Guest post by Abhinav Shashank, CEO and co-founder, Innovaccer.
Abhinav Shashank
A new complex rule is about to change the entire US healthcare industry. It will replace the Sustainable Growth Rate (SGR) and streamline the three programs. The NPRM for MACRA was passed in 2015 and after the comments and feedbacks from numerous healthcare experts, the final rule with comment period has been released by CMS.
In the final rule, CMS has responded to more than 4,000 comments in a document which is more than 2,300 pages long. Some of these comments have been implemented in the law. As a result of this feedback friendly approach, substantial changes have been made.
The New MACRA after changes
The law aims to bring in unified policies that will add greater value to the healthcare system through the new Quality Payment Program (QPP). The program rewards for value in two ways:
Merit-based Incentive Payment System (MIPS)
Advanced Alternate Payment Models (Advanced APMs)
Chance to adapt
To help the physicians get used to the program CMS has declared the first year — 2017 — as “transition” year. There will be four options available to physicians in the transition year:
Clinicians can choose to report one measure in the quality performance category; one activity in CPIA or report the measures in ACI to avoid the negative adjustments. Alternatively, if they choose to report none, they will receive negative adjustments of 4 percent.
Report for minimum 90 days more than one quality measure, more than one CPIA or more than the required ACI to avoid negative adjustments and qualify for possible MIPS positive adjustments.
Ideally, report for a year or more than 90 days and maximize the chances to receive higher positive adjustments.
Participate in the Advanced APMs program, and if can to see ‘sufficient’ portion of the Medicare Patients, they will be able to qualify for 5 percent bonus incentive payment to be paid out in the year 2019.
Merit-based Incentive Payment System
Under this program, eligible clinicians will get payment adjustments based on the quality, cost and other measures related to care. This program will see the “sunset” of three existing programs namely:
When we talk about technology disrupting healthcare, we aren’t just referring to changes in the accuracy of health records or the convenience of mobile care; the real disruption comes in the form of fundamental challenges to traditional scopes of practice.
What Should We Do?
Scope of practice, broadly, is determined by a combination of liability and capability. Lead physicians carry greater liability than the bedside nurses assisting in patient care, because the care plan is directed by the lead physician. Likewise, the extra years of education and practice are assumed to increase the capacity of physicians to lead their care teams, make decisions about how the team will go about its work, and parse all of the information provided by the patient, nurses and other specialists involved with each case.
In every other industry, productivity increases come from technology enhancing the ability of individuals and teams to perform work. Email saves time and money by improving communication; industrial robotics standardize manufacturing and raise the scale and quality of output. Every device, app and system allows individuals to scale their contribution, to do more and add more value. Word processing and voice-to-text enable executives to do work that might otherwise have been performed by a secretary or typist. Travel websites allow consumers to find cheap tickets and travel packages that would previously have required a travel agent to acquire.
In healthcare, technology is changing the capacity of the individual caregiver, expanding what can be done, and often how well it can be done. These improvements, along with a growing need for healthcare professionals and services, are challenging traditional notions of scope of practice–for good and bad.
New Beginnings
Some of the changes to scope of practice are positive, necessary, and constructive. For example, technological literacy is necessary at every point in the care continuum, because interoperable EHRs and the vulnerability of digital information means that everyone must contribute to cyber security. In a sense, caregivers at every level must expand their scope of practice to incorporate an awareness of privacy, security,and data management considerations.
By extension, all caregivers are participating as never before in the advancement of clinical research, population health monitoring, and patient empowerment simply by working more closely with digital data and computers. As EHR technology iterates its way toward fulfilling its potential, caregivers and administrators are being forced to have difficult conversations about priorities, values, goals and the nature of the relationship between patient, provider, system, and technology. It is overdue, and foundational to the future of healthcare.
Is There A Nurse in the House?
The trend in healthcare toward prevention and balancing patient-centered care with awareness of population health issues puts primary care in a place of greater importance than ever. This, in turn, is driving a shift in the education of nurses to promote more training, higher levels of certification, and greater specialization to justify relying on nurses to fulfill more primary care roles. They are becoming better generalists and specialists, capable of bolstering teams as well as leading them.
Guest post by Santosh Varughese, president of Cognetyx
Santosh Varughese
Cybersecurity is a serious concern for every industry in America, but healthcare has been particularly hard hit. It is the most likely industry in the U.S. to suffer a data breach. According to the Ponemon Institute, nearly nine out of 10 healthcare organizations have been breached at least once, and nearly half have been breaced three times or more. Cyber-criminals are clearly winning this war, despite more funding, more firewalls, and more scrutiny. Here are five reasons why healthcare organizations are losing the cybersecurity war.
C-level healthcare executives still aren’t taking data security seriously.
Although the epidemic of healthcare cyber-attacks has C-suite executives claiming they finally realize the gravity of the situation, their actions tell a different story. A recent survey by HIMSS found that while most facilities have given information security a higher priority, healthcare IT personnel still complain of insufficient funding and staffing for cybersecurity. The same concerns were expressed by IT personnel surveyed in the Ponemon study and an earlier study conducted by IBM.
Frontline employees aren’t taking it seriously, either.
A group of security researchers from the University of Pennsylvania, Dartmouth and USC recently conducted an ethnographic study of cybersecurity practices among nurses, doctors, and other frontline medical personnel. The results showed a flagrant, widespread, shocking disregard for even the most basic data security practices; among other things, workers were observed:
Writing passwords on sticky notes and tacking them on machines in full view of anyone who wandered by.
Allowing other staff members to use their login credentials out of “professional courtesy.”
Purposefully defeating automated system timeouts by placing foam cups over sensors or by having another employee tap a spacebar at intervals.
Criminal hackers are fully aware of these types of practices and do not hesitate to take advantage of them; 95 percent of breaches occur when hackers get their hands on legitimate login credentials, either by obtaining them from a malicious insider or by taking advantage of an employee’s negligence or carelessness.
Too many facilities think that HIPAA compliance is sufficient to secure their data.
Most healthcare organizations focus primarily or exclusively on HIPAA compliance, erroneously thinking that complying with HIPAA is all they need to do to secure their systems. However, HIPAA was never meant to be a blueprint for a comprehensive data security plan. The law primarily addresses documentation and procedures, such as specifying when a patient’s medical records can legally be released, not technical safeguards. Information security experts surveyed by the Brookings Institution stated that HIPAA does very little to address the types of security challenges faced by large healthcare organizations with hundreds of employees and highly complex, interconnected data environments. The proof is in the numbers; if HIPAA compliance were enough to protect patient data, 90 percent of healthcare organizations would not have experienced breaches.
Healthcare jobs are plentiful, and at least through 2024, the demand for healthcare professionals, such as nurses, anesthesiologists and physicians, will only continue to rise.
The Bureau of Labor Statistics has said that healthcare jobs are “expected to have the fastest employment growth and to add the most jobs between 2014 and 2024.” Given the healthcare industry’s propensity for increased growth, hospitals need to embrace scalable IT—for their own sake and for the sake of their patients.
Fortunately, there are options.
Healthcare organizations increasingly rely on cloud-based IT solutions, and SADA Systems has reported that the number of organizations living in the cloud could be as high as 89 percent. There’s a reason for the high percentage—cloud solutions are safe, scalable and efficient.
Hospital data safety is no small concern.
In 2008, 9.4 percent of hospitals used EHRs. By 2014, the percentage had skyrocketed to 96.9 percent. The switch to digital records was necessary, but in the rush to modernize, hospitals were left more vulnerable to data theft than other industries that had migrated more slowly.
According to Niam Yaraghi, healthcare systems are left with an additional concern. “Hospitals cannot tolerate the consequences of computer lockdowns,” writes Yaraghi. “If Walmart gets attacked, it will likely shut down for a short period of time and fix the issue … hospitals on the other hand, are dealing with patients’ lives.”
Cloud-based IT solutions provide both reliable security and almost nonexistent downtime.
Further arguments for cloud IT include the sheer number of patients hospitals see every year. Hospitals treat 136.3 million patients in the emergency room alone, according to CDC.gov, and believe it or not, that number is growing. Cloud IT accommodates growing demand seamlessly.
The aforementioned surge in healthcare labor will also necessitate a consolidated communications option for employees—cloud solutions provides that as well. With healthcare utilization likely to rise, what are hospitals doing to keep up with the demand? Hospital staffs are growing, medical specialists are gaining more expertise, and healthcare centers are getting exponentially bigger.
Check out the graphic below showing the largest hospitals in each state by number of staffed beds, for some perspective.
Lee Horner serves as Stratus Video’s president of telemedicine, bringing more than 25 years of experience in enterprise software and healthcare IT industry. Most recently, Horner served as the president of CareCloud, a health care technology company specializing in practice management and EHR software. During that time, his core focus was setting the direction and strategy of the company while managing the top- and bottom-line revenues. He also drove both technology excellence and platform growth to meet CareCloud’s clients’ goals. Prior to CareCloud, Lee also held executive roles at Vitera Healthcare (formerly Sage Healthcare, where I worked with him; now Greenway Health) and Eliza Corporation.
You recently joined Stratus as president of telehealth – what motivated your decision and why is this such an important field nowadays?
In today’s mobile and fast-paced world, telehealth is a necessity. Telehealth is healthcare 2.0 – it can cut wait times, costs for both the provider and the patient, inefficiencies. At the same time it can elevate the kind of expertise and quality of the care patients receive, as well as give new opportunities to connect doctors to the patients who need them most. Telehealth is the future of health. It’s not only preserving that face-to-face connection between patients and providers – which is essential to great healthcare – it’s making that connection available to so many more people in so many different contexts. By enabling these essential connections, telehealth expands the probability of people getting the care they need, and is inevitably helping to save lives.
What is your background in health IT?
I have been involved in healthcare IT for the past 10 years. I have experience operating businesses in the payer, ambulatory and health system markets. It is a great field to be in. It’s very progressive and always changing.
Why is health IT where it’s at today? What do you feel has made this industry successful?
This market is expanding rapidly and technological advancement is at the forefront of that expansion. Smart people with extreme passion for improving patient quality care are really what is making this industry successful.
What are some of the things that most inspire you about the space and it’s work?
I am inspired every time I see the changes we are making improve a patient’s quality of care. It is incredible to see our work start to make a difference.
What are the most important areas in telehealth nowadays?
One important area is how telehealth is opening opportunities for more health industry professionals – and this is in turn, leading to a more robust patient experience. Predictable disruption is a huge theme in telehealth. You saw unpredictable disruption with industries like car ride service – when Uber and other apps came out, people who weren’t taxi drivers were suddenly entering that industry. In healthcare, it’s different – apps are creating opportunities for people already within the industry, allowing more providers to help the patients who need them most and more patients to connect with the providers best suited to their needs.
A couple of other important areas are readmissions and urgent care:
The Affordable Care Act penalizes hospital readmissions, because it’s important to incentivize successful treatment. Unfortunately, the nature of healthcare and the nature of life is that you sometimes need to go back in for continued treatment or to inquire about something. But maybe you moved or you’re too sick to keep going back to your treating physician. Discharge solutions are allowing people to reconnect and get the follow-up care they need without the hassle.
Urgent and emergency care solutions are also becoming really important. Imagine a burn victim walks into an ER at 4 a.m. and needs to see a specialist – but the staff is all tied up or there isn’t a specialist working in that particular facility. Without an urgent care app, the patient would be waiting and suffering, while the provider would be struggling to give them the care they need. With an app, they’d be able to pull up a tablet and connect that patient face-to-face with the doctor they need almost immediately.
About two decades ago who would’ve thought of the invention of Nano robots that are able to carry drugs all the way to the human bloodstream?
It’s happening. Technology is revolutionizing the conventional ‘human country doctor’ health care and there’s not much to be surprised of. With modern machines and software taking over the healthcare industry, one often wonders, “What good is technology doing to it?”
Health information technology (HIT is information technology applied to health and health care. It supports health information management across computerized systems and the secure exchange of health information between consumers, providers, payers, and quality monitors) is the burgeoning specialized combination of information technology, communications, and health care and it is altering the course of patient care for the better. Here’s how:
Knowledge Sharing
Practicing medicine is a lifelong learning. Doctors need to be on their toes all the time to acquire the knowledge of the latest developments in their field. Not updating themselves can make their practice stagnant – nobody would want to consult a doctor like that. Health IT brings the knowledge about everything, be it patients, therapies, diseases or medicines at their easy disposal. This knowledge can be easily shared between consultants, patients, and can even be updated when needed. That’s a whole new world of medical science for the doctors and patients to explore.
Improved Coordination
The world is swiftly moving towards specialization. Healthcare is no different. A single hospital stay could mean being under the observation of several different specialists at the same time. These specialists are required to coordinate with each other on every case they deal with. The way forward is paved by health IT. Health IT helps bring everything related to your condition from nutrition to neural complications in tandem with each other. The specialists know which condition can make regular course of treatment difficult for you or which medicine would trigger your skin allergies. The result? There are fewer chances of problems arising in your healthcare.
Better Outcomes
The most significant way IT is transforming the healthcare industry is in the form of better outcomes. Automation streamlines the operations of a medical facility, making them more effective and efficient. It is easier for different doctors and nurses to coordinate and diagnose a particular case. There are less chances of human error which ultimately leads to higher quality and safer care. With less time wasted in going through physical files and other manual work, doctors and nurses have more time on their hands to spend with patients.
The Patient’s Involvement
If anything, health IT has made patients increasingly vigilant about their health. It enables them to gain electronic access to their medical history, health records, and doctor’s recommendations. They get a chance to take control of their health. Patients’ portals and online knowledge hubs help patients educate themselves about their conditions, its symptoms and treatment procedures. Health IT makes it easier for patients to get in touch with doctors and nurses for better health outcomes and medical care.
Guest post by Abhinav Shashank, CEO and co-founder, Innovaccer.
Abhinav Shashank
According to a survey almost 50 percent of the physicians do not understand MACRA. With less than five months to full implementation of MACRA, are we ready to embrace one of the most elaborate laws of US? And, most importantly, will it produce the needed positive outcomes? The program is expected to improve the current standards, sort the most persistent problems and create opportunities to rework and revise Medicare. How will all this happen?
With MACRA in place, there won’t be two digit payment cuts like in the current Sustainable Growth Rate (SGR) formula. Besides enhancing the use of electronic health records, MACRA is expected to increase the relevance of Medicare to the real world and reduce the administrative burden from physicians’ shoulders.
Decoding MIPS
MIPS stands for Merit-Based Incentive Payment System. It will streamline the three independent programs Physician Quality Reporting System (PQRS), meaningful use, and value-based modifier to ease the burden on the clinicians. The three components in MIPS will replace these programs. Besides this, one more component will be there to bring improvements in practice. Namely following components will be there in MIPS:
1.) Quality: This component will replace the Physician Quality Reporting System (PQRS). Under MIPS the methods of reporting and the various quality measures have been adopted from the old programs PQRS and VBM. There are some changes in the reporting methods and for the registry, EHR, and Qualified Clinical Data Registry (QCDR) reporting methods, a clinician can select minimum six measures which could be a combination of any quality domain. If the clinician faces patients, then he has to select in such a way that one of these measures is cross-cutting measure (cross-domain-cutting), and one is outcome-based measure. If there is no outcome-based measure, then a high priority measure has to be selected.
Besides these six measures, CMS will calculate two or three more measures depending on the size of the group of physicians. For instance, if there is an individual physician or a group less than 10 then two measures and if more than that then three measures. Additionally, for QCDR and registry reporting methods, the “data completeness” standard has been changed. The number of patients to be reported within a measure denominator has been raised from 50 percent to 90 percent.
2.) Advancing Care Information: According to MIPS the meaningful use program will see a lot of changes. Currently, the meaningful use program is everything-or-nothing; i.e., if one clinician achieves a performance rate of 20 percent on meaningful use measures and another achieves 90 percent then they both get rewards in a similar fashion. However, under ACI the latter one gets 10 out of 10 points, and the former gets three points.
More than 100 ACI performance points have been defined out of which base 50 are base points given for reporting either “yes” or a non-zero numerator. The performance scores are up to 80 points based on the performance on eight measures. Rest bonus points are awarded for reporting any other public health registry.
Guest post by Craig Musgrave, senior vice president, information technology, The Doctors Company.
Craig Musgrave
Healthcare entities remain the top target for cyber criminals. Not only do over 50 percent of all cyberattacks occur in the healthcare industry, but there have been 4,000 daily ransomware attacks—focused mostly on healthcare entities—since early 2016, a 300 percent increase over the 1,000 daily attacks in 2015.[i]
All types of organizations must take steps to ensure they are protected. The following are six questions you should ask your IT department to evaluate your cybersecurity readiness, and some answers to these perplexing problems most industries face today.
Does our organization use a security framework?
The National Institute of Standards and Technology Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk.
The Framework will help an organization to better understand, manage, and reduce its cybersecurity risks. It will assist in determining which activities are most important to ensure critical operations and service delivery. In turn, that will help to prioritize investments and maximize the impact of each dollar spent on cybersecurity.
What are the top risks I should worry about?
Human interaction: Over 80 percent of attacks are made possible by human error or human involvement, such as downloading malicious files, clicking on malicious links, or running unknown USB on computer systems. You need to provide security training for all employees and maintain constant employee awareness of the risks. There should also be a significant investment in security solutions that can help prevent damage if an employee action leads to an attack.
Technology vulnerabilities: Vulnerabilities in your defenses may be known—or newly discovered when an attack happens. Invest in tools that scan for hardware and software vulnerabilities and invest in IT staff to constantly update and patch software.
External intruders: Addressing non-stop attempts to access your network through unsecured or vulnerable access points involves investing in technologies and strategies like multi-factor authentication, advanced firewalls, web application firewalls, external monitoring, and penetration tests.
Data loss: Protected health information (PHI) could be lost through an unapproved employee data transfer. Invest in tools that encrypt data-in-transit and educate employees on proper data transfer procedures.
Delayed detection: This is the inability to detect an intrusion due to an unknown vulnerability, misconfigured technology, or employee error. Invest in constant IT training on event management, security threat detection, incident response, and technology configuration. Execute threat simulations (penetration tests) and do a continual review of system configurations.
Attacks through privileged accounts: Hackers try to gain access to privileged accounts—such as domain admin, database admin, or external vendors—to reach secure areas within computer networks. For example, the major Target hack occurred when an employee of Target’s third-party HVAC vendor responded to a spear phishing e-mail. The utilization of Privileged Account Management systems enables one-use passwords for evaluated accounts.
