Hungry Hungry HIPAA. Omnibus Revives Patient Privacy focus.

Hungry HippoHIPAA…the consulting gift that keeps on giving. The people I have worked with know well, I’ve been on a crusade to make sure that people don’t misspell HIPAA and put in two P’s instead of only one required. I thought I would use that to my advantage as I need to come up with witty titles each week and decided I might as well make that  work for me with my friend the hippo here. It is NOT HIPPA! It’s  Health Insurance Portability and Accountability Act or HIPAA (and for those who came in late), was enacted on August 21, 1996, by the United States Congress and signed by President Bill Clinton that same year.

Giving it new life, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights last year announced a final rule (mostly called the Omnibus rule) that implemented a number of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under HIPAA. It was primarily created to allow patients better access to their own medical records and also to have their records available to different physicians and care providers.

New, stricter standards have been implemented to the Omnibus rule in order to strengthen patient privacy protections. If your care delivery organization is subject to HIPAA, compliance was required by Sept. 23rd, 2013. Compliance experts are of the opinion that many organizations are not comprehensively aware of the changes that need to be in place in order to comply with the law and are at risk of having to pay heavy fines for not meeting the necessary requirements. For instance, Protected Health Information (or PHI such as names, birth dates, social security numbers, email addresses or medical record numbers) was changed from indefinite to 50 years after death. Increased and more severe penalties also came into force for violations of PHI privacy.

Some of these changes include changes or updates to the Security Rule and Breach Notification portions of the HITECH Act. The biggest changes cover the expansion of requirements that include business associates, where before, only covered entities had originally been required to uphold these particular sections of the law.

In addition, the definition of ‘significant harm’ to an individual in terms of a breach was updated so as to provide more review of covered entities with the intent of disclosing more breaches, which, in prior years, had previously been unreported. Also, previously, an organization needed to prove that harm had occurred whereas now they must prove the opposite; that harm has not occurred due to a breach.

With the new HIPAA Omnibus rule, the focus has been renewed on security and confidentiality along. While care delivery organizations are feeling ‘regulatory compliance fatigue’, in this world of cyber crime and data moving across geographic lines at incredible speeds, the concern is real and breaches occur more often than organizations care to admit. With the increased level of sophisticated technology being used at care provider organizations, the ability to defend against these possible cyber threats are some of the most necessary for today’s technology encompassing, BYOD healthcare ecosystem.

HIMSS ’14 this week in Orlando!

The HIMSS ’14 conference is the largest healthcare information technology conference in the world and it is this week at the Orange County Convention Center in Orlando, Florida. Don’t miss the keynote sessions, where it is advertised that you will see the CEO of Aetna, Mark Bertolini tomorrow, Hillary Rodham Clinton on Wednesday, Feb 26th, Marilyn Tavenner, Administrator, Centers for Medicare & Medicaid Services & Karen DeSalvo, MD, MPH, MSc, National Coordinator for Health Information Technology, the last two on the 27th of February, 2014.

Make sure you participate in your region’s reception while you are there and if you are not sure where or when it may be, reach out to your chapter’s website and see if they are still able to accommodate you at this late stage. Make sure that you see the thousands that will be there at the Exhibit Hall and participate in the education sessions going on all day.

For more information, check out

Population Health Management: Patients first

Population Health Management (PHM) is (as stated by Wikipedia) “the health outcomes of a group of individuals, including the distribution of such outcomes within the group”. This is an an approach to health that’s focus is to improve the health of an entire population.

PHM has several aims that will help with the challenges presented by healthcare reform such as keeping the healthy as well as possible through preventative care, and preventing the chronically ill from getting sicker and therefore reducing costs through fewer encounters with physicians.  In terms of collaborative care, PHM has a lot to offer, such as predictive modeling, health risk assessments  health information technology infrastructure, analytics & care coordination and other core competencies.

Though as accountable care organizations become a reality,  they should be structured in a way that provides an incentive for managing health where there could be an opportunity and not just be 21st century versions of HMOs. In addition, as population management studies rely on a multi-year reference as a baseline and so when the codes change to ICD-10 this October 1st, 2014, it will be difficult to manage or translate from the previous baseline and collect any valuable data and there will be a few years before healthcare organizations can again start tracking meaningful population health management trends with ICD-10.

According to a December 2011 article in Healthcare IT News, it mentioned that “population health management has been both a driver and benefactor of the rise in eHealth and mHealth technologies”. As we move into an ever more mobile world and demand has risen for mobility solutions in everyday life such as music, news and navigation, mobile technology in patient engagement has been ever more utilized and can be of immense use by care delivery organizations for population health studies. Through a more proactive, integrated approach to population health management, clinical costs could decrease and provider organizations could maximize their reimbursements for a good delivery of care to their patient population.

In reviewing CMS’ quality strategy, it appears that it aims to efficient, patient centered and timely care that is equitable and focused on reducing health disparities. In order to prepare for the upcoming demands of population health management and to comply with clinical data elements, clinicians and hospitals should try to leverage ICD-10 information and clinical information and build analytical capabilities that could assist the operations and clinicians where to focus their attention. This will be the opportunity for what is called Big Data to show it’s usefulness in clinical care in the months and years following October 1st, 2014 in order to support federally mandated reporting needs. Ultimately though, the theme continues to be “patients come first”.

Patience with patients! A CEO that gets it!

At a recent meeting of the local Indian American Chamber of Commerce this past January, the new President & CEO of Mercy Health Partners, Dr. Yousuf Ahmad (who was the keynote speaker for the evening) spoke about his journey to the CEO spot at Mercy; from arriving in the United States in his teens and adapting culturally through the years in Kentucky and south western Ohio, to his focus on being able to leverage data during his time as CIO, and move Mercy Health deftly through the challenges of MU 1 and now navigate through MU Stage 2; the topic of patient engagement arose and how Mercy has towards being an ACO and how he places a high degree of value on physician empathy towards their patients in today’s continuum of care.

Listening to his keynote, I realized how now, more than ever it was even more important to share clinical and operational best practices across the healthcare community and for care provider leaders to share their experiences on implementing different elements of technology necessary for their initiatives, such as building and supporting a successful ACO. I was recently privileged to have that opportunity during the ICD-10 project I managed last year and have seen our care provider IT departments collaborating to help make sure that they can assist their fellow care delivery organizations meet their project and regulatory objectives.

Yousuf spoke about the need to understand the data requirements needed to support care, such as the 91% patient experience quality metric he mentioned that Mercy Health is able to derive from their physicians showing empathy towards their patients and the success he mentioned to a question I posed of his patient engagement initiatives for MU Stage 2. In short, he is able to tie his metrics with the quality of care the patient population his organization serves. What are the challenges they have with interoperability, especially with other care provider organizations, both urban & rural and health information exchanges in order to better and more efficiently coordinate care?

The role of, and need for empathy within the care delivery environment was described was evident to all during his talk and he was an amazing evangelist for his organization’s mission, both operationally and for information technology and the positive initiatives he has spearheaded over the short time he has been it’s operational leader.

During the Q&A session afterward, I made a comment that I applauded the fact that he had tied bonus incentives for Mercy’s physicians and making sure they focused on a better patient experience for the organization meeting it’s regulatory MU goals even though they would have had challenges in culturally changing the way in which some physicians may be working and relating to their patients now, but ultimately, through great patient care and compassion, his organization will march on towards their plans of expansion and as an excellent regional healthcare provider. I had the chance later that evening, to take a poll from some of the physicians that were present during the keynote and they all concurred that while they were inundated with all of the regulatory challenges currently, their ability to interact and positively connect with their patients was paramount for their initiatives to succeed.

With the news coming out over the last few days that interoperability will be the focus for the newly appointed national coordinator for health information technology, Karen DeSalvo, MD, the focus on better health through information technology assumes so much more significance as we transition towards a technology prevalent care provider environment where the patient is, and will remain, the center of attention.

Cloudy with a chance in Healthcare!

Cloud Computing Types courtesy Wikipedia.
Cloud Computing Types courtesy Wikipedia.

Over the last couple of years, the cloud (distributed) computing concept has received a lot of traction. It’s ability to leverage virtual, scalable hardware for information systems can alter the costs associated with the high cost of healthcare in the United States today. It has been a source of discussion by many in the mostly technology conservative care delivery industry.

At a recent discussion with a care provider’s IT infrastructure department, I discussed with them, the factors that would influence their adoption (or lack thereof) of cloud based infrastructure. Their first response (to my “What about leveraging the cloud?”) was, “Well, what do you mean when you say “Cloud”? We already have our own private cloud that we manage ourselves”. Further discussion on this yielded the apprehension of the team to adopt the cloud and all that it had to offer. Was it that they did not want to change? Or that change was arriving all too quickly on their doorstep and they did not have the opportunity to test it out to see if what the cloud offered would be beneficial to them?

One of the factors that came out during our discussion was that the cloud is ‘the’ perceived security risk. Your most precious asset, data is now not in your control. Loss of control is the factor there. Reliability and security must be top priorities in the planning and selection of cloud services for the healthcare industry. When building your requirements for the cloud adoption, ensure that your solution obviously meets HIPAA regulations first and foremost. Bandwidth issues will be something that would affect the quality of care you would receive as a patient. During an infrastructure deployment in 2012 for an Ambulatory infrastructure implementation, the team I was part of physically went to several clinics around the city to make sure that the standard two factor authentication tap badges and devices were deployed at all those locations prior to Ambulatory go live. At one clinic, we discovered that the authentication process took a long time to register, but this was due, in part we realized to their bandwidth connection. Where other clinics took less than a second or two, this one took as long as possibly 8-10 seconds, which is a life time when you are focused on many patients each day. If applications are stored in the cloud, IT departments fear that the speed of the “pipe” would slow considerably the further away the application is stored from the actual usage site. Essentially, performance issues are the concern.

Reliability and security are essential factors in building your requirements and with the new HIPAA Omnibus RUle, that gives Cloud Service providers better opportunity to show their customer prospects that they are now better served by it. Healthcare IT departments must carefully plan the deployment of a pilot phase for this initiative with technological champions at clinics where physicians, operational staff and other clinicians are open to new ideas and ways of reducing costs and increasing efficiency for the organization.

The PMO can work with the clinic champions, Network Services, Security, Change Management and EMR analysts to understand what their roles and responsibilities need to be to carefully and successfully roll out this project. After the billions of dollars spent over the last few years to achieve Meaningful Use Stage 1 at many hospitals and the purchase of software and infrastructure to support that software, the sunk cost of implementing those initiatives would deter many provider organizations from moving ahead with cloud based initiatives, unless they have been asked to make steep cuts in their IT budgets by hospital operations. Those cuts could necessitate the IT organization looking at alternative options to manage their budget and the adoption of the cloud has a chance. For systems integrators and cloud services vendors, the opportunity is to have a well thought out solution that you collaborate with your healthcare customers over and have patience, keep educating and collaborating with your provider customers and truly listen to their concerns by demonstrating to them that these concerns, while valid, would be functionally taken into consideration and part of your overall solution.