Tell me about yourself and your jobs.
I’m the chief health informatics officer at Children’s Hospital of Philadelphia. I came to CHOP for residency and then stuck around, so this is my 18th year with the organization. I have oversight over the clinical informatics program, which includes the physician informaticists who interface with the Epic team. I oversee analytics and reporting as my second area of responsibility. The third program that I oversee is a newly-launched digital health program — we’re celebrating our one-year anniversary this month.
The connection to Haystack is that in 2014, CHOP had an internal innovation competition to try to find ideas that were potentially commercializeable. We partnered with Dreamit Health, a health IT accelerator that has a branch in Philadelphia. This idea that I pitched for privacy protection using EHR data was accepted to go to the accelerator. That became Haystack Informatics.
How often does the privacy monitoring system detect employees doing something they shouldn’t?
It’s a tricky question. There’s malicious access with intent to identify private information about patients. For example, an employee who’s trying to obtain Social Security numbers and things like that. Then there’s the more casual privacy violations, like your neighbor or a celebrity is admitted, and just out of curiosity, you take a look.
We’ve learned that every institution has a different culture of privacy. Some institutions take it seriously and will announce formally, “You may have heard the news that we have a celebrity admitted to the hospital. Be aware that we’re monitoring access, and if anyone is found in that chart, they’ll be terminated from the institution.”
Some institutions take a hard stance on that and others don’t. It’s hard to say what the scope of the problem is.
I would think that knowing a hospital has sophisticated access monitoring tools in place would reduce the casual violations.
I think that’s right. To some degree, just having a privacy monitoring solution can be a deterrent. For example, if I were an employee and I kept getting calls from the privacy office for false positive alerts, “Were you supposed to be in this patient’s chart?” I would start to quickly distrust the privacy office. But if the true positive rate of those alerts in their system was high enough, employees would start to recognize that these guys have a legitimate solution in place. They will be able to find out if I’m snooping around in my neighbor’s chart.
The other advantage is that privacy officers are required to look through these access logs. There’s no useful way to do it manually. All these technologies that we’ve developed simplify their work, allowing them to focus on the small subset of truly suspicious events.
We looked at a single patient as a thought exercise, a celebrity who was admitted to the institution. I asked a question — how many rows of audit log data would you expect to see for this patient for a two-week hospitalization? It was hundreds of thousands of rows of data. In the absence of tools, the privacy officer couldn’t do it manually, even for just this one patient.
That’s the value of these tools. They empower your privacy officer. They also help your staff employees stay on the right side of HIPAA regulations.
What surprised you most about becoming an entrepreneur?
The hardest part was understanding how I would continue to maintain my responsibility to CHOP and at the same time be an entrepreneur. I think people underestimate what it takes to start a company. Many physician entrepreneurs probably think that a good idea is sufficient enough. But it’s a lot of sweat equity. It’s a lot of work to build a company.
I had to work that first year to negotiate time for my employer. Because this was a CHOP-sponsored project in that first year, especially, I was able to take a mini-sabbatical. It’s not something you can really do in your spare time. The one affordance that my employer gave me was two days a week for the first few months to dedicate to Haystack.
Haystack has a really strong CEO, Adrian Talapan, who understood that I had this line in the sand when it came to conflict of interest and also the amount of time I was allowed to spend on the company based on the tech transfer and intellectual property requirements for the University of Pennsylvania and Children’s Hospital. There was a lot of negotiation that first year. That was probably the trickiest part.
What technology and innovations are proving to be clinically useful at CHOP?
I’m biased, but I think the electronic health record is turning out to be the strongest tool in the arsenal for things like supporting safety and quality kinds of initiatives. Not to diminish the work of the safety and quality offices themselves, but when it comes to actually crystallizing a workflow or suggesting that people take the right course of action, we’ve found that the electronic health record ends up really helping.
In my role as a clinical informaticist, it’s interesting when I hear about institutions that lament or struggle with their EHR implementations. They’re struggling to understand what this tool does to help them standardize care. We’ve been very fortunate. We’ve got a strong partnership between my group of clinical informaticists as well as the offices of quality and safety and medical operations. It’s been fruitful. As much work as they’ve put into the development of the clinical pathways and the clinical quality metrics and tools to standardize care, there’s almost as much work in redesigning the EHR to support that workflow.
That kind of partnership between informaticists and the people who have clinical design goals in mind has worked to our advantage. That’s probably been the most positive structure that we’ve put in place. We have 20 board-certified informaticists at CHOP. They’re embedded in every kind of quality and safety or workflow redesign project throughout the institution.
Are most hospitals as successful as CHOP in integrating their own clinical content into the EHR to make it easier for clinicians to do the right thing?
I’s a heavy lift. That’s the part that’s worrisome to me, that an institution that doesn’t have the kind of informatics resources that some of the big academic medical centers have. It is going to be a heavier lift for them. But their fallback is the content provided by the EHR vendor or external decision support vendors that provide canned order sets, simple protocols and things like that.
It’s challenging. I don’t know of many other hospitals that have 20 informaticists. We’ve been successful in lobbying for those resources and making the argument for why it’s valuable to have them. But I think that that’s the hardest part.
We had a meeting in Verona with the Epic leadership a couple of years ago. I remember Carl Dvorak saying that the EHR is a manifestation of your systems of care. The way you take care of patients at some level is reflected in how you design that tool. The double-edge sword of that is that if all of your systems of care rely on the EHR, then it’s really hard when the EHR is down. It’s really hard when you want to transport your model of care to another institution, for example, a partner institution. There is a benefit, but also potentially a vulnerability.
Do you get pushback when you roll out changes that the informaticists agree is the right way to care for patients, but that the end user doesn’t understand or receive benefit from in return for any extra effort required of them?
That’s the trick. Neither part works without the other. Without some sort of EHR representation of a pathway, it’s hard to get people to standardize their work. On the flip side, just introducing a new order set is not going to improve the quality of a clinical process.
Our quality office does a good job with this, involving stakeholders and getting people in the right culture of improvement. To say, “We can all agree that we have this clinical quality problem. We can all agree that these are our clinical goals. Here are the tools to help you do it, or at minimum, help us design tools that you would find useful and usable.” It’s a dialog. You can’t really slap it in from the EHR side.
We have many successful examples, but we’ve got plenty of failures, too, where we didn’t do the grunt work with regards to change management. It’s a common theme in the field. An order set is not just an order set. The way you roll it out is just as important.
It’s even more of a challenge for hospitals that use mostly community-based physicians whose incentives aren’t necessarily aligned and who are asked to change behaviors.
I hear that. One of my other hats is that I help teach the board review course in clinical informatics for AMIA. In the course of doing that for the past four or five years, I’ve met hundreds of informaticists and have heard stories from them about how CDS implementations have gone awry or pathways weren’t as successful as they anticipated. You’re right, part of the problem is that if your staff are not employed, that’s a challenge because it’s harder to get people aligned to the right goals.
Our specific challenge in an academic center is that in some critical areas, you might have a majority of providers that are not employed by CHOP and they’re not pediatricians. If you look at our emergency department, for example, at any given time, less than half of the people there are CHOP emergency medicine docs. The rest might be rotating residents from adjacent adult ER programs, trauma programs, or family practice programs.
We have put a lot of thought into designing the system to support not just expert users and pediatricians, but anyone. For any physician who steps into the institution — whether they’re a rotating surgeon from University of Pennsylvania or rotating emergency doc from Temple University –this system should be something they should be able to pick up and run with. The ED is probably the one place where we’ve put the most thought into that design for non-pediatricians.
Would that technique be valuable for institutions where community-based physicians have admitting privileges and things like that? I don’t know if I know the answer for that, but I would think that probably yes. Designing for all users is probably a good thing.
Do you have any final thoughts?
I’ve been working in the EHR field straight out of residency since 2004. Across the country, we’re not universally successful, but we at least know some of the pitfalls of what makes clinician decision support useful and what makes it a challenge at different institutions.
The next wave of interesting questions will deal with what you can do with all these data you’ve amassed. Once you’ve had an electronic health record in place for a decade, you’ve got terabytes of data that you can plow through. A lot of it is machine data, a lot of it is clinical data. The useful analytics derived from the EHR data and other sources. Genomic information, for example, is intriguing.
We also haven’t yet figured out how to pull patients and families into their care. The portals are a snapshot or a window, but I don’t think we yet know the best techniques for participatory medicine and involving patients and families in their care. For us in pediatrics, we’ve got an interesting opportunity. All of our patients and their parents are, for the most part, digital natives. We don’t have to persuade them to use a smart phone to get access their health records. In fact, they’re asking us, when can we see this information on a mobile view or in a tablet?
We’re going to keep pushing some of that at CHOP to see where it goes and to try to demonstrate the value of things like telemedicine and inpatient portals and connected devices. It’s the next wave. We know about order sets, pathways, and decision support. Where else can we start to derive value from using technologies?