CSO HIMSS Fall Conference 2017

For those of you that follow this blog, you’ll be happy to hear that the Central & Southern Ohio HIMSS Chapter’s Fall 2017 conference on October 13th at the Savannah Center in West Chester OH is all about our favorite topic.

The title is “Interoperability: The Holy Grail of Healthcare.” Register here for Early Registration discounts. See you there!

Interview with a CAC PM – ICD-10 Beware!

It’s been some time since I shared my thoughts as we are well into 2015. ICD-10 for many organizations is well under way and I thought that it might be good to hear from folks other than myself once in a while. So I connected with my good friend and colleague whom I worked with last year, Paul Arel.  I had the chance to sit down with Paul and talk about our recently completed engagement working together at a provider organization last year. We discussed his experience with a Computer Assisted Coding (CAC) product that is getting a lot of attention due to the ICD-10 Transition.

Ajay:  Thanks for sharing your thoughts on CAC. You’ve been working in other verticals before you got into healthcare IT recently. Tell me the origin of how you started on your recent CAC project?

Paul: My pleasure Ajay. As you’re aware, I have been in the healthcare IT sector for a number of years. When our provider client started its enterprise-wide implementation of a vendor’s CDIS and CAC products to get ready for ICD-10 implementation, they planned on a 3-year project. With about 3 months planned project schedule left, they were having misgivings about the project’s true status and hired me to come in as the new Project Manager. My first task was to get familiar with the project and its players, then ascertain the project’s true delivery status. In so doing, we ended up adding another year onto the project’s delivery schedule.

Ajay: Who were your primary stakeholders and what was their involvement?

Paul: This implementation grew out of the Revenue Cycle side of the hospital. CDIS (Clinical Documentation Improvement System) is utilized by the case reviewers during the patient’s hospital stay. The software helps reviewers make sure that treatment for ailments/injuries follows a path of documented diagnoses. CAC is utilized by the coders to generate billing codes for all care that is given to each patient during their visit or stay. The two work hand in hand to correlate patient care with diagnoses and billing codes, maximizing the revenue stream for the hospital system and driving compliance with the Affordable Care Act. Because of the over-reaching nature of the software and its implementation being enterprise-wide, the stakeholders were numerous and diverse. I would say that the primary stakeholders were the software end users themselves. End user management and the IT support staff were intimately involved in the planning, testing, implementation and monitoring (problem resolution) at every turn during the project. At any one point in time, there were roughly 60 stakeholders intimately involved in the project’s implementation.

Ajay: What was your main challenge especially with the vendor?

Paul: Our main challenge arose as the organization began to realize the gap in knowledge for implementation of the CAC/CDIS products on the scale that the hospital system needed. The chosen software appeared to not be mature at the project’s inception and the disparate EHR systems that the organization used in different markets created a troubling scenario for implementing this software as a standard throughout the organization. At the time, the CAC vendor appeared to have no prior implementation experience on this large and complex an installation, so much of  the implementation was learn as you go for everyone involved, including our CAC vendor and the various other vendors.

Ajay:  Besides the change in ICD -10 dates by the government, what were the main risks associated with your project go live?

Paul: Risks certainly evolve during a project’s life, but, hands down, the biggest over-riding risk was indeed the interoperability of the  software systems involved. While the HL7 standard has been a giant stride forward in interoperability, there still exists much work to be done as the need for pieces of software to communicate as part of a larger whole are constantly expanding. At some point in time, healthcare will require its software vendors to blend their software into a homogeneous system that should appear to the end users to be a single, common interface on the EHR level. At the same time, it needs to allow Operations and Revenue Cycle to pull relevant data from any of the subsystems effortlessly.

Ajay: What issues did you face? Any consistent ones throughout the project?

Paul: Personnel availability was probably the single biggest issue on numerous fronts. Starting with the CAC/CDIS vendor and including most all of the other vendors involved and even within the hospital system itself, personnel availability was the biggest ongoing obstacle to implementation. Most organizations had their personnel “all hands on deck” with the myriad of work needed to test and become ICD-10 compliant in all aspects, as well as performing their regular duties. Congress postponing the ICD-10 implementation date confused and compounded the problem for everybody. And the additional postponement only makes the situation much more problematic for planning in 2015. It is a nightmare right now for all healthcare organizations trying to plan personnel needs for 2015. Nobody knows exactly which personnel will be needed, how many of them will be required, who will be available and, ultimately, if Congress will pull another bonehead move to delay ICD-10 implementation yet again.

Ajay: Bonehead indeed! Healthcare Provider organizations have spent billions to date and hopefully the ecosystem realizes that. Ultimately it’s you and I and the patient population of the United States that pays for all of that.

Ajay: Did you have any outside training organizations train the coders?

Paul: End user training was conducted by the CAC/CDIS vendor, as part of their contract with the organization for implementing their software. Additional training was conducted by Revenue Cycle staff and additional training is also available as part of the vendor’s ongoing usage contract.

Ajay: How was the implementation of the software left, in the wake of the ICD-10 delay?

Paul: The software is designed, like many of its kind, to be compliant for both ICD-9 and ICD-10 usage. When the project ended, the provider organization was utilizing the software in ICD-9 mode only. Provisions were underway to continue with ICD-10 training and the roll-out of dual coding (ICD-9 and ICD-10 coding simultaneously) to help familiarize end users with ICD-10 coding before the nation transitions.

Through another project, we tested ICD-10 functionality, but, as with most hospital systems, a thorough end-to end, integrated test of ICD-10 is still necessary. Hospital systems not only need to be certain that ICD-10 codes pass through their software systems, but that the reimbursements they receive are truly being maximized under the new ICD-10 system. There needs to be validation on two fronts: 1) that the care each patient receives benefits their well-being in the most efficient manner, and 2) that the patient stay generates the maximum return on the dollar for the hospital system. Combined together, these two aspects will drive the hospital system towards providing the best possible care for all patients today and in the future. Despite the politics behind the Affordable Care Act and how/when it is implemented, I feel that this is the underlying goal of both healthcare providers and the government.

Ajay: Thanks for your time Paul. All the best for 2015 and beyond.

Paul: Thanks Ajay. Same to you.

About Paul Arel:


About Paul:

Paul Arel, PMP, MCSE, is a Senior Information Technology Project Manager with over 10 years of experience in project management, having spent much of his career providing services in the healthcare sector. Paul graduated from Miami University (Oxford, Ohio), started his professional career as a Practice Administrator for Art of Smiles Dentistry for more than ten  years. During his tenure there, he became a certified EHR trainer for Dentrix, and the practice became a test site for the vendor, providing continual feedback for enhancements and software improvements. Paul guided the practice towards the cutting edge of technological innovations in the field, being one of the first practices nationwide to implement digital x-rays, voice-activated charting & integrated intra-oral photography. He then moved into IT full-time, and earned his Microsoft Certified Systems Engineer (MCSE) certification. He continued to refine his path in IT and healthcare, becoming a Project Manager. Though his projects took him into many fields, including construction, IT infrastructure and automotive support, he continues to be passionate for healthcare. As he was assisting ever-larger healthcare organizations with their project management initiatives, he also earned his Project Management Professional (PMP) certification. His experience led to managing projects for Cincinnati Children’s Hospital and numerous physician practices. Most recently, his healthcare IT expertise was brought to bear when he was hired to manage an enterprise-wide installation of 3M’s CAC/CDIS products for Mercy Health (formerly Catholic Health Partners).

We don’t “Lobby” in Healthcare IT, we “Advocate”

As someone who grew up in other countries before becoming a naturalized American, there’s always been some kind of fascination when it comes to what is called “lobbying” in the United States. I’ve never been able to understand it as it always seems that it goes against the grain of what I’ve always thought of the United States through history books and the Founding Fathers, whom I so admire for their simple vision that has overcome the tests of time. Yet, hiring professional lobbyists in the United States is perfectly legal and healthcare has been leveraging this legal loophole for sometime now. Just this year as an example, lobbying has come into the news through the change in the regulatory date for ICD-10 from October 1st, 2014 to October 1st, 2015. Most believe that this was the result of pressure from care delivery professionals that wanted more time to get their act together (I for one was against this).

Recently, it was reported in “Modern Healthcare” (September 10th, 2014) that Epic retained a lobbyist and as it was reported the filing said that it was “to educate members of Congress on the interoperability of Epic’s healthcare information technology.”

Last week, HIMSS delegates from across the country had their yearly visit to Washington D.C. for their HIMSS Policy Summit, held during National Health IT week where (as reported by Healthcare IT News) HIMSS had certain asks of the nation’s representatives, which were:

  • Minimize disruption in our nation’s health delivery system emanating from federally mandated health IT program changes.
  • Fund the National Coordinator for Health IT to achieve interoperability, improve clinical quality and ensure patient privacy and safety.
  • Expand telehealth services to improve patient access and outcomes and decrease healthcare costs.

The role of politics and healthcare will remain inextricably tied to one another. As we continue to move through this paradigm shift, these areas will ultimately focus on the future of our country’s care delivery and outcomes and the way that we, the patient, will receive our care.

Prefer HISP to HISP Connection? You’re not alone…

Some weeks ago, I sat in a room with a couple of CIOs and one of them said ” You know, instead of the HIE’s, I prefer direct HISP instead.”

So what is HISP? According to one of my favorite sources of information, (The Life as a Healthcare CIO), “a Health Information Services Provider (HISP) is an organization that manages security and transport for health information exchange among health care entities or individuals using the Direct standard for transport.  

HISPs issue security certificates and establish trust networks by defining policities and protocols for network participation and issuing security certificates and also issue direct addresses that are tied to what is called a HISP “anchor certificate” in accordance with conventions defined by what is called the “Direct Standard”.

A key goal of the Direct Standard was to have what is called a federated, scalable trust whereby each HISP maintains trust through contracts within the HISP, and doesn’t need further trust between HISPs. I call it “Ma Bell” for the 21st Healthcare Provider network.

In doing some research from documents that I discovered from Massachusetts online, we need to make sure that Core HISP capabilities should be well understood and transparent to all; inter HISP trust isn’t required due to encryption on both ends of the connection. The network relies on end-users’ trust across HISPs. It’s a trust network that is established point to point. Services integration (provider directory, certificate exchange, etc) does not require complex business and technical agreements from what I understand, though that may change possibly through legislation of some sort in the future.


An intuitive Payer-Provider Solution that “Cares to Connect”

Sometimes I have the opportunity to connect with interesting people that want to provide better healthcare collaboration like myself. Recently, I was introduced to such an individual in Suresh Kumar, the founder of a solution called “vCareConnect”.

I recently asked him about how he came up with his entrepreneurial initiative. Below is my interview with him.

Ajay: Suresh, thanks for sharing some of your thoughts with me and the readers of Healthcare Interoperability. How did you start this concept of Care Coordination?

Suresh: One of my neighbors is a caregiver for her 75 year old Mother. Her Mother had had a mild stroke and had to be taken to the Emergency Room. She shared with me how, during this event, she had to share the same information over and over again with different people and most of the providers were not aware of the care prescribed by other physicians for her Mother. That’s when it struck me. Why can’t the healthcare experience be like going on Amazon.com?  In an “Amazon experience” the buyer provides the information only once, completes their purchase with many sellers within the “Amazon ecosystem” without having to re-enter their information and the fulfillment department knows everything about the order and optimizes shipping to reduce costs. Granted in that model, it is possible to be well coordinated as a seller is in that ecosystem. In healthcare, we cannot get all of the healthcare systems under one umbrella. That was the genesis for the solution which I named, “vCareConnect”; a care coordination platform that provides transparency to the patient, provider, caregiver and care manager, enabling collaboration.

Ajay: So what is your concept of care coordination?

Suresh: Coordination means different things to different people, here is how we describe coordination, it is the ability to clearly communicate to provider, patient, caregiver and care manager on what care is needed for the patient, when is it needed and how to organize to ensure patient receives the care.

Lets say, as a scenario, I am on a visit to Florida and I fall sick. I should be able to quickly share my medical record with the provider  so that they can see the Care Plan I am on and medications I am taking. After I get back from my travel to Florida, I should be able to revoke provider access if I want to do so.

Ajay: That is an interesting concept, but what’s unique about vCareConnect?

Suresh: Another key part of the platform is a greater inclusion of caregivers. Caregivers play a key role in influencing patient behaviors and we believe this is an aspect that’s not been explored enough to improve patient engagement. Say if I am lagging behind on my blood pressure testing, if my wife knows about it she will certainly influence or prompt me to get it completed.

Unlike traditional careplans  our solution helps provider/care manager communicate care tasks in an easily understandable, daily task-like fashion. Our multi-modal communication tool-set delivers the information via the channel the patient prefers (such as online, through a smartphone app or a regular landline/mobile telephone call). What we are trying to do is providing tools to a team based care approach to  ensure transparency and communication among all of the stakeholders in the care process.

Ajay: That’s awesome to hear. Have you had any early successes in your entrepreneurial pursuits?

Suresh: Fortunately, we have had a chance to pilot this product in a rural population in India and have had some success in decreasing the  miscarriage rate and improving deliveries at the local government facilities from 20% to 35%. We were also able to save the patient population around $140,000.

Ajay: Suresh, thanks for sharing your experience and your entrepreneurial adventures with us. I look forward to your success and your continued advocacy for better patient care through healthcare information technology!

Suresh: Thanks Ajay.

Suresh Kumar is the founder of vCareConnect. He is a technology leader and has worked in technology consulting and advisory for 15 years. As a Senior Enterprise Architect and management consultant, he has provided services to organizations such as Blue Cross Blue Shield of Illinois, Wellpoint and Cigna. He was the Operations Director for Transunion Healthcare’s Analytics Product managedcare.com and has worked for consulting firms such as Booz & Co , Deloitte and Capgemini. Suresh currently lives in Illinois with his family.

Suresh Kumar-Founder of vCareConnect



Interoperability Odyssey: 2024

The final frontier….the search for healthcare utopia where your records follow you seamlessly across the continuum of care without incident. It seems to be fantasy, but that might be what the office of the Office of the National Coordinator for Health Information Technology came out with a paper and a call for collaboration among stakeholders to share with them ideas and suggestions that would help in the achievement of this goal of interoperability over the next decade and the road beyond.

In their vision of the future, they want individuals, healthcare providers, communities, and healthcare researchers to be able to have many healthcare IT products and services that are interoperable and allow the healthcare system to learn on a continuous basis and be able to move the goal of “improved health care.” Patient engagement between care provider and patient would be constant and patients would be well informed as to their care roadmap and be able to be partners in their wellness.

I was excited on the encouraging news in that all 50 US states have a sort of health information exchange and that 50% of hospitals can electronically search for patient information from sources beyond their own organization and over 50% of office-based professionals and more than 80% of hospitals “are meaningfully using electronic health records which will require them to electronically exchange standardized patient information to support safe care transitions.”

In how they envision the nation getting there, they mentioned their focus on certain “Guiding Principles” for the future of the “health ecosystem, namely:

  1. Build upon the existing health IT infrastructure.
  2. One size does not fit all.
  3. Empower individuals.
  4. Leverage the market.
  5. Simplify.
  6. Maintain modularity.
  7. Consider the current environment and support multiple levels of advancement.
  8. Focus on value.
  9. Protect privacy and security in all aspects of interoperability.

The document followed up with a focus on a 3 year agenda with the paragraph titled “Send, Receive, Find, and Use Health Information to Improve Health Care Quality” that discussed  the development of an “interoperability roadmap as articulated in HHS Principles and Strategy for Accelerating Health Information Exchange.” The focus was on ensuring that the population as well as healthcare providers leveraged the basic set of health information across the continuum of care so that care coordination is enhanced and give us the ability to improve the quality of care.

It continued with a 6 year agenda that covered, aside from what was in the 3 year agenda, such things as a “multi-payer claims databases, clinical data registries, and other data aggregators will incrementally become more integrated as part of an interoperable technology ecosystem“.

Finally, in the 10 year agenda to take us to 2024, 4 building blocks are envisioned on how we achieve a state of initial interoperability:

  1. Core Technical Standards and Functions
  2. Certification to support adoption and optimization of Health IT products and services
  3. Privacy and security protections for health information
  4. Supportive business, clinical, cultural, and regulatory environment

In addition, it mentions a focus on data quality and reliability as part of the foundations for interoperability. The ability to engage with stakeholders and focus on operationalizing a common framework in order to grow trust by addressing issues such as privacy, security, business policy and practice challenges to move forward the ability to have secure and authenticated health information exchange through the care continuum.

The plan envisages working with all stakeholders and hone the use of healthcare IT infrastructure that was enabled through the HITECH Act in order to support the paradigm shift in healthcare towards a more patient centric, “less wasteful and higher quality system”.

In closing, they realize that it will take some time to be able to build an interoperable system that will improve the quality of care across the continuum, but say that HHS is committed to the cause of interoperability across all care settings through a roadmap that makes incremental changes that calls upon a collaborative focus to achieve the opportunities presented to all of us to improve the health and well being of our communities.


Is DEFCON 1 the new normal for Healthcare?

I remember when I first heard the phrase DEFCON 1 (in the 80s movie, WarGames). These days, I think attributing that to healthcare seems relevant with all of the issues surrounding Privacy and Security. Continuing with my post from last week, it brought to mind that providers may be getting increasingly frustrated about how much they have to deal with over the last few years and how much more they need to focus on security than they did in the past after their clinical applications implementation and the new HIPAA Omnibus regulations. Recognizing that healthcare IT leaders these days have somewhat limited authority, but an enormous amount of accountability, it’s difficult to see why many would want to take that position.

A Healthcare IT leader has to think about so many situations such as how to encyrpt every device, and how to manage and secure data integrity & try to develop multi-layered defense mechanisms for the clinical and operational applications that a provider now has to manage. What about protecting their data center from internal and external attacks?

Will we ever be perfect? With the new issues around Internet Explorer (I’m updating the blog using Chrome by the way), the issue of security, continues to dominate the healthcare headlines. This along with the continued use by many provider organizations of XP after Microsoft said that they will discontinue support for the operating system after April 2014.

What do we do? Is this the new normal? Dr. John Halamka of Harvard Medical & Beth Israel in an interview recently at HIMSS 14 with Healthcare IT News  discussed this (while mentioning that that he had 14 different work streams in his privacy and security efforts) the need for access based on what you do rather than who you are and said that there will always now be some vendor who will announce that there is a new vulnerability that everyone needs to watch out for.

Information Security Officers will need generals defending their provider fortress. With more devices accessible by technologies like blue tooth, a rogue employee walking through a facility possibly wrecking havoc and changing information of patients, there has never been a need for solid fortress-like defenses than ever before. All this as well as providers try to have better, more meaningful engagement with their patient population!

But then again folks, we’re just getting started…




The Rise and Fall (and possible Rennaisance) of Healthcare Information Security

Information SecurityThe healthcare IT headlines have been screaming about the lapses and dysfunction of information security. With the reported data breach at UPMC, the reported breach at Cottage Health System last year, the news from Healthcare IT News that “Nashville, TN based Cogent Healthcare also recently reported an incident when a site the organization was using to store patient data had its firewall down, that exposed the PHI of approximately 32,000 patients and the attack recently at Boston Children’s Hospital’s reportedly by the group known as Anonymous, brought to the forefront, the need for a better defense strategy of healthcare’s security infrastructure, protocol & policies across the spectrum.

How many provider CEOs, CIOs, CFOs and VPs of Medical Records think about their organization’s plans for organizational continuity if they should have to defend against hackers or update their infrastructure? H.ow many know of the ability to wipe data off a remote tablet or device? The physicians all want these lighter, “easier to use” devices that can help put in their clinical notes faster and allow them to see their 30 to 40 patients (depending on the physician) a day without lugging around the heavy laptop all day.

I’m sure that not many had really thought about a renowned hacker group trying to hack into and access the medical records of a children’s hospital (until now). I’m quite sure that when sitting in a board room and discussing the investment of time & organizational resources to defend against these possible situations, while it has been taken with the utmost seriousness, the prevailing thinking is “this won’t happen to us” attitude.

Well, it can and it will in this new, cyber age. In Healthcare IT News article, it mentioned  Verizon reported that the majority of data breaches were from the theft or loss of unencrypted devices. Do we need to take healthcare information encryption to a whole new level?

In addition, is two factor authentication enough or do we need to start thinking about multi-factor authentication? When deploying the infrastructure for a healthcare provider in our region we focused on tap badges and deployment of tap badge readers versus fingerprint scans as part of the two factor (something you have, e.g. a badge and something you know, e.g. a password) authentication stipulated by the Ohio Board of Pharmacy requirement. Maybe the time is appropriate to think about a 3rd factor (something that the user is and add their finger print or retina scan…yes, I know, we’re getting into sci-fi realm here). All this will take time to finally get implemented and as costs of security and defense of systems mounts, so will the costs associated with our healthcare. Ohio for instance has probably spent close to a billion dollars taking into account all of the healthcare providers in the state and their implementations over the last few years of EHR and the supporting infrastructure to run it appropriately. This investment will take years to achieve the ROI. Imagine if we need to now, start thinking about further securing our healthcare information and needing new standards for that? Will this kill any push towards the cloud?

While organizations like Microsoft thought this through and are primed for this wave when they acquired Phone Factor in 2012, this latest wave of breaches, penalties and attacks on healthcare infrastructure will surely make more than a few to sit up and take notice, not only about the opportunity to improve in an insightful and cost effective way, but continue to prioritize patient safety through security. With HIPAA notification requirements having become more stringent as of the fall of 2013, care delivery organizations should seriously plan dress rehearsals or “fire drills” to prepare for a new age of information defense. Where’s an “ethical hacker” when you need one?



The Tide is HIE, but we’re moving on…

CCD Example
CCD Example found online

Ok, so I was a “Blondie” fan in the 80s, I mean, who wasn’t really? During a breakfast meeting with some healthcare leaders on Friday, we discussed the need for an HIE and what it would mean to executive leaders in the region if they pulled out of the local healthcare information exchange when Meaningful Use requires that not only do you need to be interoperable with another healthcare provider organization that has the same electronic health record you have installed, but one that is different from your EHR as well that you can interface with. What is the need for an HIE then if CMS stipulates that you need to do this in order to attest to MU 2 anyway? In a HIMSS document, they mention that while working with Stage 1 objectives and measures, “an organization should keep in mind that future rule making around Stage 2 and Stage 3 requirements will include HIE capabilities”.

Many healthcare IT executives wonder whether it is worth the money to pay an HIE to follow their patients and make sure that CCDs or Continuity of Care Documents can initiate (see the generic example I found on the left). As of now, if my healthcare provider wants me to go to get a blood test, and the lab that I have gone to is the same one close to my house for the last 12 years (currently owned by a different provider in this day and age of acquisitions and integrations), I am happy that half a day after I get my blood drawn, I have the results on my smartphone app. A far cry from when I had to wait for days without knowing the result and that too, if my provider got it, saw it and then mailed it or faxed it to me (or I asked to come in to meet him for an appointment, pay co-pay, review the result with him, he makes a copy and then I took that copy home and filed it in my healthcare folder). Fewer trees cut down, less wait, less suspense. Patient Engagement at it’s finest.

As was noted in a Government Health IT News article, many of the measures in MU stage 3, such as sharing care summaries and care plans, rely on health information exchanges and while exchanging data remains expensive, with the core problem being standards, for data, transport and identification of patients. With underlying costs for long term interface development, support and maintenance remaining high, not to mention safety issues and the inability to have secure data when moving between different standards and processes at each care delivery provider.

We are getting to be more educated about our healthcare as patients and consumers of healthcare and we want to be. I watched CNN’s GPS with Fareed Zakaria on the April 20th episode and he discussed the study in which the US was found to be ranked #16 in terms of Social Progress by noted Harvard scholar (and committed Capitalist Michael Porter). America ranks poorly by a team that Porter has put together. Fascinating GPS episode and a must watch. It takes social aspects, community and your quality of life in a country and captures it in a framework that measures social progress in quantitative terms. In Health and wellness, the US ranks 70th and we spend more money in the world than many other countries. Access to information and communication, we are behind Jamaica at 23. These numbers surprised me. The penetration and access to information (like the mobile telephone subscriptions, we are 83rd) and we do better at access to basic knowledge at 39th (behind Cuba). Something to think about.