss. Stunning.
“These financial challenges are attributable to higher-than-budgeted operating expenses, largely a result of our Epic implementation,” said Southcoast president and CEO Keith Hovan, in a letter to employees. “During the first two quarters of this fiscal year, revenue has grown positively at a rate of 4 percent – a significant accomplishment, particularly given the lack of a flu season. However, expenses have grown at 6 percent during that time, which is an untenable variance that must be corrected.”
I note that the hospital system might have realized their cost underestimations via reading the literature a bit, including but not limited to my completely free academic site at http://cci.drexel.edu/faculty/ssilverstein/cases (in existence in various flavors since 1998), and this very blog.
Hovan went on to ask employees for recommendations to reduce costs, going so far as to tell employees to reach out to him directly.
How about reducing IT expenditure and laying off IT personnel responsible for the cost underestimates? Costing is supposed to be a core competence of management information systems (MIS) personnel in those IT departments.
... Approximately 70 people were let go in October 2014, and another 35 were let go in January 2015.
The hospital still has 339 job openings for a number of clinical roles. Cohenno wouldn’t detail what kinds of jobs the hospital was eliminating, but said employees affected by today’s layoffs will be encouraged to apply to open positions.
Some consolation for being fired to maintain the good health of a computer.
The solution to this problem is for hospital executives to actually learn more about what they're getting into in HIT acquisition, implementation and operation, instead of simply believing the marketing hype coming from the HIT industry and its cybernetic hyper-enthusiasts.
That means reading far more than typical industry marketing BS, a.k.a. performing robust due diligence.
Nine years ago, three top executives of Purdue Pharma pleaded guilty to criminal charges of "misbranding" Oxycontin. The case appeared to be a landmark. In previous years, top executives of large health care corporations rarely faced legal consequences when their companies misbehaved. Yet in the Purdue Pharma/ Oxycontin case, things were not what they seemed. Maybe that is why this case never did yield a new era of accountability for top corporate health care leaders.
Background - the Oxycontin Guilty Pleas
In 2007, we posted about the executives' guilty pleas. Relying on the New York Times coverage, we noted that the Department of Justice charged that the company used aggressive, deceptive marketing, including claims that Oxycontin had little potential for addiction, even though they then knew otherwise. Unlike many other settlements, the executives and the company admitted their dishonesty, although they were not apparently charged with fraud.
In a statement, the company said: 'Nearly six years and longer ago, some employees made, or told other employees to make, certain statements about OxyContin to some health care professionals that were inconsistent with the F.D.A.-approved prescribing information for OxyContin and the express warnings it contained about risks associated with the medicine. The statements also violated written company policies requiring adherence to the prescribing information.'
'We accept responsibility for those past misstatements and regret that they were made,' the statement said.
While no executives went to jail, the three who pleaded guilty,
Michael Friedman, the company’s president, who agreed to pay $19 million in fines; Howard R. Udell, its top lawyer, who agreed to pay $8 million; and Dr. Paul D. Goldenheim, its former medical director, who agreed to pay $7.5 million.
appeared to be the top leaders of the company. So, at the time I concluded,
At least in the Purdue Pharma/ Oxycontin case top company leaders were prosecuted, pleaded guilty, and will personally have to pay substantial financial penalties. Maybe this will convince the leaders of health care organizations that deceptive marketing practices may not be in their long term interests. Up to now, it may have been too easy to be swayed by the enormous profits deceptive marketing can bring, and regard fines paid by the company as just a cost of doing business.
No Lasting Effects
I was much too optimistic. Alas, we have since documented numerous legal settlements, and other cases of at least alleged bribery, kickbacks, or fraud, in which the top organizational leaders who authorized or directed the questionable conduct never suffered any consequences for their actions. That is, they demonstrated impunity.
Meanwhile, Purdue Pharma has been in the news since 2007, and not in a good way. In particular, we noted that the company seemed to keep up manipulative, if not deceptive marketing efforts on behalf of its narcotic product. In 2010, Canadian medical students protested that their "education" about narcotics and pain management was influenced by Purdue marketing (look here). In 2012, we noted that a leading "key opinion leader" who had a key role promoting the liberalized, if not reckless use of narcotics to treat all sorts of chronic pain, and had financial relationships with numerous narcotic pharmaceutical manufacturers, including Purdue Phrama, later admitted that it was all "misinformation." Yet this aggressive promotion of narcotics was likely a major factor in the ongoing narcotic epidemic which has killed thousands in the US. And in January, 2016 we described how opposition to new CDC guidelines that suggested much more conservative use of narcotics seemed to be funded, if not orchestrated by narcotic pharmaceutical manufacturers, notably including Purdue Pharma. Finally, there have been many other stories about Purdue Pharma about which we failed to post.
One would think, however, that a company that admitted to a crime, and whose three top executives lost their jobs and also pleaded guilty to crimes, would at least change its ways, even if these guilty pleas and admissions did not inspire more attempts to hold top corporate health care leaders accountable.
An Assumption about Unaccountable Hired Mangers
But it turns out that some obvious assumptions that I and probably many other people made about the Purdue Pharma cases of 2007 were wrong. I implicitly assumed when I wrote my 2007 post that the three Purdue Pharma executives who pleaded guilty were the top leaders of the company.
Furthermore, as we have discussed elsewhere, the top executives of large, for-profit publicly held corporations, like most pharmaceutical companies, have become largely unaccountable. They may seem to exist in a bubble, in which they are hailed as visionaries, and paid exceedingly well no matter how their organizations perform. (Look here). However, many top hired corporate managers have mainly become "value extractors."
These executives are nominally accountable to their corporate boards of directors, which are supposed to represent the owners of the companies. However, most large pharmaceutical companies have numerous stockholders, who have no easy avenue to organize. Many of their stockholders, in turn, are mutual funds, retirement funds, etc whose shares in turn are owned by thousands more. These numerous, dispersed "owners" have little influence on corporate boards, who often functionally are dominated by cronies of the top management.
So when the three top Purdue executives pleaded guilty, at least it looked like in this case the unaccountable hired executives had been made accountable, if not to their boards of directors, at least to the courts.
But Who Owned Purdue?
But what you see is not always what you get. There was a hint buried in the NY Times article,
Between 1995 and 2001, OxyContin brought in $2.8 billion in revenue for Purdue Pharma, a closely held company based in Stamford, Conn. At one point, the drug accounted for 90 percent of the company’s sales.
As part of the plea agreement, Purdue Frederick, a holding company for Purdue Pharma that is also closely held, pleaded guilty to a felony charge of misbranding OxyContin.
The article did not further discuss the meaning and implications of the twice used phrase, "closely held." I confess I missed it entirely. However, it seems to have meant that rather than being a public corporation with numerous, dispersed stockholders, the owners of Purdue Pharma and its parent were a smaller group, perhaps a group who should have been accountable for the actions of their executives. However, the NY Times did not further describe this group. Neither did reports in other outlets, such as the Wall Street Journal, CBS, or Time. Nor did a variety of other news stories that mentioned Purdue Pharma through 2010.
The Oxycontin Billionaires
There were a fewother clues available in 2007, but would have not been easily found at that time. After the case's resolution was disclosed, an article appeared in the Corporate Crime Reporter (but was presumably only available at that time by subscription.)
Purdue is a privately held, very secretive company based in Stamford, Connecticut.
It’s controlled by the Arthur Sackler family. Arthur Sackler is the guy who, before he delivered OxyContin, brought to you the marketing for Librium and Valium. Walk on the mall in Washington and you walk by the Freer Gallery of Art and Arthur Sackler Gallery.
Art brought to you by Oxy.
New York Times correspondent Barry Meier is probably the most plugged in journalist on the topic. A couple of years ago, he wrote a book detailing the problem titled Pain Killer: A 'Wonder' Drug’s Trail of Addiction and Death (Rodale Books, 2004.)
So apparently Purdue Pharma and Purdue Frederick were privately held, the Sackler family held a controlling interest, and the Sackler family were rich enough to have their name attached to an art museum.
The relationship between the Sackler family and Purdue got no other attention I could find until 2010. In March of that year, another member of the family, Dr Mortimer D Sackler died, and his NY Times obituary led off with evidence of his wealth, and philanthropy,
Mortimer D. Sackler, a psychiatrist who was a co-owner of the pharmaceutical company Purdue Pharma, makers of the controversial painkiller OxyContin, and whose lavish gifts to the Guggenheim Museum, the Metropolitan Museum of Art and Columbia University made him one of New York City’s most prominent benefactors, died March 24 in Gstaad, Switzerland. He was 93 and had homes in London, Gstaad and Antibes, France.
The obituary also provided evidence of a direct relationship among the Sacklers, Purdue, and the development of Oxycontin.
The Sackler brothers were all doctors, and all businessmen as well. In 1952, while the three were working at the Creedmoor state psychiatric hospital, Arthur financed the purchase of a small drug manufacturer based in Greenwich Village, the Purdue Frederick Company, which Mortimer and Raymond Sackler ran as co-chairmen and which later became Purdue Pharma, now based in Stamford, Conn.
Then,
by the mid-1990s Purdue Pharma was still a small drug company. But with a new product, OxyContin, a powerful, long-acting, narcotic painkiller, the company hoped to join the ranks of industry giants. Indeed, by 2001 sales of the drug had reached nearly $3 billion and accounted for 80 percent of Purdue Pharma’s revenue.
The lavish scale of Sackler's generosity was indicated in The Sunday Times's "Rich List" for 2008, which noted that while he and his family owned a £500 million stake in the pharmaceutical business, Purdue Pharma, huge charitable contributions had cut their wealth to £300 million. Yet few knew much about the Sacklers apart from their association with the cultural institutions that bear their name.
However, I could find no echos of this story beyond these obituaries, and certainly none that prominently made their way into the health care world. In late 2011, about ten percent of a long piece by Fortune on Purdue made the Sackler's ownership and wealth clear, but did not discuss the implications.
The story only began to echo a little in 2014. That year, the prospect of a trial of a civil lawsuit against Purdue filed in the state of Kentucky, one of the most hard hit by the narcotic epidemic, promised to shake things up. A long Bloomberg story on the lawsuit was the first to suggest that the very wealthy Sackler family might bear some responsibility for how Purdue marketed Oxycontin, and the results on patients' and the public's health.
Kentucky lawyers plan another first for Purdue: They want to elicit testimony from the company’s board, which is dominated by members of the Sackler family, the wealthy philanthropists who own the company and have until now remained largely untouched by the controversy tied to the blockbuster drug that netted their business billions of dollars.
It underlined the tightness of the ties between the Sackler's and Purdue. The family does not merely own a controlling interest, but dominates the company's governance.
Purdue today is owned through holding companies and family trusts for the benefit of Mortimer and Raymond Sackler’s families, according to Raul Damas, a company spokesman. In all, nine members of the Sackler family are Purdue directors. In January, Raymond Sackler announced the appointment of Chief Executive Officer Mark Timney. None of the Sacklers has been named in the Kentucky suit.
Raymond, who remains on the board, and his children have been the most involved in the family business. His son, Richard, a physician, worked at Purdue for three decades before being named president in 1999. Now retired, he remains a director. A grandson, David Sackler, sits on the board and runs a family investment fund, Summer Road LLC, in New York. Raymond’s other son, Jonathan, is a director, too.
By the way, the Bloomberg article also detailed another point (which had been mentioned in the obituaries and the CNN article). One member of the Sackler family was behind the aggressive, deceptive marketing campaign that sparked so many sales of Oxycontin. In fact, this Sackler brother could be viewed as the father of modern aggressive, deceptive pharmaceutical/ biotechnology/ device corporate marketing.
Raymond and Mortimer ran the company together. Arthur, the oldest, appears to have been primarily an investor and adviser.
Considered the father of modern pharmaceutical marketing, Arthur Sackler created the first medical-journal advertising insert to promote a drug and pushed for hiring sales reps long before they became as common in physicians’ waiting rooms as out-of-date magazines. Purdue used many of Arthur Sackler’s tactics when it introduced OxyContin, a time-released dose of the opioid oxycodone, in 1995.
CNN had gone into a bit more detail on Arthur Sackler's previous work:
Arthur, joined a small advertising agency that specialized in marketing pharmaceuticals. (He also funded his brothers’ purchase of Purdue, according to a 2003 book by New York Times reporter Barry Meier called Pain Killer: A Wonder Drug’s Trail of Addiction and Death.) Arthur was so successful that in 1997 he was one of the first people named to the Medical Advertising Hall of Fame, whose website credits him with helping 'shape pharmaceutical promotion as we know it today.' As early as the 1950s he was experimenting with TV marketing, and according to the entry, Arthur’s scientific knowledge and ability to expand the uses for Valium helped turn it into the first $100 million drug ever. Arthur’s philosophy was to sell drugs by lavishing doctors with fancy junkets, expensive dinners, and lucrative speaking fees, an approach so effective that the entire industry adopted it.
So at least this article credits Dr Arthur Sackler, of Purdue Pharma, with being one of the creators of the web of conflicts of interest that has ensnared many medical professionals in the last decades. Who knew?
Just to ice this cake, in later 2015, it became apparent that the Sacklers did not merely become wealthy from Purdue profits and Oxycontin sales. They became fabulously wealthy. Forbes listed the Sackler family that year as one of the 20 richest US families, estimating their combined wealth as $14 billion.
The Sackler family, which owns Stamford, Conn.-based Purdue Pharma, flew under the radar when Forbes launched its initial list of wealthiest families in July 2014, but this year they crack the top-20, edging out storied families like the Busches, Mellons and Rockefellers.
How did the Sacklers build the 16th-largest fortune in the country? The short answer: making the most popular and controversial opioid of the 21st century — OxyContin.
Purdue, 100% owned by the Sacklers, has generated estimated sales of more than $35 billion since releasing its time-released, supposedly addiction-proof version of the painkiller oxycodone back in 1995.Its annual revenues are about $3 billion, still mostly from OxyContin. The Sacklers also own separate drug companies that sell to Asia, Latin America, Canada and Europe, together generating similar total sales as Purdue’s operation in the United States.
Forbes estimates that the combined value of the drug operations, as well as accumulated dividends over the years, puts the Sackler family’s net worth at a conservative $14 billion.
Perhaps if the Kentucky lawsuit had gone to trial, these echos would have gotten even louder.
However, in December, 2015, Purdue settled the suit for $24 million, admitting no liability, and keeping the Sackler name out of the limited press coverage (although see this in STAT by Ed Silverman.)
I, for one, only found out about the Sackler / Purdue linkage when STAT published a followup in March, 2015. It turns out that in the run up to the Kentucky trial, a member of the Sackler family was actually deposed. This may have been the only direct discussion of the Oxycontin case by a member of the family.
The settlement required the attorney general to 'completely destroy' or return to Purdue all documents it received from the company or from any other party through a subpoena. The attorney general was given 60 days from the Dec. 18 agreement to comply. The agreement also prohibits the attorney general from sharing the documents with any other entity investigating or litigating against Purdue.
The attorney general’s office destroyed millions of pages of documents within the 60-day period, according to spokesman Terry Sebastian.
While the attorney general destroyed the records in its possession, copies of some of those records remain under seal in the Pike County courthouse, including the Sackler deposition.
The STAT article noted that millions of pages of records from other Oxycontin litigation were destroyed or returned to the company as stipulated by previous settlements. This time,
STAT is making a motion to intervene in the settled Kentucky lawsuit. The motion was sent to the Pike Circuit Court Monday via overnight courier.
The motion argues that STAT and the public have a constitutional right to the records that trumps Purdue’s interest in keeping them secret. The motion also states there is a substantial public interest in the case, citing the epidemic of drug addiction and related crime stemming from the abuse of OxyContin in Kentucky and other states. STAT is requesting the court make the documents available immediately.
We will see how this attempt to shine a little light on the long running Oxycontin story goes. I am not optimistic, since this long-running case has vividly shown how those who have the biggest vested interests in keeping our commercialized, overutilizing, over-marketed health care system going can use money and influence to keep it all so anechoic.
Summary
So now we see, dimly, reasons why the penalties handed out to "top" Purdue Pharma executives for the deceptive "misbranding" of a dangerous narcotic failed to end the impunity of top health care leaders. Those supposed "top men" were not really the top.
Just like in "Raiders of the Lost Ark,"
They were hired managers with fancy titles who worked for a secretive family which owned Purdue Pharma, which was apparently directly involved in the engineering of the aggressive, deceptive, "misbranding" sales campaign which sold so much Oxycontin, which became fabulously wealthy from the ownership of the company, and which managed to conceal their relationship to the company from nearly all prying eyes. So far, the family seems to either have befuddled or intimidated law enforcement sufficiently to prevent any direct consequences from befalling them.
This case vividly demonstrates, first, how those who have personally gained the most from our current dysfunctional health care system have often brilliantly covered up what they were doing (part of what we have called the anechoic effect). As long as we do not know where the money goes, and how it is made, we do not know what needs to be done to make things better. True health care reform requires bright sunlight to be shown on how the health care sausage is made, who makes it, and how they profit from it. As long as we the people let ourselves stay in the dark, we will continue to endure our woefully overpriced, inaccessible, mediocre quality, and all too often frankly corrupt health care system.
A piece this long and heavy deserves a musical interlude. Here is a live performance by the Dramatics of "What You See Is What You Get," (if only that were the case here).
For a second day, the region’s second-largest health care system deals with a crippling computer virus. MedStar Health says it is making progress, but WJZ is learning some patients are still feeling the effects.
... Despite the challenges affecting MedStar Health’s IT systems, the quality and safety of our patients remains our highest priority, which has not waned throughout this experience. Fortunately, the core ways in which we deliver patient care cannot be altered, manipulated or harmed by malicious attempts to disruptthe services we provide[that is, by taking down the EHRs -ed.],” Stephen R.T. Evans, MD, executive vice president, Medical Affairs and chief medical officer, MedStar Health. “Our ability to serve our patients and their families depends first and foremost on our caregivers, and their expert knowledge and compassion focused on each patient.”
He likely does not realize just how correct his spin actually is.
-- SS
3/30/2016 Addendum:
This is not the first time for EHR outages at MedStar.
MEDSTAR EHR GOES DARK FOR DAYS: MedStar’s outpatient clinics in the D.C. and Baltimore area lost access to their EHRs Monday and Tuesday when the GE Centricity EHR system crashed. The system went offline for scheduled maintenance on Friday and had come back on Monday when it suffered a “severe” malfunction, according to an email from Medstar management that was shared with Morning eHealth.
“All of a sudden the screens lit up with a giant text warning telling us to log off immediately,” a doctor said. “They kept saying it would be back up in an hour, but when I left work Tuesday night it was still down.”
This doctor told us that the outage was “disruptive and liberating at the same time. I wrote prescriptions on a pad for two days instead of clicking 13 times to send an e-script. And I got to talk to my patients much more than I usually do.
But of course we didn’t have access to any notes or medication history, and that was problematic.” MedStar notified clinicians in the email that any information entered in the EHR after Friday was lost.
Bad Health IT ("BHIT") is defined as IT that is ill-suited to purpose, hard to use, unreliable, loses data or provides incorrect data, is difficult and/or prohibitively expensive to customize to the needs of different medical specialists and subspecialists, causes cognitive overload, slows rather than facilitates users, lacks appropriate alerts, creates the need for hypervigilance (i.e., towards avoiding IT-related mishaps) that increases stress, is lacking in security, compromises patient privacy or evidentiary fitness, or otherwise demonstrates suboptimal design and/or implementation. (http://cci.drexel.edu/faculty/ssilverstein/cases/)
I observed bad health IT leading to HIT compromise, hospital chaos and paying of a ransom demand at my Feb. 18, 2016 post "Hollywood Presbyterian Medical Center: Negligent hospital IT leaders allow hacker invasion that cripples EHRs, disrupts clinicians ... but patient safety and confidentiality not compromised" at http://hcrenewal.blogspot.com/2016/02/hollywood-presbyterian-medical-center.html.
It's happened again, at least with regard to publicly-disclosed stories (there is no requirement for hospital disclosure, more on that below).
WASHINGTON (AP) — Hackers crippled computer systems Monday at a major hospital chain, MedStar Health Inc., forcing records systems offline for thousands of patients and doctors. The FBI said it was investigating whether the unknown hackers demanded a ransom to restore systems.
A computer virus paralyzed some operations at Washington-area hospitals and doctors’ offices, leaving patients unable to book appointments and staff locked out of their email accounts. Some employees were required to turn off all computers since Monday morning.
A law enforcement official said the FBI was assessing whether the virus was so-called ransomware, in which hackers extort money in exchange for returning a victim’s systems to normal. The official spoke on condition of anonymity because the person was not authorized to discuss publicly details about the ongoing criminal investigation.
Not discussed is corporate accountability for deficient IT security.
“We can’t do anything at all. There’s only one system we use, and now it’s just paper,” said one MedStar employee who, like others, spoke on condition of anonymity because this person was not authorized to speak to reporters.
I note that if the cybernetic pundits were listened to, patients would now be considered at deadly risk due to paper records being used - not due to critical IT infrastructure being hacked and disabled. Yet it's impossible to disable paper charts en masse.
MedStar said in a statement that the virus prevented some employees from logging into systems. It said all of its clinics remain open and functioning and there was no immediate evidence that patient information had been stolen.
Company spokeswoman Ann Nickels said she couldn’t say whether it was a ransomware attack. She said patient care was not affected and the hospitals were using a paper backup system.
The absurdity of this claim is that if patient care is not affected by returning to paper, then why did the hospital invest hundreds of millions on EHRs?
When asked whether hackers demanded payment, Nickels said: “I don’t have an answer to that,” and referred to the company’s statement.
Dr. Richard Alcorta, medical director for Maryland’s emergency medical services network, said he suspects it was a ransomware attack. He said his suspicion was based on multiple earlier ransomware attempts on individual hospitals in the state. Alcorta said he was unaware of any ransoms paid by Maryland hospitals or health care systems.
The rather calmly-stated "multiple earlier ransomware attempts on individual hospitals in the state" suggests that
Hospitals are being targeted in an organized fashion, and
Costs to implement proper security will draw even more capital and resources from direct patient care and from real brick and mortar facilities, such as entire new hospital wings that would cost less than an EHR, to cybernetics of increasingly dubious value. (Past projected cost benefits are certainly being proven even more naive.)
Terrorism or just plain old crime, the medical driector asks...
“People view this, I think, as a form of terrorism and are attempting to extort money by attempting to infect them with this type of virus,” he said.
God help us if true terrorists get in the act of cybernetically paralyzing hospitals.
Alcorta said his agency first learned of MedStar’s problems about 10:30 a.m., when the company’s Good Samaritan Hospital in Baltimore called in a request to divert emergency medical services traffic from that facility. He said that was followed by a similar request from Union Memorial, another MedStar hospital in Baltimore. The diversions were lifted as the hospitals’ backup systems started operating, he said.
It used to be that patient diversions were due to doctors and nurses having too many sick patients they are caring for. Here it seems due to doctors having to many sick computers to deliver proper patient care.
MedStar operates 10 hospitals in Maryland and Washington, including the MedStar Georgetown University Hospital, along with other facilities. It employs 30,000 staff and has 6,000 affiliated physicians.
That's a lot of paralysis.
Monday’s hacking at MedStar came one month after a Los Angeles hospital paid hackers $17,000 to regain control of its computer system, which hackers had seized with ransomware using an infected email attachment.
Hollywood Presbyterian Medical Center, which is owned by CHA Medical Center of South Korea, paid 40 bitcoins — or about $420 per coin of the digital currency — to restore normal operations and disclosed the attack publicly. That hack was first noticed Feb. 5 and operations didn’t fully recover until 10 days later.
Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.
I won't even comment on why a US hospital is owned by a Korean medical center. The statement "unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted" implies yet another blind spot in the unregulated health IT industry. Add that to the blindness towards close-calls and actual harms, and you have a field being pushed on the population under penalty by those somewhat deaf, dumb and blind to the downsides.
Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.
All I can hear is "ka-ching! ka-ching!" as the costs to fix the poor computer security in the hospital industry accrues.
How much will patient care suffer as a result of the diversion of yet more resources to cybernetics?
As I've written before, stories like this support a serious rethinking of the entire healthcare IT hyper-enthusiast movement to whom the considerable downsides (even patient death) are just an unfortunate "bump in the road" (http://hcrenewal.blogspot.com/2012/03/doctors-and-ehrs-reframing-modernists-v.html), or perhaps more accurately, the healthcare IT hyper-enthusiast religion.
-- SS
[1] I've written that paper for many clinical settings, including highly specialized forms as I implemented highly successfully in invasive cardiology (http://cci.drexel.edu/faculty/ssilverstein/cases/?loc=cases&sloc=Cardiology%20story), needs reconsideration, relieving clinicians of clerical work and employing data entry clerks to enter the data. This would be supplemented by far less expensive document imaging systems for 24/7 availability, and computerized lab results retrieval - the latter with appropriate humans on the receiving end to prevent the "silent silo" syndrome of lab results returned to a computer silo but missed by clinicians due to being very busy and due to unreliable/fatiguing cybernetic alerting. A lot of workers can be paid for by saving $50 or $100 million on software.
3/30/2016 Addendum:
This is not the first time for EHR outages at MedStar.
MEDSTAR EHR GOES DARK FOR DAYS: MedStar’s outpatient clinics in the D.C. and Baltimore area lost access to their EHRs Monday and Tuesday when the GE Centricity EHR system crashed. The system went offline for scheduled maintenance on Friday and had come back on Monday when it suffered a “severe” malfunction, according to an email from Medstar management that was shared with Morning eHealth.
“All of a sudden the screens lit up with a giant text warning telling us to log off immediately,” a doctor said. “They kept saying it would be back up in an hour, but when I left work Tuesday night it was still down.”
This doctor told us that the outage was “disruptive and liberating at the same time. I wrote prescriptions on a pad for two days instead of clicking 13 times to send an e-script. And I got to talk to my patients much more than I usually do.
But of course we didn’t have access to any notes or medication history, and that was problematic.” MedStar notified clinicians in the email that any information entered in the EHR after Friday was lost.
Novartis AG said it agreed to pay $25 million to settle a U.S. Securities and Exchange Commission case that claimed the Swiss drugmaker paid bribes to health professionals in China to increase sales from 2009 to 2013.
In particular,
The SEC detailed a number of Foreign Corrupt Practices Act violations where Novartis employees provided items of value to health-care professionals in China, under the supervision of complicit managers. It also cited examples of how the company improperly recorded as legitimate expenses payments employees made for travel and entertainment, conferences, lecture fees, marketing events, educational seminars and medical studies.
For some vivid examples,
In one example cited in the SEC order on Novartis, a sales representative at the drugmaker’s Sandoz China subsidiary submitted a $1,154 receipt to buy holiday gifts for 25 health-care professionals, which was instead used to pay for their spa and sauna sessions. A regional sales manager approved the purchase, the SEC said.
The SEC order also cited how Sandoz China sponsored 20 health-care professionals to attend a 2009 medical conference in Chicago. During the trip, the company paid for the group’s recreational activities such as a Niagara Falls excursions, $150 in 'walking around' money for their spouses, and cover charges to a strip club. The group was accompanied by a Sandoz China senior manager and other staff, according to the SEC.
So, thus far, the allegations were that Novaris bribed Chinese physicians to use their products, and the bribes includes gifts, travel money, and admission to a strip club. It is likely that these bribes induced the physicians to unnecessarily or excssively prescribe Sandoz drugs to patients, leading to excess expenses, overtreatment, and quite likely adverse effects that should have been prevented.
As per the Wall Street Journal, and as usually happens in such cases, Novartis was allowed to settle without "admitting or denying the findigs." In the Bloomberg article, a Novartis spokesperson gave the usual vague response,
'The issues raised by the SEC, which relate to our subsidiaries in China and go back as far as 2009, largely pre-date many of the compliance-related measures introduced by Novartis across its global organization in recent years,' Novartis spokesman Eric Althoff said in an e-mailed statement Thursday.
The implication was that the company no longer does these bad things, but did not include a promise not to do them. And, of course, just like in many, many other health care cases, and in many, many other cases involving big, powerful, or influential organizations, no one at a top management level went to jail, or even suffered any negative consequences, even for such sleazy allegations as those in this case. Finally, partially because the amount of this settlement was so small related to the financial bulk of the company involved, this case was relatively anechoic, only reported in the small items in the business press.
Summary
As we are distracted by bloviating billionaires and other spectacles on the US 2016 campaign trail, we continue to accumulate evidence of the corruption of large health care organizations and the impunity of their leaders. Yet this evidence remains anechoic, even given the apparent recidivism involved. For example, it was only in last November that we discussed what were then the latest misadventures by Novartis and its leadership. At that time, our post included these section headings covering 2014-15:
- Japanese Health, Labor and Welfare Ministry Found that Novartis Concealed Serious Adverse Effects - Novartis Executive Pleads Guilty to Bribing Polish Official - Novartis Subsidiary Sandoz Settles Allegations that it Misrepresented Pricing Data to US Medicaid - Express Scripts Settles Allegations that it Accepted Kickbacks from Novartis - Novartis Settles US Allegations of Kickbacks to Enhance Sales of Multiple Drugs
Furthermore, in that post we also documented Novartis' previous record. In March, 2014, we had noted: - Italian authorities had fined Novartis and Roche for colluding to promote the use of an expensive opthamologic treatment - the NY Times published interviews with physicians ostensibly showing how Novartis turned them into marketers for the drug Starlix - Japanese investigators charged Novartis with manipulating clinical research - Indian regulators canceled a Novartis import license, charging the company with fraud.
Also, in 2013, Novartis was fined for anti-competitive practices in its marketing of Fentanyl by the European Commission (look here), and in 2011 its Sandoz subsidiary settled allegations of misreporting prices in the US for $150 million (look here) Other Novartis misadventures from 2010 and earlier appear here. So Novartis has quite an impressive, if not infamous record of ethical failures.
Yet no Novartis top manager suffered any negative consequences then (although one apparent mid-level company manager at the Polish subsidiary did plead guilty), and all these previous episodes apparently did not suggest a pattern of recidivism to US authorities this time sufficient to attempt to impose any negative consequences on higher level managers. Meanwhile, Novartis executives continue to be paid handsomely. The 2015 Novartis executive compensation report listed over 51 million Swiss francs paid
Also, this goes on while large health care companies continue to pay out dizzying amounts to physicians, health care professionals, hospitals and academic institutions, which partially may secure their loyalty. Novartis, for example, which ProPublica lists as only the 28th biggest payer to physicians, paid out $31.7 million in 2013-14 just to US physicians. The 2015 Novartis board of directors included Dr Nancy C Andrews, the Dean of the Duke Medical School and Vice-Chancellor for Academic Affairs at Duke University, Dr Dimitri Azar, Dean of the College of Medicine at the University of Chicago, Illinois, and Dr Charles L Sawyers, a professor and department chair at Weill-Cornell Medical School. I am unaware that anyone of them have publicly raised any concerns about Novartis' recent misadventures, although I am also unaware whether anyone has publicly asked them such questions.
No wonder that ordinary US (and other countries' citizens) feel that they are trapped in a hopeless economic situation by rigged systems designed to benefit from the corrupt insiders. No wonder that someone of them are seeking the protection of some of those powerful insiders. But I digress...
In terms of health care, as we have said like a broken record (if anyone remembers what that means), or, if you prefer, where every verse is same as the first...
There seems to be increasing recognition that the continuing rise in US health care costs is unsustainable, and that these costs are not buying us good health care. There are calls to avoid unnecessary, and sometimes harmful care. Yet there is a persistent disconnect between how continuing dishonest behavior by health care organizations, impunity of their leaders, and lack of accountability by their board members fuel rising costs, shrinking access, and bad outcomes for patients.
To truly reform health care, we will have to at least recognize the causes of the current dysfunction. Recognizing how health care dysfunction is created by unaccountable, dishonest leadership should lead to true reform that would promote well-informed, honest, accountable leadership that puts patients' and the public's health ahead of personal gain.
Our musical interlude ("second verse, same as the first,") Herman's Hermits, Henry VIII
