Where is Health Care’s Big Data?

The world of health care is abuzz with heated discussions about health information exchange, data liberation and the beneficial consequences of these actions to all stakeholders who use, deliver, regulate or profit from the one fifth of the U.S. economy devoted to medical care. While the efforts to liquefy health information from its solid paper state to a fluid stream of zeros and ones are hardly new, the release of the Meaningful Use Stage 2 proposed rules, has triggered a renewed Pavlovian response to the prospect of having people’s health information flowing freely over the Internet creating massive amounts of Big Data. Before the frenzy gets way ahead of itself, perhaps we should take a closer look at how health information is created, where it resides, how it is shared and what Meaningful Use Stage 2 is targeting for change. In short, let’s follow the Data…

Health Care Data Creation
Health information about an individual begins accumulating from the moment of birth, which is duly recorded when a tiny new consumer emerges into the world. Over one’s life, encounters with the medical system are carefully recorded and now, most of those encounters will be computerized. The following are the main sources of health data:

• Medical Care Providers – Hospitals, physicians, pharmacists, nurses, therapists and eventually long term care facilities are recording medical encounter information both for treatment and for financial purposes. The data created by health care providers is very rich in clinical information and also contains a significant amount of socio-economic details. Currently, medical information is scattered amongst all providers of health care encountered during a lifetime, and is mostly maintained on paper. Portions of it may or may not be exchanged in an ad-hoc fashion when people seek care at various medical facilities.
• Public and Private Payers – For the overwhelming majority of Americans who utilize insurance instruments to finance medical care, a lower fidelity version of health information is being maintained by the payer, mostly in electronic format, tallying ailments, therapies and everything else that has a dollar value associated with it.
• Ancillary Providers – From pharmacies to laboratories and imaging facilities, ancillary service providers are also maintaining lists of medical services and products provided to people and when pertinent, clinical results and invoicing information. This information is also largely maintained in electronic format.
• Personal Health – Although largely confined to a tiny minority of healthy, educated and tech savvy people, the results of personal monitoring of health indicators are beginning to accumulate in various private information systems. Currently most of this data is created by individuals outside the traditional medical system and is maintained and controlled by new and rather small technology vendors in electronic format.

Health Care Data Whereabouts
Obviously entities that create health data are also maintaining complete copies of said data for their records. However, large amounts of data are being exchanged currently between facilities of care, payers, diagnostic companies and government agencies, mostly in electronic format. As data moves around, and it does move, new repositories of data also emerge.

• Health Data Creators – Medical care providers, ancillary services providers and payers of all stripes store, maintain and supposedly own practically all health data created by their various business units and all copies of data created by others and transmitted to them during the course of business. There are significant overlaps between various data creators. For example, while payers do create financial data, all clinical information they possess is created and also stored by others.
• Public Health Agencies – Registries (e.g. immunizations, cancer, etc.) and other regulatory reporting repositories are also storing pieces of information transmitted to them by health data creators as required by State laws and vary greatly in availability and capabilities, but most information is electronically maintained.
• Clearinghouses – The facilitators of information exchange, mostly medical claims and payment data, medications, and to a lesser extent laboratory data, are also accumulating copies of whatever information is flowing through their systems in electronic format.
• Health Information Organizations – A special case of the clearinghouse model, these entities are mostly concerned with facilitating communications among regional health care providers, and in some cases are also undertaking data analysis services on behalf of their clients. As such, these organizations in many instances accumulate some portions of medical records data for some segments of the population in their geographical catchment areas.
• Technology Vendors – Those who supply electronic means to health data creators, and particularly the vendors who offer their technology in a remote service model, retain full access to their customers data, and for smaller customers, such as physicians in private practice, technology vendors are contractually reserving rights to make use of health data in a manner consistent with HIPAA regulations.
• Consumers – Aside from the emerging personal health monitoring devices and applications, a small minority of savvy consumers is also maintaining personal health records separately from their medical services providers, usually in remotely stored and web accessible repositories.

Meaningful Health Information Exchange
While Meaningful Use Stage 1 did not introduce any tangible breakthroughs in health information exchange beyond what was already occurring, the proposed Stage 2 measures are attempting to spur exchange of health data in several ways.

• Increase of exiting exchange – All thresholds for information exchange already in place, such as prescription data and laboratory results data, have been increased.
• Public Health Reporting – Actual reporting of data to government agencies is now required.
• Provider-to-provider – Some ad-hoc, point-to-point, standardized exchange of clinical summaries between various health care providers will be required.
• Provider-to/from-patient – In addition to requiring that physicians and hospitals provide health information to patients in electronic format, Meaningful Use Stage 2 places requirements on patients to contact their doctors by email and to access their electronic medical records online. The proposed rules stop short of mandating that patients actually copy their medical records themselves, or ship a copy to a third party recipient, but we have Stage 3 and onwards to look forward to. Either way, technology must be enabled to allow patients, or authorized entities (family, friends, other software, etc.) to extract copies of health information from the HIPAA covered entities where the data was created.

So where is the Big Data of health care? It is very likely that Meaningful Use Stage 2, along with accelerated Electronic Health Records adoption, will increase the size and number of current health data repositories, as well as the ad-hoc exchange of information between them. Changes in reimbursement models will also spur the slicing and dicing of health data, particularly for the purpose of risk management, but there is nothing in the proposed Meaningful Use Stage 2 rules to suggest wholesale merging of health data repositories, and on their own, none of them could be considered Big Data. What if we endeavor to index the contents of all repositories, per the PCAST model, and allow government, or other legitimate “stakeholders”, access to query every indexed and networked health data repository in the land? Is this the much touted and feverishly anticipated Big Data of health care? Meh… Something is still missing.

Big Data is not just lots and lots of data. Big Data is indeed big, but it is also very difficult to accommodate in traditional relational database systems. Big Data is very dynamic and changes fast, furiously and continuously, and Big Data is usually a combination of multiple unrelated sources; it is messy, inaccurate and needs lots of cleaning, processing and culling before it can be used. Well, we all know health care data is a royal mess, but other than that it has no other characteristics of Big Data. Some forward thinking clinical researchers, concerned with the ability of “decision makers” to make decisions for us, are suggesting that we make the data bigger by adding patient reported “psychosocial issues and health behavior”, which are usually outside the realm of medical care. They boldly envision doctors administering questionnaires to their patients to enrich the data sets obtainable by tying together “millions of encounters in real-world settings”. Not sure how you do that over disparate repositories without fully identifying each patient, but those are just details, and surely patients will see the value in allowing decision makers to assess our quality of life for comparative-effectiveness purposes. Anyway, adding some very patient-centered fields, quantifying your happiness or sadness, to the medical record is not going to elevate health care data to the status of Big Data. In order for health care data to become truly Big Data, it will have to be combined with other data sources, such as social media data, Internet search data, financial data, census data, shopping data, cell phone data, and the list goes on. And herein lies the Big excitement.

Of course, once we throw health care data into the boiling cauldron of Big Data, many wondrous things can emerge along with some nightmarish ones too. The only (legal) tool for extracting health care data from the HIPAA covered ecosystem today is the patient, because the patient is the only one who can legally “transmit” data from a covered entity to one that is not hampered by such details, like the various standalone Personal Health Records provided by private companies and all sorts of other health and wellness tools built by eager entrepreneurs. Once those shiny new “Transmit” buttons are added to patient portals, per Meaningful Use Stage 2 rules, there will no doubt be dozens of tools competing for “informed permission” from patients to crawl health care providers’ portals and auto extract everything possible and aggregate it “on behalf” of the patient. Will patients cooperate and donate personal health records to the Big Data enterprise? Perhaps a few, but not enough to make the bells ring. There will need to be a few more rounds of rulemaking before patient data can be truly liberated from those antiquated HIPAA protections, and properly used to build a few fortunes and to improve the quality and accuracy of the coupons we receive in the mail.

Parsimonious

I love persimmons with their luscious flavor and their rich exotic texture, but parsimony has nothing to do with persimmons. For the 99% of Americans who are less familiar with the term parsimonious than they are with the rare persimmon fruit, here are the suggested synonyms to parsimonious, according to the Merriam Webster dictionary: “cheap, chintzy, close, closefisted, mean, mingy, miserly, niggard, niggardly, stingy, penny-pinching, penurious, pinching, pinchpenny, spare, sparing, stinting, tight, tightfisted, uncharitable, ungenerous”.

In the sixth edition of its Ethics Manual, the American College of Physicians (ACP) is stating the following: “Physicians have a responsibility to practice effective and efficient health care and to use health care resources responsibly. Parsimonious care that utilizes the most efficient means to effectively diagnose a condition and treat a patient respects the need to use resources wisely and to help ensure that resources are equitably available” [emphasis added]. If you don’t use the term parsimonious in casual conversation, feel free to substitute any of the Merriam Webster synonyms, so you can enjoy the full flavor of this recommendation. We should note that the President of the ACP, Dr. Virginia Hood, while acknowledging that “it has some connotations where people think frugality or being parsimonious is the same as being mean or inadequate”, she does not “think that is the real meaning of that word". According to Dr. Hood “Parsimonious is a good word in the sense that it means that you use only what's necessary". Unfortunately she stopped short of defining “necessary”.

But the term parsimonious can be understood in a different way too. From the Latin “lex parsimoniae”, parsimonious, when scientifically understood could be a reference to Occam’s razor principle “requiring that the simplest of competing theories be preferred to the more complex or that explanations of unknown phenomena be sought first in terms of known quantities”. So perhaps the ACP is advising doctors to refrain from seeking zebras each time they hear galloping hooves, which may be fine medical advice up to the point where it requires respectful consideration for “resources”, which is just a polite term for money. When money is inserted into the scientific equation, we are drawn back to the penny-pinching definition, and since nobody wants to go on record advocating cheap care, we are back to parsimonious and the comfortable ambiguity cover it provides.

As noted in a recent New York Times article, despite this ambiguity, and perhaps precisely because of it, parsimonious care is quickly becoming a very popular term in the industry. In a NEJM article on costs of health care, Peter J. Neumann dares to ask the question and proceeds to answer it too: “Is “parsimonious” the right word? Perhaps there are better ones, but “frugal,” “prudent,” “thrifty,” “cost-conscious,” and others would also raise objections. … Calling it parsimonious is a reasonable start.” Yes, we can’t really call it what it is because it would raise objections. Similarly, we can’t call something a “tax” because it would raise objections, so we call it “penalty” instead, and this too is a reasonable start.

So what does parsimonious care look like? There are no exact descriptions, presumably because they too would raise “objections”, but there are philosophical principles involved. Dr. Zeke Emanuel, for example, is thrilled with the ACP daring to be “a professional society unafraid of advocating the principle of cost-effectiveness”. Cost-effectiveness, which has been in wide use before parsimonious came into vogue, is best examined at the edges where costs differ widely and effectiveness is held constant, or vice versa. It is prudent to stay away from instances where both costs and effectiveness vary widely in direct proportion to each other, because close scrutiny may raise objections. Perhaps this is where parsimonious care kicks in, invoking the renowned 80-20 business rule. If you get injured in an accident and we can restore you to 80% functionality for 20% of the cost, should we really spend the remainder 80% of the money for a measly 20% in diminishing returns to society? 

We may be able to gain additional insight by understanding what parsimonious care is not. A much debated recent study published in Health Affairs concludes that for office-based physicians, electronic access to imaging and lab results does not reduce the frequency of test orders, and advises that “[i]nsurers and health care providers should also be wary of claims that computerization alone will lead to a more parsimonious practice style”. Disregarding the policy implications and the validity of these conclusions, along with the vigorous rebuttals, and sticking with our largely semantic analysis, we may conclude that a reduction in ordering of expensive tests is a characteristic of parsimonious care. Examining the data in this study, which has not been questioned by those taking issue with the conclusions, one should be immediately struck by the fact that doctors in private solo practice are about four times less likely to order expensive imaging tests than physicians employed by hospitals, and significantly less likely to do so than doctors practicing in large group settings.

Since this particular study took the liberty of making some pretty wild assumptions, and since the rebuttals engaged in similarly wild predictions, perhaps it would be beneficial to disregard the multitude of controversial trees and observe the forest in plain view, which reveals that parsimonious care is more likely to be delivered in small private practice. The obligatory implications to policy makers would be to quit the mindless herding of doctors into unparsimonious hospital employment and consolidation, and to conduct some studies of readily available data on the parsimony, or cheapness, of care in various practice settings. The definition of parsimonious care, at least for ambulatory practice, as that which is offered in small private practice settings, and the promotion of the same, is guaranteed to not raise any objections from the public. The alternative would be to continue using terminology nobody understands to make policy nobody understands, while engaging in esoteric conversations for the illuminati who possess the encryption keys to public discourse.

Addendum: For the sake of completeness, here is the brand new response from the authors of the Health Affairs study on imaging, to the ONC rebuttal. (3/12/2012)

Opportunity for HIT Vendors to Do Good

Yesterday, I found an email from Health and Human Services (HHS) in my inbox highlighting a new initiative where the “Obama Administration and Text4Baby join forces to connect pregnant women and children to health coverage and information”. The goal of this partnership is “to promote enrollment in both Medicaid and the Children’s Health Insurance Program (CHIP)”. Having more babies and children obtain insurance coverage is obviously a worthy endeavor, and if it can be accomplished by simply sending informative text messages to pregnant women, even better. Of course having insurance coverage doesn’t always translate into having access to an actual doctor, particularly for Medicaid enrollees.

In an unrelated coincidental turn of events, it just so happened that I have had the recent opportunity to spend time with large numbers of Pediatric practices, most of which were small independent practices in middle-class suburban areas. The main goal of these conversations was to elicit doctors’ opinions on Electronic Health Records (EHR). As expected, only a small fraction of independent Pediatricians are currently using fully certified EHRs, and amongst those there is an even distribution of happy customers and disillusioned ones. A significant portion is actively engaged in purchasing EHRs, but the vast majority is pondering on what to do next. It turns out that one cannot have any discussions about EHR without sooner or later digressing to costs and precarious financial situations. Yes, EHR usability, or lack thereof, comes up in casual conversation, but by far most doctors understand that paper is over and computers are here to stay whether they are perfect or not. The barrier to jumping on the EHR bandwagon is always financial. Pediatrics in particular is not a very lucrative specialty and cash reserves are practically nonexistent in these small practices. 

And here is where I observed a very interesting and very positive trend. These suburban practices are considering opening their doors to Medicaid kids in larger and larger numbers. Both the recession and the possibility of obtaining enough government incentives to cover technology purchases are responsible for this trend, which I observed locally, but may very well be larger in scope. Pediatricians (and pediatric sub-specialists) are only eligible for Medicaid incentives and only eligible for the full incentive if at least 30% of their patients are covered by Medicaid. Meaningful Use incentives were aimed at providing a partial solution to the cost conundrum, of course, but there is a chicken and egg dilemma here. You can’t get the incentives unless you buy the EHR and you can’t buy the EHR unless you get the incentives, or take a loan, which is a very frightening alternative for most small practices and for many independent physicians whose personal wealth has been decimated in the last few years.

For illustration purposes, the total first year cost of an average EHR purchase, including training, implementation and hardware is around $100,000 for a practice of 5 physicians. Medicaid first year incentives for such a practice would almost to the penny cover the initial EHR costs. More importantly, Medicaid first year incentives are based on the administrative activities of buying the EHR and NOT on achievement of Meaningful Use. It doesn’t make sense to ask Medicaid to advance doctors $100,000 based on a promise to buy an EHR, and it would be unwise to have Medicaid send incentive checks to EHR vendors, but there is a third option, which provides EHR vendors with an opportunity to do well by doing good, for a change.

Here is how I would structure this transaction:

• EHR vendor in partnership with hardware vendor creates a bundled offering not to exceed the $21,000 per provider which is equal to the Medicaid first year incentive.
• Practice submits proof of eligibility for Medicaid maximum incentive to vendor
• Practice submits proof of registration with CMS and State Medicaid program
• Practice contractually obligates itself to attest to State Medicaid and submit proof of attestation to vendor within an agreed upon timeframe from contract signing (10 working days should be fine)
• Practice contractually obligates itself to remit full payment to vendor upon receipt of Medicaid incentives and no later than 6 months from contract signing

The value proposition to EHR (and hardware) vendors should be obvious considering that most of those who had the cash, already bought an EHR and the bulk of the remaining market is going to take its sweet good old time to “make a decision”. I do understand the implications of such arrangements to cash flow and balance sheets of technology vendors, but the competitive advantage to those larger vendors who can afford to make this offer would be big enough to warrant the costs, and the risk to the vendor is truly minimal. Yes, this would be similar to extending credit to the practice for six months, but psychologically this is very different, since there is much unwarranted mistrust amongst physicians that Medicaid will actually send them a check. Seeing that the vendor is willing to participate in taking the “risk” will generate significant and quantifiable good will.

The value proposition for society and the moms reached by Text4Baby is that the brand new coverage they are obtaining will actually come with a doctor happy to take care of their babies. Priceless.

EHR Certification 2014 Edition

As the Centers for Medicare and Medicaid Services (CMS) released their proposal for Meaningful Use Stage 2 requirements, the Office of the National Coordinator for Health Information Technology (ONC) released its updated requirements for EHR vendors intending to support Meaningful Use Stage 2. The document is chockfull of technical specifications and details which are probably more than any physician cares to know. There are, however, a couple of good reasons why you should have a general understanding of what your vendor, or soon to be vendor, is required to do because it will affect your finances and workflow and may also present some presumably unintended legal implications to your practice.

Terminology
The ONC proposal introduces several new terms that you should be aware of in order to avoid confusion, particularly if you are contemplating the purchase of an EHR in the next couple of years. A great slide deck from ONC can be viewed here.

• ONC HIT Certification Program – The EHR certification program has been renamed, so presumably any software you buy should state that it is ONC HIT Certified.
• CEHRT – Certified EHR Technology – This refers to any software product that has received any type of certification under the ONC HIT Certification Program. It could be a Complete EHR or a just a Module or a collection of Modules. Note that the “C” does not imply Complete. Any given CEHRT may or may not be enough to satisfy Meaningful Use (see below).
• 2011 Edition and 2014 Edition – ONC introduces the concept of Edition, since the certification criteria are different for 2011 and for 2014 and since it is expected that both versions could be available on the market concurrently. The Edition could be applied to a Complete EHR or an EHR Module.
• Base EHR – ONC is defining a Base EHR as a CEHRT that has several capabilities considered mandatory for Meaningful Use. Your software package must include a Base EHR even if you can exclude some of its functionality from attestation. It is not clear if software vendors will be required to clearly state if their offering includes a Base EHR, or if it will be left to the buyer to validate that it is so.

In an attempt to provide some flexibility, mainly to hospitals and specialists, it will no longer be necessary to purchase or assemble a Complete EHR in order to qualify for Meaningful Use. Instead one only needs a Base EHR, plus whatever Modules necessary to satisfy Core measures that you cannot exclude, and the particular Menu measures you choose. You can, of course still purchase a Complete EHR, and most primary care physicians will need to do just that, but if you don’t, you should exercise extra caution and read the labels very carefully.

Timeframe
If you are a proud recipient of a Meaningful Use incentive check, or soon to be one, you will have to advance to Stage 2 starting January 1st of 2014. Since the measures for Stage 2 are a bit more difficult and the data collection, particularly for Clinical Quality Measures (CQM), is a bit more extensive, it is imperative that you have your 2014 Edition installed and ready to learn and test sometime in the third quarter of 2013 at the very latest. Remember how long it took you to start your reporting period for Stage 1, and give yourself enough time to prepare for Stage 2, since you will be learning the ropes of Stage 2 while maintaining performance of Stage 1. There is no down time between Stages and there is no margin of error in consecutive 12 months reporting periods. If your EHR vendor has a sign-up list for Stage 2 upgrades, get on that list as soon as possible.

Features & Functionality
The proposed EHR certification criteria for a 2014 Edition require significant retooling of existing certified EHRs. For those with fond memories of the additional charges levied by many EHR vendors for Meaningful Use additions in 2011, this is a cautionary tale to be repeated in 2013. You should expect various Meaningful Use Stage 2 packages to be offered by your vendor and charged separately above and beyond your yearly maintenance or subscription fees. Below are just a few highlights and by no means a comprehensive list of proposed big ticket items.

CQM Reporting – If you had to pay separately for this in Stage 1, you should expect a requirement to upgrade to a more expensive version in Stage 2, since the computational requirements are much larger in scope now. If your current software does not have a registry capable of submitting CQM electronically to CMS, one will have to be provided to you for Stage 2, and this will also cost you more money. There will be an additional time burden imposed on you or your staff for collecting various data elements which were not required for Stage 1.

Referrals – Just having your referrals going out electronically and containing the required data elements will not be enough for Stage 2. ONC proposes that at least 10% of your referrals are sent outside your organization to entities that do not happen to have the same EHR brand as you do. I trust that large health systems will be successful in lobbying ONC to loosely define the term organization and/or for exclusions to this measure for their members. If this requirement remains in effect for independent private practice, you will have to add a technology profile to your clinical and patient preference considerations before you refer someone. Since your referral choices now carry clear financial implications for your practice (Meaningful Use incentives), where there were none before, a conflict of interest between you and your patient may have just been created. [Note: For those of you who have been skeptical and dismissive of my incessant warnings that an EHR will become the cost of doing business and its absence may exclude you from the health care marketplace, this is how it starts.] Considering the obvious issues with this requirement, I am very hopeful that it will be reworded in the final rule.

Patient controlled information transmittal – Obviously patients should have the right to send their medical records to whomever they wish, and obviously (to me) patients should have full access to their medical records to view and copy or download. Most practices are using web-based patient portals for exactly this purpose, and also to realize other administrative efficiencies. Meaningful Use Stage 2 adds a requirement that your patients have the ability, and actually exercise it, to transmit this information to a third party of their choice. This means that your EHR vendor will have to provide HIPAA compliant, Direct Project compliant, information exchange capabilities for all your patients. It is likely that large EHR vendors will undertake the entire task, while the surviving small vendors will contract this out.
Without boring you to death with public/private encryption keys and security certificates details, you need to know that this is going to cost you a pretty penny and that there may be legal implications for your practice. Allowing patients to download their information and be on their own from that point on, as in your current Portal, or the various Blue Button implementations, can be handled with proper disclaimers and warnings. This new Stage 2 feature proposes that your patients use your software tools, at your behest (need them to do this in order to get incentives) to send protected health information out to recipients you have no control over. If anything goes wrong, and many things can go wrong, are you, as the secure platform provider, legally responsible for any unfortunate outcomes? If a patient (who may not even be your patient) sends you unsolicited information via this mechanism, what are your legal obligations?
In addition, and exhibiting a perplexing misunderstanding of an NIH funded project to allow patients to grant and revoke provider credentials to imaging studies, ONC is also proposing to incorporate transmittal of large imaging studies by patients to third parties through the same mechanism. Hopefully, I don’t need to elaborate on the consequences to your network and software performance once DICOM images start flowing in and out freely through your Patient Portal.

I sincerely hope that enough public comments are submitted to ONC to change their well-intended, but fraught with unintended consequences, proposals for Meaningful Use Stage 2. I would also like to urge you to get involved, read the regulations and find the time to submit your comments, because whether you have an EHR right now or not, these regulations will sooner or later affect you personally. The time to sit on the sidelines moping and groaning, while hoping that this will all go away, has long since passed.

Note: Public comments can be made here.

Moving Up the Escalator to Stage 2

The eagerly awaited Notice of Proposed Rule Making (NPRM) on Meaningful Use Stage 2 has been finally released in a sprawling 455 pages document. If you followed the discussions of the Federal Advisory Committees over the last year or so, you would know that Meaningful Use Stage 2 is just another small step towards an overarching goal of utilizing health information technology to support current policies aimed at providing better care for individuals, better health for populations and lower the costs of health care. We can agree or disagree on the wisdom of those policies, but if you are using electronic health records or just contemplating a move to computerized records, and have an interest in obtaining Meaningful Use incentives or avoiding penalties, you should have a basic understanding of what the next step on the technology escalator consists of.

Meaningful Use Stage 2 distinguishes itself from Stage 1 mainly by proposing a major push to health information exchange. It also brings a new level of complexity to the assembly of various data sets that are intended to be exchanged with other care providers and/or patients. It would probably be a bit simpler to define one superset of information and use it for all information exchange measures. The other notable feature of Stage 2 is that a couple of measures are completely dependent on patients’ willingness and ability to engage in Internet based communications.

Basically everything that was required for Stage 1 is also required for Stage 2, although some measures have higher thresholds, and others have been consolidated in one measure, or are just implied in other measures. For physicians, Meaningful Use Stage 1 had 25 measures, of which 20 needed to be met. Stage 2 has 22 measures, of which 20 need to be fulfilled in order to qualify for incentives starting in 2014 (yes, 2014). There is still a bit of wiggle room, but not as much as in the past. Finally, just like in Stage 1, there are several exclusions available for measures that do not apply to your practice.
The following is an (almost) objective summary of the newly proposed measures.

The Departed
The following Stage 1 measures have been removed from the Stage 2 list for various reasons as described below,

• Maintain problem lists – incorporated into summary of care measure
• Maintain medication lists  – incorporated into summary of care measure
• Maintain drug allergy lists – incorporated into summary of care measure
• Perform drug formulary checks – incorporated into the electronic prescribing measure
• Drug-drug and drug-allergy interaction alerts – incorporated into the Clinical Decision Support measure

Golden Oldies
The following measures have not changed from Stage 1 to Stage 2, but those that were optional are now mandatory.

• Generate one list of patients with a specific condition
• Send reminders to 10% of patients (slight change: patients of all ages not seen in over two years)
• Provide patient education materials to patients stays at 10%

Wee Bit Harder

• Recording patient demographics increased to 80%
• Recording vitals increased to 80%
• Recording smoking status increased to 80%
• Electronic prescribing threshold up to 65% for ambulatory practice and newly added for hospital discharge medications at 10%
• Incorporate structured lab results into the EHR is up to 55%
• Medications reconciliation upon transition of care increased to 65%
• Recording existence of Advanced Directives has increased to more than 50% for hospitals only.

Full Step up the Escalator

• Computerized Physician Order Entry (CPOE) is now required for 60% of Medication orders, Laboratory orders and Radiology orders. Just to clarify, this is NOT a requirement to send orders out electronically. It is only a requirement to document the orders in the EHR.
• Clinical Decision Support (CDS) is increased to the implementation of 5 distinct rules, related to 5 or more CQM. This should not be a major problem for most EHRs, unless the final CQM are very different than what was offered in Stage 1. Enabling drug-drug and drug-allergy alerts are in addition to the above.
• Clinical summaries need to be made available to more than 50% of patients within 24 hours now, down from 3 days in Stage 1. Huge problem for those who don’t finish their charts on the same day. Clinical summaries should include at least the following items:
• Patient Name.
• Provider's name and office contact information.
• Date and location of the visit.
• Reason for the office visit.
• Current problem list and any updates to it.
• Current medication list and any updates to it.
• Current medication allergy list and any updates to it.
• Procedures performed during the visit.
• Immunizations or medications administered during the visit.
• Vital signs and any updates.
• Laboratory test results.
• List of diagnostic tests pending.
• Clinical instructions.
• Future appointments.
• Referrals to other providers.
• Future scheduled tests.
• Demographics (gender, race, ethnicity, date of birth, preferred language). (New requirement for Stage 2.)
• Smoking status (New requirement for Stage 2.)
• Care plan field, including goals and instructions. (New requirement for Stage 2.)
• Recommended patient decision aids (if applicable to the visit). (New requirement for Stage 2.)
• Submission of data to immunizations registries is no longer just a test. Stage 2 requires ongoing submission to a registry. Hopefully by Stage 2 the current mess, where hundreds of fully certified EHRs are incapable of connecting to registries in reality, will be resolved.
• Hospitals also need to have a working interface for lab results to public health entities, instead of just performing a test.
• Menu Item (ambulatory): Syndromic Surveillance interfaces need to be operational for Stage 2. For hospitals this is mandatory.
• Perform security risk assessment and remediation of deficiencies has not changed, but there is an explicit requirement to address “the encryption/security of data at rest”. So if you have your EHR server in your office, you will need your IT guy to pitch in a few hours here.
• Reporting clinical quality measures to CMS increased from 6 to 12 for ambulatory physicians and is up to 24 for hospitals. There are extensive lists of measures and a couple of choices on how to pick them. Note that there are several new measures and that CMS is expecting to be able to receive these reports electronically by 2014 and therefore CQM reporting will be separate from Meaningful Use attestation for Stage 2. Unlike Stage 1, physicians would be able to elect group reporting for CQM.

New and Noteworthy

• Hospitals must attest that 10% of medications are automatically tracked via an electronic medication administration record (eMAR).
• View/Download/Transmit – First, more than 50% of patients must have timely online access to their health information 4 days after it is received by physicians (36 hours after discharge for hospitals). Second, over 10% of your patients must view or download or transmit their information to a third party. This will require a Patient Portal that can log visits and an upgrade to most portals to allow transmission of records to somewhere. You will need to have over half of your patients registered for the Portal, which may be a problem if most of your patients don’t have email accounts, since most EHR supplied Patient Portals require an email for registration. Note that you must somehow ensure that 1 in 10 patients actually logs into their Patient Portal account and looks at the records. The Portal must make available the following items at the very least:
• Patient name.
• Provider's name and office contact information.
• Problem list.
• Procedures.
• Laboratory test results.
• Medication list.
• Medication allergy list.
• Vital signs (height, weight, blood pressure, BMI, growth charts).
• Smoking status.
• Demographic information (preferred language, gender, race, ethnicity, date of birth).
• Care plan field, including goals and instructions, and any additional known care team members beyond the referring or transitioning provider and the receiving provider.
• Secure messaging with over 10% of patients online is another new measure that can be satisfied by having a Patient Portal. The language for this new measure indicates that the secure messages must be sent by the patients, so as with the above measure, you will have to somehow ensure that your patients send you online messages.
• Summaries of care need to be transmitted for more than 65% of transitions or referrals. Of those over 10% must be transmitted electronically to someone not organizationally affiliated with you, AND that someone must use an EHR that is different than the one you are using. Choose your referrals wisely and make sure you inquire in advance about the EHR situation at the receiving end. You will probably have to type it in your EHR for record keeping purposes. If you work for a Kaiser-like organization, you may have a serious problem here.  Required data elements for these summaries are as follows (not sure why Meds and Allergies are excluded):
• Patient name.
• Referring or transitioning provider's name and office contact information (ambulatory only).
• Procedures.
• Relevant past diagnoses.
• Laboratory test results.
• Vital signs (height, weight, blood pressure, BMI, growth charts).
• Smoking status.
• Demographic information (preferred language, gender, race, ethnicity, date of birth).
• Care plan field, including goals and instructions, and any additional known care team members beyond the referring or transitioning provider and the receiving provider.
• Discharge instructions for hospitals.
• Menu Item: Availability of images in the EHR is required for over 40% of orders for all scans and tests whose result is an image. Many EHRs will need some retooling for this and you will need some expensive interfaces to hit the 40% threshold, particularly if you order imaging tests at multiple facilities, assuming those facilities have the ability (and willingness) to provide you access to their systems. The last thing you want to do here is to have those images travel over the network. It will kill your bandwidth and your server.
• Menu Item: Record Family History as structured data for over 20% of patients. This one is a walk in the park for practically all EHRs. Be sure to pick this one.
• Menu Item (ambulatory): Reporting to a Cancer Registry. This will require an operational interface for the entire reporting period.
• Menu Item (ambulatory): Reporting to a Specialized Registry (other than cancer). Here too a fully operational interface is needed. This is probably not much of a choice in most states.

If you managed to read to this point without falling asleep or suffering an anxiety attack, please note that this is just an NPRM and public comment is requested. Go ahead and make your opinions heard. CMS and ONC have listened to comments in the past and showed willingness to adjust. I would suspect that just like Meaningful Use Stage 1, these regulations will be much relaxed by the time the final rule is issued later this year, and further accommodations will be made as work in the field actually begins.

Note: Public comments can be posted here.

Trust in the Machine

Enigma Machine

We talk about trust a lot these days. Trust is one of those things that the scarcer it becomes, the more you find yourself thinking and talking about it. Trust is also a very fragile entity and it comes in a continuum of shades and magnitudes, from trusting your alarm clock, to implicitly trusting your mom, to trusting in God. Trust can be based on exact understanding (the alarm clock), reinforced by repeated experience (mom), or a result of pure faith (God). Trust that needs to be verified is no trust at all. Trust usually comes into play when one willingly relinquishes control over certain outcomes to a trusted entity. The amount of trust involved is in direct proportion to the importance of expected outcomes, thus “I trust you with my life” is very different than “I trust you to deliver my mail”.

For a while now, I have been following ONC’s efforts to build public trust in health information exchange and electronic health records, summarized in this appeal to patients: “If your health information is sent or used electronically, it's important that you trust the systems that protect it.” Yes, it is important and it is also not much different than trusting the United States Postal Service (USPS) to deliver your mail. You trust that your letter will be delivered in a timely manner to the intended recipient and nobody else. You trust that it will reach its destination in one piece, that nobody will open and read your letter in transit to “provide you with better service” and that the USPS will not make copies of your letters and otherwise use them or sell them to the highest bidder. Tampering with other people’s mail is a Federal offense subject to fines and jail time. Pretty good start, if you ask me.

When we advanced from paper letters to email, we paid a price for the associated convenience and instant delivery. Regular electronic mail has no envelope. Your email service providers reserves the right to read all your emails and use the content any way they see fit. Unless you take special precautions, anyone could intercept your mail and derive some joy from reading it too. Interestingly enough, most people became impervious to the loss of privacy. Now we are contemplating the exchange of health information through similar mechanisms, and we are being told that we should really use envelopes for exchanging health care information.

Our health care providers have been exchanging information about us for quite some time and much of this is done over the Internet now, but instead of using a public postal service, they established private networks and secured those as best they can, thus obviating the need for envelopes. This is very much like the diplomatic pouch system, where the channel itself is secured, but each secret document inside it is not necessarily locked down.  To be fair, the amount of data exchanged between health care providers (prescriptions, lab results, claims, radiology images, etc.) is so massive that it would be rather inefficient and expensive to start putting each message in its own separate envelope. The individual envelope system does make sense for exchanging small pieces of information with patients, and even for some small health care providers when they communicate amongst themselves and with larger ones infrequently.

But this is not just about envelopes. It is also about making sure that our messages go to the intended recipient and that we are certain that the sender is who he said he is. The last part is a bit tricky and the USPS, for example, never purported to verify the sender’s identity, maybe because mail fraud is punishable by up to 30 years imprisonment.  In lieu of similar laws for health information exchange over the Internet, we are being told that technology exists to protect us just as well. These technologies consist of software tools for proper authentication, non-repudiation, integrity, availability, confidentiality and the associated paraphernalia of cryptography, ciphers, encryption, public keys infrastructure, passwords, biometrics, tokens and networks of machines to support this mathematical infrastructure.

There may be value in explaining the technology to people, but even the most technology-challenged folks amongst us know enough to trust the machine, just like we know enough to trust that the alarm clock will go off in the morning, or that the TV will turn on when we push the power button. And we do understand that a certain rate of failure is to be expected. But, and there is always a “but”, we are not the ones pushing the buttons here. All these wondrous technologies are applied by an intermediary. Basically, we are delegating the stuffing and opening of envelopes to someone else and that someone else is not your trusted secretary of 25 years. It is a complete stranger, and if we are to comfortably exchange our secrets over the Internet, we must somehow trust that those intermediary folks are not reading our messages for entertainment in the lunch room, or making copies to read later or to sell to interested parties. It’s not about technology. It’s not about trust in the machine. It’s about trust in the operators, and we know next to nothing about those operators and their interests other than that they are called Health Internet Service Providers (HISP) and could be large clearinghouses like Surescripts, or your own EHR vendor, or a local health information exchange organization, or an independent technology firm, or anybody else selling electronic envelope stuffing and opening services.

There is of course HIPAA, and there are all the new regulations specifying what needs to be encrypted, how and when it should be exchanged, who gets to be the keeper of the keys, and the process by which we choose to participate or not. People have an expectation of privacy when seeing a doctor, although with the advent of health insurance, those expectations have been greatly diminished. We have come to accept that certain data about us is not private, but we are still holding on to the notion that other, very personal, things need not be shared outside the exam room. Doctors don’t usually report to insurers how much alcohol we consume, whether we are sexually active and in what manner, what we eat, which illegal drugs we use, how we sleep and all other intimate fears or dilemmas shared with a doctor. Your doctor is entering all this information in a computer now, giving it a life of its own, and since sooner or later this information will be leaving the doctor’s computer, it may end up in unexpected places, not because the system was breached, but because the “system” sent it there. Will it end up on Google? This is the trust issue that needs to be addressed. Or perhaps it doesn’t.

In a world where most folks are just fine with seeing targeted adds on every browser page based on the contents of their gmail messages, maybe it makes no difference to us if Google “knows” that our last A1c was >9 and a flurry of diabetic adds are unleashed when we browse the Internet. In a world unperturbed by having every smart phone equipped with what amounts to a keylogger, where the Internet Service Provider and the phone manufacturer, along with the keylogger vendor, read every text message you send, perhaps sharing your overactive bladder issues with these folks is also a nonevent. And if that’s the case, why would we even bother with triple DES or AES or Blowfish or Twofish encryption and PKI and certificates? Let’s just cut through the chase, do me and Google a favor and post the stuff to my Facebook page and maybe Tweet a quick clinical summary for my 5000 most trusted friends.

Arguments for a Universal Health Record – Part II

All animals can exchange information when in proximity to each other. Humans advanced this useful exchange to occur when the interacting parties are far apart, which makes the human animal quite unique. First came human couriers carrying verbal information, followed by human couriers carrying written missives, then came technology. Technology in the form of transportation vehicles, and technology in the form of unmanned transport of sounds and symbolic characters, changed the world. Telephones and computers on the Internet rendered the travel time of information from any point on the globe to any other point to milliseconds or less, but did not change the age old paradigm of information physically moving from one place to another. Until now.

This is the age of social media. Those of us who remember licking envelopes and stamps are often tempted to dismiss social media as a superficial waste of time better suited to perpetually distracted kids than any serious endeavor. When you think about Facebook, Twitter, Google+, Farmville and such, it is hard to believe otherwise. Ignoring the actual activities currently occurring on social media platforms, and looking exclusively at the mode of communication, one is forced to acknowledge that a change in paradigm has occurred, and we are reverting to exchanging information when we are in close proximity to each other, only this time around proximity is virtual, not physical. Information ceased to travel virtually, and instead, we do.

When we “go to” Google+ and engage in a lengthy discussion regarding Universal Health Records, we are creating and consuming content which resides in one virtual location – Google’s network of servers. If you want to participate in such conversation, you have to “come to” Google+, just like you had to come to Town Hall in days gone by, if you wanted to debate matters of importance. Unlike exchanging information by horse, train, telegraph or email, this communication paradigm is once again social, but flexible enough to occur in real time or at a time of your own choosing.

Back to medical records. Today most medical records are stored in physical format (paper) at various physical locations (brick and mortar facilities). Health information exchange is occurring mostly through courier, whether manned (patient, snail mail) or unmanned (fax). Those who advocate for electronic medical records desire to change the format of the record from physical to virtual, leaving the storage of virtual records pretty much as it is today. Once the content is computerized, it can also be exchanged by computer couriers, such as email and Electronic Data Interchange (EDI). This is supposed to make medical records “liquid” and the data can then flow from one computer to the other in a network of rivers and rivulets spanning the entire nation. Since such a complex system of waterways can be useful only if 100% clean water is allowed to flow through, as opposed to a mixture of seawater, oils, spirits, and other beverages, much care must be exercised at every medical records repository to transform whatever is released out into the public system to clean water. As discussed in part one of this series, ensuring water purity and building canals, dams and other infrastructure is expensive, fraught with peril, and assuming such system can be built, it is also obsolete right out of the box.

What problem are we attempting to solve by computerizing medical records? The customary answer to this question is that medical care has become extremely complex, it requires scores of professionals working together and, to foster better outcomes, they should all have the most accurate pertinent information at their disposal. Now, if we could bring all these professionals into one room filled with books and journals, and sit them down around one table, we would be just fine with old fashioned verbal information exchange. Since this type of physical proximity is becoming less and less likely, we find ourselves in need of a solution to allow disparate teams to collaborate on one project. We can do this the old way, and arrange for virtual information to flow electronically between team members, or we can do this the social media way, and arrange for team members to meet in one virtual space and work in virtual proximity.  But wait, there is more... In health care, our projects are longitudinal. Each episode of care builds on all previous ones and also informs all episodes to come. This in a nutshell is why the entire medical record must be an open and shared resource.

Given the realities of our health system of systems, I am being told that such selfless collaboration at the data level is very unlikely, and given the real and manufactured concerns with privacy and government oversight, having a universal comprehensive data store is politically impossible in health care. Nobody objected to the technical soundness of the proposed solution. Granted, health care is much more complex than Google+ or Google Docs, and we will need more data, more definition and a much bigger and more sophisticated transactional database structure. As much as I would like to, we cannot flip a switch and begin accumulating universal health records overnight. So how would we go about starting to move in this direction? 

One very promising idea comes from Dr. David Kibbe and the Collaborative Health Consortium. The notion of a health care collaboration platform, or clinical groupware, could do for health care what Google+ and Facebook did for virtual social interaction, but it stops short of providing a longitudinal and open medical record. If you were an avid Facebook user and recently tried to switch to Google+, you probably already encountered the big tall wall surrounding that particular platform. While this may be a minor nuisance when it comes to social media, and fully understandable from a software, or platform, vendor business perspective, it is not so minor when it comes to medical records, as every doctor who tried to switch EMRs can tell you. Every business should have the right to erect walls around its platform, its innovation and its intellectual property. No business should have the right to monopolize patient data, even if it was created by services and tools of a proprietary platform. The data layer must be separated from the service platform layer, because the data layer belongs to individuals and, in aggregate, it is a public good. 

Another suggestion was that initiating standardized information exchange may lead to the eventual creation of local and later regional data stores. Perhaps the various State HIE organizations would grow into such data repositories. Perhaps the ever expanding integrated health systems would accomplish something similar. Eventually, we may be able to connect all these repositories into a federated model of national health records. All this is possible of course, but this rudderless experiment strikes me as a major waste of time and resources. So here is a small suggestion. There are several billions of dollars appropriated for a VA/DoD joint EHR which is supposed to be open source. Presumably, such effort will yield a database schema sooner rather later. Let’s use that. Let’s define a minimum set of data, not much different than what is required to be exchanged for Meaningful Use, and begin populating a national database. It will take time before this becomes the authoritative version, but it will happen. Initially, we can mandate certified EHRs to use the national database to retrieve and update this modest dataset in real time. This should not be a very difficult task for EHR vendors. At the same time, we should allow new products to be developed against this new and open schema. What would be the cost of building a simple user interface to the Universal Health Record to display an accurate list of problems, meds, allergies, immunizations and lab results? Hint: very close to zero. What value would physicians, and patients, derive from the ability to access such definitive lists for any patient, any time, from any browser, on any device? You decide.

Health Information Exchange is an outdated paradigm. It is based on understanding the Internet to be an improved version of the Pony Express system. The Internet has evolved into something completely different and unless we evolve with it, we are doomed to be arming heavily for a war that has concluded and it will never be fought again.