Although EHR use is up, more work needs to be done on interoperability.
ONC urged both the public and private sectors to work together to drive interoperability and make sure electronic health information is able to flow seamlessly through easy-to-use technology systems that present actionable information at the point of care.
ONC recommended three key actions in the report:
ONC said it has already taken action on this front by publishing the Interoperability Standards Advisory, a single resource that lists federally recognized and national interoperability standards and guidance.
ONC said it has also launched a three-part strategy to help connect and accelerate a FHIR (Fast Health Interoperability Resources) ecosystem to spur the development of software apps for consumers and healthcare providers
“The strategy seeks to leverage the growing interest in an industry-wide approach to open, standardized APIs,” ONC said in the report.
This strategy’s goals are, ONC said:
- Help consumers get and use their data
- Improve user-experience and utility for individuals and clinicians
- Coordinate open information with EHR app solutions.
Build a business case for interoperability
ONC said in the report that the shift from fee for service to value-based care is key to building a business case and providing incentives that will drive demand for interoperability. ONC added that while Medicaid EHR Incentive Programs are often the primary motivator for the adoption of EHR technology, those programs alone are not enough to overcome barriers to interoperability.
In this arena, these steps are imperative, ONC said:
- Shift to value-based care
- Support healthcare providers in using health IT
- Medicaid—a government healthcare program for Americans of all ages– funding to advance the flow of electronic health information
Provide more access to health information
ONC suggests in the report that changing the culture around access to information can be done by:
- Supporting the rights of patients to obtain and control their data
- Expose and discourage information blocking
- Promote transparency and competition
- Enhance the safety, reliability and accountability of certified health IT
The 2016 annual report from Office of the National Coordinator for Health Information Technology found that the use of EHR technology has dramatically increased in the past eight years. The report stated that 96% of hospitals and 78% of physician offices used certified EHRs in 2015. This is a significant increase from 2008; prior to the passage of the HITECH ACT, only 9% of hospitals and 17% used at least a basic EHR.
The annual report also noted that the evolution of health IT since the passage of the HITECH Act includes the improvement of communication among health care providers and an increase in the sharing of electronic health information with patients and caregivers.
The report also states that the HIPAA Privacy Rule allows patients to have more control over decisions about their health; in 2015, 95% of hospitals provided patients with the ability to view their health information electronically. When patients have access to their health information, they are able to be more involved in the care process.
While there has been progress as far as EHR use, ONC states in its report that there is still work to be done as far as establishing interoperability between health systems. This work includes publishing the Interoperability Standards Advisory and completing the 2015 Edition final rule. In addition to improving interoperability, the final rule seeks to improve patient safety and reduce health disparities.
ONC also wrote that it requested the establishment of a Health IT Safety Collaborative, which would enforce evidence-based and targeted approaches to health IT. The report also requested authorities to combat information blocking and establish “rules of the road” for electronic health information exchange. Examples of information blocking include inappropriately citing HIPAA regulations as a reason not to share information and implementing contractual terms or restrictions that interfere with patients’ access to their health information.
PHOENIX — Yes, the CHIME 2016 Fall Forum, the College of Health Information Management Executives’ biggest annual conference, came with a soundtrack.
And we’re not talking Foreigner, the 70s-rock dinosaurs who serenaded the healthcare CIOs and their health IT vendor colleagues on the last night of the weeklong confab in the Arizona desert.
Rather, the traditional aural accompaniment to the event was courtesy of employees of the posh JW Marriot Desert Ridge Resort; they struck gentle chimes on a handheld instrument during changeovers before the start of plenary and panel sessions.
CHIME 2016 was that kind of happening, not quite subdued, but not nearly as frenzied as the biggest health IT shows such as HIMSS (Health Information Management and Systems Society) and RSNA (Radiological Society of North America), to name a couple of those with the most ubiquitous acronyms.
Although some 450 CIOs and another 500 vendor execs were on hand, there were no flashy vendor booths and little hard sell — other than an unavoidably annoying endless loop video from EHR vendor athenahealth, Inc. featuring soon-to-be former athenahealth COO Ed Park touting the Massachusetts company’s new web site.
By the way, this was athenahealth’s first foray into the CHIME fall conference world, perhaps signaling that the relatively small but marketing-savvy vendor is confident enough these days to compete in a bigger arena withominant EHR players like Cerner Corp. and Epic Systems Corp. There were also plenty of CIOs on hand from the small community and critical access hospitals that athenahealth has serviced since the company acquired Razorinsights, LLC in January 2015.
Much of the real action at CHIME 2016 unfolded behind closed doors during small CHIME Foundation focus group sessions at which vendors floated new technology ideas and quietly wooed new customers.
There was also a lot of networking, with CIOs chatting with each other and consultants about the latest technology and consultants, consultants trawling for clients, and vendors seeking business partners.
So while the decibel levels at the gathering were generally low (except during the Foreigner performance, of course), the sheer volume of health IT brainpower quietly circulating around the lobby, convention halls and golf course of the resort was impressive.
Mobile technologies may be the key to helping healthcare CIOs achieve top-of-mind business goals.
A recent survey of over 100 health IT leaders found that the three main initiatives healthcare CIOs will be focused on for the next 18 months include data security, patient satisfaction and physician satisfaction. Respondents also reported that health IT investments are also influenced by whether or not the technology meets clinical and organizational needs, is easy to use, and whether the technology will help improve care team coordination for treatment planning.
The intersection of these goals seems to naturally point to secure mobile communications technologies, and over half of respondents said they are currently rolling out a secure texting solution; the value of which can include:
- Satisfying privacy and cyber-security requirements;
- Automatically routing a message to the correct individual based on on-call schedules and communication preferences;
- And delivering additional alerts.
Yale-New Haven Hospital in New Haven, Conn., is using a secure messaging mobile application to reap all these benefits in the emergency department. With this secure messaging mobile application, physicians and residents no longer need to waste time running through the halls to find the person they need. Instead, they can use the mobile app to directly message the doctor they are looking for and, if that doctor is busy, they can also message another doctor who may be able to help. This enables doctors and residents to deliver the appropriate care to the patient in a timely manner.
Of course, many in healthcare are still wary of just how secure mobile in healthcare is. And as mobile devices proliferate in healthcare at the same time as cyber attacks—particularly ransomware attacks– increase, it’s no wonder data security weighs so heavily on healthcare CIOs’ minds.
One in five adults in the United States suffer from mental illness, and many of them will consult their smartphones before they do a health professional. However, with digital health often acting as first responder, and many apps claiming they can help people who suffer from behavioral health conditions, it can be hard to find a quality app.
There are more than 160,000 apps in the health field as a whole, John Herman, M.D., associate chief of the department of psychiatry and chair of medical psychiatry at Massachusetts General Hospital, said at the Connected Health Symposium in Boston last week.
“There is evidence that the most health apps are in the mental health and behavioral health space, because perhaps the barriers to entry are so low,” said John Torous, M.D., co-director of the digital psychiatry program at Beth Israel Deaconess Medical Center.
“It’s very easy to claim you offer emotional support,” Torous said. “We have a lot of people making a lot of stuff with good intentions, but [as] I said it’s a very messy, polluted landscape.”
Torous also works with the American Psychiatric Association, whose Smartphone App Evaluation Task Force is working to develop guidelines and standards for how to find a good app.
“If you type in depression in the iTunes Store, you get back a lot of garbage,” Torous, who is also editor in chief of JMIR Mental Health, said. “There’s good evidence that the star system works well on Amazon, but a five star app for depression, schizophrenia, bipolar anxiety, correlates nothing with its quality.”
Herman said while the current app landscape is like the Wild West or Gold Rush, “there is gold there, and the market will settle out whether in our lifetimes, or by next year.”
One weakness that behavioral health app developers will have to address is making sure the data collected by an app can be disseminated to a user’s physician. While there are different standards being developed to help apps integrate with electronic health records, there is still a gap.
“If your data is being siloed in an individual app or platform, and it’s not getting back to your primary care team or there’s no one kind of coordinating it, that actually may be very detrimental,” Torous said.
BALTIMORE –Two main points stood out most when a leading ONC official took the stage at today’s AHIMA conference: MACRA and data segmentation for patient privacy.
The release of the final MACRA rule last week wasn’t the focus of the keynote from Andrew Gettinger, M.D., CMIO of the U.S. Office of the National Coordinator for Health IT (ONC). Instead, he sought to reassure healthcare organizations about preparing for MACRA, more formally called the Medicare Access and CHIP Reauthorization Act.
MACRA has familiarity
Gettinger explained that ONC came out with its third round of certification regulations in the fall of 2015, and those regulations “are the requirements that are baked into MACRA.” Thus, organizations already are familiar with those requirements, which will help with compliance, he said.
Given that the certification regulations released last fall are a part of MACRA and that the rule won’t go into effect until 2018, Gettinger said that there should be enough time and resources for providers to prepare. He added that ONC released the Enhanced Oversight and Accountability Proposed Rule that states the agency will help out struggling healthcare organizations.
However, “we’re still working out exactly how that’s going to work,” he said.
Data segmentation for privacy
Many in healthcare advocate for patients to have control over their health information. And while Gettinger supports this movement, he also waves a flag of caution.
“I am fully supportive of patients having control of their data. Fully supportive,” Gettinger said. “I am not supportive of circumstances where key and critical information can be concealed.” This could potentially cause problems when it comes to caring for the patient.
Gettinger gave an example in which data was segmented and left out for the purpose of patient privacy, which may have complicated the care administered to the patient and resulted in a death. An adolescent was admitted to the ER in the middle of the night. She had meningitis, a fever and sweats. Clinicians gave her Demerol, a common treatment, but she died. It turned out that her family had withheld information concerning the young woman’s depression and that she was taking an antidepressant.
The fact that the family had full control of the patient’s information may have hampered the clinicians’ ability to treat her. “The [Demerol] treatment choice was reasonable for the data [the doctors] had,” Gettinger said.
Big data in healthcare presents many positive possibilities for patient care. But as David Lazarus writes in his recent column in the Los Angeles Times, while big data presents many benefits — including being able to anticipate a patient’s health problems and intervene early — it could also have negative implications for patient privacy. To truly achieve big data and reap the benefits in healthcare means individual privacy would be sacrificed for the greater good, Lazarus writes.
Lazarus uses as an example the nearly $92 million contract between the Centers for Medicare and Medicaid Services and defense giant Northrop Grumman that is currently focused on reducing fraud but will eventually focus on anticipating medical disorders by using technology to predict people’s healthcare needs.
That predictive analytics capability will be based on not only the patient’s interaction with doctors, hospitals and pharmacies, but also on other sources such as social media. It is one of the largest efforts now underway to create “a healthcare crystal ball capable of looking into patients’ futures,” Lazarus says.
In the column, Lazarus paints a picture of how all of this would work.
A patient complains to their doctor about losing weight. That patient is also taking a cholesterol medication and has also posted a Facebook status, for example, about feeling stressed due to divorce. Or they have posted on LinkedIn looking for a new job. A big data algorithm would be able to connect all those dots and alert that patient’s doctor to what’s going on and that the patient may be running a risk of a heart attack. Then, the doctor would be able to immediately intervene.
But the tradeoff here is individual privacy. Indeed, the more data that is shared and included, the more effective big data will be.
Understandably, people are wary of sharing their data and having it be stolen.
John Halamka, M.D., CIO at Beth Israel Deaconess Medical Center in Boston, believes that if everyone simply shared most everything, it would actually be a way of staying ahead of data breaches.
He told SearchHealthIT in a video interview: “If you just decide your healthcare data doesn’t matter, share it with all the doctors and all the people who need it then the hackers can hack it, whatever. It’s already open source.”
As Boston lawyer and HIPAA healthcare expert David Harlow points out in his eminently useful blog post on the Office for Civil Rights‘ recent guidance on cloud computing, there’s really not that much new in the guidance, but the bits that are bear examining.
Harlow parsed OCR’s dense legalese and came up with these choice new items:
- “No view” cloud service providers that handle only encrypted data and do not have access to decryption keys are still business associates, and as such must comply with some HIPAA privacy and security requirements. Harlow notes that most of the big cloud vendors doing business in healthcare require their customers to do the encryption and so reduce the cloud service providers’ exposure to regulatory oversight.
- Covered entities (which include most healthcare insurers, clearinghouses and providers that transmit protected health information (PHI) under Department of Health and Human Services standards) should review cloud vendors’ service level agreements to be sure that the cloud vendor does not limit the ability of the covered entity to comply with HIPAA.
- Cloud companies that are defined as business associates have to notify covered entities of security incidents or breaches even when the PHI they are holding is encrypted.
- HIPAA rules do not require that PHI be kept on cloud servers in the U.S., but OCR says location should be considered in risk analysis and management. Interestingly, Harlow says here: “As a practical matter key issues to consider are likelihood of successful malware attacks or other exploits at the overseas data center and ease of enforcement of legal rights in overseas court systems.”
Harlow’s somewhat cautionary conclusion on the geography question: “Given these issues, it makes sense in most cases to keep U.S. health data on U.S. servers.”
Like some other health IT observers, Harlow thinks these clarifications are fine as far as they go. He messaged me this comment: “On the question of new law/regs, though, while it might be nice to have a new comprehensive rule I don’t really think we need it, and I certainly don’t expect it.
I thought the annual Healthcare Information Management Systems Society conference was overwhelming, with the constant stream of people, enormous exhibition hall, and many sessions to attend. Dreamforce, Salesforce’s annual conference in San Francisco, is a whole other beast.
Granted, Dreamforce is not solely dedicated to health IT. However, this conference felt more like a party than HIMSS did. Event organizers created a park-like area in the middle of San Francisco where there was a stage for bands to play, games like ping pong and corn hole to play, and a café giving out free coffee and chocolate covered pretzels. In true San Francisco fashion there was also a mindfulness tent where monks helped lead all who wanted to try through a mindfulness exercise, and all attendess had the opportunity to see superstar band U2 rock the stage in Daly City, just south of San Francisco.
I attended Dreamforce with the express goal of interviewing Salesforce’s Chief Medical Officer, Joshua Newman, M.D. I wanted to get his insights on various health IT topics, mainly cloud and CRM in healthcare.
When discussing the cloud in healthcare, I asked Newman whether he thought the cloud was an essential technology in healthcare and important in achieving goals such as population health and value-based care.
In his opinion, the cloud is inevitable and necessary in healthcare. To him, the cloud is as essential as electricity.
In addition to talking about the cloud in healthcare in general, we also discussed Salesforce’s Health Cloud, the CRM giant’s much ballyhooed foray into health IT. Newman said he had just heard about how one healthcare organization connected Uber to the Health Cloud to help get patients to their appointments with providers.
When it came time to discuss CRM in healthcare, I wanted to know whether hospitals and health systems are CRM friendly. Do they really need it?
Newman said that without a doubt the patient-provider relationship is important and CRM can play a role in fostering that relationship. Because of this, he said healthcare organizations are definitely interested in CRM.
Finally, I asked Newman about Salesforce’s recently announced artificial intelligence (AI) platform called Einstein. It’s a mixture of AI, deep learning, machine learning, predictive analytics, natural language processing and more.
The video interviews with Newman will be published on SearchHealthIT. Stay tuned.
The Department of Health and Human Services awarded funding to a Florida-based healthcare data sharing center to build a more effective system of information sharing about cyberthreats.
The Office of the National Coordinator for Health Information Technology (ONC) and the Office of the Assistant Secretary for Prepardness and Response (ASPR) awarded cooperative agreements totaling $350,000 to the National Health Information Sharing and Analysis Center in Ormond Beach, Florida. NH-ISAC provides services to non-profit and for-profit healthcare organizations, including independent hospitals, health insurance payers and medical device manufacturers.
The ONC agreement provides funding for cyberthreat information sharing in the healthcare and public health sector. The ASPR agreement provides funding to build the capacity of an information sharing and analysis organization that will provide outreach and education about cybersecurity awareness.
In a release Vindell Washington, M.D., national coordinator for health IT, said the funding “will help healthcare organizations of all sizes more easily and effectively share information about cyberthreats and responses in order to protect their data and the health of their patients.”
ASPR previously awarded a planning grant to Harris Health System to identify gaps in cyberthreat information sharing in the healthcare and public health (HPH) sector. An interim report from Harris Health found that leaders in the HPH sector feel cyberthreat information sharing is too slow and that there is a need for a centralized source of cyberthreat information sharing.
Earlier this year, a Ponemon Insitute report on health data privacy and security found that the average cost of a data breach to healthcare organizations was more than $2.2 million. Data breaches also cost the healthcare industry $6.2 billion a year. Nearly 90% of healthcare organizations that were represented in the Ponemon study had a data breach in the past two years; about 45% had more than five breaches in that same time period.