Readers Write: Becoming an Influencer in the HIT Industry

Becoming an Influencer in the HIT Industry
By Frank Myeroff

With all the noise out there, you have to call attention to yourself and be known for something if you want to stand out. In other words, you need to brand yourself within the healthcare IT industry to become known as an “influencer”.

An influencer is an individual who has above-average impact on a specific niche process. An Influencer is a person who is well connected and who is regarded as influential and in-the-know; someone who can give advice, direction, knowledge, and opinions about that niche.

Here’s how to get started:

1. Find a specific niche. Focus on a specific topic within healthcare IT and be perceived as the “go-to person” for that topic. Also, try to go deeper within a niche. Can you specialize even more? Conquer one area completely and you will find that your audience will come to you. For example, you can become well known for the ability to disseminate government HIT initiatives or even international HIT news stories.
2. Invest 10,000 hours. In his book “Outliers”, Malcolm Gladwell says that you need 10,000 hours to get good at anything. Has healthcare IT engrossed you over the last decade to the point that you’ve invested 10,000 hours in becoming better?
3. Get in front with social media. In today’s world, social media is dominating, so it’s a good idea to use your name as a brand and promote it well. To be successful, you must build your brand using Twitter, Facebook, and LinkedIn.
4. Create a LinkedIn Group. This is a great way to engage like-minded professionals and attract new members and connections. LinkedIn Group discussions should be topical and timely as well as find answers to burning questions.
5. Start blogging. Write blogs that people find different, useful, and informational. As part of blogging, make a video or record a podcast. Also, think about how to be a guest blogger on other relevant blog sites. Be creative. Your goal is to provide meaningful content that will resonate with your specific audience.
6. Accept speaking engagements. If you’re comfortable in front of an audience and have the ability to be an interesting presenter, hit the speaker circuit. Trade shows such as HIMSS or other HIT business forums and summits usually have a call for speakers about a year in advance of the event. Make sure you provide a unique, timely, and interesting topic to be considered. In addition, offer to be interviewed by hospitals and healthcare IT publications. These can be of benefit by showing your credibility when vying for a speaking engagement.
7. Send press releases. Sending good content in a press release format can be powerful and will give you high visibility especially if sent through a distribution service such as PR Web. A PR Web press release can help you get reach and publicity on the Web and across social media. As a result, your press will be seen by a large number of journalists with HIT publications as well as provide SEO for your website or blog.
8. Create and run a seminar or webinar. Recently our marketing department attended a luncheon and seminar hosted by a trade show display house. The presentation was all about the hottest trends in the trade show industry. They did not try to sell us anything. Instead, they positioned themselves as the go-to people or thought leaders for the trade show industry. As a result, we trusted their knowledge and purchased a pop-up banner for our upcoming HIT shows, events, and summits.
9. Help others succeed. For each action, take a look for ways to partner and co-brand with other experts. There’s power in numbers. Also, when you gain the respect of other experts, you get the benefit of being referred to their contacts. For example, we know of an RN who is considered an influencer because he spends time helping other RNs to understand health policy, procedures, and technology. The information he provides is tried and true. The RNs trust his information, and in turn, they give him a louder and stronger voice. In other words, they became his brand advocates.
10. Be available. The more you get yourself out there, you increase your chances of being recognized and asked for your expert opinion. Make sure you’re easy to find. Always give publications, journalists, and prospective customers your contact information and let them know that you will make yourself available to them at their convenience.

Building your own personal brand and becoming an Influencer takes time and dedication. But if you establish yourself strongly in the HIT industry, in time you will be a sought-after resource and derive the visibility and long-lasting relationships you desire.

Frank Myeroff is president of Direct Consulting Associates of Cleveland, OH.

Readers Write: A Healthcare Tale of Two Continents

A Healthcare Tale of Two Continents
By Ted Reynolds

An interesting byproduct of growing up American is that we tend to view everything from one perspective – our own. That’s not surprising given our standing in the world and the influence our culture seemingly has.

Over the last year, I had the unique opportunity to work on a significant electronic medical record (EMR) implementation in Europe that forced me to look beyond my singular, American view. What a revelation! During my time working on this engagement, I learned to view healthcare differently and gained knowledge that has proven invaluable to my ongoing work stateside.

While there are some similarities, there are also striking differences in how the US and Europeans approach and deliver healthcare. I thought it might be interesting to compare and contrast these approaches so you can benefit as well from my journey across the pond.

Let’s start with the similarities. My main observation is that change is certain and swift in both the US and Europe. The status quo on both sides is giving way to new ways of thinking, partly driven by technology.

We have greater access to larger amounts of data today, and as a result, the unprecedented opportunity to improve care and outcomes while reducing costs. With healthcare costs continuing to climb in the US and economic recovery slow worldwide, we simply cannot afford to continue with the old models of care delivery.

My experience working in Europe gave me a unique “outside looking in” perspective on American healthcare.

For instance, the big US EMR wave has passed. According to the December 2014 HIMSS Level 7 survey, nearly two-thirds of hospitals now have computerized provider order entry (CPOE) and an EMR implemented. In this area, the US is well ahead of our European counterparts, so we have more patient data than ever before.

However, many organizations have yet to recognize the promised results out of these systems despite significant investment. The focus for US healthcare today has turned towards reducing costs, improving quality through performance improvement and optimization efforts, and making better use of the available data through analytics.

Another US trend is increased merger, acquisition, and affiliation activity among providers. I believe this will most probably affect the one-third of organizations that have not yet implemented new EMR technology. They will likely seek to join with (or at least establish an extended EMR relationship with) stable organizations in order to remain competitive and control costs. IT issues surrounding these new arrangements are enormous. Among the top concerns we’ve seen in these arrangements are the initial loss of control and resulting service levels from the hosting organization.

Finally, call it what you will — accountable care, population health, value-based care, pay-for-performance, etc. — rising healthcare premiums and deductibles will continue to drive the migration from fee-for-volume to fee-for-value. This change will have substantial IT implications – some known, others yet to be seen. Some of the most visible are:

• Health information exchanges (HIEs) or other forms of data interchange between disparate systems will no longer be a “nice to have.” The downside of our EMR implementation wave is that we now realize the problems associated with absence of real data interchange. This issue must be addressed if we are to recognize the full potential of electronic data.
• Data analytics become essential. The healthcare industry must unravel the data to information to knowledge to real action transformation in order to demonstrate value. Data analytics will help hospitals and health systems better understand and apply best practices to enable care standardization among providers – a key step necessary to thrive in a landscape heavy on bundled payments and other shared risk plans.
• Revenue cycle technology replacement and optimization will become an increasing priority as many were originally implemented in reaction to Y2K. These outdated systems cannot adapt to the variations and requirements that new risk-based contracts bring and must be upgraded to new, more flexible systems.

Conversely, the EMR wave in Europe has just begun.

Several large American integrated vendors are starting to work their way across the pond and into new markets. It will be interesting to see if they take some of the lessons learned in the US market (especially around interoperability) and apply them there.

Some of these transitions may be eased in a socialized medicine environment, which has one reimbursement model for an entire country – as opposed to the large variety of complex reimbursement models in the US. A single reimbursement model has the opportunity to significantly streamline billing.

Although the revenue cycle and financial applications in Europe vary greatly from those here in the US, the clinical workflows are very similar. On one of the large EMR implementations I worked on in Europe, the hospital used 90 percent of the American vendor’s clinical model workflows as-is.

On the other hand, Europe’s procurement cycle is extremely long, similar to that of US federal and state organizations. Given the rapid pace of change in healthcare today, I would expect to see Europeans accelerate that process over time.

Many European countries are ahead of the US in establishing national health identifiers and national provider registries. This puts them in a much better position to share data about patients across providers. They are also doing a better job of delivering high quality outcomes at lower costs.

Finally, due to the size of the various national markets, you do not see the proliferation of large, homegrown software vendors as observed in the US. This has made these countries targets for established American EMR vendors such as Cerner and Epic.

My takeaway from my time working in the European healthcare market and the opportunity to attain an “outside looking in” perspective on the US market is quiet simple. We both have much to learn and can learn a lot from each other.

Ted Reynolds is senior vice-president of CTG and is responsible for CTG Health Solutions. 

Readers Write: Patient Discipline, Or is it Simply Willpower?

Patient Discipline, Or is it Simply Willpower?
By Helen Figge

The dust seems to be settling a bit these days, with overwhelming sighs of relief about the redefining of MU2, ICD-10 continuing the saga onward but slower, and the unending chatter about the patient portal and how we need to get patients to use it in order to reap the benefits of the various regulations and mandates in place forcing doctor’s and caregivers alike to make us all healthier. Couple that to our worries that once we have the collected data, we then are able to analyze the data in a way that actually benefits the end user – you and me – the healthcare consumer. Just as worrisome is the safety of the data and its security.

The quandary to all of this at times is that we are still a very sickly society. More than one-third of US adults are obese. Obesity-related conditions include heart disease, stroke, type 2 diabetes, and certain types of cancer, which are some of the leading causes of preventable death. The estimated annual medical cost of obesity in 2008 was $147 billion, while the medical costs for people who are obese is about $1,429 higher than those of normal weight.

Surely we have many of the technologies in place to help counteract these serious statistics — various forms of health information technology solutions that actually can assist clinicians to take better care of their patients. The technology is in place, now we need to best utilize it, right?

One term continues to be said and that is patient engagement — engaging the patient to care, which is deemed as one of the cornerstones for healthcare success in making us healthier than ever before. The baseline theme common to many in the patient engagement framework is managing information and making it available to both the patient and care team in a manner that supports care decisions, improves bi-directional communication, and optimizes outcomes. This is the nirvana we strive to accomplish in healthcare, and we appear to be doing so as we move forward in time.

We are seeing more and more patient engagement opportunities available to the healthcare consumer. These are in the forms of weight loss programs, reminders to eat and exercise, Facebook clubs, and many other forms of enticing the patient to care.

Despite the benefits of patient engagement solutions and the investments currently being made, convincing the patient to care might be the more difficult aspect to all of this and will require innovation. Lack of health literacy in a large portion of the population, fragmented end-user market, poor access to healthcare, and security of patient data again stated are still hindering growth of this market to convince the patient.

These efforts boil down to one common thread: self-motivation or self-discipline by the healthcare consumer. Without the engaged patient, the various interventions prescribed by their caregivers will go unnoticed and fall short of the clinicians’ effort to effectively prescribe. But how do you self-motivate or educate a person on self-discipline and have it, not withstanding lifelong tendencies, become a normal part of one’s life?

I take myself as an example. I don’t know how many times on a cold, dreary day I rather would have laid in bed than get my running shoes on and take a quick two-mile run up and down the road before any of the neighbors saw me, thinking to themselves, “What is she doing out in the dark with a flashlight in this hour?” It’s because I work for a living and I had to fit my run in before work and before life started.

But in the end, I did it, and do so faithfully. I disciplined myself knowing it was good for me. The alternatives are less than appealing. Forget that the doctor that says it is good for your blood pressure and weight and bones or the envy or guilt often times put on us by our peers because they do it. I do it for me and the motivation comes from within, not someone reminding me it is good for me. That is the discipline we need in healthcare as consumers if all of these tactics to entice us to take care of ourselves takes hold.

In order for patient engagement to work and before entities heavily invest in programs and concepts to “educate” the consumer about their health, we need to get to the root cause of self-discipline. Someone needs to understand how we discipline ourselves to take care of our health. That is where sustainable healthcare lies for us now and in future generations — teaching us the discipline, and in turn, the next generation.

Eventually we will not have the ability to be reminded to take care of ourselves by an outside party. Funding may run out, people may tire of the phone call to eat right that day or sustain from a cigarette else you will end up on oxygen and die a slow and painful death. We will need to learn from these efforts via patient engagement tactics, and in turn, use those pieces of information to further our own reasoning of, “Why do I need to do it?”

Whether it is home glucose monitoring, INR readings, blood pressure readings, or any of the other mobile device readings, what we do with the data to infuse the practices into everyday life will determine the long-term outcomes of healthcare success. Determining the outcomes of all of the healthcare reforms, reimbursements, and penalties really come down to one simple fact: will the healthcare consumer heed their doctor’s advice, listen to directions, and follow the protocol to keep them alive, make them well, or to keep them well?

It boils down to discipline. Are you disciplined enough not to be reminded to take care of yourself, or are you like most Americans who need to be cajoled, bribed, and threatened in order to take control of your own health destiny? Only your self-discipline can answer that question.

Helen Figge is SVP of global strategic development for Lumira.

Readers Write: What is a Health Information Handler?

What is a Health Information Handler?
By Lindy Benton

Recently I received a query from a healthcare professional wondering about the definition of a “health information handler” and their benefits. I’ve long desired to do a presentation on the subject so as to discuss their reason for being, their importance. and how they tangibly serve health systems. Given the lack of awareness surrounding the topic, perhaps it’s an appropriate time for a refresher on the subject.

First, a little history. The Center for Medicare & Medicaid Services (CMS) manages the health information handler program. CMS defines a health information handler as “any organization that handles health information on behalf of a provider.”

Providers and hospitals usually engage relationships with health information handlers (as third-party vendors) so they — the providers — are able to electronically submit claims data and health record attachments to payers and Medicare contractors in support of claims adjudication.

These health information handlers also are often called claim clearinghouses, release of information vendors, and health information exchanges. Most also offer electronic submission of medical documentation (esMD) gateway services.

EsMD is still a work in progress, an ongoing experiment spearheaded by CMS to support electronic exchange of information between health systems and Medicare audit contractors. Prior to esMD, providers had just two ways in which to respond to documentation requests from Medicare review audit contractors – mail or fax. EsMD fixed that problem. 

The program has been in effective for more than three years – Phase One went into effect on September 15, 2011. Phase Two will allow providers the ability to receive electronic documentation requests when their claims are selected for review. CMS has yet to launch Phase Two.

To date, tens of thousands of medical records and other health information have been submitted through esMD in response to audit requests. More specifically, though, according to AHIMA, the esMD program directly impacts health information manager professionals. For these folks — who typically pull and send medical records in response to CMS audits — the process can be slow, frustrating, and costly. The esMD program and the health information handler entities that facilitate the record exchange are working to simplify that process, AHIMA states.

The esMD gateway is not set up like a typical website, though. Not everyone who wants to submit information via the gateway can simply jump on, upload files, and press the “send” button. To interact with CMS through esMD, organizations need access to the portal. The gateways are costly to develop and maintain, so hospitals and providers turn to health information handlers to facilitate the exchange process.

Health information handlers build and service an esMD gateway for multiple provider participants and submit electronic documentation on a provider’s behalf. As more providers use health information handlers to simplify their audit processes, electronic health information exchange also will increase in usability.

Documentation requests from Medicare’s audit contractors are the primary requests received by health information professionals. Auditors request additional claims information from hospitals to verify or “ensure” that coding and claims are submitted properly. If claims are coded incorrectly, hospitals must return funds to Medicare. The program was designed to reduce incorrect Medicare payments and to recollect overpayment, identify underpayments by hospitals, and prevent future issues with payments. EsMD supports this effort and enables health information handlers to support the flow of information.

Overall, the recovery program has been a success from the perspective of CMS. Medicare’s recovery auditors returned more than $3 billion to the program in 2013. Providers may disagree, but in the very least they are able to more easily satisfy exchange of crucial information to support their billing practices with Medicare.

From a business and enterprise perspective, the move by CMS to launch the program has meant the growth of a number of health information handler firms that offer a variety of services and skill sets. In addition to providing exchange capabilities, some allow for capture of information, scanning, storage, and transmission in a secure manner. The health information handlers also track data sent and acknowledge and verify that it has been received by auditor through the gateway. Health information handlers are considered business associates of the organizations they serve and are required by CMS to follow HIPAA rules.

According to a Government Health IT piece earlier this year, overall the esMD program is still not streamlined, but there is traction here and despite ongoing setbacks more and more providers are using the program. CMS even reported that more than 500,000 records were sent through esMD in 2013 and more than 30,000 hospitals, physicians, and medical equipment providers use esMD for auditor medical record requests.

Because of the advent of esMD and health information handlers, hospitals and health systems are gaining speed in the processing of their audit documents as well as allow for the exchange of secure information between health system and Medicare auditors. The time saved in responding to the information requests is a huge benefit. There’s also the ability to address sensitive audits rather than sending information through mail or unreliable fax servers. This alone typically cuts down the time required to submit the documents for review and reduce potential penalties.

An example of this can be found at Boca Raton Regional Hospital in Florida. Established in 1967, just five years ago it faced a variety of Medicare audits and penalties. Now the not-for-profit 400-bed hospital is seeing a complete turnaround. 

One significant change is how the hospital now manages responses to Medicare audits. According to hospital officials there, the previous process had been cumbersome and meant printing, sorting, packaging, and mailing documents to Medicare to support claims and to adjudicate their bills. Since one patient record can fill a box or more, hospitals are left paying for all materials, labor, and shipping involved, enormous financial considerations for every organization.

The Medicare audit process has drastically improved because of Boca Raton Regional Hospital being able to submit documents electronically and denials related to untimely submission of records has disappeared entirely. For example, Medicare allows 45 days from the date of request for hospitals to respond, but Medicare still sends documentation requests by paper. Typically, by time the request gets to the proper department in the hospital, more than 10 days has elapsed. Managing the entire process requires a very strict time requirement and hospitals often fail to return records to Medicare on time, which means hospitals can no longer appeal. By automating the process and securely depositing electronic attachments to Medicare’s official information portal, Boca Raton Regional Hospital has prevented the loss of at least $350,000.

There are hurdles to widespread implementation, though, as hospitals resist using the solutions because they’re overwhelmed with current technology. They’re already so invested in other projects that many are unable to see the benefits of bringing on additional solutions and being able to exchange information with CMS. A prevailing thought is that those managing hospital IT departments simply are overwhelmed and growing ever more nonchalant about the idea that technology is going to save them or their employers any more than already has been promised.

In fact, recent reports have begun to surface claiming that CIOs at struggling health systems have little faith that new technologies, on top of recently implemented systems like EHRs, will do much good for them since these other solutions – the EHRs – had such little positive effect on their organizations’ bottom lines. Simply put, they’re sensing a bit of personal doom and are growing tired of all the hype. It’s unfortunate.

Also, for payers, despite the obvious benefits of encouraging health information handler relationships with physicians, esMD and electronic exchange are not a top priority considering all the issues they are managing, not the least of which is the current federal insurance overhaul. Perhaps time will change this, but for the foreseeable future, esMD is likely not going to gain the traction is needs to become an industry standard.

What is fortunate, though, is that service providers like health information handlers are having a positive impact on the healthcare environment and are bringing down some pretty mighty horses while also helping bring about better workflows, improved efficiencies, and increased profitability. Despite the lack of awareness surrounding these healthcare partners and their impact across the sector, many are still unaware of the health information handler’s purpose and the very term by which they are defined.

Lindy Benton is CEO of MEA|NEA.

Readers Write: Innovative Examples of Patient Engagement Programs

Innovative Examples of Patient Engagement Programs
By Zach Watson

For providers looking to increase patient engagement, it can be difficult to distinguish the abstract from the actionable. Patient engagement has become a veritable pillar of new reimbursement models, new government programs, and in some measure, the quality of a physician’s practice.

But will better patient engagement truly reduce the use of medical services? If so, who is finding success, and how?

Patient engagement falls into three broad categories: changing the role of the patient and the patient’s family in the care team, using technology to retrieve information from the patient, and fundamentally altering the environment and manner in which patients receive care.

Let’s examine each of these categories in greater detail.

Patients as Care Managers

At this point, saying the healthcare system is fragmented is a truism. Efforts are underway to improve care coordination through information exchange via electronic health records and other medical software, but many of these initiatives are invisible to patients. Which is to say, they can’t engage with what they can’t use.

Consequently, one of the most effective ways to engage patients is to reposition them as a member of the care team. Instead of the patient playing a passive role in the care she receives, this new model depends on an egalitarian relationship between the providers and patients.

Patients have a large role in the decision making process, and with better information exchange, they can act as the manager of their care plan rather than merely the recipient.

The San Diego-based Sharp Rees-Stealy Medical Centers expertly executed this model in 2013. Following MCG Chronic Care guidelines, the medical group created a multi-disciplinary team that identified high-risk patients for heart failure during their early interactions with the healthcare system and then provided personalized care.

The patients have greater control of the way their care is administered and they don’t have to repeat their diagnosis to different physicians as they move across the continuum of care. The result? A 49 percent reduction in 30-day heart failure readmission rates.

Technology for Collaboration

Patients with chronic diseases consume a disproportionate amount of healthcare resources, but managing these patients can be difficult without adequate technology. That’s why initiatives like the Collaborative Care Network were founded: to help physicians and patients better control the use of acute services.

Founded by a widespread group of pediatric gastroenterologists, the Collaborative Care Network used to be a patient registry where physicians shared treatment strategies and data with patients suffering from rare inflammatory diseases. The network improved remission rates by 25 percent, but the physicians took the program a step further and encouraged patients to contribute ideas for treatment and research they’d like to have done.

Now patients actively share vital sign data and keep their medication doses recorded so physicians can closely monitor outcomes. As of 2012, the CCN boasted roughly a quarter of the US’s pediatric gastroenterologists, and the response rate of patients who received daily messages on their phones was 94 percent.

Care Direct to the Patient

It’s no coincidence that the stress of juggling Meaningful Use and clinical quality measures criteria while keeping a business afloat makes it more difficult for independent physicians to spend the optimal amount of time with their patients. With that in mind, it shouldn’t come as a surprise that a number of physicians — roughly 10 percent — are entertaining a concierge model.

By reserving insurance payments for only acute episodes of care, physicians can charge patients a monthly or annual fee to have access to their services around the clock. What better way to engage patients than by visiting them in their own homes and making sure all their questions are answered before the appointment is over?

The concierge model takes other forms beyond the “doctor at your door” service. The Mayo Clinic recently entered the digital concierge market with its mobile app Better. For about $50 a month, patients have access to video chats with nurses, a symptom-check list that takes into account the patient’s health history, and other healthcare services.

At times patient engagement may seem esoteric, but the truth is that it applies to any instance where the patient can be more empowered in their care. To truly reduce healthcare costs, the system will need to reduce the rate of use. That means trusting patients with greater management of their own care while providing a more unified set of services when patients do need comprehensive medical attention.

Zach Watson is the content manager at TechnologyAdvice.

Readers Write: Fact and Fiction About Anthem’s Breach

Fact and Fiction About Anthem’s Breach
By John Gomez

Anthem has quickly created a surge of inquires across the wire, leaving many CIOs wondering how they can keep ahead of the cyber-security challenges that continue to evolve. I suspect no one is surprised to learn about the existence and extent of the attack on Anthem. More than likely, many in our industry continue to wait for the “big one.” That in and of itself is a rather scary state of affairs. Most of us are not surprised and we don’t collectively believe this is as bad as it will get.

The Anthem breach is an ongoing criminal investigation led by the FBI with the assistance of FireEye and Mandiant, so nobody knows all of the details. As was the case with the Sony Pictures breach, sources will make statements without the evidence that only the FBI possesses. Here’s what we know today.

Anthem reported the breach publicly within eight days of discovery. Approximately 80 million customer and employee records may have been stolen, but the common thinking is that the actual number may be higher and that there is a high probability that other critical data was also compromised by the attackers.

The customer and employee data stolen was complete — name, home address, email address, date of birth, medical history, employer information, family relationships, and much more. That valuable information allows attacks to continue against the individuals whose information was compromised.

The concern with Anthem is that this is a move by a foreign state to amass profiles on individuals and use that information in future operations. That’s one theory, but equally likely is that the breach was profit driven since complete records are worth well over $100 on black markets.

Attribution — figuring out who did it — is one of the most difficult things to do in the world of cyber-forensics. Companies specialize in attribution, but their success rate is low, often less than 50 percent. The amount of computing power, resources, and advanced algorithms required to perform attribution at a higher level of success is mind boggling. While a theory exists as to who carried out the Anthem attack, it could be proved wrong as the evidence unfolds.

Current intelligence points to one of two groups with ties to China — Deep Panda and Axiom. Both groups have previously carried out verified attacks that had sophisticated intelligence-gathering objectives.

Deep Panda has developed a five-year strategic attack plan that includes objectives specifically focused on healthcare targets. Axiom has a specific and focused attack plan that includes government agencies, electronics and integrated circuit manufacturers, Internet-based services companies, software vendors, journalism and media organizations, NGOs, healthcare providers, biomedical device manufacturers, pharmaceutical companies, and academic institutions.

It appears that Anthem may have been compromised by parallel attacks. The first focused on employees with phishing attacks that allowed the attackers to deploy malware via their corporate email accounts. The second attack appears to have been via DNS compromises used to deposit malware.

Credible cyber-security operators rarely call an attack “sophisticated” or “advanced” unless they are trying to make headlines. Anthem’s attackers had a plan, were extremely patient, and were focused on their victim. Their attack was sophisticated and advanced, but due to tactics and practices, not because they used a new generation of attack technology. Anthem was mostly likely beaten by off-the-shelf technology and practices, the same techniques that attackers would use in penetrating any healthcare organization.

The preliminary investigation suggests that Anthem’s attackers used malware known as Poison Ivy or HiKit or some combination or derivative of those tools. Both malware applications are attributed to Chinese developers. Steps can be taken to determine whether an organization has been compromised by those tools, and if found, a cyber incident response team should be contacted immediately.

Anthem was tested for exploits by attackers over months or even years. Its employees fell for a phishing attack that compromised their machines. In parallel, perimeter systems were also compromised. Malware allowed the attackers to monitor network traffic, take over webcams, and capture confidential date over a long period. Some believe that Anthem was an attack pivot from which its clients or vendors could be compromised.

I suspect that we will learn that Anthem also had weak passwords (fewer than 15 characters), didn’t use dual-factor authentication, relied on third parties for DNS, and very possibly had its supply chain compromised.

Company executives can miss a few quarterly financial goals, run late on a few initiatives, and even run over budget a couple of times. But if they have a major breach, their career is over. Target’s CEO resigned after its breach and just last week the top film executive at Sony Pictures stepped down. I suspect we will see something similar at Anthem.

There is a saying in special operations: don’t be that guy. Don’t be the person who takes the easy road or embraces mediocrity. Get  mad and assertive about cyber-security. Rethink vulnerabilities, test systems, learn what you don’t know, share information with the community, and become vocal.  We have a choice — we can either wait to be attacked or we can decide that enough is enough.

John Gomez is CEO of Sensato of Asbury Park, NJ. Intelligence Analyst Laura Walker contributed to this article.

John will host a free, HIStalk-sponsored Q&A webinar on the Anthem breach on Friday, February 13 at 2:00 p.m. Eastern. 

Readers Write: Paving the Way for Patient Voice at Health Industry Events

Paving the Way for Patient Voice at Health Industry Events
By Simone Myrie
@MyrieTash

There is a revolution happening in healthcare. Once willing to accept their role as passive recipients of healthcare, patients are increasingly being recognized and acknowledged as consumers of healthcare.

What do I mean by this? Individuals are taking on the responsibility of shopping for their own healthcare and purchasing technology to help them better manage their health. Additionally, policy changes are propelling the shift towards consumer-centric care delivery. More emphasis is being placed on reimbursement for patient satisfaction, value-based care delivery, and increased information sharing and communication with consumers.

If health industry leaders want to rethink their approaches in response to this shift, they need to make sure they have truly engaged patients — now consumers – well represented at their major conferences and being included as active participants in the conversation about healthcare. Arguably, HIMSS is the biggest annual health conference in America. I applaud the Walking Gallery for partnering with HIStalk to sponsor a patient scholarship competition to allow for more patient attendance at HIMSS15.

Patients and their caregivers have long shouldered the responsibility of managing their health outside the four walls of the care setting. They have a wealth of information and are stewards of that information, a role that is mutually beneficial to providers. Technology is also changing the way they track, manage, and share their health information.

We know that today, 21 percent of Americans are using technology to track their symptoms. We also know that 58 percent of consumers are more likely to stay with their providers if they offer online access to their clinical health information.

Giving individuals access to their data will be critical in the more competitive, value-based healthcare system of the future. This is why the Blue Button Initiative continues to remind health industry leaders that patient expectations are changing. They want to collaborate more and are activated and engaged in ways we’ve never previously seen.

More people than ever before – regardless of pre-existing conditions or employment status – are gaining access to affordable healthcare, largely because of the Affordable Care Act. The latest numbers report 9.5 million Americans have purchased health insurance through the health insurance exchanges. More importantly, much like any other purchase that they would make, consumers are demanding choice in healthcare.

To meet that expectation, HHS has reported that over 90 percent of consumers will be able to choose from three or more issuers on the exchanges, up from 74 percent in 2014. Consumers can also choose from an average of 40 health plans for 2015 coverage, up from 30 in 2014 based on data at the county level.

With the expanded pool of Americans gaining access to healthcare services, health plans now have to rethink their marketing strategies so that they appear attractive to a new group of stakeholders beyond employers. They now have to sell themselves to individuals, a historic change in the system.

While healthcare leaders convene to talk the latest in care delivery — or better yet, patient engagement — it makes sense to have more consumers present contributing to the dialogue about them. Unfortunately, these conferences often prove to be cost prohibitive for the average individual. HIStalk and the Walking Gallery are leading by example with the latest patient scholarship competition. I suspect they will see a large group of applicants.

Given the crucial role of the individual in the new healthcare system, I hope that more patient scholarships will become the norm at every health industry conference. In the discussion of how to take healthcare into the future, we can’t afford to miss the individual consumer’s voice.

Readers Write: Top Technologies in Private Practice for 2015 and Beyond

Top Technologies in Private Practice for 2015 and Beyond
By Arman Samani

As we enter into 2015, healthcare is entering an era where it must compete for the patient’s time and attention. Mobile and cloud computing are now pervasive enablers of other technologies that physicians can and should be leveraging. Mobile and cloud are attributes of other technologies rather than a technology or trend themselves.

As payment reform is progressing and we are switching from fee-for-service to fee for value models, it is critical that private practices take steps in 2015 to prepare for this new reimbursement model. This preparation will steer practices toward doing the right things for their patients as well their businesses. Practice management, EHR, patient relationship management, actionable analytics, and interoperability are broad categories that a private practice should evaluate carefully to be prepared for long-term growth.

Health watcher technologies are enablers of proactive patient engagement. According to the recent IDTechEx report on the wearables market for healthcare, the market is projected to grow from $14 billion in 2014 to more than $70 billion in 2024. This booming market is an opportunity for physicians to shift into the role of “health watcher” for their patients. The industry can no longer function in reactive ways to patients initiating visits. Both Apple and Samsung have introduced health tracking frameworks and data repositories in their mobile devices, and as a result, consumers will soon be wearing devices such as Apple Watch and Samsung wearables.

Not only can someone track how many steps or even floors they have walked, but health statistics like heart rate and blood pressure can be measured. Private practices should think about integrating this patient base data into their EHR in order to provide proactive and preventative actions to their patient population. Not only is this the right thing to do for the patients, it increases the practice revenue, enhances reputation, and decreases healthcare costs. While appointment reminder technology is now mainstream, health reminder communications such as email, text, and phone calls will be become mainstream in 2015 and beyond.

With the rise of mobile computing, convenience will be an important factor. A 2014 study from Manhattan Research found two in five physicians agreed that using digital technology to communicate with patients will improve patient outcomes. Starting January 2015, CMS will start paying for chronic care management, wellness visits, and psychotherapy services. The telemedicine cash business has been growing for a few years and now that CMS has expanded reimbursement for telemedicine, private practices need to start putting business processes and technologies together to take advantage of this growing market and offering a convenient way for their patients to save time and get readily accessible preventative care.

With industry regulations such as ICD-10 imminent, practice management software has to be ready to support the increased complexity in coding. However, the effects of an expanded code base aren’t all about technology. Patient visits and the associated workflows, from the moment a patient arrives through to receiving a claim payment, need to change in fundamental ways. The questions that are asked and data that is collected right at the point of care are also affected. Practices need to stop thinking of coding as data entry and make it a proactive process that happens in real time. Practices that don’t plan for this shift may see a rise in claim denials — the aftermath that creates may overwhelm staff and burden the business. Practices should do ICD-10 risk assessment now.

With cloud technologies, big data is no longer only for large health systems. From patient health monitoring to quality measures, accounts receivable and payer reimbursement, and more should be provided in easy and actionable analytics. In addition to actionable analytics for the different aspects of business, it is important to benchmark a practice against other practices or the industry as whole. Otherwise, a practice might never know how well it is doing and what new goals should be set. Benchmarking tells the practice manager where their business stands compared to other practices. It helps answer questions such as how much the practice is getting paid relative to other practices and if it needs to start collecting more for certain services. Analytics can measure these factors relative to the practice’s goals and in comparison to other practices. Benchmarking is complex and time consuming, but cloud providers of EHR and practice management technologies are especially well positioned to provide these benchmarking services.

Practices are overwhelmed with data and technology providers need to move beyond providing dashboards and monitoring trends. Big data must now be a driving force for actionable alerts that trigger automated staff or even patient actions. Physicians might be asking what treatment plan or medications other doctors are prescribing for the same diagnosis. Analytics data can help with matching up patients who share the same condition so they can compare notes and even create support groups.

All practices play a role in the healthcare ecosystem. Most practices receive patient referrals from or give patient referrals to other practices or care settings. It is important to have seamless transition of care among entities to save time and money and provide patients with excellent and convenient service. Interoperability will enable sending and receiving summary of care documents and other necessary information about the patient care continuum. Interoperable systems will be able to store patient information such as discrete data points within the EHR automatically. This will allow practices to not have to ask the same questions from patient multiple times and will expedite care, increase care quality, and decrease costs by avoiding unnecessary procedures and tests.

The pace of innovation in healthcare has immense potential to advance the quality of care in 2015 and beyond. Smart practices need to prepare and adopt for upcoming healthcare reforms and provide proactive preventative care for their patients. This is not only good business but also the right thing to do for the patients and communities.

Arman Samani is CTO of ADP AdvancedMD of South Jordan, UT. 

Readers Write: EHR Ease of Use is Not Easy

EHR Ease of Use is Not Easy
By Lee Farabaugh

Usability shows no signs of losing its luster as a buzzword in health IT. Coverage of a usability collaborative involving the efforts of the Electronic Health Record Association, the American Medical Association (AMA), and the American College of Physicians to improve user-centered design of EHRs in the context of the Meaningful Use program has certainly escalated. I

It’s no secret that EHR usability is, generally-speaking, pretty abysmal. There are standouts in the realm of interface design excellence – think of the award-winning PracticeFusion and athenahealth. But the overwhelming response to EHRs from the physician community is a groundswell of complaints over poor design, longer patient encounters, time-consuming documentation, and slow information retrieval response time.

The AMA recently published an article entitled “Improving Care: Priorities to Improve Electronic Health Record Usability” that identifies eight EHR usability principles, including supporting team-based care, promoting care coordination, and reducing cognitive workload through a user-centered design (UCD) approach. But even the AMA admits that while “some vendors have implemented user-centered design … their results have been inconsistent and many other vendors have not [even] implemented UCD.”

Apparently it’s not as simple as just applying the UCD process of user research, iterative design, and usability testing to the field of EHR design. Mary Kate Foley, VP of user experience at athenahealth, perhaps says it best: “Our industry has been talking about EHRs for years now, and if it were simple to make EHRs easy to use, we’d be done by now.”

EHR interface design is still subject to the design choices of individual interaction, visual, and user experience designers. While we’ve become used to the new flat UI convention on our iPhones, the vast majority of EHRs still look like snapshots from the past. In short, we don’t typically look to EHRs to be on the cutting edge, whether in terms of visual design conventions or adherence to UI design best practices.

The AMA calls for “the development of a common style guide – designed through collaboration between physicians and vendors – so physicians who practice in different care settings can move from one EHR to another.” But it’s not just physicians who stand to benefit. This type of common design framework frees organizations to make changes to their toolset because they don’t have to fear a steep learning curve for providers on a new interface.

How can we as designers support these efforts?

• Remember that EHR design affects not only physicians, but patients, too. Patient tools, while separate from the EHR itself, both push information to and pull information from the EHR, making patients de facto EHR users by default.
• Acknowledge existing efforts to reach a common design language in EHR interface design. Juhan Sonin, Jeff Belden, and Catherine Plaisant, among others, have created a nice start towards an EHR style guide for the industry at InspiredEHR.org. Their work includes medication lists, allergy lists, and drug alerts.
• Continue to push forward with additional design patterns. One area where common design vocabulary is needed is the patient banner. EHRs should employ common conventions for elements such as patient name, gender, date of birth, allergies, etc. that typically appear in this space, and balance information communication with respect for screen real estate.
• Educate our colleagues in industry about the importance of understanding and designing for the way real humans think and work. In my course on user-centered design for healthcare at UAB’s Masters Program in Health Informatics, my students (nurses, business analysts, and EHR vendors) are learning about how humans process information, think irrationally, and act according to behavior patterns that point the way towards more intuitive design.

EHR usability isn’t easy. It involves a complex interplay of care teams, workflows, the legacy of paper charts, and the promise of a design language we can all speak. But the need is real, and as the focus on “checking the box” for MU fades away, we’ll get down to the real business of not just using EHRs in a meaningful way, but in a delightful way.

Lee Farabaugh is chief experience officer at PointClear Solutions of Atlanta, GA.

Readers Write: EHR Go-Live Activation – Big-Bang or a Phased Approach?

EHR Go-Live Activation – Big-Bang or a Phased Approach?
By Zack Tisch

After completing the RFP process and determining which vendor and products will be part of the implementation, the real fun begins. Should the organization deploy this change in a single event — typically referred to as a big bang go-live –  or would a methodical, phased approach be a better fit?

At first glance, a big bang can feel aggressive, particularly in a healthcare environment where risk can mean significant consequences, not only to organizational financial health, but potentially to quality and patient safety. This surface analysis can be, misleading however, and more detailed consideration often reveals challenges to a phased approach that can be even more significant, particularly for multi-hospital organizations that may be on different core clinical or financial software platforms. The following considerations are a start to determining which approach may be best for a given organization.

Carefully categorizing likely risks and how to manage them is a major factor in determining a go-live activation approach. A successful go-live is one where known risks are decisively and quickly managed and unknown risks are quickly analyzed and attacked. Both activation approaches can be equally successful, but there are specific tasks and processes that should be put in place prior to go-live to help support the approach.

For example, with a big-bang go-live, technical considerations become primary due to the volume of users and equipment that will be interacting with the system at the same time. Is security configured correctly? Can all users log in? Have they verified this in the production environment prior to go-live? With a phased install consisting of a smaller initial pilot, security, login, printing, and hardware issues may not be as pressing.

On the other hand, with a large-scale big bang featuring potentially thousands of users and workstations, the first few days or week of go-live can easily be spent just resolving technical issues that could have been sorted out with a thorough pre-live plan. This is a known risk and I would strongly advocate as much testing in production with real hardware and actual end users as possible, regardless of the chosen go-live approach.

Outside of technical issues, another key risk for most EHR go-lives is operational change and how well clinicians, front desk, and back-office staff accept and adopt the new workflow changes and tools. With a phased install, there is the luxury of being able to portion this change over time, reducing end-user anxiety and the amount of information they need to process and retain from training. However, one major drawback is that with a phased go-live, there will often be interim workflows, requiring end users to learn a new process and then unlearn aspects of that process shortly thereafter.

One key area in the organization to evaluate for potential risks is physician coding, particularly on the outpatient side. Physician coding is a highly integrated process, beginning with appointment scheduling and patient registration through clinical support staff rooming, physician documentation and order entry, charge generation, coder review, and ultimately claims submission. When implementing a new system, it is important that there is clarity and consistency on who is performing what task, particularly for the charge generation and coding review steps.

Will physicians or clinician support staff be entering or reviewing charges? What about evaluation and management (E & M) codes for level of service? How do coders work with providers to get clarity or update documents? When considering a phased approach (as an example, bringing outpatient clinical modules live prior to a separate billing go-live), will these workflows change? Each change to this workflow introduces key elements of risk, primarily of missing or delayed documentation and charges. This is an area that can quickly spiral out of control, and if not well understood and managed prior to go-live, can lead to significant financial risk for an organization, which unfortunately seems to dominate headlines, rather than the many highly successful projects.

My suggestion would be to take the time to perform a detailed risk analysis or partner with industry experts to assist with this. Also, work closely with organizational senior leadership to evaluate the benefits of having a phased install versus a big bang. Going through this process in the past, I have seen highly risk-averse organizations that initially wanted to move forward with a very phased install transition to a big-bang approach because the interim workflows and frequent system changes of a phased approach posed a higher risk of failure.

Another key factor to consider is the current state of the legacy EHR data. If the health system has multiple ADT or EHR systems, with multiple patient MRNs, a phased go-live can be much more difficult. A detailed analysis and thorough testing of how this will impact your downstream systems must be performed. One of my clients who had two separate clinical and registration systems initially desired a phased approach. However, upon further analysis, there was significant crossover for orders and results between the two. As a result, it would have been extremely difficult to keep all systems in sync. While the new EHR could handle these multiple MRNs, a number of key integrated systems could not handle interfaced merge messages or multiple patient identifiers. We would have had to pursue a major parallel project to implement an additional patient identity management application or merge and update MRNs across the entire organization.

One other example that is often identified late or overlooked is the ability for a new system to run alongside the legacy system during a phased install. There are often significant compatibility issues between vendors related to the versions of Internet Explorer, Java, and other critical Windows / Web architecture components necessary for a system to function correctly. With a thin client deployment, it may be possible to get around this with separate setups on the individual servers, but this is not always possible.

Lastly, as someone who has experienced many implementations in a variety of roles — from analyst through project leadership — I would highly advocate considering the health, effectiveness, and well-being of the project team as it relates to the go-live approach. These implementations are challenging, requiring significant hours and brainpower, often well above and beyond a 40-hour work week. With a big bang go-live, the team has a single mission and a single event. Team members can see the light at the end of the tunnel and this is particularly critical as they work through the challenging build completion and testing phases of the project. Having an event to rally around can be significant for motivation and keeping everyone on the same page.

The downside is that one large go-live means only one chance to get it right. This can introduce significant anxiety, particularly for team members who have not previously worked on a similar project. It’s important for leadership to direct time and energy with the project team and end users to understand why a big-bang approach was selected and the significant steps and thousands of hours of hard work the team is putting in to ensure the go-live will be successful.

The benefit of a phased approach is each individual go-live is more approachable for the project team. The smaller scope and scale makes it easier for team members to wrap their heads around the effort and the amount of support required for the go-lives to be successful. However, by having multiple go-lives, the team now has to get up for more “showtime” events and more weekends and late nights performing pre-live cutover and go-live support. It can also make it more difficult to define when the project can be considered a success.

It is especially important to limit the number of phases and space them out appropriately. If they are too close together, it can feel like one very large and extended go-live, particularly if the initial phase is challenging and it is difficult to stabilize and move to support on time. I’ve also seen challenges where go-lives are spaced too far apart, and the project team and end users have become apathetic. If the amount of change at any one time is too little to be felt broadly across the organization, or too spread out, it can become difficult for staff to understand the benefits from the project and why the organization undertook this significant and expensive process. If choosing a phased approach, work carefully with the project team and vendor to make sure there is a realistic timeline with enough time between phases to appropriately stabilize and shift focus.

These considerations are just a small subset of the topics that are critical to discuss with the leadership team when deciding on a go-live approach. There are benefits and drawbacks to both approaches and one size certainly does not fit all. With appropriate foresight and planning, either approach can be highly successful. There are a multitude of expert resources and organizations that can share lessons learned to help follow in their footsteps.

Zack Tisch, PMP is director of strategic solutions with Nordic Consulting Partners.

Readers Write: Information Blocking: Don’t Blame the EHR

Information Blocking: Don’t Blame the EHR
By Michael Burger

Healthcare IT seems to be getting some attention in Washington these days, and not necessarily in a positive way. As a case in point, a statement which affects healthcare IT was included in an explanatory statement by the chairman of the House Committee on Appropriations regarding the house amendment to the recently passed government spending bill.

Information Blocking. The Office of the National Coordinator for Health Information Technology (ONC) to use its authority to certify only those that … do not block health information exchange. The agreement requests a detailed report from ONC … regarding the extent of the information blocking problem, including an estimate of the number of vendors or eligible hospitals or providers who block information.

This is clear evidence that Congress is frustrated by the relative lack of data exchange despite an investment of $30 billion for healthcare IT. As the explanatory statement states, “ONC should take steps to decertify products that proactively block the sharing of information because those practices frustrate congressional intent, devalue taxpayer investments in CEHRT, and make CEHRT less valuable and more burdensome for eligible hospitals and eligible providers to use.”

No question, information blocking is a significant factor in the lack of data exchange. It is appropriate for Congress to expect a return on taxpayers’ investment. What concerns me is the prevailing but erroneous perception that EHR vendors have conspired to block information.

In the nascent HIT business of 20 years ago, there was a notion of a “closed system,” where data was only accessible by those using that system. In those days, the closed system was certainly used to sell additional software by controlling the flow of data. That business model was ideal for a marketplace many years ago with few competitors and no real demand for interoperability.

However, such a strategy no longer exists in today’s HIT marketplace, if for no other reason than to meet the certification requirements for Meaningful Use (MU), EHRs must be capable of interoperability with other EHRs. A claim that a company’s EHR “doesn’t work well when you mix and match vendors” would not be a smart selling tactic, since it openly defies the very premise of MU and because there are many, many competitors.

There are fees from EHR vendors for interoperability, data extraction, and conversion from one system to another. These cover the vendor’s cost to do the work plus a profit margin. (Let us not forget that these are, in fact, for-profit businesses.) While the marginal cost of extracting the data may be small, it is not a provider’s inalienable right to have their vendor provide services for free.

One form of information blocking is called a “walled garden.” In Joel White’s recent blog post regarding Information Blocking, he says, “Information blocking [in a walled garden] occurs not because different technologies or standards prevent data transfer between EHRs, but because EHR vendors or health care providers engage in this activity as a business practice. This is not a technology problem, but a competition one.”

I disagree that EHR vendors in recent times conspire to strategically erect walled gardens, but I do see that healthcare providers routinely engage in this activity as a business practice. The following example illustrates my point.

Let’s say that there are two integrated delivery networks (IDNs) in a given market. Each IDN has acquired ambulatory practices and positioned itself to be able to offer a full spectrum of care, from pediatrics through geriatrics. Each advertises to their potential customers (patients) that they offer the highest quality, most convenient care in town. There is a competitive and profit incentive to keep patients within the network.

Now let’s say a patient is treated at IDN A and then receives treatment at IDN B. From a public health perspective, the patient’s records should flow from one to the other. But from a business perspective, there is no incentive in making it easier for a patient to go out of network and seek treatment at the other IDN. All IDNs use EHRs that are capable of exchanging clinical data in some capacity, but they do so grudgingly because of competitive concerns.

It’s appropriate for Congress to expect a return on our $30 billion healthcare IT investment. It’s refreshing to see that the authors of the spending bill understand the existence of information blocking. Let’s hope, however, that our new Congress doesn’t take the easy way out and blame EHR vendors for this phenomenon when it is really a result of competition of healthcare providers in the free market.

Michael Burger is a senior consultant with Point-of-Care Partners of Coral Springs, FL.

Readers Write: Oh, To Be a Dog in Boulder

Oh, To Be a Dog in Boulder
By Bonny Roberts (and Juneau and Lily)

I adopted my standard American bulldog, Lily, from the Humane Society of Boulder Valley (HSBV) about two years ago. Due to her excessive and exuberant tail-wagging that resulted in a chronically open wound at the tip of her tail, we decided that, while the burgundy, Jackson Pollock-esque wainscoting that now decorated our home was provocative, we needed to dock Lily’s tail.

HSBV’s veterinary clinic agreed to do the procedure “at cost” since she had so recently been adopted. The bill was $300. Since that experience, I have taken both our dogs to their veterinary clinic for annual checkups and emergent needs. The staff is friendly and responsive and the veterinarian has a strong bedside manner and always calls post-procedure. 

My other dog, a Siberian Husky named Juneau, required two surgeries in 2014 to remove mast cell tumors, the first near her shoulder, the second on her hip. The latter healed poorly based upon its location and required both an after-hours urgent care visit and one additional “observation day” at the clinic. I paid for everything out of pocket – prep, anesthesia, supplies, vet time, OR time, meds, the “Cone of Shame,” recovery time in post-op, urgent care, observation day, suture removal. The total was $875, not to mention the complementary pedicure they had given her while under anesthesia. 

A couple of weeks ago, the HSBV veterinary clinic sent me a link to a Pet Portal. After an easy enrollment process –consisting mainly of creating a login id and password, I instantly had access to both my dogs’ vaccination, visit, and medication history. I also had the option to:

• Set alerts and reminders for vaccinations and appointments (medical management).
• Join community groups (social).
• Read care guidelines on everything from behavior and aging to safety and disease (education).
• Review diet details, if applicable (education).
• Create a customize care instruction document, which after investigating in detail, could only be compared to discharge instructions inclusive of a pre-populated med list and exercise routine (care transition).
• Complete a customer survey (satisfaction and quality improvement).
• Schedule our next visit based on visit categories, such as vaccinations, sick exam, follow-up, blood work, etc. 

I couldn’t help but compare my own lack of portal access with my primary care provider or the fact that my children’s pediatrician used to charge to fax over immunization records. If only I were a dog in Boulder County, my information would be far more accessible. 

Interesting facts about the Humane Society of Boulder Valley, a non-profit facility based in Boulder, Colorado:

• HSBV is a no-kill, or live release, shelter that also offers behavioral training and medical services to stray and relinquished dogs and cats.
• On average, dogs are adopted in seven days, cats in 12. In 2013 alone, they facilitated 5,698 adoptions. The relevance to this volume is that according to their annual report, “Medical rehabilitation mends the bodies and spirits of more than 40 percent of the animals in the shelter annually. In concert with our medical care, we are dedicated to the mental health of our animals as well. Techniques and protocols developed at our facility are now being used by shelters to save more lives all across the country.”
• The HSBV has ~700 volunteers and each dog gets three walks a day, while each cat is played with or stroked four times a day.
• Fifty percent of the organization’s income comes from investment and trust income and contributions, with 55 percent of that going to healthcare for the sheltered animals

While this study and comparison is apples to oranges on many levels, I do think there is relevance and value to the comparison. What can we learn from organizations serving other verticals with similar missions, much like we do with foreign healthcare systems? In addition, I am convinced that the innovation and technology we have developed and are promoting here in the US has incited progress and more encompassing services to meet the holistic needs of more than just humankind.  Here is to small victories. 

Bonny Roberts is director of sales operations for Aventura of Denver, CO.

Readers Write: Death to the Dinosaurs! DRGs and the Legacy of What it Means Under the Affordable Healthcare Act

Death to the Dinosaurs! DRGs and the Legacy of What it Means Under the Affordable Healthcare Act
By Matthew B. Smith

You could really also call this piece “History Repeats Itself.”

For those of you who recall the reimbursement transformation of the healthcare industry from a cost-plus formula (no institution in the field lost money under this approach) to the DRG Era (October 1983), life is about to repeat itself.

Payment caps were placed on 466 diagnostic and therapeutic procedures based upon the type and place where a procedure was performed. The Old Guard of Dinosaur Hospital Administrators couldn’t adapt and the nearly 6,000 U.S. hospitals at the time underwent a financial operation that affected their health.

Prior to the enactment of the federal regulations, less than 1 percent of all inpatient facilities (which funneled about 80 percent of all healthcare dollars) were in financial straits. Within seven years, well more than half were suffering asset declines and nearly 20 percent were facing cash flow dilemmas that threatened their very existence as going concerns. New York State had more than half its hospitals in financial difficulty.

A new breed of administrator — drawn from outside the industry, by and large, and with MBAs, not the soon-to-be outdated MHA — had to find their way into the industry (along with substantially larger salaries and performance structures) to reformulate how these institutions play the game.

Now the Affordable Healthcare Act (AHCA) portends yet another drastic (read: draconian) change to our beloved industry. The current crop of dinosaurs will need to be replaced yet again.

The AHCA will drive reimbursement towards direct links with patient outcomes and be a distinct report card on the deliverers of care. Penalties for not achieving population catchment healthcare levels (too many readmissions; too many specific conditions with below average status; higher costs per unit of service relative to the patient’s achievement level; mistakes in medication administration; higher than normal nosocomial infection rates) will cause the bottom 3 –5 percent of providers to lose payments and have it redirected to the top 3-5 percent. This is a “taking from Peter to pay Paul”* concept so that net/net healthcare payments are flat.

The ability to achieve this and measure it so that it can be implemented (along with the other AHCA factors that are mandated) will give rise to a new healthcare administrator extremely well versed in IT and data accumulation and farming the data. The accent on secured and incontrovertible healthcare information adhering to the concepts of confidentiality, integrity and authenticity (CIA) to make an institution’s case will demand new management with a decided proficiency in not only amassing, but organizing and clinically and financially proving that the provider organization has successfully delivered care.

Failure to be a top performer or even a middling-level participant will have excruciating financial impact as it did when DRGs came into effect. These new breed leaders will look at industry and non-industry solutions to accumulate and manage the massive amount of data that the HITECH Act is encouraging. The New Breed will master it as other industries have shown they can, but the healthcare field will, once again, be strewn with the fossils of dinosaurs among providers and vendors who didn’t listen to the changing reimbursement and care outcome winds that are blowing.

*For those of you not familiar with the origins of this phrase, it arose when the Church of England separated from the Roman Catholic Church and the English King (Henry) levied taxes on the Cathedral of St. Peter (Catholic) in London to pay for the construction of the Church of St. Paul (which Henry headed as the Church of England) also in London.

Matthew B. Smith is president and CEO of SecLingua of Shelton, CT.

Readers Write: Leveraging Technology to Create Payer-Provider Collaboration

Leveraging Technology to Create Payer-Provider Collaboration
By Andrew Underhill

Although providers and payers play a critical role in elevating US healthcare, these two entities have not traditionally worked collaboratively, especially when it comes to sharing information. Up to this point, the two groups have shied away from exchanging data, with providers holding on to patient clinical information and payers protecting patient financial information. However, the walls are slowly but surely coming down as more providers and payers begin to partner in delivering accountable care.

There are both operational and patient care benefits to smoother provider-payer information exchange. For example, when providers are given access to claims data, they are able to garner a more longitudinal perspective of the patient’s health and treatment to date. This enables more informed care decisions and also reduces the likelihood of duplicative or unnecessary tests. It also limits the reliance on patient memory and perspective, ensuring care decisions are based on facts rather than educated guesses.

On the payer side, having access to clinical data allows the organization to adjudicate claims more effectively, improving efficiency and ensuring the most appropriate care for members. Clinical data also helps payers proactively manage their members’ care rather than responding to issues after the fact.

Despite the advantages, there are some significant roadblocks to payer-provider information exchange. Although some would suggest technology shortfalls have been the primary hurdle, it is the business barriers that present the greater obstacle. Providers in particular have been hesitant to share data with payers because it includes competitive and pricing information they would prefer to keep internal. Moreover, some physicians are concerned that making this kind of data available to payers may open the physician up to criticism on how he or she treated the patient.

To reap the benefits of information exchange while still acknowledging provider and payer qualms, organizations should take a well-considered approach to any data sharing arrangements. Following are a few tips to ensure these agreements meet all parties’ goals.

• Appoint an advocate. To truly realize provider-payer data exchange, organizations must have an advocate who will push the idea forward and raise awareness of the strategic, financial and patient care benefits.
• Develop a strategic roadmap. The advocate should work closely with organization leadership to identify the business drivers for data exchange and craft a strategic plan to lay the cultural and operational groundwork. Basically, this plan should be a roadmap that underscores the importance of provider-payer information sharing and defines how to achieve success.
• Establish trading partner agreements. Before actually exchanging information, providers and payers must set up trading partner agreements that define the types of data to be shared, the appropriate data-sharing standards, and how the data will be used. This should be a customized agreement that reflects the unique needs and characteristics of the institutions involved. By setting the parameters upfront, both parties can be confident any data exchange will meet their needs and not violate internal strategic goals.
• Define an exchange framework. Once organizations have a forward path, they can search out solutions to enable seamless information sharing. Providers and payers may want to consider using health information exchanges—such as those provided by the state or a local entity—to securely share data. A commercial product that facilitates payer-provider information exchange can also be a good option.

Greater transparency will ultimately drive better healthcare, and a key to transparency is robust data exchange between providers and payers. Organizations that embrace this idea now can be on the forefront of collaborative care, improving the patient experience and driving better health outcomes.

Andrew Underhill is a chief technologist at Systems Made Simple of Syracuse, NY.

Readers Write: The Eve of War

The Eve of War
By John Gomez

Steve Lewis arrived at his office at 7:03 a.m., draining the last remains of his grande mocha as he finished chewing on his blueberry scone. These were his last few minutes of peace before the day started. He did all he could to savor them as his laptop booted. He began the login to his corporate network.

Username:
Password:

WHAT THE HECK?

There on the screen in front of him was an image a red skeleton and the words “Hacked by #GOP.”

Steve pressed Escape, F1, ALT-TAB, CTRL-ALT-DELETE. Nothing. The skeleton just starred back at him. Power off. No luck — the skeleton remained. He closed the laptop and opened it. The skeleton was still there.

The sudden ringing of the phone made Steve jump. He noticed that every line on his phone was lit up with inbound calls. He randomly choose one and answered, “Sony Pictures network support, Steve speaking …”

Steve would handle hundreds of calls that morning, as would his colleagues. Everyone reported that their computer bore the image of a skeleton. Within minutes, word had spread across the corporation of the computer attack.

Managers scrambled to calm employees and asked them to remain, though many decided to take immediate time off as they didn’t feel safe. If you were to have asked Steve’s colleagues that morning, not one of them would have said, “I feel safe and secure.” 

In the coming days, Sony Pictures executives would make a gutsy choice and agree to the demands of the company’s attackers. Meanwhile, several hundred miles away, members of the Department of Defense Cyber Command were spending their time analyzing cybermunitions and strategies to provide the President of the United States with options in the event he ordered cyberattack on North Korea.

As the dawn of 2015 appears on the horizon, the United States is poised to engage in the first cyberwar in the history of mankind. If there is any irony to all of this, it would be that it all reads very much like a Tom Clancy script. Unfortunately, all of the events and the situation we find ourselves in as the year comes to an end are all too real.

The attacks on Sony Pictures by North Korea are interesting. Studying what happened is critical to protecting our own infrastructure and systems. The key takeaways are that although the attacks were not sophisticated or highly technical, the strategy by those who executed the attack was advanced.

We now know that Sony was being probed and scanned for months, with the sole purpose being to gather massive amounts of intelligence that could be used to formulate escalating attack strategies. We also know that as a result of this intelligence gathering, the attackers were able to carefully and selectively control the attacks and the resulting damage.

We should also keep in mind that since the attacks themselves were not highly advanced, it does show that the use of proactive security hardening measures could have helped Sony minimize or defend against the attacks.

What do we do now? We as an industry and nation have never had to prepare for a cyberwar. The battle is now all of ours. The actions we take in the coming days and weeks will be critical to how we navigate and survive whatever may occur on the cyberfront.

The top three targets for cyberterrorism and warfare are finance, utilities, and healthcare. Attacking any of those areas creates extreme consequence to the citizens. Of the three, the most damaging would be healthcare. The worst case would be affecting patient outcomes in some form or manner. In my eyes, this could be done.

My prescription is as follows.

Top-Down Education

Educate the C-suite and board of directors to provide clarity in terms of what occurred and the reality of the attack types and strategy. Clarify the resources and support needed to harden systems.

Little Things Matter

The technically simple attacks on Sony were effective because Sony didn’t do the little things: using old technology like Windows XP; not enforcing security policies or policies, and giving in to the screaming user or privileged executive while compromising the overall welfare of the organization.

Holistic Approach

Fight as a team. Cyberattacks aren’t about singling out one system. They involve finding a vulnerability anywhere and exploiting that for all it’s worth. If someone can exploit security cameras to gather compromising information that leads to greater exploits, they win. Think of the entire organization, physical and digital, as a single entity and then consider the possible risks and threats. What if someone shut down the proximity readers? What if they disabled the elevators? What if biometric devices or medical devices running Linux were infected with malware?

Monthly War Games

This is a fun way to build a security-minded culture. Once a month, gather the security team (which should represent the physical and digital world) and start proposing attacks and how the organization would respond or defend. Invite someone from outside.

Fire The Professionals

Organizations rely on those who help them feel good by saying all the right things – clean-cut consultants with cool pedigrees and fancy offices. Those might be the right people to review financials, but for security, look for crazy, go-for-broke, “been there, done that” people. The ones who make you a little scared when you meet them that maybe they bugged your office while you stepped out for a minute. When it comes to testing systems and infrastructure, be liberal with the rules of engagement and highly selective in who to engage. Get someone who makes everybody uncomfortable but who can also provide guidance.

Admit You Need Help

For most people, cybersecurity is not something they do day and night. Even a dedicated team won’t see everything outsiders see because they are exposed only to a single organization. Consider getting help from people who do this every second of the day, regardless of if the help entails remote monitoring, managed services, surprise attacks on a subscription basis, or delivering quarterly educational workshops. The SEAL teams of cybersecurity exist.

Education Matters

Cybersecurity education is as critical as that for infection control and privacy. It could be that last line of defense before becoming the next Sony, Target, Kmart, Staples, or Sands Casino. Also consider providing ongoing education for the in-house technologists.

Integrate Business Associates

Don’t let business associates do whatever they want. Set standards and insist that they be followed. Minimize shared data with them, enforce strong passwords, require surprise security assessments, and get the board and C-suite to understand that they are the weakest link.

The Technology Vendor Exposure

Hardware or software doesn’t matter — most vendors do not design or engineer secure systems. Not because they don’t want to, but they overlook things when trying to get hundreds of features to market and dealing with client issues and priorities. Not to mention many of today’s HIT systems were designed and developed decades ago, well before the words “buffer overflow”, “SQL injection,” or “cyberwarfare” were known. Push vendors hard to demonstrate how they are designing and developing highly secure systems that keep customers and patients safe and secure.

Security Service Level Agreement:

Do this is nothing else – it will make sure the other stuff gets done. Set a clear and aggressive Security Service Level Agreement (SSLA). This should be a critical success factor that holds the CIO, CISO, COO, and CEO accountable. Defining what is part of the SSLA should be a joint venture between the C-suite and the board, but it should clearly dictate the level of security to be maintained and how it will be measured.

These aren’t earth-shattering suggestions. However, had someone from Sony read this last year, they would have said, “We already do this,” yet Sony may very well end up being a case study for cybersecurity (and depending what happens in the coming days, a key part of our history lessons for centuries to come).

The bottom line is that HIT is an insecure industry that has not done enough to pull forward and become the standard of cybersecurity that everyone outside the industry expects (and thinks we are already doing).

Now is the time to set a standard, fight back, and take things to a new level. Sony provides an opportunity to educate the board, create a partnership with the CEO, reexamine trusted partnerships, and push vendors to step up their game. Let’s hope that Sony is more than enough to be a call to action for our industry.

John Gomez is CEO of Sensato of Asbury Park, NJ.

Readers Write: EHR Vendors: Barriers to Interoperability

EHR Vendors: Barriers to Interoperability
By King Coal

As patients and taxpayers, I encourage everyone to contact your Congressional members about this topic. Mention that the barriers to EHR interoperability are not just technical — they are contractual as well.

EHR vendors that enjoy the benefit of our tax dollars under the HITECH Act are preventing interoperability — and innovation around the edges of their EHR products by third-party developers — by placing limitations and threats in their contracts with clients. The vendors who are engaged in this antitrust behavior can point to their technology and say, "See? We can share data. We follow data sharing technical standards. Quit criticizing us."

But when you look at these vendors’ contracts, the license fees associated with interoperability are cost prohibitive. In addition, the interoperability clauses are surrounded by onerous contractual obstacles that are veiled to protect the vendors’ intellectual property, but are actually ensuring the vendors’ continued monopoly and preventing innovation around their products.

This behavior on the part of some EHR vendors is strikingly ironic given the enormous success of open source, easily accessible APIs that benefit interoperability. The more open products are from a software architecture perspective, the more value that accretes to a product’s intellectual property. Open, transparent APIs create a larger dependence and ecosystem around products, not less.

Several years ago, I sponsored a meeting with senior executives from three large EHR vendors, lobbying them to open their APIs and migrate their software engineering architecture from tightly coupled, difficult to modify and upgrade, message-oriented architectures to loosely coupled, flexible, services-oriented architectures with open, published APIs so that my development teams could write innovative products around the edges of these EHR products. 

I will never forget the response from one of those EHR vendor’s senior executives: “We see ourselves as more than a database vendor.” Meaning, of course, “Our closed APIs are a market advantage.” 

Bill Gates and Microsoft used to think the same thing about Windows, Office, and Internet Explorer. You can see how that worked out for them when you compare what’s happened with the openness of Android, iOS, the browser market, and office suite products. Salesforce.com is the supreme example of business success based upon an open API and open culture.

A colleague described his thoughts in an email:

Current interoperability standards selected by the ONC and required by MU-S2 do not contain an adequate amount of data/data types to support the quality measurement requirements of the same MU-S2 program. This gap in data is what enables the EHR suppliers to continue the veil of interoperability while still protecting their proprietary intellectual property, serving the interests of the owners of these companies with little regard to what may be best for care, providers, patients, or consumers.

Several EHR vendors are banning together around a new magic bullet technical standard called HL7-FHIR based on JASON technology. While this new standard is great from a technical perspective (XML, REST, etc.), in its current form based largely on existing HL7 v2, v3 and CDA concepts, it does not improve the accessibility of proprietary EHR data types and those data types are needed for quality and cost performance improvement in healthcare. While FHIR could be expanded to include this type of data, it appears the first efforts are focused on reinventing the technology for currently defined interoperability data types.

I’m not sure what if anything Congress can do at this point to fix the ills of Meaningful Use Stage 1, which rewarded existing vendors with billions of dollars in tax money to maintain those vendors’ closed and proprietary APIs. Decertification by ONC will become a bureaucratic mess, but I appreciate the symbolic stance taken by Congress around decertification nonetheless.

One thing that must happen—and maybe our legal courts are the only option for this—the contractual threats and barriers in EHR vendor contracts that stand in the way of interoperability and innovation must be removed.

Interoperability and innovation in healthcare IT are suffering, both technically and contractually, by old-fashioned, old-school thinking on the part of EHR vendors. As a consequence, our healthcare system and patient care are suffering, too. ​

Readers Write: What Physicians Want From Their Medical Software

What Physicians Want From Their Medical Software
By Charles Settles

Physicians looking for medical software have many options. With hundreds of healthcare IT vendors and bloated feature sets, making a decision can be difficult. Especially when purchasing a system for the first time.

Many physicians are skeptical of vendor claims (especially regarding workflow efficiency) and healthcare IT in general. Additionally, learning a new system can be a daunting task for busy providers who have spent years managing patient encounters with paper charts. Some providers are opting out of healthcare IT entirely and are accepting reimbursement reductions or taking early retirement in order to avoid electronic health records and other systems.

Conventional wisdom (and the marketing material from vendors) would lead healthcare IT buyers to believe that Meaningful Use incentives are the number one reason to buy medical software. Based on responses we’ve received, fewer than 10 percent of physicians care whether or not their electronic health records system is certified for Meaningful Use. The latest data from CMS would seem to confirm this; less than 1.5 percent of physicians and organizations that attested for Stage 1 of the program have successfully attested for Stage 2.

The biggest factor for most physicians is effective document management. This should come as no surprise. It is difficult to achieve the goal of a paperless office without such tools. Despite requirements for health information exchange, interoperability between medical systems remains difficult. Many providers still use fax machines to coordinate care and share notes. An electronic health records system with built-in fax capabilities allows providers to bypass this. Additionally, the role- and user-based access capabilities provided by these systems keep health information secure in a HIPAA-compliant manner.

The second-most requested feature for medical software is template-based progress notes and orders. Despite concerns with upcoding or indecipherable template-based notes, most physicians want to be able to use customized templates to save time during encounters. One otolaryngologist said he performed “the same three procedures for over 90 percent of patients.” Using a template makes the most sense for providers who find themselves in a similar situation. Primary care providers were the only specialists to show an aversion to template-based notes, which makes sense, as a primary care provider is likely to deliver a much wider variety of care than a specialist.

Other features are less of a surprise: a patient portal, e-prescribing, and tablet or mobile-based access round out the top five most-requested features by providers using our service. Also, despite security and uptime concerns with cloud-delivered systems, it’s worth noting that fewer than 15 percent of providers asked for medical software that could be installed on their own server; 56 percent of providers requested cloud-based software; and the rest had no preference.

Despite the trend of providers opting out of the Meaningful Use Incentive Program, the market for electronic health records and other medical software systems remains significant. With estimates of healthcare IT adoption rates rising above 80 percent, many of these purchasers are replacing an existing system. This could explain some of the feature preferences, especially the significant preference for strong electronic document management capabilities.

Charles Settles is a product analyst at TechnologyAdvice.