Application program interfaces (APIs)– routines, protocols, and tools used when building software—are important not only for interoperability but also to the future of healthcare, according to the Office of the National Coordinator for Health Information Technology (ONC).
“APIs have been and will continue to be a key element toward enabling interoperability among consumers and health care providers,” Peter Ashkenaz, a spokesperson for ONC, said in a MeriTalk article. “Publicly available APIs in health care and technology solutions built using them could help usher in a new wave of advanced tools that can more seamlessly connect consumers and health care providers to data.”
And then there’s the new healthcare law, the Medicare Access and CHIP Reauthorization Act (MACRA). It says providers will be rewarded for using technology to improve care outcomes and will be able to customize health IT, and interoperability will be a top priority.
However, there are still barriers to APIs really taking hold in health IT.
“Continued work remains to align the use of different data formats, codes, and semantic terminology in order to enable the seamless use of data,” Ashkenaz said in the article.
He added that a few steps need to be taken before APIs can live up to their full potential in health IT:
- Developers should establish one standardized set of publicly accessible API specifications that have been tested and deployed by developers and then put to use by healthcare providers
- Other software developers need to be able to use those APIs unimpeded to create innovative solutions
- Consumers and providers must be able to obtain new tools and applications that deliver better experience and constantly update to better versions
Despite the challenges, the outlook for APIs ultimately looks good because they will play an important role when it comes to the changes in reimbursement models, such as those embodied in MACRA, Ashkenaz said.
“The use of APIs–and the tools built off them–will likely be a key aspect of any health IT developer and provider strategy to participate in future payment programs, including alternative payment models,” Ashkenaz said. “As demand for health information exchange continues, so too will the demand for more efficient ways to exchange, aggregate, and analyze data.”
There’s no denying that mHealth apps have the potential to help patients better manage their health. But according to a recent study conducted by researchers from the University of California, San Francisco, mHealth apps are too complicated for the populations who would benefit the most from their use. The study surveyed 26 patients at the Priscilla Chan and Mark Zuckerberg San Francisco General Hospital and Trauma Center, a UCSF partner hospital that treats many low-income patients.
MHealth apps can provide patients with educational information about their conditions and allow them to track health data over time. But the current design of 11 commercially available mHealth apps for depression and diabetes observed by UCSF researchers are not user friendly, often requiring significant manual data entry. The apps also lacked large buttons and easy to follow navigation, which frustrated many of the survey participants.
The complexity of mHealth apps can lead to health disparities in vulnerable populations such as those with low health literacy, which refers to an individual’s ability to obtain, process and understand basic health information and services. Of the patients surveyed, 70% were found to have low health literacy. In a February 2016 interview with SearchHealthIT news writer Kristen Lee, Ahmed Albaiti, founder and CEO of digital health consultancy Medullan, Inc., said people with lower health literacy often have chronic conditions and are in an age group that makes it difficult to learn new technology.
While patients with diabetes and other chronic conditions could benefit from using tools such as mHealth apps and wearable devices, they either can’t afford them or do not see the value in using such tools, Lisa Gualtieri, assistant professor of public health and community medicine at Tufts University and founder of RecycleHealth, told SearchHealthIT. There is also a lack of awareness, as wearable device companies would target the people who want, rather than need, their products. However, the potential for increased mHealth app usage is there – a 2015 report by the Pew Research Center found that 64% of American adults own a smartphone. Furthermore, 62% of smartphone owners used their phones to look up information about a health condition.
When the government gets involved with a certain technology in healthcare you know there’s a good chance that technology has some promise. Just look at what happened with EHRs and the government’s meaningful use program.
Well, now the government is starting to get involved with blockchain technology. HHS and ONC announced the “Blockchain and Its Emerging Role in Healthcare and Health-related Research” Ideation Challenge.
HHS and ONC describe blockchain technology as “a data structure that can be timed-stamped and signed using a private key to prevent tampering.”
The agencies categorize the main types of blockchain as public, private and consortium.
Other industries are already getting in on the technology. Companies such as Microsoft have already formed partnerships to develop blockchain technology and experts say blockchain may disrupt the financial and legal fields as well.
HHS and ONC maintain blockchain could also have several uses in healthcare, including:
- Computable enforcement of policies and contracts
- Management of internet of things devices
- Distributed encrypted storage
- Distributed trust
However, blockchain technology and its applicability to healthcare is still evolving and maturing, HHS and ONC said in their announcement.
The agencies said that those who support the use of blockchain in healthcare think it could be used to address concerns regarding the privacy, security and scalability of health records. Critics, on the other hand, say that this would take enormous processing power and specialized equipment, which would outweigh the benefits of the technology in healthcare.
The Ideation Challenge calls for white papers on the topic of blockchain and its potential uses in health IT.
HHS and ONC appear most interested in the cryptography aspect of the technology and the underlying fundamentals of blockchain. They also want to know how this technology could advance industry interoperability needs, help with patient centered outcomes, precision medicine and other needs within healthcare.
The agencies have solicited recommendations for the implementation of blockchain technology.
The winners of this challenge will get the opportunity to present their white paper at an industry-wide “Blockchain and Healthcare Workshop” co-hosted by ONC and The National Institute of Standards and Technology.
Female health IT professionals in the U.S. are paid less than their male counterparts, and the wage gap between the two has only grown larger over the past decade.
In 2006, the average female health IT worker was paid 80.7% of what her male counterpart earned, according to the biennial HIMSS Longitudinal Gender Compensation Disparity Study. In 2015, that number decreased to 78% of what male health IT workers earned.
The disparity in pay by tenure — defined by the study as how long a worker has been in their current position — has also widened since 2006. New female health IT workers who had less than one year tenure earned 83.2% of what new male health IT workers earned. Furthermore, female health IT workers with 15 or more years tenure were paid 77.7% of what their male counterparts earned. Then, in 2015, the wage gap between new male and female health IT workers widened while the gap between longer tenured male and female workers narrowed. New female health IT workers earned 72.1% of what male health IT workers earned, while those with 15 plus years tenure earned 85.9% of what their male counterparts with similar tenure earned.
There was also a discrepancy in pay between male and female workers with the same title, although the gap has narrowed for management level workers:
- Female health IT managers earned 91.7% of what male health IT managers were paid in 2006, but in 2015, female health IT managers earned 92.4% of what their counterparts earned.
- Female non-management level workers earned 93.7% of what their male counterparts earned in 2006 versus 91.7% in 2015.
- Female senior/executive managers earned 89.4% of what their male counterparts earned in 2006 versus 85.5% in 2015.
Among female health IT professionals who work for health IT vendors, the pay gap has narrowed since 2006. That year, female health IT workers earned 87.9% of what their male counterparts earned, compared to 91.0% in 2015. The gap has remained steady at 77.5% for female health IT professionals who work for hospitals, but has widened for other organization types: 77.4% versus 73.1% for female health IT professionals who work for other providers , such as nursing homes, and 80.6% versus 78.7% for those who work in other healthcare organizations, such as health information exchanges.
As far as actual salaries, a 2015 HIMSS Salary Survey found that female health IT workers earned $100,762 annually, while male health IT workers earned $126,262 — a 21% discrepancy that reflects that national gender wage gap between full-time female and male workers.
While about a third of U.S. hospitals reported to the Office of the Inspector General of the Department of Health and Human Services that they don’t have HIPAA-compliant EHR disaster recovery plans, most hospitals told OIG they have comprehensive plans to recover patient data after a disaster.
The OIG hospital disaster recovery survey, results of which were released July 22, came after widespread disruptions to hospital patient records after Hurricane Sandy hit the East Coast in 2012 and rapidly escalating cybersecurity threats to health data.
According to a release, OIG sent questionnaires to a sample group of 400 hospitals that receive meaningful use Medicare incentive funds asking about their EHR contingency plans, including:
- How they comply with HIPAA rules requiring all HIPAA-covered entities to have a contingency plan for disruptions to EHR systems, including maintaining a data backup plan, disaster recovery plan, emergency mode operations plan and having testing and revision procedures
- How they follow practices for emergency contingency planning recommended by the Office of the National Coordinator for Health IT (ONC) and the National Institute for Science and Technology (NIST)
- Their experience with EHR disruptions.
OIG staff also made site visits to six hospitals, where they reviewed EHR contingency plans and related documents.
Nearly all the hospitals reported having written EHR contingency plans and about two-thirds said they met the four HIPAA requirements OIG reviewed.
Most of the hospitals also said they followed ONC and NIST recommendations such as maintaining off site backed up EHR data, supplying paper backups when electronic records are unavailable and training staff on contingency plans.
More than half of the respondents said they had experienced an EHR disruption, and a quarter of those said they had delays in patient care as a result.
OIG also found that HHS’s Office for Civil Rights (OCR), which enforces HIPAA, does not specifically focus on EHRs when assessing HIPAA compliance for disaster recovery.
“Persistent and evolving threats to electronic health information reinforce the need for EHR contingency plans,” OIG concluded in the release. “This review and the cyberattacks that have occurred since 2014 underscore our previous recommendations that OCR fully implement a permanent audit program for compliance with HIPAA.”
OCR is now engaged in a second round of audits of selected healthcare organizations and their business associates.
Many observers expect these audits to be followed by a permanent audit program funded by revenues of fines levied on healthcare organizations found to have violated HIPAA.
The Centers for Medicare and Medicaid Services (CMS) is preparing to unleash some stark numbers on care quality at individual hospitals across the country.
But before CMS publishes those star ratings on specific hospitals (coming soon), it has compiled and published a statistical overview of the various rating categories – called the Overall Hospital Quality Star rating system – and where different classes of hospitals fit in.
The rating methodology takes into account 62 quality measures reported by hospitals, using EHR and other data, related to routine care patients receive when being treated for heart attacks and pneumonia as well as measures focusing on hospital-acquired infections.
Among the key measures, according to a CMS fact sheet, are:
- How often patients get an infection after surgery
- Patient wait times in the emergency department
- Rates of complications after hip replacement surgery
- Readmission rates after a heart attack
- How often patients receive multiple CT scans or MRIs
The star rating system ranges from five stars at the top of the quality range to one star at the bottom. The hospital categories include size, teaching status, safety net and critical access.
Perhaps not surprisingly, “CMS’ analysis shows that all types of hospitals have both high performing and low performing hospitals,” according to the fact sheet.
“In other words, hospitals of all types are capable of performing well on star ratings and also have opportunities for improvement,” it continued.
Of the 4,599 hospitals included in the ratings, 102, or 2.2%, received five stars. Some 934, 20.3%, got four stars. The biggest category was three stars, with 1,770, or 38.5% of the hospitals. At the low end, 723, or 15.7%, got two stars, and 133, 2.9%, were classified as one star.
About a fifth of the hospitals included in the survey did not meet and so did not receive star ratings.
Other hospital care quality information, including patient-reported measures, can be found on the CMS web site, Hospital Compare.
In the gaming world, virtual reality is a clear hit among users. Just look at the explosive success of Pokémon Go! Ok, so that’s technically augmented reality. But you catch my drift.
As it turns out, virtual reality is not only incredibly cool but also has the potential to be helpful in healthcare specifically when it comes to preparing for surgeries as well as training and educating staff.
This is already being done at the Ronald Reagan UCLA Medical Center, according to a story in the Daily Bruin, UCLA’s news website. And UCLA has also reaped other benefits from virtual reality technology. For example, they’ve already diagnosed almost 1,500 prostate cancer patients using the technology. This improved the diagnosis accuracy by more than 300%, a surgeon at the UCLA Medical Center asserted in the Daily Bruin story.
At UCLA, virtual reality technology also allows surgeons to build a three dimensional model of a patient’s anatomy based on a patient’s CT scan. Once the model is built, the injury or area of concern can be identified. Surgeons can then rehearse the surgical steps before the actual operation takes place.
Virtual reality technologies are useful for everything from treating simple injuries to conducting complex multi-organ surgery, according to the story.
And virtual reality is also useful for training and educating medical staff.
For example, by using virtual reality technologies to familiarize surgical teams with an operation before it is done not only improves teamwork but also minimizes the patient’s and the surgeon’s anxiety, the article said.
And as for educating future doctors and surgeons, Case Western Reserve University in Cleveland, Ohio, is using Microsoft HoloLens to do just that.
Although virtual reality in healthcare is promising for training and education staff as well as improving patient care and outcomes, this technology still has a ways to go.
One challenge is that medical scans of a patient’s anatomy may be too complex to be converted into a virtual reality environment for use before surgery, the article said. Furthermore, it can also be difficult to make sure that a virtual reality scenario reflects the complexities of the entire body—an interconnected network of cause and effect.
Maybe your healthcare organization has experienced a ransomware attack recently. Well, you certainly are not alone.
Ransomware attackers have mounted 4,000 daily attacks against healthcare organizations in early 2016 alone. That’s a 300% increase from the 1,000 daily ransomware attacks reported in 2015, according to a recent U.S. Government interagency report.
That number is pretty staggering.
The U.S. Department of Health and Human Services (HHS) recently published guidance on ransomware including how to know if your healthcare organization is under attack, how to recover, and how to know if HIPAA has been violated.
Some key indicators of a ransomware attack, according to HHS, are:
- Clicking on malicious links or file attachments
- Increased activity in the central processing unit (CPU) and disk activity for no apparent reason
- Inability to access certain files
- Detection of suspicious network communications
HHS recommends that if an entity believes a ransomware attack is underway, it should immediately activate its security incident response plan, which should include determining the scope and origination of the attack, whether the attack is finished, and how the attack occurred.
Once these initial steps have been taken, HHS recommends that a covered entity then work to contain the impact and propagation of the ransomware, and then eradicate the ransomware.
Once this is done the covered entity should mitigate vulnerabilities, restore the data lost in the attack in order to recover, and then conduct post-incident activities. These should incorporate deeper analysis of the evidence to determine whether the entity has any regulatory, contractual or other obligations as a result of the attack.
Lysa Myers, security researcher at cybersecurity firm ESET North America, said in an email that generally the guidance from HHS was good. However, “I would like to see a bit more about specific techniques and tactics to prevent malware, such as: patch or update software regularly, show hidden file-extensions, and block executable files sent in email,” she said.
(SearchHealthIT contributorReda Chouffani, in a recent story, details ten ways to stop and avoid a ransomware attack.)
Meanwhile, Myers said the government guidance will — without being an unnecessary burden — help healthcare organizations better protect themselves—against ransomware and malware, and many other types of breaches as well.
“By adding additional techniques like encrypting sensitive data when it’s stored or when it’s sent via the Internet, and using multi-factor authentication, they can significantly impact their level of risk,” Myers said.
With its levy of a $650,000 fine on a service provider of the Archdiocese of Philadelphia, the Department of Health and Human Services’ Office for Civil Rights (OCR) has entered into what appears to be its first-ever settlement with a business associate for allegedly violating the HIPAA Security Rule.
The OCR action stemmed from the 2013 theft of an iPhone from Catholic Health Care Services (CHCS), which led to the loss of protected health information (PHI) of 412 people, according to the OCR settlement and corrective action plan.
The agency provides information and technology services to nursing homes operated by the Archdiocese.
The HITECH Act of 2009 made business associates of healthcare organizations covered entities under HIPAA and subject to HIPAA’s health data privacy and security requirements just as healthcare organizations are.
Starting in 2016, OCR has begun auditing business asssociates for the first time in a formal round of audits of healthcare organizations and business associates such as companies and nonprofits that handle PHI, including billing firms and cloud providers.
After an investigation starting in 2014, OCR determined that, among other violations, CHCS failed to perform a security risk analysis and failed to put in place a security risk management plan.
“Business associates must implement the protections of the HIPAA Security Rule for the electronic protected health information they create, receive, maintain, or transmit from covered entities,” OCR Director Jocelyn Samuels said in a release. “This includes an enterprise-wide risk analysis and corresponding risk management plan, which are the cornerstones of the HIPAA Security Rule.”
Meanwhile, another PHI breach by a business associate that exposed health data of 4,300 dental patients was disclosed recently by Massachusetts General Hospital, the Boston Globe reported.
In February, Mass. General learned that an unauthorized party had gained access to electronic files stored by Patterson Dental Supply Inc., which supplies software to help manage dental practices for healthcare providers including Mass. General.
On June 29, the hospital began notifying affected patients that their PHI – including dates of birth, social security number, and possibly date and time of their dental appointments – had been exposed.
Responding to Congress’ call last year to define health IT interoperability measures that Medicare providers must meet to receive reimbursement under new value-based models, ONC has published the measures.The new measures are now part of MACRA, the Medicare Access and CHIP (Children’s Health Insurance Program) Reauthorization Act.
The measures, as detailed in an ONC blog post, are:
- “Measure 1: Proportion of health care providers who are electronically engaging in the following core domains of interoperable exchange of health information: sending; receiving; finding (querying); and integrating information received from outside sources
- Measure 2: Proportion of health care providers who report using the information they electronically receive from outside providers and sources for clinical decision-making.”
The blog post’s authors, Seth Pazinski and Taisha Searcy, of the ONC Office of Planning, Evaluation and Analysis, elaborated that the measures fulfill many commenters’ requests that they not add to providers’ reporting burdens, but rather come from existing national surveys of hospital and office-based physicians.
The surveys are the American Hospital Association’s Information Technology Supplement Survey and the Center for Disease Control and Prevention’s National Center for Health Statistics’ annual National Electronic Health Record Survey of office-based physicians. The surveys measure not only interoperability but also how physicians use other EHR functions in their daily practice.
The ONC officials also noted that commenters, in addition to being concerned about burdensome reporting, also wanted the measures’ scope broadened to include providers not eligible for the meaningful use program for EHRs, such as behavioral health providers.
Commenters also raised concerns about recognizing the complexity of measuring interoperability.
“Although the MACRA requirement for measuring interoperability largely focuses on ‘meaningful users,’ we are committed to advancing interoperability of health information more broadly,” the ONC officials wrote. “We will be expanding our measurement efforts to include populations across the care continuum in the near-term, as well as an increased focus on outcomes in the longer-term.”
Read the official statutory language here.