Health IT and Electronic Health Activate your FREE membership today |  Log-in

Health IT Pulse

October 15, 2014  1:59 PM

ONC health data privacy watchdog Lucia Savage arrives as interop czar Doug Fridsma leaves

Posted by: ShaunSutner
Fridsma, informatics, ONC, privacy

Another lawyer will soon guide ONC’s privacy office.

Lucia Savage, a New York University Law School grad, will later this month succeed Joy Pritts, the Case Western Reserve-trained lawyer who left the post in mid-July after serving as ONC’s first chief privacy officer since 2011.

It certainly makes sense to have expert legal direction at the core of the government’s efforts to nudge, and push strict health data privacy protections and preserve the sanctity of patients’ health information.

For her part, Savage has more than just a legal background. She also has extensive experience in the healthcare private sector.

Most recently, she has been working in the insurance industry as senior associate general counsel at UnitedHealthcare Services, Inc., supervising a team that works in large data transactions in health information exchanges (HIEs) and other healthcare projects, ONC coordinator Karen DeSalvo, M.D., told staff in a letter.

Savage also spent 2011 to 2013 on the governance board of CMS’ multi-payer claims database project, working with HIE and state agencies in planning with players.

Before UnitedHealthcare, Savage was general counsel at the Pacific Business Group on Health (PBGH), one of the nation’s oldest employer healthcare purchasing coalitions.

At that San Francisco-based nonprofit, Savage used her 15 years of experience as an employee benefit lawyer in both compliance and litigation, and in healthcare regulation and reform, data transactions, and HIPAA implementation. Before joining PBGH, was Stanford University’s benefits compliance officer.

*  *  *

While Savage is on her way in, another ONC-associated policy expert is on his way out.

Doug Fridsma, M.D., the agency’s chief scientist and an informatics specialist, is leaving soon to run the American Medical Informatics Association.

At the recent AHIMA (American Health Information Management Association) conference in San Diego, Fridsma spoke at length with SearchHealthIT about a broad range of issues, about which you can read in an upcoming question-and-answer series on SearchHealthIT.

In the meantime, Fridsma, who claims informatics as his true intellectual passion, is naturally sanguine about this burgeoning field’s role in health IT and healthcare delivery. He says informatics people are critical to making interoperability among disparate EHRs and other  health IT systems work effectively.

Fridsma also said that vendors in the data mining and text mining space will have leading roles in the future of health IT, a future that ONC and other players perceive as focused on interoperability.

Fridsma notes that big organizations and undertakings such as the Mayo Clinic and IBM’s Watson natural language-based artificial intelligence system already are applying informatics in a big way in the health field.

“Those who will be most successful in this will be informatics professionals who understand how medical information is related,” Fridsma told SearchHealthIT. “So the kind of associations and the kinds of insights they get have some relevance in the medical domain and diagnoses.”

October 14, 2014  2:38 PM

Optional 2014 EHR certification criteria up for review

Posted by: adelvecchio
2014 EHR Certification, CPOE, EHR certification, EHR standards, ONC

Alterations to the draft version of ONC’s 2014 Edition Release 2 EHR Certification Criteria is now open to a public comment period, during which users can offer reviews and feedback on changes to criteria that governs computerized physician order entry and how patients electronically view, download and share their health data.

The certification criteria for CPOE are broken down into three categories: medications, laboratory and diagnostic imaging. The draft provides examples of how ONC-certified testers electronically record, change and access each of these order types. In general, the draft offers regulatory flexibilities for organizations aiming to certify products they use or create up to 2014 Edition EHR certification criteria standards.

How data is transmitted is the focus of the change to the viewing, downloading and sharing of patient data section of the 2014 certification update. There is now an additional alternative approach “for demonstrating ‘transmit’ capabilities that follow the Implementation Guide for [the Direct Project's] Direct Edge Protocols” — a fix that is shown in the ONC’s test procedure document. The Direct Edge Protocols were designed to protect how health information service providers communicate electronically with their clients.

All of the criteria contained within the 2014 release 2 are optional, meaning developers and providers don’t have to test their products against its standards. The 2014 release 2 document contains a subset of rules originally proposed as 2015 Edition EHR certification criteria. To stick to their desired timeline for EHR certification to be a yearly occurrence, ONC decided to combine a selection of 2015 rules with their 2014 revisions and package them as one update.  Though not mandatory, ONC suggests that EHR vendors and providers consider if any of the criteria are something worth pursuing.

The public comment period will remain open for 30 days, prior to the rule being finalized and approved by the ONC’s national coordinator.

October 9, 2014  1:53 PM

CMS reopens meaningful use hardship exceptions

Posted by: MonicaVallejo
EHR, hardship exceptions, Meaningful use, meaningful use attestation

The Centers for Medicare and Medicaid Services (CMS) reopened the submission period for meaningful use hardship exception applications for eligible providers. CMS extended the period for hardship exception applications to November 30, allowing doctors and hospitals who have not yet attested to avoid penalties in 2015.

The original hardship exception application deadline to avoid payment adjustments was April 1 for eligible hospitals and July 1 for eligible professionals. The penalty fees may be avoidable for some providers, because of a technical glitch in the meaningful use attestation portal that could inappropriately penalize physicians who recently adopted EHRs.

According to reports, CMS will not be able to register whether or not providers with new EHR systems can meet meaningful use requirements until mid-October. These delays mean providers who adopted EHR systems for the first time late this year would not have been able to ready their reports by the October 1 deadline if their vendors were late receiving ONC certification for 2014 Certified EHR Technology (CEHRT).

“Giving physicians more time to file for a hardship exception provides necessary relief as many physicians are struggling to meet a number of reporting mandates to avoid multiple penalties,” said Robert Wah, M.D., President of the American Medical Association.

Medicare physicians can apply for the exceptions and their eligibility will be considered for the new deadline if they meet all of the following requirements:

  • They must be eligible professionals who were unable to fully implement 2014 Edition CEHRT due to vendor certification delays.
  • They must be eligible professionals who were unable to attest by Oct. 1, 2014 or eligible hospitals that were unable to attest by July 1, 2014 using the flexibility options provided in the CMS 2014 CEHRT Flexibility Rule.

October 8, 2014  2:35 PM

Motley Fool bullish on health IT stocks

Posted by: ShaunSutner
CIOs, EHRs, investment, Motley Fool

Investors who want to make money with sometimes unorthodox, and sometimes amusingly presented, approaches, often follow advice from the Motley Fool family of media market gurus. Amid the ballyhoo of their latest picks of health IT stocks, however, is a salient point to comfort healthcare provider CIOs. It’s a growth sector, worth investing in, and it’s not going away anytime soon.

Of course, it’s no surprise to savvy health IT investors that some stocks in the category are hotter than others, nor that “Foolishness” about health IT has taken hold in the Motley world of this Washington, D.C. –based group of investment honchos.

A recent column by Motley Fool contributor Seth Robey enumerates “10 problems electronic health records can help solve.”

Among the list of problems EHRs can help solve is a panoply of health IT and EHR vendor royalty and other companies. These names of these publicly traded health IT and other tech companies won’t surprise anyone, especially those who already know they possess the capacity to make owners of their stock wealthier. The picks also inform health IT insiders and startup wannabes what technologies look to have staying power in the eyes of these analysts.

  1. Cost. EHRs can drive down healthcare costs, Robey asserts. The market plays here: Epic Systems Corp., Cerner Corp. and athenahealth, Inc.
  2. Healthy living: Robey says savvy investors can profit here from stock in Apple, Inc. with the megacompany’s frontal assault on the wellness-wearable-mHealth market by way of smart watches, health apps and huger smartphones.
  3. Personalized care: Gene sequencing and customized care make an appearance here, but the Fool doesn’t pinpoint any specific companies, but rather the EHR sector as a whole.
  4. Empowering patients: Ditto as to investment advice, but patient access to their own health records via cool EHRs gives them more information to make better choices among providers.
  5. Empowering doctors: Robey gives athenahealth a big nod here, saying the company’s cloud-based EHR systems help smaller physician practices meet federal meaningful use and Medicare standards and exploit opportunities for profit without hospital-sized economies of scale.
  6. Crowdsourcing care: IBM’s Watson supercomputer project in collaboration with Memorial Sloan Kettering Cancer Center is trying to outsource diagnostic care by learning to treat cancer with evidence-based medical data from EHRs, Robey points out.
  7. Population health: Robey singles out Cerner Corp’s cloud-based Healthe Intent platform for providers to track regional population health trends and enable better, cheaper care.
  8. Epidemiology: Twitter is mentioned as a key tool that first tracked Haiti’s 2010 cholera epidemic. The Foolish columnist says a great EHR could provide the same real time data for early warning epidemic systems in the First World.
  9. Drug development: Medidata Solutions’ Rave lets clinicians easily input relevant trial data to detect safety problems, among other things. As a result, Robey reports, the firm’s subscription sales have spiked sharply.
  10. Innovation: No single pick here, but Robey writes: “The broad acceptance of EHRs will bring the benefits listed above, but will also open the doors to untold innovation built on the flexibility of an interconnected health care industry.”

October 7, 2014  5:00 PM

FDA’s plans through 2018 include postmarket surveillance reform

Posted by: adelvecchio
cybersecurity, FDA, medical device security, medical devices

The FDA offered a glance into its future that envisions improvements to current methods of enforcing health IT safety. Regulators plan to continue their migration from passive to active monitoring of postmarket surveillance of FDA-regulated devices. In the FDA’s Strategic Priorities document, which details the agency’s outlook through 2018, it calls this action a “major part of our mission to protect public health.”

The strategy document mentions the FDA’s Sentinel Initiative as an example of an active system, one that allows the FDA to track adverse events involving regulated devices. With The Sentinel Initiative system, FDA users can pull data and reports from technology such as EHRs and administrative databases to measure potential safety issues, while maintaining patient privacy. The agency hopes to increase use of this system to monitor medical device safety concerns that may call for regulatory intervention.

In a separate announcement, the FDA moved closer to realizing some of its medical device security goals by releasing guidance that discloses cybersecurity issues that developers should address before submitting a device to the agency for premarket approval. The “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices” guidance makes recommendations that providers test and document device performance to avoid purposeful or accidental inference with devices, and ensure medical devices “uphold information confidentiality, integrity, and availability.”

In addition to its postmarket surveillance, the FDA’s strategy document also shared the agency’s plans to improve product development tools to help decrease the costs and time it takes to create a medical device. This falls under its larger mission to increase regulatory capacity to effectively assess FDA-regulated products at a pace that accommodates new developments to “ensure that the United States remains a leader in innovation.”

October 6, 2014  9:01 AM

ICD-10 survey results show many testing efforts put on hold

Posted by: MonicaVallejo
ICD-10, ICD-10 delay, ICD-10 implementation, ICD-10 readiness

The healthcare industry is making progress in its drive toward ICD-10 readiness, but some tasks — including those related to testing — are slipping into 2015. The ICD-10 delay granted extra time to make the coding transition, but according to responses to a survey conducted by the Workgroup for Electronic Data Interchange (WEDI),  the delay has slowed down providers’ transition efforts or placed them on hold.

WEDI regularly conducts ICD-10 readiness surveys and analyzes the results to gauge the industry’s progress. The most recent survey, completed in August, includes responses from 87 vendors, 103 health plans and 324 providers.

Improvement in vendor product development is one of the noteworthy results from the survey. About two-fifths of surveyed vendors indicate their product development is complete and one-third are at least three-quarters complete.  The number of vendors who indicate their products are halfway or less than halfway through the product development stage dropped significantly from one-fifth to one-tenth in the past year. In terms of product availability, one-fourth of vendors responded that their products would not be ready until 2015 or responded ‘unknown.’ Two-thirds of vendors indicated their products are available now — nearly double the amount from last year’s survey analysis.

More than half of the health plans surveyed have already begun external testing of their health plans for ICD-10 readiness, doubling last year’s figure. More than one-quarter do not expect to begin external testing until 2015 and nearly three-quarters of health plans have started internal testing, compared with less than one half in the 2013 survey.

According to the 2013 survey, about three-fifths of providers had expected to begin external testing by the middle of 2014, but only one-third of the providers indicated they have completed it in this year’s survey. More than half of large providers have begun testing, while most small providers are planning to begin in 2015 or are undecided on their timeline.

Based on the results of the survey, vendors and providers are making progress, but approximately two-thirds of the surveyed providers have delayed their testing efforts or put them on hold. According to WEDI’s report, delaying compliance efforts reduces the time available for adequate testing and increases unanticipated effects on production. WEDI predicts that there will be significant disruption during next October’s ICD-10 deadline, “unless all industry segments make the effort to continue to move forward with their implementation efforts.”

October 2, 2014  4:17 PM

AHIMA formalizes health information governance principles

Posted by: ShaunSutner
AHIMA, data governance, information governance

The age of information governance (IG) is upon us.

The American Health Information Management Association (AHIMA) has jumped out ahead of this emerging reality with a set of eight “foundational principles” for health information governance based on best practices developed across all industries by ARMA International (Association of Records Managers and Administrators).

AHIMA released the guidance measures at its 2014 convention in San Diego, part of a fusillade of activities and announcements focused on making information governance (IG) the hot-button HIM topic through 2015, with ICD-10 – while still one of AHIMA’s favorite issues – receding a bit. Imagine that.

Deborah Green, AHIMA’s executive VP and COO, informally unveiled the eight principles (the official announcement came later in the show) at a 6:45 a.m. breakfast meeting hosted for its products’ users by medical and consumer speech recognition giant Nuance Communications.

“We’re drowning in information now in healthcare organizations,” Green told the Nuance folks and their customers. “We’re not organizing it or collecting it in an organized manner. We’re not making it actionable.”

The IG foundational principles are intended to counter that by acting as a sort of constitutional framework backed by AHIMA’s considerable arsenal of tools, available from its Web site, to help HIM directors and others put the measures into action.

AHIMA is also working on 17 pilot implementation projects across the country based on the measures.

The principles are based on the concepts of accountability, transparency, integrity, protection, compliance, availability, retention and disposition.

And their chief benefits for clinical and operational information are, as defined in AHIMA’s Information Governance Principles for Healthcare™ (IGPHC) document released at the San Diego show: improving quality of care and patient safety; improving population health; increasing operational efficiency and effectiveness; reducing cost; and reducing risk.

Parallel to the IG principles, AHIMA introduced a preliminary matrix, called the “maturity model” and is also based on ARMA standards, that allows organizations, consultants, vendors and other health IT players gauge how far along an organization’s IG development is, ranging from “not started” to “transformational.”

AHIMA officials indicate they will have more to say about the maturity model in coming months.

“Data is like the air we breathe,” was how Green summed up the need for nationwide action in health information governance. “If it has not been cleaned up properly, we all end up suffering.”

September 30, 2014  1:54 PM

Number of data breach response teams rises along with threats

Posted by: adelvecchio
data breach, data security

The most effective efforts to limit the damage inflicted by a data breach start before an incident occurs. This is something that security pros in many industries, including healthcare, have observed. Their desire to proactively temper the effects of security incidents is reflected in findings in the second annual survey on data breach preparedness, conducted by Ponemon Institute LLC and sponsored by Experian Data Breach Resolution. The survey report references previous Ponemon research, which indicated that business with established incident response plans could reduce the average cost of a data breach by $17 per stolen record.

The percentage of respondents with data breach response plans in place at their organizations rose from 61% in 2013 to 73% this year. That shift coincided with a 10% year-to-year increase in the number of respondents that reported experiencing a data breach. Healthcare was the second most represented industry in the survey, with its 13% second only to the financial services market, which comprised 19% of the total responses.

The results of another Ponemon data breach survey, sponsored by Informatica Corporation, were released earlier this year. Of 142 respondents employed in the healthcare and pharmaceutical fields, more than half reported that losing customer data was their biggest worry. Though a mere 9% said they thought patient data was in danger, double the respondents indicated they had experienced between two and five security breaches in the past year.

Healthcare data breaches can prove costly on multiple levels. Failure to comply with HIPAA policies can result in fines, on top of what providers spend to test and patch the holes where their security perimeter failed. The HHS Office of Civil Rights (OCR) investigated a data breach involving New York-Presbyterian Hospital (NYP) and Columbia University that left electronic health data of 6,800 individuals exposed. The two organizations submitted their breach report in 2010 and were ordered to pay $4,800,000 to those affected as a result of the OCR’s investigation.

September 29, 2014  3:07 PM

White hat hackers test data security

Posted by: DonFluckinger
Affordable Care Act, health care data breach, health data security,

Which do you want first on federal health insurance exchange sites initiated through the Affordable Care Act? The good news, or the bad news?

It turns out that the feds employed white hat hackers to test the data security of exchanges, according to a report from the HHS Office of the Inspector General (OIG) following an audit of data security practices and risk mitigation that took place from last February to last June.

The good news is, after reviewing the work, OIG found that personal data U.S. patients give the site is generally secure. The bad news? The hackers uncovered an unspecified “critical vulnerability” in a scan of the web application, which CMS said would be quickly patched.

Moreover, two more server vulnerabilities, known to CMS, hadn’t been fully addressed at the time of the audit. CMS was in the process of remediating these vulnerabilities at the time of the audit, but hadn’t completed the plan. Prior to the audit, CMS had notified OIG of the steps it was taking to patch the holes. Of the two server vulnerabilities, a less critical vulnerability that didn’t put users’ personal data at risk was getting addressed via a contractor. A more critical vulnerability had been patched by CMS itself between the time of the audit and last week, when the OIG published its report.

The vulnerabilities were not described in detail in the report, as a security precaution. The OIG report follows reports of a test-farm breach, a story broken by the Wall Street Journal. CMS said that no personally identifiable information was exposed in the incident. In a separate but unrelated announcement, CMS recently said that most of its patient-matching issues have been resolved.

September 25, 2014  3:23 PM

CMS FAQs clarify meaningful use attestation rules

Posted by: MonicaVallejo
CQMs, EHR incentive program, EHR incentives, meaningful use attestation, meaningful use stage 2

For providers working on stage 2 meaningful use attestation who have questions on criteria such as summary of care documents, clinical quality measures (CQMs) or when their EHR incentive checks will be in the mail, good news: CMS clarified these and some other questions via its FAQ page.

CMS regularly updates the Medicare and Medicaid EHR Incentive Programs FAQ section on its website to clarify meaningful use program attestation rules. The most recent changes and additions to the list include a new explanation of the summary of care document updates to seven FAQs on CQMs.

The summary of care explanation addresses the question of whether or not eligible parties may count a transition or referral of care toward the measure if an electronic summary of care document is created through a certified EHR and sent to a third party organization.

The updated CQM FAQs address data reporting required for incentive payments. They include deeper information for calculating data and creating reports. Each update answers similar questions such as how to report on CQMs with no collected data and how to use CQMs from an alternate core set to meet reporting requirements.

The updates also include a FAQ explanation that describes what happens when providers submit documentation, and the time frame in which providers can expect to receive their incentive payment checks.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: