Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Low-Profile HIT Player Leidos A Major Presence

Posted on June 1, 2016 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Here where I live in the Washington, DC metro, federal IT is a major presence. Government IT consulting firms cluster along the area’s highways, and their executives own countless sprawling manses in the nearby suburbs. Those players include Leidos, a northern Virginia-based contracting firm with clients in IT, biomedical research and public health.

Though the firm has annual revenues of about $5.1 billion, and 18,000 employees, Leidos generates little fanfare here, despite a pedigree that includes a $5 billion partnership with Lockheed Martin’s Information Systems & Global Solutions segment that provides IT and intelligence services. However, Leidos is actually the new identity of long-established power player SAIC, which restructured and changed its name in late 2013 and has deep roots in national security and government IT contracting.

Most readers probably care little about government IT unless they service that industry. But I’d argue that we should all know about Leidos Health which, among other distinctions, was part of the team (Cerner, Leidos and Accenture Federal) that won the $4.3 billion plus contract to implement an EMR for the US Department of Defense last summer.

The DoD contract was hotly contested, by teams that included an Epic, IBM and Impact Advisors combination, but the Cerner-fronted team pulled off a win that may have saved the EMR vendor’s brand in a brutally competitive market. While it’s not clear what role Leidos played in the win, a DoD official was quoted as saying that a Cerner deal was projected to be “much cheaper,” and it’s possible Leidos support pricing played some role in its calculations. Perhaps more tellingly, DoD officials said cybersecurity considerations played a major role in the award, which plays to Leidos’ strengths.

Leidos Health hasn’t had unmitigated success. Most recently, it was part of a team scheduled to assist with a little-mentioned Epic EMR rollout for the US Coast Guard, which was cancelled due to “various irregularities.” The Coast Guard, which pulled the plug on the rollout in April, had been planning its EMR implementation since 2010.

However, this probably wasn’t much of a setback. And Leidos still delivers health IT services to several other federal agencies, including HHS and the Department of Veterans Affairs, including cybersecurity, health analytics, IT infrastructure and support and software development. And it works with the gamut of enterprise EMR vendors, including Allscripts, Cerner, Epic, McKesson and Meditech.

Truth be told, Leidos may not deserve the “quiet company” label given to it by Healthcare Informatics magazine, which recently dubbed it one the most interesting vendors of 2016. I’m sure Beltway execs who compete for federal contracts are well aware of Leidos Health, which had annual revenues of $593 million last year. And government IT decision-makers are well acquainted with parent company SAIC, a pillar of federal contracting which has been in the business since 1969. (In fact, SAIC president of technology and engineering Deborah Lee James was sworn in as Secretary of the Air Force in late 2013.)

That being said, the DoD deal has dramatically raised Leidos Health’s visibility in the broader health IT world. It will be interesting to see what it does going forward, don’t you think?

Healthcare Data Security, Healthcare Breaches, and EMRs

Posted on October 10, 2011 I Written By

Priya Ramachandran is a Maryland based freelance writer. In a former life, she wrote software code and managed Sarbanes Oxley related audits for IT departments. She now enjoys writing about healthcare, science and technology.

We’ve posted about it earlier on this blog as well, and it’s a point worth reiterating – most data breaches are not the result of hordes of internet hackers out to get your computer system, they’re due to human errors or negligence.

Here are some recent cases of patient data that has emerged from EMRs in unexpected places:
Lost in Break-In: By now, we’ve all probably already shaken our collective heads over the Tricare data breach involving data for 4.9 million military patients. Scientific Applications International Corp. (SAIC), one of Pentagon’s principal contractors, was the outfit that was responsible for the data loss, which was stolen from a break-in into a SAIC employee’s car. The data was contained in backup tapes, and contained information such as SSN, addresses and phone numbers of patients, and personal health data.

There are several perplexing things about this story – a) the statement on Tricare’s website claiming nothing important was really lost: “The risk of harm to patients is judged to be low despite the data elements involved since retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure” per this story.
b) SAIC’s success with HHS contracts – SAIC was awarded a lucrative $15 million contract by HHS, despite the breach.

Posted on a Homework Help forum: According to this NYT story and its follow-up, patient records (names, diagnosis codes, account numbers, admission codes) from emergency visits for a six month period at Stanford Hospital, CA, were posted online. Supposedly, a Stanford vendor sent the data to a prospective contractor as part of a testing exercise. The contractor posted it all online, on a website offering tutoring help no less, without realizing it was actual patient data. The story says Stanford had the data removed from the website, and reported the breach to federal and state authorities, as well as the patients. Stanford is arguing that none of its staff has done anything wrong, and that it severed its relationship with the contractor. To me, this is the proverbial buck being passed.

Lost in the Subway: The first NYT story mentions how the paper records of 192 patients left on a subway by an employee of Massachusetts General Hospital in Boston. The hospital has agreed to pay a $1 million federal fine for HIPAA violations.

So to summarize some lessons learned from these data breaches:
Loss of paper records is worse than the loss of electronic records: This should be obvious to anyone who’s not a schoolgirl with a fancy diary guarded by a lock.

Your data is only as safe as your weakest link: If you’re farming out your data to vendors, then you have to know what policies your vendor has in place. If your vendor subcontracts further, then you have to keep going down the line till you are reasonably assured of data safety. When the hammer falls, it is *you* who will be coughing up the fines.

Prep with Data-handling Policies and Procedures that you and your staff religiously follow: The data was lost in very human ways – data left inside a car, posted by an untrained contractor. This just means you need to have robust, and enforced, policies in place for how patient data is handled by your employees. Maybe in your company this means that your employees can’t take work home, or that they must clear their workspaces of any patient data before they leave. Decide what makes sense in the context of your business, and maybe hire someone to enforce these rules.

Give kickbacks to HHS: If you’re in the business of contracting with the government, seriously figure out how SAIC has managed to stay in HHS’ good books. I wish I were kidding with this one.