Free Healthcare IT Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Get all the latest Health IT updates from Neil Versel for FREE!

More on Blue Button Plus and MU2

My last post, based on comments from Frost & Sullivan health IT analyst Nancy Fabozzi at last week’s Healthcare Unbound conference, has generated a bit of controversy. Fabozzi said that “Blue Button Plus is totally disruptive,” possibly eliminating the need for some providers to get full-fledged patient portals in order to meet Meaningful Use Stage 2 standards.

In the comments under that post, David Smith of HealthInsight.org, a health improvement consortium in three Western states, correctly pointed out that MU2 requires not just that providers give 50 percent of patients electronic access to their records, but also that 5 percent of patients actually view, download and/or transmit information back to their doctors or hospitals. I also got an e-mail from a GE Healthcare executive reminding me that of the view/download requirement as well as the fact that EHR technology had to be certified by an ONC-approved certification and testing body.

The viewing and downloading certainly can be accomplished with Blue Button Plus apps or widgets. In fact, ONC’s Lygeia Ricciardi has said Blue Button Plus could be part of the Stage 3 rules.

Transmitting would seem to necessitate a portal since HIPAA demands — and patients should expect — security when sending protected health information over the Internet. Standard e-mail doesn’t cut it, but e-mail following Direct Project protocols does. MU2 already sanctions Direct Project for health information exchange between healthcare entities. There is no reason why it can’t work for individuals as well, as Dr. Deborah Peel’s Patient Privacy Rights Foundation is trying to facilitate.

This might be a bit unwieldy, asking each patient to set up a Direct e-mail address, but remember, providers only need 5 percent to do so in Stage 2. I see it as perfectly feasible that some small physician practices could bypass the portal and just make do with freely available resources like Blue Button Plus — though Blue Button Plus app developers likely will charge fees — and open-source Direct standards.

UPDATE, July 18, 12:40 a.m. CDT:

HHS itself says Blue Button Plus meets MU2 standards.

From http://www.hhs.gov/digitalstrategy/open-data/introducing-blue-button-plus.html:

Blue Button Plus is a blueprint for the structured and secure transmission of personal health data. It meets and builds on the view, download, and transmit requirements in Meaningful Use Stage 2 for certified EHR technology in the following ways —

Structure: The recommended standard for clinical health data is the HL7 Consolidated Clinical Document Architecture or Consolidated CDA. The C-CDA is a XML-based standard that specifies the encoding, structure, and semantics of a clinical document. Blue Button Plus adopts the requirements for sections and fields from Meaningful Use Stage 2.

Transmit: In alignment with Meaningful Use Stage 2 standards, Blue Button Plus uses Direct protocols to securely transport health information from providers to third party applications. Direct uses SMTP, S/MIME, and X.509 certificates to achieve security, privacy, data integrity, and authentication of sender and receiver.

It sounds to me like compliance is just a matter of making sure that a Blue Button Plus app is certified as an EHR module.

July 17, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Comprehensive coverage of WTN Media’s Digital Health Conference

As you may know from at least one of my earlier posts, I was in Madison, Wis., last month for a great little health IT event called the Digital Health Conference, a production of the Wisconsin Technology Network and the affiliated WTN Media. In fact, WTN Media hired me to cover the conference for them, so I did, pretty comprehensively. In fact, I wrote eight stories over the last couple of weeks, seven of which have been published:

I still have an overview story that should go up this week.

Why do I say it’s a great little conference? The list of speakers was impressive for a meeting of its size, with about 200 attendees for the two-day main conference and 150 for a pre-conference day about startups and entrepreneurship.

Since it is practically in the backyard of Epic Systems, CEO Judy Faulkner is a fixture at this annual event, and this time she also sent the company’s vendor liaison. Informatics and process improvement guru Dr. Barry Chaiken came in from Boston to chair the conference and native Wisconsinite Judy Murphy, now deputy national coordinator for programs and policy at ONC, returned from Washington. Kaiser Permanente was represented, as was Gulfport (Miss.) Memorial Hospital. IBM’s chief medical scientist for care delivery systems, Dr. Marty Kohn, flew in from the West Coast, while Patient Privacy Rights Foundation founder Dr. Deborah Peel, made the trip from another great college town, Austin, Texas. (Too bad Peel and Faulkner weren’t part of the same session to discuss data control. That alone would be worth the price of admission.)

July 2, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Deborah Peel on Fox Business

Privacy hawk Deborah C. Peel, M.D., appeared Thursday on the Fox Business Channel to talk about the new privacy protections for EHRs contained in the economic stimulus bill.

The segment is about three minutes long:

March 6, 2009 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

More on Allscripts—and the fight over data

Earlier today, I posted news about Allscripts-Misys Healthcare Solutions intending to sell its Medication Services division to an unnamed purchaser for an unspecified amount. I’ve since gotten clarification via e-mail from company spokesman Todd Stein:

“The release is earlier than we would normally have liked because we’re required to reveal all material non-public information about the company prior to undertaking a share repurchase program like the one we also announced yesterday. That’s to ensure that shareholders know everything about the company that they need to know in order to make an informed buy-or-sell decision.”

Indeed, Allscripts announced yesterday a $150 million buyback program and related $150 million increase in its credit commitments.

The company also was named in a Bloomberg story today as one of three firms leading the fight over whether to include greater privacy protections than HIPAA currently affords in the $20 billion health IT section of the economic stimulus legislation. Privacy advocates, including Dr. Deborah Peel’s Patient Privacy Rights Foundation and the American Civil Liberties Union, favor the House version. Business groups, including IT vendors, pharmacy benefit managers and the pharmaceutical industry, prefer the Senate version that allows data mining and direct-to-consumer marketing to continue.

For the record, the other companies named as possible major beneficiaries of the legislation are athenahealth and Quality Systems, the publicly traded parent company of NextGen Healthcare Information Systems.

How do I know this story is a Big Deal? Peel and her cohorts have been very active in keeping the media up to date on developments on Capitol Hill the last couple of weeks, knowing that this could be the last chance for another decade or more to change existing healthcare privacy laws and practices.

February 11, 2009 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

More commentary

Barack Obama doesn’t take office for nearly four more weeks, but already we’re seeing some pushback against his campaign proposal to ask for $50 billion over five years for health IT.

The federal checkbook, er, money-printing machine, has been busy of late. If the Wall Street and Detroit bailouts have shown anything so far, it’s that a billion dollars just ain’t what it used to be. There are some who are making the case that throwing more money at the healthcare problem might not be the wisest move.

Notably, Bill Yasnoff, M.D., Ph.D., had an op-ed published at BusinessWeek Online last Friday, in which he says electronic medical records must be part of any economic stimulus plan Obama introduces in 2009. Yasnoff pushes for his brainchild, the “health record bank” and calls for greater privacy protection than HIPAA currently affords.

The last point is not surprising, considering Yasnoff is allied with privacy guru Deborah Peel, M.D. For her part, Peel, founder of the Patient Privacy Rights Foundation, sent a letter to Congressional leaders this week complaining of the lack of regulation in recent health IT policy as well as accountability problems with the financial industry’s bailout.

Both Yasnoff and Peel suggest that any funding for health IT must include accountability measures and provisions to ensure sustainability.

C. Peter Waegemann, CEO of the Medical Records Institute also argues against simply throwing money at the problem. In an “HIT Status Report”, posted Dec. 9, cautions that nobody has yet proved that EMRs alone can save money.

“Cost savings can be achieved through a restructuring of healthcare, and EMRs may well be tools in the restructuring process, but they should not be perceived as the main tool or goal and we should not have such unrealistic expectations of them,” Waegemann writes. He also contends that recent federal efforts to promote health IT have failed.

Over at The Health Care Blog, Rick Peters, M.D., argues that the health IT industry is similar to the auto industry of the 1970s, and thus not suitable for a government “bailout.”

And from the Department of Negativity at Any Cost, the Cato Institute‘s Michael Cannon has a blog post entitled, “Blocking Obama’s Health Plan Is Key to the GOP’s Survival.” If so, we’re in for several more years of politics as usual.

December 26, 2008 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Privacy, please

A weekend trip to Maine for a family wedding turned into a business trip (and a tax deduction) when I was reminded that the 16th National HIPAA Summit and related Privacy Symposium were taking place at Harvard University this week. Since I was flying in and out of Boston, I hesitantly forked over the $150 extortion—er, change—fee to American Airlines and sprung for a hotel room, mostly so I could attend a heated debate—er, “roundtable discussion” (even though the table was not round)—about whether patient privacy rules were effective.

I’m pretty sure it was worth the money. Boston usually is. While in the area, I also got a tour of athenahealth’s Watertown headquarters. I learned that “chief athenista” and new daddy Todd Park is on paternity leave for the next several months, is relocating to the west coast and will come back as a board member only while he dedicates much of his time to some new ventures.

But I digress once again.

The roundtable featured a couple of heavy hitters in the privacy world, namely Dr. Deborah Peel and Dr. Bill Braithwaite, as well as Partners HealthCare System Chief Privacy Officer Karen Grant, Linda Sanches, representing the HHS Office of Civil Rights, and, via telephone, Jodi Daniel, from the Office of the National Coordinator. Given the expense I just incurred, I wrote a story Tuesday about the Peel-Braithwaite debate for someone who actually will pay me, Digital HealthCare & Productivity.

In the interest of getting the news out and getting picked up by this week’s Health Wonk Review, I’m going to give you for free some notes from other Tuesday sessions.

On Friday, HHS released some proposed dates for transitioning to the next generation of HIPAA transactional code sets—otherwise known as ANSI X12 version 5050—as well as to ICD-10 standards for E&M coding. The proposal also includes the the National Council for Prescription Drug Programs standard version D.0 for electronic pharmacy transactions.

The full language is at http://www.cms.hhs.gov/TransactionCodeSetsStands/02_TransactionsandCodeSetsRegulations.asp#TopOfPage and will appear in this Friday’s Federal Register to trigger a 60-day comment period, closing Oct. 21.

“This is not a do-over of HIPAA,” said Workgroup for Electronic Data Interchange Chairman James Whicker, who also phoned in to the HIPAA Summit. Whicker, director of EDI and e-commerce at Intermountain Healthcare in Salt Lake City, said that changes are necessary because the current version 4010A1 is more than six years old already and has significant shortcomings.

Among the changes he highlighted:

  • The 835 transaction for remittance advice adds an embedded link to payer URLs for some payment adjustment and denial codes.
  • 834 will allow ICD-10 to report pre-existing conditions and address some privacy concerns
  • 270 and 271 eligibility transactions bring what Whicker called “a significant number of changes and improvements” from the provider perspective. For example, he said, the new code sets clarify instructions for sending inquiries based on whether the patient is the health plan’s primary enrollee or a dependent. If the eligibility date, plan name or benefit effective date for a particular encounter is different from that of the overall coverage, the health plan must report it as part of the transaction. Version 5010 also requires alternate search options for 270 and 271 transactions so a provider can search by member ID, last name only or date of birth to help eliminate false negatives and phone calls, Whicker said.
  • 276 and 277 transactions for healthcare claims status have minor changes addressing privacy concerns over sensitive patient information that is unnecessary for business purposes.
  • Implementation guides will no longer be free when 5010 takes effect.

I personally don’t know what to make of the 5010 news, but I know that there is significant opposition to the proposed Oct. 1, 2011, compliance date for ICD-10. As Whicker spoke, I was reading a press release from the Medical Group Management Association denouncing the idea, and would wager a large sum that the American Medical Association thinks three years and two months is not long enough.

And now back to the privacy debate.

In a separate session, Sanches vigorously defended OCR’s record on HIPAA privacy enforcement, despite the fact the office has not assessed a single civil monetary penalty in the five years the rules have been in effect. “Our enforcement has resulted in changes,” Sanches said, a sentiment also expressed by Michael Phillips, a health insurance specialist in the CMS Office of E-Health Standards and Services regarding enforcement of HIPAA security regulations.

Sanches said most privacy complaints have either been dismissed or resolved with corrective action, while some, as with Providence Health and Services last month, have been settled with with “resolution agreements,” usually resulting in a fine. Sanches described the resolution agreements as “forward-looking,” since they require corrective action even though there is no admission of liability. “We will be monitoring their compliance,” Sanches said of Providence, which agreed to pay $100,000 as part of the deal.

Suffice it to say, OCR still has plenty of critics. Deven McGraw, director of the Health Privacy Project at the Washington-based Center for Democracy & Technology, said that enforcement clearly is lacking. “When you haven’t imposed a single civil monetary penalty, you are not sending a message that you are going to hit people in the pocketbook,” McGraw said during a joint session with Peel.

Those who don’t know Peel well might think she would wholeheartedly agree with this sentiment, but she says the August 2002 HIPAA privacy amendments that created the “treatment, payment and healthcare operations” exemption effectively neutered the rule. “We believe there is nothing for OCR to enforce because there isn’t a privacy law anymore,” she said, arguing that lack of privacy is keeping people from seeking treatment for some conditions, including Iraq war veterans who might suffer from depression or post-traumatic stress disorder.

As for HIPAA security enforcement, Phillips said OCR gets many more privacy complaints per year than CMS does for the security rule, largely because so many violations involve paper PHI and the security rule only applies to electronic information. He said that CMS has received 350 security rule complaints, to date, but, surprisingly, given all the attention paid to laptop theft, only 10 percent have involved lost or stolen devices.

Of those 350 complaints, 248 have been resolved and 102 investigation remain open.
Phillips also discussed the CMS contract with PricewaterhouseCoopers to conduct 10 compliance reviews this year, saying that the audit firm has done six reviews, including the well-publicized critique of Piedmont Healthcare in Atlanta. Phillips said CMS will share information about one of the 10 cases when all the reports are done.

Another conference session focused on the Piedmont case, and I think I will do a story for one of my publication clients in the next week or two. Stay tuned.

And finally, since anything involving David Brailer tends to generate a lot of traffic to this site, I shall call your attention to the following from former U.S. Sen. Dave Durenberger (R-Minn.), who founded and chairs the National Institute of Health Policy and sits on the Medicare Payment Advisory Commission:

DAVID BRAILER a few short years ago was the No. 1 name in American healthcare according to the annual Modern Healthcare survey of important people in the field. His job then was to be President Bush’s “Health Information Czar” to get the medical system moving toward automation and electronic information interchange.

Today he runs Health Evolution Partners out of San Francisco. He says HEP was founded to accelerate the best in the inevitable change taking place in the healthcare market. It will focus on redefining quality, efficiency and accountability of healthcare services to consumers and payers. He has developed a “Purchaser Value Initiative” as well, and raised nearly a billion dollars from CALPERS and from an additional four or five state public employees retirement funds (including Minnesota).

Susan and I enjoyed lunch with David recently at the Buckeye Roadhouse just off CA Highway 101 near Sausalito. David’s no. 1 interest these days is in his family, especially his seven-year old son and year old daughter. I listened to much of a fascinating discussion over elementary education in San Francisco and the merits of various institutions before we got to passion no. 2. How health system entrepreneurs will use the cost-quality-access quandary we face in this country, to innovate our way to better health, medical care and health management services.

Listening to Brailer, you get the impression that there may have been a lot not to like in the Bush administration’s approach to “consumer driven healthcare.” On the other hand, it focused us on a critical reality. Everyone in America is a potential consumer of better health, more appropriate medical services and, someday, good judges of value in the healthcare system. Entrepreneur innovators are doing it right now, and Brailer’s EHP team will help make sure they succeed.

August 19, 2008 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Video HITs, cartoon style

I guess it was inevitable, with all the health 2.0 efforts that have come out of the woodwork of late, but the people behind HIT Transition, namely Martin Jensen and Michael Christopher, have had a beta launch of The Health IT Channel, otherwise known as HITCHtv. There are only two videos posted so far (both hosted on YouTube and embedded on the HITCHtv site), but the first seems like it required a bit of effort.

It’s an animated swipe at Microsoft‘s new HealthVault, the product that seemingly everyone but the Redmond Empire itself is calling a personal health record. Without naming names, the parody also makes fun of Dr. Deborah Peel and her Patient Privacy Rights Foundation for endorsing HealthVault.

OK, so Jensen does name Peel in a HIT Transition blog post that explains what he thinks is wrong with HealthVault. Kudos for not hiding behind the shield of anonymity. I’ll add HITCHtv to my blogroll.

In the other video posted so far, Jensen comments on the threat that Wal-Mart poses to traditional healthcare delivery methods. Commentary is fine. Parody is better. Do they have the budget for more cartoons? This 37-year-old fan of Adult Swim sure hopes so.

October 14, 2007 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.