Wednesday, February 29, 2012

Opportunity for HIT Vendors to Do Good

Yesterday, I found an email from Health and Human Services (HHS) in my inbox highlighting a new initiative where the “Obama Administration and Text4Baby join forces to connect pregnant women and children to health coverage and information”. The goal of this partnership is “to promote enrollment in both Medicaid and the Children’s Health Insurance Program (CHIP)”. Having more babies and children obtain insurance coverage is obviously a worthy endeavor, and if it can be accomplished by simply sending informative text messages to pregnant women, even better. Of course having insurance coverage doesn’t always translate into having access to an actual doctor, particularly for Medicaid enrollees.

In an unrelated coincidental turn of events, it just so happened that I have had the recent opportunity to spend time with large numbers of Pediatric practices, most of which were small independent practices in middle-class suburban areas. The main goal of these conversations was to elicit doctors’ opinions on Electronic Health Records (EHR). As expected, only a small fraction of independent Pediatricians are currently using fully certified EHRs, and amongst those there is an even distribution of happy customers and disillusioned ones. A significant portion is actively engaged in purchasing EHRs, but the vast majority is pondering on what to do next. It turns out that one cannot have any discussions about EHR without sooner or later digressing to costs and precarious financial situations. Yes, EHR usability, or lack thereof, comes up in casual conversation, but by far most doctors understand that paper is over and computers are here to stay whether they are perfect or not. The barrier to jumping on the EHR bandwagon is always financial. Pediatrics in particular is not a very lucrative specialty and cash reserves are practically nonexistent in these small practices. 

And here is where I observed a very interesting and very positive trend. These suburban practices are considering opening their doors to Medicaid kids in larger and larger numbers. Both the recession and the possibility of obtaining enough government incentives to cover technology purchases are responsible for this trend, which I observed locally, but may very well be larger in scope. Pediatricians (and pediatric sub-specialists) are only eligible for Medicaid incentives and only eligible for the full incentive if at least 30% of their patients are covered by Medicaid. Meaningful Use incentives were aimed at providing a partial solution to the cost conundrum, of course, but there is a chicken and egg dilemma here. You can’t get the incentives unless you buy the EHR and you can’t buy the EHR unless you get the incentives, or take a loan, which is a very frightening alternative for most small practices and for many independent physicians whose personal wealth has been decimated in the last few years.

For illustration purposes, the total first year cost of an average EHR purchase, including training, implementation and hardware is around $100,000 for a practice of 5 physicians. Medicaid first year incentives for such a practice would almost to the penny cover the initial EHR costs. More importantly, Medicaid first year incentives are based on the administrative activities of buying the EHR and NOT on achievement of Meaningful Use. It doesn’t make sense to ask Medicaid to advance doctors $100,000 based on a promise to buy an EHR, and it would be unwise to have Medicaid send incentive checks to EHR vendors, but there is a third option, which provides EHR vendors with an opportunity to do well by doing good, for a change.

Here is how I would structure this transaction:
  • EHR vendor in partnership with hardware vendor creates a bundled offering not to exceed the $21,000 per provider which is equal to the Medicaid first year incentive.
  • Practice submits proof of eligibility for Medicaid maximum incentive to vendor
  • Practice submits proof of registration with CMS and State Medicaid program
  • Practice contractually obligates itself to attest to State Medicaid and submit proof of attestation to vendor within an agreed upon timeframe from contract signing (10 working days should be fine)
  • Practice contractually obligates itself to remit full payment to vendor upon receipt of Medicaid incentives and no later than 6 months from contract signing
The value proposition to EHR (and hardware) vendors should be obvious considering that most of those who had the cash, already bought an EHR and the bulk of the remaining market is going to take its sweet good old time to “make a decision”. I do understand the implications of such arrangements to cash flow and balance sheets of technology vendors, but the competitive advantage to those larger vendors who can afford to make this offer would be big enough to warrant the costs, and the risk to the vendor is truly minimal. Yes, this would be similar to extending credit to the practice for six months, but psychologically this is very different, since there is much unwarranted mistrust amongst physicians that Medicaid will actually send them a check. Seeing that the vendor is willing to participate in taking the “risk” will generate significant and quantifiable good will.

The value proposition for society and the moms reached by Text4Baby is that the brand new coverage they are obtaining will actually come with a doctor happy to take care of their babies. Priceless.

Sunday, February 26, 2012

EHR Certification 2014 Edition

As the Centers for Medicare and Medicaid Services (CMS) released their proposal for Meaningful Use Stage 2 requirements, the Office of the National Coordinator for Health Information Technology (ONC) released its updated requirements for EHR vendors intending to support Meaningful Use Stage 2. The document is chockfull of technical specifications and details which are probably more than any physician cares to know. There are, however, a couple of good reasons why you should have a general understanding of what your vendor, or soon to be vendor, is required to do because it will affect your finances and workflow and may also present some presumably unintended legal implications to your practice.

Terminology
The ONC proposal introduces several new terms that you should be aware of in order to avoid confusion, particularly if you are contemplating the purchase of an EHR in the next couple of years. A great slide deck from ONC can be viewed here.
  • ONC HIT Certification Program – The EHR certification program has been renamed, so presumably any software you buy should state that it is ONC HIT Certified.
  • CEHRT – Certified EHR Technology – This refers to any software product that has received any type of certification under the ONC HIT Certification Program. It could be a Complete EHR or a just a Module or a collection of Modules. Note that the “C” does not imply Complete. Any given CEHRT may or may not be enough to satisfy Meaningful Use (see below).
  • 2011 Edition and 2014 Edition – ONC introduces the concept of Edition, since the certification criteria are different for 2011 and for 2014 and since it is expected that both versions could be available on the market concurrently. The Edition could be applied to a Complete EHR or an EHR Module.
  • Base EHR – ONC is defining a Base EHR as a CEHRT that has several capabilities considered mandatory for Meaningful Use. Your software package must include a Base EHR even if you can exclude some of its functionality from attestation. It is not clear if software vendors will be required to clearly state if their offering includes a Base EHR, or if it will be left to the buyer to validate that it is so.
In an attempt to provide some flexibility, mainly to hospitals and specialists, it will no longer be necessary to purchase or assemble a Complete EHR in order to qualify for Meaningful Use. Instead one only needs a Base EHR, plus whatever Modules necessary to satisfy Core measures that you cannot exclude, and the particular Menu measures you choose. You can, of course still purchase a Complete EHR, and most primary care physicians will need to do just that, but if you don’t, you should exercise extra caution and read the labels very carefully.

Timeframe
If you are a proud recipient of a Meaningful Use incentive check, or soon to be one, you will have to advance to Stage 2 starting January 1st of 2014. Since the measures for Stage 2 are a bit more difficult and the data collection, particularly for Clinical Quality Measures (CQM), is a bit more extensive, it is imperative that you have your 2014 Edition installed and ready to learn and test sometime in the third quarter of 2013 at the very latest. Remember how long it took you to start your reporting period for Stage 1, and give yourself enough time to prepare for Stage 2, since you will be learning the ropes of Stage 2 while maintaining performance of Stage 1. There is no down time between Stages and there is no margin of error in consecutive 12 months reporting periods. If your EHR vendor has a sign-up list for Stage 2 upgrades, get on that list as soon as possible.

Features & Functionality
The proposed EHR certification criteria for a 2014 Edition require significant retooling of existing certified EHRs. For those with fond memories of the additional charges levied by many EHR vendors for Meaningful Use additions in 2011, this is a cautionary tale to be repeated in 2013. You should expect various Meaningful Use Stage 2 packages to be offered by your vendor and charged separately above and beyond your yearly maintenance or subscription fees. Below are just a few highlights and by no means a comprehensive list of proposed big ticket items.

CQM Reporting – If you had to pay separately for this in Stage 1, you should expect a requirement to upgrade to a more expensive version in Stage 2, since the computational requirements are much larger in scope now. If your current software does not have a registry capable of submitting CQM electronically to CMS, one will have to be provided to you for Stage 2, and this will also cost you more money. There will be an additional time burden imposed on you or your staff for collecting various data elements which were not required for Stage 1.

Referrals – Just having your referrals going out electronically and containing the required data elements will not be enough for Stage 2. ONC proposes that at least 10% of your referrals are sent outside your organization to entities that do not happen to have the same EHR brand as you do. I trust that large health systems will be successful in lobbying ONC to loosely define the term organization and/or for exclusions to this measure for their members. If this requirement remains in effect for independent private practice, you will have to add a technology profile to your clinical and patient preference considerations before you refer someone. Since your referral choices now carry clear financial implications for your practice (Meaningful Use incentives), where there were none before, a conflict of interest between you and your patient may have just been created. [Note: For those of you who have been skeptical and dismissive of my incessant warnings that an EHR will become the cost of doing business and its absence may exclude you from the health care marketplace, this is how it starts.] Considering the obvious issues with this requirement, I am very hopeful that it will be reworded in the final rule.

Patient controlled information transmittal – Obviously patients should have the right to send their medical records to whomever they wish, and obviously (to me) patients should have full access to their medical records to view and copy or download. Most practices are using web-based patient portals for exactly this purpose, and also to realize other administrative efficiencies. Meaningful Use Stage 2 adds a requirement that your patients have the ability, and actually exercise it, to transmit this information to a third party of their choice. This means that your EHR vendor will have to provide HIPAA compliant, Direct Project compliant, information exchange capabilities for all your patients. It is likely that large EHR vendors will undertake the entire task, while the surviving small vendors will contract this out.
Without boring you to death with public/private encryption keys and security certificates details, you need to know that this is going to cost you a pretty penny and that there may be legal implications for your practice. Allowing patients to download their information and be on their own from that point on, as in your current Portal, or the various Blue Button implementations, can be handled with proper disclaimers and warnings. This new Stage 2 feature proposes that your patients use your software tools, at your behest (need them to do this in order to get incentives) to send protected health information out to recipients you have no control over. If anything goes wrong, and many things can go wrong, are you, as the secure platform provider, legally responsible for any unfortunate outcomes? If a patient (who may not even be your patient) sends you unsolicited information via this mechanism, what are your legal obligations?
In addition, and exhibiting a perplexing misunderstanding of an NIH funded project to allow patients to grant and revoke provider credentials to imaging studies, ONC is also proposing to incorporate transmittal of large imaging studies by patients to third parties through the same mechanism. Hopefully, I don’t need to elaborate on the consequences to your network and software performance once DICOM images start flowing in and out freely through your Patient Portal.

I sincerely hope that enough public comments are submitted to ONC to change their well-intended, but fraught with unintended consequences, proposals for Meaningful Use Stage 2. I would also like to urge you to get involved, read the regulations and find the time to submit your comments, because whether you have an EHR right now or not, these regulations will sooner or later affect you personally. The time to sit on the sidelines moping and groaning, while hoping that this will all go away, has long since passed.

Note: Public comments can be made here.

Thursday, February 23, 2012

Moving Up the Escalator to Stage 2

The eagerly awaited Notice of Proposed Rule Making (NPRM) on Meaningful Use Stage 2 has been finally released in a sprawling 455 pages document. If you followed the discussions of the Federal Advisory Committees over the last year or so, you would know that Meaningful Use Stage 2 is just another small step towards an overarching goal of utilizing health information technology to support current policies aimed at providing better care for individuals, better health for populations and lower the costs of health care. We can agree or disagree on the wisdom of those policies, but if you are using electronic health records or just contemplating a move to computerized records, and have an interest in obtaining Meaningful Use incentives or avoiding penalties, you should have a basic understanding of what the next step on the technology escalator consists of.

Meaningful Use Stage 2 distinguishes itself from Stage 1 mainly by proposing a major push to health information exchange. It also brings a new level of complexity to the assembly of various data sets that are intended to be exchanged with other care providers and/or patients. It would probably be a bit simpler to define one superset of information and use it for all information exchange measures. The other notable feature of Stage 2 is that a couple of measures are completely dependent on patients’ willingness and ability to engage in Internet based communications.

Basically everything that was required for Stage 1 is also required for Stage 2, although some measures have higher thresholds, and others have been consolidated in one measure, or are just implied in other measures. For physicians, Meaningful Use Stage 1 had 25 measures, of which 20 needed to be met. Stage 2 has 22 measures, of which 20 need to be fulfilled in order to qualify for incentives starting in 2014 (yes, 2014). There is still a bit of wiggle room, but not as much as in the past. Finally, just like in Stage 1, there are several exclusions available for measures that do not apply to your practice.
The following is an (almost) objective summary of the newly proposed measures.

The Departed
The following Stage 1 measures have been removed from the Stage 2 list for various reasons as described below,
  • Maintain problem lists – incorporated into summary of care measure
  • Maintain medication lists  – incorporated into summary of care measure
  • Maintain drug allergy lists – incorporated into summary of care measure
  • Perform drug formulary checks – incorporated into the electronic prescribing measure
  • Drug-drug and drug-allergy interaction alerts – incorporated into the Clinical Decision Support measure
Golden Oldies
The following measures have not changed from Stage 1 to Stage 2, but those that were optional are now mandatory.
  • Generate one list of patients with a specific condition
  • Send reminders to 10% of patients (slight change: patients of all ages not seen in over two years)
  • Provide patient education materials to patients stays at 10%
Wee Bit Harder
  • Recording patient demographics increased to 80%
  • Recording vitals increased to 80%
  • Recording smoking status increased to 80%
  • Electronic prescribing threshold up to 65% for ambulatory practice and newly added for hospital discharge medications at 10%
  • Incorporate structured lab results into the EHR is up to 55%
  • Medications reconciliation upon transition of care increased to 65%
  • Recording existence of Advanced Directives has increased to more than 50% for hospitals only.
Full Step up the Escalator
  • Computerized Physician Order Entry (CPOE) is now required for 60% of Medication orders, Laboratory orders and Radiology orders. Just to clarify, this is NOT a requirement to send orders out electronically. It is only a requirement to document the orders in the EHR.
  • Clinical Decision Support (CDS) is increased to the implementation of 5 distinct rules, related to 5 or more CQM. This should not be a major problem for most EHRs, unless the final CQM are very different than what was offered in Stage 1. Enabling drug-drug and drug-allergy alerts are in addition to the above.
  • Clinical summaries need to be made available to more than 50% of patients within 24 hours now, down from 3 days in Stage 1. Huge problem for those who don’t finish their charts on the same day. Clinical summaries should include at least the following items:
    • Patient Name.
    • Provider's name and office contact information.
    • Date and location of the visit.
    • Reason for the office visit.
    • Current problem list and any updates to it.
    • Current medication list and any updates to it.
    • Current medication allergy list and any updates to it.
    • Procedures performed during the visit.
    • Immunizations or medications administered during the visit.
    • Vital signs and any updates.
    • Laboratory test results.
    • List of diagnostic tests pending.
    • Clinical instructions.
    • Future appointments.
    • Referrals to other providers.
    • Future scheduled tests.
    • Demographics (gender, race, ethnicity, date of birth, preferred language). (New requirement for Stage 2.)
    • Smoking status (New requirement for Stage 2.)
    • Care plan field, including goals and instructions. (New requirement for Stage 2.)
    • Recommended patient decision aids (if applicable to the visit). (New requirement for Stage 2.)
  • Submission of data to immunizations registries is no longer just a test. Stage 2 requires ongoing submission to a registry. Hopefully by Stage 2 the current mess, where hundreds of fully certified EHRs are incapable of connecting to registries in reality, will be resolved.
  • Hospitals also need to have a working interface for lab results to public health entities, instead of just performing a test.
  • Menu Item (ambulatory): Syndromic Surveillance interfaces need to be operational for Stage 2. For hospitals this is mandatory.
  • Perform security risk assessment and remediation of deficiencies has not changed, but there is an explicit requirement to address “the encryption/security of data at rest”. So if you have your EHR server in your office, you will need your IT guy to pitch in a few hours here.
  • Reporting clinical quality measures to CMS increased from 6 to 12 for ambulatory physicians and is up to 24 for hospitals. There are extensive lists of measures and a couple of choices on how to pick them. Note that there are several new measures and that CMS is expecting to be able to receive these reports electronically by 2014 and therefore CQM reporting will be separate from Meaningful Use attestation for Stage 2. Unlike Stage 1, physicians would be able to elect group reporting for CQM.
New and Noteworthy
  • Hospitals must attest that 10% of medications are automatically tracked via an electronic medication administration record (eMAR).
  • View/Download/Transmit – First, more than 50% of patients must have timely online access to their health information 4 days after it is received by physicians (36 hours after discharge for hospitals). Second, over 10% of your patients must view or download or transmit their information to a third party. This will require a Patient Portal that can log visits and an upgrade to most portals to allow transmission of records to somewhere. You will need to have over half of your patients registered for the Portal, which may be a problem if most of your patients don’t have email accounts, since most EHR supplied Patient Portals require an email for registration. Note that you must somehow ensure that 1 in 10 patients actually logs into their Patient Portal account and looks at the records. The Portal must make available the following items at the very least:
    • Patient name.
    • Provider's name and office contact information.
    • Problem list.
    • Procedures.
    • Laboratory test results.
    • Medication list.
    • Medication allergy list.
    • Vital signs (height, weight, blood pressure, BMI, growth charts).
    • Smoking status.
    • Demographic information (preferred language, gender, race, ethnicity, date of birth).
    • Care plan field, including goals and instructions, and any additional known care team members beyond the referring or transitioning provider and the receiving provider.
  • Secure messaging with over 10% of patients online is another new measure that can be satisfied by having a Patient Portal. The language for this new measure indicates that the secure messages must be sent by the patients, so as with the above measure, you will have to somehow ensure that your patients send you online messages.
  • Summaries of care need to be transmitted for more than 65% of transitions or referrals. Of those over 10% must be transmitted electronically to someone not organizationally affiliated with you, AND that someone must use an EHR that is different than the one you are using. Choose your referrals wisely and make sure you inquire in advance about the EHR situation at the receiving end. You will probably have to type it in your EHR for record keeping purposes. If you work for a Kaiser-like organization, you may have a serious problem here.  Required data elements for these summaries are as follows (not sure why Meds and Allergies are excluded):
    • Patient name.
    • Referring or transitioning provider's name and office contact information (ambulatory only).
    • Procedures.
    • Relevant past diagnoses.
    • Laboratory test results.
    • Vital signs (height, weight, blood pressure, BMI, growth charts).
    • Smoking status.
    • Demographic information (preferred language, gender, race, ethnicity, date of birth).
    • Care plan field, including goals and instructions, and any additional known care team members beyond the referring or transitioning provider and the receiving provider.
    • Discharge instructions for hospitals.
  • Menu Item: Availability of images in the EHR is required for over 40% of orders for all scans and tests whose result is an image. Many EHRs will need some retooling for this and you will need some expensive interfaces to hit the 40% threshold, particularly if you order imaging tests at multiple facilities, assuming those facilities have the ability (and willingness) to provide you access to their systems. The last thing you want to do here is to have those images travel over the network. It will kill your bandwidth and your server.
  • Menu Item: Record Family History as structured data for over 20% of patients. This one is a walk in the park for practically all EHRs. Be sure to pick this one.
  • Menu Item (ambulatory): Reporting to a Cancer Registry. This will require an operational interface for the entire reporting period.
  • Menu Item (ambulatory): Reporting to a Specialized Registry (other than cancer). Here too a fully operational interface is needed. This is probably not much of a choice in most states.
If you managed to read to this point without falling asleep or suffering an anxiety attack, please note that this is just an NPRM and public comment is requested. Go ahead and make your opinions heard. CMS and ONC have listened to comments in the past and showed willingness to adjust. I would suspect that just like Meaningful Use Stage 1, these regulations will be much relaxed by the time the final rule is issued later this year, and further accommodations will be made as work in the field actually begins.

Note: Public comments can be posted here.

Sunday, February 19, 2012

Trust in the Machine

Enigma Machine
We talk about trust a lot these days. Trust is one of those things that the scarcer it becomes, the more you find yourself thinking and talking about it. Trust is also a very fragile entity and it comes in a continuum of shades and magnitudes, from trusting your alarm clock, to implicitly trusting your mom, to trusting in God. Trust can be based on exact understanding (the alarm clock), reinforced by repeated experience (mom), or a result of pure faith (God). Trust that needs to be verified is no trust at all. Trust usually comes into play when one willingly relinquishes control over certain outcomes to a trusted entity. The amount of trust involved is in direct proportion to the importance of expected outcomes, thus “I trust you with my life” is very different than “I trust you to deliver my mail”.

For a while now, I have been following ONC’s efforts to build public trust in health information exchange and electronic health records, summarized in this appeal to patients: “If your health information is sent or used electronically, it's important that you trust the systems that protect it.” Yes, it is important and it is also not much different than trusting the United States Postal Service (USPS) to deliver your mail. You trust that your letter will be delivered in a timely manner to the intended recipient and nobody else. You trust that it will reach its destination in one piece, that nobody will open and read your letter in transit to “provide you with better service” and that the USPS will not make copies of your letters and otherwise use them or sell them to the highest bidder. Tampering with other people’s mail is a Federal offense subject to fines and jail time. Pretty good start, if you ask me.

When we advanced from paper letters to email, we paid a price for the associated convenience and instant delivery. Regular electronic mail has no envelope. Your email service providers reserves the right to read all your emails and use the content any way they see fit. Unless you take special precautions, anyone could intercept your mail and derive some joy from reading it too. Interestingly enough, most people became impervious to the loss of privacy. Now we are contemplating the exchange of health information through similar mechanisms, and we are being told that we should really use envelopes for exchanging health care information.

Our health care providers have been exchanging information about us for quite some time and much of this is done over the Internet now, but instead of using a public postal service, they established private networks and secured those as best they can, thus obviating the need for envelopes. This is very much like the diplomatic pouch system, where the channel itself is secured, but each secret document inside it is not necessarily locked down.  To be fair, the amount of data exchanged between health care providers (prescriptions, lab results, claims, radiology images, etc.) is so massive that it would be rather inefficient and expensive to start putting each message in its own separate envelope. The individual envelope system does make sense for exchanging small pieces of information with patients, and even for some small health care providers when they communicate amongst themselves and with larger ones infrequently.

But this is not just about envelopes. It is also about making sure that our messages go to the intended recipient and that we are certain that the sender is who he said he is. The last part is a bit tricky and the USPS, for example, never purported to verify the sender’s identity, maybe because mail fraud is punishable by up to 30 years imprisonment.  In lieu of similar laws for health information exchange over the Internet, we are being told that technology exists to protect us just as well. These technologies consist of software tools for proper authentication, non-repudiation, integrity, availability, confidentiality and the associated paraphernalia of cryptography, ciphers, encryption, public keys infrastructure, passwords, biometrics, tokens and networks of machines to support this mathematical infrastructure.

There may be value in explaining the technology to people, but even the most technology-challenged folks amongst us know enough to trust the machine, just like we know enough to trust that the alarm clock will go off in the morning, or that the TV will turn on when we push the power button. And we do understand that a certain rate of failure is to be expected. But, and there is always a “but”, we are not the ones pushing the buttons here. All these wondrous technologies are applied by an intermediary. Basically, we are delegating the stuffing and opening of envelopes to someone else and that someone else is not your trusted secretary of 25 years. It is a complete stranger, and if we are to comfortably exchange our secrets over the Internet, we must somehow trust that those intermediary folks are not reading our messages for entertainment in the lunch room, or making copies to read later or to sell to interested parties. It’s not about technology. It’s not about trust in the machine. It’s about trust in the operators, and we know next to nothing about those operators and their interests other than that they are called Health Internet Service Providers (HISP) and could be large clearinghouses like Surescripts, or your own EHR vendor, or a local health information exchange organization, or an independent technology firm, or anybody else selling electronic envelope stuffing and opening services.

There is of course HIPAA, and there are all the new regulations specifying what needs to be encrypted, how and when it should be exchanged, who gets to be the keeper of the keys, and the process by which we choose to participate or not. People have an expectation of privacy when seeing a doctor, although with the advent of health insurance, those expectations have been greatly diminished. We have come to accept that certain data about us is not private, but we are still holding on to the notion that other, very personal, things need not be shared outside the exam room. Doctors don’t usually report to insurers how much alcohol we consume, whether we are sexually active and in what manner, what we eat, which illegal drugs we use, how we sleep and all other intimate fears or dilemmas shared with a doctor. Your doctor is entering all this information in a computer now, giving it a life of its own, and since sooner or later this information will be leaving the doctor’s computer, it may end up in unexpected places, not because the system was breached, but because the “system” sent it there. Will it end up on Google? This is the trust issue that needs to be addressed. Or perhaps it doesn’t.

In a world where most folks are just fine with seeing targeted adds on every browser page based on the contents of their gmail messages, maybe it makes no difference to us if Google “knows” that our last A1c was >9 and a flurry of diabetic adds are unleashed when we browse the Internet. In a world unperturbed by having every smart phone equipped with what amounts to a keylogger, where the Internet Service Provider and the phone manufacturer, along with the keylogger vendor, read every text message you send, perhaps sharing your overactive bladder issues with these folks is also a nonevent. And if that’s the case, why would we even bother with triple DES or AES or Blowfish or Twofish encryption and PKI and certificates? Let’s just cut through the chase, do me and Google a favor and post the stuff to my Facebook page and maybe Tweet a quick clinical summary for my 5000 most trusted friends.