HIPAA, HITECH & Beyond: Protecting Heathcare Data in our Cyber World
This program will examine the most current issues, enforcement trends, and regulations relevant to healthcare data privacy experts who counsel hospitals, providers, and other healthcare facilities.
In collaboration with the Bergen County Prosecutor’s Office; 6 NJ/NY CLE credits. Click here for more information or to register.
Speakers
Helen Oscislawski, Privacy Risk Assessments and Privacy Challenges
Helen Oscislawski is the founder of Oscislawski, LLC in Princeton. She provides legal guidance on HIPAA, HITECH, state privacy laws, electronic health information exchanges and health information technology to HIEs, RHIOs and ACOs, and counsels other healthcare clients in various matters.
Ms. Oscislawski was appointed by Governor Jon Corzine in 2008 to the New Jersey Health Information Technology Commission (NJHITC) and was reappointed to the NJHITC by Governor Chris Christie in 2010 where she also served as Chair of the Privacy and Security Committee for NJHIT Coordinator. She is the primary author of Update to Privacy and Security Compliance Manual, which was developed for the New Jersey Hospital Association and, most recently, she has developed and authored several editions of the HIPAA-HITECH Helpbook, a manual that combines tools and sample forms that address HITECH changes, state law and other considerations and Meaningful Use and Health Information Exchanges.
Before founding Oscislawski, LLC, Ms. Oscislawski was a healthcare attorney at Fox Rothchild in Princeton, New Jersey, where she counseled healthcare clients on a wide range of legal matters. She received her BA from Rutgers University, Douglass College and her JD from Rutgers School of Law.
Frank Pasquale, Professor of Law, Seton Hall Law School, The Past, Present and Future of Health Privacy
Professor Frank Pasquale is the Schering-Plough Professor in Health Care Regulation and Enforcement at Seton Hall Law School. Professor Pasquale has taught information and health law at Seton Hall since 2004. He has published over 20 scholarly articles. His research agenda focuses on challenges posed to information law by rapidly changing technology, particularly in the health care, internet, and finance industries.
Professor Pasquale is an Affiliate Fellow of Yale Law School’s Information Society Project. He has been named to the Advisory Board of the Electronic Privacy Information Center. He has served on the executive board of the Health Law Section of the American Association of Law Schools (AALS), and has served as chair of the AALS Section on Privacy and Defamation.
Professor Pasquale received his BA from Harvard University (summa cum laude), his M.Phil. from Oxford University, and his JD from Yale Law School.
Jaime S. Pego, Director, Healthcare Advisory Services, KPMG LLP, (along with Joy Pritts, Mark Swearingen, and Frank Pasquale, Moderator) Panel Discussion: The Practical Steps Necessary to Promote Privacy and Cybersecurity in Modern Healthcare Organizations
Jaime S. Pego is a Director in the Short Hills, New Jersey, office of KPMG LLP’s Healthcare Advisory Services Practice and serves as the firm’s National HIPAA Privacy Director. She has substantial experience in healthcare regulatory compliance and healthcare-related advisory services.
Ms. Pego works with a variety of healthcare clients to assist with identifying and preventing compliance risks and complying with federal and state regulations. Her work for KPMG includes serving as lead director for OCR HIPAA audits, as well as acting as Privacy Lead for the KPMG HIPAA national service line assisting covered entities and business associates with HIPAA compliance. She has conducted internal investigations concerning a variety of topics, including fraud and abuse, HIPAA violations, as well as other legal and regulatory matters, and researched and developed compliance policies for institutions in the areas of gifting under the Anti-Kickback Statute and Stark Law, the DRA, HIPAA, EMTALA and others. She participates in the KMPG National HIPAA working group to develop tools and methodologies for client needs, and conducts and manages ICD-10 Impact Assessment at a variety of healthcare organizations to help identify gaps in ICD-10 readiness. She has also served as the firm’s lead manager for health care reform legislative analysis and research.
Prior to coming to KPMG, Ms. Pego was a Local Compliance Officer at a teaching hospital and outpatient center for one of New Jersey’s largest health care systems and has worked with some of the country’s leading health systems. She received her BA from American University and her JD from Seton Hall University School of Law, with a Concentration in Health Law, and is Certified in Healthcare Compliance (CHC) by the Health Care Compliance Association (HCCA).
Joy Pritts, Chief Privacy Officer, ONC, HHS, Meaningful Use Regulations: What Providers Need To Know To Comply
Joy Pritts joined the Office of the National Coordinator for Health Information Technology (ONC), Department of Health & Human Services in February 2010 as its first Chief Privacy Officer. Ms. Pritts provides critical advice to the Secretary and the National Coordinator in developing and implementing ONC’s privacy and security programs under HITECH. She works closely with the Office for Civil Rights and other operating divisions of HHS, as well as with other government agencies to help ensure a coordinated approach to key privacy and security issues.
Prior to joining ONC, Ms. Pritts held a joint appointment as a Senior Scholar with the O’Neill Institute for National and Global Health Law and as a Research Associate Professor with the Health Policy Institute, Georgetown University. She has an extensive background in confidentiality laws including the HIPAA Privacy Rule, federal alcohol and substance abuse treatment confidentiality laws, the Common Rule governing federally funded research, and state health information privacy laws.
Ms. Pritts received her BA from Oberlin College and her JD from Case Western Reserve University.
Anna Spencer, Esq., Sidley Austin, LLP, Data Breaches/Data Breach Notification Requirements and the Need for Encryption
Anna Spencer is a partner in Sidley Austin’s Washington, D.C. office whose practice focuses on health care. Ms. Spencer primarily works on matters involving the privacy and security of health information and she is the firm’s global coordinator for health information privacy. She regularly counsels a broad range of clients on healthcare information privacy and security issues. This includes assisting clients with respect to HIPAA and HITECH and has significant experience in investigating and responding to data breaches and information security incidents. She has represented clients in connection with data breach reporting obligations under the HITECH regulations for breaches of protected health information and defended health care providers in investigations initiated by the Office of Civil Rights, Department of Health and Human Services.
On behalf of covered entities and entities that qualify as HIPAA business associates, Ms. Spencer has developed multiple HIPAA privacy and security compliance and training programs. She has negotiated hundreds of Business Associate Agreements on behalf of various clients.
Ms. Spencer has spoken on privacy/security matters on behalf of numerous groups such as BNA and the American Conference Institute. She has authored a variety of articles on privacy/security issues, Medicare coverage, and fraud and abuse. She is currently authoring a book for BNA on health information privacy. Ms. Spencer received her BA from Sewanee and her JD from Vanderbilt University School of Law.
Mark Swearingen, Esq., Hall, Render, Killian, Heath & Lyman, PC, HIPAA and HITECH Trends (Enforcement and Otherwise)
Mark Swearingen coordinates the HIPAA practice and provides counsel on health information privacy and security matters such as breach response and notification and the creation, use, disclosure, retention and destruction of medical records and other health information at the Indianapolis law firm, Hall, Render, Killian, Heath & Lyman, P.C. His counsel to clients also includes a variety of health care topics related to regulatory compliance, physician and clinical services contracting, risk management and Independent Review Organization services. He has provided such services to a broad spectrum of health system, hospital, physician practice, diagnostic imaging center, ambulatory surgical center and long-term care facility clients.
Mr. Swearingen has spoken and written nationally and regionally on numerous topics, including antitrust, electronic medical records and health information privacy and confidentiality. He is an adjunct professor of a course in Law and Medicine at the Indiana University School of Informatics at IUPUI.
Mr. Swearingen received his BA from Indiana University and his JD from Seton Hall Law School.
LAW, HEALTH CARE PROFESSORS DISCUSS POLICY RECOMMENDATIONS FOR HIPAA IMPLEMENTATION
Seton Hall Professor and Health Care Regulation Expert Frank Pasquale to Present Draft White Paper Outlining Options and then Moderate a Discussion on its Pros and Cons with Fellow Academics
Washington, D.C. – Seton Hall University School of Law hosted an academic roundtable discussion on how our current healthcare law will respond to the new technology environment – in particular, maintaining privacy for consumers as the health industry expands adoption of cloud computing, on Friday, March 22, 2013. Seton Hall Professor Frank Pasquale moderated the event, “The Future of HIPAA and The Cloud,” and also released a white paper he coauthored with Tara Adams Ragone on the challenges that cloud computing technologies pose to the Health Insurance Portability and Accountability Act (HIPAA).
As the recent HIPAA Omnibus Rule showed, regulation must both reflect and shape technological advances. As stakeholders face new challenges and opportunities, the roundtable asked: What is the future of HIPAA in the cloud? How will patient data be used? What is the role for third party vendors? And who should be held responsible for security breaches in the cloud?
White paper abstract:
This white paper examines how cloud computing generates new privacy challenges for both healthcare providers and patients, and how American health privacy laws may be interpreted or amended to address these challenges. Given the current implementation of Meaningful Use rules for health information technology and the Omnibus HIPAA Rule in health care generally, the stage is now set for a distinctive law of “health information” to emerge. HIPAA has come of age of late, with more aggressive enforcement efforts targeting wayward healthcare entities. Nevertheless, more needs to be done to assure that health privacy and all the values it is meant to protect are actually vindicated in an era of ever faster and more pervasive data transfer and analysis.
After describing how cloud computing is now used in healthcare, this white paper examines nascent and emerging cloud applications. Current regulation addresses many of these scenarios, but also leaves some important decision points ahead. Business associate agreements between cloud service providers and covered entities will need to address new risks. To meaningfully consent to new uses of protected health information, patients will need access to more sophisticated and granular methods of monitoring data collection, analysis, and use. Policymakers should be concerned not only about medical records, but also about medical reputations used to deny opportunities. In order to implement these and other recommendations, more funding for technical assistance for health privacy regulators is essential.
Realizing the Promise of Health Information Technology to Reduce Health Disparities
As health 
providers and patients use more technology, new ways of addressing health care disparities are emerging. In 2009 Congress passed important federal legislation that addresses the digital infrastructure for medical care, the Health Information Technology for Economic and Clinical Health Act (HITECH). Recently in 2010, Congress passed the Patient Protection and Affordable Care Act (PPACA), which reduced barriers to health information technology (HIT). In line with the technological spirit of both laws, this blog post focuses on online social networking as a digital health care solution for elderly Hispanics who face disparities in the care that they receive.
Hispanics in the United States are twice as likely as non-Hispanics to lack a regular primary care physician (PCP). Those Hispanics that do not have a PCP suffer because they tend to experience disparities in health care when compared to other patient populations. Real-time health care-focused social networking sites (SNSs) or applications within an established SNS can provide beneficial health care solutions for vulnerable patient populations such as elderly Hispanics. One-way in which a SNS can benefit elderly Hispanics and reduce their health care disparities is by supporting the Patient-Centered Medical Home (PCMH) with digital applications. In fact, if real-time social networking transpired among 1) patients, 2) patients and their health care providers, and 3) between health care providers, elderly Hispanics could potentially receive better care.
As the role of HIT increases, it has led to a growing interest in understanding the potential role of HIT in “addressing healthcare disparities among racial and ethnic minority populations.” In order to properly evaluate the potential of HIT to address health care disparities, “adoption and utilization barriers must be understood.” Because this blog post is concerned with social networking sites, the discussion here will focus on social media and its emergence as “a potent resource among healthcare consumers.” Some studies have shown that “social media utilization patterns by race suggest potential opportunities to help address healthcare disparities via” increased communication between patients and physicians.
Social media has begun to infiltrate the health care system in several ways. First, entrepreneurs who understand “health care trends and consumer demands are leading creative business startups that are developing health-oriented social networks, health content aggregators, medical and wellness applications, and tools to enable health-related vertical searches (searches focused on a specific content area).” There are a growing number of condition-specific communities such as patientslikeme, QuitNet, and CureTogether.
Although there are many benefits to HIT, there are also barriers that prevent physicians from adopting HIT. One major benefit stemming from HIT is that it can lead to positive communication in “which providers share thoughts, opinions, and information by speech, in writing, or through peer professional or social networks [which have] been shown to be associated with provider health IT adoption.” One major issue is the inability of electronic health records (EHRs) and HIT systems to communicate with each other, the impact of HIT on clinical workflows, and the absence of technical assistance for office staff and physicians. Additional barriers from the patient perspective will exist if a patient does not perceive a benefit to be gained from using technology; in fact, without a perceived benefit they are highly unlikely to use it. There is also the perception that patients might be too busy to incorporate HIT into their busy everyday lives. Also there may be “poor computer knowledge, literacy, and skills ” prevalent among target populations which could benefit from HIT. Additionally, “lack of cultural relevance as well as privacy and trust concerns all have been reported as barriers to the use of [consumer health informatics] tools and applications.” In framing technological health care solutions for a minority population such as Hispanics, it is important to consider cultural issues in any implementation because cultural issues could deter use by a given patient population.
There are several proposed ways in which HIT can reduce health care disparities. For example, if clear and accurate patient information were to be presented to a physician in an electronic setting it could lead to the promotion of high-quality personalized care and reducing select health care disparities. Additionally, EHRs could provide the physicians that serve elderly Hispanics more accurate information and help them make better treatment decisions. The largest benefit would be the ability to connect “physicians with other [physicians or patients]…[and also] tools such as e-mail, e-consultation, e-prescribing, [which could] enable providers to connect with other healthcare professionals” in a more fluid manner.
It is important that the above mentioned benefits are implemented in communities where there are underserved Hispanics or other vulnerable patient populations. It is urgent that those with the highest health care disparities benefit from such technologies because historically their needs have not been met. Scholars have already noted that “telemedicine, remote monitors and sensors, patient e-mail, and increasingly the Internet and social media, connect providers and healthcare systems to patients and caregivers.” The idea is that greater communication can reduce health care disparities. When dealing with a historically vulnerable patient population such as elderly Hispanics who face various types of social issues, I believe that easier access to their health providers can make a big difference in improving their health care outcomes.
An HIT tool that connects providers with patients could reduce health care disparities by “enabling increased monitoring of important clinical parameters” in a way that is not currently taken advantage of for minority patients. Increased communication will allow physicians to stay in contact and monitor their sickliest patients through enhanced doctor-patient communication. As technology and health care merge, it is vital that vulnerable patient populations, such as elderly Hispanics, are identified so that they can be included in the technological healthcare solutions being proposed.
Felipe De Los Santos is in his last year at Seton Hall University, School of Law. Felipe is set to graduate from Seton Hall in May 2013 with a Health Law Concentration. He graduated from Connecticut College in 2007 with a B.A. in English and Economics. From 2007-2009, he worked in finance as a Consultant for ALaS consulting between New York and Delaware. During his first year of law school Felipe interned with the New York State Majority Leader (2009-10).
Presently Felipe works as a Project Manager for a New York State health care company in the Community Based Programs division. Felipe manages and develops projects that focus on chronically ill elderly patients in New York City. As part of his responsibilities Felipe develops marketing strategies and action plans to support targeted patient populations who can benefit from managed long-term care. Currently, Felipe is involved in launching a Medicare/Medicaid Advantage Plan. Felipe’s work with vulnerable patient populations and interests in technology, have made the crossroad of technology and healthcare an interest that he has written about in law school. Felipe’s health reform interests include improving health care access and outcomes for vulnerable patient populations.
Felipe may be reached at felipe.delossantos@gmail.com
The Emerging IP Law of Health Information
I have hinted at problems with uniform trade secrecy laws in this volume and a law review article. I plan to continue that line of research in a co-authored work with Dave Levine, exploring the costs of trade secrecy in the finance, energy, and communications sectors. When it comes to “solutions,” I’m increasingly inclined to frame the issue as: how do we operationalize the insights of Michael Carroll’s “Uniformity Costs” concept? In other words, how do we shape doctrine so that it respects the unique economic conditions (and moral imperatives) related to specific industries?
One way to do so is to insist on the autonomy of a subject matter defined legal field (versus the trans-substantive aspirations of, say, contract, property, or intellectual property law). The “law of the horse crowd” usually assails that autonomy by warning about the distortionary affects of applying different laws to different sectors. Health law professors shared that worry for a while, debating whether health care law is a “coherent field.” But that anxiety seems to have faded as a distinct arena of health care economics develops and lawyers set to work implementing the massive HITECH and PPACA legislation passed in 2009 and 2010. The stage is now set for a distinctive law of “health information” to emerge, as third party payers and government use their leverage in the sector to tamp down counterproductive IP- and contract-based corporate strategies.
The law of health information is neither more “open” nor more “closed” than information law generally. Free access should be dictated in areas of extreme personal or societal need; in other cases, it may be right to force high payments, either ex ante via taxes, or ex post via high prices, from those with the ability to pay. Privacy should play a far more important role here than it does in the usual Wild West of internet data collection and processing. But once data is truly anonymized, the research imperative for access is perhaps more pressing than in any other area of law (except, perhaps, national security.).
For a recent controversy where laws of copyright seem inappropriate in a medical setting, check out this story:
According to the New England Journal of Medicine, after thirty years of silence, authors of a standard clinical psychiatric bedside test have issued take down orders of new medical research. Doctors who use copies of the bedside test which will have been printed in some of their oldest medical textbooks are liable to be sued for up to $150,000. . . . [E]ven the ghosts of positively ancient abandoned copyrights for the very simplest of ideas can be used to block new medical work through legal bullying.
The “thirty years” of silence part makes me want to look into a laches claim. The simplicity of the test also seems to invite a merger defense. On the other hand, perhaps the best answer is compulsory licensing, which should have gotten more attention during the SOPA/PIPA flap. Whatever solution is optimal, the implication of the NEJM piece is clear: health professionals believe their field deserves some autonomy from the normal laws of intellectual property. Popular reaction against secret prices of medical devices and hospital procedures also reflects that view.
In many areas, such rebellions against pricing the priceless have translated into general skepticism about intellectual property. In health care, they may lead to something different: a health information law distinct from the IP and privacy laws of general application.
An eminence grise of cyberlaw once told me that he got into the field in the 1980s because it was one of the few areas where things were “up for grabs” enough that a creative scholar could still have an influence. An elder statesman of the IP field told me that it had gone into “normal science” mode as of 2004 or so. Perhaps those who still want “paradigm shifts” need to work heavily regulated fields like health information law, where government policymakers are more regulators for (rather than instruments of) vendors and providers.
Health Information, Privacy, and Innovation
Health information law is a very exciting field. Lawyers, doctors, and start-ups are re-thinking health care as an information industry. I’ll be speaking on privacy and fair data practices at an upcoming conference. The relationships between privacy, “big data,” and trade secrecy will bear a great deal of attention in coming years.
Software-based automation has raised living standards dramatically. It makes factories more efficient, renders vast amounts of information accessible, and daily improves quality of life in barely noticed ways. To realize these types of advances in health care, government and NGOs have begun to catalyze better data collection, retention, and analysis. Life sciences companies need to report more data on drugs and devices. Hospitals and doctors are incentivized to use electronic health records via stimulus funding and rulemaking based on the HITECH Act’s meaningful use and certification requirements.
How will traditional intellectual property laws interact with these initiatives? Will the increasing need for cooperation and sharing of information alter the landscape of trade secrecy and other IP protections that have often siloed health data? Will providers find alternative funding sources for the collection, retention, and analysis of data, as some traditional IP protections appear increasingly outdated in a world of “big data” and market-driven transparency?
Medical privacy law has focused on assuring the privacy, security, and accuracy of medical data. The post-ACA landscape will include more concern about balancing privacy, innovation, access, and cost-control. Advanced information technology has raised a number of new questions. Beyond HIPAA and HITECH regulation, consumer protection law plays an important role in these fields. (For example, the FTC recently required firms that “score” the health status of individuals based on their pharmacy records to disclose these records to scored individuals.)
Patients are opting to personalize their health records with the help of cloud computing firms; what law governs this digital migration? There is increasing concern about the role of “incidental findings” in medical research and practice; how will regulators and professional groups address them? When employers demand access to employee health records, in what ways can they use them to profile the employee?
We also need to examine the legal aspects of data portability, integrity, and accuracy. When two health records conflict, which takes priority? What is “meaningful use” of an electronic health records system, and how will regulators and vendors assure interoperability between systems? The course will also cover innovators’ efforts to protect their health data systems using contracts, technology, trade secrecy, patents, and copyright, and “improvers’” efforts to circumvent those legal and technological barriers to openness.
Finally, what are pharmaceutical companies’ past and present strategies regarding the disclosure of their research, including non-publication of adverse results and ghostwriting of positive outcomes? Will a “reproducible research” movement, popular in the hard sciences, reach pharmaceutical firms? Insurer data will also be a target of reformers (including trade-secret protection of prices paid to hospitals, conflicts over the interpretation of disclosure requirements in the ACA, and state regulation of insurer-run doctor-rating sites). Quality improvement and pilot programs will need good provider and insurer data–how we will ensure they have them?
Models of Patient Safety
Filed under: Electronic Medical Records, IT, Medical Journals, Medical Malpractice
If one jumbo jet crashed in the US each day for a week, we’d expect the FAA to shut down the industry until the problem was figured out. But in our health care system, roughly 250 people die each day due to preventable error. A vice president at a health care quality company says that “If we could focus our efforts on just four key areas — failure to rescue, bed sores, postoperative sepsis, and postoperative pulmonary embolism — and reduce these incidents by just 20 percent, we could save 39,000 people from dying every year.” The aviation analogy has caught on in the system, as patient safety advocate Lucian Leape noted in his classic 1994 JAMA article, Error in Medicine. Leape notes that airlines have become far safer by adopting redundant system designs, standardized procedures, checklists, rigid and frequently reinforced certification and testing of pilots, and extensive reporting systems. Advocates like Leape and Peter Provonost have been advocating for adoption of similar methods in health care for some time, and have scored some remarkable successes.
But the aviation model has its critics. The very thoughtful finance blogger Ashwin Parameswaran argues that, “by protecting system performance against single faults, redundancies allow the latent buildup of multiple faults.” While human expertise depends on an intuitive grasp, or mapping, of a situation, perhaps built up over decades of experience, technologized control systems privilege algorithms that are supposed to aggregate the best that has been thought and calculated. The technology is supposed to be the distilled essence of the insights of thousands, fixed in software. But the persons operating in the midst of it are denied the feedback that is a cornerstone of intuitive learning. Parameswaram offers several passages from James Reason’s book Human Error to document the resulting tension between our ability to accurately model systems and an intuitive understanding of them. Reason states:
[C]omplex, tightly-coupled and highly defended systems have become increasingly opaque to the people who manage, maintain and operate them. This opacity has two aspects: not knowing what is happening and not understanding what the system can do. As we have seen, automation has wrought a fundamental change in the roles people play within certain high-risk technologies. Instead of having ‘hands on’ contact with the process, people have been promoted “to higher-level supervisory tasks and to long-term maintenance and planning tasks.” In all cases, these are far removed from the immediate processing. What direct information they have is filtered through the computer-based interface. And, as many accidents have demonstrated, they often cannot find what they need to know while, at the same time, being deluged with information they do not want nor know how to interpret.
A stark choice emerges. We can either double down on redundant, tech-driven systems, or we can try to restore smaller scale scenarios where human judgment actually stands a chance of comprehending the situation. We will need to begin to recognize this regulatory apparatus as a “process of integrating human intelligence with artificial intelligence.” (For more on that front, the recent “We, Robot” conference at U. Miami is also of great interest.)
Another recent story emphasized the importance of filters in an era of information overload, and the need to develop better ways of processing complex information. Kerry Grens’s article “Data Diving” emphasizes that “what lies untapped beneath the surface of published clinical trial analyses could rock the world of independent review.”
[F]or the most part, [analysts] rely simply on publications in peer-reviewed journals. Such reviews are valuable to clinicians and health agencies for recommending treatment. But as several recent studies illustrate, they can be grossly limited and misleading. . . . [There is] an entire world of data that never sees the light of publication. “I have an evidence crisis,” [says Tom Jefferson of the Cochrane Collaboration]. “I’m not sure what to make of what I see in journals.” He offers an example: one publication of a Tamiflu trial was seven pages long. The corresponding clinical study report was 8,545 pages. . . .
Clinical study reports . . . are the most comprehensive descriptions of trials’ methodology and results . . . . They include details that might not make it into a published paper, such as the composition of the placebo used, the original protocol and any deviations from it, and descriptions of all the measures that were collected. But even clinical study reports include some level of synthesis. At the finest level of resolution are the raw, unabridged, patient-level data. Getting access to either set of results, outside of being trial sponsors or drug regulators, is a rarity. Robert Gibbons, the director of the Center for Health Statistics at the University of Chicago, had never seen a reanalysis of raw data by an independent team until a few years ago, when he himself was staring at the full results from Eli Lilly’s clinical trials of the blockbuster antidepressant Prozac.
There will be a growing imperative to open up all of the data as concerns about the reliability of publications continue to grow.
AT&T and Intuitive Health Team Up to Bring Down Health Costs and Reduce Hospital Readmissions
The frequency spectrum of a signal from an AM radio station on the medium wave band. The vertical coordinate is time, the horizontal coordinate is frequency. The central bright line is the radio transmitter's carrier. On either side of it are the "sidebands" that contain the modulation, the information that the radio station is sending, which is an audio signal that represents sound. As time progresses (moving down the graph) the sidebands change, representing the changing tones of the of the speech or music that is being transmitted. Regions in the sidebands near the central carrier represent low audio tones, while regions farther from the carrier represent higher frequency tones.
Hospital readmissions for chronic diseases such as asthma, congestive heart failure and diabetes are said to have been estimated to account for over 80% of hospital inpatient stays. In an effort to reduce these admits and consequently lower healthcare costs, AT&T and Intuitive Health have collaborated to pilot a home-based remote patient monitoring solution which would allow patients to spend more time at home and engage in their own care rather than with healthcare providers at medical facilities. Through wireless connectivity provided for by AT&T, the system works to send data from the patients’ unobtrusive personal health device, to a secure software platform integrated to the health ecosystem through Intuitive Health’s technology–emphasis placed on the confidential nature of the transmission of patient’s personal information.
“Innovation is desperately needed outside the four walls of the hospital,” said Eric Rock, CEO and Founder of Intuitive Health. “In order to increase our nation’s quality of care and gain control of our healthcare spending, patients of all ages and technical ability must be given intuitive tools to improve their own health, while remaining engaged and monitored by their caregivers remotely.”
In the April 2010 Position Paper on “Technologies for Remote Patient Monitoring in Older Adults” by the Center for Technology and Aging, it was hypothesized that the U.S. health care system could reduce costs by nearly $200 billion within the next 25 years if remote monitoring tools are utilized for chronic diseases. To be sure, figures are not easily discernible; the amount and types of people who choose to utilize such treatment cannot be easily predicted.
The collaboration between AT&T and Intuitive Health is not the first of its kind; and with the increasing popularity of Smartphones, it is reasonable to anticipate that mobile technology will play a role in rise of the use of remote patient monitoring services. It is, perhaps, however, worthwhile to reconsider Michael Ricciardelli’s related post written three years ago, as a way to evaluate the role technology has and may continued to play in areas of health reform.
The Changing Landscape of Health Information Regulation
There is an impressive new issue of the American Journal of Law & Medicine out, with top names in the field participating in a symposium entitled “Marketing Health: The Growing Role of Commercial Speech Doctrine in FDA Regulation.” I also wanted to recommend a piece from Simon Stern and Trudo Lemmens on pharma ghostwriting, which is getting a lot of play in Canada. Titled “Legal Remedies for Medical Ghostwriting: Imposing Fraud Liability on Guest Authors of Ghostwritten Articles,” the piece could lead to some interesting litigation opportunities. Here is the abstract:
Ghostwriting and guest authorship of medical journal articles raise serious ethical and legal concerns, bearing on the integrity of medical research and evidence used in legal disputes. Ghostwriting involves undisclosed authorship, usually by medical communications agencies or a pharmaceutical sponsor of the published research; guest authorship involves taking authorial credit for the published work without making a substantial contribution to it. Commentators have objected to these practices because of concerns involving bias in ghostwritten clinical trial reports and review articles. We also note the effects of ghostwritten articles on questions involving the legal admissibility of scientific evidence. Efforts to curb ghostwriting practices, undertaken by medical journals, academic institutions, and professional disciplinary bodies, have thus far had little success and show little promise.These organizations have had difficulty adopting and enforcing effective sanctions, for specific reasons relating to the interests and competencies of each kind of organization.
Because of those shortcomings, a useful deterrent in curbing the practice may be achieved through the imposition of legal liability on the ‘guest authors’ who lend their names to ghostwritten articles. We explore the doctrinal grounds on which such articles might be characterized as fraudulent. A guest author’s claim for credit of an article written by someone else constitutes legal fraud, and may give rise to claims that could be pursued in a class action based on the Racketeer Influenced and Corrupt Organizations Act (RICO). The same fraud could support claims of “fraud on the court” against a pharmaceutical company that has used ghostwritten articles in litigation. This doctrine has been used by the U.S. Supreme Court to impose sanctions on the authors and corporate sponsors of a ghostwritten article. We discuss the potential penalties associated with each of these varieties of fraud.
This promises to inspire some difficult legal challenges to industry practices that have long been considered undesirable as a policy matter.
Beyond Innovation and Competition, Health IT Edition
Last year I published a piece called “Beyond Innovation and Competition,” questioning the dominance of those values. Economists celebrate innovation and competition as the main source of future growth. Innovation has become the central focus of Internet law and policy. While leading commentators sharply divide on the best way to promote innovation, they routinely elevate its importance. Business writers have celebrated search engines, social networks, and tech startups as model corporations, bringing creative destruction and “disruptive innovation” in their wake. Maximum innovation is the goal, and competition is billed as the best way of achieving it. Players in the vast and dynamic tech marketplace are supposed to constantly strive to innovate in order to attract consumers away from rivals.
In the piece, I explain how both competition and innovation can be as destructive as they are constructive. There are many social values (including privacy, transparency, predictability, and stability), and companies can compete for profits in ways that erode those values. In an era of inequality and hall-of-mirrors stock market valuations, innovations of marginal or negative impact on society at large can be vastly overvalued by a stampede of fickle investors.
The shortcomings of the innovation and competition story also play out in health information technology. Stimulus legislation in 2009 provided many carrots and sticks for doctors to digitize their recordkeeping systems, ranging from bonuses now to reimbursement haircuts later this decade if they fail to implement the technology. Congress structured the incentives to encourage a competitive and innovative marketplace in health information technology. But many doctors are shying away from implementation, in part because they fear that the fast and loose ethics of the market can’t mesh with a medical culture of constant commitment to quality care.
Susan Jaffe’s article for the Center for Public Integrity examines doctors’ fears about adopting any given software suite. According to Jaffe, “570 different electronic health systems certified by private organizations for non-hospital settings may be used to qualify for the” stimulus funds. The long-term consequences of the choice make the jam-shopping examples in Barry Schwartz’s book The Paradox of Choice seem quaint:
The systems can vary in appearance, content, organization and special features. Some can be customized by users in different ways, at no cost or some cost, or not at all. Some are compatible with other systems now, eventually or, some critics say, maybe never. . . . The costs of the systems remain daunting, despite the bonuses, particularly in areas that have been hit hard by an ailing economy.
The pricetag varies widely depending on the type and size of the medical practice, whether new computers are purchased and the extent of customization, among other things. Software alone can cost from $2,000 to $10,000 per doctor. All told, the cost jumps to about roughly $20,000 per doctor, according to a regional extension center consultant who advises physicians in northeast Ohio. On top of that, manufacturers charge hefty annual fees for technical support and periodic upgrades that together can amount to about 35 percent of the upfront costs. The systems are priced in a way that does not make comparison shopping “easy or necessarily valid,” said Dottie Howe, a spokeswoman for the Ohio regional extension center. There is no basic price because each company offers different components, features, options, and level of technical support. . . .
Most manufacturers will also charge the doctors to move the information in their current system to the new one. There could be extra [ongoing, monthly] charges to connect to other systems too.
Doctors have also been burned by sharp operators that emphasize slick salesmanship over solid service:
[T]he Southwest Family Physicians group is worried . . . They bought an electronic health record system five years ago that is now nearly obsolete. The manufacturer was taken over by another company that provides minimal technical support . . . “The salesman said ‘you’re buying a Cadillac, this is going to be the greatest thing,’ ” [one doctor] recalled. But that system can’t display an X-Ray image or send a prescription electronically to a pharmacy. “We’ve got the Model T Ford,” he said.
le secret, l'illustration Européenne 1871 no.22 page 173
It does appear that regional extension centers are doing some work to keep pricing reasonable. Jaffe’s article focuses on Ohio, where five “preferred vendors” “agreed to charge prices ‘as good as or better than’ prices offered to other regional extension centers, to provide onsite assistance when a practice turns on its electronic health record system for the first time, offer technical support for at least six years, and limit annual cost increases for continuing technical support, among other things.” But consider the bizarrely proprietary nature of pricing data:
Whether the five preferred vendors offer a better deal than their non-preferred competitors is not known because the state regional extension center doesn’t have pricing information from non-preferred vendors, said Howe, the spokeswoman for the state’s regional extension center. Pricing from the preferred vendors are confidential, she said. And despite their preferred status, the five companies do not guarantee that eligible health care providers who purchase their systems will receive the government’s bonus payments.
I discussed the troubling degree of secrecy in health care before, and I’m very sad to see it persist here. The doctors in Jaffe’s story are making reasonable demands: to be able to understand the nature of the commitment they are making, to avoid big financial losses, and not to be burned by fly-by-night operators attracted only by the government subsidy money. They want to assure that the basic health care values of access, cost-control, and quality are reflected in the software they use.
We are seeing the opening stages of a battle between a medical sector committed to maintaining its own autonomy and traditions, and a tech sector that wants to commoditize health data in as standardized a form as futures markets homogenized corn grades, or credit scores tranched residential mortgage backed securities. Commenting on the demise of Google Health, an informatics expert said that “Google is unwilling, for perfectly good business reasons, to engage in block-by-block market solutions to health-care institutions one by one, and expecting patients to actually do data entry is not a scalable and workable solution.” To be sure, the company can’t expect to make the same profit margins in the health sector as it does in the online ad business. But the “instant millions” ethos of Silicon Valley doesn’t fit well with a sector where we are in principle committed to serving everyone, regardless of ability to pay.
Economist John Van Reenen has observed that the US has a particularly innovative economy in part because our markets are so good at crushing badly run firms. It’s probably good that garden equipment suppliers, toothpaste makers, and pie bakers know they can be out of business in a month or two if they’re “off their game” for a short time. But if I just entrusted three years of medical records to a vendor who suddenly went out of business, I’d take little comfort in the idea that a marginally better competitor had knocked it out of the market. The transition to a new vendor can be slow and costly—doctors in Jaffe’s story speak of seeing 1/3 to 1/2 less patients over weeks or months as they learn a new system.
At a Yale SOM Health Care conference in 2009, the Chief Medical Officer of a major player in the field once remarked to me that choosing an HIT vendor is “like a marriage—you don’t end the relationship lightly.” I first thought that remark was self-serving. But the more one examines the HIT field, the more important it appears to get standard recordkeeping, support capabilities, and interoperability right at the outset, rather than leaving doctors to negotiate the wreckage of several generations of battling systems. Think about how chaotic online music sales seemed before iTunes. Perhaps Apple (whose iPads are already beloved by many docs) is going to bring a swift and highly profitable order to this field, too. I hope the ONC and other decisionmakers will well-regulate whatever behemoth eventually emerges, vindicating the public values that competition and innovation are unlikely to promote.
Photo credits to Aleksandar Šušnjar, Jakub Halun and loki11.
Personal Health Records: Is Unraveling Inevitable?
I look forward to reconnecting with everyone who is attending the health law professors conference in Chicago. My presentation will be applying some of the ideas of Scott Peppet (on self-quantification and unraveling) to personal health records. I found these ideas from Peppet’s post on biometric identification particularly interesting:
The biometric technologies firm Hoyos (previously Global Rainmakers Inc.) recently announced plans to test massive deployment of iris scanners in Leon, Mexico, a city of over a million people. . . . [T]he company’s roll-out strategy is explicitly premised on the unraveling of privacy created by the negative inferences & stigma that will attach to those who choose not to participate. Criminals will automatically be scanned and entered into the database upon conviction. Jeff Carter, Chief Development Officer at Hoyos, expects law abiding citizens to participate as well, however. Some will do so for convenience, he says, and then he expects everyone to follow: “When you get masses of people opting-in, opting out does not help. Opting out actually puts more of a flag on you than just being part of the system. We believe everyone will opt-in.” (For the full interview, see Fast Company’s post on the project.)
I’ve previously looked at the limits of individualist accounts of autonomy in work on pharmaceuticals (here and here), and scholars like Robert Ahdieh are questioning individualism in law & economics generally. As Nic Terry has argued, many of the critiques of CDHC apply to PHRs, and vice versa.
As of a few years ago, “it wasn’t illegal to hire and fire people based on their smoking habits” in 21 states. I think there will be many difficult questions raised in coming years by the growth of medical records of all types, and how many secondary uses of them are permitted. For example, some dating sites will now verify the income and assets of their users. How soon before they (and other certification and evaluation intermediaries) start vouching for health profiles? Does law have a role in these situations? I’ll try to explore these questions, and I’ll post more details about the presentation after getting some feedback.
It’s Not the ‘Shared Savings’, Stupid: Why ACOs Under the Proposed Rule Will Change Medicine As We Know It
Filed under: Accountable Care Organization, Cost Control, Health Reform
CMS got the Medicare Shared Savings Program (MSSP) proposed rule largely right, but not because of the actual “shared savings” that the ACO model is commonly associated with. Rather, the MSSP will usher in a shift from the practice of medicine as primarily an art, to the practice of medicine as primarily a science.
The Battle of Marathon: a victory for the Greeks that some attribute to the double-envelopment tactic. Maps courtesy of the Department of History, United States Military Academy
The explosion over the last 50 years of drugs and devices — and the studies and guidelines concerning their effectiveness — is staggering. Couple this explosion with the lack of effective means for physicians and health care providers to make sense of the information, and it’s not surprising that we have a bloated, inefficient, and costly system that fails to provide value commensurate with our health care budget.
This systemic problem is no secret. The HITECH Act attempts to target the health information technology (HIT) problem with an incentive program, and PPACA attempts to increase evidence-based medicine (EBM) with projects like the Patient-Centered Outcomes Research Institute. But a piecemeal approach does not ensure the necessary integration between HIT and EBM, nor sufficient incentives for industry to embrace them.
Why such faith in the MSSP?
Because if ACOs want to participate in the shared savings they must meet the dual requirements of EBM and HIT. It’s this double-envelopment — combined with the ‘carrot’ of shared savings — that will finally usher in a medical revolution.
Thomas Kuhn, a trained physicist who is better known for his contributions to the philosophy of science , introduced the idea of “paradigm shifts” that occur as science evolves. In “The Structure of Scientific Revolutions,” Kuhn posits that instead of a linear evolution of scientific discovery, the discovery of anomalies can force traditional explanations of natural phenomena to be questioned. If enough anomalies accrue that seriously undermine an accepted explanation, a “crisis moment” occurs. In this circumstance “a scientist’s world is qualitatively transformed [and] quantitatively enriched by fundamental novelties of either fact or theory and a scientific revolution is born.” But as Kuhn notes — with import to our discussion of the MSSP — prior beliefs and experiences can make accepting a new paradigm difficult for scientists.
Thomas Kuhn -- U.S. physicist, philosopher, and author of the "Structure of Scientific Revolutions," in which he introduced the idea of "paradigm shifts" that occur in science.
Kuhn’s theory of the evolution of science helps to explain health reform, or the lack thereof. Our health care paradigm — the spending of significant resources on health care per capita — has accrued significant anomalies, most notably outcomes that do not match up with our spending. We have tried HMOs, PPOs, and every many other types of arrangements, but to no avail. We are in a “crisis moment.” And we have a new paradigm: health care decision making that utilizes EBM at the point of care.
And that, my friends, is where the savings will ultimately be found.
A 2004 study demonstrated that following evidence-based guidelines for the treatment of hypertension in the elderly would save $1.2 billion annually.
There is no shortage of similar studies showing billions of dollars, and better health outcomes, waiting to be unlocked. So why isn’t it occurring?
A new review by Stanford University’s Adam Elshaug, M.P.H., Ph.D., and Alan Garber, M.D., Ph.D. demonstrates that recent studies on complex vertebral spinal procedures point have “cast doubt on the magnitude of any benefits from these procedures and at worst established their ineffectiveness.” The studies have caused payers like Blue Cross to limit or withdraw coverage of the procedure. After analyzing the data, the authors found that a conservative estimate of the savings of scaling down the costly and ineffective procedure would yield between $450 million and $725 million depending on the continued use of the procedures.
But the authors make a crucial point at the end of their piece:
Of course, savings will be derived from [comparative effectiveness research] CER only if practice changes. In the United States, it’s unclear whether these studies are powerful enough to overturn coverage decisions or cut utilization of established procedures. . . ACA features such as bundled payments, shared savings programs, and outcomes-based payments offer mechanisms for stimulating the adoption of practices that are supported by CER and the abandonment of practices that CER calls into question.
I interpret this as an acknowledgment that we have enough data to start saving money and increasing care, but that we are stuck in a rut where the practice of medicine itself is having troubling embracing science, and we are relying on the payers to pick up the slack.
This is not to say that medicine can ever — or should ever — become entirely science-based. There are embedded values in the process of health care decision making that science cannot determine, such as a patient’s desire for aggressive treatment and the risks or costs they are willing to incur. Regardless, there is a baseline degree of science-based medicine that will improve quality, afford greater patient (and physician) autonomy, and decrease cost. Moreover, studies have shown that better informed patients make more cost-effective choices.
The problem is our inability and/or our unwillingness to embrace the inevitable paradigm shift to a greater science-based medicine even during a crisis moment. That is where the MSSP double-envelopment strategy comes in.
CMS’s Double-Envelopment Strategy: Attract with the Savings, Surround with EBM and HIT
The MSSP allows an ACO, each year, to recoup some of the savings that they have realized in reference to a benchmark cost. There is a fairly complicated procedure for determining the actual savings that the ACO can collect, but the idea is simple: incentivize the health care providers to reduce the cost of care. Health care organizations are racing to form ACOs, but while doing so they are being surrounded by EBM and HIT requirements that will drive a shift in health care delivery.
With respect to EBM, the proposed rule requires ACOs to implement evidence-based medicine or clinical practice guidelines and processes in an effort to improve individual care, improve the health of the population, and lower the growth of health care expenditures. The guidelines and processes must cover diagnoses with “significant potential” for the ACO to achieve quality and cost improvements, taking into account the circumstances of individual beneficiaries. All ACO participants and suppliers/providers must agree to abide by these guidelines and processes, and must be evaluated for their compliance. The rule also states that remedial actions must be a possibility for non-compliance, and ACOs must have policies and procedures for ACO expulsion of participants and/or providers/suppliers.
On the HIT side, ACOs are required to have an infrastructure, such as information technology (which may include EHR technology that is certified for CMS’s incentive-based meaningful use program). This infrastructure must enable the ACO to collect and evaluate data and provide feedback to ACO participants and ACO providers/suppliers across the entire ACO, including providing information to influence decision making at the point of care. Moreover, fifty percent of the primary care providers of an ACO must be “meaningful users” as defined by the HITECH Act by the second year of their ACO contract. As others have noted, the meaningful use requirement is extremely aggressive when considering that the proposed rule allows ACOs to come online as soon as Jan 1st, 2012. Industry has seen the writing on the wall, and has responded with nothing short of an ACO arms race.
The ACO-driven Paradigm Shift
Thus, the proposed rule requires ACOs to leverage HIT to evaluate data and provide feedback to others in the ACO, and do it in such a way that the feedback influences decision making at the point of care. In other words, it is setting the stage for informed decision making for both physician and patient alike. This is the holy grail of health care reform: that is, an HIT network with users that are reporting data that can be leveraged to enable providers to suggest treatments that are proven to have better outcomes for their specific patient, and to do so at the point of care.
This is in contrast to the current paradigm of managing costs by relying primarily on ex post decision making at the payer level. Often, however, the consumer who has their desired procedure or drug denied (for reasons often opaque to either the physician, insurer, or patient) will decide to pay out of pocket, and can go bankrupt in the process. In this case, no costs have been reduced, rather, they have been shifted to the consumer. While some insurers create and use HIT and EBM, their behind-the-scenes decision making has not been embraced by physicians or patients. That’s because patients trust their physicians, not their insurers. The locus of reform must be on the decision making at the physician-patient level, and that is precisely where the proposed rule places it.
The proposed rule also clearly addresses the fact that you can’t get new practices adopted if physicians have to, for example, minimize their EHR application, fire up their web browser, and start searching the Cochrane Collaboration or some other site for possibly relevant data. They are going to have to do it from within the HIT system.
There is an added benefit politically to this paradigm shift: if the focus is on data-driven doctor-patient decision making, we bypass the political push and pull often associated with determining what treatment is “medically necessary.” This would satisfy the progressive ideal of providing high quality care without overbearing cost-control, while also satisfying the conservative refrain that the doctor-patient relationship remains independent. If the process of creating EBM decision making is HIT-focused, it also encourages the antithesis of cookbook medicine by tailoring the process to the individual patient.
The Long View
Too much focus has been placed on the short term issue of how much money the ACOs can recoup. This is a valid worry for the industry, particularly the smaller practices that can’t afford setting up an ACO. The federal government must do whatever it can to allay these worries so that industry further strives to create the HIT-EBM framework that the shared savings program envisions. If it means increasing the percentage of savings that the ACOs can receive, then so be it. Or perhaps ACOs should come online a year later after the meaningful use stage of EHRs has progressed.
Regardless of how the final rule mitigates industry difficulties, the ACO model is our best chance at creating a true paradigm shift that will better provide the medically necessary and efficient delivery of health care resources. It may take 5, 10, or 20 years to robustly develop the systems and the data, but nobody said a medical revolution would be easy.
Linnaean Regulation in Health Insurance and Information Technology, Part II
Filed under: Electronic Medical Records, EMR, Private Insurance
[Ed. note: This is the second part (perhaps evident from the title) of a two part post. Though each could well stand on its own, the first part can be found here.]
Insurance Reporting and Classification
Reporting requirements may not seem like a notable accomplishment. Nevertheless, the trend toward monitoring the products and services offered by insurance companies is an important step toward accountability. HHS needs to impose some order, some translatable logic, on fields that have threatened to become enormously parasitic and unproductive by or masking the true nature of their commitments.
Consider the practical illegibility of the average insurance plan. A vanishingly small number of subscribers actually read such plans. A plan may have complex cost-sharing requirements that vary among in-network and out-of-network primary care doctors, specialists, surgeons, hospitals, and procedures. While a “great risk shift” makes consumers all the more responsible for their choices in health care, it’s hard to imagine anyone accurately mapping the true fiscal consequences of given disease episodes in an aggressively complex plan.
By setting “a minimum level of health benefits, called the essential health benefits, that must be offered by certain health plans.” As Jessica Mantel explains, the term “‘essential health benefits package’ means coverage that not only provides for the essential health benefits defined by the secretary, but also limits cost-sharing for coverage of the essential health benefits in accordance with the parameters specified in the statute.” The Cancer Action Network has applauded the ACA for promoting “more standardization in the scope and value of private health insurance coverage available.”
Similarly, setting a “medical loss ratio” involves a careful delineation of insurer payments and functions that actually contribute to care. As Tim Jost explained in Health Affairs:
Medical loss ratios have long been of interest primarily to investors. An insurer that could achieve a low MLR by holding down expenditures on health care for its enrollees was a good investment. . . . On November 22, 2010, the Department of Health and Human Services released its interim final rule implementing the requirements of the new section 2718 of the Public Health Services Act (added by section 10101 of the Affordable Care Act), entitled, “Bringing Down the Cost of Health Care Coverage.” This provision is usually referred to as the “medical loss ratio” (or MLR) requirement . . .
Section 2718 requires health insurers (including grandfathered but not self-insured plans) to report to HHS each year, the percentage of their premium revenue that the insurer spends on 1) clinical services for enrollees, 2) “activities that improve health care quality,” and 3) all other non-claims costs, excluding federal and state taxes and licensing or regulatory fees. . . .
Jost describes in details how the classification works, and how it is designed to encourage more responsible insurer behavior.
Setting a Standard for Electronic Medical Records
Electronic health records systems will also need to develop shared data management standards. EMR vendors long argued that they needed flexibility to innovate in order to best reflect doctors’ practices and improve the capture of medical information. However, there is a tension between untrammeled innovation by vendors at any given time and later, predictable needs of patients, doctors, insurers, and hospitals to compare their records and to transport information from one filing system to another.
One system may be able to understand “C,” “cgh,” or “koff” as “cough,” and may well code it in any way it chooses. But to integrate and to port data, all systems need to be able to translate a symptom into a commonly recognized code. Health care providers can only avoid getting “locked into” a system if they can transport their records from one vendor to another. Patients want their providers to seamlessly integrate records.
HHS rulemaking has lain a groundwork for this type of common language of medical recordkeeping. As Sharona Hoffman and Andy Podgurski explain,
To address this problem, it is necessary for all vendors to support what we will call a “common exchange representation” (“CER”) for EHRs. A CER is an artificial language for representing the information in EHRs, which has well defined syntax and semantics and is capable of unambiguously representing the information in any EHR from a typical EHR system. EHRs using the CER should be readily transmittable between EHR systems of different vendors. The CER should make it easy for vendors of EHR systems to implement a mechanism for translating accurately and efficiently between the CER and the system’s internal EHR format.
There are also important opportunities for standardization in the security field:
As is true for a common exchange format, standardized security policies and mechanisms are unlikely to be adopted by vendors and providers without a regulatory mandate. In order to facilitate compliance and provide vendors with clear guidance, the regulatory mandate might incorporate, by explicit reference, some established and emerging security standards, such as the Internet Engineering Task Force’s Transport Layer Security (“TLS”) standard or its Public-Key Infrastructure (X.509) standard.
The discussion can quickly become technical, and it is difficult to explore all the ins and outs of the process. But the underlying purpose is clear: to develop some standard forms of interacting in a realm where “spontaneous order” is unlikely to arise and “network power” could lead to lock-in.
Of course, there are important differences between the EHR and health insurance landscapes. Symptoms refer to conditions that are, by and large, objective. (One can even imagine ubiquitous video cameras and sensors creating something like a complete patient record (or medical life log) for patients who consent to that type of monitoring.) Insurance contracts, by contrast, do not have the same “ontological firmness.” They must contemplate vague and open-ended spells of illness.
Nevertheless, a process similar to common exchange representation is now going on in the consumer affairs office of HHS. As the Office of Consumer Information and Insurance Oversight lays ground rules for ACA implementation, it must decide on some basic questions: what counts as insurance? What is a deductible? The ultimate goal is to require insurers to convey with far more precision what services they truly cover. The health insurance and health IT landscapes will only become governable when practices are nameable, classifiable, and comparable.
X-Posted: Concurring Opinions.
Linnaean Regulation in Health Insurance and Information Technology, Part I
Filed under: Electronic Medical Records, EMR, Private Insurance
I was recently listening to Health Affairs’s “Newsmaker Breakfast with Karen Pollitz.” She gave a fascinating presentation on the challenges she faces as she develops HealthCare.Gov as a portal for information about health insurance. As I noted a few years ago, health insurers can easily mislead consumers about the nature of their coverage, and disclosure charts can be very helpful.
But even disclosure charts run up against the slipperiness of language. Pollitz noted that for some plans, a “deductible” was not really a deductible; you could easily spend much more out-of-pocket on health care than the stated “deductible level” before coverage kicked in.
How can an individual make an informed choice when words lose their meaning in a tangle of qualifications and conditions? At what point does a deductible cease being a deductible? While this might seem like a relatively technical question of insurance regulation, it is reflects a more general information-gathering problem that will confront regulators in coming years. Scientists could only predict and control aspects of the natural world when they could be named and classified. Any successful regime of healthcare reform will depend, at a bare minimum, on a flexible yet standardized classification system that can map what health insurers are doing. Like Linnaeus patiently organizing a welter of living forms, regulators will need to taxonomize pullulating permutations of insurer practices.
The Rise of Health Care’s Middlemen
The United States leads the world in payments to private insurance providers. The industry has extraordinary power over access to health care. In 2010, long-standing dissatisfaction with the sector culminated in the Patient Protection and Affordable Care Act (ACA). Congress rejected changes like a public option in healthcare, in favor of a complex and reticulated statutory scheme to better regulate insurers. There have not been dramatic changes in the way that health insurance companies are run, and their stock prices tended to rise as reform became more certain.
The ACA has set in motion dozens of regulatory proceedings. The government also allocated $20 billion toward equipping all medical offices with electronic health records in the 2009 stimulus bill, the American Reinvestment and Recovery Act. Health regulators must now try to catch up with technologically advanced intermediaries in insurance and IT fields.
Immediately after the ACA passed, naysayers on both left and right complained that divisions like OCCIO were unprepared for their new regulatory roles. Perhaps the most compelling case for repealing the ACA is a belief that regulatory agencies will inevitably be captured, or overwhelmed with information from far far better funded attorneys and lobbyists representing insurance and IT firms.*
Nevertheless, the ACA has catalyzed one very important process: the development of an infrastructure of monitoring and reporting that will be necessary for any future informed regulation. It’s shocking to consider how inadequate past reviews were here. As of 1997, the “US Department of Labor had resources to review each employer-sponsored group health plan under its jurisdiction once every 300 years.” The Bush years did not significantly address that shortage. Moreover, “state insurance department staff levels declined 11% in 2007 while premium volume increased 12%.” The personnel simply haven’t been around.
Starting essentially from scratch, Pollitz and her fellow regulators are engaging in a painstaking rebuilding of the foundations necessary for substantial regulation. Having long neglected even to closely monitor the sharp practices of health insurers, federal regulators are now beginning new programs of surveillance.**
*The latter point does appear to be valid with respect to the public record now being compiled in dozens of rulemaking processes. In rule after rule, industry comments overwhelmingly dominate public interest or academic contributions. It’s sad to think that groups like Campaign for America’s Future, or labor unions, having spent so much time getting the ACA passed, are now ceding much of the regulatory field to insurers. On the other hand, given the Administration’s recent appointments, and recent McSurance waivers, who knows whether good comments would have an impact.
**For more on the importance of ongoing surveillance in complex business environments, see Larry Cata Backer on SarBox, and the last part of my earlier post on high finance.
X-Posted: Concurring Opinions.
Reform Rodeo
1. Maggie Mahar at Health Beat discusses a new report published in the NEJM that supports the importance of the individual mandate in combating adverse selection.
2. At the Health Care Blog, Paul Levy writes sardonically about the accountability of accountable care organizations.
2a. On a less sardonic note, Chris Fleming gives an overview of Health Affairs’ special issue covering ACOs.
2b. Thomas Greaney writes in the NEJM about how the federal government’s can help ACOs navigate an already concentrated health care landscape.
3. The Hill reports on the essential items and services that health insurers will have to provide when offering their products in the new exchanges.
4. David Kibbe and Brian Klepper document the federal government’s initiatives in giving the HIT market a much needed shot-in-the-arm.
5. The Commonwealth Fund’s Melinda Abram’s discusses one of the most important facets of health care reform: how the ACA will bolster primary care.
Reform Rodeo
1. ProPublica details the incessant problem that medical schools face in preventing their faculty from accepting money in exchange for speaking on behalf of pharmaceutical companies. As previously noted on this blog, these conflicts of interests are in addition to those conflicts found in spinal surgery and cardiac stenting.
2. For the New England Journal of Medicine, Michael E. Porter introduces two recently published papers that explore the concept of value in health care.
3. The Commonwealth Fund provides a summary of a briefing on the ACA’s initiatives to reform primary care. A full video of the briefing (which was co-hosted with the Alliance for Health Reform), as well as a podcast of the audio, can be found here.
4. The Health Care Blog has a nice bulleted Year in Review for Health Information Technology (HIT), including topics such as the HITECH Act, E-prescribing, EHRs, and Health Information Exchanges.
5. The New York Times discusses a new Medicare rule that will cover the costs of voluntary end-of-life treatment planning.
Posts from Health Reform Watch have been cited by media sources throughout the country, including The New York Times, Washington Post, L.A. Times, Kaiser Health News, The Health Care Blog, NPR's Planet Money Blog, Duke Univ. Med. Center News, American Health Line Alerts, BusinessWeek.com, Concurring Opinions, Balkinization, The New England Journal of Medicine, Harvard's Nieman Foundation for Journalism, Las Vegas Sun, Maggie Mahar, Ezra Klein, Tom Geoghegan, and the official homepage of the Office of the Democratic Majority Leader of the House of Representatives, Steny Hoyer.
