Health IT Pulse

January 25, 2017  1:34 PM

Under pressure, ONC still making noise

Shaun Sutner Shaun Sutner Profile: Shaun Sutner

With its leadership and programs in flux because of uncertainty accompanying the new administration, ONC has produced a flurry of activity lately punctuated by a slate of sessions scheduled for HIMSS 2017 in Orlando coming up Feb. 19.

But even as remaining ONC officials (the top ones have departed) prepare for an active HIMSS presence, the administration of President Donald Trump has already made preliminary moves that appear to strike at some of ONC’s key initiatives and programs.

In any case, ONC is planning no less than eight sessions at the Orange County Convention Center:

  • A Town Hall event with the ONC leadership team (more about this later) about ONC’s role in the national health IT agenda
  • A demonstration of the SMART App gallery, a market developed under a cooperative agreement between ONC and SMART Health IT, an open standards based technology platform developer, about the gallery’s collection of apps that use FHIR (Fast Health Interoperability Resources), the HL7 International standard, and APIs
  • An update from ONC leaders about policy activities now underway at ONC, including 2015 Edition Health IT Certification program and alternative payment models, and upcoming health IT initiatives
  • An education session with the agency’s Office of Standards and Technology about health IT testing operations, pilot programs and standards coordination
  • A live demonstration by FHIR app developers of systems to allow patients and healthcare providers to share medication lists
  • A “fireside chat” on value-based care with Jon White, M.S., the acting national coordinator for health IT, and Kate Goodrich, M.D., director of the CMS Center for Clinical Standards and Quality and CMS chief medical officer
  • “Rock Stars of Blockchain in Healthcare,” a discussion with White and Steve Posnack, director of the Office of Standards and Technology, about the fast-growing blockchain encryption technology’s potential for creating a secure and interoperable nationwide health IT system
  • An information session about ONC’s efforts to help providers and patients in using health IT for high-quality care


That’s a lot of health IT content from an agency that is little known to the general public, but wields plenty of clout in the industry and seems already to have drawn some perhaps unwelcome attention from the Trump administration in its first full week.

ONC’s parent agency, the giant Department of Health and Human Services, has asked that several ONC notices issued in recent weeks be withdrawn for more review, Politico’s Morning eHealth reported Jan. 25.

I should also note that Trump’s executive order freezing all new regulations extended to plenty of other agencies within HHS, and, indeed, to all federal departments and agencies.

As for the ONC provisions, they include one ONC was preparing to publish imminently that would trigger measures of the 21st Century Cures Act related to ONC’s EHR certification program’s updated usability and interoperability measures, and a rule that would set off a new process for refining quality metrics used in healthcare reimbursement.

HHS also withdrew a provision relating to how ONC selects the third-party certification bodies it uses to review EHRs and other health IT systems for eligibility in federal reimbursement programs, Politico reported.

The current certification bodies’ contracts expire in June and need to be renewed for three years.

The whole thrust of ONC’s health IT certification program is regulatory, and Trump, who as a candidate often criticized over government regulation, may be targeting just that if he views ONC’s regulatory efforts as unneeded or heavy handed.

On the other hand, this could also just be a blip for ONC.

As for the ONC leadership, the agency’s masthead is filled with plenty of officials with “acting” before their titles, reflecting a management corps that has been trimmed by departures.

The top leadership positions at ONC are filled with political appointees.

So former national coordinator Vindell Washington, M.D., Lucia Savage, former chief privacy officer, and Megan Roh, former communications and public relations director, all were political appointees and all left in concert with the end of the Obama administration.

Those positions have not yet been filled by the new administration.

Savage’s job is being done temporarily by Deven McGraw, who is on loan from the HHS Office for Civil Rights.

Andrew Gettinger, M.D., is still acting principal deputy national coordinator for health information technology, a title he has held for a couple of years.

Teresa Zayas Caban is chief scientist and acting chief of staff.

Thomas Mason, M.D., is acting director of the Office of Clinical Quality and Safety and chief medical officer.

Zhan Caplan is acting director of the Office of Public Affairs and Communication.

For a rundown of other top ONC officials, check here.

January 20, 2017  3:17 PM

Healthcare data breaches cost $6.2 billion a year

Tayla Holman Tayla Holman Profile: Tayla Holman
cybersecurity, Data breach

Healthcare data breaches cost the industry $6.2 billion a year, while the average cost of a single data breach across all industries is $4 million, according to Protenus. Additionally, nearly 90% of healthcare organizations have reported a data breach in the past two years.

Healthcare data breaches include, but are not limited to, phishing attacks, “snooping” by employees and compromised credentials.

Protenus also detailed seven potential costs of a healthcare data beach:

  • Forensics – $610,000
  • Notification – $560,000
  • Lawsuits – $880,000
  • Lost business/revenue – $3,700,000
  • Brand value – $500,00
  • HIPAA fines – $1,100,000
  • Post-breach costs – $440,000

The $3.7 million price tag for lost business can be attributed to the fact that nearly a quarter of patients have said they would switch providers due to a data breach, according to a 2015 survey by software advertising firm Software Advice. Patients have also said they withhold information from physicians due to fear of a breach. Beyond the loss of revenue, data breaches can also cause patients to lose trust in a hospital or healthcare organization.

The high cost of healthcare data breaches emphasizes the importance of being proactive in securing patient data and identifying potential external and internal threats. If an organization is breached, it is imperative to notify affected patients as soon as possible. Transparency after a breach can help reduce lawsuits and damage to the organization’s brand.

January 19, 2017  11:09 AM

Telemedicine can minimize disruption in patients’ lives

Kristen Lee Kristen Lee Profile: Kristen Lee

Telemedicine has the potential to help  diverse patient groups – from nursing homes to rural communities – get better healthcare; One place where telemedicine  can minimize the disruption to a patient’s life is in schools, according to a Huffington Post story.

The article gives an example of a girl who had trouble breathing at recess at a school in Maryland. The school was outfitted with telemedicine equipment about a year ago. The girl went to the nurse, who determined that the girl was having an asthma attack. The girl’s father was an hour away and there was no time to wait for him to come get his daughter. The nurse could have also called an ambulance but that would have meant the girl would miss the rest of the school day.

Luckily, the girl’s parents had has agreed to enroll their daughter in the school’s telemedicine program, allowing the nurse to set up an online video and audio link with an emergency room pediatrician at a nearby county general hospital.

The doctor confirmed the school nurse’s diagnosis, the nurse administered the necessary medicine, and the girl was breathing normally again within 10 minutes and was able to go on with her day.

According to a study in the Annals of Allergy, Asthma and Immunology, children with asthma who were given treatment via telemedicine were able to gain control over their asthma just as well as when children saw a doctor in person to address their asthma.

January 13, 2017  2:43 PM

IBM Watson Health partners with FDA to study blockchain technology

Tayla Holman Tayla Holman Profile: Tayla Holman
Blockchain, IBM Watson

IBM Watson Health and the FDA are collaborating on a research initiative that aims to define a “secure, efficient and scalable exchange of health data using blockchain technology,” according to an IBM release.

The two-year initiative will initially focus on oncology-related data. Blockchain has the potential to make it easier for cancer patients to share their health data securely with providers and researchers. One barrier to cancer research is the lack of a national infrastructure to which patients can contribute their data. To remedy that issue, the Cancer Moonshot has called for a National Cancer Data Ecosystem. By connecting data that often exists in separate databases, cancer research can move more quickly because all of the information is available in an easily accessible and centralized location. This will then allow providers and researchers to identify new and more effective treatments.

The joint initiative will explore how blockchain can be used for health information exchange across data types such as clinical trials. Patient-generated data from wearables and other connected devices will also be analyzed for population health management. The collaboration will also explore a “secure owner-mediated data sharing ecosystem” that could improve public health and lead to new discoveries, according to the release.

The FDA and IBM Watson Health will share their initial research findings in 2017.

January 11, 2017  10:12 AM

ICD-10 glitches cause CMS to back off

Shaun Sutner Shaun Sutner Profile: Shaun Sutner

It turns out the transition to ICD-10 didn’t go quite as smoothly as previously thought, particularly for the small practice physicians who were most anxious about the changeover from ICD-9 on Oct. 1, 2015.

What happened apparently is that some ICD-10 medical codes used in the Physician Quality Reporting System (PQRS) were not updated in time for CMS to process data reported on certain quality measures for eligible practitioners (EP) for the fourth quarter of calendar year (CY) 2016.

As a result, CMS is waiving reimbursement penalties for physicians and group practices that were affected by the ICD-10 glitches.

According to a CMS message released Jan. 9, “CMS will not apply the 2017 or 2018 PQRS payment adjustments, as applicable, to any EP or group practice that fails to satisfactorily report for CY 2016 solely as a result of the impact of ICD-10 code updates on quality data reported for the 4th quarter of CY 2016.”

The influential American Academy of Family Physicians (AAFP) is among the groups hailing the CMS move.

“CMS is saying that while considerable work was done to incorporate ICD-10 changes into the measure specifications, there are still some problems and that work is still incomplete,” Sandy Pogones, the AAFP’s senior strategist for healthcare quality, was quoted as saying in a story on the AAFP’s web site. “Those codes have to be fully accounted for in the specifications and documented in the medical record for a physician to accurately report quality data.”

Pogones noted, however, “if a physician fails to meet reporting requirements for other reasons — say a physician just chooses not to report, or a group fails to meet the reporting threshold — then the penalty waiver doesn’t apply.”

CMS has published this FAQ to help physicians navigate PQRS requirements related to ICD-10.

January 5, 2017  9:09 AM

Patient-owned health data is a civil right and may help prevent breaches

Kristen Lee Kristen Lee Profile: Kristen Lee
Cyber security, EHR, open health data

As many in health IT know, the theft of patient health data has developed into an epidemic with breaches involving millions of health records in 2016, according to the Department of Health and Human Services (HHS). Among the biggest breaches were the Anthem and Premera Blue Cross hacks, and HHS even released guidance on ransomware attacks. At the same time, however, many patients are unable to get access to their own health data.

This situation has created quite a paradox, wrote Kathryn Haun, a prosecutor with the U.S. Department of Justice, and Eric Topol, a professor at the Scripps Research Institute in La Jolla, Calif., in an op-ed piece in the New York Times.

It doesn’t seem right that cybercriminals can so easily steal this private information while the person the information belongs to cannot access it.

“We need to move on from the days of health systems storing and owning all our health data,” Haun and Topol wrote. “Patients should be the owners of their own medical data. It’s an entitlement and civil right that should be recognized.”

In addition to being a civil right, Haun and Topol argue that patients owning their own data could also help quell cyber attacks.

The authors say that one solution is disaggregation, or medical data being stored in individual or family units in a personal cloud or digital wallet, as opposed to being kept in centralized databases and handled by healthcare organizations and vendors.

Haun and Topol also lauded blockchain as one possible approach to this solution.

“One approach, known as a blockchain, is an encrypted data platform that would give patients digital wallets containing all their medical data, continually updated, that they can share at will,” they wrote.

Haun and Topol insist that EHR software companies like Cerner and Epic won’t bring about the change that is needed.

“Their business is to sell proprietary information software to health systems to create large centralized databases for such things as insurance reimbursements and patient care,” they wrote. “Their success has relied on an old, paternalistic model in medicine in which the data is generated and owned by doctors and hospitals.”

January 4, 2017  2:36 PM

Intermountain’s part in DoD-Cerner EHR project

Shaun Sutner Shaun Sutner Profile: Shaun Sutner
Cerner, EHR, Epic

I caught up with Intermountain Healthcare CIO and vice president Marc Probst at the CHIME16 Fall CIO Forum and got a chance to ask him about Intermountain’s role in what is one of the biggest EHR implementations ever.

And no, it’s not the installation of Cerner Corp.’s Millennium EHR platform across the Salt Lake City-based health system’s 22 hospitals and nearly 200 clinics, which is about half done.

That started last year and was a coup for the Kansas City, Mo. EHR giant, as was, of course, the awarding of a more than $4 billion federal EHR contract in 2015 to Cerner and its partners. In both cases, Cerner beat out archrival Epic Systems. Corp.

This particular project, underway now, involves putting Millennium in place throughout the Department of Defense’s healthcare network, itself one of the world’s largest.

While the key players are Cerner and its systems integrator partners, Accenture and Leidos, Intermountain has more than a bit part in the undertaking.

Probst told me that Intermountain’s main role as a subcontractor to Cerner is to provide its own EHR content and workflow processes and “care process models,” (CPMs), for the building out of the military health records system.

CPMs are evidence-based guidelines summarizing clinical literature and providing expert advice for the diagnosis and management of certain diseases and conditions, including:

  • Asthma
  • Depression
  • ADHD
  • Bipolar disorder
  • Bronchitis
  • COPD
  • Diabetes
  • Hypertension
  • Obesity
  • Pediatric upper respiratory problems

“I don’t think that the DoD will adopt everything we’ve done, but they have a baseline to move from, from what we’ve developed at Intermountain Healthcare,” Probst says in part of a video interview I recorded with him in Phoenix at the annual fall meeting of the College of Healthcare Information Executives.

December 30, 2016  4:38 PM

ONC launches health IT privacy policy challenge

Tayla Holman Tayla Holman Profile: Tayla Holman
Health IT, ONC, privacy

ONC has launched a challenge for developers, designers and health data privacy experts to create an online model privacy notice generator for health IT products that will encourage transparency and help consumers make informed choices.

The Privacy Policy Snapshot Challenge awards prizes to the creators of the best MPN generator that can produce a customizable MPN for health technology developers.

An MPN is a voluntary resource and does not mandate specific policies, nor is it a substitute for more detailed privacy policies. Instead, it is a way for health IT developers who collect digital to provide information about their privacy and security policies to their users. The privacy policy should inform and educate users about the app or technology so that they know how their personal health data will be used. This is important for users since health and fitness apps often lack privacy policies, despite the fact that they sometimes collect sensitive data.

The first place winner of the challenge will receive $20,000. The second and third place winners will receive $10,000 and $5,000, respectively.

The general requirements for the challenge are:

  • The submission cannot use HHS or ONC logos.
  • The submission must function as expressed in its description and must contain accurate and complete information.
  • The submission must be free of malware, and is subject to ONC testing.

While the design of the notices is up to the submitter, the notice cannot be a static document, such as a PDF. However, the notice can be interactive and include visuals.

ONC is accepting submissions until April 10, 2017. Winners will be announced mid-2017.

December 23, 2016  11:56 AM

ONC releases 2017 Interoperability Standards Advisory updates

Tayla Holman Tayla Holman Profile: Tayla Holman

The Office of the National Coordinator for Health Information Technology has released its 2017 Interoperability Standards Advisory, which expands its focus on health research interoperability, after compiling roughly six months of public feedback on the document.

The purpose of the ISA is to provide a single, public list of standards and implementation specifications that best address the needs of clinical health information interoperability. The ISA’s current focus is on information interoperability between entities, instead of users within an organization. It is also intended to inform standards and specifications, not just for electronic health records (EHR), but all forms of health IT that support interoperability needs.

Some of the updates to the ISA include:

  • Discontinuing the “best available” label, as the term does not provide a specific pathway for industry input. The Health IT Standards Committee discontinued the label based on feedback that stakeholders may have different perceptions about what constitutes a “best available” interoperability standard or specification.
  • Releasing a static “Reference Edition” every December that can be cited in contracts, agreements or as needed. The web-based version will be updated frequently to reflect real-time updates to interoperability standards and specifications.
  • Further moving the ISA toward a web-based, interactive resource that provides transparency and encourages greater stakeholder engagement

The 2017 update also provides patient-specific assessments and recommendations based on patient data for clinical decision support, and adds remote patient monitoring for chronic condition management, as well as patient education and engagement.

In a statement released earlier this week, ONC national coordinator Vindell Washington, M.D., said, “The ISA is a key step toward achieving the goals we have outlined with our public and private sector partners in the Shared Nationwide Interoperability Roadmap, as well as the Interoperability Pledge announced earlier this year.”

The Interoperability Pledge consists of three commitments:

  • Empowering patients through electronic access to health records
  • Eliminating roadblocks that stand in the way of health information exchange
  • Implementing national interoperability standards for EHRs

To date, companies that provide 90% of EHRs used by hospitals have taken the interoperability pledge.

December 23, 2016  10:30 AM

Robotic process automation market expected to grow in healthcare

Kristen Lee Kristen Lee Profile: Kristen Lee
Artificial intelligence, RPA

Robotic process automation (RPA), a software with artificial intelligence and machine learning capabilities that essentially automates other software, has already begun to make its way into the healthcare space and it seems the use of this technology will only continue to grow in healthcare.

The RPA market is projected to reach $8.75 billion by 2024, according to a press release. RPA is already beginning to take hold in healthcare especially when it comes to processing claims and automating administrative tasks.

One health IT expert discussed the potential use cases for RPA in healthcare with SearchHealthIT. He said the main use case he sees for RPA in healthcare is when it comes to revenue cycle management and he believes RPA can provide comparative looks at medical records — analysis of the differences in medical records and analysis of what those differences are — as well.

The expert also said that RPA can be helpful in healthcare when it comes to keeping up with the licensure and certification of clinicians and ensuring they are up to date.

In addition to healthcare, the financial industry, and telecom/IT industries are all embracing this technology as well. The release said this is because these industries all handle large volumes of data entry and switching among various applications.

“Healthcare accounted for over 11% market share in 2015,” the release said. “RPA solutions are increasingly adopted in the healthcare industry as the sector requires labor-intensive activities and demands on patient rules along with ever increasing amount of data processing.”

One key player when it comes to RPA is Blue Prism, the release said. And Blue Prism has already made its way into the healthcare space.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: