Guest post by Eduard Goodman, chief privacy officer, IDT911.
Earlier this year, Centene Corporation lost six hard drives containing personal and health information of almost one million of its clients, including names, addresses, dates of birth, Social Security numbers, member identification numbers and health information. Unfortunately, Centene is only one of many healthcare organizations that recently had their sensitive patient information exposed. More than 113 million health records were breached in 2015 – which translates to one out of every three Americans being affected by a healthcare record breach last year. Medical identity theft is a disastrous trend that needs to be addressed. The good news is there are many steps healthcare organizations can take to reduce the risk of data breaches.
Electronic Health Records
As more and more healthcare organizations transition away from paper medical records and move to electronic health records, it is critical that security features are put in place to protect the vast amount of data being collected. Just as the digitally stored health information is more easily accessible for employees, it is also easier for cyber criminals to access. According to the Ponemon Institute’s The State of Cybersecurity in Healthcare Organizations in 2016 report, nearly half of those surveyed said their organizations have experienced an incident involving the loss or exposure of patient information during the last year. Strong encryption, routine vulnerability patches and multi-factor authentication are key to protect health data.
Mobile and BYOD
Greater connectivity means more convenience, but this also opens more doors for hackers to access healthcare networks. Healthcare organizations should set clear BYOD policies so employees understand what can and cannot be accessed from mobile devices, what operating systems are approved for use on the network, what security features and settings are required and what type of data can be stored on devices. While using mobile devices can significantly improve productivity, it is important to minimize security risks in order to protect sensitive data.
Internet of Things
The Internet of Things is a growing trend in the tech world that has also become popular in the healthcare industry. Now, medical devices can collect, track and share enormous amounts of data instantly through internet connectivity. As these medical devices were most likely added to pre-existing networks, they may not have the necessary security protections. Security vulnerabilities are not just limited to EHR and health networks anymore – medical devices must be thoroughly inspected as well. Just as computers and servers are patched for vulnerabilities, medical devices that connect to healthcare networks must also be regularly patched. If these IoT enabled devices do not have the necessary layers of security, they will become an easy target for hackers to access the healthcare network.
Guest post by Amy Sullivan, vice president of revenue cycle sales, PatientKeeper.
The multi-year run-up to the ICD-10 cut-over last October had a “Chicken Little” quality to it. There was prolonged hand-wringing and hoopla about the prospect of providers losing revenue and payers not processing and paying claims – the healthcare industry equivalent of “the sky is falling.”
Then CMS helped calm things down by announcing last July (as the AMA reported at the time), “For the first year ICD-10 is in place, Medicare claims will not be denied solely based on the specificity of the diagnosis codes as long as they are from the appropriate family of ICD-10 codes.”
Since ICD-10 is all about specificity – the number of diagnosis codes increased approximately four-fold over ICD-9 – this was a big relief to all involved. And, if you believe new research data, the sky indeed has not fallen: Sixty percent of survey respondents “did not see any impact on their monthly revenue following Oct. 1, 2015… Denial rates have remained the same for 45 percent of respondents. An additional 44 percent have seen an increase of less than 10 percent.”
Still one has to wonder what will happen after Oct. 1, 2016, when the current leniency expires and ICD-10 code specificity is required. Will physicians be in a position to enter their charges completely and accurately once “in the general neighborhood” coding no longer suffices?
They will if their organization has invested in technology that adheres to best practices in electronic charge capture system design. The three watch-words are: specialize, simplify and streamline.
A charge capture system is specialized when it exposes only relevant codes to physicians in a particular specialty or department, and when it provides fine-tuned code edits. With different types and processes of workflows (and let’s face it, personal preferences), physicians need an intuitive and personalized application that easily fits into their individual work styles. A tailored user experience allows providers to build and display their patient lists in whatever way is most convenient and meaningful to them – down to lists organized by diagnosis and “favorites.”
The health IT revolution is here and 2016 will be the year that actionable data brings it full circle.
Opportunities to achieve meaningful use with electronic health records (EHRs) are available and many healthcare organizations have already realized elevated care coordination with healthcare IT. However, improved care coordination is only a small piece of HIT’s full potential to produce a higher level synthesis of information that delivers actionable data to clinicians. As the healthcare industry transitions to a value-based model in which organizations are compensated not for services performed but for keeping patients and populations well, achieving a higher level of operational efficiency is what patient care requires and what executives expect to receive from their EHR investment. This approach emphasizes outcomes and value rather than procedures and fees, incentivizing providers to improve efficiency by better managing their populations. Garnering actionable insights for frontline clinicians through an evolved EHR framework is the unified responsibility of EHR providers, IT professionals and care coordination managers – and a task that will monopolize HIT in 2016.
The data void in historical EHR concepts
Traditionally, care has been based on the “inside the four walls” EHR, which means insights are derived from limited data, and next steps are determined by what the patient’s problem is today or what they choose to communicate to their caregiver. If outside information is available from clinical and claims data, it is sparse and often inaccessible to the caregiver. This presents an unavoidable need to make clinical information actionable by readily transforming operational and care data that’s housed in care management tools into usable insights for care delivery and improvement. Likewise, when care management tools are armed with indicators of care gaps, they can do a better job at highlighting those patients during the care process, and feeding care activities to analytics appropriately tagged with metadata or other enhanced information to enrich further analysis.
Filling the gaps to achieve actionable data
To deliver actionable data in a clinical context, HIT platform advancements must integrate and analyze data from across the community—including medical, behavioral, and social information—to provide the big picture of patient and population health. Further, the operational information about moving a patient through the care process (e.g., outreach, education, arranging a ride, etc.) is vital to tuning care delivery as a holistic system rather than just optimizing the points of care alone. This innovative approach consolidates diverse and fragmented data in a single comprehensive care plan, with meaningful insights that empowers the full spectrum of care, from clinical providers (e.g., physicians, nurses, behavioral health professionals, staff) to non-clinical providers (e.g., care managers, case managers, social workers), to patients and their caregivers. Armed with granular patient and population insights that span the continuum, care teams are able to proactively address gaps in patient care, allocate scarce resources, and strategically identify at-risk patients in time for cost-effective interventions. This transition also requires altering the way underlying data concepts are represented by elevating EHR infrastructures and technical standards to accommodate a high-level synthesis of information.
Guest post by Ben Weber, managing director, Greythorn.
This is the time of year when people are looking into their crystal ball, and telling all of us what they see happening in the next 12 months. Some of these predictions will be wild (aliens will cure cancer!) and some will be obvious (more health apps in 2016!). But how many will be helpful?
As I gaze into my own crystal ball, I have to admit I’m also peeking at my email (I like to multi-task). I can’t really say if it’s inspired by the swirling lights of the magic orb on my desk, or if it’s because of the inquiries from clients, messages from my management team and RFPs from various hospital systems … but I also have a prediction for the New Year: 2016 will be the year of migration for Epic and Cerner consultants.
The United States healthcare industry has made great progress in EHR implementation—to the point where implementation is no longer the primary conversation we’re having. Now we’re discussing interoperability, if we’re using ICD-10 codes correctly, how and if we should integrate the data collected from wearable fitness technology, and more. Those discussions—and the decisions made as a result—will continue to require human intelligence and power, but in 2016 there will be a decreased demand for consultants on these projects. Healthcare IT professionals who have grown accustomed to this kind of work will either have to settle into full-time employment—or turn their nomadic hearts north to Canada.
Our neighbors on the other side of the 49th parallel are ramping up their EHR implementations, which is good news for consultants interested in using their passports. Implementations in the US are slowing down, and while there is still work available, it is not as constant and may not command the same hourly rates as in years past. Meanwhile, several leading Canadian healthcare IT organizations have already warned of a looming talent shortage in their country (source), the effects of which are beginning to be felt.
Epic and Cerner specialists are particularly in demand, as there is a dearth of experienced talent. Out of the Canadian healthcare IT professionals who have worked with an EMR, 28 percent report familiarity with MEDITECH, 13 percent with Cerner, and 7 percent with McKesson. Only 4 percent have worked with Epic, according to the 2015 Canadian Healthcare HI & IT Market Report.
Interoperability will be healthcare IT’s biggest trend in 2016 as the industry finally sees momentous forward movement.
In fact, interoperability is not a new trend. It has been an important mission (and a challenge) for healthcare administrators for decades, but the past couple of years have been game-changing:
First, the U.S. Department of Health and Human Services (HHS) wants interoperability to be a common feature in all EHRs by 2024 so that patient data can be shared across systems to provide better care at a lower cost. Since the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH), a $30 billion initiative to accelerate EHR adoption, more than 433,000 professionals (95 percent of eligible hospitals and 60 percent of eligible professionals in Medicare and Medicaid programs) have received incentive payments.
Second, the HHS’s ambitious announcement that mandates moving 50 percent of Medicare payments from fee-for-service-based to value-based alternatives by 2018 puts care coordination and interoperability at center stage. This historic initiative is transformational for patient-centered care based on accountability and outcomes and is the first step toward achieving better health overall with lower cost.
Third, there’s been significant industry momentum with more than 40 organizations coming together to work on HL7 FHIR (Fast Healthcare Interoperability Resource), dubbed “Project Argonaut,” an industry-wide effort to create a modern API and data services sharing between the EHR and other healthcare IT systems based on Internet standards and architectural patterns. Project Argonaut began in December 2014 and has made impressive progress. And while still evolving, the recently released Stage 3 meaningful use rules have emphasized interoperability — more than 60 percent of the proposed measures require interoperability, up from 33 percent in Stage 2.
Guest post by Kirk Larson, national CIO, healthcare, NetApp Inc.
As we start a new year, let’s take a moment and take stock of the past 12 months. Like an annual physical, it gives us a chance to take a pulse check on the industry and see what the next year has in store – the opportunities and the obstacles.
During 2015, we had the opportunity to chat candidly with CIOs, healthcare technology partners and healthcare providers to discuss the big questions affecting the industry:
— What are the big topics the industry will be focused on?
— What changes do you see coming?
— What new challenges lay ahead and what new technologies will help us overcome them?
Based on these discussions, here are some of the key trends healthcare CIOs can expect in 2016:
Electronic Health Record (EHR) Optimization
As healthcare organizations move beyond implementation phase of EHRs, CIOs and IT are refocusing their efforts towards enhancing care workflow and benefits realization by way of optimizing the IT infrastructure. Basically, the status quo on overspending on legacy hardware is no longer being tolerated.
While the high availability, performance and security requirements for IT infrastructure certainly aren’t lessening anytime soon, IT is feeling greater cost pressures to run EHRs more efficiently. As a result, organizations are looking to simplify IT operations for running on-premises data centers with improved data management solutions, with the end-goal of moving toward building their own private clouds.
In addition to greater cost efficiency, we are seeing a growing demand for increased agility of IT services. As such, organizations are looking to advanced analytics capabilities as a means of achieving greater responsiveness. But before they can reap the benefits of employing a population health management system, IT needs to shift from tired legacy IT environments to highly agile IT infrastructure.
Population Health Management
Population health management programs have long been used by healthcare insurers to increase wellness and decrease claims cost. Organizations leverage multiple data sources such as EHRs, pharmaceutical data, insurance claims, etc.; to enhance and preserve wellness, as well as, programs that anticipatory and pre-emptive in design.
Guest post by Robert Williams, MBA/PMP, CEO, goPMO, Inc.
I continue to view 2016 as a shakeup year in healthcare IT. We’ve spent the last five plus years coming to grips with the new normal of meaningful use, HIPAA and EMR adoption, integrated with the desire to transform the healthcare business model from volume to value. After the billions of dollars spent on electronic health records and hospital/provider acquisitions we see our customers looking around and asking how have we really benefited and what is still left to accomplish.
All politics is local
Our healthcare providers are realizing their clinical applications, specifically EMR vendors, are not going to resolve interoperability by themselves. When the interoperability group, CommonWell formed in 2013 much of the market believed the combination of such significant players (Cerner, Allscripts, McKesson, Athenahealth and others) would utilize their strength to accelerate interoperability across systems. Almost three years late CommonWell only has a dozen pilot sites in operation.
Evolving HL7 standards and a whole generation of software applications are allowing individul hospitals to take the task of interoperability away from traditional clinical applications and creating connectivity themselves.
Black Book’s survey published last month, stated that three out of every four hospitals with more than 300 beds are outsourcing IT solutions. Hospitals have been traditionally understaffed to meet the onslaught of federal requirements. Can they evolve into product deployment organizations as well? Across all the expertise they need within the organization? Most are saying no and searching out specialty services organizations to supplement their existing expertise and staff.
Are you going to eat that?
Patient engagement is on fire right now at the federal level (thank you meaningful use Stage 3), in investment dollars and within the provider
community. But to truly manage hospital re-admissions and select chronic diseases (diabetes, obesity and congestive heart failure for example)
providers need data and trend analysis on daily consumer behavior. The rise of wearable technology and the ability to capture data/analyze data from them will be a major focus going forward. These technologies will likely help to make us healthier but with a bit of big brother side affect.
Health IT’s most pressing issues may be so prevalent that they can’t be contained to a single post, as is obvious here, the third installment in the series detailing some of the biggest IT issues. There are differing opinions as to what the most important issues are, but there are many clear and overwhelming problems for the sector. Data, security, interoperability and compliance are some of the more obvious, according to the following experts, but those are not all, as you likely know and we’ll continue to see.
Here, we continue to offer the perspective of some of healthcare’s insiders who offer their opinions on health IT’s greatest problems and where we should be spending a good deal, if not most, of our focus. If you’d like to read the first installment in the series, go here: Health IT’s Most Pressing Issues and Health IT’s Most Pressing Issues (Part 2). Also, feel free to let us know if you agree with the following, or add what you think are some of the sector’s biggest boondoggles.
The healthcare industry has undoubtedly become a bigger target for security threats and data breaches in recent years and in my opinion that can be attributed in large part to the industry’s movement to virtualization and the cloud. By adopting these agile, effective and cost-effective modern technological trends, it also widens the network’s attack surface area, and in turn, raises the potential risk for security threats.
We actually conducted some research recently that addresses evolving security challenges, including those impacting the healthcare industry, with the introduction of cloud infrastructures. The issue is highlighted by the fact that the growing popularity of cloud adoption has been identified as one of the key reasons IT and security professionals (57 percent) find securing their networks more difficult today than two years ago.
Paul Brient, CEO, PatientKeeper, Inc. No industry on Earth has computerized its operations with a goal to reduce productivity and efficiency. That would be absurd. Yet we see countless articles and complaints by physicians about the fact that computerization of their workflows has made them less productive, less efficient and potentially less effective. An EHR is supposed to “automate and streamline the clinician’s workflow.” But does it really? Unfortunately, no. At least not yet. Impediments to using hospital EHRs demand attention because physicians are by far the most expensive and limited resource in the healthcare system. Hopefully, the next few years will bring about the innovation and new approaches necessary to make EHRs truly work for physicians. Otherwise, the $36 billion and the countless hours hospitals across the country have spent implementing electronic systems will have been squandered.
Email security is one of healthcare’s top IT issues, thanks, in part, to budget constraints. Many healthcare organizations have already allocated the majority of IT dollars to improving systems that manage electronic patient records in order to meet HIPAA compliance. As such, data security may fall to the wayside, leaving sensitive customer information vulnerable to sophisticated cyber-attacks that combine social engineering and spear-phishing to penetrate organizations’ networks and steal critical data. Most of the major data breaches that have occurred over the past year have been initiated by this type of email-based threat. The only defense against this level of attack is a layered approach to security, which has evolved beyond traditional email security solutions that may have been adequate a few years ago, but are no longer a match for highly-targeted spear-phishing attacks.
Dr. Rae Hayward, HCISPP, director of education and training at (ISC)²
Dr. Rae Hayward
According to the 2015 (ISC)² Global Information Security Workforce Study, global healthcare industry professionals identified the following top security threats as the most concerning: malware (77 percent), application vulnerabilities (74 percent), configuration mistakes/oversights (70 percent), mobile devices (69 percent) and faulty network/system configuration (65 percent). Also, customer privacy violations, damage to the organization’s reputation and breach of laws and regulations were ranked equally as top priorities for healthcare IT security professionals.
So what do these professionals believe will help to resolve these issues? Healthcare respondents believe that network monitoring and intelligence (76 percent), along with improved intrusion detection and prevention technologies (73 percent) are security technologies that will provide significant improvements to the security posture of their organizations. Other research shows that having a business continuity management plan involved in remediation efforts will help to reduce the costs associated with a breach. Having a formal incident response plan in place prior to any incident decreases the average cost of the data breach. A strong security posture decreases not only incidents, but also the loss of data when a breach occurs.
Guest post by Steve Tolle, chief strategy officer and president of iConnect Network Services, Merge Healthcare.
Sooner than later, payers will demand meaningful interoperability to determine the true cost of quality healthcare outcomes. While they may not have a preference for which electronic health record (EHR) platform a doctor or health system uses, they will understand that a platform’s ability to communicate with other EHR platforms will affect the cost and quality of the care provided.
Payers are already implementing bundled payments for some types of costly care, such as full hip replacements. Conventional assumptions aside, physician fees and facility charges are not the leading drivers of joint replacement cost variability. Instead, wide cost disparities frequently seen between Joint Replacement Procedure A and Joint Replacement Procedure B are the product of unpredictable charges for supplies, anesthesia, and medical imaging. When payers start bundling reimbursements for common procedures, risk will shift to providers who will be challenged to closely manage cost fluctuations. In preparation for this transition, healthcare organizations must proactively assess their imaging strategies to keep their business running smoothly, continue providing quality patient care, and ensure they maximize revenue for the services they deliver.
What Providers Must Evaluate
Medical imaging is a $100 billion industry that drives $300 billion in healthcare spending. It accounts for nearly eight percent of U.S. healthcare spending, according to the Journal of the American College of Radiology — a costly component of care that must be effectively addressed as the industry readies itself for the shift from volume to value-based reimbursement.
The U.S. Department of Health and Human Services recently set an ambitious goal that by 2016, 85 percent of healthcare payments will be tied to quality and value of care. Successful healthcare organizations will need to manage two key factors closely — appropriateness and efficiency.
CMS and private payers will increase their vigilance around quality measures such as readmission rates and unnecessary diagnostic imaging. Medically unnecessary or redundant imaging is already on Medicare’s radar, showing up in legislation that mandated decision support for imaging and extended the deadline for ICD-10 conversion. If providers begin to correct course now, downstream risk of lost revenue and decreased patient satisfaction can be mitigated, if not avoided.
Take Stock of Current Assets
To stay ahead of the curve, providers should evaluate all aspects of their image management programs. Many are looking for new solutions that simplify and digitize outdated, paper-based procedures for patient orders, automate insurance payment authorization, and move images from point A to point B in real time, regardless of file format.
Guest post by Num Pisutha-Arnond, managing partner, Curas, Inc.
Now that we are approaching the final stage of meaningful use, what has all of this regulation, incentives and penalties gotten us? The answer to that is unclear. Instead, what we are starting to see is a more introspective look at electronic health records. The real question has nothing to do with meaningful use, which was an externally mandated set of systems and requirements. Today, practices find themselves internally motivated to examine exactly what they would like to get out of this system that you have spent a lot of time, money and effort putting in. How can they improve operations, their finances, patient care and experience? What is the practice itself trying to accomplish? The answer to that varies significantly by specialty, practice size, geography, and your goals and priorities as they relate to your practice.
Because we’re already beginning to see life after meaningful use, and have been for the past 18 to 24 months, we can provide insight into some common goals and how practices are moving beyond meaningful use to achieve what cannot be measured by the criteria set forth by CMS.
The primary goals that we have experienced with our clients can be broken down into a few categories:
Better patient care
Better patient experience
Improved practice profitability
Provider and staff quality of life
Better patient care
Items related to this category often include the creation of patient dashboards/reports and patient recalls/campaigns to stay engaged with patients. However, the most effective, and often tougher initiative to implement, is a point of care system that lets providers and staff know when a patient should possibly have a certain test or procedure performed without having to search for data across different progress notes or screens.
Better patient experience
Most practices and vendors immediately jump to patient portals, kiosks and apps when discussing these goals. However, these are just a few of the tools that can be used to improve patient experience. In some cases, these tools may actually not enhance the experience if they are lacking in usability or if they are deployed in an uncoordinated manner. What is needed is a look at the overall patient experience from when they first call to the practice to when they have left the practice and need to be contacted by the practice. In some cases, the existing software and tools that have been implemented will work if the process is refined. In other cases, new software and tools may be needed. In others, you might even consider eliminating some of the technology to make a better experience for the patient.