Prescription discount site GoodRx will pay $1.5 million to settle Federal Trade Commission charges that it shared the health data of users with advertisers using the Meta Pixel website user tracker.
This is significant because GoodRx is not a covered entity under HIPAA, but was charged under FTC’s Health Breach Notification Rule that covers any vendor of personal health records and third-party service providers. This is the first enforcement of the rule, which was created in 2009.
The company also agreed to obtain consent for any use of patient information, notify users whose information was exposed, demand that companies that received the information confirm its deletion in writing, create a privacy program, and commission a third-party privacy assessment.
GoodRx comments on the action:
- The issue was addressed nearly three years ago, before FTC stared its inquiry.
- The company admits no wrongdoing, but says the settlement avoids the cost of litigation.
- The advertising pixel, which GoodRx removed in early 2019, remains in common use, including by hospitals and the federal government.
- The company disputes the charge that it violated the Health Breach Notification Rule, saying that it believes its use of the advertising pixel was compliant.
- The only information that was shared was IP address and website URLs of content that the user reviewed, with confidentiality agreements in place.
A follow-up tweet from the author of the GoodRx article linked to above says that despite the permanent ban, GoodRx is still sending health data to advertisers. The company responded to his inquiry by insisting that it isn’t a problem because it is tracking such use as required by its new compliance obligations.
From SeekingEmployment: “Re: Kyruus. Seventy people were let to Wednesday morning.” Unverified, but layoffs were reported by several now-former employees on LinkedIn. A company spokesperson responded to my inquiry by saying that while Kyruus is streamlining operations in integrating three organizations under the Kyruus umbrella, it will not comment on specific changes.
From Krill Feeder: “Re: more slide decks from the J.P. Morgan Healthcare Conference. Health Catalyst uses a happy-flywheel graphic, albeit without inclusion of the textual ‘virtuous circle’ claim that was used by aggressive e-commerce vendors. Is it persuasive?” The virtuous circle (or cycle), as the opposite of a vicious circle, refers to a recurring series of events in which each positively improves the effect of the next as a never-ending cycle of good news. Whether it is inevitable or aspirational probably depends on who is displaying it and for what reason. Company investor pitches are of the “never is heard a discouraging word” variety except for the 2-point font “forward-looking statements” section that is mostly ignored because it is as entirely negative as the rest of the slide deck is positive. Readers, what say you about virtuous circles and flywheels in particular and the use of descriptive graphics in general?
From Fry Salter: “Re: hospital websites taken down by Killnet hackers. The hospitals aren’t admitting that they were breached.” Probably because they weren’t. Taking a website offline via a DDoS attack is like spray-painting your name on a hospital’s billboard – the hospital IT folks can bring it back quickly to restore their few mission-important functions (like paying bills or scheduling appointments). It’s the technology equivalent of angry truck drivers clogging up highways to bring attention to their plight, except that most hospitals aren’t going to suffer much from lack of website availability. The pro-Russian Killnet group that is behind the attacks claims that it has exfiltrated data from unnamed hospitals, which would be a much more important development.
From Ibis: “Re: HIMSS Accelerate. It launched 18 months ago. I haven’t heard it mentioned by any colleagues even once.” All I see on the site is endless cross-posts from Healthcare IT News. It looks like it was expensive to develop and payoff seems minimal. I give HIMSS credit for trying something new, especially after the HIMSS20 cancellation brought it to its knees and raised sobering questions about the future of running profitable in-person conferences.
HIStalk Announcements and Requests
You may have had problems reaching us by our HIStalk email addresses over the past week due to two problems (warning: geek talk) that I hadn’t noticed with the server migration: (a) required changes to the SSL certificate and SMTP server name and port changes weren’t made; (b) the webhost didn’t update the email A record to point at the new server. Anyway, all appears to be fixed and working now.
Acquisitions, Funding, Business, and Stock
DrFirst acquires the caregiver collaboration tools of Diagnotes.
Spotify founder and CEO Daniel Ek launches Neko Health, which will offer 15-minute, full-body diagnostic scans followed by a physician’s consultation for $164. The Sweden-based company was founded in 2018 as HJN Sverige prior to Ek’s investment.
A newly laid off employee of Seattle-based consulting firm Brightwork Health IT reports on LinkedIn that the company has closed. Several former employees have updated their profiles with a January 2023 job end date. One of those is Tabitha Lieberman, former president of the company’s EHR and healthcare applications business, who was laid off after just eight months on the job after a long career with Providence St. Joseph Health. She says on LinkedIn that “Brightwork will continue, but in a smaller form.”
Business Insider lists the 15 formerly highest-valuation healthcare startups, most of which haven’t raised funds lately and some of which may struggle to find operating cash:
- VillageMD – $16 billion valuation (primary care operator).
- Devoted Health – $15 billion (health insurance).
- Tempus Labs – $10 billion (precision medicine software).
- Datavant – $7 billion (health data software).
- Ro – $7 billion (prescriptions for erectile dysfunction and hair loss, telehealth for skincare).
- Cityblock Health — $6 billion (Medicaid clinics).
- Hinge Health – $6 billion (virtual physical therapy and surgical rebab).
- Lyra Health – $6 billion (mental health services for employers).
- Cerebral – $5 billion (therapy and prescriptions for ADHD and depression).
- Color — $5 billion (genetic testing for health risks).
- Olive – $4 billion (services automation).
- Noom – $4 billion (weight loss).
- Commure – $4 billion (healthcare data integration).
- Everly Health – $3 billion (home lab testing).
- Komodo Health –- $3 billion (healthcare data analysis).
Health IT investor John Gorman predicts “an impending extinction-level event” for many early and mid-stage health tech companies that will start late this year, as most startups raised two years of cash in 2021 and 2022, cut their burn rate to extend their runway, but still have less than 12 months to try raising again in a difficult market or either selling the company or merging. He advises his own firm’s portfolio companies:
- Raise money now before the rush later this year.
- Cut burn rate decisively, although recognizing that R&D and sales are must-haves.
- Focus on survival rather than valuation.
- Bring in veteran C-suite operators since launch teams often struggle in difficult environments.
- Go on offense to gain market share while competitors are struggling.
- Consider mergers and joint ventures to better compete on RFPs.
- Beacon Health System chooses Biofourmis for remote patient monitoring technology for its eight hospitals, initially focusing on congestive heart failure and COPD.
- In Canada, the Nova Scotia government will implement Oracle Cerner in a 10-year, $275 million project.
- Floyd County Medical Center (IA) upgrades to Meditech Expanse with assistance from Healthcare Triangle.
- Atlanta Women’s Health Group chooses EClinicalWorks and Healow.
- Wellity chooses EClinicalWorks and Healow.
- Samaritan Health Services will replace its legacy PACS with Visage 7 Enterprise Imaging Platform in an eight-year, $9 million agreement.
Johns Hopkins University and Medicine hires Richard Mendola, PhD, MBA (Emory University) as VP/CIO.
Bhaskar Sambasivan, MEng, CEO of CitiusTech for 16 months, posts on LinkedIn that he will resign once a replacement is found.
Scott Frederick, RN, MSHI (RPM Advisory Group) joins newly launched vestibular rehabilitation remote monitoring platform vendor TheraVista Health as CEO.
Announcements and Implementations
Azara Healthcare launches a cost and utilization application for its population health platform.
Clew Medical launches a program to convert users of Philips EICU software to its virtual ICU platform in 12 weeks, including FDA-cleared predictive models, a workflow platform, and integration with EHR, monitoring devices, and AV equipment. Industry long-timer Paul Roscoe came on as CEO in November 2022.
Yale researchers are using machine learning to predict physician turnover, using de-identified EHR and physician data to review the amount of time they are using EHRs, their patient volumes, and their ages and length of employment. The small study of 319 physicians in a single health system correctly predicted departures 97% of the time. The authors note as an example that the risk of departure was highest for doctors between the ages of 45 to 64. They also noted that higher levels of EHR documentation time was associated with a lower departure risk for doctors who were hired within the past 10 years, but a higher risk for longer-employed doctors.
Government and Politics
A press update indicates that HHS will recognize the first set of organizations that will be approved as QHINs under TEFCA on Monday, February 13.
Banner Health will pay $1.25 million to settle HHS OCR HIPAA charges from a 2016 data breach that involved the records of nearly 3 million patients.
A woman is billed $14,000 for her newborn’s NICU stay at in-network Northwestern Medicine Prentice Women’s Hospital because that hospital covers using doctors from Lurie Children’s Hospital – which is connected to Prentice Women’s via a walkway – which was not in her insurer’s network. Lurie turned her balance over to collections, but wouldn’t talk to reporter about why, citing HIPAA even though the woman signed a release. Faced with media coverage, Lurie suddenly decided after months that she owned nothing after all. Lurie denied knowledge of a 2011 state law that prohibits billing out-of-network rates for certain types of doctors, including neonatologists, and the state attorney general’s office says it has never enforced it.
- CTG earns AWS Service Delivery designation for the Amazon Connect cloud-based contact center service.
- Ellkay publishes a new client success story, “Seattle Children’s: The Value of Choosing the Right Data Management Partner.”
- Fortified Health Security names George Srour (Critical Insight) regional sales director.
- Nordic publishes DocTalk Ep. 202, “The Marvel of In-House Business Intelligence.”
- Juniper Networks expands its global Juniper Partner Advantage Program with a host of new updates in 2023.
- Healthtech Consultants, a Nordic Global company, earns the top performance score in KLAS’s first report on EMR consulting services in Canada.
- Pennsylvania’s HAPevolve will offer hospitals the care transition platform of WellSky-owned CarePort.
- Meditech AVP Cathy Turner, BSN, RN receives the 2023 HIMSS Changemaker in Health Award.