While there has been much focus lately on the ways in which ObamaCare is chilling the growth of private business, we should not overlook the continuing deleterious effects of the one surviving relic of HillaryCare, the Health Insurance Portability and Accountability Act (HIPAA). Quietly, September 23 came and went as the compliance effective date for a new rule, expanding the reach of HIPAA, and likely driving many smaller players out of the health care industry.
Spearheaded by then First Lady Clinton, HIPAA was established in 1996 to improve privacy of personal health information, referred to as protected health information, or PHI. It requires health care providers, known as “covered entities,” and their vendors, contractors, and agents with access to PHI, known as “business associates,” to comply with certain privacy standards under its “Privacy Rule,” and with certain security standards under its “Security Rule,” in order to protect sensitive health information that is held or transferred in electronic form.
Over the past decade, equipped with the noble aim of protecting our privacy, HIPAA has successfully demonstrated the power of the law of unintended consequences. Improved protection of PHI has been marginal. However, HIPAA has impeded communication among physicians, reduced physician time devoted to patient care, and deterred medical research. And all at an enormous cost of compliance. While estimates vary widely, the cost of compliance for many providers has been in the millions.
Now, rather than take heed, the government has decided to double down through expansion. Under the Health Information and Technology for Economic and Clinical Health Act (HITECH), a corollary of HIPAA, promulgated to create incentives to facilitate the development of healthcare information technology, the government has sought to update the requirements of HIPAA in light of the changing dynamics of technology and health practices, increasing the safeguards and obligations of health care providers and their business associates.
Continue reading “Another Law Raising the Cost of Health Care”
Filed Under: OP-ED, THCB
Tagged: HHS, HIPAA, HIPAA Omnibus Rule, HIT, HITECH Act, Josh Tenzer, Patient privacy
Nov 21, 2013
Health IT Week demonstrated a double barrel strategy to segregate patient information from provider information. Providers already have the power to set prices and health IT plays the central role.
By rebranding HIPAA as “Meaningful Consent” and making patients second-class citizens in Meaningful Use Stage 2 interoperability, providers and regulators are working together to keep it that way.
Essential consumer protections such as price transparency or independent decision support are scarce in the US healthcare system. The journalists are shouting from the rooftops.
There’s $1 Trillion (yes, $3,000 per person per year) of unwarranted and overpriced health services steering the Federal health IT bus with an information asymmetry strategy. Those of us that want to see universal coverage succeed need the information transparency tools to drive for changes.
Here’s how it works: The department of Health and Human Services (HHS) controls the health IT incentives and regulations. HIPAA applies to most licensed health services providers. Laboratories and devices are regulated by Medicare and the FDA.
Unlicensed services offered directly to patients, such as personal health records, web info sites and apps are regulated by the FTC. Separate regulatory domains facilitate the segregation of information and contribute to the lack of transparency by making patient-directed services use delayed and degraded information. This keeps independent advice from FTC-regulated service providers from illuminating the specific abuses.
The segregation of patient information from “provider” information is the current federal regulatory strategy. It’s even more so in the states. By making patients into second-class citizens, the providers can avoid open scrutiny, transparent pricing, and independent decision support.
Federal regulators then create a parallel system where information is delayed, diluted, and depreciated by lack of “authenticity”. This is promoted as “patient engagement”. For regulators, it’s a win-win solution: the providers support the regulation that enables their price fixing and many patient advocates get to swoon over patient engagement efforts.
The proof of this strategy became clear on the first day of Health IT Week – the Consumer Health IT Summit.
Continue reading “A Troubling Strategy at Health IT Week”
Filed Under: Tech, THCB
Tagged: Adrian Gropper, Blue Button, HHS, HIPAA, HIT, HITECH Act, independent decision support, Meaningful Consent, Meaningful Use Stage 2, National Health IT Week
Sep 19, 2013
In the wake of the National Coordinator’s announcement that he is departing, there has been a flurry of tweets, blog posts, impromptu online polls, and conjecture about the most likely successor. To date, none of these conversations has resulted in a thoughtful assessment of the set of characteristics that would represent the ideal candidate, nor has there been any thorough review of the most likely candidates in the context of these attributes. The need for a rapid transition to a successor is well understood by all – yet there has been no indication that the Obama administration is in a hurry. Let’s hope that we can evolve them toward a greater sense of urgency. The fragility of ONC – and the importance of its health – can’t be overlooked.
Let’s consider some history:
The first two National Coordinators, David Brailer and Rob Kolodner, were appointed before ARRA. The agency was small, focused largely on certification (through CCHIT), standards (through HITSP) and policy. When ARRA arrived, David Blumenthal, a thoughtful, deliberate, policy-savvy internal medicine physician from Boston was brought in to lead the rapid expansion of health IT that was facilitated by the HITECH Act.
ONC expanded under Blumenthal from a team of ~ 30 people to a team of >100 in the two years that he was at the helm, and the agency published the 2011 certification criteria regulations, and collaborated with CMS to publish the regulations that defined stage 1 of the Meaningful Use incentive program. The policy foundation was that the three-stage program – to be implemented over six years – would evolve the nation’s care delivery system by causing adoption of EHR technology (stage 1) and then exchange of clinical information electronically (stage 2) and finally improved clinical outcomes (stage 3).
Farzad Mostashari, who joined Blumenthal as the Deputy National Coordinator early in Dr Blumenthal’s tenure, was quickly named as Blumenthal’s successor when Blumenthal announced his resignation in the Spring of 2011. Both Mostashari and Blumenthal pushed hard for Mostashari’s appointment – so that the consistency, focus and forward momentum of the organization could be maintained.
And so it was. Under ARRA, adoption of EHRs has skyrocketed. The CMS MU Stage 2 regulations and the ONC 2014 certification regulations were published, and the size of the agency has doubled to over 150 people. Recognizing the need for experienced partners to assist him in leading a larger agency – and growing national reliance on health IT and an essential component of the care delivery ecosystem – Mostashari hired David Muntz as the “Principal Deputy” (essentially the COO of the agency), Jacob Reider as Chief Medical Officer (leading a team of clinicians focused on quality and safety) and Judy Murphy as the Deputy National Coordinator for Programs and Policy (adding internal coordination support for ONC programs).
Continue reading “Replacing Farzad”
Filed Under: OP-ED, Tech, THCB
Tagged: ARRA, CMS, EHR, Farzad Mostashari, HHS, HIT, HITECH Act, Meaningful Use, ONC, Physicians, software
Aug 22, 2013
Just a little over four years ago, President Obama, in his inaugural address, challenged us as a nation to “wield technology’s wonders to raise health care’s quality and lower its costs.” This was an awe-inspiring, “we will go to the moon” moment for the healthcare delivery system. But the next thought that ran through the minds of so many of us who work on health IT issues was this: how were we going to get there?
We were essentially starting from scratch. Less than 1 in 10 hospitals had an electronic health record, and for ambulatory care physicians, the numbers weren’t much better – about 1 in 6 had an EHR. Hospitals and physicians reported an array of challenges that were holding them back. No nation our size with a healthcare system as complex as ours had even come close to universal EHR use. Yet, the President was calling for this by just 2014.
And it was clear why. The promise of EHRs was enormous and we knew that paper-based records were a disaster. They lead to lots of errors and a lot of waste. I have cared for patients using paper-based records and using electronic records – and I’m a much better clinician when I’m using an EHR. In the weeks that followed Obama’s inaugural address, the U.S. Congress passed, and the President signed the Health Information Technology for Economic and Clinical Health Act, which contained a series of incentives and tools to drive adoption and “meaningful use” of EHRs. None of us knew whether the policy tools just handed to the Obama administration were going to be enough to climb the mountain to universal EHR use. We were starting at sea level and had a long climb ahead.
Continue reading “As the Debate Over Obamacare Implementation Rages, a Success on the IT Front”
Filed Under: Tech, THCB
Tagged: Ashish Jha, EHR, HIT, HITECH Act, Hospitals, Michael Painter, Obamacare, RWJF, The Affordable Care Act
Jul 12, 2013
Join me in attacking an endemic problem in health care today by Hacking HIPAA. I am crowdfunding the development of a new legal form to be used on and after September 23, 2013 to allow patients to opt-in to easier health care communications – a Common Notice of Privacy Practices that is patient-focused. (Text me, please! Email me, please! etc.)
Depending on how much support this project garners, we can attack some related problems as well. Contributions at any level are welcome; contributions at the levels designated on the Hacking HIPAA Medstartr page get you a seat at the virtual table, voicing your concerns that need to be met in the CNPP and in follow-on projects.
I’m working on this project with two leading health care open source software developers, Ian Eslick and Fred Trotter. Check out Fred’s video intro to the project on the Medstartr page – you can find Ian and Fred online via the links on the project page, too.
Here’s an excerpt from the crowdfunding project page:
Right now we have the worst of all worlds with regards to patient privacy in healthcare. Patients are frequently subject to sub-standard security and privacy practices AND healthcare innovators are unable to deliver solutions that would be useful to patients because their technical approaches are uncomfortably novel for health care bureaucrats. Patients end up getting poor security and no innovation, the worst of all options. This problem is going to get worse before it gets better, since the new Omnibus HIPAA Rule will make cloud hosting of health care projects untenable very soon.
Continue reading “Hacking HIPAA”
Filed Under: Tech
Tagged: data sharing, David Harlow, Hacking HIPAA, HIPAA Omnibus Rule, HITECH Act, MedStartr, patient data, Patients, Physicians
Jun 26, 2013
You probably saw some of the headlines last week where Box announced that is supporting HIPAA and HITECH compliance, signing Business Associate Agreements, (BAAs) and integrating with several platform app partners such as Doximity, drchrono, TigerText, and Medigram to help seed its new healthcare ecosystem. I also announced that I was formally advising Box on their healthcare strategy.
I was drawn to Box because of all the lessons I learned at Google building a consumer-directed, personal health record (PHR), Google Health. Google Health allowed you to securely store, organize and share all of your medical records online and control where your data went and how it was managed. It was unlike the other PHRs in the industry that were tethered to the provider or payor or part of an Electronic Health Record (EHR) system.
Sound good? Well, it was in theory. The big issue with Google Health was aggregating your data from the disparate sources that stored data on you. We had to create a ton of point-to-point integrations with large health insurance companies, academic medical centers, hospitals, medical practices and retail pharmacy chains. All of these providers and payors were covered entities in the world of HIPAA and were required to verify a patient’s identity before releasing any data to them electronically. It was a very bumpy user experience for even the most super-charged, IT savvy consumer.
Continue reading “Box Picking Up Where Google Health Left Off”
Filed Under: Health 2.0, THCB
Tagged: Box, CCD, EHR, HIPAA, HIT, HITECH Act, medical record aggregation, Missy Krasner, patient data, personal health records
May 3, 2013
I’m well aware that a good fraction of the people in this country – let’s call them Rush fans – spend their lives furious at the New York Times. I am not one of them. I love the Grey Lady; it would be high on my list of things to bring to a desert island. But every now and then, the paper screws up, and it did so in a big way in its recent piece on the federal program to promote healthcare information technology (HIT).
Let’s stipulate that the Federal government’s $20 billion incentive program (called “HITECH”), designed to drive the adoption of electronic health records, is not perfect. Medicare’s “Meaningful Use” rules – the standards that hospitals’ and clinics’ EHRs must meet to qualify for bonus payments – have been criticized as both too soft and too restrictive. (You know the rules are probably about right when the critiques come from both directions.) Interoperability remains a Holy Grail. And everybody appreciates that today’s healthcare information technology (HIT) systems remain clunky and relatively user-unfriendly. Even Epic, the Golden Child among electronic medical record systems, has been characterized as the “Cream of the Crap.”
Continue reading “The HIT Job”
Filed Under: Tech, THCB
Tagged: Allscripts, Bob Wachter, Cerner, EHR, Epic, HIT, HIT adoption curve, HITECH Act, Julie Creswell, New York Times
Feb 26, 2013
Since January, the Centers for Medicare and Medicaid Services (CMS) have implemented incentive programs to drive meaningful use of Electronic Medical Records (EMR) technology – software and support tools that represent a roughly a $40B marketplace.
In August, CMS reported that $6.9B in total EMR incentives were paid to 143,800 physicians and hospitals – a number that will likely increase markedly in the coming quarters. This is because hospitals and eligible professionals know that to receive the highest possible financial incentive they must deploy and demonstrate meaningful use of an EMR before 2014.
Curiously, these incentives don’t seem to be enticing as only 20% of Medicare and Medicaid eligible providers are taking strides toward EMR implementation and only 55% of eligible hospitals have received an EMR incentive payment. We think they’re delaying investments for a few reasons.
· Implementation costs are high, and the financial return of EMR systems isn’t fully proven
· Poorly preforming EMR vendors are causing senior hospital executives to consider their options
· Clinical leadership unwilling to change the clinical processes required to derive value from an EMR system
· Creating and maintaining clinical content for a successful EMR system is very complex
Continue reading “Linking Meaningful Use and HIT Sector Consolidation”
Filed Under: Uncategorized
Tagged: Barrett Lynner, EHR, HIT Consolidation, HITECH Act, Meaningful Use, TripleTree
Oct 16, 2012
Six months to the day after the Centers for Medicare and Medicaid Services (CMS) released the “preliminary rules” for Meaningful Use, the final rules are in. For clinicians and policymakers who want to see Electronic Health Records (EHRs) play a key role in driving improvements in the healthcare system, there’s a lot to like here.
For the Office of the National Coordinator (ONC), the agency that oversees the federal health information technology incentive program, the Meaningful Use rules are a balancing act. On one hand, ONC wants to get as many clinicians and hospitals on board with simply adopting EHRs (and thus, the need to set a low bar). On the other hand, they want to ensure that once people start using EHRs, they are using them in a “meaningful” way to drive improvements in care (and thus, the need to set a high bar). I think ONC got that balance just about right.
Let me begin with a little background. In 2009, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act, setting aside about $30 billion for incentives for ambulatory care providers and acute-care hospitals to adopt and “meaningfully use” EHRs. Congress specified that the executive branch would define Meaningful Use (MU) and would do so in three stages. The first stage was finalized in 2010 and its goals were simple – start getting doctors and hospitals on board with the use of EHRs. By most metrics, stage 1 was quite successful. The proportion of doctors and hospitals using EHRs jumped in 2011, and all signs suggested continued progress in 2012. Through July 2012, approximately 117,000 eligible professionals and 3,600 hospitals have received some sort of incentive payment.
Continue reading “The EHR “Final Rule” (Finally)”
Filed Under: THCB
Tagged: ACOs, Ashish Jha, CMS, EHR, EHR incentives, Health Data, HITECH Act, Meaningful Use, Meaningful Use Stage 2, ONC, regional extension centers
Aug 27, 2012
All too frequently I get the question:
When will we see the EHR market consolidate?
Not an unreasonable question considering just how many EHRs there are in the market today (north of 300) and all the buzz regarding growth in health IT adoption. There was even a recent post postulating that major EHR consolidation was “on the verge.” Even I have wondered at times why we have not seen any significant consolidation to date as there truly are far more vendors than this market can reasonably support.
But when we talk about EHR consolidation, let’s make sure we are all talking about the same thing. In the acute care market, significant consolidation has already occurred. Those companies that did not participate in consolidating this market (Cerner, Epic & Meditech) seem to have faired well. Those that pursued a roll-up, acquisition strategy (Allscripts, GE, McKesson) have had more mixed results.
It is the ambulatory sector where one finds a multitude of vendors all vying for a piece of the market and it is this market that has not seen any significant consolidation to date and likely will not see such for several years to come for two dominant reasons.
Continue reading “Why We Won’t See EHR Consolidation Anytime Soon”
Filed Under: Uncategorized
Tagged: Acquisition, Allscripts, Cerner, Chilmark Research, Consolidation, EHR, Epic, GE, HITECH Act, McKesson, Meaningful Use, MEDITECH
Aug 13, 2012