Not a lot going on this week. Nevada Medicaid's attestation portal launched without major snags. I have a few Medicare EPs trickling in to Milestone 3. My wife is in Dubai this week making grown engineers and construction crew chiefs cry. We're 11 hours apart. Makes it difficult to stay in touch.
I joined the International Association of Privacy Professionals. Looks pretty interesting thus far. If you work for a non-profit, you get a 60% discount (100 bucks rather than $250).
I may study up and take their "CIPP/US" Cert exam. The BoK all looks pretty familiar, given a good bit of the work I now do.
apropos of "privacy": Fine new book out, Garrett Keizer's "Privacy."
I've read this guy before, in Harper's. Excellent writer.
It is a curious paradox of the times we live in, when no commandment is inscribed on tablets of stone but every one of our transgressions lives eternally within some data bank, effectively beyond the pale of forgiveness......corporations mine our e-mails and Internet searches in the hopes of honing their marketing strategies. No sooner do I press the send button that e-mails a letter of recommendation to a female student or a note of thanks to a female editor and an ad for an online dating service invites me to learn more about a bevy of eligible lovelies “in your area.” More than 96 percent of Google’s $ 29 billion in revenue for 2010, a sum exceeding the combined advertising revenues of all newspapers, came from advertisers sold on the search engine’s ability to know our individual wants. Unlike Orwell’s Big Brother, who merely sought to sniff out dissent, corporate Big Brother wishes to know our every desire, confident that we can be pleasured into submission. And we have hardly seen the worst. Privacy expert Jeffrey Rosen speculates that “it would be a simple enough task for Facebook or Google” to launch an “Open Planet” surveillance system, by “which anyone in the world could log onto the Internet, select a particular street view … and zoom in on a particular individual.… Most of the architecture for implementing it already exists.”Such a development would be good news not only for the Big Brothers of government and business but also for what Walter Kirn, writing about the Clementi case, calls “Little Brother.” He means any nosy individual with an electronic device. With the use of something called a keylogger, for instance, you can keep track of a spouse’s computer keystrokes. With the use of Google Images you can change your mind about a blind date. The surveillance state and the surveillance economy are matched by a surveillance culture, each daring the other to go one step further in vandalizing old norms......My hunch will hold water for anyone who has attended a loved one in a medical emergency or worked as an advocate for the aged, the poor, or the otherwise disadvantaged. Advocates in particular will understand the hostage mentality of marginalized patients dependent for their deliverance on an all-powerful professional. Asking such people if they’d have any objection to some optional waiver of their privacy rights is like having your daughter’s kidnapper ask if you’d mind him using your restroom before he tells you the terms of her ransom. Whatever you do, don’t make him mad at us!
Keizer, Garret (2012-08-07). Privacy (Big Ideas//Small Books) (p. 6, 7, 71). Macmillan. Kindle Edition.Highly recommended.
Regarding HIE, this is pretty cool:
Ryba's 16 rules of effective HIETall order. All of these are on our plate these days.
August 10, 2012 | Joel Ryba, COO, HIXNY
- Assured Delivery Rule. Effective HIE must be able to reliably message between source and destination and confirm delivery. This applies to both data provider into a shared view for query, as well as to data sent to another provider for one-to-one. Exceptions must alert an operator and store the message(s) for reprocessing.
- Abstraction Rule. Effective HIE must abstract between data provider and data consumer. To do so an HIE must support multiple versions of standard interfaces like IHE and HL7 as well as optionally support non-standard interfaces.
- Patient Data Locator Rule. Effective HIE must provide the ability to locate patient records – and that means being able to index patient records by linking and unlinking facility/patient records (MRNs or other local IDs) through both statistical matching and manual intervention.
- Data Integrity Rule. Effective HIE must provide the ability to manage patient data by data source, and not combine the data linked by the Patient Data Locator Rule in any way that cannot be undone if the patient records are unlinked.
- Query Rule. Effective HIE must provide the ability to Query/Pull from other provider(s) as a single record (individual provider stable record or consolidated on-demand document).
- On-Demand Consolidation Rule. Effective HIE must provide the ability to Pull a consolidated record on-demand. Ability to consolidate patient data from multiple sources into a single view.
- On-Demand Aggregation Rule. Effective HIE must provide the ability to aggregate data (counts, sums, averages) for single patients or across multiple patients meeting a selection criteria.
- Provider Directory Rule. Effective HIE must provide the ability to locate a provider (legal entity like hospital or group practice or an individual clinician) for push messaging and if necessary transform their local facility identifier into a generic address or identifier or into another facility’s local identifier.
- Direct Push Rule. Effective HIE must provide the ability push a single record and selectively send data to comply with HIPAA minimum necessary requirement.
- Access Control Rule. Effective HIE must provide the ability to control access based on patient consent and data recipient roles.
- Subscription Rule. Effective HIE must provide the ability to ‘Subscribe for PUSH’ based on the subscribers rights to the patient data.
- Audit Rule. Effective HIE must Log all transactions to an audit log. This is necessary for both direct push and query pull. It should also be able to easily be determined what data was accessed. So for instance, if a patient is linked or unlinked by the master patient index before or after the transaction, or some data is or is not included from federated portions of the HIE, the audit must effectively have this level of information (the event patient) captured.
- Audit Reporting Rule. Effective HIE must provide the ability to Report against Audit data. As with all interfaces, the interface for audit to record information may not be the best way to store the data for query/reporting. Thus, it is likely necessary, but not required by the rule, that there be some level of abstraction between how data is moved and how it is stored.
- Clinical Reporting Rule. Effective HIE must provide the ability to report clinical data across patients for population health use cases as well as be able to locate patients meeting a clinical profile across all data sources when all data on the patient may come from multiple sources and may be stored in an equivalent federated manner. Thus, it is likely necessary, but not required by the rule, that the federation between data sources need to be treated as nodes or shards of parallel data warehouse for this type of query/reporting versus single patient data accesses.
- Interoperability Rule. Effective HIE must provide the ability for providers to seamlessly initiate and terminate exchange from their native environment.
- Customizable Business Rules Rule. Effective HIE must provide the ability for processes to be monitored for compliance to business rules to report or alert for exceptions. For example, care managers with consent from the patient need to monitor their adherence to treatment plans, quality measures, and so forth. This can extend either the subscription rule or the clinical reporting rule depending on how it is implemented.
THE "FIGLIOZZI LETTER"
CMS starts auditing recipients of meaningful use bonuses
Some practices that have obtained incentive payments are being asked to supply documentation supporting their eligibility.
By PAMELA LEWIS DOLAN, amednews staff. Posted Aug. 13, 2012.
...The company contracted by CMS to conduct post-payment auditing of hospitals and eligible professionals who successfully claimed meaningful use has started its work. The auditing process, a congressional requirement under the 2009 federal stimulus package that authorized the EHR bonuses, will be carried out by Figliozzi and Co., an accounting firm based in Garden City...You get a Figliozzi Letter, you will have two weeks to submit your documentation.
The letters ask physicians to provide three things, said [Jim] Wieland, who is head of the [Ober Kaler law] firm’s health care information privacy, security and technology group.
- Proof that the EHR system used to meet meaningful use requirements is certified. The Office of the National Coordinator for Health Information Technology maintains a list of certified systems on its website.
- Supporting documentation proving that core objectives were met. Fifteen core objectives must be met to achieve meaningful use during stage 1 of the initiative. EHR systems certified to meet meaningful use should generate reports showing that these objectives have been met. Electronic or paper copies of those reports should satisfy the request.
- Supporting documentation that so-called menu objectives were met. Those attesting to meaningful use in stage 1 choose five menu objectives from a list of 10. EHR-generated reports, including those used to support clinical quality measures, can show that those objectives have been met.
REC LOBBY UPDATE
Must not be hasty, one supposes.
Much more to come. In addition to watching the Olympics, I've been doing a bit of blogging on another topic.
AUGUST 15TH UPDATE
Nice. Got picked up in the MedPedia:
ONC Aims To Automate Patient Use of 'Blue Button' Application
The Office of the National Coordinator for Health IT wants to make it easier for all U.S. residents to use a "Blue Button" feature to download their electronic health record data, Government Health IT reports (Mosquera, Government Health IT, 8/10)...
I just got a USB flash drive dump of six years' worth of my medical data from my Primary. Blue Button functionality, adroitly ("securely") deployed would have saved me 45 minutes and two bucks worth of gas.
More to come...