Ransomware Attack on Allscripts’ Cloud-Based EHR and E-Prescribing Platforms: What Providers Need to Know

pexels-photo-263370.jpegBy Kathie McDonald-McClure

What Happened. According to several healthcare news sources, on Thursday, January 18, 2018, Allscripts experienced a ransomware attack on the computer servers that host the Allscripts cloud-based EHR and the Allscripts cloud-based Electronic Prescriptions for Controlled Substances (“EPCS”) platform. Allscripts did not pay the ransom because it had recent data backups that were unaffected by the attack.¹

Initial Impact on Allscripts’ Clients. The EPCS reportedly was restored on Saturday, January 20, 2018. The EHR system reportedly continued to be adversely affected through at least Monday, January 22, 2018, with some providers still reporting log-in issues through Wednesday, January 24, 2018. Allscripts held a conference call with providers in which it advised providers that they may continue to experience usage interruptions with the cloud-based products until Allscripts completed a roll-out of security updates. During down times, Allscripts urged providers to use the Allscripts mobile solution (only available on the iPhone) to view medical histories and schedules but acknowledged that providers would be unable to Continue reading

Can blockchain technology solve healthcare IT security and interoperability challenges?

On March 20-21, 2017, multiple healthcare technology companies came together in Washington, D.C. to host The Healthcare Blockchain Summit.  Blockchain, the technology that underpins bitcoin technology, keeps data secure in a “distributed, encrypted ledger” while allowing control over who can access that ledger.  This is the hottest technology being discussed today as a way to secure confidential or sensitive data.

The on-line technology publication, Wired, describes blockchain’s security method in a February 1, 2017 article as follows: “Rather than having one central administrator that acts as a gatekeeper to data—a list of digital transactions—there’s one shared ledger, but it’s spread across a Continue reading

Stages 1, 2, And Now 3, Meaningful Use Criteria

The Centers for Medicare & Medicaid Services (“CMS”) proposed Meaningful Use criteria to implement Stage 3 and allow eligible professionals, eligible hospitals and critical access hospitals (“CAHs”) to qualify for incentive payments (or avoid downward payment adjustments) under the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program implemented by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009. stethoscope, keyboardThen CMS made changes to Stage 1 and Stage 2 Meaningful Use criteria to better align with the proposed Stage 3 criteria just two weeks later.

On March 30, 2015, CMS published a long-awaited proposed rule which, if finalized, would implement Stage 3, making changes to the objectives and measures of meaningful use for providers effective in Continue reading

April 1 Deadline for Hospitals to Earn EHR Incentives

The Centers for Medicare & Medicaid Services (CMS) reminds hospitals that 2015 is the last year for eligible hospitals to begin participating in the Medicare Electronic Health Record (EHR) Incentive Program and earn incentive payments.

In order to earn a 2015 incentive payment, be eligible for a 2016 incentive payment, and avoid a 2016 payment reduction (called an “adjustment”), first-time hospital participants should:

  • Begin their 90-day reporting period no later than April 1, 2015 and
  • Attest by July 1, 2015.

Eligible hospitals that do not start their 90-day reporting period on April 1, 2015 have one last chance to earn a 2015 incentive payment if they begin their reporting period by July 1, 2015 and attest by Continue reading

Providers Talk, CMS Listens: CMS Announces Plan to Modify Meaningful Use Requirements

On January 29, 2015, Centers for Medicare & Medicaid Services (CMS) electronic health recordannounced its intent to make changes to the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs beginning in 2015, which aim to “help to reduce the reporting burden on providers.”

Providers have expressed concerns about the EHR Incentive Programs’ requirements and their burden on providers. In response to those concerns, CMS is considering whether to:

  • Shorten the EHR reporting period in 2015 to 90 days to accommodate these changes.
  • Realign hospital EHR reporting periods to the calendar year to allow eligible hospitals more time to incorporate 2014 Edition software into their workflows and to better align with other CMS quality programs.
  • Modify other aspects of the program to match long-term goals, reduce complexity, and lessen providers’ reporting burdens.

CMS is expected to engage in rulemaking this spring to implement these changes to the EHR Incentive Programs. These changes will not be included in the proposed regulations regarding Stage 3 meaningful use requirements and criteria that CMS plans to issue by early March 2015 and which will apply in 2017 and subsequent years.