If you think back to late 1998 you may remember that stodgy drug distributor McKesson bought hospital software company HBOC. HBOC had grown into being the biggest HIT software supplier, mostly through a series of acquisitions through the 1990s. At that point most observers believed that McKesson was mistakenly buying a  company that had run out of growth potential and was selling out at the top. If you remember 1999 (and if you owned McKesson stock you probably do!), it became apparent to McKesson that the news was much worse. They discovered that HBOC’s profits were fictional and found that Charles McCall, its new CEO acquired with HBOC, was behind the fraud. In one day McKesson lost half its value. 

Fast forward to last Friday, a mere 4 years and 6 odd months later, and one of the guilty parties, former Exec VP Albert Bergonzi admitted it. Meanwhile the biggest fish, McCall, was indicted only in June 2003. Evidence given by some of the others, notably ex-CFO Jay Gilbertson, shows that the fraud was started in early 1997 basically to dress the company up for sale.

So apart from the awful luck McKesson had by failing to do its due diligence properly, and the consequent suffering of the shareholders (Mckesson’s stock is still where it was immediately after the fraud was announced), the real question is why does it take the better part of 5 years for this fraud to be prosecuted? And does that delay help to encourage other white collar criminals to cheat the books and the rest of us?

I mentioned anecdotally a while back that GPs in New Zealand and the UK are very advanced in their in-office IT use. A GP I stayed with there last March was using a computer to type his patient notes while the patient was in the office.  He was no fresh young doc, in fact he’s much closer to retirement than to hanging his shingle. So what caused this transformation? A national system, national planning, the creation of a single health identifier for everyone in the country, and funding for the technology.  The result is shown in this piece by the New Zealand Health IT Cluster:

80% of GPs use an EMR
95% of GPs, 100% of laboratories and 100% of radiology clinics are connected to the Health Data Network.

More from iHealthbeat

I tend not to let my personal feelings come out in this blog (as I have a couple of others for that) but I find myself pretty grumpy when I read the following passage in Today in E-HealthNews.

Health-plan Web sites fail to provide adequate content when compared with the "high-quality" content users find at retail and media sites, finds Forrester Research’s Consumer Technographics Q3 North America Benchmark Study. According to the study, retail and media Web sites get overall satisfaction levels of 92% and 86%, respectively. But HMO Web sites receive an overall satisfaction level of only 47%, says Forrester. Even if health plans provide reasonable-quality content on their sites, according to the survey, members say they can’t find it. The study reports that 61% of health-plan Web site visitors say that the site’s navigation structures fail to meet their needs..

You may not know that I spent 2 years working for i-Beacon a company that sold web CRM software to health plans.  The software personalized and organized the presentation of a health plan site to the members based on their health conditions and their medications, as well as automatically extracting information about those conditions from the health plan’s claims system.  We argued that if the health plan installed the system, the plan would save money by having fewer people use their call centers because those members would find the information personalized to them on the web site. What does the report say about that?

Forrester also finds that seven out of 10 consumers are so unimpressed by the customer-service capabilities of health-plan Web sites that most of the time they use the phone instead

Now I wouldn’t really mind about that fact that only 2 customers bought our product, if health plans as a whole had been buying and installing similar types of software. (Well, I would have minded but I’d have understood)! Instead, as I wrote in this article last year about my e-health experiences, almost all of them did nothing.  The few that have done something in this arena have not in general tried to integrate or personalize the information that they are presenting to their members, which has led to the poor consumer feedback that Forrester reports.

The problem is that despite all the guff about consumer-directed health care, the average health plan sells its products to HR people at big companies who are much more concerned about keeping costs down than the user experience of their members.  This view is so ingrained that appalling customer service from health plans has been totally accepted for ever.  So if the big accounts don’t care, then there’s no real incentive for health plans to make the effort and spend the money to improve.  Whereas in retail or media, if the individual consumer is unhappy they vote with their feet, their mouse and their dollars. Which is yet another reason why employer-based health insurance is a bad idea.

Meanwhile, if anyone wants to buy an excellent health CRM product going relatively cheap, let me know!

UPDATE: Via Tim Oren’s Due Diligence comes news from Jupiter (Forrester’s big rival) that too much personalization actually discourages web site visitors, and that attempts to figure out someone’s needs and wants from limited information is counterproductive. The report says:

"Given flexible, usable navigation and search, Web site visitors will be more satisfied with their experiences and will find fewer barriers to the profitable behavior sought by site operators," according to the report published Tuesday. "In fact, good navigation can replace personalization in most cases."

So maybe the two companies disagree on their research findings, but perhaps health care web sites have neither personalization nor usable navigation.

This morning WebMD, the de facto giant of the transaction processing and physician office software markets, announced that its earnings and revenues for the next two quarters will be below expectations.  The stock price traded down about 10% in early trading.

What’s puzzling is that this shortfall is due to lower than expected  revenue growth. Most analysis (such as cited in this post) seems to be showing that IT spending in health care is increasing quite fast. Consensus forecasts for WebMD had been 13% annual revenue growth to about $1.1 billion. However, that number will be significantly lower, and revenue growth is likely to be in the single digits. What’s problematic for Wall Street is that WebMD has done most of the reorganization and cost-cutting that it needed to after its chaotic emergence from the Internet bubble. (For more on that and WebMD’s structure see this post). Plus the new numbers do not include any impact from the smoldering DOJ investigation into accounting irregularities at Medical Manager before WebMD bought it.

So it’s probably fair to conclude that this is a market-wide rather than company-specific slow down. WebMD cited the delaying of full HIPAA implementation as slowing the increase in its data transactions. Maybe, but don’t forget most of those are Rx transactions which have been all electronic long before HIPAA was around, so the lower than expected growth is probably on the provider side.  The other area doing worse than expected was physician office software. Overall this suggests that physicians are not using HIPAA as an excuse to totally revamp their office software, and that–despite signs that some physicians are adopting technology in their clinical work–slow, incremental evolution is still the likely pace of change in that environment.

As  healthcare person connected to Silicon Valley by geography and osmosis, I’m always amazed why I don’t quite "get it" and hence why I’m not driving a Porsche, owning 6 houses and lying on the beach like some folks I know.  Tim Oren is a self-confessed Silicon Valley old fart Gray Beard, who really gets technology and writes the excellent Due Diligence blog. (I’ve argued with him about health care and he’s the only guy in the Bay Area who voted for Arnie but don’t let that put you off!). Tim’s recent post about how tech innovations come out of nowhere, "You never know where you’re going till you get there" is wonderful, and I just had to quote this line here:

I served on the program committee for ACM Hypertext ’91 in San Antonio. We hold the distinction of relegating a certain prototype by a Mr. Tim Berners-Lee into the poster and demo track, since (as I recall the discussion), it didn’t present much theoretical novelty, and the user interface sucked. Well, it did.

Those of my health care readers who don’t know what this is referring to must subject themselves to the public ridiculing of asking me! But go read Tim’s article.

I’ve been having a background email conversation with Lisa Williams who covers many medical blogs as part of her blog Learning the Lessons Of Nixon and kindly refers back to me. (Lisa does seem to think this is a blog just about scandals in health care. I keep trying to tell people that this is an objective blog about the entire health industry, but they’ll call it the way they see it, and there have been a few naughties lately!). Regarding my post on Wi-Fi security, Lisa writes:

I was at a healthcare facility — a hospital which will remain unnamed — and found an unsecured wireless LAN by accident. It should be noted, however, that access to a LAN emphatically does not mean that you can get access to patient records.  Each system which does something for users — an email system, a database containng records, a billing system — may be connected to a network, but just because you’re on that network doesn’t mean it’s any easier for you to get into that system if you are not authorized to be there.  It’s sort of like houses on a road: Just because you can get on a street where there are houses doesn’t mean that you can automatically let yourself in to any house. It’s worse, even, because being on a computer network won’t give you the same cues that a system with data is nearby, the way your eyes will if you are walking down a street that there is a house nearby — you won’t know if there’s a door or where it is, or if you get there, how to open it. The example you gave regarding your own LAN only shows how unsecure consumer software is; most people don’t bother to have a password when they boot up their machine, and so, when connected to a network, that machine is wide open.  But almost any program in a work setting requires logon.  So, by all means, secure your network, but the best security is always provided at the "house" level rather than at the "road" level.

It’s worth noting that workers in many healthcare settings do have Windows laptops that aren’t much (or any) different than what you or I have at home.  Would those contain personal information on a patient? What about email?  Sure.  I suspect the "big" systems that are central to containing registries of health data require *at least* password authentication, and have other forms of security.  The problem is securing PCs.  My husband works for a company that lets you configure hundreds of PCs over a network simultaneously.  Who are the biggest new customers? Hospital chains and HMOs.  Sure, they probably use it to install the latest virus patch, but I wouldn’t be surprised to have someone use it to say, Okay, everybody’s PC that we own here is going to have X security software and settings, period.   

If the individual PCs aren’t secure, then wireless does increase the risk, because walking around with an ethernet cable looking for a jack in a hospital or doctor’s office is gonna attract some attention!  And sitting there with a wifi device isn’t.

I’d only add that the Laptop PC security management problem Lisa brings up will be expanded by the numerous PDAs and smartphones that will be making their way into clinicians’ hands in the next few years.

Speaking as an ex-real and current hack futurist, this title disturbs me.  However, jumbled up in this interview with ex-Yale surgeon Richard Satava are a bunch of very interesting concepts. He discusses the potential impact of smart dust, radio-tagging (RFID) and remote telemetry, xenotransplantation, nano-technology and organ regeneration on the future of human health.  If after reading it you fell like someone threw a bucket of science-fiction technology water all over you, I recommend that you hop over to Robert Mittman’s Technology Foresight columns on the iHealthbeat site, which give you more measured and controlled sips of each concept. (You need to register but it’s free and there’s a wealth of stuff there–thanks Wellpoint!)

In particular take a look at the articles on smart dust, RFID, and nanotechnology.  Robert is a professional forecaster (rather than just playing one on Yale Medicine News) and delivers a more rational explanation of the pace of change within each technology sector–not that Satava’s vision isn’t a lot of fun.

You may recall that when I wrote about the market for drug-coated stents, I made an off-hand remark about a Canadian health services researcher who told me that stents were a waste of money because, from a health services research point of view, you get more bang for your buck by just doing angio. Well it appears that some health services researchers–who are even smarter than the Canadians, because they’re at Stanford–have gone even further and concluded that drug-coated stent or not, bypass surgery is more cost-effective than angio! (Full disclosure: I went through the Stanford HSR program & I studied under/with three of the report’s authors. I don’t know anything about this research, but I do know that they are a hell of a lot smarter than I am).

The researchers built a complex computer model based on a study done 10 years ago comparing angioplasty with cardiac bypasss surgery. They built in corrections that made the data look as though today’s rate of stent use was used at that time, and adjusted for the improved impact of today’s stents.  They then looked at the outcomes and costs of follow-up treatment over the next five years. It turns out  that the five year cost was about the same and that quality of life was actually better for those who’d had the bypass.  In fact the advantages by the ten year mark were considerable.  Here’s a detailed press release explaining the study’s methods and conclusions.

Even more direct is what the authors say in the abstract:

"Primary stent use cost an additional $189,000 per QALY* gained compared with a strategy that reserved stent use for treatment of suboptimal balloon angioplasty results" and they conclude that "Bypass surgery results in better outcomes than angioplasty in patients with multivessel disease, and at a lower cost".

Traditionally in this country, we’ve ignored health services research as it often tells us that less care is better care, but less care means less money to those in the industry and those supplying it. Here’s a case where something that costs a little more up-front and has its own constituency (bypass surgery) saves money and improves outcomes over the long-run compared to its more recently developed rival. If this was paid for by insurance companies that expected their members to be in another plan within two years, they’d be right to go for the cheaper option.  But in this case the majority of people undergoing these procedures are in one insurance plan called Medicare, paid for by you and me. And if they’re not in Medicare when they undergo the procedure, they will be soon enough when the added costs from recurring blockages that follow angio often require another procedure. So it’s not unreasonable to expect that the folks at CMS are reading this study too and may start taking a long look the use of stents. Prepare for this study to be widely ignored by the stent industry who right now I’m sure are working on their own research to refute it. $5 billion will not go quietly into the night.

*QALY is Quality Adjusted Life Year–a measure of life expectancy that takes into account the patient’s health, so that a year lived in good health is valued more highly than one lived with serious health conditions restricting activities of daily living or requiring significant medical care.

According to AIS’ Business News wireless networks can create major HIPAA vulnerabilities.  This seems obvious but if the network is not secure and doesn’t require authentication, anyone within range can get on the network and with a tiny amount of knowledge get into other computers on the network.  Of course that’s a huge security vulnerability. That’s well known. 

Let me give you an example not in health care but very close to a home I know well–mine.  I have wireless LAN in my office on the ground floor. To get onto my network you need to know an authentication code, so it’s very secure.  But upstairs in my house, while my LAN doesn’t go up through the floor, I can pick up no less than 4 other networks in my apartment building, for which you do not need an authentication code to get on.  Last night I was watching the baseball and (I guess illegally) using one of those networks to post on my blog.  I then shut off Explorer and email and was working on a word document (while Oakland decided that it was time for a Red Sox/Cubs world series). I then got a call from my neighbor.   My computer was still active on his wireless LAN, he had found it on his network and had found out who I was by poking around in my files, called me up and asked to get off his network!  So as an amateur "wardriver" my computer was vulnerable too.

So given the number of people who like me use other people’s LANs in an unregistered/illegal way, how many clinicians are exposing patient information without knowing it?

Gartner says healthcare IT spending is going to $41 billion next year and will be $46 billion in 2005. This sounds like a very big number to me. Back when I was looking at this intently in the late 1990s, estimates of healthcare IT spending varied from $4 bn to over $2O billion. Of course it all depends what you mean by health care and what you mean by IT spending.  The $4bn number probably only really means software and some hardware for the provider sector–and is equivalent to the revenues for the top 100 health care software companies. The bigger number probably includes communication technology as well as hardware and all software for all health care companies including the pharma market.

In any event the reasons given for the increase are HIPAA concerns, increased pressure for CPOE and the move to wireless.  That’s clearly all true, and given the reduction in IT spending in other industries, it’s good news for the health care IT industry.  It’s hard to parse out the data for those HC software companies as the two biggest, SMS and HBOC are part of Siemens and McKesson respectively.  McKesson’s information unit (the old HBOC) only had a 4% year on year increase last quarter. However, another big player, Meditech,  does post its numbers in its Annual report, which show a big revenue increase from $216 million the dark days of 2000 to $256 million last year–more than a 10% annual growth rate.