Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Fun Friday – HIPPA Sign

Posted on November 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Only readers of this site could enjoy this pharmacy sign. Thanks to HIPAA One for sharing the picture with me. Have a great weekend everyone! Stay Warm!
HIPPA Sign - Or Should We Say HIPAA Sign?

Maybe the pharmacy thought that HIPPA with two P’s stood for Patient Privacy. Of course, a quick search through posts on my site turn up 18 posts with HIPPA. So, this might be the pot calling the kettle black. I just enjoy the humor of humanity.

Beyond the Basics: What Covered Entities and Business Associates Need to Know About OCR Security Audits

Posted on November 20, 2014 I Written By

The following is a guest blog post by Mark Fulford, Partner in LBMC’s Security & Risk Services practice group.
Mark_Fulford_Headshot
The next round of Office for Civil Rights (OCR) audits are barreling down upon us, and many healthcare providers, clearing houses and business associates—even ones that think they’re prepared—could be in for an unpleasant surprise. If the 2012 round of OCR audits is any indication, the upcoming audits will most likely reveal that the healthcare industry at large is still struggling to figure out how to implement a compliant security strategy.

Granted, HIPAA regulations are not always as prescriptive as some might like. By design, HIPAA incorporates a degree of flexibility, leaving covered entities and business associates to make decisions about their own approach to compliance based on size, budget, and the risks that are unique to their operations.

But the first round of OCR audits indicated that many healthcare organizations had not even taken the first step in initiating a security compliance strategy—two-thirds of the covered entities had not performed a complete and accurate risk assessment to determine areas of vulnerability and exposure. Apparently, these entities were not necessarily unclear on HIPAA regulations; they simply had not yet made a serious effort to comply.

Out of the 115 entities audited, only 13 had no findings or observations (11%). This time around, the expectation will be that covered entities and business associates will have taken note of the 2012 audit findings, and that the effort to comply will be much improved.

All covered entities and business associates may be subject to an OCR audit. If you have not yet conducted an organizational risk assessment, now would be the time to do so. The OCR provides guidelines, and you can also reference the Office of the National Coordinator for Health Information Technology (ONC) and standards organizations like the National Institute of Standards and Technology (NIST). Additionally, the OCR has released an Audit Program Protocol to help you better prepare.

Five Key Areas to Address for OCR Audit Preparation

Based on our experience in the healthcare industry and consistent with the 2012 OCR Audit findings and observations, here’s how you can prepare for the upcoming OCR audits:

  • Know where your data resides. Many organizations fail to account for protected health information (PHI) in both paper and electronic forms. Between legacy systems (where data might be not well-indexed), printed copies (data could be abandoned in a desk) and mobile device use (data could be anywhere), large volumes of at-risk data is often floating around in places it shouldn’t be. In the first round of OCR audits, issues with security accounted for 60% of the findings and observations. To avoid falling into that trap, do a thorough inventory of your PHI and make decisions on how to handle and store it going forward.
  • Review business associate agreements. Business associates were not included in the 2012 OCR audits, but they will be this time around. If any of your business associates are found to be non-compliant, you will most likely be included in the subsequent investigation. Ask your accounting and IT departments to prepare a list of all third parties with whom you share PHI. Make sure your agreements are up-to-date and that your vendors are making good faith efforts to be in compliance. Due diligence can be accomplished through the use of questionnaires, your own audit, or a third-party assurance (e.g., a Service Organization Control (SOC) or a HITRUST report). And if you are a business associate, be aware that you, too, could be selected for an audit.
  • Establish a monitoring program. Your system, firewall and antivirus/antimalware software all regularly log system events. But beyond logging data, HIPAA dictates that you actively review the data to identify suspicious activity. If you haven’t already, assign an individual the task of reviewing your data for anomalies. Also, plan on conducting regular sweeps of the office to make sure that all printed documents are being stored and disposed of properly.
  • Identify breach reporting procedures. The Omnibus HIPAA rule has since updated the breach reporting requirements that were first outlined in HITECH. Make sure your breach reporting procedures are compliant with the most recent standards. While the 2012 OCR audits reported only 10% of their findings associated with the Breach Rule (as opposed to 30% and 60% associated with the Privacy and Security Rules respectively), failure to have a compliant breach reporting process could be a major problem if you are audited.
  • Schedule Staff Training. Most breaches are the result of human error. HIPAA requires that regular security training and security reminders be an integral part of your healthcare compliance strategy. Twenty-six percent of the Administrative Requirements findings and observations in the 2012 OCR audits involved training issues. Don’t assume that your employees know how to handle sensitive data. (Even if they do, it’s easy to forget.) Constant reminders create a culture of accountability that holds each individual responsible for protecting patients’ confidential health information.

While OCR audits give the OCR an opportunity to step up enforcement of HIPAA rules, anyone can register a complaint against you at any time. Thorough preparation for the upcoming OCR audits not only ensures that you will pass one if you are selected, it also protects you from breach, patient complaints, and general loss of public trust and good will.

About Mark Fulford
Mark Fulford is a Partner in LBMC’s Security & Risk Services practice group.  He has over 20 years of experience in information systems management, IT auditing, and security.  Marks focuses on risk assessments and information systems auditing engagements including SOC reporting in the healthcare sector.  He is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP).   LBMC is a top 50 Accounting & Consulting firm based in Brentwood, Tennessee.

Measuring Steps to Patient Empowerment – Breakaway Thinking

Posted on November 19, 2014 I Written By

The following is a guest blog post by Jennifer Bergeron, Learning and Development Manager at The Breakaway Group (A Xerox Company). Check out all of the blog posts in the Breakaway Thinking series.
Jennifer Bergeron

Trends and fads come and go. When they stick, it’s clear they address a consumer need, whether it’s a service, promise, or hope. Here at The Breakaway Group, A Xerox Company (TBG), we operate within a proven methodology that includes metrics, and it’s exciting to those of us who can’t get enough of good data. Most people find metrics interesting, especially when they understand how it relates to them, and the results are something they can control. Metrics are powerful.

To understand the power of data in shaping behaviors, consider the popularity of the self-monitoring fitness tracker or wearable technology. Even as their accuracy is scrutinized, sales in 2014 are predicted to land somewhere in the $14 billion range.1 Do mobile fitness trackers actually help people change their activity habits? Could doctors actually use the data to help their patients? Can companies be built on the concept of improving health with a wearable device? Not conclusively.2 Does a dedicated athlete need this kind of information? Some think not.3

So what is driving the growth of the fitness tracker market and what are these devices offering that creates millions of dedicated users? The answer is real-time data, personalized goals and feedback, and a sense of control; in other words, empowerment.

In the 70s and 80s, my grandparents spoke about their doctor as though he were infallible. They didn’t doubt, question, or even note what he prescribed, but took his advice and dealt with the outcomes. If healing didn’t progress as planned, my grandmother blamed herself, as though she’d failed him.

Jump ahead a few decades when more emphasis is being placed on collaboration. We expect our physicians to work with us, rather than dictate our treatment decisions.4 Section 3506 of the Affordable Care Act, the Program to Facilitate Shared Decision Making, states that the U.S. Department of Health and Human Services is “required to establish a program that develops, tests and disseminates certificated patient decision aids.”5 The intent is to provide patients and caregivers educational materials that will help improve communication about treatment options and decisions.6

Patient portals are important tools in helping to build this foundation of shared information. The portals house and track patient health data on web-based platforms, enabling patients and physicians to easily collaborate on the patient’s health management.7  Use of patient portals is a Meaningful Use Stage 2 objective.

The first measure of meeting this objective states that more than half the patients seen during a specified Electronic Health Record reporting period must have online access to their records. The second measure puts the spotlight on the patient and their use of that web-based information. MU Stage 2 requires that more than 5% of a provider’s patients must have viewed, downloaded, or transmitted their information to another provider in order for the provider to qualify for financial incentives from the Federal government.8

Empowered consumers want information immediately, whether it’s a restaurant review, number of steps taken in the last hour, how many calories they’ve burned, or their most recent checkup results. We like to weigh the input, make a decision, and then take action. Learning and information intake, no matter the topic, is expected to happen fast.

Metrics show us where we stand and how far we’ve come, which empowers us to keep going or make a change, and then measure again. We’re in an age of wanting to know but also wanting to know what to do next. The wearable device market has met a very real need of consumers. Whether or not fitness trackers make us healthier, whether or not our doctors know what to do with the information, or if this is information an athlete would really use, these devices can serve the purpose of putting many people in control of their own health, one measurable step at a time.

Sources:
1 Harrop, D., Das, R., & Chansin G. (2014) . Wearable technology 2014-2024: Technologies, markets, forecasts. Retrieved from http://www.idtechex.com/research/reports/wearable-technology-2014-2024-technologies-markets-forecasts-000379.asp

2 Hixon, T. (2014) . Are health and fitness wearables running out of gas? Retrieved from  http://www.forbes.com/sites/toddhixon/2014/04/24/are-health-and-fitness-wearables-running-out-of-gas/

3 Real athletes don’t need wearable tech. (2014) . Retrieved from http://www.outsideonline.com/outdoor-gear/gear-shed/tech-talk/Real-Athletes-Dont-Need-Wearable-Tech.html

4 Chen, P. (2012) . Afraid to speak up at the doctor’s office. Retrieved from  http://well.blogs.nytimes.com/2012/05/31/afraid-to-speak-up-at-the-doctors-office/?_r=0

5 Informed Medical Decisions Foundation. (2011-2014) .  Affordable care act. Retrieved from http://www.informedmedicaldecisions.org/shared-decision-making-policy/federal-legislation/affordable-care-act/

6 HealthcareITNews. (2014) . Patient pjortals. Retrieved from http://www.healthcareitnews.com/directory/patient-portals

7 Bajarin, T. (2014) . Where wearable health gadgets are headed. Retrieved from http://time.com/2938202/health-fitness-gadgets/

8 HealthIT.gov. (2014) . Patient ability to electronically view, download & transmit (VDT) health information. Retrieved from http://www.healthit.gov/providers-professionals/achieve-meaningful-use/core-measures-2/patient-ability-electronically-view-download-transmit-vdt-health-information

Xerox is a sponsor of the Breakaway Thinking series of blog posts. The Breakaway Group is a leader in EHR and Health IT training.

Are You A Sitting Duck for HIPAA Data Breaches? – Infographic

Posted on November 18, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The people at DataMotion, cloud based HISP providers, sent me the following infographic covering the HIPAA data breaches. It’s a good reminder of the potential for data breaches in healthcare. As Marc Probst recently suggested, we should be focusing as much attention on things like security as we are on meaningful use since the penalties for a HIPAA violation are more than the meaningful use penalties.

Are You A Sitting Duck for HIPAA Data Breaches Infographic

What Do We Know About Minimum Necessary Coming to HIPAA?

Posted on November 14, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We recently sat down with Alisha R. Smith, RHIA, HIM Compliance Educator at Healthport, to talk about HIPAA Omnibus and one of the components that was left out of the HIPAA Omnibus final rule: minimum necessary. In the video below, Alisha talks about what your company can do to prepare for minimum necessary and what minimum necessary might require if it gets included in future HIPAA requirements.

What do you think about Alisha’s recommendations? Do you think that legislation will be passed to include minimum necessary as part of HIPAA?

Healthcare Interoperability Series Outline

Posted on November 7, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Interoperability is one of the major priorities of ONC. Plus, I hear many doctors complaining that their EHR doesn’t live up to its potential because the EHR is not interoperable. I personally believe that healthcare would benefit immeasurably from interoperable healthcare records. The problem is that healthcare interoperability is a really hard nut to crack

With that in mind, I’ve decided to do a series of blog posts highlighting some of the many challenges and issues with healthcare interoperability. Hopefully this will provide a deeper dive into what’s really happening with healthcare interoperability, what’s holding us back from interoperability and some ideas for how we can finally achieve interoperable healthcare records.

As I started thinking through the subject of Healthcare Interoperability, here are some of the topics, challenges, issues, discussions, that are worth including in the series:

  • Interoperability Benefits
  • Interoperability Risks
  • Unique Identifier (Patient Identification)
  • Data Standards
  • Government vs Vendor vs Healthcare Organization Efforts and Motivations
  • When Should You Share The Data and When Not?
  • Major Complexities (Minors, Mental Health, etc)
  • Business Model

I think this is a good start, but I’m pretty sure this list is not comprehensive. I’d love to hear from readers about other issues, topics, questions, discussion points, barriers, etc to healthcare interoperability that I should include in this discussion. If you have some insights into any of these topics, I’d love to hear it as well. Hopefully we can contribute to a real understanding of healthcare interoperability.

Scariest Health IT Regulation – Healthcare IT Superlatives

Posted on November 3, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I thought it would be fun to look at a bunch of Healthcare IT Superlatives (best, scariest, cutest, smartest, funniest, etc etc etc). I imagine this will be a series of blog posts that never stops. If you’d like to see me write about a specific healthcare IT superlative, let me know in the comments or on my Contact Us page. I always like to cater to readers. Then, I at least no one person will find the post useful. Although, if one person finds it useful, it’s very likely that thousands of others are interested as well.

The first Healthcare IT Superlative we’ll consider is: Scariest Health IT Regulation

This is a challenging topic since healthcare is so burdened by regulation. I’m going to use a pretty broad interpretation of what I’d consider a healthcare IT regulation, but I’ll admit that I’m not as familiar with the medical device or pharma industry regulation. If you have experience in either of those, I’d love to hear what regulations in those industries is the scariest regulation.

When I think about all the various healthcare IT regulations, I have to narrow the scope down to the regulations that have the most over arching reach. That basically leaves me with ACO/Value Based Reimbursement, Meaningful Use, and HIPAA. Certainly there are plenty more that could be listed, but it’s not as scary for me if they aren’t large regulations that impact the majority of the healthcare system.

Of all of these, I’m most scared of ACO/Value Based Reimbursement. The worst part of any regulation is ambiguity. ACO and value based reimbursement is so vague right now that I don’t think anyone know where it will really end up going. That’s really scary for me and is likely scary for most healthcare organizations. It’s really hard to plan for something that’s vague and ambiguous.

Furthermore, the move to value based reimbursement and ACOs is likely going to have the biggest economic impact on healthcare. This doesn’t mean that every doctor and healthcare organization is going to lose when it comes to value based reimbursement. Definitely not. There are going to be a bunch of winners and losers. Some will really benefit from ACOs and some will suffer. However, my gut tells me that there’s going to be more losers than winners. That’s pretty scary to consider with all the other challenging dynamics at plat in healthcare today.

There you have it. What healthcare regulations are scaring you the most? Which regulations keep you up at night? I look forward to hearing your thoughts.

6 Healthcare Incubators Growing the Future of HealthTech

Posted on October 30, 2014 I Written By

With the rapidly-growing demand for technologies that solve challenges for healthcare patients, professionals and institutions, many of the most innovative and disruptive solutions are coming not from large corporations, but small, scrappy startup companies.

With this trend has risen a group of startup “incubators” and “accelerators” specifically focused on healthcare technology entrepreneurs. These organizations serve as a launching pad for healthtech startups by facilitating high-value mentoring, collaboration and investor connections, plus basic needs like office infrastructure and seed funding.

For the startups, this gives them the time and resources to refine their technologies and services while finding investors and customers. Meanwhile the accelerators benefit by building local economies, solving healthcare challenges, and opening up highly-profitable opportunities for their backing investors

Below, we’ll introduce you to some of the leading incubators in the healthcare industry. These incubators have a proven track record in helping innovative young companies bring new ideas and services to consumers and businesses.

The Top-Six Healthcare Incubators and Accellerators

rockhealth

Rock Health – Rock Health invites early stage companies to work within the incubator and receive funding and mentorship from a variety of companies and health organizations. Rock Health notes that 18% of our economy is healthcare-based, but it’s one of the last industries to receive a tech makeover.  With more than 50 active startups in its portfolio, Rock Health is one of the most experienced healthcare incubators, especially for startups that focus on providing web services, mobile applications and SaaS solutions for healthcare providers and companies.

health-wildcatters-e1403108162461

Health Wildcatters – Health Wildcatters is a mentorship-driven healthcare seed accelerator in Dallas; slightly different than an incubator. Though similar to incubators in their goals, accelerators typically acquire a small amount of equity in a startup, then work quickly to help a company achieve a short-term goal like raising money or launching a product. While incubators house companies for months or years, accelerators like Health Wildcatters work in weeks. Health Wildcatters focuses mainly on early-stage healthcare technology startups, including IT, SaaS, digital health and mobile health companies. Companies receive an initial seed investment and a 12-week program in which Health Wildcatters works quickly to help the company build value and refine its product. The name “wildcatter” hearkens back to independent oil entrepreneurs who were willing to take risks in where they drilled. Health Wildcatters takes the same approach to finding companies. This entrepreneurial approach allows it to help more startups reach their goals.

startup-health

StartUp Health –Chaired by TimeWarner CEO Jerry Levin, this incubator aims to fund 1,000 healthcare companies within the next decade to help transform the face of the healthcare industry. StartUp Health works to build sustainable growth in its companies over a three-year period. During the incubation period, StartUp Health matches companies with a network of more than 10,000 health professionals and business people focused on improving digital health and wellness.

The-Iron-Yard-logo-150x150

The Iron Yard – With its first location in Asheville, NC, the Iron Yard is growing a network of incubators focused on growing new areas of technology like digital health, green tech and emerging technologies. Its digital health accelerator, located in Spartanburg, SC, is working to turn one of the nation’s oldest railroad junctions into a hub for digital health innovation. The Iron Yard offers startups $20,000 in seed capital and three months of mentorship and workshops from experts in design, development and financing. The Iron Yard also offers training in web development and programming to place graduates with the startup companies it supports.

blueprint-health

Blueprint Health – Blueprint Health, located in New York City, is one of the largest incubators in any niche and offers an expansive network of healthcare mentors to assist healthcare entrepreneurs launch new ventures. Blueprint Health focuses on companies developing tech projects directly for hospitals, physicians and health plans rather than consumer-facing applications, which means deeper access to established customers. In 2013, Blueprint Health focused its efforts on mature startups companies. While many incubators assist early-stage companies, more than half of Blueprint’s mentees already had paying customers. With more than 12,000 sq. ft. of space and two classes per year, Blueprint Health is able to help more than 100 healthcare companies each year.

healthbox

Healthbox –  Healthbox offers accelerator programs in Boston, Chicago, Tampa, London, Nashville and Salt Lake City that provide  digital health entrepreneurs with funding and access to a global network of healthcare investors and providers. Healthbox launched its first accelerator program in Chicago in 2012 and quickly grew to other states and the UK. It recently expanded its business programs with $7 million in funding and started a program that helps hospitals create their own in-house Healthbox accelerator programs that, in turn, help companies gain traction within their own medical communities. So far, Healthbox has invested in 56 active startups, supported by a network of more than 350 expert mentors.

About the Author: David Vogel is a blogger for Datapipe, a leading provider of HIPAA-compliant hosting and managed cloud hosting. Connect with David on Twitter (@DavidVogelDotCo) and Google+ (+David Vogel).

The Shifting Focus to Patients, Really?

Posted on October 27, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Everywhere I turn I’m reading articles and tweets that talk about the shift of healthcare towards the patient. All the EHR vendors are touting various patient focused features. Supposedly, a new engaged patient is getting involved in their healthcare and doctors are having to focus much more on the patient that they’ve ever done before. The drum beat of patient focus is being beat in so many places.

Is this really happening or is this just the topic du jour?

Some might argue that things like meaningful use’s patient engagement requirements are pushing this movement forward. However, those who have worked to meet those requirements know very well that meeting the meaningful use patient engagement measures doesn’t look very much like true patient engagement. The concept was interesting, but the actual implementation leaves a lot to be desired.

I have recently seen some patients start to care a little bit more about their health than they did before. This is driven largely by the high deductible plans. It’s amazing how getting people to pay for their care will change their attitude. Although, even then it hasn’t made people want to care about their healthcare. It’s just made them more informed on the price of the healthcare they receive.

Has the healthcare system really turned towards the patient? Are we any more focused on the patient now than we’ve ever been before? I don’t think we are. For all the talk, I haven’t seen much action and I can’t think of something that’s really going to dramatically change things.

I’d love to hear if people disagree. Do you see a shift of focus towards the patient? Have we always been focused on the patient, and so it’s not really a shift at all? Are there things we should be doing to encourage a shift to the patient?

Karen DeSalvo and Jacob Reider Leave ONC

Posted on October 24, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 15 blogs containing almost 6000 articles with John having written over 3000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 13 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

UPDATE: It seems that DeSalvo will still be National Coordinator of Healthcare IT along with her new position.

It’s been a tumultuous few months for ONC and it’s just gotten even more tumultuous. We previously reported about the departures of Doug Fridsma MD, ONC’s Chief Science Officer, Joy Pritts, the first Chief Privacy Officer at ONC, and Lygeia Ricciardi, Director of the Office of Consumer eHealth, and Judy Murphy, Chief Nursing Officer (CNO) from ONC. Yesterday, the news dropped that Karen DeSalvo, ONC’s National Coordinator, and Jacob Reider, ONC’s Deputy National Coordinator, are both leaving ONC as well.

Karen DeSalvo has been tapped by HHS Secretary Sylvia Mathews Burwell to replace Wanda K. Jones as assistant secretary of health which oversees the surgeon general’s office and will be working on Ebola and other pressing health issues. I think DeSalvo’s letter to staff describes it well:

As you know, I have deep roots and a belief in public health and its critical value in assuring the health of everyone, not only in crisis, but every day, and I am honored to be asked to step in to serve.

DeSalvo’s always been a major public health advocate and that’s where her passion lies. Her passion isn’t healthcare technology. So, this change isn’t surprising. Although, it is a little surprising that it comes only 10 months into her time at ONC.

The obvious choice as Acting National Coordinator would have been Jacob Reider who was previously Acting National Coordinator when Farzad Mostashari left. However, Reider also announced his decision to leave ONC:

In light of the events that led to Karen’s announcement today–it’s appropriate now to be clear about my plans, as well. With Jon White and Andy Gettinger on board, and a search for a new Deputy National Coordinator well underway, I am pleased that much of this has now fallen into place–with only a few loose ends yet to be completed. I’ll remain at ONC until late November, working closely with Lisa as she assumes her role as Acting National Coordinator.

As Reider mentions, Lisa Lewis who is currently ONC’s COO will be serving as Acting National Coordinator at ONC.

What’s All This Mean?
There’s a lot of speculation as to why all of these departures are happening at ONC. Many people believe that ONC is a sinking ship and people are doing everything they can to get off the ship before it sinks completely. Others have suggested that these people see an opportunity to make a lot more money working for a company. The government certainly doesn’t pay market wages for the skills these people have. Plus, their connections and experience at ONC give them some unique qualifications that many companies are willing to pay to get. Some have suggested that the meaningful use work is mostly done and so these people want to move on to something new.

My guess is that it’s a mix of all of these things. It’s always hard to make broad generalizations about topics like this. For example, I already alluded to the fact that I think Karen DeSalvo saw an opportunity to move to a position that was more in line with her passions. Hard to fault someone for making that move. We’d all do the same.

What is really unclear is the future of ONC. They still have a few years of meaningful use which they’ll have to administer including the EHR penalties which could carry meaningful use forward for even longer than just a few years. I expect ONC will still have money to work on things like interoperability. We’ll see if ONC can put together the patient safety initiative they started or if that will get shut down because it’s outside their jurisdiction.

Beyond those things, what’s the future of ONC?