Guest post by Ken Perez, vice president of healthcare policy, Omnicell.
Ken Perez
What a momentous few days in Washington were observed at the end of July! On July 25, Senator John McCain (R-AZ), dealing with brain cancer, made a dramatic entrance into the Senate Chamber and delivered an impassioned plea to return to regular order and bipartisan compromise, suggesting a process that would begin with the Senate Committee on Health, Education, Labor and Pensions (HELP) under chairman Lamar Alexander (R-TN) and ranking member Patty Murray (D-WA) holding hearings and producing a bill that incorporates contributions from both sides.
McCain’s suggestion was applauded by many senators on both sides of the aisle. The Senate voted to debate repeal and replacement of the Affordable Care Act (ACA), 51-50, with Vice President Mike Pence casting the tie-breaking vote.
The following day, the Senate rejected a bill to repeal the ACA without replacement, 45-55, and in the early hours of July 28, the Senate rejected the “skinny repeal” of the ACA, the Health Care Freedom Act of 2017 (HCFA), 49-51, with Republican Senators McCain, Susan Collins (ME), and Lisa Murkowski (AK) joining the 48 Democrats to defeat the bill. The skinny repeal would have repealed the individual and employer mandates, temporarily repealed a tax on medical devices, defunded Planned Parenthood for a year, provided more money to community health centers, and given states more flexibility in complying with ACA regulations. Thus apparently ended the Republican quest to repeal and replace the ACA, as Senate Majority Leader Mitch McConnell (R-KY) conceded, “It is time to move on.”
In the wake of the HCFA’s defeat, supporters of the ACA were euphoric, but two sobering challenges facing the U.S. healthcare system—one short term, the other long term—loom like imposing mountains.
The Short-term Challenge
The immediate concern is how to stabilize the troubled ACA individual health insurance marketplaces, clearly the Achilles’ heel of the health reform law. Health insurers continue to leave in droves, with 80 departing this past year and Anthem announcing on August 7 that it will leave Nevada’s ACA marketplace in 2018. Premiums are rising many times the growth of both the Consumer Price Index and U.S. healthcare inflation. Moreover, President Donald Trump is threatening to cut off the ACA’s cost-sharing subsidies, which work to prop up the marketplaces and shield some individuals from the premium increases. Obviously, such a move by the Executive Branch would not encourage bipartisanship.
The Long-term Challenge
Even more daunting than the travails of the marketplaces is how to bend the healthcare cost curve. The ACA has not materially slowed the growth of national health expenditures, which will rise by 5.4 percent versus 2016 and reach $3.5 trillion this year. To put $3.5 trillion in perspective, it amounts to 18.3 percent of the nation’s gross domestic product (GDP) and translates to almost $11,000 per person.
Additionally, nominal national health expenditures (not adjusted for inflation) are projected to increase by an average annual rate of 5.6 percent from 2016 to 2025, almost 1.5 times as fast as the growth in nominal GDP over the same period. As a result, healthcare costs will constitute a staggering 20 percent of GDP in 2025.
Conclusion
With the stalled effort to repeal and replace the ACA, Congress still must grapple with the hemorrhaging of the health insurance marketplaces and unacceptably high rates of healthcare cost inflation. Scaling these two mountains will require the kind of bipartisan compromise and collaboration that Senator McCain so passionately advocated.
Why should physicians and providers care about the possibility of a ransomware attack? There are several reasons. First, it is disruptive both to patient care and to the revenue cycle. Second, it is costly in terms of time, IT capital, and if the attacker is paid, money. Finally, the time it takes to correct the attack, implement paper charting and communication, and subsequently revise the electronic medical record system can be arduous.
To understand the necessary precautionary measures and what to do in the event of an attack, it is first necessary to identify what ransomware is and how it works. A common definition of ransomware is “a type of malicious software designed to block access to a computer system until a sum of money is paid.”[1] A ransomware attack may target a business or an individual. The two categories of attacks are Denial of Service (“DoS”) and Distributed Denial of Service (“DDoS”). A DoS attack affects a single computer and a single internet connection, while a DDoS attack involves multiple computers and connections. According to PC World, three types of ransomware programs top the list – CTB-Locker, Locky and TeslaCrypt.
A common question that arises is whether or not to pay the ransom in order to have the data returned. The FBI advises not paying the ransom, advice that has been echoed by statistics.
“Kaspersky’s research revealed that small and medium-size businesses were hit the hardest, 42 percent of them falling victim to a ransomware attack over the past 12 months. Of those, one in three paid the ransom, but one in five never got their files back, despite paying. Overall, 67 percent of companies affected by ransomware lost part or all of their corporate data and one in four victims spent several weeks trying to restore access”
This leads us to the best ways to defend against an attack, as well as steps that should be taken if an attack occurs.
Proactive steps include: educating employees about social engineering, phishing and spear phishing, continuously making sure that software updates are installed, creating a layered approach to security defenses, limiting access to the network, making sure that policies and procedures are comprehensive and updated, and ensuring that data is backed up daily.
According to FBI Cyber Division Assistant Director, James Trainor, “These criminals have evolved over time and now bypass the need for an individual to click on a link. They do this by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.”[2] Hence, recognizing the avenues that cybercriminals use to gain access and taking appropriate administrative, physical, and technical precautions can reduce the risk of an attack.
As the healthcare landscape evolves, today’s community health providers are in a unique position to design new care delivery initiatives that can support healthier individuals, families, and communities, powered by adopting innovative technology tools. According to a study on factors influencing healthcare service quality, published in the International Journal of Health Policy and Management, healthcare outcomes are enhanced when patients and healthcare providers collaborate in a supportive environment.
Care coordination is a vital component in improving the delivery of patient-centered healthcare and social services. This is especially true for high-risk populations, such as those going through transitions of care and those who belong to certain populations. Transitions of care include the time period around hospital discharge or transfer to a new healthcare setting, such as a long-term care facility or home health. These transitions leave at-risk patients vulnerable to loss of continuity of healthcare.
Populations requiring additional considerations include homeless, children in foster care and patients who over-utilize the emergency department for non-emergencies, to name a few. The goal of care coordination for these populations is to anticipate needs, collaborate with all providers of services, and to coordinate the wide array of health, social and supportive services for each group. The main goal is to improve the quality of care while avoiding costly hospital admissions and re-admissions.
To help optimize critical coordination efforts, technology solutions can help the entire care team of providers in various locations collaborate across the care continuum, raising awareness of an individual’s physical, behavioral, and social factors and driving whole-person care. Organizations like Community Health Partnership (CHP) – a Colorado Springs-based collaborative of local health providers – aim to align many care management activities throughout the community.
Here are some strategies healthcare providers and organizations should consider when designing innovative care delivery initiatives:
Throughout the technological age we are currently living in, the advances in medical technology have gone far beyond what was once considered possible. Thanks to the introduction of the Internet and smart phones, information has become more readily available then ever before. Social media platforms have also made it possible for us to personally connect with people across the globe. These advances have shaped the way medical field has stored and held information. Medical providers are increasingly realizing the advantages of switching to electronic heath records (EHRs) as opposed to traditional pen and paper patient records. EHRs allow patient records to be more readily available, allowing for better office efficiency and patient relations.
The Old: Provider-centric EHR Software
However, patient convenience is still a factor within EHR technology that needs improvement. In today’s society, it has become the expectancy to be able to find information on the go at the touch of our fingertips. This is especially true when the information they are in search for is relevant and relates to them. Unfortunately, EHR features have become focused on billing and coding, as opposed to being more patient centric. This is a result from physicians being typically paid based on the exams and procedures performed during an office visit. Physicians need their software to document complex billing codes to ensure they’re properly paid.
It’s Time for EHR Software to be Patient-centric
It’s time EHR vendors stride towards the next evolutionary step to becoming patient-centric. This problem can be solved by following the lead of an outside innovator in sharing and viewing information about individuals: Facebook. Facebook is the front-runner for social media platforms, and their results show. Facebook is the fourth most valuable brand in the world; so clearly, there is something about this technology and interface that people appreciate.
Guest post by Gavin Robertson, CTO and senior vice president, WhamTech.
Gavin Robertson
As technology continues to permeate healthcare in different ways, it is becoming increasingly important for providers to have access to the data generated and retained by these technologies. With insurance providers, hospitals and clinics using a variety of electronic health records (EHRs), patient portals and databases, it can be difficult for all providers to have access to all relevant and most recently updated patient information. Differences among EHR vendors and systems make data access, sharing and interoperability nearly impossible.
Interoperability is a hot topic in healthcare today. Healthcare providers want to move beyond conventional Healthcare Information Exchanges (HIEs) that generally exist as single application to single application (P2P) data formats. The HL7 standard data model has helped a lot, but (i) it is too complex and extensive for full adoption, (ii) it is, typically, a specific relational or hierarchical implementation, requiring additional transformation, and (iii) there are a number of implementation variations.
Regardless of the improvements associated with the HL7 standard data model, the challenges facing interoperability remain; in that (a) multiple vendors have multiple ways to represent common data, (b) data may be required from more than one application and associated data sources, (c) poor data quality, (d) there may be no unifying view of data from one or more data sources, e.g., single patient view, and (e) there is no ability to write back to/update data sources.
HL7-based FHIR (Fast Health Interoperability Resources) APIs is a recent attempt to standardize access to data sources, but most vendor systems are nowhere close, as it is a different way of representing data from most vendor data schemas; i.e., object vs relational data representation. Also, some FHIR APIs need access to multiple tables in a single data source or in multiple data sources.
To implement FHIR APIs, one approach is to convert between the data source schemas (relational, hierarchical or flat) and the FHIR object model on-the-fly, but it does not address other shortcomings (poor data quality, no federation and lack of master data management (MDM)/single patient view). Another approach, which improves on just converting formats, is to copy and transform data into FHIR-friendly data stores and enable data services on top. However, this introduces additional problems, including latency, security, privacy, no interactivity; e.g., no write back/update to operational systems, additional storage and systems, and time and cost to implement.
Regardless of the approach, FHIR APIs open up interoperability and raise capabilities to new levels. New workflows can be developed and run using simple power end-user applications, such as BPM, reporting, BI and analytics tools. Examples include new smartphone app-driven BPM workflows running against FHIR API services, include write back/updates, on multiple legacy data sources in multiple organizations. Another example being hybrid cloud installations where multiple data sources are both on premise and in the cloud.
Guest post by Sean Hughes, EVP managed document services, CynergisTek.
Sean Hughes
Healthcare has spent a significant amount of both human and financial capital addressing the security of their environments over the last several years – but have we forgotten a major vulnerability?
Printers and print-related devices (e.g. copiers, fax machines, scanners, etc.) continue to be a major component of our infrastructure and a big part of our clinical and business workflows, yet in most organizations, they continue to represent a gaping hole in our defenses. The advent of the EHR has not equated to the perceived reduction in print, but rather some research shows it’s responsible for an 11 percent increase in print in healthcare over the same time as the implementation of this technology. This increase in print volume brings with it an increase in the number of devices required to process the paper.
The approach most organizations have taken related to the security of these devices falls into one of two categories: segmentation of the network or reliance on manufacturers for “secure” devices. These approaches vary significantly from the approach most organizations have taken for other endpoint computing devices and leaves an organization open to the possibility of negative outcomes.
The industry has seen an increase in the computing power of these devices (e.g. internal hard drives, scan to file or application, residual data on devices, mobile printing, USB-enabled device access, etc.) and the bad guys are aware of this. More and more we see stories in the news of print devices being used as entryways for bad guys to circumvent our protections and put our data and our organizations at risk. According to an article published by BBC News in February 2017, “Hacker Briefly Hijacks Insecure Printers,” a hacker was able to access more than 150,000 printers that were briefly left accessible via the web.
The most effective way to address this threat is to treat these devices no differently than all our other data endpoints, be it a desktop, server, or any other piece of infrastructure. We need to look at these devices and ensure they meet the same security standards.
The most effective way to mitigate risks starts with knowing what the risks are. The first step should be a comprehensive printer fleet security assessment that is part of your overall security program. This can be accomplished either through your internal processes or by engaging a competent third party. Either way, you need to know what you don’t know, and you need to know it now.
The results of that assessment will drive the remediation efforts as well as define the ongoing measures our organizations should take. These steps will be directly related to the vulnerabilities identified but will most likely fall into the following categories:
Regardless of whatever business you operate, the end goal is always customer satisfaction and healthcare is no different. Since healthcare is particularly valuable, it makes sense that the financial reward given to a valuable service should be high and based on a value model.
However, value-based models in healthcare do not have the same outcomes as they do in other businesses.
Value-based payments
Value-based payments have their advantages and disadvantages. For instance, on the one hand, value-based systems effectively liberate physicians from the constraints of fee for service so that they can concentrate on the overall health of their patients. Alternatively, some people say that value-based payment systems impose unneeded extra pressure on providers without necessarily getting the job done.
What is value-based payment in medicine?
Value-based systems reward physicians and healthcare providers with incentive payments for the quality of care given to patients with Medicare. These payment systems are part of a strategy to improve how healthcare is delivered and paid for. The purpose of any value-based system is to:
Improve how patients are given care in hospitals
Improve the overall health of the population
Lower the overall cost of healthcare
Effectively, value-based systems move toward paying doctors and healthcare providers based on the quality of care rather than the quantity of care given. Instead of charging patients based on the number of visits and tests that they order (fee for service payments), today, more hospitals are charging based on the value of the care that they give.
Fee for service payments
Traditionally, healthcare providers are refunded by third-party payers like insurance firms or by the government through Medicare or Medicaid. The amount of money that is paid is set at a going rate that is typically established by the agencies themselves. Since the budgeting of the costs and expenses are based on third party consumers, the system is marred by administrative hiccups, which has led to runaway care costs at the expense of the quality of care given and the patient.
The differences
The difference between fee for service and value-based payments lies in reimbursements and the quality of care provided.
Guest post by Jeff Fountaine, director of healthcare, Ingenico Group.
Jeff Fountaine
In 2017, the healthcare industry is continuing to discuss the major shifts that are taking place around a patient’s financial responsibility. While it’s important to acknowledge that these discussions have been largely driven by significant changes to reimbursement models, it’s imperative that we look beyond this single causation. Financial responsibility involves more than simply making and collecting payments.
Consider these figures:
Consumer payments to healthcare providers nearly doubled from 2012 to 2015
84 percent of employers have increased or say they plan to increase insurance deductibles and/or co-pays for their plan participants
As a result, healthcare providers are managing much higher transaction volumes from patients, which is causing them to rethink their approach to collecting payments. A new approach requires a deep dive into payment security, PCI scope, EMV and workflow changes – a challenging proposition to say the least.
To understand these challenges and how healthcare providers are responding, let’s take a look at some of the top revenue cycle trends in the industry.
Key Revenue Cycle Trends
Bloomberg recently reported that the second-biggest for profit U.S. hospital chain revised its Q4 2015 provisions for bad debt up by $169 million. Forty percent, or $68 million, was from patients that were unable to pay deductibles and co-payments.
In a similar fashion, J.P. Morgan’s Key Trends in Healthcare Patient Payments report pointed out that the rate of bad debt for insured patients is increasing by over 30 percent per year at some hospitals.
Not surprisingly, these and other challenges stemming from increased patient responsibility are dominating the 2017 revenue cycle management agenda for senior finance executives in healthcare. Among the top revenue cycle initiatives for 2017 are several related to payments:
Preventing or resolving underpayments
Lowering the cost to collect patient payments
Increasing collection rates among insured patients
Collecting more balances at the point of service
Understanding the role of payment technologies
At its highest level, payment technology plays an important role in advancing revenue cycle initiatives and addressing increases in patient responsibility. Most importantly, the technologies offer patients easy and secure payment options at multiple touchpoints within the continuum of care.
Below are a few of the ways payment technologies help healthcare institutions achieve their revenue cycle objectives while improving the patient experience:
