BoxLogo It’s not often that non-healthcare startups make it to the review list at Multiplyd. But the recent news about cloud storage mega-startup Box moving into healthcare is too tempting to ignore. Let’s first talk about what Box does, and then dissect it’s applicability to healthcare.

Box is a cloud storage, file-share-and-sync company. It claims more than 8 million users and has taken about $284M in funding so far (yeah, that’s right.. >quarter of a billion). With that kind of hormonal surge, it wants to grow up. Fast. And become an enterprise storage company, beating some of its rivals to the punch.

Last month Box announced that they are embracing healthcare, HIPAA and all. “That’s gutsy..” was my first thought. It’s about time we created some of the fundamental building blocks for modernizing healthcare IT – storage, communication, mobility, scheduling, collaboration, pricing, discovery, to name a few on my wishlist. No doubt we need broad disruptions like this in healthcare. If companies like Box solve a fundamental infrastructure problem like storing PHI in a device-agnostic secure platform, it’ll take away some of the complexity of developing for healthcare. More innovation will certainly ensue. The healthcare partnerships Box kicked off with are already some of the young disruptive startups in the field.


To make this a balanced analysis, let’s see the if there are other points to consider. And to do that I’ll put on my traditional health IT hat, deformed and stained as it may be from having worked with EHRs and HIEs for more than a decade.

1. Workflows – Storage is fine. But what about the darn workflows that get/put things in that storage? The ER visit that needs access to your cloud-stored Medication will also need to reconcile them somewhere. And once that is done…. ahem…. in the EHR, it’ll probably need to be updated back in the cloud storage (perhaps Blue Button can help, but it’s not quite there yet in terms of adoption). My point is that without workflows, it’s a bit like taking your hard disk to work/vacation instead of laptop. And whether we like it or not, 95% workflows in healthcare today are done on incumbent EHRs. I’d like to see Box become vendor of choice for some of the multimillion enterprise EHR systems. Then we’ll really be making a dent.

2. Content ownership – Storage may assume clear ownership of what’s being stored. We wish, but it’s not that simple in healthcare. Some first-hand experiences at IDS like Kaiser have proved to me that DURSA is a synonym for chaos in healthcare. Is everything owned by the patient? Yes? Then why don’t all patients carry home their entire medical records? Perhaps it’s the hospital that owns it? Maybe the insurance company? The answer is anything you want it to be. What complicates it further are nuances like consent (which is a conundrum by itself) and state jurisdictions (Exhibit A – if the patient has Anthrax, which is state notifiable disease and a public health risk, the state owns the information regardless. Exhibit B – how to give break-the-glass type access during an emergency). My point is not that this is insurmountable. Only that the number of dials and knobs needed in a healthcare content dashboard and administration is an order of magnitude higher that any other industry.

3. Mobile access – This is where Box’s vision may shine. The inherent complexities and convolutions of healthcare may start to fade when tempted with the mobility value proposition. Your neighborhood endocrinologist values family dinners and golf outings as much as you. So anything that lets him/her easily get to the information he needs, will get traction. A platform that centralizes information and makes it available on-demand, in device-independent way will be appreciated. Incumbent systems like EHRs can have their own flavors (Exhibit A: Haiku) but we may still need a neutral party to do the data arbitrage with smart features like device pinning.

4. Collaboration – Sharing links not files, version control, discussion threads, tasks, etc. are worth doing in a consistent way across applications. So Box can bring value here too. But this featureset is less about technical prowess and more about business development. The more applications Box can bring to it’s platform, more sticky it becomes. Interoperability is undoubtedly the next frontier in healthcare IT, and everyone in the traditional industry is solving it using byzantine standards like IHE, HL7. Maybe there is a simpler way.

Ah, ‘Simple’. It’s uncanny how that word keeps coming up when talking about Box. Not all of it can be credited to its elegant offering though. I think the technology world around us has grown like foliage in an amazonian rainforest. Continuous barrage of super-specialized, hyper-ambitious offerings takes its cognitive toll. Try to browse the startup listings on AngelList, for example. Hybrid taglines (“ meets Groupon” is one) sound cool but I still have to repeat it few times to understand what the company does.

My point is that simple visions are starting to stand out. Maybe that’s why Box is such a media darling. It’s almost like we subconsciously want to believe that a simple approach to storage and content management makes sense. And may be it does. But it’s certainly not a panacea. I’d like celebrate Box’s move into healthcare, but not necessarily as a savior. Smart startups taking aim at healthcare bodes well in general.

Like in the 80’s Sun Microsystems made a splash with it’s prophetic tagline “Network is the computer“, I believe the next transformational wave in healthcare IT thinking is going to be about the network (read exchange, analytics, population). Time will tell if the cloud storage value proposition survives on it’s own in healthcare.

PS: Interestingly enough, it seems like Sun was considering “Network is the disk drive” as the slogan first, according to this article. Apparently that didn’t capture the intent. Not then, not now.




As I’ve pointed out before, referrals is a complicated workflow in healthcare. But it’s important nevertheless because it affects transition points in a patients care continuum, in turn affecting outcomes and cost.

Par8o was founded by the same guys who started Sermo (the online physician community that had the distinct honor of being the first review on Multiplyd 🙂 ). It’s a referral management platform for physicians and their staff. Basic participation features like send/receive referrals, adding staff is free. For $80.20/month, the premium account will enable prominent placement in search results, personalization (availability, insurance accepted, etc.).

The recent rise of startups focused on referrals indicates another failure point in the conventional EHR world. Why, one wonders, is this not just a feature of the EHR installed in the PCP and specialists’ office? Or a service provided by the regional Health Information Exchange (HIE)? Having yet another place to log in, figure out, and use is a detriment for the average physician who is time-strapped. Other headwinds exist. ONC‘s push for Direct Project based secure messaging may start creating a genuinely untethered (from EHRs) way for physicians to connect with each other. Competing with the current fax, phone system of referral is not easy either. They may be ugly and inefficient, but they are there. With established workflows and staff familiarity.

The gold at the end of referral management rainbow lies in two pots: Analytics and Provider Directory. The former provides overarching insight that has never truly existed thus far. Local referral patterns can be extremely useful for an organization (or an incoming independent provider) that is trying to grow roots in a given geographical region. Interesting side note: Fred Trotter is trying to figure this out by mining medicare data. Another example can be a referral leakage report that points out which kinds of patients are being referred out of the network and to whom are worth their virtual weight in gold for an aspiring ACO or an existing IDS.

Provider Directory is a comprehensive, up-to-date list of verified providers that includes, amongst other attributes, a secure digital way of reaching them. That may sound as simple as the yellow pages, but it’s not. The ideal Provider Directory that spans geographies is a great monetizable asset since any vendor who wants to sell something to those providers needs a valid, secure digital way to on-board and reach them. Not to mention the benefits to patient care when all providers can communicate with each other, irrespective of their bonding to the default EHR system.

Although referral management natively fits in EHRs functional spectrum, EHR vendors are most probably not going to get there fast enough or do a good enough job once they do. So there is definitely room for a dedicated referral management solution today. Since this is a network play, my money would be on a team that has created large viable physician networks before. Par8o (Sermo DNA) , Doximity (ePocrates DNA) both fit the bill.


When EHRs started showing up on the mainstream industry radar a couple of decades ago, everyone focused on how they helped get rid of the archaic paper records and digitized care delivery within organizations. How time changes perspective. Now EHRs are somewhat commodity and local, intra-organization workflow digitization is a bit passé.  The buzz now are inter-organization workflows and health information exchange.

Within the conventional realm of EHRs, attention was given to modules that emulated real-world clinical workflows like order entry (as CPOE), medication administration (as eMAR), etc. But with interoperability as the next frontier, we are seeing new solutions that tackle hitherto unrecognized/under-appreciated healthcare information topics. One such topic is consent management.

If you think consent is just a simple boolean flag that needs to get stored in a table somewhere, think again. Consent is a surprisingly complex multifactorial concept that is mired in vague laws that differ from state-to-state, but needs to be implemented accurately as a gatekeeper for critical information. Consider the following examples of what all needs to be factored into consent management:

  • Consent can be of different types: consent to disclose information, consent to access information
  • Consent can be given at different levels: provider, group, region, state, HIE
  • Consent can have different implementations: full opt-in, full opt-out, opt-in with restrictions, opt-out with exceptions
  • There are different workflows that interact and over-ride consent: like ‘break-the-glass’ functionality that lets certain providers access information in case of emergency
  • Consent is governed by different laws vary by state: For example, in NY a minor (<18 years) can receive certain reproductive, mental health services regardless of their parent’s consent. So the consent management software has to not only track the parental consent but also the child’ birth date, procedure/diagnosis and reconcile them constantly
  • Other thorny questions: time range applicable to consent (can/should it be retrospectively applied? what about reports that have been produced before patient chose to opt-out?), public health considerations (does the state own information about critical communicable diseases irrespective of consent?), what to default to if consent is unknown (opt-in? out? restricted?), how to handle conflicts between systems that claim to have consent, etc.

This paper by ONC is a good summary of most of the nuances related to consent. It’s no small feat for a Healthcare IT vendor to manifest nation-wide consent management as software artifacts, esp. if they have to retroactively fit it into legacy offerings. Which brings me to Health Information Protection And Associated Technologies (HIPAAT). They provide consent management and auditing software to enable health information privacy for various healthcare participants. What makes them unique is that they are the only vendor I know of that does nothing but that.

The core HIPAAT product seems to be ‘Privacy eSuite’ (PeS), which is essentially a consent validation and management SaaS offering that can be implemented by EHRs, HIEs and stand-alone care organizations. PeS would help its customers implement consent workflows like break-the-glass functionality in their native applications. Other interesting products are myConsentMinder (a consumer-oriented web application that helps patients self-manage consent) and the IHE-ATNA compliant Universal Audit Repository (stores and implements PHI-related auditing capabilities).

HIPAAT is another example of my previous point about healthcare IT excellence emerging in narrow niches. Traditional market solutions are getting bloated because they are trying to do too many things. Superlative marketing and regulatory anxiety are muddying the field by encouraging cross-dressing. EHRs are trying to claim interoperability features (e.g. Epic’s abysmal failure called Care Elsewhere) and HIEs are trying to do EHR work (e.g. Axolotl’s EMR lite and Medicity‘s ProAccess).

I’m a bit pessimist about the near future being kind to niche solutions. I think most of these one-trick-ponies are going to get acquired by richer incumbents. Specially the incumbents enjoying the cross-subsidy of their parent conglomerates, like Medicity (owned by insurer Aetna), McKesson (main business is drug distribution) or GE (truly diversified). But once the market zeal for inorganic growth slows down, the once remaining will be having a genuine value proposition that is worth paying for. And I bet that will be a more focused set of survivors who do a few things, but do them right.

Enhanced by Zemanta

Easy Referrals

In healthcare, ‘referral’ is used when a provider from one clinical domain directs a patient to a provider in another clinical domain. Most prominent use case is when a primary care physician (PCPs) refers a patient to a specialist or for services  performed outside the PCP’s office (diagnostic tests, outpatient surgery, etc.). If a referral is deemed medically warranted, the PCP decides at minimum:

  • In case of specialist: physician to whom the referral is made
  • In case of services: what service, for how long (how many visits to authorize)

Most referral arrangements are based on mutually agreed referral guidelines between the referring and referred-to parties. These guidelines either developed by the medical groups or insurers themselves (sometimes in cooperation with their specialists) or bought from actuarial companies. In the majority of cases referrals result in a continuous back-and-forth communication between providers. Example: If a patient needs to be referred to a surgeon, what exactly should the PCP authorize as a part of the initial referral? The surgical procedure itself… Or simply authorize the patient’s initial consult and then issue any necessary additional referrals later (based on communication with the surgeon).

You get the picture. Referrals are not a simple in the real-world. And any software solution for referral management would need capability to effectively enable that back-and-forth workflow. Enter a new sub-species of Healthcare IT startups. EasyReferrals is an online system for facilitating and managing referrals between physicians. It’s not alone. See Trust.MD, DermLink.MD (dermatology-specific referrals). A more complete list is on Multiplyd Wiki.

The need seems to be there. My concern is around how these offerings fit in with the current healthcare IT ecosystem of EHRs and HIEs. If the daily workflow of participating provider is captured mostly by EHRs, isn’t referral management a candidate functionality within the EHR? Of course, EHRs are not good at everything (some would say, anything) so one can argue there is a need for a niche players. But referrals are not just a case of isolated messaging. To do them effectively, one would need to have some serious cross-over into patient information. E.g. sending clinical summaries or results or schedules back and forth between referrer and referee. Or communicating updates, results to the patient’s PHR. All of that requires information that is forte of an EHR. Standards or not, EHRs don’t have incentive to share that with other players.

It’s even more interesting for HIEs, since their whole value proposition is around connecting disparate providers in a geopolitical affinity group to enable such value-added workflows across participants. The whole HIE infrastructure, from Master Patient Index (MPI) to a Community-wide longitudinal health record, is created with the aim to facilitate business cases that are worth paying for. And referral management lends itself beautifully to the core of HIE and ACO viability. HIE vendors know it, and are busy in creating tools and governance that enable exactly that. Case in point – regional provider directories. Referral management is a non-starter without knowing what the end-points are. And HIEs/ACOs will own provider directories going forward. Integrating regional healthcare information is a political game (sadly) and I wouldn’t bet on untethered (with respect to EHR/HIE/ACO/IPA..) technology vendors for making a dent in that on their own.

Since I’m already at risk of being labeled doomsayer by few readers, I’ll bang the last nail in this coffin. DirectProject is enabling forcing all incumbent Healthcare IT systems to have secure,  point-to-point communication functionality that transcends data silos. Referrals are already the first use case being enabled by that uptake of DirectProject standard. So even the regulatory forces are creating headwinds for independent referral management solutions.

2017 Update: Seems like this company changed name to after 2012 and eventually got acquired by The Advisory Board, which seems to have lost interest in it.


The phase of digitizing medical records is passing by, giving way to the next set of tasks. The three most prominent challenges now are:

  1. Exchange – how to break the silos of isolated EHRs, and enable sharing based on geography (think HIEs) or affiliation (think ACOs)
  2. Consumer Engagement – If the official record is electronic, how to make it accessible to patients and open to contribution of self-reported data from increasingly commodity health monitoring devices and tools.
  3. Analytics – how to derive actionable insights (for all stakeholders – patients, providers, payers) from the avalanche of incoming electronic health data due to #1 and #2 above.

MyHealthDirect aims to tackle #1 in a specific way. Founded in 2006, the Wisconsin-based company raised $4M series A in 2009 and claimed a customer base of 104 back in mid-2011. They provide a subscription-based system for facilitating exchange of scheduling information across care delivery organizations in a community. The value proposition is for overburdened ERs that can triage away non-emergent cases with a confirmed outpatient clinic appointment. Call centers, disease managers and inpatient discharge planners can also use it to schedule follow-up PCP or specialist visits.

The alternative would be for the ER staff or case worker to call other clinics and manually confirm appointments – a predictably slow and inefficient process. By giving a confirmed appointment with someone that speaks the patient’s native language at a convenient location, the no-show rates are bound to decrease as well.

Referrals are key transition points in care delivery, and scheduling is a critical part of referral management. A number of Healthcare IT players are trying to make the process better. Big EHR players like Epic are pervasive enough in certain areas that they can provide de facto centralized scheduling. If a community has a functional HIE, doing scheduling may be possible through HL7. There are some new kids on the block, like Par8o and Kyruus, trying to enhance other aspects of the referral process. And with respect to healthcare scheduling, no review is complete without mention of ZocDoc, the startup with most-impressive backers and a mind-numbing $95M in funding.

Note that MyHealthDirect solves only a part of the referral puzzle. You still need functionality like messaging and clinical document exchange to enable complete referral workflow. Nevertheless, I think there is more fundamental insight here. Mammoth system offerings like EHR (handling all local clinical workflows) and HIE (connecting all healthcare organizations in a community) perhaps are reaching a point where they are too complex to deliver satisfactorily on everything. Maybe that is why the vendors in these categories have broad functional parity, rather than excellence in narrow niches. So it makes sense that a company that has a laser focus on doing one or two aspects right may end up creating a superior offering. Which is why I’m hopeful for the prospects of what MyHealthDirect brings to the table. If they branch out into letting patients self-service an appointment across community, that would be almost revolutionary.

Clinical Messaging (esp. Direct-based) between providers or provider-patient is another potential area that is prime for some startup’s laser focus. It can theoretically be done (and claimed to be done) by incumbent EHRs/HIEs, but they all suck at it. If done right, it can be the foundation for some great care collaboration or care transition offerings. Maybe it’s time the pendulum started swinging away from systems that do everything averagely, to systems that do few things exceptionally.

Nov 2012 Update: Just read a NEJM article by Kenneth D. Mandl and Isaac S. Kohane that makes a similar point about EHRs being bloatware (much more eloquently though). Succinct and upfront analysis… a must read.