The debate rages on, despite the Department of Health and Human Services (HHS) issuing a rule finalizing Oct. 1, 2015, as the final date for ICD-10 implementation. Why? Because they said there would be absolutely no more delays last year. And the year before that. It’s kind of like a parent who doesn’t follow through with consequences in childrearing. If the child gets away with it once, they’re going to try again. I predict rages against the machine until midnight on Sept. 30, 2015.
The Delay
I was in the field, one day into a two-day boot camp, in Connecticut. UConn had just made it into the Final Four, and the hotel bar was filled with revelers watching ESPN. I was in my hotel room, on the phone with my husband because the hotel didn’t have C-Span. He gave me a blow-by-blow count of the votes required until the SGR “doc fix” bill would pass because, at the last minute, the bill had been revised to include language affecting ICD-10 implementation.
If it passed, doctors’ reimbursements would not be cut by 24 percent, but ICD-10 would be delayed by at least a year. My husband is a surgeon, so we had a stake on both sides of the fence … or aisle, I suppose. Of course, it passed — it always passes. But what did that mean for all the people I’d taught in the past months, and what would that mean for the class I had to face the next morning, smack dab in the middle of their training? I expected to see my class members just as disheartened as I was and worried about the energy level of the second training day.
It turns out I didn’t even need to bring cookies. Nobody was disappointed. In fact, there seemed to be a collective sigh of relief. And these were the people I thought were ahead of the curve on implementation.
So, I took a poll:
Did they think people not ready for ICD-10 in 2014 would be ready in 2015?
No.
Did they think people who were almost ready would spend the year getting extra-ready?
NueMD, provider of cloud-based medical practice management software for small practices, in partnership with Porter Research and the Daniel Brown Law Group, surveyed practices and business associates about HIPAA compliance and how small practices and billing companies are coping. The survey of about 1,200 healthcare professionals, conducted during October 2014, found medical practices and billing companies are struggling to comply with regulations under the Health Insurance Portability and Accountability Act.
“Understanding HIPAA can be difficult for practices and billing companies, especially if they’re already scrambling to keep up with changes like ICD-10 and meaningful use,” said Caleb Clarke, sales and marketing director at NueMD, in a statement. “With audits looming, we wanted to get a sense of where the industry stands and provide resources to help those who may be struggling.”
NueMD surveyed practices and billing companies in all 50 states; most of the practices were small and made up of one to three providers.
In a nutshell, the survey found that:
66 percent of respondents were unaware of HIPAA audits (a staggering number)
35 percent of respondents said their business has conducted a HIPAA-required risk analysis
34 percent of owners, managers and practice administrators reported that they were “very confident” that their electronic devices that contain PHI were HIPAA compliant
24 percent of managers, owners and practice administrators at medical practices reported that they’ve evaluated all of their business associate agreements
56 percent of office staff and (non-owner) care providers at practices said they’ve received HIPAA training in the last year
HIPAA is one of the primary and most comprehensive government regulations that affect the daily activities of each healthcare organization every day.
Signed into law in 1996, the law outlines policies to protect sensitive patient data and penalties for those who don’t comply. Recent updates under the HITECH act introduced several changes that affect the responsibilities and liabilities of covered entities and business associates.
Enforcement of breaches is occurring at a more rapid pace. HITECH extended certain HIPAA security and privacy requirements and set the stage for greater enforcement, including:
Widening the scope of the law, requiring health information exchanges to be business associates of healthcare entities, and applied HIPAA privacy and security requirements directly to the HIEs.
Greater penalties for noncompliance.
Redirecting civil monetary penalties back into enforcement activities instead of into the general fund. This provides additional funds for future enforcement and incentivizes proactive enforcement activities.
Adding breach notification requirements to entities that operate personal health records or otherwise maintain personal health information for purposes other than healthcare delivery or payment.
Opening the way for enforcement by states’ attorneys general.
Also, the HITECH Act incentivizes a more aggressive pursuit of HIPAA, which means it’s more likely that healthcare organizations will now be audited more regularly.
Health spending continued to grow at a slow rate last year the Office of the Actuary (OACT) at the Centers for Medicare & Medicaid Services (CMS) reported today. In 2013, health spending grew at 3.6 percent and total national health expenditures in the United States reached $2.9 trillion, or $9,255 per person. The annual OACT report showed health spending continued a pattern of low growth—between 3.6 percent and 4.1– percent for five consecutive years.
The recent low rates of national health spending growth coincide with modest growth in Gross Domestic Product (GDP), which averaged 3.9 percent per year since the end of the severe economic recession in 2010. As a result, the share of the economy devoted to health remained unchanged over this period at 17.4 percent.
“This report is another piece of evidence that our efforts to reform the health care delivery system are working,” said CMS Administrator Marilyn Tavenner. “To keep this momentum going, we are continuing our efforts to shift toward paying for care in ways that reward providers who achieve better outcomes and lower costs.”
Total national health spending slowed from 4.1 percent growth in 2012 to 3.6 percent in 2013. The report attributes the 0.5 percentage point slowdown in health care spending growth to slower growth in private health insurance, Medicare, and investment in medical structures and equipment spending. However, faster growth in Medicaid spending helped to partially offset the slowdown.
Other findings from the report:
Medicare spending, which represented 20 percent of national health spending in 2013, grew 3.4 percent to $585.7 billion, a slowdown from growth of 4.0 percent in 2012. This slowdown was primarily caused by a deceleration in Medicare enrollment growth, as well as net impacts from the Affordable Care Act and sequestration. Per-enrollee Medicare spending grew at about the same rate as 2012, increasing just 0.2 percent in 2013.
Spending on private health insurance premiums (a 33 percent share of total health care spending) reached $961.7 billion in 2013, and increased 2.8 percent, slower than the 4.0 percent growth in 2012. The slower rate of growth reflected low enrollment growth in private health insurance plans, the continued shift of enrollees to high-deductible health plans and other benefit design changes, low underlying medical benefit trends, and the impacts of the Affordable Care Act.
Medicaid spending grew 6.1 percent in 2013 to $449.4 billion, an acceleration from 4.0 percent growth in 2012. Faster Medicaid growth in 2013 was driven in part by increases in provider reimbursement rates, some states’ expanding benefits, and early Medicaid expansion.
Out-of-pocket spending (which includes direct consumer payments such as copayments, deductibles, spending by the insured on services not covered by insurance, and spending by those without health insurance) grew 3.2 percent in 2013 to $339.4 billion, slightly slower than annual growth of 3.6 percent in both 2011 and 2012.
Among health care goods and services, slower growth in spending for hospital care and physician and clinical services contributed to slower growth in national health care spending in 2013. However, faster spending growth for retail prescription drugs in 2013 partially offset the overall slowdown.
Hospital spending increased 4.3 percent to $936.9 billion in 2013 compared to 5.7 percent growth in 2012. The lower growth in 2013 was influenced by slower growth in both price and non-price factors (which include the use and intensity of services). Growth in private health insurance and Medicare hospital spending decelerated in 2013 compared to 2012.
Spending for physician and clinical services increased 3.8 percent in 2013 to $586.7 billion, from 4.5 percent growth in 2012. Slower price growth in 2013 was the main cause of the slowdown, as prices grew less than 0.1 percent. Growth in spending from private health insurance and Medicare, the two largest payers of physician and clinical services, experienced slower spending growth in 2013, while Medicaid growth accelerated as a result of temporary increases in payments to primary care physicians.
Retail prescription drug spending accelerated in 2013, growing 2.5 percent to $271.1 billion, compared to 0.5 percent growth in 2012. Faster growth in 2013 resulted from price increases for brand-name and specialty drugs, increased spending on new medicines, and increased utilization.
In 2013, households accounted for the largest share of spending (28 percent), followed by the federal government (26 percent), private businesses (21 percent), and state and local governments (17 percent).
In any industry passwords can be a hassle to manage, but perhaps this is no more true than healthcare. Password strategies are put in place to keep data secure, including patient’s information, but they often cause headaches for clinicians. And since every minute matters in the clinical setting, any process that takes longer than necessary can become a major problem when patient outcomes hang in the balance.
Since providers often need to access their own systems, as well as patient data and treatment history quickly, to assist patients, something as simple as getting locked out of systems or forgetting credentials to accounts is time consumer and tedious to overcome. Contacting the helpdesk and waiting to get passwords reset wastes what little time caregivers have to with patients. Simplifying password resets can give critical time back to caregivers and support staff in the care setting.
Easier said than done, of course. Many healthcare organizations resist implementing any type of password solution because they don’t want to bombard clinicians with yet another new technology. One of the major reasons being that they assume the implementation and training time are lengthy and because they’re currently bogged down by a variety of other pressing issues, such as meaningful use and preparing for the transition to ICD-10 in October 2015.
Also, because healthcare organizations must abide by strict rules and regulations, implementing password solutions can sometimes be an issue. In addition, healthcare’s leaders need to ensure that any new technologies implemented follow these regulations.
An Easy Solution to Password Reset Issues
Several leading healthcare organizations have opted to use self-service password reset solutions to easily solve their password reset issues. Just as banking websites allow consumers to reset their passwords, end users can easily reset their passwords after correctly answering security questions that they previously provided answers to. Clinicians simply click the “forgot my password” button and can easily reset their password from anywhere at any time. This allows clinicians to proactively solve the problem without have to contact another department for help.
The handling and sharing of medical records is a critical and sensitive issue, and one that affects millions of providers, patients and payers every day. According to the Center for Disease Control and Prevention, Americans alone make more than a billion visits to doctors’ offices, clinics and hospitals annually, so one can only imagine how often medical records exchange hands between patients, physicians, specialists, healthcare organizations and their staff.
Test results, images, medical and billing history and other related information continue to be mailed, faxed and—more commonly—emailed between interested parties. Email is the most popular of these options because it combines the wide accessibility of snail mail with the immediacy of fax transmission. But email as a means of sharing sensitive healthcare data lacks in three critical areas: security, regulatory compliance and working with large files.
Security, privacy and protection
Gaps in email security should have doctors and patients sweating bullets any time they attach medical information to an email and hover their cursor over the “send” button.
The overarching problem lies in the encryption, or lack thereof. Like CDs and popular online sharing services, medical records transmitted via email are generally unencrypted. This is the case not only in transit, but also when they sit on the servers of the email providers. Thus, sensitive medical information lies vulnerable at all times.
Exchanging records by email means exposing patients’ personal information and their entire medical histories to a nefarious underworld of hackers seeking to exploit such information. It may include the most personal and private information, from social security numbers to diagnoses for chronic illnesses. Should information get in the wrong hands, there’s no predicting the extent and impact of the consequences.
Guest post by Dr. Christopher Ray, chief technology officer of Medical Information Records, creator of AnesthesiaOS, a cloud-based EHR solution for anesthesiologists and winner of Dell’s “Advancing Medicine” Healthcare Innovation Challenge.
Mobility and Bring Your Own Device (BYOD) strategies are transforming all aspects of healthcare by enabling physicians, nurses and medical staff to improve the delivery of care while enhancing patient outcomes and safety.
The upsides are impressive: Fast, responsive, agile solutions that streamline healthcare workflows and harness big data to deliver smarter care and more personalized medicine. By enabling providers to use preferred devices and mobile cloud software, mobility can help transcend how electronic medical records (EMR) are captured, accessed and viewed.
When it comes to mobility and BYOD in healthcare, however, security and compliance must go hand-in-hand. In creating AnesthesiaOS, a fully mobile anesthesia information management system (AIMS), we focused on providing greater efficiency in practice management while ensuring the highest levels of safety and integrity for protected health information (PHI).
To that end, creating, achieving and maintaining compliance with both patient privacy and healthcare standards was accomplished by leveraging the following set of comprehensive best practices:
Protect, Identify and Confirm All Regulated Data
The biggest challenge healthcare organizations face today is preventing information from ending up in the wrong hands. Since protecting information is an overarching goal, it’s crucial to identify all regulated data that will be generated on, accessed from, stored on or transmitted by a mobile or BYO device.
Guest post by Mitchell Goldburgh, cloud clinical archive product manager, Dell.
Stage 2 meaningful use criteria require providers to make diagnostic reports and associated images accessible through a certified electronic health record. That presents a difficult hurdle for many hospitals, especially community hospitals that are not connected to a large health system. And with the plethora of EHRs in use across healthcare, the task may be difficult for some multi-hospital systems.
This is a watershed moment for many imaging practices, and Stage 2 requirements may be the factor that sends most imaging files to a vendor-neutral archive (VNA).
Knowing that Stage 2 will require facilities to integrate their medical images with EHRs, the best VNA providers have in place automated tools that can integrate these files with all of the major EHRs and with many of the smaller EHR vendors. The value of a VNA comes from local and remote content brought to EHRs with a consistent presentation of results and images at the point of clinical care. VNA solutions offer a global viewer with a common toolset to navigate documents and imaging content, thus simplifying the access and freeing users from the need to learn multiple application navigations.
As technology in imaging increases the complexity of data, the presentation of information consistently for non-imaging specialists within the accountable care group becomes crucial to “customer” satisfaction with the imaging services. But VNA software is only a part of the solution – an integrated model that simplifies delivery of content can best be achieved with a service delivery model enabled with cloud content management.
Archiving-as-a-serviceis the model for the future
So what does this model entail? A good vendor-neutral archiving solution enters the scenario once a clinical exam is reported. At that point, the job of the PACS is done. The exam file is transmitted to an on-site server (supported by your archiving service provider) that transforms it into a vendor-neutral format. Current files are stored on site for fast access and also uploaded to a secure cloud platform. At this point content notification occurs, informing external systems that the report and clinical imaging data are available. In this model clinicians can view content anywhere, from any device, either as a stand-alone application from the VNA or through the web-enabled EHR accessing the VNA.
IDC Health Insights announces a new report, “Business Strategy: Thwarting Cyber Threats and Attacks against Healthcare Organizations.” that features findings from the 2014 IDC Insights Cross Industry Cyber Threat Survey. The report is designed to gauge how financial services, healthcare provider organizations and retailers are responding to increasing cyber threats and the impact of successful attacks on business operations. The study also highlights how healthcare organizations are investing in their cyber strategy to protect their most valuable electronic assets.
Today’s healthcare organizations are at greater risk of a cyber attack than ever before in part because electronic health information is more widely available today than in the nearly 20 years since the Health Insurance Portability and Accountability Act was passed in 1996. Cyber criminals view healthcare organizations as a soft target compared to financial services and retailers because historically healthcare organizations have invested less in IT, including security technologies and services, than other industries, thus making them more vulnerable to successful cyber attacks.
The value of health information, which can be used to commit medical fraud, is surpassing the value of social security and credit card numbers on the black market, thus increasing the attractiveness of stealing health information.
Key findings include:
After physical loss or theft of a laptop, mobile or portable device, malicious hacking or IT incident was the most common breach reported on the Department of Health and Human Services (DHHS) website. In 2013, 20 (out of 175) breaches related to hacking or an IT incident represented 9 percent of the individuals affected and 11.4 percent of the attacks.
All respondents of the 2014 IDC Insights Cross Industry Cyber Threat Survey reported that they had experienced a cyber attack in the past 12 months; 39.4 percent reported that they were attacked more than 10 times and 27.1 percent of the attacks were described as “successful attacks.”
Security is a top IT initiative for health care providers. In 2014, according to the 2014 IDC Global Technology and Industry Research Organization IT Survey, security and risk management technologies was the number 1 initiative (29.0 percent). In 2013, it was also the top ranked initiative (20.1 percent).
Approximately one out of four cyber attacks had an impact on normal business operations. The majority of respondents (52.2 percent) indicated that the shortest impact lasted less than an hour and 43.3 percent reported that the longest duration was between eight and 24 hours.
The overwhelming majority of healthcare executives reported that their spending on cyber threats increased (59.6 percent) or stayed the same (38.3 percent) over the last three years. On average, the increase for those respondents that reported an increase was 14.8 percent.
Consumers highly value their privacy according to a recent 2014 IDC Insights Cross-Industry Consumer Experience Survey, but are not as confident that healthcare organizations were adequately protecting their data. Concerned consumers are willing to end a healthcare relationship after a breach, including changing their care providers (21.6 percent) and changing health plans (5 percent).
IDC Health Insights