Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

How the Young Unity Health Score Company Handles The Dilemmas of Health IT Adoption

Posted on June 25, 2018 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

I have been talking to a young company called Unity Health Score with big plans for improving the collection and sharing of data on patients. Their 55-page business plans covers the recruitment of individuals to share health data, the storage of that data, and services to researchers, clinicians, and insurers. Along the way, Unity Health Score tussles with many problems presented by patient data.
Unity Health Score logo
The goals articulated for this company by founder Austin Jones include getting better data to researchers and insurers so they can reduce costs and find cures, improving communications and thus care coordination among clinicians and patients, and putting patients in control of their health data so they can decide where it goes. The multi-faceted business plan covers:

  • Getting permission from patients to store data in a cloud service maintained by Unity Health Score
  • Running data by the patients’ doctors to ensure accuracy
  • Giving patients control over what researchers or other data users receive their data, in exchange for monetary rewards
  • Earning revenue for the company and the patients by selling data to researchers and insurers
  • Helping insurers adjust their plans based on analysis of incoming data

The data collected is not limited to payment data or even clinical data, but could include a grab-bag of personal data, such financial and lifestyle information. All this might yield health benefits to analytics–after all, the strategy of using powerful modern deep learning is being pursued by many other health care entities. At the same time, Jones plans to ensure might higher quality data than traditional data brokers such as Acxiom.

Now let’s see what Unity Health Score has to overcome to meet its goals. These challenges are by no means unique to these energetic entrepreneurs–they define the barriers faced by institutions throughout health care, from the smallest start-up to the Centers for Medicare & Medicaid Services.

Outreach to achieve a critical mass of patients
We can talk for weeks about quality of care and modernizing cures, but everybody who works in medicine agrees that the key problem we face is indifference. Most people don’t want to think too much about their health, are apathetic when presented with options, and stubbornly resist the simplist interventions–even taking their prescribed medication. So explaining the long-term benefits of uploading data and approving its use will be an uphill journey.

Many app developers seek adoption by major institutions, such as large insurers, hospital conglomerates, and HMOs like Kaiser. This is the smoothest path toward adoption by large numbers of consumers, and Unity Health Score includes a similar plan in its business model, According to Jones, they will require the insurance company to reduce premiums based on each patient’s health score. In return, they should be able to use the data collected to save money.

Protecting patient data
Health data is probably the most sensitive information most of us produce over our lifetimes. Financial information is important to keep safe, but you can change your bank account or credit card if your financial information is leaked–you can’t change your medical history. Security and privacy guarantees are therefore crucial for patient records. Indeed, the Unity Health Score business plan cites fears of privacy as a key risk.

Although some researchers have tried distributed patient records, stored in some repository chosen by each individual, Unith Health Score opts for central storage, like most current personal health records. This not only requires great care to secure, but places on them the burden of persuading patients that the data really will be used only for purposes chosen by the patients. Too many apps and institutions play three-card Monte with privacy policies, slipping in unauthorized uses (just think back to the recent Facebook/Cambridge Analytica scandal), so Internet users have become hypervigilant.

Unity Health Score also has to sign up physicians to check data for accuracy. This, of course, should be the priority for any data entered into any medical record. Because doctors’ time is going more and more toward the frustrating task of data entry, the company offers an enticing trade-off: the patients takes the time to enter their data, and the doctor merely verifies its accuracy. Furthermore, a consolidated medical record online can be used to speed check-in times on visits and to make data sharing on mobile devices easier.

Making the data useful
Once the patients and clinicians join Unity Health Score, the company has to follow through on its promise. This is a challenge with multiple stages.

First, much of the data will be in unstructured doctors’ notes. Jones plans to use OCR, like many other health data aggregators, to extract useful information from the notes. OCR and natural language processing may indeed be more accurate than relying on doctors to meticulously fill out dozens of structured fields in a database. But there is always room for missed diagnoses or allergies, and even for misinterpretations.

Next, data sources must be harmonized. They are likely to use different units and different lexicons. Although many parts of the medical industry are trying to standardize their codings, progress is incomplete.

The notion of a single number defining one’s health is appealing, but it might be too crude for many uses. Whether you’re making actuarial predictions (when will the individual die, or have to stop working?), estimating future health care costs, or guessing where to allocate public health resources, details about conditions may be more important than an all-encompassing number. However, many purchasers of the Unity Health Score information may still find the simplicity of a single integer useful.

Making the service attractive to data purchasers
The business plan points out that most rsearch depends on large data sets. During the company’s ramp-up phase–which could take years–they just won’t have enough patients suffering from a particular condition to interest many researchers, such as pharma companies looking for subjects. However, the company can start by selling data to academic researchers, who often can accomplish a lot with a relatively small sample. Biotech, pharma, and agencies can sign up later.

Clinicians may warm to the service much more quickly. They will appreciate having easy access to patient data for emergency room visits and care coordination in general. However, this is a very common use case for patient data, and one where many competing services are vying for a business niche.

Aligning goals of stakeholders
In some ways I have saved the hardest dilemma for last. Unity Health Care is trying to tie together many sets of stakeholders–patients, doctors, marketers, researchers, insurers–and between many of these stakeholders there are irreconcilable conflicts.

For instance, insurers will want the health score to adjust their clients’ payments, charging more for sick people. This will be feared and resented by people with pre-existing conditions, who will therefore withhold their information. In some cases, such insurer practices will worsen existing disparities for the poor and underpriviledged. The Unity Health Score business plan rejects redlining, but there may be subtler practices that many observers would consider unethical. Sometimes, incentives can also be counterproductive.

Also, as the business plan points out, many companies that currently purchase health data have goals that run counter to good health: they want to sell doctors or patients products that don’t actually help, and that run up health care costs. Some purchasers are even data thieves. Unity Health Score has a superior business model here to other data brokers, because it lets the patients approve each distribution of their data. But doing so greatly narrows the range of purchasers. Hopefully, there will be enough ethical health data users to support Unity Health Score!

This is an intriguing company with a sophisticated strategy–but one with obstacles to overcome. We can all learn from the challenges they face, because many others who want to succeed in the field of health care reform will come up against those challenges.

Healthcare Dashboards, Data, and FHIR

Posted on March 30, 2018 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

We live in a dashboard society. We love our dashboards! We have mechanisms to track, analyze, and display all sorts of data at our fingertips any time of the day or night and everywhere we turn. We like it that way! Data is knowledge. Data is power. Data drives decisions. Data is king.

But what about healthcare data? Specifically, what about YOUR healthcare data? Is it all available in one place where you can easily access it, analyze it, and make decisions about your health? Chances are, it’s not. Most likely, it’s locked up inside various EHRs and many tethered (read: connected to the provider, not shareable to other providers) patient portals you received access to when you visited your doctors for various appointments. In some cases, the information that is there might not be correct. In other cases, there might not be much data there at all.

How are you supposed to act as an informed patient or caregiver when you don’t have your data or accurate data for those you are caring for? When health information is spread across multiple portals and the onus is on you to remember every login and password and what data is where for each of these portals, are you really using them effectively? Do you want to use them? It’s not very easy to connect the dots when the dots can’t be located because they’re in different places in varying degrees of completeness.

How do we fix this? What steps need to be taken? Aggregating our health information isn’t just collecting the raw data and calling it a complete record. It’s more than being able to send files back and forth. It’s critical to get your data right, at the core, as part of your platform. That’s what lets you build useful services, like a patient dashboard, or a provider EHR, or a payer analytics capability. A modern data model that represents your health information as a longitudinal patient record is key.

Many IT companies have realized HL7 FHIR (Fast Healthcare Interoperability Resources) is the preferred way to get there and are exploring its uses for interoperability. These companies have started using FHIR to map health information from their current data models to FHIR in order to allow information exchange.

This is just the beginning, though. If you want robust records that support models of the future, you need a powerful, coherent data model, like FHIR, as your internal data model, too.  Then take it a step further and use technologies similar to those used by other enterprise scale systems like Netflix and LinkedIn, to give patients and caregivers highly available, scalable, and responsive tools just like their other consumer-facing applications. Solutions that are built on legacy systems can’t scale in this way and offer these benefits.

Our current healthcare IT environment hasn’t made it easy for patients to aggregate their health information or aggregated it for them. If we want to meet the needs of today and tomorrow’s patients and caregivers, we need patient-centric systems designed to make it easy to gather health information from all sources – doctors, hospitals, laboratories, HIEs, and personal health devices and smartphones.

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or @MedicaSoftLLC.

About MedicaSoft
MedicaSoft  designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

Seven Types of HIMSS18 Attendees: An Exhibitor’s Perspective

Posted on March 16, 2018 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

The HIMSSanity is over and everyone’s departed Las Vegas and headed for home (or SXSW). This year, my company was an exhibitor in Hall G at HIMSS. Our booth was on the main aisle, or “the thoroughfare” as those of us in the booth liked to call it. As such, I noticed some trends in the types of booth visits we encountered this year during HIMSS. These visits can be summed up into seven different types.

Integration on the Brain. “I need something to connect my disparate systems together.” Whether it’s EHR-to-EHR, EHR-to-other systems, PHR-to-EHR, or many Health IT combinations, there was no shortage of requests at HIMSS for a system or platform to make these connections happen more seamlessly. Inquiries about integration and connecting various technologies came up more frequently at our booth than any other topic at the show. These conversations were great for MedicaSoft because we can help them solve integration problems.

Partnership Hustle. “I make APIs, products, or provide services to complement your software offering. I think we’d make great partners.” HIMSS is certainly a place to find synergies and begin conversations for potential win-win situations for companies who want to partner together and go to market. Sometimes these meetings are the start of a perfect “meet cute.” Other times, they fall short. Either way, there are lots of folks out there with a wide variety of products and services making their rounds and searching for perfect business partners.

Swag Gatherer. “I came here for the swag.” You know this person. This person has no desire to interact with you. They’re not sure what your company does and many times they don’t care to ask. This person wants to collect as much free stuff at the conference as possible. Sometimes they are annoyed when you don’t have a giveaway. You know you’ve encountered a swag gatherer by their refusal to make eye contact and how fast they exit your booth once they’ve snatched up whatever swag or tchotchke you have to offer.

IT Spy. “I must find out what the competition is doing right now, let me pretend I’m in the market for IT products and booth hop.” We’ve all seen it. We know when it’s happening. It can be hilarious when the spying company tries to act like they are NOT doing this. It’s pretty obvious. I’m on to you. My only request? Be nice about it. We’ll show you what we have. You don’t have to be obnoxious or play dumb. We are happy to share.

Things You Don’t Need. “You really need our product or service even if you think you don’t need our product or service.” Everyone has this happen at one point or another. Someone comes by and really wants to sell you something you don’t need. Sometimes they politely go on their way. Other times they linger on, refusing to acknowledge that you don’t need their product or service. Sometimes being upfront doesn’t help and they continue to launch into their sales pitch anyway. You have to give these folks credit, they really are trying to sell.

Neighborhood Friendly Booth Staff or First-time HIMSS-goer. “I just thought I’d say hello.” This could be neighboring booth staff coming over to say hello. It could also be an exhibitor or attendee who’s there for the first time. In either case, these are friendly people who want to ask questions. They are getting their bearings for the show and trying to learn as much as possible. Many times they ask for advice or directions.

Match Made in Heaven. “We’re looking to buy or replace our patient portal, PHR, EHR, or integration platform.” The crème de la crème of conference attendees. This person has done their research. They know what they want and what they want is what you offer! These types of meetings leave you jazzed for the rest of the conference and eager for post-conference follow-up. This type of conference attendee actually answers your emails and phone calls when you follow-up because they have a genuine interest in what you do and how you can help them solve their IT problems or challenges.

HIMSS18 exhibitors and attendees, what other types of booth attendees did you see this year at the show?

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or @MedicaSoftLLC.

About MedicaSoft
MedicaSoft  designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

The Real Problem with High Healthcare Costs

Posted on February 27, 2018 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

The rising cost of healthcare in the U.S. is something that nearly everyone experiences on a regular basis. Looking at the trend over the last few decades, there is an eye-opening surge in cost. There’s a great article/table by Kimberly Amadeo that outlines health care costs by year from 1960 to 2015. The cost per person for health care in 1960 was $146. In 2015, the cost per person was $9,990, over 68 times higher than it was in 1960.

The trend shows no sign of slowing; 2018 costs have only gotten higher. The National Conference of State Legislatures cited a figure from a Kaiser Employer Survey stating that annual premiums reached $18,764 in 2017. Costs for people purchasing insurance on an exchange or privately increased even more.

Increasing healthcare costs impact everyone. Why have costs gotten so high? Wasn’t the Affordable Care Act supposed to make coverage more affordable? Instead, many are faced with even higher insurance premiums for themselves and their families. Sometimes that equates to having to make difficult choices in care. And should people have to decide whether or not they can afford to seek care or treatment?

Many people want to blame insurance companies or hospitals or lobbyists or politicians. In truth, it’s a complex issue. And one of the core reasons it’s so hard to dissect is that there is a real lack of data – cost and price information, and clinical information on care quality and outcomes. Nobody has all of the data in one place. Without all of the data, the real problem or problems can’t be seen. If a problem can be guessed, it can’t be fixed. As in the Wizard of Oz, the real drivers are lurking behind the curtain; worse, the data that describes the drivers is splintered and located in different places, waiting to be collected in a way that reveals the whole truth.

How can health IT help? Are there ways that we can help solve the data problem and reduce high healthcare costs? Electronic Health Records can help gather the data. Adding claims data to complete, longitudinal patient health records can also help. Connecting PHRs, EHRs, and claims data together can help bridge the data gaps and tell more of a complete story. Until we have that story, the industry will continue to operate in siloes. Costs will continue to rise. And people will have a harder time seeking out the care they need.

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or @MedicaSoftLLC.

About MedicaSoft
MedicaSoft  designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

The Opportunity for Health Information Exchanges (HIEs) to Untangle Health Records

Posted on February 6, 2018 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

As the government’s Meaningful Use incentive program accelerated the adoption of Electronic Health Records, it also increased the use of patient portals and PHRs to meet MU patient engagement measures. You see this today when you’re offered a portal login at your doctor appointments. Other encouraging trends developed around the same time:

  1. Studies proved that engaged patients tend to exhibit more positive health outcomes at lower costs.
  2. Interest increased among patient populations to be involved in their health and wellness, including a desire to see (and even contribute to) their electronic medical records.
  3. Technology innovations flourished to support health (wearables, health devices, applications, etc.).

Despite these trends and the relative success of MU-driven deployments, the patient portal and personal health record landscape leaves much to be desired for their primary users and audience – patients. Many of these tools were created simply to satisfy MU requirements and while they do this, they don’t completely tie together patients’ complex health histories, include data from multiple providers, or travel with the patient from visit to visit. Instead, patients have many different portals – a different one from every different provider. Who wants 10 different portals? Nobody has time for that!

Patients need help assembling a single view of their health records. HIEs are unique in that they work with many different health systems, hospitals, and providers in their regions. HIEs represent an opportunity to be a true integrator of health information between providers and their patients. This can be a regional solution now, and with efforts like the Patient Centered Data Home (PCDH), there is greater opportunity for HIEs to share data across state and regional lines, further expanding their reach and extending real benefits to patients who want their data in one place.

HIEs can leverage their unique position into a meaningful benefit for patient by first creating a single patient record or universal health record (UHR). This UHR or platform works seamlessly with PHRs. By making PHRs available to providers in their exchange, they can then share health data among every provider they link up with and the connections grow from there when you add in PCDH connections in other regions and states. Once there is a platform in place that is truly interoperable, sharing data between providers, patients can start using PHRs that have useful, relevant health data from all of their providers. HIEs can then start building in other capabilities like analytics, population health, care quality metrics, and more.

A patient’s medical journey involves multiple providers and different physical locations as their lives and health evolve. Their health information – in a single, universal health record – should evolve with them. HIEs can play a significant role in making that happen.

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or @MedicaSoftLLC.

About MedicaSoft
MedicaSoft  designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

Patient Portals and Chronic Disease Management

Posted on January 16, 2018 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

Half of all U.S. adults, roughly 117 million people, have one or more chronic health conditions. 1 in 4 people have two or more chronic conditions. As a nation, we need some help addressing the chronic disease epidemic. Many patient portals today give patients access to pieces of their health information – lab results, for example – and some will flag upcoming appointments or refill a prescription, but where are the tools and the data in a portal to actually help patients manage chronic conditions, thereby improving their overall health and wellness? Sadly, many patient portals provide a very narrow view, with few opportunities to link data to actions to results in a way that closes the loop between patients and caregivers. Without a complete view of a patient’s health measures, wellness goals, and plans of action – and the tools to manage them – it is very difficult to connect health and wellness to address the whole patient.

Chronic disease management represents one of the best opportunities for a personal health record to link both wellness and healthcare together to affect positive health outcomes. What does it take to improve and maintain wellness? First, you need patient engagement. You need motivated patients who want to do a good job of actively tracking their conditions and working toward wellness goals. How do you convince a chronically ill patient to do this? Start by offering a tool that’s easy for them to track their data – complete with a workflow and user interface that makes it a breeze to enter and distill information at a glance and when they are on the go. Use technology similar to what patients use in their daily lives on their smart phones and laptops. Give patients tools to understand their health and take action based on how they are doing and what their health goals are! Provide a portal that allows the integration of popular wearable devices and lets the patient decide who should have access (Spouses? Caregivers?) to help them enter and manage their information.

Effectively managing chronic disease requires changing poor habits and forming good habits. Sometimes people need a gentle nudge or a push outside of the exam room. A platform that can send out reminders, gamify the experience, and even call a patient can go a long way in helping steer chronic disease patients in a more positive wellness direction. It’s not all about reminders, either. Texts and calls informing patients when they are doing a good job managing their daily wellness habits can also help.

Beyond helping patients, there’s an added benefit to coupling wellness capabilities with a PHR for providers – it has the ability to not only affect chronic disease factors, but to collect the data providers need to participate in the Quality Payment Program; the Merit-based Incentive Payment System (MIPS) and the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA). To quickly review, the Quality Payment Program allows clinicians to be rewarded financially for providing high-quality and high value care through Advanced Alternate Payment Models (APMs) or MIPS that are based on various measures. These measures can be integrated into the PHR, allowing physicians to track their patient populations, run reports, submit information to the Quality Payment Program, and receive merit payments.

What are your thoughts? Would you use a PHR to manage a chronic condition you are experiencing? Would you encourage your loved ones to use one? As a provider, how do you feel about a PHR making it easier for you to track MIPS/MACRA measures?

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or @MedicaSoftLLC.

About MedicaSoft
MedicaSoft  designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

PHRs at Work

Posted on December 20, 2017 I Written By

The following is a guest blog by Monica Stout from MedicaSoft

We live in an age when our employers can offer a myriad of employee benefits – from pet insurance to wellness incentives. There is no shortage in what employers can offer as a benefit to their employees. Some employers, such as the U.S. Postal Service (USPS), are offering Personal Health Records (PHRs) to their employees as part of a package of health and wellness benefits.

Why offer a PHR to employees? PHRs can help people better gather all of their health information in one place – records from doctors and hospitals, lab results, data from personal devices (like FitBit) and apps, etc. They can help people understand what’s in their health records, manage their own health information, share it with people they trust, and plan for an emergency or for when future health needs arise.

All of this is done in one place that is completely under the employee’s control. Employee-owned PHRs can also allow patients to review their health information for accuracy and share information with trusted healthcare providers. Additionally, employer-hosted, patient-controlled PHRs can help employees or patients aggregate and consolidate the portals and health information they have spanning each doctor’s office, hospital, or health system they’ve visited so that all of their information resides in one place.

A common concern or barrier to employee adoption of PHRs is the fear that employers will look at an employee’s private health information. Fret not. Though it is natural to fear that your employer may look at your information, privacy safeguards are in place to prevent that from happening. PHRs like HealthCenter and USPS Health Connect let you control who sees your information, and provide monitoring to track all access.

What do you think? Would you like a PHR offered to you at work? How would it help you better manage your health or the health of your dependents or loved ones?

About Monica Stout
Monica is a HIT teleworker in Grand Rapids, Michigan by way of Washington, D.C., who has consulted at several government agencies, including the National Aeronautics Space Administration (NASA) and the U.S. Department of Veterans Affairs (VA). She’s currently the Marketing Director at MedicaSoft. Monica can be found on Twitter @MI_turnaround or LinkedIn.

About MedicaSoft
MedicaSoft designs, develops, delivers, and maintains EHR, PHR, and UHR software solutions and HISP services for healthcare providers and patients around the world. MedicaSoft is a proud sponsor of Healthcare Scene. For more information, visit www.medicasoft.us or connect with us on Twitter @MedicaSoftLLC, Facebook, or LinkedIn.

Ignoring the Obvious: Major Health IT Organizations Put Aside Patients

Posted on November 18, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Frustrated stories from patients as well as health care providers repeatedly underline the importance of making a seismic shift in the storage and control of patient data. The current system leads to inaccessible records, patients who reach nursing homes or other treatment centers without information crucial to their care, excess radiation from repeated tests, massive data breaches that compromise thousands of patients at a time, and–most notably for quality–patients excluded from planning their own care.

A simple solution became available over the past 25 years with the widespread adoption of the Web, and has been rendered even easier by modern Software as a Service (SaaS): storing the entire record over the patient’s lifetime with the patient. This was unfeasible in the age of patient records, but is currently efficient, secure, and easy to manage. The only reason we didn’t switch to personal records years ago is the greed and bad faith of the health care institutions: keeping hold of the data allows them to exploit it in order to market treatments to patients that they don’t need, while hampering the ability of other institutions to recruit and treat patients.

So I wonder how the American Health Information Management Association (AHIMA) can’t feel ridiculous, if not a bit seamy, by releasing a 3000-word report on the patient data crisis this past October without even a hint at the solution. On the contrary: using words designed to protect the privileges of the health care provider, they call this crisis a “patient matching” problem. The very terminology sets in stone the current practice of scattering health records among providers, with the assumption that selective records will be recombined for particular treatment purposes–if those records can be found.

A reading of their report reveals that the crisis outpaces the tepid remedies suggested by conventional institutions. In a survey, institutions admitted that up to eight percent of their patients have duplicate records in the institutions own systems (six percent of the survey respondents reported this high figure). Institutions also report spending large efforts on mitigating the problems of duplicate records: 47 percent do so during patient registration, and 72 percent run efforts on a weekly basis. AHIMA didn’t even ask about the problems caused by lack of access to records from other providers.

To pretend they are addressing the problem without actually offering the solution, AHIMA issues some rather bizarre recommendations. Along with extending the same processes currently in use, they suggest using biometrics such as fingerprints or retinal scans. This has a worrisome impact on patient privacy–it puts out more and more information that is indelibly linked to persons and that can be used to track those persons. What are the implications of such recommendations in the current environment, which features not only targeted system intrusions by international criminal organizations, but the unaccountable transfer of data by those authorized to collect it? We should strenuously oppose the collection of unnecessary personal information. But it makes sense for a professional organization to seek a solution that leads to the installation of more equipment, requires more specialized staff, tightens their control over individuals, and raises health care costs.

There’s nothing wrong with certain modest suggestions in the AHIMA report. Standardizing the registration process and following the basic information practices they recommend (compliance with regulations, etc.) should be in place at any professional institution. But none of that will bring together the records doctors and other health care professionals need to deliver care.

Years ago, Microsoft HealthVault and Google Health tried to bring patient control into the mainstream. Neither caught on, because the time was not right. A major barrier to adoption was resistance by health care providers, who (together with the vendors of their electronic health records) disallowed patients from downloading provider data. The Department of Veterans Affairs Blue Button won fans in both the veterans’ community and a few other institutions (for instance, Kaiser Permanente supported it) but turned out to be an imperfect standard and was never integrated into a true patient-centered health system.

But cracks in the current system are appearing as health care providers are shoved toward fee-for-value systems. Technologies are also coalescing around personal records. Notably, the open source HIE of One project, described in another article, employs standard security and authentication protocols to give patients control over what data gets sent out and who receives it.

Patient control, not patient “matching,” is the future of health care. The patient will ensure that her doctors and any legitimate researchers get access to data. Certainly, there are serious issues left, such as data management for patients who have trouble with the technical side of the storage systems, and informed consent protocols that give researchers maximum opportunities for deriving beneficial insights from patient data. But the current system isn’t working for doctors or researchers any better than it is for patients. A strong personal health record system will advance us in all areas of health care.

What Would a Patient-Centered Security Program Look Like? (Part 2 of 2)

Posted on August 30, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous part of this article laid down a basic premise that the purpose of security is to protect people, not computer systems or data. Let’s continue our exploration of internal threats.

Security Starts at Home

Before we talk about firewalls and anomaly detection for breaches, let’s ask why hospitals, pharmacies, insurers, and others can spread the data from health care records on their own by selling this data (supposedly de-identified) to all manner of third parties, without patient consent or any benefit to the patient.

This is a policy issue that calls for involvement by a wide range of actors throughout society, of course. Policy-makers have apparently already decided that it is socially beneficial–or at least the most feasible course economically–for clinicians to share data with partners helping them with treatment, operations, or payment. There are even rules now requiring those partners to protect the data. Policy-makers have further decided that de-identified data sharing is beneficial to help researchers and even companies using it to sell more treatments. What no one admits is that de-identification lies on a slope–it is not an all-or-nothing guarantee of privacy. The more widely patient data is shared, the more risk there is that someone will break the protections, and that someone’s motivation will change from relatively benign goals such as marketing to something hostile to the patient.

Were HIMSS to take a patient-centered approach to privacy, it would also ask how credentials are handed out in health care institutions, and who has the right to view patient data. How do we minimize the chance of a Peeping Tom looking at a neighbor’s record? And what about segmentation of data, so that each clinician can see only what she needs for treatment? Segmentation has been justly criticized as impractical, but observers have been asking for it for years and there’s even an HL7 guide to segmentation. Even so, it hasn’t proceeded past the pilot stage.

Nor does it make sense to talk about security unless we talk about the rights of patients to get all their data. Accuracy is related to security, and this means allowing patients to make corrections. I don’t know what I think would be worse: perfectly secure records that are plain wrong in important places, or incorrect assertions being traded around the Internet.

Patients and the Cloud

HIMSS did not ask respondents whether they stored records at their own facilities or in third-party services. For a while, trust in the cloud seemed to enjoy rapid growth–from 9% in 2012 to 40% in 2013. Another HIMSS survey found that 44% of respondents used the cloud to host clinical applications and data–but that was back in 2014, so the percentage has probably increased since then. (Every survey measures different things, of course.)

But before we investigate clinicians’ use of third parties, we must consider taking patient data out of clinicians’ hands entirely and giving it back to patients. Patients will need security training of their own, under those conditions, and will probably use the cloud to avoid catastrophic data loss. The big advantage they have over clinicians, when it comes to avoiding breaches, is that their data will be less concentrated, making it harder for intruders to grab a million records at one blow. Plenty of companies offer personal health records with some impressive features for sharing and analytics. An open source solution called HEART, described in another article, is in the works.

There’s good reason to believe that data is safer in the cloud than on local, network-connected systems. For instance, many of the complex technologies mentioned by HIMSS (network monitoring, single sign on, intrusion detection, and so on) are major configuration tasks that a cloud provider can give to its clients with a click of a button. More fundamentally, hospital IT staffs are burdened with a large set of tasks, of which security is one of the lowest-priority because it doesn’t generate revenue. In contrast, IT staff at the cloud environment spend gobs of time keeping up to date on security. They may need extra training to understand the particular regulatory requirements of health care, but the basic ways of accessing data are the same in health care as any other industry. Respondents to the HIMSS survey acknowledged that cloud systems had low vulnerability (p. 6).

There won’t be any more questions about encryption once patients have their data. When physicians want to see it, they will have to so over an encrypted path. Even Edward Snowden unreservedly boasted, “Encryption works.”

Security is a way of behaving, not a set of technologies. That fundamental attitude was not addressed by the HIMSS survey, and might not be available through any survey. HIMSS treated security as a routine corporate function, not as a patient right. We might ask the health care field different questions if we returned to the basic goal of all this security, which is the dignity and safety of the patient.

We all know the health record system is broken, and the dismal state of security is one symptom of that failure. Before we invest large sums to prop up a bad record system, let’s re-evaluate security on the basis of a realistic and respectful understanding of the patients’ rights.

Apple Is Making a Mistake Acquiring Gliimpse

Posted on August 24, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The big news this week was that Apple has acquired PHR vendor Gliimpse. This was supposedly the first acquisition by Apple’s new Digital Health team. Plus, it’s the first big news since Tim Cook commented that Apple’s opportunity in healthcare “may even make the smartphone market look small.”

Many are touting this as a the start of the move by Apple into healthcare. No doubt it’s interesting that Apple would make a vertical acquisition like this, but it’s a mistake. Unfortunately, it’s a mistake that Apple is likely to do over and over again.

Apple certainly was and in many respects still is in a unique position to be able to innovate in healthcare thanks to its massive iPhone user population. They really could do some interesting things in healthcare since so many people have iPhones and so many healthcare companies want to say they’re working with Apple. The problem is that Apple doesn’t understand healthcare.

If you think this is a small thing, you’ve probably never tried to do a healthcare startup company. Healthcare is a unique market and requires a unique understanding to be successful. All the bravado in the world will only get you so far in the world of healthcare. Then, the harsh realities set in and you realize that the current against you is a lot stronger than you first realized.

Let’s take the example of the PHR Gliimpse (and generalizing to any PHR). This is a hard market with very little consumer demand. That’s been proven over and over again by hundreds of companies who have tried. The harsh reality is that most patients don’t care enough about their health to want to aggregate their health record. It’s worth noting that aggregating your health record is hard work. I even know one company that is paying doctors to send them health records and even then it’s hard to get doctors to act. Plus, there’s little value to healthy patients if they actually did aggregate their record. This is a tough, tough business.

Certainly, a case can be made for chronic patients that it’s worth the effort to aggregate this data into a PHR. Many have been doing this out of necessity. It was happening before cell phones became ubiquitous as people carried around massive folders or binders with their health records. While this value is understood, this makes for an extremely small market. When did Apple last do good in a small market? Is Apple going to really give up iPhone real estate when only a small portion of their users can actually get value from the PHR?

It’s great to have Apple interested in healthcare. However, I think the acquisition of a PHR company is a mistake and won’t yield them the rewards in healthcare that they seek. Of course, when you have a few billion to spend, what’s a few million on a PHR company? No doubt it’s a really small bet by Apple, but one that I don’t think will pay off for them. At least now they’ll have some people with health experience on the team and maybe they can innovate something new.