Opportunity for HIT Vendors to Do Good

Yesterday, I found an email from Health and Human Services (HHS) in my inbox highlighting a new initiative where the “Obama Administration and Text4Baby join forces to connect pregnant women and children to health coverage and information”. The goal of this partnership is “to promote enrollment in both Medicaid and the Children’s Health Insurance Program (CHIP)”. Having more babies and children obtain insurance coverage is obviously a worthy endeavor, and if it can be accomplished by simply sending informative text messages to pregnant women, even better. Of course having insurance coverage doesn’t always translate into having access to an actual doctor, particularly for Medicaid enrollees.

In an unrelated coincidental turn of events, it just so happened that I have had the recent opportunity to spend time with large numbers of Pediatric practices, most of which were small independent practices in middle-class suburban areas. The main goal of these conversations was to elicit doctors’ opinions on Electronic Health Records (EHR). As expected, only a small fraction of independent Pediatricians are currently using fully certified EHRs, and amongst those there is an even distribution of happy customers and disillusioned ones. A significant portion is actively engaged in purchasing EHRs, but the vast majority is pondering on what to do next. It turns out that one cannot have any discussions about EHR without sooner or later digressing to costs and precarious financial situations. Yes, EHR usability, or lack thereof, comes up in casual conversation, but by far most doctors understand that paper is over and computers are here to stay whether they are perfect or not. The barrier to jumping on the EHR bandwagon is always financial. Pediatrics in particular is not a very lucrative specialty and cash reserves are practically nonexistent in these small practices. 

And here is where I observed a very interesting and very positive trend. These suburban practices are considering opening their doors to Medicaid kids in larger and larger numbers. Both the recession and the possibility of obtaining enough government incentives to cover technology purchases are responsible for this trend, which I observed locally, but may very well be larger in scope. Pediatricians (and pediatric sub-specialists) are only eligible for Medicaid incentives and only eligible for the full incentive if at least 30% of their patients are covered by Medicaid. Meaningful Use incentives were aimed at providing a partial solution to the cost conundrum, of course, but there is a chicken and egg dilemma here. You can’t get the incentives unless you buy the EHR and you can’t buy the EHR unless you get the incentives, or take a loan, which is a very frightening alternative for most small practices and for many independent physicians whose personal wealth has been decimated in the last few years.

For illustration purposes, the total first year cost of an average EHR purchase, including training, implementation and hardware is around $100,000 for a practice of 5 physicians. Medicaid first year incentives for such a practice would almost to the penny cover the initial EHR costs. More importantly, Medicaid first year incentives are based on the administrative activities of buying the EHR and NOT on achievement of Meaningful Use. It doesn’t make sense to ask Medicaid to advance doctors $100,000 based on a promise to buy an EHR, and it would be unwise to have Medicaid send incentive checks to EHR vendors, but there is a third option, which provides EHR vendors with an opportunity to do well by doing good, for a change.

Here is how I would structure this transaction:

• EHR vendor in partnership with hardware vendor creates a bundled offering not to exceed the $21,000 per provider which is equal to the Medicaid first year incentive.
• Practice submits proof of eligibility for Medicaid maximum incentive to vendor
• Practice submits proof of registration with CMS and State Medicaid program
• Practice contractually obligates itself to attest to State Medicaid and submit proof of attestation to vendor within an agreed upon timeframe from contract signing (10 working days should be fine)
• Practice contractually obligates itself to remit full payment to vendor upon receipt of Medicaid incentives and no later than 6 months from contract signing

The value proposition to EHR (and hardware) vendors should be obvious considering that most of those who had the cash, already bought an EHR and the bulk of the remaining market is going to take its sweet good old time to “make a decision”. I do understand the implications of such arrangements to cash flow and balance sheets of technology vendors, but the competitive advantage to those larger vendors who can afford to make this offer would be big enough to warrant the costs, and the risk to the vendor is truly minimal. Yes, this would be similar to extending credit to the practice for six months, but psychologically this is very different, since there is much unwarranted mistrust amongst physicians that Medicaid will actually send them a check. Seeing that the vendor is willing to participate in taking the “risk” will generate significant and quantifiable good will.

The value proposition for society and the moms reached by Text4Baby is that the brand new coverage they are obtaining will actually come with a doctor happy to take care of their babies. Priceless.

EHR Certification 2014 Edition

As the Centers for Medicare and Medicaid Services (CMS) released their proposal for Meaningful Use Stage 2 requirements, the Office of the National Coordinator for Health Information Technology (ONC) released its updated requirements for EHR vendors intending to support Meaningful Use Stage 2. The document is chockfull of technical specifications and details which are probably more than any physician cares to know. There are, however, a couple of good reasons why you should have a general understanding of what your vendor, or soon to be vendor, is required to do because it will affect your finances and workflow and may also present some presumably unintended legal implications to your practice.

Terminology
The ONC proposal introduces several new terms that you should be aware of in order to avoid confusion, particularly if you are contemplating the purchase of an EHR in the next couple of years. A great slide deck from ONC can be viewed here.

• ONC HIT Certification Program – The EHR certification program has been renamed, so presumably any software you buy should state that it is ONC HIT Certified.
• CEHRT – Certified EHR Technology – This refers to any software product that has received any type of certification under the ONC HIT Certification Program. It could be a Complete EHR or a just a Module or a collection of Modules. Note that the “C” does not imply Complete. Any given CEHRT may or may not be enough to satisfy Meaningful Use (see below).
• 2011 Edition and 2014 Edition – ONC introduces the concept of Edition, since the certification criteria are different for 2011 and for 2014 and since it is expected that both versions could be available on the market concurrently. The Edition could be applied to a Complete EHR or an EHR Module.
• Base EHR – ONC is defining a Base EHR as a CEHRT that has several capabilities considered mandatory for Meaningful Use. Your software package must include a Base EHR even if you can exclude some of its functionality from attestation. It is not clear if software vendors will be required to clearly state if their offering includes a Base EHR, or if it will be left to the buyer to validate that it is so.

In an attempt to provide some flexibility, mainly to hospitals and specialists, it will no longer be necessary to purchase or assemble a Complete EHR in order to qualify for Meaningful Use. Instead one only needs a Base EHR, plus whatever Modules necessary to satisfy Core measures that you cannot exclude, and the particular Menu measures you choose. You can, of course still purchase a Complete EHR, and most primary care physicians will need to do just that, but if you don’t, you should exercise extra caution and read the labels very carefully.

Timeframe
If you are a proud recipient of a Meaningful Use incentive check, or soon to be one, you will have to advance to Stage 2 starting January 1st of 2014. Since the measures for Stage 2 are a bit more difficult and the data collection, particularly for Clinical Quality Measures (CQM), is a bit more extensive, it is imperative that you have your 2014 Edition installed and ready to learn and test sometime in the third quarter of 2013 at the very latest. Remember how long it took you to start your reporting period for Stage 1, and give yourself enough time to prepare for Stage 2, since you will be learning the ropes of Stage 2 while maintaining performance of Stage 1. There is no down time between Stages and there is no margin of error in consecutive 12 months reporting periods. If your EHR vendor has a sign-up list for Stage 2 upgrades, get on that list as soon as possible.

Features & Functionality
The proposed EHR certification criteria for a 2014 Edition require significant retooling of existing certified EHRs. For those with fond memories of the additional charges levied by many EHR vendors for Meaningful Use additions in 2011, this is a cautionary tale to be repeated in 2013. You should expect various Meaningful Use Stage 2 packages to be offered by your vendor and charged separately above and beyond your yearly maintenance or subscription fees. Below are just a few highlights and by no means a comprehensive list of proposed big ticket items.

CQM Reporting – If you had to pay separately for this in Stage 1, you should expect a requirement to upgrade to a more expensive version in Stage 2, since the computational requirements are much larger in scope now. If your current software does not have a registry capable of submitting CQM electronically to CMS, one will have to be provided to you for Stage 2, and this will also cost you more money. There will be an additional time burden imposed on you or your staff for collecting various data elements which were not required for Stage 1.

Referrals – Just having your referrals going out electronically and containing the required data elements will not be enough for Stage 2. ONC proposes that at least 10% of your referrals are sent outside your organization to entities that do not happen to have the same EHR brand as you do. I trust that large health systems will be successful in lobbying ONC to loosely define the term organization and/or for exclusions to this measure for their members. If this requirement remains in effect for independent private practice, you will have to add a technology profile to your clinical and patient preference considerations before you refer someone. Since your referral choices now carry clear financial implications for your practice (Meaningful Use incentives), where there were none before, a conflict of interest between you and your patient may have just been created. [Note: For those of you who have been skeptical and dismissive of my incessant warnings that an EHR will become the cost of doing business and its absence may exclude you from the health care marketplace, this is how it starts.] Considering the obvious issues with this requirement, I am very hopeful that it will be reworded in the final rule.

Patient controlled information transmittal – Obviously patients should have the right to send their medical records to whomever they wish, and obviously (to me) patients should have full access to their medical records to view and copy or download. Most practices are using web-based patient portals for exactly this purpose, and also to realize other administrative efficiencies. Meaningful Use Stage 2 adds a requirement that your patients have the ability, and actually exercise it, to transmit this information to a third party of their choice. This means that your EHR vendor will have to provide HIPAA compliant, Direct Project compliant, information exchange capabilities for all your patients. It is likely that large EHR vendors will undertake the entire task, while the surviving small vendors will contract this out.
Without boring you to death with public/private encryption keys and security certificates details, you need to know that this is going to cost you a pretty penny and that there may be legal implications for your practice. Allowing patients to download their information and be on their own from that point on, as in your current Portal, or the various Blue Button implementations, can be handled with proper disclaimers and warnings. This new Stage 2 feature proposes that your patients use your software tools, at your behest (need them to do this in order to get incentives) to send protected health information out to recipients you have no control over. If anything goes wrong, and many things can go wrong, are you, as the secure platform provider, legally responsible for any unfortunate outcomes? If a patient (who may not even be your patient) sends you unsolicited information via this mechanism, what are your legal obligations?
In addition, and exhibiting a perplexing misunderstanding of an NIH funded project to allow patients to grant and revoke provider credentials to imaging studies, ONC is also proposing to incorporate transmittal of large imaging studies by patients to third parties through the same mechanism. Hopefully, I don’t need to elaborate on the consequences to your network and software performance once DICOM images start flowing in and out freely through your Patient Portal.

I sincerely hope that enough public comments are submitted to ONC to change their well-intended, but fraught with unintended consequences, proposals for Meaningful Use Stage 2. I would also like to urge you to get involved, read the regulations and find the time to submit your comments, because whether you have an EHR right now or not, these regulations will sooner or later affect you personally. The time to sit on the sidelines moping and groaning, while hoping that this will all go away, has long since passed.

Note: Public comments can be made here.

Moving Up the Escalator to Stage 2

The eagerly awaited Notice of Proposed Rule Making (NPRM) on Meaningful Use Stage 2 has been finally released in a sprawling 455 pages document. If you followed the discussions of the Federal Advisory Committees over the last year or so, you would know that Meaningful Use Stage 2 is just another small step towards an overarching goal of utilizing health information technology to support current policies aimed at providing better care for individuals, better health for populations and lower the costs of health care. We can agree or disagree on the wisdom of those policies, but if you are using electronic health records or just contemplating a move to computerized records, and have an interest in obtaining Meaningful Use incentives or avoiding penalties, you should have a basic understanding of what the next step on the technology escalator consists of.

Meaningful Use Stage 2 distinguishes itself from Stage 1 mainly by proposing a major push to health information exchange. It also brings a new level of complexity to the assembly of various data sets that are intended to be exchanged with other care providers and/or patients. It would probably be a bit simpler to define one superset of information and use it for all information exchange measures. The other notable feature of Stage 2 is that a couple of measures are completely dependent on patients’ willingness and ability to engage in Internet based communications.

Basically everything that was required for Stage 1 is also required for Stage 2, although some measures have higher thresholds, and others have been consolidated in one measure, or are just implied in other measures. For physicians, Meaningful Use Stage 1 had 25 measures, of which 20 needed to be met. Stage 2 has 22 measures, of which 20 need to be fulfilled in order to qualify for incentives starting in 2014 (yes, 2014). There is still a bit of wiggle room, but not as much as in the past. Finally, just like in Stage 1, there are several exclusions available for measures that do not apply to your practice.
The following is an (almost) objective summary of the newly proposed measures.

The Departed
The following Stage 1 measures have been removed from the Stage 2 list for various reasons as described below,

• Maintain problem lists – incorporated into summary of care measure
• Maintain medication lists  – incorporated into summary of care measure
• Maintain drug allergy lists – incorporated into summary of care measure
• Perform drug formulary checks – incorporated into the electronic prescribing measure
• Drug-drug and drug-allergy interaction alerts – incorporated into the Clinical Decision Support measure

Golden Oldies
The following measures have not changed from Stage 1 to Stage 2, but those that were optional are now mandatory.

• Generate one list of patients with a specific condition
• Send reminders to 10% of patients (slight change: patients of all ages not seen in over two years)
• Provide patient education materials to patients stays at 10%

Wee Bit Harder

• Recording patient demographics increased to 80%
• Recording vitals increased to 80%
• Recording smoking status increased to 80%
• Electronic prescribing threshold up to 65% for ambulatory practice and newly added for hospital discharge medications at 10%
• Incorporate structured lab results into the EHR is up to 55%
• Medications reconciliation upon transition of care increased to 65%
• Recording existence of Advanced Directives has increased to more than 50% for hospitals only.

Full Step up the Escalator

• Computerized Physician Order Entry (CPOE) is now required for 60% of Medication orders, Laboratory orders and Radiology orders. Just to clarify, this is NOT a requirement to send orders out electronically. It is only a requirement to document the orders in the EHR.
• Clinical Decision Support (CDS) is increased to the implementation of 5 distinct rules, related to 5 or more CQM. This should not be a major problem for most EHRs, unless the final CQM are very different than what was offered in Stage 1. Enabling drug-drug and drug-allergy alerts are in addition to the above.
• Clinical summaries need to be made available to more than 50% of patients within 24 hours now, down from 3 days in Stage 1. Huge problem for those who don’t finish their charts on the same day. Clinical summaries should include at least the following items:
• Patient Name.
• Provider's name and office contact information.
• Date and location of the visit.
• Reason for the office visit.
• Current problem list and any updates to it.
• Current medication list and any updates to it.
• Current medication allergy list and any updates to it.
• Procedures performed during the visit.
• Immunizations or medications administered during the visit.
• Vital signs and any updates.
• Laboratory test results.
• List of diagnostic tests pending.
• Clinical instructions.
• Future appointments.
• Referrals to other providers.
• Future scheduled tests.
• Demographics (gender, race, ethnicity, date of birth, preferred language). (New requirement for Stage 2.)
• Smoking status (New requirement for Stage 2.)
• Care plan field, including goals and instructions. (New requirement for Stage 2.)
• Recommended patient decision aids (if applicable to the visit). (New requirement for Stage 2.)
• Submission of data to immunizations registries is no longer just a test. Stage 2 requires ongoing submission to a registry. Hopefully by Stage 2 the current mess, where hundreds of fully certified EHRs are incapable of connecting to registries in reality, will be resolved.
• Hospitals also need to have a working interface for lab results to public health entities, instead of just performing a test.
• Menu Item (ambulatory): Syndromic Surveillance interfaces need to be operational for Stage 2. For hospitals this is mandatory.
• Perform security risk assessment and remediation of deficiencies has not changed, but there is an explicit requirement to address “the encryption/security of data at rest”. So if you have your EHR server in your office, you will need your IT guy to pitch in a few hours here.
• Reporting clinical quality measures to CMS increased from 6 to 12 for ambulatory physicians and is up to 24 for hospitals. There are extensive lists of measures and a couple of choices on how to pick them. Note that there are several new measures and that CMS is expecting to be able to receive these reports electronically by 2014 and therefore CQM reporting will be separate from Meaningful Use attestation for Stage 2. Unlike Stage 1, physicians would be able to elect group reporting for CQM.

New and Noteworthy

• Hospitals must attest that 10% of medications are automatically tracked via an electronic medication administration record (eMAR).
• View/Download/Transmit – First, more than 50% of patients must have timely online access to their health information 4 days after it is received by physicians (36 hours after discharge for hospitals). Second, over 10% of your patients must view or download or transmit their information to a third party. This will require a Patient Portal that can log visits and an upgrade to most portals to allow transmission of records to somewhere. You will need to have over half of your patients registered for the Portal, which may be a problem if most of your patients don’t have email accounts, since most EHR supplied Patient Portals require an email for registration. Note that you must somehow ensure that 1 in 10 patients actually logs into their Patient Portal account and looks at the records. The Portal must make available the following items at the very least:
• Patient name.
• Provider's name and office contact information.
• Problem list.
• Procedures.
• Laboratory test results.
• Medication list.
• Medication allergy list.
• Vital signs (height, weight, blood pressure, BMI, growth charts).
• Smoking status.
• Demographic information (preferred language, gender, race, ethnicity, date of birth).
• Care plan field, including goals and instructions, and any additional known care team members beyond the referring or transitioning provider and the receiving provider.
• Secure messaging with over 10% of patients online is another new measure that can be satisfied by having a Patient Portal. The language for this new measure indicates that the secure messages must be sent by the patients, so as with the above measure, you will have to somehow ensure that your patients send you online messages.
• Summaries of care need to be transmitted for more than 65% of transitions or referrals. Of those over 10% must be transmitted electronically to someone not organizationally affiliated with you, AND that someone must use an EHR that is different than the one you are using. Choose your referrals wisely and make sure you inquire in advance about the EHR situation at the receiving end. You will probably have to type it in your EHR for record keeping purposes. If you work for a Kaiser-like organization, you may have a serious problem here.  Required data elements for these summaries are as follows (not sure why Meds and Allergies are excluded):
• Patient name.
• Referring or transitioning provider's name and office contact information (ambulatory only).
• Procedures.
• Relevant past diagnoses.
• Laboratory test results.
• Vital signs (height, weight, blood pressure, BMI, growth charts).
• Smoking status.
• Demographic information (preferred language, gender, race, ethnicity, date of birth).
• Care plan field, including goals and instructions, and any additional known care team members beyond the referring or transitioning provider and the receiving provider.
• Discharge instructions for hospitals.
• Menu Item: Availability of images in the EHR is required for over 40% of orders for all scans and tests whose result is an image. Many EHRs will need some retooling for this and you will need some expensive interfaces to hit the 40% threshold, particularly if you order imaging tests at multiple facilities, assuming those facilities have the ability (and willingness) to provide you access to their systems. The last thing you want to do here is to have those images travel over the network. It will kill your bandwidth and your server.
• Menu Item: Record Family History as structured data for over 20% of patients. This one is a walk in the park for practically all EHRs. Be sure to pick this one.
• Menu Item (ambulatory): Reporting to a Cancer Registry. This will require an operational interface for the entire reporting period.
• Menu Item (ambulatory): Reporting to a Specialized Registry (other than cancer). Here too a fully operational interface is needed. This is probably not much of a choice in most states.

If you managed to read to this point without falling asleep or suffering an anxiety attack, please note that this is just an NPRM and public comment is requested. Go ahead and make your opinions heard. CMS and ONC have listened to comments in the past and showed willingness to adjust. I would suspect that just like Meaningful Use Stage 1, these regulations will be much relaxed by the time the final rule is issued later this year, and further accommodations will be made as work in the field actually begins.

Note: Public comments can be posted here.

Trust in the Machine

Enigma Machine

We talk about trust a lot these days. Trust is one of those things that the scarcer it becomes, the more you find yourself thinking and talking about it. Trust is also a very fragile entity and it comes in a continuum of shades and magnitudes, from trusting your alarm clock, to implicitly trusting your mom, to trusting in God. Trust can be based on exact understanding (the alarm clock), reinforced by repeated experience (mom), or a result of pure faith (God). Trust that needs to be verified is no trust at all. Trust usually comes into play when one willingly relinquishes control over certain outcomes to a trusted entity. The amount of trust involved is in direct proportion to the importance of expected outcomes, thus “I trust you with my life” is very different than “I trust you to deliver my mail”.

For a while now, I have been following ONC’s efforts to build public trust in health information exchange and electronic health records, summarized in this appeal to patients: “If your health information is sent or used electronically, it's important that you trust the systems that protect it.” Yes, it is important and it is also not much different than trusting the United States Postal Service (USPS) to deliver your mail. You trust that your letter will be delivered in a timely manner to the intended recipient and nobody else. You trust that it will reach its destination in one piece, that nobody will open and read your letter in transit to “provide you with better service” and that the USPS will not make copies of your letters and otherwise use them or sell them to the highest bidder. Tampering with other people’s mail is a Federal offense subject to fines and jail time. Pretty good start, if you ask me.

When we advanced from paper letters to email, we paid a price for the associated convenience and instant delivery. Regular electronic mail has no envelope. Your email service providers reserves the right to read all your emails and use the content any way they see fit. Unless you take special precautions, anyone could intercept your mail and derive some joy from reading it too. Interestingly enough, most people became impervious to the loss of privacy. Now we are contemplating the exchange of health information through similar mechanisms, and we are being told that we should really use envelopes for exchanging health care information.

Our health care providers have been exchanging information about us for quite some time and much of this is done over the Internet now, but instead of using a public postal service, they established private networks and secured those as best they can, thus obviating the need for envelopes. This is very much like the diplomatic pouch system, where the channel itself is secured, but each secret document inside it is not necessarily locked down.  To be fair, the amount of data exchanged between health care providers (prescriptions, lab results, claims, radiology images, etc.) is so massive that it would be rather inefficient and expensive to start putting each message in its own separate envelope. The individual envelope system does make sense for exchanging small pieces of information with patients, and even for some small health care providers when they communicate amongst themselves and with larger ones infrequently.

But this is not just about envelopes. It is also about making sure that our messages go to the intended recipient and that we are certain that the sender is who he said he is. The last part is a bit tricky and the USPS, for example, never purported to verify the sender’s identity, maybe because mail fraud is punishable by up to 30 years imprisonment.  In lieu of similar laws for health information exchange over the Internet, we are being told that technology exists to protect us just as well. These technologies consist of software tools for proper authentication, non-repudiation, integrity, availability, confidentiality and the associated paraphernalia of cryptography, ciphers, encryption, public keys infrastructure, passwords, biometrics, tokens and networks of machines to support this mathematical infrastructure.

There may be value in explaining the technology to people, but even the most technology-challenged folks amongst us know enough to trust the machine, just like we know enough to trust that the alarm clock will go off in the morning, or that the TV will turn on when we push the power button. And we do understand that a certain rate of failure is to be expected. But, and there is always a “but”, we are not the ones pushing the buttons here. All these wondrous technologies are applied by an intermediary. Basically, we are delegating the stuffing and opening of envelopes to someone else and that someone else is not your trusted secretary of 25 years. It is a complete stranger, and if we are to comfortably exchange our secrets over the Internet, we must somehow trust that those intermediary folks are not reading our messages for entertainment in the lunch room, or making copies to read later or to sell to interested parties. It’s not about technology. It’s not about trust in the machine. It’s about trust in the operators, and we know next to nothing about those operators and their interests other than that they are called Health Internet Service Providers (HISP) and could be large clearinghouses like Surescripts, or your own EHR vendor, or a local health information exchange organization, or an independent technology firm, or anybody else selling electronic envelope stuffing and opening services.

There is of course HIPAA, and there are all the new regulations specifying what needs to be encrypted, how and when it should be exchanged, who gets to be the keeper of the keys, and the process by which we choose to participate or not. People have an expectation of privacy when seeing a doctor, although with the advent of health insurance, those expectations have been greatly diminished. We have come to accept that certain data about us is not private, but we are still holding on to the notion that other, very personal, things need not be shared outside the exam room. Doctors don’t usually report to insurers how much alcohol we consume, whether we are sexually active and in what manner, what we eat, which illegal drugs we use, how we sleep and all other intimate fears or dilemmas shared with a doctor. Your doctor is entering all this information in a computer now, giving it a life of its own, and since sooner or later this information will be leaving the doctor’s computer, it may end up in unexpected places, not because the system was breached, but because the “system” sent it there. Will it end up on Google? This is the trust issue that needs to be addressed. Or perhaps it doesn’t.

In a world where most folks are just fine with seeing targeted adds on every browser page based on the contents of their gmail messages, maybe it makes no difference to us if Google “knows” that our last A1c was >9 and a flurry of diabetic adds are unleashed when we browse the Internet. In a world unperturbed by having every smart phone equipped with what amounts to a keylogger, where the Internet Service Provider and the phone manufacturer, along with the keylogger vendor, read every text message you send, perhaps sharing your overactive bladder issues with these folks is also a nonevent. And if that’s the case, why would we even bother with triple DES or AES or Blowfish or Twofish encryption and PKI and certificates? Let’s just cut through the chase, do me and Google a favor and post the stuff to my Facebook page and maybe Tweet a quick clinical summary for my 5000 most trusted friends.

Arguments for a Universal Health Record – Part II

All animals can exchange information when in proximity to each other. Humans advanced this useful exchange to occur when the interacting parties are far apart, which makes the human animal quite unique. First came human couriers carrying verbal information, followed by human couriers carrying written missives, then came technology. Technology in the form of transportation vehicles, and technology in the form of unmanned transport of sounds and symbolic characters, changed the world. Telephones and computers on the Internet rendered the travel time of information from any point on the globe to any other point to milliseconds or less, but did not change the age old paradigm of information physically moving from one place to another. Until now.

This is the age of social media. Those of us who remember licking envelopes and stamps are often tempted to dismiss social media as a superficial waste of time better suited to perpetually distracted kids than any serious endeavor. When you think about Facebook, Twitter, Google+, Farmville and such, it is hard to believe otherwise. Ignoring the actual activities currently occurring on social media platforms, and looking exclusively at the mode of communication, one is forced to acknowledge that a change in paradigm has occurred, and we are reverting to exchanging information when we are in close proximity to each other, only this time around proximity is virtual, not physical. Information ceased to travel virtually, and instead, we do.

When we “go to” Google+ and engage in a lengthy discussion regarding Universal Health Records, we are creating and consuming content which resides in one virtual location – Google’s network of servers. If you want to participate in such conversation, you have to “come to” Google+, just like you had to come to Town Hall in days gone by, if you wanted to debate matters of importance. Unlike exchanging information by horse, train, telegraph or email, this communication paradigm is once again social, but flexible enough to occur in real time or at a time of your own choosing.

Back to medical records. Today most medical records are stored in physical format (paper) at various physical locations (brick and mortar facilities). Health information exchange is occurring mostly through courier, whether manned (patient, snail mail) or unmanned (fax). Those who advocate for electronic medical records desire to change the format of the record from physical to virtual, leaving the storage of virtual records pretty much as it is today. Once the content is computerized, it can also be exchanged by computer couriers, such as email and Electronic Data Interchange (EDI). This is supposed to make medical records “liquid” and the data can then flow from one computer to the other in a network of rivers and rivulets spanning the entire nation. Since such a complex system of waterways can be useful only if 100% clean water is allowed to flow through, as opposed to a mixture of seawater, oils, spirits, and other beverages, much care must be exercised at every medical records repository to transform whatever is released out into the public system to clean water. As discussed in part one of this series, ensuring water purity and building canals, dams and other infrastructure is expensive, fraught with peril, and assuming such system can be built, it is also obsolete right out of the box.

What problem are we attempting to solve by computerizing medical records? The customary answer to this question is that medical care has become extremely complex, it requires scores of professionals working together and, to foster better outcomes, they should all have the most accurate pertinent information at their disposal. Now, if we could bring all these professionals into one room filled with books and journals, and sit them down around one table, we would be just fine with old fashioned verbal information exchange. Since this type of physical proximity is becoming less and less likely, we find ourselves in need of a solution to allow disparate teams to collaborate on one project. We can do this the old way, and arrange for virtual information to flow electronically between team members, or we can do this the social media way, and arrange for team members to meet in one virtual space and work in virtual proximity.  But wait, there is more... In health care, our projects are longitudinal. Each episode of care builds on all previous ones and also informs all episodes to come. This in a nutshell is why the entire medical record must be an open and shared resource.

Given the realities of our health system of systems, I am being told that such selfless collaboration at the data level is very unlikely, and given the real and manufactured concerns with privacy and government oversight, having a universal comprehensive data store is politically impossible in health care. Nobody objected to the technical soundness of the proposed solution. Granted, health care is much more complex than Google+ or Google Docs, and we will need more data, more definition and a much bigger and more sophisticated transactional database structure. As much as I would like to, we cannot flip a switch and begin accumulating universal health records overnight. So how would we go about starting to move in this direction? 

One very promising idea comes from Dr. David Kibbe and the Collaborative Health Consortium. The notion of a health care collaboration platform, or clinical groupware, could do for health care what Google+ and Facebook did for virtual social interaction, but it stops short of providing a longitudinal and open medical record. If you were an avid Facebook user and recently tried to switch to Google+, you probably already encountered the big tall wall surrounding that particular platform. While this may be a minor nuisance when it comes to social media, and fully understandable from a software, or platform, vendor business perspective, it is not so minor when it comes to medical records, as every doctor who tried to switch EMRs can tell you. Every business should have the right to erect walls around its platform, its innovation and its intellectual property. No business should have the right to monopolize patient data, even if it was created by services and tools of a proprietary platform. The data layer must be separated from the service platform layer, because the data layer belongs to individuals and, in aggregate, it is a public good. 

Another suggestion was that initiating standardized information exchange may lead to the eventual creation of local and later regional data stores. Perhaps the various State HIE organizations would grow into such data repositories. Perhaps the ever expanding integrated health systems would accomplish something similar. Eventually, we may be able to connect all these repositories into a federated model of national health records. All this is possible of course, but this rudderless experiment strikes me as a major waste of time and resources. So here is a small suggestion. There are several billions of dollars appropriated for a VA/DoD joint EHR which is supposed to be open source. Presumably, such effort will yield a database schema sooner rather later. Let’s use that. Let’s define a minimum set of data, not much different than what is required to be exchanged for Meaningful Use, and begin populating a national database. It will take time before this becomes the authoritative version, but it will happen. Initially, we can mandate certified EHRs to use the national database to retrieve and update this modest dataset in real time. This should not be a very difficult task for EHR vendors. At the same time, we should allow new products to be developed against this new and open schema. What would be the cost of building a simple user interface to the Universal Health Record to display an accurate list of problems, meds, allergies, immunizations and lab results? Hint: very close to zero. What value would physicians, and patients, derive from the ability to access such definitive lists for any patient, any time, from any browser, on any device? You decide.

Health Information Exchange is an outdated paradigm. It is based on understanding the Internet to be an improved version of the Pony Express system. The Internet has evolved into something completely different and unless we evolve with it, we are doomed to be arming heavily for a war that has concluded and it will never be fought again.

Arguments for a Universal Health Record

We passed the one thousand mark on products certified as EHR technologies for ambulatory care and the five hundred mark for inpatient care, and there is no relief in sight. In addition, there are multiple other software products that are routinely used in health care, such as standalone practice management and billing systems, claim processing software, pharmacy programs, lab, imaging and other diagnostics software, personal health records products, and more recently a veritable explosion in mobile applications ranging from monitoring your heart to evaluating your happiness. I don’t know of any other industry where so many disparate software packages are able to communicate and cooperate with each other seamlessly, and yet this is the goal of the gargantuan effort of those who develop interoperability standards in health care. If you’ve ever been involved in software systems integration, you probably know all too well that the weakest and most unstable link is always at the interface between products, even those built by the same vendor, regardless of the agreed upon standard. When it comes to seamless operations and cost effectiveness, nothing beats true database level integration.

For those who read this and have an irresistible kneejerk reaction tempting them to cite examples such as ATM networks, telephone networks, Google or email, please understand that this is an apples to unicorns comparison. Assuming that our ultimate goal is to have all health records for all people available at all geographic locations at all times, is weaving a web of rickety interfaces between thousands of products, really the best option? It is, if you sell existing, or enabling, technology for this arrangement, and it is not, if you intend to use, or pay for, the end solution.

The usual arguments against a Universal Health Record, and its scary database in the sky, are that we must build on existing infrastructure; that rip-and-replace is cost prohibitive; that a free market should provide as many choices as possible; and that privacy is best served by keeping data close to home, and certainly out of the hands of Big Government. Sounds pretty reasonable. What if we dig a bit below the surface though?

Medical Records

• Assumption: At any given moment in time there can be only one correct version of a complete medical record for any one person
• Fact: Currently, various parts of the medical record are stored at various locations, by various organizations, in various formats
• Fact: Most organizations possess unique content, but also content overlapping with what others store, containing multiple discrepancies and various errors
• Observation: Using partial medical records for provision of care could be desirable, inconsequential, dangerous or lethal, depending on which parts are missing
• Observation: There is conceptually no reliable way to know whether parts of the medical record are missing at the point of care, let alone ascertain the criticality of missing parts

Health Information Exchange (HIE), as its name indicates, is intended to shuffle fragments of the medical record from one organization to another just in time to inform the provision of care. The government and various other organizations are diligently working on standardizing the contents, the format and the means by which medical records data is communicated. Since the thousands of software programs deployed in health care all store data in different formats, using different data dictionaries, different storage systems and different terminology, it is envisioned that each system will have some sort of transformer at its edge that will translate the inner workings of the system before sending information out, and execute the reverse procedure before letting outside information in. Once the standards are finalized, all technology vendors will be building (or buying) such “transformers” and everybody will be communicating seamlessly. Could it really be that simple?

Reconciliation

Unlike banking, where managing a checking account at your local bank does not require immediate information on your Cayman Islands holdings, medical care operates on a single record set of data elements. Since this record set is being altered at various care facilities, health information exchange must continuously reconcile the data elements. So for example, let’s say that you visit your primary care doctor complaining of chest pain and he diagnoses gastrointestinal disease and prescribes antacids, but you are still concerned and decide to see a cardiologist in the city, who diagnoses angina. Shortly after visiting the cardiologist office you get hit by a bus and end up in the local ER. Was your cardiologist aware that you have been complaining of chest pain for the last 20 years, angina was repeatedly ruled out in spite of your concerns that Aunt Mary also has angina, and antacids always worked for you? Is the ER aware that you just got diagnosed with angina and have a shiny NitroMist sample in the backseat of your car? Is your primary care doc going to be appraised of your adventures?  In a world of perfect information exchange the answer is yes to all questions.

However, perfect information exchange in this case requires that your primary care physician pushed your medical records out to the cardiologist, including your fixation with angina and Big Macs, or that the cardiologist was able to locate your primary care records and pull the information in. It also requires that the ER was able to obtain your primary care records from back home, any other medical records from other providers and also the very recent cardiologist records and combine all those data points in one authoritative record set. This reconciliation process would occur every time you seek care and every time you, or other diagnostic facilities and eventually devices, update your records in any fashion. And these transactions will have to execute without a unique patient identifier just for you, and while processing and propagating privacy rules which may differ between various care providers and exchange intermediaries.

Now imagine millions of people with similar needs, and you have many millions of transactions flying around back and forth between thousands of software programs executing in hundreds of thousands of locations, from industrial strength data centers to the lonely Dell server under the printer in a doctor’s office. Yes, the contents will be standardized by those edge transformers, but every relay, every handshake, every acknowledgement and every translation back and forth to the native software program constitutes a point of possible failure, and every reconciliation of multiple messages from disparate sources is an error waiting to happen.  In computer land errors don’t usually wait for too long before they happen, and this has nothing to do with lack of standards. Sending applications lose connectivity intermittently and go into a peculiar state of limbo. Receiving applications often get stuck on one bad message, creating huge processing queues on the other end. Messages mysteriously disappear only to be found in a log file or another patient’s chart. Every new release is always an adventure. This is how things are today, with only a fraction of the envisioned number of transactions in the brave new world of a seamlessly connected health care system.

The Power of One

The alternative to having a flimsy system with a multitude of moving parts is to have one unified database system, with one architecture and one schema definition. This does not necessarily mean one EHR. We could of course have a single EHR built on top of this database system, but for those concerned with innovation, free markets and with the problematic one size fits all approach, by all means, let’s build thousands of EHRs with user interfaces and functionality to fit every individual preference, all accessing the same exact database, containing the same exact records. This Universal Health Record will be, by definition, complete and correct at all times, since all health care applications will be built on top of this database, much like browsers are built on top of the World Wide Web. Switching EHRs should be as simple and straightforward as changing from Firefox to Chrome, not to mention how happy the folks advocating substitutable applications instead of walled gardens would be. Oh, and the sum total of investment in a homogeneous data infrastructure is dwarfed by the various other public and private initiatives, all ultimately funded by tax payers.

The 800 pounds gorilla in the room is of course privacy and to a much lesser extent security. A medical database system of this magnitude would have to be built and administered by the Federal Government. Patients would have to be uniquely identified in the system. Granted such Universal Health Record would accessorize well with a universal health care system, but let’s face it, if you are on Medicare or Medicaid, the government already has your medical records. Private payers have mega databases chockfull of medical records and so do EHR companies and pharmacies. Your data is being constantly de-identified, sold, re-identified and exploited for financial profit. Once the planned information exchange network kicks in, a host of State and private agencies will also begin building their own repositories of medical records. The privacy horse has left the barn, and the best we can do now is regulate the use of what was once private. At a minimum, the Universal Health Records database will ensure that you can see everything everybody else is seeing and have some say in its accuracy and utilization, which is orders of magnitudes better that the alternative.

Commedia dell'Arte

"Accountability is something that is left when responsibility has been subtracted."
-- Pasi Sahlberg


This was the year when America turned on its doctors, and on itself. Not the 300 million citizens who are busy with other existential threats, but the elite 1% that effectively runs America, and the cadres of intellectuals who provide grant funded scientific cover to our leaders no matter how misguided they seem to be.  Health care is a fiscal mess and someone, other than policy makers, must be held accountable. The greedy little doctors who are over treating us to enrich themselves are a good target and so are all of us greedy little people who refuse to go peacefully and expediently into the night. The same strategy is being applied to education, with the pathetic self-serving teachers obsessed with their benefits and the misfit children who ought to be cleaning toilets instead of learning, identified as the culprits for our educational fiasco. Mind you, the elite 1% is not experiencing either education failures for their children, or health care difficulties for their families. For them, this is not personal, it’s business, and they are about to make us an offer we can’t refuse.

A hundred years ago, give or take a couple of decades, America delegated the responsibility for taking care of the sick to the medical profession, and as science advanced by leaps and bounds, people were greatly rewarded with better health and longer life, and doctors were rewarded with prestige and financial prosperity.  Some say too much prosperity, some say too little, but all in all, fewer than 10 cents of each health care dollar go to physicians. Professional responsibility for sick-care does not require one to be a saint and it is not necessarily incompatible with seeking higher remunerations for one’s services. However, something went very wrong along the way. Ever so gradually doctors have lost control of their profession to the rising corporate and public interests in health care who acquired complete jurisdiction over physicians’ reimbursements. Doctors became the servants of two masters, responsible for one and accountable to the other.

This obviously unworkable situation caused enormous problems during Managed Care I (the HMO). On the eve of Managed Care II (the ACO), our leaders are proposing, on behalf of the people, to release the medical profession from the moral and ethical responsibility which formed the foundation of the patient-doctor relationship and replace it with uniformly measurable accountability to public and private payers. Patients are advised to reject the old ways of paternalistic physician managed care, in favor of the empowerment afforded by payer, health system or employer managed care, which is certain to bring about better health care at lower costs everywhere except in Connecticut. Physicians, who enter apprenticeship as teenagers and graduate somewhere in their thirties, are having difficulty letting go of the historic burden of responsibility. Patients seem not to have read the official memo, and most are still expecting doctors to uphold their end of the ancient bargain. There are of course well publicized and well marketed exceptions.

While responsibility is entrusted, accountability must be managed, monitored and acted upon. From a patient’s perspective, the locus of trust must shift from the doctor to monitoring organizations. While the old trust was based on long term relationships, word of mouth or gut feelings, introducing much variability in outcomes, the new trust is based on facts, calculations and objective data, hence the controversial importance of Electronic Health Records (EHR), which are increasingly fitted to facilitate the transition from old to new.  EHRs too are the servants of two masters, used by one and governed by the other.

Early EHRs were built and sold to doctors as tools to enhance practice revenue and personal income. Interestingly enough, very few physicians found that proposition enticing, and EHRs did not sell very well. Today’s EHRs are prescriptive data collection tools, with budding capabilities for reporting and exchanging information, and largely promissory abilities to deliver relevant evidence based protocols at the point of care. As the Meaningful Use incentives program enters its second year, physicians are increasingly purchasing and using EHRs. A minority is truly excited about a digital future, but the majority of EHR users, and practically all those still sitting on the sidelines seem to be asking the same question: how does this help with patient care? Well, it does, and it doesn’t, depending on what one means by patient care.

Most physicians are looking at EHRs as tools to help them do a better job. These doctors are still under the impression that they are at the center of health care delivery and EHRs are tools to assist them discharge their responsibilities to their patients. They are looking to computers to help search a medical record in intelligent ways, abstract all pertinent information and no more, manage repetitive tasks on their behalf, deliver timely reminders, provide advice upon request and become invisible when not needed - in short, the perfect butler. This is about hands-on patient care, one patient at a time.

Those who govern EHRs are continuously harmonizing them, through the Meaningful Use regulatory system, to promote accountability of EHR users. They need data. They need boxes to be clicked, numeric values to be captured and buttons to be pushed, and they need everything compiled and transported out to analytics engines to assess performance or lack thereof. They don’t need to know about Mary’s Lasix trouble, but they do need to calculate the p value from paired t-tests for the average change in percentages between baseline and subsequent years across patients qualifying for the measures. This is about standardized patient care at the population level.

Today’s EHRs have some features serving their users, but most development is geared to serve the governors and as a result, EHRs are not able to please either one of their masters. As Managed Care II blooms and the doctors for the 99% transition to accountability regimens, minding their p-values and t-tests, EHRs will become fabulous engines for enterprise data collection and processing. When the powers to be come to the realization that government intervention based on the assumption that people are irresponsible, greedy, dimwitted and largely inconsequential is doomed to fail, and Managed Care II joins its predecessor in the annals of failed policy, EHRs will finally become slick, intelligent and nonintrusive servants to both responsible doctors and their patients, helping deliver better health care at lower costs, one patient at a time, and by definition across the sum total of the people, because technology is not the limiting factor. Responsibility is.