Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

More Than 3 Million Patient Records Breached During Q2 2018

Posted on August 15, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study by data security vendor Protenus has concluded that more than 3 million patient records were breached during the second quarter of 2018, in a sharp swing upward from the previous quarter with no obvious explanation.

The Protenus Breach Barometer study, which drew on both reports to HHS and media disclosures, found that there were 143 data breach incidents between April and June 2018, affecting 3,143,642 million patient records. The number of affected records has almost tripled from Q1 of this year, when 1.13 million records were breached.

During this quarter, roughly 30% of privacy violations were by healthcare organizations that had previously reported a data breach. The report suggests that it is because they might not have identified existing threats or improved security training for employees either. (It could also be because cyberattackers smell blood in the water.)

Protenus concluded that among hospital teams, an investigator monitors around 4,000 EHR users, and that each was responsible for an average of 2.5 hospitals and 25 cases each. The average case took about 11 days to resolve, which sounds reasonable until you consider how much can happen while systems remain exposed.

With investigators being stretched so thin, not only external attackers but also internal threats become harder to manage. The research found that on average, 9.21 per 1,000 healthcare employees breached patient privacy during the second quarter of this year. This is up from 5.08 employee threats found during Q1 of this year, which the study attributes to better detection methods rather than an increase in events.

All told, Protenus said, insiders were responsible for 31% of the total number of reported breaches for this period. Among incidents where details were disclosed, 422,180 records were breached, or 13.4% of total breached patient records during Q2 2018. The top cause of data breaches was hacking, which accounted for 36.62% of disclosed incidents. A total of 16.2% of incidents involved loss or theft of data, with another 16.2% due to unknown causes.

In tackling insider events, the study sorted such incidents into two groups, “insider error” or “insider wrongdoing.” Its definition for insider error included incidents which had no malicious intent or could otherwise be qualified as human error, while it described the theft of information, snooping in patient files and other cases where employees knowingly violated the law as insider wrongdoing.

Protenus found 25 publicly-disclosed incidents of insider error between April and June 2018. The 14 of which for which details were disclosed affected 343,036 patient records.

Meanwhile, the researchers found 18 incidents involving insider wrongdoing, with 13 events for which data was disclosed. The number of patient records breached as a result of insider wrongdoing climbed substantially over the past two quarters, from 4,597 during Q1 to 70,562 during Q2 of 2018.

As in the first quarter, the largest category of insider-related breaches (71.4%) between April and June 2018 was healthcare employees taking a look at family members’ health records. Other insider wrongdoing incidents including phishing attacks, insider credential sharing, downloading records for sale and identity theft.

5 Ways Your Certified EHR Can Help Boost Your MIPS Score

Posted on February 5, 2018 I Written By

The following is a guest blog post by Lisa Eramo, a regular contributor to Kareo’s Go Practice Blog.

How did you do in the first year of reporting under the Quality Payment Program? Are you expecting a negative payment adjustment under the Merit-based Incentive Payment System (MIPS)? Or did you only submit the minimum data necessary in 2017 to avoid this adjustment? The good news is that you can get on track to report critical MIPS measures in 2018 that will safeguard and perhaps even enhance your revenue in 2020 and beyond.

In fact, your electronic health record (EHR) technology may already include various features that can help increase your MIPS score, says Marina Verdara, senior training specialist at Kareo. All you need to do is take advantage of them. Verdara discusses five ways in which medical practices should be able to capitalize on their EHR to improve performance under MIPS.

  1. Use an EHR Certified With the 2015 Criteria

Technology certified using the 2015 criteria supports interoperability across the care continuum, and it also enables physicians to earn additional revenue under MIPS, says Verdara. According to the Medicare Access and CHIP Reauthorization Act final rule, physicians earn a one-time bonus of 10 percentage points under the advancing care information (ACI) performance category of MIPS when they report objectives and measures using only 2015 edition certified electronic health record technology during calendar year 2018. In 2018, 25% of a physician’s MIPS score is tied to ACI.

“The federal rule indicates the clinician will earn a 10% bonus to their ACI score if they report using only a 2015 CEHRT, but they will determine this based on the measures submitted,” Verdara explains. “Therefore, a clinician can switch anytime during 2018 as long as they can report at least 90 days for the ACI category.”

In addition to this bonus, clinicians are eligible to receive a bonus of 10 percentage points applied to the ACI category if they report Stage 3 objectives and measures, says Verdara. They can do this if their certified EMR can document and track these measures. Refer to Table 7 in the MACRA final rule for more information about these measures.

  1. Choose Applicable Quality Measures

In 2018, 50% of your MIPS score is based on the quality measures you submit. Your 2015 Certified EHR should support your quality measure selection. “For instance, our physicians have an easy-to-use tool within our EHR that prompts them to narrow down measures that are most applicable for their specialty,” says Verdara. Customers can contact them directly for more information about each measure, its specifications, and what CMS is looking for when calculating numerators and denominators.

When using your EHR to choose measures, Verdara suggests running a report for all of the quality measures your vendor supports, including those you may not plan to submit for attestation. That’s because the data could reveal one or more measures you hadn’t anticipated as advantageous for your practice that could ultimately boost your score, she adds.

Examine the entire report, and identify your top 10 measures (i.e., those on which you’ve performed most effectively). Now dig into the data. Are each of these measures applicable for your specialty? If so, focus on data capture for those 10 measures. If some of your top 10 measures are in other specialties, eliminate those from your workflow and choose ones that are relevant. “Make sure you understand how to document and improve the score for that measure,” says Verdara.

Ultimately, submit all 10 measures to CMS even though only six are required, says Verdara. During the submission process, the CMS attestation website automatically scores each measure based on available benchmarks, and physicians have an opportunity to remove the measures on which they’ve performed most poorly prior to final submission.

  1. Don’t Overlook Reporting Opportunities

Your EHR should be looking out for reporting opportunities so that you can focus on patient care. Verdara provides the example of smoking cessation counseling. Physicians commonly perform this type of counseling but may not receive credit under MIPS because they don’t check the box indicating the work was done. “We have built-in guides to help physicians understand why they might be missing out on a particular quality metric,” says Verdara, adding that physicians should be able to look to their EHR to prompt and guide them to understand where missed opportunities may lie.

  1. Use Clinical Decision Support to Enhance MIPS Performance

Your EHR should also provide prompts to remind physicians about age- and condition-specific preventive screenings and care that, when provided to patients, can help improve MIPS scores. Physicians using Kareo, for example, can improve performance on MIPS measures related to influenza and age-specific immunizations as well as screening for clinical depression, high blood pressure, and more, all of which directly translate to higher scores, says Verdara. “It helps the physician provide better care,” she adds. “It’s a win-win for the clinician and the patient.”

  1. Run Clinical Reports to Pinpoint Opportunities for Care Improvement

MIPS reports not only allow for attestation, but they also help practices understand what they do well—and what needs improvement, says Verdara. For example, practices tracking patients whose hemoglobin A1C is greater than 9% during the performance period can use this report for MIPS attestation and to improve outcomes. More specifically, they can reach out to patients with a poor A1C to provide additional counseling and guidance. “This is a good one to track because diabetes is an epidemic,” says Verdara. “It helps practices target patients who are non-compliant.” The same is true for measures related to controlling high blood pressure and asthma.

To learn more about MACRA, visit https://qpp.cms.gov/.

About Lisa Eramo
Lisa Eramo is a regular contributor to Kareo’s Go Practice Blog, as well as other healthcare publications, websites and blogs, including the AHIMA Journal. Her focus areas are medical coding, clinical documentation improvement and healthcare quality/efficiency.  Kareo is a proud sponsor of Healthcare Scene.

Federal Advisors Say Yes, AI Can Change Healthcare

Posted on January 26, 2018 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The use of AI in healthcare has been the subject of scores of articles and endless debate among industry professionals over its benefits. The fragile consensus seems to be that while AI certainly has the potential to accomplish great things, it’s not ready for prime time.

That being said, some well-informed healthcare observers disagree. In an ONC blog post, a collection of thought leaders from the agency, AHRQ and the Robert Wood Johnson Foundation believe that over the long-term, AI could play an important role in the future of healthcare.

The group of institutions asked JASON, an independent group of scientists and academics who advise the federal government on science and technology issues, to look at AI’s potential. JASON’s job was to look at the technical capabilities, limitations and applications for AI in healthcare over the next 10 years.

In its report, JASON concluded that AI has broad potential for sparking significant advances in the industry and that the time may be right for using AI in healthcare settings.

Why is now a good time to play AI in healthcare? JASON offers a list of reasons, including:

  • Frustration with existing medical systems
  • Universal use of network smart devices by the public
  • Acceptance of at-home services provided by companies like Amazon

But there’s more to consider. While the above conditions are necessary, they’re not enough to support an AI revolution in healthcare on their own, the researchers say. “Without access to high-quality, reliable data, the problems that AI will not be realized,” JASON’s report concludes.

The report notes that while we have access to a flood of digital health data which could fuel clinical applications, it will be important to address the quality of that data. There are also questions about how health data can be integrated into new tools. In addition, it will be important to make sure the data is accessible, and that data repositories maintain patient privacy and are protected by strong security measures, the group warns.

Going forward, JASON recommends the following steps to support AI applications:

  • Capturing health data from smartphones
  • Integrating social and environmental factors into the data mix
  • Supporting AI technology development competitions

According to the blog post, ONC and AHRQ plan to work with other agencies within HHS to identify opportunities. For example, the FDA is likely to look at ways to use AI to improve biomedical research, medical care and outcomes, as well as how it could support emerging technologies focused on precision medicine.

And in the future, the possibilities are even more exciting. If JASON is right, the more researchers study AI applications, the more worthwhile options they’ll find.

Why Clinicians Need a 2015 Certified EHR

Posted on January 11, 2018 I Written By

The following is a guest blog post by Lisa Eramo, a regular contributor to Kareo’s Go Practice Blog.

What does “2015 Certified EHR” mean to practicing clinicians? The once-flooded EHR market is now whittling down to those vendors equipped to respond to regulatory and industry changes. The Office of the National Coordinator (ONC) for Health Information Technology listed more than 4,000 EHRs with 2014 certification criteria, according to the most recent data from healthIT.gov. And to date, only about 200 EHRs have passed the rigorous 2015 certification criteria.

However, beyond the fact that 2015 is indeed the most recent certification criteria as issued by the HHS, why should medical practices care?  

When vendors certify their EHRs, physicians—and patients—are ultimately the beneficiaries, says Beth Onofri, EHR and industry advisor at Kareo, who led the 2015 Certification process for the Kareo Clinical EHR. Physicians benefit because the technology allows them to easily attest that they’ve met quality requirements specified in the Medicare Access and CHIP Reauthorization Act (MACRA). This includes Advancing Care Information (ACI)-related measures that help physicians boost their payments. ACI accounts for 25 percent of a physician’s performance score that dictates reimbursement under the Merit-based Incentive Payment System (MIPS). Patients benefit because they’re able to access and exchange their own health information more easily than ever before. It’s a win-win all around, says Onofri.

“The 2015 criteria require functionality supporting unprecedented patient engagement, care coordination, and information exchange, all of which bodes well for physicians striving to improve outcomes.”
—Beth Onofri, EHR and Industry Advisor at Kareo

Although using a certified EHR is important, implementing one that’s certified using only the 2015 criteria (not the 2014 criteria or a combination of the two) is a critical piece of the puzzle under MACRA, says Onofri. EHRs certified with the 2015 criteria help pave the way for physicians to receive a bonus in 2018. In addition, the 2015 criteria require functionality that supports unprecedented patient engagement, care coordination, and information exchange, all of which bodes well for physicians striving to improve outcomes.

Still, many physicians aren’t aware of how the 2015 certification criteria can help their practices, says Onofri.

Of the 60 different 2015 certification criteria, Onofri says these five are particularly helpful for practices seeking to improve the quality of the care they provide, ultimately fostering accurate payments under value-based payment reform:

1. View, download, and transmit health information to a third party

The 2015 criteria require a secure method of access (usually through a patient portal) as well as the ability to send information to an unsecured email address of the patient’s choice, says Onofri. The idea is that offering various access options improves overall patient engagement and outcomes.

She suggests creating a brochure that explains to patients how they can access and use the portal, including how to view, download, and transmit their health information. Another idea is to recruit a volunteer who can show patients how to use the portal while they wait in the waiting area. “There needs to be a strong advocate in each practice to make sure that these functionalities are implemented and used,” she adds. “Those practices with an advocate are the ones that will succeed.”

2. Secure messaging

This functionality allows physicians to send messages to—and receive messages from—patients in a secure manner, helping to improve engagement and communication. Practices must define how they’ll use secure messaging, including who will respond and what types of questions they’ll permit (e.g., fulfill appointment requests vs. answering clinical inquiries). “There are a small percentage of doctors who will want to answer their own messages, but there is a larger percentage of doctors who will want their staff to answer the emails and, if necessary, escalate to the provider,” says Onofri.

3. Patient health information capture

This functionality allows physicians to accept patient-generated health data into the EHR. For example, Onofri notes that the Kareo Clinical 2015 Edition EHR allows patients to record their health information at home to easily upload the information to their portal and transmit it securely to the physician for shared decision-making. The idea is that access to more comprehensive health data can help physicians prevent and manage disease—and it could be a game-changer in terms of population health management.

Start small when rolling out this functionality, she says. For instance, encourage patients with high blood pressure to upload their blood readings daily before engaging a second population (e.g., those with diabetes who upload their glucose levels).

4. Transitions of care

This functionality calls for interoperable documents that include key health data (e.g., name, date of birth, and medications) as well as standardized format for exchange. A transition of care summary provides critical information as patients transfer between different physicians at different health organizations or even distinct levels of care within the same organization.

“It’s not uncommon for our providers to send the referral right as they are completing the note with the patient in the room,” says Onofri. “This obviously speeds the care coordination for patients in terms of seeing another doctor.” The only caveat is that practices must compile a list of direct email addresses for physicians to whom patients are frequently referred, she adds.

5. Application programming interfaces (APIs)

“This is one of those requirements that is the foundation of things to come,” says Onofri. “It’s the first step toward interoperability.” API functionality will eventually allow patients to aggregate data from multiple sources in a web or mobile application of their choice.

Physicians who take the time to explore each of these 2015 certification functionalities may be more likely to improve outcomes and reap financial rewards under MACRA, says Onofri. “The improved functionality is there—is your practice taking advantage of it?”

About Lisa Eramo
Lisa Eramo is a regular contributor to Kareo’s Go Practice Blog, as well as other healthcare publications, websites and blogs, including the AHIMA Journal. Her focus areas are medical coding, clinical documentation improvement and healthcare quality/efficiency.  Kareo is a proud sponsor of Healthcare Scene.

Public Health Agencies Struggle To Integrate With HIEs

Posted on September 21, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

New research by ONC suggests that while public health agencies might benefit from connecting with HIEs, there are still some significant barriers many need to address before doing so.

Public health agencies at both the state and local level collect information from providers as part of conducting disease surveillance activities and maintaining data registries. Though some of these registries are common – notably those focusing on childhood immunizations, birth defects and cancer—the agencies’ technical infrastructure and data formats still vary. This makes sharing data between them difficult.

One alternative to cumbersome data matching between agencies is for the agencies to integrate with an HIE. According to the ONC report, public health researchers have begun to find that at least some of the time, the data they get from HIE organizations is richer than data from clinical systems. Not only that, when public health agencies integrate their information systems with HIEs, it can help them conduct many of their functions more effectively. However, it’s still unusual to find HIE-connected agencies as of yet.

In its new report, ONC outlines what it learned about what the agencies hoped to accomplish with HIE integration and how they moved ahead with integration. To find this out, ONC contracted with Clinovations Government + Health, which participated in discussions with eight entities and analyzing more detailed information on 10 others.

Virtually all respondents had two goals for HIE integration: 1) Minimizing the number of connections needed to link providers, HIEs and agencies and 2) Helping providers meet public health requirements for Medicare and Medicaid EHR incentive programs. A small subset also said that over the longer term, they wanted to create a sustainable platform for clinical and public health exchange which could support enhanced analytics and quality measurement.

Not surprisingly, though, they face considerable challenges in making HIE integration actually happen. In most cases, technology issues were possibly the toughest nut to crack, and almost certainly the most complex. To connect with an HIE, agencies may confront incompatible transport and messaging protocols, standards problems, data classification and coding issues, inconsistent data quality, and their often-inflexible legacy systems, to name just a few of the many problems ONC cites.

As if that weren’t enough, the agencies may not have the funding in place to take on the integration effort, and/or lack a stable funding stream; don’t have the kind of cross-functional leaders in place needed to integrate their systems with HIEs; grapple with complicated patient data privacy and security issues; and bump up against state laws limiting data sharing methods.

However, through its research, the ONC did gather some useful feedback on how the agencies were coping with the long list of HIE integration challenges they face. For example, to win over the support of policymakers, some agencies have emphasized that they’ll be able to use HIE data for higher-level analytics and quality measures. The respondents also noted that HIE integration got more internal support when they got buy-in from top leaders and second-tier leaders have project management, technical and policy skills.

Given these odds, it’s little wonder that the number of public health agencies successfully integrating with HIEs is still small. That being said, there’s good reason for them to keep pushing for integration, so their number is likely to grow over the next few years.

Health IT Group Raises Good Questions About “Information Blocking”

Posted on September 8, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

The 21st Century Cures Act covers a great deal of territory, with provisions that dedicate billions to NIH funding, Alzheimer’s research, FDA operations and the war on opioid addiction. It also contains a section prohibiting “information blocking.”

One section of the law lists attempts to define information blocking, and lists some of the key ways healthcare players drag their feet when it comes to data sharing. The thing is, some industry organizations feel that these provisions raise more questions than they answer.

In an effort to nail things down, a trade organization calling itself Health IT Now has written to the HHS Office of Inspector General and ONC head Donald Rucker, MD, asking them to issue a proposed rule answering their questions.  Parties signing the letter include a broad range of healthcare and health IT organizations, including the American Academy of Family Physicians, athenahealth, DirectTrust, AMIA, McKesson and Oracle.

I’m not going to list all the questions they’ve asked. You can read the entirety yourself. However, I will share two questions and offer responses of my own. One critical question is:

  • What is information blocking and what is not?

I think most of us know what the law is trying to accomplish, e.g. foster the kind of data sharing needed to accomplish key research and patient care outcomes goals. And the examples of what it considers information blocking make sense:

  • Practices that restrict authorized access, exchange, or use [of health data] under applicable State or Federal law
  • Implementing health information technology in nonstandard ways that are likely to substantially increase the complexity or burden of accessing exchanging or use of electronic health information
  • Implementing health information technology in ways that are likely to lead to fraud, waste, or abuse, or impede innovations and advancements health information access, exchange, and use

The problem is, there are many more ways to hamper the sharing of electronic health data. The language used in the law can’t anticipate all of these strategies, which leaves compliance with the law very much open to interpretation.

This, logically, leads to how businesses can avoid running afoul of the law:

  • The statute institutes penalties on vendors to $1 million per violation. How should “per violation” be defined?

    Given the minimum detail included in the legislation, this is a burning question. Vendors need to know precisely whether they’re in the clear, violated the statute once or flouted it a thousand times.

After all, vendors may violate the statute

  • When they refuse data access to one individual within a business one time
  • When they don’t comply with a specific organization’s request regardless of how many employees were in contact
  • When a receiving organization doesn’t get all the data requested at the same time
  • When the vendor asks the receiving organization to pay an administrative fee for the data
  • When individuals try to access data through the web and find it difficult to do so

Would a vendor be on the hook for a single $1 million fine if it flat out refused to share data with a client?  How about if it refused twice rather than once? Are both part of the same violation?

Does the $1 million fine apply if the vendor inadvertently supplies corrupted data? If so, does the fine still apply if the vendor attempts to remedy the problem? How long does the vendor have to respond if they are informed that the data isn’t readable?

What about if dozens or even hundreds of individuals attempt to access data on the web can’t do so? Has the vendor violated the statute if it has an extended web outage or database problem, and if so how long does it should have to get web-based data access back online? Does each attempt to access the data count as a violation?

What standard does the statute establish for standard vs. non-standard data formats?  Could a vendor be cited once, or more than once, for using a new and emerging data format which is otherwise respected by the industry?

As I’m sure you’ll agree, these are just some of the questions that need to be answered before any organization can reasonably understand how to comply with the law’s information blocking provisions. Asking regulatory agencies to clarify their expectations is more than reasonable.

Study Offers Snapshot Of Provider App Preferences

Posted on March 20, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A recent study backed by HIT industry researchers and an ONC-backed health tech project offers an interesting window into how healthcare organizations see freestanding health apps. The research, by KLAS and the SMART Health IT Project, suggests that providers are developing an increasingly clear of what apps they’d like to see and how they’d use them.

Readers of this blog won’t be surprised to hear that it’s still early in the game for healthcare app use. In fact, the study notes, about half of healthcare organizations don’t formally use apps at the point of care. Also, most existing apps offer basic EMR data access, rather than advanced use cases.

The apps offering EMR data access are typically provided by vendors, and only allow users to view such data (as opposed to documenting care), according to the study report. But providers want to roll out apps which allow inputting of clinical data, as this function would streamline clinicians’ ability to make an initial patient assessment, the report notes.

But there are other important app categories which have gained an audience, including diagnostic apps used to support patient assessment, medical reference apps and patient engagement apps.  Other popular app types include clinical decision support tools, documentation tools and secure messaging apps, according to researchers.

It’s worth noting, though, that there seems to be a gap between what providers are willing to use and what they are willing to buy or develop on their own. For example, the report notes that nearly all respondents would be willing to buy or build a patient engagement app, as well as clinical decision support tools and documentation apps. The patient engagement apps researchers had in would manage chronic conditions like diabetes or heart disease, both very important population health challenges.

Hospital leaders, meanwhile, expressed interest in using sophisticated patient portal apps which go beyond simply allowing patients to view their data. “What I would like a patient app to do for us is to keep patients informed all throughout their two- to four-hours ED stay,” one CMO told researchers. “For instance, the app could inform them that their CBC has come back okay and that their physician is waiting on the read. That way patients would stay updated.”

When it came to selecting apps, respondents placed a top priority on usability, followed by the app’s cost, clinical impact, capacity for integration, functionality, app credibility, peer recommendations and security. (This is interesting, given many providers seem to give usability short shrift when evaluating other health IT platforms, most notably EMRs.)

To determine whether an app will work, respondents placed the most faith in conducting a pilot or other trial. Other popular approaches included vendor demos and peer recommendations. Few favored vendor websites or videos as a means of learning about apps, and even fewer placed working with app endorsement organizations or discovering them at conferences.

But providers still have a few persistent worries about third-party apps, including privacy and security, app credibility, the level of ongoing maintenance needed, the extent of integration and data aggregation required to support apps and issues regarding data ownership. Given that worrisome privacy and security concerns are probably justified, it seems likely that they’ll be a significant drag on app adoption going forward.

Healthcare Industry Leads In Blockchain Deployment

Posted on January 19, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

A new study by Deloitte concludes that healthcare and life sciences companies stand out as planning the most aggressive blockchain deployments of any industry. That being said, healthcare leaders are far from alone in paying close attention to blockchain, which seems to be coming into its own as corporate technology.

According to Deloitte, 39% of senior executives at large US companies had little or no knowledge of blockchain technology, but the other 61% reported their blockchain knowledge level as broad to expert. The execs who were well-informed about blockchain told Deloitte that it would be crucial for both their company and industry. In fact, 55% of the knowledgeable group said their company would be at a competitive disadvantage if they failed to adopt blockchain, and 42% believed it would disrupt their industry.

Given this level of enthusiasm, it’s not surprising that respondents have begun to invest in blockchain internally. Twenty-eight percent of respondents said their company had invested $5 million of more in blockchain tech to date, and 10% reported investing $10 million or more. Not only that,  25% of respondents expected to invest more than $5 million in blockchain technology this year.

While the level of blockchain interest seems to be pronounced across industries studied by Deloitte, healthcare and life science companies lead the pack when it came to deployment, with 35% of industry respondents saying that their company expects to put blockchain into production during 2017.

All that being said, aggressive deployment may or may not be a good thing just yet. According to research by cloud-based blockchain company Tierion, the majority of blockchain technology isn’t ready for deployment, though worthwhile experiments are underway.

Tierion argues that analysts and professional experts are overselling blockchain, and that most of blockchain technology is experimental and untested. Not only that, its research concludes that at least one healthcare application – giving patients the ability to manage their health data – is rather risky, as blockchain security is shaky.

It seems clear that health IT leaders will continue to explore blockchain options, given its tantalizing potential for sharing data securely and flexibly. And as the flurry of interest around ONC’s blockchain research challenge demonstrates, many industry thought leaders take this technology seriously. If the winning submissions are any indication, blockchain may support new approaches to health data interoperability, claims processing, medical records, physician-patient data sharing, data security, HIEs and even the growth of accountable care.

If nothing else, 2017 should see the development of some new and interesting healthcare blockchain applications, and probably the investment of record new amounts of capital to build them. In other words, whether blockchain is mature enough for real time deployment or not, it’s likely to offer an intriguing show.

ONC Takes Another Futile Whack At Interoperability

Posted on January 2, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.

With the New Year on its way, ONC has issued its latest missive on how to move the healthcare industry towards interoperability. Its Interoperability Standards Advisory for 2017, an update from last year’s version, offers a collection of standards and implementation specs the agency has identified as important to health data sharing.

I want to say at the outset that this seems a bit, well, strange to me. It really does seem like a waste of time to create a book of curated standards when the industry’s interoperability take changes every five minutes. In fact, it seems like an exercise in futility.

But I digress. Let’s talk about this.

About the ISA

The Advisory includes four technical  sections, covering a) vocabulary/code sets/terminology, b) content/structure standards and implementation specs, c) standards and implementation specs for services and d) models and profiles, plus a fifth section listing ONC’s questions and requesting feedback. This year’s version takes the detailed feedback the ONC got on last year’s version into account.

According to ONC leader Vindell Washington, releasing the ISA is an important step toward achieving the goals the agency has set out in the Shared Nationwide Interoperability Roadmap, as well as the Interoperability Pledge announced earlier this year. There’s little doubt, at minimum, that it represents the consensus thinking of some very smart and thoughtful people.

In theory ONC would appear to be steaming ahead toward meeting its interoperability goals. And one can hardly disagree that it’s overarching goal set forth in the Roadmap, of creating a “learning health system” by 2024 sounds attractive and perhaps doable.

Not only that, at first glance it might seem that providers are getting on board. As ONC notes, companies which provide 90% of EHRs used by hospitals nationwide, as well as the top five healthcare systems in the country, have agreed to the Pledge. Its three core requirements are that participants make it easy for consumers to access their health information, refrain from interfering with health data sharing, and implement federally recognized national interoperability standards.

Misplaced confidence

But if you look at the situation more closely, ONC’s confidence seems a bit misplaced. While there’s much more to its efforts, let’s consider the Pledge as an example of how slippery the road ahead is.

So let’s look at element one, consumer access to data. While agreeing to give patients access is a nice sentiment, to me it seems inevitable that there will be as many forms of data access as there are providers. Sure, ONC or other agencies could attempt to regulate this, but it’s like trying to nail down jello given the circumstances. And what’s more, as soon as we define what adequate consumer access is, some new technology, care model or consumer desire will change everything overnight.

What about information blocking? Will those who took the Pledge be able to avoid interfering with data flows? I’d guess that if nothing else, they won’t be able to support the kind of transparency and sharing ONC would like to see. And then when you throw in those who just don’t think full interoperability is in their interests – but want to seem as though they play well with others – you’ve pretty much got a handful o’ nothing.

And consider the third point of the Pledge, which asks providers to implement “federally recognized” standards. OK, maybe the ISA’s curated specs meet this standard, but as the Advisory is considered “non-binding” perhaps they don’t. OK, so what if there were a set of agreed-upon federal standards? Would the feds be able to keep up with changes in the marketplace (and technology) that would quickly make their chosen models obsolete? I doubt it. So we have another swing and a miss.

Given how easy the Pledge is to challenge, how much weight can we assign to efforts like the ISA or even ONC’s long-term interoperability roadmap? I’d argue that the answer is “not much.” The truth is that at least in its current form, there’s little chance the ONC can do much to foster a long-term, structural change in how health organizations share data. It’d be nice to think that, but thinking doesn’t make it so.

ONC’s Interoperability Standards Advisory Twitter Chat Summary

Posted on September 2, 2016 I Written By

The following is a guest blog post by Steve Sisko (@ShimCode and www.shimcode.com).

Yesterday the Office of the National Coordinator for Health Information Technology (ONC) hosted an open chat to discuss their DRAFT 2017 Interoperability Standards Advisory (ISA) artifacts.  The chat was moderated by Steven Posnak, Director, Office of Standards and Technology at Office of the National Coordinator for Health Information and used the #ISAchat hashtag under the @HealthIT_Policy account. The @ONC_HealthIT Twitter account also weighed in.

It was encouraging to see that the ONC hosted a tweetchat to share information and solicit feedback and questions from interested parties. After a little bit of a rough start and clarification of the objectives of the chat, the pace of interactions increased and some good information and ideas were exchanged. In addition, some questions were raised; some of which were answered by Steven Posnak and some of which were not addressed.

What’s This All About?

This post summarizes all of the tweets from the #ISAchat. I’ve organized the tweets as best as I could and I’ve excluded re-tweets and most ‘salutatory’ and ‘thank you’ tweets.

Note: The @hitechanswers  account shared a partial summary of the #ISAchat on 8/31/16 but it included less than half of the tweets shared in this post. So you’re getting the complete scoop here.

Topic 1: Tell us about the ISA (Interoperability Standards Advisory)
Account Tweet Time
@gratefull080504 Question: What is the objective of #ISAchat?   12:04:35
@onc_healthit To spread the word and help people better understand what the ISA is about 12:05:00
@gratefull080504 Question: What are today’s objectives, please? 12:08:43
@onc_healthit Our objective is to educate interested parties. Answer questions & hear from the creators 12:11:02
@johnklimek “What’s this I hear about interoperability?” 12:12:00
@cperezmha What is #PPDX? What is #HIE? What is interoperability? What is interface? #providers need to know the differences. Most do not. 12:14:41
@techguy Who is the target audience for these documents? 12:44:06
@healthit_policy HITdevs, CIOs, start-ups, fed/state gov’t prog admins. Those that have a need to align standards 4 use #ISAchat 12:46:18
@ahier No one should have to use proprietary standards to connect to public data #ISAchat 12:46:19
@shimcode Reference Materials on ISA
Ok then, here’s the “2016 Interoperability Standards Advisory” https://t.co/5QkmV3Yc6w
12:07:19
@shimcode And here’s “Draft 2017 Interoperability Standards Advisory” https://t.co/TUFidMXk0j 12:07:38
@stephenkonya #ICYMI Here’s the link to the @ONC_HealthIT 2017 DRAFT Interoperability Standards Advisory (ISA): https://t.co/VTqdZHUjBW 12:10:57
@techguy Question: Do you have a good summary blog post that summarizes what’s available in the ISA? 12:52:15
@onc_healthit We do! https://t.co/vVW6BM5TFW Authored by @HealthIT_Policy and Chris Muir – both of whom are in the room for #ISAchat 12:53:15
@healthit_policy Good? – The ISA can help folks better understand what standards are being implemented & at what level 12:06:29
@healthit_policy Getting more detailed compared to prior versions due largely to HITSC & public comments 12:29:48
@healthit_policy More work this fall on our side to make that come to fruition. In future, we’re aiming for a “standards wikipedia” approach 12:33:03
@survivorshipit It would be particularly helpful to include cited full documents to facilitate patient, consumer participation 12:40:22
@davisjamie77 Seeing lots of references to plans to “explore inclusion” of certain data. Will progress updates be provided? 12:50:00
@healthit_policy 1/ Our next milestone will be release of final 2017 ISA in Dec. That will rep’snt full transition to web 12:51:15
@healthit_policy 2/ after that future ISA will be updated more regularly & hopefully with stakeholder involved curation 12:52:21
@bjrstn Topic:  How does the ISA link to the Interoperability Roadmap? 12:51:38
@cnsicorp How will #ISA impact Nationwide Interoperability Roadmap & already established priorities? 12:10:49
@healthit_policy ISA was 1st major deliverable concurrent w/ Roadmap. Will continue to b strong/underlying support to work 12:13:49
@healthit_policy ISA is 1 part of tech & policy section of Roadmap. Helps add transparency & provides common landscape 12:53:55
@healthit_policy Exciting thing for me is the initiated transition from PDF to a web-based/interactive experience w/ ISA 12:30:51
@onc_healthit Web-based version of the ISA can be found here: https://t.co/F6KtFMjNA1 We welcome comments! 12:32:04
@techguy Little <HSML> From a Participant on the Ease of Consuming ISA Artifacts
So easy to consume!
12:40:57
@healthit_policy If I knew you better I’d sense some sarcasm :) that said, working on better nav approaches too 12:43:36
@techguy You know me well. It’s kind of like the challenge of EHRs. You can only make it so usable given the reqs. 12:45:36
@shimcode I think John forgot to enclose his tweet with <HSML> tags (Hyper Sarcasm Markup Language) 12:46:48
@ahier Don ‘t Use My Toothbrush!
OH (Overheard) at conference “Standards are like toothbrushes, everyone has one and no one wants to use yours”
13:15:43
Topic 2: What makes this ISA different than the previous drafts you have issued?
Account Tweet Time
@cnsicorp #Interoperability for rural communities priority 12:32:40
@healthit_policy Rural, underserved, LTPAC and other pieces of the interoperability puzzle all important #ISAchat 12:35:33
@cnsicorp “more efficient, closer to real-time updates and comments…, hyperlinks to projects…” 12:47:15
@shimcode Question: So you’re not providing any guidance on the implementation of interoperability standards? Hmm… 12:21:10
@gratefull080504 Question: Are implementation pilots planned? 12:22:51
@healthit_policy ISA reflects what’s out there, being used & worked on. Pointer to other resources, especially into future #ISAchat 12:24:10
@ahier The future is here it’s just not evenly distributed (yet) #ISAchat 12:25:15
@healthit_policy Yes, we put out 2 FOAs for High Impact Pilots & Standards Exploration Awards 12:25:56
@healthit_policy HHS Announces $1.5 Million in Funding Opportunities to Advance Common Health Data Standards. Info here: https://t.co/QLo05LfsLw
Topic 3: If you had to pick one of your favorite parts of the ISA, what would it be?
Account Tweet Time
@shimcode The “Responses to Comments Requiring Additional Consideration” section. Helps me understand ONC’s thinking. 12:45:32
@healthit_policy Our aim is to help convey forward trajectory for ISA, as we shift to web, will be easier/efficient engagement 12:47:47
@healthit_policy Depends on sections. Some, like #FHIR, @LOINC, SNOMED-CT are pointed to a bunch. 12:49:15
@gratefull080504 Question: What can patients do to support the objectives of #ISAchat ? 12:07:02
@gratefull080504 Question: Isn’t #ISAChat for patients? Don’t set low expectations for patients 12:10:44
@gratefull080504 I am a patient + I suffer the consequences of lack of #interoperability 12:12:26
@healthit_policy Certainly want that perspective, would love thoughts on how to get more feedback from patients on ISA 12:12:35
@gratefull080504 What about patients? 12:13:03
@gratefull080504 First step is to ensure they have been invited. I am happy to help you after this chat 12:13:57
@survivorshipit Think partly to do w/cascade of knowledge–>as pts know more about tech, better able to advocate 12:15:21
@healthit_policy Open door, numerous oppty for comment, and representation on advisory committees. #MoreTheMerrier 12:15:52
@gratefull080504 I am currently on @ONC_HealthIT Consumer Advisory Task Force Happy to contribute further 12:17:08
@healthit_policy 1 / The ISA is technical in nature, & we haven’t gotten any comments on ISA before from patient groups 12:08:54
@healthit_policy 2/ but as we look to pt generated health data & other examples of bi-directional interop, we’d like to represent those uses in ISA 12:09:51
@resultant TYVM all! Trying to learn all i can about #interoperability & why we’re not making progress patients expect 13:09:22
@shimcode Question: Are use cases being developed in parallel with the Interoperability Standards? 12:13:28
@shimcode Value of standards don’t lie in level of adoption of std as a whole, but rather in implementation for a particular use case. 12:16:33
@healthit_policy We are trying to represent broader uses at this point in the “interoperability need” framing in ISA 12:18:58
@healthit_policy 2/ would be great into the future to have more detailed use case -> interop standards in the ISA with details 12:19:49
@healthit_policy Indeed, royal we will learn a lot from “doing” 12:20:40
@shimcode IHE Profiles provide a common language to discuss integration needs of healthcare sites and… Info here: https://t.co/iBt2m8F9Ob 12:29:12
@techguy I’d love to see them take 1 section (say allergies) and translate where we’d see the standards in the wild. 12:59:04
@techguy Or some example use cases where people want to implement a standard and how to use ISA to guide it. 13:00:38
@healthit_policy Check out links now in ISA to the Interop Proving Ground – projects using #ISAchat standards. Info here: https://t.co/Co1l1hau3B 13:02:54
@healthit_policy Thx for feedback, agree on need to translate from ISA to people seeing standards implemented in real life 13:01:08
@healthit_policy Commenting on ISA Artifacts
We want to make the #ISA more accessible, available, and update-able to be more current compared to 1x/yr publication
12:34:22
@cperezmha #interoperability lowers cost and shows better outcomes changing the culture of healthcare to be tech savvy is key 12:35:10
@healthit_policy One new feature we want to add to web ISA is citation ability to help document what’s happ’n with standards 12:37:12
@shimcode A “discussion forum” mechanism where individual aspects can be discussed & rated would be good. 12:39:53
@healthit_policy Good feedback. We’re looking at that kind of approach as an option. ISA will hopefully prompt debate 12:40:50
@shimcode Having to scroll through all those PDF’s and then open them 1 by 1 only to have to scroll some more is VERY inefficient. 12:41:25
@shimcode Well, I wouldn’t look/think too long about it. Adding that capability is ‘cheap’ & can make it way easier on all. 12:43:48
@shimcode Question: What Can Be Learned About Interoperability from the Private Sector?
Maybe @ONC_HealthIT can get input from Apple’s latest #healthIT purchase/Gliimpse? What do they know of interoperability?
12:19:13
@healthit_policy > interest from big tech cos and more mainstream awareness is good + more innovation Apple iOS has CCDA sprt 12:22:59
@drewivan Testing & Tools
I haven’t had time to count, but does anyone know approximately how many different standards are included in the document?
12:47:29
@healthit_policy Don’t know stat off had, but we do identify and provide links for test tools as available. 12:56:31
@drewivan And what percentage of them have test tools available? 12:54:38
@shimcode According to the 2017 ISA stds just released, a tiny fraction of them have test tools. See here: https://t.co/Jbw7flDuTg 12:58:02
@shimcode I take back “tiny faction” comment on test tools. I count 92 don’t have test tools, 46 do. No assessment of tool quality though. 13:08:31
@healthit_policy Testing def an area for pub-private improvement, would love to see # increase, with freely available too 12:59:10
@techguy A topic near and dear to @interopguy’s heart! 12:59:54
@resultant Perhaps we could replace a couple days of HIMSS one year with #interoperability testing? #OutsideBox 13:02:30
 
Walk on Topic: Promotion of ISA (Thank you @cperezmha)
What can HIE clinics do to help other non-users get on board? Is there a certain resource we should point them too to implement?
Account Tweet Time
@davisjamie77 Liking the idea of an interactive resource library. How will you promote it to grow use? 12:35:57
@healthit_policy A tweetchat of course! ;) Also web ISA now linking to projects in the Interoperability Proving Ground 12:39:04
@davisjamie77 Lol! Of course! Just seeing if RECs, HIEs, other #HIT programs might help promote. 12:40:44
@healthit_policy Exactly… opportunities to use existing relationships and comm channels ONC has to spread the word 12:41:28
@stephenkonya Question: How can we better align public vs private #healthcare delivery systems through #interoperability standards? 12:42:23
Miscellaneous Feedback from Participants
Account Tweet Time
@ahier Restful APIs & using JSON and other modern technologies 12:54:03
@waynekubick Wayne Kubick joining from #HL7 anxious to hear how #FHIR and #CCDA can help further advance #interoperability. 12:11:30
@resultant We all do! The great fail of #MU was that we spent $38B and did not get #interoperability 12:14:21
@waynekubick SMART on #FHIR can help patients access and gain insights from their own health data — and share it with care providers. 12:17:44
@resultant I think throwing money at it is the only solution… IMHO providers are not going to move to do it on their own… 12:20:44
@shimcode @Search_E_O your automatic RT’s of the #ISAChat tweets are just clouding up the stream. Why? smh 12:08:30
@ahier
Do you see #blockchain making it into future ISA
12:28:02
@healthit_policy Phew… toughy. lots of potential directions for it. Going to segue my response into T2 12:28:58
@hitpol #blockchain for healthcare! ➡ @ONC_HealthIT blockchain challenge. Info here: https://t.co/vG60qRAqqa 12:31:33
@healthit_policy That’s All Folks!
Thank you everyone for joining our #ISAchat! Don’t forget to leave comments.
PDF version

 
About Steve Sisko
Steve Sisko has over 20 years of experience in the healthcare industry and is a consultant focused on healthcare data, technology and services – mainly for health plans, payers and risk-bearing providers. Steve is known as @ShimCode on Twitter and runs a blog at www.shimcode.com. You can learn more about Steve at his LinkedIn page and he can be contacted at shimcode@gmail.com.