The U.S. Senate passed the 21st Century Cures Act on Dec. 6, legislation that has some important implications for health IT including providing funding to initiatives started by President Barack Obama in which health IT plays a major role, interoperability and data blocking, and FDA approval of medical devices.
The Cures Act invests $1.8 billion in Vice President Joe Biden’s project with the National Cancer Institute to transform cancer research, the Cancer Moonshot, which includes the use of health IT, according to a White House release.
The Cures Act also earmarks nearly $3 billion to continue Obama’s BRAIN initiative (The Brain Research through Advancing Innovative Neurotechnologies).
The Brain Initiative aims to further understanding of the brain through the development and application of innovative technologies, including precision medicine and research on other new ways to treat disease, such as the use of genomics. Some political observers have said that all these efforts may be in doubt when the administration of president-elect Donald Trump takes over in 2017.
Interoperability and data blocking
The Cures Act also addresses interoperability and data blocking.
The legislation states that in order to be considered interoperable, technology must satisfy the following criteria:
- Secure transfer of all electronic health information
- Complete access to health information
- Ensure the technology is not set up to block information
The law establishes requirements for interoperability and the certification of health information technologies. It also further prohibits practices from discouraging the exchange of electronic health information.
FDA approval of medical devices
The Cures Act also speeds up and de-regulates the process for the FDA to approve certain medical devices. The Act says: “The FDA must identify types of medical devices that do not require submission of a report prior to commercial marketing.”
This provision has elicited criticism from some liberal Democrats.
The White House addressed these concerns in its release, stating: “Like all comprehensive legislation, the bill is not perfect, and there are provisions the Administration would prefer were improved, but the legislation offers advances in health that far outweigh these concerns.”
CHICAGO – Scott Seidelmann, founder and CEO of Candescent Health, a cloud medical imaging service vendor and sort of spin-off of cloud EHR vendor athenahealth, Inc., got off a plane and headed straight to the show floor of RSNA 2016.
It was Tuesday, the second day of the 102nd Scientific Assembly and Annual Meeting of the Radiological Society of North America, held as usual at the vast McCormick Place convention center, the nation’s largest. The event attracted some 52,000 people this year.
This venerable mega-conference both delights radiology and imaging practitioners and vendors because of its all-encompassing range of technologies and ideas and annoys attendees because many must travel the Sunday after Thanksgiving or set up during Thanksgiving week itself.
What struck the Candescent exec most when he stepped onto the show floor was how few cloud PACS (picture archiving and communications systems) and VNA (vendor neutral archives) purveyors have adopted the cloud and its advantages of agility, economy of scale, instant updating and affordability.
“You could walk around this conference for almost any other industry and it’s going to look and feel completely different, whether it’s financials or HR or CRM, everybody’s moved to cloud-based systems,” Seidelmann told me at RSNA 2016.
“They don’t want the servers in their basements, they don’t want the IT people maintaining them, they don’t want the license fees, the service fees,” he said. “Healthcare, more broadly speaking, just hasn’t done that.”
As for radiology, the core medical imaging discipline that Candescent focuses on, Seidelmann acknowledged that its modalities – the advanced machines needed to produce MRI, CT scan, ultrasound, X-ray and other healthcare images – still are hardware devices that have to be kept on premises.
He also recognized that many healthcare providers have moved to hybrid cloud image storage systems, whether PACS or VNAs, with one copy of images stored on-site and backup copies in clouds owned and operated by big cloud service providers such as Dell.
(Dell, by the way, recently split into Dell EMC, a division of Dell Technologies, and Japanese-owned NTT Data Services, which is essentially the old Dell Services, after the old Dell sold its services division for $3 billion and at the same time bought EMC for about $67 billion. Got that? Both new entities were on hand at RSNA 2016).
“Why don’t we move the entire system in that direction?” Seidelmann said, referring to the cloud. “Why don’t we just have a usage-based system that leverages the economies of scale of Amazon or Google or Microsoft Azure that are going to get to unit costs from a storage perspective that are infinitely lower?”
In other words, a way of doing things that is akin to Candescent’s business and technology model.
Seidelmann’s company’s modus operandi is to offer smaller hospitals and radiology clinics a kind of plug-in radiology service that uses the cloud to deliver a SaaS radiology routing and analytics system and complements that with a human-staffed help or traffic control desk.
I should note here that the point Seidelmann argued in the interview with SearchHealthIT jibes pretty well with what a neutral observer of the RSNA 2016 floor might observe, but that many vendors also were offering cloud systems or appearing to be heading toward the cloud.
Due to the ever-changing regulatory landscape and the focus on managing the health of populations, IT vendors have taken several different approaches when it comes to population health management technology platforms, according to an article by the Cincinnati Business Courier.
Even EHR vendors are developing their own population health management modules and although some IT vendors are creating EHR agnostic population health management technologies, others have created niche solutions, the article said, which complicates the others have created niche solutions that complicate the flow and sharing of data, the article said.
Here are some population health management technology issues that create barriers to population health management and that healthcare organizations should keep in mind:
Workflow with the EHR
Many population health management technologies in the market today exist as separate modules outside the EHR. This often results in a disjointed workflow because it requires a second sign-on and a different user interface, the article said. It also often impedes training and slows adoption efforts within the organization.
Lack of standardization of health data
In healthcare, data that is aggregated across different systems often is not standardized and the vocabulary and formulas for calculation are also different, the article said. Therefore, the same data elements don’t mean the same thing in many cases.
Although there have been government mandates to free health data and stop data blocking, it still happens. Vendors, health information exchanges, healthcare organizations and individual providers all claim ownership of data, the article said. This means that liberating this data will be cumbersome and costly.
Inaccurate patient matching
Matching patient information accurately and efficiently while reducing the creation of duplicate records is a technological challenge that health IT experts have been trying to solve for a while. Solving this problem becomes even more important when exchanging data between different systems while managing a patient population that spans a care network greater than a single healthcare organization, the article said.
Multiple patient portals
Patients should be able to access their health records through a single point of access. However, that is not the case today because different systems and EHRs all have their own patient portal, the article said. For example, there may be a separate portal for primary care, inpatient and billing which creates a confusing interface for patients.
Evolving telemedicine strategies
Telemedicine is still being defined in healthcare and several key points need to be identified first, according to the article:
- Supported services;
- Scheduling of and access to care provider services;
- Technical infrastructure requirements; and
- Reimbursement models for virtual consultants.
Should a healthcare organization want to implement a truly successful population health management program, these challenges will need to be overcome.
The number of health data breaches decreased for the second month in a row following a summer that saw a record number of breaches, according to the Protenus Breach Barometer.
There were 35 reported data breaches, compared to 37 reported incidents in September. The decrease followed 42 data breaches in August that included nearly 9 million records.
Of the 35 data breaches in October, 40% were caused by hacking, malware or ransomware and affected 664,549 patient records. Four of the incidents specifically involve ransomware, and two involved ransom or extortion, but not ransomware.
The two hacking incidents that involved ransom demands were attributed to TheDarkOverLord, a hacker who previously posted nearly 10 million patient records for sale on the dark web market.
Healthcare providers reported 29 of the health data breach incidents and health plans reported two incidents. Business associates or vendors reported three health data breaches. Healthcare organizations should review the reporting rules and procedures in their business associate agreements to ensure that a breach is handled quickly and efficiently if one occurs.
October’s health data breaches brings the total for 2016 up to 305 reported incidents so far.
The price for medical records has dropped
The influx of stolen medical records appears to have a direct effect on the price of these records on the dark web market.
James Scott, a senior fellow at the Institute for Critical Infrastructure Technology (ICIT) said the price drop is due to “exceeding supply, stagnant demand and increased law enforcement attention” that makes it harder for cybercriminals to make money selling partial medical records.
A recent study conducted by ICIT and the cybersecurity firms Intel Security and Flashpoint found that the price for stolen medical records has dropped from $50 to $100 to about $20 to $40.
Despite the dip in breaches and the price drop, healthcare organizations should still take care to prevent future incidents by monitoring internal systems for unusual data transfers and implementing strong password policies on devices that store protected health information. It also remains to be seen how the decrease in health data breaches will affect the behavior of cybercriminals who target the healthcare industry.
Although EHR use is up, more work needs to be done on interoperability.
ONC urged both the public and private sectors to work together to drive interoperability and make sure electronic health information is able to flow seamlessly through easy-to-use technology systems that present actionable information at the point of care.
ONC recommended three key actions in the report:
ONC said it has already taken action on this front by publishing the Interoperability Standards Advisory, a single resource that lists federally recognized and national interoperability standards and guidance.
ONC said it has also launched a three-part strategy to help connect and accelerate a FHIR (Fast Health Interoperability Resources) ecosystem to spur the development of software apps for consumers and healthcare providers
“The strategy seeks to leverage the growing interest in an industry-wide approach to open, standardized APIs,” ONC said in the report.
This strategy’s goals are, ONC said:
- Help consumers get and use their data
- Improve user-experience and utility for individuals and clinicians
- Coordinate open information with EHR app solutions.
Build a business case for interoperability
ONC said in the report that the shift from fee for service to value-based care is key to building a business case and providing incentives that will drive demand for interoperability. ONC added that while Medicaid EHR Incentive Programs are often the primary motivator for the adoption of EHR technology, those programs alone are not enough to overcome barriers to interoperability.
In this arena, these steps are imperative, ONC said:
- Shift to value-based care
- Support healthcare providers in using health IT
- Medicaid—a government healthcare program for Americans of all ages– funding to advance the flow of electronic health information
Provide more access to health information
ONC suggests in the report that changing the culture around access to information can be done by:
- Supporting the rights of patients to obtain and control their data
- Expose and discourage information blocking
- Promote transparency and competition
- Enhance the safety, reliability and accountability of certified health IT
The 2016 annual report from Office of the National Coordinator for Health Information Technology found that the use of EHR technology has dramatically increased in the past eight years. The report stated that 96% of hospitals and 78% of physician offices used certified EHRs in 2015. This is a significant increase from 2008; prior to the passage of the HITECH ACT, only 9% of hospitals and 17% used at least a basic EHR.
The annual report also noted that the evolution of health IT since the passage of the HITECH Act includes the improvement of communication among health care providers and an increase in the sharing of electronic health information with patients and caregivers.
The report also states that the HIPAA Privacy Rule allows patients to have more control over decisions about their health; in 2015, 95% of hospitals provided patients with the ability to view their health information electronically. When patients have access to their health information, they are able to be more involved in the care process.
While there has been progress as far as EHR use, ONC states in its report that there is still work to be done as far as establishing interoperability between health systems. This work includes publishing the Interoperability Standards Advisory and completing the 2015 Edition final rule. In addition to improving interoperability, the final rule seeks to improve patient safety and reduce health disparities.
ONC also wrote that it requested the establishment of a Health IT Safety Collaborative, which would enforce evidence-based and targeted approaches to health IT. The report also requested authorities to combat information blocking and establish “rules of the road” for electronic health information exchange. Examples of information blocking include inappropriately citing HIPAA regulations as a reason not to share information and implementing contractual terms or restrictions that interfere with patients’ access to their health information.
PHOENIX — Yes, the CHIME 2016 Fall Forum, the College of Health Information Management Executives’ biggest annual conference, came with a soundtrack.
And we’re not talking Foreigner, the 70s-rock dinosaurs who serenaded the healthcare CIOs and their health IT vendor colleagues on the last night of the weeklong confab in the Arizona desert.
Rather, the traditional aural accompaniment to the event was courtesy of employees of the posh JW Marriot Desert Ridge Resort; they struck gentle chimes on a handheld instrument during changeovers before the start of plenary and panel sessions.
CHIME 2016 was that kind of happening, not quite subdued, but not nearly as frenzied as the biggest health IT shows such as HIMSS (Health Information Management and Systems Society) and RSNA (Radiological Society of North America), to name a couple of those with the most ubiquitous acronyms.
Although some 450 CIOs and another 500 vendor execs were on hand, there were no flashy vendor booths and little hard sell — other than an unavoidably annoying endless loop video from EHR vendor athenahealth, Inc. featuring soon-to-be former athenahealth COO Ed Park touting the Massachusetts company’s new web site.
By the way, this was athenahealth’s first foray into the CHIME fall conference world, perhaps signaling that the relatively small but marketing-savvy vendor is confident enough these days to compete in a bigger arena withominant EHR players like Cerner Corp. and Epic Systems Corp. There were also plenty of CIOs on hand from the small community and critical access hospitals that athenahealth has serviced since the company acquired Razorinsights, LLC in January 2015.
Much of the real action at CHIME 2016 unfolded behind closed doors during small CHIME Foundation focus group sessions at which vendors floated new technology ideas and quietly wooed new customers.
There was also a lot of networking, with CIOs chatting with each other and consultants about the latest technology and consultants, consultants trawling for clients, and vendors seeking business partners.
So while the decibel levels at the gathering were generally low (except during the Foreigner performance, of course), the sheer volume of health IT brainpower quietly circulating around the lobby, convention halls and golf course of the resort was impressive.
Mobile technologies may be the key to helping healthcare CIOs achieve top-of-mind business goals.
A recent survey of over 100 health IT leaders found that the three main initiatives healthcare CIOs will be focused on for the next 18 months include data security, patient satisfaction and physician satisfaction. Respondents also reported that health IT investments are also influenced by whether or not the technology meets clinical and organizational needs, is easy to use, and whether the technology will help improve care team coordination for treatment planning.
The intersection of these goals seems to naturally point to secure mobile communications technologies, and over half of respondents said they are currently rolling out a secure texting solution; the value of which can include:
- Satisfying privacy and cyber-security requirements;
- Automatically routing a message to the correct individual based on on-call schedules and communication preferences;
- And delivering additional alerts.
Yale-New Haven Hospital in New Haven, Conn., is using a secure messaging mobile application to reap all these benefits in the emergency department. With this secure messaging mobile application, physicians and residents no longer need to waste time running through the halls to find the person they need. Instead, they can use the mobile app to directly message the doctor they are looking for and, if that doctor is busy, they can also message another doctor who may be able to help. This enables doctors and residents to deliver the appropriate care to the patient in a timely manner.
Of course, many in healthcare are still wary of just how secure mobile in healthcare is. And as mobile devices proliferate in healthcare at the same time as cyber attacks—particularly ransomware attacks– increase, it’s no wonder data security weighs so heavily on healthcare CIOs’ minds.
One in five adults in the United States suffer from mental illness, and many of them will consult their smartphones before they do a health professional. However, with digital health often acting as first responder, and many apps claiming they can help people who suffer from behavioral health conditions, it can be hard to find a quality app.
There are more than 160,000 apps in the health field as a whole, John Herman, M.D., associate chief of the department of psychiatry and chair of medical psychiatry at Massachusetts General Hospital, said at the Connected Health Symposium in Boston last week.
“There is evidence that the most health apps are in the mental health and behavioral health space, because perhaps the barriers to entry are so low,” said John Torous, M.D., co-director of the digital psychiatry program at Beth Israel Deaconess Medical Center.
“It’s very easy to claim you offer emotional support,” Torous said. “We have a lot of people making a lot of stuff with good intentions, but [as] I said it’s a very messy, polluted landscape.”
Torous also works with the American Psychiatric Association, whose Smartphone App Evaluation Task Force is working to develop guidelines and standards for how to find a good app.
“If you type in depression in the iTunes Store, you get back a lot of garbage,” Torous, who is also editor in chief of JMIR Mental Health, said. “There’s good evidence that the star system works well on Amazon, but a five star app for depression, schizophrenia, bipolar anxiety, correlates nothing with its quality.”
Herman said while the current app landscape is like the Wild West or Gold Rush, “there is gold there, and the market will settle out whether in our lifetimes, or by next year.”
One weakness that behavioral health app developers will have to address is making sure the data collected by an app can be disseminated to a user’s physician. While there are different standards being developed to help apps integrate with electronic health records, there is still a gap.
“If your data is being siloed in an individual app or platform, and it’s not getting back to your primary care team or there’s no one kind of coordinating it, that actually may be very detrimental,” Torous said.
BALTIMORE –Two main points stood out most when a leading ONC official took the stage at today’s AHIMA conference: MACRA and data segmentation for patient privacy.
The release of the final MACRA rule last week wasn’t the focus of the keynote from Andrew Gettinger, M.D., CMIO of the U.S. Office of the National Coordinator for Health IT (ONC). Instead, he sought to reassure healthcare organizations about preparing for MACRA, more formally called the Medicare Access and CHIP Reauthorization Act.
MACRA has familiarity
Gettinger explained that ONC came out with its third round of certification regulations in the fall of 2015, and those regulations “are the requirements that are baked into MACRA.” Thus, organizations already are familiar with those requirements, which will help with compliance, he said.
Given that the certification regulations released last fall are a part of MACRA and that the rule won’t go into effect until 2018, Gettinger said that there should be enough time and resources for providers to prepare. He added that ONC released the Enhanced Oversight and Accountability Proposed Rule that states the agency will help out struggling healthcare organizations.
However, “we’re still working out exactly how that’s going to work,” he said.
Data segmentation for privacy
Many in healthcare advocate for patients to have control over their health information. And while Gettinger supports this movement, he also waves a flag of caution.
“I am fully supportive of patients having control of their data. Fully supportive,” Gettinger said. “I am not supportive of circumstances where key and critical information can be concealed.” This could potentially cause problems when it comes to caring for the patient.
Gettinger gave an example in which data was segmented and left out for the purpose of patient privacy, which may have complicated the care administered to the patient and resulted in a death. An adolescent was admitted to the ER in the middle of the night. She had meningitis, a fever and sweats. Clinicians gave her Demerol, a common treatment, but she died. It turned out that her family had withheld information concerning the young woman’s depression and that she was taking an antidepressant.
The fact that the family had full control of the patient’s information may have hampered the clinicians’ ability to treat her. “The [Demerol] treatment choice was reasonable for the data [the doctors] had,” Gettinger said.