Well now if you know that Epic is paying KLAS, do tell, and give evidence! Or is this another Oracle…
Curbside Consult with Dr. Jayne 1/8/24
This weekend was all about playing cleanup. The new year brings a lot of things for the physician to-do list, one of which is starting my quarterly questions that are needed for me to maintain my specialty board certification.
The Maintenance of Certification (MOC) process is almost universally hated by physicians, to the point where some of them will take a high-stakes exam every 10 years rather than participate in the program. I was part of my specialty’s pilot program for MOC and much prefer the quarterly questions to an all-day exam, especially since I haven’t practiced full-spectrum primary care in quite a while. Unfortunately, my specialty still thinks we should be able to manage all the conditions we used to manage during our residency training programs, so I have no choice but to play along.
The quarterly MOC questions are open book, so that’s something, and usually if I don’t know the answer, I can find it using a combination of UpToDate, the online version of my specialty’s flagship journal, and the website of the US Preventive Services Task Force.
Arriving in the New Year also means paying an annual fee to the board, which I had forgotten about. Many of my colleagues who are in purely informatics roles have to pay these expenses out of pocket, which is burdensome. The boards assume that physicians are either self-employed and can take their board fees as a business expense, or that they are employed and receive reimbursement from their practice, hospital, or health system.
There’s a lot of chatter in the physician world right now about the value of MOC, with oncologists and cardiologists being among the most recent to launch challenges. Usually, physicians have to maintain particular board certifications approved by the American Board of Medical Specialties in order to be granted hospital privileges and to join insurance plans. However, there’s a movement towards supporting an alternate organization, the National Board of Physicians and Surgeons. Although it’s gaining traction, NBPAS isn’t accepted in my area, so I haven’t pursued it.
Some clinical informaticists see MOC as an opportunity where AI tools might help physicians trim the time-consuming process. Rather than having to search three or four websites, one could query a generative AI system to provide the information that is needed to answer the questions. Physicians could also perhaps ask a virtual assistant to search the rules and regulations for their specialty and create calendar appointments for all the deadlines that are required to maintain certification. For those of us who have multiple board certifications, that might help a lot, especially since each board has its own timeline and requirements that differ depending on where you are in your certification cycle. The questions I did this weekend didn’t have any disclaimer that you couldn’t count AI tools as some of the online resources used in answering the questions, but I’ll have to keep my eye out for such prohibitions in the future.
Also on my list for the weekend was setting up a new laptop that was sent by a client I recently started working with. This is the first time I’ve had Microsoft balk at my use of a password that doesn’t contain words. I’m not sure how someone would guess a 10-character password that contains two numbers, three lowercase letters, three uppercase letters, and two symbols or why Microsoft would have seen my particular combination of characters “too many times.” I certainly don’t use the same password on all of my accounts, so this just seemed like a weird error. I had to try three versions of what I wanted to use before it finally gave up and let me set my password.
I also caught up on some reading, which put me to sleep the first time I tried to get through it. ONC is scheduled to publish its “Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing” final rule this week. The rule implements pieces of the 21st Century Cures Act through the creation of new requirements for health IT developers under the Health IT Certification Program. The rule includes provisions for developers to report metrics that give insight into how organizations are using certified IT products, updated criteria for decision support interventions, and updates to patient demographics and electronic case reporting. It also requires developers to move to the United States Core Data for Interoperability (USCDI) Version 3 standard no later than January 1, 2026. This will help organizations better share data that will promote health equity, reduce healthcare disparities, and improve the interoperability that is needed for public health efforts.
Of course, no ONC final rule would be complete without a mention of information blocking, and I can assure you that’s in there, at least in the current unpublished version that’s available on the Federal Register website. Its 804 pages of double-spaced delight isn’t much of a beach read, but it contains other hot topics, including a C-CDA Companion Guide update, a Synchronized Clocks Standard, information on a patient’s Right to Request a Restriction on Use or Disclosure, and more. The rule will become effective 30 days after it is published in the Federal Register.
The final cleanup activity of the weekend was catching up on a New Year’s Resolution on which I had already fallen behind. This year, I’m aiming to read two scholarly articles each week that cover an area of medicine or clinical informatics that isn’t part of my usual practice. One of my articles this week was “Effect of an Intensive Food-as-Medicine Program on Health and Health Care Use.” The article, which was published in JAMA Internal Medicine, covers a randomized clinical trial designed to see if a program for patients with diabetes that provides healthy groceries, dietician consultations, education, and health coaching would improve blood sugar control in compared to the usual care they would otherwise receive. The study had over 400 participants. Although the authors didn’t find an improvement in blood sugar control, they did find improved patient engagement in preventive health care interventions. They recommend that additional studies be performed to find optimal “food as medicine” interventions to improve patient health.
Since this resolution was designed to stimulate my curiosity, I wandered around the internet a bit to learn more about food-based medical interventions. I was intrigued by The Goldring Center for Culinary Medicine at Tulane University. The Center has been around for more than a decade and was designed as a teaching kitchen to educate future physicians “to understand and apply nutrition principles in a practical way” and to better work with patients on diet and lifestyle modifications. The Center also provides cooking classes for the community. I was glad to see that they offer continuing education classes for practicing physicians since many of my medical classmates subsisted for anywhere from seven to 10 years on a diet of ramen, sandwiches, drug rep-provided lunches, leftover patient meals, and a stash of graham crackers and apple juice that was liberated from nursing unit stockrooms.
New Orleans is a great city. Anyone up for a HIStalk continuing education field trip? Leave a comment or email me.
Email Dr. Jayne.
Re: passwords
I was working on a networking security system recently, and had a bizarre problem. We changed a password. After this step, one connected device worked and all others failed. This is an unusual failure mode, to say the least.
We let the problem sit for several days, due to several factors. Then we tacked it again. This time we changed the Root password too, and this time we got a new error message. “The maximum password length is 15 characters.”
Suddenly the lightbulb came on! What if an ordinary account, also had a 15 character max. length?
Yes. The first password change had accepted a pw longer than 15 characters without complaint. However if you tried to use the long pw in an authentication challenge… it would fail. The reason is, the pw change system had silently truncated the pw down to 15 characters. Yet at the authentication challenge, the system would NOT truncate the pw, causing auth failure.
Yeah, this is a programming failure, and a pretty bad one.