Only Better Intelligence Can Tame Growing Threat to Private Healthcare Information

Only Better Intelligence Can Tame Growing Threat to Private Healthcare Information
Rachel Weeks

Guest post by Rachel Weeks, director at Courion Corp.

Medical records are confidential. Until a breach occurs and they are let loose on the public, which occurs more often than we think. We need to do better.

According to Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, more than nine in 10 healthcare organizations have had at least one data breach in the past two years. Nearly half have had more than five data breaches in the same period. Breaches cost organizations more than $2 million on average over a two-year period, and the cost is rising. The potential annual cost is nearly $7 billion.[1]

As privacy and security concerns grow and technology becomes more sophisticated, you’d imagine breach rates would be on the decline. But more healthcare organizations are being victimized more often, according to the study, and most aren’t sure they can prevent or quickly detect all patient data loss or theft.

One contributor: data is simply becoming harder to control.

“Technologies that promise greater productivity and convenience such as mobile devices, file-sharing applications and cloud-based services are difficult to secure,” says the report. “Employee mistakes and negligence also continue to be a significant cause of data breach incidents. Another worry presented in this research is that sophisticated and stealthy attacks by criminals have been steadily increasing since 2010.”

You can’t blame the IT staff. There’s far more going on in the average healthcare organization than staff can reasonably handle.

Change is overwhelming

For years healthcare organizations have looked to traditional identity and access management (IAM) solutions to optimize efficiency and secure access to sensitive data. These IAM implementations typically started with user provisioning, a process that put controls in place to ensure users were given only the access rights they needed to do their job. Then, for governance, the organizations would perform periodic reviews or certifications – say, every three, six, nine, 12 months – to validate that those access rights were in line with policy.

But so much change can occur in the months between provisioning and certification: business changes, infrastructure changes, regulatory changes, new resources coming online, new roles and policies, not to mention hirings, firings and transfers, particularly in the healthcare industry with thousands of employees and many more contractors and affiliates. This creates an overwhelming amount of data detailing who has access to sensitive patient information. We call these intervals between provisioning and certification the “IAM security gap.”

As the Ponemon study says, “Many healthcare organizations struggle with a lack of technologies, resources and trained personnel to deal with privacy and data security risks.”

That’s an understatement.

However you characterize it, the IAM gap leaves an organization’s sensitive company information at risk to a range of threats, both internal and external. It can be months from the time someone gains inappropriate access rights or inadvertently accesses sensitive data to when the organization is able to discover it through periodic certifications. To date, existing IAM approaches have not provided the technology and flexibility to get a real-time view of policy and governance violations to help organizations efficiently manage the risk of improper access to patient data.

Closing the IAM Gap

Bridging the abyss between provisioning and certification requires clear understanding of what is actually happening in those billions of constantly changing access relationships created by changing people, computing resources, rights, duties and company policies. The challenge is somehow processing what human minds, or even relational databases, cannot. What’s missing is a real-time holistic view of access risk. The missing ingredient is access intelligence.

The only way to achieve access intelligence is by aggregating all the IAM data – the identity policy, activity, entitlement and resource data generated via those billions of constantly changing access relationships – into a data warehouse just like the ones you use for business intelligence in other areas of the organization. The data warehouse should embody advanced information security, policy and governance domain expertise. Then you need to constantly apply predictive analytics to that data to analyze access risk throughout your entire organization – literally every two minutes or so. Properly constructed, an access intelligence system like this can uncover deeply embedded policy violations or improper access. It can generate instant alerts on those violations, or produce graphical “heat maps” spotlighting looming risks and security breaches.

A system like this helps you find the needle in the haystack you wouldn’t otherwise discover. For example, a nurse might be authorized to search and retrieve his hospital’s pediatric records, but if he is suddenly retrieving records from oncology, dermatology and urology, well, that’s a potential problem that won’t show up without powerful analytics.

Such an access intelligence system can help healthcare organizations:

With luck, Ponemon will have less to report in the years to come.

Rachel Weeks is a director at Courion Corp., the leader in risk-driven identity and access management.

[1] if every hospital/clinic in the country experienced the average impact

 


CommonWell Health Alliance: Until We See Proof of Life, this is Little More than Good PR

On its face, the CommonWell Health Alliancee really seems to hit the mark. A collection of the top EHR vendors coming together, sharing a stage and shaking hands; smiling; snapping photos of smiling happy CEOs. All together for one cause, or so the story goes: healthcare data interoperability. According to the “organization’s” website, interoperability is the cornerstone of healthcare’s future.

“Interoperability helps improve quality, reduce costs, enable regulatory compliance and ensure better access to healthcare for millions of people,” and so on and so forth.

Finally, CommonWell’s call to action: moving the healthcare industry beyond just recognizing the importance of interoperability, but moving the industry forward. CommonWell is supposed to be the health IT superhero that moved this giant boulder up the hill and positions it so eloquently on the top.

For those of us who didn’t know this already, CommonWell sums it up: “It’s time for healthcare IT organizations to come together and commit to achieving interoperability for the common good,” and so on and so forth.

So glad it took the giants of the industry to tell us as much.

Okay, so admittedly, this is a step in the right direction. It’s like putting big money behind a good cause. For everyone who has ever worked in the nonprofit trenches who spend their days begging the haves for the have nots, this a dream come true.

Those in the spot light can move us forward to a point where we must be. Allowing private enterprise to bear this mantle means we might finally make the move forward instead of being held back by the shackles of the federal reform and imposition.

After all, wasn’t interoperability a staple of meaningful use; an “industry consortium to adopt common standards and protocols to provide sustainable, cost-effective, trusted access to patient data,” if you will?

Because of meaningful use, we were supposed to be singing in circles by now, discussing all of the advancements we’ve made; our coming together and our ascending to the precipice. Alas, little has been attained through federally funded meaningful use except implementation and wars of words.

We waited, didn’t we? Long enough? Perhaps, perhaps not; depends on who you ask. Farzad Mostashari says we should wait a bit longer for the results to role in. The boys at Allscripts, athenahealth, Cerner, Greenway, McKesson and Relay Health (imagine the feelings of all the other vendor’s CEOs who were left out of this pre-arranged agreement; I guess there’s mincing words anymore) decided private enterprise is the way for things to actually get done.

And while it’s an interesting experiment, I think I agree with some of the other more intelligent folks in the field. Until we see some sort of actual forward movement with this initiative and until there’s some proof of life, this is really nothing more than a stake in the ground. A happy public relations move designed to flex a little corporate muscle on the industry’s largest stage.


Pros and Cons of Attending HIMSS13 from the Perspective of those Who Were There

With the annual HIMSS conference once again over, now is as good as any time to look back and pontificate on what the experience brought. For this piece, I once again reached out the readers of this site for their insight for their perspective, who are, after all, those benefiting from the show and its sessions.

It should be noted that I asked for pros and cons of the show, and I received mostly positive feedback, which doesn’t surprise me. However, don’t take that to mean this is a positive puff piece. On the contrary, I am trying to offer a fair and balance response from attendees that HIMSS leadership can use to plan future conferences.

Obviously, as each of us has been told at one time or another, criticism – good or bad – helps us grow, change and expand. With that, I welcome your comments, positive or negative about the show. Perhaps as a collective, we can help lead our community forward in a manner that’s most beneficial to all it stakeholders.

Without further ado, here are the comments from our colleagues about their reactions to HIMSS13.

Peter Ransome, vice president sales and marketing, Westbrook Technologies, Inc.

Pros: HIMSS was once again a tremendously successful event. Westbrook came away with new resellers, customers and partners. We had a great opportunity to network, learn and meet other vendors. Our team found great value in the keynotes and educational sessions and especially Farzad Mostashari’s final day keynote. Today, healthcare reform is focused on meaningful outcomes and disease management. The next wave of reform will put more emphasis on the value of preventive medicine. There are still a lot of error-prone paper processes that negatively affect the quality of patient care — even in a healthcare organization that has implemented a leading EHR system. We’ve found that more technology doesn’t necessarily result in better care. With more than 1,000 EHR vendors competing for the same healthcare dollars, consolidation is inevitable. It will be interesting to see how HIMSS changes in 2014 and how the industry is affected by rapidly accelerating acquisition activity.

Cons: (Apparently, the show was so good, Ransome listed no cons.)

Bill Fera, MD, principle, healthcare advisory practice of Ernst & Young

Pros: HIMSS has become an extremely valuable venue for gaining real-world examples of how organizations are advancing strategies to better utilize data for the improvement of patient care. Having so many industry influencers in one forum really makes HIMSS stand out — what I take away from networking and informal conversations can be just as useful as what’s formally presented in the sessions.

Cons: The challenge with HIMSS is the sheer volume of  everything. The overload of information can become a distraction if you don’t allocate your time in advance and stay focused on what you want to accomplish.

Neal Benedict, healthcare CEO, Verdande Technology

Pros: HIMSS is well-organized and it had a great location this year in relations to access to airport and hotels. Additionally, education tracks were comprehensive and interesting, and there is a good assortment of attendees (institution and title).

Cons: At HIMSS, there’s not enough opportunity for partner networking. HIMSS should have a new/upcoming technology track (not just big vendors pitching products) and there should be better management of keynotes as managing overflow was challenging.

Christopher Ellis, director, Vree Health

Pros: There was clear industry movement toward technology integration and interoperability – this is a very positive step forward and something that was spoken to more than acted upon, until now. More consistently usable, structured data will open many avenues for leveraging data for better quality of care. Coming from this meeting, I am energized to see that many of the speakers emphasized that while technology is a great enabler, solutions must begin and end with the patient in mind. Providers and vendors that emphasize patient engagement, across varying levels of patient technology literacy, are positioning themselves well. The HIMSS conference was an excellent forum to survey different approaches to solving the same problems, including coordination of care, assessing health risk and patient engagement.  Organizations that have a deep and long-standing heritage in healthcare clearly hit the mark on approaching these in ways that are reflective of provider operational flow.

Cons: Bring your walking shoes next year.

Thanks for all of your candid feedback, guys. I know HIMSS was considered a success this year, but there’s always room for improvement and growth, and it’s nice to be able to report such positive feedback for all in attendance.

If you have something to add, please leave a comment below. Thanks!


The Most Important Question in Identity Management for Healthcare

Harry Jordan

Guest post by Harry Jordan, vice president and general manager, healthcare for LexisNexis.

The most important question in identity management is not: “Who are you?” It’s “What do we need to know about you?” And nowhere is the answer to that question more critical than in healthcare, where inadequate systems and processes can not only threaten business integrity and success, but jeopardize lives, as well. Inevitably, it is time to shift the focus of the discussion of identity management away from authentication methodology and toward the broader healthcare context in which identity management is no longer a luxury, but a necessity.

Effective patient/member identity management springs from this fundamental question: “Given what we are trying to accomplish through this particular transaction, what do we need to know about this individual to insure safety, integrity and trust?” Or, more elaborately: “What do we need to know to prove this individual is who they say they are and that they are authorized to access the information being requested based on those identity credentials?”

The answer is determined by the intersection of multiple factors: your objectives; product and service characteristics; population demographics and attitudes; the nature, value and riskiness of the transaction being performed; the point in the process and relationship where it takes place; and organizational risk tolerance. Getting the answer right is critical to the sustainability of health care organizations and, more importantly, the safety of the individuals they serve.

Identity fraud is the fastest growing crime in the United States, affecting more than 11 million adults in 2010. Medical identity fraud is the fastest growing type of identity theft. The Ponemon Institute estimates the annual economic impact of medical identity theft to be nearly $31 billion.

Health care consumers will, and should, expect their data to be secure at all times in order to protect their financial and physical well-being. Health care stakeholders will demand solutions that ensure they are dealing with the right person, at the right time, for the right transaction, thereby minimizing risk and negative impact on their health care delivery decisions, the health of their patients and overall business performance.

As a recent Gartner report states, identity management is “increasingly recognized as delivering real-world business value,” and “identity management agility improves support for new business initiatives and contributes significantly to profitability.” Identity management is rapidly evolving to encompass emerging risks and application variability. There are tools you can put in place now to meet the increasing demands of identity management.

Point solutions and one-size-fits-all implementations are being supplanted by or absorbed into more comprehensive and flexible approaches. These solutions provide identity management coherency across processes and relationships, as well as identity management consistency across multiple channels and organizations.

At the same time, they enable organizations to efficiently implement a wide range of identity management tools that blend the right identity elements together with the appropriate view and assurance level for each transaction. Established organizations can layer new identity management capabilities onto existing systems in the form of services. Merely extending enterprise identity management solutions will not work.

Three key concepts are at the core of the most successful health care consumer identity management solutions. They are general principles shared by diverse business-specific implementations.

1. Identity management is as much about business as about security. Identity validation (or “resolution”), verification and authentication – commonly regarded as security functions – have far-reaching business ramifications. How you perform them can strongly shape your most direct and therefore vital interactions with patients, payers, providers and other healthcare stakeholders. Thus, while it is important, and sometimes mandatory, to follow industry standards, it is also critical to make sure that the way in which you implement identity management is tailored to your market, business plan and mission to maximize business goals and minimize organizational risk.

2. “Know your health care consumer” is the point of balance for multiple – and possibly competing – objectives. “Know your healthcare consumer” is a phrase that traditionally has different meanings to health care consumer service than it does for security management Service people are concerned with raising healthcare consumer satisfaction by increasing access and ease. Security people are concerned with reducing risk by restricting access.

3. Ask for only what you need to know. Knowing more can, in fact, enable you to ask for less information. In identity management industry jargon, the objective is “friction reduction” through “data minimization.” Improve the health care consumer experience by not asking for information you don’t need.

Strong security can be, for the most part, invisible to the user. Analytics operating in the background can spot links between healthcare consumer data and suspicious entities or recognize suspicious patterns of verification failure.

Analytics can be integrated with business rules to adjust the security level and trigger appropriate treatments or approval of treatments. They can also be used to determine if the current transactional pattern of behavior is unusual. Reacting to healthcare consumer responses in real time – taking business rules for different product lines, channels and types of transactions, and an entity’s tolerance for risk – an identity management service can make dynamic decisions about when to invoke additional and/or stronger measures.

The number of identity-reliant transactions engaged in across the health care continuum is multiplying rapidly and becoming ever more critical to the success of individual health care organizations. When dealing with any situation involving the sharing of a patient’s personal health information it is essential these organizations ask themselves the fundamental question about the individual or entity with which they will be sharing the information: “What do we need to know about you?”

This question is the starting place for all other questions in identity management. The right answer is the key to making identity management an enabler of great services accessed with ease and delivered at a low coast and minimal risk of fraud.

Harry Jordan is Vice President and General Manager, Healthcare for the risk solutions business of LexisNexis. He directs the healthcare business, offering capabilities in health management, predictive claims fraud analytics and health information exchanges.


EHR Satisfaction Diminishing, According to AmericanEHR Survey

Another day, another study, but this one – about the EHR user’s satisfaction levels with their systems – seems to have some teeth. According to the survey, “EHR Satisfaction Diminishing,” which was administered by the adept AmericanEHR group, users of EHRs are becoming ever more disenfranchised with their EHRS.

According to the AmericanEHR, data was collected over a two-year period of time, from 2010 through 2012. After two years of use, and in some cases longer, practice leaders and caregivers who have time to figure out their electronic collection systems and who are past the test-drive phase say they are not happy with the technology.

I’ve made this case before, but this is one of the primary reasons I strongly recommend physicians not getting locked into extremely long-term contracts. For example, some vendors require seven years. That’s way too long. Stay away.

Nevertheless, this could just be a standard response to the technology as a whole, but let’s get to the results of the survey. For brevity’s sake, I’ve cut what I don’t find to be significant. Some of the results noted here are amazing and eye opening; you decide.

Highlights include:

Why is this happening (according to AmericanEHR)? The following hypotheses may explain some of these findings:

Additional observations (which are amazingly insightful):

Recommendations (here’s the real gold):

In closing, according to AmericanEHR: “If these issues are not recognized and addressed, the alternative is that clinicians will do the bare minimum in order to meet meaningful use requirements.”


Results of the 24th Annual HIMSS Leadership Survey: Health IT Remains Strong

Along with HIMSS’ largest money maker of the year — its annual conference — it’s also time for the results of its annual leadership survey.

While the results, which are reflected in the infographic below, are certainly interesting there is one point that seems to raise a flag immediately.

Prior to that, however, let’s take a quick look at the results. Accordingly, about 66 percent of the all health IT leaders say their organization qualified for meaningful use Stage 1 and 75 percent of the same folks expect to qualify for Stage 2. Additionally, nearly 90 percent of those who took the survey say they be ready for the ICD-10 switch later this year.

As such, there’s quite a need to hire new IT folks to carry the torch.

Next, it appears that nearly 20 percent of respondents said their health systems’ security was breech (at least those who admitted as much) and that 22 percent of said security was a priority for the coming year, which should be the case if 20 percent of them faced a security issue.

I understand the scope of the survey and who its respondents are, but doesn’t it strike anyone else as slightly odd that all of the changes to come are related to the IT? All, or much, of the reform is designed to engage patients and bring them closer to their care providers? Shouldn’t it be implemented to help improve outcomes and to drive better results and make the system more fluid? I guess IT is going to be what get’s us there.  But along the way, couldn’t more be done at the care level as well as the IT level? Could some of the hiring take place to serve patients rather than the practice?

I digress. Apparently, for now, we’ll have to be thankful that all of this change is leading to improved job growth and fixes to the breeches that await us.

http://himssblog.files.wordpress.com/2013/03/himss_leadershipsurveyinfographic_022813_hires.jpg

Training Cited as Key Concern Regarding State of EHR Implementations in Healthcare Industry

A straightforward piece of news from TEKsystems Healthcare Services, a provider of workforce planning, human capital management and IT services to the healthcare industry, showing the following results a joint survey with HIMSS Analytics regarding health organizations’ readiness pertaining to the implementation of electronic health record (EHR) systems.

According to TEKsystems, the survey shows insights into the status of EHR implementations, the challenges healthcare organizations face and areas of improvement; TEKsystems and HIMSS Analytics surveyed 300 single and multi-hospital organizations and health professionals throughout the United States. Key findings include:

Current State of EHR Implementations

Achieving end user adoption

“Achieving meaningful use and truly improving the quality of patient care can only happen if end users fully adopt a new EHR system in an acceptable timeframe. Organizations expect their people to adapt quickly, yet many do not plan for end user training until late in the effort,” says , TEKsystems vice president of healthcare services. “Upfront training strategy development would allow for the identification of key competencies and performance indicators. As organizations transition from implementation to day-to-day operations, any deficiencies in the ability to meet the targets can be pinpointed to either a specific user group, department or globally as indicated by analytics and aligning remediation accordingly. Developing an effective adoption strategy is a critical step that needs to be detailed earlier in the process and carried throughout the life of the initiative. That includes finding the appropriate resources necessary for building, integrating and conducting the training.”

Bringing in the right people and skills

“The supply of HIT talent is not keeping pace with the demand –  from clinical trainers, builders and consultants to project and program managers. Finding the necessary resources can be a daunting task for many organizations, but one that is essential to achieving a successful EHR implementation,” continues Kriete. “That includes finding the right principal trainers and scaling to meet the overall training and adoption needs.

Conducting an impactful training experience for the end users

“The importance of effective training cannot be overlooked. To avoid these outcomes, organizations must proactively build a customized training program that is led by educators with clinical and technical EHR experience. The training cannot simply be ‘off-the-shelf.’ It should align with the overall organizational goals, workflows, technical requirements and end-user job roles” states Kriete. “One method for ensuring a training program is effective and builds confidence within an organization is to engage end users, those using the system on a day-to-day basis, in the development of the curriculum.”

“In addition to leveraging end users in this process, efforts should be taken to combine synchronous and asynchronous learning methods to foster a learning environment that meets the needs of the adult learner and their hectic schedules and a learning environment that is not bound by space or time” says Von Baker, TEKsystems healthcare practice director.

Including end users in the process

“This study shows the majority of executives and decision makers are engaged in the implementation process, but unfortunately, this is not the case with end users. Giving end users the opportunity to provide feedback during the development of and during the training boosts their sense of ownership and increases their confidence in the system post-implementation,” comments Baker.

Continuing to support end users after go-live

“The work does not stop once the implementation is complete. Providing post go-live support is critical to ensure the end users fully adopt the system. Best practice is to create performance support tools for end users to have ready access to how-to reference guides when the needs arise – self service.  The right blend of performance support tools depends on the organizations culture, internal drivers (i.e. varied workflows, varied specialties, and geographically dispersed facilities), and available technology. Underestimating the amount and degree of post go-live support can cause a decrease in productivity and performance and increase end-user frustration,” concludes Baker.

About TEKsystems Healthcare Services

TEKsystems Healthcare Services is dedicated to providing workforce planning, human capital management and IT services to the healthcare industry. Utilizing its suite of services, including EHR Implementation Support, ICD-10 Support and Data Services for BI, Reporting and Data Warehousing, they help healthcare organizations accomplish critical initiatives related to meaningful use, compliance, analytics, network transformation and revenue cycle management.

The Sequester: Analysis of Its Impact on Healthcare

Thanks to Ken Perez, senior vice president of marketing and director of healthcare policy at MedeAnalytics, for forwarding me the following very concise, yet detailed information about the sequester and its impact on healthcare from a white paper he drafted on the subject.

For those of you wanting to know more about how the sequestration came to be and the purpose for the reduction in spending over the next 10 years, Perez and MedeAnalytics do a great job describing the reasoning for it and its potential impact to the healthcare community in “The Sequester: Analysis of Its Impact on Healthcare.”

Thanks, Ken, for offering us a nonpartisan view of the sequester. We appreciate the objectivity to what’s become a very subjective debate. If after reviewing the following information and you have any questions or comments, leave them in the comment section. If they are for Perez, I’ll make sure he gets them and can respond.

Background of the Sequester

The Budget Control Act of 2011 (BCA) was the compromise legislative solution that enabled the United States to get through the debt crisis of the summer of 2011. The act was passed by the House of Representatives on Aug. 1, 2011, by a vote of 269-161, and by the Senate on the following day by a vote of 74-26. The BCA was signed into law by President Barack Obama on Aug. 2, 2011 as Public Law 112-25.

The intent of the BCA was to rein in long-term federal spending and raise the debt ceiling. To those ends, it put in motion $917 billion in cuts to discretionary spending (excluding Medicare) over 10 years and raised the debt ceiling by $900 billion.

In addition, the BCA created a 12-member Joint Committee of Congress (also known as the “Super Committee”) to produce proposed legislation that would reduce the deficit by at least $1.5 trillion over 10 years.

The act mandated a sequestration process (or sequester) that would be triggered if the Joint Committee was unable to agree upon a proposal with at least $1.2 trillion in spending cuts. Ultimately, to no one’s surprise, the Joint Committee failed to reach an agreement, and the sequestration process was triggered. Per the sequester: 1) The President could request a debt limit increase of up to $1.2 trillion; and 2) across-the-board cuts equal to the debt limit increase would apply to both mandatory and discretionary programs, with total reductions split equally between defense and non-defense functions.

The across-the-board spending cuts would be implemented from FY 2013 through FY 2021, a period of nine years, and apply to both mandatory and discretionary programs. The cut to Medicare would be capped at two percent and limited to cuts to provider payments.

Exempt from the cuts were Medicaid, welfare programs (e.g., food stamps), and other low-income subsidies, as well as Social Security, veterans’ benefits, civilian and military retirement, and net interest payments.

What would be the annual reduction by function of the sequester? Per Table 1, starting with the total reduction of $1.2 trillion to be applied over the nine-year period, a specified 18 percent for debt service savings is deducted, and then the result is divided by nine to arrive at the annual reduction of $109.3 billion for each year for FY 2013 through FY 2021. In every year, the annual reduction is split evenly between defense and non-defense functions, resulting in a $54.7 billion reduction for each function.

The Impact on Medicare of the Original Sequester

According to a September 2012 report from the Office of Management and Budget (OMB), the sequester would pare Medicare in FY 2013 by $11.8 billion, with the following distribution of the cuts:

The American Taxpayer Relief Act of 2012

In early January 2013, Congress averted the so-called “fiscal cliff” by passing the American Taxpayer Relief Act of 2012, Public Law 112-240, which, among many things, pushed out the implementation of the sequester until March 1, 2013, reducing the total cut for FY 2013 by $24 billion or 22 percent to $85.3 billion.

The Enactment of the Revised Sequester and Its Impact on Healthcare

Through March 1, 2013, President Obama and congressional leaders were unable to reach an agreement to avert the automatic spending cuts of the revised sequester.

According to the Congressional Budget Office and per Table 2, for FY 2013, the total cut of $85.3 billion includes $42.7 billion in cuts to defense, $9.9 billion in cuts to Medicare, and $32.8 billion in cuts to other non-defense programs.

Medicare accounts for 12 percent of the total cut and 23 percent of the nondefense portion. How might the $9.9 billion in cuts to Medicare be allocated? In the absence of further guidance from the OMB, a reasonable approach would be to apply the same proportions as the aforementioned September 2012 OMB report. This would yield the allocation reflected in Table 3, with Medicare Parts A and B sustaining the lion’s share of the cuts.

Medicare Part A could be cut by $4.9 billion, which could include an estimated $3.1 billion cut to the Hospital Inpatient Prospective Payment System (IPPS). This cut to the IPPS would translate into an estimated $0.9 million reduction in Medicare reimbursement for the average hospital.

Medicare Part B could be cut by $4.4 billion, which could include an estimated $1.7 billion cut to physician payments and a $0.7 billion cut to the Hospital Outpatient Prospective Payment System (OPPS).

According to the rule for sequestration, reductions in Medicare will begin in the month after the sequestration order is issued, i.e., April 2013, thereby delaying some of the effect on outlays until the ensuing fiscal year. Thus, for the federal government’s FY 2013, which ends September 30, 2013, the following could be the actual cuts:

Conclusion

The sequester clearly affects healthcare providers in FY 2013 in a material way. Unless it is repealed by Congress, the BCA — with its annual $109.3 billion sequester cuts for each of the next eight years — will raise the specter of two-percent funding reductions for hospitals and physicians on a yearly basis.

Because of the significance of healthcare to the federal budget and the nation’s economy, the broader philosophical and fiscal debate between the two political parties on what is the best way to reduce the deficit and engender economic growth will continue to impact the reimbursement rate-setting process.

HIMSS’ Must See Sessions from those Who Will Be In Attendance

As a service to readers of Electronic Health Reporter I decided to ask its readers which sessions they most wanted to see at HIMSS13. For the record, I have attended HIMSS more than once so I understand how overwhelming it can be. However, I also understand that there are plenty of great resources available to those in attendance regarding which events to attend. Certainly, what I offer here is by no means authoritative nor is it objective.

Thus, I leave it up to you to decide what you are going to do while in New Orleans. All I can say is thanks for reading. I hope this helps.

Other sessions of note:

Social Media Is King When It Comes to Marketing a Medical Practice to Patients and Engaging Them

There continues to be a great deal of talk about the need to marketing a medical practice to patients as a way to engage patients and build a loyal patient following.

However, the strategies that practice leaders can take to engage those they serve seems somewhat elusive.

With Meaningful use reform continuing to bear down and patient engagement ever more important because if it, I decided to ask a few readers of Electronic Health Reporter what tactics they would take to encourage practices to market their practices and, ultimately, engage their patients.

Here are a couple of the responses I received:

Susan M. Tellem, RN, BSN

Physicians need to market their practices using free and easily accessible practices. For example:

Vicki Radner, MD

Likewise, Radner says. “Get social! Social media can and should be part of each physicians’ marketing plan. Create a blog post, Facebook entry and a tweet that describes your practice and its technology in a client-centered way. For example, ‘Want more control over your medical story? Sign up for the patient portal.’”

Clearly, social is king. I’m not surprised. Each of the responses I received were similar in nature. I would recommend the same approaches to anyone who asked because they are effective and because they are free.

In the current market, we go where those we want to serve are and we capture their attention by informing them, educating them and engaging them. Social media does just that and with a little premeditated thought, a marketing campaign can be quickly and easily implemented.

Like all things done for the first time, there may be some excitement and some fear. This is perfectly normal. Practice and repetition will help, ad in the beginning, while you are building your campaign you’ll be able to practice.

Something else to consider when creating a marketing campaign for a practice is to find people who are conducting successful campaigns and start to follow their example. There are real leaders already doing great things as far as educating and engaging patients. Do a little research and find people you can relate to then use their strategies to build your own program.

I’d love to hear more strategies for marketing a practice to patients. If you feel like sharing yours, feel free to leave a comment below.