By Shirie Leng, MD

I am affiliated with the institution where Dzhokhar Tsarnaev is currently hospitalized.  I am friends with people who have treated him.  I’m trying to stay away from those people; I would be unable to help asking them about him.  They might be unable to help talking about him.    There has been a flurry of emails and red-letter warnings cautioning people here not to talk about Mr. Tsarnaev or look him up on the EMR (Electronic Medical Record) system.  Despite this there have been leaks of information and photos from various sources.  It is virtually impossible to keep people from asking about him and talking about him.  Curiosity is human nature.  When human nature comes up against morals and laws, human nature will win a good percentage of the time.  The question is:  given what he has done, does this 19-year-old still have his right to privacy?

The answer, of course, is yes.  The American Medical Association includes patient confidentiality in it’s ethical guidelines:

“…the purpose of a physicians ethical duty to maintain patient confidentiality is to allow the patient to feel free to make a full and frank disclosure of information…with the knowledge that the physician will protect the confidential nature of the information disclosed.”

Threre are legal guidelines as well, most notably with the Health Insurance Portability and Accountability Act, or HIPAA.  This law was originally passed in 1996 to improve the efficiency and effectiveness of the health care system, allow people to switch jobs without losing their health insurance, and impose some rules on electronic medical information. Congress incorporated into HIPAA provisions that mandate the adoption of  the Federal privacy protections for health information.  The “simplified” administrative document for the privacy and security portions of HIPAA is 80 pages long.  Basically your health information cannot be shared with ANYONE. Of course, there are exceptions to HIPAA. Continue reading ““Did You Take Care of Tsarnaev?””

By John Halamka, MD

Over the next few months, the majority of my time will be spent discussing topics such as care coordination, healthcare information exchange, care management, real time analytics, and population health. At BIDMC, we’ve already achieved 100% EHR adoption and 90% Meaningful Use attestation among our clinician community. Now that the foundation is laid, I believe our next body of work is to craft the technology and workflow solutions which will be hallmarks of the “post EHR” era.

What does this mean?

I’ve written previously about BIDMC’s Accountable Care Organization strategy, which can be summed up as ACO=HIE + analytics.

In a “post EHR” era we need to go beyond simple data capture and reporting, we need care management that ensures patients with specific diseases follow standardized guidelines and protocols, escalating deviations to the care team. That team will include PCPs, specialists, home care, long term care, and family members. The goal of a Care Management Medical Record (CMMR) will be to provide a dashboard that overlays hospital and professional data with a higher level of management.

How could this work?

Imagine that we define each patient’s healthcare status in terms of “properties”. Data elements might include activities of daily living, functional status, current care plans, care preferences, diagnostic test results, and therapies, populated from many sources of data including every EHR containing patient data, hospital discharge data, and consumer generated data from PHRs/home health devices.

That data will be used in conjunction with rules that generate alerts and reminders to care managers and other members of the care team (plus the patient). The result is a Care Management Medical Record system based on a foundation of EHRs that provides much more than any one EHR.

My challenge in 2013-2014 will be to build and buy components that turn multiple EHRs into a CMMR at the community level.

Continue reading “The “Post EHR” Era”

By John Halamka, MD

2012 has been a challenging year for me.

On the personal side, my wife had cancer. Together we moved two households, relocated her studio, and closed her gallery. This week my mother broke her hip in Los Angeles and I’m writing from her hospital room as we finalize her discharge and home care plan before I fly back to Boston.

On the business side, the IT community around me has worked hard on Meaningful Use Stage 2, the Massachusetts State Health Information Exchange, improvements in data security, groundbreaking new applications, and complex projects like ICD10 with enormous scope.

We did all this with boundless energy and optimism, knowing that every day we’re creating a foundation that will improve the future for our country, communities, and families.

My personal life has never been better – Kathy’s cancer is in remission, our farm is thriving, and our daughter is maturing into a fine young woman at Tufts University.

My business life has never been better – Meaningful Use Stage 2 provides new rigorous standards for content/vocabulary/transport at a time when EHR use has doubled since 2008, the State HIE goes live in one week, and BIDMC was voted the number #1 IT organization the country.

It’s clear that many have discounted the amazing accomplishments that we’ve all made, overcoming technology and political barriers with questions such as “how can we?” and “why not?” rather than “why is it taking so long?” They would rather pursue their own goals – be they election year politics, academic recognition, or readership traffic on a website.

As many have seen, this letter from the Ways and Means Committee makes comments about standards that clearly have no other purpose than election year politics. These House members are very smart people and I have great respect for their staff. I’m happy to walk them through the Standards and Certification Regulations (MU stage 1 and stage 2) so they understand that the majority of their letter is simply not true – it ignores the work of hundreds of people over thousands of hours to close the standards gaps via open, transparent, and bipartisan harmonization in both the Bush and Obama administrations.

Continue reading “A Time for Boundless Energy and Optimism”

By John Halamka, MD

One major issue facing private and public Health Information Exchanges (HIE) is how to ensure patients privacy preferences are respected by obtaining their consent before data is shared.

Today I met with a multi-disciplinary team of attorneys, vendor experts, and IT leaders to discuss BIDMC’s approach to private HIE consent.

After two hours of discussion, here’s what we agreed upon:

Patients and families should be able to control the flow of their data among institutions.  The ability for the patient to chose what flows where for what purpose is “meaningful consent.”

To achieve “meaningful consent” we will ask all the patients of our 1800 BIDMC associated ambulatory clinicians to opt in for data sharing among the clinicians coordinating their care.

Patients may revoke this consent at any time.

Consent for patients under 18 years old and not emancipated will be sought from their parents.   Upon turning 18, the patients themselves will select their consent preferences.

Continue reading “Meaningful Consent”

By John Halamka, MD

Today’s Computerworld has a great article about the issues of mixing social media and healthcare.

As hospitals and clinics formulate social networking policies, there are three broad considerations.

1.  Given HIPAA and HITECH privacy and breach rules, how can you best prevent the disclosure of protected healthcare information on insecure social media sites?

2.  Given the distraction factor and productivity loss that can occur with social media, how can you best align the benefits of groupware communication while minimizing the negatives?

3.  How can you reduce the security risks of malware embedded in games and other applications that are downloaded from social networking sites?

To date, Beth Israel Deaconess has focused on #1, ensuring that our employees do not post data to social networking sites in violation of state and federal laws.

We’ve not yet completed a  policy covering #2, although several hospital sites and departments are discussing the issue.

We’re developing a pilot for #3, including blocks on selected websites, Facebook add-on applications, and personal email.

Continue reading “Crafting a Social Media Policy”

By John Halamka, MD

I’ve written several posts about the issues that keep me up at night.  Here’s what I wrote in 2011.

Today, my team presented a list of risks to the Compliance, Audit and Risk Committee at BIDMC.   Here’s my list of top risks for 2012:

1.  Old Internet browsers – many vended clinical applications require specific versions of older browsers such as Internet Explorer 6, which are known to have security flaws.  We’ve worked diligently to eliminate, upgrade or replace applications with browser specificity.   At this point we are 96% Internet Explorer 8/Firefox 7/Safari 5 minimizing our risks to the extent possible.

2.  Local Administrative rights – Of our 18,000 devices on the network, a few thousand are devices that require the user to have local administrative rights to run their niche applications (often the research community doing cutting edge research with open source or self developed software).   We have done everything possible to eliminate Local Administrative rights on our managed devices.

3.  Outbound transmissions – Security has historically focused on blocking evil actors from the internet.   Given the current challenges of malware and infections brought in from the outside, it’s equally critical to block unexpected outbound activity.

4.  Public facing websites –  any machine that touches the internet has the potential to be targeted for attack.  We’ve implemented proxy servers/web application firewalls on most public websites.

5.  Identity and Access management – Managing the ever changing roles and rights of individuals in a large complex organization with many partners/affiliates is challenging.  If an affiliate asks for access to an application, how do you automatically deactivate accounts when users leave an affiliate, given the lack of direct employment relationships?

Continue reading “What Keeps Me Up at Night 2012″

By John Halamka, MD

I support over 3000 clinicians in heterogeneous sites of care – solo practitioners, small offices, multi-specialty facilities, community hospitals, academic medical centers, and large group practices.

In every location there is some level of dissatisfaction with their EHR.   Complaints about usability, speed of documentation, training, performance, and personalization limitations are typical.   Most interesting is that users believe the grass will be greener by selecting another EHR.

I’ve heard from GE users who want Allscripts, eClinicalworks users who want Epic, Allscripts users who want AthenaHealth, and NextGen users who want eClinicalWorks.

The bottom line from every product I’ve used and everyone I’ve spoken with is that there is no current “perfect” EHR.   We’re still very early in the EHR maturity lifecycle.

What is the perfect EHR?   I’ve written about my best thinking, which has been incorporated into the BIDMC home built record, webOMR.   (and has dissatisfied users too)

However, after listening to many “grass is greener” stories, I believe that what a provider perceives as a better EHR often represents trade offs in functionality.  One EHR may have better prescribing functionality while another has better letters, another is more integrated and another has better support.  The “best” EHRs, according to providers, varies by what is most important to that individual provider/practice, which may not be consistent with enterprise goals or the needs of an Accountable Care Organization.

Continue reading “The Perfect EHR”

By JOHN HALAMKA

In my career, there have been a few perfect storms, defined as “a confluence, resulting in an event of unusual magnitude”.

When I was an undergraduate at Stanford University in 1980, two geeky guys named Jobs and Wozniak dropped by the Homebrew Computer Club to demonstrate a kit designed in their garage.   IBM introduced the Personal Computer and MSDOS 1.0.   I purchased an early copy of Microsoft Basic and began creating software in my dorm room including early versions of tax calculation software, an econometric modeling language, and electronic data interchange tools.   Every day brought a new opportunity. The energies of hundreds of entrepreneurs created an industry in a few intensely creative months that laid the foundation for the architecture and tools still in use today.   A guy named Gates offered me a job and I decided to stay in school instead.

In 2001 when I was first hired at Harvard, a visionary Dean for Medical Education, a supportive Dean of the Medical School,  talented new development staff, and a sleepless MD/Phd student came together to create one of the first Learning Management Systems in the country, Mycourses.   Robust web technologies, voice recognition, search engines, early mobile devices, and new multi-media streaming standards coincided with resources, strong governance, and a sense of urgency.  Magic happened and in a matter of months, an entire platform was created that is still powering the medical school today.

Continue reading “The Perfect Storm For Innovation”

By John Halamka, MD

2011 was a year of change and tumult. For a day by day look at the top stories of 2011, check out this impressive chart from the UK Guardian.

It was a year in which the economy sputtered worldwide, the Arab Spring toppled several regimes, and unprecedented acts of nature (severe weather, earthquakes) caused billions in worldwide damage.

What about the world of healthcare IT?

Federal

In 2011, Meaningful Use and Certification accelerated healthcare IT adoption and doubled implementation of EHRs throughout the country. Every aspect of the industry was stressed along the way

• Vendors were challenged to add the features necessary for certification resulting in some “haste makes waste” lack of usability and workflow integration. GE admitted its faults and should be congratulated for its honesty, since many other vendors had the same problems but did not communicate them.
• IT organizations created productivity miracles to meet meaningful use timeframes with limited staff and limited budgets. Many organizations will apply their meaningful use payments to general operations and not IT department budget increases, so the sacrifice of IT staff may remain unrecognized.
• Providers had to radically change workflows to accommodate new business processes, resulting in staff turnover and short term frustration.

Continue reading “A Look Back at 2011″

By JOHN HALAMKA

We’re all suffering from information overload.  More projects with fewer staff on shorter timeframes mean more email, texts, blogs, online meetings, and phone calls.

We make more decisions and have more accountability than ever before.  Regulatory complexity and the need for risk management has increased.  We’re pressured to make decisions faster and there is less tolerance for mistakes.   Making all those decisions in a high stakes environment like healthcare leads to decision fatigue,  that numbness you feel at the end of an overloaded day when you decided what to spend, who to hire, and what to do, hundreds of times.

I believe decision fatigue is an escalating threat to our ability to manage the events of each day and keep balance in our lives.

When I think back on my early career as a leader, in the 1980′s, there was no email, no overnight shipping, and limited numbers of fax machines.

Issues were escalated by writing and mailing a letter.    The time it took to compose, type, mail, and deliver a letter meant that many problems solved themselves.  Since the effort to escalate was significant, many problems were never escalated. Continue reading “Decision Fatigue”