Free Healthcare IT Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Get all the latest Health IT updates from Neil Versel for FREE!

Health Wonk Review, post-HIMSS

While all the health IT reporters like myself were in Florida last week for HIMSS14, plenty of other things were going on in healthcare. David Harlow of HealthBlawg has a roundup of opinions in the latest edition of Health Wonk Review, entitled “In Like a Lion.”

Yes, HIMSS was a big deal, even for non-IT people, as I captured the top mention in a HWR for, I believe, the very first time, with my podcast interview with HIMSS President and CEO Steve Lieber.

(David, per your note, I only suffered superficial injuries this year, with a couple of scrapes on my face. No stitches needed, and no deaths in my family, though my uncle did lose his mother-in-law the day after I returned. I also broke a wine glass in a restaurant, though it was not my glass, it was empty and I was sober. The moral of this story: I need to avoid HIMSS in Orlando, which will be hard, since it’s on a three-year rotation. But next year, the conference is right here in Chicago, and it will be April 12-16 to avoid the dead of winter. The last time it was here, in 2009, I had bronchitis all week. Good times! The following HIMSS will be in Las Vegas, Feb. 29-March 4, 2016.)

Because it was HIMSS week, Harlow featured other IT posts prominently, including one from Lygeia Ricciardi and Adam Dole of the ONC—new national health IT coordinator Dr. Karen DeSalvo said they’re trying to call it “the ONC” instead of just “ONC” these days—about the recently launched Blue Button Connector. Harlow, an attorney, also referenced one of his own posts about HIPAA compliance audits.

Another section of this HWR examines something that I’ve been saying for a long time, that the mainstream media has been not telling the whole story about the Affordable Care Act, a.k.a., Obamacare. Later, Harlow talks about teamwork and collaboration for the purpose of patient safety. Kudos for highlighting those areas.

Click here to read Harlow’s rundown.

March 3, 2014 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Kill your fax machine (redux) and watch out for HIPAA violations

Today, noted medical informatics professor and professional Dr. Bill Hersh had this exchange on Twitter with his daughter, a new medical student.

 

Later today, I stopped to pick up my mail in this multi-unit building and saw this sticking out of someone else’s mailbox.

A HIPAA violation waiting to happen

A HIPAA violation waiting to happen

That’s right, it’s a “personal and confidential” letter from Quest Diagnostics, presumably either medical test results or a bill. Either way, it’s a HIPAA violation waiting to happen. In fact, it’s probably already a HIPAA violation because people now know what lab this person used. The envelope is hanging out of this mailbox because it was misdelivered and whoever got it by accident placed it there for the intended recipient. But who’s to say it does wind up in the right hands before someone opens it?

Anyone who thinks paper is still a safeguard against privacy and security breaches, raise your hand. (Crickets.) Sure, electronic transmissions can be intercepted and databases hacked, but if you take the time to encrypt them, you lessen the risk. And should there be a breach, the audit trail that HIPAA requires can help investigators pinpoint the culprit and create a disincentive for employees to leak data.

As for the fax, it’s sadly ironic that a twentysomething is encountering a fax machine for the first time when she enters a healthcare environment. Kill your fax machine! It’s 2014. Why are we still using 1980s technology to transfer health information?

January 13, 2014 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Podcast: MMRGlobal’s Bob Lorsch addresses the ‘patent troll’ issue

Two weeks ago, I picked apart a terribly misleading, ideologically steeped Fox News story that wrongly linked the initial failure of the healthcare.gov Affordable Care Act insurance exchange to the Meaningful Use EHR incentive program. Among my many criticisms was the reporter’s apparent confusion between an actual EHR and My Medical Records, the untethered PHR offered by MMRGlobal.

In that post, I said, “I haven’t seen a whole lot of evidence that MMRGlobal isn’t much more than a patent troll.”

Bob Lorsch, CEO of that company, posted in the comments that I should put my money where my mouth is and interview him. (I had interviewed Lorsch before, but never wrote a story because of my longstanding policy of not paying attention to untethered PHRs since none that I know of has gained any market traction, despite years of hype.)

As this podcast demonstrates, I took Lorsch up on his offer. It was at times contentious, in part because I challenged many of his statements in the Fox story and to me, and in part because he challenged some of mine.

He asked me a pointed question, whether I still thought he was a patent troll. Based on the fact that MMR actually earned patents on a product it actively markets and didn’t just purchase someone else’s patents for the point of suing others, it’s hard to conclude that he is a patent troll.

Investopedia defines patent troll as:

A derogatory term used to describe people or companies that misuse patents as a business strategy. A patent troll obtains the patents being sold at auctions by bankrupt companies attempting to liquidate their assets, or by doing just enough research to prove they had the idea first. They can then launch lawsuits against infringing companies, or simply hold the patent without planning to practise the idea in an attempt to keep other companies productivity at a standstill.

By that definition, MMR is not. I still don’t think an untethered PHR is a good business model, a belief supported by the fact that publicly traded MMR is a penny stock, currently trading at less than 3 cents per share. I have said that patient engagement, called for on a small scale by Meaningful Use Stage 2 rules, could change the landscape for PHRs—with a better chance in pediatrics than for adult populations—but it certainly will take a few years.

I stand by my original statement that the Fox News story did health IT a huge disservice by latching onto one problem and trying to tie it to an unrelated issue simply because it fits an ideological narrative. As for MMR, well, take a listen and then judge for yourself. It’s a long podcast, but I went through the trouble of breaking it down by discussion point so you can skip around as necessary.

Podcast details: Interview with Bob Lorsch, CEO of MMRGlobal, recorded Oct. 18, 2013. MP3, mono, 128 bps, 49.5 MB, running time 54:07

2:03        About My Medical Records
3:26        Why he believes his product is better than traditional EHRs
5:00        My skepticism of untethered PHRs
6:28        Lorsch’s interview with HIStalk from February
6:40        MMR’s user base
8:00        Why he thinks MMR could facilitate health information exchange
9:40        Health information exchanges vs. health insurance exchanges
10:15     Patient-centered HIE as an alternative to multiple patient portals
12:20     Physician trust of patient-supplied data, and other workflow issues
15:05     Emergency use case
15:50     How MMR is different from other PHRs
16:32     “Last mile” of connectivity
18:17     His assertion in Fox story that patients lose control of health information and privacy under ACA, despite HIPAA
24:15     MMR carries cyber liability insurance
25:00     Scope of MMR’s patents
26:45     “Likely” infringement of patents
27:45     Lawsuits and licensing
29:30     Patent troll?
31:10     Negotiations with WebMD and others
33:00     MMR’s reputation
35:00     “We build and sell what we have intellectual property rights to.”
36:25     Other vendors ignoring patients?
36:50     Standardization in health IT
38:38     MMR’s low stock price
39:20     Patient engagement boosting PHR use?
42:00     Interest from WellPoint
42:48     Payers building trust with PHRs
44:18     Other features of MMR’s PHR
46:45     Segmentation of sensitive parts of medical records
49:08     Putting me on the spot
50:35     His objective in asserting patent rights
51:15     MMR’s issue with Walgreens
52:25     Revenue sharing vs. licensing

October 31, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Top 10 things wrong with Fox News smear job on EHRs

Today, FoxNews.com published a hit job on health IT and EHRs in the guise of another hit job on Obamacare. I found out about it courtesy of this tweet:

First off, it’s clear that Mostashari feels unshackled from having to watch his words now that he’s no longer national health IT coordinator. Secondly, he’s right. This story contains so many errors and misleading statements that it’s almost funny. Let’s count down the top 10.

10. “Under a George W. Bush-era executive order, all Americans should have access to their medical records by the end of 2014, part of a concept referred to as e-health. President Obama then made electronic medical records (EMRs) central to the success of the Affordable Care Act”

When Bush issued the executive order in 2004 that created the Office of the National Coordinator for Health Information Technology, he set as a goal interoperable EMRs for “most” Americans. The “all” part came after Barack Obama took office in 2009.

9. Though Obama did reiterate the 2014 goal and up the stakes by saying “all Americans,” nobody realistically thought it could happen. After all, the HITECH Act, which created Meaningful Use, didn’t pass until March 2009 and Meaningful Use didn’t even start until 2011. Before the HITECH Act, ONC barely had any funding anyway. For five years, Congress failed to pass much in the way of health IT legislation, even though a federal EHR incentive program had bipartisan support, symbolized by an unlikely alliance between Newt Gingrich and Hillary Clinton.

8. “Doctors, practitioners and hospitals, though, have been enriching themselves with the incentives to install electronic medical records systems that are either not inter-operable or highly limited in their crossover with other providers.”

Meaningful Use was never intended for enrichment, or even to cover the full cost of an EHR system.

7. While systems mostly are not interoperable yet, that wasn’t the intent of Stage 1 of Meaningful Use. Stage 1 was meant to get systems installed. Stage 2, which has barely started for the early adopters among hospitals and won’t start for 2 1/2 months for physicians, is about interoperability. That’s where the savings and efficiencies are supposed to come from.

6. We’re years away from knowing whether Meaningful Use program did its job, though I don’t fault members of Congress such as Sen. John Thune (R-S.D.) for putting pressure on the administration to demand more for the big taxpayer outlay.

5. “‘The electronic medical records system has been funded to hospitals at more than $1 billion per month. Apparently little or none of that money went to the enrollment process which is where the bottle neck for signing up to ObamaCare’s insurance exchanges appears to be,’ Robert Lorsch, a Los Angeles-based IT entrepreneur and chief executive of online medical records provider MMRGlobal, told Fox News.”

The money wasn’t supposed to go to the insurance enrollment process. The Meaningful Use incentive program was from the HITECH Act, part of the 2009 American Recovery and Reinvestment Act. The Patient Protection and Affordable Care Act, a.k.a. Obamacare, came a year later. Again, someone is confusing insurance and care. They are not the same thing.

4. “Lorsch, at MMRGlobal, offered the U.S. government what it describes as a user-friendly personal health record system for one dollar per month per family – a fraction of what it has cost the taxpayer so far.”

MMRGlobal’s product is an untethered personal health record. No untethered PHR anywhere is “user-friendly,” which is why adoption has been anemic. Without data from organizational EHRs, PHRs are worthless. Besides, the direct-to-consumer approach in healthcare has failed over and over, since people are used to having someone else — usually an insurance company — pick up the tab.

3. For that matter, MMRGlobal is a bad example to use as an alternative to EHRs. (The Fox story is correct in saying that other vendors do have close ties to the Obama administration, though the former Cerner executive’s name is Nancy-Ann DeParle, not “Nance.”) I could be wrong, but I haven’t seen a whole lot of evidence that MMRGlobal isn’t much more than a patent troll.

2. “But this process could have been easier if a nine-year, government-backed effort to set up a system of electronic medical records had gotten off the ground. Instead of setting up their medical ID for the first time, would-be customers would have their records already on file.”

Actually, as I wrote in a story just published in Healthcare IT News, we could have had national patient identifiers 15 years ago, as called for by the 1996 HIPAA statute. But Congress voted in 1998 not to fund implementation of a national patient ID and President Bill Clinton signed that into law. Since then, interoperability and patient matching have been mighty struggles.

1. “‘Plus, unlike under ObamaCare, the patient would be in control of their health information and, most importantly, their privacy,’ Lorsch said.”

Where in Obamacare does the patient lose control of health information? Less than a month ago, I was in Washington listening to HHS Office for Civil Rights Director Leon Rodriguez say, ““There is a clear right [in the HIPAA privacy rule] not only of patient access, but patient control over everything in their records.” This may come as news to some people, but patients own and control the information. They might not know it, but the language is pretty clear.

Already, the Fox story has been reposted in a number of blogs shared all over the Internet, so it’s being accepted as fact in some quarters. If you want the truth, you sometimes have to do the work yourself.

October 15, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Podcast: A quick chat with Farzad Mostashari

Friday is the last day on the job for departing national health IT coordinator Dr. Farzad Mostashari, who is stepping down after four years with the Office of the National Coordinator for Health Information Technology, including the last two years as head of ONC.

I was in Washington two weeks ago and stopped by the HHS headquarters for ONC’s Consumer Health IT Summit, the opening event of National Health IT Week, and got a few minutes with Mostashari. (I suppose that was good timing, because I imagine the government shutdown that took effect this week would have canceled the summit and even prevented me from entering the Humphrey Building.) I had the recorder rolling for a brief chat, which lasted less than 15 minutes before Mostashari’s handlers ushered him out to his next appointment. But I did get something.

The interview actually goes on a bit longer than what’s on this track, moving on to a discussion about Food and Drug Administration guidance on mobile medical apps. (You can read about that in this story I wrote for MobiHealthNews.) As it turned out, the FDA issued its final recommendations Sept. 23, which also happened to be the same day new HIPAA regulations—modifications called for in the HITECH Act—took effect.

I might get another chance to talk to Mostashari at the College of Healthcare Information Management Executives Fall CIO Forum at the end of next week, after he officially leaves government service and is allowed to discuss his future plans and perhaps be more candid about his tenure; CHIME has confirmed to me that he will keep his speaking slot. For now, enjoy this short interview.

Podcast details: Interview with outgoing national health IT coordinator Dr. Farzad Mostashari, Sept. 16, 2013. MP3, stereo, 128 kbps, 7.1 MB. Running time 7:44.
0:00 Why he’s leaving
1:20 Different “tribes” of health IT
2:25 Balancing competing interests and the pace of change
4:30 Difficulty of culture change
5:35 Patient control of data and confusion about HIPAA

 

October 2, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

More on Blue Button Plus and MU2

My last post, based on comments from Frost & Sullivan health IT analyst Nancy Fabozzi at last week’s Healthcare Unbound conference, has generated a bit of controversy. Fabozzi said that “Blue Button Plus is totally disruptive,” possibly eliminating the need for some providers to get full-fledged patient portals in order to meet Meaningful Use Stage 2 standards.

In the comments under that post, David Smith of HealthInsight.org, a health improvement consortium in three Western states, correctly pointed out that MU2 requires not just that providers give 50 percent of patients electronic access to their records, but also that 5 percent of patients actually view, download and/or transmit information back to their doctors or hospitals. I also got an e-mail from a GE Healthcare executive reminding me that of the view/download requirement as well as the fact that EHR technology had to be certified by an ONC-approved certification and testing body.

The viewing and downloading certainly can be accomplished with Blue Button Plus apps or widgets. In fact, ONC’s Lygeia Ricciardi has said Blue Button Plus could be part of the Stage 3 rules.

Transmitting would seem to necessitate a portal since HIPAA demands — and patients should expect — security when sending protected health information over the Internet. Standard e-mail doesn’t cut it, but e-mail following Direct Project protocols does. MU2 already sanctions Direct Project for health information exchange between healthcare entities. There is no reason why it can’t work for individuals as well, as Dr. Deborah Peel’s Patient Privacy Rights Foundation is trying to facilitate.

This might be a bit unwieldy, asking each patient to set up a Direct e-mail address, but remember, providers only need 5 percent to do so in Stage 2. I see it as perfectly feasible that some small physician practices could bypass the portal and just make do with freely available resources like Blue Button Plus — though Blue Button Plus app developers likely will charge fees — and open-source Direct standards.

UPDATE, July 18, 12:40 a.m. CDT:

HHS itself says Blue Button Plus meets MU2 standards.

From http://www.hhs.gov/digitalstrategy/open-data/introducing-blue-button-plus.html:

Blue Button Plus is a blueprint for the structured and secure transmission of personal health data. It meets and builds on the view, download, and transmit requirements in Meaningful Use Stage 2 for certified EHR technology in the following ways —

Structure: The recommended standard for clinical health data is the HL7 Consolidated Clinical Document Architecture or Consolidated CDA. The C-CDA is a XML-based standard that specifies the encoding, structure, and semantics of a clinical document. Blue Button Plus adopts the requirements for sections and fields from Meaningful Use Stage 2.

Transmit: In alignment with Meaningful Use Stage 2 standards, Blue Button Plus uses Direct protocols to securely transport health information from providers to third party applications. Direct uses SMTP, S/MIME, and X.509 certificates to achieve security, privacy, data integrity, and authentication of sender and receiver.

It sounds to me like compliance is just a matter of making sure that a Blue Button Plus app is certified as an EHR module.

July 17, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

My HIMSS will be all about quality and patient safety

As regular readers might already know, 2012 was a transformative year in my life, and mostly not in a good way. I ended the year on a high note, taking a character-building six-day, 400-mile bike tour through the mountains, desert and coastline of Southern California that brought rain, mud, cold, more climbing than my poor legs could ever hope to endure in the Midwest, some harrowing descents and even a hail storm. But the final leg from Oceanside to San Diego felt triumphant, like I was cruising down the Champs-Élysées during the last stage of the Tour de France, save the stop at the original Rubio’s fish taco stand about five miles from the finish.

But the months before that were difficult. My grandmother passed away at the end of November at the ripe old age of 93, but at least she lived a long, full life and got to see all of her grandchildren grow up. The worst part of 2012 was in April and May, when my father endured needless suffering in a poorly run hospital during his last month of life as he lost his courageous but futile battle with an insidious neurodegenerative disorder called multiple system atrophy, or MSA. (On a personal note, March is MSA Awareness Month, and I am raising funds for the newly renamed Multiple System Atrophy Coalition.)

That ordeal changed my whole perspective, as you may have noticed in my writing since then. No longer do I care about the financial machinations of healthcare such as electronic transactions, revenue-cycle management, the new HIPAA omnibus rule or reasons why healthcare facilities aren’t ready to switch to ICD-10 coding. Nor am I much interested in those who believe it’s more worthwhile to take the Medicare penalties starting in 2015 for not achieving “meaningful use” than to put the time and money into adopting electronic health records. I’m not interested in lists of “best hospitals” or “best doctors” based solely on reputation. I am sick of the excuses for why healthcare can’t fix its broken processes.

And don’t get me started on those opposed to reform because they somehow believe that the U.S. has the “best healthcare in the world.” We don’t. We simply have the most expensive, least efficient healthcare in the world, and it’s really dangerous in many cases.

No, I am dedicated to bringing news about efforts to improve patient safety and reduce medical errors. Yes, we need to bring costs down and increase access to care, too, but we can make a big dent on those fronts by creating incentives to do the right thing instead of doing the easy thing. Accountable care and bundled payments seem like they’re steps in the right direction, though the jury remains out. All the recent questioning about whether meaningful use has had its intended effect and even whether current EHR systems are safe also makes me optimistic that people are starting to care about quality.

Keep that in mind as you pitch me for the upcoming HIMSS conference. Also keep in mind that I have two distinct audiences: CIOs read InformationWeek Healthcare, while a broad mix of innovators, consultants and healthcare and IT professionals keep up with my work at MobiHealthNews. For the latter, I’m interested in mobile tools for doctors and on the consumerization of health IT.

I’m not doing a whole lot of feature writing at the moment, so I’d like to see and hear things I can relate in a 500-word story. Contract wins don’t really interest me since there are far too many of them to report on. Mergers and acquisitions as well as venture investments matter to MobiHealthNews but not so much to InformationWeek. And remember, I see through the hype. I want substance. Policy insights are good. Case studies are better, as long as we’re talking about quality and safety. Think care coordination and health information exchange for example, but not necessarily the technical workings behind the scenes.

And, as always, I tend to find a lot more interesting things happening in the educational sessions than in that zoo known as the exhibit hall. I’m there for the conference, not the “show.”

Many of you already have sent your pitches. I expect to get to them no later than this weekend, and I’ll respond in the order I’ve received them. Thank you kindly for your patience.

February 13, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Yes, you do have a right to your health records

Lest anyone forget — including the American Hospital Association, which wants to take 30 days post-discharge to supply copies of medical records to patients — HIPAA explicitly gives patients the right to access their own records. This is not new. The HIPAA privacy rules have been in force since 2002. Yet, far too many patients have no idea of this right and far too many providers don’t inform patients of this right or do what they can to prevent access.

Fortunately, the HHS Office for Civil Rights, which enforces HIPAA privacy and security standards, is trying to change that with an outreach campaign, including this video.

 

Unfortunately, the video has been viewed just 556 times as of this writing. Equally unfortunately, the video directs viewers to visit HHS.gov/OCR. But the real information you need is at http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. I found that page using Google, not by trying to navigate the menu, which is not very intuitive, even for someone who knows the healthcare industry. I can’t imagine the average consumer finding that page without help or plain old dumb luck.

Various HHS agencies are trying hard to disseminate messages to the public. I think of AHRQ’s Questions are the Answer campaign. I’ve seen poster-size ads around Chicago telling people to visit ahrq.gov for a list of questions they should be asking their healthcare providers, but the better link, not mentioned in the ads, is ahrq.gov/questions.

For that matter — and I mentioned this to one of the AHRQ higher-ups at the HIMSS conference a few months ago — how many people really know what the Agency for Healthcare Research and Quality is? Wouldn’t it be better to have a more memorable URL? The Obama administration is good at setting up URLs for programs it wants to promote for political reasons — think recovery.gov and even the consumer-friendly healthcare.gov — but the less-politicized divisions such as AHRQ (remember, Director Dr. Carolyn Clancy is a career professional who has run AHRQ for two presidents since 2003) and OCR haven’t done so. They need to come up with easy-to-remember URLs that the general public can remember. Bureaucrat-speak just isn’t getting the job done.

Meantime, physicians need to become more patient-friendly, too. I invite you to check out this Salon article from a few weeks ago entitled, “Listen up, doctors: Here’s how to talk to your patients.” Please share with family, friends and, yes, your doctors. Share the OCR video, too. If OCR can’t make the information easy to find, I will.

 

June 12, 2012 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Australia considers huge fines for EHR snooping

How’s this for a deterrent against unauthorized snooping into patient EHRs? Australian Health Minister Nicola Roxon recently proposed whopping fines of A$13,200 for individuals and A$66,000 for companies that illegally access patient records. The Aussie dollar is nearly on par with the greenback these days, so the numbers are virtually equal when you convert to U.S. currency. That’s a lot of money.

Now, Australia doesn’t actually have much in the way of EHRs just yet, so this is somewhat speculative, but I think those numbers will get people’s attention. At least it will make records clerks think twice before peering at the records of people like Hugh Jackman or Nicole Kidman, right? The celebrity snooping at UCLA Health System cost the organization $865,000 in a legal settlement, and two employees were convicted of crimes, but I’m not aware of an individual being fined more than $2,000.

Would the threat of automatic big-dollar fines prevent unauthorized peeking at EHRs, or are lawsuits like the one the HHS Office for Civil Rights filed against UCLA more of a deterrent?

October 11, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

‘Five rights’ for data administration

You know about the “five rights” for medication administrations: the right drug, for the right patient, in the right dosage, on the right route, at the right time.

More recently we’ve seen “five rights” for effective clinical decision support: the right information, to the right stakeholder, at the right point in workflow, through the right channel, in the right format.

Now, security vendor Symantec brings us the “five rights” for data administration: Read more..

September 21, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.