Free Healthcare IT Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Get all the latest Health IT updates from Neil Versel for FREE!

Health Wonk Review, post-HIMSS

While all the health IT reporters like myself were in Florida last week for HIMSS14, plenty of other things were going on in healthcare. David Harlow of HealthBlawg has a roundup of opinions in the latest edition of Health Wonk Review, entitled “In Like a Lion.”

Yes, HIMSS was a big deal, even for non-IT people, as I captured the top mention in a HWR for, I believe, the very first time, with my podcast interview with HIMSS President and CEO Steve Lieber.

(David, per your note, I only suffered superficial injuries this year, with a couple of scrapes on my face. No stitches needed, and no deaths in my family, though my uncle did lose his mother-in-law the day after I returned. I also broke a wine glass in a restaurant, though it was not my glass, it was empty and I was sober. The moral of this story: I need to avoid HIMSS in Orlando, which will be hard, since it’s on a three-year rotation. But next year, the conference is right here in Chicago, and it will be April 12-16 to avoid the dead of winter. The last time it was here, in 2009, I had bronchitis all week. Good times! The following HIMSS will be in Las Vegas, Feb. 29-March 4, 2016.)

Because it was HIMSS week, Harlow featured other IT posts prominently, including one from Lygeia Ricciardi and Adam Dole of the ONC—new national health IT coordinator Dr. Karen DeSalvo said they’re trying to call it “the ONC” instead of just “ONC” these days—about the recently launched Blue Button Connector. Harlow, an attorney, also referenced one of his own posts about HIPAA compliance audits.

Another section of this HWR examines something that I’ve been saying for a long time, that the mainstream media has been not telling the whole story about the Affordable Care Act, a.k.a., Obamacare. Later, Harlow talks about teamwork and collaboration for the purpose of patient safety. Kudos for highlighting those areas.

Click here to read Harlow’s rundown.

March 3, 2014 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Kill your fax machine (redux) and watch out for HIPAA violations

Today, noted medical informatics professor and professional Dr. Bill Hersh had this exchange on Twitter with his daughter, a new medical student.

 

Later today, I stopped to pick up my mail in this multi-unit building and saw this sticking out of someone else’s mailbox.

A HIPAA violation waiting to happen

A HIPAA violation waiting to happen

That’s right, it’s a “personal and confidential” letter from Quest Diagnostics, presumably either medical test results or a bill. Either way, it’s a HIPAA violation waiting to happen. In fact, it’s probably already a HIPAA violation because people now know what lab this person used. The envelope is hanging out of this mailbox because it was misdelivered and whoever got it by accident placed it there for the intended recipient. But who’s to say it does wind up in the right hands before someone opens it?

Anyone who thinks paper is still a safeguard against privacy and security breaches, raise your hand. (Crickets.) Sure, electronic transmissions can be intercepted and databases hacked, but if you take the time to encrypt them, you lessen the risk. And should there be a breach, the audit trail that HIPAA requires can help investigators pinpoint the culprit and create a disincentive for employees to leak data.

As for the fax, it’s sadly ironic that a twentysomething is encountering a fax machine for the first time when she enters a healthcare environment. Kill your fax machine! It’s 2014. Why are we still using 1980s technology to transfer health information?

January 13, 2014 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Podcast: A quick chat with Farzad Mostashari

Friday is the last day on the job for departing national health IT coordinator Dr. Farzad Mostashari, who is stepping down after four years with the Office of the National Coordinator for Health Information Technology, including the last two years as head of ONC.

I was in Washington two weeks ago and stopped by the HHS headquarters for ONC’s Consumer Health IT Summit, the opening event of National Health IT Week, and got a few minutes with Mostashari. (I suppose that was good timing, because I imagine the government shutdown that took effect this week would have canceled the summit and even prevented me from entering the Humphrey Building.) I had the recorder rolling for a brief chat, which lasted less than 15 minutes before Mostashari’s handlers ushered him out to his next appointment. But I did get something.

The interview actually goes on a bit longer than what’s on this track, moving on to a discussion about Food and Drug Administration guidance on mobile medical apps. (You can read about that in this story I wrote for MobiHealthNews.) As it turned out, the FDA issued its final recommendations Sept. 23, which also happened to be the same day new HIPAA regulations—modifications called for in the HITECH Act—took effect.

I might get another chance to talk to Mostashari at the College of Healthcare Information Management Executives Fall CIO Forum at the end of next week, after he officially leaves government service and is allowed to discuss his future plans and perhaps be more candid about his tenure; CHIME has confirmed to me that he will keep his speaking slot. For now, enjoy this short interview.

Podcast details: Interview with outgoing national health IT coordinator Dr. Farzad Mostashari, Sept. 16, 2013. MP3, stereo, 128 kbps, 7.1 MB. Running time 7:44.
0:00 Why he’s leaving
1:20 Different “tribes” of health IT
2:25 Balancing competing interests and the pace of change
4:30 Difficulty of culture change
5:35 Patient control of data and confusion about HIPAA

 

October 2, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

My HIMSS will be all about quality and patient safety

As regular readers might already know, 2012 was a transformative year in my life, and mostly not in a good way. I ended the year on a high note, taking a character-building six-day, 400-mile bike tour through the mountains, desert and coastline of Southern California that brought rain, mud, cold, more climbing than my poor legs could ever hope to endure in the Midwest, some harrowing descents and even a hail storm. But the final leg from Oceanside to San Diego felt triumphant, like I was cruising down the Champs-Élysées during the last stage of the Tour de France, save the stop at the original Rubio’s fish taco stand about five miles from the finish.

But the months before that were difficult. My grandmother passed away at the end of November at the ripe old age of 93, but at least she lived a long, full life and got to see all of her grandchildren grow up. The worst part of 2012 was in April and May, when my father endured needless suffering in a poorly run hospital during his last month of life as he lost his courageous but futile battle with an insidious neurodegenerative disorder called multiple system atrophy, or MSA. (On a personal note, March is MSA Awareness Month, and I am raising funds for the newly renamed Multiple System Atrophy Coalition.)

That ordeal changed my whole perspective, as you may have noticed in my writing since then. No longer do I care about the financial machinations of healthcare such as electronic transactions, revenue-cycle management, the new HIPAA omnibus rule or reasons why healthcare facilities aren’t ready to switch to ICD-10 coding. Nor am I much interested in those who believe it’s more worthwhile to take the Medicare penalties starting in 2015 for not achieving “meaningful use” than to put the time and money into adopting electronic health records. I’m not interested in lists of “best hospitals” or “best doctors” based solely on reputation. I am sick of the excuses for why healthcare can’t fix its broken processes.

And don’t get me started on those opposed to reform because they somehow believe that the U.S. has the “best healthcare in the world.” We don’t. We simply have the most expensive, least efficient healthcare in the world, and it’s really dangerous in many cases.

No, I am dedicated to bringing news about efforts to improve patient safety and reduce medical errors. Yes, we need to bring costs down and increase access to care, too, but we can make a big dent on those fronts by creating incentives to do the right thing instead of doing the easy thing. Accountable care and bundled payments seem like they’re steps in the right direction, though the jury remains out. All the recent questioning about whether meaningful use has had its intended effect and even whether current EHR systems are safe also makes me optimistic that people are starting to care about quality.

Keep that in mind as you pitch me for the upcoming HIMSS conference. Also keep in mind that I have two distinct audiences: CIOs read InformationWeek Healthcare, while a broad mix of innovators, consultants and healthcare and IT professionals keep up with my work at MobiHealthNews. For the latter, I’m interested in mobile tools for doctors and on the consumerization of health IT.

I’m not doing a whole lot of feature writing at the moment, so I’d like to see and hear things I can relate in a 500-word story. Contract wins don’t really interest me since there are far too many of them to report on. Mergers and acquisitions as well as venture investments matter to MobiHealthNews but not so much to InformationWeek. And remember, I see through the hype. I want substance. Policy insights are good. Case studies are better, as long as we’re talking about quality and safety. Think care coordination and health information exchange for example, but not necessarily the technical workings behind the scenes.

And, as always, I tend to find a lot more interesting things happening in the educational sessions than in that zoo known as the exhibit hall. I’m there for the conference, not the “show.”

Many of you already have sent your pitches. I expect to get to them no later than this weekend, and I’ll respond in the order I’ve received them. Thank you kindly for your patience.

February 13, 2013 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Don’t forget D.0

While everyone’s scrambling to comply with ANSI X12 5010 standards for HIPAA transactions by Jan. 1—or whenever CMS gets around to enforcing them—there’s another piece of the upgrade that hasn’t been talked about much. That’s the National Council for Prescription Drug Programs’ version D.0 standard for pharmacy transactions.

I got an inadvertent reminder this week when I picked up some prescription refills. One of my meds was out of refills, so my doctor sent a refill electronically (woohoo). Inside the bag of meds was a printout that may not have been intended for me to see, or perhaps I was supposed to mention it to my doctor. The notice contained a “reject message” with the note, “VERSION D.0 REQUIRED AS OF 1/1/2012.

Obviously, the script went through and I got my refill, but I sure hope people don’t start getting prescriptions actually rejected for being in the old NCPDP 5.1 format after the first of the year. Prescribers, get in touch with your vendors. Vendors, remind your e-prescribing clients. It’s not a big change like 5010 and the forthcoming ICD-10, but it’s significant. So get it done.

November 18, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

Australia considers huge fines for EHR snooping

How’s this for a deterrent against unauthorized snooping into patient EHRs? Australian Health Minister Nicola Roxon recently proposed whopping fines of A$13,200 for individuals and A$66,000 for companies that illegally access patient records. The Aussie dollar is nearly on par with the greenback these days, so the numbers are virtually equal when you convert to U.S. currency. That’s a lot of money.

Now, Australia doesn’t actually have much in the way of EHRs just yet, so this is somewhat speculative, but I think those numbers will get people’s attention. At least it will make records clerks think twice before peering at the records of people like Hugh Jackman or Nicole Kidman, right? The celebrity snooping at UCLA Health System cost the organization $865,000 in a legal settlement, and two employees were convicted of crimes, but I’m not aware of an individual being fined more than $2,000.

Would the threat of automatic big-dollar fines prevent unauthorized peeking at EHRs, or are lawsuits like the one the HHS Office for Civil Rights filed against UCLA more of a deterrent?

October 11, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

A vendor’s view on selling of data

As long as there have been EMRs, there have been vendors selling aggregated, de-identified data. And there have been people worried about privacy.

That issue came up last week AHIMA Legal EHR Summit right here in Chicago, during a session exploring issues related to data ownership and stewardship in the era of cloud computing. (I’ll have a more complete rundown of the session Monday in InformationWeek Healthcare.)

Near the start of the panel, Daniel Orenstein, senior VP and general counsel of Athenahealth tried to put any lingering questions to rest right away. “I think data monetization is kind of a red herring,” Nussbaum said of people who criticize vendors for selling sensitive patient information. According to Nussbaum, de-identified data no longer includes any protected health information as defined by HIPAA, and only has value in the aggregate.

What he didn’t mention—and what nobody on the panel or in the audience brought up— is the possibility that data that supposedly were de-identified could be re-identified to a reasonable degree of precision. I’ve heard this for years, but I don’t know if anyone’s actually re-identified patient data outside of academia. Is this a real threat, or is Nussbaum right about it being a red herring?

UPDATE, August 22, 4:25 pm CDT: Here’s the InformationWeek story I referenced.

 

August 21, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.

ONC opens comments on federal HIT strategic plan

The Office of the National Coordinator for Health Information Technology today opened a four-week comment period on proposed revisions to the Federal Health IT Strategic Plan (pdf). Last updated in 2008, the plan spells out ONC’s strategy for meeting national health IT goals for the five-year period beginning in 2011. The HITECH Act requires this revision.

According to a blog post by national coordinator Dr. David Blumenthal:

Some components of the Plan may already be familiar, including the Medicare and Medicaid Electronic Health Record Incentive Programs and the grant programs created by the HITECH Act, which are creating an infrastructure to support meaningful use. However, the Plan also charts new ground for the federal health IT agenda:

  • In Goal I, the health information exchange strategy focuses on first fostering business models that create health information exchange, supporting exchange where it is not taking place, and ensuring that information exchange takes place across different business models.
  • In Goal II, we discuss how integral health IT is to the National Health Care Quality Strategy and Plan that is required by the Affordable Care Act.
  • In Goal III, we highlight efforts to step up protections to improve privacy and security of health information, and discuss a major investment in an education and outreach strategy to increase the provider community and the public’s understanding of electronic health information, how their information can be used, and their privacy and security rights under the HIPAA Privacy and Security rules.
  • In Goal IV, we recognize the importance of empowering individuals with access to their electronic health information through useful tools that can be a powerful driver in moving toward more patient-centered care.
  • In Goal V, we have developed a path forward for building a “learning health system,” that can aggregate, analyze, and leverage health information to improve knowledge about health care across populations.

ONC is accepting comments through April 22 via the blog site.

 

March 25, 2011 I Written By

I'm a freelance healthcare journalist, specializing in health IT, mobile health, healthcare quality, hospital/physician practice management and healthcare finance.