Home » Readers Write » Recent Articles:

Readers Write: The Key to Transitioning from PQRS to Risk-Sharing Agreements

September 29, 2014 Readers Write No Comments

The Key to Transitioning from PQRS to Risk-Sharing Agreements
By Mason Beard


If you, Dr. X, report on quality for your Medicare patients, you’ll get a nice bonus. That’s how PQRS started out—a purely pay-for-reporting initiative.

The bar for this program was set fairly low to encourage providers to meet the requirements. But in its crafty way, the federal government has steadily shifted the program away from the carrot and toward the stick. In fact, the incentive phase of the program ends next year. Providers who don’t measure up will simply experience the stick. In other words, the government has moved its focus from reporting to performance.

I don’t want to paint CMS as conniving to punish poorly performing providers. The truth is that PQRS has been a very successful program and is driving an important focus on the quality of care delivered to Medicare beneficiaries. Another quite evident truth is that CMS is not stopping here.

CMS isn’t just creating government programs and regulations; they’re trying to change provider behavior to rally around outcomes reporting and better care. They’re pushing providers inexorably toward value-based reimbursement (VBR). Reading the tea leaves of what’s happening with PQRS—and considering the proposed Merit-Based Incentive Payment System (MIPS)—the government is going all in on this.

Technology can help providers who are doing PQRS reporting prepare to move successfully into more sophisticated VBR arrangements. From the beginning of PQRS (PQRI at the time), it was evident that providers would need HIT tools to help them track, measure, and report on quality measures. PQRS has been around long enough that there are now a variety of tools providers can use to help them fulfill this requirement.

Not all of these tools can help providers meet PQRS requirements and transition to more sophisticated VBR arrangements using the same infrastructure. Make no mistake — such a transition is essential. To manage it successfully, organizations don’t need a point solution, they need a platform.

Here’s why. The new PQRS, the MIPS of the future and other VBR arrangements don’t focus on reporting outcomes; they focus on improving outcomes. The only way organizations will be able to improve outcomes is by implementing what I call the 4 As:

  • Aggregation. Providers need to be able to gather clinical and administrative data from the disparate technologies across their system.
  • Analytics. Providers need some level of analytics to understand their population, identify gaps in care, and assess risk.
  • Action. Providers can’t just aggregate data and analyze it and then not do anything about it. They need some system in place to engage their patient population (via care management workflows, automated outreach, reminder letters, etc.) and fill gaps in care.
  • Accountability. They need to be able to prove the value back to the stakeholder. Simply put, this means reporting the outcomes for a variety of initiatives to CMS and other payers.

It’s important to note that PQRS point systems only address the fourth A: accountability. (Even then, they may not have the flexibility to adapt to the various reporting initiatives that will be required by multiple payers as time goes on). If a PQRS solution only addresses the fourth A, it can’t prepare an organization for risk. It doesn’t create processes that move the organization away from a fee-for-service world.

A platform, on the other hand, enables provider organizations to enter the value-based world. Performing PQRS reporting on a platform is the perfect starting point. As providers fulfill the PQRS reporting requirements, they can layer in processes that help them transition from a reporting workflow to a more proactive workflow focused on population health management. With the aggregated data and intelligence they build up around their performance in the process, they become equipped to enter into VBR arrangements with commercial payers.

A platform delivers an easy, turnkey way to branch out from PQRS to address other, more sophisticated payer initiatives. The time to plan for this transition is now because the stakes are rising. Every plan—both government and commercial—is developing some kind of risk- or performance-based initiative. With a platform, providers don’t have to take the plunge immediately. They can first dip their toes in the waters of PQRS and then move steadily into a world of improved outcomes and value-based reimbursement.

Mason Beard is senior vice president of solutions and co-founder of Wellcentive of Alpharetta, GA.

Readers Write: EHR Divorce Rates on the Rise – Four Factors that Predict Electronic Health Record Adoption Success

September 29, 2014 Readers Write No Comments

EHR Divorce Rates on the Rise – Four Factors that Predict Electronic Health Record Adoption Success
By Heather Haugen, PhD


Despite healthy growth in the implementation of EHRs, the lack of effective adoption plans is impeding their intended purpose of helping healthcare providers improve care.

In 2013, nearly six in 10 hospitals have adopted at least a basic EHR system. But not all EHR users are happy with their purchase. In fact, 30 percent of hospital executives admit they are dissatisfied with their system, and 30 percent of current EHR solutions are replacements of another product.

Research reveals that a myopic focus on the go-live event is the root cause of low EHR adoption rates and increases the chances of organizations’ divorcing their EHR vendor. In contrast, those healthcare leaders who focused on the processes and discipline required to achieve adoption and maintain it over the long run were more likely to achieve the clinical and financial outcomes they expected from the EHR.

EHRs have the potential to improve both patient care and work efficiencies in delivering care, but these outcomes are only possible when clinicians adopt the best practices and workflow needed to continually improve how the system serves the organization.

The research published in “Beyond Implementation: A Prescription for Long-Term EHR Adoption” revealed four key factors that predict EHR adoption:

Engaged Clinician Leadership

Engaged clinician leadership is the most important predictor of successful EHR adoption. IT leaders are often given primary responsibility for the organization’s EHR system. While their skills and experience are necessary for functionality of the EHR system, the input and expertise of nurses, physicians, pharmacists, and other clinical staff is essential to driving staff’s proper use of the EHR and improved clinical and financial outcomes.

Moreover, leaders of EHR adoption efforts need to be highly engaged through and beyond go-live. While this may seem like a given, competing priorities make it difficult to maintain the degree of engagement required after the go-live event. When comparing organizations with successful implementations and those who have become dissatisfied with their system, our research shows that engaged leaders:

  • are well informed and aligned in how they communicate the value of the EHR;
  • empower clinicians to make decisions about how the EHR should be implemented and used;
  • understand the degree of change required and set priorities appropriately; and
  • stay engaged for the life of the application.

Effective Training to Ensure Proficient Users

The way in which clinicians and users are trained impacts their level of proficiency. In healthcare, we often use traditional methods – one-time “training events” that occur at a certain time and place. The trainers focus on teaching the hundreds of features and functions available in the system over multiple days with the goal of reaching “mastery” by the session’s end. But this is an ineffective, insufficient, and unrealistic method.

Bill Rieger, CIO of Flagler Hospital (FL) originally thought that implementing his health system’s new EHR would include traditional, classroom-style training. This approach required training sessions to begin a full six months prior to go-live due to limited classroom space and a large clinical staff. By making the switch to using scenario-driven simulations – a hands-on method – the hospital was able to begin the initial training program just six weeks prior to go-live, resulting in increased retention and a more successful launch.

Simulation-based training that focuses on helping users become proficient in new workflows and best practices results in dramatically better outcomes compared to traditional training and takes about half the time. This style emphasizes an accumulation of experience over time. It happens continuously in the specific work environment and leverages role-based content to provide a level of individualized fluency. Critical thinking skills and retention of content improve significantly when the goal is proficiency, in contrast to attending a more passive training event.

Measuring for Improvement

Defining metrics to track proficiency in EHR use and communicating them with clinicians is another critical step for adoption. Without it, improper use of the system is more likely to continue. Through a process of peer-to-peer auditing and regular progress reports, clinicians can track their performance and improve in necessary areas – ultimately enhancing patient care in the process.

In addition to providing feedback for clinicians, measurement can help optimize the EHR platform. For example, if simulation reports reveal that a large percentage of users click in the wrong area when completing a certain task, it would indicate a point of non-intuitive design. Armed with such data, the EHR vendor may be able to modify the system for improved use.

Adequate Resources and Prioritization Beyond Go-Live

A focus on the people, processes, and evaluations to improve adoption over the lifecycle of the application is required for long-term success, yet very little attention is typically paid to sustainment efforts.

Even when a new EHR is well accepted by clinicians and they become proficient in the application, adoption is a process that can never be finished for two reasons:

  • There will always be new clinicians and residents entering the healthcare organization. An organization with a successful EHR program will ensure that these individuals receive every bit of guidance and have the ability to be just as successful in their use of the EHR as those clinicians who had been present at the go-live event.
  • EHR systems will always be subject to upgrades and changes. While the changes are meant to enhance the system, they will do more harm than good if end users do not receive the appropriate level of guidance when being introduced to new workflows and processes. 

Too often, people that are recruited to work on EHR adoption efforts eventually revert back to their previous roles and work on their former projects, leaving the organization without proper resources to account for this inevitable cycle brought on by time and turnover. Flagler Hospital overcame this tyranny of time by keeping implementation committees in place and by focusing on long-term, ongoing education even through multiple EHR upgrades.

Moving from an EHR implementation focus to an EHR adoption focus requires a significant overhaul in how we think, how we lead, and how we behave. Now is the time for healthcare leaders to evaluate their organization’s performance in these four key areas that predict EHR adoption.

Heather Haugen, PhD is managing director and CEO at The Breakaway Group, A Xerox Company of Greenwood, CO, which recently delivered an HIStalk webinar on this topic that can be viewed as YouTube replay.

Readers Write: The Consultant and the Investor Look at Cerner’s Acquisition of Siemens

September 24, 2014 Readers Write 2 Comments

The Consultant and the Investor Look at Cerner’s Acquisition of Siemens
By Lynn Vogel, PhD


The publication of the recent HIStalk interview with Marc Grossman and a post by Ben Rooks offer a rare opportunity to learn about the different perspectives of consultants and investors using the Cerner acquisition of Siemens as a case study.

Full disclosure: I’ve known Marc (the Consultant) for close to 20 years and I consider him to be one of the top HIT consultants in the business today. I don’t know Ben (the Investor) personally, but was so impressed with his discussion of the MModal acquisition several months ago that I started an email exchange and have deep respect for his understanding of the financial aspects of HIT.

But the perspectives of the Consultant and the Investor couldn’t be more different. Here are some noteworthy excerpts from the Marc Grossman interview and from Ben Rooks’ recent “From the Investors Chair.”

From the Consultant

  • A lot of it’s going to depend on where the Siemens client is.
  • I believe Cerner is buying Siemens for intellectual property. On the patient accounting side, I think they’re also looking at the RCO base that Siemens has, which is a great revenue stream for them.
  • Given Cerner’s history and the industry’s history over the last 20-30 years, Siemens Soarian and Invision product support is going to go downhill.
  • I think they probably won’t sunset it officially for at least 10 years, just because I know Siemens does have numerous contracts which are going out 10 years.
  • Like we’ve seen with many other vendors that purchased other systems, Cerner is clearly not going to put R&D money into two patient accounting systems and two clinical systems if they have an integrated system now.
  • I just don’t see any indication that Cerner is going to continue the development of any of the Soarian or Invision products.

From the Investor

  • Cerner is now the clear sector leader and will enjoy mammoth cross-selling opportunities given the product fit.
  • This was a good use of both the cash hoard Cerner had built up on its balance sheet and its high-multiple stock, allowing the deal to be almost instantly accretive – especially with the $175 million in pre-tax synergies the company guided to in its press release.
  • Cerner’s shares are up almost 10 percent as I’m writing this post, more than twice the S&P — Ms. Market seems to be more excited.
  • The vast majority of analyst commentary has been positive and we here at the Chair are fans of the purchase as well.
  • The only thing that gives me pause as a long time Cerner watcher (and fan) is that the company has zero history of large-scale M&A and the sector has not been kind to such large-scale bets in the past.
  • What’s especially noteworthy here though is that the cultures of the two companies are literally more than an ocean apart
  • That said, the price Cerner paid clearly de-risks the acquisition, and Cerner is known for its strong culture

The Consultant starts with the impact on the client. How the customer base responds will depend on where they are currently with their HIT implementations. Will customer support for Invision and Soarian go downhill now? Will any level of customer support for Siemens’ products last beyond 10 years? Will there be any R&D for Siemens products going forward? Finally, the question about whether Cerner will “continue the development of any of the Soarian or Invision products?”

The Investor is looking at the Siemens acquisition from an almost purely financial perspective. Is this a good use of Cerner’s cash? What’s the impact on the stock price? What’s Cerner’s experience with large-scale acquisitions? How will the cultural challenges be addressed? In general, this looks like a “good deal.”

In some ways, the comparison of these two perspectives underscores one of the major challenges of HIT today. The investors are looking at the money, while the customers are looking for continued product development and ongoing support.

Unfortunately, the boards of most HIT companies are dominated by investors, with little input by those who understand either healthcare or information technology (Ben’s earlier analysis of the MModal situation is an excellent example). What’s missing, specifically?

  1. Looking under the covers. From an IT perspective, the Cerner acquisition of Siemens demonstrates again that acquisitions too often proceed without understand any of the underlying IT challenges. The code bases are different, the database architectures are different, the standards for code libraries are different, etc., etc. Recall the Allscripts acquisition of Eclipsys. A big selling point about this deal was that they were both based on Microsoft tools are architectures. We now know how that turned out. Siemens’ financial products are generally considered to be stronger than Cerner’s, but integrating disparate product suites is a challenge that has eluded almost every previous merger of HIT companies.
  2. Understanding how IT decisions are made by healthcare customers. Boards often have little understanding of the healthcare business and even less about how IT decisions are made in healthcare. It can be a long, slow, and often tortuous process (accelerated certainly by recent federal incentives) with lots of customer concern about long term support (note Marc’s observation that even lab systems typically last a decade or more). As a result, assumptions about how quickly financial returns can be generated are often way off the mark and the result is the demise of the acquired company.
  3. Leverage and financial returns dominate. Cerner is probably looking at the Siemens’ customer base almost as a captive audience, there for the picking and over time replacing their Siemens products with Cerner’s. We can only assume that Siemens reached the same conclusion about the SMS customer base at the time of that acquisition, and we know how that turned out. On the other hand, simply eliminating a competitor over time is a strategy that many companies both inside and outside healthcare have found to be successful. But taking Siemens out of the marketplace may also leave Epic is a much stronger position.

There are lots of discussions about whether the healthcare industry is really all that different from other industries. Even Drucker noted its extraordinary complexity. But when companies make decisions without a deep understanding—at the executive and board levels—about the technology, about what does make the healthcare industry unique, and worry more about the money than the customers (often not realizing that it in the end it is the customers who provide the revenue), we have a better understanding of why the HIT business is so challenging and probably filled more with company failures than successes.

I would argue that one of the solutions here is more Board level input from experienced HIT professionals. Across the industry, we see company boards with investors and occasionally clinicians, but virtually no HIT professional role.

Full disclosure: I was elected to the board of Glytec, an HIStalk sponsor, due to my specific HIT experience from inside the industry. During the course of my term, I have learned an enormous amount from the investors and the clinicians on the board and from the feedback I have received, it seems that my contributions as an experienced HIT professional have been valued as well.

There is an enormous amount of HIT expertise available that companies could use, but seldom do. This includes former (occasionally retired) CIOs, CIOs who are able to serve on boards while continuing full-time IT responsibilities, and consultants, particularly those who have experienced HIT from inside healthcare organizations, etc. Smart HIT companies would do well to take advantage of this talent to contribute to the success of their business.

Lynn Vogel, PhD is a principal with LH Vogel Consulting, serves on the board of Glytec, is a member of Next Wave Health Advisors, and serves as a senior advisor to Sophic Alliance.

Readers Write: The Elephant in the Waiting Room: Healthcare Organizations Can No Longer Afford to Look the Other Way on Patient Pay

September 17, 2014 Readers Write 6 Comments

The Elephant in the Waiting Room: Healthcare Organizations Can No Longer Afford to Look the Other Way on Patient Pay
By Sean Biehle


In the past five years, patient payment responsibility has risen dramatically and continues to increase with the implementation of the Affordable Care Act. More people insured means more people who don’t understand their health insurance and many of the plans on the healthcare exchanges are high-deductible plans. At the beginning of the year, Aetna CEO Mark Bertolini projected patient pay responsibility to climb to 50 percent of the healthcare dollar by the end of the decade.

The New Normal: High-Deductible Plans

Once considered a last-resort alternative for those with limited income, high deductible (HDP) or “catastrophic” plans have gone Fortune 500. As a result, self-pay now includes a lot of the people who have insurance with HDPs.

  • A 2012 Rand research brief estimated that half of all workers on employer-sponsored health plans could be on high-deductible insurance within a decade.
  • The average deductible in employee sponsored health plans was $1,100 in 2013, but deductibles in the healthcare exchanges average between $3,000-$5,000.
  • A report released by S&P Capital IQ estimates that 90 percent of S&P 500 companies will shift their workers from employer-sponsored insurance plans to health exchange plans by 2020.

As more Americans are paying a greater proportion of their healthcare costs out of pocket, getting reimbursed for the patient pay segment could now be the most important number to a healthcare organization’s bottom line. Collecting from patients is estimated to cost up to three times more than collecting from payers. 

Focus on Education

Healthcare organizations should make it their mission to help patients understand their bills, educate them on payment options, and help them navigate any insurance issues. Seventy-five percent of patients say that understanding their out-of-pocket costs improves their ability to pay for healthcare.

Plus, the Hospital Value-Based Purchasing (VBP) portion of the Affordable Care Act returns higher Medicare reimbursements based on patient experience scores. The payment process is integral to the patient experience. Patients who don’t understand their bills, what they owe, and why they owe it tend to give lower scores on patient satisfaction surveys. Last year, 2013, more hospitals were penalized than bonused, leaving millions on the table.

Create a Consumer-Focused Culture

Because patients are paying more, they are using social media and other online tools to shop around for physicians and hospitals that not only provide the best care, but also the best service. Service is more than having a good bedside manner. Service means providing frequent and transparent patient communications, especially as it relates to billing.

  • Emphasize patient satisfaction over collections.
  • Create a consumer-focused culture – align staff incentives with patient satisfaction.
  • Perform patient satisfaction surveys to help identify potential problems before they escalate and determine reimbursement rates.

Be There When and Where It’s Convenient for the Patient

Many patients work and they have to take off work to visit their office or facility. Don’t make them take more time off when it comes to having to figure out their bills.

  • Offer extended call center hours, including open evenings and weekends, to optimize patient access.
  • Offer online payment platforms to provide 24/7 access for making payments, arranging payment plans, and viewing and updating demographic and insurance information.
  • Offer services in multiple languages so no patient gets left behind.

Make It Convenient and Easy for Patients to Pay

Connecting with patients in a meaningful way helps them understand the how and the why eliminates any confusion when it comes to their bills. Show patients how easy paying their bills can be.

When possible, consolidate payments and balances across the entire patient care continuum. This makes it easy for the patient to pay everything in one place and drastically simplifies the patient pay process.

Provide multi-channel patient communications and payment options:

  • Point-of-service (POS) payment portals make it easy to collect balances at the time of service.
  • Automated phone/IVRS options enable payment over the phone.
  • Online payment processing for debit and credit cards and electronic checks provides 24/7 access for patient payments.

Additionally, a number of provider organizations have developed pricing transparency tools for consumers to access clear and easy-to-understand billing information.

Offer Payment Plans Upfront

Medical bills can be daunting and patients are far less inclined to pay on larger balances, especially over $400. However, informing patients of their payment options at the time of billing greatly increases the odds of getting paid.

Offer Incentives for Self Pay

Unlike insurance companies, patients don’t get to negotiate adjustments to what they are charged for a procedure. Sweetening the pot by offering payment incentives can greatly increase reimbursement and patient satisfaction.

Treat Patients with Dignity and Respect During the Billing Process

Patients aren’t just numbers. In fact, we’re all patients, so it’s easy to see how frustrating it can be in the absence of clear, reliable, and efficient patient billing communications. Healthcare is one of the very last vestiges of American culture in which the consumer doesn’t have access to complete transparency to what they will owe before they incur the costs

Until the continuum of patient communications can be fixed from the inside out, it’s imperative to treat each individual with the respect and dignity they deserve throughout the entire billing process. Help them avoid collections at all costs using the strategies above and show them that the care provided continues beyond the bedside.

Expected Results

When focused on patient education and satisfaction, physician groups and hospitals can expect stronger reimbursement on patient balances. Educated patients pay their bills. Satisfied patients translate to higher Medicare reimbursements. Many organizations have seen their reimbursement rates increase by more than 30 percent after adopting patient education and satisfaction programs.

Emphasizing customer service can also help verify insurance and uncover secondary or additional insurance. This can dramatically streamline the revenue cycle process. Many organizations find after talking to their patients they discover additional insurance on accounts originally categorized as patient pay.

Lastly and perhaps most importantly, providing clarity of communications builds patient loyalty and increases trust over time. Patients who are highly satisfied with an organization’s billing process are twice as likely to return. Plus, over 80 percent of patients who are satisfied with their billing experience are likely to recommend an organization to their friends.

Sean Biehle is marketing manager for MedData of Brecksville, OH.

Readers Write: Protecting the Network with Endpoint Security

September 17, 2014 Readers Write No Comments

Protecting the Network with Endpoint Security
By Jeff Multz


CIOs are forever struggling to ensure that technology helps their businesses run efficiently and effectively and that their networks are protected. That’s a heavy undertaking for any business, but especially for healthcare organizations, as medical professionals rely on a bevy of computer devices (including their own.) These devices have become high targets for threat actors who are increasingly attacking endpoints (laptops, workstations, and mobile devices) to break into networks of healthcare and financial institutions.

The FBI recently issued an alert following a highly publicized attack on a US hospital group that warned healthcare companies they are being targeted by hackers.

"We are seeing an increase in attacks within healthcare," said Ann Patterson, senior vice president and program director of the Medical Identity Fraud Alliance. "The healthcare sector’s security and privacy controls differ from more secure industries, such as financial services, and [healthcare organizations] may be easier targets."

Why is healthcare so attractive to threat actors? A few reasons.

  • Nation states are after the intellectual property of medical equipment and pharmaceutical companies so they can copy their products and sell them more cheaply.
  • Threat actors are also after personal identifiable information (PII) of healthcare providers, which attackers use to open up new credit card accounts under the names of patients. That PII includes a patient’s name, address, phone number, Social Security number, date of birth, and billing information.

Because it is often difficult to evade network detection devices such as firewalls and intrusion detection/prevention systems (IDS/IPS), attackers are going directly to the end user via phishing or watering hole attacks to break into networks. The trusting souls who click on the links or attachments inside these emails have no idea that when they do, that malware is automatically downloaded.

While there have been new innovations in protecting the network from outsiders, there’s been a dearth of innovation in endpoint security technology. Since antivirus (AV) software is not very effective, it has become quite easy for attackers to infect endpoints. Defenses for endpoints are still mostly malware-signature based, so threat actors run pre-attack tests to see which signatures are being detected and which ones aren’t.

This ploy has worked so well that attackers sell their testing services to other attackers, running a service similar to that of VirusTotal, which scans malware for detection rates. However, unlike VirusTotal, the threat actors don’t share the results with AV vendors.

With about 200,000 new pieces of malware being created each day, according to Kaspersky Labs, and much of the malware being polymorphic, signature-based threat detection methods can’t keep up with the pace of new malware creation.

It’s hard to keep endpoints, especially personally owned endpoints, up to date with the latest patches. There are more applications than ever that people download onto their devices and all these applications have flaws, making them easy targets for attackers. Additionally, Web-based technologies are being designed so users can do anything over the Web using HTTP or HTTPS, which subverts perimeter-based controls and makes the Web an easy way to deliver malware.

With the Internet of Things (IoT) growing daily, the front line of attack has moved from servers to the endpoint. This year alone, IDC expects shipments of smart-connected devices (PCs, tablets, and smartphones) to surpass 1.7 billion units worldwide. Organizations are being attacked via their endpoints, yet have no idea they’ve been compromised.

The average time it takes for organizations to discover they have been compromised is 229 days and 69 percent of the discoveries are made from outside sources, such as federal authorities, the FBI, or private security companies.

An organization must be able to see all activity taking place on the endpoints so they can remove attackers as soon as they enter the network. The only way an organization can know whether it has been compromised is to continuously monitor the network and the endpoints. It needs to see what’s going on at the endpoint and tie that to what is going on across the network. Anomalous activity must be spotted as soon as it occurs.

An organization should be able to determine what happened when the affected system ran, who the system communicated to, what changed on that system, what the lateral movement was, and what tools were used. Endpoint activities should continuously be collected and logged. The information should be fed into a system that takes an end-to-endpoint view of all that has occurred, providing full visibility into a network. Organizations can then take that information and adapt their infrastructure, user training, and applications accordingly to defend the network.

As soon as anomalous activity is spotted, an investigation should be initiated. If the investigation reveals that an endpoint was compromised, the system can provide a blueprint of all activity that has occurred, and all activity as it is occurring, so the threat can be contained as quickly as possible.

The 2014 SANS Health Care Cyberthreat Report found that endpoint devices not only provide challenges for securing them and the network they are connected to, but also for recovering from an incident. Continuously scanning endpoint devices that are connected to a network can tell an organization exactly where the infection is hiding in the endpoint and how to remediate it. Breaches can often be remediated without being wiped or re-imaged, alleviating the possibility of inadvertent data loss during a wipe.

Work stations are critical attack vectors, and organizations that have a multitude of high target endpoint devices must always be on high alert for attacks. For now, there is only one way to do that. Gartner calls the solution Endpoint Threat Detection & Response, also known as Advanced Endpoint Threat Detection. It should be mandatory for any organization that needs to protect its business.

Jeff Multz is director of North America Midmarket for Dell SecureWorks of Atlanta, GA.

Readers Write: The Engaged Patient – Are They Really?

September 12, 2014 Readers Write 8 Comments

The Engaged Patient – Are They Really?
By Helen Figge


Sorry to be the bearer of mediocre news, but despite the growing conversations around the value of engaging patients in their own healthcare, the term “patient engagement” is a really cute flavor of the month healthcare buzz phrase.

Many seem to be confused by what “patient engagement” means. It lacks a standardized approach to its interventional aspects or for a better sense rules of engagement.

The major thrust for patient engagement legitimacy comes in most part to the expansion of health insurers rewarding providers based on services that support the improvement of a patient’s health and wellbeing. Likewise, the anticipation that engaging the patient will reduce the utilization of healthcare resources plays into this concept. Finally, healthcare providers were vocal concerning the 10 percent patient engagement threshold originally mandated in Stage 2 of Meaningful Use and these “squeaky wheels” enabled a pushback to 5 percent.

The legitimacy behind engaging the patient appears evident because investing in the healthcare consumer who utilizes our healthcare resources (you and me) and turn creating healthier assets is the overarching goal of better health. This in turn fundamentally assumes we lower costs of healthcare. So, from this point of view, “investing” in consumers of healthcare and helping them to be more effective partners in our own care makes good sense practical sense, right? 

One would think and hope so. Based on several research sources, it is indeed possible to meet the requirements to support these patient initiatives through various technologies on the market today, like the patient portal, yet only a small percentage of providers are currently supporting these efforts.

The basic question is how do we engage patients to want to stay in control of their own health’s trajectory? What motivates and stimulates and excites someone to want to get and keep control of his or her own health destiny?

This is the one question gone awry, because the majority of consumers consistently participating in their health is quite low, with the majority of less than 5 percent consistently engaged if at all in their healthcare. Many practitioners are finding out that each and every one of us is motivated by something different when it comes to our own healthcare.

My dad was a great example of a non-compliant chronic disease sufferer who, when he felt better stopped taking his meds. Only when his blood glucose reading recordings were hooked up to his senior citizen daily calendar for dating (he was 87) did he remember to record his blood sugar readings for his care coordinator. One could say my dad’s health was directly stimulated by his desire to see which eligible senior citizen lady friend was going to the senior center that night for bingo.

In order for any patient engagement opportunity to be successful, each and every engagement might have to be customizable with each step in the care process to create a meaningful role for patients and their families and specifically tailored in such a way that helps patients acquire the knowledge and skills they need to effectively manage their health and do so in a consistent manner.

We also need to realize that some patients are not prepared to take on any type of role in their healthcare and might not be able to cope with their various illnesses regardless of the enticement. This is oftentimes a concern with those suffering from chronic diseases, where they will need to engage for the duration of their lives to keep and maintain their health.

I equate this type of patient engagement to eating your favorite food every day until after a while, boredom sets in. Your favorite food loses its luster. You just stop eating it and substitute another. When patients are unable to manage these types of often complex tasks, the result is less control over a person’s health and well being and ultimately higher health care and human costs.

If patient engagement has a chance to really hit the numbers we hope it will, it is important to tailor the care and instructions a patient has to support that care. In healthcare, we tend to provide the same amount of support regardless of the patient population or skill set at hand. We always try to standardize approaches, which 99 percent of the time is great, but patient engagement is that 1 percent where it just can’t be done. This is the reason for the low numbers in patient engagement we are seeing firsthand today. Each patient needs to be motivated in his or her own way to accomplish the empowerment needed for successful personal intervention.

Finally, another point to consider in all of this when trying to motivate a patient to “engage” in their own care is that it cannot be monetarily based. Patients are not motivated by financial incentives direct or otherwise for long-term behavior change. It is documented that highly engaged patients with the skills and knowledge respond better to the monetary gains of engaging in their healthcare, while some less than enthusiastic patients accept defeat much easier and accept their disease states and the sequelae of them regardless of intervention and assume it is what it is and thus accept any increased cost incurred by the disease state to be inevitable.

So when considering patient engagement, consider the patient first and foremost because patient engagement is based on the patient’s active and sustained participation in managing their health. It is a marathon race, not a sprint. Only through this mechanism will this lead to better health outcomes.

Proactive action to change and maintain our health into productive health behaviors is the mainstay of the effort. At its center is the concept of taking an active role in our own health and healthcare. We know objectively it can be measured using various tools like the Patient Activation Measure (PAM). This testing helps to identify a patient’s engagement level and used as a tool for improving activation for health and wellness, although I’m not sure how helpful it is right now given the lower-than-expected statistics of patient engagement overall.

The evidence suggests that increasing a patient’s engagement in their own health trajectory can have an impact on controlling costs and helping patients to become healthier – to live longer with fewer complications. The problem is that no one has come up with a standardized approach as to how to engage a patient for long-term success to any disease resolution. 

Maybe we need to interview each patient and see what drives him or her to wake up each morning. For my 87-year-old dad, it was trying to find a date for bingo night at the senior citizen center. Only after he answered his blood glucose reading did the senior citizen screen pop up. Maybe we need to do something like this for each and every patient. 

Helen Figge, PharmD, MBA is VP of clinical integrations of Alere Accountable Care Solutions

Readers Write: State-Based Health Insurance Exchanges

September 12, 2014 Readers Write No Comments

State-Based Health Insurance Exchanges
By Jason Deck


I was invited recently to join a forum at Northwestern University to discuss the state-based health insurance exchanges (HIX). It included leaders of the state exchanges, legislators, consultants, insurance industry executives, and physicians. Topics included policy discussion, pricing and transparency issues, and growth plans. 

I came away with one resounding thought: there are an awful lot of very smart people working tirelessly on the challenge of ensuring that all Americans have affordable access to healthcare. It is inspiring to witness.

Christine Ferguson, director of the Rhode Island exchange, made a powerful statement: “Nothing like this has ever been attempted before. Ever.” She was referring to the task of overhauling the extremely complicated incumbent system of healthcare delivery by bringing together public and private sector interests, policy making, technology, and care providers. It is a daunting task.

How they did it depends on the state, all of which had to have some version of a working exchange in place and functional by October 1, 2013. Some states chose to build their own, while others partnered with the federal government’s Healthcare.gov. That was not a perfect process, but given the complexities and the timeframe under which these states were operating, I will posit that the result was a success.

Much of the discussion in our forum revolved around the way forward. Three key themes emerged:

  1. Integrated eligibility platforms
  2. Consumer outreach and education
  3. Financial viability

A key tenet of the Affordable Care Act is the insurance subsidy offered to individuals and families below 400 percent of the poverty limit. When individuals go to their state’s HIX to shop for and purchase an insurance policy, one of the early and important steps is to determine whether they qualify for a subsidy. Their eligibility is determined in part by first confirming the individual is not eligible for Medicaid. 

The insurance exchanges and Medicaid applications are not integrated except in a few states, so applicants must register themselves with the HIX, then go to Medicaid and apply specifically to be denied. They then receive a denial number to bring back to the HIX to continue their eligibility application.

Confused? Everyone is. Integrating these systems will deliver a quantum leap in the end user experience and ease of registration.

Which brings us to the second key initiative: consumer outreach and education.

The HIX executives who spoke at the forum agreed they had an early wave of low-hanging fruit their exchanges would enroll, but that they were quickly (and happily) working their way through that population. The next frontier is more difficult — small business owners and individuals with some resistance to buying health insurance.

To that end, the exchanges invest heavily in community outreach with sophisticated marketing programs, local offices, advertising, branding campaigns, etc. The results are promising. There was a productive conversation about which techniques are delivering the best results in new enrollment. Without exception, every HIX executive to whom I spoke named education and outreach as a top-of-mind concern.

On a related note, I was pleasantly surprised at the general tone the HIX leadership uses with regard to their constituents. They talk about improving the quality of the products and service, ensuring that call center wait times are kept short, and agents are trained to educate the customer. Many of these exchanges are organized under a government agency, but their leadership sure talks like private sector business leaders.

The federal government invested funds to build these exchanges, but not for their ongoing operations (there were more than a few jokes about the feds serving as the VC investor to the exchanges.) Jokes aside, the need to become financially solvent is a real issue and the audience proved creative in their approaches.

Many great ideas were exchanged, ranging from implementation of user fees, advertising strategies, use of insurer assessments, and excise taxes. While each state will ultimately land on its own model for its P&L management, the normal issues of operating costs, well-forecasted growth, and disciplined budgeting will be increasingly important to the HIX executives as they move from their launch phase into steady state.

The forum provided a great opportunity for many stakeholders in the development of state-based health insurance exchanges to discuss their progress, lessons learned, and ideas for the future. There will be bumps in the road to be sure, but we all have much to be excited about as the evolution to a more efficient and transparent health insurance ecosystem continues.

Jason Deck is vice president of strategic development of Logicworks.

Readers Write: Lessons Learned from the CHS Breach

September 3, 2014 Readers Write 2 Comments

Lessons Learned from the CHS Breach
By John Gomez

In early 2014, a group of security researchers began to suspect that some implementations of SSL — a commonly used method to encrypt data — were not as secure as the name would imply. Their thesis was rather elegant, actually more art than science, but fascinating just the same.

They hypothesized that although the cryptographic algorithms may well be secure and protect over-the wire data (data sent across a network) from prying eyes, the actual programming used to implement the algorithms may have flaws. If there was a flaw in the underlying implementation — such as how memory is managed, for instance — then SSL could become a tool for nefarious agents to exploit and compromise network security.

On April 1, 2014, two groups of security researchers (Neel Mehta of Google and Codenomicon) announced that such a flaw did exist in SSL, specifically in OpenSSL. This vulnerability came to be known as Heartbleed.

Within hours of the vulnerability being announced, sites around the world were compromised, including the Canadian Revenue Agency, Mumsnet in the UK, and others. Early estimates showed that well over a million sites and X.509 certificates were at risk of attack. On April 12, 2014, University of Michigan reported that a server in China had attacked a decoy server at U of M with advanced tools to exploit the Heartbleed vulnerability.

The revelation of the Heartbleed impact created shock waves. Some, like the Electronic Frontier Foundation, called it “catastrophic,” and Forbes columnist Joseph Steinberg declared, “Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.”

Within days of the disclosure, the Federal Bureau of Investigation released a private industry notice (or PIN) to the healthcare industry that stated, “The healthcare industry is not as resilient to cyberintrusions compared to the financial and retail sectors, therefore the possibility of increased cyberintrusions is likely.”

Flash back to February 2014, when a group of hackers known as Unit 61398 was suspected of launching cyberattacks against a variety of US industries, specifically the financial, transportation, energy, and healthcare sectors. Unit 61398 is believed to be, according to cybersecurity firm Mandiant, a top-secret unit of the People’s Liberation Army based in Shanghai.

Since February 2014, it has been learned that Unit 61398 is not specifically tasked with cyberattack missions, but it is believed to have developed highly sophisticated software and hardware tools that could be used for cyberwar, typically known as cybermunitions. Speculation is that these tools are made available to independent hacker groups for “testing purposes only,” although this has never been confirmed.

One such group believed to have gained access to these tools is APT 18, a well known and highly sophisticated group of Chinese hackers with branches in Shanghai, Hong Kong, Singapore, and the United States. APT is shorthand for a type of cyberattack known as Advanced Persistent Threat. APT 18 specializes in conducting those attacks.

It is believed that within hours of the Heartbleed disclosure on April 1, APT 18 started customizing the tools from Unit 61938. One they possibly created is a Remote Access Tool (or RAT.) A RAT works by using a carrier to gain access to network systems, usually by rather simple means. For example, a RAT can be deployed inside a network as a result of a user watching a video, reading an e-mail, or opening a file.

A highly common way of distributing a RAT is through a trusted third-party communication, which is typical in exchanges between business associates and covered entities in healthcare. A RAT could also be deployed to a medical device with a vulnerable call-home feature and network access.

The RAT allows remote control of a network, servers, devices, and much more. Just like a real rat, a cyber-RAT is infectious and can cause severe damage. The current thinking is that APT 18 targeted Community Health Systems (CHS) and successfully introduced a RAT before CHS could apply the Heartbleed patches to all of its systems. This is speculation, but highly probable.

It is also probable that APT 18 was successful because it had started targeting the healthcare industry in February 2014. Heartbleed was a fortunate development. It is also believed that CHS is not the only targeted healthcare entity and APT 18 may have compromised other healthcare organizations that may not have discovered the compromise yet. APT 18 may have used other vulnerabilities to infiltrate the CHS system, but for purposes of this article, we will continue to embrace the common thinking that Heartbleed was the key mechanism.

Criticizing CHS would be wrong. It acted quickly and there’s no evidence that it was negligent or dismissive. A better use of our time as an industry would be to learn from the CHS experience. The healthcare information technology sector is under attack by sophisticated enemies who will continue to persist their attacks on healthcare infrastructure as a means to undermine patient confidence in our ability to provide quality care and security.

We should be thankful that the CHS breach was limited to data because a RAT can take over an MRI, CT scanner, or EMR system to impact patient safety. Other cybersecurity researchers have demonstrated how to attack X-ray machines and other medical devices. The risk of attack on medical devices prompted the FDA to issue a memorandum on security to medical device manufacturers in June 2013. Although some manufacturers have responded to the memo in a positive manner, some have ignored its warning.

The most important lesson we can take away from the CHS breach is that we as an industry, to echo the FBI PIN, are “…not as resilient as other industries.” Which leaves us with the question: how do we improve our security stance and become more resilient?

Security takes money and a lot of it. There is no way to sugarcoat that fact or to make it more politically correct. NBC News recently reported that the annual cost of healthcare breaches is approximately $5.9 billion. Being secure means educating the board of directors and making it a core investment of the healthcare organization. There is no cheap answer or strategy.

Then, consider how to become aggressive about cybersecurity. Not assertive, but aggressive. Here’s an analogy.

Think of a healthcare system as a castle. Castles had multiple layers of security — intelligence, physical deterrence, internal and external defensive tools and strategies, propaganda, community allegiance, and, “Oh, crap, everything has failed” plans.

The safest castles — the ones that truly focused on protecting their inhabitants, allowing them to pursue a happy and high quality life — had the best layers of coordinated defense and offense. The castles that simply deployed the basics — a moat, drawbridge, some pots of tar, and maybe a few archers — soon learned that a persistent and determined attacker, like APT 18 or others like them, would eventually defeat these strategies.

In today’s terms, that means if you have firewalls, intrusion detection, penetration testing, DLP and similar tools, and policies and procedures, you either have been breached or you will be breached, just like the simpleton castle that did only the basics. A Level III castle.

If you take things up a notch, maybe employ a CISO, get advanced tools, and offer community education and compliance monitoring, you’re on the right track. Still, the odds are that you will get taken out. Your castle is a bit more sophisticated as a Level II castle. You added some alligators to the moat, armed the citizens, and took survival a bit more seriously. A good job, but you could do better. You are assertive, not aggressive.

The best castles invest in leading edge tools, form regional security councils to share ideas and help each other, create crisis response plans, educate their business associates, and use tools for real-time compliance monitoring, data discovery, classification and categorization, and locking down medical and mobile devices. This is a Level I castle. Just like in medieval times, it has not only strong external defenses, but also internal mazes, secret passages, trap doors, nightingale alarms, and have remote forces that can respond at a moment’s notice to surround the enemy.

It’s true that someone can get into even a Level 1 castle, but a Level I castle will survive longer than a Level II or III castle. In fact the odds are that a Level I castle will repel attacks and be standing after an APT or coordinated persistent attack.

If you had to put your family and loved ones in a castle that was going to be attacked, you would choose the Level I castle. You would do anything to safeguard the lives of those you love. In this day and age and within our industry, cybersecurity is not about privacy any longer. It is about safeguarding patient lives.

It doesn’t matter how the CHS attack happened. It is a wake-up call. Vendors, providers, and allied health entities need to build a Level I castle because they are at risk of coordinated and focused attacks. APT 18 is just one of hundreds of organized entities and thousands of independent attackers who are targeting healthcare and your castle.

To give you an example of how the stakes have been raised, ISIS (yes, the Middle East terror group) has several hundred computer programmers and hackers on their payroll. Take a few moments to let your mind wander about the damage a group like ISIS could cause to your castle. Some of those attackers will be happy with just taking data, while others won’t be happy until they take a patient’s life. 

CHS has shown that life for all of us in healthcare information technology has changed. The only remaining question is, whose castle will be next?

John Gomez is CEO of Sensato of Asbury Park, NJ.

Readers Write: Lessons on How to Survive in Healthcare

August 14, 2014 Readers Write 3 Comments

Lessons on How to Survive in Healthcare
By Nick van Terheyden, MD


From Samsung to Google to salesforce.com, the flurry of tech companies making a healthcare play over the past few months has left me both excited and dismayed. Excited because these companies have, in their own ways, revolutionized the way people interact with technology. Dismayed because of the steep hill they must climb and their battle to truly make their mark in the healthcare space.

We’ve seen it before. Tech companies dipping their toe in the water and then jumping back when they start sinking ankle-deep and losing their footing. From my 25+ years sitting at the intersection of medicine, technology, and policy, here’s my advice to these tech giants looking to make their mark in healthcare.

  • Get out of your comfort zone and consider the clinician. One of the biggest misses for these tech companies entering into healthcare is they’re expecting the patients to drive the revolution. That’s where they’re comfortable – with consumers. But so much happens on the clinical data side that needs to be factored in. Data needs to flow both ways. Even more importantly, doctors and nurses are drowning in a morass of technology and data that in many ways is hindering their ability to do their jobs effectively and with the passion they had when they entered the field. Add on the fact that working with and interpreting information gathered by a clinician about patients is not a pure art or science. That makes it hard to create consistency in working with it. While a patient app, sensor, or portal is nice, any company entering into healthcare needs to pay as much attention to the clinician as to the patient.
  • Build trust. We’re not making widgets. Google can’t mine healthcare data the way it mines ads and shopping data. It’s one of the major reasons they’re feeling the pain — it doesn’t fit into their core business. Healthcare data comes with all sorts of security and regulatory challenges, but even more important is that the healthcare consumer is a different kind of consumer and implicitly trusts their healthcare professional. They are already wary of ads targeted to their own needs – layer in data about their prostate exam and it becomes even more personal and they’re on the defensive. People interacting with the healthcare systems are typically vulnerable, stressed, and sometime scared. They need to trust their sources. Companies like Apple and industries like banking have built enormous trust with consumers, but replicating that in healthcare requires a different approach.
  • Stop looking for standards and release data from hostage. For these companies to be successful, they need to learn to operate outside of the world of data standards. Google was wildly successful moving into email, successfully because the iMac and Simple Mail Transfer Protocol (SMTP) made it easy. There’s no such advantage in healthcare. There are so many variations of standards – from Health Language 7 (HL7) to Clinical Document Architecture (CDA) to the Continuity of Care Record (CCR) and Digital Imaging and Communications in Medicine (DICOM) – that even when they do exist, they’re insufficient for sharing. But there may be an opportunity for Google or another company to actually create a new standard and have it take off. While Google is good at navigating and working with large amounts of data (i.e. Google Maps is constantly updating itself to have the most accurate information), the truth is that patients are ultimately going to own their healthcare data. For anything to change and for progress to be made, it all needs to be easily shared. How companies can turn a profit from shared data remains to be seen.

The more innovation in healthcare, the better for all of us. We need it more than ever. But any new entrant into the space needs a little Healthcare 101 to be successful and to make a difference in the lives of patients, clinicians, and their caregivers. 

Nick van Terheyden, MD is chief medical information officer of Nuance Communications of Burlington, MA.

Readers Write: The Looming Leadership Shortage

August 14, 2014 Readers Write 3 Comments

The Looming Leadership Shortage
By Frank Myeroff


Executives all the way up to CEOs and CIOs are expressing concerns about the looming leadership shortage in the US and around the globe. Because this shortage will hinder business growth, companies are in hot pursuit of professionals who demonstrate leadership potential at a greater rate. They are also willing to invest more resources in leadership programs. In fact, a survey conducted by The Conference Board and Right Management (talent, career, and management experts) indicates that businesses plan to spend 37 percent more on leadership programs this year than they did in 2013.

We’ve identified 10 principles of successful leaders:

  1. Vision. A leader has the ability to share a dream and direction that inspires others to follow.
  2. Trust. Without trust, vision can’t happen. A leader must walk the talk in order for people to give up what they know and venture into the unknown.
  3. Participation. A true leader can unleash the potential in others and get the best from them as they work to accomplish company initiatives.
  4. Learning. Leaders have a thirst for continuous training. Applying this knowledge creates real customer value.
  5. Respect. True leaders respect and have a deep appreciation for people’s differences, and as a result, are able to cultivate more committed employees.
  6. Innovation. Creativity and innovation are essential elements to building a successful company. Leaders need to express original ideas and ingenuity to motivate and inspire others to follow suit.
  7. Honesty. The hallmark of a good leader is integrity, honesty, and morality. We need leaders who have a deep sense of purpose and are true to their core values.
  8. Community. Today’s leaders need to be measured over and above the success of the company. They need to do for others and show involvement in their community.
  9. Courage. An effective leader must have the courage to see difficult situations through to the end and accept responsibility for the outcome of decisions.
  10. Selflessness. Leaders should be servants who facilitate the success of others. They spark action in others by seeing the value of others. In return, others start to think more highly of themselves and their abilities.

Today’s leadership training programs extend well beyond traditional classroom instructor-led activities. More resources are being allocated to a full spectrum of leadership learning initiatives.

  • Coaching. Often senior managers will serve as coaches to develop the capabilities of high-potential performers and help them achieve explicit workplace objectives and goals. Coaches have a vested interest in improving specific skills and interpersonal relationships that pertain to specific jobs because it impacts the company’s bottom line.
  • Action learning initiatives such as business challenges and simulations. Action initiatives enable trainees to jump right into the real world of upper management. Most business simulations are used for business acumen training and development. Learning objectives include strategic thinking, financial analysis, market analysis, operations, teamwork, and leadership.
  • Critical thinking and cognitive ability assessments. Administering these types of assessments will measure the learning capacity as well as the problem solving and decision making ability of an individual.

The bottom line is that the demand for quality leadership in the US and around the world is expected to far outpace the supply. Organization should identify potential leaders and implement new and effective leadership training programs in order to stay competitive and improve performance of both people and the company.

Frank Myeroff is president of Direct Consulting Associates of Cleveland, OH.

Readers Write: For Small Practices, The Time Is Right for Business Intelligence

August 14, 2014 Readers Write 1 Comment

For Small Practices, The Time Is Right for Business Intelligence
by Matt Barron


Small medical offices are dealing with increased patient volumes, Meaningful Use, Accountable Care Organizations, ICD-10, and declining reimbursement. Accordingly, physicians are spending less time with patients and more time dealing with the noise that surrounds the business of medicine.

Many small practices already have a critical solution at hand — they just need a better way to access and use it. The solution is big data, a trendy term for all the digital information medical practices already have in the form of electronic health records, billing records, practice management information, and more.

The trick is that big data alone doesn’t do much, and until recently, the software that small medical practices need to turn all that data into meaningful business intelligence was too expensive and difficult to use.

Now business intelligence software is more advanced and ready to address the needs of small medical practices that have  been wary of adopting cutting edge software because it was too costly and cumbersome.

Let’s take a look at a few ways BI software can help boost the financial health—and the quality of patient care—at small practices:

  1. Market segment analysis. To help practices find and generate more revenue, the latest software enables geographic analysis that determines where patients are coming from so practices can better target their marketing efforts.
  2. Claims management. Advanced tools make it simpler to increase first-time reimbursement capture and support follow through on denied and underpaid claims.
  3. Financial overviews. Financial overviews and details on the state of the practice are available in seconds with automatic comparisons to key performance indicators. Physicians can view revenue cycle performance, and find out how many days it takes to collect on accounts receivable. Armed with this information, they can institute best practices, make comparisons among various payers, and increase the overall productivity of their practices.
  4. Compliance support. The latest business intelligence software is designed to work with and address new requirements and regulations. It’s ICD-10 compliant and can be used to track progress toward demonstrating Meaningful Use and earning stimulus money.
  5. Individualized patient care. Physicians can create customizable health plans to manage patient conditions based on demographics, diagnoses, lab results, and more. They can check on whether the plans are being followed, automatically determining whether patients had their tests taken and viewing the results. By setting up alerts and reminders, physicians can also see which patients are most prone to a chronic disease, how many risk factors they have, and what actions can be taken to successfully manage the disease or avoid it altogether.
  6. Aggregate patient care. Physicians can track patient health trends over time and send reminders to patients automatically, providing medical advice and suggestions. On a broader level, the latest software makes it possible to uncover patient population trends and spot disease outbreaks, even determining by ZIP code which population segments are most at risk.

Today’s business intelligence software is more powerful, more affordable, more secure, and far easier to use.

Matt Barron is COE leader of business intelligence and consulting at ADP AdvancedMD of South Jordan, UT.

Readers Write: Make It Happen

August 6, 2014 Readers Write 4 Comments

Make It Happen
By Mike Carr


I’ve been in healthcare IT for more than 25 years. While I’ve known and appreciated the impact we have on people’s lives, I had a recent personal experience that made me see the impact of what we do firsthand and reminded me of why we do what we do.

Unfortunately, my mom suffered a severe stroke in June from which she never recovered.  I was at the hospital with her for almost six days.  During that time, I got to know the nursing staff, therapists, neurologists, and palliative care team pretty well. This was an amazing team of healthcare providers and the best I’ve seen in all my years in healthcare – every one of them. They all treated my mom like she was part of their family. 

The entire palliative care team took the time to meet with our family to explain that my mom probably wouldn’t recover and the options we had. Almost everyone, including the chief neurologist, had tears in their eyes. This amazing group of people really cares about their patients.

During my mom’s remaining time in the hospital, all of her medical information, including any significant changes in her condition, was available to me whenever I asked. The EHR, PACS, etc. was all at her bedside. 

On one occasion, when I requested that she get additional pain medication beyond the standing order, the nurse immediately entered the request into the system. The doctor approved it and entered the order from his mobile device and my mom had her medication from the medication cart in about five minutes. To make that possible, someone understood the importance of a patient getting pain medication quickly, reviewed the relevant processes, integrated those systems, developed the workflows, and implemented the technology to make it all happen. 

I think it’s important, on a daily basis, to keep in mind why we do what we do and our role in making it happen. The medication order example is just one small example of how we can help improve patient care, but it made a huge difference for my mom at the time. The recent experience my family and I had with this amazing group of healthcare providers and their ability to effectively use technology to make decisions and treat patients made a very difficult time a little easier.

Shortly after my mom passed away, someone sent me this. I think these are pretty good words to live by.  


– Regina Brett

The one thing I would add: and make it happen. By understanding the importance of what we do and its impact on patients and clinicians, we can take the steps to review the processes, integrate the systems, develop the optimal workflows, and implement the technology to make it all happen.

Mike Carr is director at Aspen Advisors of Pittsburgh, PA.

Readers Write: How to Actually Get Patients to Engage with a Portal

August 6, 2014 Readers Write 9 Comments

How to Actually Get Patients to Engage with a Portal
By Zach Watson


From increased interoperability requirements to percentage benchmarks for online patient usage of digital assets, Meaningful Use Stage 2 has several requirements that are making eligible professionals sweat. Let’s address the latter of the two.

From a high-level view, getting more than five percent of patients to download, transmit, or view health information online should be low-hanging fruit. But as the Mayo Clinic famously found out, simply creating this type of functionality doesn’t guarantee engagement. Of a reported 240,000 patients who signed up for portal accounts, less than 12,000 had actually logged in 2013. In contrast, Nashville’s own Vanderbilt experienced significant success with getting patients to interact with their portal. During 2012, they reported 193,969 unique logins.

And for truly outrageous engagement numbers, one need look no further than Kaiser Permanente. A reported 4.4 million of Kaiser’s 9.1 million members use the online portal.

Meeting Stage 2 engagement requirements is doable. The disconnect arises from providers simply implementing technology without truly integrating it. Online portal access should be introduced in the context of the patient-physician relationship, not as an extra feature that patients can access should the compulsion strike.

Here are three actionable methods for crossing the five percent chasm:

  1. Get a mobile app. It’s well known that electronic health record functionality varies by product, so it’s natural that patient portal capabilities will too. Part of granting patients greater access to their medical records lies in the intuitiveness with which they can retrieve said information. If they are asked to type in a username and password from the web browser on their phone, it’s unlikely they’ll go through the trouble. Mobile applications are becoming standard across all business verticals because they are formatted for ease of use. If a patient portal doesn’t come with a mobile app for patients to download, the physician implementing it should demand one. Kaiser launched their mobile app in 2012. Patients downloaded it over 450,000 times last year.
  2. Do a walk-through. Patient satisfaction is inherently tied to interaction with the physician or other clinician. To create an environment in which patients will be receptive to new information, have a knowledgeable staff member walk patients through how to login and use the portal. Explain the benefits of scheduling appointments and refilling prescriptions online. Perhaps even have the patients navigate the portal for 60 seconds or so to make sure they’re comfortable finding all the information. Will this affect clinic time? Yes. Will it help meet Stage 2 criteria? Absolutely.
  3. Create some marketing. It doesn’t have to be anything too spectacular, but some signs in the waiting room detailing the benefits of patient portals can certainly spark some interest from patients who are waiting.

This type of online access isn’t unexplored territory. Patients already enjoy this freedom with their bank accounts, credit reports, and so on. They want to be able to schedule appointments online. Make sure they know that they can.

Who knows, maybe they’ll download the app while they’re in the waiting room.

The key is to embrace patient portals – and other information technology for that matter – as a foundational element to the way healthcare works going forward. It’s already a reality. Patients simply need to be shown how easy it is to use.

Zach Watson is an analyst at TechnologyAdvice of Brentwood, TN.

Readers Write: Why Payers Are Seeking More Consumer “Likes”

August 6, 2014 Readers Write 1 Comment

Why Payers Are Seeking More Consumer “Likes”
By Scott Rotermund


It’s no secret that payers are not well liked among consumers. In fact, recent data shows that only seven percent of consumers trust their health plan, only slightly better than the likes of oil and tobacco companies.

Additionally — and maybe even more importantly — when looking for health advice, only 18 percent of consumers turn to their health plan, which is startlingly close to employers at 12 percent. With a reputation for being stuck in concrete towers locked away from the real world, health insurance companies are increasingly working to connect with consumers and up their likability.

In their defense, health insurance companies earned a sour reputation of being the evil ogre denying claims because of how the market defined their role. It was a check and balance in the clinical system of physicians prescribing care and health plans assessing the value of it.

Now, with the rollout of Obamacare — be it good or bad — the payer’s role has changed along with its business model. Health plans are looking at the entirety of their populations rather than those seeking treatment. That is going from the 15 percent of its population that is in the “sickcare” system at any given time to 100 percent of the population, a startling and overwhelming change.

This shift is driven by the moral and economical desire to 1) prevent people from sliding into the sickcare system by keeping them healthy, and 2) build brand loyalty to retain low risk members. Retention is a primary focus for health insurance organizations, as the health insurance industry is now similar to the car insurance industry. People can shop around and receive premium reductions for good health just as they do for good driving. Innovating and transforming the customer experience is more important than ever as consumers are empowered to choose the payer of their choice.

How does an entire industry change its reputation from being the school principal to class president? It starts by building an emotional connection and providing something that genuinely impacts their life. It’s not passing out free one-size-fits-all t-shirts, but connecting with consumers on an individual level and getting them to take action.

Playing a more active role in optimizing consumers’ health is a huge leap for payers and inherently may not be immediately welcomed by consumers. Here are some down and dirty tips for health plans looking to become the cool kids in healthcare:

  • You can’t appease the masses. Take a personalized approach to supporting consumers in achieving their health and wellness goals. Similar to what we are seeing in the clinical setting with personalized medicine, personalized healthcare will have a greater impact and results. This is challenging when you managing a population of millions, which leads into the next tip.
  • If it works … partner with it. Some national plans have allocated millions into wellness and prevention programs and have not seen significant uptake. Take a card from cross industry collaborations like Apple and Mercedes and forge partnerships with companies that already have the asset or relationship you are looking to build. Companies that have a consumer mindset and can deliver an experience that may be outside a health plans’ expertise. Today’s on-demand, multi-mobile consumer expects to have a solution that speaks directly to them, about them. By leveraging a health optimization platform to deploy a personalized, interactive experience, payers have an effective and efficient way to support consumers in improving their health. Plus, a true integration platform will allow payers to plug in existing programs such as video health coaches or other digital resources so those investments to date pay off too.
  • Provide optimal rewards for optimal health. While one may assume that it’s human nature to take care of yourself, its been proven that incentivizing consumers for healthier behaviors pays off for everyone. In a recent survey, 96 percent of consumers said they would be healthier if rewarded. From premium reductions to badges, incentive-based tools can be the extra motivation consumers need to make a healthy choice or address chronic decisions. Payers can build a more “rewarding” relationship with consumers by celebrating both participation and outcomes with their members.

These activities are helping payers power up their relationship and the health of their population. Consumers will soon view their insurers as health advocates guiding them through an increasingly complicated healthcare system and toward a healthier way of life. 

Scott Rotermund is co-founder and chief growth officer of Welltok of Denver, CO.

Readers Write: From Rice Fields to Big Data

July 30, 2014 Readers Write 1 Comment

From Rice Fields to Big Data
By Ping Zhang


My journey into technology was a long road. The first 15 years of my life were spent in the Hunan province in rural southern China. My family had no running water, and more often than not, we went to bed hungry.

At five, I started working with my father in the rice paddies. I planted rice seeds while my father manually built rice rows and dug irrigation canals. Everything was done by hand. It wasn’t until I was 11 that I saw my first technological advancement — a tractor — on my way to school.

At age 15, I rode on a train for the first time on my way to college. It was only then that I realized the promise of technology and how it could save my father’s back and hands from the brutal years of manual labor.

My passion for mathematics helped me earn my bachelor’s degree at 19 in China. After the 1989 events in Tiananmen Square, I decided to try to migrate to the United States. In 1990, I landed in Fayetteville, Arkansas with only my bags and a hundred American dollars to pursue my PhD at the University of Arkansas at Fayetteville. My wife followed soon after.

Eighteen months after moving to the US, I had my first experience with the American healthcare system. Early one Friday evening in 1992, my wife suddenly felt a sharp pain in her stomach. We rushed to the emergency room. We waited and waited – and waited some more. Three hours later, she was finally seen by an OB/GYN doctor.

It turned out that she had an ectopic pregnancy. She had been pregnant, but the fertilized egg had become lodged in one of her Fallopian tubes. Two liters of blood had accumulated as she waited for treatment. She had come close to losing her life.

The next day, the doctor cleared her for discharge with a clean bill of health, leaving us with a bill of a few thousand dollars. One of her Fallopian tubes had been torn open and the other had become so clogged with lost blood that it would likely permanently block any egg. We were told the chances of her ever having a child were slim.

The experience was shocking, scary, and life altering. Thankfully, after years of infertility treatments, she was able to give birth to two beautiful boys.

That horrible experience was over 20 years ago, but I still remember it like it was yesterday. Part of the reason is that I have spent many of those past 20 years working within the healthcare system to change it myself. I want to share three key lessons I have learned over this long journey.

The quality of healthcare is too low

The state of service in American healthcare is far below where it needs to be and where it could be, especially with its skyrocketing costs. But what if our healthcare system operated under a free competition model, much like the retail industry? No department store would ever have its customers regularly wait for hours in line to buy its products – because no one would go to that store any more (and they would book it in the other direction with haste).

Under a similar system for healthcare, providers would have to work much harder and more effectively to attract and adequately serve consumers. Open competition would lead to greater efficiency, lower cost, better quality of service, and more choices for consumers.

More innovation and disruption

Innovation and disruption must be encouraged. Over the past two decades, I learned about the underlying principles of world-class innovation from Silicon Valley. I had mentors who constantly encouraged me to break out of the box, experiment, and try something new and different. Healthcare is clearly not where it should be. We must find a better solution for something as vital to societal and individual wellbeing. Healthcare still needs a Steve Jobs and Apple-like innovation revolution to make it more clinically effective for the consumer and cost effective for all.

For example, what would healthcare look like if we could receive updates and monitor our health through a Fitbit device or health app the same way we receive ESPN notifications on an iPhone today? What if technology motivated us to pay the same amount of attention to our health as we do with our social media networks, and with the same ease? These are the simple concepts that will help us all live longer and save hundreds of lives.

Top-down is not enough; consumers need to become more invested

Consumers themselves must do more to control their own outcomes. As an immigrant to the US, I knew that I had to work much harder than my peers to succeed. Consumers today should adopt a similar drive and approach to their health. Rather than waiting for doctors to treat and prescribe “fixer” medications, we need to work more diligently to lead healthier, more proactive lifestyles – and we have the information and technology to do so at our fingertips.

What was once monopolized by professionals with years of training (and extremely costly) is now available at the nearest Best Buy or app store for just a couple of hundred dollars — or nothing at all. Look to wearable biometric devices as an example; those gadgets can accurately monitor an individual’s health, diagnose risky behaviors based on behavioral research from big data findings, and provide information on how to live a healthier, lower-risk life.

I am thrilled that my sons get to reap the benefits of a wonderfully innovative country that is slowly, but surely, transforming its healthcare system for the better. Sooner rather than later, as my boys grow into husbands and fathers, we will move past the times when emergency care is almost as painful as the medical ailment that necessitates the visit. And if we don’t, we’re doing something very wrong.

Ping Zhang, PhD is SVP of product innovation and chief technology officer of MedeAnalytics of Emeryville, CA.

Readers Write: 20th Century Man

July 30, 2014 Readers Write 4 Comments

20th Century Man
By Barry Wightman


"I work in healthcare during the day, then I go home to the 21st century."

Dave Levin, MD, founder/CEO of Tres Rios Group (@DaveLevinMD), uttered these stinging words at last week’s OnBase + Epic User Forum in Cleveland. Thanks to our friends at Nordic Consulting (@Nordicwi), who tweeted this in real time on the jungle network raising, I’m sure, a knowing smile on many a grey-haired regular Joe technology type such as myself in health IT-land. Now, I’m not here to comment Dr Levin’s presentation, but with that tasty, snarky comment, he hit on something I’ve been wanting to get off my chest for a while now.

It’s all déjà vu all over again.

And it starts with an old Kinks song.

No, really.


Good old Ray Davies, on the fine Muswell Hillbillies elpee of 1971, sang, “I’m a 20th century man but I don’t want to be here….” (cue chiming guitars and thumping drums.)

And here we are in healthcare’s 2014 and those words still ring true. And we’re faced with vast data centers that don’t interoperate well, processes and workflows that haven’t changed much since, well, let’s say the ‘90s.

Some folks complain about EHRs, saying they’ll never work – which is like attacking the telephone as a useless gadget in 1910. Yes, healthcare is conservative, slow to change, and it is a vast, terribly complex industry. But still.


See, I come out of the high-end computing and communications world of the last 40 years and we all know about the technology revolutions that came out of that time.

And it all had to do with the decentralization of power.

Power to the people.

Here’s what happened:

  • Big iron, mainframe computing was overthrown, or, at least changed forever by personal computing. The data center data processing IT gatekeepers of the ‘60s/’70s, the men in the white coats (not docs) lost their complete control. Big mainframe data centers were then called “glass houses” – complex and unknowable, sealed safely away from the actual user rabble. Then user peasants with pitchforks began throwing rocks.
  • Distributed processing was invented in the ‘70s/‘80s – in which mini computers and personal computers were bought by company departments, who, fed up by the long delays and general stick-in-the-mudness of corporate IT, took matters into their own hands. Lotus 1-2-3! Excel! WordPerfect! Soon, IT was surrounded. Some bit of chaos ensued. Luddites were outraged.
  • Interoperability became an issue. Can I get my 1980s IBM 3081 mainframe or Cray supercomputer to talk with all these blazingly fast minicomputers and those crazy PCs and their newfangled servers? Can I get this application to communicate with that application on a batch or maybe even real-time basis? Will this data jive with that data? Oh man. There was even a huge Silicon Valley trade show called Interop. Big business. You can look it up.

And, over time, it all began to work. Standards emerged: TCP/IP, the Open Systems Interconnection (OSI) Model, designed to facilitate application-to-application communications. Forums and user groups were founded. Requests for comments solicited. Hardware and software vendors cooperated. Open systems mostly won. Proprietary systems mostly lost. Not bad.

And new business empires were built. Microsoft, Cisco, Apple, and an endless army of startups who followed in their wake disrupted markets as they went, changing the world.

Fast forward to now. Healthcare. We’ve been there before.

Thing is we’re still there. Maybe about 1990. EMR/EHR monsters have emerged: Epic, athena, Cerner, et al. The big payors – you know the list. Crazy startups in new markets are bubbling under – population health, mhealth. And there are user revolutionaries out there – visionary clinics and system departments who are moving ahead on their own, confounding CIOs and IT (with whom I have much sympathy – which reminds me of another old tune).

And just like in 1990, with the World Wide Web just around the corner, then gestating in gov, mil, and edu domains, everything changed.

And we won’t have to live in the 20th century with the Kinks. (Not that that’s a bad thing.)

And Dr. Dave Levin will be happy.

And so will we.

It’s gonna happen.

Barry Wightman is VP of marketing of Forward Health Group of Madison, WI and the author of Pepperland.

Readers Write: Bench, Bonus and Bondage: The Sorry Side of IT Consulting

July 23, 2014 Readers Write 3 Comments

Bench, Bonus and Bondage: The Sorry Side of IT Consulting
By Mike Lucey


If I could lose 20 pounds, I would be ready to model swimwear. That’s a nasty image for those who know me, but if I were serious, hiring a personal trainer would make sense. Or better yet, a personal exerciser!

Why not both? One person to tell me what to do and another to go and do it. I might not get the results I want, but much less effort. Think of what I would save in sneakers and tee shirts!

This wacky logic seems to be in play in our industry when it comes to hiring consultants. When I moved into consulting, it was because I figured I had some unique smarts and skills that a hospital would need. Once my smarts became their smarts or my skills were no longer needed, off I would go to the next guy. For this I would get a nice rate and the fun of doing new projects.

But what I am finding is hospitals have some consultants who offer guidance, and then other “consultants” who do the work, work that hospitals really need to be doing themselves. Part of why this happens can be found in the way consulting companies can market their services.

Bench: To start a consulting company, scrape up a pile of resumes, format them nicely, and throw them at every hospital problem you hear about until some of them stick. Now you have consultants working. As these consultants roll off projects, they go to the Bench. Yikes! Good news: you now have consultants ready for the next project. Bad news: every hour they sit on the bench they cost money (until you pull the bench out from under them). A way companies can lighten the bench is to give bonuses to the consultants that are still working to find work for the benchwarmers.

Bonus: Let your working consultants know that they will get a bonus for every benchwarmer they place. This is where the worm turns. Now those consultants you hired to solve a problem are to some degree degraded or distracted by the incentive to be a sales guy. The inclination to teach a hospital employee how to solve the next problem conflicts with an inclination to pull in a colleague from the company. Good for these companies, maybe not so good for the hospital.

Bondage: With each additional placement, each incremental bump in the billable hours (and bump in that bonus income), the idea of ending the engagement becomes more ugly and the motivation to extend more attractive. It is stressful to see a project end and face the uncertainty of the next job, stress that is magnified with the addition of each colleague and the bonus income they represent. Suddenly maintaining my value as a smart guy may depend on maintaining a certain amount of client ignorance and so client dependence – knowledge bondage.

This is how you end up with a consultant who is not just the captain of your hospital softball team, but the batting champ three years running.

We consultants have a great part to play as our industry continues to change. We bring real value helping hospitals make decisions, helping them act on those decisions, and providing resources when big projects need extra hands. That value is based on smarts, skills, and experience that hospitals don’t yet have, but can gain with our input. 

When that value wanes, not to worry — I’m off to the next project. Or I always have the modeling gig to fall back on. (note to self: find my Ab-Master.)

Mike Lucey is president of Community Hospital Advisors of Reading, MA.

Founding Sponsors


Platinum Sponsors


























































Gold Sponsors












Reader Comments

  • Eat Bubbles: Just another bubble waiting to burst......
  • IANAL: They display pharmaceutical ads to doctors. Similar to how practice fusion made money but doximity has lower risk becaus...
  • DoximityDoubter: Though I was good at math in engineering school, my skills have obviously atrophied with the transition to medical train...
  • Neil Young Remembers: Judgement is okay in life and death matters like this, especially since tolerance and forbearance with guys like that di...
  • J Brody Brodock: I think the thing I am more concerned about than the belittling of a state or the "silly"ness of posting it on social me...

Sponsor Quick Links