The ability to share data among providers has been hobbled by obstacles large and small. But as technologies mature, real-world models of workable interoperability are emerging.
As the summer doldrums wind down, there are some reasons to be optimistic about the state of data interoperability in healthcare.
While no one development signals that we've turned the corner on this predominant technology shortcoming standing between healthcare providers and data-driven value-based care, when taken as a group, they are encouraging signposts.
1. The Argonaut Project's progress means more rapid interop development.
Launched in late 2014, the Argonaut Project was the unprecedented collaboration of traditional healthcare rivals Epic and Cerner, as well as many others, to develop a set of implementation guides for HL7 Fast Healthcare Interoperability Resources (FHIR), basically a series of shortcuts to allowing EHRs and other apps to interoperate between providers.
While a handful of healthcare organizations have managed to implement some FHIR technology, Argonaut was launched to provide a "code sprint" so developers from EHR companies to healthcare organizations could more quickly implement key interop use cases ranging from sharing problem lists, immunizations, medication list, allergies and other key meaningful use requirements.
After some initial consensus work last year, next month Argonaut will finalize a set of core implementation guides, says Micky Tripathi, head of the Massachusetts eHealth Collaborative, whose organization is managing Argonaut.
The better news is that a growing number of healthcare organizations will base their own standards and interop direction on these completed Argonaut guides, Tripathi says.
Another sign of Argonaut's maturity is that the group, which includes a number of healthcare organizations such as Beth Israel Deaconess Medical Center, Intermountain, Mayo Clinic, and Partners HealthCare, is now working on how its implementation guides will be governed and by whom, perhaps without disappearing into HL7's often lengthy upgrade processes, Tripathi says.
2. The most recent FHIR demos by providers show promise.
Harvard Medical School hosted two days of FHIR app demos in late July, showcasing such innovative projects as UCSF's ClinicalTrialsMatch (CTMatch), a patient-centric technology platform that matches a patient to clinical trials, and InterSystems' CCDA Shredder, a way of taking difficult-to-read CCDA documents and storing them as individual data values, unlocking clinicians' ability to use shared data.
These apps and others will find their way into the annual releases and app stores of EHR software vendors such as Epic and Cerner, further extending that software's interoperability and utility.
3. Carequality is up and running and providers are exchanging data on it.
Earlier this month, the Carequality interoperability framework announced that more than 3,000 clinics and 200 hospitals are live on the Carequality network and capable of sharing health data.
While there is still work to do to interconnect Carequality with the network built by the CommonWell Health Alliance, the good news is that between the two networks, every major EHR is represented, leaving much less work to do to connect the two networks, which looks more and more likely to happen.
Among those healthcare systems now live on Carequality is SSM Health.
"Carequality Framework adoption was important in expanding the number of providers with which we are automatically connected so we can better coordinate care in our communities," said Richard Vaughn MD, chief medical information officer for SSM Health, in a statement released by Carequality.
"The Framework really creates a win-win for patients and providers by helping us make faster and better decisions, avoid reordering expensive tests, and ensure that our patients receive the best care possible. We look forward to the additional benefits that will be realized when other vendors go live on the Framework as well."
Other providers now live on Carequality include Sutter Health, which like SSM, is running the Epic EHR; as well as Midwest Nephrology, a St. Peters, Missouri organization which runs the eClinicalWorks EHR. Also on board is Signature Medical Group in St. Louis, which runs the NextGen EHR.
As summer turns to fall, the network effect of all these interoperability developments still remains a bit hazy, but the cumulative effect of all these efforts will be to focus the attention of ever-more providers on jumping on the interoperability bandwagon.
There is a disconnect between the MIPS / MACRA push for physicians and what is happening on the hospital side of the equation.
Physicians might be ready for MIPS and MACRA, but are their EHRs and other technology tools up to the challenge?
It depends on who you ask.
"It's unfortunate that some physicians and hospitals have not made the investments in the tools that can improve the provision of care for patients," says Bill Kramer, MBA, executive director for national health policy at the San Francisco-based Pacific Business Group on Health.
"They were given lots of money under the meaningful use program to put those tools in place. There are many quality improvement organizations, consultants, to help providers improve the quality and efficiency of care," he says.
"There are clinical guidelines that specialty societies have developed that should be used and they aren't. There are measures to improve patient safety in hospitals that have only been used sporadically."
"I think," continues Kramer, "physicians and clinicians and hospitals should be doing the right thing to improve care for patients, not just doing this in response to regulations."
And yet, in my own reporting on MIPS and MACRA, I have often heard that the technology tools built all around meaningful use remain immature when it comes to the kind of quality reporting that MIPS and MACRA will require from day one, January 1, 2017.
Kramer dismisses these concerns. "We shouldn't be having a debate about whether the tools exist," he says. "The question is now, will clinicians use them to improve quality of care?"
Two Different Systems
There is a disconnect between the MIPS / MACRA push for physicians and what is happening on the hospital side of the equation.
"We have a completely unequal system right now," says Russ Branzell, president and CEO of the College of Healthcare Information Management Executives (CHIME).
"We have a system that gave leniencies to physicians, while at the same time not giving the same leniencies for the hospital-based side. Yes there are physicians, and a lot, that still work in a private practice setting, in a private environment, but wouldn't you want a harmonization of the entire system to be out there?"
According to Branzell, "we are still a long way from a universal set of clear, objective, clinical-based quality measures that we all agree on that should be used. "
"There's still a significant fragmentation out there that we have the opportunity to still bring together," he says.
CHIME's comments on the MACRA NPRM, filed in late June along with a torrent of other comments from stakeholders, mentions a long list of technology-related issues which could thwart MIPS and MACRA from achieving their aims.
In particular, CHIME is concerned that a provision of MACRA requires providers to attest they are not data blockers. In its MACRA comments, CHIME stated that while the nation still lacks a national patient identifier, "clinicians may experience matching patients to their records when records are exchanged; however, this should not be considered data blocking."
CHIME also considers immature technical standards a barrier to a second proposed attestation statement providers must sign under MACRA, basically stating that they are following applicable standards for successful implementation of MACRA and MIPS objectives.
"It's imperative that such standards are clearly defined and appropriately matured to facilitate meaningful data exchange," CHIME's letter said.
Given where we sit in the midst of an election year, while there is interest on the part of some politicians to pass legislation modifying MACRA to address these concerns, Branzell notes that "we do have the rules that we have."
More legislation seems unlikely until after this election cycle. Meanwhile, Branzell's concern remains that CMS is "repeating now the same mistakes we made in [meaningful use] stage 1 and stage 2."
Both Kramer and Branzell note that forward-looking healthcare organizations are not waiting for further rulemaking, but are making the best effort they can, with the resources they have, to pivot from fee-for-service to value-based care, using the tools available.
"The good organizations that are out there, of which there are many, are already working on that for the right reasons, and it's not because the government is going to come out with one of these models," Branzell says.
How the South Carolina Medical Association and the Medical Association of Georgia plan to leverage the health information exchange built by the state of Kansas.
State health information exchanges continue to fall short of their potential to make exchanging medical records more like a utility and less like a computer science problem.
Despite recent HIE discord in neighboring Missouri, Kansas's HIE has not only thrived, it is exporting the technology to other states, notably Georgia and most recently South Carolina.
Most interestingly, the move, both in Kansas and in Georgia and South Carolina, is spearheaded by medical associations.
The original Kansas HIE formed after the passage of the American Recovery and Reinvestment Act in 2009 through a partnership between the Kansas Medical Society and the Kansas Hospital Association.
KaMMCO Health Solutions, which operates the Kansas HIE and is supplying technology to providers in Georgia and South Carolina and potentially in other states as well.
And in an added twist, KaMMCO Health Solutions itself is a subsidiary of the Kansas Medical Mutual Insurance company (KaMMCO), a provider of medical malpractice insurance.
Laura McCrary is senior vice president of KaMMCO Health Solutions. Malpractice insurance companies aren't typically thought of as technology innovators, but in this case, McCrary says more and more malpractice insurers understand the importance of providers being able to have good quality complete medical information at the point of care.
"A significant number of the medical malpractice claims filed against KaMMCO insureds are due to poor transitions of care, so the information that the doctor needed did not get to the doctor in a timely manner, or the information was incomplete, or the patient did not receive the information they needed," she says.
In South Carolina, the 6,000-physician South Carolina Medical Association (SCMA) will deploy a suite of KaMMCO Health Solutions technology, the same technology powering the Kansas HIE, this fall. [In Georgia, the Medical Association of Georgia will deploy it before the end of the summer.]
Gregory Tarasidis MD is a practicing ear, nose, and throat doctor based in Greenwood, SC who was SCMA's physician leader on the project and a past president of the SCMA.
He was president in 2010 "when all of the EMR mandates came out and we worked on all that and we all instituted it, and we all worked towards that goal with the hope and the dream that I would have this great ability to transmit data back and forth and I would be able to take care of my patients much better," Tarasidis says.
'Nice Statewide Interoperability'
"Well that didn't really turn out to be, as you well know. In Kansas, the dominoes fell correctly, and they've really got a nice system that is up and running that allows them to have nice statewide interoperability."
In addition, Tarasidis admired the way Kansas physicians could check on patients' progress in getting their hemoglobin A1C checked and other lab work "and get true real-time data analytics out of it, not later in the stage when the claim comes through for the charge" he says.
Earlier efforts in South Carolina, including its own HIE, have fallen short of this. "Part of that was [that] at the time it was hard to get providers and stakeholders to basically commit to a project that wasn't built," Tarasidis says.
Kansas, he says, "has the system, the software, the subcontractors, the server farms, everything we need. So we don't have to reinvent that at all."
Tarasidis chooses his words carefully when asked about the South Carolina Health Information Exchange (SCHIEx), which he helped organize in 2010.
"It was a state entity, and recently became a private entity. Our goal is work with them, not to compete. I would say this. [The partnership between SCMA and KaMMCO] is going to fill the role that we hoped would be bigger with SCHIEx, but we didn't get there."
The fact that the Kansas HIE is led by physicians and providers is a factor, he adds.
Of course, even the KaMMCO infrastructure is built on a variety of technology provided by vendors including ICA, Diameter Health, No More Clipboard, and BluePrint Healthcare IT: Care Navigator. KaMMCO supplies some components itself, including a help desk, project management, integration engineers, and dashboards.
As 2017 approaches, and with it the advanced reporting and value-oriented goals of MIPS and MACRA, look for more medical associations around the country to look for affordable alternatives to the interoperability and HIE offerings available to them currently.
What South Carolina is doing may be an early indicator.
KaMMCO charges $100 per month per physician for its connectivity suite, including the analytics mentioned above. "We think that is a nominal fee, and the goal here, of course, is to spread it broadly. And the more people who participate, the more opportunities we have to reduce the overall cost," McCrary says.
Now that government is on the verge of "moving the cheese," truly changing the payment incentive away from fee-for-service, it may be the perfect time for such offerings to scale up at an affordable cost.
Inaccurate provider directories are a hurdle to consumers seeking healthcare, but a California law is pushing providers and technology professionals to make improvements.
Consumer frustration with inadequate provider directories may finally be getting the attention it deserves.
At next month's innovation-focused Health 2.0 conference, the Robert Wood Johnson Foundation and ProPublica will announce the $50,000 first-prize winner of their Finding the Right Provider Challenge.
The winner will demonstrate a tool letting consumers experience searching for and finding the right provider, considering factors such as cost, hours and location, participation with insurance plans, and feedback from other consumers.
While such "carrot" incentives make progress, there are also some new sticks.
Late last year, CMS gained the authority to fine plans up to $25,000 per Medicare Advantage beneficiary for keeping inaccurate provider directories.
Then, last month, the state of California enacted SB 137, which requires all health plans in the state to keep their provider directories online and up-to-date – so much so that the bill requires a plan or insurer, at least weekly, to update its online provider directory, and at least quarterly, to update its printed provider directory.
Onus is on Provider
All of this is welcome news to one Los Angeles-area public health plan, L.A. Care. Many of its 2.1 million members are either in Medi-Cal, California's version of Medicaid, or Covered California, the state's health insurance exchange. SB 137 helps those members maintain their continuity of care, says Dino Kasdagly, chief operating officer of L.A. Care.
"This puts the onus on the provider," Kasdagly says. "On a yearly basis, they have to attest to the accuracy of their licenses, credentials, specialties, demographics, offices, and office hours."
Specifically, SB 137 requires providers to inform health plans within five business days if the provider is no longer accepting new patients, or is accepting them again, after a period of having not done so.
All this has created business opportunity for technology providers, and in this regard, L.A. Care uses LexisNexis, which maintains a master database of data on provider demographics, Kasdagly says. This database relies upon more than 2,000 sources of data and covers more than 8.5 million providers, according to LexisNexis officials.
Data Discrepancies
"They'll come back to us with discrepancies that we have within our information," Kasdagly says. "We will then not just take it for granted. Because there are errors in all databases. We will also research the findings and either go back to Lexis with our findings, or we [find that we] agree with Lexis's findings, which is a very high percentage; they're more accurate than what we have."
Kasdagly was not able to characterize how big a problem inaccurate provider directories are for L.A. Care, but a study this year by researchers at West Virginia University found these directories to be shockingly inaccurate.
He was unwilling to share what kind of annual provider turnover L.A. Care experiences annually. "It's not zero, and it's not a very high number either," Kasdagly says. "I don't worry about those. Those we can capture."
These changes fall under the multitudes of other provider changes, such as providers that have:
Added phone lines
Joined an independent provider association or another organization
Changed office hours and/or locations
SB 137 has a number of other provisions. By the end of July 2017, health plans' Web sites must be able to let visitors search by name, practice address, city, zip code, California license number, national provider identifier number, admitting privileges to an identified hospital.
The main effort of the bill is focused on ambulatory and specialty care providers.
General acute care hospitals are exempt from some of the requirements of the bill which prevent them from being removed from provider directories if they do not respond to requests for information updates.
Still, the overall effect of SB 137 and legislation like it will be to improve consumer experience and perhaps make some headway on the backlog of referral requests for specialists.
"The teeth [in SB 137] will make a difference from a member perspective," Kasdagly says.
The move from meaningful use to the value-based payment world of MACRA, MIPS, and the APMs is coming into focus.
This article first appeared in the July/August 2016 issue of HealthLeaders magazine.
Meaningful use as we knew it changed on April 14, 2015. And what it's becoming is still being discerned by physicians, healthcare executives, and the industry at large.
On that date, a large bipartisan majority in Congress passed the Medicare Access and CHIP Reauthorization Act of 2015, or MACRA. MACRA permanently repeals the flawed Sustainable Growth Rate formula for determining Medicare payments for clinicians' services. According to the Centers for Medicare & Medicaid Services, it also establishes a new framework for rewarding clinicians for value over volume, and streamlines other existing quality-reporting programs into a single new system.
But before any of that can occur, the entire healthcare industry must gain a better understanding of MACRA, policies and procedures must be implemented, and technology needs a serious upgrade. In January 2016, Acting CMS Administrator Andy Slavitt created some confusion in the industry by describing MACRA as the end of meaningful use as we knew it, when, in fact, later clarifications more accurately described it as an evolution of meaningful use for physicians as expressed by Congress in the MACRA legislation.
The true scope of MACRA became clearer on April 25, 2016, when CMS released the 962-page Notice of Proposed Rulemaking (NPRM) for MACRA, and opened a two-month comment period. As Slavitt had to emphasize in January, the meaningful use program would continue uninterrupted for hospitals. In fact, stage 3 of meaningful use for hospitals, which is also a component of moving toward value-based care, is due to commence in 2017 for early adopters, and in 2018 for hospitals in general.
But on the physician side, as spelled out in the MACRA legislation, meaningful use was indeed being replaced by a program given the new name Advancing Care Information (ACI), which is just one component in the larger matrix of CMS physician incentive programs that kick in January 2017 and that will trigger increased or decreased payment adjustments starting in 2019.
Those incentive programs, known as the Merit-Based Incentive Payment System (MIPS), and Alternative Payment Models (APM) will start to move all physicians toward a goal expressed in the 2010 Affordable Care Act: for physicians to be reimbursed not for services rendered, but instead for outcomes.
How to get from fee-for-service to value-based care is still a journey of many unknown turns for providers, not all of whom are convinced that ACI will do away with the busywork physicians had to perform under meaningful use.
"Based on what I'm seeing so far of MACRA, I think we're still going to be clicking a lot of boxes" in 2017, says Randy McCleese, vice president of information services and chief information officer at St. Claire Regional Medical Center, a 159-licensed-bed Morehead, Kentucky, hospital with 100 physicians, six primary care clinics, and two specialty clinics.
Like many of his executive counterparts, McCleese, a past board chairman of the College of Healthcare Information Management Executives, spent the weeks following the release of the MACRA NPRM on numerous conference calls, as the industry struggles to make sense of the proposed rule and chart a path forward. "We, as an organization, are just starting to get our hands around MACRA," he says.
Some of the organization's physicians believe that MACRA means the end of meaningful use. "The meaningful use program is just being rolled into and consumed into something bigger and something broader," McCleese says.
McCleese welcomes the consolidation of overlapping quality measures outlined both in meaningful use stage 3 and in the proposed MACRA rule. At present, "we've got to report the same thing in three or four different formats to different agencies that need the same data," he says.
Also challenging McCleese under the current meaningful use program: MACRA and meaningful use, going forward, require electronic reporting of quality measures, but various EHR software, including the Meditech EHR software in use at St. Claire, isn't yet set up to automate that reporting. Instead, St. Claire staff must export the data from the EHR to spreadsheets and prepare it for electronic submission, adding to a cumbersome process.
Some broad governance implications of the move from meaningful use to the value-based payment world of MACRA, MIPS, and the APMs is also coming into focus for McCleese. Fast fading are the days of CIOs managing the meaningful use program in relative isolation from the rest of the executive team.
"It is going to have to be a multidisciplinary governance area, in our case, that will heavily involve our CMO and vice president for quality, and we're also going to have to bring in nursing," McCleese says.
McCleese also echoes the concerns in the industry that the MACRA legislation itself, on top of the HITECH legislation that created the meaningful use program, requires physicians to report on too many quality measures too soon. "If we try to get all of them, I'm not sure we're going to do a very good job at any of them," he says. "If we focus on five measures in each of the specialties, then 10, then 15, then 20, we'd be better off."
Karen Wilding, director of IT operations at the 12-hospital University of Maryland Medical System, headquartered in Baltimore, says, "Meaningful use objectives are going to remain. We are still expected to adhere and be successful. They are part of our ongoing operations and expectations, and now we have an ability to build on what we've already been successful on previously."
The key to that success is a physician governance structure that allows for frequent physician engagement and feedback, Wilding says. "Also, we have end-user work groups that have allowed our staff that work in the practices and in the hospitals to provide feedback on the day-to-day impact of the program."
Wilding is responsible for the day-to-day operations of the IT department as well as the meaningful use program for the medical system. "Ongoing analysis continues as we seek to better understand how the new proposed legislation directly impacts our employed providers and the medical system at large," she says.
UMMS' implementation of the Epic EHR makes Wilding confident that "while we still have some build and testing we're going to have to roll out as a result of MACRA changes, we believe it's manageable."
"How fast do you burn your existing fee-for-service structures down to replace them with value-based care? It's where you've got point-of-care systems built into your EMR to where the doc can know what needs to happen on this patient right now."
Wilding also says she thinks that MACRA may resolve some physicians' concerns. "You had these silly metrics that were kind of arbitrary and didn't necessarily mean that you were providing better care or were more efficient."
One potential distraction at UMMS: upgrading by this fall from the 2012 version of Epic to the 2015 version, Wilding says.
Two other health systems represent the wide spectrum of preparedness to leave fee-for-service behind, the desired outcome for MACRA.
At Mosaic Life Care, anchored by a 350-licensed-bed hospital in St. Joseph, Missouri, Joe Boyce, MD, chief technology officer and chief medical information officer, says the key to thriving in the age of MACRA comes down to "how fast do you burn your existing fee-for-service structures down to replace them with value-based care. It's where you've got point-of-care systems built into your EMR to where the doc can know what needs to happen on this patient right now."
"We were ahead of the ACO curve by 2 or 3 years for most people, but again for our size, it's kind of like, let's invent this lifeboat before we need it," Boyce says. "We just said let's evolve it ourselves quicker to this new payment model."
Mosaic set the stage in 2012 when it entered its first accountable care organization arrangement with CMS. Modifying its Cerner EHR software, Mosaic was able to create a summary page "that basically shows all of the quality measures we've got for a patient, and which ones are overdue, and which ones are due next or when they were done," Boyce says. The system has been so effective, it is becoming difficult for him to find records of any patients who have significant gaps in care, he says.
Mosaic also minimized some of the transition pain by moving into a new market 55 miles south of St. Joseph. "By opening our clinics in the Kansas City area, as an outpatient move, we wouldn't hurt our inpatient services as much," Boyce says.
Then there are the systems for which fee-for-service is still the norm, and the path ahead is steepest of all.
At Spartanburg Regional Healthcare System, which consists of three hospitals and 23 primary care practices, "I still live and breathe in fee-for-service," says E.G. "Nick" Ulmer Jr., MD, CPC, vice president of clinical integration and medical director of case management. "We're really now looking at quality not only on the inpatient side, but we have a medical group here of 300-plus physicians that are employed."
Given its experience with PQRS and meaningful use, "it's become very complex in the last couple of years, and even more so in the last year as we start to educate physicians on MACRA, MIPS, and alternate payment models," Ulmer says.
Spartanburg does have some contracts "where there is a shared-savings type of opportunity, which is not the Medicare Shared Savings, but it's a contract where there are quality metrics tied to our revenues," Ulmer says. "There are quality metrics in some contracts where we get bonuses, but we're still fee-for-service underneath those. It's not that we're given a dollar to manage the care. It's that we're getting paid a negotiated fee-for-service rate with opportunities to get bonuses that are linked to cost and quality and things along the lines of safety, like readmissions and ED utilization."
As a way of understanding the upside and downside risk MIPS and APMs may impose upon Spartanburg moving forward, Ulmer has partnered with SA Ignite, a company with meaningful use readiness tools that are now evolving into MIPS calculator tools, allowing those in the C-suite and others to see how much money is at stake, showing both the potential upside and the downside of the MIPS and APM payment models.
"We have a high level of anxiety about being ready, and some of it's because there's so much that we still just don't quite understand," Ulmer says. "We have two governance buckets here of meaningful use and other quality metrics, so we are now trying to have an aligned quality message to eliminate gaps in reporting on either the inpatient or the outpatient side.
"We have talked about Medicare Shared Savings, but we just don't know. We're trying to go into one of these payment models, but we may not be ready yet. But that's our goal."
Hospital and health system executives are on notice: Come clean about ransomware attacks as early as possible or be prepared to face sanctions.
Ransomware, the scourge of healthcare IT for much of 2016, is no longer something healthcare executives can try to sweep under the rug.
A pronouncement from CMS last week clarifies that any ransomware attack is also likely a data breach which must be reported like any HIPAA violation.
This puts healthcare executives on notice that they must come clean about ransomware attacks as early as possible or potentially face sanctions.
"Several organizations I'm aware of that have been hit by ransomware attacks and they managed to keep [such knowledge] internal," says Dean Sittig. He is the co-author of paper on ransomware published last month in Applied Clinical Informatics.
In particular, Sittig, a clinical informatics professor at the University of Texas Health Science Center at Houston (UTHealth) and the UTHealth-Memorial Hermann Center for Health Care Quality and Safety, had critical words for MedStar Health, the Washington, D.C.-area health system hit by a ransomware attack this spring.
"MedStar officially came out and said 'no, it wasn't ransomware,' and then about a few hours later, a picture of the screen [goes public] showing the ransomware that's on the networks" of the organization, Sittig says.
Similarly, during the attack, MedStar officially denied it was diverting patients to other hospitals, until another unauthorized disclosure revealed an e-mail sent out by MedStar advising not to admit any more patients during the attack, he says.
"It's usually when someone in the organization gets mad at their organization [that] they go to the press," Sittig adds.
Potential for Big Fines
Now, with the CMS guidance, Sittig expects organizations will opt to publicly report ransomware attacks in the kind of timely manner that other breach notifications are reported.
Prior to this, it is conceivable that some healthcare organizations just considered paying ransoms as a small added cost of doing business, provided the ransom was paid quickly and operations continued much as normal, Sittig says.
"Recently there's been a couple of ransomware attacks where it looks like they [have] not only encrypted all your data, but also made a copy of your data and taken it," he says.
"The new HHS guidance is going to really ratchet up people's attention, because now you're also talking about big fines from the government, as well as the effects of the ransomware."
Conceivably, certain ransomware attacks might still not rise to the level of a HIPAA breach, but the conditions seem unlikely, Sittig says.
"Unless you can prove the data didn't leave the system and that it was encrypted, then you have to report it as a HIPAA breach," he says.
CMS guidance and HIPAA violations or not, Sittig expects ransomware attacks to continue as long as the ransom-demanders stand to make any money.
"The only problem with that is a few of the people that have paid the ransoms haven't gotten their data back," he says.
"If they don't release the data when someone pays the ransom, it will quickly get out, and no one else will ever pay a ransom again. But people are not going to stop doing ransomware just because the government puts out a thing like this. They're going to keep doing it until it doesn't pay anymore."
For more on ransomware and data breach strategies, join Hussein Syed, chief information security officer, Barnabas Health, for the HealthLeaders Media webcast, "Preparing for Ransomware and Surviving Today's Data Breaches" on Wednesday, July 20 from 1:00 – 2:00 PM ET.
More training and the use of timely communication are helping home dialysis patients overcome some of the workflow problems they face there.
Home-based kidney dialysis remains a relative rarity, with only one in ten U.S. patients able to receive peritoneal dialysis and hemodialysis at home, according to national averages.
But driven by the staggering cost of outpatient dialysis treatments and improvements in home dialysis technology, one chain of dialysis clinics has been able to double that average. And it aims to double it again through an innovative program involving feedback from patients as well as nephrologists and payers.
The costs paid by Medicare tell the tale: While dialysis patients represent less than 1% of the Medicare population, they also represent 6% to 7% of the total cost of Medicare.
Satellite Healthcare, based in San Jose, CA achieved its doubling through its Wellbound Centers, which are dedicated to peritoneal dialysis and hemodialysis and include a training room or space to instruct patients how to perform home dialysis. It serves 7,000 patients in six states.
For two days in June, Satellite brought patients from its service area to San Jose, CA to brainstorm new technology and workflows in an effort to double its home dialysis rate again to 40%.
"There's absolutely a feeling in the nephrology community that we can bring the benefits of home therapies to a greater number of patients," says Graham Abra, MD, medical director at Wellbound San Jose. He is also a practicing nephrologist at Stanford Medicine and clinical assistant professor at Stanford Medical School.
Less Travel, Better Quality of Life
A major benefit of home dialysis is eliminating the travel time required for patients to get to and from dialysis clinics. "They have clinical benefits, in that these therapies in general often lower the number of blood pressure medications and phosphorous-binding medications that patients need to take," Abra says.
"In general, people's quality of life appears to be better on these therapies than on in-center therapies. They recover more quickly after the dialysis treatments that are performed at home. An average in-center patient might take 6 to 8 hours to feel normal after a dialysis treatment, and that could be as low as an hour or so for someone doing home treatment."
Just as Abra believes the dedicated training space at Satellite Wellbound centers has made a big difference in the amount, quality, and effectiveness of home dialysis training, he believes a recent brainstorming session could help dialysis patients at home to get past some of the dialysis workflow problems they face there.
"We heard a lot about the challenges of managing the supplies that are used in the home for peritoneal dialysis and home hemodialysis," Abra says.
Timely Communication
"We heard a lot about the challenges of setting up someone's house in order to do the dialysis at home. I think those are really important details that impact people's quality of life, and often aren't front-and-center in a nephrologist's mind necessarily, [or] even the clinic staff."
Abra points to the Apple iPhone's text messaging as an example of a technology which is currently underutilized to smooth issues and improve patient experience.
He says he was "really struck by the idea that many of our patients have struggles with communicating in a timely manner back and forth with the clinic, with keeping track of their treatment logs, with supply ordering, with alarms that frequently come up on [their home] machines for which they have to search through a big binder of stuff to figure out what they are."
Abra thought technology could be "very helpful."
"All these things kind of scream, 'gosh, put that in an app that can be easily accessed on a tablet or a smartphone, so that you can quickly communicate with your healthcare provider either by text or image.'"
"You can quickly look up common things that are happening with your dialysis machine and troubleshoot it, you can potentially send in your logs electronically so that you're not dealing with pencil and paper, and your healthcare team has timely access," he says.
"There's been huge impetus and focus on advancing the quality."
Satellite executives are in the midst of ranking the many ideas that came out of the workshop, and plan to roll out innovations at small scale in several Wellbound Centers before deploying them widely.
Modifying electronic health record software can help catch early signs of childhood obesity, problems with oral health, vision, and hearing, and the risk of developing autism, expert says.
Electronic health record software has not met some pressing needs of pediatricians.
After years of federally funded studies of the problem, and few meaningful actions as part of meaningful use, it's time for a change.
One healthcare organization has identified pediatricians' biggest EHR pain points and is working to improve the situation.
"The biggest gaps that we found were largely around developmental screening and follow-up," says Kern Eason, pediatric EHR consultant at Community Care of North Carolina, a group of 14 physician practice networks in the state of North Carolina.
"A lot of what pediatrics is about is not so much dealing with acute episodes of care. Especially in the ambulatory setting, it's [about] preventative [measures]."
Modifying EHR software and its decision-support elements, would help catch early signs of childhood obesity, problems with oral health, vision, and hearing, and the risk of developing autism, Eason says.
"The idea is to catch it early," he says. "Adults come in for one visit a year, whereas very young kids have two or three visits with their primary care physician a year."
And systems designed for adults, aren't entirely suitable for children. EHR-prompted adult screening questions such as smoking status need to be deemphasized before patients reach their teenage years, he says.
Instead, EHR prompts for topics such as nutrition and car seat safety can make a big difference, developmentally, he says.
In addition, pediatricians calculate childhood body mass index very differently than they would calculate adult BMI. "A system that measures body mass index using adult metrics is going to be completely off for a child," Eason says.
"The same [is true] for blood pressure percentiles, [which are] completely measured differently in the pediatric world."
Even a task as simple as calculating the appropriate dose of medication for a child can necessitate a pocket calculator. "It's just not real safe, so we're working on making sure that some of those core things that improve care and make care consistent are built into EHRs," Eason says.
Funded by a Federal Grant
This work predates meaningful use, and CCNC was working on it as early as 2010. Stage 1 of meaningful use contained almost no pediatrician-specific quality measures, and stage 2 and stage 3 added just a few, Eason says.
Under a grant from the federal program administering the Children's Health Insurance Program Reauthorization Act (CHIPRA), a program that provides health insurance to children enrolled in Medicaid and the Children's Health Insurance Program program, CCNC worked with pediatricians, EHR vendors, and practice staff to define what it calls a "Model EHR Format" for pediatrics.
North Carolina was one of 18 states awarded this CHIPRA federal grant. CCNC manages care for all Medicaid beneficiaries in the state.
As its starting point, the CHIPRA grant work done by CCNC and other grant-recipient researchers in Pennsylvania took a pediatric EHR gap analysis done in 2009 by Duke University and Intermountain Health and began to look for a subset which addressed the major pain points of pediatricians.
The early work did not give much guidance for what specific improvements could be made in EHRs, Eason says.
Next Steps
Over the course of 2010 to 2015, the grant from CHIPRA allowed CCNC to interact with physicians, hospitals and EHR vendors.
Due to the differing provider mixes in the two states, hospital feedback came primarily from Pennsylvania, and small physician practice feedback came more from North Carolina, Eason says.
The final report, released last November by AHRQ, is spurring efforts on two fronts:
It is informing pediatric workflows for EHRs being scoped out by a workgroup involving the American Academy of Pediatrics, as well as HL7, Eason says.
More importantly, it will give all providers something to lobby their EHR software companies to follow through on and implement.
"The biggest driver is rules for pay-for-performance, and the payment system is really going to incentivize practices to say, 'this is what we must have to be viable and to succeed in the new world,'" Eason says.
Medstar Health's Peter Basch, MD, says the March data breach that crippled its systems and sparked an FBI investigation, "helped us as an organization to be more prepared for the next time."
Each year, the Association of Medical Directors of Information Systems (AMDIS) recognizes outstanding achievements in the field of applied medical informatics.
This year's individual winner, announced last week at AMDIS' 25th Annual Physician-Computer Connection Symposium, is Peter Basch, MD, senior director for IT quality and safety, research and national health IT policy at Medstar Health in Washington D.C.
In an interview, Basch discussed MACRA, EHRs, and life in the data breach era. The transcript below has been lightly edited.
HealthLeaders: With all the changes in medicine and technology, are you optimistic or pessimistic right now? It's a crunch year.
Basch: Part of being a doctor, and I am a practicing doctor, is to bring cautious optimism into everything we do, whether it's for the patient who is fearful, or whether it's with a patient who might have a serious illness.
It is certainly not to deny or sugarcoat the truth. But it is to present a sense of where we can accomplish things—that sense of optimism.
l recently made these comments to the American College of Physicians at their annual meeting:
Let's step back a bit and forget the complexity in the [MACRA] proposed rule, and just say, how many of us internists or family docs or whatever one's specialty really were happy with the volume-based payment system? Who felt that it worked for you and your care for patients?
This [MACRA] is a new approach. If it were implemented exactly as proposed, I think it would be problematic, some things worse than others.
But is it at least pointing in the direction that would allow for us to have a healthcare system that is more understandable, fair, and transparent for everybody, and result in better care at a lower cost, and a better experience for patients, and then those of us working on the clinician side?
I think yes.
HealthLeaders: Are providers increasingly at the mercy of their EHR and other healthcare IT vendors?
Basch: There's some truth to that in general.
But think about a situation at home I have with not being able to stream videos. I'm at the mercy of one or two Internet service providers, neither of which answers the phone when you call them. We're at the mercy of large organizations that control information flow.
So are EHR vendors in a different position? Physicians rely on them to aggregate functions and present things to us that are tested, certified, and work. I don't know if we're at their mercy. At this point in time, it is hard to switch.
HealthLeaders: You're a physician at Medstar Health. Clearly it had to have pained you and everyone in your organization when the data breach happened earlier this year.
Basch: Any time one is a victim of a cybercrime, it hurts. It makes you feel vulnerable. It is the world we live in now.
As a doctor though, what got me, and I have to say, I was very emotional about this, because I'm thinking, all right, there are people who come up with gimmicks to swindle others' money, but the idea that health systems would be targeted with malware and disruptive stuff, do people know that people's lives are at stake when this happens?
You have to deal with it professionally, and you have to come up with approaches to make sure that you are hopefully one step ahead of the next time, because there will be a next time.
It certainly has helped us as an organization to be more prepared for the next time, and I'm thankful that we're responding so quickly that no patient data was compromised. None.
This is a nuisance now, because I have to go through an extra layer of security to get in, but that makes patients feel better.
Using two-factor authentication when e-prescribing for controlled substances saves physicians hours and helps stem prescription drug abuse.
As the U.S. Senate begins reconciling its bill to stem the opioid epidemic with the House, one health system in Massachusetts is already using e-prescribing technology, newly enabled to include controlled substances, to help reduce opioid abuse.
An executive at Massachusetts-based Cambridge Health Alliance says the system, in place for a year, has already saved its more than 700 physicians hundreds of hours and has made patients' lives immeasurably easier.
Using two-factor physician authentication technology from Imprivata, a year ago CHA bid farewell to the lion's share of use of secured, controlled paper printing for writing prescriptions for controlled substances.
In its place is a system that requires physicians to enter a user name and password, then, using Imprivata's e-prescribing app for controlled substances (EPCS) on their smartphones, a sequence of numbers, which refreshes every 30 seconds.
This protocol meets the strict authentication and audit requirements that the Drug Enforcement Administration insisted upon before permitting EPCS in the U.S.
Before rolling out EPCS, Cambridge Health Alliance physicians found themselves having to drive across town to another clinic to sign prescriptions, printed on a secured printer, for maintenance doses of controlled substances.
Now signing these scrips is as simple as approaching any Cambridge Health Alliance physician's workstation, says Art Ream, chief information security officer at CHA.
Twice the Productivity
His team is working on equipping each workstation with a Bluetooth adapter, which can recognize each physician's mobile device also running Bluetooth, even in a busy room with multiple physicians using the EPCS system simultaneously.
"It's increased twofold our providers' productivity from that perspective," Ream says.
"It's kept the overhead out of here, as far as keeping track of the paper, and the controlled prescription paper. Conservatively, it's 400-plus hours of time in the past year returned to those providers, to spend time with their patients versus chasing pieces of paper."
EPCS also benefits the Cambridge patient population.
"We're a huge indigent care behavioral health population hospital system," Ream says.
The patient who probably doesn't have benefits and who probably doesn't get time off because he is hourly, now doesn't need to leave work to get on public transportation, spend money, get to the doctor's office, pick up the piece of paper, get back on the bus and go back to the pharmacy.
"They're probably in pain now. [But] they have to give the piece of paper to the pharmacy. [They have to] get that filled, sit there, hang around… get back on the bus and get home," he says.
"And now they can't put a jug of milk on their table for their kids. They just spent it trying to get across town to make sure that they're healthy and taken care of, so that they're not in pain so that they can take care of their kids. So I can fix all of that, and we did, with all of this."
Unfortunately, a state effort to require EPCS across all of Massachusetts recently failed in the legislature. Nevertheless, Massachusetts is ramping up a new online version of its statewide Prescription Drug Monitoring Program.
Even though physicians may have to toggle between screens in the course of their day to contain to make headway against overall opioid abuse, Ream sees it as progress.
