With the implementation of the Affordable Care Act pushing hospitals and health systems to provide services more efficiently, a significant number of hospitals, health systems and providers are sharing secure patient information through health information exchanges (“HIEs”), and accountable care organizations (“ACOs”). The advent of both the HIEs and the ACOs are additional opportunities for protected health information to be shared by hospitals, doctors and other providers.
HIEs allow for patient information, including lab tests, imaging tests, prescriptions and treatments, to be shared by the participants in the HIE. The development of these electronic HIEs allow for the secure exchange of health information among entities participating in the HIE. Generally, the rights and responsibilities of those entitled to share the information is governed by participation agreements. Many providers believe that sharing data will improve healthcare and promote not only quality of care, but efficient care, as well. Similarly, the development of ACOs by otherwise independent providers results in more patient information shared in electronic fashion. The advent of both HIEs and ACOs provide another medium for possible breaches of the privacy rule.
The privacy rule requires that covered entities verify the identity and authority of persons requesting Protected Health Information (“PHI”) if the individual requesting it is not known to the entity. The Rule, however, does not specify in great detail the verification that must be made and, thus, there is flexibility that can be applied with regard to HIEs and ACOs.
Generally, in a HIE, the participants agree, by contract or otherwise, to provide to the HIE a list of authorized persons so the HIE can appropriately authenticate users of the network. Documentation required for uses and disclosures may be provided in electronic form, and documentation requiring signatures may be provided as scanned images. It is important from an HIE perspective for the various participants to agree on a common set of privacy safeguards that are appropriate to the risk associated with exchanging PHI to and through the HIE. Similarly, with ACOs, the ACO should establish a common set of privacy safeguards that are appropriate to the privacy risks associated with multiple providers using PHI. These common standards would include a breach notification policy or procedure. To fully understand what must be done, one must have a basic understanding of what is considered a breach.
Guest post by Bill Walker, chief technology officer, Aegis Health Group.
Fo r the last several years, there has been an increasing emphasis by the federal government on digitizing the healthcare industry. The allocation of meaningful use dollars to physician practices for converting to electronic health records was only the beginning. The Affordable Care Act (ACA) was the seminal event that demonstrated without a doubt that electronic management of patient information was going to be an absolute if hospitals and health systems are to survive.
The ACA puts healthcare organizations at financial risk for duplication of services, lapses in care coordination and questionable patient safety practices. Population health management demands that electronic patient records be accessible for planning, managing and tracking care coordination. But the fact is fully managing the continuum of care for a patient cannot be achieved without data collection both inside and outside the hospital’s walls. This is a trend that will take on increased importance as healthcare reform rolls out in 2014.
Health systems with forward-thinking HIT executives saw the writing on the wall after the ACA became law and began converting their organizations to electronic medical records. Systems that are considering becoming accountable care organizations (ACOs) – and accepting value-based reimbursement, which will become the predominant reimbursement model – need to find ways to track the health status of individuals in their community before they become patients. How? By embracing the use of technology that closes the healthcare loop before people even know they need those services.
In mid-September, the Congressional Budget Office (CBO) estimated that the cost of H.R. 2810, a permanent Sustainable Growth Rate (SGR) repeal or “doc fix,” would be $175.5 billion from 2014 through 2023, up from the CBO’s estimates of $139.1 billion in May and $138 billion in February for freezing (i.e., holding flat) all Medicare physician rates for 10 years.
H.R. 2810 would be more costly, as it does not freeze rates, it raises them slightly. As with all other SGR reform bills, its implementation would avoid an estimated 24.4 percent reduction to Medicare physician payment rates that is scheduled to take effect Jan. 1, 2014, but the bill would also increase payment rates by 0.5 percent per year during 2014-2018. That change would increase federal spending by $63.5 billion through 2018, relative to the spending projection under the SGR.
Wondering why ACO’s are necessary has become somewhat of a routine task, but there’s really very little question about the validity of the concept in that is does put the patient first. As we know, the goal of an ACO is to achieve cost and quality improvements, and a better approach to coordinated care on all levels.
There’s no doubt the majority of the responsibility for a successful implementation of an ACO lies with physicians. If adopted as a model, physicians are forced to lead us forward; however, the details depicted in the image below (thanks to Healthcare IT Connect for compiling it) tell a much broader and deeper story that clearly paints a picture of troubling times ahead unless something is done about this trend.
Healthcare reform was ignited by ARRA, which became the catalyst for much of the changes currently taking place in the health IT landscape, and though meaningful use is profoundly changing the way data is collected, according to some we’re a very long way away from actually being able to do something specific and positive with it.
Everyone in the healthcare community is focusing on regulation and meeting the mandates of the reform, from a healthcare technology perspective. Things get a little lopsided when the discussion turns to how the information gathered in meaningful use relates to clinical outcomes.
According to Dr. Akram Boutrous, who leads the consultancy BusinessFirst Healthcare Solutions, right now there is simply no way of collecting all of the data available in the healthcare community on a global level.
As far as he and others are concerned, under the current healthcare reform model there’s too much attention being placed on healthcare technology, including electronic health records, when there is still a mighty void between the tools used to gather the data and the tools (which don’t yet exist, he says) used to analyze the data.
“There are still many tools required to predict what is most likely going to happen in a given scenario and the best course of action to take,” Boutrous said.
He describes the current health IT landscape like an iPad without apps to use on it. “You can look at it, but you can’t do anything with it.”
This means we’re back where we have always been – in a land of silos where the information they contain stays contained without any real chance of it going anywhere to do any good.
Without interoperable systems that can communicate on a much larger scale, there’s certainly no room for even discussing the advancement of the ACO concept. “I’m pessimistic that ACOs as defined [in health IT] will provide meaningful change in healthcare,” he said.
The catalyst for change, he thinks, is the payer community and non-government organizations. Even though the federal government set the foundation for health reform, it won’t be able to maintain a successful program, and innovation will fall by the wayside.
“The non-government side of the world has taken the bull by the horns and made some very innovative advancements,” he said, while the public sector sought clarification of the reform mandates through court and legislative actions.
Until better tools can be implemented and adopted, and a culture change embraced, we’re simply not going to see models like ACOs develop according to the timeline many industry “experts” claim.
Until there are actual tools that provide meaningful support to the community and allow for some sort of global analyzing of specific populations and data sets in real time, healthcare will remain a production-based market where accountable care remains nothing more than an idea.
The market needs more than static components and databases, and health IT needs to evolve and incorporate more capabilities to that make possible, and engage in information exchange before we can begin to move to an accountable care model.