I’m live blogging from the iHT2 Health IT Summit conference in Fort Lauderdale from June 12-13, and Online Tech will be sponsoring and exhibiting our HIPAA hosting solutions as well.
The conference focuses on healthcare IT as the industry evolves, including the latest implications of ARRA (American Recovery and Reinvestment Act of 2009) and meaningful use changes and how it affects practices and hospitals. Other presentations will focus on electronic protected health information (ePHI) security, using EHR systems for health information exchange (HIE), healthcare delivery reform and other topics on improving patient care with data technology.
I will be speaking on the panel The hCloud at 30,000 Feet: Cloud Computing Solutions for Mobile Healthcare. The panel will discuss how HIPAA cloud hosting can offer a way for mobile devices to capture, store and process healthcare information securely, supporting a range of healthcare applications.
We’re off! iHT2 welcome from Barry Chaiken, MD, MPH Senior Fellow & Health IT Chair iHT2 introducing Dr. Martin Harris.
At the crossroads of a new transformation, a less predictable transformation than the move to DRGs. What’s coming next is a major change in delivery system focused on managing costs by fundamentally changing the way we care for patients.
1. Talk about the challenges to deliver high-quality healthcare to all Americans in an affordable model
2. Talk about the tools. HIT is one of the fundamental pieces of the new delivery model
Strategic Imperative in the Age of Healthcare Reform. President Obama visited the Cleveland Clinic to learn about how to accomplish changes.
3. Care Coordination – here’s where we really begin to see the transformation of the delivery system.
4. How to do the first 3 in a way that’s accessible to everyone in an affordable way
Tools for transformation
The Cleveland Clinic founded in 1021 with hospitals all over the country and even internationally. Non-profit.
In the dot.com era, CC began thinking about their “internet strategy”. CC understood that the internet represented an opportunity to rethink care delivery and to change the whole model and cost structure.
Strategy developed called e|Cleveland Clinic
Thinking about “any patient, anywhere”
Primarily information services. But the distinction between practice and IT begins to blur. Care delivery starts to become impossible without the technology.
1. Within the 4 walls of the CC. Main campus 1200 bed hospital. Distributed family health center model w/fixed facilities (about 1 dozen). ½ dozen inpatient hospitals.
MyPractice EMR for all people involved in the practice: registrars, schedulers, researchers, residents, patients, front desk, nurses, physicians
7000 physicians use the tool . 2635 residents/fellows. Downtime has become a VERY bad word. 🙂
Ambulatory Functionality includes messaging, schedule, results, documentation, physician order entry, best proactive alerts.
Inpatient – exactly the same tool, with a different face: inpatient census, all results, medication administration record (they know when, how much, who gave meds), vital signs and I&O, documentation, and integrated image management.
“Documentation is a journey”. Their system allowed typing, transcription, any way to get the in there. Now their documentation entry is becoming more structured to measure.
Capacity question: We’re going to have to become MUCH more efficient, learning about ambulatory patients and whether they are likely to predictive modeling to understand the demand of a patient population over time. Like airports, they assume that certain number won’t show up.
The model of care shouldn’t be CC-centric. If info is readily exchangeable, it enables people to practice at the top of their license with a team that is really focused on the patient. If they have the right tools, to make the right decisions, providers can practice at the top of their game.
You’re not going to increase the number of medical school or shorten the training period. eEnabled information exchange can help. Capacity management for patients NOT yet in the facilities.
Q. 2nd opinion platform, does it give the patient feedback. If their diagnoses are a match with the MyConsult, they get the entire list of the information needed. The patient is empowered to know all of the information needed. Turns the paradigm on its head.
Q. How realistic is the cost?
There is no cost for DR Connect – it’s free to any referring physician. Patients pay CC up front they submit the receipts for insurance reimbursement.
Strategy – what’s the basic plan?
2 models: Historic best-of-breed, find the best technology for function.
2nd model: a monolithic system – might be CC model is slightly right of center. Things that are core to the practice of medicine are integrated (not interfaced). As you drive the care paradigm, true integration and real-time decision support can only be achieved w/ a real-time integrated data base.
Some things some can be best-of-breed like lab, radiology, monitoring systems. Rx became core instead of best-of-breed. Because CC was so early, they found an integrated system, but it didn’t have both sides of the system – good ambulatory, but not for in-patient yet. CC went out-patient to in-patient, which worked well for CC.
Epic is the core vendor. Lab vendor is SunQuest. Agra for integrated imaging. Interfaced system, not integrated.
Why wouldn’t we go with an integrated system? The role of the care giver who may be a family member. W/ MyChart, the elderly patient needed the tool, but couldn’t use it personally. Used the care-giver model in Ohio; it works very well for them to designate someone else who is driving the tool.
More challenging is the adult->child. From 0-13 works, from 13-18 harder, 18+ in the adult-adult model.
Image retrieval, as we think about medicine in the future, imaging will be the primary method by which we understand if an organ is functioning the way we want it too. The actual image will display the context of the medication and care delivery.
“Became clear we had to ‘e-enable’ the enterprise.” CC wanted to make sure that all the information was in front of all 6.4 million patients in MyPractice.
As we move to adopt technology, the patients must come along with us, preferably at the same time. Personal Health Record, for CC it’s called “MyChart” – provides access for patients anywhere in the world. The lab test they see is EXACTLY that same lab test their physician is looking at. It’s consumerized to they can understand it, but there is one standard source of their health information throughout the system.
All alerts can be turned around to the patient to act on. They can see their schedule – future and past appointments. They can go online and book a follow-up appointment online.
Rx renewal is an online process – it’s the single most frequent reason a patient calls. They can go online to renew all Rxs now. Patients spend very little time in the facility. On the CC MyChart iPhone App, patients can see test results, messages, appts, preventative card, health summary – meds allergies, etc.
450,000 patients use the tool and think about their health care in a very different way and interact with their physicians in a fundamentally different way.
Physicians need to think about how patients select their healthcare team. 50% patients that come to the CC have another physician who is now part of the CC, but the patient wants the confidence of knowing that everyone on their care team is communicating.
DRConnect is a portal for doctors to give a window into the EMR REGARDLESS of physician relationship to the CC. When the patient comes to the hospital, the EMR knows about the patient relationship w/ the referring physician. An alert pops up during registration, which triggers the registration person to ask the patient if they want their information sent to their referring physician. If so, ALL information about the patient is sent in real-time. This is the CCs fastest growing program. 150,000 patients are sent by referral. It’s growing even outside of Ohio.
Where are we headed next? There is going to be an explosion of digital medical technology. This holds great promise to tell us where the patient is physiologically.
MyMonitoring – example, someone coming in for a PaceMaker would go see the cardiologist who asks if they want traditional or the OnStar model. Traditional, you make 4 visits to monitoring the pace maker. In the OnStar version, 3 times/yr patients use software on their laptop to access info about the device. Tomorrow, it will include a physiological snapshot of the patient.
All use the same EMR – it doesn’t matter where the patient is, all info needs to end up in a structured manner. The right info, to the right provider, at the right time.The HIE space w/ public & private model.
MyVault – patient driven. CC didn’t want to be in the plumbing business to connect all the various health information sources, so they followed the NHIN model. This will allow any care team to follow any patient regardless of location. This is a real opportunity to fundamentally innovate in the way we think about patient care.
Over the next 20 yrs, the largest cohort of Americans is retiring (10,000 enroll in MediCare every DAY). We can NOT take care of these people in the current model – there aren’t enough doctors or facilities. We need to think about how to deliver care utilizing any tool within our reach.
The example: A patient is diagnosed w/ a heart condition requiring surgery. Any patient anywhere in the world can seek the opinion of the CC online for about 200 diagnoses (very high-end, very objective illnesses), i.e., a new cancer diagnosis that comes with advance pathology so that someone from a distance could render a professional and informed opinion remotely.
Patient Jones signed up for the service online instead of traveling. Physicians in CC can visit “the pizza box” which has all of the information organized in the way they need it to make an informed decision. They render their opinion back to the patient virtually over the internet. They see the bio of the physician, they see all of the notes. About 36 hours, a follow up conversation is scheduled with the patient to follow up AFTER they have been able to review and digest the doctor’s notes.
Usually, patients hear about 25% of what a doctor says. Perhaps the patient signs up for surgery at the CC. Before traveling, the patient signs up for Microsoft HealthVault, a personal health information management service, and imports all of the info into the system.
This ensures that the patient has ALL of the necessary information in place BEFORE they get on an airplane.
The information arrives well before the patient in a structure format. CC can use this information to coordinate the first day of care for that patient.
The operating room is the most expensive resource. If you cancel the operation, you will NEVER recover those costs. CC will give the information back to the referring physician in
real-time and can get the input of the referring physician DURING the course of care. Their remote referring physician is an engaged part of the care delivery team. For recovery, patients are going to have new technologies to give info back to the care provider in real-time, i.e. scale, thermometer, glucometer, blood pressure cuff.
The patient and all participants in the care team are united.
Panel “Innovation in Healthcare: How Meaningful Use is Impacting the Evolution of Healthcare”
While the current HITECH incentives and penalties will raise the bar of meaningful use for information systems across the country, it may cause some challenging long term challenges to the meaningful use of data. Providers will certainly begin to make meaningful use of information systems as defined by the law, but will they be able to assure the meaningful use of clinical data to continue to drive our national healthcare to the highest quality at a sustainable cost? This is an issue confronted by our nation’s leading healthcare organizations as they push the envelope in defining care models and leveraging technology to improve care.
This session will discuss:
Moderator: Gienna Shaw, Editor-in-Chief, FierceHealthcare
Doris Crain, VP & Chief Information Officer, Broward Health – iHT² Advisory Board Member
Jeanette Schreiber, JD, MSW, AVP, Medical Affairs & Chief Legal Officer, UCF College of Medicine and Chair, Central Florida RHIO
Garett Trumpower, RN, VP, Strategy & Consulting, MEDSEEK
Shane Hade, Chief Executive Officer, Avhealio, LLC
How does #MU limit innovation?
Garett Trumpower sees that many organizations are implementing the “checkbox” strategy, and are not looking beyond the minimum requirements.
Jeanette Schreiber, Medical Affairs and Chief Legal Officer Central Florida RHIO sees #MU as a key driver, and is thankful for its role to push innovation.
Shane Hade, CEO Avhealio notes that Stage 1 may have been a checkbox initiative for some, but Stage 2 will push organizations to do more with the information.
Doris Crain sees #MU as a reward for doing the right thing that organizations should be looking at anyway.
How is the data a driver of innovation and what are specific ways organizations are actually using the data?
Garett Trumpower: Starting to see organizations using it to predict facility use. Example: who is using ambulatory vs ERs. Now organizations are using traditional communication systems to coordinate care with patient engagement – this is missing in a lot of #MU Stage 1 users.
Doris Crain: Nurses generate a plan that the predictive tool mines into the data and reminds them of medication alerts or candidates who may be high-risk fall candidates. This can improve patient-safety and value-based purchasing to understand the quality improvement plans for readmissions in the Emergency Rooms.
Shaw: Any results to share about ER readmissions?
Crain: Every month readmissions are reported to the board, and Broward Health is seeing great progress from a high readmission rate to a much lower readmission rate.
Trumpower asked Crain: How hard was it for nurses to learn the new model? Was is adopted easily, forced with resistance?
Crain: Many still struggle. The challenge is selling the value it brings, which ultimately does create the motivation for participation.
Schreiber: Some physician providers want help to establish the medical home model. It can be used to manage care across provider lines, detect fraud and abuse. It opens a whole world of opportunities to communities to use the data.
Shaw: One of the big parts of Stage 2 is accomplishing patient engagement. One way hospitals are trying to reach patients is by creating patient portals.
Trumpower: Many portals are very check-the-box. 1. How will they access it? 2. How will they know about it? Patient portals aren’t a “build-it-and-they-will-come” initiative. Healthcare is like a refrigerator – I don’t know all the brands and features until I need it.
They’re looking as search engine optimization and social media strategies to create awareness to find out who will actually use patient portals.
Getting into the device management will be a key area of innovation to connect patients to their health care data in a patient-readable form on their phones.
Schreiber: In terms of how portals that can work with HIEs, imagine you only need to go to one place to communicate with all of the physicians you deal with. Advanced directives can be used to communicate throughout all organizations. Home monitoring programs could share information into the systems. If there’s a place to manage care and payment for care in a single place, that’s worth putting together.
Shaw: Do we know high-risk patients are engaged? How do we get them engaged?
Trumpower: The issue of patient engagement is moving from a CIO owned initiative to a CMO initiative. At Scripps Health seeing huge physician involvement on the front end to promote portals to patients.
Crain: The problem with portals is that many underserved patients don’t have computers, internet access, or smart-phones. For Broward Health, they are looking to their employee base first.
Hade: The reality is that most people using the portals, probably have access to good care already. Key question is how to make better use of the data that is already in the portal. The use of mobile and portable devices has eclipsed desktop use. Push technologies can provide huge opportunity, IF patients can and will adopt them.
Crain: 80% of the dollars spent are on chronic diseases. This has been an area where the use of patient portals has been proven to improve care.
Audience: #MU is interpreted as innovation. Technology is unusable if it doesn’t do anything directly for the patients. It’s all about “ME” – “Managing Expectations”.
Hade: Usability in the healthcare industry lags behind other industries because the design investment isn’t leveraged. Make it easier. Present more relevant information in an easier format, not just MORE information.
Audience: If physician is a key gatekeeper. If you open your phone to the patient record (i.e. mine is 152 pages), I don’t want to use my phone for that. We want the physician to read and interpret that information.
Shaw: We’re not only talking about mobile, we’re talking about all of Meaningful Use and patient engagement for Stage 2.
Crain: We need a solid and flexible foundation that will let hospitals grow in multiple directions and communicate with all participants in care delivery.
Schreiber: Design and usability is absolutely needed.
Hade: Design informed usability to present relevant information will be needed to promote real engagement.
Audience: By delivery PHI into a mobile device, how do you maintain the privacy and security of the information?
Trumpower: Opt-in is a state by state issue right now.
Schreiber: Florida is an opt-in state and we may be a little ahead of ourselves in this area.
Me: There’s a good opportunity and challenge to enable patients to customize the interface and make it their own. Perhaps usability and design can help provide an interface that allows patients to create their own health space instead of pre-supposing what patients want.
Trumpower: The good news about being late to the game is that we can learn from other industries.
Audience: One of the thing HIPAA promised us was a unique patient identifier, which has gotten pushed out farther and farther. As we push this information out to patients, how do we make sure it’s getting to the right patients?
Trumpower: Canada does have a single ID, and sometimes there are still mistakes with mis-entries, but vendors do offer some sophisticated products from other industries like banking to ask identification questions based on credit reports that are starting to enter the healthcare space.
Crain: We have to secure ePHI, but having a unique identifier wouldn’t necessarily make it more risky.
Shaw: If Mint can figure out mortgage, 401K, credit lines, surely the healthcare space can figure it out.
GE: #MU is driving functionality over the next few years.
We need to make sure our representatives know about the law on the books that prevents HHS and CMS from looking at the issue of unique identifiers.
Are there any programs looking at the value of texting?
How can we help if the vast majority is based on the best of 1979 infrastructure – how do we move our industry towards a SOA architecture?
How do we educate the consumer of the value of the new architecture with the challenge of having to re-write the legacy systems?
Hade: Separate the applications in the appropriate layers, have a designer on the presentation layer, and invest the majority of effort into make sure the integration layer is in place.
Trumpower: CCD will allow us to have more innovative technologies and provide some open architecture and new developers to connect new systems and still be certified.
Hade: It doesn’t matter how you write the technology – you can write it in anything, as long as you are designing the presentation layer to present the right information in a usable way.
Trumpower: #MU is causing some delay on both the vendor and the hospital side.
Audience: Vendors need to continue to innovate and work in #MU and compliance.
Audience: What is the panel’s view on allowing payers to participate in the HIE and their role?
Schreiber: Many divergent views with some providers being anxious. One of the big issues is sustainability. For organizations who have made it, how have they done it? So far, it’s the ones who have crossed the whole community, including the payer side. There are an increasing number of ways that payers and providers can help each other and provide efficiencies and provide administrative activities around the HIE. I’m having trouble seeing the downside of including payers in the HIE.
Trumpower: Without claims data, how do providers know if the patient has gone outside the provider network? Providers are going to be dinged by patients leaving the ACO, but have no awareness about it.
Schreiber: Many have already crossed that threshold and I’m optimistic.
Trumpower: I’ve very optimistic and for bringing in payers to the HIEs.
Hade: In the examples I know of, providers wouldn’t be able to manage care and cost basis without payers at the table. It’s kind of like “If I show you mine if you show me yours,” but once the trust can be established, it can be a good thing.
Shaw: What about the patients being able to manipulate the information?
Hade: Vast explosion of consumer health is around the in-home monitoring and it’s usually disconnected.
Schreiber: With my lawyer hat on, maybe we need to give them their own area to enter information, but we don’t want to create a huge mess in the patient EMR.
Crain: Can you imagine what happens when all of us become patients? We’ll all be really hard patients because we know what’s possible. We’re creating these systems of patients like ourselves.
Audience: There’s mental health information that shouldn’t always be shared directly with a patient if it’s not in the best interest of patient care.
Schreiber: All of those laws are state-specific and wreck havoc on everything so the systems will have to be built to integrate mental health information and it’s another area where the law needs help.
Trumpower: None of the HIE implementations I’ve seen include mental health. No one is touching it right now.
Shaw: Patients feel ownership of their patient health data.
Crain: You can be sure I’ll get ALL of my patient data. 🙂
4pm panel: “Preventative Security for Electronic Personal Health Information” kicking off with iHealthtran’s #iHT2FTL …
Jayne Bassler: moderator
Gay Madden, RN
Leon Hoover, CIO
Julie Meadows-Keefe, Counsel
Bassler: Gay, can you talk about security in the mobile environment.
Madden: The biggest security issue is with the end-user and getting users to understand policies. WIthout accountability and understanding with the end-user, the vulnerability is very high.
Meadows-Keefe: 50,000 encryption licenses, but only 2000 users were using it. The blurring of boundaries in today’s work environment that extends beyond 9-5 in the office is extensive.
Hoover: When I arrived, there was no documentation at all and they started from scratch. Security starts with policies before technology. Encryption is used extensively, but it creates complexity and there needs to be a balance between the complexity and usability.
Bassler: What about the security risks of smart phones?
Madden: It’s another layer of security to be managed and with the same staff that can’t remember how to change their passwords. Demands of the consumers are up, IT resources are down, and it leaves security officers in a lose-lose position.
Meadows-Keefe: I’ve heard it called BYOD or Bring Your Own Disaster. Whether we like it or not, the Blackberries are going to be pried out of our hands, so like it or not, we’ll need to address other platforms.
Hoover: For us, I celebrate the fact that our EMR doesn’t have a mobile option yet, but we establish a policy that if you’re going to have hospital data on your phone, we have the ability to wipe the device. And in our tests, the wipe works REALLY well – back to factory reset. With BYOD there’s an expectation that IT staff can help manage it, and we’re not set up for that. It takes time, productivity goes down.
Bassler: It’s a real concern about cost where we can’t control the devices but are expected to manage them. What have the laws done to put us in this position?
Meadows-Keefe: The technical standards and privacy standards are merging together. You’re expected to speak both tech and privacy law now. You can’t speak to just one side of the fence. We’re getting to the point where investing in tech is going to be essential to meet the law.
Madden: When I look at my costs and budget, they’re not always the same. For me, I look at these costs that could go to patient care instead of privacy. Can we ever buy enough technology to prevent a breach.
Meadows-Keefe: Definition includes “people” in the Information System.
Hoover: There are 2 components: people and data. How do you educate people to not use the camera in the hospital. Data at rest, data at work, Data on the move. How much investment can you make to safeguard the data and protect the patient.
Audience: Have you found any policies that have been successful?
Meadows-Keefe and Madden: We disabled cameras on the blackberrys.
Madden: We’re tried to relate the importance of the patient to the staff, but we haven’t found this to be successful. It goes back to the people issue and how we control that part of the problem. We try to talk about it from the patient perspective.
Meadows-Keefe: Many people feel overwhelmed with the message about security. They don’t want to hear more. The theft of medical ID is worth about $50, the value of a social security number is worth about $1.
Bassler: Have any of you shared information about penalties and breeches?
Meadows-Keefe: Yes, we called it “breach of the week”. 🙂
Madden: We even conducted our own mock-trial. They fined the nurse the maximum fine and the organization.
I think encrypted email is wonderful I sleep better at night knowing that there is a lexicon protecting my email. We put all of our staff on blackberrys, moving to email and IM and away from text. Everyone loves texting because it’s so fast and direct, but before you know it, you have text going out with ePHI.
Meadows-Keefe: Major HIE initiatives is to manage protected text messages.
Meadows-Keefe: HHS is employing some reason about their expectations. You can’t realistically expect that every organization is going to be able to upgrade immediately to the highest level of security protection available. With the fines structure in HITECH, they vary based on level of culpability.
Hoover: Does your encryption look at mobile devices. Can you get reporting on emails?
Madden: A couple other things. When we started in this arena, the Security Office. Now there is a whole security team and put it on the organization’s shoulders. We have a partner who is a forensics and security company to audit us once per year which gives the IT department clout. A respected outside partner can really give support throughout the management team to support security initiatives. Tampa Bay seems to be the place for SS # mining. We had 2 external people notify us that a staff member was mining SS#s. Local police can’t do anything and the IRS doesn’t really care unless the victim has lost more than $60k. In the breech world, you have to prove that nothing bad happened, but it’s hard when you can’t find the person.
Bassler: Do you do any mock disasters?
Madden & Hoover: No, not yet. But we should. I wake up in the mornings wondering, how would I know if there’s a breech. It’s tough for a smaller hospital to know what to do or have a response team.
Meadows-Keefe: It’s equally challenging in a large corporation as well because there were so many stakeholders who want to be involved. Personally, I solved it by saying “if you have any data issues, please send it directly to me”. You could have a great breach notification policy, but if people are reluctant to report it in the employment environment, it doesn’t help. You have to make it a safe environment for transparency. It’s much scarier what you don’t know about.
Hoover: Outside healthcare, you want to find out about the breach, but you also want to know how to stop the breach. Who in healthcare has that kind of thing.
Audience: I’m interested in the type of program that you have to institute, because even disgruntled employees should know better.
Meadows-Keefe: Maybe we’re not talking enough about the fear factor, but talking about consequences of being caught and knowing what the discipline actions will be. I would always recommend that the person be automatically dismissed. They need to be reported to law enforcement and their board of licensure.
Madden: I think there’s a fundamental problem and it’s still seen as “documentation”. The word “documentation” means nobody reads it. You would write prolific notes, and then leave sticky notes to get the attention of the physicians. It’s somehow getting rid of the word “documentation” and putting value on it as part of “care”. People would view is as part of patient care instead of as unvalued documentation.
Audience: Do you think our staff knows the difference between an “oops” and willful ill-intent? No one thinks it’s happening to them, but no one knows the consequences either.
Meadows-Keefe: we would have people fax to the wrong fax number, and for me, that was a training opportunity. But those people shouldn’t be thrown out. But some common sense needs to apply. It doesn’t need to be as complex as some people make it out to be.
Madden: There’s a sense of secrecy in the organization when something bad happens. When I use that example, are they going to whistle-blow to the state if I haven’t reported the breech?
Madden: When the ONC starts making unannounced visits, that’s going to start shaking people up to the point of realizing it’s not just a joke.
Online Tech: You’ve expressed a lot of concerns with security within your organization but a majority of the patient records breeched involve a business associate. Do you worry about ePHI security with outside vendors and how does this compare with your in-house concerns:
Madden: It’s been eye opening to understand how much the SS# matters to everything we do. We spent the last month working on stopping giving out SS#s to anyone and explaining to 3rd party vendors that we don’t have any rights to give out their SS#. We’ve struggled to get the ambulance and labs to work with us without the SS$. I do worry a lot about outside vendors.
Hoover: We want Dell to come in and do maintenance on the SAN we bought from them. They have access to the data when they do that, but is Dell going to sign a BAA? Probably not.
Madden: We already know that patients don’t trust us because they are ready the same releases we are about breeches. If we’re going to regain the trust of the patients, we have to get security figured out.
Hoover: You have to realize that protecting the data is protecting the patient.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.