Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

What Would a Patient-Centered Security Program Look Like? (Part 2 of 2)

Posted on August 30, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous part of this article laid down a basic premise that the purpose of security is to protect people, not computer systems or data. Let’s continue our exploration of internal threats.

Security Starts at Home

Before we talk about firewalls and anomaly detection for breaches, let’s ask why hospitals, pharmacies, insurers, and others can spread the data from health care records on their own by selling this data (supposedly de-identified) to all manner of third parties, without patient consent or any benefit to the patient.

This is a policy issue that calls for involvement by a wide range of actors throughout society, of course. Policy-makers have apparently already decided that it is socially beneficial–or at least the most feasible course economically–for clinicians to share data with partners helping them with treatment, operations, or payment. There are even rules now requiring those partners to protect the data. Policy-makers have further decided that de-identified data sharing is beneficial to help researchers and even companies using it to sell more treatments. What no one admits is that de-identification lies on a slope–it is not an all-or-nothing guarantee of privacy. The more widely patient data is shared, the more risk there is that someone will break the protections, and that someone’s motivation will change from relatively benign goals such as marketing to something hostile to the patient.

Were HIMSS to take a patient-centered approach to privacy, it would also ask how credentials are handed out in health care institutions, and who has the right to view patient data. How do we minimize the chance of a Peeping Tom looking at a neighbor’s record? And what about segmentation of data, so that each clinician can see only what she needs for treatment? Segmentation has been justly criticized as impractical, but observers have been asking for it for years and there’s even an HL7 guide to segmentation. Even so, it hasn’t proceeded past the pilot stage.

Nor does it make sense to talk about security unless we talk about the rights of patients to get all their data. Accuracy is related to security, and this means allowing patients to make corrections. I don’t know what I think would be worse: perfectly secure records that are plain wrong in important places, or incorrect assertions being traded around the Internet.

Patients and the Cloud

HIMSS did not ask respondents whether they stored records at their own facilities or in third-party services. For a while, trust in the cloud seemed to enjoy rapid growth–from 9% in 2012 to 40% in 2013. Another HIMSS survey found that 44% of respondents used the cloud to host clinical applications and data–but that was back in 2014, so the percentage has probably increased since then. (Every survey measures different things, of course.)

But before we investigate clinicians’ use of third parties, we must consider taking patient data out of clinicians’ hands entirely and giving it back to patients. Patients will need security training of their own, under those conditions, and will probably use the cloud to avoid catastrophic data loss. The big advantage they have over clinicians, when it comes to avoiding breaches, is that their data will be less concentrated, making it harder for intruders to grab a million records at one blow. Plenty of companies offer personal health records with some impressive features for sharing and analytics. An open source solution called HEART, described in another article, is in the works.

There’s good reason to believe that data is safer in the cloud than on local, network-connected systems. For instance, many of the complex technologies mentioned by HIMSS (network monitoring, single sign on, intrusion detection, and so on) are major configuration tasks that a cloud provider can give to its clients with a click of a button. More fundamentally, hospital IT staffs are burdened with a large set of tasks, of which security is one of the lowest-priority because it doesn’t generate revenue. In contrast, IT staff at the cloud environment spend gobs of time keeping up to date on security. They may need extra training to understand the particular regulatory requirements of health care, but the basic ways of accessing data are the same in health care as any other industry. Respondents to the HIMSS survey acknowledged that cloud systems had low vulnerability (p. 6).

There won’t be any more questions about encryption once patients have their data. When physicians want to see it, they will have to so over an encrypted path. Even Edward Snowden unreservedly boasted, “Encryption works.”

Security is a way of behaving, not a set of technologies. That fundamental attitude was not addressed by the HIMSS survey, and might not be available through any survey. HIMSS treated security as a routine corporate function, not as a patient right. We might ask the health care field different questions if we returned to the basic goal of all this security, which is the dignity and safety of the patient.

We all know the health record system is broken, and the dismal state of security is one symptom of that failure. Before we invest large sums to prop up a bad record system, let’s re-evaluate security on the basis of a realistic and respectful understanding of the patients’ rights.

What Would a Patient-Centered Security Program Look Like? (Part 1 of 2)

Posted on August 29, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

HIMSS has just released its 2016 Cybersecurity Survey. I’m not writing this article just to say that the industry-wide situation is pretty bad. In fact, it would be worth hiring a truck with a megaphone to tour the city if the situation was good. What I want to do instead is take a critical look at the priorities as defined by HIMSS, and call for a different industry focus.

We should start off by dispelling notions that there’s anything especially bad about security in the health care industry. Breaches there get a lot of attention because they’re relatively new and because the personal sensitivity of the data strikes home with us. But the financial industry, which we all thought understood security, is no better–more than 500 million financial records were stolen during just a 12-month period ending in October 2014. Retailers are frequently breached. And what about one of the government institutions most tasked with maintaining personal data, the Office of Personnel Management?

The HIMSS report certainly appears comprehensive to a traditional security professional. They ask about important things–encryption, multi-factor authentication, intrusion detection, audits–and warn the industry of breaches caused by skimping on such things. But before we spend several billion dollars patching the existing system, let’s step back and ask what our priorities are.

People Come Before Technologies

One hint that HIMSS’s assumptions are skewed comes in the section of the survey that asked its respondents what motivated them to pursue greater security. The top motivation, at 76 percent, was a phishing attack (p. 6). In other words, what they noticed out in the field was not some technical breach but a social engineering attack on their staff. It was hard to interpret the text, but it appeared that the respondents had actually experienced these attacks. If so, it’s a reminder that your own staff is your first line of defense. It doesn’t matter how strong your encryption is if you give away your password.

It’s a long-held tenet of the security field that the most common source of breaches is internal: employees who were malicious themselves, or who mistakenly let intruders in through phishing attacks or other exploits. That’s why (you might notice) I don’t use the term “cybersecurity” in this article, even though it’s part of the title of the HIMSS report.

The security field has standardized ways of training staff to avoid scams. Explain to them the most common vectors of attack. Check that they’re creating strong passwords, where increased computing power is creating an escalating war (and the value of frequent password changes has been challenged). Best yet, use two-factor authentication (discussed later), which may help you avoid the infuriating burden of passwords. Run mock phishing scams to test your users. Set up regular audits of access to sensitive data–a practice that HIMSS found among only 60% of respondents (p. 3). And give someone the job of actually checking the audit logs.

Why didn’t HIMSS ask about most of these practices? It began the project with a technology focus instead a human focus. We’ll take the reverse approach in the second part of this article.

Schlag and Froth: Argonauts Navigate Between Heavy-weight and Light-weight Standardization (Part 2 of 2)

Posted on August 26, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous section of this article laid out the context for HL7 FHIR standard and the Argonaut project; now we can look at the current status.

The fruits of Argonaut are to be implementation guides that they will encourage all EHR vendors to work from. These guides, covering a common clinical data set that has been defined by the ONC (and hopefully will not change soon), are designed to help vendors achieve certification so they can sell their products with the assurance that doctors using them will meet ONC regulations, which require a consumer-facing API. The ONC will also find certification easier if most vendors claim adherance to a single unambiguous standard.

The Argonaut implementation guides, according to Tripathi, will be complete in late September. Because FHIR is expected to be passed in September 2017, the Argonaut project will continue to refine and test the guides. One guide already completed by the project covers security authorization using OpenID and OAuth. FHIR left the question of security up to those standards, because they are well-established and already exist in thousands of implementations around the Web.

Achieving rough consensus

Tripathi portrays the Argonaut process as radically different from HL7 norms. HL7 has established its leading role in health standards by following the rules of the American National Standards Institute (ANSI) in the US, and similar bodies set up in other countries where HL7 operates. These come from the pre-Internet era and emphasize ponderous, procedure-laden formalities. Meetings must be held, drafts circulated, comments explicitly reconciled, ballots taken. Historically this has ensured that large industries play fair and hear through all objections, but the process is slow and frustrates smaller actors who may have good ideas but lack the resources to participate.

In contrast, FHIR brings together engineers and other interested persons in loose forums that self-organize around issues of interest. The process still tried to consider every observation and objection, and therefore, as we have seen, has taken a long time. But decision-making takes place at Internet speed and there is no jockeying for advantage in the marketplace. Only when a milestone is reached does the formal HL7 process kick in.

The Argonaut project works similarly. Tripathi reports that the vendors have gotten along very well. Epic and Cerner, the behemoths of the EHR field, are among the most engaged. Company managers don’t interfere with engineer’s opinions. And new vendors with limited resources are very active.

Those with a background in computers can recognize, in these modes of collaboration, the model set up by the Internet Engineering Task Force (IETF) decades ago. Like HL7, the IETF essentially pre-dated the Internet as we know it, which they helped to design. (The birth of the Internet is usually ascribed to 1969, and the IETF started in 1986, at an early stage of the Internet. FTP was the canonical method of exchanging their plain-text documents with ASCII art, and standards were distributed as Requests for Comments or RFCs.) The famous criteria cited by the IETF for approving standards is “rough consensus and running code.” FHIR and the Argonauts produce no running code, but they seem to operate through rough consensus, and the Argonauts could add a third criterion, “Get the most important 90% done and don’t let the rest hold you up.”

Tripathi reports that EHR vendors are now collaborating in this same non-rivalrous manner in other areas, including the Precision Medicine initiative, the Health Services Platform Consortium (HSPC), and the SMART on FHIR initiative.

What Next?

The dream of interoperability has long included the dream of a marketplace for apps, so that we’re not stuck with the universally hated EHR interfaces that clinicians struggle with daily, or awkwardly designed web sites for consumers. Tripathi notes that SMART offers an app gallery with applications that ought to work on any EHR that conforms to the open SMART platform. Cerner and athenahealth also have app stores protected by a formal approval process. (Health apps present more risk than the typical apps in the Apple App Store or Google Play, so they call more more careful, professional vetting.) Tripathi is certain that other vendors will follow in the lead of these projects, and that cross-vendor stores like SMART’s App Gallery will emerge in a few years along with something like a Good Housekeeping seal for apps.

The Argonaut guides will have to evolve. It’s already clear that EHR vendors are doing things that aren’t covered by the Argonaut FHIR guide, so there will be a few incompatible endpoints in their APIs. Consequently, the Argonaut project has a big decision to make: how to provide continuity? The project was deliberately pitched to vendors as a one-time, lightweight initiative. It is not a legal entity, and it does not have a long-term plan for stewardship of the outcomes.

The conversation over continuity is ongoing. One obvious option is to turn over everything to HL7 and let the guides fall under its traditional process. A new organization could also be set up. HL7 itself has set up the FHIR Foundation under a looser charter than HL7, probably (in my opinion) because HL7 realizes it is not nimble and responsive enough for the FHIR community.

Industries reach a standard in many different ways. In health care, even though the field is narrow, standards present tough challenges because of legacy issues, concerns over safety, and the complexity of human disease. It seems in this case that a blend of standardization processes has nudged forward a difficult process. Over the upcoming year, we should know how well it worked.

Schlag and Froth: Argonauts Navigate Between Heavy-weight and Light-weight Standardization (Part 1 of 2)

Posted on August 25, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

You generally have to dwell in deep Nerdville to get up much excitement about technical standards. But one standard has been eagerly followed by thousands since it first reached the public eye in 2012: Fast Healthcare Interoperability Resources (FHIR). To health care reformers, FHIR embodies all the values and technical approaches they have found missing in health care for years. And the development process for FHIR is as unusual in health care as the role the standard is hoped to play.

Reform From an Unusual Corner

FHIR started not as an industry initiative but as a pet project of Australian Grahame Grieve and a few developers gathered around him. From this unusual genesis it got taken up by HL7 and an initial draft was released in March 2012. Everybody in health care reform rallied around FHIR, recognizing it as a viable solution to the long-stated need for application programming interfaces (APIs). The magic of APIs, in turn, is their potential to make data exchange easy and create a platform for innovative health care applications that need access to patient data.

So, as a solution to the interoperability problems for which EHR vendors had been dunned by users and the US government, FHIR won immediate accolades. But these vendors knew they couldn’t trust normal software adoption processes to use FHIR interoperably–those processes had already failed on earlier standards.

HL7 version 2 had duly undergone a long approval process and had been implemented as an output document format by numerous EHR vendors, who would show off their work annually at an Interoperability Showcase in a central hall of the HIMSS conference. Yet all that time, out in the field, innumerable problems were reported. These failures are not just technical glitches, but contribute to serious setbacks in health care reform. For instance, complaints from Accountable Care Organizations are perennial.

Congress’s recent MACRA bill, follow-up HHS regulations, and pronouncements from government leaders make it clear that hospitals and their suppliers won’t be off the hook till they solve this problem of data exchange, which was licked decades ago by most other industries. It was by dire necessity, therefore, that an impressive array of well-known EHR vendors announced the maverick Argonaut project in December 2014. (I don’t suppose its name bears any relation to the release a few months before of a highly-publicized report from a short-lived committee called JASON.)

Argonaut include major EHR vendors, health care providers such as Partners Healthcare, Mayo, Intermountain, and Beth Israel Deaconess, and other interested parties such as Surescripts, The Advisory Board, and Accenture. Government agencies, especially the ONC, and app developers have come on board as testers.

One of the leading Argonauts is Micky Tripathi, CEO of the Massachusetts eHealth Collaborative. Tripathi has been involved in health care reform and technical problems such as data exchange long before these achieved notable public attention with the 2009 HITECH act. I had a chance to talk to him this week about the Argonauts’ progress.

Reaching a Milestone

FHIR is large and far-reaching but deliberately open-ended. Many details are expected to vary from country to country and industry to industry, and thus are left up to extensions that various players will design later. It is precisely in the extensions that the risk lurks of reproducing the Tower of Babel that exists in other health care standards.

The reason the industry have good hopes for success this time is the unusual way in which the Argonaut project was limited in both time and scope. It was not supposed to cover the entire health field, as standards such as the International Classification of Diseases (ICD) try to do. It would instead harmonize the 90% of cases seen most often in the US. For instance, instead of specifying a standard of 10,000 codes, it might pick out the 500 that the doctor is most likely to see. Instead of covering all the ways to take a patient’s blood pressure (sitting, standing, etc.), it recommends a single way. And it sticks closely to clinical needs, although it may well be extended for other uses such as pharma or Precision Medicine.

Finally instead of staying around forever to keep chopping off more tasks to solve, the Argonaut project would go away when it was done. In fact, it was supposed to be completed one year ago. But FHIR has taken longer than expected to coalesce, and in the meantime, the Argonaut project has been recognized as a fertile organization by the vendors. So they have extended it to deal with some extra tasks, such as an implementation guide for provider directories, and testing sprints.

That’s some history; the next section of this article will talk about the fruits of the Argonaut project and their plans for the future.

Looking at EHR Internationally

Posted on August 24, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Today, I’m sitting in my hotel room in Dubai (Check out my full health IT conference schedule) looking out over this incredible city. This is the 3rd time I’ve come to Dubai to teach an EHR workshop and so I’ve had a chance to fall in love with some many things. Not the least of which is the people that come to participate in the workshop. Each time is a unique perspective with people coming from around the middle east including countries like Saudia Arabia, Oman, Bahrain, Qatar, and of course Abu Dhabi and Dubai in the UAE to name a few.

There’s something incredible about coming to a place that is culturally so different and yet when I talk about EHR software it’s more alike than it is different. A great example of this is the often large divide between doctors and EHR implementers. It seems that everyone struggles to get doctors to take enough time to really learn how to use the EHR effectively. Then, despite not doing the training they complain that the EHR doesn’t work properly. If you’ve ever been part of an EHR implementation you know this cycle well.

What I find interesting in the middle east is that they don’t feel suffocated by regulations like we have in the US. There’s much more freedom available to them to innovate. However, there’s not the same drive to innovate here that exists in most US markets. It’s interesting to sense this disconnect between the opportunity to innovate and the desire to innovate.

I think there’s also a bit of a misconception about the region. From the US perspective, we often see these rich middle eastern countries and think that they just have as much money as they want and they can spend lavishly on anything. When you look at some of the amazing buildings or the indoor ski slopes in Dubai it’s easy to see how this perspective is well deserved. However, that’s not the reality that most of these healthcare organizations face. This seems to be particularly true with gas prices being quite low. In many ways, this is a similar to what many doctors experience. Doctors like to drive the Mercedes, but then complain that they aren’t really paid as much as people think. That creates a disconnect between what’s seen and the reality. I think the middle east suffers from this disconnect as well.

What’s most heartening about the experience of talking EHR internationally is that there’s one core thing that seems to exist everywhere. That’s a desire to truly make a difference for the patient. That’s the beautiful part of working in healthcare. We all have a desire to make life better for a patient. It’s amazing how this principle is universal. Now, if we could just all execute it better.

Three Words That Health Care Should Stop Using: Insurance, Market, and Quality (Part 2 of 2)

Posted on August 23, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous part of this article ripped apart the use of the words “insurance” and “market” to characterize healthcare. Not let’s turn to another concept even more fundamental to our thinking about care.

Quality

The final element of this three-card Monte is the slippery notion of quality. Health care is often compared to the airlines (when we’re not being compared to the Cheesecake Factory), an exercise guaranteed to make health care look bad. Airlines and restaurants offer relatively homogeneous experiences to all their clients and can easily determine whether their service succeeded or failed. Even at a mechanical level, the airlines have been able to quantify safety.

Endless organizations such as the National Association for Healthcare Quality (NAHQ) and the Agency for Healthcare Research and Quality (AHRQ) collect quality measures, and CMS has tried strenuously to include quality measures in Meaningful Use and the new MACRA program. We actually have not a dearth of quality measures, but a surfeit. Doctors feel overwhelmed with these measures. They are difficult to collect, and we don’t know how to combine them to create easy reports that patients can act on. There is a difference between completing a successful surgery, caring for things such as pain and infection prevention after surgery, and creating a follow-up plan that minimizes the chance of readmission. All those things (and many more) are elements of quality.

Worst of all, despite efforts to rank patients by their conditions and risk, hospitals repeatedly warn that quality measures underestimate risky patients and therefore penalize the hospitals that do the most difficult and important work–caring for the sickest. Many hospitals are throwing away donor organs instead of doing transplants, because the organs are slightly inferior and therefore might contribute to lower quality ratings–even if the patients are desperate to give them a try.

The concept of quality in health care thus needs a fresh look, and probably a different term. The first, simple thing we can do is remove patient ratings from assessments of quality. The patient knows whether the nurse smiled at her or whether she was discharged promptly, but can’t tell how good the actual treatment was after the event. One nurse has suggested that staff turnover is a better indication of hospital quality than patient satisfaction surveys. Given our fascination with airline quality, it’s worth noting that the airline industry separates safety ratings from passenger experience. The health care industry can similarly leverage patient ratings to denote clients’ satisfaction, but that’s separate from quality.

As for the safety and effectiveness of treatment, we could try a fairer rating system, such as one that explicitly balances risk and reward. Agencies would have to take the effort to understand all the elements of differences in patients that contribute to risk, and make sure they are tallied. Perhaps we could learn how to assess the success of each treatment in relation to the condition in which the patient entered the office. Even better, we could try to assess longitudinal results instead evaluating each office visit or hospital admission in isolation.

These are complex activities, but we have lots of data and powerful tools to analyze it. Together with a focus on changing behavior and environments, we should be able to make a real difference in quality–and I mean quality of life. Is there anything an ordinary member of the health professions can do till then? Well, try issuing Bronx cheers and catcalls at any meeting or conference presentation where someone uses one of the three misleading terms.

Three Words That Health Care Should Stop Using: Insurance, Market, and Quality (Part 1 of 2)

Posted on August 22, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Reading the daily papers, I have gotten increasingly frustrated at the misunderstandings that journalists and the public bring to the debates of over health expansion, costs, and reform. But you can’t blame them–our own industry has created the confusion by misusing terms and concepts that work in other places but not in health. Worse still, the health care industry has let policy-makers embed the incorrect impressions into laws and regulations.

So in this article I’ll promote the long process of correcting the public’s impressions of health care–by purging three dangerous words from health care vocabulary.

Insurance

The health care insurance industry looks like no other insurance industry in the world. When we think of insurance, we think of paying semi-annually into a fund we hope we never need to use. But perhaps every twenty years or so, we suffer damage to our car, our house, or our business, and the insurance kicks in. That may have been true for health care 70 years ago, when you wouldn’t see the doctor unless you fell into a pit or came down with some illness they likely couldn’t cure anyway. The insurance model is totally unsuited for health care today.

The Affordable Care Act made some symbolic gestures toward a recognition that modern health care should embrace prevention and wellness. For instance, it eliminated copays for preventative visits. The insurance companies took that wording very literally: if you dare to bring up an actual medical problem during your preventative visit, they charge you a copay. Yet the “preventative” part of the visit usually consists of a lecture to stop smoking and go on the Mediterranean diet.

Effective wellness programs jettison the notion of insurance (although patients need separate insurance for catastrophic problems). They keep in regular contact with clients, provide coaching, and sometimes use intelligent digital interventions such as described by Dr. Joseph Kvedar in The Internet of Healthy Things (which I reviewed shortly after its release). There are scattered indications that these programs do their job. As they spread, the system set up to deal with catastrophic health events will have to adapt and take a modest role within a behavioral health model.

The term “insurance” is so widely applied to our healh funding model that we can’t make it go away. Perhaps we should put the word in quotation marks wherever it must be used.

Market

This term is less ubiquitous than “insurance” but may be even more harmful. Numerous commenters have pointed out the difference between health care and actual markets:

  • In a market, you can walk away and refuse to pay for a good that is too expensive. If the price of beef goes through the roof, you can switch to beans (and probably should, for your own health). So the best time to argue with someone who promotes a health care market may be right after he’s fallen from a ladder and is clutching at his leg in agony. Ask him, “Do you feel you can walk away from an offer of health care?” Cruel, but a lesson he won’t forget.

  • A market serves people who can afford it. It’s hard to find a stylish hair dresser in a poor neighborhood because no one can pay $200 for a cut. But here’s the rub: the people who need health care the most can’t afford it. Someone with serious mental or physical problems is less likely to find work or be able to attend a college with health insurance. Parents of seriously ill children have to take time off from work to care for them. And so on. It’s what economists–who have trouble discarding the market way of thinking–call a market failure.

  • In a market, you know what you’re going to pay for a service and what your options are. Enough said.

  • In a market, you can evaluate the quality of a service and judge (at least in retrospect) whether it was worth the cost. I’ll deal with quality in the next section.

The misconception of health care as a market came to a head in the implementation of the Affordable Care Act. Presumably, millions of “young invincibles” were avoiding health insurance because of the cost. The individual mandate, combined with affordable plans on health care exchanges, would bring them flooding into the insurance system, lowering costs for everyone and balancing the burden created by the many sick people who we knew would join. And yet now we have stubbornly rising health care rates, deductibles, and caps, along with new costs in the states where Medicaid expanded Where did this all fall apart?

Part of the problem is certainly the recession, which caused incomes to decline or stagnate and exacerbated people’s health care needs. Also, there was a pent-up need for treatment among people who had lacked health insurance and avoided treatment for some time. This comes through in a study of prescription medication use. Furthermore, people don’t change habits overnight: many continue to over-rely on the emergency room (perhaps because of a shortage of primary care providers).

But there’s another unanticipated factor: the “young invincibles” actually start using health care once they get access to it. An analysis showed that mental health needs among the young are much higher than expected. In particular, they suffer widely from depression and anxiety, which is entirely reasonable given the state of our world. (I know that these conditions are connected to genetics and biology, but environment must also play a role.)

Ultimately, until we get behavioral health in place for everybody, health care costs will continue to rise and we won’t realize the promise of near-universal coverage. Many health care activists–especially during the recent political primary season–call for a single-payer system, which certainly would introduce many efficiencies. But it doesn’t solve the problems of chronic conditions and unhealthy lifestyles–that will require policy action on levels ranging from improvements in air cleanliness to new opportunities for isolated individuals to socialize. Meanwhile, we still have to look at the notion of quality in tomorrow’s post.

Symptoms of the Healthcare Debate

Posted on August 19, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This healthcare cartoon seemed to capture my feelings about much of the healthcare debate that’s happening right now. It’s even worse thanks to the current presidential race.
Healthcare Cartoon - Symptoms of the Healthcare Debate

This cartoon might offer a much simpler explanation for the healthcare cost challenges we face:
Healthcare Costs in the US

A part of me just wants to turn it all off, but it’s a battle that’s too important to ignore. Have a great weekend!

Improving Clinical Workflow Can Boost Health IT Quality

Posted on August 18, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

At this point, the great majority of providers have made very substantial investments in EMRs and ancillary systems. Now, many are struggling to squeeze the most value out of those investments, and they’re not sure how to attack the problem.

However, according to at least one piece of research, there’s a couple of approaches that are likely to pan out. According to a new survey by the American Society for Quality, most healthcare quality experts believe that improving clinical workflow and supporting patients online can make a big diference.

As ASQ noted, providers are spending massive amounts of case on IT, with the North American healthcare IT market forecast to hit $31.3 by 2017, up from $21.9 billion in 2012. But healthcare organizations are struggling to realize a return on their spending. The study data, however, suggests that providers may be able to make progress by looking at internal issues.

Researchers who conducted the survey, an online poll of about 170 ASQ members, said that 78% of respondents said improving workflow efficiency is the top way for healthcare organizations to improve the quality of their technology implementations. Meanwhile, 71% said that providers can strengthen their health IT use by nurturing strong leaders who champion new HIT initiatives.

Meanwhile, survey participants listed a handful of evolving health IT options which could have the most impact on patient experience and care coordination, including:

  • Incorporation of wearables, remote patient monitoring and caregiver collaboration tools (71%)
  • Leveraging smartphones, tablets and apps (69%)
  • Putting online tools in place that touch every step of patient processes like registration and payment (69%)

Despite their promise, there are a number of hurdles healthcare organizations must get over to implement new processes (such as better workflows) or new technologies. According to ASQ, these include:

  • Physician and staff resistance to change due to concerns about the impact on time and workflow, or unwillingness to learn new skills (70%)
  • High cost of rolling out IT infrastructure and services, and unproven ROI (64%)
  • Concerns that integrating complex new devices could lead to poor interfaces between multiple technologies, or that haphazard rollouts of new devices could cause patient errors (61%)

But if providers can get past these issues, there are several types of health IT that can boost ROI or cut cost, the ASQ respondents said. According to these participants, the following HIT tools can have the biggest impact:

  • Remote patient monitoring can cut down on the need for office visits, while improving patient outcomes (69%)
  • Patient engagement platforms that encourage patients to get more involved in the long-term management of their own health conditions (68%)
  • EMRs/EHRs that eliminate the need to perform some time-consuming tasks (68%)

Perhaps the most interesting part of the survey report outlined specific strategies to strengthen health IT use recommended by respondents, such as:

  • Embedding a quality expert in every department to learn use needs before deciding what IT tools to implement. This gives users a sense of investment in any changes made.
  • Improving available software with easier navigation, better organization of medical record types, more use of FTP servers for convenience, the ability to upload records to requesting facilities and a universal notification system offering updates on medical record status
  • Creating healthcare apps for professional use, such as medication calculators, med reconciliation tools and easy-to-use mobile apps which offer access to clinical pathways

Of course, most readers of this blog already know about these options, and if they’re not currently taking this advice they’re probably thinking about it. Heck, some of this should already be old hat – FTP servers? But it’s still good to be reminded that progress in boosting the value of health IT investments may be with reach. (To get some here-and-now advice on redesigning EMR workflow, check out this excellent piece by Chuck Webster – he gets it!)

Taking Healthcare Communication to the Next Level

Posted on August 17, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As most of you know, we’ve been doing an ongoing series of Healthcare Scene Interviews where we talk to top leaders in healthcare IT. They’ve been a huge success and we just passed our 50th video interview. If you’ve attended one of our live interviews, you know that we grew quite fond of the Blab platform that we used to host these interviews. Unfortunately, we just got word that Blab has been shutdown. It was a sad day, but we still have options.

While we loved Blab, we use to do our interviews on Google Hangouts and so we’re planning to go back there again to keep bringing you great content and discussion about the challenges that face Healthcare IT. Plus, Google Hangouts has been merged into YouTube Live and that brings some great opportunities for those watching both the live and recorded version at home including being able to Subscribe to Healthcare Scene on YouTube.

With that as background, I’m excited to announce our next Healthcare interview happening Friday August 19, 2016 at 11:30 AM ET (8:30 AM PT) where we’ll be talking about “Taking Healthcare Communication to the Next Level.” This is an extremely important and challenging topic, but we’ve lined up a number of incredible experts to take part in our discussion as you’ll see below:

Taking Healthcare Communication to the Next Level-Headshots

You can watch the interview live and even join in the conversation in the chat on the sidebar by watching on the Healthcare Scene YouTube page or the embedded video below:


(You’ll have to visit the YouTube page to see the live chat since the embed doesn’t include the chat.)

We look forward to learning about healthcare communication from this panel of experts. Please join us and offer your own insights in the chat or ask these amazing panelists your most challenging questions.

Be sure to Subscribe to Healthcare Scene on YouTube to be updated on our future interviews or watch our archive of past Healthcare Scene Interviews.