Category Archives: Data Security

Protect Your Patients and Your Clinic with Centricity™ Practice Solution

A clinic’s EMR is like its circulatory system—damage it in any way and everyone in the clinic, including your patients, suffers the consequences. Alarmingly, there are thousands of clinics running faulty EMR software today.

You might have heard that the executives at eClinicalWorks agreed to pay $155 million in fines—rather than face trial—in order to settle a False Claims Act lawsuit brought by the Department of Justice?

The lawsuit claims that the company willfully “caused the submission of false claims for federal incentive programs,” among other serious violations.

At a time like this, it’s only natural to ask:

  • Can you trust that your patient data is accurate?
  • Is patient safety in question?
  • Is my EMR vendor a partner or a potential liability?
  • Can the clinic successfully attest?
  • Will your technology partner be around tomorrow?

To complicate matters, some eClinicalWorks customers are now complaining that the company is not supplying the clinic’s patient data when asked to do so. “We’ve been held hostage for a year and a half. I battled them,” said Laura Williams, practice administrator at North Spokane Women’s Health in Washington. “It’s a nightmare with them.”

“The IT people at eClinicalWorks never were able to fix the program errors, but our IT guy came up with a solution that at least has us able to access our patient records,” Williams said. “If I can get my patient data migrated to Centricity that will be enough.”

If you’re currently finding workarounds for your EMR, it’s time for a new EMR. Put eClinicalWorks behind you. We’re here to help steady your clinic’s healthcare IT infrastructure today, earn your trust, and support your clinic for years to come.

Schedule a Centricity demo today. It’s the first critical step on the path to clinical and financial well being.

Previously on the HealthCo Blog: Clinics Trust GE Healthcare for Good Reason

Clinics Trust GE Healthcare for Good Reason

Trust between physician and patient is sacred. Trust between clinic and EHR provider is as well. That’s why news that top executives at EHR software provider, eClinicalWorks, willfully manipulated their software to achieve federal certification has rightfully sent shockwaves across the industry.

Clinic admins and physicians are now all asking the tough questions:

  • Are quality incentive payments at risk for my clinic?
  • Has my EHR vendor done something similar?
  • Should I consider moving to another platform?

Let’s admit that we sometimes compete with eClinicalWorks. Let’s also admit that we’re nothing like them. HealthCo is a value-added reseller for GE Healthcare’s Centricity Practice Solution. GE Healthcare is not a startup, nor the kind of firm that risks its reputation. GE Healthcare is a multi-billion dollar division of GE and a globally respected brand with way too much to lose to play fast and loose with the truth or federal regulation.

The False Claims Act lawsuit brought by the Department of Justice alleges that eClinicalWorks hardcoded drug codes into its EHR software to comply with certification testing; did not adequately manage imaging orders or drug interactions; and failed to meet data portability requirements. In addition to a $155 million fine, the company has entered into a five-year Corporate Integrity Agreement (CIA).

Making matters worse, the company also settled a case that stated eClinicalWorks paid customers in exchange for recommendations of its software to potential customers, a violation of the Anti-Kickback Statute.

“Electronic health records have the potential to improve the care provided to Medicare and Medicaid beneficiaries, but only if the information is accurate and accessible,” said Special Agent in Charge Phillip Coyne of HHS-OIG. “Those who engage in fraud that undermines the goals of EHR or put patients at risk can expect a thorough investigation and strong remedial measures such as those in the novel and innovative Corporate Integrity Agreement in this case.”

The CIA requires eClinicalWorks to give customers the option to transfer their data to another EHR software provider without penalties or service charges. While current eClinicalWorks customers don’t necessarily need an added incentive to make the move, this savings is helpful to take the first step.

When trust is violated in this manner, it can cast a shadow on the entire industry. We welcome any and all questions that you might have about the case, and how the overall quality and safety of your clinic’s medical records are assured through HealthCo’s hands-on consulting and GE Healthcare’s superior technology and corporate integrity.

Five Healthcare Trends To Monitor In 2017

It’s a new year and time to take a close look at the changes and challenges ahead. Healthcare is a dynamic field that requires constant learning and collaboration—it’s one of the things we love about it. In this spirit, the HealthCo team put our heads together and came up with five big topics that we are keeping our eyes on in 2017.

1. The MACRA/MIPS transition: Another year, another name for quality reimbursement programs. For those clinics that have already attested to Meaningful Use in the past, we see this as a seamless transition. As groups look to move into federal quality programs for the first time, there are lots of questions. Health and Human Services has a great website available to help guide your participation. Additionally, the consulting team at HealthCo is already hard at work with clients who want some additional support during this transition, and we are happy to help your team as well. If you would like to discuss how we can help, send us a quick email and we will have a consultant contact you.


2. Will they, or won’t they…the ACA under fire: The new leadership in Washington, DC has promised a repeal of the Affordable Care Act. Repeal is easy, replacement is not. While statistics vary, most experts on the subject agree that without replacement, a simple repeal of the ACA would eliminate coverage for over 20 million Americans. What will be done to provide coverage to these individuals? This has not been explained by those looking to repeal and their answers will be the key legislative development to watch for in 2017.

3. Continued Payer/Provider Collaboration: As quality programs continue to advance, we are looking at 2017 as a year where improved care data will flow between clinics and payors, allowing physicians to provide the required care to patients at the time of treatment, improving RAF scores and quality ratings. Current GE Centricity customers are going to see Payer Provider Connect become available in 2017. It’s our answer to breaking down the walls that exist today between physician and insurance carriers.

4. Data Integrations and Interoperability make real progress: Locally, the HealthCo team is looking to build off the successful integration of Centricity and EPIC that was launched here in Portland at the Oregon Clinic in 2016. As we move into 2017 a HealthCo customer in the Seattle market is moving forward with this same integration. This effort will expand and grow during the next year. On a national level, 2017 looks to be the year that Fast Healthcare Interoperability Resources, or FHIR, goes mainstream, providing a new and expanded standard for the electronic exchange of healthcare data.

5. Telehealth moves from niche to mainstream: Providers continue to look for ways to more efficiently help their patients while patients want fast answers for the most common health concerns. Thankfully, technology is ready to help provide the solution. Telehealth has continued to expand in the U.S. and we are now seeing progress at the Federal level that should allow for dramatic improvement in adoption of telehealth services in Medicare programs. As provider and patient needs continue to converge, telehealth programs should grow exponentially in 2017.

As the changes to our industry continue to roll in like mysterious rain clouds, we continue to build resiliency to sudden change. Adaptability is how the species survives. I think we can say the same for ambulatory clinics and their IT providers. Together we adapt and thrive in whatever new regulatory and market environments we find ourselves in.

HealthCo’s IT Team Tackled A Major Infrastructure Project


What is it like to work in the IT department of a company that is fundamentally an IT organization? If you’re anything like Anthony Swanson, HealthCo’s Network Administrator and Mark Ferguson, HealthCo’s Network Technician, it’s a lot of fun.

Mark and Anthony both joined the company within the last year. As part of their introduction to their new roles at HealthCo, the team assessed the company’s network infrastructure from top to bottom and brought forth a series of upgrade recommendations. The result of the fact-finding mission was a go-ahead from the Board of Directors to enact the Infrastructure Project.

“We examined our environment and doubled down on everything,” said Anthony. The team also had a small window within which to operate. Starting at 2:00 p.m. on a Saturday and working through the night with only a short nap for rest, Mark and Anthony took the entire network dark while physically moving a fleet of 350 servers weighing over 1000 pounds from one data center to another. It was an arduous move, both mentally and physically. Much to everyone’s satisfaction, the transition was nearly flawless.

The Infrastructure Project doubled HealthCo’s network’s capacity, RAM, speed and bandwidth. “It’s a rare and exciting opportunity to rebuild a company’s entire network,” said Anthony. Anthony and Mark vetted technology partners in a thorough RFP process that delivered the best gear to ensure a stable and reliable environment.

“We’re already hearing that certain tasks like running reports now take a matter of seconds instead of several minutes, as it did before,” said Mark. HealthCo customers are also experiencing the benefits of the new network. Dr. George Tomecki, of The Family Doctors said, “the speed is blazing.”

The new network infrastructure allows HealthCo to more easily meet current demands and scale rapidly, as needed. With a proactive approach and investments in the latest technology, HealthCo’s IT pros are able to optimize the company’s network, readily spot issues as they arise and deliver more business critical data on demand.

Anthony said, “We’re servants providing service.” Which is revealing in more ways than one. Anthony served in the military, he helped build homes for the poor overseas, and he teaches dance fitness and coaches basketball at his kids’ school. Mark is also a dedicated family man, who coaches soccer and baseball and heads to Mt. Hood to ski every chance he gets. Both Anthony and Mark value the family atmosphere at HealthCo and the transparency provided by leadership. “We all know where the ship is headed, and that’s a great feeling,” said Mark.

Anthony Swanson helping to build homes in The Philippines.

Anthony Swanson helping to build homes in The Philippines.

Protect Your Practice from a Crippling Data Breach Before It’s Too Late

UCLA Health announced a breach last week of 4.5 million patient records. This is bad news for the university health system and their patients, and it could be bad news for you if you believe these breaches only happen to big organizations with lots of records. Unfortunately, this is not the case. According to the current “Wall of Shame” posted on the Office for Civil Rights website, only six of the reported 31 breaches of patient data since June 2015 have been in a hospital. The remainder occurred in health plans, clinics and third party service providers.


A data breach is not a case of “if” anymore, it’s a case of “when.” As a clinic practice of two, five or 17 doctors, it can be overwhelming to work through the process of assembling a privacy and security plan for your practice. The good news is there are plenty of resources available, such as an updated guide from The Office of the National Coordinator for Health Information Technology. This guide provides a good roadmap for practices looking to implement a security program. For a starter, here are the seven steps suggested to implement a security management process:

  • Step 1: Lead Your Culture, Select Your Team, and Learn
  • Step 2: Document Your Process, Findings, and Actions
  • Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis)
  • Step 4: Develop an Action Plan
  • Step 5: Manage and Mitigate Risks
  • Step 6: Attest for Meaningful Use Security-Related Objective
  • Step 7: Monitor, Audit, and Update Security on an Ongoing Basis

Before you think you don’t have time or the resources for all of the above, imagine the chaos your practice will be thrown into when you discover a breach of your patient’s data. I have been at the table with physicians as they face the reality of this financial and reputational catastrophe and I can say without a doubt, they all would have traded the time and effort spent on the breach for a proactive approach to building out their privacy and security programs.

Identity thieves don’t just go after big hospitals like UCLA Health. Medical identity theft is skyrocketing due to the high value of these records on the international black market. Thus, any vulnerability will be sought and exploited by ruthless criminal syndicates. These aren’t teenage hackers we’re facing. Which means you too must organize a defense strategy and implement it as soon as possible. You already work hard to help protect your patient’s well being—protecting their medical records and their personal information is now part of the job.