By Scott E. Rupp, publisher, Electronic Health Reporter.
On March 21 HIMSS representatives vice president of government affairs, Tom Leary, and senior director of federal and state affairs, Jeff Coughlin, hosted a roundtable with members of the media to peel back a few layers of the onion of the newly proposed ONC and HHS rules to explain some of the potential ramifications of the regulations should they be approved.
The CMS proposed regulation is attempting to advance interoperability from the patient perspective, by putting patients at the center of their health care and confirming that they can access their health information electronically without special effort.
ONC’s proposed regulation calls on the healthcare community to adopt standardized application programming interfaces (APIs) and presents seven reasonable and necessary conditions that do not constitute information blocking.
According to HIMSS’s assessment of both proposals there’s room for interpretation of each, but the organization has not yet fully formed a complete response to each as of this writing.
Tom Leary
However, Leary said: “It’s important to emphasize that all sectors of the healthcare ecosystem are included here. The CMS rule focuses on payer world. The ONC rule touches on vendors and providers. All sectors really are touched on by these rules.”
With both, ONC and CMS is trying to use every lever available to it to push interoperability forward and is placing patients at center, Coughlin said. The healthcare sector got a taste of how CMS plans to empower patients through its recent MyHealthEData initiative, but the current proposal places more specifics around the intention of agency. Likewise, the ONC rule is attempting to define the value of the taxpayer’s investment in regard to the EHR incentives invested in the recent meaningful use program.
Key points of the rules
Some key points to consider from the rules: APIs have a role to play in future development of the sector and are seen as a real leveler of the playing field while providing patients more control of their information, Coughlin said.
HHS is focusing on transparency and pricing transparency. For example, there’s movement toward a possibly collecting charge master data from hospitals and, perhaps, publishing negotiated rates between hospitals and payers, which HHS is looking into.
Jeff Coughlin
What happens now that rules are out? According to HIMSS, education members is the first step to understanding it and responding to the federal bodies. “What we’ve done is focus on educating HIMSS members in briefings,” Coughlin said. “Trying to get early feedback and early impressions from members, convening weekly conference calls to address parts of the rule. Once we have critical mass then we work with executive leadership to make sure what we are hearing from membership to is reflected across the membership.”
Looking into the future?
For health systems, the broad exchange of data likely remains a concern. Data exchange within the ONC rule impacts providers and health systems in a number of ways, especially in regard to the costs of compliance to meet all of the proposed requirements.
HIMSS representatives are not currently casting a look into a crystal ball or if they are (they are), they’re not yet ready to tip their hand regarding what the organization intends to pursue through its messaging on behalf of its members.
“We’re not in a place to see where we are going to land,” Coughlin said. “We are hearing from our members about the complexities of rules and what’s included. It’s hard to overestimate how complex this is. ONC and CMS in designing broader exchange of information is something that speaks very well of them, but (this is) complex in interpretation and implementation.”
Information blocking exceptions, the default is broader sharing of information across the spectrum. More information has to be shared and expectations need to be defined, they said. From HIMSS’ perspective, compliance is the primary issue of its members. The question that needs answering is what kind of burden is being placed on health systems and providers. Leary is confident HIMSS will spend a good bit of ink in its response on citing potential concerns over information blocking and what that might mean.
“It will be helpful for the community to have examples and use cases for what’s included especially for exceptions for information blocking,” Coughlin said. “We need examples to clearly define the difference between health information exchange and health information network.”
By Abhinav Shashank, CEO and co-founder, Innovaccer.
Abhinav Shashank
What makes Super Bowls, banking transactions, and online search results altogether more special?
As an ardent supporter, concerned customer, and curious observer, I keep witnessing all three of them in real time. I want the best experience every time that I am the end user, and so does everyone else. In this day and age, it shouldn’t be an unrealistic dream anyway. We should be able to know the score in real time and in the same way, our credit card transactions as and when they happen.
Why doesn’t my healthcare data show the complete picture?
Ironically, for healthcare organizations, real-time updates are not always available while making decisions that can potentially impact patients throughout their lives. Traditionally, many solutions were not even made to optimize the time that providers spend with their patients. Rather, they were only built to ingest data in electronic formats, evaluate macro-level performance trends, and in the best case scenario, provide top stakeholders with financial trends in a concise manner.
Though most organizations today have business intelligence (BI) infrastructures in place, most of the insights generated through them are only good for analyzing things in retrospect and do not really assist providers in the moment of care.
Activated data is the backbone of healthcare technology
It’s one thing to know what is wrong, it is another to have a way of addressing it. For instance, notes from the last appointment with a patient can only provide care teams with half of the story. Unless care providers have a holistic pool of information regarding the patient’s whereabouts, they cannot initiate personalized care plans or impart evidence-based care.
Healthcare leadership should look for activating data from different facilities in their bid to maximize the knowledge base of their providers. Once they have all the data points, they can begin to run customized analytics to support clinical decision-making.
By Bill Kotraba, vice president, healthcare solutions and strategy, Information Builders.
Bill Kotraba
Data has long been a popular topic in healthcare and is even more so after this year’s HIMSS. The industry is buzzing about the joint CMS and ONC announcement, which proposes a framework to improve interoperability and support seamless and secure access of health information. The pressure is on for healthcare to tackle their data as the two organizations strive to provide patients with the ability to leverage personal information in various applications. And, this pressure will only increase as we look into the future, making it even more imperative that payers and providers address the issue now.
Beyond interoperability
Look more closely, and you will see that with their recent announcement CMS and the ONC are focusing on healthcare organizations’ ability to manage data across the enterprise. Historically, healthcare has worked from siloed applications and data sources with light integration using interface engines. Recently, healthcare organizations have pinned their hopes on leveraging data effectively through huge investments in new EHR platforms. The reality, pointed out by government officials at HIMSS in Orlando, is that this still results in significant challenges for healthcare organizations to manage information across the data value chain.
Although not part of their proposed framework, CMS and the ONC point out the need for better patient mastering across data sources. Organizations hoped their investment in a centralized EHR platform would solve this but that has proven to not be the case. In addition to patient data, healthcare organizations face challenges in mastering physician data, which can have wide impact, including on value-based care initiatives. The joint proposal also highlights that the ability to push back accurate, cleansed data to source systems is critical.
Healthcare needs a unified approach
Using FHIR to stop data blocking and push the industry towards a standards-based approach will help, but it’s not sufficient for the data challenges facing healthcare organizations. In addition to tackling the issues pointed out at HIMSS, healthcare organizations must:
By Jacob Denton, chief information security officer, Mosaic451.
Jacob Denton
Unless your security team has been living in a cave in one of the last remaining places on the planet where you can still unplug, you have certainly heard about the Petya and NotPetya ransomware attacks and the chaos caused by them. Petya was a somewhat “typical” ransomware attack in 2016: It encrypted the master boot record of infected computers and asked for ransom in the form of Bitcoin. But NotPetya, a potentially state-sponsored attack against Ukraine, was more similar to WannaCry, which occurred shortly before in 2017. In addition to ransoming companies to pay the hackers in Bitcoin, NotPetya also took advantage of the EternalBlue exploit and was a “worm” that could self-propagate, like WannaCry.
What made NotPetya unique was its intrusion into MeDoc, a Ukrainian tax and accounting software package. About 80 percent of Ukrainian businesses used this software at the time of the attack. The NotPetya hackers employed an innovative strategy: They put in a slightly different version of a file into MeDoc’s software updates.
Since MeDoc was so widely used throughout the Ukrainian business community, the hackers started spreading corrupted versions of MeDoc software in April. By June, undetected, they were able to insert the NotPetya ransomware. And since it was a worm, NotPetya was able to spread rapidly. It was a lot worse than Petya in its scope: It not only encrypted the master boot record, it also encrypted other important files, making the damage to companies’ hard drives even more serious.
Cyber security firm Cybereason reports that NotPetya cost companies approximately $892.5 million in lost revenue. While it first hit Ukraine, it hurt businesses worldwide, including FedEx, Merck, and Reckitt Benckiser.
What lessons have we learned?
First, that hackers have gone way past spamming naive end users. The NotPetya attack was particularly troubling because it was a “clickless” attack that didn’t need to rely on end users for access. It also took advantage of software updates, a holy grail of commonplace cyber security.
Thankfully, there are some precautions cyber professionals can heed from this hack. According to Johns Hopkins University Computer Science Professor Matthew Green, one limited action developers could do to help “prevent their software updates from being corrupted” is to “co-design.” This would mandate that anyone trying to add new code to an application would need to sign with a cryptographic key that cannot be forged. For example, MeDoc did not have co-designing, so hackers were able to alter code in the software update.
Technology is the new creed that has literally touched almost every aspect of our life. Be it communication, traveling, or exercising, we are always interacting with technology. However, healthcare has always been considered a very conservative area in terms of technology deployment. This is because, in its very nature, healthcare mainly deals with human life which calls for utmost precaution. But the emergence of machine learning and artificial intelligence has sparked innovation and a myriad of solutions that are already working in the healthcare industry.
At the forefront of this growth are Android-powered smartphone devices. It’s estimated that 88 percent of all the devices sold in the last quarter of 2018 were all powered by Android. It shouldn’t then come as a surprise that companies are looking to hire Android developers to build health-care related apps.
But what does the future hold for tech solutions in the health industry? In this article, we are going to look at the trends in healthcare to look out for in 2019 and a few examples of apps for healthcare.
Artificial Intelligence and Machine Learning
“If you’re arguing against AI then you’re arguing against safer cars that aren’t going to have accidents, and you’re arguing against being able to better diagnose people when they’re sick.” – Mark Zuckerberg during a live Facebook video in 2016.
Artificial intelligence and machine learning are getting increasingly sophisticated to the extent of surpassing human capability and the potential for these two technologies in the healthcare ecosystem are huge.
One of the biggest potential benefits of AI in 2019 is helping people to stay healthy without consulting a doctor, or at least do it less often. Coupled with the Internet of Medical Things (IoT), AI is already being used to develop consumer health apps that proactively show patients how to stay healthy.
Moreover, AI is increasingly being used by healthcare professionals to gain deep insights and better understand of routine patterns occurring in patients. With these deeper insights, the caregivers are able to give better diagnosis, guidance, and support to the patients. For instance, the American Cancer Society is already using AI to detect cancer at the initial stages with 99 percent accuracy.
Product development is another area that AI and machine learning are being used. R&D in the medical field can be painstakingly slow and costly given that hundreds of variables need to interact with each other. Today, medical researchers are using AI to safely explore biological and chemical interactions of drugs using the discovery process and clinical data.
Another area you can get artificial intelligence in healthcare is through workflow optimization. It helps automate repetitive tasks such as routine paperwork, patient scheduling, and time-folio entry.
Wearables and Augmented Reality
I do think that a significant portion of the population of developed countries, and eventually all countries, will have AR experiences every day, almost like eating three meals a day. It will become that much a part of you.” — Tim Cook at the 2016 Utah Tech Tour – source.
Virtual wearables and augmented reality devices are other emerging healthcare trends proposing to make significant advances in the healthcare space in terms of diagnosis and medical education.
On one side of the scale, virtual reality superimposes a patient in an artificially created surrounding, whereas, augmented reality helps generate layered images to real like objects. As a result, these technologies are and will continue being used by emergency response services providers to relay critical first aid information before the first responders arrive at the hospital.
In the prevention and diagnostics front, VR/AR has allowed medical care providers to create and manipulate different camera colors to reflect or replicate pre-existing effects in their databases.
But perhaps, the biggest impact of VR can be seen in 3D reconstructions of human organs. This has proven important especially when surgeons need to re-create the exact size and positioning of human organs before conducting complicated surgeries. Having the same exact replica of human organs give surgeons the know-how on how to deal with particular organs no matter how small they are.
In terms of medical education, both VW and AR have been great tools in transforming the way students learn. Surgeons are able to rehearse surgery procedures using dummies quicker and without having to use actual human bodies.
The internet age has brought along profound changes in the telemedicine landscape. In the earlier years, telemedicine was strictly limited to doctor and nurse consultation. However, the proliferation of smart mobile devices that are capable of transmitting high-quality videos has opened up avenues for virtual healthcare services from specialists to patients straight in their homes. This is especially paramount in remote areas where doctors can’t easily reach.
Members of the American Health Information Management Association (AHIMA) called on Congress to better serve and protect the growing population of healthcare consumers who use technology – such as social media, wearables and mobile health (mHealth) apps – to manage their health. AHIMA members met with Congressional leaders in Washington, D.C. on this issue, among others relating to the need for HIPAA modernization, during the 2019 AHIMA Advocacy Summit.
These technologies, referred to by the Office of the National Coordinator (ONC) as “non-covered entities” (NCEs), are not covered by the Health Insurance Portability and Accountability Act’s (HIPAA) individual right of access laws, meaning that an individual often times has no right to request their sensitive health information from such technologies. Rather, in many cases, whether such health information may be shared with the individual is left up to the discretion of the application itself.
To ensure this growing patient group’s information is both accessible and protected, AHIMA recommends lawmakers develop or direct the U.S. Department of Health and Human Services (HHS) to define HIPAA NCEs in law, extending HIPAA’s individual right of access to these entities. This will ensure the same uniform data access policy for individuals using health technologies.
Wylecia Wiggs Harris, PhD
“As technology continues to shape healthcare, the number of patients using wearables, social media and mobile apps for health purposes has skyrocketed, but this shift in how patients record data shouldn’t affect their level of protection and access,” said AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “AHIMA’s members are pushing for a solution that balances access to information, patient protection and maximizing use of technology.”
During the Summit, AHIMA advocated for three additional key issues related to patient information and the need for a modernized version of HIPAA:
Seeking to recognize a healthcare delivery organization that takes an outstanding and innovative approach to health information management (HIM), the American Health Information Management Association (AHIMA) is calling for applications for the eighth annual Grace Award.
Interested applicants can submit their entries via ahima.org/grace through May 31.
Ninety years ago, Grace Whiting Myers acted on a sincere conviction to improve the quality of our nation’s health records by founding the association now known as AHIMA. The idea was simple–that advancements in the collection and organization of health information will invariably help to improve public health. As a tribute to Myers’ prescient vision, AHIMA’s annual HIM award bears her name: The Grace Award.
Past winners of the Grace Award regularly demonstrated transformative journeys toward new and innovative HIM practices that also delivered better patient outcomes.
Wylecia Wiggs Harris, PhD
“AHIMA is excited to open nominations for an organization that is taking innovative and novel approaches to using HIM to deliver high-quality care to patients,” said AHIMA CEO Wylecia Wiggs Harris, PhD, CAE. “This process furthers an industry dialogue about innovation and excellence and invites us to learn from each other.”
The 2019 award will be presented at AHIMA’s Health Data and Information Conference in Chicago, September 14-18.
A committee of judges, representing healthcare delivery organizations, health information professionals and HIM associations, selects the Grace Award. This year’s judges are:
(CHAIR) Sandra Pearson, RHIA, CHDA, MHA, CPEHR, CDI & Data Governance Director, SCL Health
Agile companies do things faster and efficiently. In agile development, lean startup models apply agile methods to build high-quality systems that meet any industry, regulatory and other relevant standards such as HIPAA and remain “audit ready.”
Agile companies focus on quick wins, external focus, ruthless prioritization, and continuous development. Agile development relies heavily on constant testing to ensure improvement.
Agile compliance management
Lean development refers to a set of principles that are designed to eliminate waste, build-in quality, create knowledge, deliver fast results, defer commitment, respect people and optimize the whole process. At their core, both agile and lean development focus on efficiency, sustainability, speed, quality and communication.
Companies can deliver software faster when they eliminate inefficient processes. Agile development follows the following 12 principles:
Customer satisfaction
Harnessing change to gain competitive advantage
Delivering working software frequently
Bringing together business and development departments
Supporting talent
Conveying information efficiently
Measuring progress by working software
Promoting sustainable development
Focusing on technical excellence
Maximizing the amount of undone work
Using self-organizing teams to build the best designs, architectures, and requirements
Reflecting and adjusting
How Agile development applies to cybersecurity
Agile development methods align well to cybersecurity because they focus on harnessing change, readjustment and reflection. You see, malicious actors (think black hat hackers) have excelled in agile development. They continuously re-adjust their attacks to maintain superiority and remain one step ahead of defensive mechanisms employed by organizations by improving the quality of their software. To combat these threats, you need to come up with a similar agile security-first approach to protect your information and systems.
What is Agile compliance?
Agile compliance also focuses on the 12 principles of agile development; however, it focuses on threat mitigation and not product development. Furthermore, agile compliance prioritizes customer data security as well as stakeholder satisfaction as the primary product as opposed to customer satisfaction, which is the main focus of agile development.
When it comes to cybersecurity governance, risk and compliance (GRC), data integrity and availability leads to customer satisfaction and confidence. With compliance’s security-first approach, you create an iterative process that includes mitigation, monitoring, and review, which is aligned with your controls and protects your data.
In cybersecurity, an agile compliance program is a security-first strategy that is put in place to protect data. This strategy focuses on your data controls’ quality and ensures that even when industry regulations and standards lag behind threat vectors, your company maintains a secure data environment. Here are the 12 principles:
On March 21 HIMSS representatives vice president of government affairs, Tom Leary, and senior director of federal and state affairs, Jeff Coughlin, hosted a roundtable with members of the media to peel back a few layers of the onion of the newly proposed ONC and HHS rules to explain some of the potential ramifications of the regulations should they be approved.
At the forefront of this growth are Android-powered smartphone devices. It’s estimated that 88 percent of all the devices sold in the last quarter of 2018 were all powered by Android. It shouldn’t then come as a surprise that companies are looking to 
Another area you can get artificial intelligence in healthcare is through workflow optimization. It helps automate repetitive tasks such as routine paperwork, patient scheduling, and time-folio entry.
