Search the KHIT Blog

Sunday, December 18, 2011

The twisty politics of HIT

..."Shortly before the passage of the 2009 federal economic stimulus package, Gingrich criticized the legislation as a "big politician, big bureaucracy, pork-laden bill." However, at the same time, Gingrich praised a provision of the stimulus package that allocated $19 billion to promote the use of health IT. He said, "I am delighted that President Obama has picked this as a key part of the stimulus package."

Under the stimulus package, health care providers who demonstrate meaningful use of certified electronic health records can qualify for Medicaid and Medicare incentive payments...
"I am delighted that President Obama has picked this as a key part of the stimulus package."

Right, Mr. Gingrich. Insofar as it was then politically convenient, 'eh? (Click here or the image above for the link.)

Apropos of the forgoing. Monday morning news:

...Regulatory pressure is building on the industry to achieve the goals of Presidents George W. Bush and Barack Obama to provide most Americans with access to an electronic medical record by 2014. An early fissure as a result of that pressure comes as Dr. Farzad Mostashari, head of the Office of the National Coordinator for Health Information Technology, supports a federal advisory committee's recommendation in June that the CMS extend by one year the compliance deadline for Stage 2 meaningful use for some early adopters of health information technology...

Once we get the total head count and subsequent relative proportions of "early adopters" (those who attested in 2011), we'll have a better picture of how this all might shake out going forward. Pushing back Stage 2 was a good and necessary idea, IMO.

Also noteworthy in the Modern Healthcare article:
Breaches and privacy lapses make headlines again in 2011 as healthcare organizations suffer record data losses during the year. In September, in its report to Congress, the Office for Civil Rights at HHS says there have been more than 30,500 breaches, most with fewer than 500 records, since it began counting them in late 2009. By year's end, the office's public “wall of shame” lists 372 major breaches (involving 500 or more records each) totaling nearly 18 million records. Military healthcare payer Tricare Management Activity and its data backup services vendor, Science Application International Corp., tops the wall with the largest breach of the year at 4.9 million records.

I guess as the penetration of HIT increases, we should expect an increase in PHI breach incidents. Which brings to mind the following (click to enlarge):

HIPAA Security Rule Toolkit

The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services. Target user organizations can range in size from large nationwide health plans with vast information technology (IT) resources to small health care providers with limited access to IT expertise...
I've installed it and have been kicking the tires. 492 questions (some of them conjunctive clause compound questions) spanning the gamut of 45 CFR 164.3. More on this shortly.


The NIST HIPAA toolkit is a bear. Lots of compound questions, e.g., the first 13 questions:
164.308(a)(1)(i) Standard: Security management process. Implement policies and procedures to prevent, detect, contain, and correct security violations.
  1. Has your organization developed, disseminated, reviewed/updated, and trained on your Risk Assessment policies and procedures?
  2. Does your organization's risk assessment policy address: purpose, scope, roles and responsibilities management commitment, coordination among organizational entities, training and compliance?
  3. Has your organization disseminated your Risk Assessment policies and procedures?
  4. Has your organization disseminated its Risk Assessment procedures to the work staff/offices with the associated roles and responsibilities?
  5. Has your organization defined the frequency of your Risk Assessment policy and procedures reviews and updates?
  6. Has your organization reviewed and updated your Risk Assessment policy and procedures in accordance with your defined frequency?
  7. Has your organization identified the types of information and uses of that information and the sensitivity of each type of information been evaluated (also link to FIPS 199 and SP 800-60 for more on categorization of sensitivity levels)?
  8. Has your organization identified all information systems that house ePHI?
  9. Does your organization inventory include all hardware and software that are used to collect, store, process, or transmit ePHI, including excel spreadsheets, word tables, and other like data storage?
  10. Are all the hardware and software for which your organization is responsible periodically inventoried, including excel spreadsheets, word tables, and other like data storage?
  11. Has your organization identified all hardware and software that maintains or transmits ePHI, including excel spreadsheets, word tables, and other similar data storage and included it in your inventory?
  12. Does your organization's inventory include removable media, remote access devices, and mobile devices?
  13. Is the current information system configuration documented, including connections to other systems, both inside and outside your firewall?
OK, and then the last section, first subsection:

164.316(a) Standard: Policies and procedures. Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart, taking into account those factors specified in subsection

164.306(b)(2)(i), (ii), (iii), and (iv). This standard is not to be construed to permit or excuse an action that violates any other standard, implementation specification, or other requirements of this subpart. A covered entity may change its policies and procedures at any time, provided that the changes are documented and are implemented in accordance with this subpart
  1. Does your organization have policies and procedures for administrative safeguards, physical safeguards, and technical safeguards?
  2. Does your organization have in place reasonable and appropriate policies and procedures that comply with the standards and implementation specifications of the HIPAA Security Rule?
  3. Does your organizations security policies and procedures take into consideration: 1) your organization's size, complexity and the services you provide. 2) your organization's technical infrastructure, hardware and software capabilities, 3) the cost of your organization's security measures, 4) the potential risks to day-to-day operation including which functions, and tools are critical to operations?
  4. Does your organization have procedures for periodic revaluation of your security policies and procedures, and update them when necessary?
  5. Does your organization change security policies and procedures at any appropriate time, and document the changes and implementation?
My take on this is that it would take a provider/organization 2-5 days to get thoroughly and forthrightly through it. And, really, this is just about the ePHI "Security" piece. "Privacy" is a different -- and potentially much more difficult -- issue. I wrote about the Security stuff back in June, and I continue to work on the privacy issues more recently for our HIE.


So, my wife and I are devoted Mac snobs at home. Consequently, I was thrilled to recently see an iPad app get certified for meaningful use.

The product looks great, and I'll bet it's quite functional.


I was not happy to see this regarding the Meaningful Use Core 15 criterion ("Protect Electronic Health Information"):
We've taken care of this one for you!

All of the items below are done automatically through (web) drchrono EHR (iPad)

Access Control: Each user must have a unique identifier. Assign a unique name and/or number for identifying and tracking user identity and establish controls that permit only authorized users to access electronic health information. §170.302(o)

Emergency access: Plan for emergency access for authorized users. Emergency access. Permit authorized users (who are authorized for emergency situations) to access electronic health information during an emergency. §170.302(p)

Automatic log-off: Turn on session timeouts.

Automatic log-off: Terminate an electronic session after a pre-determined time of inactivity. §170.302(q)

Audit log: Maintain audit logs.
(1) Record actions. Record actions related to electronic health information in accordance with the standard specified in §170.210(b).
(2) Generate audit log. Enable a user to generate an audit log for a specific time period and to sort entries in the audit log according to any of the elements specified in the standard at 170.210(b).

Integrity - Provide integrity check for recipient of electronically transmitted information. §170.302(s)
(1) Create a message digest in accordance with the standard specified in 170.210(c).
(2) Verify in accordance with the standard specified in 170.210(c) upon receipt of electronically exchanged health information that such information has not been altered.
(3) Detection. Detect the alteration of audit logs.

Authentication - Verify user identities and access privileges. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information. §170.302(t)

Encryption - Use encryption where preferred. §170.302(u) General encryption. Encrypt and decrypt electronic health information in accordance with the standard specified in §170.210(a)(1), unless the Secretary determines that the use of such algorithm would pose a significant security risk for Certified EHR Technology. §170.302(v) Encryption when exchanging electronic health information. Encrypt and decrypt electronic health information when exchanged in accordance with the standard specified in §170.210(a)(2).

Accounting of disclosures - Record PHI disclosures. §170.302(v) Record disclosures made for treatment, payment, and health care operations in accordance with the standard specified in §170.210(e).

Conduct a security risk analysis and implement security updates.

Gotta love the last little orphan sentence. OK, everything associated with
§170.nn has to do with the NIST EHR Certification specs, and nothing to do with complying with MU Core Measure 15:
Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) of the certified EHR technology, and implement security updates and correct identified security deficiencies as part of its risk management process.
Beyond having a CHPL blessed system, it's the last item that counts for MU.

I emailed them regarding this and gave them more than a week. Silencio. Nada. Zip. Zilch.

This is not the first time I've encountered this precise misinformation from an EHR vendor.

So, what if you got audited? "Well, they told us we were automatically in compliance..."

"Conduct or review a security risk analysis per 45 CFR 164.308(a)(1) of the certified EHR technology, and implement security updates and correct identified security deficiencies."

So, who cares?
Digital Data on Patients Raises Risk of Breaches
NY Times. Published: December 18, 2011

One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it.

So began a nightmare that cost Mr. Tripathi’s small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees. Not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed...

Shall we tally up an estimate of the entire cost of not having corrected "identified security deficiencies" per HIPAA 45.CFR.164.3 et seq?


I blogged a bit about the 2010 HEDIS measures last year. I've been reading the 2011 report lately. Notwithstanding the new stratification of HMOs vs PPOs (and vs Medicaid as well), I can't really see that a whole lot has changed with respect to the major chronic indices. e.g.,

Overall, we still see the aggregate nil Pearson-R "quality vs cost" proxies' scatter. And, even where there are enticing (wish-fulfillment?) wafts of quadrant differentials, the small composite "N's" ought give one pause.

Maybe we'll make tangible progress on these fronts in the next few years (we must if we are not to go BK as a society). IMO there are two concomitant (and intertwined) "fronts" -- care delivery process improvements (X-axis) and clinical outcomes improvement (Y-axis). The latter of which is to a significant extent moreso a moving target.

"Value," my friends: Outcomes Quality / Cost. Hope it doesn't become this decade's Powerpoint / Seminar / Consulting / Book Sales cliche. (But, then, They Had Me at Deming.)

12/11 "PIONEER ACO" announcement

Interesting. Healthcare Partners of Nevada is one of the 32 announced today. We already work with them via our new HIE.


I played around a bit today with an app free trial that converts PDF tables to Excel files. CMS has updated its payments-to-date data (it says "November 2011" but it's not clear whether it's begin or end of month), so I downloaded the new PDF and converted it (click to enlarge).

I added the 4 "pct" columns on the right, and sorted the data down by aggregate payment rank. The top 12 states account for 2/3 of the money. Texas, with ~8% of U.S. population, is now at 16.4% of the cash -- and nearly 3/4 of theirs is Medicaid.

Be fun to also drop in the Census data to do comparative "per capita."

We'll see how all of the Medicaid Year One "A/I/U" free money crowd does in 2012 when they have to actually meet the MU criteria, for an entire calendar year attestation.

They have other tables that break things out by EPs vs Hospitals (Medicare, Medicaid, and aggregate), which would tell us where the bulk of the money is going vis a vis those strata (like we don't already know).

I may buy that utility -- if they have a Mac version.


27.4% reduction ensues on January first absent Congress passing the "Doc Fix" in the tax cut renewal bill. The health press is fairly abuzz.

Another quick little Excel screen-scrap cut & paste. The 2012 estimate is mine for these two CPT codes, btw. Just an estimate. The whole Medicare SGR formulation is inscrutably complex (and uniformly hated by primary care docs).

Who will blink first, Boehner or Obama?


I'm off 'til the 30th. To all of my awesome REC colleagues (both within our office walls and across the RECs), I wish you a joyful and safe Holiday season.

My dear friend, the breathtakingly talented Lenny Lopez on vocal.

Monday, December 12, 2011

Facts © ™ ®

...So on the one hand, we have the push from the government and insurers to have electronic medical records and health outcomes research (HITECH Act), the Sentinel Initiative for postmarketing surveillance of electronic medical records for adverse events, and Medicare reimbursements linked to “meaningful use” (i.e., providing data) of the EMR. On the other hand, we have the specter of HIPAA and more draconian penalties for breaches of personal privacy...

- Judy Stone, MD, Molecules to Medicine: Pharma Trumps HIPAA?

Which "facts" about you can be "owned" by you or others (or no one at all)? i.e., what data/information can be legitimately considered "property," the "title" to and controlling use of which will be defended and enforced by the society at large?
According to traditional copyright principles, the only copyrightable elements of a factual work are the author’s presentation, selection, and arrangement of facts. The underlying facts themselves cannot be copyrighted. In the past, this approach was sufficient to protect factual works against the most opportunistic forms of copying by competitors. Because facts were usually displayed narratively or in tables, authors generally made enough decisions concerning presentation, selection, and arrangement to protect their factual works against wholesale appropriation.

But the rise of electronic and on-line databases has cast doubt upon the validity of the traditional approach. These databases collect and display facts in a pure form, allowing the user to extract them as she sees fit. By dispensing with conventional modes of presentation, selection, and arrangement, they can easily fail to satisfy traditional standards for copyrightability, leaving them with virtually no legal protection against copying. [Michael Steven Green, PhD, Copyrighting Facts (pdf), Indiana Law Journal Vol 78]

Well, more broadly, it goes to the "value" of the facts to various parties. I have blue eyes. Who cares? I am 5'10" and weigh 173 lbs. With those two metrics you can quickly calculate my BMI (Body Mass Index -- mine is 24.8), which is of some economic interest to health insurors and others. I am typing this post in my study located at geocoordinates N36º 2.4018' W115º 8.5265'. Who might want to know that?

What about my blood pressure, my lipids panel results, my PSA? My DNA?
Data ownership refers to both the possession of and responsibility for information. Ownership implies power as well as control. The control of information includes not just the ability to access, create, modify, package, derive benefit from, sell or remove data, but also the right to assign these access privileges to others (Loshin, 2002).

...Scofield (1998) suggest replacing the term ‘ownership’ with ‘stewardship’, “because it implies a broader responsibility where the user must consider the consequences of making changes over ‘his’ data”.

According to Garner (1999), individuals having intellectual property have rights to control intangible objects that are products of human intellect. The range of these products encompasses the fields of art, industry, and science. Research data is recognized as a form of intellectual property and subject to protection by U.S. law.

Importance of data ownership:

According to Loshin (2002), data has [sic] intrinsic value as well as having added value as a byproduct of information processing, “at the core, the degree of ownership (and by corollary, the degree of responsibility) is driven by the value that each interested party derives from the use of that information”...

Considerations/issues in data ownership

Researchers should have a full understanding of various issues related to data ownership to be able to make better decisions regarding data ownership. These issues include paradigm of ownership, data hoarding, data ownership policies, balance of obligations, and technology. Each of these issues gives rise to a number of considerations that impact decisions concerning data ownership

Paradigm of Ownership – Loshin (2002) alludes to the complexity of ownership issues by identifying the range of possible paradigms used to claim data ownership. These claims are based on the type and degree of contribution involved in the research endeavor. Loshin (2002) identifies a list of parties laying a potential claim to data:
  • Creator – The party that creates or generate data
  • Consumer – The party that uses the data owns the data
  • Compiler - This is the entity that selects and compiles information from different information sources
  • Enterprise - All data that enters the enterprise or is created within the enterprise is completely owned by the enterprise
  • Funder - the user that commissions the data creation claims ownership
  • Decoder - In environments where information is “locked” inside particular encoded formats, the party that can unlock the information becomes an owner of that information
  • Packager - the party that collects information for a particular use and adds value through formatting the information for a particular market or set of consumers
  • Reader as owner - the value of any data that can be read is subsumed by the reader and, therefore, the reader gains value through adding that information to an information repository
  • Subject as owner - the subject of the data claims ownership of that data, mostly in reaction to another party claiming ownership of the same data
  • Purchaser/Licenser as Owner – the individual or organization that buys or licenses data may stake a claim to ownership [Data Ownership, Responsible Conduct in Data Management]

It all gets rather complex rather quickly. And, nowhere as complex as with respect to personal health information.

Some recent thoughts on this:
...While banks tend to keep information internally, health care data is handled by many more organizations, said Tom Srail, Cleveland-based senior vp with Willis North America Inc. “The nature of the health care business requires the sharing of that same information,” he said.

Patrick Moylan, New York-based senior associate with Dubraski & Associates Insurance Services L.L.C., said health care institutions are increasing their Internet activity with partners that include physicians, health plans and pharmacies.

Having “more people in the line of that chain that have the potential to handle sensitive data simply increases the risk that data will be accessed by accident, or by a third party,” with the potential that it could be used fraudulently, he said.

The sheer breadth of personal information that health care institutions hold complicates the issue.

“More than any other industry, the health care industry really has all of a complete set of information security and privacy exposures to contend with,” said Mr. Economidis.

Mr. Srail said retailers may have credit card numbers and financial institutions may have Social Security numbers, but health care entities “have all that as well as protected health care information,” so “it really can be problematic for those organizations when that data is lost and troublesome to its customers.”

“There's so many ways that the information gets compromised” and “just when you think you've got it figured out, you've got a twist in it,” said Lynn Sessions, counsel at law firm Baker & Hostetler L.L.P. and a former risk manager at Texas Children's Hospital, both in Houston.

Robert Parisi, senior vp at Marsh Inc.'s FINPRO practice in New York, said, “hospitals tend to be less secure than banks, and you've got a situation that obviously can be fairly risky and financially troubling to any medical center.”

Meanwhile, a black market for stolen medical identities has developed among people who are underinsured or have no insurance, observers say.

By some estimates, medical information is twice as valuable as more traditional identity information, said Mr. Silvestri. “That becomes a motivation for the criminal element to actually target that so they can sell it to the black market,” he said...

"Twice as valuable"? I'd never thought of it that way. Makes sense upon reflection, though. No one can really profit from the fact that I have blue eyes. But, other information about me can indeed have commercial value to others (particularly if they are of the sort not directly observable but instead only explicable via intermediary measurement/assay -- ranging from the simple arithmetic of BMI to the complex methods of DNA analytics).

...Federal law pulls health care institutions in opposite directions, said Mr. Srail. On one hand, it “wants health care to be open and portable and interactive” and to facilitate the process so the patient has choices in his health care with accessible medical information. On the other hand, however, “everything has to be kept secret” with no privacy breaches.

In addition, state laws, while similar, also differ from each other and federal law. HIPAA, for example, requires notification of data breaches within 60 days, while several states have a 45-day notification period, said Ms. Sessions.

Another complication is that hospitals must abide by the laws of the jurisdiction where their patient is a resident, even if it is in another state. Because the patients' resident state is the determining factor, Texas Children's Hospital, for instance, which has patients from all 50 states and foreign countries, must comply with all these jurisdictions' statutes, said Ms. Sessions...

My Nevada HIE Privacy and Security Task Force attorneys are gonna love that last paragraph.

Yeah, they'll probably love this too. On Dec 7th 2011 the California Office of Health Information Integrity (CalOHII) issued a patient consent/privacy report entitled "Research and Background For Patient Consent Policy Recommendation White Paper," (large PDF) wherein across pp 154-157 is a table of various states' PHI/HIE privacy policies to date. On page 156 is the reference to Nevada:

Click to enlarge. In the "Education" cell on the right is a link to my July 12th, 2011 blog post,
in which I voiced concerns regarding some of our facile assumptions made regarding Nevada HIE privacy policy.

Interesting. Nice to know that someone is reading my stuff.


Dec 15th O/T UPDATE

Yet another interesting blog to read.

Dear friends and colleagues,

This is a watershed moment for the U.S. healthcare system. Costs continue to climb, tens of millions of Americans lack insurance, and there is unacceptable variation in quality. Politicians from across the ideological spectrum are proposing potentially far reaching policy changes. Some of the proposals are promising; too many others seem fraught with danger. After 25 years as a researcher, teacher, and policy analyst, I continue to be disappointed by the lack of basic understanding of health economics among those who are most vocal about effecting change. No one has done more to shape my thinking about the links between economics and policy than my friend and colleague, William White, who is the director of the Sloan Program in Health Administration at Cornell University’s School of Human Ecology. Over the past two decades, we have had long conversations about virtually every aspect of our healthcare system, from the rise of HMOs in the 1980s to current trends in consumer driven healthcare.

Will and I have decided to put our conversations into a blog and share them with our friends at Kellogg and Human Ecology. We have even asked some of the nation’s top economists to take a look. We will respond to the best of your comments as time allows. We promise not to grade them!

There is a lot at stake in the upcoming years. We hope that this free exchange of ideas can help bring about positive change in our healthcare system.


David Dranove
Walter McNerney Distinguished Professor of Health Industry Management
Kellogg School of Management

I've read Dr. Dranove's stuff for a while now (mostly at The Health Care Blog), but had never seen this blog. Lots of great new material to read, I would guess.

More to come...

Sunday, December 4, 2011

Meaningful Use Reimbursements Update

CMS just released the most recent data (PDF) on Meaningful Use reimbursements to date (actually to Nov 7th).

Notice the dark green Lone Star splotch. Texas EPs and hospitals have thus far gotten 20% of the $1.24 billion thus far paid out nationally ($247.5 million in TX). Of that, 83% went to the Medicaid side ($205.6 million).

Texas comprises ~8% of U.S. population.

On the Medicaid side all you have to do for Year One Stage One is attest to “A/I/U” — Adopt / Implement / or Upgrade to a CHPL Certified system. You don’t have to report on any MU measures, which is why vendors such as Practice Fusion are touting the “free money” aspect of it.

Maddeningly to me, CMS has yet to report on the relative proportions of EHR vendors whose clients have attested to date. We ran that all the way up the internal ONC/CMS flagpole and got blown off — they’ll release those tabulations in “Q2 or Q3 or 2012.”

No HHS-vendor opacity politics there, ‘eh? I'd like to see relative percentages of successful attestations to date by vendor, broken out by Medicare vs Medicaid (and further stratified by MU "registrations" to date).

Just sayin'.


CMS is now happily touting that they are going to exceed $2 billion in MU incentive payments in 2011. As reported by
  • Almost 30 percent of eligible providers and 60 percent of hospitals have now registered for the incentive programs.
  • Total incentive payouts under Medicare and Medicaid are now over $900 million each through November,
  • Thus, total payouts for 2011 will easily exceed $2 billion – of which close to a third of total incentive payouts for 2011 occurred in November alone.
This was to be expected. After all, a huge year-end bubble of 2011 MU attestors will complete their 90-day attestation period by 12/31 and file for the year one money.

(More broadly, I'm hearing that HHS is frantically shoveling money out the door for a breadth of initiatives, probably to get funding "obligated" to help immunize the money from looming deficit-hawk budget cuts.)

The article continues:
Still there are cautionary signs.

As we noted earlier, year 1 requirements under Medicare and under Medicaid are substantially less burdensome than subsequent years. While eligible providers have registered for one or other of the programs, only 4 percent have actually qualified for incentives. Also, interoperability-related criteria were among the least popular menu objectives. In addition, 2012, not 2011, is likely to be the pivotal year.

The pace must pick-up and be sustained if meaningful use is to reach its full potential, particularly for interoperability to coordinate care among providers. We expect the proposed rules for Meaningful Use Stage 2 by the end of January, if not sooner. Now that HHS has announced that providers will not have to meet Stage 2 criteria until January 2014, providers have an extra year under Stage 1 criteria without new interoperability requirements.

One observation for now. Pushing back stage 2 means that early adopters (2011 MU attestors) will spend 3 years in stage 1, during which they will have collected the bulk of the reimbursement money (~86% for Medicare EPs -- e.g., $18k, $12k, and $8k respectively, or $38k of the total $44k five year potential).

Draw your own conclusions as to the risk this might pose to the program's subsequent stages.


Some of our staff have fielded this question. My $0.02 response to the REC team:
Chief amid the most plausible speculation is the Obama veto hole card should some HIT incentives clawback legislation even get through the Senate (doubtful, IMO). Moreover, given that the funding was written into HITECH as not contingent on annual appropriations bills going forward, that would seem to insulate the money even further. Given all the acrimonious front-burner stuff facing the Hill at the moment for 2012, I am guardedly optimistic that MU money will still flow in 2012.

I think it’s safe to say there will not be any mounting of a 2/3 veto override vote regarding any emergent clawback legislation (very low probability in any event, given Senate rules) – the most overt of which has been H.R. 408, which has gone nowhere in a year (the salient recission clauses of which are SEC 301, 302 – btw, which are identical in its equivalent Senate Bill 178).

The Senate is key. The House is principally “all sound and fury, signifying nothing.” Now, in that regard, Senator Coburn – an MD, no less -- is on record favoring killing MU money (and, he has an actual vote, unlike all these Beltway HIT pundits). Nonetheless, I’m not seeing any traction on his proposal thus far.

Deven McGraw is a good cite as well, I would think, given her various insider perches.

One caveat, though: keep tabs on the accruing Poison Pill amendments to otherwise unrelated “must-pass-by-12/31” bills.

Long view big picture: the ROI case is there in any event. So, go after the MU $$$ while they are there; after all, they’re front-loaded to favor those who get in ASAP. Moreover, adroit HIT/HIE will be vital to health care organizational success irrespective of this or that federal initiative (IMO).

I could be wrong, though.

Here's what Senator Tom Coburn -- an MD, no less -- wrote in July:
“Back in Black” pp 215 – 216 Senator Tom Coburn July 2011

“End Federal Subsidies for Health Information Technology

A provision of the 2009 failed Stimulus law (American Recovery and Reinvestment Act) massively expanded the federal government’s role in health information technology. The aims many attribute to the Health Information Technology for Economic and Clinical Health (HITECH) Act sound good: using a variety of policy levers to promote the widespread adoption of health information technology and support digital sharing of clinical data among hospitals, physicians, and other health care stakeholders. However, a closer look at the data shows [sic] that Congressional action was the wrong mechanism to accomplish these goals.

Lawmakers in Congress may have been well-intended when they supported the HITECH Act, but the massive federal intrusion into health information technology is wasteful and duplicative of current business practices. According to the nonpartisan Congressional Budget Office, the use of health information technology was already projected to be widespread by the end of the decade – even without the adoption of the HITECH Act. CBO projected that, without the HITECH Act, two-thirds of physicians, approximately half of hospitals, and at least one in five critical access hospitals would still be robustly using health IT by the end of the decade. Some reports have suggested private sector health information technology in a multi-year period is far more than the federal government is projected to spend on health IT over the next decade. In fact, in a recent survey, more than half of respondents replied they have a fully operational electronic health record in at least one facility in their organization, and only 1 in 50 respondents had not yet begun to plan for the use of an EHR. The facts make it pretty clear that massive federal handouts and mandates are unnecessary to subsidize a behavior that is already being adopted on a widespread basis in the marketplace.

Additionally, the private sector has already developed compelling models for utilizing health information technology. Major health systems like the Mayo Clinic and the Cleveland Clinic all have adopted state-of-the-art health IT systems—without federal involvement. Private enterprises are leading the way in developing completely innovative approaches to health IT. Some are even exploring the development of open software for innovators to write electronic health record applications. Such an “open source” model of current business practices. According to the nonpartisan Congressional Budget Office, the use of health information technology was already projected to be widespread by the end of the decade – even without the adoption of the HITECH Act. CBO projected that, without the HITECH Act, two-thirds of physicians, approximately half of hospitals, and at least one in five critical access hospitals would still be robustly using health IT by the end of the decade. Some reports have suggested private sector health information technology in a multi-year period is far more than the federal government is projected to spend on health IT over the next decade. In fact, in a recent survey, more than half of respondents replied they have a fully operational electronic health record in at least one facility in their organization, and only 1 in 50 respondents had not yet begun to plan for the use of an EHR. The facts make it pretty clear that massive federal handouts and mandates are unnecessary to subsidize a behavior that is already being adopted on a widespread basis in the marketplace. [ did Jonathan Bush ghostwrite this part? – BG ]

Additionally, the private sector has already developed compelling models for utilizing health information technology. Major health systems like the Mayo Clinic and the Cleveland Clinic all have adopted state-of-the-art health IT systems—without federal involvement. Private enterprises are leading the way in developing completely innovative approaches to health IT. Some are even exploring the development of open software for innovators to write electronic health record applications. Such an “open source” model could help increase competition, flexibility and lower costs – all without federal action."

One way or another, we'll know before too much longer.

Wednesday, November 16, 2011

So many topics and issues, so little time

Trying to get caught up after my Mom died. Coming this week...

The authors gave me a final pre-publication copy for review and commentary. I love it thus far.

Essential to health care reform are two elements: standards of care for managing clinical information (analogous to accounting standards for managing financial information), and electronic tools designed to implement those standards. Both elements are external to the physician’s mind. Although in large part already developed, these elements are virtually absent from health care. Without these elements, the physician continues to be relied upon as a repository of knowledge and a vehicle for information processing. The resulting disorder blocks health information technology from realizing its enormous potential, and deprives health care reform of an essential foundation...

...First, from the outset of care, relevant patient data must be chosen, and its implications determined, based on the best available medical knowledge, independent of the limited personal knowledge of the practitioners involved. Patient data must be systematically linked to medical knowledge in a combinatorial manner, before the exercise of clinical judgment, using information tools to elicit all possibilities relevant to the problem situation, while defining and documenting the information taken into account. Practitioners’ clinical judgments may add to, but must not subtract from, high standards of accuracy, completeness and objectivity for that information.

Second, in complex cases, particularly in cases of chronic disease, the organization of data in medical records must be optimized for managing multiple problems over time. This means that each medical record must begin with a complete list of carefully defined patient problems, and that other clinical information in the record must be linked to the problem or problems to which it relates.

I. Introduction: Building a new system

A culture of denial subverts the health care system from its foundation. The foundation—the basis for deciding what care each patient individually needs— is connecting patient data to medical knowledge. That foundation, and the processes of care resting upon it, are built by the fallible minds of physicians. A new, secure foundation requires two elements external to the mind: electronic information tools and standards of care for managing clinical information...

...Contrary to what the public is asked to believe, physicians are not educated to connect patient data with medical knowledge safely and effectively. Rather than building that secure foundation for decisions, physicians are educated to do the opposite—to rely on personal knowledge and judgment—in denial of the need for external standards and tools. Medical decision making thus lacks the order, transparency and power that enforcing external standards and tools would bring about...

...Without the necessary standards and tools, the matching process is fatally compromised. Physicians resort to a shortcut process of highly educated guesswork...

...Medical practice is thus trapped in a subjective realm. Unlike scientific practitioners, medical practitioners do not operate in an objective realm, where the contents of thought and knowledge exist independently of the individual mind, a realm where knowledge can be reliably transmitted and applied, where new knowledge can be rapidly translated into practice, where all knowledge can be tested against patient realities. Isolated from this objective realm, the mind be- comes a negative force, a cause of confusion and disorder. Physicians are not equipped to fulfill their immense responsibility safely and effectively. Other practitioners are not equipped to share that responsibility with physicians. Patients are not equipped to work effectively with multiple practitioners, nor to assume the ultimate burden of decision making over their own bodies and minds. Third parties are not equipped to create order out of this chaos. Practitioners and patients are not accountable for their own behaviors, while third parties are left free to manipulate disorder for their own advantage...

...Missing is a total system for enforcing high quality care by all practitioners for all patients.

...At first glance, this subject matter may seem like just a varia- tion on current policy concerns with using “health information technology” to bring “evidence-based medicine” to “patient-centered” care. Yet, current policy fails to comprehend the needed discipline in medical practice and thus fails to define precisely what is needed from health information technology. A dangerous paradox thus exists: the power of technology to access information without limits magnifies the very problem of information overload that the technology is expected to solve. Solving that problem demands a meticulous, highly organized, explicit process of initial information processing, followed by careful problem definition, planning, execution, feedback, and corrective action over time, all documented under strict medical accounting standards. When this rigor is enforced, a promising paradox occurs: clarity emerges from complexity.

...[W]ere we to close the gap between medical practice and patient needs, society then could find enormous opportunities to harvest resources now going to waste. These wasted resources include not only vast sums spent on low-value care but also a vast body of medical knowledge that all patients and practitioners could use more effectively, simple tests and observations that in combination could uncover solutions to patient problems, patients who could become better equipped and motivated to improve their own health behaviors, routine patient care that could become a fertile source of new medical knowledge, and the firsthand insights of practitioners and patients who could participate in harvesting that new knowledge for their own benefit.

Closing the gap between medical practice and patient needs would transform how medicine is personally experienced by practitioners and patients alike. Practitioners could find their work to be less exhausting and more rewarding, emotionally and intellectually, than what they now undergo. The physician’s role could disaggregate into multiple roles, all freed from the impossible burdens of performance that physicians are now expected to bear. The expertise of nurses and other non-physician practitioners could deepen, and their roles could be elevated. All practitioners could follow time-honored standards of care that in the past have been honored more in the breach than the observance. All practitioners and patients could jointly use electronic information tools for matching data with medical knowledge, radically expanding their capacity to cope with complexity. All could use structured medical records, whose structure would itself bring order and transparency to the complex processes of care. Inputs by practitioners could thus be defined and subjected to constant feedback and improvement. A truly evidence-based medicine could develop, where evidence would be used to individualize care rather than standardize it. And a system of checks and balances could develop, where patients and practitioners would act on incentives for quality and economy far more effectively than before...

Buy the book (I'm not shilling it; I don't know them and I don't get anything from it). Extremely thought-provoking.


Below, I have a complete copy of this IOM Report as well.


The Institute of Medicine (IOM) report To Err Is Human estimated that 44,000-98,000 lives are lost every year due to medical errors in hospitals and led to the widespread recognition that health care is not safe enough, catalyzing a revolution to improve the quality of care.

Despite considerable effort, patient safety has not yet improved to the degree hoped for in the IOM report Crossing the Quality Chasm. One strategy the nation has turned to for safer, more effective care is the widespread use of health information technologies (health IT). The U.S. government is investing billions of dollars toward meaningful use of effective health IT so all Americans can benefit from the use of electronic health records (EHRs) by 2014.
Health IT is playing an ever-larger role in the care of patients, and some components of health IT have significantly improved the quality of health care and reduced medical errors. Continuing to use paper records can place patients at unnecessary risk for harm and substantially constrain the country’s ability to reform health care. However, concerns about harm from the use of health IT have emerged.

To protect America’s health, health IT must be designed and used in ways that maximize patient safety while minimizing harm. Information technology can better help patients if it becomes more usable, more interoperable, and easier to implement and maintain. This report explains the potential benefits and risks of health IT and asks for greater transparency, accountability, and reporting.
In this report, health IT includes a broad range of products, including EHRs,3 patient engagement tools (e.g., personal health records [PHRs] and secure patient portals), and health information exchanges; excluded is software for medical devices.

Clinicians expect health IT to support delivery of high-quality care in several ways, including storing comprehensive health data, providing clinical decision support, facilitating communication, and reducing medical errors. Health IT is not a single product; it encompasses a technical system of computers and soft- ware that operates in the context of a larger sociotechnical system—a collection of hardware and software working in concert within an organization that includes people, processes, and technology.

It is widely believed that health IT, when designed, implemented, and used appropriately, can be a positive enabler to transform the way care is delivered. Designed and applied inappropriately, health IT can add an additional layer of complexity to the already complex delivery of health care, which can lead to unintended adverse consequences, for example dosing errors, failing to detect fatal illnesses, and delaying treatment due to poor human–computer interactions or loss of data. In recognition of the rapid adoption of health IT, the Office of the National Coordinator for Health Information Technology (ONC) asked the IOM to establish a committee to explore how private and public actors can maximize the safety of health IT–assisted care. The committee interpreted its charge as making health IT–assisted care safer so the nation is in a better position to realize the potential benefits of health IT.

OK. Another good read. Moving along...

High on the list of breakthroughs expected to transform medicine is personalized medicine – the use of new methods of molecular analysis to better manage a patient’s disease or predisposition to disease. Personalized medicine is likely to change the way drugs are developed and medicine is prescribed.

Yet the regulatory and financial systems that will support personalized medicine are not yet in place. The mission of the PMC is to build the foundation that underpins the advancement of personalized medicine as a viable solution to the challenges of efficacy, safety and cost.

The Personalized Medicine Coalition (PMC), was launched in 2004 to educate the public and policymakers, and to promote new ways of thinking about health care. Today, PMC represents a broad spectrum of more than 200 academic, industry, patient, provider and payer communities, as we seek to advance the understanding and adoption of personalized medicine concepts and products for the benefit of patients.

What is Personalized Medicine?
As defined by the President’s Council on Advisors on Science and Technology, “Personalized Medicine” refers to the tailoring of medical treatment to the individual characteristics of each patient…to classify individuals into subpopulations that differ in their susceptibility to a particular disease or their response to a specific treatment. Preventative or therapeutic interventions can then be concentrated on those who will benefit, sparing expense and side effects for those who will not.

What they're mostly advocating here is genetic molecular biochemistry and its place in HIT for Comparative Effectiveness Research. to wit, consider this paper I got from their site:

With federal officials pursuing the goal of a personal human genome map under $1,000 in five years (White House, 2010), it is possible to envision a future where treatments are tailored to individuals’ genetic structures, prescriptions are analyzed in advance for likely effectiveness, and researchers study clinical data in real-time to learn what works. Implementation of these regimens creates a situation where treatments are better targeted, health systems save money by identifying therapies not likely to be effective for particular people, and researchers have a better understanding of comparative effectiveness (President’s Council of Advisors on Science and Technology, 2010).

Yet despite these benefits, consumer and system-wide gains remain limited by an outmoded policy regime. Federal regulations were developed years before recent advances in gene sequencing, electronic health records, and information technology. With scientific innovation running far ahead of public policy, physicians, researchers, and patients are not receiving the full advantage of latest developments. Current policies should leverage new advances in genomics and personalized medicine in order to individualize diagnosis and treatment. Similarly, policies creating incentives for the adoption of health information technology should ensure that the invested infrastructure is one that supports new-care paradigms as opposed to automating yesterday’s health care practices...

...This paper outlines the challenges of enabling personalized medicine, as well as the policy and operational changes that would facilitate connectivity, integration, reimbursement reform, and analysis of information. Our health system requires a seamless and rapid flow of digital information, including genomic, clinical outcome, and claims data. Research derived from clinical care must feed back into assessment in order to advance care quality for consumers. There currently are discrete data on diagnosis, treatment, medical claims, and health outcomes that exist in parts of the system, but it is hard to determine what works and how treatments differ across subgroups. Changes in reimbursement practices would better align incentives with effective health care practices.

Furthermore, we need privacy rules that strike the right balance between privacy and innovation. These rules should distinguish health research from clinical practice, and create mechanisms to connect data from multiple sources into databases for secondary research usage and population cohort analysis. More balanced rules would improve innovation. It is nearly impossible to evaluate treatment effectiveness without being able to aggregate data and compare results. Faster knowledge management would enable “rapid learning” models and evidence-based decision-making on the part of physicians and public health officials...

Click the title image above for the full pdf. See also

and (pdf)

I find triangulating all of this so very interesting. Much more to come on the health care QI implications of all of the foregoing.


(Nov 19th) I was chatting with my VP for Medical Affairs Dr. Jerry Reeves tonight at a social event about my interest in and intense study now regarding the pharmacogenetic stuff. He brought up the topic of "epigenetics," which I'd read about but had not reviewed lately. Another tie-in. Just what I needed, more to read and think about.
What is Epigenetics?

Conrad Waddington (1905-1975) is often credited with coining the term epigenetics in 1942 as “the branch of biology which studies the causal interactions between genes and their products, which bring the phenotype into being”. Epigenetics appears in the literature as far back as the mid 19th century, although the conceptual origins date back to Aristotle (384-322 BC). He believed in epigenesis: the development of individual organic form from the unformed. This controversial view was the main argument against our having developed from miniscule fully-formed bodies. Even today the extent to which we are preprogrammed versus environmentally shaped awaits universal consensus. The field of epigenetics has emerged to bridge the gap between nature and nurture. In the 21st century you will most commonly find epigenetics defined as ‘the study of heritable changes in genome function that occur without a change in DNA sequence‘...

Add it to my pile.

Health Impact Assessment

Health impact assessment (HIA) is commonly defined as “a combination of procedures, methods, and tools by which a policy, program, or project may be judged as to its potential effects on the health of a population, and the distribution of those effects within the population”...

The major steps in conducting an HIA include
  • Screening (identify projects or policies for which an HIA would be useful),
  • Scoping (identify which health effects to consider),
  • Assessing risks and benefits (identify which people may be affected and how they may be affected),
  • Developing recommendations (suggest changes to proposals to promote positive or mitigate adverse health effects),
  • Reporting (present the results to decision-makers), and
  • Evaluating (determine the effect of the HIA on the decision).
HIA is similar in some ways to environmental impact assessment (EIA). The National Environmental Policy Act (NEPA) requires federal agencies to consider the environmental impact of their proposed actions on social, cultural, economic, and natural resources prior to implementation. Proposed actions may include projects, programs, policies, or plans. HIA, unlike EIA can be a voluntary or a regulatory process that focuses on health outcomes such as obesity, physical inactivity, asthma, injuries, and social equity. HIA has been used within EIA processes to assess potential impacts to the human environment.
See also the World Health Organization site on HIA.

Then there's this:

Section 6301 of the PPACA (pdf), a.k.a. "ObamaCare," established the "Patient Centered Outcomes Research Institute."

"The Patient-Centered Outcomes Research Institute (PCORI) is an independent organization created to help people make informed health care decisions and improve health care delivery. PCORI will commission research that is guided by patients, caregivers and the broader health care community and will produce high integrity, evidence-based information.

PCORI is committed to transparency and a rigorous stakeholder-driven process that emphasizes patient engagement. PCORI will use a variety of forums and public comment periods to obtain public input throughout its work."

As with the case of the ACOs (Accountable Care Organizations; Section 3022 of the PPACA), I can't help but wonder about the fate of PCORI should SCOTUS strike down the Affordable Care Act in toto.

Beyond that, it will be interesting to see what extent of "transparency and a rigorous stakeholder process" ensues between all of the entities that will need to pull together. Notwithstanding that "transparency" is the feel-good term of the decade, opacity in service of turf protection (economic or otherwise institutional) will remain a risk.

e.g., let me return yet again to one of my favorites, the esteemed medical economist J.D. Kleinke:
Health Care’s ‘Prisoners’ Dilemma’
Joe Wilson’s health insurer back in Pittsburgh might have a clear financial interest in a system that would allow it to feed various streams of Joe’s clinical information to the Las Vegas hospital, to improve the quality and reduce the cost of his medical care. But doing so would be massively expensive for the insurer, not just in direct and indirect costs, but in incalculable strategic costs. If the company invested millions to create the open infrastructure required to connect its hospital, physician, pharmacy, and lab claims information systems to every hospital in Pittsburgh—let alone to every hospital in the United States—all of the other health insurers in Pittsburgh could connect to the same network for a fraction of the cost. While Joe’s insurer did the heavy lifting, its competitors would bear none of the massive up-front costs and could price their health plans well below the cost of Joe’s, for all of the years that his insurer was investing in that system.

If health care’s IT problems are a reflection of its broader economic problems, then the strategic conflicts within the health insurance and hospital industries themselves—the two most obvious beachheads for HIT development—are sufficient explanation for why we have no interoperable health care infrastructure. Notwithstanding the happy talk of their advertising, health insurers aim to attract and lock in healthy people and drive away sick ones. The less masqueraded goal of the hospital is to attract and lock in sick people and market to those who are not sick yet. Having an interoperable HIT system that allows patients to shop around, with their fully portable EMRs, for a higher-quality or lower-cost health insurer or hospital works directly against these goals.

For insurers in particular, this strategic conundrum over HIT is a redux of the broader managed care conundrum about prevention, which is essentially the prisoners’ dilemma at the heart of game theory. The prisoners’ dilemma always results in an unfortunate ending: All actors in the game would be rewarded if they cooperated and did the right thing by each other. But none will do the right thing without assurance that the other players will all follow, and so they each do exactly the wrong thing, limiting their own downside and thus creating a suboptimal outcome for all. The best way for a health insurer to use HIT to cope with the prisoners’ dilemma is to design a proprietary system that makes it easy for healthy members to sign up; difficult for sick members who need good information to find it and thus remain satisfied with their plan; and even more difficult for everyone outside the insurer’s own organization (that is, everyone looking to get paid) to navigate it. The worst way to cope with the prisoners’ dilemma is to provide an open, interoperable system that works equally well for all members and can exchange data with all other health insurers.
Yeah. More specifically, I would pose this troubling question regarding "personalized medicine." A health dx/px/rx care solution targeted specifically to me has a market potential of precisely one. That's not how Big Medicine/Big Pharma/Big Payors make their money. Now, were I Warren Buffet or Bill Gates or (the late) Steve Jobs or Paul Ryan, maybe I wouldn't care -- 'I'll have the lobster and filet mignon at market price.'

Beyond that, how indeed shall we "realign reimbursements"?

Also in this regard, I have to scoff at unregulated "free market" theorists and their beloved panacea "efficient markets hypothesis." They uniformly gloss over or grossly ignore the very real and fundamental -- if inconvenient -- corollary that the most "efficient" markets are also, by definition, the lowest margin.

Think about it. How could it be otherwise? The Sum of Self-Interested Rational Actors, All Having Transparent Access To The Same Information Upon Which to Act Upon And Express Their Value Preferences?

Right. Get serious. Gimme a break.

Twelve words, from a generation ago:
"In the gap between perception and reality, there's money to be made."

- Michael Milken
Ask Yves Smith as well. Hat tip to her for her pithy, bulls-eye debunking observation on the "efficient markets" point (I'm reading her new book "eCONNED" at the moment; been following her blog for quite some time).

...The very idea of a public works project (at least within our own borders) sounds like an artifact from an era eclipsed by nearly three decades of hostility toward government-based solutions to domestic problems, combined with a seemingly religious belief in marketplace solutions for all of them.

As this paper makes unambiguously clear, the marketplace will not solve the HIT problem. If so, it would have solved it under the watchful eye of "managed care" or as part of the Y2K conversion or during the most recent Health Insurance Portability and Accountability Act (HIPAA) compliance scramble. There is indeed a collective business case for a national HIT system, but it is one well beyond the reach of the health care marketplace. The federal government may be unable to finance and build that system for political reasons, but it can do far more than trying to jawbone the private sector into building it on its own.

If health care’s chronic IT failure is steeped in economic reality, then the solution should be as well. The obvious entry point is reimbursement. The federal government, directly or indirectly, purchases half of U.S. health care... [Market Failure And The Creation Of A National Health Information Technology System]

Again, published in 2005. Could have been yesterday.


From Science-Based Medicine: David Gorski's "Woo-omics"
A prelude to woo-omics: Genomics, proteomics, everywhere an “omics”
One of the most difficult problems in science-based medicine is how to do a better job identifying which patients will respond to which treatments. Clinical trials, by their very design, have to look at average responses in populations. In essence, a treatment is compared to either placebo or standard-of-care, a choice mainly driven by ethics and whether effective treatments exist for the condition being studied. It is then determined using statistics whether a significant difference exists between the two groups. The difficulty, as any clinician knows, is applying the results of clinical trials to individual patients. In any population, there is, after all, a range of responses to any drug or treatment, and it would be desirable to be able to predict which patients will fall at the end of the bell-shaped curve where the treatment is most effective and which will fall at the end of the curve where the treatment works poorly or not at all...

...[T]hese days, the search for predictors of response, prognosis, and therapies most likely to do good has moved into the realm of what we now call “omics.” The term “omics” as it is used today originally came from genomics, which is, put very simply, the study of the entire genome (i.e., all the genes in an organism). It then expanded to be used for proteomics, which, again put very simply, is the study of all the proteins expressed by a cell type, organ, or organism. Since then, the term has metastasized to many, many areas of biology, such as metabolomics, secretomics, lipidomics, and many, many others. Here’s a general schema of what I’m talking about:

The problem with all these “omics” is that they are hideously complicated, with interactions of thousands of genes, proteins, and other entities that must be made sense of in order to understand what is going on. Indeed, arguably the reason we never bothered with these sorts of analyses before is that, until the last 10-20 years quite simply they were impossible. The computing power and algorithms necessary to do them simply didn’t exist and had to be developed. Neither did the technology. Then, beginning in the late 1990s, techniques were developed to measure expression profiles that included every known gene in the human genome. Building on techniques developed for the Human Genome Project and other genomics initiatives, in the early 2000s, we had cDNA microarrays, the ability to scan thousands of single nucleotide polymorphisms (SNPs) and look for associations with diseases, and the like...

The result of the new systems biology and “omics” has been a torrential flood of data that’s far ahead of our ability to analyze it fully. As the cost of sequencing a genome has fallen from hundreds of thousands of dollars to less than $10,000 (soon to be less than $1,000), genome sequencing will soon fall to within the price range of other commonly used medical tests. (CT scans and MRIs cost around $2,000 or so, and the Oncotype DX test, for example, costs around $3,000.)

Unfortunately, even as the flood of data accelerates, successful strategies for actually using that data clinically have been elusive. Indeed, last year, around the time of the tenth anniversary of the completion of the Human Genome Project, there were a series of articles asking, basically, “Where are all the cures we were promised?” Of course, as I’ve pointed out before, the sequencing of the human genome (and now all these other genomes, as is being done in the Cancer Genome Atlas, for example) has been the easy part. The hard part is making sense of it all and relating differences in individual genomes to specific diseases and to the discovery and validation of biomarkers for response to specific therapies. Just looking at one example can demonstrate why it’s so hard to make sense of this data and to figure out how to use it to develop cures to diseases like prostate cancer. Does all of this mean that all the information we’ve gathered and connections we’ve made so far in the Human Genome Project, the Cancer Genome Atlas, and other similar projects that have tried to relate genomics data to human disease, prognosis of disease, and response to therapies useless? Of course not. It’s just that the speed with which this data will result in real cures was arguably oversold. Right now, the situation is confused and uncertain. and we are still very far from the vision of truly personalized medicine that so many see “omics” as the path towards...
Party Poopers. ;)

As always, the comments at SBM are as interesting as the articles, e.g.,
# cervantes on 21 Nov 2011 at 10:01 am

John Ioannidis has written some very important papers about data mining in genomics. People have finally gotten the message, that they should have understood from the beginning, that if you go through a whole lot of data points — in the case of these studies of the association between genetic variants and diseases, we’re talking thousands — you will find spurious correlations. The p value can only be interpreted in light of Bayes theorem. If the prior probability of an association is very small, then it is still highly unlikely, even if your p value is also small. Science is a process of learning — it builds continually on prior evidence. If something doesn’t make sense based on what we already know, it’s unlikely to be the explanation for an observation. (Bayes theorem is extremely important, and in biomedical research, we’ve gotten stuck in a Gaussian world that many of the people who do research, even some prominent investigators, fundamentally do not understand. As Ioannidis demonstrated, most published findings are false.)

Yeah, John
Ioannidis, I'd forgotten about him. And, don't get me started on "p-values" or Gauss. I'll see your Gauss and raise you a Chebychev.


More on privacy (apropos to a great degree of the above): who owns your health information? res privatae? res litigosae? res nova? A complicated question I've dwelled on at some length in prior posts. An issue that, again, varies by state, type of data, and proposed use of the information. One that goes to the core of Comparative Effectiveness Research initiatives and breakthroughs in "Personalized Medicine."

Also, an ONC certified EHR vendor (I won't name them -- for now) has had so many bug issues they've issued a "upgrade release recall." I'm not making that up. One of my REC client clinics is on that platform. The O.M. told me today she has 87 open/unresolved support tickets. It is a mess.

Oh, and this is interesting:

...Nearly 250,000 doctors age 55 and over are facing the same choice—take on time-consuming obligations to document quality care and the real possibility of cuts in what the government pays them if they slip up, or just get out before penalties kick in. These older practitioners make up 32 percent of the physician workforce, according to the American Medical Association’s data from 2009, the most recent year available.

Early retirement could worsen what the Association of American Medical Colleges already predicts will be a shortage of 63,000 physicians in 2015. And that’s before an estimated 30 million more people sign on for health insurance in 2014, many of them seeking out a regular doctor for the first time.

The health care law and the 2009 economic-stimulus package transformed some now-optional programs for doctors—such as using electronic health records or tracking quality of care—into requirements for treating Medicare patients. Where the federal government now uses carrots, mostly in the form of bonus payments to participating physicians, it will start to use sticks in a few years. Doctors will face cuts in their reimbursement from Medicare if they don’t successfully use electronic medical records and report on their quality of care. In 2015, doctors will lose 1 percent of their Medicare reimbursement for not using electronic medical records, and 1.5 percent for failing to report quality data, such as whether they checked patients’ blood pressure or blood-sugar levels. Every year you miss the goals, the penalties go up.

The requirements aim to make the anachronistic U.S. health care system more efficient, and the vast majority of doctors would say they want to provide high-quality care. Providing better care will also bring down overall costs by keeping patients healthier and preventing duplicative tests. But as doctors cope with these new requirements, they also must deal with others that will change how they run their practices. For starters, they’ll have to switch to a new medical-coding system by October 2013 that balloons from 18,000 codes to nearly 140,000 to describe medical services.

Physicians also face the perennial uncertainty of Medicare reimbursement levels because Congress has repeatedly failed to agree on a permanent solution. Unless Congress acts—and lawmakers often wait until the last moment to pass the “doc fix”—physicians will absorb a nearly 30 percent cut in 2012...


Primary Care Workforce Facts and Stats

...Primary care is a foundational element of the U.S. health care system and is required to meet our Nation's triple aims of improving quality, containing costs, and improving patient and family experience. Primary care is also critical to ensuring access to health care for all Americans and reducing health care disparities. Whether the focus is on the individual, a population, or the health care system, good access to primary care is associated with more timely care, better preventive care, avoiding unnecessary care, improved costs, and lower mortality.

...Primary care by some measures is the largest aspect of our health care system. In 2008, 490 million visits were made to primary care physicians—a bit more than half of all visits to physicians' offices. But primary care's share of visits has been declining.

The U.S. primary care system is struggling under increasing demands and expectations, diminishing economic margins, and increasing workforce attrition compounded by diminishing recruitment of new physicians, nurses, and physician assistants into primary care.

Approximately one-third of physicians currently practice in primary care but fewer than one-fourth of current medical school graduates are going into primary care. The Council on Graduate Medical Education is concerned that the trend, if unchecked, will progress to fewer than one-fifth of medical students specializing in primary care...

Make sure the way you use an EMR doesn't unwittingly look like fraud
Technically Speaking. By PAMELA LEWIS DOLAN, amednews staff. Posted Nov. 21, 2011.

...Apparently many vendors advise practices to shut off the audit function to help speed up the system, Dr. Gelzer said. But turning off the audit function means the physician is not HIPAA compliant, Warner warned.

These potential problems are being exacerbated, some say, by the financial incentives created under the Health Information Technology for Economic and Clinical Health Act of 2009 to encourage EMR use. To qualify for incentives, physicians must demonstrate meaningful use of EMRs that are certified by organizations approved by HHS.

Meaningful use certification is designed only to ensure that EMRs meet the individual meaningful use objectives and measures, said Karen Bell, MD, chair of the Certification Commission for Health Information Technology, one of the organizations contracted with the ONC to test and certify EMRs for meaningful use. But Dr. Gelzer is concerned that physicians may feel a false sense of security knowing that their systems were certified to meet government-mandated standards.

The Dept. of Health and Human Services Office of the Inspector General included in its 2012 Work Plan a look at the relationship between certified EMRs and fraud and abuse vulnerabilities.

"I would take this to mean that the OIG is seeing problems," Dr. Gelzer said...


More to come.