Search the KHIT Blog

Sunday, September 29, 2013

Health 2.0 EDU Day

Off to a fine start. Great presentations thus far (including the opening keynote by Health 2.0 impresario Matthew Holt). Crappy lighting, though, and it's gotten uncomfortably cold.

Got here in about 75 minutes. There was essentially no traffic.

The salient question for this conference series, I suppose.
Deven McGraw of the Center for Technology and Democracy
Predrag “Pedja” Klasnja on effective design of "Behavioral Change Technology"
Ann Mond Johnson was simply fabulous. Great presentation
End of day round table.
The "geospatial technology" presentation was OK.
Seemed a bit "OK, what's new?" dated to me.
 OK, below, first time I ever encountered anyone wearing Google Glass. Beyond its current "conspicuous consumption" status, it's kinda creepy, as some critics have claimed. I sort of turned the tables on him.

...It's easy to see why the built-in camera on Glass is raising privacy concerns —even though smartphones already make it easy for people to take a photo or record video at almost any time in just about any situation. Google says Glass isn't that much different. The company has tried to minimize the chances of surreptitious photos or video being taken by ensuring a red light is visible whenever an image is being recorded.

Nevertheless, Glass has already been banned from gambling casinos, movie theaters and some bars to protect against cheating, copyright infringement and privacy intrusions...

CODA: Props to Robin Friedlander, MD. She ran a tight ship, adroitly keeping everyone on schedule.

More to come...

Thursday, September 26, 2013

Amid the increasing din of negativity, a Singular Positive

As we approach yet another phony crisis Day of federal Reckoning -- "defunding ObamaCare," "shutting down the government," "defaulting on the federal debt" -- piled atop the long-simmering partisan feuds over Health IT, I have to admit to some weariness over all of it. The inmates seem to be in control of the asylum these days.

But, from a Facebook post by one of my friends comes a waft of pure clean air. Fourteen minutes of fortifying inspiration.

FutureMed: The Future of Health

This archive file was compiled from audio and video documentation of a gathering of medical professionals, inventors & entrepreneurs, held at Singularity University in California, February 2013. The selected material gives a portrait of a time in which the field of health found itself at a crossroads between the mature medical institutions which had slowly evolved over hundreds of years, and a need to develop and integrate new, more flexible and scalable forms of care.

Worth every second of your time.
About FutureMed

Exploring and driving the future of health and medicine through fast moving, convergent game changing technologies.

FutureMed educates, informs and prepares physicians, innovators, inventors, investors and senior healthcare executives to understand and recognize the opportunities and disruptive influences of exponentially growing technologies within medicine and healthcare, and to understand how many rapidly developing and converging fields affect the future of wellness, prevention, clinical practice and the biomedical industry.
Understand how healthcare is being re-invented and disrupted through rapidly developing technologies such as low cost genomic sequencing, artificial intelligence, telemedicine, robotics, 24/7 body wearable monitors, smart pills, stem cells, synthetic biology, gene therapy, mobile phone apps and crowd-sourced health data affect the future of healthcare and medicine?
About Singularity University

 Singularity University is an interdisciplinary university whose mission is to assemble, educate and inspire leaders who strive to understand and facilitate the development of exponentially advancing technologies in order to address humanity’s grand challenges. With the support of a broad range of leaders in academia, business and government, Singularity University hopes to stimulate groundbreaking, disruptive thinking and solutions aimed at solving some of the planet’s most pressing challenges. Singularity University is based at the NASA Research Park in Silicon Valley.
I will be right down the street from these people while attending Health 2.0 2013 in Santa Clara next week. I will have to take a run over there.

The President just gave an hour-long speech defending the PPACA and touting the HIX launch next week. Interesting site here:

It will certainly be an interesting weekend heading toward October 1st.

September 30, 2013 is an important deadline for eligible hospitals and critical access hospitals (CAHs) participating in the EHR Incentive Programs. It marks the end of the fiscal year (FY) and the last day of the 2013 meaningful use program year.

Attestation Deadline
Hospitals participating in the Medicare EHR Incentive Program have until November 30, 2013 to attest to demonstrating meaningful use of the data collected during the FY 2013 reporting period. Hospitals participating in the Medicaid EHR Incentive Program need to refer to their state deadlines for attestation.

Hospitals must attest to demonstrating meaningful use every year to receive an incentive and avoid a payment adjustment.

Payment Adjustments
Payment adjustments will be applied beginning FY 2015 (October 1, 2014) to Medicare eligible hospitals that have not successfully demonstrated meaningful use. The adjustment is determined by the hospital’s reporting period in a prior year. Read the eligible hospital payment adjustment tipsheet to learn more.

Fiscal Year 2014
October 1, 2013 marks the start of FY 2014 and many important milestones for eligible hospitals, including:

  • The start of Stage 2 for eligible hospitals that have completed at least two years of Stage 1.
  • A reduced EHR incentive payment for hospitals that begin participation in 2014 and later.
  • A 3-month reporting period in 2014, regardless of the stage of meaningful use to allow more time to upgrade to 2014 certified EHR technology.
  • The reporting period must be fixed to the quarter for Medicare eligible hospitals and CAHs.
  • The reporting period can be any 90 days for Medicaid eligible hospitals and CAHs.
Further ONC shakeup as No. 2 Muntz announces departure
By Joseph Conn,
David Muntz, the No. 2 official at HHS' Office of the National Coordinator for Health Information Technology, will be joining his boss, National Coordinator Dr. Farzad Mostashari, in heading out the door next month. Muntz intends to return to the private sector.

ONC executive Dr. Jacob Reider was named as the acting replacement for Mostashari, and Lisa Lewis was named acting replacement for Muntz. Mostashari announced last month that he would step down. Reider and Lewis will take over Oct. 6.

Muntz, the former senior vice president and chief information officer of the Baylor Health Care System, and board member of the College of Healthcare Information Management Executives, began his stint as principal chief deputy at ONC in January 2012...
A rush for the exits? Handwriting on the wall?

More news...
Fewer Stage 2 Certified EHR Systems Could Pose Problems
Thursday, September 26, 2013

Fewer software developers have certified electronic health record systems for use by health care providers under Stage 2 meaningful use requirements than under Stage 1 of the program, according to a Modern Healthcare review, Modern Healthcare reports.
Under the 2009 federal economic stimulus package, health care providers who demonstrate meaningful use of certified EHR systems can qualify for Medicaid and Medicare incentive payments.
Modern Healthcare examined the Certified Health IT Product List, which is compiled by the Office of the National Coordinator for Health IT. The report found that only 79 companies, providers and other health care organizations have developed software that has been tested and certified to meet standards for Stage 2 of the program. In comparison, there were 988 developers of health IT systems that were tested and certified for Stage 1 of the program...
Maybe this vendor shakeout will turn out to be a good thing.


Well, I now have an Antioch address, a California driver's license, California tags on my car, registered to vote in CA while at the DMV, located and wrote to my Congressman, and got my prized Senior Discount BART Clipper Pass smart card. So, I'm now officially a citizen of The Peoples' Republic.

Next week I will be rubbing shoulders with the cutting edge Health IT digerati while covering the Health 2.0 2013 Conference in Santa Clara.

Tangentially apropos of that, from

Why we hate the new tech boom
Our new masters aren't going away -- and neither is a two-tiered employment world which makes inequality worse

...First, there is unsettling realization that the middle is losing economic ground while Silicon Valley execs babble on about “changing the world” for the better. Income inequality is growing ever worse, and it is increasingly clear that one of the forces fueling this trend is the technological innovation flowing out of the Bay Area. Second: The very fact that this boom is not a bubble, and will not suddenly vanish, means we can’t ignore it, or laugh it away. This is the new normal, and for those not lucky enough to have catered foodie gourmet lunches in brand-new downtown office complexes, the new normal sucks. Back in 1999-2000, the ridiculousness of what was happening was so obvious that it was hard to take it seriously. Everyone knew an economy boom built on online pet product company IPOs was doomed. Sooner or later, the bubble would pop and sanity would be restored and all those annoying dot-commers crowding your favorite bar or restaurant would go back to where they came from. The traffic would finally ease up.

But that’s not going to happen this time. The current boom isn’t a flash in the pan, doomed to disappoint arriviste gold miners. It’s here to stay. A mature Internet economy is generating huge riches, and it is remaking the face of San Francisco and the larger Bay Area in the process. But unless you really, truly want a job chauffeuring the new rich around town, or delivering their same-day groceries, or pouring their flights of craft beers — jobs that, incidentally, won’t pay enough to afford you an apartment anywhere in San Francisco — this new boom may not seem worth cheering about. Might as well root for it to fail...

...if you want to rent an apartment in the Mission district of San Francisco, you would need to work the equivalent of 5.5 minimum-wage jobs to afford the average $2,920 rent. Make that 7.5 such jobs if you want to live South of Market, where so many tech firms are headquartered. Also grounded: the shocking decline in the percentage of San Francisco’s residents who are African-American — nearly 20 percent in just the decade 2000-2010. All over the Bay Area, according to Joint Venture Silicon Valley, average incomes are rising, while median household incomes are falling — a strong sign that the wealth created by the thriving tech economy is not getting evenly distributed.

Unemployment is obviously and thankfully down — but serious questions remain as to the distribution of the new jobs. It’s a familiar story nationwide: The last couple of decades have seen the middle class get squeezed, and new technological innovations that have resulted in the automation or outsourcing of jobs are a big part of that narrative. The rising antagonisms directed at the tech economy’s nouveau riche are a direct consequence of a couple of decades of seeing “Star Trek”-like technological advances accompanied by a measurable fall in individual living standards...
I love the Bay Area, and I'm glad to be back after a 45 year hiatus, but San Francisco proper is no longer the freewheeling bohemian paradise of yore. e.g., as written up in Vanity Fair:
Bluebloods & Billionaires
Trevor Traina, San Francisco’s undisputed social king, has enticed many of the Silicon Valley elite to his ultra-exclusive Pacific Heights neighborhood, showering them with advice about what to wear, how to entertain, and whom to know. But the concept of noblesse oblige may be harder to teach. Evgenia Peretz learns why the arrival of such high-tech moguls as Apple’s Jonathan Ive and Zynga’s Mark Pincus has put some Old Guard noses out of joint.

...The high-tech elite has arrived, with more money than anyone knows what to do with. At the helm of companies that are focused on social media and commerce, as opposed to algorithms, this new generation of Silicon Valley titans has abandoned the Valley and made homes and headquarters in San Francisco. Alas, San Francisco, with just 812,000 people, is one of the few American cities in which Old Money still carries formidable status, and traditions are entrenched. Edith Wharton, had she lived in the time of instant messaging, would surely have found rich fodder in the collision of these worlds. As in mid-19th-century New York City, some from the Old Guard find the new breed well short of scintillating.

“They bore the hell out of me,” says Denise Hale, a Serb refugee who married Hollywood director Vincente Minnelli and then San Francisco department-store magnate Prentis Cobb Hale. “They’re one-dimensional and can only talk about one thing. I’m used to brilliant men in my life who leave their work, and they have many other interests. New people eventually will learn how to live. When they learn how to live, I would love to meet them.”...

I cited George Packer on this blog back in June. He observed in The New Yorker in his fabulous piece "Change the World," that a peculiar, eclectic narcissism pervades the high tech Bay Area / Silicon Valley region:
In 1978, the year that I graduated from high school, in Palo Alto, the name Silicon Valley was not in use beyond a small group of tech cognoscenti. Apple Computer had incorporated the previous year, releasing the first popular personal computer, the Apple II. The major technology companies made electronics hardware, and on the way to school I rode my bike through the Stanford Industrial Park, past the offices of Hewlett-Packard, Varian, and Xerox PARC. The neighborhoods of the Santa Clara Valley were dotted with cheap, modern, one-story houses—called Eichlers, after the builder Joseph Eichler—with glass walls, open floor plans, and flat-roofed carports. (Steve Jobs grew up in an imitation Eichler, called a Likeler.) The average house in Palo Alto cost about a hundred and twenty-five thousand dollars. Along the main downtown street, University Avenue—the future address of PayPal, Facebook, and Google—were sports shops, discount variety stores, and several art-house cinemas, together with the shuttered, X-rated Paris Theatre. Across El Camino Real, the Stanford Shopping Center was anchored by Macy’s and Woolworths, with one boutique store—a Victoria’s Secret had opened in 1977— and a parking lot full of Datsuns and Chevy Novas. High-end dining was virtually unknown in Palo Alto, as was the adjective “high-end.” The public schools in the area were excellent and almost universally attended; the few kids I knew who went to private school had somehow messed up, The Valley was thoroughly middle class, egalitarian, pleasant, and a little boring.

Thirty-five years later, the average house in Palo Alto sells for more than two million dollars. The Stanford Shopping Center’s parking lot is a sea of Lexuses and Audis, and their owners are shopping at Burberry and Louis Vuitton. There are fifty or so billionaires and tens of thousands of millionaires in Silicon Valley; last year’s Facebook public stock offering alone created half a dozen more of the former and more than a thousand of the latter. There are also record numbers of poor people, and the past two years have seen a twenty-per-cent rise in homelessness, largely because of the soaring cost of housing. After decades in which the country has become less and less equal, Silicon Valley is one of the most unequal places in America.

Private-school attendance has surged, while public schools in poor communities—such as East Palo Alto, which is mostly cut off from the city by Highway 101—have fallen into disrepair and lack basic supplies. In wealthy districts, the public schools have essentially been privatized; they insulate themselves from Shortfalls in state funding with money raised by foundations they have set up for themselves. In 1983, parents at Woodside Elementary School, which is surrounded by some of the Valley’s wealthiest tech families, started a foundation in order to offset budget cuts resulting from the enactment of Proposition 13, in 1978, which drastically limited California property taxes. The Woodside School Foundation now brings in about two million dollars a year for a school with fewer than five hundred children, and every spring it hosts a gala with a live auction. I attended it two years ago, when the theme was RockStar, and one of Google’s first employees sat at my table after performing in a pickup band called Parental Indiscretion. School benefactors, dressed up as Tina Turner or Jimmy Page, and consuming Jump’n Jack Flash hanger steaks, bid thirteen thousand dollars for Pimp My Hog! (“Ride through town in your very own customized 1996 Harley Davidson XLH1200C Sportster”) and twenty thousand for a tour of the Japanese gardens on the estate of Larry Ellison, the founder of Oracle and the country’s highest-paid chief executive. The climax arrived when a Mad Men Supper Club dinner for sixteen guests—which promised to transport couples back to a time when local residents lived in two-thousand-square-foot houses—sold for forty-three thousand dollars.

The technology industry’s newest wealth is swallowing up the San Francisco Peninsula. If Silicon Valley remains the center of engineering breakthroughs, San Francisco has become a magnet for hundreds of software start-ups, many of them in the South of Market area, where Twitter has its headquarters. (Half the start-ups seem to have been founded by Facebook alumni.) A lot of younger employees of Silicon Valley companies live in the city and commute to work in white, Wi-Fi-equipped company buses, which collect passengers at fifteen or so stops around San Francisco. The buses—whose schedules are withheld from the public—have become a vivid emblem of the tech boom’s stratifying effect in the Bay Area. Rebecca Solnit, who has lived in Sari Francisco for thirty years, recently wrote in The London Review of Books, “Sometimes the Google Bus just seems like one face of Janus-headed capitalism; it contains the people too valuable even to use public transport or drive themselves. Right by the Google bus stop on Cesar Chavez Street immigrant men from Latin America stand waiting for employers in the building trade to scoop them up, or to be arrested and deported by the government.” Some of the city’s hottest restaurants are popping up in the neighborhoods with shuttle stops. Rents there are rising even faster than elsewhere in San Francisco, and in some cases they have doubled in the past year.

The buses carry their wired cargo south to the “campuses” of Google, Facebook, Apple, and other companies, which are designed to be frilly functioning communities, not just places for working. Google’s grounds, in Mountain View—a working-class town when I was growing up—are modelled on the casual, Frisbee-throwing feel of Stanford University, the incubator of Silicon Valley, where the company’s founders met, in grad school. A polychrome Google bike can be picked up anywhere on campus, and left anywhere, so that another employee can use it. Electric cars, kept at a charging station, allow employees to run errands. Facebook’s buildings, in Menlo Park, between 101 and the salt marshes along the Bay, surround a simulated town square whose concrete surface is decorated with the word “HACK,” in letters so large that they can be seen from the air. At Facebook, employees can eat sushi or burritos, lift weights, get a haircut, have their clothes dry-cleaned, and see a dentist, all without leaving work. Apple, meanwhile, plans to spend nearly five billion dollars to build a giant, impenetrable ringed headquarters in the middle of a park that is technically part of Cupertino. These inward-looking places keep tech workers from having even accidental contact with the surrounding community. The design critic Alexandra Lange, in her recent e-book, “The Dot-Com City: Silicon Valley Urbanism,” writes, “The more Silicon Valley tech companies embrace an urban model, the harder it becomes for them to explain why they need to remain aloof. People who don’t have badges aren’t just a security risk.”

The industry’s splendid isolation inspires cognitive dissonance, for it’s an article of faith in Silicon Valley that the technology industry represents something more utopian, and democratic, than mere special-interest groups. The information revolution (the phrase itself conveys a sense of business exceptionalism) emerged from the Bay Area counterculture of the sixties and seventies, influenced by the hobbyists who formed the Homebrew Computer Club and by idealistic engineers like Douglas Engelbart, who helped develop the concept of hypertext and argued that digital networks could boost our “collective I.Q.” From the days of Apple’s inception, the personal computer was seen as a tool for personal liberation; with the arrival of social media on the Internet, digital technology announced itself as a force for global betterment. The phrase “change the world” is tossed around Silicon Valley conversations...
This next chapter in my life will certainly be interesting.


George Packer cited this book, so I bought it.

Silicon Valley is guilty of many sins, but lack of ambition is not one of them. If you listen to its loudest apostles, Silicon Valley is all about solving problems that someone else— perhaps the greedy bankers on Wall Street or the lazy know-nothings in Washington— have created.

“Technology is not really about hardware and software any more. It’s really about the mining and use of this enormous data to make the world a better place,” Eric Schmidt, Google’s executive chairman, told an audience of MIT students in 2011. Facebook’s Mark Zuckerberg, who argues that his company’s mission is to “make the world more open and connected,” concurs. “We don’t wake up in the morning with the primary goal of making money,” he proclaimed just a few months before his company’s rapidly plummeting stock convinced all but its most die-hard fans that Facebook and making money had parted ways long ago. What, then, gets Mr. Zuckerberg out of bed? As he told the audience of the South by Southwest festival in 2008, it’s the desire to solve global problems. “There are a lot of really big issues for the world to get solved and, as a company, what we are trying to do is to build an infrastructure on top of which to solve some of these problems,” announced Zuckerberg.

In the last few years, Silicon Valley’s favorite slogan has quietly changed from “Innovate or Die!” to “Ameliorate or Die!” In the grand scheme of things, what exactly is being improved is not very important; being able to change things, to get humans to behave in more responsible and sustainable ways, to maximize efficiency, is all that matters. Half-baked ideas that might seem too big even for the naïfs at TED Conferences— that Woodstock of the intellectual effete— sit rather comfortably on Silicon Valley’s business plans. “Fitter, happier, more productive”— the refreshingly depressive motto of the popular Radiohead song from the mid-1990s— would make for an apt welcome sign in the corporate headquarters of its many digital mavens. Technology can make us better— and technology will make us better. Or, as the geeks would say, given enough apps, all of humanity’s bugs are shallow.

California, of course, has never suffered from a deficit of optimism or bluster. And yet, the possibilities opened up by latest innovations make even the most pragmatic and down-to-earth venture capitalists reach for their wallets. After all, when else will they get a chance to get rich by saving the world? What else would give them the thrill of working in a humanitarian agency (minus all the bureaucracy and hectic travel, plus a much better compensation package)?

How will this amelioration orgy end? Will it actually accomplish anything? One way to find out is to push some of these nascent improvement efforts to their ultimate conclusions. If Silicon Valley had a designated futurist, her bright vision of the near future— say, around 2020 or so— would itself be easy to predict. It would go something like this: Humanity, equipped with powerful self-tracking devices, finally conquers obesity, insomnia, and global warming as everyone eats less, sleeps better, and emits more appropriately. The fallibility of human memory is conquered too, as the very same tracking devices record and store everything we do. Car keys, faces, factoids: we will never forget them again. No need to feel nostalgic, Proust-style, about the petite madeleines you devoured as a child; since that moment is surely stored somewhere in your smartphone— or, more likely, your smart, all-recording glasses— you can stop fantasizing and simply rewind to it directly. In any event, you can count on Siri, Apple’s trusted voice assistant, to tell you the truth you never wanted to face back then: all those madeleines dramatically raise your blood glucose levels and ought to be avoided. Sorry, Marcel!

Politics, finally under the constant and far-reaching gaze of the electorate, is freed from all the sleazy corruption, backroom deals, and inefficient horse trading. Parties are disaggregated and replaced by Groupon-like political campaigns, where users come together— once— to weigh in on issues of direct and immediate relevance to their lives, only to disband shortly afterward. Now that every word— nay, sound— ever uttered by politicians is recorded and stored for posterity, hypocrisy has become obsolete as well. Lobbyists of all stripes have gone extinct as the wealth of data about politicians— their schedules, lunch menus, travel expenses— are posted online for everyone to review...
Gotta love it.

More to come...

Monday, September 23, 2013

HIPAA Omnibus: no more excuses, compliance date is today

Should HIPAA auditors show up on your door today, you had better have done your risk analysis and performed and documented everything pertaining to the HIPAA Omnibus Final Rule as it bears on your Covered Entity or PHI Business Associate operation. Enforcement begins today, September 23rd, 2013. Since HHS's intent is to have the HIPAA auditing and enforcement effort be "self-funding" through fines and monetary penalty settlements -- particularly in light of the chronic budgetary/deficit woes in Congress -- you will come to rue the day you decided to blow this off.

apropos of the "breach" component: below, a recent visual depicting the distribution of PHI breaches.

Half of it "physical theft." The totemic exemplar dope leaving his laptop containing thousands of records of unencrypted PHI in the rental car. Still happens all the time. Forbid -- and enforce the prohibition of that practice and you've just reduced your risk exposure by half.


Well, that didn't take long.

On Sunday, less than two days after the iPhone 5S went on sale, a German hacker collective became the first to claim victory over the gadget's much-buzzed-about Touch ID fingerprint security system. And they did it pretty much the same way Bane's flunkies breached the biometric passcode on Bruce Wayne's stock exchange account in "The Dark Knight Rises," — using a copy of Batman's fingerprints (created by Catwoman after she did some light dusting around Wayne Manor).

Even before the Chaos Computer Club, one of the largest and well-known hacker collectives, crowed victory via the tried-and-true "fake finger" method, Apple's first foray into biometric security wasn't getting a lot of respect. Amid concerns over privacy — Sen. Al Franken, D-Minn., asked if Apple might share stored fingerprints with third parties or the government, the way tech companies do with other customer info — and hacking, the jokes kicked in. A cat's paw, a nipple and a crowd-sourced bounty to the first person to hack Touch ID are likely just the beginning of a running gag at Apple's expense...
So much for iPhone 5 fingerprint verification technology as a potential component of HIPAA-related BYOD security policy.


From a comment under THCB's Why Can’t We Do Better Than This?
Rob says- You have heard of the iPad,iTouch, iPhone? Now you have the iPatient! Most of the problem comes from our new slavish devotion to hospital EMR systems. Common sense? Sorry, not in the algorithm. Spend 8 minutes with the patient? No, no, no, thats just face time. What about the other 30 minutes the doc spends with the computer AFTER he sees the patient? Where do you think that time comes from? No communication? Orders can be entered remotely in real time responding to minute to minute changes in the patients condition! Its all documented in the computer. As long as the documentation is there why do we need to talk to the patient ? We have recorded our thought process for posterity in the computer. Its all there, but that takes time! These residents have to sign out and turn over these patients to other doctors several times a day. Now THATS communication! Actual communication with the patient is to be discouraged as it will only stand in the way of processing the patient through the system efficiently and documenting a timely discharge so our outcome metrics are in parallel with national benchmarks! Nurse education at 1 AM! You betcha! Wake the patient up to give them a sleeping pill? Of course! Wouldn’t want the computer to score that as a medication error would you? Computer documentation insists that all of it it be performed in a timely fashion. Physicians and nurses in the real world now spend more time with the “iPatient” than they do with the actual real patient. Please don’t stand in the way of improved outcomes, efficiency, cost savings and improved patient safety with your petty complaints. Waiting until EMR’s were sufficiently advanced that they improved the physician patient experience until implementation is absurd! Perhaps if someone did a time motion study and saw how much time these computer systems take away from direct patient care, all those talking heads in ivory towers would get it. BTW, c’mon pretty hard to believe that one of the nations most reputable hospitals does not have a radiologist to read head CTs at night. Really?


While the Congressional Clown Car Federal Shutdown Show is grabbing all of the headlines, serious work continues.
September 24, 2013

The Honorable Kathleen Sebelius, Secretary
U.S.  Department of Health and Human Services
200 Independence Avenue, SW
Washington, DC 20201

Dear Madam Secretary:

The Electronic Health Records (EHR) Meaningful Use Incentive Program has played a significant role in advancing the adoption of health information technology across the country. However, given the feedback from stakeholders on the timing of Stage 2 of the program, we respectfully request an extension of Stage 2 by one year for providers who need extra time to meet the new requirements. Providers who are ready to attest to Stage 2 in 2014 should be able to do so consistent with current policy.

Starting in 2014, eligible hospitals and eligible professionals participating in the EHR incentive program for Medicare will have to progress to new Stage 2 regulatory standards in order to demonstrate growth in the use of EHR technology. All eligible hospitals and professionals will have to demonstrate achievement of Stage 2 meaningful use objectives for any quarter-based 90-day period of either Fiscal Year 2014 for hospitals or Calendar Year 2014 for physicians in order to avoid penalties in 2016. This requirement applies to those who began Stage 1 in 2012 or earlier. However, even providers that began Stage 1 in 2013 or will attest for the first time in 2014 will have to use 2014 Edition Certified EHRs to satisfy the revised set of Stage 1 objectives.

Therefore, based on a wide range of feedback from providers, vendors, and other stakeholders, we identify three key problems with the current timeline for Stage 2.

First, we are concerned that the regulatory structure of the program has created significant time pressure in 2014, and progressing to Stage 2 may not be feasible for all participants. In one year, over 500,000 hospitals and physicians are required to upgrade their existing technology to demonstrate new standards of “meaningful use” by the end of 2014 in order to be eligible for the corresponding incentive payments. Further, the vendors are under tremendous time pressures to ensure their products are certified for the 2014 Edition criteria and have sufficient time to upgrade their products for each hospital or physician client. This time pressure has raised questions about whether such a short period for Stage 2 is in the best long-term interest of the program. 

Second, we are concerned that the onset of Stage 2 may further widen the digital divide for small and rural providers who lack the resources of large practices and may not be vendors’ top priorities. Even if certified products are available to them, simply receiving the software update does not satisfy meaningful use requirements for a hospital or eligible provider. They also need assistance learning how to use the new technology and time to address how they will achieve the new standards of meaningful use. 

Third, an artificially aggressive Stage 2 timeline may have serious unintended consequences such as stifling innovation and increasing medical errors. Innovation in health information technology could be hampered, since vendors do not have the time to introduce administrative flexibility into their EHRs to best serve diverse practices. Medical errors could be increased inadvertently, because rushing through upgrades could introduce new risks in the technology that could cause errors or patient safety problems. 

If the goal is to improve care by achieving broad and meaningful utilization of EHRs, providing sufficient time to ensure a safe, orderly transition through Stage 2 is critical to having stakeholder buy-in, a necessary component of long-term success. 

We are not suggesting a delay of Stage 2 and the progress we have seen to date.   Providers who are ready to transition to Stage 2 should do so and should receive incentive payments in 2014 and 2015 consistent with current policy.   However, providers that are not yet ready to transition to Stage 2 should have a one-year extension before they must demonstrate Stage 2 meaningful use, consequently mitigating the threat of penalties while still abiding by the statutory deadlines. 

In future efforts, continued focus on achieving interoperability is critical. We believe that for this program to ultimately be successful, heeding stakeholder feedback on the current progress to achieving interoperability is imperative. It is critical to continue holding vendors accountable for providing products that advance the ability for unaffiliated providers to share information. 

We appreciate your attention to this request, and urge you to move quickly with a decision so stakeholders have the clarity and certainty they need to plan. We look forward to your response by October 8, 2013. 


Senators Lamar Alexander, (R-Tn), John Thune (R-SD), John Barrasso (R-Wyo.), Richard Burr (R-N.C.), Saxby Chambliss (R-Ga.), Dan Coats (R-Ind.), Tom Coburn (R-Okla.), Mike Enzi (R-Wyo.), Johnny Isakson (R-Ga.), Mark Kirk (R-Ill.), Jerry Moran (R-Kan.), Lisa Murkowski (R-Alaska), Rob Portman (R-Ohio), Jim Risch (R-Idaho), Pat Roberts (R-Kan.), Pat Toomey (R-Penn.), and Roger Wicker (R-Miss.).
NOTE: The senators’ request is supported by the American Medical Association, the American Hospital Association, the National Rural Health Association, and the College of Healthcare Information Management Executives.

Interesting that there is no call to suspend or kill the Meaningful Use initiative now.

October 8th? Will the federal government be doing business on October 8th?


HealthLeaders: A lot of people are asking for your advice for the next coordinator. I want to focus on two particular pain points. One is the possibility of a government shutdown and how that would impact the office. The other is just the continuing heartburn that the sequester has caused.

Mostashari: What can I say? I took over as national coordinator on April 8, 2011. It was the day the government was supposed to shut down. So my first act was to assemble all the folks at ONC and talk about the fact that they may need to go home, leave your Blackberrys, and you're not going to get paid until we don't know when. That did not come to pass. We have limped through with continuing resolutions and then sequester cuts without really an ability for the department to rebalance how we budget. Things are frozen at the same relative proportions between initiatives for years. That's like passing a household budget where your kid's in school now, but you still have to keep your budget for diapers. You can't increase your budget for school supplies. It's crazy. But despite that, what I would say to the next national coordinator on that is to lean on the community, and to tap into the desire that everybody has to help us succeed.
Here we go again, 'eh?

More to come...

Thursday, September 19, 2013

Back online in California

Our move from Las Vegas to the Bay Area has consumed my life for the past eight days.We arrived at 11:20 pm Sunday to find an inch of water all over the kitchen floor, extending out to all corners of the ground floor. The freezer ice cube maker line had ruptured during the ten days we were over in Vegas wrapping up the sale of our house and our exodus to CA. ServiceMaster has ripped up the floors and baseboards and has installed blowers to run for five days before assessing the extent of needed repairs.

Unreal. A nightmare. We are now relegated to the upper floor until repairs are complete.

Whatever. No one died or went to jail.Comcast installed my new cable and internet service yesterday afternoon. I'm back up.

Ganguly: Strong patient data standards cure EHR interoperability flu
"...the lack of a strong standard has caused tremendous problems from a technical standpoint as we try to ensure the accurate flow of information..."
I've been harping on this for a long time. Nice to see others touting the case. However, I still have yet to see anyone argue for a comprehensive Data Dictionary standard, as I have repatedly done.

I repeat that which I posted on April 25th.

One. Then stand back and watch the Market Work Its Magic in terms of features, functionality, and usability. Let a Thousand RDBMS Schema and Workflow Logic Paths Bloom. Let a Thousand Certified Health IT Systems compete to survive. You need not specify by federal regulation any additional substantive "regulation" of the "means" for achieving the ends that we all agree are desirable and necessary. There are, after all, only three fundamental data types at issue: text (structured, e.g., ICD9, and unstructured, e,g., open-ended SOAP note narrative), numbers (integer and floating-point decimal), and images. All things above that are mere "representations" of the basic data (e.g., text lengths, datetime formats, logical, .tiffs, .jpegs etc). You can't tell me that a world that can live with, e.g., 10,000 ICD-9 codes (going up soon by a factor of 5 or so with the migration to ICD-10) would melt into a puddle on the floor at the prospect of a standard data dictionary comprised of perhaps a similar number of metadata-standardized data elements spanning the gamut of administrative and clinical data definitions cutting across ambulatory and inpatient settings and the numerous medical specialties. We're probably already a good bit of the way there given the certain overlap across systems, just not in any organized fashion.

Think about it.

Why don't we do this? Well, no one wants to have to "re-map" their myriad proprietary RDBMS schema to link back to a single data hub dictionary standard. And, apparently the IT industry doesn't come equipped with any lessons-learned rear view mirrors.

That's pretty understandable, I have to admit. In the parlance, it goes to opaque data silos, “vendor lock,” etc. But, such is fundamentally anathema to efficient and accurate data interchange (the "interoperability" misnomer).

Yet, the alternative to a data dictionary standard is our old-news, frustratingly entrenched, Clunkitude-on-Steroids Nibble-Endlessly-Around-the-Edges Outside-In workaround -- albeit one that keeps armies of Health IT geeks employed starting and putting out fires.

Money better spent on actual clinical care.
I'm still awaiting substantive pushback. There are conceptually really only two alternatives: [1] n-dimensional point-to-point data mapping, from EHR 1 to EHRs 2-n, or [2] a central data mapping/routing "hub," into which EHRs 1-n send their data for translation for the receiving EHR.

The complications arising from these two alternative scenarios ought to be obvious.


Nice job. No mention of health IT. Interesting.


Ten more days of The Stupid in DC. Three more days to the HIPAA Omnibus compliance deadline for Covered Entities and their Business Associates.


By Karen Tumulty and Paul Kane, Washington Post

With little more than a week to go before a potential government shutdown, Washington feels like a car without a driver on a road without a guardrail.

As it hurtles toward the edge, no one — conservatives, GOP leadership, congressional Democrats, the White House — seems to have a way to stop it.

Lurching from near-calamity to near-catastrophe has become a way of life in the capital, which has stood at the edge of a financial precipice at least four times since the end of 2010...
Ten days to a potential federal shutdown. Ten more days of DC Freak Show antics, current edition. Health IT is nowhere on the radar that I can see, though a quiet backroom eleventh hour cutoff of the remaining Meaningful Use funding could indeed happen (but, it's chump change relative to the big money controversies, so maybe it'll survive). Continuation of MU is basically a "sunk costs" argument at this point, albeit one that is not totally a rhetorical fallacy.

Below, this is rather significant.
Rand Paul: We Probably Can't Get Rid Of Obamacare

MACKINAC ISLAND, Mich. -- Republican Sen. Rand Paul says President Barack Obama's health care law probably can't be defeated or gotten rid of. And he's suggesting there are few ways and little time for him and other congressional Republicans to stop it.

Speaking to reporters Saturday at a gathering of Michigan Republicans, the presidential prospect said Republicans in Congress could use votes on measures in the House and in the Senate to come up with compromise legislation that could make the law more palatable. Some provisions, Paul said, include removing caps on health savings account contributions or deductibles for health policies.

But the Kentucky Republican said time for that is running out before Oct. 1, the start of the 2014 fiscal year and the date that state insurance exchanges begin.

Paul said Republicans still expect members to fight the law, which national polls show only about a third of Americans support.

"I'm acknowledging we can't probably defeat or get rid of Obamacare," he said. "But by starting with our position of not funding it, maybe we get to a position where we make it less bad." ...
Well, can we just move on, then, to some actual rational legislative business?



More to come...

Wednesday, September 11, 2013

12 years ago today

A ghastly, immeasurably sad anniversary.

Monday, September 9, 2013

Headlines and deadlines

Well, a tsunami series of deadlines draws nigh. HIPAA Omnibus 45 CFR 164 regulatory compliance date is two weeks from today (September 23rd). The federal fiscal year ends September 30th. The controversial PPACA "ObamaCare" Health Insurance Exchanges (HIX) are to open their cyber doors October 1st. Will we have a federal "government shutdown" on October 1st, engineered by the Tea Party wing of the GOP?

Meaningful Use Stage 2 year one begins October 1st 2013 (FY 2014) for health care entities operating according to federal fiscal year rules. For Medicare EPs and EHs in the program under calendar year rules, Stage 2 begins on January 1st, 2014 for those having successfully completed and attested for at least two years in Stage 1.

And then there's the looming spectre of the ICD-10 changeover set to ensue October 1st 2014.

But, the blaring headlines blotting out the rest of the news this week...

Props to Cousin Jojo for the cartoon link

Everyone had assumed that the final congressional session of FY2013 would be one of federal shutdown brinksmanship over the budget, the deficit, the debt ceiling, and "Defunding ObamaCare," but international events have once again hogged the stage, and may well consume the rest of the month in DC and among the pundit class.

Me, I'm up to my eyebrows in my move to California.





Saw a post about this documentary over on THCB yesterday. Looks interesting.

Check out the trailer.


From the AMA:
The differences between ICD-9 and ICD-10 are significant and physicians and practice management staff need to start educating themselves now about this major change so that they will be able to meet the October 1, 2014 compliance deadline.
ICD-10-CM codes are the ones designated for use in documenting diagnoses. They are 3-7 characters in length and total 68,000, while ICD-9-CM diagnosis codes are 3-5 digits in length and number over 14,000. The ICD-10-PCS are the procedure codes and they are alphanumeric, 7 characters in length, and total approximately 87,000, while ICD-9-CM procedure codes are only 3-4 numbers in length and total approximately 4,000 codes.
Moving to ICD-10 is expected to impact all physicians. Due to the increased number of codes, the change in the number of characters per code, and increased code specificity, this transition will require significant planning, training, software/system upgrades/replacements, as well as other necessary investments...
What is “ICD-10”?
“ICD-10” is the abbreviated way to refer to the International Classification of Diseases, Tenth Revision, Clinical Modification (ICD-10-CM) and International Classification of Diseases, Tenth Revision, Procedure Coding System (ICD-10-PCS).
Explain the difference between ICD-10-CM and ICD-10-PCS. ICD-10-CM is the diagnosis code set that will be replacing ICD-9-CM Volumes 1 and 2. ICD-10-CM will be used to report diagnoses in all clinical settings. ICD-10-PCS is the procedure code set that will be replacing ICD-9-CM Volume 3. ICD-10-PCS will be used to report hospital inpatient procedures only.
Will ICD-10-PCS replace CPT®? No. ICD-10-PCS will be used to report hospital inpatient procedures only. The Current Procedural Terminology (CPT) and Healthcare Common Procedure Coding System (HCPCS) will continue to be used to report services and procedures in outpatient and office settings.
Do I have to upgrade to ICD-10? Yes. The conversion to ICD-10 is a HIPAA code set requirement. Providers, including physicians, are HIPAA “covered entities”, which means that you must comply with the HIPAA requirements.
Who else has to upgrade to ICD-10? Health care clearinghouses and payers are also HIPAA covered entities, so they are required to convert to ICD-10 as well...

More to come...


Friday, September 6, 2013

California, here I come...

I first lived in California in 1967, in the North Beach district of San Francisco. Now, 46 years later, I just spent my first night in our new place out in Antioch at the far NE suburban end of the "Bay Area" (my wife works in Walnut Creek). Beautiful 3,057 sq ft house with a 3 car garage in a quiet neighborhood. 5 minutes to the nearest Starbucks, 15 minutes to the Pittsburg/Bay Point BART Pitts-SFO line terminus. 53 minutes into the city from there (and only $4.50 round trip with the Senior Discount BART Clipper Pass smart card).

With a signed lease and a mailing address I am now legally a California resident. Maybe it's crazy (and will be more expensive, no doubt), but I'm delighted to be back.

Above, the new $6.4 billion western span of the Oakland Bay Bridge is now open. Looking forward to driving across it.

Heading back to Vegas tonight for one final week of packing up and cleaning up. Sale of our Las Vegas house closes on the 16th. Then it's on to Health 2.0 in Santa Clara starting Sept 29th.



More to come...

Sunday, September 1, 2013

Meaningful Use payments update through July

CMS has published the latest Meaningful Use Incentives payments summary (through July 2013). Really just a trickle increase relative to the numbers from June.

$15,884,674,565 minus $15,507,463,743 = $376,710,822 paid out in July. This slowdown is to be expected, given that Stage 1 attestations run via calender and federal fiscal years.

The summary EP and EH tallies below:

While nearly 200,000 EPs have been paid to date, the majority of the money has gone to hospitals (an average of ~$2.332 million per EH).

No breakdowns here regarding how much of the Medicaid money is "A/I/U" -- simply "Adopt, Implement, or Upgrade" to a 2011 ONC Certified EHR system, without having to attest to having met Meaningful Use Core and Menu compliance measures.

I'd also like to see a breakdown here by EHR vendor, in particular with respect to the hospitals payments.


September 23rd, 2013 is the date that all Covered Entities and their Business Associates must be in compliance with HIPAA as amended by HITECH (the rigorous "Omnibus" regulatory specifications as set forth in 45 CFR 164).

You have had five month thus far since publication of the Omnibus Rule to get your houses in order. If you have not yet started on documented compliance, you have better hope you don't get audited, because you will not make it. You may be able to put window dressing paper in place (e.g., a generic Policies and Procedures manual, a "Notice of Privacy Practices" taped to the clinic door, and some pro forma "Risk Analysis"), but actual full operational compliance on or before September 23rd will be nigh impossible to document and demonstrate at this point.

The stakes (from HHS):
Enforcement and Penalties for Noncompliance
The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) establishes a set of national standards for the use and disclosure of an individual’s health information – called protected health information – by covered entities, as well as standards for providing individuals with privacy rights to understand and control how their health information is used.  The Department of Health and Human Services, Office for Civil Rights (OCR) is responsible for administering and enforcing these standards and may conduct complaint investigations and compliance reviews.

Consistent with the principles for achieving compliance provided in the Privacy Rule, OCR will seek the cooperation of covered entities and may provide technical assistance to help them comply voluntarily with the Privacy Rule.  Covered entities that fail to comply voluntarily with the standards may be subject to civil money penalties.  In addition, certain violations of the Privacy Rule may be subject to criminal prosecution.  These penalty provisions are explained below.

Civil Money Penalties.  

OCR may impose a penalty on a covered entity for a failure to comply with a requirement of the Privacy Rule.  Penalties will vary significantly depending on factors such as the date of the violation, whether the covered entity knew or should have known of the failure to comply, or whether the covered entity’s failure to comply was due to willful neglect...
...Before OCR imposes a penalty, it will notify the covered entity and provide the covered entity with an opportunity to provide written evidence of those circumstances that would reduce or bar a penalty.  This evidence must be submitted to OCR within 30 days of receipt of the notice.  In addition, if OCR states that it intends to impose a penalty, a covered entity has the right to request an administrative hearing to appeal the proposed penalty.
  • For violations occurring on or after 2/18/2009:  $100 to $50,000 or more per violation (calendar year cap fo $1.5 million)
Criminal Penalties.  
A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment.  The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm.  The Department of Justice is responsible for criminal prosecutions under the Privacy Rule.

Every CE (and BA that handles ePHI) has to designate a "security official" and a "privacy official."

Now, in a small primary care clinic, you might think "OK, Sally (the M.A. or front desk employee with a high school diploma), 'tag,' you're it."

Not gonna fly. As I noted in a prior post, Sally will be responsible for -- at a minimum -- administering and documenting myriad HIPAA Omnibus elements such as
  • Administrative safeguards (which increasingly extend to BYOD policies);
  • Technical safeguards;
  • Physical safeguards;
  • Written coherent and comprehensive policies and procedures;
  • Staff HIPAA training records;
  • Publication and dissemination of revised patient privacy practices;
  • Breach notification procedure;
  • Patient ePHI data request procedure;
  • Omnibus-compliant Business Associates Agreements (BAA).
In addition to her regular job duties.

By way of extreme example, what kind of duties and chops are expected of a "privacy official" in larger settings?

From a recent Bay Area online recruitment posting:
Hospital HP Compliance Officer (Job Number 200180)

Working for an organization with the size and resources of Kaiser Permanente Northern California means having the potential to positively affect the health and well-being of entire communities. From our financial, business, and IT experts, to our RNs, allied health professionals, and physicians, we work together to provide the best care experience to our members and the communities we serve. As one of the most diverse regions in the country, Northern California offers everything from the majestic Sierra Mountains, to breathtaking Yosemite, to world-renowned Napa Valley. Here, you'll discover the cultural and recreational diversity that makes Northern California one of the most desirable places in the world to live and work. As Northern California's largest health plan, Kaiser Permanente provides you with the resources and opportunity to build a rewarding career in an environment that supports your success. Join us.

Serves as the Hospital and Health Plan Compliance Officer, the Privacy Officer, and as a member of the Medical Center Leadership team.  Responsible for the strategic development, Implementation and evaluation of compliance management systems at the Medical Center, including contract hospitals, contract services, and other non-KFH facilities. Analyzes legal, regulatory, licensing and accreditation requirements and their impact on operations and oversees the development of compliance risk mitigation and corrective action plans. Ensures that controls are in place to guarantee privacy and security, to identify fraud, waste and abuse and to ensure that state and federal regulations are addressed. Collaborates with Medical Center leadership to ensure that operating procedures, systems and standards align with compliance requirements and controls and that staff is trained on these controls. Creates and manages detailed audits of Health Plan ad Hospital managed services. Develops strong collaborative leadership relationships with TPMG, external regulatory agencies and accreditation bodies, and uses these relationships to manage risks and establish priorities and plans to address these risks.

Essential Functions:

  • Ensures that the Medical Center has systems in place to achieve compliance by development of compliance management systems (such as training, policies, procedures, monitoring and auditing, among others) across all functions.
  • Assists managers to adopt a culture of compliance in their daily operations.
  • Oversees the development, implementation and evaluation of corrective action plans and responses to internally and externally identified compliance issues.
  • Creates and manages detailed on site audits of Health Plan and Hospital managed services.
  • Co-leads the Medical Center Compliance Committee with TPMG partner and provides direction in establishing legislative and regulatory compliance strategy.
  • Develops an audit plan and dashboard to communicate completion of corrective actions to senior leadership.
  • Serves as the Privacy Officer and oversees systems to ensure the protection and security of member and patient health information
  • Ensures the integrity of the regional hotline process and conducts investigations to resolve compliance issues and complaints.
  • In conjunction with Medical Center and Regional leaders, ensures that medical center service delivery changes meet requirements of state and federal regulators as well as billing requirements of Medicare and other federal coverage guidelines.
  • Oversees medical center responses to external regulatory agencies such as CMS and the Federal Office of Civil Rights.
  • Manages identified privacy breaches to ensure that all reports are filed, root cause analysis is performed and that controls are initiated to prevent further loss of protected health information.
  • Provides oversight to the implementation of revenue cycle functions and ensures the remediation of Site of Service, Scope of Practice and billing/documentation issues.
  • Responsible for identifying risk areas in the revenue cycle, including accurate coding and documentation.
  • Works with Regional groups and HIM managers to implement compliance coding and documentation practices.
  • Ensures that appropriately credentialed providers are supplying services to health plan and government sponsored groups.
  • Leads education and implementation of new state and federal laws affecting care delivery and health plan operations.
Basic Qualifications:

  • Eight (8) to ten (10) year of experience in hospital operations or multifaceted health care systems and multi-provider settings.
  • Experience in revenue cycle, program development and strategic planning required.
  • Bachelor's degree or equivalent in Health Care Administration, Business or Public Health Administration, Operations Research, Nursing, Economics or other related field required.
  • Master's degree in Business, Health Care, Public Administration, JD or related field preferred.
  • Certified in Healthcare Compliance (CHC) or other equivalent compliance certification preferred.
  • If applicant does not have the CHC, then must complete within 12 calendar months of hire.
  • Knowledge of accreditation and licensing requirements including but not limited to: The Joint Commission, NCQA, Knox Keene Act, CMS, Cal-OSHA, HIPAA, MEDI-Cal regulations and standards.
  • Demonstrated skill collaborating w/ multiple groups to achieve change.
  • Ability to balance priorities and manage risks.
  • Ability to influence Senior Leadership.
  • Must be able to work in a Labor/Management Partnership environment.
'eh? Now, while Sally's small shop world will be much simpler, HIPAA Omnibus compliance is no cakewalk in any setting. (I wrote a prior HIPAA post in May of 2012, btw.)
It should be noted that [1] the Privacy and Security officials can be the same -- educationally and experientially qualified --  person and/or that [2] entities falling under HIPAA Omnibus can outsource the Privacy and Security functions to qualified consultants. Either way, it will not come cheap (and, think about the problems inherent in outsourcing; e.g., how will an offsite consultant go about doing routine audit log breach detection monitoring?).

I should further note that Privacy and Security functions differ materially, with the latter being a more tech-oriented "necessary-but-insufficient" subject matter domain subsumed under the former (which extends to legal issues such as Breach redress and Consent administration that may be subject to state laws and regulations specific to location jurisdiction).

A final note goes to the fact that people with HIPAA compliance administration skills and experience aren't exactly hanging out in droves along the entrance curb at Star Nursery. The healthcare space is rife with qualified worker shortages, and this area is among the most severe.


This is pretty nice. And, apropos of HIPAA Omnibus, I am reminded of Meaningful Use Core 15:
Eligible professionals (EPs) must attest YES to having conducted or reviewed a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and corrected identified security deficiencies prior to or during the EHR reporting period to meet this measure.
This is narrower in focus (and is a Meaningful Use Criterion specifically, not HIPAA broadly), and goes only to ePHI security (not "privacy" per se, which maps to 45 CFR 164.5 et seq. Still, it's a lot of work. Note also "...implemented security updates as necessary and corrected identified security deficiencies prior to or during the EHR reporting period..." Some on my HealthInsight REC team had argued that as long as you had remedial activities underway or planned (but not yet documentably complete), you could attest to Core 15. IIRC, we got that opinion from someone on the HITRC.

Not true.

News item. Another great use of Health IT? Better fraud detection?

Mobile Doctors’ Chicago CEO and Doctor Arrested on Federal Health Care Fraud Charges; Offices Searched in Three Cities
CHICAGO — The chief executive officer of Chicago-based Mobile Doctors, which manages physicians who make house calls in six states, and one of its physicians in Chicago were arrested today on federal health care fraud charges. At the same time, federal agents executed search warrants at Mobile Doctors’ offices in Chicago, Detroit, and Indianapolis, as well as warrants to seize up to $2.568 million in alleged fraud proceeds from various bank accounts. The charges allege a scheme to fraudulently increase (also known as “upcoding”) Medicare bills for in-home patient visits that Mobile Doctors falsely claimed were more complicated and longer than they actually were. The charges also allege that Mobile Doctors’ physicians falsely certified that patients were confined to their homes, enabling home health care agencies to claim fees for additional services for patients who were not actually qualified to receive them.

Agents from the FBI, the U.S. Department of Health and Human Services Office of Inspector General, and other law enforcement agencies executed the arrest, search, and seizure warrants in connection with the charges and also a broader ongoing investigation that includes allegedly illegal billing practices for medically unnecessary tests and services not performed by a physician.

Arrested were DIKE AJIRI, 42, of Wilmette, CEO of Mobile Doctors, which he has effectively owned since 1996, and BANIO KOROMA, 63, of Tinley Park, a physician who has worked for Mobile Doctors since approximately 2007. Mobile Doctors, located at 3319 N. Elston Ave., in Chicago, arranges patient home visits and contracts with doctors who perform the visits. The physicians assign their rights to bill and collect payment to Mobile Doctors, in return for being paid directly by the company. Mobile Doctors’ website claims that its associated physicians have made more than 500,000 house calls since its inception. In addition to Chicago, the company has branches in Detroit and Flint, Mich., San Antonio and Austin, Tex., Indianapolis, Kansas City, Phoenix, and St. Louis.

Ajiri was charged with health care fraud and Koroma was charged with making false statements relating to health care benefits in a criminal complaint that was filed yesterday and unsealed today after the arrests. Both were scheduled to appear at 3 p.m. today before U.S. Magistrate Judge Mary Rowland in U.S. District Court.

The arrests and charges were announced by Gary S. Shapiro, United States Attorney for the Northern District of Illinois; Robert J. Shields, Jr., Acting Special Agent-in-Charge of the Chicago Office of the Federal Bureau of Investigation; and Lamont Pugh III, Special Agent-in- Charge of the Chicago Regional Office of the HHS-OIG. The Railroad Retirement Board Office of Inspector General is also participating in the investigation.

According to a 75-page affidavit in support of the arrest, search and seizure warrants, agents have interviewed several current and more than 25 former employees of Mobile Doctors, including some who reported allegedly fraudulent billing practices to Medicare before they were contacted by agents. Investigators have also reviewed emails and documents, claims data, patient files, and have conducted interviews with patients of Mobile Doctors and their primarycare physicians, whose statements contradict Mobile Doctors’ billing and patient records.

Mobile Doctors physicians do not perform tests such as echocardiograms, but do order such tests, which are done on Mobile Doctors’ patients by employees of In Home Diagnostics, doing business as Ultrasound2You. According to Medicare records, Ajiri is a minority partner in In Home Diagnostics, which is located in the same building as Mobile Doctors, and Mobile Doctors bills the echocardiograms so that they appear to have been done by Mobile Doctors’ physicians.

The complaint affidavit states that Ajiri signed a personal financial statement on Dec. 31, 2012, stating that he received $1.5 million in annual partnership income from a corporate entity, Mobile Doctors LLC, which has a complex ownership structure involving Ajiri and over time, one or both of his parents. Between 2008 and January 2013, bank records show that approximately $4.365 million was transferred from Mobile Doctors to an account in the name of Ajiri and his wife.

Upcoding patient visits

According to interviews with former and current Mobile Doctors physicians, branch managers, clinical coordinators, employees and patients, a typical visit that a Mobile Doctors physician has with an established patient lasts 10 to 30 minutes and is routine in nature. In contrast to those interviews, claims data shows that from 2006 through February 2013, approximately 99 percent of all established-patient visits by Mobile Doctors physicians were billed to Medicare using either of the two highest codes indicating the visits involved medical decision-making of moderate to high complexity, detailed or comprehensive interval histories or medical examinations, and/or visits that typically last at least 40 minutes.

In 2009 in Chicago, the local Medicare fee for a visit using the second-highest home visit code was approximately $122.82, while the fee for the highest code was approximately $171.25. According to a review of claims data for Railroad Retirement Board patients, every single established-patient visit Mobile Doctors billed to Medicare between January 2007 and June 2008 used the highest fee code. Between January 2007 and November 2012, approximately 93 percent of such visits were billed using the highest fee code.

The former manager of Mobile Doctors’ Chicago branch until she was terminated in 2008 told agents that Ajiri told her that the second-highest fee code was the default code for a patient visit so that it would be worth the gas and time spent. The manager said Ajiri told physicians, “I don’t pay for ones or twos,” referring to the two lower of the four applicable fee codes. At the end of one day, she said she saw Ajiri in his office “automatically” altering the billing codes and marking visits at the highest fee level on patient records submitted by physicians and assistants who accompanied them on home visits. A physician told agents that in late 2007, Ajiri did not respond to his concerns about Mobile Doctors’ billing practices and instead told the doctor that he could earn more money if he would order more tests such as electrocardiograms, according to the affidavit.

The complaint alleges that the vast majority of payments made on established-patient visit claims using the highest fee code were the result of fraudulent upcoding. From 2006 through 2012, Mobile Doctors received approximately $21.4 million in payments on claims using the second-highest code, and approximately $12.6 million in Medicare payments on claims using the highest fee code.

Falsely certifying patients as confined to their homes

The charges further allege that Mobile Doctors physicians, including Koroma, falsely certified patients as confined to their homes and requiring home health services when they were not home-bound and did not require such care. By referring patients to home health agencies that did not warrant Medicare payments, Mobile Doctors received more referrals from those agencies for services provided by its physicians. According to Medicare data, from August 2010 through July 2013, more than 200 home health agencies submitted Medicare claims for services allegedly rendered to patients for whom Koroma was identified as the referring physician. These home health agencies have been paid more than $10 million for services listing Koroma as the referring physician.

Between January 2006 and March 2013, Mobile Doctors physicians have certified or recertified for 60-day periods approximately 15,598 patients as confined to their homes and requiring home health services a total of approximately 83,133 times, many of which were allegedly false. Approximately 6,057 of these certifications were attributed since August 2007 to Koroma, with Mobile Doctors billing Medicare for approximately 17,439 patient visits he made during that time, more than any other Mobile Doctors physician.

The health care fraud count against Ajiri carries a maximum penalty of 10 years in prison and a $250,000 fine and restitution is mandatory. The false statements count against Koroma carries a maximum of five years in prison and a $250,000 fine. If convicted, the Court must impose a reasonable sentence under federal statutes and the advisory United States Sentencing Guidelines.

The government is being represented by Assistant U.S. Attorney Stephen C. Lee and Catherine Dick, assistant chief in the Fraud Section of the Justice Department’s Criminal Division. The U.S. Attorney’s Offices in Detroit, Indianapolis, and Phoenix also have assisted in the investigation.

The public is reminded that a complaint is not evidence of guilt. The defendants are presumed innocent and are entitled to a fair trial at which the government has the burden of proving guilt beyond a reasonable doubt.

The Medicare Fraud Strike Force began operating in Chicago in February 2011, and consists of agents from the FBI and HHS-OIG, working together with prosecutors from the U.S. Attorney’s Office and the Justice Department’s Fraud Section. The strike force is are part of the Health Care Fraud Prevention & Enforcement Action Team (HEAT), a joint initiative announced in May 2009 between the Department of Justice and HHS to focus their efforts to prevent and deter fraud and enforce current anti-fraud laws around the country. Scores of defendants have been charged locally in health care fraud cases since the strike force began operating in Chicago.

To report health care fraud to learn more about the Health Care Fraud Prevention & Enforcement Action Team (HEAT), go to:
A decade ago I was a member of a credit risk modeling and portfolio management team at a privately held VISA/MC issuer. From one of my white papers writing up our scorecard modeling project:

Full paper here (large PDF scan). One of my specific roles in the Risk Department was that of the Risk Department's "portfolio management" analytics lead, with duties including assessments for cardholder utilization patterns, collections strategy, and fraud detection and modeling.

I would imagine that the capabilities of the major statistical analytics platforms a decade hence (e.g., SAS, Stata, R, etc) are orders of magnitude better.

Set 'em loose on all manner of Health IT "big data."

More to come...