According to Ben Franklin, John Adams, or someone else (I could not find a reliable source), “Every problem is an opportunity in disguise.” This bodes well for clinical care software because the number of complaints about current EHR systems grows louder each day. We know the problems: poor usability, lack of workflow support, reporting difficulties, decreased productivity, to name a few. How can these problems be turned into opportunities?
Obviously, solving these problems by designing better software offers an opportunity for software sales; however, I think there is more to it than that. Current EHR products grew out of a particular mindset and way of thinking about software and sales, and that mindset, I believe, has a lot to do with the problems EHR users voice.
When computers were new, they were sold primarily to businesses. The advent of the PC turned computers into consumer products. However, software and computer sales to businesses continued as they always had, which I think contributes to the issues small independent practices have with selection and implementation. Here is an example of what I mean. I have been buying software since I bought my first computer. This was always a straightforward process: find the software, pay for it, done. I remember my bewilderment while at UAB when I wanted to buy statistical software that had data mining algorithms. Since I was at the university, I was told I had to buy it through the university sales channel. I wanted a single copy. I could never find a salesman who would give me a price or tell me how to buy a single copy. I called the local, regional, and finally the national sales office. After a few weeks, I gave up. I never got the software, or even a price. What I did get were repeated promises that a sales rep would call.
Federally funded health centers are making strides adopting and using electronic health records (EHRs) to treat some of the nation’s poorest and most at-risk patients since the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act, according to a new first-of-its-kind study.
We know that health IT can help improve care quality. ONC and the Health Resources and Services Administration (HRSA) are working hard to ensure that all providers adopt and use EHRs. In the past, some researchers found that there might be a digital divide in health IT use, meaning that providers who mostly serve certain groups of people – particularly the poor and racial/ethnic minorities or people in rural areas – may be using health IT less than others.
Community health centers remain the largest provider of health care to underserved individuals in the US. They provide health care to more than 20 million Americans every year, including many who are poor, uninsured, or have no regular source of care.
In the past, health centers used health IT at a lower rate than other providers. In 2006, a survey showed that only 26% of health centers had any EHR capacity at all.
To ensure that the benefits of health IT and care transformation be available to all Americans, regardless of insurance, wealth, or location, the HITECH Act provided federal resources to help health centers adopt EHRs.
Scott Erven is head of information security for a healthcare provider called Essentia Health, and his Friday presentation at Chicago’s Thotcon, “Just What The Doctor Ordered?” is a terrifying tour through the disastrous state of medical device security.
Wired’s Kim Zetter summarizes Erven’s research, which ranges from the security of implanted insulin pumps and defibrillators to surgical robots and MRIs. Erven and his team discovered that hospitals are full of fundamentally insecure devices, and that these insecurities are not the result of obscure bugs buried deep in their codebase (as was the case with the disastrous Heartbleed vulnerability), but rather these are incredibly stupid, incredibly easy to discover mistakes, such as hardcoded easy default passwords.
For example: Surgical robots have their own internal firewall. If you run a vulnerability scanner against that firewall, it just crashes, and leaves the robot wide open.
The backups for image repositories for X-rays and other scanning equipment have no passwords. Drug-pumps can be reprogrammed over the Internet with ease. Defibrillators can be made to deliver shocks — or to withhold them when needed.
Doctors’ instructions to administer therapies can be intercepted and replayed, adding them to other patients’ records.
You can turn off the blood fridge, crash life-support equipment and reset it to factory defaults. The devices themselves are all available on the whole hospital network, so once you compromise an employee’s laptop with a trojan, you can roam free.
You can change CT scanner parameters and cause them to over-irradiate patients.Continue reading…
Did you hear the one about the CMS administrator who was asked what it would take to delay the 2014 ICD-10 implementation deadline? An act of Congress, he smugly replied, according to unverified reports.
Good thing he didn’t say an act of God.
So, now that CMS has been overruled by Congress, who wins and who loses? Who’s happy and who’s not?
The answers to those questions illustrate the resource disparity that prevails in healthcare and, mirroring the broader economy, threatens to get worse. The disappointed Have-a-lot hospitals are equipped with the resources to meet ICD-10 deadlines and always felt pretty confident of a positive outcome; the Have-not facilities were never all that sure they would make it and are breathing a collective sigh of relief.
First off, it is necessary to recognize that ICD-10 is far superior to ICD-9 for expressing clinical diagnoses and procedures. Yes, some of the codes seem ridiculous … “pecked by chickens,” for example. But people do get pecked by chickens, or plowed into by sea lions, so I believe the intent is positive, as will be the results.
An example: I saw my physician this past week at a Have-a-lot health system in San Francisco and I asked what she thinks of the ICD-10 extension.
“We’re already using (ICD-10) in our EHR and it is much better than ICD-9,” she said. “When I want to code for right flank pain, it’s right there. I don’t have to go with back pain or abdominal pain and fudge flank in. It’s easier and more accurate.”
“If I was still on paper and not our EHR, which I like,” she added, “my superbill would go from 1 page to 10. SNOMED works.”
During National Minority Health Month, we acknowledge the potential for health information technology (health IT) – from electronic and personal health records to online communities to mobile applications – to transform health care and improve the health of racial and ethnic minorities.
Lack of access to quality, preventive health care, cultural and linguistic barriers, and limited patient-provider communication are factors that aggravate health disparities.
By increasing our investment in health IT policies and standards, we can help improve the quality of health care delivery and make it easier for patients and providers to communicate with each other – a huge step toward addressing the persistence of health disparities.
The Pew Research Center’s Internet & American Life Project found in 2012 that African Americans and Latinos are more likely to own a mobile phone than whites and outpace whites in mobile app use, using their phones for a wider range of activities.
The study showed that African Americans and Latinos use their mobile phones more often to look for health information online. This has very important implications for personal management of health and interaction with the health care system.
However, barriers to widespread adoption of health IT remain.
For example, a 2014 consumer engagement report found that minorities were less likely to adopt online patient portals to access their health information than were non-Hispanic whites.
The American Recovery and Reinvestment Act of 2009 (ARRA), sometimes called the Stimulus Act, was an $831 billion economic stimulus package enacted by the 111th Congress in February 2009 and signed into law on February 17, 2009 by the President.
It included $22 billion as incentives to encourage adoption of certified electronic medical records in hospitals and medical practices. The rationale behind the policy directive was clear: system-wide implementation of electronic medical records enables improvement in diagnostics and treatment coordination, fewer errors, and better coordination of patient care by teams of providers.
Almost immediately, the medical community cried foul.
Their primary beef: the cost to implement these new systems would not be recovered by the incentives.
Similarly, physicians pushed back on the conversion of the U.S. coding system from ICD-9 to ICD-10. They did not question the need for the upgrade: the increase from 19,000 to 68,000 codes is necessary to more accurately capture all relevant clinical aspects of a patient’s condition and align our data gathering with 20 other developed systems of the world where ICD-10 is already used.
That health insurers, medical groups, hospitals and others must use the same coding system that reflects advances in how we diagnose and treat seems a no brainer. But some physicians pushed back due to costs and disruption in their practices.
Last week, physicians won a battle: the Centers for Medicaid and Medicare Services (CMS) announced it was delaying the deadline for implementation of ICD-10 for a year, to October 1, 2015.
The Food and Drug Administration has spent decades refining its processes for approving drugs and devices (and is still refining them), so what would happen if they extended their scope to the exploding health software industry?
The FDA, and its parent organization, the Department of Health and Human Services, are facing an unpleasant and politically difficult choice.
Sticking regulatory fences into the fertile plains of software development and low-cost devices will arouse its untamed denizens, who are already lobbying Congress to warn the FDA about overreaching. But to abandon the field is to leave patients and regular consumers unprotected. This is the context in which the Food and Drug Administration, the Office of National Coordinator, after consultation with outside stakeholders, released a recent report on Health IT.
I myself was encouraged by the report. It brings together a number of initiatives that have received little attention and, just by publicizing the issues, places us one step closer to a quality program. Particular aspects that pleased me are:
- The suggestion that quality programs should start to look at electronic health records (p. 8). EHRs have been certified by various bodies, but usually just to check off boxes and declare that the systems comply with regulations–neither the quality of their user interfaces nor the quality of their implementations have been questioned. Reportedly, the FDA considered “safety and quality standards” for electronic health records in 2010 but couldn’t get them adopted. It also checks certain forms of clinical decision support, but only if they are built into a regulated device. The current HHS report refers back to aspirational documents such as a Health Information Technology Patient Safety Action & Surveillance Plan and a set of guidelines on the safety of EHRs.
- A call for transparent reporting and sharing of errors, including the removal of “disincentives to transparent reporting”–i.e., legal threats by vendors (p. 25). Error reporting is clearly a part of the “environment of learning and continual improvement” I mentioned earlier. A regulation subgroup stated the need most starkly: “It is essential to improve adverse events reporting, and to enable timely and broader public access to safety and performance data.” Vague talk of a Health IT Safety Center (p. 4, pp. 14-15) unfortunately seems to stop with education, lacking enforcement. I distinctly disagree with the assessment of two commentators who compared the Health IT Safety Center to the National Transportation Safety Board and assigned it some potential power. However, I will ask ONC and FDA for clarification.
- A recognition that software is part of a larger workflow and social system, that designing it to meet people’s needs is important, and that all stakeholders should have both a say in software development and a responsibility to use it properly.
Don’t imagine that the FDA is unused to regulating software. For quite some time they have instituted practices for the software used in some medical devices , and have tried to keep them up-to-date.
A waterfall-like process of risk assessment and testing called computer system validation has long been required for pharma and devices.
Three related columns in HealthcareITNews caught my attention recently.
The headlines pretty much say it all:
1. Satisfaction with HIE solutions drops.
2. Vendors missing boat on HIE needs.
3. CommonWell names 3 biggest HIE hurdles.
Over the years, I’ve written more than a few HealthBlog posts on the topic of health information exchange (HIE) and why I feel so strongly that most of the initiatives currently underway are missing their mark.
As I’ve stated before, during my worldwide travels I haven’t yet come across a country that has accomplished a truly national, interoperable, bi-directional, fully functional HIE.
Those few countries that come close are more like a large American city or small state in size, perhaps mirroring some of the moderately successful regional or state-wide exchanges currently operating in America. Over the years I’ve also watched implosions of national HIE attempts in several countries that have failed miserably despite billions of dollars being spent on the efforts.
Reading each of the articles referenced above, I once again reach the conclusion that what I have been evangelizing as a better model for HIEs still rings true.
Many years before the creation of Healthcare.gov, President Obama embraced data analytics during his early years in the Senate.
In 2006, he and senator Tom Coburn (R-Okla.) successfully sponsored the Federal Funding Accountability and Transparency Act, which resulted in creation of usaspending .gov, “a significant tool that makes it much easier to hold elected officials accountable for the way taxpayer money is spent“.
A History of Failed Federal IT Projects
A considerable amount of taxpayer money is spent on federal IT projects, but in contrast to the aspirations of Obama in his early years in the Senate, it is not spent responsibly.
According to the Standish Group report, from 2003 to 2012 only 6% of the federal IT projects with over 10 million dollars of labor cost were successful.
52% of them were either delayed, went over budget or did not meet user expectations. The remaining 41% of the IT projects were abandoned or started from scratch. Perhaps most troubling is that healthcare.gov is just a one example among many.
At HIMSS 2014, the health information technology’s (HIT) largest annual confab, the bestest-best news we heard from a policy perspective, and maybe even an industry perspective, was the Centers for Medicare & Medicaid Services’ (CMS) dual announcement that there will be no further delays for either Meaningful Use Stage 2 (MU-2) or ICD-10.
Perhaps we should have immediately directed our gaze skyward in search of the second shoe preparing to drop.
As it turns out, CMS de facto back-doored an MU-2 delay by issuing broad “hardship” exemptions from scheduled MU-2 penalties. To wit: any provider whose health IT vendor is unprepared to meet MU-2 deadlines, established lo these many months ago, is eligible for a “hardship” exemption.
Few would disagree with the notion that it’s unproductive to criticize policy without offering constructive ideas to fix the underlying problems.
Here, the underlying problem is easy to define: it is in point of irrefutable fact fundamentally unfair to penalize care providers for their vendors’ failings—especially when the very government proposing to penalize them put its seal of approval on the vendors’ foreheads to begin with.
CMS’s move to exempt providers from those penalties is correctly motivated, but it seeks to ease the provider pain without addressing its cause.
Instead of issuing a blanket exemption for use of unprepared vendors, CMS should:
- Waive penalties only for those providers who take steps to replace their inferior technologies with systems that can meet the demands of the 21st century’s information economy;
- Publish lists of health IT vendors whose systems are the basis for a hardship exemption, along with an accounting of how many of those 21 billion dollars have been paid to subsidize those vendors’ products; and
- Immediately initiate a reevaluation of the MU certification of any vendor whose products form the basis for a hardship exemption.
This proposal might seem bold, but if we’re truly looking to advance health care through the application and use of EHR, then what I’ve outlined above simply represents necessary and sound public policy. Current practice rewards vendors whose products are falling short by perpetuating subsidies for those products.
The federal government should stop paying doctors to implement health IT that cannot meet the standards of the program under which the payments are issued. That’s just a no-brainer.
An EHR should not be a federally-subsidized “hardship.”