Issue link: https://beckershealthcare.uberflip.com/i/1161749
48 CIO / HEALTH IT Allscripts CEO Paul Black on interoperability, APIs and the 1 EMR perception he'd change overnight By Jackie Drees P aul Black, CEO of Allscripts, discussed the health IT vendor's efforts to improve EMR interoperability and what soware ven- dors need most from ONC's proposed rule. e Chicago-based health IT vendor offers EHR, financial and pop- ulation health management platforms to hospitals, health systems, physician practices and healthcare facilities globally. Adding to its list of services in June, Allscripts purchased prescription drug monitoring startup ZappRx, a move that will jumpstart Allscripts' efforts in the specialty pharmacy marketplace, Mr. Black said. Prior to joining Allscripts in 2012, Mr. Black served in various ex- ecutive positions at Cerner before ending his stint with the health IT vendor in 2007 as COO. He began his career with IBM, where he spent 12 years in various leadership roles in sales, product marketing and professional services, and he also served 16 years as chairman of Truman Medical Center, a 400-bed safety net academic hospital in Kansas City, Mo. Mr. Black is a current board member of Netsmart, the Advancement Board University of Kansas Health System and the Harry S. Truman Presidential Library. Here, Mr. Black shares his thoughts on ONC's proposed interoperabil- ity rule, how Allscripts is promoting data sharing between organiza- tions and the EMR perceptions he wishes he could change. Editor's note: Responses have been lightly edited for clarity and length. Question: What are your thoughts on ONC's proposed in- teroperability rule? Paul Black: ere are some pros and some cons to it. On the pro side, it›s clear they put a good deal of thought into the categories for information blocking exceptions. ey did a nice job of defining what it isn't, which is helpful. Also, the focus on application programming interfaces, which we've been banging on that drum for 12 years now, is a great idea. We have supported it not only for EMR-to-EMR interoperability, but for EMR-to-registry interoperability and for patients to get easier access to their health information. e calls for transparency are also very important because of the difficulties around getting one EMR to talk to another. We would like to see more work done on these expansive definitions as well as cost recovery on the interoperable properties. e cost re- covery piece is pretty interesting because of the way they put it out; it's almost like they have put caps on it and/or are doing pricing for [the vendors], which is certainly something that has not been done for us for a very long period of time. ere's also a great deal of ambiguity in the rule with different phrases such as "soon as possible" and "rea- sonably," which are interesting words involved in this world of black and white. When it comes to soware especially, we [as vendors] need specificity and our clients need it as well. Q: What do you think about the proposed timeline for the rule? PB: e timeline is almost bordering unreasonable because of the scope of the ideas in addition to the other regulatory compliance work that we're already doing. Our plate is already, I wouldn't say full, but we're pretty busy doing other regulatory work and being compliant with those rules as they're coming out, as well as those regulations that have been out there for a while since the beginning of Meaningful Use one, Meaningful Use two and the Medicare Access and CHIP Reauthorization Act, etc. We're plugging away, and this is not an inconsequential amount of work for us to become compliant in the time frame ONC is suggesting. (Continued on page 50.) Patient data from EHR vendors found for sale online By Jackie Drees G oogle Chrome and Mozilla Firefox browser exten- sions were used to extract and sell users' personal information from more than 50 companies, includ- ing EHR providers DrChrono and Kareo, according to The Washington Post. In a July 18 column for the Post, technology columnist Geoffrey Fowler and independent cybersecurity researcher Sam Jadali examined the cybersecurity leak. In Mr. Jadali's report "DataSpii: The catastrophic data leak via browser extensions," he noted six Chrome and Firefox browser extensions that shared users' data with marketing intelligence service Nacho Analytics, which offered access to website data for $49 a month, according to the report. Collectively, the six browser extensions gathered data from more than 4 million users. The names of the browser exten- sions are Hover Zoom, SpeakIt!, SuperZoom, SaveFrom. net Helper, FairShare Unlock and PanelMeasurement. DrChrono, an EHR vendor, and Kareo, an EHR manage- ment software, were listed among the companies whose users' data was exposed on Nacho Analytics' website. From DrChrono, Mr. Fowler and Mr. Jadali found informa- tion including patient names, physician names and med- ications listed. Kareo information exposed were patient names. Kareo told The Post it is working to remove names from its website page data, according to the report. Since notifying Google and Mozilla of the cybersecurity leak, Google remotely deactivated seven browser exten- sions and Mozilla deactivated two, The Post reported. Mo- zilla also deactivated a browser extension in February. A few days after the browser extensions were shut down, Nacho Analytics posted a statement to its website that it experienced a "permanent" data outage and is no longer accepting new clients, according to the report. n