News 10/26/16

October 25, 2016 News 4 Comments

Top News

AARP sues the federal government over newly issued rules that allow companies to offer employees in their wellness programs big health insurance premium rebates, saying rebates of that magnitude become coercive rather than voluntary and that employees will be forced to give their employers medical and genetic information that could be used to discriminate against them.

The Equal Employment Opportunity Commission manages the rules for employer wellness programs. Previous rules did not define the term “voluntary” or specify the types of medical exams or questionnaires employers were allowed to require of their participating employees.

The new rules allow covered entities to receive the information of wellness program participants only in an aggregate form that does not disclose the identity of specific individuals. It also prohibits employers from requiring participants to agree to share their information with other organizations as a condition of their participation.

AARP questions whether programs are allowed to require participants and their spouses to complete a health risk assessment or undergo biometric testing that would expose their private information. AARP’s members are more likely to suffer from less-obvious medical conditions that could be disclosed by their participation.

Reader Comments

From Joy Division: “Re: NextGen Healthcare. An email was sent to all team members asking them to keep their heads down and work instead of speculating on the efforts with UBS Bank to find a buyer for the company. Most believe that Rusty Frantz was hired as CEO for just that reason.” An investor’s report from last week says NextGen parent Quality Systems has hired UBS to explore a sale and has conducted several presentations to interested parties.

From Magic Spell: “Re: patient engagement and technology. An OB/GYN practice in Arizona forces patients to arrive 1.5 hours early to fill in a lengthy DigiChart patient portal questionnaire to populate information that should already be there. Otherwise, they deny the services. The message that technology makes everyone’s life easier and helps engage patients could not be more displaced.”

From Cash Cow: “Re: CPT codes. The AMA has a lock on the coding system through a copyright and protects it as a cash cow. They insist on a seat license, which works for software but not applications that would meet an occasional or episodic need. You can’t provide a look-up service to find the numerical code or description without violating copyright or paying for an annual seat license for each unique user.” AMA charges $15.50 per user per year (named users, not concurrent). Several years ago, a court found that AMA misused its copyright in licensing CPT to CMS (it was HCFA back then) only if CMS agreed to not use competing coding systems, giving AMA a monopoly. A 2001 review by the Senate estimate that AMA earns at least $71 million per year in CPT sales and royalties, far more than it takes in from member dues.

HIStalk Announcements and Requests

I mentioned that last weekend’s health IT news was slow, so Brian Ahier provided some broader-picture material he’s reading:

DARPA investigates the use of blockchain to secure the country’s most sensitive information.
A research report forecasts a slight increase in wearable deals this year, but a big jump in VC funding mostly due to a single investor, mega-powered Magic Leap.
The White House publishes a report covering the future of artificial intelligence.

Acronyms often overlap across industries and here’s a good example: EHR is Heineken’s shortcut for its “Enjoy Heineken Responsibly” branding campaign.

Webinars

November 8 (Tuesday) 1:00 ET. “A CMIO’s Perspective on the Successful 25 Hospital Rollout of Electronic Physician Documentation.” Sponsored by Crossings Healthcare. Presenter: Ori Lotan, MD, CMIO, Universal Health Services. UHS rolled out Cerner Millennium’s electronic physician documentation to its 6,000 active medical staff members — 95 percent of them independent practitioners who also work in competitor facilities — across 25 acute care hospitals. UHS’s clinical informatics team used Cerner’s MPage development toolkit to improve the usability, efficiency, communications capability, and quality metric performance of Dynamic Documentation, embedding clinical decision support and also using Nuance’s cloud-based speech recognition product for the narrative bookends of physician notes. This CMIO-led webinar will describe how UHS achieved 70 percent voluntary physician adoption within one month of go-live, saved $3 million in annual transcription expense, and raised EHR satisfaction to 75 percent. It will include a short demonstration of the software that UHS developed to optimize the physician experience.

November 9 (Wednesday) 1:00 ET. “How to Create Healthcare Apps That Get Used and Maybe Even Loved.” Sponsored by MedData. Presenter: Jeff Harper, founder and CEO, Duet Health. Patients, clinicians, and hospital employees are also consumers who manage many aspects of their non-medical lives on their mobile devices. Don’t crush their high technology expectations with poorly designed, seldom used apps that tarnish your carefully protected image. Your app represents your brand and carries high expectations on both sides. This webinar will describe how to build a mobile healthcare app that puts the user first, meets their needs (which are often different from their wants), creates “stickiness,” and delivers the expected benefits to everyone involved.

Contact Lorre for webinar services. View previous webinars on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock

Cancer care planning software vendor Carevive Systems raises $7.2 million in a Series B funding round.

Apple’s 15-year streak of increasing annual sales is broken as falling iPhone sales reduce revenue by 9 percent.

Sales

St. Elizabeth Healthcare (OH) chooses Evariant’s marketing and physician engagement platforms.

People

The Nemours Foundation names Marc Probst (Intermountain Healthcare) to its board.

Announcements and Implementations

McKesson announces a new release of its Paragon EHR.

The Harvard public health school will offer a two-module, $7,210 program in “Leadership Strategies for Information Technology in Healthcare” in January and May whose faculty includes such notables as John Glaser, PhD; John Halamka, MD, MS; Joseph Kvedar, MD; Ken Mandl, MD, MPH; Blackford Middleton, MD, MPH; Dan Nigrin, MD, MS; Sue Schage, MBA; Dean Sittig, PhD; and Micky Tripathi, PhD.

DocGraph releases a six-year Medicare cancer dataset.

Government and Politics

Politico Morning eHealth reviews Q3 lobbyist spending:

AHA $4.05 million
AMA $3.87 million (part of that was spent to oppose a bill that would expand the military’s use of telemedicine, which AMA says would create a national medical license)
Athenahealth $140,000
Cerner $40,000
CHIME $10,000
Epic $36,000
Health IT Now $40,000
McKesson $220,000

FDA will offer a December 5 workshop to solicit recommendations on how to improve hospital-based medical device surveillance systems and the incorporation of unique device identifiers in EHRs.

Privacy and Security

Cybersecurity analysts say that patient information stolen in healthcare breaches is so readily available on the Dark Web that prices have dropped, with a full patient ID package fetching only $20 to $50 instead of last year’s $75 to $100.

An incorrectly configured master server in Guilford County, NC exposes the county’s EMS systems to the Internet. The server was running the Rsync file synchronization utility.

Technology

Amazon’s Jeff Bezos says the company isn’t working on specific healthcare uses for its Alexa virtual assistant, but that people there are thinking about it. He says, “I think healthcare is going to be one of those industries that is elevated and made better by machine learning and artificial intelligence and I actually think Echo and Alexa do have a role to play in that,” but cautions that even Amazon isn’t big enough to solve healthcare problems without the help of hospitals, doctors, and nurses.

Other

A study of 128,000 people with sleep apnea finds that they are more likely to continue their positive airway pressure therapy when they are remotely monitored via wireless sensors or track their progress using ResMed’s app.

A review of Medtronic’s upcoming MiniMed artificial pancreas says the problem is far from solved since the device works only with one expensive type of insulin; the user still has to count calories, perform finger stick readings, and administer their own bolus doses; and patients have to worry about pump and sensor errors. A professor who helped develop the device says it’s not a cure for diabetes and admits that it is “still a pain in the butt.”

An Open Notes article in The American Journal of Medicine offers caregivers tips for creating documentation that will benefit the patient as well.

In Australia, the family of a 72-year-old patient sues the hospital where he died of the effects of a burst bladder after nurses accidentally attached an oxygen line to his urinary catheter. The family also says that caregivers were unable to determine the man’s “do not resuscitate” status because the hospital’s EPAS system failed to retrieve it.

Sponsor Updates

Netsmart and community care leaders connect the mind, body, and communities at Connections2016.
Bernoulli will host a focus group at the CHIME16 Fall CIO Forum November 1-4 in Phoenix.
Besler Consulting releases a new podcast, “Trends in HIM.”
Meditech recaps its Physician and CIO Forum.
Strata Decision Technology recaps the highlights of its recent client summit.
IDC names Caradigm a leader in its MarketScape for Population Health Management.
TransUnion Healthcare publishes a white paper titled “Recommended Resources for Hospital CFOs: Top 10 CFO Concerns about Revenue Cycle Management (And How to Address Them).”
CTG publishes a white paper titled “How Today’s Healthcare Regulatory Alphabet Soup is Driving the Need for Optimization.”

Blog Posts

KLAS Recognizes Aprima as a High-Performing Provider of RCM Services (Aprima)
Talking with Physicians About Value-based Care (Arcadia Healthcare Solutions)
Implementation of Value-Based Care Models On the Rise (Forward Health Group)
Breast Cancer Awareness Month: EHRs and Preventative Care (Impact Advisors)
HITRUST Inheritance: The most important compliance announcement of the year (Catalyze)
How Bundled Payments is Driving Care Transformation and Patient Engagement (Caradigm)
ECG Management Consultants Expands Technology Services With Kurt Salmon Merger (ECG Management Consultants)
Taking Every Patient Request to Heart (CareSync)
October: American Pharmacists Month (CoverMyMeds)
The Consumerization of Healthcare IT Has Only Just Begun (CTG)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

125x125_2nd_Circle

4 Comments

Morning Headlines 10/25/16

October 24, 2016 Headlines Comments Off

Catholic Health Initiatives, Dignity Health in Merger Talks

The Wall Street Journal reports that CHI and Dignity Health are in merger talks. The merger would create a 142-hospital health system with $27.8 billion in annual revenue.

VA touts patient satisfaction, but its findings are questionable

In recent years, the VA has argued that its performance should be measured by by patient satisfaction scores, rather than focusing on appointment wait time backlogs, but a new report finds that the VA has no internal tools to compare its own satisfaction scores with non-VA facilities.

Banning Tablets Is Best for Children

The American Academy of Pediatrics updates its recommendations on screen time for children to say that children under the age of 18 months should get zero screen time, and that those between the ages of two and five should be limited to just one hour per day.

Athenahealth, Allscripts websites down amid nationwide hack

The websites of both Athenahealth and Allscripts were compromised during Friday’s cyberattack on Dyn Inc. A spokesperson from Athena clarified that while portions of its site were down, access to its web-based EHR was not impacted.

Comments Off

Curbside Consult with Dr. Jayne 10/24/16

October 24, 2016 Dr. Jayne 5 Comments

clip_image002

One of the family medicine journals recently published an editorial on preventing diagnostic errors in primary care. It advocates using diagnostic checklists and clinical decision support tools to make sure an appropriate differential diagnosis is considered. Although checklists can be helpful to make sure you arrive at the most likely diagnosis, sometimes physicians just want to know whether we were right and what happened to our patients.

Now that the MACRA final rule is out, we know that HHS plans to continue monitoring to see if EHR vendors are guilty of information blocking. I know I’ve mentioned this before, but I’m still waiting for someone, anyone, to come after the hospitals and health systems that are guilty of information blocking. Especially when treating a patient with an uncommon presentation or a rare diagnosis, follow-up is needed to understand whether the diagnosis was accurate and whether the treatment provided was appropriate or whether there was something more beneficial that could have been done. It’s also important for me to know whether my patients have any complications as a result of my treatment.

This week, I had a couple of rare cases and wanted to track down what happened. In both cases, I had to transfer the patient for further care – one went to a local community hospital where I was an attending physician for many years and from which I continue to receive (erroneous) patient test results. The other patient was refused by the community hospital due to the nature of his condition, so I had to send him to a tertiary referral center where I haven’t been on staff but where I know for a fact that I am in the referring physician database.

In each case, I called report to the facility, giving my name and the pertinent information on the patient’s condition. I also sent copies of the patient’s urgent care evaluation note and the CT scan performed at my facility, both with my name and credentials.

In both cases, when I tried to call for follow-up, I was stonewalled. One facility had the audacity to tell me that, “We have no idea of knowing you are who you say you are” despite the fact that I could accurately give them the patient’s name, date of birth, time of the transfer, and name of the nurse I spoke to when giving report. I urged them to look at the transfer and admission documents to verify my status.

The other facility told me they couldn’t even verify the patient had been admitted “due to HIPAA,” again despite my providing all the information including the name of the attending physician who agreed to assume care.

Last time I checked, HIPAA allows the disclosure of protected health information for treatment, payment, and healthcare operations. Even if you wanted to argue that I was no longer treating the patient, the definition of healthcare operations clearly includes: conducting quality assessment and improvement activities, including outcomes evaluation; care coordination; evaluating provider performance; and certification activities. Despite it being around for two decades, HIPAA is still misunderstood and various entities continue to cite it as a reason to prevent information sharing.

How is this not information blocking? Sharing information verbally and in writing is the precursor to interoperability. And in areas of the country like mine, where there is no consistent platform for EHR-based interoperability, it may be the only way to get information. Where are the HIPAA police when you need them?

If healthcare entities cannot understand a regulation like HIPAA after 20 years, how can there be any hope of everyone understanding MACRA and all its successor requirements that go into effect in a little more than two months?

Hoping that I was just dealing with overworked floor staff who may not understand the nuances of clinical follow-up, I decided to go up the chain and see if I could find another way to get the information I need. I ran a couple of reports out of my EHR and found out how many patients I personally referred to the hospitals in question, as well as how many patients our practice overall had referred in the last year. Knowing that the hospitals have programs where community physicians can have access to their clinical data, I decided to ask for courtesy access. If that failed, I planned to cite the transfer volumes and make a compelling case to be able to access the records in the name of practice-related quality improvement activities. We’re the largest independent urgent care in our metropolitan area and we generate substantial referral volume, so I was hoping they’d bite one way or the other.

Both of them gave me the same response. Unless I apply for and obtain medical staff privileges at the hospital, they have no way to give me access. Being on staff means that you have to actually admit or otherwise attend to patients in the hospital, which isn’t covered under my medical liability insurance since I’m no longer practicing traditional primary care. It’s the reason why I resigned my privileges during my most recent reappointment process to the previously mentioned community hospital, because I couldn’t meet the ongoing requirements.

Hearing the tertiary referral hospital cite the medical staff requirement was especially funny since I know for a fact that they have hundreds of students, researchers, and quality review staff who have access to their clinical data repository, as do payer claims auditors and others. I’m familiar with the fact that they have robust methods for auditing chart access since I helped lead the consensus-building around those methods in my former life. I may also know where the proverbial bones are buried since at least one of their executives worked to stymie our efforts to build a health information exchange.

Yet regulators are going after EHR vendors rather than going after hospitals that refuse to share information with relevant physicians and even with patients themselves. The same hospitals that have accepted countless millions of EHR incentive program money in recent years and who hope to continue drawing down federal dollars continue to be part of the problem despite some feasible solutions.

I’m not letting this go, but plan to continue working may way up the chain at both hospitals. I’m also going to ask at a couple of other area hospitals that receive our patients to see if they will bite and therefore create a precedent. I have a feeling I’m more likely to be blocked then allowed access to the clinical information superhighway.

How does your hospital handle records access and follow up for referring physicians? Email me.

Email Dr. Jayne.

5 Comments

Counting the Costs of a Data Breach

October 24, 2016 News 1 Comment

Fallout from a data breach affects much more than a provider’s bottom line. HIStalk looks at the impact ransomware attacks have on provider credibility and patient loyalty, plus offers tips on shopping for identity theft protection services.
By @JennHIStalk

Data breaches continue to make headlines, and while health IT system infiltrations may not garner as much press as those allegedly perpetrated by Russian hackers, they have providers and patients on edge all the same.

Much has been made of the breaches themselves – how attackers got in, how much ransom was paid, resultant HIPAA violations, etc. – yet little focus has been placed on the post-breach cleanup, which has perhaps the greatest impact on patients and the reputation of healthcare organizations.

In attempting to handle the aftermath, providers typically send out communications with language similar to that included in Rainbow Children’s Clinic’s (TX) recent letter to the 33,368 patients affected by an August ransomware attack on its servers:

Notification letters mailed today include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. Rainbow Children’s Clinic has established a toll-free call center to answer patient questions about the incident and related concerns. The call center is available Monday through Friday from 8:00 am to 8:00 pm, Central Time and can be reached at 1-844-607-1700. In addition, out of an abundance of caution, Rainbow Children’s Clinic is offering potentially impacted individuals monitoring and identity theft resolution through Equifax at no cost. Additional information and recommendations for protecting personal information can be found on the Rainbow Children’s Clinic website at www.rainbowchildrens.com.

The establishment of call centers, websites, and free identity theft resolution for affected individuals may seem logical, but they all come at a cost that some providers just can’t afford. Athens Orthopedic Clinic (GA) has suffered a tremendous amount of community fallout in the wake of a June ransomware attack that affected 200,000 patients. Patients have taken to the local paper and social media to voice their frustrations with not being told immediately about the breach and to condemn the clinic for not offering to pay for credit monitoring.

“Many patients are upset and frustrated with the situation,” AOC CEO Kayo Elliott said in a statement. “And of course, they wish we could pay for extended credit monitoring. So do we. We truly regret that we are unable to do so, as we are not able to spend the many millions of dollars it would cost us to pay for credit monitoring for nearly 200,000 patients and keep Athens Orthopedic as a viable business. I recognize and am truly sorry for the position this puts our patients in.”

The mea culpa continued with an op-ed authored by AOC surgeon Chip Ogburn, MD who pleaded with the community for understanding and brought to light the impact AOC’s cleanup methods have had on its reputation. “We are upset with the potential mark this leaves on the credibility and integrity of our clinic,” he wrote in the Athens Banner-Herald. “For 50 years we have endeavored to provide Athens with the highest level of orthopedic care and are even more committed to that promise today.”

Despite AOC’s public-relations efforts, it’s been reported that two law firms are investigating the possibility of pursuing class-action lawsuits against the clinic. Such PR nightmares, while a potentially business-ending burden for AOC, highlight the importance other providers need to place on preparing for such attacks. And while security assessments should be done and protections put in place, clean-up costs like credit monitoring services must be taken into account, too. Preparing for, dealing with, and cleaning up data breaches seem to have become a cost of doing business.

Providers Get Proactive With Identity Theft Protection Services

As with any type of data breach, patients are typically directed to the credit-monitoring and reporting services of three institutions – TransUnion, Equifax, and Experian. While they aren’t the only companies that offer identity protection services, they are the most well known.

“TransUnion and other credit bureaus are resources for monitoring and protecting credit,” explains Gerry McCarthy, president of TransUnion’s healthcare solutions. “Our monitoring services include fraud alerts for any credit changes, access to live professionals to discuss any credit issues, and optional identity restoration services. In the event of a breach, providers will work with TransUnion and the other credit bureaus to set up monitoring services for affected patients.”

“We are starting to see proactive contracting with our healthcare customers who already utilize our RCM services,” he adds. “They are preparing to act quickly in case of a breach. Our credit and credit-monitoring usage by healthcare organizations has increased dramatically over the past two years. We believe this will be a standard service offered in both healthcare and other industries that deal in both consumer healthcare and financial data.”

Michael Bruemmer, vice president of consumer protection at Experian Consumer Services, backs up McCarthy’s provider utilization figures. “Last year, we serviced about 3,600 different data breaches and 40 percent of them involved healthcare, including pharma, payers, and business associates,” he says. “We’re seeing the biggest growth in smaller entities tied to a rise in ransomware. About 25 percent of our clients that we’ve been involved with in these circumstances have actually paid the ransom.”

With such an increase, Bruemmer is certain that proactive identity theft protection services will soon become a regular cost of doing business, and perhaps even a customer service / loyalty differentiator. He cites the Blue Cross Blue Shield Association as an example: “They announced last August that all of their plans – 34 separate BCBS entities around the country – will provide free identity theft protection for any of their current members if they want to sign up. This would be in advance of a breach. That was something that the association got behind, and I think that’s a great leading example of where identity theft protection is going to be used as a preventative measure for all patients, employees … even BAs and their staff. If a breach happens after that, they don’t have to scramble and go through the process because people already signed up for it.”

“I think it’s important for patients, especially if they’re switching providers or reviewing their physician’s annual privacy policy, to start asking questions like, ‘Where do you have my records? Where are they being stored? What security practices do you have in place? If something bad were to happen, would you respond?’ I think those are fair questions to ask with any type of provider, whether it’s your dentist, doctor, or pharmacist, let alone your insurance company.”

Shopping Around

Providing such services ahead of a breach sounds nice in theory, but how viable of a solution is it for the average provider, especially independent practices that operate with little cash on hand? Bruemmer explains that Experian’s pricing is based on a number of factors.

“We have a rate card that we publish out to clients that request it,” he says. “It’s an a la carte menu with prices tiered from quantity one up to the millions of people that could be affected. There are various pricing tiers and it is by each service. You have a cost for notifications, a cost for call center, and then a cost for the product itself. It depends on the circumstances, because in most cases, you’re going to be pricing by the number of people that actually sign up for a product. Let’s say there are 10,000 people affected by a breach. We would charge a wholesale rate for identity theft protection for only those people who subscribe to that protection. We then bill that back to the client who paid for this on behalf of the patients at the end of the breach.”

Aside from price, Bruemmer suggests that providers look at a credit-monitoring company’s experience, performance record, and response time when shopping around for such services. “They should be asking, how many breaches have you serviced? Have you serviced more complex breaches? Will you service small breaches? And then they should look at the performance record by asking, how big a breach have you serviced? What’s your customer satisfaction rating? Do you have any complaints? Any Triple A ratings from the Better Business Bureau?”

“Those are the typical things to look for,” he explains. “The third most important differentiator is response time, because the clock is ticking after a breach is discovered. The response time to a breach – determining how many people were affected and what type of information was compromised – to become legally compliant is important. The fourth factor is actually price, or the price-value relationship.”

Don’t Forget to Use It

Bruemmer stresses that once a provider has invested in such services, it’s important that their affected patients actually use them. “My advice for patients is to, first of all, read the notification letter, email, or visit the website of your provider. Second, take advantage of the services made available to you free of charge. There’s no reason not to sign up for it. Some consumers worry about giving us their information, but we’ve already got things like their Social Security numbers. We don’t allow fraudsters to get in. Last but not least, be curious about things that might happen and ask questions. I’ve already mentioned the questions you’ll want to ask a new provider, but also watch out for any new accounts, any unsolicited emails or letters that you might not normally receive. Those might be early indicators that someone is trying to get more pieces of your identity or use your identity against you. The more curious you are, the easier it is to spot these things. It goes without saying that you should pay attention to the free credit monitoring report or Dark Web service alerts included as part of your provider’s identity theft protection package. We have some people that sign up for the service and they never look at their alerts, which is just unconscionable.”

Be Proactive to Keep the Doors Open

Providers eager to avoid AOC’s predicament should, as McCarthy stresses, “be proactive and ensure they have contingency plans to protect patient information in case of a data breach. This includes having a relationship with a credit monitoring service to protect that information, the long-term identity of patients, and their credit.” It seems that in this digital day and age, taking such proactive measures might also just save a provider’s reputation.

1 Comment

Morning Headlines 10/24/16

October 23, 2016 Headlines 2 Comments

Yesterday’s major outage was brought to you by hacked IoT devices

Friday’s widespread internet outage has been attributed to a botnet made up of unsecure, Internet-connected consumer devices, such as cameras, DVRs, and routers running a DDoS attack against the servers of Dyn Inc., a internet management company that monitors and routes internet traffic.

ASU, Mayo alliance seeks to transform health care

Mayo Clinic and Arizona State University are creating a new curriculum that will address the clinical, legal, and administrative issues involved in care delivery under one curriculum.

athenahealth’s CEO Jonathan Bush on Q3 2016 Results – Earnings Call Transcript

During its earnings call, Athenahealth CEO Jonathan Bush reports that it added a record 5,092 providers in Q3, but acknowledged that bookings growth hasn’t kept up with expectations due to a drop in Epocrates revenue and elongated sales cycles in the industry.

2 Comments

Monday Morning Update 10/24/16

October 23, 2016 News 2 Comments

Top News

Friday’s major Internet outage appears to have been the result of a cyberattack launched by a botnet that targets Internet-connect devices. A scan last week found 11.3 million IP addresses of infected devices, many of them DVRs and IP cameras manufactured by China-based XiongMai Technologies.

The distributed denial-of-service attack was launched against Internet routing company Dyn, which is one of several that host the Domain Name System that translates text Web addresses to IP addresses.

Some speculate that Friday’s outage may have been a test to see if US election technology could be disrupted on November 8.

I saw no mention of hospitals that were affected, although it’s likely some were.

HIStalk Announcements and Requests

Few poll respondents say their organizations are doing anything to prepare for Medicare’s 2019 switch of patient ID numbers. Glen says the change seems like “bureaucratic masturbation” since it won’t improve his care or reduce costs, but the point is that Medicare cards will no longer enable identity theft by exposing Social Security numbers.

New poll to your right or here: which inpatient EHR vendor’s marketing program is most effective?

Last Week’s Most Interesting News

Athenahealth’s Q3 results beat earnings expectations, but fall short on revenue.
HIMSS announces IBM CEO Ginni Rometty as the HIMSS17 opening keynote.
St. Joseph health (CA) pays $2.14 million to settle HIPAA violations in which a misconfigured server containing Meaningful Use data exposed patient information to Internet searches.
Shares of IRhythm Technologies, which offers continuous skin patch monitoring of cardiac arrhythmias, jump 53 percent on the company’s IPO day.
Industry groups respond mostly positively to the newly issued MACRA final rule.
FDA approves an ultrasound sensor for Android smart phones developed by Philips.

Webinars

October 25 (Tuesday) 1:30 ET. “Data Privacy/Insider Threat Mitigation: What Hospitals Can Learn From Other Industries.” Sponsored by HIStalk. Presenters: Robert Kuller, chief commercial officer, Haystack Informatics; Mitchell Parker, CISSP, executive director of information security and compliance, Indiana University Health. Cybersecurity insurers believe that hospitals are too focused on perimeter threats, ransomware, and the threat of OCR audits instead of insider threats, which are far more common but less likely to earn media attention. Attendees will learn how behavior analytics is being used to profile insiders and detect unusual behaviors proactively and to place privacy/insider risk within the risk management matrix.

Contact Lorre for webinar services. View previous webinars on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock

From the Athenahealth earnings call following a revenue miss that sent shares down nearly 6 percent on Friday:

The company added a record 5,092 providers in Q3.
The company’s expected 30 percent bookings growth for the year is behind “as the lack of sense of urgency in the market has elongated the sales cycle” and Epocrates revenue was lower.
Jonathan Bush says the MIPS program changes provider focus to “the operational cost of managing quality” and closes out the focus of the past six years, requiring a change in product approach.
Bush says the company is building a new EDI platform that will be more reliable, more stable, and less expensive for adding new network connections.
Bush said when asked about revenue growth and hiring, “You could look at the provider adds … as the great men of Monty Python like to say, I’m not dead, actually feeling much better.”
University of Toledo is still the company’s only larger-hospital inpatient EHR customer.
Bush says there’s not value-based care being delivered despite a lot of talk. “Obamacare was extremely incremental this idea of an ACO that takes the first two percent itself and gives you half of the incremental savings 18 months after you generate them when it is done calculating them. Even if the calculation is wrong, you still have to accept it. If you generate savings for three years, they reset your base at the new lower number. It is a crap game to play, so not many people really play it. There are a few companies that are standalone, independent to the hospital systems, that have more to gain. The economic rents doesn’t come out of their own. The other problem is most of the ACOs that are affiliated with us know that the savings would come out of the hospital.”
Bush summarized, “The big news, of course, is that I have been promising to tell you if I ever thought that there was no chance of making 30 percent bookings growth, I never had to because there is always a chance. There is no chance. The reasons behind it are fundamental shift in the market, a shift that inspires us and that gives us more confidence in our ability to differentiate ourselves from traditional software, install it and run the traditional way.”

Decisions

Jennie Sealy Hospital (TX) switched from GE PACS to Philips in August 2016.
Little River Memorial (AR) will change payroll and time attendance from Healthland to ADP in January 2017.
Rockcastle Regional Hospital (KY) went live with Kronos HR, time and attendance, and payroll in September 2016.

These provider-reported updates are provided by Definitive Healthcare, which offers powerful intelligence on hospitals, physicians, and healthcare providers.

Announcements and Implementations

Brigham and Women’s Innovation Hub and Evidation Health will work together to measure the impact of digital health solutions on outcomes.

Privacy and Security

From DataBreaches.net:

Baystate Health (MA) says five of its employees clicked on a phishing email link disguised as an internal memo, giving hackers access to their accounts that contained emails with the information of 13,000 patients.
Seattle Indian Health Board notifies 800 patients that a breach of an employee’s email account exposed their information to an unknown hacker. The organization says it will “implement more structured password management and control measures” and is working on a project to “move all staff to a more secure email system.”

Other

Mayo Clinic and Arizona State University will build a new medical school adjacent to Mayo Clinic Hospital in Scottsdale, AZ that will also offer a certificate and master’s degree in the science of healthcare delivery. The organizations also plan to open a medical technology innovation accelerator. Groundbreaking is scheduled for 2017.

In Ireland, a hospital blames a system upgrade for sending doctors lab results that had been performed up to 20 years ago.

Sponsor Updates

Agfa HealthCare’s enterprise imaging will participate in RSNA’s Image Sharing Validation Program.
Experian Health will exhibit at the HFMA First IL Fall Summit October 24-25 in Oakbrook Terrace.
HIMSS names Patientco CEO Bird Blitch chair of its Revenue Cycle Improvement Task Force.
PatientMatters will exhibit at the Arizona Hospital and Healthcare Association Annual Meeting October 26-28 in Marana.
TierPoint joins the Amazon Web Services Partner Network.
Verscend will exhibit at AHIP Medicare and Medicaid October 23-27 in Washington, DC.
Visage Imaging will exhibit at the SIIM Wisconsin Regional Meeting October 24 in Madison.
ZeOmega will exhibit at the AHIP National Conference on Medicare, Medicaid & Duals October 23-27 in Washington, DC.
ZirMed will exhibit at the National Association for Home Care & Hospice Annual Meeting October 23-25 in Orlando.

Blog Posts

Out-of-Pocket Healthcare Costs Increase in 2016 (Patientco)
Curing Unhealthy IT (PatientKeeper)
Two cool systems that talk (PeriGen)
CMS releases MACRA final rule … here’s our take (Infor)
Why Maintaining an Effective Healthcare Provider Data Management Program is Critical (Phynd Technologies)
Making the Most of Your Data with Population Health Management (PMD)
Surescripts Unveils New Patient Record Locator Service (Point-of-Care Partners)
Illuminating a Black Box in Healthcare: Translating HIPAA Auditing Requirements, Access Logs, and System Logs (Protenus)
Denials Management: It Takes a Village, or at Least All of the Hospital (Sagacious Consultants)
Ransomware Increasingly Seen in Healthcare IT (Summit Healthcare)
Talking Technology & Health IT with CVS Pharmacy (Surescripts)
What You Missed at TeleCon16 (TeleTracking)
Joint Commission Launches Workplace Violence Prevention Tool (Versus Technology)
Welcome to the Edge of Disruption (VitalWare)
The Mind-Body Connection (West Corp.)
Who will Patients Vote for This Open Enrollment Season? (Xerox)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

125x125_2nd_Circle

2 Comments

Morning Headlines 10/21/16

October 20, 2016 Headlines 1 Comment

athenahealth, Inc. Reports Third Quarter Fiscal Year 2016 Results

Athenahealth reports Q3 results: revenue climbed 17 percent to $276.7 million adjusted EPS $0.35 vs. $0.15, missing revenue projections and sending share prices down two percent on the news.

This is why you shouldn’t believe that exciting new medical study

An article on journalists that cover healthcare topics warns readers that the press tends to cover published studies without considering whether the underlying research findings are meaningful. The article notes that of 101 studies published in journals claiming to have identified a new therapy that was very promising, only five of those therapies made it to market within a decade, and only one went on to be extensively used.

Keynote Speaker: Ginni M. Rometty

HIMSS announces that IBM CEO Ginni Rometty will be a keynote speaker at HIMSS17, as the company works to build a viable health IT product with its Watson technology.

Study: With Medicaid, ER visits remain high for two years

An MIT study finds that people enrolled in Medicaid significantly increase ER use for at least two years after they first sign up.

1 Comment

News 10/21/16

October 20, 2016 News 2 Comments

Top News

Athenahealth announces Q3 results: revenue up 17 percent, adjusted EPS $0.35 vs. $0.15, beating earnings expectations but falling short on revenue.

ATHN shares dropped slightly on the news. They’re down 7 percent in the past year.

Reader Comments

From CMIO: “Re: Text2Codes. It’s a pretty cool web app that extracts / annotates ICD-10 and CPT codes from copied and pasted free text.” The Web-based tool offers a free trial.

From Excretory Gland: “Re: NIST/HHS conference on security. If the feds can’t get this one correct, what hope do we have?” A Twitter search of the misspelled hashtag turns up thankfully few recent instances of its recommended use.

From Media Maven: “Re: press party at HIMSS. I see HIStalk on the list as attending an event in which companies pay to speed-date members of the press.” I’ve never heard of the event. I’m not a fan of paying a third party to earn face time with so-called journalists who are mostly interested in scarfing down free drinks in return for a vague obligation to promote those companies that would otherwise not earn their attention. The promoter, oddly enough, is “a lifestage media and marketing company focused on parents and families.” Sounds like a waste of vendor money to me, a questionable display of journalist ethics, and something I will avoid entirely.

HIStalk Announcements and Requests

Here’s a DonorsChoose donation opportunity for CIOs and other hospital senior IT professionals. An anonymous HIStalk supporter will donate $10 for each response (up to 200) to a short survey covering hospital cybersecurity. Respondents will also receive a copy of the results. Senior hospital IT executives with cybersecurity responsibilities can complete the survey in 5-7 minutes. Thanks for supporting DonorsChoose.

This week on HIStalk Practice: South Florida Behavioral Health Network selects ODH’s Mentrics behavioral population health management technology. GE announces the winning communities of its HealthyCities Leadership Academy Open Innovation Challenge. Acuity Eye Specialists goes live with CareCloud. ICD-10 still gives some practices (and payers) problems. Westmed Medical Group selects Bridge Patient Portal capabilities. Pyramid Healthcare taps Qualifacts for behavioral health tech. Florida stakeholders reignite telemedicine talks. CDPHP and CapitalCare Medical Group launch Acuitas Health. Culbert Healthcare Solutions President Brad Boyd focuses on restructuring physician compensation in a value-based world.

Webinars

Contact Lorre for webinar services. View previous webinars on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock

Allscripts acquires CarePort, which connects acute care providers to post-acute care providers. Terms were not disclosed. The company had raised $3.13 million in four funding rounds.

IRhythm Technologies, which offers continuous skin patch monitoring and data analysis of cardiac arrhythmias, prices its IPO shares at $17.00, valuing the company at $300 million. First-day trading on Thursday saw shares jump 53 percent.

Decision analytics vendor TrendShift acquires population health management vendor Health Data Intelligence, which the Columbus, OH business paper described in a July 2016 profile as a four-employee company that had raised just $125,000.

Inhaler technology vendor Propeller Health raises $21.5 million in a Series C funding round, increasing its total to $50 million.

The Partners Connected Health Symposium and HIMSS-owned Personal Connected Health Alliance will combine their conferences into a single Connected Health Conference next year, with Joe Kvedar, MD serving as program chair. HIMSS, its mHealth Summit, and Continua Health Alliance were rolled into PCHA in April 2014. HIMSS hired Patty Mechael, PhD as EVP of PHCA in June 2016.

Sales

Midland Health (TX) chooses Cerner’s clinical, financial, and population health management systems. They will apparently replace Medsphere’s OpenVista.

In England, King Edward VII’s Hospital chooses the modular enterprise imaging solution of Vital Images.

People

Brattleboro Memorial Hospital (VT) promotes Steve Cummings, BSN, MBA to VP of information and support services and Jon Farina to chief compliance and security officer. Both were involved in the hospital’s Cerner implementation.

Enterprise mobility solutions vendor Kony hires Cem Tanyel, MBA, MSc (TriZetto) as EVP/GM of global services.

Announcements and Implementations

Allscripts adds licensed health information from Healthwise to its EHR products via Infobutton integration.

HIMSS again awards the prized first-day conference keynote slot to a vendor executive, this time IBM CEO Ginni Rometty. I expect the Watson hype to be thick since the company has bet the Big Blue farm on selling it into healthcare. HIMSS hasn’t announced its Thursday political keynote speaker, but Mr. Wonderful and Robert from “Shark Tank” will close the show Thursday long after most attendees have departed, which is a shame since they’ll be the most interesting.

Accenture Federal Health Services contracts with Sutter Health and Validic to guide an ONC-funded pilot project to study how patient-generated health data can be delivered to care teams and researchers to improve outcomes.

ENHAC will replace its privacy and security accreditation criteria with HITRUST CSF provisions and controls, allowing EHNAC to offer both its own accreditation as well as that of HITRUST CSF.

Kareo adds prescription drug cost comparison information and coupons to its Kareo Clinical EHR using information from GoodRx.

Privacy and Security

September’s breach report from Protenus finds that while an average of 25 breaches per month occurred in the first half of 2016, the number has jumped to 39 per month for July, August, and September. Forty-one percent of September’s breaches were insider incidents, of which over half were intentional. Thirty-two percent of the September breaches were due to hacking, with five victims specifically stating they were hit with ransomware.

From DataBreaches.net:

The email accounts of Hillary Clinton’s campaign chairman John Podesta and former Secretary of State Colin Powell were breached by hackers believed to be working for the Russian government when both men clicked on a phishing email (disguised as a Google password theft warning) that contained a Bitly-shortened link pointing to a URL that embedded their encrypted Gmail account information. Their exposed emails ended up on WikiLeaks.
A medical practice in Canada is hit with ransomware, with no report of whether the ransom was paid.
A laptop stolen from a benefits management company exposes the insurance information of 7,242 people, although the files contained only basic demographic information.

Innovation and Research

ONC awards Keith Marsolo, PhD of Cincinnati Children’s a one-year, $378,000 interoperability grant to develop standards and methods to populate clinical research systems with EHR information. Marsolo’s team hopes to create one-click access from the EHR to externally hosted electronic case report forms systems, pre-populating standard data elements.

Technology

Rush University Medical Center says use of RTLS at its Rush River North physician practice has reduced patient wait times in a pilot project of 350 patients. Patients are tracked throughout their visit via RTLS badges, with alerts sent to providers if they’ve waited longer than 10 minutes. The system also tracks equipment and notifies staff when rooms need cleaned.

Non-profit Trek Medics International offers Beacon, an SMS-based emergency medical dispatch system for countries that don’t have 911-type service. It allows requests for emergency assistance to be directly routed to any nearby trained responder. The company says most countries have the key components needed — young adults with phones and cars – and communities can create their own grassroots service. They’re working in Dominican Republic and Tanzania.

Other

An MIT study finds that people newly covered by Medicaid not only don’t cut back on their ED usage, but actually increase it significantly for at least the first two years, disputing the belief that insured patients would see primary care doctors instead of using the ED for routine care. The study found that the newly insured had a 13.2 percent higher likelihood of making visits to both an ED and primary care doctor, suggesting that the two types of visit are “more complementary, not more substitutable.”

In India, the owner of a 1,000-bed hospital in which 22 patients died in a fire is arrested along with four hospital officials. The politically connected owner started a university with schools of medicine, dentistry, nursing, and biotechnology. The hospital did not have a mandatory fire certificate.

The Charlotte newspaper profiles the ED usage reduction efforts of Community Care of North Carolina, which mined the Medicaid ED bills of Charlotte-area hospitals to identify the 100 most frequent ED users (at #1 was a homeless alcoholic who made 223 ED visits in 15 months). Most of the frequency flyers had behavioral health issues and some were visiting multiple EDs, with one patient being seen in three EDs in a single day. The team that started monitoring high-risk patients to help them find primary care doctors and obtain social services won the Hearst Health Prize for significantly reducing unnecessary ED and inpatient visits. The program faces shutdown, however, after North Carolina’s Medicaid reform left it without a contract.

A new Ohio law requires providers to provide a written estimate of charges, expected insurance payments, and the patient responsible portion of the bill 48 hours before providing non-emergency services. It also requires insurers to respond promptly to the inquiries of providers who need to know what insurance will pay so they can tell their patient.

A reporter’s review of “our addiction to medical hype” finds that “we reporters feed on press releases from journals and it’s difficult to resist the siren call of flashy findings” even though only 3,000 of the 50,000 medical journal articles published each year are of adequate quality for patient care use. The article quotes sources indicating that $200 billion in worldwide research spending is wasted on poorly designed or redundant studies.

Weird News Andy says a patient featured in a journal case study didn’t have a ghost of a chance. A man who eats a hamburger doused with ghost pepper puree and then tries to quench the fire by quickly drinking six glasses of water ends up with a torn esophagus from the ensuing vomiting. WNA provides helpful advice: “If it looks like one of Satan’s organs has prolapsed, you might want to reconsider eating it.”

Sponsor Updates

HCI Group will sponsor a session at the Health Informatics New Zealand conference November 1-3 in Auckland.
Ingenious Med will exhibit at Anesthesiology 2016 October 22-26 in Chicago.
InterSystems will exhibit at the Partners Connected Health conference October 20-21 in Boston.
Intelligent Medical Objects will exhibit at the EClinicalWorks National User Conference October 20-24 in Orlando.
Frost & Sullivan recognizes Influence Health with its 2016 award for enabling technology leadership.
Learn on Demand Systems donates servers and other hardware for computer science student use at Hillsborough Community College.
AHIMA will use Meditech’s EHR in its Virtual Lab to train and test future medical professionals.
Medicomp Systems releases a video describing the ways in which its technology can help providers transition to MACRA.
Netsmart will exhibit at the National Association of Home Care’s annual meeting October 23 in Orlando.
Obix Perinatal Data System will exhibit at AWHONN New Hampshire October 24 in Dover.

Blog Posts

SQL Tip: The Good, the Bad, and the Ugly of TOP X (Iatric Systems)
5 Reasons Risk Assessments are Now Important than Ever (ID Experts)
MIPS/MACRA Final Rule – Key Takeaways (Impact Advisors)
Treat Patients Like Consumers to Drive Revenue (Influence Health)
What Healthcare CIOs Need to Know: An Interview with InstaMed’s Security Experts (InstaMed)
Putting the “Patient” Back in “Patient Access” (Kyruus)
Pharma Lifecycle Plagued with Integration and Data Management Challenges (Part VII – Sentiment) Liaison Healthcare
The Biggest Myth about Consumerism in Healthcare … And Critical Strategies to Meet Your Patients’ Expectation (Navicure)
We’re Helping Clinician Have the Interoperability They Need (Orchestrate Healthcare)
Two Legs Good, Four Legs Better: Why CRISPR will Change Everything (Orion Health)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

125x125_2nd_Circle

2 Comments

EPtalk by Dr. Jayne 10/20/16

October 20, 2016 Dr. Jayne Comments Off

clip_image002

It’s been a busy week as people begin to digest the contents of the MACRA Final Rule. Most of the physicians I’ve spoken with are worried specifically about what they need to do in order to meet requirements for 2017. It would be a mistake, however, to not spend some time planning for 2018 and beyond. CMS will increase the number of outcome metrics as time passes, while also increasing the weighting applied cost measures. CMS is also making changes in the Medicare Shared Savings Program. Although 2017 may seem to be a low-risk year where providers can take it easy, in reality 2017 should be a year where providers work to maximize their performance in preparation for future years.

Providers are going to be increasingly graded on performance and if they’re not honing their skills they’re going to be behind. Our favorite Geek Doctor, John Halamka, weighed in on the Final Rule as well:

Think of MIPS not as four separate categories (quality measurement, cost control, practice improvement, and wise use of IT) but as a single program focused on rewarding clinicians for improving quality and penalizing clinicians for non-participation. There are only a few ways to change clinician behavior – pay them more, improve their satisfaction and help them avoid public humiliation (like poor quality scores posted on a public website). MIPS pays them more, consolidates multiple other government programs, and provides flexibility to give clinicians every opportunity to make their quality scores look good.

As much as everyone has been waiting for the Final Rule, it’s not entirely final. It was released as a final rule with comment, which means that we have 60 days to continue to weigh in. There’s still the opportunity for our feedback to be heard by those who will make subsequent rules and those who will tweak this Rule as it is applied. We’ve seen from previous iterations with Meaningful Use and other federal programs that the only constant is change.

clip_image004

I had the privilege this week of lunching with some former co-workers. We all worked together on a large health system’s EHR implementation project starting more than a decade ago. Although we try to get together quarterly, it gets more and more difficult unless we plan it months in advance. We’re all still in healthcare, although we’ve branched out into consulting, quality improvement, program management, and interoperability roles. Two of the group have come full circle and are again helping the large health system with an EHR implementation as they perform a massive rip-and-replace of all clinical and financial systems.

It was gratifying to learn that although much time has passed and it’s a different system, many of the processes we created are being dusted off and used to help the practices navigate the transition. Regardless of the type and scope of the project, the change leadership and governance pieces are essential and fairly timeless. It sounds like it’s been a bit frustrating for my colleagues who are on the ground, as the organization has lost some of its institutional memory. The current project is being handled as an IT project that has a couple of clinical advisors, rather than as a clinical / operational project with IT support as we had done in the past. They’ve already experienced massive scope creep, delays, and cost overruns.

There are also issues with IT leadership not understanding the needs of a large provider organization. They actually tried to tell the provider group that they “won’t be allowed to onboard any new physicians or practices during the transition period,” which is over 18 months long. That statement alone shows a fundamental lack of understanding of what is going on in healthcare today, as providers are being consolidated into larger organizations either willingly or in response to fear. I can’t imagine telling a CEO he can’t onboard new physicians, but apparently it happened. I’m betting the follow up phone call to the CIO was interesting, to say the least. When you’re spending upwards of a third of a billion dollars on a project, impeding strategic growth probably isn’t the best idea.

Back when we were doing our original implementation, we needed a full-time person to go around and do some periodic retraining for providers. We had the opportunity to hire a retired IT staffer who had been a physician liaison and was dearly loved. The powers that be told us we couldn’t justify a full-time position, so we brought her on as a contractor. I laughed out loud when I heard today that she is still there, eight years later. Maybe that position would have been justified after all.

The health system is wrangling with the same issues that we fought with the original EHR, including how to handle private/community physicians that want to be on the platform but don’t want to pay for it, as well as how to support the infrastructure. Where we were worried about making sure everyone had adequate bandwidth via DSL or T1, now they’re working to upgrade everyone to fiber. They’re still dealing with patient consent around interoperability as well as difficulties with patient matching and provider attribution. Although they’ve made some headway on those issues, the core problems still remain tricky.

Another theme with the group was trying to maintain some kind of work-life balance given the continuing chaos that healthcare reform and ensuing technology requirements has created regardless of role. I remember when we started, the understanding was that we’d do this rollout for 18 months and then go back to our original jobs. The organization quickly realized that it was unlikely for that scenario to play out. A decade later we’re not only still at it, but most of us are leading teams of people dedicated to the ongoing support of healthcare IT and clinical transformation. Some of us are still burning the candle at both ends, which although sustainable for a few years, starts to wear on you when you’ve been doing it nonstop.

By the time we get together again, it will be 2017 with all the MIPS and APM-related excitement that brings. It will be a new year for penalties and incentives, with new clinical quality measures, new carrots, and new sticks. It’s been great to have a core group of friends who can support each other as we go through this, venting about our respective situations and the challenges we face. Looking at what’s coming down the road, we’re going to need each other to stay sane.

Email Dr. Jayne.

Comments Off

Morning Headlines 10/20/16

October 19, 2016 Headlines Comments Off

AMA Commends ONC Steps to Enhance Oversight and Transparency of Electronic Health Records

AMA announces its support of ONCs Enhanced Oversight and Accountability final rule, which former AMA president Steven Stack, MD says will promote vendor “accountability for the performance, reliability, and safety of certified health IT.”

IBM Is Counting on Its Bet on Watson, and Paying Big Money for It

The New York Times profiles IBM’s continued effort to monetize its Watson business unit, which experts describe as a moonshot project that could still take years before it returns value for the company.

Examining The HHS Projections For 2017 Marketplace Enrollment

In a Health Affairs article, Timothy Jost, JD discusses the HHS projections for public exchange enrollments for 2017, and highlights some reasons why the projected 13.8 million enrollments may be inflated.

New System Shortens Patients’ Wait Times

Rush University Medical Center (IL) is using real-time patient location technology to reduce patient wait times at their outpatient clinics.

Comments Off

Morning Headlines 10/19/16

October 18, 2016 Headlines Comments Off

$2.14 million HIPAA settlement underscores importance of managing security risk

St. Joseph Health (CA) will pay $2.14 million to settle potential HIPAA violations after OCR found files containing PHI used to attest for meaningful use were publically accessible through internet search engines.

St. Jude Medical Forms Cybersecurity Advisory Group

Following accusations that its medical devices contain potentially life threatening cybersecurity vulnerabilities, St Jude Medical announces that it is forming an internal cybersecurity advisory group.

FDA rules allow medical device makers to keep injuries under wraps

An investigative report from the Star Tribune finds that the FDA has created a program that lets medical device makers report adverse events late, sometimes years after the fact, and then reports those issues to doctors with summaries that keep the details out of view.

UnitedHealth Group Reports Third Quarter Results

UnitedHealth Group reports Q3 results: revenue is up 12 percent to $46.3 billion and earnings are up 19 percent to $3.6 billion.

Comments Off

News 10/19/16

October 18, 2016 News 11 Comments

Top News

St. Joseph Health (CA) will pay $2.14 million to settle OCR charges that it exposed the information of 32,000 patients for a full year in 2012-2013 when it brought a server online using default security settings that allowed its contents to be viewed via Internet searches. The exposed files had ironically been created to document the health system’s Meaningful Use participation, so some of the MU money it presumably earned from HHS because of those files will go right back to HHS as punishment for exposing them.

OCR found that the contractors that SJH hired to assess its PHI security did their work “in a patchwork fashion” that failed to meet the requirement of performing an enterprise-wide risk analysis.

The health system paid $7.5 million earlier this year to settle a class action lawsuit filed by patients whose information was exposed.

SJH had previously reported the theft of unencrypted PHI-containing devices in 2010, 2012, 2013, and 2014 as well as a 2014 incident in which an employee failed to delete a PHI-containing Excel worksheet tab before sending it to an investment firm.

Reader Comments

From Greek Goddess: “Re: Epic. The same publication that ran the R&D nonsense with Judy’s ‘trust me’ as verification seems to publish whatever Judy says. The latest contains the usual sound bites about industry misinformation about Epic and the tired narrative that it doesn’t have a marketing department.” They were obviously typing with velvet gloves. This 1998 article quotes Judy as saying that she was increasing Epic’s sales and marketing budget by 70 percent because “we want to be very big,” also mentioning the hiring of an advertising department and marketing director. In 2015 I reported a reader’s observation that at least eight former Epic employees identify themselves on LinkedIn as having done Epic marketing and one of them says she reported directly to Judy (“leading in-house marketing team,” she says). Epic hired a high-powered lobbying firm awhile back as well. I think the people who write for the HIMSS-produced publication (which lives in a picture-perfect fairytale HIT land in which seldom is heard a discouraging word about HIMSS-paying vendors) are so pleased with themselves at earning Judy’s rare attention that they simply uncritically regurgitate whatever she tells them, which makes that publication an Epic favorite for planting “news” that is really just Epic disputing any negative industry impressions about the company. Make no mistake: Epic is not naive about marketing and sales even though they might do it differently – all those gazillion-dollar contracts didn’t just happen because a health system CEO cold-called 608.271.9000 and asked to speak to any available 23-year-old programmer.

From The Truth Hearst: “Re: Zynx Health. Laid off 50 percent of the company last week, including all of finance and marketing, perhaps to either fold the company or roll it into one of the other Hearst entities.” The company provided this response to my inquiry:

Zynx has taken the necessary steps to better position itself in a changing healthcare market. We are aligning our solutions, clinical expertise, and content capabilities to meet the needs of the shifting marketplace and new requirements with emerging value-based payment models. With the changes in the marketplace, the difficult decision to eliminate positions was necessary. However, new opportunities have opened as we deploy an interdisciplinary team of professionals to provide more comprehensive support for our products and services to each client. We believe Zynx will be better equipped to innovate as the healthcare market requires and that these changes will not only make Zynx stronger in this new marketplace, but also, and more importantly, provide better service and support to our valued clients. We are definitely not folding and look forward to another 20 years of market leading innovation and solutions.

From Nasty Parts: “Re: Extension Healthcare. An executive tells me the company has been sold with an announcement forthcoming.” Unverified. Nasty Parts has a pretty good rumor-sniffing track record.

From Big ‘Un: “Re: HIStalk links. I notice some refer to a click counter rather than a direct link. What does that do?” It’s interesting to me how many times readers click on links to new sponsor web pages or webinar sign-up pages, which tells me what kind of information readers want (and how well or how poorly I present it). That’s all I use it for. A recent webinar announcement got more than 1,300 clicks to the sign-up page, for instance, and the ratio of how many of those actually registered to attend tells me whether the abstract and learning objectives were on point. Mentioning a new sponsor usually gets 200-400 readers to click over to the company’s webpage to learn more, which tells me the kinds of technologies that pique the curiosity of readers. Beyond my self-improvement efforts, the invisible click counter, which is run from a free PHP script I found on the Internet, does absolutely nothing.

From Jock O’ Lantern: “Re: fitness trackers. Do you think their lack of success in improving health will hurt sales?” No, since companies will continue to market them smartly (which is to say slightly deceptively). Fitness trackers and apps make few people healthier, but they play to the vanity of buyers who fancy themselves as possessing the willpower to change their lives and their mental outlook once they just buy more jock gear so they can look like the sweaty-yet-sexy models in the fitness tracker ads. Accurate ads would show several of the devices stashed in the underwear drawer along with unworn yet stylish exercise clothes while the owner — who moans about having too little time for exercise — spends the entire evening eating Cheetos, watching TV, and interacting with pretend Facebook friends. We’re going to muster one mushy militia if it ever comes to that.

HIStalk Announcements and Requests

I’ve corrected my Monday mistake in listing Southwest General Hospital (OH) as moving from McKesson to Cerner next year. They’re already a Cerner shop – it’s Southwest General Hospital (TX) that’s changing systems. Sometimes Google magnifies rather than resolves my confusion over multiple hospitals that share a name.

Welcome to new HIStalk Platinum Sponsor Protenus. The Baltimore company’s privacy monitoring system detects inappropriate EHR user behavior (with 97 percent accuracy and thus few false alarms) to proactively identify potential HIPAA violations in helping hospitals avoid huge OCR settlements and jury awards. Examples: EHR users who inappropriately access a VIP’s records; employees who snoop through the files of friends or estranged family members; employees who use patient information to file fraudulent tax returns; hackers who obtain user credentials by phishing and then move freely through patient records; contractors who use their access for unauthorized purposes; and laptop thieves who gain EHR access. Protenus learns how each user normally works instead of trying to apply simple rules to detect their unusual behavior, then provides alerting and collaboration tools that enable quick resolution instead of waiting the average 200 days it otherwise takes providers to detect and fix inappropriate access. IT folks benefit from the elimination of expensive managed services, lightweight data integration of any number of systems, and the option to run it in-house or hosted. The company was founded by Robert Lord, a former Hopkins medical student, medical researcher, and hedge fund analyst; and Nick Culbertson, MD, who earned two bronze stars during his eight-year service as a Green Beret sergeant with the 20th Special Forces Group (Airborne) and helps run an East Baltimore veteran support group. Read the Johns Hopkins case study or Robert’s Readers Write article. Thanks to Protenus for supporting HIStalk.

Here’s a look at the privacy monitoring and incident tracking system of Protenus.

Listening: new from Avenged Sevenfold, polished, literate heavy metal in their first album since 2013. They sound great for a band that’s gone through more drummers than Spinal Tap. Pretty cool lyrics.

Webinars

Contact Lorre for webinar services. View previous webinars on our HIStalk webinars YouTube channel.

Acquisitions, Funding, Business, and Stock

Adobe sues MedAssets (via its new owner nThrive) for copyright infringement, claiming that MedAssets distributed Adobe’s ColdFusion web development tool in its CodeCorrect product despite having a license for internal use only.

Home-centered clinical trials management vendor Science 37 raises $31 million in a Series B funding round, increasing its total to $38 million. The founders are dermatologist Belinda Tan, MD, PhD and Noah Craft, MD, PhD, who was chief medical officer of VisualDX.

UnitedHealth Group, which is pulling out many insurance exchanges because too many expensively sick people signed up, books Q3 revenue of $46.3 billion and a profit of $3.6 billion, with the CEO (whose shares are worth $356 million) saying the company will in 2017 “deliver more value to the health system overall.”

Three post-acute care software vendors – Casamba, HealthWyse, and TherapySource – announce their merger under the Casamba nameplate.

The SEC declines to prosecute Harris Corp. after its auditors reported to the SEC that they found evidence that the fired CEO of its Carefx China subsidiary had in 2011-2012 bribed Chinese government officials with as much as $1 million to earn nearly $10 million in business. Harris acquired Carefx for $155 million in cash in 2011. The SEC fined the executive $46,000 and Harris sold its healthcare business to NantHealth in mid-2015. The executive, Ping Zhang, PhD, is now SVP of product innovation and CTO of MedeAnalytics.

Sales

The Dubai Health Authority signs a collaboration agreement with GE Healthcare for hospital predictive analysis, efficiency, and training.

People

Nancy Ham (Healthagen Population Health Solutions, an Aetna Company and Medicity) joins physical therapy EHR vendor WebPT as CEO.

Congratulations to interoperability expert Keith “Motorcycle Guy” Boone of GE Healthcare for completing his master’s in biomedical informatics from OHSU.

Announcements and Implementations

Nuance announces GA of a new version of its Dragon Medical Advisor real-time computer-assisted physician documentation system.

HCS integrates document exchange interoperability technology from Kno2 into its Interactant system to support care transition and care coordination with referring hospital partners.

Long-term care EHR vendor PointClickCare releases an integrated smartphone app for skin and wound assessment and documentation.

AHIMA will offer a health informatics certification credential in early 2017 to candidates with (a) a bachelor’s degree and two years of informatics experience; (b) a master’s degree with one year of experience; or (c) a master’s in health informatics. Like certification programs offered by HIMSS and other industry groups, the credential’s value is clear to the organization being paid to issue it (and the alphabet soup of other certificates AHIMA sells) but much less obvious to those who might receive it. Someone who has earned a master’s in health informatics doesn’t need to pass an AHIMA test to prove their knowledge for an employer who is probably more interested in experience and capabilities anyway. If I were interviewing a candidate for a non-technical position, I would place zero value on trade group certification. Actually, I would probably place negative value on them since I would question the motivation of a possibly insecure and under-qualified candidate who is proud of a credential that was earned by completing a single multiple choice test that has a high pass rate. CHIME’s certified healthcare CIO is the silliest one I can imagine – what health system CEO would value that credential when hiring a CIO? (perhaps only a certified healthcare CEO if there is such a thing, which I sincerely hope there isn’t). Organizations make a lot of money preying on the personal insecurities and educational shortcomings of ambitious people with generous disposable income or employer educational expense reimbursement programs.

Healthgrades releases its annual hospital evaluation report. The company also announces Risk IQ, a questionnaire-based tool that allows consumers to evaluate their personal risk for six common surgical procedures.

MModal launches a risk adjustment solution suite that helps optimize chart documentation to improve HCC charge capture.

LifeImage releases version 5.0 of its image-sharing platform, which adds real-time collaboration, FHIR support, and more extensive integration of information from PACS, VNA, and clinical systems.

Agfa HealthCare announces a new version of its Enterprise Imaging platform that includes new migration tools, image management and workflow rules, live streaming and virtual conferences, and multi-specialty imaging.

Government and Politics

An investigation by the Minneapolis paper finds that FDA has allowed drug device manufacturers to hide reports of patient harm, either by rolling individual reports up into a generic summary or accepting years-overdue reports. A former FDA official who created a search engine called Device Events to track medical device performance says doctors might behave differently if they knew how many incidents were reported.

Wisconsin state inspectors cite a veterans home for dozens of medical errors, some of them related to incorrect transcription and employees confused by new software. An LPN who administered 100 units of insulin instead of the ordered 12 units said she attended training but then went on vacation, with her supervisor advising upon her return that she should just “wing it.” Nurses interviewed by the inspectors said the rollout was poorly handled.

Privacy and Security

St. Jude Medical forms a cybersecurity advisory board following published claims that its medical devices are vulnerable to hacking.

From DataBreaches.net:

Rainbow Children’s Clinic (TX) reports to HHS that it was attacked by ransomware on August 3, exposing the information of 33,000 patients to an unknown hacker and resulting in the permanent loss of some patient records.
Medi-Cal plan provider CalOptima reports its second breach in two months after discovering that a “departing” employee downloaded patient information to an unencrypted USB drive that was later returned.

Technology

Philips earns FDA approval for an ultrasound sensor for Android-powered mobile devices, enhancing its Lumify ultrasound diagnostic solution to allow clinicians to perform heart, lung, and OB/GYN ultrasound without an ultrasound cart. It costs $200 per month.

Other

Weird News Andy wonders whether this story really happened. An Oregon hospital quarantines its ED after treating a woman with hallucinations, after which the two deputies who brought her in as well as her caregiver and a hospital employee also began hallucinating for reasons unknown. They’re thinking her medication patch might have been spewing active ingredients all over the place.

Sponsor Updates

clip_image001

Attendees of Experian Health’s annual Financial Performance Summit put together 1,000 hygiene kits and collected 200 pairs of socks for Nashville charity.
GE Healthcare will work with India-based Tata Trusts to train 10,000 students for healthcare technology careers.
Aprima earns high ratings for its RCM services in a KLAS specialty report highlighting ambulatory billing services.
Bernoulli CEO Janet Dillione is included in the 17 female health IT company CEOs to know.
Besler Consulting releases a new podcast, “Strategies for navigating bundled payments.”
Carevive Systems will host a half-day symposium on non-small cell lung cancer October 26 in Philadelphia.
CoverMyMeds will sponsor the CBI Electronic Benefit Verification & Prior Authorization Summit October 25-26 in San Francisco.
Consulting Magazine includes Cumberland Consulting Group and Divurgent on its list of fastest-growing firms.
EClinicalWorks will exhibit at AAP 2016 October 22-25 in San Francisco.
Iasis Healthcare streamlines documentation processes with FormFast technology during its EHR transition.
FormFast will exhibit at CHIMA October 24-25 in Edmonton, Alberta.
Healthwise will exhibit at the EClinicalWorks National Conference October 21-24 in Orlando, FL.

Blog Posts

5 Strategies to Reduce Financial Risk (AdvancedMD)
5 Ways to Break the Glass for Women in Tech (AirWatch)
If Ada Were an Arcadia … (Arcadia Healthcare Solutions)
Announcing Customer Spotlights (Catalyze)
10 Things End Users Need to Know About Secure Text Messaging Right Out of the Gate (Spok)
MACRA Final Rule: Empowering Physicians and Health IT (Caradigm)
Breathe Easy … CCM has Your Patients Covered (CareSync)
Translating EHR Training into Improved Revenue Cycle Metrics (Culbert Healthcare Solutions)
Collaboration is Key in Oncology Care (ECG Management Consultants)
EHRA Reiterates Key Recommendations for Program Alignment and Practicality in Comments on HOPPS (E-MDs)
A Guide to Managing Physician Relationships (Evariant)
The Direct Link Between a Security Breach and Patient Safety (Extension Healthcare)
What a top 10 college football matchup has to do with healthcare IT consulting (Nordic)
PCMH 2nd Annual Congress Recap (Galen Healthcare Solutions)
DSRIP: A Major Step Toward Reinventing Medicaid (Hayes Management Consulting)
McKesson Horizon Legacy Support: The Case for Third Party Assistance (HCI Group)
What’s So Scary About Automation? (Healthfinch)

Contacts

Mr. H, Lorre, Jennifer, Dr. Jayne, Lt. Dan.
More news: HIStalk Practice, HIStalk Connect.
Get HIStalk updates. Send news or rumors.
Contact us.

125x125_2nd_Circle

11 Comments

Morning Headlines 10/18/16

October 17, 2016 News Comments Off

Biden outlines five-year plan for ‘cancer moonshot’

Vice President Biden delivered his final status report on the administration’s cancer moonshot, laying out a five-year plan and reiterating the need for continued funding from Congress and private organizations.

A laboratory in your pocket

In The Lancet, Eric Topol, MD discusses the value that digitally connected point-of-care diagnostic tests would have locally and in resource-poor remote regions of the world.

Obese soldiers get £100 Fitbits in battle of bulge: Servicemen failing Army fitness tests are handed high-tech calorie-counting bracelets to help them lose weight

In England, overweight soldiers facing discharge for failing the Army fitness test are being issued Fitbits to help them get back in shape.

Medical College spins out startup

A local paper covers RPRD Diagnostics, a spinoff from the Medical College of Wisconsin developing DNA tests to match patients with the pharmaceuticals that will work best for them.

Comments Off

Curbside Consult with Dr. Jayne 10/17/16

October 17, 2016 Dr. Jayne Comments Off

clip_image002

Everyone in informatics circles has been buzzing about the release of the MACRA Final Rule. As is typical for CMS, it came out on a Friday afternoon. I know a lot of people were hunkered down reading it, me included. I did what I could with it Friday, but on Saturday I had a previous commitment to teach some team-building sessions as part of a local outdoor classroom program.

The type of change that MACRA is trying to drive and the stresses it is going to place on healthcare delivery organizations will require that organizations have high-functioning teams. They’re also going to require intense project management and active management of resources and outcomes. Although many organizations have already figured this out and have robust programs in place (or have hired consultants to do the dirty work), there are numerous organizations that are just trying to figure out what their first steps should be.

When you place stress on teams like these MACRA-related projects are certain to do, teams will either rise to the occasion or they will fall apart. Although some people throw their hands up and just watch things devolve, there are active ways to manage team dynamics and to get your people in the right place so they’re well prepared to take on new challenges.

The program I staffed this weekend brought out many of the types of issues that organizations need to be thinking about as they evaluate how they will handle MACRA-related tasks and who will be responsible for executing them.

Our program brings together people from different backgrounds and throws them into a situation that is unfamiliar for most of them. This year’s group had about 50 participants from all different disciplines – healthcare, manufacturing, communications, technology, and a couple of college students. Even if we have participants coming from the same organization, we mix them up so they’re not working together.

They’re placed in group of five to eight with people they’ve never met and they have to handle a variety of objectives. It’s outdoor classroom with camping and survival skills. Some of the participants may not have done so much as roasting a s’more, so we provide several coaches for each group to help them through the process.

The course starts with an indoor session with a few outdoor elements where they practice basic team skills, and then we follow up with the actual outdoor weekend portion. Their first task was to come up with a team name and motto. We use a variety of exercises to work them through the stages of team development – forming, storming, norming, and performing.

My team definitely had some forming issues because only two of them had arrived by the time the session started. The ability to get to meetings on time continues to be a major issue for a lot of people, which makes it challenging to be a high-performing team. Once the rest arrived, we had some rehashing and revising of the team name, but the team was able to eventually move forward once the late arrivals understood that they couldn’t complain about decisions that were made when they failed to perform.

The teams learned some basics of outdoor cooking and assigned members to roles, identifying leaders and supporting members. When you’re headed out into the woods for a weekend, it’s key to know who is responsible for what. Just like complying with federal regulations, if someone drops the ball, everyone suffers, and having clear chain of command and documented responsibilities makes things easier. The teams are provided with a series of tasks that they have to complete prior to the outdoor portion, and I thought I lucked out when I had someone who immediately volunteered to set up conference calls and meetings to get everything taken care of in the interim.

They met once by phone and once in person during the two-week gap, learning some important lessons on logistics when only half the group showed up in person. The other half was at another meeting place, because leadership failed to recognize that “meet at the XX restaurant by the mall” wasn’t specific enough since there were four different locations of the chain in close proximity, including one actually in the mall. How many times do we have situations like this in healthcare IT? The team thinks they have a clear plan and everyone voices understanding, but it turns out there were multiple ideas about how things were actually going to happen. Although it wasn’t that big of a deal when you’re just dealing with a voluntary team-building program, it’s a huge deal when you have miscommunications around federal requirements and regulations.

There was some last-minute planning, but it appeared they had everything figured out prior to their arrival for the weekend. Unfortunately, one-third of their team was late, leading to delayed setup since people were bringing different pieces of equipment. Across the meadow, the other team I was cross-coaching had arrived and began to set up in a disciplined fashion. Their only glitch was not having their team tee shirts done on time, which they remediated with some ad-hoc spray painting. I was doubtful when they pulled out the cans as to how well it would work, but when they pulled out a drop cloth, rubber gloves, and pre-cut stencils, my doubts were laid to rest. It may have been last-minute, but it was well planned and well executed.

In working with both teams, it was clear that one was more successful. In trying to dissect the reasons behind that success, the major factor was that they put the good of the team beyond their individual needs. They were up early each morning to take care of team tasks, where my team had issues getting out of their tents. I definitely earned my coaching stripes this time around since I had to roust grown adults out of their tents two mornings in a row. I also had to pull out some camping magic when my team failed to follow some of the cooking instructions and their dinner was in jeopardy. Luckily my other team had prepared extra charcoal and had extra supplies, which I was able to borrow to bail my team out. Again, in most of our organizations, we’re running so lean we can’t count on a bail-out. We have to be organized and in command of the situation.

I was hoping that my primary team would see what was going on with the other team and rise to the occasion. Although some team members started to get the message and get with the program, others either didn’t see the possibilities in front of them or maybe just didn’t care. Sometimes we see that, when organizations have enrolled wary participants. Hopefully those that didn’t fully embrace the program learned something along the way and can find elements of the program to take back to their home organizations. I know I learn something every time I put on this program and there are always different challenges to be overcome and different personalities to work with. I come back to my work energized with new tricks and techniques to try to motive my teams.

We’re definitely going to need energy and motivation to make it through MACRA-related reforms and all the sub-projects that will entail. Although I was tired from a couple of nights of sleeping on the ground and herding cats, I’m ready to tackle the rest of the Final Rule.

What kinds of strategies do you use for team-building? Email me.

Email Dr. Jayne.

Comments Off

Readers Write: Ready or Not, ASC X12 275 Attachment EDI Transaction Is Coming

October 17, 2016 Readers Write Comments Off

Ready or Not, ASC X12 275 Attachment EDI Transaction Is Coming
By Lindy Benton

As electronic as we are in many aspects of business – and life in general – oftentimes healthcare providers and payers are still using paper for claim attachment requests and responses. With the ASC X12 275 attachment electronic data interchange on the horizon, the need for utilizing secure, electronic transactions will soon be here.

Let’s look at the claim attachment process.

A claim attachment arises when a payer requests additional information from a provider to adjudicate a claim. This attachment is intended to provide additional information or answer additional questions or information not included in the original claim.
In many instances, the process for sending and receiving attachments is still largely done via a manual, paper-based format.
Paper-based transactions are slow, inefficient, and can bog down the revenue cycle. Additionally, paper transactions are prone to getting lost in transit and are difficult if not impossible to track.
The ASC X12 275 transaction has been proposed as a secure, electronic (EDI) method of managing the attachment request while making it uniform across all providers and payers.

The ASC X12 275 can be sent either solicited or unsolicited. When solicited, it will be when the claim is subjected to medical or utilization review during the adjudication process. The payer then requests specific information to supplement or support the providers request for payment of the services. The payer’s request for additional information may be service specific or apply to the entire claim, the 275 is used to transmit the request. The provider uses the 275 to respond to the previously mentioned request in the specified time from the payer.

Both HIPAA and the Affordable Care Act are driving the adoption of these secure, electronic transaction standards. HIPAA requires the establishment of national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers. In Section 1104(b)(2) of the ACA, Congress required the adoption of operating rules for the healthcare industry and directed the secretary of Health and Human Services to “adopt a single set of operating rules for each transaction” with the goal of creating as much uniformity in the implementation of the electronic standards as possible.

Providers and payers will be required to adopt these standards at some point and it will happen sooner rather than later, so it’s time to be prepared.

The final specifications and detail for the EDI 275 transaction were supposed to be finalized in January 2016, but that has yet to happen. Both the American Health Association and American Medical Association have urged the Department of Health and Human Services to finalize and adopt the latest 275 standard, so with that kind of backing, it’s only a matter of time until the 275 transaction standard gains momentum and comes to fruition.

EDI 275 is coming. The question is, will you be ready?

Lindy Benton is president and CEO of Vyne of Dunwoody, GA.

Comments Off

Readers Write: Exploring the EMR Debate: Onus On Analytics Companies to Deliver Insights

October 17, 2016 Readers Write 1 Comment

Exploring the EMR Debate: Onus On Analytics Companies to Deliver Insights
By Leonard D’Avolio, PhD

Late last month, a great op-ed published in The Wall Street Journal called “Turn Off the Computer and Listen to the Patient” brought a critical healthcare issue to the forefront of the national discussion. The physician authors, Caleb Gardner, MD and John Levinson, MD, describe the frustrations physicians experience with poor design, federal incentives, and the “one-size-fits-all rules for medical practice” implemented in today’s electronic medical records (EMRs).

From the start, the counter to any criticism of the EMR was that the collection of digital health data will finally make it possible to discover opportunities to improve the quality of care, prevent error, and steer resources to where they are needed most. This is, after all, the story of nearly every other industry post-digitization.

However, many organizations are learning the hard way that the business intelligence tools that were so successful in helping other industries learn from their quantified and reliable sales, inventory, and finance data can be limited in trying to make sense of healthcare’s unstructured, sparse, and often inaccurate clinical data.

Data warehouses and reporting tools — the foundation for understanding quantified and reliable sales, inventory, and finance data of other industries – are useful for required reporting of process measures for CMS, ACO, AQC, and who knows what mandates are next. However, it should be made clear that these multi-year, multi-million dollar investments are designed to address the concerns of fee-for-service care: what happened, to whom, and when. They will not begin to answer the questions most critical to value-based care: what is likely to happen, to whom, and what should be done about it.

Rapidly advancing analytic approaches are well suited for healthcare data and designed to answer the questions of value-based care. Unfortunately, journalists and vendors alike have done a terrible job in communicating the value, potential, and nature of these approaches.

Hidden beneath a veneer of buzzwords including artificial intelligence, big data, cognitive computing, data science, data mining, and machine learning is a set of methods that have proven capable of answering the “what’s next” questions of value-based care across clinical domains including cardiothoracic surgery, urology, orthopedic surgery, plastic surgery, otolaryngology, general surgery, transplant, trauma, and neurosurgery, cancer prediction and prognosis, and intensive care unit morbidity. Despite 20+ years of empirical evidence demonstrating superior predictive performance, these approaches have remained the nearly exclusive property of academics.

The rhetoric surrounding these methods is bimodal and not particularly helpful. Either big data will cure cancer in just a few years or clinicians proudly list the reasons they will not be replaced by virtual AI versions of themselves. Both are fun reads, but neither address the immediate opportunity to capitalize on the painstakingly entered data to deliver care more efficiently today.

More productive is a framing of machine learning as what it actually is — an emerging tool. Like all tools, machine learning has inherent pros and cons that should be considered.

In the pro column is the ability of these methods to consider many more data points than traditional risk score or rules-based approaches. Also important for medicine is the fact that machine learning-based approaches don’t require that data be well formatted or standardized in order to learn from it. Combined with natural language processing, machine learning can consider the free text impressions of clinicians or case managers in predicting which patient is most likely to benefit from attention sooner. Like clinical care, these approaches learn with new experience, allowing insights to evolve based on the ever-changing dynamics of care delivery.

To illustrate, the organization I work with was recently enlisted to identify members of a health plan most likely to dis-enroll after one year of membership. This is a particularly sensitive loss for organizations that take on the financial responsibility of delivering care, as considerable investments are made in Year 1 stabilizing and maintaining the health of the member.

Using software designed to employ these methods, we consumed 30 file types, from case management notes, to claims, to call center transcripts. Comparing all of the data of members that dis-enrolled after one year versus those that stayed in the plan, we learned the patterns that most highly correlate with disenrollment. Our partner uses these insights to proactively call members before they dis-enroll. As their call center employs strategies to reduce specific causes of dissatisfaction, members’ reasons for wanting to leave change. So, too do the patterns emerging from the software.

The result is greater member satisfaction, record low dis-enrollment rates, and a more proactive approach to addressing member concerns. It’s not the cure for cancer, but it is one of a growing number of questions that require addressing when the success of an organization is dependent on using resources efficiently.

The greatest limitation of machine learning to date has been inaccessibility. Like the mainframe before it, this new technology has remained the exclusive domain of experts. In most applications, each model is developed over the course of months using tools designed for data scientists. The results are delivered as recommendations, not HIPAA-compliant software ready to be plugged in when and where needed. Like the evolution of computing, all of that’s about to change.

Just hours after reading the Gardner and Levinson op-ed, I sat across from a primary care doc friend as she ended a long day of practice by charting out the last few patients. Her frustration was palpable as she fought her way through screen after screen of diabetes-related reporting requirements having “nothing to do with keeping [her] patients healthy.” Her thoughts on the benefits of using her organization’s industry-leading EMR were less measured than Drs. Gardner and Levinson: “I’d rather poke my eyes out.”

I agree fully with Drs. Gardner and Levinson. The answer isn’t abandoning electronic systems, but rather striking a balance between EMR usability and the valuable information that they provide. But I’ve been in healthcare long enough to know clinicians won’t be enjoying well-designed EMRs any time soon. In the meantime, it’s nice to know we don’t need to wait to begin generating returns from all their hard work.

Leonard D’Avolio, PhD is assistant professor at Harvard Medical School CEO and co-founder of Cyft of Cambridge, MA.

1 Comment

Readers Write: ECM for Healthcare Advances to HCM (Healthcare Content Management)

October 17, 2016 Readers Write 1 Comment

ECM for Healthcare Advances to HCM (Healthcare Content Management)
by Amie Teske

Industry analysts project healthy market growth for enterprise content management (ECM) solutions across all industry sectors. Gartner’s 2016 Hype Cycle for Real-Time Health System Technologies places ECM squarely along the “plateau of productivity” at the far, right-hand side of the hype cycle curve. This essentially means that ECM software has succeeded the breakthrough in the market and is being actively adopted by healthcare providers.

This is good news for ECM users and technology suppliers, but what’s next for ECM in healthcare? To remain competitive and leading edge, ECM solutions at the plateau must evolve for the sake of customers and the marketplace in order to maintain business success. There is more good news here in that ECM solutions are evolving to keep pace with healthcare changes and demands.

Up to 70 percent of the data needed for effective and comprehensive patient care management and decision-making exists in an unstructured format. This implies the existence of a large chasm between resources and effort expended by healthcare delivery organizations (HDOs) on EHR technology to manage discrete data and the work yet to be done to effectively automate and provide access to the remaining content. ECM solutions are evolving in a new direction that offers HDOs an opportunity to strategically build a bridge to this outstanding content.

Healthcare content management (HCM) is a new term that represents the evolution of ECM for healthcare providers. It is the modern, intelligent approach to managing all unstructured document and image content. The biggest obstacle we must overcome in this journey is the tendency to fall back on traditional thinking, which drives health IT purchases toward siloed, non-integrated systems. Traditional methods for managing patient content have a diminishing role in the future of healthcare. It’s time to set a new course.

An HCM Primer

HCM = documents + medical images (photos and video. too).
The 70 percent of patient content outside the EHR is primarily unstructured in nature, existing as objects that include not only DICOM (CT, MRI) but also tiff, pdf, mpg, etc.
ECM has proven effective for managing tiff, pdf and a variety of other file formats. It is not, however, a technology built to handle DICOM images, which represent the largest and most numerous of the disconnected patient objects in question.
Enterprise imaging (EI) technologies have traditionally been responsible for DICOM-based content. These include vendor neutral archives (VNA), enterprise/universal viewers, and worklist and connectivity solutions that are unique to medical image and video capture.
Leveraging a single architecture to intentionally integrate ECM and EI technologies — enabling HDOs to effectively capture, manage, access and share all of this content within a common ecosystem — is referred to as healthcare content management or HCM.

Although the market is ready for HCM and many HDOs are already moving in this direction, it is important to know what to look for.

Critical Elements of HCM

Although it is the logical first step, HCM encompasses much more than simply unifying ECM and EI technologies together into a single architecture to enable shared storage and a single viewing experience for all unstructured content, DICOM and non-DICOM. Just as important is workflow and how all document and image content is orchestrated and handled prior to storage and access. This is essentially the secret sauce and the most difficult aspect of an HCM initiative.

ECM for healthcare workflow is geared to handle back office and clinical workflows associated with health information management, patient finance, accounts payable, and human resources, for example. The intricacies of these workflows must continue to cater to specific regulations around PHI, release of information, etc. All this to say that the workflow component of ECM is critical and must remain intact when converging ECM with EI technologies.

The same goes for workflows for enterprise imaging. EI workflow is optimized to handle image orchestration from many modalities to the core VNA or various PACS systems, medical image tag mapping/morphing to ensure image neutrality and downtime situations, for example.

These workflow features should not be taken lightly as health systems endeavor to establish a true HCM strategy. Do not overlook the need for these capabilities to ease the complexities inherently involved and to fully capitalize on any investment made.

Guidance for HCM Planning

Consider the following recommendations as you plan an HCM approach and evaluate prospective vendors:

Be wary of an archive-only strategy. A clinical content management (CCM) approach is primarily an archive and access strategy. The critical element of workflow is fully or partly missing. A word of caution to diligent buyers to ask the right questions about workflow and governance of unstructured document and image content before, during, and after storage and access.
Always require neutrality. Changing standards is a given in the healthcare industry. HCM should be in alignment with the new standards to ensure all document and image content can be captured, managed, accessed, shared, and migrated without additional cost due to proprietary antics by your vendor. An HCM framework must have a commitment to true neutrality and interoperability.
Think strategically. A deliberate HCM framework offered by any healthcare IT vendor should be modular in nature but also able to be executed incrementally and with the end in mind. Beginning with the end in mind is slightly more difficult. The modularity of your HCM approach should allow you to attack your biggest pain points first, solving niche challenges while preserving your budget and showing incremental success in your journey toward the end state.
Consider total cost of ownership (TCO). If a common architecture and its associated cost efficiencies are important in wrangling your outstanding 70 percent of disconnected patient content, you cannot afford to take a niche approach. It may seem easier and cheaper to select a group of products from multiple niche vendors to try and solve your most pervasive siloed document and image management problems. Take a careful look at the TCO over the life of these solutions. It is likely the TCO will be higher due to factors which include the number of unique skillsets and FTEs required for a niche strategy.
Demand solution flexibility and options. Your HCM approach should provide extensive flexibility and a range of options and alternatives that are adaptable to your unique needs. Software functionality is important, but not the only criterion.

Your HCM approach for strategically managing all unstructured patient content should allow you to:

Start small or go big, solving one challenge or many.
Establish a common architecture with a unified content platform and viewing strategy for all document and imaging content.
Enable unique ECM and EI workflows, not simply storage and access.
Hold one technology partner responsible – “one throat to choke” – for easier overall performance management and administration.

Providers of all shapes and sizes must take a thoughtful and deliberate approach when evaluating document and image management solutions. There is much more involved than simply capture and access. Because this category of technology can enable up to 70 percent of your disconnected patient and business information, you cannot afford to make a decision without carefully considering the impact of HCM on your healthcare enterprise, immediately and over time.

Amie Teske is director of global healthcare industry and product marketing for Lexmark Healthcare.

1 Comment

I hear, and personally experience instances where the insurance company does not understand (or at least can explain to us…

"HHS OIG rates HHS’s information security program as “not effective” in its annual review, the same rating it gave HHS…

I'm terribly conflicted by this quote. On the one hand, medication reconciliation is a patient safety issue, and on the…

I had an old physician colleague whose favorite hobby was bitching about EHRs, and one day told a story about…

Do these Nordic Healthcare systems concentrate the risk of a new system more that would certainly happen in the more…

Recent Posts

Recent Articles:

Top News

Reader Comments

HIStalk Announcements and Requests

Webinars

Acquisitions, Funding, Business, and Stock

Sales

People

Announcements and Implementations

Government and Politics

Privacy and Security

Technology

Other

Sponsor Updates

Contacts

Top News

HIStalk Announcements and Requests

Last Week’s Most Interesting News

Webinars

Acquisitions, Funding, Business, and Stock

Decisions

Announcements and Implementations

Privacy and Security

Other

Sponsor Updates

Contacts

Top News

Reader Comments

HIStalk Announcements and Requests

Webinars

Acquisitions, Funding, Business, and Stock

Sales

People

Announcements and Implementations

Privacy and Security

Innovation and Research

Technology

Other

Sponsor Updates

Contacts

Top News

Reader Comments

HIStalk Announcements and Requests

Webinars

Acquisitions, Funding, Business, and Stock

Sales

People

Announcements and Implementations

Government and Politics

Privacy and Security

Technology

Other

Sponsor Updates

Contacts

Text Ads

RECENT COMMENTS

Founding Sponsors

Platinum Sponsors

Gold Sponsors

Sponsor Quick Links