Search the KHIT Blog

Thursday, May 31, 2012

45.CFR.164.3, 45.CFR.164.5, and 42.CFR.2

I'm ba-a-ack...

I've been gone to my grandson's high school graduation festivities in Windermere FL. Congratulations, Keebo. Just getting back into the blogging thing after the "respite."


I thought about having my name legally changed to "Authorized Personnel" (particularly since "World Peace" has already been squatted). Make U-turns on the interstates, go into all these otherwise off-limits places in the casinos...

PHI privacy and security. I've addressed these issues before. "45.CFR.164.3, 45.CFR.164.5, and 42.CFR.2 ("substance abuse" data privacy)"? Yeah, and those are just the major federal compliance regulations. Add in a crazy-quilt of HIPAA-trumping state laws and regs, well, can you say "job security"? or Counsel's "Billable Hours" (or, can you say "ahhh.. we'll never get audited"?)

"DESIGNATE PRIVACY AND SECURITY OFFICIALS"

45 CFR 164.308...(2)

(2) Standard: Assigned security responsibility. Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity. (PHI Security)

45 CFR 164.530(a)(1)

Standard: Personnel designations. (i) A covered entity must designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity. (PHI Privacy)

While there's a pretty clear picture of the "job duties" for these Security and Privacy positions, the academic and work experience requirements are far more varied -- problematic, in fact. The federal regulations are silent regarding "minimum qualifications." One upshot of which is now a metastasizing cottage industry of pricey commercial "certifications."

Along with a raft of budget web offerings.


We will examine all of this shortly in detail. Lots to discuss. Can both of these roles be filled by the same person? Yes. Can they both be outsourced to "BAs" (Business Associates)? ONC/CMS isn't commenting for the record thus far on that count.

___

HIPAA SECURITY / PRIVACY OFFICIAL

Searching some of the job search engines to see what skills/experience sets criteria people are asking for these days turns up stuff like this:
Job Description
Employer is seeking a Compliance Analyst with experience in Corporate Information Security. Qualified candidates will work in a fast-paced, dynamic, collaborative, growing environment. In addition to their responsibilities with corporate information security compliance, the Compliance Analyst will be the HIPAA Security Official [emphasis mine] for our employer-sponsored healthcare model that operates and manages medical clinics at employer's sites and other businesses. This position will lead all ongoing activities related to the development, implementation, maintenance of, and adherence to the organization’s policies and procedures covering the security of; and access to, patient health information (PHI) in compliance with federal and state laws and the healthcare organization’s information security practices.

Key Responsibilities

  • Develops administrative procedures, establishes physical safeguards and implements technology solutions in line with the Health and Human Services (HHS) guideline, the Health Information Portability and Accountability Act (HIPAA), organization management and legal counsel.
  • Conducts gap analysis and risk analysis from security perspective and implement changes, enhancements and education to ensure employer's overall compliance with HIPAA. Performs ongoing security audits to assess effectiveness of policies and procedures and system security safeguards.
  • Oversees, directs, delivers, or ensures delivery of initial security training and orientation to all employees, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties and continues to foster information security awareness within the organization and related entities. 
  • Ensure ongoing integration of information security with business strategies and privacy requirements and participate in strategic planning of the security policies and procedures.
  • Establishes and administers a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning the organization’s security policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
  • Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
  • Maintains current knowledge of Federal and state privacy and security laws and regulations as well as industry best practices. Revises the security program as necessary to comply with the changes in the law, regulations, professional ethics, and accreditation requirements and as necessary because of changes in patient mix, business operations, and the overall healthcare climate.
  • Serves as information security consultant to the employer's for all departments and appropriate entities including assisting in the design and implementation of a corporate education, training and communication campaign.
  • Cooperates with the Office of Civil Rights, other legal entities and organization officers in any compliance reviews or investigations.
Qualifications
  • Bachelor’s degree in information technology or management information systems or related field.
  • A minimum of three years’ experience in a healthcare or related field, demonstrated expertise in healthcare operations, health information knowledge and compliance preferred.
  • Expert knowledge in health information security development, applying principles of HIM (Health Information Management), project management and change management.
  • CISSP (Certified Information System Security Professional), CISM (Certified Information Systems Manager) or CHIPS (Certified Healthcare Privacy and Security) certifications preferred.
  • Demonstrated organization, facilitation, communication and presentation skills.
 __
SEBMF-1113165: Manager, Health Information/HIPAA Privacy Officer
Description
The Sutter East Bay Medical Foundation is a not for profit corporation that exists to provide medical services, research and education. The foundation provides the infrastructure for the delivery of physician services, and contracts with a separate corporation comprised of physicians and other care providers to deliver the clinical services. This multi-specialty foundation will provide a platform from which new physicians can be recruited to continue to provide physician services in a nonprofit, community setting. The Foundation's vision is to create a medical group that will deliver high quality, market competitive medical services.

The Manager, Health Information/HIPAA Privacy Officer [emphasis mine] directs, establishes and plans the overall policies and goals for the Health Information/Medical Record Departments in support of strategic objectives and program planning of the organization. Ensures compliance with regulatory requirements. Oversees either directly or indirectly the responsibilities for staffing, budgeting, fiscal planning, telecommunications, equipment purchases and maintenance, and facility development for care center medical record departments. Oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the organization’s policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization’s information privacy practices.
Qualifications
MINIMUM POSITION REQUIREMENTS:
Education:
A Bachelor’s Degree in Business Administration is preferred. Accreditation in Health Information is also preferred, proven appropriate experience and education may be substituted.
Experience:
Must possess five years professional experience in a health care environment which includes progressive management experience; strong leadership, communications, analytical, and interpersonal skills. Experience in project management and implementing hardware and software systems in a medical transcription and health information environment. Expertise in software application implementation within the medical transcription arena. Experience negotiating a minimum of three contracts per year with service vendors required. Experience in overseeing large organizational compliance with both federal and state laws with regards to privacy of health information.
Knowledge:
Extensive knowledge of health information and transcription functions in a hospital or ambulatory care setting. Extensive knowledge of electronic systems and applications for transcription and dictation systems required.  Knowledge of terminal digit filing system is required. Knowledge of basic medical record activities to include filing, record retrieval, archival as well as destruction in accordance to guidelines is required. Extensive experience/knowledge of release of information procedures is required. Extensive knowledge sufficient to insure compliance with Federal and State regulations guarding the portability and management of protected health information. A knowledge of basic telecommunication procedures is desired.
Special Skills/Equipment:
Organizational, analytical and problem solving skills. Must have excellent command of medical language so as to act as a resource to medical transcription employees.  Must have excellent customer service skills as well as the ability to respond to requests in a prompt and courteous manner. Ability to read, hear, and verbally communicate in English to the degree required to supervise personnel, and communicate with department Directors, Administration, and Physicians both orally and in written form.  Must be able to enlist cooperation and build consensus in environments that are resistant to change.
From what I can see thus far, the compensation package offerings for these kinds of positions are not bad, for candidates with time-in-the-seat experience, demonstrable BoK fluency, and one or more credible and germane Certs.

This is problematic for the smaller EP primary care outpatient shops. "Yo, Suzy, up at the front desk... tag, you're it, you're now our HIPAA Privacy and Security Officer. Fit this in when you're not answering calls or scheduling patients, OK?"

To the extent they comply with 164.308 and 164.530 at all.

Moreover, it should be noted that these responsibilities reciprocally bleed over into 164.4 (PHI Breach):
§ 164.414
Administrative requirements and burden of proof.
(a) Administrative requirements. A covered entity is required to comply with the administrative requirements of § 164.530(b), (d), (e), (g), (h), (i), and (j)...
Ask Phoenix Cardiac Surgery about the upshot of non-compliance.
___

A brief graphic diversion, on the subject of "compensation packages."


OK. Chump change. Google "Boaz Weinstein." He's 38. Last year he reportedly made $90 million. He's the guy who recently successfully, massively shorted JP Morgan's London "hedge" unit, causing a huge Wall Street and political dustup.

BTW...
The Average Salary of Cardiac Surgeons

A cardiac surgeon, also known as a cardiac thoracic surgeon, is responsible for treating and repairing injuries of the heart and lungs. A cardiac surgeon is primarily employed in hospitals, surgery centers or private practices and averages an annual salary of $116,653 to $483,875, depending on experience.

Any time someone starts grumbling to you about "greedy, overpaid doctors" and "meddlesome bureaucrats," just reply "Google Boaz Weinstein," and ask "how many lives did he save last year?"

REC TRADE ASSOCIATION UPDATE

Nothing new to report.
___


JUNE 3rd UPDATE

By David Schultz
JUN 03, 2012

As more doctors and hospitals go digital with medical records, the size and frequency of data breaches are alarming privacy advocates and public health officials.

Keeping records secure is a challenge that doctors, public health officials and federal regulators are just beginning to grasp. And, as two recent incidents at Howard University Hospital show, inadequate data security can affect huge numbers of people.

On May 14, federal prosecutors charged one of the hospital's medical technicians with violating the Health Insurance Portability and Accountability Act, or HIPAA. Prosecutors say that over a 17-month period Laurie Napper used her position at the hospital to gain access to patients' names, addresses and Medicare numbers in order to sell their information. A plea hearing has been set for June 12; Napper's attorney declined comment.

Just a few weeks earlier, the hospital notified more than 34,000 patients that their medical data had been compromised. A contractor working with the hospital had downloaded the patients' files onto a personal laptop, which was stolen from the contractor's car. The data on the laptop was password-protected but unencrypted, which means anyone who guessed the password could have accessed the patient files without a randomly generated key. According to a hospital press release, those files included names, addresses, and Social Security numbers -- and, in a few cases, "diagnosis-related information."

Ronald J. Harris, Howard University's top spokesman, said in an e-mail that the two incidents are unrelated, but declined to answer further questions. In its press release about the stolen laptop, the hospital said it will set new requirements for all laptops used by contractors and those issued to hospital personnel to help protect data.

Still it could have been worse. Much worse.

Just days after Howard University contacted its patients about the stolen laptop, the Utah Department of Health announced that hackers based in Eastern Europe had broken into one of its servers and stolen personal medical information for almost 800,000 people -- more than one of every four residents of the state...
Rest of the story here.
___

Lots of employment opportunities here. But, one will be continually shooting at moving targets, given the ever increasing interface of digital technologies and cyberspace -- on the 164.308 "HIPAA Security Official" side.


to wit:
Understanding cyberspace is key to defending against digital attacks
By Robert O’Harrow Jr., Published: June 2, Washington Post

Charlie Miller prepared his cyberattack in a bedroom office at his Midwestern suburban home.

Brilliant and boyish-looking, Miller has a PhD in math from the University of Notre Dame and spent five years at the National Security Agency, where he secretly hacked into foreign computer systems for the U.S. government. Now, he was turning his attention to the Apple iPhone.

At just 5 ounces and 4 1/2 inches long, the iPhone is an elegant computing powerhouse. Its microscopic transistors and millions of lines of code enable owners to make calls, send e-mail, take photos, listen to music, play games and conduct business, almost simultaneously. Nearly 200 million iPhones have been sold around the world.

The idea of a former cyberwarrior using his talents to hack a wildly popular consumer device might seem like a lark. But his campaign, aimed at winning a little-known hacker contest last year, points to a paradox of our digital age. The same code that unleashed a communications revolution has also created profound vulnerabilities for societies that depend on code for national security and economic survival.

Miller’s iPhone offensive showed how anything connected to networks these days can be a target.

He began by connecting his computer to another laptop holding the same software used by the iPhone. Then he typed a command to launch a program that randomly changed data in a file being processed by the software.

The alteration might be as mundane as inserting 58 for F0 in a string of data such as “0F 00 04 F0.” His plan was to constantly launch such random changes, cause the software to crash, then figure out why the substitutions triggered a problem. A software flaw could open a door and let him inside.

“I know I can do it,” Miller, now a cybersecurity consultant, told himself. “I can hack anything.”

After weeks of searching, he found what he was looking for: a “zero day,” a vulnerability in the software that has never been made public and for which there is no known fix.

The door was open, and Miller was about to walk through...


Keeping sensitive personal information private while enabling "authorized personnel" to access it for legitimate transactions will not get any easier. See the Washington Post "Zero Day" series.

On the "HIPAA Privacy Official" side of things (45 CFR 164.5, and 42 CFR 2 federally, at a minimum), while legal and regulatory developments may indeed move at a slower pace relative to the IT space (I follow these assiduously for my HIE), they are no less elaborate, by any means. And, "privacy" stuff is significantly less check-off list friendly.

Anyone capable of effectively filling both of these roles in a setting of any appreciable complexity will continue to be in increasingly high demand. Rightfully so, as it's not "work/life balance" friendly (kinda like, say, my wife's job), given the relentless challenges and the high-dollar (and reputation risk) stakes.
___


QUICK DIVERSION

"Dr. Oz on Challenges Faced by Small Practices"


Hat tip to Shea Steinberg of EHR Bloggers.

More quick news:


EHR certification lacking usability factor, doctors say
Organized medicine groups express concern that certified products will become obsolete as the meaningful use incentive program evolves.
By CHARLES FIEGL, amednews staff. Posted June 4, 2012.

Washington Federal health officials overseeing standards for electronic health records systems should revise system certification criteria to take usability concerns into account, the American Medical Association and other physician organizations said in comments on a proposed regulation...

...More than 1,700 EHR products have met previous certification standards, but the process itself provides no information to physicians on usability or which systems would best fit a particular practice. The AMA recommended that HHS hold a survey on satisfaction with these systems. Results would be disseminated and incorporated into future certification of the technology.

The AMA and other physician organizations also have serious doubts about the long-term viability of these products, leaving physicians who invested in the technology vulnerable.

“Another potential impact is the possibility that an EHR vendor or product might be bought or discontinued,” wrote Michael H. Zaroukian, MD, PhD, chair of the medical informatics committee at the American College of Physicians. “This has happened already, leading to additional costs for providers as they have to purchase another certified EHR to qualify for the EHR incentive.”

Including usability standards in the certification process would help ensure that physicians purchase products that will work best for them over the long run, the AMA said...
Yeah, "usability," that noble hardy perennial. I've addressed the topic before, here, and here.
___

JUNE 5th UPDATE

Interesting HITRC Privacy and Security CoP webinar/conference call today. Lots of anxiety expressed with regard to potential REC liability in connection with EPs' attestations to Meaningful Use Core 15, e.g.,
OBJECTIVE: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.
MEASURE: Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.
My irascible 60 second Photoshop reaction?


While it's clear the the EPs and EHs are on the legal hook with CMS and HHS/OCR for having complied with Core 15 and -- HIPAA more broadly (or not), a number of REC CoP callers voiced concern anew over what ONC might -- post-hoc -- regard as the satisfactory extent of REC documentation in Salesforce that our clients had indeed complied (yeah, we have to use Salesforce).

A bit late in the day for that, discomfort no?

My REC is not going there.**

We give our clients all of the information and tools sufficient for Core 15/164.3 compliance, and stress to them repeatedly the importance of doing so, but we are not about to become proxy CMS/ONC/OCR ePHI Security auditors. We are not staffed for it. It's all I can do to get my clinics to give me adequate face time to engage in more than MU compliance basics and pro forma workflow analysis.

A corollary concern was raised during the call: does it suffice that a practice, having identified one or more Core 15/45.CFR.164.3 deficiencies, simply document in its remedial action plan the requisite measures via which to achieve eventual compliance?

The long answer? No. (IMO)

Read the measure. "correct identified security deficiencies as part of its risk management process."

I'll have to find and review my handwritten HIMSS12 notes, but I specifically recall a curt response to that very question during one of the CMS sessions. The MU participant must correct any identified 164.3 nonconformances prior to attesting.
 ** Why stop/start there, anyway? What if an EP/EH subsequently is shown via audit to have in fact failed to meet one or more other Stage 1 MU measures post- attestation? Do they have to refund the reimbursements? Do we have to then also give our MU3 milestone money back?

___

NEWS UPDATE (via Linex)
Chronicle of Data Protection
Hogan, Lovells
POSTED ON JUNE 7, 2012 BY MARCY WILDER
HHS OCR Director Leon Rodriguez Warns of Low Tolerance for HIPAA Noncompliance and Announces that Release of HITECH Rule is Imminent

Director of the HHS Office of Civil Rights Leon Rodriguez warned today that the HIPAA enforcement agencies’ tolerance for noncompliance with HIPAA is “much, much lower” than in years past.  Presenting at the Safeguarding Health Information: Building Assurance through HIPAA Security Conference in Washington, D.C. (co-hosted by OCR and the National Institute of Standards and Technology), Rodriguez made clear that expectations regarding HIPAA compliance by covered entities and their business associates is higher than before, particularly in light of the abundant guidance, tools, and assistance OCR and NIST have provided to covered entities over the years.

During his presentation, Rodriguez reported that the HITECH rule to modify HIPAA Privacy, Security and Enforcement Rules is “very close” to completion.  He highlighted one of the rule’s major changes, namely, extension of HIPAA liability to business associates, and urged business associates to begin compliance efforts if they haven’t already.  Rodriguez also cautioned that attorneys general may increasingly broaden their sights to include HIPAA enforcement for business associates.

Finally, Director Rodriguez discussed OCR’s audit program, designed to help OCR find and address weaknesses in protections for both paper and electronic information.  He reported that the agency has found many vulnerabilities that the standard compliance program failed to identify and expects the audit program to become permanent going forward.  Senior OCR advisor Linda Sanches commented that audits for 115 covered entities—selected from among 3.3 million covered entities in the nation—are in process.  Initial reports from the first 20 audits suggest that most problems were found in the area of security protections. 

Contingency planning and user activity monitoring were also highlighted areas much in need of improvement.  Sanches indicated that the OCR system for auditing business associates will likely go live in 2013.  The audit criteria used for the initial audits will soon be available on OCR’s website and will be useful for mapping compliance efforts going forward. 

Saturday, May 19, 2012

Two Years on...


I launched this blog two years ago today. I'm glad I did so, notwithstanding the disconcerting internal heat I took for it right at the outset. I've enjoyed doing every post to date, every assiduously off-the-clock minute and hour spent on each of them.

 

TEDMED 2012: Atul Butte

From The Health Care Blog:
Supporters of the Big Data movement argue that data will change everything, but only once we break down the institutional and technological barriers that prevent us from getting at it. In his talk at TEDMED 2012 at the Kennedy Center, Stanford’s Atul Butte argues that the we already have more than enough to do real science, if only we know where to look.

About this Talk

Who needs the scientific method? Vast stores of available data and outsourced research are simply waiting for the right questions, says Atul Butte, Chief of Systems Medicine at Stanford University.

ATUL BUTTE

Chief of the Division of Systems Medicine and Associate Professor of Pediatrics, Medicine, and Computer Science, at Stanford University

Atul Butte, M.D., Ph.D. is Chief of the Division of Systems Medicine and Associate Professor of Pediatrics, Medicine, and by courtesy, Computer Science, at Stanford University and Lucile Packard Childrens Hospital. Dr. Butte trained in Computer Science at Brown University, worked as a software engineer at Apple and Microsoft, received his M.D. at Brown University, trained in Pediatrics and Pediatric Endocrinology at Children's Hospital Boston, and received his Ph.D. in Health Sciences and Technology from Harvard Medical School and MIT. The Butte Laboratory builds and applies tools that convert more than 300 billion points of molecular, clinical, and epidemiological data -- measured by researchers and clinicians over the past decade -- into diagnostics, therapeutics, and new insights into disease.
___

Who needs the scientific method? Interesting question. But, "the scientific method" is as much or more a habit of mind, a way of approaching problems in need of solution. I am wary of any proposition that it can reduced to simply mining the zettabytes. Such may work well in commercial disciplines wherein you can be empirically "wrong" the majority of the time as long as your minority "true positives" can carry the ROI/profitability freight.

Having said that, I could not be more in favor of having more timely access to more complete and accurate health process and outcomes data. See "Medicine in Denial." It's why I continue to work in Health IT.
___


"Data IS..."

I've pretty much lost this fight. And, I've got a $500 UHC deductible for these injuries.


HIE NEWS ITEM



Well, this was unfortunate.
Expanding Our Team
posted on March 14th, 2012 by Laura Landry 
Cal eConnect is getting ready for our next HIE Cooperative Agreement scope of work, and we are looking for people to join our team. Over the next few weeks, we will be posting job opportunities for analysts, system engineers, and others to join our team.

If you’re the kind of person who likes making sure things get done right – there’s an opportunity for a Compliance Director posted right now.

Please keep an eye on our Careers page for exciting opportunities to accelerate health information exchange in California!
Four days later, on the 18th:
Calif. switches contractors for info exchange
By Joseph Conn, May 18th, 2012
In California, a land renowned for upheaval, the ground has shifted once again under federal and state efforts to promote health information exchange.

The California Health and Human Services Agency is switching contractors for implementation of the exchange programs, according to a CHHS news release (PDF). The agency is the recipient of nearly $38.8 million in federal funds under the American Recovery and Reinvestment Act of 2009 to promote statewide health information exchanges.

Taking over is the Institute for Population Health Improvement at the University of California-Davis...
Ouch. Would love to learn more about this. Nevada has a HIE Cooperative Agreement with ONC as well, but our HIE, HealtHIE Nevada, doesn't get any of that state money. I Don't think Nevada DHHS has even as yet named a non-profit state HIE governance contractor -- analogous to the now apparently scuttled Cal eConnect. Wonder what the California HIE contractor has done with all their funding to date.


Meanwhile, north of the CA border

www.CareAccord.org
CareAccord, Oregon’s Health Information Exchange, is administered by the Oregon Health Authority. CareAccord facilitates the secure exchange of health information between Oregon’s health care organizations and providers, enabling the coordination of care for better health, better care and lower cost.

Oregon has received federal funding to plan and begin implementation of statewide health information exchange services through the Office of the National Coordinator for Health Information Technology’s (ONC) State Health Information Exchange Cooperative Agreement Program.

The Oregon Health Authority has contracted with Harris Healthcare Solutions to implement a statewide Health Information Exchange (HIE). The first HIE service to be offered is Direct Secure Messaging, a secure email system using national standards that allows participants to send (push) encrypted health information directly to known, trusted recipients over the Internet...
...CareAccord, Oregon’s Health Information Exchange, is providing no-cost Direct Secure Messaging services...
"No-cost"? Interesting. What's the business model here?
___

REC TRADE ASSOCIATION UPDATE

Nothing to report. REC Stage 1 milestones money effectively runs out in a year. Not much time left to mount a start-up REC lobby, particularly that we're now in a major transition national election year.

 "Positioning ONC for Continued Success"

I left a comment under this post by Dr. Mostashari. It stayed "in moderation" the remainder of the week and then just disappeared. So, I re-posted my comment.


I would expect that it will disappear as well.

We are already taking provider questions and concerns regarding Stage 2 of the Meaningful Use program. I rather doubt that RECs will be around en masse to actually help them comply with the measures.

I may have to gripe about this with Reid's office.
___

"OLD CARTS"

In the wake my latest client workflow meeting, I've been boning up on the elements of "HPI" (History of Present Illness), which the client's business manager sees as a key locus of financially successful EHR utilization (they're now transitioning from paper).

This is pretty much a "Subjective" section of the SOAP, an active listening / subjective impressions interchange with a patient.


Good link to all of this clinical workup stuff here.

BTW, this manager stated that his goal was to have the docs offload all or most of the HPI to their M.A.s. I'm not sure that that's legal. Anybody?

After reading and reflecting upon "God's Hotel," I cannot but have a concern that the "Subjective" is increasing taking a back seat to the "Objective" (vitals, labs, imaging, quantitative PE & ROS findings, etc) in pursuit of a hurried heuristic Assessment and Plan, at least in non- STAT circumstances.

I don't know how they manage it all.
___

More to come...

Saturday, May 12, 2012

My first guest cross-post: "Personalized Prevention"


One nice upshot of surfing A-list healthcare blogs such as THCB is the lead generation resulting in hooking up with many of the thought leaders in medical care.

to wit, I have made contact with Dr. Joseph C. Kvedar, Founder and Director of the Center for Connected Health in Boston. We've reciprocally placed blogroll links in our respective blogs, and he's agreed to a cross-post comprising an aggregation three recent posts of his that I find of particular interest and relevance to the Big Picture of my REC/HIE work.

Enjoy.

Personalized Prevention, Part I
FEBRUARY 22, 2012
For a few years now, I’ve been thinking about the potential intersections of genetics/genomics/proteomics and connected health. In fact, my colleague Kamal Jethwani and my daughter Julie coauthored a piece for the journal Personalized Medicine on the topic in 2010. A summary and the reference is linked. (I should also note that the figure I reproduced below is from that article with permission from the publisher.)

To learn more, I initially checked in with some local geneticists but their focus was on identifying genetic mutations in various cancers in order to predict therapeutic response. This fascinating area was recently discussed in the NEJM in a piece called Preparing for Precision Medicine. However, that is not exactly what I’ve been dreaming about. I was thinking more about the potential to identify folks with propensity towards chronic illnesses like obesity, diabetes and hypertension using genetic techniques. Then, getting these individuals on connected health programs in an effort to change the course of their personal health history, before they wound up with these often avoidable, costly conditions.

A couple of months ago I had an email and subsequent visit by George Church, the world-famous geneticist and founder of the Personal Genome Project. This conversation was pivotal for me as George is interested in collaborating with researchers who can track and map phenotype in such a way that we can match to genotype. Our team is meeting with him again this week and I’m looking forward to an exciting collaboration to emerge.

The intersection of connected health and genetics is interesting and complex terrain, and I am going to break up the discussion into several posts. Today I just want to introduce the concept of Personalized Prevention and get your reaction to it. Subsequently, there will be posts on some of the lifestyle diseases that have a genetic component and how we might use connected health to address those conditions. As a start, I want to make sure we are all on the same page as to the meaning of a couple of terms.

A person’s genotype is the manifestation of the DNA in their cells, i.e. genetic information. An individual’s phenotype is the expression of those genes in terms of proteins, cell behavior and ultimately human traits and behaviors. Some time ago, the visionaries in the world of genetics coined the term personalized medicine to refer to the idea that if we know your genotype, we can be precisely predictive of your risk of getting certain diseases, as well as your response to certain therapeutics.

The $1000 genome is nearing reality. As a society, we’ve not yet begun to appreciate what this means. There are all sorts of implications but the most mind-bending is the idea that we will eventually be able to create diagnoses that are unique to you and therapeutic responses that are equally unique.

Consider that we are constantly bombarded with messaging about health care that goes like this: “40% of patients had a positive response as compared to placebo.” This sounds like a triumph at the population level, but what if you are one of the 60% that would not respond and we could predict that? One of my professors was prescient on this matter back in the ‘70s and said, “Patients don’t really care what their percent likelihood of an outcome is. For them, the outcome is 100% success or failure and they’d like to be able to predict it on that  binary level.” Until very recently we’ve only been able to offer patients a sense of risk, but the time is coming where we will be able to be much more confident in our choices for them.

Connected health does this too. It is the ‘phenotypic map’ that corresponds to the detailed ‘genotypic map’ the geneticists come up with. Consider if we have a population of workers and we want to incent them to be more active. Connected health can provide, at a minimum, a very precise measurement of the outcome. It enables folks who are investing in the program to see — both at a population and individual level — whether the program is resulting in increased activity.

Healthrageous has had success with this in the employer/health plan market. They are giving customers precise data on how their populations respond to various incentives and programs to increase activity and lower blood pressure. The company will be moving next into diabetes. Healthrageous can measure a program’s success quite precisely, reporting % engagement, % that stick with the program through the end and % achieving clinically significant results. In all cases, they are creating new industry norms, but equally exciting is the precision of their reporting.

The illustration below lays out the concept of Personalized Prevention graphically.  Individuals who are at risk to develop a chronic illness can be identified, then offered connected health programs as a tool to prevent progression. Likewise, individuals who are not responding to connected health programs can be identified as candidates for genetic testing to uncover the reasons why not.


I think the best example of how this might work is for people who are overweight or obese. There is now good evidence that people who gain weight reset their satiety thermostat, i.e., when they lose weight even to a previously low weight, their body sends their brain a signal that they are chronically hungry, as if trying to get them back to their overweight state. Tara Parker-Pope covered this wonderfully in a recent NY Times Magazine article called The Fat Trap.

I’ll write more on this next time, but to me it makes great sense to try to identify folks at risk for weight gain and educate them about activity using smart pedometers. The feedback loops that connected health provides allow for an intense education into how one can easily increase activity. It seems that, knowing there is a risk of weight gain, and knowing that this extra weight would be incredibly hard to take it off, an individual might be motivated to sign up for an activity monitoring program. Finding the right motivational triggers is, in part, how we create Personalized Prevention.

So what do you think? Does the concept of Personalized Prevention make sense?
__
 
Personalized Prevention, Part II – 

The Psychology of Engagement
MARCH 13, 2012

My colleague Meghan Searl collaborated with me on the psychology framework discussed herein.

 I don’t spend much time on Facebook.  Its not that I’m antisocial, but on a given day if I get through my email inbox by 10 PM, I feel good about myself. That leaves little time for social networking.  I haven’t played Angry Birds or Farmville for the same reason. I just have other priorities.  I grew up in a family of plain-spoken, simple Vermonters.  My dad was a kind and gentle man, but when he raised his voice we all took notice. And, because of his ‘kinder-gentler’ side and plain-spoken character, my brother and I took him quite seriously and felt it was wise to comply with his wishes. Also, my folks both had a deep sense of the value of good health and strove to achieve a healthy lifestyle.

I believe this combination of circumstances and history is what is behind my individual connected health psychology. I am responsive to authority – a compliant fellow who sometimes forgets, but when reminded complies.

In Personalized Prevention, Part I, I talked about the power of genetic data combined with the phenotypic mapping that connected health tools give us to micro-segment the population to a level where we have a completely unique, individual genotypic and phenotypic profile. The example I used was obesity, suggesting that with these two technologies colliding, we’ll have the opportunity to identify individuals at risk for weight gain early in life and put them on connected health programs to keep them trim. Many readers pushed back and the essence of the push back was, “micro-segmentation alone is not the answer.  Even providing individuals with data on their caloric expenditure in the context of their risk for weight gain will not solve this problem.”

Folks, I couldn’t agree more. The medium of blogging is best suited to ‘bite-sized’ writing and the first bite in this series was about the micro-segmentation piece. Today I want to spend time on the psychology of engagement, as I believe it is critical to the success of connected health and can also be highly individualized.

The first point to re-emphasize is that connected health data alone do not solve any problems, except perhaps for the very small group of highly motivated fitness buffs and quantified selfers (maybe 10% of the population). There was a time when companies in this space boasted that they could ‘get biometric data into the PHR or EMR.’ Work done at the Center for Connected Health and by others has demonstrated that this is nearly meaningless.  We’ve relearned the old adage that data is not information.

Of course, it’s all about what you do with the connected health data. Objective data inputs are a critical component of the solution – self-reported data is also nearly useless – but the success of connected health programs is all about the psychology of how we engage program participants in these data in order to motivate them to improve their health.

Most companies who have focused on engagement have not bothered to include the objective data stream because of the cost of sensors and the complexity of integration. Most have also touted one engagement strategy or another as the key to success. The options these days seem to be:  gamification, social networking, coaching, reminders, incentives and punishments.

Lets go back to me as an example. If my employer rolled out a wellness program and the engagement tool was social networking, I am afraid I would not be successful in it. Likewise for competitions/games. But set me up with a reminder system and an automated coach with an authoritarian tone and I will improve my health behavior.

Purveyors of wellness programs tout their success, e.g., ‘40% engagement after 6 weeks.’    My question is what about the 60% who didn’t engage? It seems to me we understand the tools and triggers to get closer to 100%, but we must admit that one size does not fit all and do some behavioral segmentation at the outset to tailor programs to what individual buttons need to be pushed.

Healthrageous comes the closest to offering this type of approach (I say this with as much objectivity as possible, as a co-founder and share holder). Their vision is to know so much about you that they can anticipate the engagement experience that gets you involved in a way that you feel they know you intimately.  This will come about through a machine learning environment and as more and more participants take advantage of their programs, they’ll do better and better at this.  In the meantime, I think we can start with a simple set of questions designed to paint a profile of each individual that is akin to the one I wrote describing me at the beginning of this post. We’re working on that at the Center. I am excited to share our learning as we go forward.
__

Personalized Prevention, Part III: 
Applying the Model to Obesity
APRIL 2, 2012
Weight loss (or gain) = calories in minus calories out.  Simple, right?  Well actually, not as any person who has gained a few pounds and can’t shed them will attest. It seems as we grow older, our metabolism slows. There is also good evidence that once we put on weight, our body re-adjusts to ‘defend’ (that’s a word scientists use) that new weight. Stated another way, if you gain 10 pounds, then lose 10, your body goes into a state where various hunger hormones are secreted more often than they’d be in the case of someone who never gained the 10 lbs. Tara Parker-Pope covered this wonderfully in a recent NY Times Magazine article called The Fat Trap.

But actually that’s only true for some of us. Those of you who were around to witness the amazing performance of Robert DeNiro in Raging Bull (1980) know he gained 50 lbs to play the character of Jake LaMotta in his later life.  After the film, DeNiro lost the weight promptly and easily. He can be seen as slim and trim playing a priest in True Confessions  (1981) not long after. Even if you look at modern-day pictures of DeNiro (e.g. in Little Fockers 2010), he is no where near as heavy as he was when he played the senior LaMotta 30 years before.

Ok, now are you convinced that it is more complicated than simple calories in vs. calories out?

In Personalized Prevention, Part I, I reviewed the concept of connected health as phenotypic mapping and started a discussion of how one type of data might inform our use of the other. In Part II, I discussed the psychology of engagement as applied to connected health interventions.  In this post, I want to use obesity as an illustration of how it might practically work.  I am not going to cover the public health story on obesity (how we live in a time of calorie excess and a dearth of opportunities to be active). I know some of you will have that top of mind and may wonder why its not mentioned. Yes, we’re all growing a bit more overweight as time goes on due to this trend. In general, we’d all benefit from eating more plants, more colorful foods, less animal-based food, less processed food and finding ways to be more active. Today, I want to talk though about how the genetics of obesity may be able to help us create segments of the population that may respond differently to connected health interventions. Also, response to connected health interventions may be a trigger to prompt genetic testing.

Although I am not an expert on genetics, I have studied up on the genetics of obesity as I am giving at talk at BioIT, May 25, at the BIO meeting in Boston. We are a long way off from having exact obesity genotypes the way we now do for certain cancers and the like.  But the genetics argue that we can distinguish at least 5 genotypes:
  • Thrifty genotype: low metabolic rate and insufficient thermogenesis
  • Hyperphagic genotype: poor regulation of appetite and satiety and propensity to overfeed
  • Sedens genotype: propensity to be physically inactive
  • Low lipid oxidation genotype: propensity to be a low lipid oxidizer
  • Adipogenesis genotype: ability to expand complement of adipocytes and high lipid storage capacity
Imagine a world where we knew this information before or shortly after birth. Could you envision someone with either the thrifty genotype or the sedens genotype being targeted for an exercise program involving activity monitoring and customized motivational tools as were discussed in Parts I and II? If we got to these folks when they were young, do you think we’d have the ability to reorient their lifestyle choices for the better?

One example worthy of consideration is the partnership we have with the Boston Public Schools to encourage activity in children from some of our underserved schools. I blogged on this some time ago. The 2011 program was such a success that we’ve expanded it this year, and we are just launching the spring 2012 program. The children who took part last year shared numerous stories about how wearing a smart pedometer, getting weekly feedback and participating in a classroom competition on activity helped them become more aware of how active they are, encouraged them to be more active and even bring the culture of activity into their homes.

When people are on a connected health program, we can determine at an individual and at a population level who is active and who is not responding to the program. Imagine that we could take those data and compare them with genetic data to elicit finer and finer comparisons.

I am wildly enthusiastic about personalized connected health, about the opportunities to combine genetic and phenotypic data to gain insights about individuals and about personalized prevention.


Much more to come. Among other places, we're gonna have to go Back Down in The Weeds', e.g.,
...With the ongoing revolution in genomics and proteomics, the myriad resemblances and differences among individual human beings are becoming far more sharply defined at the molecular level. These advances are already making it possible to reconceive existing diagnostic entities, classifications and therapeutic understanding. But to fulfill their potential, these advances require more complete, organized, documented clinical observations in patient care, plus better linkages among these observations and existing knowledge. Were that to occur, there is reason to believe that we would learn how seemingly distinct disease conditions may actually be interrelated, how medical interventions that seem narrowly targeted at a specific gene or molecular pathway may actually disrupt multiple body systems, of how an individual’s phenotype may actually be more important than genotype for some diagnostic and therapeutic purposes, and how drugs and other powerful interventions sometimes may be more disruptive and less effective therapeutically than simple improvements in health behaviors. These possibilities are reinforced by evidence that common disease conditions appear linked to many rare genetic variants among individuals rather than to a few common variants across populations. [ Lawrence Weed, MD, and Lincoln Weed JD, Medicine in Denial, pg 191.]
___

ERRATUM: 
RANDOM QUOTE ON "QUALITY MEASURES"
"If you want every blood pressure below 130/80, hire a computer to dose the drinking water with antihypertensives. The quality measures will be perfect, and every hospital will be No. 1 in the U.S. News & World Report rankings." - Danielle Ofri, MD, PhD
MAY 13TH UPDATE
apropos of "Personalized Care," both "preventive" and post-presentation

 In the wake of reading yet another post on TCHB, this one, "Slow Medicine," by the above-quoted Dr. Ofri, I was compelling to buy and download the new book cited therein, Dr. Victoria Sweet's  "God's Hotel. A doctor, a hospital, and a pilgrimage to the heart of medicine."



I got it Friday night after work. I finished it today. Every page. Every word, all the way to the final end note on page 372. "A PageTurner," is long by now a cliche, to be sure. But it was certainly the case for me. My huge pile of ironing, and the sweeping and mopping of the floors will just have to wait.
As I watched Mrs. Muller get into her car, I thought about the money that Laguna Honda’s Slow Medicine had saved the health-care system. I was beginning to think of it as just that— as Slow Medicine, in the same way that there was Fast Food and there was Slow Food.
I was thinking about it especially because we were in the middle of yet another budget crisis, and administration was sending us memos about cost containment. We should pay attention to the costs of what we did, administration advised. Perhaps we could avoid prescribing the newest medicine if an older, cheaper one would do; shelve expensive tests if they had no clinical repercussions; order vans instead of ambulances; or reconsider routine lab tests. Administration presented its suggestions as if doctors had to be convinced to watch out for costs, and some doctors do take such suggestions as evidence for a capitalist invasion of the health-care enterprise. Yet the real problem, Mrs. Muller showed me, was that administration’s thinking did not go far enough; it did not cast a wide enough net and did not snare the real culprits.
In her case, what saved money were an accurate diagnosis and the leisurely reevaluation of the patient. It wasn’t much— a simple physical examination and an old-fashioned X-ray— but it did take time, quite a bit of time, actually. A thorough exam takes me almost two hours, and my daily visits, while not lengthy, were not rushed, but they were what allowed me to see that Mrs. Muller A thorough exam takes me almost two hours, and my daily visits, while not lengthy, were not rushed, but they were what allowed me to see that Mrs. Muller was not demented, psychotic, or diabetic.
Economists assume that this kind of care is expensive, but it is still cheaper than an MRI or even a routine lab panel, not counting the cost of keeping Mrs. Muller in the hospital for the rest of her life. I worked it out. At $ 120,000 per year for the average six years a patient lives at Laguna Honda, less the cost of Mrs. Muller’s resurgery (and not counting the cost for the care her retarded daughter would have required), an accurate diagnosis of Mrs. Muller saved the health-care system about $ 400,000.
The case of Mrs. Muller got me to thinking. If doctors were going to be held accountable for costs, why shouldn’t we get some kind of credit for savings? To use for patients, for the kind of care that economists cut out as extravagances?
What was happening was the opposite: No expense was spared for medications, tests, and procedures, but to make up for that, staff, food, and accoutrements were cut to the bone. The calculus being that the medications, lab tests, and procedures were necessities, but that staff with enough time to do their jobs were an expendable luxury.
Doctors in particular. I was amazed at how expensive economists thought doctors were. They instituted many economic maneuvers— de-skilling medicine onto nurses and physician assistants; computerizing medical decision-making; substituting algorithms for thinking— because they assumed that doctors were such expensive commodities. And yet doctors were not expensive, at least, not the doctors I knew. We cost no more than the nurses, the middle managers, and the information technicians, alas. Adding up all the time I spent with Mrs. Muller, the cost of her accurate diagnosis was about the same as Adding up all the time I spent with Mrs. Muller, the cost of her accurate diagnosis was about the same as  one MRI scan, wholesale.
Economists did the same thing with the other remedies of premodern medicine— good food, quiet surroundings, and the little things— treating them as expensive luxuries and cutting them out of their calculations. At Laguna Honda, for instance, while most patients were on fifteen or even twenty daily medications, many of which they didn’t need, the budget for a patient’s daily meals had been pared down to seven dollars, which could supply only the basics.
I began to wonder: Had economists ever applied their standard of evidence-based medicine to their own economic assumptions? Under what conditions, with which patients and which diseases was it cost-effective to trade good food, clean surroundings, and doctor time for medications, tests, and procedures? Especially ones that patients didn’t need?
Although Mrs. Muller was an impressive example of Laguna Honda’s Slow Medicine, she wasn’t the only one. Almost every patient I admitted had incorrect or outmoded diagnoses and was taking medications for them, too. Medications that required regular blood tests; caused side effects that necessitated still more medications; and put the patient at risk for adverse reactions. Typically my patients came in taking fifteen to twenty-five medications, of which they ended up needing, usually, only six or seven.
And medications, even the cheapest, were expensive. Adding in the cost of side effects, lab tests, adverse reactions, and the time pharmacists, doctors, and nurses needed to prepare, order, and administer them, each medication cost something like six or seven dollars a day. So Laguna Honda’s Slow to the extent that it led to discontinuing ten or twelve unnecessary medications, was more efficient than efficient health care by at least seventy dollars per day.
I thought about what I could buy for my patients with seventy dollars a day. Good food. Not just tasty food, but excellent, organic, and varied food. Good wine. Hildegardian medicinal ales for the anorexic and digestives for the dyspeptic. Acupuncture. Massage. We’d be rich with seventy dollars per day to spend on each of our patients.
Over the next months, as I studied Hildegard’s medicine, my thinking evolved. Suddenly it occurred to me: Why not have a ward at the hospital where Laguna Honda’s Way of Slow Medicine could be tested for efficiency? Against the efficient health care of the economists? It would be easy to run a two-year experiment. All I would need would be a ward and an administrative dispensation from the forms and regulations raining down, along with a computer program to track the costs and savings incurred. I was pretty sure we’d end up in the black, and I knew just how I’d spend those savings.
I had a name for the ward, the ecomedicine unit, or ECU. Ecomedicine because it would be an oikos— a self-sufficient system at the level of the body, the ward, and the world. The patient’s body would be an oikos because it would be envisioned not in isolation but as part of its environment. The ward would be an oikos because it would be in balance as a self-sufficient minihospital, with its own ecology within the larger ecology of the hospital and the world. The well-being of the staff would be taken into account as well as the well-being of whatever and whoever came and left the ecomedicine unit: the plants and animals we ate, the stuff we used and threw away.
The ECU would be ecologic in a fractal sense, with ecosystems from smallest to biggest, lowest to highest. [God's Hotel, pp. 125-128].
From Daniell Ofri's TCHB review:
Dr. Victoria Sweet, a general internist, came to Laguna Honda for a two-month stint more than 20 years ago and ended up staying. Laguna Honda was home to the patients who had nowhere else to go, who were too sick, too poor, too disenfranchised to make it on their own. The vast open wards housed more than a thousand patients, some for years. Laguna Honda was off the grid, and this, Sweet discovered, was to the benefit of the patients.
Unencumbered by HMOs and insurance companies, the doctors and nurses practiced a very old-fashioned type of medicine, “slow medicine,” as Sweet terms it. There was ample time for doctors and nurses to get to know their patients, and ample time for patients to convalesce. Many a written-off patient recovered within the comforting, unhurried arms of Laguna Honda.
Sweet realizes that the inefficiencies of this old-fashioned hospital – from the doctors who had time to fully research their patients’ complicated histories, to the nurse who knitted a handmade blanket for every charge on her ward, to the chicken that wandered regularly through the AIDS ward, bringing a spark of life to even the most demented patients – were actually its secret weapon. The inefficiencies were actually quite efficient, if your metric was healing patients.

Dunno. I've by now drunk -- if at times warily and irascibly -- a railroad tank car's worth of the HIT/QI Kool Aid, but this book cannot but give you pause, if you care about more than hitting this quarter's ONC Milestones, or about actually facilitating "patient centered care."

See, btw, "The Provider Will See You Now."

"God's Hotel" reads at once like a historical novel and PBS Frontline documentary screenplay. Riveting. While working as a physician at Laguna Honda, Dr. Sweet earned a Doctorate in history, having to become fluent in German, French, and Latin along the way in order to study the ancient literature of premodern western medicine (see Hildegard von Bingen) at their medieval archival sources for her dissertation.

Buy it. Not kidding. (I get nothing for touting this, or any other work I cite.) I kept thinking, "Yo, MiraMax, y'all busy these days? I got a story for you..."
___

Tangentially, from the BMJ, 2003

Advice to young doctors from members of the BMJ's editorial board
  • Learn to cope with uncertainty
  • Challenge what you are taught, especially if it seems inconsistent or incoherent
  • Regard your knowledge with humility
  • Be yourself at all times
  • Enjoy yourself
  • Try to practise medicine with the same ethics and principles you believed in when you started medical school
  • Never be afraid to admit your ignorance
  • Medicine is not only clinical work but is also concerned with relationships, team work, systems, communication skills, research, publishing, and critical appraisal
  • Treat your patients with the same care and respect as if they were your loved friends or family
  • Cure is not what everyone is expecting from you: your patients and their families may be just seeking support, a friendly hand, a caring soul
  • Outside the family there are no closer ties than between doctors and patients
  • Don't believe what you read in medical journals and newspapers
  • Aim at knowing how to learn, how to get useful medical information, and how to critically assess information
  • The first 10 times you do anything—present a patient, put in an intravenous catheter, sew up a laceration—will be difficult, so get through the first 10 times as quickly as possible
  • Although you should not be afraid to say “I don't know” when appropriate, also do not be afraid to be wrong
  • Cherish every rotation during your training, even if you do not intend to pursue that specialty, because you are getting to do things and share experiences that are special
  • When you have a bad day because you are tired, stressed, overworked, and underappreciated, never forget that things are much worse for the person on the cold end of the stethoscope. Your day may be lousy, but you don't have pancreatic cancer
Advice from Dave Sackett, the father of evidence based medicine
  • The most powerful therapeutic tool you'll ever have is your own personality
  • Half of what you'll learn in medical school will be shown to be either dead wrong or out of date within five years of your graduation; the trouble is that nobody can tell you which half—so the most important thing to learn is how to learn on your own
  • Remember that your teachers are as full of bullshit as your parents
  • You are in for more fun than you can possibly imagine
 "...In particular, avoid the trap of thinking you need to know everything. Even if you knew everything at 6 o'clock this morning (which of course you never could), you won't by midday—because a thousand new studies will have been published. “Medicine,” says John Fox, head of the Advanced Computing Laboratory, “is an inhuman activity.” We need the help of machines. Ask travel agents the time of planes from Shanghai to Hong Kong, and they will not quote from their heads. They will use information tools. Doctors must learn to do the same."
Interesting. pretty Weedy. How will we reconcile the romantic Slow Medicine of Hildegard with the caffeinated (and CPT-encounter-billable) Clinical Digitiverse of HIT x.0?
___

I THINK THE KINDLE READER SHOULD MAYBE BE FDA REGULATED


I call mine my "cognitive crack pipe." I have the b/w Kindle itself (got it with AMEX points from my paid-in-advance, not-covered jawbone graft surgery job last year) and an iPad that my daughter gave me -- also very convenient for reading.

I can't keep up. In addition to all of my blog reading and my periodicals (e.g., Atlantic Monthly, The New Yorker, Rolling Stone), and my endless laws/regs reading for work, I've started and finished five books in the last ten days, four of them regarding health care, and one fun new Grisham novel.

Then there are my current works-in-progress (the last one an interesting take on a core aspect of economic history):

I get tired, but I never tire of reading.

Most men give flowers and chocolates. I give reading assignments.

 ___

MAY 16th UPDATE


Headline link to the ONC blog on the HITRC this morning.

I have to admit that I bristled just a bit when I saw that. I posted a comment asking about efforts to position RECs "for continued success." It has yet to pass "moderation." It may well not.

WELL, THIS IS UNFORTUNATE


___

More shortly...

Thursday, May 3, 2012

Let a Thousand Flowers Bloom


I downloaded Joe's new book last night. I'm about 40% of the way through it. Very, very nice.
'The reality is that we have a system that rewards people all across healthcare for doing shoddy work at high prices, for ignoring what must be done and doing only what is profitable, for sloughing off the hard, years-long work of getting it right and instead concentrating on getting paid. We pay them to do this, and people will do what they are paid to do.

Most doctors and nurses are highly trained professionals who want to do nothing more than care for their patients in the best possible way—but they are caught in a system that rewards volume over quality, doing more things instead of doing the right thing, a system that overworks and distracts them while it squanders their time and skills. The incentives driving the decision makers of hospitals and health systems, of health plans, of pharmaceutical companies, and of medical suppliers have been similarly skewed. When they can see a better way to do things, they can usually also see that they would be penalized for even trying. Employers, who pay for much of the private side of healthcare, have not yet found a way to demand of healthcare providers the same constraints of cost and quality they would demand of any other suppliers to their businesses. And over the decades, the different segments of the industry have learned to protect themselves by skewing legislation, regulations, and payment systems even more in the direction of these perverse incentives, building up their sense of their own safety and stability rather than seeking solutions that are better for the whole system and for the hundreds of millions of Americans that they serve." Flower, Joe (2012-04-24). Healthcare Beyond Reform: Doing It Right for Half the Cost (Kindle Locations 455-466). Taylor & Francis. Kindle Edition.
___

Yeah. I wrote this on one of my blogs 3 years ago:

THE U.S. "HEALTH CARE" "SYSTEM"?

I will by no means be the first to note that our medical industry is not really a "system," nor is it predominantly about "health care." It is more aptly described as a patchwork post hoc disease and injury management and remediation enterprise, one that is more or less "systematic" in any true sense only at the clinical level. Beyond that it comprises a confounding perplex of endlessly contending for-profit and not-for-profit entities acting far too often at ruinously expensive cross-purposes.

Another quick personal story:

During my first tenure (early 1990's) serving as an analyst for the Nevada/Utah Medicare Peer Review Agency (they're now called "QIO's" - Quality Improvement Organizations), in addition to our core Medicare oversight work, we had a number of small sidebar contracts, one of which involved ongoing analytical assessments of the Clark County Nevada self-funded employee health plan. One morning I accompanied my Sup, our Senior Analyst Dr. Moore, to a regular meeting of the plan's Executive Committee, wherein we would report on our latest plan utilization/outcomes evaluation.

A portion of the morning -- perhaps a half-hour, IIRC -- was always devoted to hearing claims denials appeals brought by Clark County employees. This day, two appeals were heard: one regarding an outpatient medical claim, the other concerning a dental encounter. The total sum at issue was about $350. Both appeals were denied, thereby "saving" the plan this nominal amount.

Bored by this administrative tedium, as I sat at the conference table, I did a quick, rough estimate back-of-the-envelope calculation. About a dozen executive/professional people consumed a half hour adjudicating these disputes, or, equivalently, 6 FTE hours. Assume a plausible blended G&A-multiplied cost estimate of the total compensation time for all these folks, plus all of the clerical/administrative time consumed in the processing (and subsequently denying) of these minor claims from the moment of their filing to this very hour.

Clark County easily spent well in excess of an additional $1,000 to "save" $350 at the expense of these two hapless employees, by my reckoning.

Similar scenarios -- public and private -- surely play out every day within our "health care system." Clark County would have been way ahead to have simply vetted the initial claims for fraud and then paid them! (This is one observation implicitly at the heart of the "Universal Coverage / Single Payer" model.)

But, as my Senior Medical Director was fond of pointing out, "every misspent dollar in our health care system goes into someone's paycheck."

"16% OF GDP"

And soon to rise to 20% and beyond, it is asserted -- lest we find the political will to rein in the nationally and personally eviscerating cost of "health care" in the U.S.

Question: in my foregoing Clark County Health Plan anecdote, beyond the two denied employee claims I cited that totaled about $350, is the extra thousand or so administrative outlay also placed on the "health care" expenditure ledger? So that what should have cost $350 (plus minimal initial clerical claim processing overhead) ended up as ~$1,350? (Note that the ~$350, while denied by Clark County, still had to be paid by the respective employees.)

We really have no clear picture regarding episodes such as this. And, we have no clear picture as to how prevalent are such ongoing wheel-spinning, sand-in-the-gears activities, and to what expense ledger they get posted...
Some coherent and effective paths forward seem evident via the works of people like Joe, Dr. Toussaint ("Potent Medicine," "On The Mend"), J.D. Kleinke, Lawrence and Lincoln Weed ("Medicine in Denial"), Atul Gawande, and others I have cited (and have yet to cite) on this blog.

More Flower's:
“Okay, so how do we do that? What can we imitate in other parts of the system? What’s really working here? What’s the enduring, transportable principle, and not just a fad or a quirk or a cultural pocket?”
When I started asking those questions 30 years ago, I did not yet know what I have come to see now:
First: There is no one way to make healthcare work better, no single business model or government program that fits all situations. Nor, apparently, is it necessary to find one overarching model for everyone everywhere. When I speak around the country, when I have conversations about healthcare with experts, with people in the industry, and with nonexperts as well, I find we all have a tendency to reach for a single, simple, overarching solution to this highly complex situation, whether it is “single payer” or “more competition” or “mandates” or “the free market.” Yet none of these answers, and no single answer of any kind, can solve the whole problem. In fact, no single, simple solution even solves a single slice of this complex, highly interconnected system. Blunt instruments cause unnecessary damage.
What’s important to recognize is that healthcare is a complex dynamic system. You can’t operate on one part of the system without reckoning with the impact on the rest of the system. At the same time, because of healthcare’s complexity, no one solution will fix the whole system. Now, we all prefer simple solutions. It will be difficult for many people to settle for anything less. Bear with me, though, because I will show you what I mean in the following sections.
Second: While no one system is right for all, we do find that the examples that work—that actually produce better healthcare and better health for more people at lower cost—have certain elements in common. In one way or another all of these usually new and successful projects incorporate all of the key elements. Drawing on my research on complex systems, the experimentation of courageous healthcare organizations, and the successes and failures of many, I have deduced five core strategies that must adopt to rebuild the entire healthcare system. These are:
Explode the business model. In one way or another overturn, subvert, supplement, or rework the commodity-based, insurance-supported, fee-for-service model that dominates the healthcare market in the United States. Share risk in much more measured ways across healthcare, putting some financial risk on the customer, and some on the medical provider, not all of it on the payer.
Build on smart primary care. Every example where healthcare works better and cheaper is tightly organized around smart, efficient, well-incentivized primary care.      
Put a crew on it. Every example that works in every part of healthcare is a true team effort, not part of the siloed, blinkered, uncommunicative past of medicine.
Swarm the customer with help, information, advice, resources, hand-holding, early, often, and as close as possible. Target special help for those who are costing the system the most.
Rebuild every process. The processes of most parts of healthcare are still archaic. Every process must be rebuilt—and the data to drive it must be derived from a fully digitized and transparent healthcare that is ready to become the most massive learning organism in history.
We need all five, but we need only these five. These five strategies are interdependent. Each one of them, on its own, brings a measure of success. Each one of them works better if combined with other strategies. Some of them cannot be implemented alone. All five of them working together will create a synergistic, virtuous spiral, an intertwined set of positive and negative feedback loops that will greatly improve results, drive down costs, and widen access for everyone.
If every organization in healthcare, or even most organizations in healthcare, rebuilt themselves on these five principles, healthcare in the United States would cost far less than it does today, and work far better. It would deliver better health and longer lives, and exact far less pain, suffering, premature death, bankruptcy, and poverty from the American people in the process..."
A great read thus far. More to come.

ERRATUM:
ANOTHER COOL BLOG I RAN ACROSS

thenerdynurse.com
A very busy and tuned-in contributor. Added her to my Blogroll.

MEDPEDIA


Tons of information here.
The Medpedia Project is a long-term, worldwide project to evolve a new model for sharing and advancing knowledge about health, medicine and the body among medical professionals and the general public. This model is founded on providing a free online technology platform that is collaborative, interdisciplinary and transparent.
Nice. I signed up today.
___

BACK DOWN IN THE FLOWER'S

Hard to know where to continue in citation, it's all so good. Just buy the book, OK?
Chapter 13
There Ought to Be a Law
Introduction
This book begins with the declaration that “most of the changes we need are not political or legislative at all.” Our theme here has been: How can the industry change itself to run leaner, faster, better, cheaper, for everyone? Our theme has been: Stop looking to Washington, to your state capital, to politicians to fix the industry. Politicians are unlikely to fix the industry, because they don’t understand the industry, because they are in the thrall of various segments of the industry fighting for financial supremacy and ease, and because a problem is a political asset, while a solution is not. (Kindle Locations 4494-4502)
As we shall see when I triangulate this with Dr. Toussaint's new book "Potent Medicine," the works of J.D. Kleinke, the Weeds' "Medicine in Denial," and a number of others currently amid my reading list, there's a consistent riff developing here, one that gives me particular pause in the context of my federal contractor work. Joe continues:
But now we come to that qualifying word: most. Some needed changes do need legislative action. Some changes in the law are needed to allow these new business models and arrangements to take place. Current law in many details encases current practices in legal frames and effectively make it illegal to be more effective and efficient in healthcare. Other changes in the law are needed because any that does not make such changes cannot call itself reform with a straight face. (ibid.)
This is all great, thought-provoking stuff.

BTW, backing up just a bit:
Measure It—and Get It Right

Brent James is the chief quality officer of Intermountain Health, a large system based in Salt Lake City, with 23 hospitals and dozens of clinics throughout Utah and Idaho. For years, as head of the Institute for Health Care Delivery Research at Intermountain, he has been attacking one clinical problem after another. Over and over, he urges the doctors at Intermountain to stop arguing about the right way to do a particular procedure and just pick one. He tells the Intermountain doctors, “Guys, it’s more important that you do it the same way than what you think is the right way.” If they do it the same way, they can measure the results, tweak what they are doing, and measure again, until they arrive at a provably better result...
...At his institute, James runs an advanced training program, a four-month course teaching people from across healthcare how to use statistical analysis and quality management to find out what works and what doesn’t in healthcare. Over the last decade, his students have opened their own institutes and courses at 35 major teaching hospitals across the country, spreading a gospel of applying scientific techniques to examining the actual processes of medicine. (Kindle Locations 3371-3373)
Yep. And, in that regard, this is one of my prized possessions. I still have my course binder.
___

Check this out. Courtesy of Joe's book (location 3867, Kindle edition).


OK, 11 P.M. MAY 5TH, FINISHED JOE'S BOOK

Saturday night in Vegas, and I'm reading this stuff and blogging it. I have No Life. But, this goes directly to our REC work.
Appendix A: 
Stupid Computer Tricks: How Not to Digitize Healthcare
The digitization of healthcare—making everything electronic, computerizing all processes—does not in itself make anything more efficient or more effective. Make a stupid workflow electronic, and it’s still a stupid workflow. And in healthcare, a stupid workflow doesn’t just cost money and waste people’s time, it kills people.
Ask doctors about their experiences with using electronic medical records, and you’ll get an earful. Enterprise software for healthcare systems is enormously complex. Most big healthcare systems buy from a big vendor, and have it customized to their own specifications. Some EMR installations are great, once the doctors get used to them. Others get in the doctors’ way. It is not uncommon for doctors to refuse to use them, for sound clinical reasons.
One doctor detailed for me in email how seemingly unremarkable details of computerized record keeping can so frustrate physicians that the software becomes a danger to patient safety. In reproducing her emails here, I have redacted the physician’s name, the name of her institution, and the names of the programs and the vendors who built them, for two reasons: so that she can speak freely, and because her complaints are not peculiar to her institution or to these suites of software. They are, in fact, similar to what I hear from many doctors working with different software suites in healthcare systems across the country. She works in two major academic institutions, and the several different vendors she mentions are among the top companies selling healthcare software systems right now, as the great majority of healthcare systems are attempting to “go digital” over the next few years:
Encounter-based records: My favorite asinine stupidity related to the EMR, that dominates and dramatically limits the usefulness of both the systems at my present hospitals, is that they are built around “encounters.” “Encounters” are each time you set foot in the hospital, and what happens after that; they’re designed for billing purposes. I have no problem with encounters as a necessary evil for someone to be aware of and monitor. But both of these systems parse the results for patients by “encounters” so that I have trouble correlating the data across “encounters,” graphing lab results, reviewing which medications were given, and following trends in vital signs. decent system would make the “encounter” part of things invisible to me, and give me a seamless, longitudinal patient history—because I treat patients and not “encounters.” These encounter-based systems are built for the billers who buy them; their use in the clinical environment is indecent and unconscionable.
 Similarly, I can review orders in the computer and sort them several ways, but they only come up one encounter worth at a time. So imagine that I want to enter a complex set of orders—say, someone receiving chemo for severe lupus kidney disease. I want to remember which version of a saline solution I used last time vs. the time before that, and what the flow rates were each time, and which time they needed an extra boost of Lasix because they didn’t handle it as well. To do this I have to repeatedly go back and forth between encounters so that I can see the different orders in each encounter.
No way to input approximate or variable information: In [this widely used software system], I must enter an order in the right encounter, or the lab or pharmacy cannot find it. My outpatient lab wants all orders entered in the computer. They will accept a script that says “please draw a CBC with diff one time between 5/6 and 5/9/11,” which is what I want for someone who received a dose of cyclophosphamide on 4/25/11 and whose white blood cell count will reach its nadir between those two dates. I cannot create encounters, only my administrative staff can do that, because an “encounter” is a billable session, not a clinical definition. The encounter must be created for the exact day on which the patient will come in for the lab draw, and only then I can finally enter my order into that encounter...
This goes on a good bit longer. Rather scathing. Get the book and you'll see.

BUT WAIT, THERE'S MORE!
WHAT I CALL THE "GNASH EQUILIBRIUM"

More Flower's:
Our Shaky Equilibrium Systems get stuck. In economic game theory, the technical term for this particular way of Our Shaky Equilibrium Systems get stuck. In economic game theory, the technical term for this particular way of getting stuck is a Nash equilibrium, named for the mathematician who formulated it, John Nash (portrayed in the 2001 film A Beautiful Mind). Systems consist of a number of different interacting players. In the healthcare system, for instance, there are hospitals and health systems; doctors and physician groups; and other providers, health plans, employers, government payers, politicians, pharmaceutical companies, various suppliers and manufacturers.
In any system, individual players seek what is best for them, to survive and grow and do what they are there to do. But we can’t think about them in isolation, because individual players think about, and act on, what they think the other players’ strategies will be. They fight to a position that is the best they can do with the information they have, against the strategies of the other players as they understand them. What that means is that the best position they can fight to is not their best possible position; in fact, they are usually far from the best possible due to actual and perceived limitations...
Medical economist J.D. Kleinke would point out that the prevailing U.S. health care economic paradigm comprises "Prisoner's Dilemma" writ large. Suboptimal outcomes are an inevitable consequence of what Joe describes here. "Gnashing" of teeth in pursuit of proximate-term survival.

Kleinke sees progress, however, given that organizations are increasingly "managing the bottom line by actually managing disease, not just money, the dominant strategy of faux managed care in the 1990s.”

Precisely to Joe's point, which is also echoed in Dr. Toussaint's new book (Which I will get to shortly).

None of it will be easy.


 ___

MAY 6TH UPDATE


Public review and comment period for Meaningful Use Stage 2 Proposed Rule (RIN: 0938-AQ84) and 2014 EHR Certification Proposed Rule (RIN: 0991-AB82) ends tomorrow night. A quick ad hoc sampling from the many hundreds of submissions (gotta love the first one below; moreover, I've left in all the typos):
  • The EHR Stage 2 implementation goals are fundamentally flawed. They appear to have been devised by third year medical students rather than "seasoned practitioners". Above all they indifferent, if not contraproductive [sic], to the physician-patient interaction. Please ask for "non-IT" oriented physicians to assist in making these guidelines. (Until 100% accurate voice-actuated EHRs are available keyboard/mouse input are a waste of valuable time better spent with directly communicating with the patient. Ed O'Neill, M.D. FACS 
  • I am a family doctor whose office uses an electronic medical record and who has met the stage I criteria for meaninful use. I am not sure that my office will attempt to meet stage 2 criteria as to meet stage 2 criteria I need to have an electronic interaction with my patients. Who will pay for my time to have an electronic interaction with my patients? So far Medicare does not pay for any interaction between patients and physicians that is not part of some sort of visit. If I continue to participate in Medicare (not a sure thing at present due to SGR issues), can I bill my Medicare patients for electronic interactions as these are not covered by Medicare? 
  • More than 10 percent of all unique patients seen by the EP during the EHR reporting period (or their authorized representatives) view, download or transmit to a third party their health information. As Meaningful Use requirements are specific to care providers utilizing EHRs to meet the objectives, and as providers can not force patients to interact with any system, this requirement is unattainable and should be removed. Any requirement that measures what a patient does will similarly be unattainable and should be removed. Providers should not be punished due to their patients' actions or failure to take action outside of the healthcare delivery environment. 
  • Commenting on proposed objective: A secure message was sent using the eletronic messaging function of certified EHR Technology by more than 10% of unique patients. We are striving to meet our meaningful use requirements but relying on patients to use electronic messaging is unfair to the providers. 
  • "Our office attended the CMS conference today regarding the proposed rule for stage 2 meaningful use. In the proposed rule there were two measures that made EP's responsible for their patients use of accessing their health information on-line as well as sending their providers secure messages. Our clientele is made up of mostly geriatric patients and our concern is that we will not meet the above mentioned measures due to this. It doesn't seem fair that our fate of meeting meaningful use stage 2 is guided by something that is out of our control; such as being dependent on our patients use of on-line resources. How can stage 2 make the EP's responsible for what the patient's do or do not do, especially EP's whose main patient base are geriatric patients?" 
  • There is an overwheming trend with implementation of EHRs to have the provider entering information to format the patient's information in such a way that is structured force the user to meet the computers needs. This is contrary to the Institute of Medicine's vision outlined in The Computer Based Patient Record, which states input into the systems should be as easy as writing, and use natural language processing - using the computer to meet the user's needs. This restructuring forced upon the clinician disrupts work flow, increasing the likelihood of errors, and decreasing provider efficiency. In order to meet Meaningful Use, the CMS should require that EHRs adhere to the original I.O.M. vision of being intuitive and as easy as writing. The current trends are toward worse patient care and more computer record keeping. 
  • Radiologists, lab pathologists, anesthesiologists and other specialists who do not have the ability to define face-to-face encounters should be exempt from the meaningful use penalty in 2015 or have exclusion criteria and/or measures that can directly apply to their practice. 
  • Patient Reminders, We do colonoscopy some are done once every ten years. It would be hard to send a patient reminder 8 years in advance.
There were many submissions comprised simply of voluminous uploaded documents expressing detailed stakeholder interest groups' organizational POVs.

My fav was the one in which a physician simply uploaded his resume without comment, along with a half-dozen other PDFs.
___

MAY 9TH UPDATE

Yesterday, Dr Paul Levy put up a post on The HealthCare Blog entitled "The Great Experiment," titled after a new book bearing the same name.


He waxed effusive in praising it.
If you read only one book about state and federal health care policy, it should be The Great Experiment: The States, the Feds and Your Healthcare.  Published by the Boston-based Pioneer Institute, it is the most articulate and rigorous presentation of issues that I have seen, a stark contrast from many papers, articles, and speeches that slide by as “informed debate” in Massachusetts and across the country.  I learned more about health care policy from this book than from anything else I have read in the last decade...

...Liberal readers may shy away from this book, for the Pioneer Institute has a reputation of being a conservative think tank and advocacy group.  I suggest you judge the content on its own merits rather than applying political biases to the question of whether or not you should read the book.

With exhaustive and thoughtful arguments, the authors argue that the national health care legislation should be modified.  Notably, the book does not just take potshots at the federal law...
Well, yeah, not "just," but they get around to it fairly well as the book goes on.

The Kindle edition is only $4.99. I bought it immediately and read it. Worth the money. Pleasantly written and well documented. Reads like a lengthy Atlantic Monthly article.

I found this interesting.
It takes the distance of a few years to understand any reform. Pioneer Institute waited until 2009 to begin evaluating Massachusetts’ 2006 law entitled “An Act Providing Access to Affordable, Quality, Accountable Health Care.” (Kindle Locations 2126-2128)
Perfectly charitable. But, curiously, it's otherwise perfectly reasonable to diss pieces of the PPACA a priori:
The present and future failings of the PPACA’s high-risk pool component are functions of its careless design, not an indictment of the fundamental concept. A more effective solution to our enduring problem in dealing with insurance coverage of some individuals with high-risk/high-cost health conditions remains a better-designed, robustly funded, and more narrowly targeted system of state high-risk pools — not the new law’s massive and misguided transformation of American health care. (Kindle Locations 730-733).
The "present and future failings"? Of a law that has yet to really kick into force? OK.

At least "Meaningful Use" gets a shout (though in lower case, and in a rather question-begging context:
State government institutions have not demonstrated any particularly greater comparative advantage in making more refined and sophisticated assessments of health care value, but their role in paying health care bills, administering health benefits programs, and assembling claims transactions data could contribute greatly to improving the scope and predictive power of efforts by other parties to do so. States generally run two of the largest health care programs in their region – a state Medicaid program and health insurance plans for state government workers. Most of them also are involved in guiding, if not directly operating, an all-payer claims database in their state. So they already possess a large supply of underlying data about health care costs, quality, and value in their market areas, but they generally fail to do much with it to help generate more useful and usable information for health care purchasers and providers.
Aggregation of as much health care data as can be accurately and securely derived from multiple sources is a key early step in the process of developing a more transparent health care system. Such data – whether from administrative processing of claims, medical charts, prescription drug transactions, clinical lab findings, patient registries, or electronic health records – needs to be collected just once, but then used often. While other efforts continue at the federal level to help make more provider-identifiable Medicare data available to qualified intermediaries that can best assess its meaning and to substantially increase the adoption rate and meaningful use [emphasis mine] of electronic health information tools, states can make an important contribution to the data collection and data sharing process.
Much may depend on the composition of a particular state’s overall health care system and the sophistication and capabilities of its current all-payer claims database (APCD) before presuming how large a role in improving and expanding health care transparency the latter can play. (APCDs are usually created by state mandate and generally rely on data derived from various medical claims, along with eligibility and provide files, from private and public payers.) Although some states have created various types of hospital report cards on cost and quality or web portals with price and quality information ranging from health insurance options to select medical treatments, the assumed scope, scale, and predictive power of their respective APCDs can easily be overestimated. The current limits of the billing and discharge records on which they generally rely falls short of the type of patient-identifiable clinical information or data on health care outcomes that some policymakers, providers, payers, and patients envision. Lag times between initial data collection and its release to other users can limit real-time analysis of cost and utilization patterns. The costs to collect more comprehensive information about all health care delivered in a state may exceed the likely payoff. And data that travels too far from its originating source may be prone to misinterpretation. Other potential data sources such as self-funded health plans and negotiated hospital charges subject to contractual “gag clauses” may remain outside the reach of state-level APCDs. (Kindle Locations 1076-1100)
The book, while containing a nice history of "RomneyCare," is in significant measure a long compendium of at once effusive and guarded broad speculations on the right theoretical (ideological?) mixes of federal-state-private market Kumbaya. As I commented on Dr. Levy's post:
'I haven't encountered so many hedges since "The Shining." '
Nonetheless, it is indeed a worthy read -- the usual Straw Man characterizations of the PPACA notwithstanding. But, I remain unpersuaded that market "effectiveness" and "efficiency" fully comprise the sine qua non of our health care system.

None of which is to endorse poor quality and waste, by any means.

My recommendation? If you can only read one book about health care policy, read the new Joe Flower book I cited at the outset of this post, "Healthcare Beyond Reform." Much better value.
___

More to come...