EHR and Health IT Consulting
40.0K views | +2 today
Follow
EHR and Health IT Consulting
Technical Doctor's insights and information collated from various sources on EHR selection, EHR implementation, EMR relevance for providers and decision makers
Your new post is loading...
Your new post is loading...
Scoop.it!

A better road to information interoperability?

A better road to information interoperability? | EHR and Health IT Consulting | Scoop.it

In the national discourse about interoperability, much of the focus is on enabling a doctor using one electronic health record to access patient information residing in a different hospital’s EHR, even when another vendor built it.


But is that really the best way to give doctors the data they need?

"Having the government mandate interoperability is completely wrong," JaeLynn Williams, president of 3M Health Information Systems, told me. "I think we should let the market drive it – and the market says physicians want a single workflow."


That workflow does not have to be directly in an electronic health record, either, and in all likelihood it won't be as the industry moves beyond its initial digitization and into what many are hailing as the post-EHR era, wherein new platforms come to market that enable clinicians to more effectively follow their patients.


If you picture the EHR as one piece of a software stack, rather than the entire application, these technologies are a layer of abstraction above the EHR and essentially reach down to get that data.


"That's what clinicians want. They don't care about interoperability," said Stuart Hochron, MD, chief medical officer at mobile collaboration platform maker Practice Unite. "They want the information."

Eclectic collective

I'm going to group a bunch of tools together, for simplicity's sake, and christen them as part of a new breed of software delivering that patient data. 


Practice Unite and 3M, with its workflow tools, are in there. Others include par8o, with its boldly-marketed "operating system for the entire healthcare industry," ExamMed's newly-minted "universal healthcare technology platform" and the TapCloud smartphone app, which the company calls "a powerful overlay to an EHR."


Overlay. That's the operative word and, indeed, while ExamMed and par8o are more about reaching and tracking patients they also, for lack of a better term, overlay EHRs and other software systems.

It's important to explain that, rather than being direct competitors, these vendors are a representation of emerging technologies that more closely tie clinicians with patients in a way where all parties have access to relevant data. Hospitals could implement and use two or more of them. And they are just a few of the countless innovators coming to market.


Make no mistake: None of these are going to take over the world and solve today's existing interoperability issues alone. Instead, what they have the potential to do is create pockets of interoperability that might not get us to the Holy Grail of any doctor being able to see all the records of any patient – but might land us somewhere close enough. 


Take par8o, for instance. Lancaster Regional Medical Center is using the platform on top of multiple vendors' EHRs from triage to tracking patients' next steps in care outside its own facilities, according to Lancaster Regional CEO Russell Baxley, to essentially tie together various providers in the area with specialists, patients and payers. Other par8o customers such as MGM Resorts and Mt. Sinai in New York also have the potential to enable wide regions of information interoperability.

An industry misguided?

The Office of the National Coordinator for Health IT is at the epicenter of all this. Its 10-year roadmap to interoperability ambitiously aims for the end point of a learning health system – which is, in my opinion, a noble goal and one worthy of the federal government's efforts.

  

But not everyone will agree with me on that, of course. When I asked Williams if she thinks that the government should back off its efforts to drive standards that fuel interoperability, she cut to the chase: "I would say 'yes.' We're relying too much on standards."

Baxley didn't pull punches either.


"I think we played it out all wrong to get to where we need to be. There's nothing pushing anybody toward true interoperability," he said. "The incentives and the penalties are placed on the wrong people. The only way we'll have true interoperability is when the penalties are placed on the EHR providers and bonuses offered for those vendors to make their systems interoperable."

Inching closer

This new crop of platforms won't supplant ONC's work, of course, but they could soar right on by.


"The ability to capture data selectively and share it opportunistically in ways that empower the clinician will surpass any plans to create huge data warehouses and EHR-to-EHR interoperability," predicted par8o co-founder Adam Sharp, MD. 


Indeed, as more and more pockets of interoperability expand outward, we inch ever closer to that broad-accessibility of data that so-called interoperability promises. But will that be close enough to nationwide interoperability to affect the care delivery improvements we all want?

"I think regions are good enough," 3M's Williams said. "We have pieces of interoperability that exist right now. I believe that we are a lot closer than we think."

more...
No comment yet.
Scoop.it!

EHR Data Interoperability Should Meet Five Use Cases

EHR Data Interoperability Should Meet Five Use Cases | EHR and Health IT Consulting | Scoop.it

EHR data interoperability remains a top priority for the healthcare industry as well as the federal government. In order to ensure the financial investments the government put into spreading EHR adoption and meaningful use requirements are worthwhile, connectivity between health IT systemsand medical devices throughout a healthcare facility will need to be achieved. However, one question that two scientists posed is: “What makes an EHR ‘open’ or interoperable?”


Dean F. Sittig, PhD, from the University of Texas and Adam Wright, PhD, from Boston-based Brigham and Women’s Hospital determined five use cases which identify the definition of EHR data interoperability. Their findings are published in the Journal of the American Medical Informatics Association (JAMIA).


These five use cases include (1) clinicians for provision of more robust and safer care, (2) researchers who can assist in improving knowledge of medical conditions and healthcare workflow processes, (3) administrators who will no longer be reliant on only one EHR vendor, (4) software designers and developers who will benefit by being able to create innovative products and address EHR user interface issues, and (5) patients in order to receive their pertinent medical data regardless of where they obtained healthcare services.


Currently, EHR data interoperability between multiple electronic patient record systems is lacking across the medical care industry. With more than $26 billion invested by the federal government in ensuring EHR implementation boosts patient care processes, it may be for naught if EHR data interoperability is not achieved.


Another major problem that has been perceived in the healthcare sphere is the potential forinformation blocking. A variety of EHR vendors as well as providers have been implicated in the blocking of effective health information exchange. The researchers state that, while many in the healthcare industry understand the need for effective EHR data interoperability, few comprehend the specific definition of the term.


“Many commentators assume that an open EHR shares some of the qualities of ‘open-source’ software, which usually implies that the application’s source code is available, often free of charge, for review, use, and even modification,” the published report stated. “While we support the open-source concept, it has no bearing on whether an EHR satisfies the definition we propose below. On the other hand, we strongly believe that EHR developers should provide customers with access to an ‘escrowed’ copy of their current source code to help mitigate health care business continuity problems in the event the developer goes out of business.”


One use case the researchers point out is the ability of an authorized user to share either an entire patient record or a portion of the record with another physician who utilizes a separate EHR system developed by another vendor.


By focusing on the five use cases the researchers uncovered, vendors and providers could move forward with achieving EHR data interoperability and health information exchange. EHR vendors and developers will need to commit to providing EHR capabilities that can effectively share and exchange data among clinicians and larger healthcare organizations or public health agencies.

more...
No comment yet.
Scoop.it!

Tailored Physician EHR Use Necessary for Evolving Industry

Tailored Physician EHR Use Necessary for Evolving Industry | EHR and Health IT Consulting | Scoop.it

The healthcare industry is changing every day and new, revolutionary processes are continuing to affect patient care and population health outcomes. Whether it’s through patient-centered medical homes, accountable care organizations (ACOs), EHR adoption, or general improved care coordination, the medical sector is making some significant modifications toward better care. However, physician EHR use and implementation of health IT systems will likely depend upon the needs of each disparate medical facility.


Meaningful use requirements, for instance, will need to be flexible enough to ensure health IT platforms are useful and beneficial for differing healthcare providers. When integrating public comments into theStage 3 Meaningful Use final rules and the Stage 2 Meaningful Use modified rules, the Centers for Medicare & Medicaid Services (CMS) should consider the need for adaptable and flexible requirements that providers could customize to their interests.


The American Hospital Association’s President and CEO Rich Umbdenstock wrote in a brief the importance of removing obstacles and developing federal regulations that meet the needs of the healthcare industry. Both care coordination, reducing costs, and investing in physician EHR use are key objectives throughout the medical care market.


“It’s time for regulators to recognize the changing healthcare landscape and remove obstacles on the road to collaboration,” wrote AHA President Rick Umbdenstock. “Healthcare is changing; hospitals are changing; and regulations that block progress toward meeting patient demands and community expectations must change, too.”

Two areas within the healthcare industry that may need health IT customization are public health reporting and chronic disease management. The Department of Health and Human Services (HHS) Office of the Assistant Secretary for Planning and Evaluation (ASPE) along with the National Opinion Research Center (NORC) at the University of Chicago released a report titledPublic Health IT to Support Chronic Disease Control.


In efforts to focus more attention on the triple aim of healthcare, NORC determined that chronic diseases are the major medical cost drivers and most common conditions found among patients across the country. The report went over population health interventions and physician EHR use to exchange data with public health agencies in efforts to curb the further deterioration of chronic conditions.

In particular, physician EHR use can be applied toward addressing case management, social services, behavioral health, and public health services. Incorporating EHR systems will also lead to better collaboration and communication among multiple medical facilities and public health agencies.


“The capacity to collaborate and share data across health care, public health and other partners becomes important in the context of supporting public health core functions,” the report stated. “We see great potential for using electronic data shared between health care providers, governmental public health agencies and other community partners. However, our discussion and earlier research points to important barriers to effective coordination and data sharing to promote population health. These challenges range from the limited mandate for governmental public health agencies in relation to chronic disease, limited public health IT infrastructure and historic lack of coordination between governmental public health agencies and health care providers.”

more...
No comment yet.
Scoop.it!

EHR Interoperability Stalled Due to Information Blocking

EHR Interoperability Stalled Due to Information Blocking | EHR and Health IT Consulting | Scoop.it

When it comes to the practice of medicine and drug discovery, the federal government plays a role in supporting these sectors and developing legislation that opens up avenues for healthcare professionals and scientific researchers. The House Committee on Energy and Commerce has gone forward with creating legislation called 21st Century Cures that delves directly into stimulating the discovery and development of new treatments and medications for patients across the nation. The legislation also impacts the expansion of EHR interoperability.

While the intentions of the 21st Century Cures legislation is beneficial for drug discovery, the American Hospital Association (AHA) finds that the enforcement strategies under the proposed rules could have negative consequences for providers, particularly in its aim to expand EHR interoperability.

AHA Executive Vice President Rick Pollack stated in a letter to the House Committee on Energy and Commerce that, which the organization appreciates the inclusion of EHR interoperability expansion, the “enforcement mechanisms” could lead to issues for healthcare providers such as putting together an ecosystem in which doctors may be significantly penalized for minor errors.

AHA does support health information exchange and EHR interoperability in pursuit of improving patient outcomes and incorporating new models of care. Nonetheless, AHA finds some issues with the enforcement related to vendors participating in information blocking problematic.

“The bill includes a number of enforcement mechanisms against those who engage in information blocking,” wrote AHA Executive Vice President Rick Pollack in the letter. “On the provider side, we believe that the use of Medicare fraud and abuse mechanisms, such as investigations by the Office of the Inspector General, imposition of civil monetary penalties or exclusion from the Medicare program, is unnecessary and inappropriate to address the concerns that the legislation seeks to remedy. We recommend that you use the existing structures of the meaningful use program to promote information sharing.”

On behalf of AHA, Pollack mentions that the organization appreciates the committee’s aim to ensure EHR vendors are responsible for creating interoperable health IT products. However, Pollack also stated that the committee should instruct the Federal Trade Commission to analyze any anti-competitive behavior among EHR vendors. In particular, Pollack finds the decertification of EHR systems among vendors that participated in information blocking objectionable, as it would affect healthcare providers and disrupt patient care.

“The language also includes decertification as a sanction for vendors that engage in information blocking. Decertification would be disruptive to hospitals and physicians that have invested in and deployed an EHR that is later decertified,” Pollack explained. “However, the inclusion of provider protections against meaningful use penalties if their EHR is decertified makes it more reasonable.”

The protections against payment penalties under the Medicare and Medicaid EHR Incentive Programs would last for more than one year, which would give providers ample time to find a new vendor, develop a suitable contract, install another EHR system, and attest to relevant meaningful use requirements.

Additionally, AHA would like the definition of information blocking to become narrower in order to avoid charges of fraud to be dealt due to standard business practices. Essentially, AHA would like to reduce some of the punitive approaches the committee set forth and develop more positive approaches to expanding health information exchange.


more...
No comment yet.
Scoop.it!

Senate Scrutinizes EHR Interoperability

Senate Scrutinizes EHR Interoperability | EHR and Health IT Consulting | Scoop.it

Electronic health record interoperability and secure health information exchange have been key areas of focus for federal health IT leaders in recent months. Now these topics are getting even more attention from Congress.

The Senate Committee on Health, Education, Labor and Pensions is launching a working group focused on identifying ways to improve EHRs, including facilitating secure information exchange between EHR systems from disparate vendors and between healthcare providers.

A source in the office of Sen. Patty Murray, D-Wash., tells Information Security Media Group that the goal of the working group is to make some legislative and administrative recommendations by the end of the year.

"As we focus on making our healthcare system work better for families, the promise of electronic health records could not be more important," Murray said in a statement provided to ISMG. "However, as researchers, providers and patients gather and use more health information, we need to be aware of the cyber-criminals who want to exploit that information. Patients and providers need to know that their information is safe and secure, so I look forward to working with my colleagues to develop strategies to protect privacy and meet today's challenges."


Frustrated by Pace of Change

The new Senate workgroup is the culmination of years of activity by Congressional members, says David Holtzman, vice president of compliance at the security consulting firm CynergisTek. "They are frustrated by the slow pace of change by the Department of Health and Human Services, and the companies that are in the EHR marketplace to address interoperability and patient safety issues," he says.

Holtzman adds that he hopes that the workgroup "can find a path toward restoring balance" between the needs of healthcare providers to have EHR systems that are accessible, yet secure, while facilitating information sharing with other providers - regardless of technology platform.

Because nearly $30 billion has been spent so far on HITECH Act incentives payments to hospitals and physicians for making "meaningful use" of EHRs, Congress is scrutinizing whether taxpayers are getting a return on this investment. EHRs from different vendors, for instance, often don't easily exchange data. By improving EHR interoperability so that patient data can be securely exchanged among healthcare providers nationally, treatment outcomes, as well as patient safety, can potentially be improved.

EHR interoperability is also critical to a "Precision Medicine Initiative" that President Obama unveiled in his State of the Union address (see Precision Medicine: Privacy Issues).

Precision medicine, also known as personalized medicine, involves the use of genomic, environmental, lifestyle and other personal data about patients so that clinicians can better tailor medical treatments that are potentially more effective, based on an individuals' characteristics.

During a May 5 hearing by the Senate committee, Karen DeSalvo, M.D., who heads the Office of the National coordinator for Health IT within HHS, said that the exchange of health data, including for precision medicine efforts, facilitates "more liquidity" of information, but with that, comes risks. "We're ramping up additional security. ... It's a top priority," she said.

DeSalvo told committee members that ONC, which oversees standards and policies of the HITECH Act programs, is ready to collaborate with the working group on EHR interoperability and related issues.
Working Group Goals

In a statement, the Senate committee says the goals of the new bipartisan working group are to help identify ways that Congress and the Obama administration can work together to:

    Help doctors and hospitals improve quality of care and patient safety;
    Facilitate information exchange between different EHR vendors and different health professionals;
    Empower patients to engage in their own healthcare through convenient, user-friendly access to their personal health information;
    Leverage health information technology capabilities to improve patient safety; and
    Protect patient privacy and security of health information.

The working group, which is composed primarily of committee members' staff, will invite participation from health professionals, health information technology developers, relevant government agencies, and other experts specializing in health information technology, according to the committee statement.
HITECH Scrutiny

Sen. Lamar Alexander, R-Tenn., chair of the Senate health committee, said in a statement about the new working group: "After $28 billion in taxpayer dollars spent subsidizing electronic health records, doctors don't like these electronic medical record systems and say they disrupt workflow, interrupt the doctor-patient relationship and haven't been worth the effort.

"The goal of this working group is to identify the five or six things we can do to help make the failed promise of electronic health records something that physicians and providers look forward to instead of something they endure."

The scrutiny over EHR interoperability and secure health information exchange also stretches to the House of Representatives. In March, Rep. Michael Burgess, M.D., R-Texas, unveiled legislation that calls for devising new methods for measuring whether EHR vendors are compliant with interoperability standards (see Bill Proposes EHR Interoperability Plan).

That bill proposes establishing a Congressionally appointed committee, to be known as the "Charter Organization," that would recommend methods for measuring whether EHR systems that qualify for the HITECH Act incentive program satisfy key interoperability criteria.
10-Year Vision

Interoperability and secure health information exchange is the focus of ONC's 10-year roadmap. ONC is reviewing public comments it received on its draft roadmap, and hopes to issue its next proposed version of the 10-year plan later this year.

In addition to its 10-year plan, ONC recently issued a report to Congress about information blocking, outlining how the secure exchange of health information is sometimes intentionally and unreasonably blocked by healthcare organizations, technology services providers and electronic health record vendors. In some cases, the players are inappropriately invoking HIPAA privacy and security concerns, ONC says (see Overcoming Health Info Exchange Blocking).

In an interview with Information Security Media Group at the recent HIMSS conference in Chicago, ONC Chief Privacy Officer Lucia Savage said misunderstandings about HIPAA often contribute to healthcare providers not engaging in the exchange of patient electronic health information. "We need to be a lot clearer about what the HIPAA rules are and how they support interoperable exchange," she says.


more...
No comment yet.
Scoop.it!

The Dire Need for Healthcare Interoperability

The Dire Need for Healthcare Interoperability | EHR and Health IT Consulting | Scoop.it

In a recently published study, "Emergency Physician Perceptions of Medically Unnecessary Advanced Diagnostic Imaging," physician Hemal Kanzaria and co-authors uncovered that 97 percent of the over 700 responding ED physicians admit that nearly one in four advanced diagnostic imaging studies they personally order are "medically unnecessary." Worse yet, most in-hospital diagnostic imaging studies cost about five times more than their independent counterparts for the same work.

"The main perceived contributors were fear of missing a low-probability diagnosis and fear of litigation," according to the study abstract. The real contributor is that emergency physicians, and virtually every other consulting physician, is being forced to treat immediate crisis in the blind under looming threat of litigation, a callously perverse system that costs Medicare and Medicaid hundreds of billions of dollars each year, and the overall healthcare system arguably close to a trillion dollars per year in waste.


Emergency physicians, hospitalists, specialists, and even primary-care doctors, which pretty much covers anyone with a prescription pad, order lots of unnecessary or redundant tests not because the vast majority are intentionally wasteful but, because they, with rare exceptions, have no idea of what has or has not been done before them and must treat patients in the moment of crisis, not in the continuum of care.


This does not mean that ED doctors are bad at their jobs. It's just that doctors working in teams are proven to provide better care at lower cost. Much lower cost. As much as 30 percent.


Doctors work best if they can work in teams using the same information. Unfortunately, EHRs do not provide the kind of information that doctors need to be effective. They need information that helps them make informed decisions and they need to be responsible for all care and costs. When this happens, the quality of care improves. People get and stay healthier, and, costs go down.

Interoperability Hurdles


So, has spending $24.6 billion in taxpayer dollars on EHR systems been a bad idea? Not irreversibly. Some conflicts of interest that strongly inhibit the flow of data need to be addressed first:


1. It's good for EHR vendors to make it as hard as possible to move data to a competing system, denying the healthcare system as a whole.

2. It's good business for hospitals and their sub-specialist employees, whose stability relies on a steady stream of people in medical crisis, to keep data within their own walls and away from competitors.

3. It's good business for the industry as a whole because a free-flow of data means price, quality, and effectiveness transparency, forcing healthcare to compete like the rest of the economy.


And, the federal government obliges everyone with a cloak to hide behind: HIPAA.

The public is the only stakeholder in healthcare that restricting access to data is not good for.


The key to saving our healthcare system is to achieve a free flow of data and to convert that data into actionable clinical, price, and quality information for primary-care physicians, called interoperability.

Interoperability is the ability for different information technology systems and software applications to communicate, exchange data, and use the information that has been exchanged. It solves three of the most vexing problems the healthcare system and its providers face:


1. It unites a fragmented healthcare delivery system;

2. It streamlines and standardizes communication among providers; and,

3. It eliminates duplication of services.


Three Solutions to Move Forward


Karen DeSalvo, a physician and the former national coordinator for health information technology, set a goal to get the basic infrastructure in place by 2017 and to have a fully interoperable national system by 2024. That deadline has since been moved to 2017.


Considering that literally hundreds of thousands of doctors do not have or cannot afford EHR systems, nor can they afford to jump through the annual labyrinth of regulatory hoops to meet the federal government's definition of "meaningful use," and over 150 EHR manufacturers fighting for the only thing that keeps them in business — proprietary data — this goal is not only unrealistic, it is disingenuous.


But, there are companies already operational and their population health, analytics, and quality measurement systems combined with primary-care practice operational transformation, best practices training, and support that unleashes the power of that information, already generating high quality care and superior clinical outcomes at lower cost.


They do this by cutting waste and managing chronic disease effectively, which keeps patients out of the hospital. As a result, they must be independent of hospitals to avoid the conflict of interest.

Hospitals and their unions, whose lament you are already hearing, realize their vulnerability, and will fight unless you change the system to protect them. Hospitals are necessary to the public welfare and our national security.


Three simple actions can accelerate the process:

1. Funding the expansion of our interoperability capabilities and use of a common population health and analytics system with practice transformation, and requiring EHR companies to format their data in the same way and put it in the same place;

2. Limiting "out-of-network" payments to a reasonable percentage of Medicare to protect both patients and providers to protect patients and shared savings and risk programs from predatory practices; and,

3. Indemnifying doctors that use and document best practices from frivolous lawsuits.


With the kind of savings programs like these can deliver, investing the savings from just four or five Medicare beneficiaries per year for each enabled primary-care practice,  the return on investment generates savings of 100 times or more.


The hardest part is mentally disengaging from the misperception that hospitals are healthcare providers. They are not. Hospitals are medical crisis treatment and rehabilitation facilities. Hospitals cannot so much as dispense an aspirin without a doctor's approval, and doctors need to be clear of conflict of interest.


more...
No comment yet.
Scoop.it!

Physician Job Satisfaction on the Decline

Physician Job Satisfaction on the Decline | EHR and Health IT Consulting | Scoop.it

Healthcare bureaucracy and greater focus on data entry may be negatively influencing the physician profession including physician job satisfaction, according to a recent survey from the healthcare solutions group Geneia. The company polled 416 doctors in January 2015 and found that 84 percent claim the amount of quality time with patients has decreased over the last ten years.

Physician burnout is also on the rise, as 67 percent of respondents said they know a doctor who will likely stop practicing medicine within five years. Most respondents were unhappy with the work-life balance aspects of their profession. Only 25 percent surveyed stated they were “very satisfied with the work itself.”

Even though the Department of Health & Human Services (HHS) focused on improving patient engagement through Stage 2 Meaningful Use requirements, it seems that the patient-doctor relationship is actually floundering. A total of 78 percent of respondents said they feel rushed when speaking with patients.

Additionally, many physicians are feeling overwhelmed by the large amount of paperwork and regulations of the healthcare market. The majority of survey takers – 87 percent – felt that the federal regulations in the medical field are impacting “the practice of medicine for the worse.”

In order to counter the negative effects of the business side of medicine on physicians’ career outlooks, Geneia has implemented the Geneia Joy of Medicine Challenge. This will be a web-based event in which the organization will seek ideas from doctors about the best ways to restore the meaning of practicing medicine.

In an interview with EHRIntelligence.com, Heather Lavoie, Chief Operating Officer of Geneia, has said that an excess of information has come from the business and technology side on ways to improve the patient-doctor relationship and that it is time for physicians themselves to come forward with creative solutions. This is why Geneia is holding the Joy of Medicine Challenge.

“They’re [physicians] are in a much better position now to design what will work for them,” Lavoie said in the interview. “Some of what you hear from physicians about what they really need is less data entry and less time in the office clicking away.”

Geneia has already seen some doctors submit ideas for improving the practice of medicine. Some suggestions include hanging EHRs on the wall and limiting the direct interaction necessary with the systems while enabling the tools to capture more data automatically. Additionally, one idea on improving population health management includes leveraging the broader care team, and not just physicians, to categorize patients who are at highest risk, who have missed important preventive services,  as well as those with less serious conditions.

While the survey did not directly ask about how meaningful use stages are affecting the practice of medicine, the takeaway shows doctors are unhappy with the bureaucracy and high amount of data entry required through recent regulations.

Despite the dissatisfaction with data entry, EHR systems are here to stay, Lavoie mentioned. Physicians are not asking to go back to paper-based charting and in general going backwards would not work for the medical industry. For example, there are many medical school graduates getting into the field today who have never used paper charts.

However, Lavoie does say that EHR systems may need better design and improved implementation in order to give physicians more time for direct patient care. Both meaningful use and the Affordable Care Act were “a good shot in the arm” in the move from paper-based to electronic systems, “but with any shot in the arm, there may be side effects,” Lavoie infers.

Currently, there are too many “business burdens” for clinicians. The implementation of EHRs may have occurred too rapidly, which puts the systems at a disadvantage for being instrumental or meaningful in the healthcare system. Many medical facilities have felt rushed when implementing health IT tools, which often translates to less training for staff members. The deadlines of federal regulations have also put a time constraint on the design of EHRs, which may benefit from better construct.

“We jumped into implementation very rapidly in some cases and when you do that, you might shortcut design and you might not efficiently implement them… or adequately train the staff,” Lavoie explained.

The talent and the skill of physicians are not being used effectively if they spend more time with data entry than direct patient care. Freeing up physicians from the administrative tasks of their job may improve their career satisfaction.

One solution that Lavoie proposed involves greater data capture and automating data entry. For instance, when a patient’s blood pressure is measured, it would be useful to have a system that incorporates automatic uploading instead of manual recording.

Some supplementary solutions to these issues could come from dictated notes and natural language processing tools. Bringing physicians back to connecting with patients is important for both the satisfaction of practicing medicine and patient participation. Additionally, patient portals that are designed well and have greater usability do improve the patient experience, according to Lavoie.

“Access to information about an individual’s health status… [and] their full medical history has the potential … to improve the physician-patient relationship ultimately and improve satisfaction. That said, we can implement things well or we can implement them poorly.  It isn’t necessarily a limitation of the system itself, rather, so much of it is in how we implement it, how we communicate about it, and how we use it as a tool,” Lavoie spoke on the benefits of patient portals.

Even though two-thirds of doctors know someone who is considering leaving the occupation, Lavoie says most doctors are problem-solvers and optimists who would rather heal the profession rather than leave it. By incorporating the suggestions from the Joy in Medicine Challenge, job satisfaction among those practicing medicine may be restored.


more...
Kush Pathak's curator insight, March 11, 2015 6:00 PM

The bureaucracy that is being discussed in this article is the Department of Health and Human services. I did not realize that they spend so much of their time and resources on petty data entry and statistics. These things may be important, but what is more important is to ensure that those in the healthcare field and satisfies, and are protected under the law. I do not agree with what this bureaucracy is doing because it just goes to show that these governmental and restrictive bodies are not always here to show protect us, sometimes they are more focused on their their own public image and less on the well being of their actual members and the people that rely on them. 

Scoop.it!

Top 10 EHR vendors in physician offices

Top 10 EHR vendors in physician offices | EHR and Health IT Consulting | Scoop.it

There's little question that Cerner and Epic are the giants in the EHR field. Epic is dominant not only in the scope of its market share but also in the depth of its client base. Mayo Clinic announced last month that it would be abandoning its three current EHR systems in favor of a new contract with Epic, which will now be the healthcare icon's sole EHR provider and strategic partner. Jilted in the deal were GE and Cerner, who were the providers of Mayo's current systemsalthough if you tallied the figures when Cerner acquired Siemens' EHR unit for $1.3 billion, it still had the largest US market share of any vendor, with 1,132 acute care hospitals. 

But a more granular look at market share amongst physician offices shows a slightly different market picture.



Epic is still on top, but only by a percentage point (eClinicalworks is close on its heels). And as you might expect, Epic's client base skews heavily towards larger practices, dominating the 41+ practice market at 54%. On the lower end of the scale (1 - 3), Epic, eClinicalworks, Allscripts and Practice Fusion are all within a percentage point or two of one another. 

Cerner, notably, is way down the list across the board in the physician practice world, taking just 3.5% of the overall market. So is athenahealth, at 3.3% overall and just 0.4% and 0.8% in the 26 to 40 and 41 and up segments. This tallies with the cloud-based vendor's ongoing investments in the inpatient market, however: In January, the cloud-based provider purchased start-up RazorInsights to move into the 50-bed and under sector, a niche that accounts for one-third of all hospitals in the US; and last week the company announced that it has purchased WebOMR, Beth Israel Deaconess' cloud-based, stage 2-certified EHR, for commercial development in the hospital setting.


more...
No comment yet.
Scoop.it!

Top things providers need to know about interoperability

Top things providers need to know about interoperability | EHR and Health IT Consulting | Scoop.it

It seems that interoperability is the biggest buzzword in health IT right now, and for good reason. Too much money is lost by both providers and patients due to a lack of data sharing and communication between doctors. However, with optimized medical software and implementation and standards outlined by the meaningful use program, nationwide interoperability is a goal that could actually be met in U.S. health care over the next few years.


If you're unsure about what interoperability means, or want to know how you can bring data sharing to your health system, here are some of the top facts you'll need to know:


"The U.S. could save around $30 billion annually with interoperability."


Interoperability saves big


According to an analysis by the West Health Institute, the U.S. health care system has the potential to save more than $30 billion each year with an interoperable platform. Having an electronic health record that travels with the patient not only prevents readmissions and duplicate treatments, but it also saves precious time and resources.


Congress is interested in interoperability


Another story making headlines is interoperability on Capitol Hill. For the past several months, Congress has been taking a serious look at interoperability and the way that organizations and legislation can work together to make this happen.


Cloud computing is driving interoperability


Medical devices are growing increasingly sophisticated in the health care environment, and doctors are relying on smartphones and tablets for diagnoses and treatments more than ever before. In busy medical settings, having cloud access to patient information alongside interoperable systems could make these clinical tasks even easier.


Experts have broken down five main use cases for interoperability


According to a recent study published in the Journal of the American Medical Informatics Association, there are five main use cases that make up an interoperable EHR. They are as follows:

1. Organizations must be able to extract patient data while still maintaining their own structured data.

2. Users must have the ability to transmit the entirety of a patient's EHR, or portions of the EHR, to another doctor.

3. The organization's health information exchange can receive requests for copies of a patient's EHR from providers outside of their system in a standard format.

4. Providers must have the ability to move all patient data from an old EHR into a new EHR.

5. Organizations must have the tools to embed EHR data into a health care system's operating API. This increases the value of data capture and transmission.


The ONC's Interoperability Roadmap is a broad vision


Perhaps the biggest revelation about interoperability is the Office of the National Coordinator for Health Information Technology's Interoperability Roadmap, which outlines a long-term, 10-year plan for the future of interoperability in the U.S. Not only does the roadmap address barriers to interoperability, but it also shows how optimized EHR systems can push interoperability toward patient-centered care over the next decade.


Organizations pushing for interoperability


There are several leading nonprofits you might want to be aware of that are making interoperability a priority, according to Becker's Hospital Review. Some of these include the Argonaut Project, IHE USA (which is partly responsible for ConCert, an interoperability testing program), JASON (a group of independent scientists that advises lawmakers and other government officials about health IT) and the CommonWell Health Alliance. Many of these stakeholders are some of the most influential in health IT, so it's clear that interoperability is a major goal moving forward.


As interoperability becomes more of a focus in health care, providers need to think about ways that they can promote data sharing and health information exchange. With Intelligent Medical Software, clinicians can worry less about whether the health data is accurate on the EHR, and can instead focus more on their patients and save resources.

more...
No comment yet.
Scoop.it!

EHR Adoption Challenges Solved through Data Entry Transfer

EHR Adoption Challenges Solved through Data Entry Transfer | EHR and Health IT Consulting | Scoop.it

Once the HITECH Act was passed in 2009, EHR adoption and implementation of health IT systems grew tremendously over the coming years, as more providers began focusing on obtaining financial incentives from the Centers for Medicare & Medicaid Services (CMS) under the EHR Incentive Programs. While patient safety and quality of care has improved with the integration of computerized records, EHR adoption challenges have led to certain burdens among healthcare professionals.


From the potential for medical errors to a conceivably negative impact on the patient-doctor relationship, EHR adoption challenges will need to be addressed as healthcare facilities continue to implement computerized systems in order to qualify for the Medicare and Medicaid EHR Incentive Programs.


Fourteen experts from a wide background of organizations including Kaiser Permanente, Cerner Corporation, and Nextgen Healthcare put together a report to illustrate the future of EHR technology and how to overcome many common EHR adoption challenges. The report was published on behalf of the American Medical Informatics Association EHR 2020 Task Force.


Some of the “unintended clinical consequences” of EHR implementation has been the longer work hours required from the data entry around computerized patient records  and less time for physicians to communicate directly with their patients. Additionally, EHR interoperability has not grown across the medical sector as quickly as previously hoped. Health data exchange is lacking due to information blocking among providers and vendors alike.


The overall goal of the health IT industry is to develop an effective and interoperable health information exchange platform in which patients, providers, healthcare professionals, and public health agencies have ready access to key data. However, EHR adoption challenges have put up roadblocks toward meeting this goal.


The Task Force offers ten suggestions for improving on health IT systems and overcoming some common EHR adoption challenges. First, it is important to decrease the overall burden from a high amount of data entry on the physician. When it comes to diagnosis and treatment, the process of capturing data has fallen on the physician, but moving the data entry toward other members of the healthcare team or even patients themselves could prove beneficial.


“Clinicians remain uncertain regarding who can and cannot enter data into the record, placing a tremendous data entry burden on providers, the most expensive members of the care team,” the Task Force wrote in the report. “Clinician time is better spent diagnosing and treating the patient rather than charting. Regulatory guidance that stipulates that data may be populated by others on the care team including patients would reduce this burden.”


Another suggestion the Task Force offered is to include sound recording during a patient visit instead of manually entering information into the EHR system. When it comes to discussing medical history, conducting a basic physical exam, and giving patients advice, doctors would benefit from a sound recording instead of pure data entry.


By following the suggestions offered in the Task Force’s report, the healthcare sector should move forward in properly addressing some common EHR adoption challenges and paving the road toward a future of effective and interoperable health IT products.

more...
No comment yet.
Scoop.it!

ICD-10 Implementation Vital for Value-based Care Payments

ICD-10 Implementation Vital for Value-based Care Payments | EHR and Health IT Consulting | Scoop.it

When the SGR bill was passed by the Senate without any ICD-10 implementation delays, the proponents of the new coding set rejoiced. Not only did passage of this bill bring about a stronger formula for Medicare reimbursements but it also meant that the ICD-10 implementation would most likely take place by the scheduled deadline of October 1, 2015.


When President Obama signed the Medicare Access and CHIP Reauthorization Act of 2015 into law on April 16, the legislation moved American physicians away from fee-for-service payments toward value-based care and accountable care delivery, according to the Healthcare Information and Management Systems Society (HIMSS).

Additionally, the new SGR bill includes innovative objectives for establishing the meaningful use of certified EHR technology. These payment models will be key for improving population health outcomes throughout the country. The volume-based payment reductions under the prior sustainable growth rate formula will now be altered with a new annual payment update of 0.5 percent through 2019.


By 2019, doctors will be able to choose their reimbursement method among two options: the Merit-Based Incentive Payment System or the Alternative Payment Model. While the Merit-Based Incentive Payment System will depend upon the performance of physicians, doctors who choose the Alternative Payment Model must utilize certified EHR technology standards and authorized quality measures as well as assume financial risk.


The overall push toward value-based care among the federal government, patient advocacy groups, and healthcare providers will require the medical industry to quickly and efficiently transition to the ICD-10 coding set. Documenting patients’ medical histories as well as accurately reporting and coding diagnoses and treatments is vital in the quest to pay for value and enhance population health outcomes across the sector.


The Coalition for ICD-10 also reports on the importance of the ICD-10 implementation in the move toward value-based care, as ICD-9 codes do not have the same capabilities as the newer coding set. While the healthcare community supports the SGR reform bill, many physician groups are still against the ICD-10 implementation and are hoping for additional delays.


However, a move toward measuring and paying for value-based care is not possible without transitioning to a modernized form of diagnostic and procedure coding. In order to accurately measure the value of a healthcare service, it is vital to have the detail available in the ICD-10 coding set, the coalition explains.


One example of the subpar quality of ICD-9 codes involves putting two patients with similar conditions but differing symptoms under the same code while ICD-10 accounts for a variety of divergence among patients. Essentially, ICD-10 codes will include key information about patients and record their medical history more accurately with additional detail.


“Despite opposition to ICD-10 by some physician groups and a few isolated state medical societies, there is general recognition in the medical community that a modern and precise coding system like ICD-10 is essential for measuring and paying for value,” the Coalition for ICD-10 stated. “ICD-9 represents medicine of a bygone era. It cannot support a move to measuring and paying for value. To meet the demands of SGR there can be no further delays in the ICD-10 implementation date.”


more...
No comment yet.
Scoop.it!

Value-based Interoperability: Less is more

Value-based Interoperability: Less is more | EHR and Health IT Consulting | Scoop.it

Interoperability in health care is all the rage now. After publishing a ten year interoperability plan, which according to the Federal Trade Commission (FTC) is well positioned to protect us from wanton market competition and heretic innovations, the Office of the National Coordinator for Health Information Technology (ONC) published the obligatory J’accuse report on information blocking, chockfull of vague anecdotal innuendos and not much else. Nowadays, every health care conversation with every expert, every representative, every lobbyist and every stakeholder, is bound to turn to the lamentable lack of interoperability, which is single handedly responsible for killing people, escalating costs of care, physician burnout, poverty, inequality, disparities, and whatever else seems inadequate in our Babylonian health care system.


When you ask the people genuinely upset at this utter lack of interoperability, what exactly they feel is lacking, the answer is invariably that EHRs should be able to talk to each other, and there is no excuse in this 21st iCentury for such massive failure in communications. The whole thing needs to be rebooted, it seems. After pouring tens of billions of dollars into building the infrastructure for interoperability, we are discovering to our dismay that those pesky EHRs are basically antisocial and are totally incapable or unwilling to engage in interoperability. The suggested solutions range from beating the EHRs into submission to just throwing the whole lackluster lot out and starting fresh to the tune of hundreds of billions of dollars more. When it comes to sacred interoperability, money is not an object. It’s about saving lives.


Every EHR vendor flush with cash from the Meaningful Use bonanza is preparing to take its unusable product to the next level, machine interoperability is shaping up to be the belle of the ball. A simple minded person may be tempted to wonder why people who, for decades, manufactured and sold EHRs that don’t talk to each other, are all of a sudden possessed by interoperability fever. The answer is deceptively simple. After exhausting the artificially created market for EHRs, these powerful captains of industry figured out that extracting rents for machine interoperability is the next big thing.


The initial pocket change comes from selling machine interoperability to their current bewildered (or stupefied) clients, and to less fortunate EHR vendors. But the eventual windfall will not come from the health care delivery system or the hapless patients caught in its web. How much do you think access to a national and hopefully global network of just-in-time medical and personal data is worth to, say, a pharmaceutical company giant? How about life insurance, auto insurance, mortgage, agribusiness, cosmetics, homeland security, retail, transportation? Google built an empire by piecing together disjointed bits of personal data flowing through its electronic spider webs. What do you think can be built by combining everything Google knows with everything your doctor knows and everything you know about yourself?


Machine interoperability is not about patient care in the here and now. Interoperability is not about ensuring that all clinicians have the information they need to treat their patients, or that patients have all the information they need to properly care for themselves. Interoperability is about enriching a set of interoperability infrastructure and service providers and about electronic surveillance of both doctors and their patients. Machine interoperability is about control, power and boatloads of hard cash.


For example, if you are hospitalized, it makes sense that your primary care doctor should know that you are (not in the past tense), and when you are discharged, he or she should be appraised of what transpired during your hospital stay. In the old days, before the advent of hospitalists, this could be assumed. Today, thanks to more efficient division of labor, not so much. If the government was genuinely concerned about smooth transitions of care, it would mandate that upon discharge, hospitals must provide all pertinent information to the primary care doctor, and the patient, by any means necessary. If this meant that a piece of paper is stapled to the patient’s robe, and that the hospital employs an army of delivery drones for the purpose, so be it. Eventually, hospitals, which are big businesses, would come up with the most cost effective and efficient way to be compliant with the law.

That’s not how things currently work or how they are envisioned to work. Discharge summaries have a mandated format of structured data elements, complete with metadata, based on government approved standards that change with frightening regularity. Furthermore, to satisfy regulations, the summaries must be generated and transmitted electronically from one “certified” EHR to another, allowing for a host of intermediaries to access and collect said data or at the very least its metadata. Consulting with the PCP by phone for an hour doesn’t count. Sending the information from a non-certified software package doesn’t count. Printing and sending over information by special courier doesn’t even begin to count. Attempting to build a device that streams the information as it happens directly into the PCP medical record will get you excommunicated or burned at the stake.


If you refer a patient to cardiology service, and in a misguided senior moment decide to pick up the phone and talk to the cardiologist at length about this patient, it doesn’t count. If the cardiologist pens a concise and beautiful letter to you after she sees your patient, thanking you for the referral and summarizing her impressions and plan of care in proper English, it doesn’t count. The only thing that counts is a lengthy clinical summary containing all the sanctioned data elements sent from you to the cardiologist, copied in its entirety and returned from the cardiologist to you, hopefully with some indication about what happened during the consult. Having your EHRs talk to each other this way is considered interoperability. Whether you actually read the interoperated information is irrelevant. As long as the contents are captured by the network for other uses, it’s all good.


But wait, there is more. If you practice, say, in St. Louis, Missouri and work for a huge health system or somehow managed to string together a machine interoperable network with the twenty or so specialists you use on a regular basis and the four hospitals where you have admitting privileges, that’s not good enough. Nothing is good enough unless any research lab in Hopewell, New Jersey or Bangalore, India can discover you on the (inter)national interoperability network and request data about a patient you may have treated five years ago, and nothing will be good enough unless any app store developer in Cupertino, California can discover your patient and subsequently obtain her medical data once she downloads a free diet app from iTunes.

Are you “just” a patient eager to be “engaged” in your own care? Picking a doctor who will spend two hours with you listening carefully and explaining things you don’t understand, and who will give you his cellphone number in case you have more questions, doesn’t count. Getting a team of physicians together on a conference call to brainstorm about your mom’s options, doesn’t count. Building a long term relationship with your pediatrician and having her come see your sick kid at home because your car is in the shop and your toddler can’t keep any food down, and now the baby won’t stop crying, doesn’t even register on the interoperability radar. Nothing counts unless you log into a website or an app, accept the cookies, the tracking beacons, the small print, and then click on some buttons to verify that you are a “Never smoker”, or to peruse machine generated visit notes that even your doctors don’t read anymore.


Perhaps machine interoperability on a national scale is a wonderful thing, but so is having arugula in every fridge. There is absolutely no evidence that either one will improve health and/or reduce the price of care. Every dollar spent on national machine interoperability is a dollar that was previously used, or could be used, to provide medical care. Where did we find the moral fortitude to demand that people experience adverse outcomes at least three times before letting them have a slightly more expensive pill, while spending billions of dollars to incentivize the purchase of unproven and often failing technologies? If we are supposed to be parsimonious in our use of health care resources, if we are supposed to choose wisely in all other areas, where is the comparative effectiveness research showing that expensive machine interoperability on a grandiose global scale provides more value than cheaper and simpler localized or human mediated communications?


  • Add one doctor visit for every Medicare beneficiary for the next 8 years
  • Give primary care a 20% raise for the next 4 years
  • Double the number of residencies for the next 3 years
  • Educate 60,000 new primary care doctors from scratch
  • Buy an iPhone glucose monitor for every diabetic patient and an iPhone BP monitor for every hypertensive patient (no, I’m not a “technophobe”)
  • Put a brand new playground, a gym teacher and a home economics teacher in every elementary school in the U.S.
  • End homelessness in America


These are some of the things we could do with the billions of dollars spent on machine interoperability. Which has more value for our collective health? How did health care become a fully owned subsidiary of the computer industry? Who authorized this unholy acquisition and how much were those brokers paid? Have we forfeited our right to choose, or even know, how endless fortunes are steadily interoperating out of our treasury and into the hands of global technology firms? Publishing fuzzy ten year plans on obscure websites, so the Technorati can tweak them, doesn’t count. Publishing thousands of pages of regulations in the federal register, so interest groups can preview the fruits of their labor, doesn’t count either. Raiding public coffers to please friends and family and to curry political favors is hardly a disruptive innovation, so let’s just call it what it is.


more...
No comment yet.
Scoop.it!

Do Health IT Systems Need Greater Interoperability?

Do Health IT Systems Need Greater Interoperability? | EHR and Health IT Consulting | Scoop.it

The medical sector is aimed at reaching the triple aim of healthcare by incorporating health IT systems and EHR technology. The triple aim focuses on improving patient care, lowering medical costs, and boosting population health outcomes.


In a Health Affairs Blog, National Coordinator for Health IT Karen B. DeSalvo discusses the landscape of information technology in the medical space.  DeSalvo emphasizes the need for interoperability among health IT systems and mentioned how the Office of the National Coordinator for Health IT (ONC) is developing new implementation standards. Additionally, the need for privacy and security of patient data is also asserted by DeSalvo.


The sharing of patient data through health IT systems has been a major focus for the healthcare industry over the last year. To improve EHR interoperability, ONC has listened to the health IT community to develop a roadmap for establishing strategies and opportunities to move the country toward greater health data exchange.


DeSalvo has participated in many listening sessions across the country and learned about certain issues that harm the interoperability of health IT systems and plague hospitals and providers. Rural communities in Alabama, for instance, do not have full broadband access while bordering state privacy laws in New Jersey block medical data exchange. The overall essence of DeSalvo’s discussion revolves around the importance of interoperability among health IT systems.


“I also listened to my own experiences — as a doctor, as a daughter, and as a consumer,” DeSalvo stated. “I thought of countless patients whom I have seen and those I continue to see when I am in clinic. Of visits where I did not have the information needed to make a decision that day, requiring patients to return and miss work, school, or other obligations. Of patients who want to engage and feel empowered but need not only data, but information, to help them level the playing field, to allow them to meaningfully engage.”


“Of being a caregiver for a mother dying of dementia and being frustrated at just how hard it was to get access to the information I needed to help her. And, as a public health advocate and official, needing information about my community to prioritize resources to help them address the broad determinants of health,” said DeSalvo.

Over the last six years since the Health Information Technology for Economic and Clinical Health (HITECH) Act was passed, the healthcare industry has gone forward with meeting many of the goals ONC established such as widespread implementation of EHRs and health IT systems. More and more eligible providers began meeting meaningful use requirements under the Medicare and Medicaid EHR Incentive Programs.


While these achievements are impressive, DeSalvo mentions the need to digitalize “the care experience across the entire care continuum” and gain “true interoperability.” ONC is currently working on a plan for both public and private sectors to gain interoperability. The next step for ONC and the healthcare industry is to go beyond meaningful use and EHR implementation in order to truly bring better health for patients across the country.


more...
No comment yet.
Scoop.it!

How cloud computing enables interoperability

How cloud computing enables interoperability | EHR and Health IT Consulting | Scoop.it

CMS has signaled a renewed focus on interoperability, a welcome development for healthcare professionals anxious to more easily exchange insightful data. But there’s still the matter of how well the people involved in various collaborative “Big Data in Healthcare” initiatives operate together.

At some point for most of us in our careers – usually early on – we’ve encountered a project that was initially heralded with a great deal of fanfare, only to ultimately fizzle out after failing to gain enough buy-in. For all the excitement surrounding Big Data projects, many are at similar risk of a premature end if stakeholder concerns aren’t addressed at the outset:

  • Who will host the data?
  • How will data privacy concerns be handled?
  • How have restrictions on data use been addressed?
  • Do existing consents allow for data sharing?
  • Will the data need to be de-identified? If so, using which methodology?
  • Who will be responsible for acquiring, maintaining and distributing it?
  • How will the data be protected as it’s routed to its new home?
  • How well will it be protected in its new home? Who will have access to it?

For this to work, a neutral ground is usually needed, offered by a trusted third party.

The cloud: breaking down barriers to data exchange
In healthcare, massive amounts of data are not stored in pre-defined, structured tables. Instead, they are often composed of text, notes, numbers, images, formulas, dates, and other facts that are inherently unstructured. In fact, certain kinds of data sources are being created so quickly that there is no time to store it before the need to analyze it.

Savvy healthcare executives see Big Data as an opportunity to break down the paradigm of siloed data. They know that isolated data can be inefficient. Yet even while supporting the vision of Big Data, many healthcare leaders are traditionally reluctant to share data outside their own firewalls. Due to competitive considerations and confidentiality risks, there must be a level of trust in the quality and security of the receiving organization’s health data management systems for the data owner to be willing to share it. No one wants to risk a HIPAA privacy or security violation at the hands of another entity.

'Dirty' data can yield hidden treasures
To make an effective Big Data play, data sharing arrangements must be made, data flows defined, data analytics engines and the underlying infrastructure created, and the proper data governance must be agreed upon by all relevant stakeholders. It is at this stage that a trusted third party data warehouse environment is critical for success.

Conventional wisdom leads many to believe that data must be scrubbed, normalized and aggregated into a standard format in order to gain key insights. In fact, for Big Data in Healthcare, the time-tested principle of “garbage in, garbage out” actually may not apply.

Using the right data analytics tools can reveal unexpected insights from unstructured or “dirty” data as some call it.

In addition to enabling insights from disparate data sources, storing and protecting data, data management services are now available that alleviate the need for healthcare organizations to hire additional experts in meaningful use or cloud technology, including:

  • Pulling data from different sources into a single cloud-based repository for collaborative use
  • De-identifying the data and stripping it of identifiable information
  • Data visualization with dashboards and reports
  • Audit trails of who accessed what, when and from where
  • Dynamically scaling the infrastructure as the data volume increases

Cloud for collaborative care
Entities that are members of an accountable care organization or other coordinated care programs also benefit from the neutrality of the cloud for a variety of functions, from the day-to-day, such as claims and billing, to more analytic reporting and collaboration. The cloud provider can host the data along with any other number of data management services that the healthcare organization can’t, or just doesn’t want to take on.

Can you blame them? Healthcare organizations need all of their IT staff on deck for analytics and other data projects. And as we move to a more coordinated and shared model for healthcare, all stakeholders need a neutral and trusted environment that fosters collaboration. And based on the potential for infinite computing power and storage on the cloud, the sky’s the limit for interoperability.


more...
No comment yet.
Scoop.it!

Electronic health records and data abuse: it's about more than medical info

Electronic health records and data abuse: it's about more than medical info | EHR and Health IT Consulting | Scoop.it

On the heels of the recent announcement that medical insurance firm Anthem was breached, we look at the nuance and impact of a medical record breach versus a medical data breach. They are certainly related, but digging through troves of data containing primarily identity information is significantly different to an attack that focuses on specific treatment of a specific patient.

If an attacker can harvest name, social security number, phone, address, email and the like, that haul has a much wider potential audience than, say, whether or not a patient underwent a specific medical procedure. A stolen medical record containing a lot of detail may sell for a lot of money, but that market is more specialized than the broader market for general identity data.

To help folks visualize the different levels of data that thieves might want to swipe from a medical facility, and then abuse, my colleague, Stephen Cobb, created this diagram of a generic electronic health record.

Level one is pretty basic info, things that are fairly easily knowable about you without any hacking, normally sourced through Open Source Intelligence (OSINT) gathering. However, grabbing a big fat collection of such data might still earn a bad guy some black market bucks, say if a spammer needed fresh targets.

The illegal earnings potential goes up a notch if you can grab Level 2 data. Scammers can use that to carry out several kinds of identity theft, creating fake IDs, opening credit card accounts, committing tax fraud (filing fake returns to get a refund) or even use it to answer challenge questions to online accounts, thereby pivoting the attack to new digital beachheads. Even Level 2 data is enough to commit some types of medical ID theft, though the bad guys have no clue how healthy or sick you really are (here’s a pretty scary case of what can be done with just a stolen driver’s license).

Level 3 data just makes all of the above that much easier; plus, it enables new forms of badness. Some crooks prefer taking over an established account to opening a (fake) new one. the number of electronic records or EHRs that actually contain financial or payment data is not clear, but obviously a lot of healthcare entities do handle it at some point, making them a target for digital thieves who turn around and sell it on carder forums.

When you get to Level 4 data, the badness takes on a new dimension. If an attacker has a patient’s full (or partial) history, it’s easy to imagine matching up a willing bidder who has a need for a similar medical procedure with a donor record to (roughly) match, in an attempt to get pinpointed specific services they would otherwise have difficulty receiving.

But the options for selling medical history-style Level 4 records may be much narrower in scope than, say, bulk repackaging and resale on the underworld markets of lower levels, appealing to any buyer who wants to assume an identity, spread a wider net and attack other properties, or engage in fraudulent activity which is then blamed on you (if it’s your record that was compromised).

Of course, the threatscape may well change as the EHR becomes more universal. With the proliferation and sprawl of third party providers who are somehow tapped into a cohesive health ecosystem, there will always be various specialized smaller providers whose business is targeted to a specific subset. That’s not bad, it’s just how the health segment does business; in many cases it leverages strengths of one organization to help another. But it does imply a larger potential attack surface, which has implications for security if the data sprawl is not carefully managed. For example, if an attacker can gain a beachhead in one of the providers in the ecosystem, will they then have an elevated trust relationship with other systems within this ecosystem?

And here’s the rub: having instant digital access to all of a patient’s medical data (or other sensitive information) wherever a doctor happens to physically be is a wonderful tool, but now we have many more endpoints in question with security environments to understand and corral. This implies an ongoing need, not just for really smart endpoint protection, but also strong encryption, and authentication, as well as sane network segmentation, vigilant network monitoring and reliable disaster recovery.


more...
No comment yet.