Health IT Pulse

October 17, 2016  5:25 PM

ONC official: Hospitals may already be familiar with new MACRA provisions

Kristen Lee Kristen Lee Profile: Kristen Lee
ONC, patient data privacy

BALTIMORE –Two main points stood out most when a leading ONC official took the stage at today’s AHIMA conference: MACRA and data segmentation for patient privacy.

The release of the final MACRA rule last week wasn’t the focus of the keynote from Andrew Gettinger, M.D., CMIO of the U.S. Office of the National Coordinator for Health IT (ONC). Instead, he sought to reassure healthcare organizations about preparing for MACRA, more formally called the Medicare Access and CHIP Reauthorization Act.

MACRA has familiarity

Gettinger explained that ONC came out with its third round of certification regulations in the fall of 2015, and those regulations “are the requirements that are baked into MACRA.” Thus, organizations already are familiar with those requirements, which will help with compliance, he said.

Given that the certification regulations released last fall are a part of MACRA and that the rule won’t go into effect until 2018, Gettinger said that there should be enough time and resources for providers to prepare. He added that ONC released the Enhanced Oversight and Accountability Proposed Rule that states the agency will help out struggling healthcare organizations.

However, “we’re still working out exactly how that’s going to work,” he said.

Data segmentation for privacy

Many in healthcare advocate for patients to have control over their health information. And while Gettinger supports this movement, he also waves a flag of caution.

“I am fully supportive of patients having control of their data. Fully supportive,” Gettinger said. “I am not supportive of circumstances where key and critical information can be concealed.” This could potentially cause problems when it comes to caring for the patient.

Gettinger gave an example in which data was segmented and left out for the purpose of patient privacy, which may have complicated the care administered to the patient and resulted in a death. An adolescent was admitted to the ER in the middle of the night. She had meningitis, a fever and sweats.  Clinicians gave her Demerol, a common treatment, but she died. It turned out that her family had withheld information concerning the young woman’s depression and that she was taking an antidepressant.

The fact that the family had full control of the patient’s information may have hampered the clinicians’ ability to treat her. “The [Demerol] treatment choice was reasonable for the data [the doctors] had,” Gettinger said.

October 13, 2016  10:20 AM

The trade-off to big data in healthcare: Privacy

Kristen Lee Kristen Lee Profile: Kristen Lee
Big Data, Data privacy

Big data in healthcare presents many positive possibilities for patient care. But as David Lazarus writes in his recent column in the Los Angeles Times, while big data presents many benefits — including being able to anticipate a patient’s health problems and intervene early — it could also have negative implications for patient privacy. To truly achieve big data and reap the benefits in healthcare means individual privacy would be sacrificed for the greater good, Lazarus writes.

Lazarus uses as an example the nearly $92 million contract between the Centers for Medicare and Medicaid Services and defense giant Northrop Grumman that is currently focused on reducing fraud but will eventually focus on anticipating medical disorders by using technology to predict people’s healthcare needs.

That predictive analytics capability will be based on not only the patient’s interaction with doctors, hospitals and pharmacies, but also on other sources such as social media. It is one of the largest efforts now underway to create “a healthcare crystal ball capable of looking into patients’ futures,” Lazarus says.

In the column, Lazarus paints a picture of how all of this would work.

A patient complains to their doctor about losing weight. That patient is also taking a cholesterol medication and has also posted a Facebook status, for example, about feeling stressed due to divorce. Or they have posted on LinkedIn looking for a new job. A big data algorithm would be able to connect all those dots and alert that patient’s doctor to what’s going on and that the patient may be running a risk of a heart attack. Then, the doctor would be able to immediately intervene.

But the tradeoff here is individual privacy. Indeed, the more data that is shared and included, the more effective big data will be.

Understandably, people are wary of sharing their data and having it be stolen.

John Halamka, M.D., CIO at Beth Israel Deaconess Medical Center in Boston, believes that if everyone simply shared most everything, it would actually be a way of staying ahead of data breaches.

He told SearchHealthIT in a video interview: “If you just decide your healthcare data doesn’t matter, share it with all the doctors and all the people who need it then the hackers can hack it, whatever. It’s already open source.”

October 12, 2016  1:45 PM

OCR HIPAA guidance

Shaun Sutner Shaun Sutner Profile: Shaun Sutner
Cloud Computing, HIPAA, OCR

As Boston lawyer and HIPAA healthcare expert David Harlow points out in his eminently useful blog post on the Office for Civil Rights‘ recent guidance on cloud computing, there’s really not that much new in the guidance, but the bits that are bear examining.

Harlow parsed OCR’s dense legalese and came up with these choice new items:

  • “No view” cloud service providers that handle only encrypted data and do not have access to decryption keys are still business associates, and as such must comply with some HIPAA privacy and security requirements. Harlow notes that most of the big cloud vendors doing business in healthcare require their customers to do the encryption and so reduce the cloud service providers’ exposure to regulatory oversight.
  • Covered entities (which include most healthcare insurers, clearinghouses and providers that transmit protected health information (PHI) under Department of Health and Human Services standards) should review cloud vendors’ service level agreements to be sure that the cloud vendor does not limit the ability of the covered entity to comply with HIPAA.
  • Cloud companies that are defined as business associates have to notify covered entities of security incidents or breaches even when the PHI they are holding is encrypted.
  • HIPAA rules do not require that PHI be kept on cloud servers in the U.S., but OCR says location should be considered in risk analysis and management. Interestingly, Harlow says here: “As a practical matter key issues to consider are likelihood of successful malware attacks or other exploits at the overseas data center and ease of enforcement of legal rights in overseas court systems.”

Harlow’s somewhat cautionary conclusion on the geography question: “Given these issues, it makes sense in most cases to keep U.S. health data on U.S. servers.”

Like some other health IT observers, Harlow thinks these clarifications are fine as far as they go. He messaged me this comment: “On the question of new law/regs, though, while it might be nice to have a new comprehensive rule I don’t really think we need it, and I certainly don’t expect it.

October 9, 2016  12:45 PM

SearchHealthIT takes on Dreamforce

Kristen Lee Kristen Lee Profile: Kristen Lee
Artificial intelligence, cloud, CRM

I thought the annual Healthcare Information Management Systems Society conference was overwhelming, with the constant stream of people, enormous exhibition hall, and many sessions to attend. Dreamforce, Salesforce’s annual conference in San Francisco, is a whole other beast.

Granted, Dreamforce is not solely dedicated to health IT. However, this conference felt more like a party than HIMSS did. Event organizers created a park-like area in the middle of San Francisco where there was a stage for bands to play, games like ping pong and corn hole to play, and a café giving out free coffee and chocolate covered pretzels. In true San Francisco fashion there was also a mindfulness tent where monks helped lead  all who wanted to try through a mindfulness exercise, and all attendess had the opportunity to see superstar band U2 rock the stage in Daly City, just south of San Francisco.

I attended Dreamforce with the express goal of interviewing Salesforce’s Chief Medical Officer, Joshua Newman, M.D. I wanted to get his insights on various health IT topics, mainly cloud and CRM in healthcare.

When discussing the cloud in healthcare, I asked Newman whether he thought the cloud was an essential technology in healthcare and important in achieving goals such as population health and value-based care.

In his opinion, the cloud is inevitable and necessary in healthcare. To him, the cloud is as essential as electricity.

In addition to talking about the cloud in healthcare in general, we also discussed Salesforce’s Health Cloud, the CRM giant’s much ballyhooed foray into health IT. Newman said he had just heard about how one healthcare organization connected Uber to the Health Cloud to help get patients to their appointments with providers.

When it came time to discuss CRM in healthcare, I wanted to know whether hospitals and health systems are CRM friendly. Do they really need it?

Newman said that without a doubt the patient-provider relationship is important and CRM can play a role in fostering that relationship. Because of this, he said healthcare organizations are definitely interested in CRM.

Finally, I asked Newman about Salesforce’s recently announced artificial intelligence (AI) platform called Einstein. It’s a mixture of AI, deep learning, machine learning, predictive analytics, natural language processing and more.

The video interviews with Newman will be published on SearchHealthIT. Stay tuned.

October 6, 2016  2:02 PM

HHS awards funding for cybersecurity threat information sharing

Tayla Holman Tayla Holman Profile: Tayla Holman
cybersecurity, hhs, Information sharing, ONC

The Department of Health and Human Services awarded funding to a Florida-based healthcare data sharing center to build a more effective system of information sharing about cyberthreats.

The Office of the National Coordinator for Health Information Technology (ONC) and the Office of the Assistant Secretary for Prepardness and Response (ASPR) awarded cooperative agreements totaling $350,000 to the National Health Information Sharing and Analysis Center in Ormond Beach, Florida. NH-ISAC provides services to non-profit and for-profit healthcare organizations, including independent hospitals, health insurance payers and medical device manufacturers.

The ONC agreement provides funding for cyberthreat information sharing in the healthcare and public health sector. The ASPR agreement provides funding to build the capacity of an information sharing and analysis organization that will provide outreach and education about cybersecurity awareness.

In a release Vindell Washington, M.D., national coordinator for health IT, said the funding “will help healthcare organizations of all sizes more easily and effectively share information about cyberthreats and responses in order to protect their data and the health of their patients.”

ASPR previously awarded a planning grant to Harris Health System to identify gaps in cyberthreat information sharing in the healthcare and public health (HPH) sector. An interim report from Harris Health found that leaders in the HPH sector feel cyberthreat information sharing is too slow and that there is a need for a centralized source of cyberthreat information sharing.

Earlier this year, a Ponemon Insitute report on health data privacy and security found that the average cost of a data breach to healthcare organizations was more than $2.2 million. Data breaches also cost the healthcare industry $6.2 billion a year. Nearly 90% of healthcare organizations that were represented in the Ponemon study had a data breach in the past two years; about 45% had more than five breaches in that same time period.

September 30, 2016  1:03 PM

Cancer research panel calls for National Cancer Data Ecosystem

Tayla Holman Tayla Holman Profile: Tayla Holman
cancer, Data sharing

The Cancer Moonshot’s Blue Ribbon Panel has called for a national infrastructure that will allow researchers, clinicians and patients to collaborate in sharing their data and knowledge about cancer.

The panel proposes developing a National Cancer Data Ecosystem that enables cancer research participants and care communities — such as patients and their families — to contribute, access, combine and analyze various cancer-related data sets.

According to Gad Getz, Ph.D, director of the Cancer Genome Computational Analysis Group at the Broad Institute of MIT and Harvard and co-chair of the Blue Ribbon Panel’s enhanced data sharing working group, cancer research has slowed down because much of the data exists in separate databases. Connecting the data in a national data sharing ecosystem would allow research to move faster, Getz said.

The panel argues that the lack of a coordinated effort to assemble cancer data in a readily accessible fashion and the inability to process the data in an interoperative manner prevents the data from being fully leveraged. Also, there is no national infrastructure to which cancer patients contribute their data, and it can be hard for patients to access their own information or transfer records from one provider to another.

The Blue Ribbon Panel goes on to say that there have been localized attempts to achieve a national cancer data ecosystem, but coordination is needed at a national level to address the challenges of connecting the disparate efforts.

A National Cancer Data Ecosystem could improve the quality of care for cancer patients and provide patients with more knowledge and options about their treatments, while also allowing them to contribute their own data and insights. The ecosystem would also improve the efficiency and speed of cancer research.

President Obama announced the establishment of the Cancer Moonshot during his final State of the Union Address on January 12, 2016. The goal of the initiative, led by Vice President Joe Biden, is to accelerate cancer research and make more therapies available to more patients.

September 28, 2016  2:09 PM

Like it or not, blockchain is coming to health IT

Shaun Sutner Shaun Sutner Profile: Shaun Sutner

Get used to it. Blockchain is invading health IT. And it’s moving fast.

Sure, while blockchain’s encrypted distributed ledger technology has already made big inroads in the finance sector, in healthcare blockchain still is in its infancy.

But it’s one big infant.

Here’s a partial list of corporate, healthcare and academic heavyweights that have already made investments in or publicly signaled they are making a commitment to blockchain for healthcare:

Some of these players’ conceptualizations were among the 15 finalists that the Office of the National Coordinator of Health Information Technology (ONC) picked in a contest over the summer.

There were also at least 62 other proposals submitted.

I witnessed the ferment in this early stage era of blockchain in healthcare earlier this week at a workshop put on by ONC and the National Institute of Standards and Technology at NIST headquarters in Gaithersburg, Md., about a half-hour from Washington, D.C.

By the way, the federal government’s interest in the technology is clear.

The potential for the technology is particularly promising for the Department of Health and Human Services, which oversees ONC and the Centers for Medicare and Medicaid Services. Blockchain’s auditing capabilities, in the form of an immutable ledger system that can’t be altered without everyone else on the blockchain seeing it happen, could dramatically reduce Medicare fraud, some proponents say.

Among the 200 or so attendees at the NIST-ONC event were also quite a few critics, skeptics and purveyors of alternatives to blockchain that do some of the same things blockchain does, such as use distributed ledgers.

The blockchain-questioning crowd included developers, analysts and fledgling vendors of blockchain-like systems.

Interestingly, though, it was physicians and representatives of big companies who expressed the most optimism about blockchain’s prospects in healthcare.

“We as a manufacturer are very interested in this,” Dominique Hurley, senior director for global commercial excellence and operations for Biogen, the Cambridge, Mass.-based life sciences giant, said after IBM’s blockchain presentation.

Some observers think blockchain in healthcare will take off once major vendors and healthcare provider and payers start to cooperate, as banks and other financial institutions are doing now with blockchain.

Even the perennially warring EHR mega-vendors Epic Systems Corp. and Cerner Corp. may agree to embrace the technology, Bryant Joseph Gilot, M.D., a Philadelphia area surgeon and blockchain aficionado, told me.

“I think they will be enthusiastic at some point when they realize the benefits and efficiencies to be gained,” Gilot said.

Yet as of today, it appears no real world applications of blockchain have materialized, at least in the U.S.

However, Estonia, the Baltic country known for its adoption of “e-government” in which some 1,000 government services are available online, has embarked on a project with blockchain vendor Guardtime to secure 1 million citizen’s health records with a form of blockchain technology linked to an Oracle database.

Stay tuned.

September 22, 2016  9:15 AM

ONC: More hospitals than ever making information available to patients electronically

Kristen Lee Kristen Lee Profile: Kristen Lee
EHR, health data exchange, ONC

Efforts to make health information available to patients are paying off, according to the Office of the National Coordinator for Health Information Technology.

ONC published a data brief about how hospitals are now making it possible for patients to get their health data electronically.

The data show that as of 2015 95% of the hospitals in the United States have enabled patients to view their health information electronically, 87% made it possible for patients to download their health information and 69% provided patients with the ability to view, download, and transmit their health information, according to a blog post by ONC.

Beginning in 2011, healthcare providers under the meaningful use program were required to enable patients to electronically view, download, and transmit their health information wherever they needed that information to go. The provision was included in the Centers for Medicare and Medicaid’s and ONC’s Electronic Health Record (EHR) Incentive Programs.

ONC asserts in the blog post that these are dramatic increases in a short period of time.

The agency found that the ability to view and download health information increased 70% compared to 2012 and hospitals that enable patients to view, download and transmit their health data increased seven-fold compared to 2013.

Furthermore, in 2015 all states had at least 40% of their hospitals providing patients with the capability to view, download and transmit their health data. In 2013, no states had that many hospitals providing patients with these capabilities.

Letting patients view, download, and transmit their health information is an important piece of enabling individuals to get and use their health information. Enabling patients to engage with healthcare providers electronically can lead to better communication, care, and outcomes for patients, according to ONC’s data brief.

ONC added that the ability of patients to digitally control their health data can lower costs as well. Furthermore, the Office for Civil Rights has emphasized that under HIPAA patients have the right to freely access their own health information.

September 16, 2016  3:57 PM

HHS awards over $87 million to encourage adoption of health IT

Tayla Holman Tayla Holman Profile: Tayla Holman
Health IT, hhs, Meaningful use

The Department of Health and Human Services is awarding over $87 million in funding to more than 1,300 health centers in all 50 U.S. states and the District of Columbia, as well as Puerto Rico and the U.S. Virgin Islands, to support health IT enhancements. Ultimately, the purpose of this funding is to accelerate health centers’ transition from fee-for-service to value-based care .

Value-based care rewards healthcare providers with incentive payments for the quality of care they give patients with Medicare. Fee-for-service pays providers for the number of visits and tests they order.

Health centers that use the funding to purchase or upgrade EHR systems must use technology that has been certified by the ONC (Office of the National Health Coordinator for Health Information Technology).

HHS Secretary Sylvia M. Burwell said in a statement that the investment will “help unlock health care data and put it to work, improving health outcomes and building a better health care system for the American people.”

The funding will also help improve efforts to share and use health information to support better healthcare decision, as well as increase engagement in delivery system transformation.

Funding for the health centers comes from the 2010 Affordable Care Act’s Community Health Center (CHC) fund, which was extended by MACRA  in 2015. The CHC fund provided $11 billion over a 5-year period for the operation, expansion and construction of health centers throughout the U.S. and its territories.

HHS had previously announced over $36 million in funding to 50 health center controlled networks (HCCNs) in 41 states and Puerto Rico. HCCNs promote enhanced health information sharing and support health centers in achieving the requirements for Medicare and Medicaid EHR incentive programs .

A complete list of grant recipients can be found on the Health Resources and Services Administration website.

September 15, 2016  8:29 AM

Mayo Clinic study: EHRs may cause physician burnout

Kristen Lee Kristen Lee Profile: Kristen Lee

When the government mandated that healthcare organizations adopt EHRs seven years ago via meaningful use, the promise was that EHRs would transform healthcare, make processes more efficient, and improve patient care. Maybe the systems did those things but, according to a study by the Mayo Clinic, EHRs could also be causing physician burnout.

Indeed, nearly half of doctors in the United States are burned out, with EHRs partly to blame, according to an article by U.S. News and World Report.

Since 2008, the number of healthcare organizations using EHRs has soared from 15% to 80%.

However, the Mayo study found a link between the use of EHRs and physician burnout – with computer ordering likely to be the driving cause.

The study also showed that today’s EHR systems have failed to live up to their early expectations. Instead, they have triggered widespread exasperation among physicians with 44% of respondents who use EHRs responding that they were dissatisfied or very dissatisfied with EHRs and 41% of respondents said they disagreed or strongly disagreed that EHRs have improved patient care.

A majority of the surveyed doctors (63%) also reported that EHRs fail to improve efficiency. In fact, they said their work often ends up leaking into what should be their leisure and personal time. Nearly two-thirds of the physicians said they work at least 50 hours a week and about one in five said they work nearly 70 hours a week.

The study also found that EHRs and computerized orders actually make documentation and other clerical chores more burdensome for physicians.

Anti-EHR sentiment among doctors is fairly widespread. Charles Krauthammer, M.D., a Pulitzer Prize-winning columnist, wrote an opinion piece in the Washington Post asserting that EHRs are a major reason why doctors quit.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: