Ensuring that ‘Meaningful Use’ Translates to a Meaningful Experience for Providers and Consumers

May 20, 2012 by Ana Liggio · Leave a Comment
Filed under: EMR, Health Law

[Ed. Note: We are pleased to welcome Ana Liggio, Esq., to HRW. She is a health care and technology lawyer, in practice over 15 years. Prior to pursuing her LL.M. in Health Law here at Seton Hall Law, she was Director, Law Department, for Sony Electronics.]

The CMS website explains that meaningful use “means providers need to show they’re using certified EHR technology in ways that can be measured significantly in quality and in quantity. As CMS moves into finalizing meaningful use, Stage 2 requirements, I would like to introduce the concept of “meaningful experience” as an essential corollary to that of “meaningful use.”

Meaningful experience takes the idea a step further, representing ways to evaluate and encourage the merits of both proposed and existing criteria as seen from the value they bring to the provider and healthcare consumer stakeholders. While “meaningful use” focuses on ensuring that the financial beneficiaries of the Medicare and Medicaid EHR Incentive Program (the “Program”), the Certified Electronic Health Record Technology (“CEHRT”) industry, and the eligible healthcare providers (insofar as meaningful use bonus payments are at stake), continue to operate their EHR in a purposeful manner, there are additional, important stakeholders to consider. With billions of federal and state dollars earmarked for the Program and a strong interest in seeing EHR enjoy long-term success, taking a broader view of stakeholders and inserting more transparency into their experiences will better help the Program thrive. Meaningful Use, Stage 2, is the perfect time to look towards ensuring meaningful experience.

The Program is in full swing, with the Centers for Medicare and Medicaid Services (“CMS”) having released the NPRM on Meaningful Use, Stage 2, in the Federal Register on March 7, 2012.

The CMS blog explains: “Today’s proposed rules focus on using EHRs to improve health and health care while reducing the burden on physicians and hospitals where possible.” With early participation rates appearing strong, CMS continues to be cautious about keeping industry groups engaged and seeking out robust commentary through the NPRM. CMS clearly wants the healthcare industry to continue up the “EHR Escalator” without having anyone jump off for being frustrated or overwhelmed. To date, the strategy is working, as the CEHRT industry and healthcare providers appear to be embracing the Program. However, as Nicolas Terry points out in his article “Anticipating Stage Two: Assessing the Development of Meaningful Use and EMR Deployment,” ultimately, growth will have to be endogenous, fueled by innovation and consumer demand.

The comprehensive NPRM for Meaningful Use, Stage 2 demonstrates CMS’s commitment to considering the experiences and opinions of the interested industries. The ONC also asks data holders and non-data holders to take a pledge “to empower individuals to be partners in their health through health IT.” There is no doubt that the Program is making huge strides and continuing to chip away at the difficult issues of interoperability, access, privacy and security- and pushing the United States slowly but surely closer to a much higher healthcare IT standard similar to that enjoyed by many other developed nations. Moving into Stage 2, CMS seeks to enhance interoperability among different entities and further patient involvement by requiring increased access to their health information. That being said, the ONC’s National Coordinator for Health Information Technology, Farzeed Mostashari, explains that Stage 2 is meant to be more “evolutionary than revolutionary.” Importantly, Stage 2 also begins an initiative to align the requirements of the Program with other complementary, ongoing healthcare reform initiatives involving national quality and the development of ACOs.

Reading through the NPRM, I saw a few areas that CMS could focus on to help build a self-sustaining system. First, the initial iteration of the Program was clearly written with an eye toward maximizing meaningful use for family care and general practitioners and not towards other types of practices like pediatrics, various specialists, and physicians whose practices do not entail much face-to-face patient interaction (e.g., radiologists); they should be given further attention. Second, while CMS provides somewhat of a return on investment analysis in the NPRM, it apologetically declares it too early in the Program to be able to provide meaningful data; CMS could use the attestation process to collect the necessary data. Finally, healthcare consumers – those taxpayers who fund this program — should be actively considered and made aware of the enhancements and improvements that comprise the Program, which will be offering them a more efficient, accessible, safe and evidence-based healthcare experience; a “meaningful user” designation for CEHRT users who meet certain criteria could be developed to help providers publicize their investment in the Program and the attendant benefits it will bring to their patients. Meaningful Use, Stage 2, is the perfect time to address these issues and move the Program forward in such a way that will make it self-sustaining for the long-term, not because of incentive funding, but because meaningful use is providing a meaningful experience to the various EHR stakeholders.

As with early versions of the Medicare Shared Savings Plan and healthcare reform generally, the focus of the Program’s meaningful use objectives and criteria, initially at least, is on general practitioners and how they can use EHR to advance the overall wellbeing of the population. This goal is laudable, of course, but the population of eligible providers extends well beyond PCPs. Certain objectives and measures allow providers to claim an exclusion if they do not apply to their practice, thereby not penalizing those types of practitioners for whom compliance would be unnecessary and inefficient. However, focus on these different categories of practices could allow for alternative objectives and measures to be found. If one were to consider meaningful experience in addition to meaningful use, the attestation would ask EPs who are claiming exemptions to use and, possibly attest to, alternative meaningful use standards that are applicable to their practices. For instance, there is a proposed measure for recording 80% of an EP’s patients’ height, weight and blood pressure as structured data. There is an available exclusion, however, for EPs who do not believe that recording such vital signs is “relevant to their scope of practice.” An EP who claims the exclusion simply gets a pass on this field during the attestation process. Alternatively, a required (or even optional) free-form response area could be provided in the attestation each time an EP claims exclusions. As time goes on, data would be collected that would allow CMS to customize attestations, and CEHRT requirements as well, to different specialties so that meaningful use translates into meaningful experience for those whose practices do not fit the general practitioner mold on which the first versions of Meaningful Use were based. Certainly the technology will allow, rather easily, for modifications where appropriate if the effort is set forth to ask those in the field what would be meaningful to their practices and to encourage them to use the EHR tools available to them in such ways.

Because the proposed rule is anticipated to have an annual effect of over $100 million on the economy, a Regulatory Impact Analysis (RIA) that measures costs and benefits must be performed. While CMS does a fair job of estimating costs to providers of implementing EHR and costs to taxpayers of funding the Program, it has not done much to quantify benefits gleaned. The NPRM qualifies its analysis by pointing to various unknowns and a lack of “new data regarding rates of adoption or costs of implementation.” Without specific data, it estimates various “high and low” scenarios for different practice settings and ultimately concludes, “there are many positive effects of adopting EHR” as well as various benefits for society. While I tend to agree with this conclusion as general matter of conjecture, why not collect the actual data during the attestation process? Ask the EHR attesters how much their systems cost initially and to maintain. Ask the EHR attesters where the systems are adding value to their practices and for their patients. Yes, it’s a leap of faith to ask these questions because the answers may not offer a perfect picture, but they will offer an honest representation of the current state that can be addressed going forward. It is only fair to give the stakeholders an honest assessment and it would not be difficult to collect the data. While EHR is all about collecting healthcare data and crunching numbers to see trends and identify areas where improvements can be made, let’s use those same principals here to perform the same analysis with regard to the EHR technology.

Finally, to assist providers who have made the investment and will continue to feed important data to the various government health databases, CMS could offer some type of certification that the providers could use in marketing their practices. For all the good that EHR is meant to do in terms of patient safety, efficiency of care and meaningful communication between patients and their providers, let’s devise a way to inform patients about which providers are running state-of-the-art practices. Providers who attest to meeting the meaningful use requirements could be offered the option of using a certified meaningful user designation and displaying a certain logo, all of which would indicate to the public that such providers are using the latest healthcare technology. For healthcare consumers who consider it important to have the ability to access their records or have their prescriptions transmitted electronically, for example, this designation would help lead them to the types of practices they desire. Assuming this is the future of healthcare and what the American public desires or will come to desire of its healthcare providers, such a tool would be useful to the providers and healthcare consumers alike.

At the end of the day, the success of the EHR program, and the value it will have brought to the US healthcare system, will be measured by the experience of the healthcare providers and consumers. In the best-case scenario, there will be data showing that the EHR Program has achieved the desired results with a minimum burden placed upon providers. But what will actually entice providers to continue to make “meaningful use” of the systems will be when meaningful use results in an experience they deem worthwhile for themselves and their healthcare consumers and when their patients agree. As such, CMS should use the attestation process and resultant data to continuously measure the actual costs and benefits and make adjustments as needed. During the attestation process, it could ask providers to suggest alternative meaningful uses for EHR when the existing measures do not apply and to volunteer cost data and their impressions of meaningfulness. Finally, CMS could give providers a way to publicize their commitment to using technology to enhance patient care. Some time and effort devoted to meaningful experience will allow meaningful use to translate into a self-sustaining, successful program.

[Ed. note: this piece originally ran on April 17, 2012, but was lost in the vagaries of cyberspace to a blog mishap. It's just too good to lose and so here enjoys a repeat performance]

Tags: CMS, EHR, Electronic Medical Records, EMR, Health Care Reform, Health Law, Health Reform, Meaningful Use

Data Breaches: A Growing and Alarming Trend and a Potential Safe Harbor

February 7, 2012 by Amy Catapano · Leave a Comment
Filed under: Electronic Medical Records, EMR

Since the data breach notification regulations by HHS went into effect in September 2009, 385 incidents affecting 500 or more individuals have been reported to HHS, according to its website. A total of 19 million individuals have been affected by a large data breach since 2009. The regulations require a covered entity that discovers a reportable breach affecting 500 individuals or more to report the incident to the HHS Office of Civil Rights immediately. After an investigation, HHS publicly posts information about the reported incident on its website on what has become known as the “Wall of Shame.” Of the 385 reported incidents, there are six separate incidents each affecting a million individuals or more. In its 2011 annual report to Congress, HHS reported that in 2009 covered entities notified approximately 2.4 million individuals affected by a breach and 5.4 million individuals the following year. This number grew in 2011 and it will likely continue to grow in 2012. To date, the largest breach took place in October 2011 at Tricare, the health insurer of American military personnel, which affected 4,901,432 individuals after storage tapes containing protected health information (PHI) were stolen from a vehicle. These numbers are staggering, but fortunately more can be done and should be done to prevent data breaches.

Data breaches can cause great harm to the affected individuals, providers and institutions. Individuals may experience embarrassment and harassment because sensitive health information was released. Individuals are vulnerable to identity theft and financial fraud if personal information such as social security numbers were accessed. More frequently, institutions are offering credit monitoring services to affected individuals to monitor for potential fraud. Similarly, data breaches carry a very high cost for institutions that will have to spend great sums to investigate and report a breach to HHS, the media and the affected individuals. An institution or provider’s reputation can also be harmed through negative publicity and the loss of consumers. More institutions are hiring public relations teams after a breach to minimize the amount of fallout and negative publicity. The threat of litigation and class action lawsuits following a breach is also present and very real. Stanford Hospital, Tricare, and Sutter Health are all facing million and billion dollar class action lawsuits for their 2011 data breaches.

The bad news is that data breaches are impossible to predict and it is impossible to protect against every type of possible breach. Unfortunately, even the strongest policies, precautions and security measures cannot protect an entity from a hacker, thief or an employee or business associate’s honest mistake. As more providers and institutions adopt electronic health record systems and digitize their records, data breaches will continue to occur and large breaches will be spotlighted by the media. Pursuant to the regulations, a covered entity must alert a prominent media outlet if a reported breach affects more than 500 people of that state. Based on the events of last year alone, it is clear that the media loves to report on data breaches and will continue to do so. Hopefully this public exposure will serve to increase accountability to the public rather than instill fear in the public and hurt consumer confidence in the EHR movement.

The good news is that more can be done by providers and institutions to prevent harmful and costly data breaches. Data security and patient privacy should be the focus of the industry in the upcoming years because it is just as important as meaningful use certification. The benefits flowing from the Medicare incentive payments that an institution may receive under the Affordable Care Act can be canceled out in the event of a large and debilitating data breach. It would be wise for covered entities to focus on preventing data breaches as much as achieving meaningful use.

There is no easy solution to preventing breaches, but encryption is one surefire way an entity can better protect itself from a costly breach. As entities become more familiar with EHR systems and recognize the risks involved in storing and transferring PHI data, implementing encryption technology should become a top priority for each entity.

Encryption of PHI is a major step a provider or institution can take to secure its sensitive patient data. Encryption is the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key. According to a Guidance from HHS, if an entity encrypts its data in accordance with the National Institute of Standards and Technology standards for encryption, then any breach of the encrypted data falls within a safe harbor and does not have to be reported. This is an incredibly important safe harbor that could save an entity a lot of money. It is shocking that more entities, especially those with the means and resources to install a qualifying encryption system, do not utilize encryption technology on any of their electronic devices, especially portable devices.

Of the 385 reported breach incidents, thirty-nine percent involved a lost or stolen laptop or other portable media device containing unencrypted PHI. A report recently released by Redspin, an IT security firm, states that data breaches stemming from employees losing unencrypted devices spiked 525 percent in the last year alone. This statistic confirms that devices, including laptops, tablets and smartphones, pose a very high risk for a data breach. Redspin reported that eighty-one percent of healthcare organizations now use smartphones, iPads, and other tablets, but forty-nine percent of respondents in a recent healthcare IT poll by the Ponemon Institute said that nothing was being done to protect the data on those devices. At the very least, these reports and the statistics on HHS’s “Wall of Shame” should encourage entities to encrypt their portable electronic devices that contain sensitive PHI.

There are of course costs associated with adopting encryption technology in an EHR system. There are costs to install the system and maintain it with the help of an IT expert. Encryption of information can also slow down the processes used in sharing information. After all, one of the main goals of an EHR system is to make it easier for providers to share health information about their patients. An entity should work with an IT expert to determine what information should be encrypted in order to maximize the efficiencies of an EHR system. Despite the costs, the money and resources spent implementing encryption technology can be well worth it and are a smart investment for any entity with an EHR system. In a study published in 2011, the Ponemon Institute found that the cost of a data breach was $214 per compromised record and the average cost of a breach is $7.2 million. In light of the large data breaches that have been reported, it is clear that the costs of a breach can be much higher than the costs to implement encryption technology.

Under the HITECH Act and HHS’s interim final rule, encryption of health information is not mandatory. It remains to be seen whether HHS will impose a mandatory encryption policy on all devices or, at the very least, all portable devices capable of storing or transferring PHI, when it releases the final version of the data breach notification regulations sometime this year. The health care industry’s lack of encryption for patient information has drawn attention on Capitol Hill. At a November 2011 hearing before the Senate Judiciary Committee’s panel on Privacy, Technology and Law, Deven McGraw of the Center for Democracy and Technology testified that “we know from the statistics on breaches that have occurred since the notification provisions went into effect in 2009 that the healthcare industry appears to be rarely encrypting data.” At the hearing, Senator Tom Coburn, a physician himself, and Senator Al Franken, the chair of the panel, both voiced their concern over patient privacy protection and the current regulatory scheme. Senator Franken has said that he is contemplating legislation to encourage encryption by providers, although no action has been taken.

In the interim, it is reasonably clear that most, if not all, entities can benefit from implementing encryption technology when considering the costs and headaches associated with a data breach. When encryption is done properly, it has the potential of saving an entity a large sum of money, perhaps millions of dollars, in costs and fines — and that should be reason enough for entities to start taking this step in EHR technology.

Tags: Data Breach, EHR, Electronic Data, Electronic Health Records, Electronic Medical Records, EMR, encryption as safe harbor, Health Care Reform, Health Reform

FDA Drafts Guidance on Mobile Medical Apps

September 1, 2011 by Regina V. Ram · Leave a Comment
Filed under: EMR, FDA

In an effort to keep up with advancing technology, the Food and Drug Administration (FDA) has proposed new regulations to monitor medical smartphone applications (apps). The draft proposal states that any mobile app that is intended for use in performing a medical device function meets the definition of a medical device under the Federal Food, Drug, and Cosmetic Act. Specifically, these mobile medical apps must be either used as an accessory to a regulated medical device, or transform a mobile platform into a regulated medical device.

To further clarify what apps will be regulated, the document notes that a mobile app is a device “when the intended use of a mobile app is for the diagnosis of disease or other conditions, or the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or any function of the body of man.” The guidance document explains how the intended use of mobile apps can be shown by labelingclaims, advertising materials, or oral or written statements by manufacturers or their representatives.

The goal of the regulations is to protect patient safety, though to date there have been no adverse events reported to the FDA. The proposal seems to be forward looking in creating a framework for mobile app manufacturers. According to the Associated Press, there are already more than 17,000 medical applications currently available.

Physicians can use mobile phones to calculate prescription dosages, review disease treatment guidelines, and explain diagnoses and procedures to patients. The FDA expects that by 2015, 500 million smartphone users will rely on health care apps.

Two medical apps have already received FDA approval for use by physicians. The first is a prenatal care app called AirStrip OB. Cleared in 2009, the app allows obstetricians to use their phones to remotely access real-time data for mothers and babies. The second app, approved earlier this year, is Mobile MIM. This app allows hospitals and doctors offices to send images to physicians’ mobile devices. The FDA noted that the software should not be used to replace radiology workstations as the primary way to view medical images, but is useful when a physician has limited access.

Opinions from within the industry vary on the new guidelines. Some feel that the regulation is both necessary and welcome. By regulating the medical app industry, the FDA is offering market players clear guidelines for continued development. Others argue that the regulations may be too far reaching. For example, medical apps to calculate prescription dosages for patients are not new and are based on accepted formulas. Smartphone apps that achieve the same goal increase efficiency and do not put patients at risk, and therefore do not merit differential treatment.

The proposed regulations raise two main concerns for patients and physicians. The first is a privacy concern, similar to the drawbacks considered for other forms of Electronic Health Records. Transferring data between hospital systems and physician smartphones will increase confidentiality and security concerns. Once patient data is accessed on a smartphone, privacy may be easily breached should the phone be used by another person, lost or stolen. The second concern is that these proposed rules could increase the purchase price for medical apps. App developers will likely have increased costs for filing applications and seeking legal counsel, and those costs will be passed to end users.

The draft proposal is currently in an open comment period, and the FDA will amend the regulations after the comment period closes.

Tags: EHR, Electronic Health Records, Electronic Medicine, FDA, Health Care Reform, Health Reform, medical mart phone apps, regulation, smart phone apps

From Viral Marketing to Medical Profile Contagion

February 24, 2011 by Frank Pasquale · Leave a Comment
Filed under: Electronic Medical Records, Private Insurance

As ACA implementation lumbers ahead, and challenges to it slouch toward the Supremes, the U.S. health care system’s arbitrary old ways continue to mystify and frustrate. Consider this story on one person’s quest to obtain insurance:

Most employees assume that if they lose their job and the health coverage that comes along with it, they’ll be able to purchase insurance somewhere. . . .My husband, teenage daughter and I were all active and healthy, and I naïvely thought getting health insurance would be simple. . . .

Then the first letter arrived — denied. . . .What were these pre-existing conditions that put us into high-risk categories? For me, it was a corn on my toe for which my podiatrist had recommended an in-office procedure. My daughter was denied because she takes regular medication for a common teenage issue. My husband was denied because his ophthalmologist had identified a slow-growing cataract. Basically, if there is any possible procedure in your future, insurers will deny you. . . .

As I filled out more applications, I discovered a critical error in my strategy. The first question was “Have you ever been denied health insurance”? Now my answer was yes, giving the new companies reason to be wary of my application. I learned too late that the best tactic is to apply simultaneously to as many companies as possible, so that you don’t have to admit to a denial.

As was recently reported, “50 to 129 million (19 to 50 percent of) non-elderly Americans have some type of pre-existing health condition.” The “health care market” is sending a strong signal: don’t step out of the system if you have any continuing need for even minor care.

But what’s more worrisome are the types of information circulating about you that you aren’t even aware of. Consider this story from Businessweek about the profiling of insurance applicants by third-party intermediaries:

Most consumers and even many insurance agents are unaware that Humana, UnitedHealth Group , Aetna (AET), Blue Cross plans, and other insurance giants have ready access to applicants’ prescription histories. These online reports, available in seconds from a pair of little-known intermediary companies at a cost of only about $15 per search, typically include voluminous information going back five years on dosage, refills, and possible medical conditions. The reports also provide a numerical score predicting what a person may cost an insurer in the future. . . .

[A] 57-year-old safety consultant in the oil and gas industry, says he tried to explain that the medications weren’t for serious ailments. The blood-pressure prescription related to a minor problem his wife, Paula, had with swelling of her ankles. The antidepressant was prescribed to help her sleep—a common “off-label” treatment doctors advise for some menopausal women. But drugs for depression and other mental health conditions are often red flags to insurers. Despite his efforts to reassure Humana, the phone interview with the company representative “just went south,” Walter recounts. He and his wife remain uninsured [as of 2008].

Health-related data from a wild west of unregulated intermediaries may spread to employers and other decisionmakers, just as credit scores have migrated from the bank context to influencing insurance pricing, and credit histories now influence employers. Sharona Hoffman has observed that “It is not uncommon for employers to obtain applicants’ and employees’ medical records. According to one source, every year, over ten million authorizations for release of medical information are signed by workers prior to the commencement of employment.” She has predicted disturbing possibilities arising out of that access to data:

Existing laws, including the ADA, GINA, HIPAA, and their state counterparts, provide important assurances to applicants and employees but are insufficient to guarantee that they will suffer no ill consequences as a result of EHR disclosure to employers. Employees may be especially concerned in times of recession, knowing that financial pressures make workers with health problems particularly unattractive to employers. Employers or their hired experts may develop complex scoring algorithms based on EHRs to determine which individuals are likely to be high-risk and high-cost workers. In addition, in times of financial difficulty, limited resources may be available to implement technology and policies that will secure EHR confidentiality.

Secondary uses of health data could be a very lucrative niche for profilers of the future.

Given these possibilities, individuals should at least have the right to access and correct the health data that intermediaries have compiled about them. The FTC recognized this right, and “forced the [insurance] industry to begin disclosing the use of prescription information under . . . the Fair Credit Reporting Act. . . . Copies of prescription reports are supposed to be available to consumers at no charge under federal law.” This is a small step forward. But if the “scores” assessing individual risk are compiled according to proprietary algorithms, the consumer may still feel “in the dark,” unable to adequately influence the presentation of herself to the insurer.

As Esther Dyson has stated in another context, mysterious data flows can jeopardize individual autonomy:

The comforting thing about the kind of data that Facebook primarily deals with is that it’s public. If your friends and other people can see it, so can you.

More troubling is the data you don’t even know about – the kind of data about your online activities collected by ad networks and shared with advertisers and other marketers, and sometimes correlated with offline data from other vendors. By and large, that’s information you can’t see – what you clicked on, what you searched for, which pages you came from and went to – and neither can your friends, for the most part. But that information is sold and traded, manipulated with algorithms to classify you and to determine what ads you see, what e-mails you receive, and often what offers are made to you. Of course, some of that information could go astray.

Online advertisers already slice and dice population segments (and distribute opportunities & exposure to ads) via marketing discrimination. Will the “e-health revolution” bring their methods out of cyberspace, and into the deadly serious business of offering employment and insurance based on estimates of health status that applicants can’t understand or challenge?

Tags: Denial, EHR, Electronic Medical Records, EMR, Health Care Reform, HIPAA, Private Insurance, Use of Electronic Health Records in U.S. Hospitals

Reform Rodeo

December 29, 2010 by Jordan T. Cohen · Leave a Comment
Filed under: Reform Rodeo

800px-california_rodeo_salinas_lasso_bull_p10505441 1. ProPublica details the incessant problem that medical schools face in preventing their faculty from accepting money in exchange for speaking on behalf of pharmaceutical companies. As previously noted on this blog, these conflicts of interests are in addition to those conflicts found in spinal surgery and cardiac stenting.

2. For the New England Journal of Medicine, Michael E. Porter introduces two recently published papers that explore the concept of value in health care.

3. The Commonwealth Fund provides a summary of a briefing on the ACA’s initiatives to reform primary care. A full video of the briefing (which was co-hosted with the Alliance for Health Reform), as well as a podcast of the audio, can be found here.

4. The Health Care Blog has a nice bulleted Year in Review for Health Information Technology (HIT), including topics such as the HITECH Act, E-prescribing, EHRs, and Health Information Exchanges.

5. The New York Times discusses a new Medicare rule that will cover the costs of voluntary end-of-life treatment planning.

Tags: CME, Conflicts of Interest, Death Panels, EHR, EMR, End of Life, Health Reform, HIT, Pharma, Primary Care, The HITECH Act

Reform Rodeo

October 14, 2010 by Jordan T. Cohen · Leave a Comment
Filed under: Reform Rodeo

Photo by David Monniaux

1. ACO Yo!: The Healthcare Economist discusses recent research into how the accountable care organization (ACO) model may be leveraged by providers to increase prices. For those looking to learn more about ACOs, the New England Journal of Medicine has recently released a video which can be found here.

2. Playing Politics?: Merril Goozner picks up on questionable appointments to the Patient-Centered Outcome Research Institute — the entity that PPACA tasked with increasing our utilization of comparative effectiveness research.

3. Mandate Mania: Tim Jost provides an update (and overview) of the constitutional mandate case in Michigan.

4. SCOTUS and Vaccine Lawsuits: The Washington Post details the Supreme Court’s effort to determine whether lawsuits by people alleging harmful effects from childhood vaccines should be allowed.

5. Certification: Jon Halamka provides the second part to his clarification of HITECH’s EHR Certification process. The first part can be found here.

6. Fragmentation Symposium: Concurring Opinions held an online book review symposium of Barak Richman, Daniel Grossman, and Frank Sloan’s chapter, Fragmentation in Mental Health Benefits and Services, in Our Fragmented Health Care System: Causes and Solutions (Einer Elhauge, ed. 2010).

Will Physicians and Hospitals Ever Get Along? Prospects for Defragmentation in a Post Health Care Reform World by Richard Saver

Waldo’s Optimal Fragmentation by Elizabeth Weeks

Why “House” is the True American Health Care Hero, And What To Do About It by Vickie Williams

Getting Mental Health Coverage Wrong by John Jacobi

Tags: Accountable Care Organizations, EHR, Fragmentation in Mental Health Benefits and Services, Health Care Reform, Health Reform, Individual Mandate, Michigan, Patient-Centered Outcomes Research Institute, Reform Rodeo, The HITECH Act, vaccination

iPhone Apps for Health Providers, a Path Emerging?

July 29, 2010 by Michael Ricciardelli · Leave a Comment
Filed under: Electronic Medical Records, EMR

Photo by rosmary via Flickr

Last year we did a series of posts on Electronic Medical Records and Electronic Medicine. One of those articles, “Electronic Medicine, iPhones and Path-Dependence” noted the emergence in Electronic Medicine of the iPhone and the Blackberry. We also noted that the iPhone and Blackberry constitute “an advantaged path” (already in the pockets of roughly 64% of doctors, early popularity further attracting skilled labor, financing, and support) and that these platforms might be capable of playing a part in allowing us to avoid building a costly high tech Tower of Babel: offering “flexibility, interoperability, liquidity of information, and the ability to substitute technologies as the need arises.”

We wrote the following:

A Washington Post article, “New Tool in the MD’s Bag: A Smartphone,” states that “Nationally, about 64 percent of doctors are now using smartphones, according to a recent report by the market research company Manhattan Research.” Georgetown’s medical school has recently begun requiring them, and Ohio State’s is handing out the iPod Touch (sans phone) to its students. Mike McCarty, the chief network officer at John Hopkins Health Systems, “believes that smartphones will soon assume a permanent place in medicine.”

As such, designers have engineered applications to suit the needs of those doctors. And as a matter of path-dependence, presumably they will continue to do so. WaPo states that “the iTunes app store lists 674 applications related to medicine available.” There are iPhone and Blackberry apps to “pull up instructional diagrams and videos for patients, write electronic prescriptions and check basic information,” “look up drug-to-drug interactions, to view X-rays and MRI scans,” and even determine pill names derived from physical descriptions.

As we posted a while back,

In the words of Dr. Farzad Mostashari, an assistant commissioner in New York City’s health department and head of the much heralded Primary Care Information Project (which is functioning as a sort of I.T. Department for many of the City’s doctors using EMR), “There’s no way small practices can effectively implement electronic health records on their own. This is not the iPhone.”

Later, we noted that in their NEJM article, No Small Change for the Health Information Economy, Kenneth D. Mandl, M.D., M.P.H., and Isaac S. Kohane, M.D., Ph.D. suggest that it should be. That

As do Professors Sharona Hoffman and Andy Podgurski, the authors of “No Small Change…” stress the need for flexibility, interoperability, liquidity of information, and the ability to substitute technologies as the need arises. To do this they propose governmental encouragement of the use of a platform with interoperable applications (blog builders, think: “plug ins” and “widgets”)

similar to the iPhone.

We also noted in that post, “Electronic Medical Records: It’s Not too Late to Build the Tower on an Interoperable Platform,” that

Perhaps the good news here is that the relative scarcity of EMR implementation thus far means that we can yet still devise an interoperable system without rendering substantial but incompatible investments obsolete. Which is to say that we are not yet too far down nine different non-intersecting roads and that “a communicative Tower” can still be built, and sustained, on a Platform.

Now, it seems the path is beginning to emerge–and that interoperable system may actually be the iPhone and Blackberry platforms–which, it seems, are already sitting in doctors’ pockets.

And now via email from NursingSchools.net, an interesting list:

The 15 Most Forward Thinking iPhone Apps for Doctors & Nurses

It’s amazing how much we use our phones for anything but phone calls. The widespread use of applications, driven by the explosion of iPhone sales, has helped to redefine just what we’re able to do with our phones in all walks of life and work. The medical profession has been one of the biggest beneficiaries of iPhone app development, with life-changing tech showing up in nursing schools and hospitals nationwide. Some gather information from patients in new ways, while others help medical professionals better sort and understand that information. They’re all designed to help those in the medical field do their jobs in revolutionary ways. Here are some of the most forward-thinking and revolutionary iPhone apps out there for doctors and nurses:

e-911: Emerging Healthcare Solutions is developing an app called e-911, which would allow a user to store critical personal medical information that’s sent to health care providers when they dial 911 from their iPhone. The benefits are clear and enormous: Instead of wasting time discovering a medical history, first responders would know instantly what the victim’s medical past looked like.
Epocrates: One of the most popular free medical apps available for the iPhone, gives doctors and nurses up-to-date information on thousands of drugs, lets them identify pills by physical description, and describes the effects of combining different drugs. A Stanford university doctor even made a video about how much he loves it. (Free)
ICD9 Consult: Never go hunting through a book to find a code again. This app lists ICD9-CM diagnosis codes and lets you search and browse by category. It includes more than 21,000 individual codes, making it a phenomenal portable tool for medical professionals. ($14.99)
Human Body Advanced Encyclopedia 3D Anatomy: Don’t let the clunky title fool you: Doctors and nurses everywhere should have this app on their iPhones. The app includes three-dimensional renderings of the body’s 14 anatomical systems as well as the ability to see all sides and angles of organs. It’s like having an anatomy textbook in your back pocket. ($3.99)
Medscape: From the WebMD people, this is a fantastic all-purpose app that’s packed with information on brand-name and generic drugs, clinical procedures, and more than 150 videos. (Free)
iRadiology: This app for students is also a good resource for doctors and nurses who’ve been working for years. It features more than 500 images designed to help users hone their detection skills and become better at reading film, CT, and MRI images. It’s a smart, progressive app because it operates under the assumption that knowledge is something you constantly build, and it helps medical pros stay at the top of their game.
Reach MD CME: This is an awesome app for doctors and nurses looking to further their education in unique and time-saving ways. Reach MD CME is an accredited app for continuing medical education that lets you download and listen to medical programs and then take the certification test all on your iPhone. (Free)
NeuroMind: NeuroMind is a smart, thorough app that helps residents and surgeons by acting as an index for a variety of brain-related surgical topics. It also provides a checklist of Safe Surgery items from the World Health Organization. (Free)
Drug Trials: If you’re a doctor or nurse, you need this app. Drug Trials is all about the latest drug tests, whether it’s an established drug being tested in new ways or an entirely new product being tested for the first time. This is one of the best ways to stay informed about what’s happening in drug research, and it also includes facts like eligibility requirements. (Free)
Informed RN Pocket Guide: The $9.99 cost is more than most apps, but nurses get a lot for that price with this in-depth app. The Informed RN Pocket Guide is a PDF version of the printed book, and it features a ton of helpful information nurses need to know, including metric conversions, pain assessment tools, pediatric care information, and even Spanish translations. Worth the buy.
Nursing Central: I take it back: This app is the pricey one. Nursing Central requires a subscription payment of $159.95 before you can view the content, but if you can afford it, it’s a worthwhile purchase. The constantly updated database covers more than 5,000 drugs, and it features info on all manner of diseases and treatments plus a dictionary with more than 60,000 (!) entries. If you don’t know it, this app does.
Nursing Pharmacology: A handy app for nurses that features flash cards designed to teach you the ropes of nursing pharmacology. Basic features, but helpful. ($0.99)
PubMed on Tap: This is the full version, not the lite one. The PubMed on Tap app searches PubMed for reference info and then lets you store PDFs or e-mail the results to yourself or someone else. For medical pros on the go, or those who need to do some quick research away from the computer, this app is a life-saver. ($2.99)
Skyscape’s Medical Bag: Call it the digital version of the classical little black doctors’ bag. This app includes a number of helpful tools, including more than 100 medical calculators and multiple articles on life support. ($1.99)
iMurmur 2: This app is a great fit for practicing doctors as well as med students. It’s got a library of actual recordings of different heart sounds, complete with accompanying descriptions and phonocardiograms. A must-have for cardiologists or any pro looking to brush up on the heart. ($2.99)

Tags: Doctors, EHR, Electronic Medical Records, Electronic Medicine, Health Reform, iPhone, iPhone Apps for Doctors and Nurses, Nurses

Breach Notification for Unsecured Protected Health Information

May 6, 2010 by Guest Blogger · 1 Comment
Filed under: Electronic Medical Records, EMR

By: Michael R. Spaltro

Gordon Moore, Intel co-founder, famously predicted that the speed of technology will double about every two years. Between 1981 and 1991, “computer processing speed increased tenfold, the instruction execution rate a hundred fold, system memory grew a thousand times, and system storage expanded by a factor of 10,000.” That was just the beginning. Intel has kept that pace for nearly 40 years, now introducing the world’s first 2-billion transistor microprocessor. The development of fundamental computer technology has translated into ubiquitous information technology infrastructure. Deploying information technology within the healthcare industry is significantly complicated by the indispensability of life and health to everything else we do. The privacy of electronic health records (“EHR”) that contain personally identifiable health information (“PHI”) is one area of particular concern.

Health care providers, health care plans, health care clearinghouses, and their business associates across the country are currently using EHRs as an efficient method to locally store patient records.[1] EHRs may contain patient treatment history, social and demographic data, and a multitude of other personal health information (“PHI”).[2] If the underlying computer technology continues to grow at the staggering pace predicted by Moore’s Law, the function of EHRs will expand to “assume a key roll in medical diagnosis and treatment management.”[3] Moreover, the Food and Drug Administration, in collaboration with public, academic, and private entities, is expected to use EHRs to link and analyze medical safety data from over 100 million patients by July 2012.[4] The resulting electronic network of interoperable healthcare data is of a scale never before contemplated in the industry. Personally identifiable health information, such as the data contained across local provider EHRs, health plan claims databases, and Medicare databases, will be remotely transmitted, stored, accessed, and analyzed.

Transmitting EHRs between an originating entity and the entity/infrastructure involved in research, development, and storage of EHRs, creates an increased potential for internal and external breach. Moreover, as EHRs become populated in local and remote institutions across the country, the incidence of breach ostensibly increases. In the event of breach, an individual may be exposed to a number of dangers. EHRs contain personal information of high value to computer hackers, such as social security numbers or payment information.[5] Furthermore, an otherwise legitimate entity could potentially use health information in a less nefarious way that nonetheless breaches individual privacy. How can we legally protect privacy while realizing the benefit of electronic health information technology?

The Health Insurance Portability and Accountability Act (“HIPAA”) shores up unauthorized access to protected health information. The HIPAA Security Rule and Privacy Rule require an entity such as a health plan, health care provider, business associate, or a health care clearinghouse, to safeguard all protected health information. Civil and criminal penalties are enforced against entities that fail to comply. The FDA’s qualified contractors[6] will similarly be subject to HIPAA under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act by 2017.[7] Therefore, the entire electronic network of EHRs will be covered by the Privacy Rule and the Security Rule. Within covered entities, protected health information is to be stored with any security measure that allows an entity to reasonably and appropriately implement all safeguard requirements. The Security Rule approves that a covered entity may use firewalls and other access controls (such as passwords) to safeguard PHI in its electronic form. Without this intangible structure protecting EHRs, unauthorized parties could easily access PHI and PHI could easily flow out to any individual, device, or system that interoperates with EHR databases. The HIPAA Security Rule therefore assures that a covered entity is reasonably protecting an individual’s privacy by safeguarding personal health information.

Firewalls and other reasonable access controls are not impermeable. Earlier this year, an ultra sophisticated hack attack on Google penetrated the multi-billion dollar corporation, causing it to later withdraw from China. Merck & Co. and Cardinal Health Inc. were among others infiltrated in the attack. The extent of information exposed is still not fully understood. Thus, breaches occur even if reasonable and appropriate safeguards are required. The access controls required by HIPAA in the Security Rule are not sufficient to protect a vast network of interoperable EHRs. Further data encryption and/or secure data destruction will eventually be required to protect individual privacy.

Pursuant to the Privacy section of the HITECH Act, Title XIII Division A, Subtitle D, the Department of Health and Human Services (“HHS”) was required to promulgate breach notification for unsecured protected health information rules and regulations (“Breach Rule”). HHS issued a final rule, effective September 23, 2009, requiring all entities and business associates covered under HIPAA to provide notification in the cases of breaches of unsecured protected health information. Presumably, an individual who is made aware that his personal information was compromised is better equipped to mitigate identity theft or other harms that could arise.

The provisions in Section 13402 of the HITECH Act are consistent with HIPAA definitions of a “covered entity” and “protected health information.” The Act defines breach as the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security of that information. In other words, if a firewall or reasonably appropriate access control is breached — a covered entity must report that breach to all of the individuals affected. Importantly, notification of breach is only required for unsecured personal health information. If a covered entity is in the practice of encrypting and/or destroying PHI in accordance with the National Institute of Standards and Technology (NIST), then that entity does not have to report a breach of their firewalls or access controls. It is only necessary to provide notice if “unsecured protected health information that is not secured through the use of technology or methodology specified…” is breached. The rationale is obvious. If a covered entity encrypts PHI in accordance with NIST standards, then the data is unusable in the event of a breach, and notification would be superfluous.

Consequently, a covered entity has two choices: (1) secure all EHRs that contain PHI; or (2) report breaches of PHI. The Breach Rule encourages cover entities to take the former approach. To secure EHRs that contain PHI, an entity must regularly perform two standard procedures. First, the NIST published standards recommend a “one pass” method of data deletion for most applications.[8] When electronic data is deleted, it is only removed from the file system. The “image” of the data physically remains on the hard drive of the device. Software and hardware methods of recovering deleted data are available to the public. Therefore, “deleted” PHI data could be recovered by an unauthorized entity in the event of a breach. The NIST recommends that one data overwrite be performed on the deleted data, as to render it unrecoverable. Depending on the method used and size of the database, data deletion can take up to an hour.

Second, and perhaps less straight forward, the NIST recommends data encryption using one the following four methods: full disk encryption; volume encryption; virtual disk encryption; or file/folder encryption.[9] The capital expenditure necessary to install and maintain encryption software/hardware throughout a covered entity is immense. Furthermore, encrypting millions of EMRs will tax computer processors and networks, and will additionally hamper interoperability. When data is encrypted it losses all functionality, and therefore must be decrypted by the authorized end-user before each use. It would be additionally problematic to transfer encrypted data throughout an electronic network, like that contemplated by the FDA, unless all systems were equip to recognize and decrypt the data. Thus, under either of the encryption methods above, the net result is a loss of productivity and interoperability. Moreover, encrypted data may not be mean secure data. The end-user authorized to access encrypted data will likely decrypt it during the course of a work day. Therefore, so-called encrypted PHI would be exposed to the same daily risks as unsecured PHI. Consequently, the nature of data encryption may not even provide the security and privacy that the Breach Rule contemplates.

While some covered entities are voluntarily choosing to encrypt and secure PHI, the impracticality and cost of data encryption is prohibitive. Covered entities were allowed 180 days to become compliant with the Breach Rule. That period has expired, and most covered entities have not opted to encrypt PHI. Instead, covered entities have put reasonable systems in place to detect breaches, as required by the Breach Rule. The Breach Rule requires notification without unreasonable delay once a covered entity learns of a breach. A majority of states already had breach notification laws in place, and thus covered entities had respective systems in place to detect and report breaches.

Reporting breaches under the Breach Rule still requires some capital expenditure. In some cases, notification to popular media outlets and the Secretary is required. This notification could potentially detract business and invite legal action. Of greater concern, a major breach and broadcast resulting in legal action may dissuade industry players from adopting EHR systems that could potentially reduce medical error and healthcare costs.[10] However, the burden of encrypting PHI is overwhelming, and perhaps ultimately ineffective. Consequently, the Breach Rule has done little to foster the actual security of PHI. In practice, covered entities merely provide notification of breach. It is unclear how this may or may not benefit a patient whose privacy has been breached. Deploying new EHR technology throughout the healthcare industry presents a risk to individual privacy that is not adequately addressed by the Breach Rule and HIPAA.

Privacy concerns should positively correlate with the volume of online EMRs. Pursuant to the FDAAA, 100 million EHRs will be linked within the FDA’s seminal network by July 2012. The sensitive and valuable nature of robust EHR databases will likely attract the attention of unauthorized parties around the world, and should therefore warrant a heightened level of security. Within two years, encryption technology may prove to be significantly smarter, cheaper, and more efficient. The concerns that bar covered entities from adopting data encryption may be lifted. While absolute data security is not likely attainable under any standard, software operating systems that integrate on-the-fly encryption would be ideal and foolproof. Rules and regulations should proportionately reflect advances in computer technology and the quantity of EMRs over the next two years. To protect public privacy and trust in our healthcare system, all PHI should eventually be encrypted by covered entities and their business associates.

[1] Hoffman and Podgurski, Finding a Cure: The Case for Regulation and Oversight of Electronic Health Record Systems, 22 Harv. J. L. & Tech 103.

[2] Id. at

[3] Id. at

[4] Food and Drug Administration Act of 2007 (FDAAA), 21 U.S.C. 355(k)(3).

[5] See, Hoffman, surpa note 1, at 113.

[6] 21 U.S.C. 355(k)(3). A qualified contract is similar to a business associate. The FDA contracts with entities that are deemed “qualified” within the meaning of the Act.

[7] See, HITECH, Pub. L. No. 111-5 Section 13401 and 13404.

[8] Special Publication 800-88, available at http://csrc.nist.gov.

[9] Special Publication 800-111, available at http://csrc.nist.gov.

[10] See, Hoffman, surpa note 1, at 104.

Tags: EHR, Electronic Medical Records, EMR, Health Care Reform, Health Reform, HIPAA, The HITECH Act Compliance

CMS and HHS Release New Proposed Rules Governing Health IT – Part 1: Overview of Proposed Rule on “Meaningful Use”

January 3, 2010 by Jordan T. Cohen · 3 Comments
Filed under: Electronic Medical Records, EMR, Health Care Economics

img_0627-1 Issues surrounding the implementation of health information technology (HIT) have not garnered anywhere near the amount of attention as issues such as the public plan, the intersection of abortion and health insurance, pre-existing condition provisions, etc. There are a variety of reasons for this.

First, HIT is not as accessible as these other issues. Discussions of HIT often involve the heavy use of acronyms as well as technical jargon that can be intimidating and confusing. This will not likely change in the future. HIT will increase in complexity, especially as variegated computer systems used by providers and hospitals are to be linked together.

A second reason for the lack of coverage of HIT is that there have been few if any significant steps on the federal level towards implementing a national HIT system. As I will discuss below, this is beginning to change, and this change provides for an important New Year’s resolution that all of those interested in health policy should make: stay informed about the changes in the HIT landscape. To make this resolution easier, I will write a series of posts describing the changes.

One of the more recent changes occurred with the passing of the American Recovery and Reinvestment Act (ARRA), and more specifically, portions known as the Health Information Technology and Clinical Health Act (HITECH Act). The HITECH Act initiated, among other things, an incentive-driven paradigm for transforming our health information system. The general idea is that physicians and hospitals will be paid for using HIT. However, in order for this transformation to take place, guidelines must exist such that physicians, providers and vendors of HIT products understand how to operate within this new system.

On December 30^th 2009, CMS and the Office of the National Coordinator of Health and Human Services (ONC), released two rules. ONC released an interim final rule regarding the standards that will govern the Medicare and Medicaid incentive program. Additionally, CMS released their proposed rule on what is considered meaningful use.

The interim final rule regarding the standards can be found here.

The proposed rule regarding meaningful use can be found here.

Meaningful Use

CMS’s proposed rule on meaningful use is important because it defines how physicians and providers must implement HIT in order to qualify for CMS’s incentive payments for the use of such technology. Much of the proposed rule is based on the HIT Policy Committee’s proposals on Meaningful Use, but comments had been solicited and incorporated from other committees, HIT vendors, and providers. The proposed rule states that incentive payments will begin in 2011, and that there will be two different payment methodologies: one for Medicare and one for Medicaid. Those receiving incentives must choose either the Medicaid or the Medicare plan. Furthermore, the rule states that hospitals and providers that are not meaningfully using HIT will have their payments from Medicare reduced, with the reductions taking effect in 2015.

The HITECH Act amended the Social Security Act, and in doing so, incorporated a broad definition of what constitutes a meaningful user of Electronic Health Records (EHR). Specifically for a provider to be a meaningful user they must:

Demonstrate use of certified EHR technology in a meaningful manner;
Demonstrate to the satisfaction of the Secretary that certified EHR technology is connected in a manner that provides for the electronic exchange of health information to improve the quality of health care such as promoting care coordination, in accordance with all laws and standards applicable to the exchange of information; and
Use its certified EHR technology, submits to the Secretary, in a form and manner specified by the Secretary, information on clinical quality measures and other measures specified by the Secretary.

The proposed rule is an extension of this definition, and aims to provide those EPs and hospitals with the proper information to become a meaningful user.

Specifically, the rule provides for two classes of providers to participate in the incentive system: eligible professionals (EPs) and hospitals. EPs are defined as non-hospital-based physicians, who either receive reimbursement for services under the Medicare Fee-For-Service program (FFS) or have an employment or contractual relationship with a qualifying Medicare Advantage organization (MA); or healthcare professionals meeting other requirements. (See page 22 of PDF). Hospitals are defined as hospitals that either receive reimbursement for services under the Medicare FFS program or are affiliated with a qualifying MA organization as described in section 1853(m)(2) of the Act; critical access hospitals (CAHs); or acute care or children’s hospitals. (See page 22 of PDF).

Transitioning to the meaningful use of EHRs will be phased in, taking place in three stages. On page 40 of the proposed rule, CMS describes the stages as follows:

Stage 1 (beginning in 2011): The Stage 1 meaningful use criteria focuses on electronically capturing health information in a coded format; using that information to track key clinical conditions and communicating that information for care coordination purposes (whether that information is structured or unstructured, but in structured format whenever feasible); consistent with other provisions of Medicare and Medicaid law, implementing clinical decision support tools to facilitate disease and medication management; and reporting clinical quality measures and public health information.

Stage 2: Stage 2 expands upon Stage 1 to use HIT for continuous quality improvement at the point of care and the exchange of information in the most structure format possible, such as the electronic transmission of orders entered using computerized provider order entry (CPOE) and the electronic transmission of diagnostic test results such as blood tests and nuclear imaging tests.

Stage 3: Stage 3 focuses on improving the quality, safety, and efficiency of health care, focusing on decision support for national high priority conditions, patient access to self-management tools, access to comprehensive patient data, and improving public health.

The proposed rule that was recently released only describes the specific criteria for Stage 1, with the criteria for Stage 2 and Stage 3 to be released at the end of 2011 and 2013 respectively. In terms of Stage 1 criteria, there is a hierarchy of organizational structure. At the broadest level there are “health outcome policy priorities.” Within each of these policy priorities there is a group of “care goals,” and associated with each group of care goals are the specific “objectives.” CMS has provided a very helpful table which breaks down the hierarchy, including the various objectives. I have extracted the table, which can be accessed here. However, for reference purposes, I have summarized the organization below, and provided the objectives for the first health policy priority. Note that there is a different list of objectives for hospitals, many of which are similar or identical.

The organization is as follows:

Health Outcome Policy Priority 1: Improving quality, safety, efficiency and reducing health disparities.

Care Goals:
1. Provide access to comprehensive patient health data for patient’s healthcare team
2. Use evidence-based order sets and computerized provider order entry (CPOE)
3. Apply clinical decision support at the point of care
4. Generate lists of patients who need care and use them to reach out+ to those patients.
5. Report information for quality improvement and public reporting.

Objectives for Eligible Professionals (EPs):
1. Use Computerized Physician Order Entry (CPOE)
2. Implement drug-drug, drug-allergy, drug-formulary checks.
3. Maintain an up-to-date problem list of current and active diagnoses based on ICD-9-CM or SNOMED CT®.
4. Generate and transmit permissible prescriptions electronically (eRx).
5. Maintain active medication list.
6. Maintain active medication allergy list.
7. Record demographics
8. Record and chart changes in the following vital signs
9. Record smoking status for patients 13 years old or older.
10. Incorporate clinical lab-test results into EHR as structured data.
11. Generate lists of patients by specific conditions to use for quality improvement, reduction of disparities, research, and outreach.
12. Report ambulatory quality measures to CMS (or, for EPs seeking the Medicaid incentive payment, the States)
13. Send reminders to patients per patient preference for preventive/follow-up care.
14. Implement five clinical decision support rules relevant to specialty or high clinical priority, including for diagnostic test ordering, along with the ability to track compliance with those rules.
15. Check insurance eligibility electronically from public and private payers.
16. Submit claims electronically to public and private payers.

Health Outcome Policy Priority 2: Engaging patients and families in their healthcare

Care Goal 1: Provide patients and families with timely access to data, knowledge, and tools to make informed decisions.

Health Outcome Policy Priority 3: Improving care coordination

Care Goal 1: Exchange meaningful clinical information among professional health care team.

Interestingly, for CPOE, EPs are required to use CPOE for at least 80 percent of all orders whereas hospitals are only required to use CPOE for 10 percent of orders. Why such a discrepancy exists is presently unclear.

In terms of the requirement for reporting clinical quality measures (as described in the original definition of meaningful use in the HITECH Act), the proposed rule adopts different measurements for EPs and hospitals. For EPs, the proposed rule utilizes the quality measures endorsed by the National Quality Forum (NQF) including selected for the Physician Quality Reporting Initiative (PQRI) program that had previously been endorsed by the NQF. For hospitals, the measures are a combination of the NQF measures and those measures from the Reporting Hospital Quality Data for Annual Payment Update (RHQDAPU).

Reporting of these clinical quality measures would be accomplished by one of three methods. The primary method would require EPs or hospitals to log onto a CMS-designated portal and upload the clinical quality data in a specific data structure (as defined by the ONC’s standards). Alternatively, data could be submitted through a Health Information Exchange(HIE)/Health Information Organization (HIO) depending on whether the Secretary can access that network. Another alternative is submission through registries dependent upon the development of the necessary capacity and infrastructure to do so using certified EHRs. See page 169 of the PDF for more details on the uploading process.

As discussed earlier on this blog, one aspect of the transition that remains to be addressed is whether the incentives provided to EPs and hospitals will be sufficient to encourage physicians to take on the initial outlays associated with EHRs. H.R. 3014 ,a bill to provide loans guarantees to solo and small group practices, has been passed by the House and is currently being reviewed by the Senate Committee on Small Business and Entrepreneurship. Without such measures to spur the initial implementation of EHRs, the incentives or downward payment adjustments may not be sufficient to implement the bold plan set out by CMS.

Tags: EHR, Electronic Health Records, Electronic Medical Records, EMR, Health Care Reform, Health Reform, Meaningful Use, The HITECH Act, The HITECH Act Compliance, Use of Electronic Health Records in U.S. Hospitals

Places Cited

Posts from Health Reform Watch have been cited by media sources throughout the country, including The New York Times, Washington Post, L.A. Times, Kaiser Health News, The Health Care Blog, NPR's Planet Money Blog, Duke Univ. Med. Center News, American Health Line Alerts, BusinessWeek.com, Concurring Opinions, Balkinization, The New England Journal of Medicine, Harvard's Nieman Foundation for Journalism, Las Vegas Sun, Maggie Mahar, Ezra Klein, Tom Geoghegan, and the official homepage of the Office of the Democratic Majority Leader of the House of Representatives, Steny Hoyer.
Recent Comments
Audio Presentations

Click on the blue links to play, click again to pause:
Hatch-Waxman "Pay for Delay Audio: Panelists included Michael Kades, Attorney Advisor, Federal Trade Commission; Charles A. Gallia, Counsel, Gibbons P.C.; Anastasia Winslow, Assistant General Counsel, Bristol-Myers Squibb; and David Opderbeck, Associate Professor of Law and Director, Gibbons Institute of Law, Science & Technology.
Hunt Lecture: From the original post: During his week-long visit to Seton Hall Law School, Paul Hunt, Professor of Law, University of Essex School of Law, provided several lectures to students and faculty ...Read More
Maizel Lecture: From the original post: A noted expert in the restructuring of health care business debts, both in and out of court, Sam Maizel treated Seton Hall to a one hour crash course on the fiscal crisis ...Read More
PPACA Discussion: From the original post: On Friday, April 9th, Seton Hall was treated to an expert round table discussion on the new health reform measures. Visiting professor Tim Greaney ...Read More
Kaiser
The Commonwealth Fund
- Evolving Dynamics of Health Insurance Exchange Implementation
  Since the enactment of the Affordable Care Act, the roles of states and the federal government in establishing health insurance exchanges—marketplaces where people can shop for comprehensive and affordable health plans—have evolved considerably. […]
- Reevaluating "Made in America"—Two Cost-Containment Ideas from Abroad
  In this Commonwealth Fund–supported Perspective, researchers examined two strategies for containing health care costs: Germany's bundled payments and Japan's volume-driven pricing. […]
- Primary Care: Our First Line of Defense
  Touching on some of the critical concepts in health care reform, this brief explains why primary care is so important to patients and also to the country's bottom line. […]
- Health Reform & You: A New Publication Series
  In a new series of publications, The Commonwealth Fund explores these and other changes in U.S. health care. Geared toward the non-expert, the briefs provide readers with easy-to-digest information on what the reforms mean and how they will affect patients, providers, and purchasers. […]
- Improving Access to Specialty Care for Medicaid Patients: Policy Issues and Options
  This report examines six Medicaid programs that support innovative ways of delivering specialty care and help ensure specialty referrals for Medicaid patients are appropriate and efficient. […]
RWJF Health Reform News
ACA Litigation Blog
- Update on Coons v. Geithner
  This is the case in the District Court for the District of Arizona, brought by some members of the House of representatives, among others. The plaintiffs made two principal claims in their complaint: (1) that the individual mandate exceeds Congress's enumerated powers, and (2) the Independent Payment Advisory Board (established by the ACA to review Medi […]
- Update on Goudy-Bachman v. HHS
  This is the case in which Judge Conner (M.D. Pennsylvania) declared the minimum coverage provision unconstitutional, and which the United States then appealed to the Third Circuit. The case has been on hold pending the Supreme Court's decisions. Now, the case is clearly done. The only issue raised was whether the mandate exceeded Congress's enumera […]
- The Chief arrives in Malta
  A nice place to avoid any discussion of switches, leaks, fits of pique, or the taxing power. […]
- Update on Physician Hospitals of America v. Sebelius
  This is the case that was argued back on April 3 in the Fifth Circuit, in which there was a brief kerfuffle about whether the administration still respected the federal judiciary's authority to declare acts of Congress unconstitutional. The case actually has nothing to do with the individual mandate. Rather, the plaintiffs challenge ACA §6001, which ext […]
- Update on U.S. Citizens Association v. Sebelius
  This is the case currently pending in the Sixth Circuit which, because it challenges the constitutionality of the minimum coverage provision, was also put on hold pending the Supreme Court's decision. Unlike many other cases, however, this case was not mooted, as the plaintiffs are now challenging the mandate on different grounds. Specifically, the plai […]
- Nothing yet in Kinder v. Geithner
  I just checked the Eighth Circuit's electronic docket through PACER, and there has been no movement on Kinder v. Geithner. This was the case orally argued October 20, and which has been stayed pending the Supreme Court's decision. The district court dismissed the case for lack of standing, but the parties also argued the merits in the court of appe […]
- Cert denied in the four held cases
  As loyal reader Mark Regan has pointed out to me, the Supreme Court quietly on Friday issued an order list denying certiorari in all the ACA cases that were being held for NFIB v. Sebelius, HHS v. Florida, and Florida v. HHS. To refresh your memory, those were:* Thomas More Law Center v. Obama* Virginia v. Sebelius* Liberty University v. Geithner, and* Seven […]
- A second "switch in time"
  By another Justice named Roberts.Jan Crawford, appearing this morning on CBS News's Face the Nation, is reporting this morning what most all of us have suspected. Specifically, two unnamed sources have told her that the Chief Justice switched his vote about a month ago. The basic outlines of this scenario make sense, as they explain a number of the anom […]
NY Times Health Policy
- National Briefing | New England: Condoms Approved for Schools in Massachusetts
  The new policy allows students to obtain condoms, unless parents opt them out, and makes sexual education a required part of school health curricula. […]
- A.M.A. Recognizes Obesity as a Disease
  The decision by the American Medical Association could have implications for health care companies and the pharmaceutical industry. […]
- HPV Vaccine Is Credited in Fall of Teenagers’ Infection Rate
  The prevalence of dangerous strains of the human papillomavirus, a principal cause of cervical cancer, has dropped by half in the last decade, officials say. […]
- Investigation Follows Trail of a Virus in Hospitals
  An international team found that a person can get sick 5.2 days after being exposed to the MERS virus, which has infected 64 people in 38 countries. […]
- The Consumer: The Heart Perils of Pain Relievers
  Researchers see cardiovascular risks in frequent high doses of some common medicines. […]
WaPo Health
Fierce Healthcare
- Want a raise, pharma reps? Get into biotech sales instead
  We regularly dig into compensation for top executives, but figures on the biopharma rank and file are harder to come by. So, if you've been waiting for those numbers, here's a taste: MedReps.com has run the numbers on sales people in the medical field. […]
- Boehringer grabs option on Karolinska cardiovascular therapy
  Boehringer Ingelheim has stepped in to pick up an option on a preclinical cardiovascular program under development at Stockholm-based Athera Biotechnologies, which is part of Karolinska Development's biotech portfolio. […]
- NIH backs pharma giants and academics' projects to revive R&D castoffs
  The NIH has advanced an ongoing effort to give castoffs from drug pipelines a new lease on development, committing $12.7 million to fund 9 collaborations between academic and pharma groups to find new treatments in areas of unmet need such as Alzheimer's disease, Duchenne muscular dystrophy and schizophrenia. […]
- Sarepta shares spike on upbeat results from DMD extension study
  Shares of Sarepta were boosted this morning after the biotech announced that it reaped another round of promising results from a closely-watched Phase IIb study of its experimental treatment for Duchenne muscular dystrophy. […]
- Analysis: AMA decision on obesity will boost drug R&D in a troubled field
  The AMA's decision to classify obesity as a disease is a direct attempt to persuade biopharma companies to develop new therapies by making it harder for payers to decline coverage while applying pressure on the FDA to approve more drugs faster. And that could provide a serious incentive for the obesity therapies already in development while making the p […]
- Another drug study flops at AstraZeneca as CEO braces for bumpy turnaround
  In an interview with Reuters yesterday, CEO Pascal Soriot warned that turning around AstraZeneca is going to require a lengthy rebuilding effort. […]
- UPDATED: Bluebird IPO busts out, raises $101M as biotech offerings turn red hot
  Biotech IPOs are officially back in vogue. Bluebird bio--set up to develop new gene therapies for orphan diseases--priced its IPO at $17 a share, actually above its range. The biotech raised $101 million after bumping up the number of shares it had on offer. […]
- Booming Alexion breaks ground on $140M global HQ
  Now that Alexion has established its reputation for marketing new drugs for ultra-rare diseases with the success of Soliris, the most expensive drug on the planet, the fast-growing biotech has broken ground on an 11-story facility in downtown New Haven destined to become its new headquarters. […]
- Adamas claims success with new and improved Parkinson’s drug
  Investigators say that the lead drug--ADS-5102, reformulated in a way designed to reduce the severity of side effects that plague patients--demonstrated a statistically significant improvement in levodopa-induced dyskinesia when compared with a placebo after 8 weeks of therapy. […]
- R&D cutbacks loom at Millennium's Cambridge ops
  The new president at Millennium Pharmaceuticals has been trying to maintain a careful balancing act in recent weeks, trying to reassure staffers about Takeda's commitment to the oncology subsidiary while making it clear that cuts are coming. […]
Boston Globe Health Blog
- Prostate cancer screening: too early to say goodbye
  First they try to take away our mammograms, and now this? Last week, the US Preventive Services Task Force (USPSTF) followed up their October 2011 draft guidelines to recommend, definitively, that doctors not offer routine Prostate-Specific Antigen (PSA) screening for... […]
- MIT professor wins prestigious chemistry prize
  By Carolyn Y. Johnson, Globe Staff Robert Langer, a biomedical engineer at MIT best known for his contributions in the fields of tissue engineering and drug delivery, has been named the winner of the 2012 Priestley Medal, a prestigious prize... […]
- Daily check up: New York Times points to Mass. public opinion on health care mandate as a model
  In an editorial today, the Times says support for the national mandate could follow the recent trend in Mass. and grow […]
- Brigham and Women's performs face transplant on woman mauled by chimp
  Jonathan Wiggs / Globe Staff Photo Steve Nash, brother of Charla Nash, who received a full face transplant at Brigham and Women's Hospital late last month, appeared at a press conference today with his wife, Kate. Charla Nash did not... […]
- Poll: Public supports mandatory physical education
  In a survey of 501 Mass. residents, 87 percent said the state should require 30 min. of physical activity each school day […]
LA Times Health Blog
- FDA approves a drug to reverse anticoagulation
  Ever since the drug warfarin was discovered to be a highly effective anti-clotting agent as well as a good rat poison in the early 1950s, it has been the frontline weapon in preventing stroke among those with atrial fibrillation. But its growing use has always raised the specter of dangerously hard-to-stanch bleeding if someone taking it is wounded or bleeds […]
- Alice Waters, school officials talk teaching with food
  Fast food begets a fast-food culture that has seeped into pretty much everything going on in the world today, the chef Alice Waters told a crowd gathered at UCLA for a presentation about edible education. […]
- Government shuts down HIV/AIDS vaccine trial
  In another major setback for efforts to develop a vaccine to boost immunity to the human immunodeficiency virus, known as HIV, a key clinical trial was ordered shut down this week after an independent panel of safety experts found that participants getting the vaccine appeared to be slightly more likely to contract the virus and no better at suppressing its […]
Health Affairs Blog
- Facilitating Quality Improvement: The Future Of The National Quality Forum
  In just a few weeks I will take on the role of president and CEO of the National Quality Forum. I’ve gone on a brief listening tour as I start this new challenge and I’m heartened by the conversations I’ve had. Whether payer, provider, patient or policymaker—everyone has thoughts on what NQF has accomplished, what the current state of quality measurement is […]
- Behind The Health Spending Numbers
  Millions more Americans are expected to join the ranks of the insured in 2014 under the Affordable Care Act (ACA) -- and with the expansion in coverage will come additional expense. Even so, the rate of spending growth in the health sector will head in the opposite direction, continuing a slowdown that has lasted well beyond the 2009 recession. In its eight […]
- The Latest Data On Primary Care Nurse Practitioners And Physicians: Can We Afford To Waste Our Workforce?
  If primary care is the foundation of the evolving health care system in this country, and if access to primary care for all is the goal, then nurse practitioners will be increasingly crucial to achieving these aims. Let’s face it, in our current system, there just aren’t enough primary care providers to meet the nation’s need while containing costs and focus […]
- Collaborative Filtering: An Interim Approach To Identifying Clinical Doppelgängers
  “The real challenge of human biology, beyond the task of finding out how genes orchestrate the construction and maintenance of the miraculous mechanism of our bodies, will lie ahead as we seek to explain how our minds have come to organize thoughts sufficiently well to investigate our own existence.” The initial enthusiasm following the mapping of the human […]
- Implementing Health Reform: Program Integrity And Other Exchange And Market-Reform Issues
  On June 14, 2013, the Department of Health and Human Services released a notice of proposed rulemaking (NPRM) entitled “Program Integrity: Exchange, SHOP, Premium Stabilization Programs, and Market Standards.” Although the proposed rule does include a number of provisions related to program integrity, it covers a great deal more. It resolves a host of outsta […]
Tags

ACA Accountable Care Organizations ACO Center for Health and Pharmaceutical Law & Policy Chronic Conditions CMS Constitutional Cost Control Drug & Device Drug and Device Electronic Medical Records EMR FDA Fraud and Abuse Health Care Health Care Reform Health Economics Health Law Health Policy Community Health Reform HHS HIT Hospital Finances Individual Mandate Medicaid Medical Malpractice Medicare National Newspapers & Media Obama Administration Pharma pharmaceutical industry Physician Compensation PPACA Prescription Drugs Private Insurance Proposed Legislation Public Health Public Option Public Plan Quality Improvement Recommended Reading State Initiatives Think Tanks Unconstitutional Uninsured
Meta

HEALTH REFORM WATCH

Recommended Reading: Interoperability and Preemption

Ensuring that ‘Meaningful Use’ Translates to a Meaningful Experience for Providers and Consumers

Data Breaches: A Growing and Alarming Trend and a Potential Safe Harbor

FDA Drafts Guidance on Mobile Medical Apps

From Viral Marketing to Medical Profile Contagion

Reform Rodeo

Reform Rodeo

iPhone Apps for Health Providers, a Path Emerging?

The 15 Most Forward Thinking iPhone Apps for Doctors & Nurses

Breach Notification for Unsecured Protected Health Information

CMS and HHS Release New Proposed Rules Governing Health IT – Part 1: Overview of Proposed Rule on “Meaningful Use”

Recent Posts

Categories

Health Reform Law (PPACA) Complete Text

News Sources

Noteworthy Blogs

Of Interest

Resources

Wordpress

Places Cited

Recent Comments

Audio Presentations

Kaiser

The Commonwealth Fund

RWJF Health Reform News

ACA Litigation Blog

NY Times Health Policy

WaPo Health

Fierce Healthcare

Boston Globe Health Blog

LA Times Health Blog

Health Affairs Blog

Meta