In Light of $12 Billion in Federal Incentives,’s Top Frequently Asked Questions

In light of recent reports that nearly 220,000 hospitals, office-based physicians and other eligible professionals have received more than $12 billion in federal incentive payments, I thought I’d highlight the top questions as featured on’s FAQ section.

But, a little perspective first. According to Modern Healthcare, to this point, 3,757 hospitals, or 75 percent of the 5,011 U.S. hospitals that are eligible to receive federal funds under the program, have received an EHR incentive payment.

Also, “215,500 physicians and other EPs, or 41 percent, of the 527,200 total physicians and other professionals deemed eligible to participate, have been paid. Some 85 percent of hospitals and 70 percent of physicians/EPs are registered under the programs, the CMS reports.”

So, back to the original story:’s Frequently Asked Questions and the answers. If you’re not aware of the resource, it serves a broad base audience with a smattering of questions and responses. For example, there a variety of topics including billing, e-health, data navigation, EHR incentive programs, well, you get the point.

Here’s a short list of some questions and their answers:

How and when will incentive payments for the Medicare Electronic Health Record (EHR) Incentive Programs be made? For eligible professionals (EPs), incentive payments for the Medicare EHR Incentive Program will be made approximately eight to 12 weeks after an EP successfully attests that they have demonstrated meaningful use of certified EHR technology. However, EPs will not receive incentive payments within that timeframe if they have not yet met the threshold for allowed charges for covered professional services furnished by the EP during the year. Payments will be held until the EP meets the threshold in allowed charges for the calendar year ($24,000 in the EP’s first year) in order to maximize the amount of the EHR incentive payment they receive. Medicare EHR incentive payments are based on 75 percent of the estimated allowed charges for covered professional services furnished by the EP during the entire calendar year. If the EP has not met the threshold in allowed charges by the end of calendar year, CMS expects to issue an incentive payment for the EP in March of the following year (allowing two months after the end of the calendar year for all pending claims to be processed).

Does CMS have a website to find out more information about the CMS Section 508 Program? Yes, CMS has a website section.  It can be found at

What is CMS? The Centers for Medicare & Medicaid Services (CMS) is a branch of the U.S. Department of Health and Human Services. CMS is the federal agency which administers Medicare, Medicaid, and the Children’s Health Insurance Program. Provides information for health professionals, regional governments, and consumers.  Additional information regarding CMS and it’s programs is available at

When eligible professionals work at more than one clinical site of practice, are they required to use data from all sites of practice to support their demonstration of meaningful use and the minimum patient volume thresholds for the Medicaid EHR Incentive Program? CMS considers these two separate, but related issues. Meaningful use: Any eligible professional demonstrating meaningful use must have at least 50% of their of their patient encounters during the EHR reporting period at a practice/location or practices/locations equipped with certified EHR technology capable of meeting all of the meaningful use objectives. Therefore, States should collect information on meaningful users’ practice locations in order to validate this requirement in an audit.

How do physicians join or leave a group? If both the physician and the group are already enrolled with the same carrier, the physician and the group together are required to complete a CMS 855R showing the date the physician joined the group and reassigned benefits to the group. If a physician leaves a group, the physician or the group should complete the CMS 855R, showing the date the physician left the group. When leaving the group, the CMS 855R does not need to be signed by both the physician and the group. If either the physician or the group have not enrolled with the carrier, they must first complete the appropriate CMS 855 for either an individual (CMS 855I) or group (CMS 855B) before the reassignment can be effective.

For the list of top questions CMS addresses, visit the following link:

If nothing else, this makes for good reading. In light of all the changes and ever-present developments, I felt it worth sharing.

Jobs in healthcare

Will Regulation of Mobile Health Devices and Apps By the FDA Be the Industry’s Sin Tax?

Your smartphone a medical device? There’s a possibility that this could happen as Washington and its players continue to evaluate whether in the Food and Drug Administration should regulate mobile apps technologies, including health-related apps.

Based on the interpretation of the current administration’s perspective of mobile health innovation and regulation and how those innovations benefit patients will likely determine whether regulation, and ultimately, taxes are assessed on them.

Mobile health apps can range from an iPhone app that monitors diet to mobile or wireless technologies used in hospitals and home-care settings.

Obviously, developers and those producing the apps want more clarification on the issue. As expected from a federal agency, the FDA has issued draft guidance in 2011 according to Modern Healthcare about how it plans to oversee mhealth apps, but nothing final has been released. So, what we’ve seen may not ultimately be what we get.

Some people believe health apps will help solve the overwhelming cost crisis in healthcare; thus, shackling them with additional oversight, taxes and regulation will stifle a burgeoning industry. As such, according to Modern Healthcare, there needs to be “’predictable, transparent and risk-based regulation,’ the value of interoperability, and reimbursement policy that aligns stakeholders.”

I couldn’t have said it better myself, and I agree with the fear that some lawmakers have about a concern that FDA regulation of smartphones, tablets and apps could mean those technologies are subject to the medical device excise tax, a 2.3 percent tax on the sales of certain devices that went into effect in January.

The tax is part of the Patient Protection and Affordable Care Act and is considered the device industry’s contribution to financing healthcare reform.

In a March 1 letter to FDA Commissioner Dr. Margaret Hamburg (PDF), the House committee leading testimony asked the FDA to clarify whether the smartphones and mobile health apps will be subject to the tax. No response as yet. Not surprising. Additionally, leadership also requested that the agency provide information about when it plans to issue final guidance on how it plans to oversee mobile medical apps.

“Most Americans have no idea that their smartphone, tablet or the mobile apps that have become part of their daily lives could be subject to added red tape or a new tax under Obamacare,” Energy and Commerce Committee Chairman Fred Upton (R-Mich.) said in a news release.

According to the Washington Post, “In 2012, Congress gave the FDA the green light to define which medical apps would require its attention. The agency has asked for comment on a proposal that would give it regulation authority over accessories to existing medical devices, such as apps that show MRI scans, as well as apps and accessories that transform mobile devices into regulated medical devices, such as attachments or apps that turn smartphones into heart monitors.”

For those with an interest at stake here, they should feel some level of concern, no matter the side of the isle they happen to sit. Further regulation, and definitely taxation (especially at the app user level), will destroy the momentum gained by these tools to the market since they’ve been developed.

In the very least, the seemingly unending and elusive patient engagement game that plays on may find itself put on pause as this has the potential to once again remove personal control of tools designed to help manage and improve one’s health and to regulate it.

In many ways this seems like a sin tax. High taxes are used to get people to quit bad behavior, like smoking. When the prices gets too high, they (ideally) quit.

Jobs in healthcare

HIPAA Risks Associated with Using Tools Like Skype During Patient Communication

Skype and unbridled communication between caregivers and their patients has opened a great many opportunities for care to be offered the world round, from a variety of locations within our own communities to remote and unconventional places in other areas of the world.

In a nutshell, Dr. DeShan spends several months in Russia each year leading an international medical mission where he serves some of Moscow’s most needy, as well as delivers care to some of the world’s remote people through journeys into the wilderness.

When he’s in Moscow serving patients, she’s able to stay connected to his practice in Midland Texas, where he’s a partner at a thriving OBGYN. Aside from relinquishing a few of his daily duties, such as delivering, he’s able to maintain a full patient load and he does that in part using the web and tools like Skype to maintain contact with them and with his practice.

Personally, I believe the work DeShan is doing is fascinating. He’s using his talent and skill to follow his passion and his calling in life. His practice and his patients are in support of his work and in no way does he keep it from them. Those patients that were not comfortable with interacting with him part time through the web were assigned to other practitioners.

However, I’ve always wondered if Skype is a tool that can be trusted for such work. Despite his good deeds, I always wondered he’s in HIPAA compliance.

According to a recent article in Medical Office Today, I’m not the only one. According to the article, “Notwithstanding the fact that Skype is ubiquitous, its use may be inappropriate for healthcare providers as web-based platforms raise a number of significant HIPAA privacy and security issues:

Also, according to the piece, HIPAA and its resulting regulations pertaining to privacy and security require covered entities such as healthcare providers to protect the confidentiality of protected health information and guard against unauthorized access, use, and disclosure of such information.

Among other things, the HIPAA rules require:

“The use of web-based platforms, especially those that are proprietary, makes it difficult for healthcare entities to meet many of their HIPAA obligations,” the article states. “As a consequence, telehealth providers carry a higher risk of potentially violating HIPAA rules when they use services such as Skype.

According to the Health Information and Trust Alliance, the organization recommends against the use of Skype and similar platforms for communications involving health information, concluding that web-based platforms are not secure, and are an inappropriate way by which to communicate with patients, especially when the communication involves health information. Their view was confirmed late last year when a security flaw was discovered in Skype that put users’ personal information at risk of disclosure.

“All of this does not mean a healthcare professional should not use Skype to communicate to patients, only that they be aware of the increased risk of violating HIPAA and think long and hard prior to using such technology.”

However, should a provider insist on using Skype, there are some steps they should consider to better protect themselves from potential HIPAA liability (all good tips, according to the magazine):

Only HIPAA-compliant technologies can truly protect a physician and a patient. These steps may help. In the long run, though, as I’m sure Dr. DeShan would agree, don’t let the cost of the work keep you from doing it.

Jobs in healthcare

Implementing an Electronic Health Record Does Not Ensure Practice Productivity or Profitability

A new report suggests that the average physician lost just as much as would have been gained had he or she received the full meaningful use incentive payment for the last five years — $44,000 – by implementing an electronic health record, which basically makes the whole thing null and void.

There’s a caveat, though. The practice that has implemented and is using the EHR, needs to make a few changes to the way the practice runs or else the saving is lost. Somewhat of a no brainer, according to study that’s published in Health Affairs, only 27 percent of practices achieved a positive five-year return on investment by implementing the electronic systems.

The trouble, according to the survey, is that practices “failed to make operational changes to realize the benefits of EHRs such as doing away with paper records after implementation of the electronic systems, adoption, as well as dictation, billing services and positions or staff members who were performing services no longer required after EHR adoption.

A reduction in the required workforce at the practice after the implementation of an EHR is a common problem. I’ve spoken with several practice leaders who cited it as such, and in many cases, staff whose positions were eliminated because of the software have been re-assigned to other areas. There are only a few practices in which I’ve spoken where employees were laid off because of the systems. I expect this number to grow as more systems come online.

According to MedPage Today, which published the results of the study, the study sought “pre- and post-adoption financial cost/benefit data from practices such as total revenue, total operating costs and total labor costs. Researchers also asked for information on areas that were impacted by EHRs, such as the cost of paper medical records, dictation services, and billing services.”

Their results of the study showed that the average physician lost $43,743 over five years. Primary care practices fared better than specialists. Practices that saw a positive return on EHR investment increased revenue by more than $114,000 per physician over five years, results showed. In comparison, practices with a negative return on EHR investment saw revenue increase by an average of only $9,200 per physician in five years.

“Even when adding federal incentives to use EHRs, the majority of doctors would have lost money,” MedPage Today reports.

Other results from the study include:

This is a bit surprising: Practices with a practice management system prior to EHR implementation in place to help with billing functions benefited less on average.

Seems like some of the unexpected consequences of EHR use are finally working their way to the top and a bit of the actuality of the situation is coming out; just because a system is implemented, doesn’t mean everything is going to be great. “Wide usage of EHRs was supposed to help doctors increase revenue through improved billing and efficiency gains that would allow them to see more patients per day. However, doctors have complained that EHRs are cumbersome and cause physicians to spend more time documenting patient visits,” the magazine states.

Jobs in healthcare

HIT Thought Leader Highlight: Andrew Olowu, Axxess Technologies

HIT Thought Leader Highlight: Andrew Olowu, Axxess Technologies

Andrew Olowu, chief technology officer of Axxess Technology, discusses home health and how technology is impacting this market segment of the care spectrum, from delivery of care to how caregivers benefit from its use.

Where does home healthcare fit into the big picture?

Home healthcare plays an increasingly vital role in the delivery of quality healthcare in America today. It is widely accepted that patient outcomes are better when care is delivered in the comfort the home, where a patient feels most comfortable. Because the cost associated with home healthcare is much lower than other tradition healthcare options (such as the hospital), home healthcare is also very beneficial from a financial standpoint. Lastly, as the baby boomer generation ages, it will create increasing demands for all categories of healthcare, including home healthcare services.

How is technology affecting the delivery of home healthcare services?

The practice of using paper by home health agencies for maintaining patient records, documenting clinical notes, managing physician orders and scheduling patient visits is still very common today, but must be transitioned to electronic records by 2014.

Advanced electronic health record systems used in home health agencies benefit patients and healthcare providers. A good electronic health record system can perform automatic audits of clinician documentation, check for adverse drug and allergy interactions, warn about scheduling conflicts and deviations, verify access to patient records, and back up all electronic data on a periodic basis.

How are healthcare professionals (nurses, clinicians, treating physicians, etc.) benefiting from technology in home healthcare?

The advent of mobile devices allows nurses to document patient visits directly at the point of care, which decreases the time it takes to submit clinician documentation. Point-of-care systems also improve the nurses’ ability to communicate directly with the physician overseeing the patient’s care, which ensures accurate documentation and allows for ease of collaboration among a patient’s medical team.

Explain the effects of home healthcare on hospital readmission reductions. And where does technology come into play?

Home healthcare plays a significant role in reducing hospital readmissions by providing recently-discharged patients with education about their diagnosis/prognosis, medications and treatment plans. This hands-on approach to post-hospitalization reduces likelihood of patient readmission. Caregivers and family members can also be educated by home health clinicians to provide the adequate care for the patient. Technology facilitates better communication and care coordination among healthcare professionals. The use of technology in home healthcare also reduces the time clinicians spend on paperwork, allowing more time spent caring for the patient.

How do you see the future of home healthcare affecting the healthcare industry as a whole? Why?

With the availability of efficient and comprehensive technology in home healthcare, we can expect better patient outcomes, happier patients because they can recover at home and a reduction in the cost of healthcare delivery. We believe home healthcare will grow and become increasingly important to both patients and providers as an integral element of the larger healthcare industry.

What benefits do hospitals have when partnering with home health agencies?

Under the affordable care act, hospitals with excessive readmissions will see reductions in their Medicare payments. Hospitals partnering with home health agencies that have adopted technology to provide the best care for patients will favorably affect the number of re-admissions and protect their revenue.

Knowing the requirements that wait in 2014, how is progress in the home health industry?

Based on our anecdotal observation, the industry is moving steadily toward adopting electronic health records. Larger organizations generally have been among the first adopters, with many smaller agencies yet to make the transition.

Andrew Olowu is the chief technology officer of Axxess and serves on its board of directors. Olowu is responsible for the overall technology, architecture and innovation of the Axxess platform.

Jobs in healthcare

Only Better Intelligence Can Tame Growing Threat to Private Healthcare Information

Only Better Intelligence Can Tame Growing Threat to Private Healthcare Information
Rachel Weeks

Guest post by Rachel Weeks, director at Courion Corp.

Medical records are confidential. Until a breach occurs and they are let loose on the public, which occurs more often than we think. We need to do better.

According to Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, more than nine in 10 healthcare organizations have had at least one data breach in the past two years. Nearly half have had more than five data breaches in the same period. Breaches cost organizations more than $2 million on average over a two-year period, and the cost is rising. The potential annual cost is nearly $7 billion.[1]

As privacy and security concerns grow and technology becomes more sophisticated, you’d imagine breach rates would be on the decline. But more healthcare organizations are being victimized more often, according to the study, and most aren’t sure they can prevent or quickly detect all patient data loss or theft.

One contributor: data is simply becoming harder to control.

“Technologies that promise greater productivity and convenience such as mobile devices, file-sharing applications and cloud-based services are difficult to secure,” says the report. “Employee mistakes and negligence also continue to be a significant cause of data breach incidents. Another worry presented in this research is that sophisticated and stealthy attacks by criminals have been steadily increasing since 2010.”

You can’t blame the IT staff. There’s far more going on in the average healthcare organization than staff can reasonably handle.

Change is overwhelming

For years healthcare organizations have looked to traditional identity and access management (IAM) solutions to optimize efficiency and secure access to sensitive data. These IAM implementations typically started with user provisioning, a process that put controls in place to ensure users were given only the access rights they needed to do their job. Then, for governance, the organizations would perform periodic reviews or certifications – say, every three, six, nine, 12 months – to validate that those access rights were in line with policy.

But so much change can occur in the months between provisioning and certification: business changes, infrastructure changes, regulatory changes, new resources coming online, new roles and policies, not to mention hirings, firings and transfers, particularly in the healthcare industry with thousands of employees and many more contractors and affiliates. This creates an overwhelming amount of data detailing who has access to sensitive patient information. We call these intervals between provisioning and certification the “IAM security gap.”

As the Ponemon study says, “Many healthcare organizations struggle with a lack of technologies, resources and trained personnel to deal with privacy and data security risks.”

That’s an understatement.

However you characterize it, the IAM gap leaves an organization’s sensitive company information at risk to a range of threats, both internal and external. It can be months from the time someone gains inappropriate access rights or inadvertently accesses sensitive data to when the organization is able to discover it through periodic certifications. To date, existing IAM approaches have not provided the technology and flexibility to get a real-time view of policy and governance violations to help organizations efficiently manage the risk of improper access to patient data.

Closing the IAM Gap

Bridging the abyss between provisioning and certification requires clear understanding of what is actually happening in those billions of constantly changing access relationships created by changing people, computing resources, rights, duties and company policies. The challenge is somehow processing what human minds, or even relational databases, cannot. What’s missing is a real-time holistic view of access risk. The missing ingredient is access intelligence.

The only way to achieve access intelligence is by aggregating all the IAM data – the identity policy, activity, entitlement and resource data generated via those billions of constantly changing access relationships – into a data warehouse just like the ones you use for business intelligence in other areas of the organization. The data warehouse should embody advanced information security, policy and governance domain expertise. Then you need to constantly apply predictive analytics to that data to analyze access risk throughout your entire organization – literally every two minutes or so. Properly constructed, an access intelligence system like this can uncover deeply embedded policy violations or improper access. It can generate instant alerts on those violations, or produce graphical “heat maps” spotlighting looming risks and security breaches.

A system like this helps you find the needle in the haystack you wouldn’t otherwise discover. For example, a nurse might be authorized to search and retrieve his hospital’s pediatric records, but if he is suddenly retrieving records from oncology, dermatology and urology, well, that’s a potential problem that won’t show up without powerful analytics.

Such an access intelligence system can help healthcare organizations:

With luck, Ponemon will have less to report in the years to come.

Rachel Weeks is a director at Courion Corp., the leader in risk-driven identity and access management.

[1] if every hospital/clinic in the country experienced the average impact


Jobs in healthcare

CommonWell Health Alliance: Until We See Proof of Life, this is Little More than Good PR

On its face, the CommonWell Health Alliancee really seems to hit the mark. A collection of the top EHR vendors coming together, sharing a stage and shaking hands; smiling; snapping photos of smiling happy CEOs. All together for one cause, or so the story goes: healthcare data interoperability. According to the “organization’s” website, interoperability is the cornerstone of healthcare’s future.

“Interoperability helps improve quality, reduce costs, enable regulatory compliance and ensure better access to healthcare for millions of people,” and so on and so forth.

Finally, CommonWell’s call to action: moving the healthcare industry beyond just recognizing the importance of interoperability, but moving the industry forward. CommonWell is supposed to be the health IT superhero that moved this giant boulder up the hill and positions it so eloquently on the top.

For those of us who didn’t know this already, CommonWell sums it up: “It’s time for healthcare IT organizations to come together and commit to achieving interoperability for the common good,” and so on and so forth.

So glad it took the giants of the industry to tell us as much.

Okay, so admittedly, this is a step in the right direction. It’s like putting big money behind a good cause. For everyone who has ever worked in the nonprofit trenches who spend their days begging the haves for the have nots, this a dream come true.

Those in the spot light can move us forward to a point where we must be. Allowing private enterprise to bear this mantle means we might finally make the move forward instead of being held back by the shackles of the federal reform and imposition.

After all, wasn’t interoperability a staple of meaningful use; an “industry consortium to adopt common standards and protocols to provide sustainable, cost-effective, trusted access to patient data,” if you will?

Because of meaningful use, we were supposed to be singing in circles by now, discussing all of the advancements we’ve made; our coming together and our ascending to the precipice. Alas, little has been attained through federally funded meaningful use except implementation and wars of words.

We waited, didn’t we? Long enough? Perhaps, perhaps not; depends on who you ask. Farzad Mostashari says we should wait a bit longer for the results to role in. The boys at Allscripts, athenahealth, Cerner, Greenway, McKesson and Relay Health (imagine the feelings of all the other vendor’s CEOs who were left out of this pre-arranged agreement; I guess there’s mincing words anymore) decided private enterprise is the way for things to actually get done.

And while it’s an interesting experiment, I think I agree with some of the other more intelligent folks in the field. Until we see some sort of actual forward movement with this initiative and until there’s some proof of life, this is really nothing more than a stake in the ground. A happy public relations move designed to flex a little corporate muscle on the industry’s largest stage.

Jobs in healthcare

Pros and Cons of Attending HIMSS13 from the Perspective of those Who Were There

With the annual HIMSS conference once again over, now is as good as any time to look back and pontificate on what the experience brought. For this piece, I once again reached out the readers of this site for their insight for their perspective, who are, after all, those benefiting from the show and its sessions.

It should be noted that I asked for pros and cons of the show, and I received mostly positive feedback, which doesn’t surprise me. However, don’t take that to mean this is a positive puff piece. On the contrary, I am trying to offer a fair and balance response from attendees that HIMSS leadership can use to plan future conferences.

Obviously, as each of us has been told at one time or another, criticism – good or bad – helps us grow, change and expand. With that, I welcome your comments, positive or negative about the show. Perhaps as a collective, we can help lead our community forward in a manner that’s most beneficial to all it stakeholders.

Without further ado, here are the comments from our colleagues about their reactions to HIMSS13.

Peter Ransome, vice president sales and marketing, Westbrook Technologies, Inc.

Pros: HIMSS was once again a tremendously successful event. Westbrook came away with new resellers, customers and partners. We had a great opportunity to network, learn and meet other vendors. Our team found great value in the keynotes and educational sessions and especially Farzad Mostashari’s final day keynote. Today, healthcare reform is focused on meaningful outcomes and disease management. The next wave of reform will put more emphasis on the value of preventive medicine. There are still a lot of error-prone paper processes that negatively affect the quality of patient care — even in a healthcare organization that has implemented a leading EHR system. We’ve found that more technology doesn’t necessarily result in better care. With more than 1,000 EHR vendors competing for the same healthcare dollars, consolidation is inevitable. It will be interesting to see how HIMSS changes in 2014 and how the industry is affected by rapidly accelerating acquisition activity.

Cons: (Apparently, the show was so good, Ransome listed no cons.)

Bill Fera, MD, principle, healthcare advisory practice of Ernst & Young

Pros: HIMSS has become an extremely valuable venue for gaining real-world examples of how organizations are advancing strategies to better utilize data for the improvement of patient care. Having so many industry influencers in one forum really makes HIMSS stand out — what I take away from networking and informal conversations can be just as useful as what’s formally presented in the sessions.

Cons: The challenge with HIMSS is the sheer volume of  everything. The overload of information can become a distraction if you don’t allocate your time in advance and stay focused on what you want to accomplish.

Neal Benedict, healthcare CEO, Verdande Technology

Pros: HIMSS is well-organized and it had a great location this year in relations to access to airport and hotels. Additionally, education tracks were comprehensive and interesting, and there is a good assortment of attendees (institution and title).

Cons: At HIMSS, there’s not enough opportunity for partner networking. HIMSS should have a new/upcoming technology track (not just big vendors pitching products) and there should be better management of keynotes as managing overflow was challenging.

Christopher Ellis, director, Vree Health

Pros: There was clear industry movement toward technology integration and interoperability – this is a very positive step forward and something that was spoken to more than acted upon, until now. More consistently usable, structured data will open many avenues for leveraging data for better quality of care. Coming from this meeting, I am energized to see that many of the speakers emphasized that while technology is a great enabler, solutions must begin and end with the patient in mind. Providers and vendors that emphasize patient engagement, across varying levels of patient technology literacy, are positioning themselves well. The HIMSS conference was an excellent forum to survey different approaches to solving the same problems, including coordination of care, assessing health risk and patient engagement.  Organizations that have a deep and long-standing heritage in healthcare clearly hit the mark on approaching these in ways that are reflective of provider operational flow.

Cons: Bring your walking shoes next year.

Thanks for all of your candid feedback, guys. I know HIMSS was considered a success this year, but there’s always room for improvement and growth, and it’s nice to be able to report such positive feedback for all in attendance.

If you have something to add, please leave a comment below. Thanks!

Jobs in healthcare

The Most Important Question in Identity Management for Healthcare

Harry Jordan

Guest post by Harry Jordan, vice president and general manager, healthcare for LexisNexis.

The most important question in identity management is not: “Who are you?” It’s “What do we need to know about you?” And nowhere is the answer to that question more critical than in healthcare, where inadequate systems and processes can not only threaten business integrity and success, but jeopardize lives, as well. Inevitably, it is time to shift the focus of the discussion of identity management away from authentication methodology and toward the broader healthcare context in which identity management is no longer a luxury, but a necessity.

Effective patient/member identity management springs from this fundamental question: “Given what we are trying to accomplish through this particular transaction, what do we need to know about this individual to insure safety, integrity and trust?” Or, more elaborately: “What do we need to know to prove this individual is who they say they are and that they are authorized to access the information being requested based on those identity credentials?”

The answer is determined by the intersection of multiple factors: your objectives; product and service characteristics; population demographics and attitudes; the nature, value and riskiness of the transaction being performed; the point in the process and relationship where it takes place; and organizational risk tolerance. Getting the answer right is critical to the sustainability of health care organizations and, more importantly, the safety of the individuals they serve.

Identity fraud is the fastest growing crime in the United States, affecting more than 11 million adults in 2010. Medical identity fraud is the fastest growing type of identity theft. The Ponemon Institute estimates the annual economic impact of medical identity theft to be nearly $31 billion.

Health care consumers will, and should, expect their data to be secure at all times in order to protect their financial and physical well-being. Health care stakeholders will demand solutions that ensure they are dealing with the right person, at the right time, for the right transaction, thereby minimizing risk and negative impact on their health care delivery decisions, the health of their patients and overall business performance.

As a recent Gartner report states, identity management is “increasingly recognized as delivering real-world business value,” and “identity management agility improves support for new business initiatives and contributes significantly to profitability.” Identity management is rapidly evolving to encompass emerging risks and application variability. There are tools you can put in place now to meet the increasing demands of identity management.

Point solutions and one-size-fits-all implementations are being supplanted by or absorbed into more comprehensive and flexible approaches. These solutions provide identity management coherency across processes and relationships, as well as identity management consistency across multiple channels and organizations.

At the same time, they enable organizations to efficiently implement a wide range of identity management tools that blend the right identity elements together with the appropriate view and assurance level for each transaction. Established organizations can layer new identity management capabilities onto existing systems in the form of services. Merely extending enterprise identity management solutions will not work.

Three key concepts are at the core of the most successful health care consumer identity management solutions. They are general principles shared by diverse business-specific implementations.

1. Identity management is as much about business as about security. Identity validation (or “resolution”), verification and authentication – commonly regarded as security functions – have far-reaching business ramifications. How you perform them can strongly shape your most direct and therefore vital interactions with patients, payers, providers and other healthcare stakeholders. Thus, while it is important, and sometimes mandatory, to follow industry standards, it is also critical to make sure that the way in which you implement identity management is tailored to your market, business plan and mission to maximize business goals and minimize organizational risk.

2. “Know your health care consumer” is the point of balance for multiple – and possibly competing – objectives. “Know your healthcare consumer” is a phrase that traditionally has different meanings to health care consumer service than it does for security management Service people are concerned with raising healthcare consumer satisfaction by increasing access and ease. Security people are concerned with reducing risk by restricting access.

3. Ask for only what you need to know. Knowing more can, in fact, enable you to ask for less information. In identity management industry jargon, the objective is “friction reduction” through “data minimization.” Improve the health care consumer experience by not asking for information you don’t need.

Strong security can be, for the most part, invisible to the user. Analytics operating in the background can spot links between healthcare consumer data and suspicious entities or recognize suspicious patterns of verification failure.

Analytics can be integrated with business rules to adjust the security level and trigger appropriate treatments or approval of treatments. They can also be used to determine if the current transactional pattern of behavior is unusual. Reacting to healthcare consumer responses in real time – taking business rules for different product lines, channels and types of transactions, and an entity’s tolerance for risk – an identity management service can make dynamic decisions about when to invoke additional and/or stronger measures.

The number of identity-reliant transactions engaged in across the health care continuum is multiplying rapidly and becoming ever more critical to the success of individual health care organizations. When dealing with any situation involving the sharing of a patient’s personal health information it is essential these organizations ask themselves the fundamental question about the individual or entity with which they will be sharing the information: “What do we need to know about you?”

This question is the starting place for all other questions in identity management. The right answer is the key to making identity management an enabler of great services accessed with ease and delivered at a low coast and minimal risk of fraud.

Harry Jordan is Vice President and General Manager, Healthcare for the risk solutions business of LexisNexis. He directs the healthcare business, offering capabilities in health management, predictive claims fraud analytics and health information exchanges.

Jobs in healthcare

EHR Satisfaction Diminishing, According to AmericanEHR Survey

Another day, another study, but this one – about the EHR user’s satisfaction levels with their systems – seems to have some teeth. According to the survey, “EHR Satisfaction Diminishing,” which was administered by the adept AmericanEHR group, users of EHRs are becoming ever more disenfranchised with their EHRS.

According to the AmericanEHR, data was collected over a two-year period of time, from 2010 through 2012. After two years of use, and in some cases longer, practice leaders and caregivers who have time to figure out their electronic collection systems and who are past the test-drive phase say they are not happy with the technology.

I’ve made this case before, but this is one of the primary reasons I strongly recommend physicians not getting locked into extremely long-term contracts. For example, some vendors require seven years. That’s way too long. Stay away.

Nevertheless, this could just be a standard response to the technology as a whole, but let’s get to the results of the survey. For brevity’s sake, I’ve cut what I don’t find to be significant. Some of the results noted here are amazing and eye opening; you decide.

Highlights include:

Why is this happening (according to AmericanEHR)? The following hypotheses may explain some of these findings:

Additional observations (which are amazingly insightful):

Recommendations (here’s the real gold):

In closing, according to AmericanEHR: “If these issues are not recognized and addressed, the alternative is that clinicians will do the bare minimum in order to meet meaningful use requirements.”

Jobs in healthcare