means incomplete care. incomplete information managing risk … · 2017-07-18 · incomplete...
TRANSCRIPT
Incomplete informationmeans incomplete care.
When you bring data together, something amazing happens. You start to gain insights and make connections that weren’t possible before—connections that impact patient care. We built InterSystems HealthShare® to unify patient data and provide caregivers with a single platform for seamless, connected care and ultimately better outcomes. Connect with the whole story at InterSystems.com/IncompleteInfo3Z
© 2016 InterSystems Corporation. All rights reserved. InterSystems and HealthShare are registered trademarks of InterSystems Corporation. 6-16 IncompleteInfo3HeITNe
Incomplete 3 bandaid TAB HeITNe.indd 1 5/2/16 3:25 PM
NETWORK-ENABLED EHR, REVENUE CYCLE MANAGEMENT, CARE COORDINATION, AND POPULATION HEALTH SERVICES
MANAGING RISK WITH PATIENTS: SMART
SHARING YOUR
RISK WITH US:POPULATION HEALTHIER
www.MazikGlobal.com
The world’s spotlight is on Ohio. Last year, Ohio added over 82,000 new private sector jobs. Our large metropolitan areas are ranked among the hottest cities for
growth. We even have 19 of the Top 100 micropolitan cities—more than the next two states combined. If your business is looking
to expand and grow, it’s time to take a closer look at Ohio. Find out what Ohio can do for your business at jobs-ohio.com.
Welcome to Ohio. It’s on.
FEATURED ADVERTISERS
Published in partnership with
THE NEWS SOURCE FOR HEALTHCARE INFORMATION TECHNOLOGY n JUNE 2016 www.HealthcareITNews.comHIMSS Media / Vol. 13 No. 06
BENCHMARKS: Telehealth. More and more evidence suggests telehealth leads to cost savings and efficiencies, in addition to expanding access to care. Many states are catching on. PAGE 30
See our ad on page 40
Open dataVice President Joe Biden calls for silos to be broken down for lifesaving medical research: “We all have to work together.”PAGE 29
Bridging the gap between big data and analyticsProviders are finding their way forwardPAGE 4
RulemakingThe proposed MACRA regulations, all 962-pages, hold big implications for physician IT usage, quality reporting and reimbursement.PAGE 8
Incomplete informationmeans incomplete care.
When you bring data together, something amazing happens. You start to gain insights and make connections that weren’t possible before—connections that impact patient care. We built InterSystems HealthShare® to unify patient data and provide caregivers with a single platform for seamless, connected care and ultimately better outcomes. Connect with the whole story at InterSystems.com/IncompleteInfo3Z
© 2016 InterSystems Corporation. All rights reserved. InterSystems and HealthShare are registered trademarks of InterSystems Corporation. 6-16 IncompleteInfo3HeITNe
Incomplete 3 bandaid TAB HeITNe.indd 1 5/2/16 3:25 PM
CONNECTJune 2016 | Healthcare IT News | www.HealthcareITNews.com 3
WHAT’S INSIDEComparison shopping“As the variety of health IT products increases, health IT comparison tools will become increasingly critical to the provider community in the near future,” ONC officials said in a recent report. But with a dozen-and-a-half ratings tools already out there, ONC says its strength is the data it has accrued, which could be furnished to the private sector to help providers make better decisions. ONC spotlighted four mechanisms to compare certified health IT: Two would help providers make smarter choices about their purchases; two target comparison tool developers themselves, aiming to help them develop better systems.
PAGE 12
POLICY 8Cybersecurity guidelinesNIST to offer a security framework developed by the federal government.
As Maine goes...The Pine Tree State is the second to mandate electronic prescribing for controlled substances.
CLINICAL 18Missing from EHRsBehavioral health data is too often missing from patients’ clinical records.
Machines winComputers are faster than humans at detecting cancer, Regenstrief shows.
BUSINESS 22athenahealth acquistionCloud-based IT company expands portfolio to include machine learning, AI.
Joining forces for securityHealthcare organizations and medical device makers come together for cyber taskforce.
DATA 26Security breaches rampantFive of the eight largest data breaches since 2010 occured in 2015.
Public-private partnershipNSA and HITRUST offer guidance to protect healthcare organizations from cyber attacks.
Benchmarks ��������������������������� 30
Trends ����������������������������������� 32
New Products ����������������������� 34
Jobspot ���������������������������������� 35
People ����������������������������������� 36
Newsmaker ��������������������������� 38
JUNE14-15: HIMSS Big Data & Healthcare Analytics Forum, San Francisco
15-17: AHIP’s Institute & Expo 2016, Las Vegas
19-21: CHIME/AMDIS’s CMIO Boot Camp, Ojai, California.
26-29: HFMA’s 2016 Annual National Institute: Out of the Box, Las Vegas
28-30: AMIA’s Academic Forum Annual Conference, Columbus, Ohio
JULY11: CHIME’s LEAD Forum - Cybersecurity, Denver
15-16: AHIMA & CSA Leadership Symposium, Chicago
23-27: AHIMA Faculty Development Institute, Denver
AUGUST1-2: AHIMA CDI Summit, Washington
4-6: AHDI Annual Conference, Milwaukee
12: AHIMA & NJHIMA: Information Governance Boot Camp, Princeton, New Jersey
FEATURED EVENT
HIMSS Big Data & Healthcare Analytics Forum kicks off June 14 in San Francisco.
SLIDESHOW
Healthcare plagued by breachesThe steady drumbeat of data breaches and malware incidents so far this year has shed light on security issues plaguing many healthcare providers. Cybercriminals are targeting hospitals with growing frequency, and vulnerabilities – such as aging medical equipment and human error – are only increasing the risk.
BLOG
A deep dive on the ‘overwhelmingly complex’ MACRA proposed rule“Sometimes when you remodel a house, there’s a point when additional improvements are impossible, and you need to start again with a new structure,” writes Beth Israel Deaconess Medical Center CIO John Halamka, MD, about a 962-page rule that “no mere human will be able to understand.”
BLOG
Is Homeland Security’sthreat intelligence putting PII and PHI at risk?The Department of Homeland Security has officially launched the mechanism for sharing threat intelligence, known as the Automated Indicator Sharing initiative. The government has said that the AIS will serve as the Internet’s “See Something, Say Something.”
http://bit.ly/1TPY1cM
bit.ly/aprildatabreaches bit.ly/complex-MACRA http://bit.ly/women-healthit-roundtable
VIDEOWomen in Health IT Roundtable: The need for mentorshipIn this clip from the Women in Health IT roundtable discussion at HIMSS16, Carl Steltencamp, MD, and Sue Schade discuss the general absence of female mentorship early in their careers.
CALENDAR OF EVENTS------------------------------------------------
INSIGHT 16MACRA: Make your voice heardThe voluminous rules hold big implications for physician practices. The comment period is key.
Chronic care managementIt could be worth $50 billion, some say. Is that hype or reality? Either way, innovation wins.
BRIDGING THE BIG DATA-
ANALYTICS GAPHOW REAL-TIME STRATEGIES CAN IMPROVE
QUALITY AND EFFICIENCY
Most providers know by now that they need to do more with their data (and if they don’t already, they will soon). But uncertainties about vendor partners, security, workflow and more are sometimes keeping them from making the most of population health management. Those who are able to sort out those challenges, however, are seeing big gains.
JESSICA DAVIS, ASSOCIATE EDITOR
Learn more at the HIMSS and Healthcare IT News Big Data and Healthcare Analytics Forum, June 14-15 at the Grand Hyatt San Francisco. Register at BigDataHITForum.com
COVER STORY www.HealthcareITNews.com | Healthcare IT News | June 20164
WITH THE government moving full-throttle toward value-based care initiatives that
tie reimbursement to quality, pro-viders have an even greater reason to proactively manage their patient populations to reduce risks across the care continuum.
The U.S Department of Health and Human Services announced in March it had already reached its goal of tying 30 percent of Medicare payments to value-based models in 2016 - nearly a year ahead of schedule. So it seems likely to meet or exceed its mission of having more than half of such payments be value-based by 2018.
It will take more than just data col-lection and good intentions for pro-viders to survive in the value-based world: they’ll need to leverage analyt-ics as a natural part of the IT strategy.
The problem is that although most healthcare executives see analytics as a tremendous opportunity, too many providers “don’t know what to do with it,” said Dave Dimond, chief technology officer at EMC’s global healthcare business.
For one thing, the industry as a whole hasn’t yet been able to fully embrace analytics because many orga-nizations are still struggling with the final implementation of meaningful use, he said.
For another, “consolidating orga-nizations are struggling to align data across multiple applications,” said Dimond.
“Patients are really demanding more personalized treatments,” he added. “But it’s something most orga-nizations won’t really take on until it’s become the standard of care.”
ZEROING IN ON STRATEGYAlthough population health manage-ment initiatives are certainly increas-ing in prevalence, providers are still struggling with the best way to make use of population health tools.
According to HIMSS Analytics’ 2015 Population Health Study, about 67 percent of organizations have population health programs in place. However, only a quarter of these pro-viders use a vendor-provided plat-form to address these specific needs.
HIMSS Analytics surveyed about 200 healthcare executives on their pop health initiatives and asked about their approach to tackling their popu-lation health IT needs. About 60 per-cent of the respondents said they’re without a population health consul-tant. But of the respondents without population health initiatives in place, more than half have plans to employ these types of programs in the future.
Having a well-considered strat-egy for how to put those analytics tools to work – how to use them, where, and, crucially, why – is essential, said Dimond.
“There’s lot of data that focuses over all of the patients. But it’s more about finding the patients we don’t see enough to make better decisions on their care. You have to look at the
trends for treatments and diagnostics of others patients to see what’s work-ing – and to engage them.”
Another big hurdle to more wide-spread use of pop health analytics is the effort being expended across the industry to keep that data safe.
“There’s a tremendous amount of energy expended on finding the best way to secure data,” said Dimond. “All of this time that could instead be used to discover ways to use data, such as precision medicine, population health and other research opportunities.”
Workflow is another consider-able challenge: 81 percent of health-care leaders polled in a 2015 survey sponsored by EMC said they aren’t able to act on data in real-time. Another 40 percent were unable to drive actionable results, and almost half of the respondents are unaware of how to cope with all of the data within their organization.
One-quarter of the respondents said they were experiencing “data overload.”
The amount of data is only going to increase. So healthcare organization need to start developing strategies to manage it to their advantage.
Providers “jumpstart engage-ment” with data – by not being shy about enlisting the help of vendor partners who can “come in with dif-ferent tools” that can help, Dimond said. “While doing that, you need to look at all kinds of data. It goes beyond the healthcare data model; you need to get involved with data science. From there you can start to build confidence in data, like with predictive analytics. Healthcare is just getting started.”
‘FILLING THE GAPS’Jessica Taylor, RN, care manager and clinical lead at St. Joseph Healthcare, says harnessing analytics has led to some big gains for the Bangor, Maine-based health system – dramatically reducing readmissions, helping cli-nicians discover high-risk patients, improving care management and utilizing real-time data.
“Analytics streamlines my ability to capture the highest risk patients, rather than trying to track down information,” Taylor said. “I can focus on patients with a higher risk for readmissions, instead of casting a wide net.
“It’s difficult, as a manager, to get information while patients are still admitted in the hospital,” she added. “But since the information is updated every evening, I can reach out to the patient before they leave the hospital.”
In January 2015, St. Joseph became the first healthcare insti-tution in the state to use analytics from across the state’s health infor-mation exchange, HealthInfoNet, for its daily operations.
Maine was one of the first states to achieve information exchange among all its hospitals statewide. The HIE connects nearly all of Maine’s 1.3 mil-lion residents, by collecting clinical
information from 32 of the 36 state’s acute care centers and 376 ambulatory providers. This allows all organiza-tions involved with HIE to contribute and utilize the data.
While many healthcare organi-zations use analytics software for some aspect of their procedures, the HealthInfoNet stands out, as the analytics program sits on top of the HIE. That way, clinicians can access real-time data from all hospitals connected to the HIE, said William Wood, vice president of medical affairs at St. Joseph.
Caregivers access the data entered overnight as their first task in the morning, said Taylor. In this way they can establish workflow charts, plan discharge paperwork and determine high-risk patients.
One of the biggest uses of the ana-lytics software for St. Joseph has been to reduce readmissions, Wood said. They’ve dropped below 10 percent – about 5 percent below the state aver-age. That includes a 15 percent drop in emergency department readmissions in a six-month period.
“Our readmissions are low, not because we’re keeping patients lon-ger,” he added. “We’re getting them home and using the tool to find those folks at risk to keep them home.”
HealthInfoNet’s vendor partner, Palo Alto, California-based HBI Solu-tions, proposed the idea of analytics to St. Joseph during a time when Maine Gov. Paul LePage was vetoing Medicaid expansion bills, said Wood.
“We were struggling to find those without insurance and then layer in the extra care management for these patients,” she said.
“When the tool was first intro-duced, I immediately checked for high-risk, uninsured patients,” he added. “We’ve worked the list and
now the high-risk patient admittance has dropped dramatically – now it’s fewer than 100 each year.”
“The ‘frequent flyers’ and high risk patients, we know who they are,” Taylor said. “They’re right in the fore-front of our tool. We can be proactive instead of reactive with care, when before we were waiting for these patients to come to us.”
It’s all about filling in the gaps and meeting those patients typically lost in the shuffle, said Wood.
St. Joseph is also reaching out to help providers who send their patients to them for care, ensuring they’re making the most of the technology.
“About half of our admissions come from Penobscot Community
Health Care, for example, which covers about 40,000 patients,” Wood said. “They have a very large care management program, and they’re just starting to use analyt-ics tools. We can step in and make sure they’re leveraging the analytics tools, as well.”
“I think if we didn’t have the tool, our care management department would be dramatically different,” Wood said. “It’s had a big impact on how we handle care management, into a clear and precise mission.”
RIGHT PATIENTS, RIGHT DATAWithout analytics, it’s impossible to achieve population health goals. Future problems within a health system can’t be addressed without looking at data in the present and creating care models based around real-time information.
That’s according to Betsy McVay, executive director of strategic ana-lytics at UnityPoint Health, one of the most integrated health systems in the U.S. The organization con-nects more than 3,500 providers
and 33 hospitals in nine regions throughout Iowa, Western Illinois and Southern Wisconsin.
UnityPoint uses Explorys for its predictive analytics technology, which draws upon data from more than 300 hospitals within the net-work. IBM acquired Explorys in 2015.
“Predictive analytics sounds pret-ty great, but we’ve tried to look at it as one of the tools in our toolbox,” McVay said.
Its biggest results from predic-tive analytics have come from its nationally recognized patient blood management tool, or PBM, which was implemented three years ago, she added. This tool helps us better implement evidence-based medicine practices.”
PBM was one of UnityPoint’s four critical initiatives to improve patient care. Executives sought to reduce known and unknown risks with blood transfusions, and to reduce costs. The tool tracks key data across multiple locations to meet these goals.
“Descriptive analytics compiled all of this data to bring this change together so we could provide better care for our patients,” McVay said.
At UnityPoint, analytics proj-ects are mostly related to popula-tion health management and care management.
According to McVay, predic-tive analytics is crucial to making sure the right patients are targeted with the right data. UnityPoint has improved clinical effectiveness, care quality and patient experience by looking at risk analytics and how to become fully utilized as an organiza-tion, she said.
“In the beginning, analytics was introduced as a way to better under-stand our population and how to man-age care,” she said. “We wanted to be able to intervene early and certainly mature our responsibilities into more descriptive and predictive actions.
David Dimond
“Analytics streamlines my ability to capture the highest risk patients, rather than trying to track down information.”Jessica Taylor, RN, care manager and clinical lead at St. Joseph Healthcare
COVER STORYJune 2016 | Healthcare IT News | www.HealthcareITNews.com 5
“We had to ask, ‘What can we change today, so we can improve that future outcome?’” McVay said.
Early on, “many departments were using analytics, but noth-ing was localized,” she said. “We recruited key members from tech-nicians to scientists to create the ideal team for predictive modeling. We wanted to create awareness throughout the organization to answer the tough questions.
“It’s sort of like evangelizing,” she added.
In fact, that was one of Unity-Point’s biggest challenges: uniting staff across the care continuum to understand the importance of predictive analytics and how it’s approached.
“We needed to connect the busi-ness side to the more technical com-ponent,” McVay said. “We know that sometimes analytics won’t provide the answer, but there are discussions that happen to address these needs.”
Another challenge was to keep the scope narrow enough, so as to not “boil the ocean and try to be everything to everyone,” she said. Goals should be realistic, while ensuring adoption is adequately supported at local sites.
“From a day-today perspective, in terms of large amounts of data, we look at the strategic uses at the clinical level and ensure we provide value,” said McVay. “In this way we’re not just moving data around, but rather focusing it where maybe just a report could be needed to drive that change.”
‘AVOIDABLE HARM’Children’s Hospital of Pittsburgh of UPMC was the first pediatric hospital in the U.S. to achieve Stage 7 recogni-tion from HIMSS. Lever-aging data analytics has been a significant initia-tive and commitment of time, said Srinivasan Suresh, MD, the hospi-tal’s chief medical infor-mation officer.
“We don’t just see it as another tool,” he said. “It’s not just an IT buzzword; it’s about improving care.”
The hospital utilizes multiple advanced analytics tools. One of them is a customized tool based on the Rothman Index, which uses an algorithm to generate an early warning sign indicator. The software pulls data from the Cerner EMR (including nursing assessments, which are textual) and translates it into a “Rothman score,” which ranges from 0-100, presented with graphs that track trends throughout admission.
Providers can predict when cer-tain patients may need a transfer to the intensive care unit. According to Suresh, the original model was only effective for adults. So Children’s, with help from clinical surveillance vendor PeraHealth, co-developed a
model specifically for children, by adjusting the variables based on age-based differences.
“The biggest overarching out-come is to eliminate avoidable
harm,” he sa id . “IT plays a big and meaningful part in improving care out-comes. We apply IT to reduce operational costs, improve system efficiencies, better understand workflow and reduce avoidable readmissions.”
The team spent the last two years exten-
sively testing the pediatric Rothman Index, or pRI, before it went live in November 2015. Although the lead-up time was long, it was important to ensure the value that the new score would provide to patients and clinicians, Suresh said:.“The biggest challenge to implementation is time.”
The pRI is a dynamic tool that is now available for every acute care patient in the hospital.
According to Suresh, another key aspect of a successful go-live is phy-sician buy-in. “It’s a critical part of implementation,” he said. “I want physicians and nurses to ask me lots of questions. That really helps me to serve their needs better.
“I have a great team,” he said. “When dealing with large amounts of data, it is the skill sets of the team members, and the teamwork that helps generate success.”
As part of building their analyt-ics platform, Children’s established a separate Data Warehouse team within their IT set-up. This helped to streamline data requests from clinicians and administrators, and also with the data mining projects.
“Advanced analytics is an abso-lute need,” said Suresh. “It’s an investment in time and resources. Although you may not see results early on, over time it reduces costs, length of stay and morbidity. … It’s important to keep focused on the long term outcomes.”
UNITING HEALTHCAREThere are two major roadblocks for analytics in healthcare, says Sriram Vishwanath, professor of engineering and data science at University of Texas, Austin. They have to do with two differ-ent mindsets: “The analytics is a commodity” and “It’s my data and I won’t share.”
In the “commodity” mindset, providers feel pressured to join the other organizations with analytics in place and rush out to hire low-cost engineers to create an analytics sys-tem. But according to Vishwanath, “this mindset is dangerous, as it leads to a lot of sub-standard dash-boards all being paraded around as predictive analytics solutions.
“Analytics isn’t just putting together a bunch of engineers,” he added. “Quality, team-skill, years of experience and depth of under-standing matter. It’s important to
recognize that analytics should be done right the first time, by work-ing with an exceptional, high quality team of PhDs.”
With the “I won’t share” mind-set, meanwhile, data is seen as a precious com-modity, and providers find it painful to let go of their data. This mentality is a common complaint, he said, but it’s “gradually chang-ing – albeit at a glacial pace.”
It’s important for all entities involved in healthcare to work together. Not just institutions as a whole, but also within an orga-nization, from the MDs to the C-suite.
“Working together is critical here, to accept that neither side knows it all and must learn from the other,” said CHP’s Suresh.
Other hurdles to overcome include bridging the gap between the providers who feel analytics are an overwhelming waste of time and the vendors who press that analytics are a fix-all solution for every problem.
Neither of these extremes is true, said Suresh.
“Predictions can never be 100 percent accurate; if they were 100 percent accurate one would call it a fact, not a prediction,” he said. “Is it right nine out of 10 times? Well, then you have a great
predictive engine in your hands. Healthcare predictions are meant to supplement, support and guide and can never be 100 percent accurate.”
“Healthcare has a long journey in find-ing true value from analytics,” he added. “There’s tremendous value for healthcare from analytics, when analytics is done right. Healthcare ana-lytics will, someday, change the way we manage care. This is not an if, it’s a when.”
To accomplish this task all stakeholders must be on the same page. For Vishwanath, those organizations attempting to leverage analytics must lean on professional vendors with established platforms in place and come prepared with goals. Analytics tools are only effec-tive when they are designed to meet a specific need within an organization.
“If the vendor can prove its accuracy and does so with rela-tive ease, put them on your target list,” Vishwanath said. “If they obfuscate with lots of buzzwords, walk away.” n
Learn more at the HIMSS and Healthcare IT News Big Data and Healthcare Analytics Forum, June 14-15 at the Grand Hyatt San Francisco. Register at BigDataHITForum.com
William Wood Srinivasan Suresh, MD
St. Joseph Healthcare in Bangor, Maine, makes use of analytics derived from the statewide HIE, HealthInfoNet.
COVER STORY www.HealthcareITNews.com | Healthcare IT News | June 20166
S:9.625"S:12.875"
T:10.625"©
20
16 O
ptu
m, I
nc.
HEALTHIER IS HERE
Modernizing health care is all about bringing the right people together to solve problems. As a health services and innovation company, we power modern health care by combining data and analytics with technology and expertise. That means stronger strategic partnerships and greater access to resources that enable the health system to work as one. Because when you start with better collaboration, what happens next is better care.
optum.com/healthier
© 2
016
Op
tum
, In
c.
EXPERTS
COLLABORATING ON CARE IS WHAT WE CALL
A HEALTH CARE
COMMUNITY
POLICYwww.HealthcareITNews.com | Healthcare IT News | June 20168
MACRA proposed rule streamlines federal programs including meaningful useThe new Advancing Care Information program would replace MU for Medicare physicians, aiming for ‘simpler, more connected, less burdensome technology’
MIKE MILIARD, Editor
THE U.S. Department of Health and Human Services issued a long-awaited proposed rule for the Medicare Access and CHIP
Reauthorization Act of 2015, or MACRA, on April 27, ushering in some big changes for the ways physicians are assessed for quality of care and use of information technology.
HHS recognizes that physicians are
NIST to release new guidance for strengthening hospital cybersecurityThe set of best practices will help healthcare organizations become more penetration-resistant, more effective at limiting damage attackers can inflict and ultimately better able to withstand cyberattacks
BILL SIWICKI, Managing Editor
THE NATIONAL Institute of Standards and Technology is poised to deliver new cybersecurity guidance, accord-ing to NIST fellow Ronald Ross.
NIST offers a security framework that was developed for the federal government that helps organizations understand, select and implement security controls.
Ross likened the NIST framework, devel-oped for the federal government under the Federal Information Security Moderniza-tion Act, to a very large catalog of privacy and security controls to safeguard the enterprise form hostile cyberattacks.
And the latest iteration comes as the proliferation of advanced technologies is rapidly exceeding healthcare executives’ ability to protect their organizations from cyberthreats, Ross added, because every
new system or device expands an organiza-tion’s attack surface.
“Organizations are buying as much IT as fast as they can to obtain greater capabili-ties,” Ross explained.
With that mad rush to embrace new tech-nologies, however, there are certain things that healthcare organizations cannot control, such as operating systems or databases, for which the best they can really do is keep pace with the patches vendors like Microsoft and Oracle distribute.
In the forthcoming guidance, he said that NIST is working to reduce complexity of sys-tems security engineering.
“The best way to describe the concept is like this: When you fly on an airplane or cross a bridge, you do so because you trust the air-planes we fly and the bridges we cross; you have confidence in the people who designed and built them,” he said.
To that end, the guidance will include best practices for building software and systems that are both secure and trustworthy.
“We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter,” Ross said. n
MACRA SEE PAGE 14
CMS puts focus on HIE, modernizes Medicaid managed care regs
In the first major overhaul of Medicaid managed care requirements in more than a decade, the Centers for Medi-care and Medicaid Services published new rules on April 25 that affect how Medicaid works for the nearly two-thirds of beneficiaries who get their coverage through private managed care plans. The rule finalizes a medi-cal loss ratio at 85 percent: Insurers
must spend at least 85 percent of their Medicaid revenue on medical care to improve quality. Health plans that don’t meet the goal will face future penalties in having their state rates lowered. On the health IT front, the rules encourage – but don’t require – commitment to the principles of health information exchange. “Health information technology and the electronic exchange of health information are important tools for achieving the care coordination objectives proposed,” according to CMS officials.
Regional Extension Centers had a ‘major impact,’ says ONC
In April, the Office of the National Coordinator for Health IT published an evaluation of the Regional Exten-sion Center program. The verdict: “Our efforts have already made a major impact,” wrote Thomas A Mason, MD, chief medical officer at ONC, in a blog post. “As of 2014, nearly all hospitals and approximately three-quarters of doctors reported using certified EHRs.
A key element of that rapid HITECH success was its REC program,” he wrote. “Through the REC program, ONC funded cooperative agreements with organizations across the nation to provide on-the-ground support to thousands of physicians working in solo and small practices, Federally Qualified Health Centers, and other provider organizations with a large number of underserved patients. Many other organizations that received REC support, such as Critical Access Hospitals, were in rural settings.”
NewYork-Presbyterian to pay HHS $2.2M for HIPAA violation
NewYork-Presbyterian Hospital and the Department of Health and Human Services’ Office for Civil Rights have agreed to a $2.2 million settlement in a case that stems back to filming of the TV series “NY Med,” which fea-tured Mehmet Oz, MD, a surgeon at the hospital and popular talk show host. In announcing the settlement, OCR called the incident – in which two
patients’ protected health information was revealed to film crews and staff without first obtaining authorization from the patients – “an egregious disclosure.” OCR found that NYP allowed the ABC crew to film someone who was dying and another person in significant distress, even after a medical professional urged the crew to stop. “This case sends an important message that OCR will not permit covered entities to compromise their patients’ privacy,” said OCR Director Jocelyn Samuels in a statement.
“We’ve developed this program using three principals,” said Andy Slavitt, acting administrator of the Centers for Medicare and Medicaid Services. “First, to be patient-centered. Second, to be practice-driven, so physicians can select among measures that are right for their practices. Third, to make it as simple as possible for physicians, we have thought about ways to unlock the role of information technology to support physicians.”
1-877-900-0246brighthouse.com/enterprise
Changing needs, clinical interoperability, mobility, and ever increasing data and security requirements
in healthcare can stretch your facility’s network and the IT resources that manage it. Work with a
Managed Services provider with trusted experience in your industry to secure your network and provide
real-time connectivity any time, any device. When it comes to your medical facility, we understand how
your IT infrastructure operates can be just as critical to providing patient care as a doctor’s diagnosis.
MANAGED SERVICES. A POWERFUL IT SOLUTION FOR HEALTHCARE.
©2016 Bright House Networks. Some restrictions apply. Serviceable areas only. Service provided at the discretion of Bright House Networks.
MANAGED SECURITY | MANAGED NETWORK | MANAGED WIFI
POLICY www.HealthcareITNews.com | Healthcare IT News | June 201610
Maine becomes second state to require electronic prescribing for controlled substances
An Act to Prevent Opiate Abuse by Strengthening the Controlled Substance Prescription Monitoring Program also requires doctors to undergo addiction training every two yearsBERNIE MONEGAIN, Editor-at-Large
MAINE GOV. Paul LePage has signed into law a bill that mandates electronic prescribing for con-trolled substances. Maine is the
second state to do so. In New York the man-date took effect March 27.
“An Act To Prevent Opiate Abuse by Strengthening the Controlled Substances Prescription Monitoring Program” requires prescriber participation in the Prescription Monitoring Program and sets limits for the strength and duration of opioid prescriptions, beginning January 2017.
The law also calls for prescribers to under-go addiction training every two years.
LePage introduced the legislation after meeting with the widow of a working man who was over-prescribed opiates following a workplace injury. The man became addicted to the medication and eventually moved to heroin use, which led to his untimely
overdose death, according to a statement from the governor’s office.
“Heroin addiction is devastating our com-munities,” LePage said in a statement. “For many, it all started with the overprescribing of opioid pain medications.”
The new law also makes Maine the third state in the nation to set a cap on the daily strength of opioid prescriptions.
In an effort to prevent diversion and abuse, the legislation caps scripts for acute pain at seven days and for chronic pain at 30 days beginning in January 2017.
“This admirable move is a critical next step in helping prevent opioid abuse and save lives across the state by leveraging technology that is readily available to doc-tors and pharmacists today,” Paul Uhrig, e-prescription tech company Surescripts’ executive vice president, chief adminis-trative, legal and privacy officer, said in a statement. n
Docs in value-based models more likely to use EHRs for improved care processesHabits of physicians working within ACOs and PCMH programs suggest IT-enabled care delivery improvements are workingMIKE MILIARD, Editor
CARE COORDINATION, quality mea-surement, patient engagement and population health management strategies are routinely used by
physicians with electronic health records who participate in accountable care organizations or patient-centered medical homes, accord-ing to a new study published in the American Journal of Managed Care.
Aiming to find out whether doctors using health IT and working within new reimbursement models were actually employing improved care processes, researchers Jennifer King, Vaishali Patel, Eric Jamoom and Catherine DesRoches examined cross-sectional data on office-based physicians from the 2012 National Ambulatory Medical Care Physician Workflow Survey.
“Early indicators suggest strong physician participation in initiatives to support health IT adoption and to reform healthcare payment and delivery,” they said. “However, evidence on whether provider participation in these initiatives has translated to better care delivery is just beginning to emerge.
“Although studies prior to HITECH and the ACA found health IT and external reporting or payment incentives to be associated with
a higher likelihood of performing these care processes,” they added, “they are performed at low rates even when these factors are in place.”
King et al. examined how ACO and PCMH docs used their EHRs for 14 specific processes in four categories: population management, quality measurement, patient communication and care coordination.
They found that those factors were independently associated with better processes: “Physicians who were using EHRs in combination with participation in ACO or PCMH initiatives had the highest likelihood of routinely performing the care processes.”
Indeed, those docs “were between 6 and 22 percentage points more likely to routinely perform the care processes than physicians with EHRs alone.”
While fewer than half (44 percent) reported routinely doing quality measurement, substantial majorities of docs said they routinely engage in care coordination (89 percent), patient communication (69 percent), and population management (67 percent).
“Given the cross-sectional nature of this study, these results do not establish a causal relationship between payment reform, EHR use, and these care processes,” researchers said. “Nonetheless, this finding is consistent
with other research that shows that healthcare providers are most likely to perform these care processes when practicing in a payment environment that incentivizes and supports such care.”
Moreover, many U.S. physicians are still “not performing these processes routinely,” researchers said. “Our analysis highlights
several specific areas including popula-tion management processes that require the aggregation and analysis of individual patient data and communication with patients and other care team members where additional technology and policy supports may be important to facilitate wider adop-tion of these activities.” n
“Early indicators suggest strong physician participation in initiatives to support health IT adoption and to reform healthcare payment and delivery.”
Maine State House
POLICY www.HealthcareITNews.com | Healthcare IT News | June 201612
ONC offers 4 ways to build better EHR comparison shopping tools
The Office of the National Coordinator for Health IT said it can harness data it already has to help providers make better electronic health record purchasing decisions MIKE MILIARD, Editor
THE OFFICE of the National Coordi-nator for Health IT put forth its suggestions for helping hospitals, physicians and other care provid-
ers make more informed decisions about the technologies they buy in a report to Congress the third week of April.
“As the variety of health IT products increases, health IT comparison tools will become increasingly critical to the provider community in the near future,” said ONC in its “Report on the Feasibility of Mechanisms to Assist Providers in Comparing and Selecting Certified EHR Technology Products.”
In its testimony on Capitol Hill, ONC points out that many similar ratings tools already exist – a dozen and a half of them, in fact, many of them commercial products or developed by professional medical societies for their members’ use.
Rather than developing another, the agency suggested that its strength is the data it has accrued, which could be furnished to the private sector to help providers make better decisions.
ONC spotlighted four mechanisms that could help improve the ability to compare
and select certified health IT. Two of them focus on providers looking to make smarter choices about certified health IT; two target comparison tool developers themselves, aiming to help them develop better systems.
The first is to give ongoing technical assis-tance to a broad spectrum of the healthcare community specialists, rural providers, behavioral health and long-term/post-acute providers and more.
Choosing tools that make the most sense for a given provider’s “unique clinical needs” demands a certain technical expertise, as well as an understanding of the needed functionality for federal and state quality improvement and value-based payment programs, said ONC. “Although a number of existing comparison tools present comparative information for providers with different knowledge sets, segments of the healthcare community may be unaware of these resources.”
Following from that, the second suggestion is a clearinghouse of comparison tool products that can be shared with the healthcare community to improve awareness of what’s available.
“Comparison tools exist that may range in cost from free to several thousand dollars for access,” ONC noted. “Identifying the comparison tool that best addresses the provider’s needs may be particularly challenging to providers in under-resourced and small practices.”
One mechanism to help fix that could be a website that compiles data on all of them: “A clearinghouse of comparison tools could be developed and shared widely with the healthcare community,” identifying tools’
scope, intended audience, relevant business practices and cost, according to the report.
ONC’s third strategy is to make data more publicly available to enable improvements in the comparison tools themselves.
Detailed data ONC obtained through its certification activities will become available with the release of an updated version of its Certified Health IT Product List this spring. The new “open-data” CHPL will provide more information consistent with the new reporting
requirements for health IT certified under the ONC Health IT Certification Program.
“Subjective product reviews and rankings of certified health IT should continue to be the purview of the private sector and professional societies that best understand the needs of their constituents,” ONC said.
The fourth suggestion points to the need for better collaboration among the government, comparison site developers and other healthcare industry stakeholders: “In its role as a coordinator, ONC could work
with the healthcare community to solicit feedback on comparison tool needs and share best practices with the comparison tool community,” according to the report.
“Health IT selection is challenging, and the impact of making a wrong decision is costly and time-consuming,” said ONC. “While the certified health IT comparison tool marketplace is robust and diverse, there are still significant gaps in not only the marketplace itself, but also in the ability of providers to use the tools to make informed decisions.
“ I m p r o v i n g c o m p a r i s o n t o o l s ’ functionality and utility is only one component in ensuring providers have health IT that supports safe, efficient and effective care,” it added. “Improving providers’ ability to compare and select certified health IT will require multiple mechanisms that rely on support from both the federal government and private sector.”
The overarching question is what role the government should have in developing those tools. This past fall, for instance, Sens. Bill Cassidy, MD, R-Louisiana, and Sheldon Whitehouse, D-Rhode Island, introduced the Transparent Ratings on Usability and Security to Transform Information Technology, or TRUST IT Act, which calls for a Health IT Rating Program to assess and score technology in its interoperability, usability, security and more.
The legislation calls for the program to be overseen by a so-called development coun-cil, convening members of accredited certify-ing groups, testing labs and ONC. It would grade systems on a three-star scale, helping healthcare organizations better compare and contrast prospective purchases. n
Rather than developing another rating tool, ONC suggested that its strength is the data it has accrued, which could be furnished to the private sector to help providers make better decisions
The world’s spotlight is on Ohio. Last year, Ohio added over 82,000 new private sector jobs. Our large metropolitan areas are ranked among the hottest cities for
growth. We even have 19 of the Top 100 micropolitan cities—more than the next two states combined. If your business is looking
to expand and grow, it’s time to take a closer look at Ohio. Find out what Ohio can do for your business at jobs-ohio.com.
Welcome to Ohio. It’s on.
POLICY www.HealthcareITNews.com | Healthcare IT News | June 201614
WOMEN IN HEALTH IT GET INSPIRED
healthcareitnews.com/womeninhit#WomeninHIT
“We are going to go beyond what we are already doing.”
— Carla Smith EVP HIMSS North America
WomenHIT-1.2h_516.indd 1 5/5/16 10:20 AM
currently buckling under the demands of a “patchwork” of quality- and value-mea-suring programs such as ACOs, the Com-prehensive Primary Care Initiative and the Medicare Shared Savings Program – as well as the Physician Quality Reporting System, the Value Modifier Program and, of course, the Medicare EHR Incentive Program, or meaningful use.
The new proposed rule would streamline aspects of many of those into something called the Quality Payment Program, which includes two paths: the Merit-based Incentive Payment System, or MIPS, and advanced Alternative Payment Models, or APMs.
The majority of Medicare docs will participate, at least at first, in MIPS, according to HHS. That program allows Medicare clinicians to be reimbursed by showing success in four categories: quality, cost, advancing care information, and clinical practice improvement activities. Under the MIPS proposed rule:
■n Quality accounts for half of a total score in year one of the program. Clinicians would choose to report six measures from among a range of options that accommodate differences among specialties and practices.
■n Cost accounts for 10 percent of total score in year one. The score would be based on Medicare claims, meaning no reporting requirements for clinicians, HHS points out. This category would use 40 episode-specific measures to account for differences among specialties.
■n Clinical Practice Improvement
Activities count for 15 percent of total score in year one – rewarding clinical practice improvements, such as activities focused on care coordination, beneficiary engage-ment, and patient safety. Clinicians may select activities that match their practices’ goals from a list of more than 90 options.
■n Advancing Care Information counts for 25 percent of total score in year one. Here, clinicians choose to report customizable mea-sures reflecting their use of technology in day-to-day practice – with a particular emphasis on interoperability and information exchange. HHS emphasizes that, unlike current report-ing program, this category would not require all-or-nothing EHR measurement or redun-dant quality reporting.
CMS would begin measuring perfor-mance for doctors and other clinicians through MIPS in 2017, with payments based on those measures beginning in 2019.
As for Advanced Alternative Payment Models, Medicare docs who participate “to a sufficient extent” in various APMs could be exempt from MIPS reporting requirements and qualify for financial bonuses, according to HHS, but the burden to prove that seems high. These models include the recently-unveiled Comprehensive Primary Care Plus (CPC+) model, Next Generation ACOs and others “under which clinicians accept both risk and reward for providing coordinated, high-quality care.”
“We’ve developed this program using three principals,” said Andy Slavitt, acting administrator of the Centers for Medicare and Medicaid Services during a conference call Wednesday afternoon.
“First, to be patient-centered to promote
our true goal, the highest quality and most coordinated care for beneficiaries,” he said. “Second, to be practice-driven, so physicians can select among measures that are right for their practices. And third, consistent with the goals of the legislation to make it as simple as possible for physicians, we have thought about ways to unlock the role of information technology to support physicians. The meaningful use program is being replaced with a simpler program.”
UNLOCKING THE FULL POTENTIAL OF HEALTH IT In a blog-post coauthored by Slavitt with National Coordinator Karen DeSalvo, MD, the officials reemphasized that all these changes impact only Medicare payments to physician offices – not Medicare hospitals or any Medicaid programs.
They did note, however, that CMS and ONC are “already meeting with hospitals to discuss potential opportunities to align the programs to best serve clinicians and patients, and will be engaging with Medicaid stakeholders as well.”
Meanwhile, they offered some further insight into what the Advancing Care Information component of MIPS would mean for physicians’ use of health information technology and the shift away from meaningful use.
Enabling providers to be more “patient-centric, practice-driven and focused on connectivity” is essential, they said, but the existing Medicare meaningful use program for physicians wasn’t always helping further that goal.
In contrast, the new MIPS program aims
to “support the vision of a simpler, more connected, less burdensome technology.”
Advancing Care Information would allow physicians to report on the measures that best reflect how they use IT, simplify the process for achievement by offering mul-tiple means of success and eliminate an all-or-nothing approach to EHR measurement or quality reporting, they said.
In addition, the rule would offer simplifications such as reducing reporting to a single public health immunization registry, exempting certain physicians from reporting “when EHR technology is less applicable to their practice” and allowing physicians to report as a group.
The proposed MIPS rule also focuses on “an all-time low of 11 measures” according to the post, and no longer requires docs to report on clinical decision support or computerized provider order entry.
The program would be aligned with ONC’s 2015 Edition Health IT Certification Criteria, with an emphasis on interoperability, health information exchange, security measures and patient access.
With newly-certified technology required to use APIs, the rule would broaden the connectivity options open to physicians, enabling them to make wider use of apps, analytics tools and other consumer devices.
By ensuring health IT is “more open and plug-and-play,” the aim was to “put the power back in the hands of physicians,” said Slavitt on Wednesday’s conference call. “We have designed a powerful pro-gram that is much easier to use, lower-burden and that promotes connectivity and innovative technology.” n
MACRACONTINUED FROM PAGE 8
www.MazikGlobal.com
INSIGHTwww.HealthcareITNews.com | Healthcare IT News | June 201616
STARTING IN 2019, Centers for Medicare & Medicaid Services, will change how they pay physicians in a profound way. Unfortunately, the details are compli-
cated and confusing, and many of the particulars have yet to be worked out, which has led many healthcare leaders to glaze over the details and focus on more immediate concerns.
However, disengagement is a strategic mis-take because while the Medicare Access & CHIP Reauthorization Act of 2015, or MACRA, details are intricate, the outline is clear. Providers and health-
care organizations must begin now to prepare for advanced value-based care models to maximize the benefits from MACRA.
MACRA’s repeal of the Medicare Sustainable Growth Rate, the prior standard set of changes used to implement the physician fee schedule, was an attempt by Congress to control ever-rising medical costs. In SGR’s stead, Congress has implemented MACRA, which consists of the Merit-based Incentive Payment System, or MIPS, and Alternative Payment Models, APMs.
Together, MIPS and APMs establish a new
framework that streamlines existing quality reporting programs into one system and, in doing so, fundamentally changes how clinicians get paid.
THE MACRA TRACK DIFFERENTIAL At its core, MACRA seeks to tie 90 percent of reim-bursement to quality by 2018 and gives health care providers two payment tracks or options: Merit-Based Incentive Payment System, Track 1, and Alternative Payment Models, Track 2.
MACRA-economics 101: Prepare today for tomorrow’s outcomes Together, MIPS and APMs establish a new framework that streamlines existing quality reporting programs into one system and, in doing so, fundamentally changes how clinicians get paidARIEN MALEC, RelayHealth
MACRA SEE PAGE 25
2 Monument Square, Suite 400 Portland, Maine 04101
T (207) 791-8700 F (207) 791-8794
John Whelan, Executive Vice President [email protected] Dinsmore, VP, Operations [email protected]
Gus Venditto, VP, Content [email protected]
EDITORIAL
Tom Sullivan, Editor-in-Chief [email protected]
Mike Miliard, Editor [email protected]
Bill Siwicki, Managing Editor [email protected]
Jessica Davis, Associate Editor [email protected]
Bernie Monegain, Editor-at-Large [email protected]
ADVERTISING / LEAD GEN / MARKETING OPPORTUNITIES
NATIONAL SALES DIRECTOR
Jane Bogue [email protected]
(207) 337-4313SENIOR DIRECTOR, CUSTOM SOLUTIONS
& STRATEGIC ACCOUNTS
Betsy Kominsky [email protected]
(312) 502-2773EVENTS
Roz Burke [email protected]
(773) 318-9710SALES ADMINISTRATOR
Mary Taylor [email protected]
(207) 791-8716NEW ENGLAND
Regina Dexter [email protected]
(603) 204-0709SOUTH/SOUTHEAST
Cathleen Martindale [email protected]
(727) 376-2900MIDWEST
Randy [email protected]
(630) 790-0737
MIDWEST/WEST
Kelly [email protected]
(312) 867-1473WEST
(312 )515-6956NORTHEAST/MIDATLANTIC TERRITORY
Deborah [email protected]
(207) 233-5242
PRODUCTION / TRAFFICKaren Diekmann, Production Manager
[email protected] DEVELOPMENT
Elizabeth Clancy, Senior Manager [email protected] CUSTOMER SERVICE
(847) 763-9618 F (847) 763-9541 [email protected]
Reprints: The YGS Group (800) 290-5460 x100, [email protected]
List rentals: Information Refinery (800) 529-9020 x25, [email protected]
EDITORIAL BOARD
John Glaser, SVP, Cerner, Kansas City, Mo. Denni McColm, CIO, Citizens Memorial
Healthcare, Bolivar, Mo.Jane Olds, COO, Louisiana
Health Network, New OrleansWes Rishel, vice president, Gartner, Inc.
Paul Tang, vice president, CMIO, Palo Alto Medical Foundation, California
Steven Waldren, director, Center for Health IT, American Academy of Family Physicians
www.HealthcareITNews.com
2013 JESSE NEAL AWARD WINNER
MACRA: Make your voice heardW
HEN THE Centers for Medi-care and Medicaid Services released the notice of pro-posed rulemaking for the
Medicare Access and CHIP Reauthoriza-tion Act, or MACRA, it made a big deal of the fact that the carefully-crafted rule was based on “unprecedented” levels of input from frontline clinicians.
“We spoke with over 6,000 stakehold-ers across the country, including clinicians and patients, in a variety of local communities,” said Act-ing CMS Chief Andy Slavitt in announcing the new rule, with its Merit-based Payment System, or MIPS, whose Advancing Care Innovation component would replace meaningful use for Medi-care physicians.
Listening to stakeholders is good. Not so good? The verdict on the proposal soon delivered by Beth Israel Deaconess Medical Center CIO John Halamka, MD, who spent 20 hours reading all 962 pages of the notice.
“The folks at CMS are very smart and well meaning, but it’s hard for me to imagine imple-
menting the NPRM as written in the time-frames suggested,” wrote Halamka on his blog. “Sometimes when you remodel a house, there is a point when additional improvements are impossible and you need to start again with a new structure.”
Remarkably, he added: “As a practicing clinician for 30 years, I can honestly say that it’s time to leave the profession if we stay on the current trajectory.”
That’s hardly a ringing endorsement.Still, Halamka wasn’t quite ready to give
up hope – and was withholding judgement until public feedback had been logged and digested.
“I will watch closely for comments from organizations such as the AMA, AHA and clinician practices,” he wrote. “Maybe the upcoming presidential transition (whoever is elected) will give us time to pause and reflect on what we’ve done to ourselves.”
CMS has the best of inten-tions, of course. It wants phy-sicians to use technology to the best of their abilities, to deliver the best possible care. It engaged in “extensive ses-sions and workshops” to find the optimal way of enforcing that while being sensitive to physicians’ needs.
It learned that a “near-univer-sal” vision shared by those they spoke to looked like this: “Physicians, patients and other clinicians collaborating on patient care, by sharing and building on relevant information.”
The response, then, was to keep empha-
sis on interoperability and data exchange, prioritizing plug-and-play technology tai-lored to unique workflows, while offering a flexible reporting structure in place of the much-maligned meaningful use.
Advancing Care Information is meant to do that, said Slavitt – allowing clinicians to pick the measures that best reflect how they use IT, streamlining and simplify-ing reporting requirements, aligning with
ONC’s 2015 certification criteria (which require APIs for easier patient access), exempting certain physicians and more.
But it’s not quite so simple. Arguably the opposite, in fact: The rules put forth in MACRA “are so overwhelmingly com-plex that no mere human will be able to understand them,” Halamka wrote.
As John Goodson, MD, associate professor at Harvard Medical School told Healthcare IT News recently, this new framework, billed as a more palatable replacement for burdensome meaningful use, is simply “a whole new set of complications and implications.”
MACRA is a “transformational” piece of rulemaking, Goodson said. “They’re being extraordinarily aggressive.”
Not least on the timing of it all. Report-ing for Advancing Care Information would begin January 1, 2017, as the rule currently stands, with payments doled out based on those measures starting in 2019.
As hard as it is to think about the winter as June blooms, January is pretty soon.
Even sooner, however, is June 27, 2016. That’s the last day for public comment on the proposed rule.
Goodson thinks there will be “a lot of pushback” on that 2017 reporting start. “There’s going to be some backing down just because of the logistics of this and because it’s going to take a while for pro-viders to make these adjustments.”
But none of that will happen if physicians don’t offer their feedback.
Hospitals, currently unaffected by the proposed rule, could eventually be in for a change too, by the way: “We are already meeting with hospitals to discuss potential opportunities to align the programs to best serve clinicians and patients,” said Slavitt the same day the NPRM was published in April.
In May, he spoke to the American Hos-pital Association. “We need meaningful engagement on this proposal,” he said.
All industry stakeholders owe it to CMS – and to themselves – to take his advice to heart. n
MIKE MILIARD, Editor
CMS has the best of intentions, of course: It wants physicians to use technology to the best of their abilities, to deliver the best possible care. But one longtime clinician and CIO says the rules put forth in MACRA “are so overwhelmingly complex that no mere human will be able to understand them.” It’s up to industry stakeholders to weigh in, while the comment period is still open, to keep them manageable.
INSIGHTJune 2016 | Healthcare IT News | www.HealthcareITNews.com 17
TRACK 1: MERIT-BASED INCENTIVE PAYMENT SYSTEM (MIPS)The MIPS track combines the Physician Quality Reporting System, the Value-based Payment Modi-fier and the Medicare electronic health record incentive program into a single consolidated pro-gram with the four categories generating a com-posite performance score. The CPS determines whether a clinician receives a greater or smaller fee or no fee adjustment.
IMPORTANT CONSIDERATIONSFrom 2019 to 2025, the base physician fee schedule is frozen, which means clinicians’ fees in 2019 are the base rate pay through 2025. In post-inflation terms, that means clinicians will be making less in fee-for-service base rates.
With few exceptions, clinicians must partici-pate in the MIPS incentive program, which means a provider must report quality measures, demon-strate outcomes for quality measures and demon-
strate meaningful use. Depending on performance and the MACRA year, clinicians will receive a 4-9 percent increase or a 4-9 percent decrease in their year-over-year fee-for-service payment.
MIPS is revenue-neutral, which means if one clinician is making more in fees, another is mak-ing less. In a sense, Track 1 puts all providers in a race against each other to improve quality, and it raises the stakes for continual year-over-year qual-ity improvement.
TRACK 2: ALTERNATIVE PAYMENT METHODS (APMS)The APM track is geared towards advanced accountable care organizations, patient-centered medical homes and the like. Only the most advanced forms that expose providers to both upside and downside financial risk will qualify.
Providers who choose the APM track are excluded from MIPS adjustments and will instead receive a lump sum incentive payment equal to 5 percent of the prior year’s estimated aggregate expenditures under the fee schedule. The 5 percent incentive payment is in effect from 2019 to 2024.
Also, providers can retain savings from improved quality and efficiency of care under the advanced APM program. If organizations provide high qual-ity at a low cost, they get more money. If organiza-tions do poorly, they receive less money.
IMPORTANT CONSIDERATIONS Providers’ quality of care will be measured, and it’s going to have a much larger impact than the meaningful use incentive program. Here are tips for how you should prepare:
Educate. Providers need a firm understand-ing of their population health approach, robust productivity strategy and an awareness that use of certified EHR technology is written into legis-lation. Clinicians choosing the MIPS track must recognize that 25 percent of the total adjustment is based on meaningful use.
Incorporate data & analytics. Annually, the amount of healthcare data grows by 48 percent. Clinicians need to think about how they are acquiring and aggregating the data they need to get the full view and manage the whole patient. ACOs need the analytics capabilities to measure
quality at the population level, not just the indi-vidual patient level, and the work of assembling and aggregating data takes time.
Preplan and refocus on clinical quality. If not already part of an ACO, providers should put togeth-er an application for one of the CMS models. If you already have strong analytics, identify the areas you need to improve. In a value-based environment, the focus must shift to cost structure rather than revenue increases, and a strategy must be in place to lower costs without sacrificing quality.
As the industry wades deeper into MACRA and value-based reimbursement, how physicians get paid and whether they’ll earn enough to sustain a viable practice will be the primary concerns. My advice is to proceed thoughtfully as you restructure your business to mirror a value-based approach. As the healthcare landscape transforms, your practice needs to change with it. But act swiftly because the effectiveness of any strategy depends on prepa-ration. The ability to shift your focus to the new structure required by value-based reimbursement is essential because you’ll be measured based on activity in 2017, and that’s right around the corner. n
MACRACONTINUED FROM PAGE 16
Chronic care management: Is the $50 billion market more hype than reality?Here’s the rub: $50 billion might be hyperbole, but $5 billion is still a sizable enough market to drive innovations
WHEN THE Centers for Medi-care and Medicaid Services revealed that it would start paying, under CPT code 99490,
for “non face-to-face care coordination ser-vices,” one might have expected providers to rush en masse to cash in on what appears to be reasonably easy revenue. In certain instances, 99490 affords healthcare organizations to bill CMS for services they were already providing essentially for free.
That did not exactly happen in the chronic care management program’s first year. One reason, of course, is that CMS only gave the industry about 4 months notice that 99490 would kick in on January 1, 2015 – and even then it was essentially, if perhaps accidentally, advertised as a new telehealth code.
Whereas mHealth, telehealth, even POTS (Plain Old Telephone Service) products are key pieces in a chronic care management program, they’re really just technological underpinnings enabling an initiative with much, much bigger potential.
WHAT ‘BIG’ MIGHT MEAN One way to calculate the poten-tial total is to take the 36 mil-lion Medicare patients with two or more chronic conditions and mul-tiply that by the approximately $40 dollars (rounding down from for simplicity’s sake) per month CMS will pay for 20-minute con-sults and then multiply that by 12 months to arrive at: $17.2 billion. Every year.
That whopping total, however, requires that every single one of those 36 million patients enlist in a chronic care management pro-
gram, then be treated via non-face-face means monthly, and the provider has to track each session and bill accordingly.
At the risk of calculating overzealously, that $17.2 billion figure represents only the oppor-tunity afforded by treating Medicare patients. When private payers follow CMS’ lead and start paying for 99490, the market could effec-tively triple to some $51 billion annually.
But let’s not get ahead of ourselves just yet.
MEANINGFUL USE: A CCM PRECURSOR? Whether you consider meaningful use an abys-mal failure or a veritable roadmap for digi-tizing a $2.7 trillion industry in seven years, one aspect of it is undeniable: the program succeeded in pushing a lot of taxpayer money into the hands of hospitals and, in turn, EHR makers. CMS, in fact, has disbursed more than $30 billion to date.
Indeed, just as incentivizing hospitals to spend hundreds of thousands, if not double-digit millions, on EHRs opened doors for those vendors, care management and population health software purveyors are eyeing a similar opportunity around CCM.
Chronic care management, as a technology product and healthcare services market, is nascent. Despite the already widespread appreciation of CCM’s potential benefits, and evidence that hospitals’ inter-est in CCM is on the rise, the reality is that only 13 percent of participants in a recent study have actually filed a 99490 claim and been paid, according to research conducted by Enli
Health Intelligence and the consultancy Pershing, Yoakley and Associates.
HERE’S WHAT HAS TO HAPPEN The math about CCM’s potential growth, while simple, is currently rooted more in the hypothetical than the concrete.
Yes, the market could expand somewhere close to the vicinity of $51 billion, but both
CMS and providers face obstacles.CMS, for its part, will have to clarify
a number of facts, including the billing to lessen the paperwork burden, tweak what can and cannot be counted as part of the 20-minute monthly consult, waive or reduce the necessary co-insurance for participating, and perhaps most important better outline the value of CCM for patients and their families to make it easier for hos-pitals to enlist prospects with two or more chronic conditions.
On the caregiver side, providers need to automate the process of identifying and noti-fying qualified candidates and then manage the care team workflow effectively to ensure both proper follow-up and billing CMS for the work.
That right there is the technology heavy lifting necessary to institute a chronic care management plan and the reason why popu-lation health management platform vendors are moving toward CCM.
And the fact that if 30 percent of those eli-gible to participate actually do so, the CCM market will surpass $5 billion annually.
INEVITABLE GROWTH Even if the first year of CCM was arguably slow in terms of consumers and providers getting on board, there’s one other factor to consider: the so-called silver tsunami.
CMS statistics suggest that Medicare cov-ered 55.3 million people as of 2015 – approxi-mately 69 percent of whom have two or more chronic conditions, that being the qualifying criteria to enroll in CCM – and CMS is pro-jecting that number of total beneficiaries to skyrocket close to 80 million by 2030.
The pool is growing and, along with it, the number of qualified CCM participants and the amount CMS will pay out every year. And that will drive innovations as chronic care manage-ment vendors compete to differentiate them-selves and other technology titans step into this realm, too. n
TOM SULLIVAN
INNOVATION PULSE
CLINICALwww.HealthcareITNews.com | Healthcare IT News | June 201618
U.S. Coast Guard pulls out of Epic EHR contractOfficials determined there were 'significant risks' to continuing rollout
JESSICA DAVIS, Associate Editor
THE UNITED States Coast Guard has terminated its electronic health record contract with Epic.
Officials uncovered various irregularities, which drove the final deci-sion to terminate the contract, Lt. Cmdr. Dave French, the Coast Guard's chief of media relations, told Healthcare IT News.
In 2010, the Coast Guard awarded a $14 million contract to Epic to design its com-mercial off-the-shelf EHR product. In the following years, the initiative expanded into a broader re-engineering project known as the Integrated Health Informa-tion System, or IHiS.
That expansion increased the cost and technical complexity of the project, said French.
"In 2015 the Coast Guard determined there were sig-nificant risks a s s o c i a t e d with continu-ing the IHiS project and decided not to exercise further con-tract options," he said.
" T h e d e c i -sion was driven by concerns about the project's ability to deliver a viable product in a reasonable period of time and at a reason-able cost," said French. "As a result of the analysis that led to the discontinuation of the project, various irregularities were uncovered, which are currently being reviewed."
Officials are in the process of reviewing and closing out contracts and settling outstanding invoices and potential claims, he said.
The Coast Guard will restart its search for another EHR system and thoroughly evaluate its options for potential alternatives. There's currently no projected timeline for the deployment of the new system.
Paper-based records will be used in the interim, without interruption of service to members and dependents, French said.
On April 26, Epic posted a fact sheet offering its side of the story:
"The Coast Guard purchased our ambula-tory software in 2010, with a projected go-live date in 2011. Epic implementations have an excellent record in the industry for going live on time. A typical implementation of this scope takes 12-15 months.
"We worked closely with the Coast Guard and Leidos, which was selected by
Coast Guard to be their tech-nical support. Epic was
in charge of leading the Epic software
implementation, Leidos was in charge of tech-nical setup, and the Coast Guard was in charge of pro-curement and subject matter
expertise."There were
many unusual issues which were not initiat-
ed by Epic. These included extensive hardware procurement
delays, changes in third-party vendors with subsequent re-contracting mid-install, a change in data center, and an untimely Gov-ernment investigation to validate if payment was being made from the right account, each of which caused significant delays.
The go-live was set for October 2015 but, "for reasons we do not know," the Coast Guard decided not to continue the contract. n
Mount Sinai signs on with OpenNotes, gives patients access to their medical record via portalThe health system joins Geisinger, Kaiser Permanente, Beth Israel Deaconess Medical Center and others in offering in-depth patient engagement opportunitiesBERNIE MONEGAIN, Editor-at-Large
NEW YORK'S Mount Sinai Health Sys-tem is joining other high-profile health systems across the nation in embracing OpenNotes, an ini-
tiative that gives patients access to their care provider's notes in their medical records.
The notes are available for the first time in the health system's online electronic health record portal, called MyMountSinaiChart. Users can now read details of their office visit from the convenience of their personal computer, tablet or smartphone.
MyMountSinaiChart, launched in 2012, also enables patients to communicate with their doctor, access test results, request prescription refills and manage appointments.
The goal of OpenNotes is to improve trans-parency, communication and trust between patients and physicians and it's working, Mount Sinai officials say.
"When patients can access their physicians' notes, they can better understand their medical issues and treatment plan as active partners in their care," said Sandra Myerson, chief patient experience officer at the Joseph F. Cullman, Jr. Institute for Patient Experience at Mount Sinai.
"This can ultimately lead to improved patient engagement, patient empowerment and com-munication between patient and physician," she added.
"Patients expect and deserve to have full access to their medical records, and the Mount Sinai Health System is committed to meeting this expectation," Jeremy Boal, MD, chief medi-
cal officer at Mount Sinai Health Systems, said in a statement.
Four Mount Sinai physicians in various clinical practices conducted the initial OpenNotes pilot beginning in December 2015. n
Intermountain, Stanford forge precision medicine partnership
Intermountain Healthcare and the Stanford Genome Technology Center will work together on research aimed at developing advances in precision health. Comprising the team of researchers, clinicians and other experts are members of the Stanford Genome Technology Center and Intermountain's Precision Genomics
Core Laboratory. Together, they will focus on identifying novel biomarkers using an advanced array of technologies developed at SGTC, and with an emphasis on solving clinical issues for patients. One of the key objectives in the collaboration is to determine the clinical benefits associated with applying molecular analysis to patient care. Lincoln Nadauld, MD, executive director of precision medicine and genomics at Intermountain, says the initiative will lead to the development of new technology.
Centra Health to deploy Cerner EHR, HealtheIntent platform
Centra Health announced on Thurs-day that it will deploy Cerner Mil-lennium on both the clinical and business sides, including revenue cycle and patient health manage-ment. Centra will also implement HealtheIntent, Cerner’s population health management platform. In addition, Cerner will support Cen-
tra’s growing health plan, which covers more than 45,000 individuals. With five hospitals and 50 ambulatory and long-term facilities, the Centra is one of the largest healthcare systems in central Virginia. “As one of the leading care providers in our area of the country, it is essential that Centra continues to influence the health of not only our patients, but also our community as a whole,” CEO E.W. Tibbs Jr., said in a statement.
Beth Israel Deaconess pilots Everseat scheduling app
Beth Israel Deaconess Medical Center is now piloting Everseat’s scheduling service to help patients book appointments – and a new deal that Everseat struck with Lyft might also help them get there. BIDMC is testing Everseat's scheduling service in a handful of practices so far: der-matology, orthopedics, pain manage-
ment, physical therapy and rehabilitation, Everseat CEO Jeff Peres said. While there are a number of health tech companies offering apps to schedule doctor appointments, like ZocDoc and Aetna's iTriage, Peres described Everseat as a service that enables patients to "digitally raise their hands" when a provider gets a cancellation. Peres said there is always a patient nearby who is eager to get an earlier appointment and willing to make it work with their schedule.
The goal of OpenNotes is to improve transparency, communication and trust between patients and physicians.
EXAMINE THE HEALTH OF YOUR DATA CENTERTRUST PC CONNECTION, INC. FOR CONVERGED DATA CENTER SOLUTIONS
Healthcare technology solutions are available through the PC Connection, Inc. family of companies.
Large Acute Care Centers and IDNsGovernment Owned and Academic HospitalsSmall to Medium Acute or Ambulatory Facilities
we solve IT ™
Patient Outcomes Depend on DataExceptional patient care relies on talented clinicians and the information they need to do their jobs well. As a result, organizations must collect, store, and protect a vast amount of data—efficiently and affordably.
The Data Center EvolutionNo department is immune to these new demands of healthcare IT and the data center must integrate new storage technologies and processes to keep up. Today, resources can be allocated and consumed based on analytics. Then workflows and workloads are directed to best serve the organizational need at any particular point in time.
PC Connection, Inc.’s Converged Data Center Practice offers solutions and services that help create a more capable, agile environment. Our team can help you realize both the vision and the benefits through:
• Private and Hybrid Cloud• Converged Infrastructure• Data Protection and Business Continuity• Enterprise Disk Arrays and Storage Networking• Server and Desktop Virtualization
Our experts will help you reduce complexity, increase manageability, and realize greater savings with a modern data center.
Find out how we can help you focus on care and leave the IT to us. Visit www.pcconnection.com/health
©2015 PC Connection, Inc. All rights reserved. PC Connection, GovConnection and MoreDirect are trademarks of PC Connection, Inc. or its subsidiaries. All copyrights and trademarks remain the property of their respective owners. C291008 1115
CLINICAL www.HealthcareITNews.com | Healthcare IT News | June 201620 CLINICAL
EHRs may be inadequate in capturing mental health diagnosis, study findsResearchers also found gaps in general outpatient and specialist care, according to a new report published in AMIA journal
JESSICA DAVIS, Associate Editor
THE DIAGNOSES of 27.3 percent of patients with depression and 27.7 percent of patients with bipolar disorder were missing from their
primary care electronic health records, a study published in the Journal of the Ameri-can Medical Informatics Association has found.
These behavioral health patients had an average of three to eight visits during the year both at the EHR site and outside the site. But despite these high numbers, the data from the encounters were underreported.
In the study, researchers from the Depart-ment of Population Medicine at Harvard Medical School studied Harvard Pilgrim Health Care patients at Harvard Vanguard Medical Associates who in 2009 had a depression or bipolar diagnosis. Research-ers studied outpatient care visits and cal-culated the proportion of these visits not found in the EHR.
"In this research, we found the lack of inte-gration, interoperability and exchange in U.S. healthcare resulted in a major EHR missing roughly half of the clinical information," the authors wrote. "While behavioral healthcare is unique, it's important to emphasize our
findings demonstrate the problem of incom-plete clinical data in the EHR is not limited to behavioral care."
About half of the outpatient care days from insurance claims could not be matched to clinical contacts recorded in the EHR, the report shows. While this data is true for all areas of care, the extent of missing informa-tion was greater for behavioral services than for general outpatient.
Furthermore, 89 percent of acute psychi-atric services in hospital-based events were missing from the EHR, and 43 percent of all hospital-based events were missing. In contrast, clinical events found in the EHR could be matched to claims 93 to 98 percent of the time.
The study also found there were also high rates of missing EHR data in general for healthcare, both for inpatient and outpatient care. Areas of specialist care were also grossly underrepresented in primary care EHRs.
"Published reports touting the anticipated benefits of the recent rapid adoption of EHRs should be tempered by frank examinations of EHRs as they currently exist," the authors said. "Individual providers and health system leaders need to be fully cognizant of the information gaps and disconnects that lie behind the screen.
"Features intended to improve care and protect patients from harm may be inadequate in typical fragmented health systems, offering false comfort," they added. n
Allscripts, Cerner, Evident/CPSI top-ranked for client satisfaction, says Black BookThe study also found some Epic and Meditech customers felt 'trapped' in their contracts and may be considering a different vendor
JESSICA DAVIS, Associate Editor
AALLSCRIPTS IS the top-ranked EHR vendor among medical centers of more than 250 beds, according to a new Black Book report released
in April. Cerner topped the list for medium-sized community hospitals with 101-250 beds, and Evident/CPSI was the best among small and rural hospitals with fewer than 100 beds.
In the same report, Cerner landed the highest rankings for usability and func-tionality by hospital nurses and physicians. And eClinicalWorks and athenahealth are quickly rising among smaller hospitals as replacement interests for the cloud-based inpatient EHR platform.
Allscripts, Cerner and Evident/CPSI received top rankings in the four previous years among their respective hospital client categories.
Black Book surveyed more than 3,100 cur-rent hospitals. Rankings are based on health IT loyalty like the stability of a vendor's customer base and support services; inten-tions to renew current contracts; whether
a provider will recommend their EHR/HIT vendor; and likelihood a provider will pur-chase additional products or services from a vendor.
As for customer loyalty, the report found the largest increases in year-over-year among the patient EHR customers of Allscripts, Cerner, Evident/CPSI and athenahealth. In this report, loyalty is more than repeat purchases - it's a behavioral and attitudinal stance in regards to choices.
"Customer loyalty has emerged as one of the most reliable metrics because of its for-ward looking nature," said Black Book Presi-dent Doug Brown in a statement. "Using a customer loyalty metric to complement historical metrics such as sales, profitabil-ity, operation metrics and satisfaction key performance indicators helps hospitals and physicians make better decisions based on customer insights."
Under this metric, most Meditech and Epic Systems providers felt trapped in their contracts and are seeking or considering a switch to another vendor. Furthermore, these providers don't intend to renew their con-tract and have a bad attitude about the rela-tionship, product, service, broken promise or undelivered obligations.
Black Book also assessed vendors based on providers considering a switch or seeking to
still replace their EHR systems. In this cat-egory, Allscripts, athenahealth and Cerner offered the most desirable interoperability and connectivity technology, while athena-health was top ranked for mobile optimiza-tion. McKesson and Cerner were the leaders in technical support.
These same providers were most satisfied
by the offerings from GE Healthcare, Iatric Systems, McKesson and Siemens for revenue cycle management support. Allscripts, athe-nahealth, Cerner, Epic Systems and Meditech were leaders of patient access and engage-ment. For big data and population health: Allscripts, Cerner, Epic and McKesson were most desired. n
CLINICALJune 2016 | Healthcare IT News | www.HealthcareITNews.com 21
Machines faster than humans at detecting cancer, Regenstrief Institute study showsResearch conducted with Indiana University School of Informatics and Computing has shown that computers can screen pathology reports, saving time and money.BILL SIWICKI, Managing Editor
ALGORITHMS AND open-source machine-learning tools are as good as – or even better than – human reviewers in detect-
ing cancer cases using information from free-text pathology reports, according to a new study from the Regenstrief Insti-tute and Indiana University School of Informatics and Computing at Indiana University at Purdue. Further, the com-puterized approach also was faster and less resource-intensive.
Researchers sampled 7,000 free-text pathology reports from more than 30 hospitals that participate in the Indi-ana Health Information Exchange. The researchers used open-source tools, clas-sification algorithms, and varying feature selection approaches to predict if a report was positive or negative for cancer. The results indicated that a fully automated review yielded results similar or better than those of trained human reviewers, saving both time and money, Indiana Uni-versity said.
Every state in the United States requires cancer cases to be reported to statewide cancer registries for disease tracking, identification of at-risk popu-lations, and recognition of unusual trends or clusters. Typically, however, health-care providers with little time on their hands submit cancer reports to harried public health departments months into the course of a patient's treatment, rather than at the time of initial diagnosis, Indi-ana University said.
As a result, the information can be difficult for health officials to interpret, which further delays health department action when action is needed, the univer-sity added. In their study, the Regenstrief Institute and Indiana University research-ers have demonstrated that machine learn-ing can greatly facilitate this process by automatically extracting crucial meaning from plain text, also known as free-text, pathology reports, and using the informa-tion and meaning for decision-making.
"We think it's no longer necessary for humans to spend time reviewing text reports to determine if cancer is present or not," said study senior author Shaun Gran-nis, MD, interim director of the Regenstrief Center of Biomedical Informatics. "We have come to the point in time that technology
can handle this. A human's time is better spent helping other humans by providing them with better clinical care."
Much of the work in informatics during the next few years will be focused on how providers can benefit from machine learning and artificial intelligence, Grannis added.
"Everything – physician practices, health
systems, health information exchanges, insurers, as well as public health depart-ments – are awash in oceans of data," he said.. "How can we hope to make sense of this deluge of data? Humans can't do it – but computers can."
The study,"Towards Better Public Health Reporting Using Existing Off the Shelf
Approaches: A Comparison of Alternative Cancer Detection Approaches Using Plaintext Medical Data and Non-dictionary Based Fea-ture Selection," was published in the April 2016 issue of the Journal of Biomedical Infor-matics. The study was conducted with sup-port from the Centers for Disease Control and Prevention. n
ConCert by HIMSS offers a one-of-a-kind, vendor-independent seal
of approval for electronic health record (EHR) and health information
exchange (HIE) systems. Setting a bar higher than Meaningful
Use, products that pass this robust, highly automated testing and
certification program will verify that, once certified, a health IT system
is capable of exchanging health information securely and reliably
with other certified systems.
Require sound financial investments to become interoperable. Require a trusted, simplified solution for connectivity.ConCert by HIMSS™ EHR and HIE certification mandates commitment to these needs at the highest level.
Take action atwww.himssinnovationcenter.org/certify.
ConCert by HIMSS™ | Certified Connectivity. Finely Tuned Simplicity.www.himssinnovationcenter.org/certify
ConCert by HIMSS™ Certified Products
BUSINESSwww.HealthcareITNews.com | Healthcare IT News | June 201622
IBM Watson, ODH partner for behavioral health population management platformThe tool will help create a more accurate profile of behavioral health patients and identify any gaps in care, the vendors saidJESSICA DAVIS, Associate Editor
IBM WATSON and ODH, a behavior-al health analytics company, have launched a population health manage-ment platform specifically for behav-
ioral health organizations, the companies announced.
The platform, dubbed Mentrics, will gather and combine behavioral and physi-cal medical services and prescription claims data from Watson Health Cloud. The new tool is designed to create a more accurate profile of behavioral health patients, the vendors said.
“One of the biggest gaps in our health system today is behavioral healthcare,” Lauren O’Donnell, vice president, life sciences, at IBM Watson Health, said in a statement.
“Our goal with Mentrics is to make it easier for managed care organizations to achieve clinical and business goals in population health management while optimizing pro-vider network performance so patients don’t fall through the cracks,” she added.
Providers can also use the broader data from Watson to improve data insights, such as similarity analytics and risk stratifica-tion, the vendors said. The platform can be deployed in the software-as-a-service model on the Watson Cloud and integrat-ed with existing infrastructure and storage capacity.
Mentrics has been designed to target three behavioral health areas: population management, provider network performance and patient care coordination. Providers can customize the platform to target specific populations and trends to address any gaps in care, while assessing the effectiveness and risk-adjusted performance of providers, the vendors explained.
“New analytics tools are needed as behavioral health benefits are integrated into managed care plans,” said Arthur Webb, founder and group leader at the Arthur Webb Group, in a statement. Men-trics will become “an invaluable asset to managed care organizations responsible for behavioral health populations.” n
athenahealth acquires Arsenal Health, adding machine learning, predictive analyticsTransaction will provide schedule optimization technology to athenahealth’s network, open door for AI advancesJESSICA DAVIS, Associate Editor
CLOUD-BASED ATHENAHEALTH is expanding its portfolio to include machine learning and artificial intelligence with its acquisition
of analytics startup Arsenal Health.Arsenal’s Smart Scheduling tool has already
been effective with athenahealth’s providers, officials said. The acquisition, terms of which were not disclosed, will move Arsenal from a third-party vendor to a native capability available for all athenahealth’s customers through its athenaCoordinator network.
athenahealth also sees value as a potential “on-ramp to the machine learning, predictive analytics and artificial intelligence space in healthcare,” said Doran Robinson, vice president of athenaCoordinator, in a press statement.
In the future, athenahealth’s officials say they hope the acquisition will accelerate the company’s analytics and AI capabilities,
broadening insights and enhancing offerings for its 74 million patient records.
“The prospect of building on Arsenal Health’s technology and combining it with our own valuable data to positively impact care and expand the power of our network is extremely compelling,” said Robinson.
Arsenal Health was athenahealth’s first investment through its More Disruption Please initiative, which drives decisions based on three pillars: the MDP Accelera-tor, athenahealth Marketplace and MDP Network.
“The company is a testimonial to what we’re trying to do with our “More Disrup-tion Please” program - provide young health tech companies the opportunity to develop and scale with athenahealth’s support and resources,” he added.
“By joining athenahealth, we believe we can accelerate our growth while effectively testing and advancing our predictive analytics technology,” said Arsenal Health CEO Chris Moses in a statement. “To date, our success lies in our ability to track client performance, learn the intricacies of how providers work and ultimately predict their needs.” n
Epic awarded $940 million in Tata trade secrets case
A U.S. district court jury in Wisconsin has found in Epic Systems’ favor, awarding the EHR giant $940 million in damages in its trade secrets lawsuit against Mum-bai-based Tata Consultancy Services. The massive settlement seems likely to be reduced on appeal. Epic’s intellectual property suit against TCS, which is part of the enormous $109 billion Tata Group
conglomerate, charged that employees of its American arm had “brazenly” downloaded technical documentation and other trade secrets for software it was helping install in Kaiser Permanente hospitals, using them to help improve its own hospital technology called Med Mantra. The jury awarded Verona, Wisconsin-based Epic $700 million in punitive damages and $240 million in compensatory damages, according to a Reuters report.
Flatiron Health gives cloud-based OncoEMR and OncoAnalytics boost
Flatiron Health announced in April it would strengthen its cloud-based electronic health record and analyt-ics platform, both designed specifi-cally for medical oncology. Onco-EMR and OncoAnalytics are being enhanced to support participating cancer care providers with meeting the Center for Medicare & Medicaid
Innovation’s new reporting requirements for its Oncology Care Model, or OCM. Flatiron Health’s OCM participation solution will be available prior to July 1 this year, according to company executives. OCM is a five-year voluntary program that pays participating providers both a care management fee and shared savings. To qualify providers must adhere to new requirements.
Startup HealthVerity pulls in $7.1 million in first round of funding
HealthVerity, which offers technology tools for the discovery and integra-tion of optimal patient data sets, has landed $7.1 million in its first round of funding. Flare Capital Partners and Greycroft Partners led the Series A funding with participation from other strategic healthcare investors. The company will use the financing
to fund continued development of its privacy and data interoperability technologies, Health Verity executives said. Health Verity’s technology enables customers to rapidly discover, license and assemble patient data from a wide range of traditional and emerging healthcare data sources that can aid pharmaceutical, hospital and payer organizations seeking to enhance patient insights from existing and new data sources.
Advance the delivery of care. Connect. Engage. Collaborate.Become an active participant in the transformation of health and healthcare through IT at the HIMSS Innovation Center.
To learn more, visit www.himssinnovationcenter.org/IC
IMMERSION THEATER
HEALTH IT TIMELINE
Receive a headset and begin your interactive health journey on your mobile device.
Discover books, podcasts and other health IT resources.
Discover HIMSS’ next steps to improving health through IT.
Learn about the latest health IT initiatives like interoperability, connected health, privacy & security and more.
Host a meeting in this state-of-the-art space that holds up to 150 attendees.
Explore the past, present and future of health IT.
Examine the continuously shifting healthcare landscape through interactive videos.
See unique and targeted health IT solutions that result in better, safer, more cost-effective care.
HIMSS RESOURCES
HOT TOPICS
LEARNING ZONE
WELCOME AREA
TRANSFORMATION GALLERY
Health ITTrends
InnovatorProfiles
ConCert by HIMSS™
TECHnoLogIESTOTAL
TM
www.TOTALVOICETECH.com 1.888.831.0088
COLLABORATORS:
HIMSS Innovation Center
TECHNOLOGYSHOWCASE
CONFERENCE CENTER
#EmpowerHIT
BUSINESS www.HealthcareITNews.com | Healthcare IT News | June 201624
Divurgent, Sensato unveil new Medical Device Cybersecurity Task Force with VMware and Renovo among membersThe new group consists of tech vendors and device manufacturers working to create sets of security best practices for both providers and manufacturersBILL SIWICKI, Managing Editor
HEALTHCARE SECURITY technology vendor Sensato and consulting firm Divurgent created the Medical Device Cybersecurity Task Force:
a new group focused on developing best practices for both healthcare organizations and medical device manufacturers to secure the devices, widely recognized as an under-protected technology.
Two other vendors have joined the task force in its first three months, includ-ing Renovo Solutions and VMware Inc., which operates AirWatch. One medical device manufacturer, Baxter, has joined the group. And 15 health systems and hospitals have joined, including Beebe Healthcare, Children’s Hospital of Atlan-ta, Lehigh Valley Health Network and Intermountain.
“We continually get asked by clients what the best practices are for securing medical devices, how do we protect these things,” said John Gomez, CEO of Sensato and co-founder of the task force. “There’s little guidance and a lot of misinforma-tion. While there are other organizations doing work in this space, we thought it was important to create a fast-moving, very tac-tical group that could come to the industry with a set of best practices.”
The Medical Device Cybersecurity Task Force has three short-term goals. The first is to create a set of best practices for health-care provider organizations, the second is to create a set of best practices for medical device manufacturers, and the third is to develop an iPad and web app that will help healthcare organizations evaluate medical devices and at the same time feed a data-base that task force members can access to study the market.
“The reality is both sides - providers and manufacturers - don’t understand how much the other side doesn’t know,” Gomez said. “When I talk with manu-facturers, they understand they need to do something, but they’ve never had to deal with cybersecurity before, it’s not a part of their DNA. And on the hospital side, they’re realizing they’ve never had to lock these things down. In fact, medi-cal devices haven’t even been part of the IT group in hospitals. So both sides have common ground where they both are look-ing for answers.”
Beebe Healthcare joined the task force to bolster its existing efforts to secure its medical devices and help build bridges with device manufacturers.
“The healthcare industry is in the cross-hairs of the cybercriminal community, and they’re looking for new vectors to exploit vulnerabilities to infiltrate our systems,” said Michael J. Maksymow, vice president and CIO at Beebe Healthcare. “It’s no secret medical devices are among the exploitable entry points. Beebe has been working for quite some time mitigating risks posed by poor security or lack of security in medical
devices and systems, but ultimately we need the attention of our medical device manufacturers to ensure security is a fore-thought in the development of the devices rather than an afterthought.”
Maksymow believes the healthcare industry was in need of a group specifical-ly tasked to devise the best ways to guard medical devices.
“Many of us felt IT security has been
getting traction in our respective organi-zations, but not specifically in the medi-cal device space, and therefore we felt compelled to start at a grassroots level to get some momentum in this area - a call to action,” he said. “The intention of this group is to collaborate with other industry organizations, exchange information and findings and share the product we devel-op to all stakeholders in the industry.” n
Sutter, Dignity Health, others give Google Glass startup Augmedix $17 million in fundingMost Google Glass-focused startups have pivoted away from healthcare, but Augmedix is keeping its sights set on helping physiciansJONAH COMSTOCK, Contributing Editor
AUGMEDIX, WHICH deve lops Google Glass technology to help reduce the time physi-cians spend on documentation,
has raised $17 million in strategic invest-ments from some of its largest healthcare customers.
They include Sutter Health, Dignity Health, Catholic Health Initiatives, Tri-Health Inc. and one other which chose to remain anonymous. Some traditional VCs also participated: Redmile Group led the round; Emergence Capital and DCM Ventures also contributed. The round
GLASS SEE PAGE 25
Augmedix co-founders Ian Shakil and Pelu Tran
BUSINESSJune 2016 | Healthcare IT News | www.HealthcareITNews.com 25
brings Augmedix’s total funding to $40 million.
“I don’t want this to be perceived as some kind of boring funding announce-ment,” Ian Shakil, CEO of the San Fran-cisco-based startup, told Healthcare IT News’ sister site, MobiHealthNews. “It’s some-thing very different. ... They’re literally putting their money where their mouth is.”
When Google Glass hype was in its heyday, a number of startups were eyeing the healthcare field, but in 2016 most turned their attention to other less heavily regulated fields.
Wearable Intelligence, for instance, is now Parsable and focused on commu-nication tools for industrial teams – all mention of healthcare is gone from its website. Pristine, similarly, lists insur-ance, inspection, fieldwork and cus-tomer support as its focus areas, with no mention of healthcare. Meanwhile, Remedy is still in healthcare, but seems to have abandoned Google Glass. Aug-medix, though, hasn’t changed its mis-sion much.
“We’re like the pivot-less startup,” Shakil said. “If I showed you our pitch deck from three years ago, we could still use it today. What we do today
is exactly what we did a year prior, except more of it and (we do it in) a more refined way.”
Augmedix gives Google Glass to doc-tors to wear while they see patients. Rather than spending time entering information into the EHR during a patient visit, a remote scribe watches the visit via Glass and enters the neces-sary information in the chart as they go. The doctor approves and signs off on the information at the end of the visit. (Shakil has spoken in the past about someday automating the back-end, but there are no immediate plans on that front).
The one thing that has changed, Shakil said. The startup has changed its primary marketing focus from the independent doctor to large enterprise health systems, at least for now.
“We still sell to independent doctors, a lot of them, but we’ve become much more aligned with the Dignitys and the Sutters of the world,” he said. “For a startup, once you’re through the infor-mation security and compliance and
bureaucratic hurdles, once you get passed that, it’s just a lot more efficient for you to sell through and operationally scale if you do (work with larger players).”
Augmedix has also grown consider-ably since its last funding round. The company now has nearly 400 employees and serves hundreds of doctors in almost every state. The technology is used with a combined 5,000 patients a day, accord-ing to the company.
“We’re a capital-intensive business,” Shakil said. “We have a lot of employees all around the world. (The funding) is
really going toward continuing product development, technology refinement, and, in particular, scaling.”
Shakil said although the vast majority of deployments active today use Google Glass, Augmedix is a service and soft-ware company, not a hardware company, and they’re regularly experimenting with Glass alternatives from other companies. He even hinted – though he couldn’t com-ment specifically – they’ve had access to Google’s as-of-yet-unreleased Google Glass Version 2.
“We’re really excited about the next
generation stuff we’re seeing,” he said. “I’ll go as far as to say you can Google around and see Google has said they’re working on next-generation hardware, and they’re committed to the platform.”
Google killed the consumer version of its Glass project last year; leading to widespread speculation the whole project was dead. (More recently, Google deleted all social media accounts connected with Project Glass). But as we reported last year, Google has no apparent plans to kill its enterprise operations, including healthcare applications. n
“We still sell to independent doctors, a lot of them, but we’ve become much more aligned with the Dignitys and the Sutters of the world”Ian Shakil
GLASSCONTINUED FROM PAGE 24
Your solutions for analytics, patient engagement, claims life cycle, and more at RevenueCycleInsights.com
Analytics can help unlock the potential of your data and optimize your revenue cycle performance. Learn what metrics CFOs are using, how patient portals can increase revenue, and more.
Gain Instant Insights
SPONSORED BYPRESENTS
HIMSS RADIOPowered by This Just In and
Watch the biggest names in healthcare tackle the greatest challenges:• Karen DeSalvo
Acting Assistant Secretary for Health & National Coordinator for Health Information Technology U.S. Department of Health and Human Services
• John Halamka CIO, Beth Israel Deaconess Medical Center
• Aneesh Chopra Co-Founder & EVP, Hunch Analytics & Former U.S. CTO
• John Mattison Asst. Medical Director and CTO, Kaiser Permanente, Southern California
• Farzad Mostashari CEO, Aledade & Former ONC Coordinator
• Harry Greenspun Director, Deloitte Center for Health Solutions
WATCH THE VIDEOS
LISTEN TO THE PODCASTShealthcareitnews.com/radio
DID YOU MISS IT?
Sponsored by:
DATAwww.HealthcareITNews.com | Healthcare IT News | June 201626
Five of the eight largest healthcare breaches since 2010 occurred in 2015 More than 100 million records reportedly were compromised in 2015 BILL SIWICKI, Managing Editor
FIVE OF THE eight largest healthcare security breaches that occurred since the beginning of 2010 – those with more than 1 million records report-
edly compromised – took place during the first six months of 2015, according to IBM X-Force’s “2016 Cyber Security Intelligence Index.” And in 2015 overall, more than 100 million health-care records reportedly were compromised, the report said.
The report suggested four key steps to help develop a strategic cybersecurity program, which include: prioritize business objectives and set risk tolerance, institute a proactive security plan, craft a response to the inevitable sophisticated attack, and then promote and support a culture of security awareness.
The recommendations are particularly important to healthcare organizations, which are now the top industry targeted by cybercriminals, according to the annual IBM X-Force report, and several other recent reports.
The top five industries in 2015 for cyber-attacks: healthcare, manufacturing, financial services, government and transportation, the IBM X-Force report found. The top five in 2014:
financial services, information/communication, manufacturing, retail and energy/utilities, the report said.
Sixty percent of cyberattacks in 2015 were the result of an insider – a person who has physical or remote access to an organization’s assets, the report found.
“Although the insider is often an employee of the company, he or she could also be a third party,” according to the report. “That includes business partners, clients or main-tenance contractors, for example. They’re individuals you trust enough to allow them access to your systems.”
Attacks that resulted from an insider, how-ever, could be malicious or accidental, one in which an insider served as an inadvertent actor. An example of such an inadvertent inci-dent would be an employee who clicks on a malicious link in a phishing e-mail.
“Today’s CISOs and security leaders are now looking for fundamental ways to influence and improve both their own programs and estab-lished best practices – because they know that simply being compliant isn’t acceptable for a well-governed organization,” the report said.
The report is based on IBM Security Ser-vices’ operational and investigative data of bil-lions of security events across more than 1,000 client organizations in 100 countries. n
WEDI: Programs to fix gaps in care have potential for big ROIImproved data exchange key to driving quality and cost efficiency
MIKE MILIARD, Editor
MORE WIDESPREAD IMPLEMEN-
TATION of gaps in care pro-grams is essential to realizing the value of population health
management, according to a new report from the Workgroup for Electronic Data Interchange.
In its study, “Closing Gaps in Care through Health Data Exchange,” WEDI defines those gaps as the discrepancy between evidence-based best practices and the care that’s actu-ally delivered to the patient.
At too many providers, that chasm is still too wide, according to the report. Bet-ter IT infrastructure – enabling more robust exchange health data, automating identifica-tion of information gaps and streamlining care coordination – is needed to bridge it.
Toward that end, WEDI offers five key takeaways:
1. Education and communication are essential to making providers aware of the value of identifying and closing gaps in care. “Providers appear to lag behind health plans in implementing gaps in care programs,” according to the report. “Challenges include the lack of sufficient resources or education about how to maximize workflow changes and effectively close gaps in care.”
2. Gaps in care can adversely affect provider performance. “Surveyed providers are signifi-cantly more concerned than health plans that gaps in care pose a threat to their organiza-tion by affecting clinical performance, finan-
cial performance and the ability to retain patients,” according to WEDI.
3. Programs to address gaps in care offer a high return on investment. “Improvements were observed in quality outcomes such as access to behavioral healthcare, pediatric and adolescent check-ups and medication adher-ence,” according to the report. “Reductions in utilization of ambulatory care, hospital admission and hospital readmission were also observed.”
4. Better consensus is needed to develop and standardize quality measures and meth-odologies for data exchange among payers, providers and patients. “The terminology, standardization and scope of gaps in care measures need more clear definition and alignment between health plans and provid-ers before actionable data harmonization can occur,” WEDI researchers say. “Best practices need to be disseminated that illustrate stake-holder roles, automation of workflow and quality improvement.
The report also points to other barriers such as the “provenance, quality, completeness, timeliness, transparency and accuracy of data.” More widespread use of open API and element - based exchange could help address these
5. Fixing care gaps will only grow in impor-tance as value-based models evolve and access to care and coverage expands. “As newly eli-gible consumers continue to enter the health insurance marketplace and access healthcare, it will be essential for stakeholders to develop effective healthcare communication, preven-tion and education and intervention strate-gies to improve the quality of patient-centered care,” the report says.
“As we increasingly grow fee-for-value arrangements in our nation, it is critical that we look to methods automate gaps-in-care – to not only ensure that data moves seam-lessly between clinical systems and payment systems but that the information is useful and actionable for clinicians and patients,” WEDI founder and former HHS Secretary Louis W. Sullivan, MD, said in a statement. n
DRG launches massive clinical and claims data repository
Healthcare analytics company Deci-sion Resources Group is growing its healthcare data trove in a big way, adding claims and electronic health record data for its new Real World Evidence repository, or RWE.DRG touts the fact that RWE, meant to offering its clients better patient insights and help them do longitu-
dinal analytics, covers 90 percent of the U.S. healthcare system. The company did not release the cost of the data acquired. DRG is expanding its expertise to offer its clients more complete and dynamic analyses in the following areas: health economics and outcomes research, epide-miology validation, patient-level forecasting and market sizing, patient-level compliance and real-time network influence.The RWE data asset comes from multiple data providers in the U.S. and includes patient, healthcare professional and payer-level analysis.
Kaiser Permanente collecting data for DNA Research Bank
Kaiser Permanente this week launched a new database that enables research-ers to examine participants’ DNA in conjunction with environmental and behavioral health. Kaiser members across eight states and the District and Columbia can participate in the research bank, which aims to spur new diagnoses and treatment plans.
The goal, officials say, is to gather data from 500,000 participants across Kaiser’s seven regions – creating one of the biggest and most diverse reposi-tories of genetic, environmental, and health data in the world. To date, more than 220,000 members from four geographic regions have enlisted with KP’s biobank initiatives. “One of the ways the Kaiser Permanente Research Bank is unique from other efforts is that in addition to DNA samples, we ask our participants about behavioral and environmental factors,” said Sarah Rowell, associate director of the research bank, in a press statement.
OCR website offers HIPAA compliance guidance
The U.S. Department of Health and Human Services’ Office for Civil Rights launched a website to gather informa-tion from the healthcare and technolo-gy industries on the applications of the Healthcare Insurance Portability and Accountability Act. It has been using the site, HIPAAQsPortal.hhs.gov, more recently to better understand industry
concerns over HIPAA and the burgeoning field of mobile health.“It’s really set up as a way for the agency to connect with the developer community and get a better sense of the issues in that space,” said Jeffrey Dunifon, an associate attorney in the technology and communications practice at Baker & McKenzie LLP. “And the agency has received good participation, a fair number of questions. They have framed ‘the ask’ as a means to help them direct their guidance on the subject.”
Louis W. Sullivan, MD
bit.ly/MHN16SF
MobiHealthNews 2016 is the industry’s leading digital health event for provider, payer, pharma and tech decision-makers. Be part of the premier event that digs deeper than ever into how organizations have deployed digital health solutions to solve some of healthcare’s biggest challenges.
At MobiHealthNews 2016, we’ll drill down into how patient generated health dataa and remote care have evolved and what we should expect next. You’ll hear case studies and best practices from leading healthcare institutions, payers and others who have begun to embrace patient-facing technologies to support new care models.
DIG DEEPINTO PATIENT GENERATED HEALTH DATA
JUNE 13, 2016 • SAN FRANCISCO, CA
TOPICS INCLUDE ( Driving Patient Adoption
( Integrating Tech into Care Models
( mHealth
( Patient-Generated Health Data
( Telehealth
( Wellness Technologies
*Discount applies to new registrations only
USE CODE
HITN200FOR $200 OFF!*
DATA www.HealthcareITNews.com | Healthcare IT News | June 201628
BILL SIWICKI, Managing Editor
THERE ARE DAY-TO-DAY blocking and tackling tactics that every healthcare organization should be doing right now to reason-
ably address the current security threat landscape.
And there is guidance in the industry that can help organizations of all shapes and sizes protect themselves from cyber criminals and other miscreants.
“There is proven work that information
security professionals have traditionally done, and we need to get these basics right, we need to be performing these functions,” said Sanjeev Sah, chief infor-mation security officer and director of IS risk and controls at Texas Children’s Hos-pital, where he recently completed work on a three-year strategic plan for security.
To help address security basics, Sah points to the Common Security Frame-work from the Health Information Trust Alliance, better known as HITRUST, and
to the CIS Critical Security Controls devel-oped by the National Security Agency, the U.S. Department of Energy and U.S. law enforcement organizations.
“Every CIO and CISO should consider focusing on critical controls and using a programmatic approach to achieve effective security,” said Sah, who uses HITRUST Common Security Framework to “guide our programs and prioritize our approach to security. And then there is the CIS Critical Security Controls, which give you a prioritized approach in terms of implementing technical safeguards that may give you the best opportunity to pro-tect the organization, especially if you are starting fresh.”
At Texas Children’s Hospital, for exam-ple, Sah ensures security technologies send alerts that clearly delineate what security and IT staff should be paying attention to, perhaps a potential advanced threat buried among hundreds of thousands of threats that merits the attention of the security team so staff can take meaningful action based on the level of the threat.
“A healthcare organization must ensure its posture is appropriate from a network security perspective and from an end-point security perspective,” Sah said. “For exam-
ple, an organization should handle criti-cal systems and applications with a higher level of protection from a network perspec-tive. And when it comes to end-points, an organization should ensure there are proper safeguards such as whitelisting and blacklisting and encryption technol-ogy, actually employed on every device deployed. Basic measures go a long way in enabling people to do the right work, focused on the threats that require imme-diate and appropriate responses.”
And then there is the human factor: The single most important factor here is edu-cation – and not just once in awhile, as traditionally has been done, but on an on-demand basis as threats emerge, Sah said.
“Taking a proactive approach to edu-cate employees about ransomware and the steps they can take to avoid that threat from taking a foothold in your network would be very helpful,” he said.
“If a person does not click on a mali-cious message and download the malware that comes with it, that would prevent a threat from going any further. Beyond all the technical safeguards at play, education and awareness to effect change in user behavior is the paramount foundational step that must take place.” n
Texas Children’s CISO points to HITRUST, NSA guidance to boost cybersecurity Sanjeev Sah says their controls and safeguards help healthcare organizations cover security basics
Seattle Children’s takes data-driven approach to optimize cybersecurityInstalling security products doesn’t cut itBILL SIWICKI, Managing Editor
ATOP SECURITY EXPERT says health-care entities need to apply a more scientific and evidence-based approach to the practice of secu-
rity. Here’s what Seattle Children’s is doing to harden its threat environment.
It’s not enough to simply implement security products to safeguard hospitals. Health IT pro-fessionals, rather, must use data generated by those security technologies to create programs that best protect their organizations, said David Severski, manager of the information security program at Seattle Children’s Hospital.
Call it data-driven security. Severski described it as the application of science and data to the practice of security and risk management.
“I draw a parallel with evidence-based medicine,” Severski said. “There you have a group of patients with some condition, you apply some treatment and hopefully they get better. If they do get better, then you do more of that treatment; if they do not get better, then you do less.”
At Seattle Children’s Hospital, Severski leads a team that provides actionable, data-driven analyses to upper management.
“My team’s function is almost like a research arm: We provide intelligence to busi-
ness leaders on how they can best allocate their resources,” he explained. “In healthcare, there never are enough resources for what organizations want to do, but at the same time, healthcare is a risky business. Business leaders are asking my team what the possible outcomes are of the decisions they have to make, so they then can make the decisions based on good knowledge.”
Severski used the area of patch manage-ment as an example where the data-driven approach benefits a security strategy.
“The team tackles such things as techni-cal security risk management, which includes patch management,” he said. “There are lots of devices, from workstations to medical devices to servers, and the organization does not have enough resources to patch every-thing everywhere all at once. So, how do we prioritize our technical remediation efforts? What matters most and what will give us the optimal outcomes?”
In patch management, the data-driven security team examines the assets that need to be protected, what the assets do for the institution, the data the assets can access, and how attackers can reach the assets.
“We have a program that pulls all that information in, then we optimize the informa-tion against our threat environment, in other words, to what Children’s is concerned about
the most,” Severski said. “Then we draw our conclusions and provide intelligence to IT owners and business leaders, saying this is what you should be worried about first, and at the same time here are some things that are not as worrisome.”
Severski pointed to the common scenario of EHR system buried deep in an internal network amid layers of security. A hospital likely wants to patch that but data-driven analysis could potentially uncover other areas that attackers could strike so the hospital can work on those before patching the EHR.
While a hospital must be concerned with protecting its EHR system, there are hun-dreds of applications even in a mid-sized institution like Seattle Children’s Hospital
that have access to quite a bit of information; as a result, from an information security per-spective, these other systems can present as great a threat to the institution as the EHR, Severski said.
“If you are not applying a data-driven, sci-entific approach to managing your resources, you are managing at best by instinct,” he added. “And in a competitive business world, instinct is not enough.”
Neither is tackling security the same way you’ve done since the 1990s.
“You have to apply the same rigor that you apply to building a new facility or investing in a new line of clinical services to your IT and IT security investments, as well,” Severski added. n
Sanjeev Sah, chief information security officer and director of IS risk and controls at Texas Children’s Hospital
DATAJune 2016 | Healthcare IT News | www.HealthcareITNews.com 29
JESSICA DAVIS, Associate Editor
FOR VICE PRESIDENT Joe Biden, his National Cancer Moonshot Initia-tive is more than just a government program – it’s personal.
When his son Beau was fighting cancer, getting his different hospitals to share infor-mation was incredibly difficult, Biden said Monday at Health Datapalooza in Wash-ington. If the Vice President of the United States struggles to get access to informa-tion, he said, how difficult is it for those patients who don’t have that sort of sway?
“This matters,” said Biden. “It’s a matter of life and death.”
Biden took to the stage at Health Data-palooza not just to share his own experi-ences, but to put out a call to action: While the government has taken great strides to increase access to technology-enabled healthcare, it’s still not enough, he said.
More hospitals, researchers, scientists and providers need to “open access to their data to prevent cancer,” said Biden.
“We have to ask ourselves, why are we not progressing more rapidly?” he said. “While our government can do a great deal, this is not the work of the govern-ment alone. We all have to work together to make progress
“Big data and computer power togeth-er provide the possibility of significant
insight to what can trigger cancer,” he added. “In order for this promise to be realized, we first need to generate enough data to qualify as big data.”
Secondly, data needs to be more read-ily shared, Biden said. One of the biggest barriers to progress is different technology platforms can’t talk to each other, while this is the information that will help pro-viders make more accurate assessments. Additionally, all of those involved in healthcare must be willing to share this data in a safe and effective matter.
“We need to break down silos that keep research away from the world,” Biden said. “Researchers aren’t incentivized to share data, but they need to share data to find results more rapidly.
“You’ve developed this technology,” he added. “And we need to use these same talents in the fight against cancer. To do this we have to build a network around the patient. We need you. We need your talents, your drive and your passion.”
Biden asked all of those in attendance to visit Whitehouse.gov/CancerMoonshot to join the fight against cancer and provide insight to help shape the moonshot into a more effective initiative.
“I desperately need your input,” he added. “Everyday thousands of people are dying and millions more are desper-
ately looking for hope. That’s why I’m asking individuals and organizations to join us as a part of this cancer moonshot.
Tell me about your plans and solutions to overcome these barriers. Help in the fight against cancer.” n
VP Joe Biden to healthcare researchers, technology developers: ‘We need you’ At Health Datapalooza in May, the Vice President said healthcare advancement is inhibited by data silos and a lack of interoperability.
WE SOLVE IT
The solutions to your biggest IT challenges all in one place
Find the solutions to your healthcare IT questions in one place. Healthcare IT News and PC Connection have brought together case studies, white papers, blogs and other helpful resources to help you stay on top.
Find out more at HealthcareITNews.com/we-solve-it
PCC_116-tab 1.2h.indd 1 1/11/16 11:33 AM
“We need to break down silos that keep research away from the world,” said Vice President Joe Biden. “Researchers aren’t incentivized to share data, but they need to share data to find results more rapidly.”
BENCHMARKS www.HealthcareITNews.com | Healthcare IT News | June 201630
Telehealth going the distance as (some) states see value in its efficiency‘A growing body of evidence shows that telehealth can not only expand access to services but also create cost savings’MIKE MILIARD, Editor
ON THE face of it, telehealth seems to be a no-brainer: an efficient and relatively inexpensive means of delivering quality care to those who
might not otherwise have easy access.But for a host of well-documented reasons,
it’s not as widely used or available as it might be. Thankfully, however, many of those barriers
are beginning to tumble, as states make it sim-pler and more worthwhile to set up telemedi-cine programs. And not a moment too soon, as the imperatives of value-based reimbursement makes that strategy more appealing.
“Telehealth is increasingly viewed as a cost-effective method to deliver patient care and expand access,” a recent American Hospital Association brief shows. “The growing use of telehealth reflects larger healthcare trends that place the patient’s care and experience at the center of treatment decisions.”
By broadening access to clinicians, “tele-health can help ensure patients receive the right care, at the right place, at the right time,” according to AHA. “However, coverage for telehealth services – especially in Medicare – has not kept pace with technological and care delivery innovations.”
Luckily, private payers and retail clinics are helping steer the conversation, making the most of its efficiency and convenience as more patients – now insured thanks to the Affordable Care Act – seek healthcare.
Now it’s state and local government’s time to seize the moment.
“As telehealth technologies evolve, it will be important for policymakers to understand the prospective benefits and embrace a framework that allows patients, providers and payers to incorporate technological innovations in care delivery,” according to the AHA brief.
As emerging payment models take shape, it’s important for telehealth to gain prominence as an important means of care delivery, the report argues. But close study of what works and what doesn’t is critical:
“A growing body of evidence shows that tele-health can not only expand access to services but also create cost savings,” according to the brief; it points to the Agency for Healthcare Research & Quality’s Telehealth Evidence Map, which suggests that “future research should help providers and health systems differentiate the value of telehealth services as an addition to traditional in-person care and the value of telehealth as a replacement for in-person care.”
Meanwhile, Medicare’s misgivings about telehealth may be exaggerated, the report sug-
gests, noting that “policymakers’ concerns about increased access to telehealth leading to increased spending may be overstated, par-ticularly when weighed against the potential benefits in quality, patient experience and efficiency.”
It points to specific common services – administration of tissue plasminogen activator for stroke patients, for instance – that, when used at a wide enough scale, can have a big impact on cost reduction.
CMS should take note, said AHA: “By mod-ernizing Medicare coverage of telehealth, including telehealth services in innovative payment models and committing additional resources to understanding the patient and cost benefits of telehealth, policymakers can advance the delivery of care and benefit patients.”
STATE-BY-STATE BASISMeanwhile, Medicaid’s take on telehealth varies fairly substantially across the 50 states, according to a March study from Public Health Institute’s Center for Connected Health Policy.
In its fourth edition of “State Telehealth Laws and Reimbursement Policies,” the center tracks telehealth policies nationwide – a useful resource, since states “continue to pursue their own unique set of telehealth policies as more and more legislation is introduced each year,” according to the CCHP.
“Some states have incorporated policies into law, while others have addressed issues such as definition, reimbursement policies, licensure requirements, and other important issues in their Medicaid Program Guide.”
Many states are broadening their telehealth reimbursement. Others, however, “continue to restrict and place limitations on telehealth delivered services,” according to the report.
But while the landscape varies significantly, certain trend lines emerge, says CCHP. “Live video Medicaid reimbursement, for exam-ple, continues to far exceed reimbursement for store-and-forward and remote patient monitoring.”
The outlook is complicated, however. Some states are going full steam ahead on telehealth, while others are putting on the brakes.
“For example, Washington’s Medicaid pro-gram, which previously did not cover store and forward, is now providing limited reim-bursement for store-and-forward delivered services. On the other side, Oklahoma’s Med-icaid program has ceased its store-and-forward reimbursement. These diverging policy direc-tions are indicative of the capricious policies throughout the nation,” according to the report.
Among CCHP’s other findings:■■ “Forty-seven states and the District of
Columbia reimburse some form of live video in Medicaid fee-for-service.
■■ “While Iowa’s Medicaid program clari-fied that they do provide reimbursement for live video, Utah’s telemedicine policy cannot be found, eliminating the state from those that provide reimbursement and keeping the
number of states that provide telemedicine reimbursement consistent with last year
■■ “Oklahoma’s Medicaid program no longer provides reimbursement for store-and-forward delivered services, while Washington’s Medic-aid program now does. (So states reimbursing for store-and-forward remains at nine states.
■■ “There has been no change since July 2015 in state Medicaid programs offering reimburse-ment for RPM, continuing at sixteen states.
■■ “Five state Medicaid programs (Alaska, Illinois, Minnesota, Mississippi and Wash-ington) reimburse for all three.
“No two states are alike in how tele-health is defined and regulated,” While there are some similarities in language, perhaps indicating states may have utilized existing verbiage from other states, notice-able differences exist.
“These differences are to be expected, given that each state defines its Medicaid policy parameters, but it also creates a confusing environment for telehealth participants to nav-igate, particularly when a health system pro-vides health care services in multiple states.”
Indeed, “in some cases, states have duplicat-ed aspects of Medicare’s policy on telehealth, while others have developed their own policies for their Medicaid program.”
AS NEW MEXICO GOES...?One state that may have a broader influence on the telehealth in the U.S. than might have been expected more than decade ago is New Mexico. Project ECHO, a health IT pilot that launched in 2003 in rural New Mexico to connect rural doctors to specialists, is now front and center in Congress as lawmakers consider employing the model across the country.
Senators Orrin Hatch, R-Utah, and Brian Schatz, D-Hawaii, introduced the Expand-ing Capacity for Health Outcomes Act in April. The bill calls for studies on how best to expand the model.
In New Mexico, Project ECHO has recorded unprecedented success in treating patients with hepatitis C.
“Project ECHO has proven that technology can help overcome traditional barriers to ade-quate healthcare treatment, such as distance, income and lack of specialized medical pro-fessionals for underserved communities with no access to treatment,” Sanjeev Arora, MD, project director, told Healthcare IT News back in 2008.
The initiative is underpinned by a web-based application developed by Infosys Technologies.
Project ECHO – it stands for Extension for Community Healthcare Outcomes – was funded by Agency for Healthcare Research and Quality, so the federal government already has a hand in the effort.
“In states with large rural populations like Utah, it’s vital that we do everything we can to ensure that patients have access to qual-ity health care – no matter where they live,” Hatch said in an April 29 statement posted on his website.
“Our bill would help connect primary care providers in underserved areas with specialists at academic hubs, making it easier for medical professionals to access the continuing educa-tion they need and provide healthcare to more people,” added Schatz.
The bill requires the Department of Health and Human Services to work with the Health Resources & Services Adminis-tration to prioritize analysis of the model, its impacts on provider capacity and work-force issues and evidence of its effects on the quality of patient care.
It calls on GAO to report on how increased adoption of a Project ECHO model might boost efficiencies and potential cost savings and improve healthcare.
It also requires HHS Secretary Sylvia Burwell to submit a report to Congress on the findings of the GAO report and the HHS report, including ways such models have been funded by HHS and how to integrate the models into existing funding streams and grant proposals. ■
Editor-at-Large Bernie Monegain contributed to this story.
TELEHEALTH
“Our bill would help connect primary care providers in underserved areas with specialists at academic hubs, making it easier for medical professionals to access the continuing education they need and provide health care to more people,” said Senator Brian Schatz, D-Hawaii.
BENCHMARKSJune 2016 | Healthcare IT News | www.HealthcareITNews.com 31
Telepharmacy software helps free up workflow, lets pharmacists focus on patientsBY ANTHONY VECCHIONE, Contributing Writer
GETTING PHARMACISTS involved in patient-centric activities, includ-ing being part of clinical care teams, is a little easier thanks to
telepharmacy technology.When Dartmouth-Hitchcock Medical Cen-
ter in Lebanon, New Hampshire, needed to optimize its pharmacy workflow with the goal of improving patient care, it turned to Pow-ergridRx, a cloud-based HIPAA–compliant telepharmacy platform from San Francisco-based PipelineRx.
Starting in February, Dartmouth-Hitchcock began deploying PowerGridRx in its hospitals across New England.
PowerGridRx is a software-as-a-service plat-form that aggregates, manages and optimizes virtual pharmacy management for health sys-tems. In addition, it differentiates Dartmouth-Hitchcock’s telepharmacy network and man-ages the order verification process for current and future facilities.
The interoperable technology platform is designed to improve medication administration visibility between facilities and addresses logis-tical and budgetary challenges that arise from managing and staffing multiple care settings.
Sarah Pletcher, MD, medical director and founder, Center for Telehealth at Dartmouth-Hitchcock Medical Center, said the health sys-tem uses PowerGrid Rx as a tool in the delivery of telepharmacy services across wider landscape.
“Our customers are the ultimate end user in that regard,” Pletcher said.
After going live in six hospitals Dartmouth-Hitchcock has processed thousands of patient orders: “We have data that suggests the benefit to the hospitals in that we are allowing them to load-level staffing and optimize their in-hospi-tal team – sometimes deploying them to more patient care or clinical activities,” she said.
Pletcher pointed out that for many smaller rural and critical access hospitals, the volumes that they see on weekends for example, aren’t enough to rationalize them having an in-house pharmacist.
“But we’re also finding hospitals recogniz-ing the value of having telepharmacy support for scenarios where they want to allow their pharmacists to be out on the floors helping with patient care,” she said.
In a cancer infusion suite for instance, Pletch-er explained that oftentimes pharmacists are part of a clinical team working on projects where they might be involved in an electronic medical record implementation, or working on quality or formulary projects for the hospital.
“Any time we can help extend their team to allow them to optimize their in-hospital team, we’re happy to be there for them,” she said.
From a technology perspective, Pletcher noted that there are obstacles associated with integration and with host IT systems and EMRs.
She said with anything involving multiple hospital IT departments and multiple hospital
EMRs, there’s always a challenge – not just with the technology integration, but cultural barriers where hospitals have different levels of comfort for how much bi-directional integration they want with outside software platforms.
“Because we offer so many other telemedicine services, this is something we’re familiar with managing – the telepharmacy is the latest service – we have six or seven other 24/7 telemedicine services to hospitals where we’ve had to contend with IT or EMR integration. We kind of know to expect and support those conversations.”
Pletcher said Dartmouth-Hitchcock is expanding its telepharmacy program to more sites and more regions. “We’re excited about the opportunity to further integrate our teleph-armacy solutions with other clinical services.”
Industry insiders contend that the demand for PowerGrid Rx-type technology is on the rise for multi-site multi-facility organizations that are growing and want to tie their pharmacy network closer and closer together.
“We want to create a platform that enables them to share pharmacy labor and pharmacy resources across their whole organization, opposed to having to staff individually each hospital within their network, this enables them to tie them to
together,” said Brian Roberts, CEO of PipelineRx.
Roberts noted that among the challenges is to work with dif-ferent and multiple types of IT systems.
“Some of our customers have eight to ten different types of IT systems that they work with - we integrate back with their host IT systems and bring it into one platform.”
The other side, according to Rob-erts, is that they want a system that
can capture policies and procedures for each one of their individual hospitals. So, for example, if they were creating a central telepharmacy cen-ter, they would want that telepharmacist to have information at their fingertips.
“Our tool helps consolidate and bring poli-cies and procedures into one software offering,” said Roberts, who added that because Power-Grid Rx is a cloud-based piece of software – there’s no hardware on each individual site.
“So we use the power of the Internet to build a private cloud to manage all that infor-mation – and store the information for the hospitals.”
Roberts said CIOs like that, because it’s a cloud-based piece of software that doesn’t require them to have to go and do updates and update hardware; that’s all taken care of from the PipelineRx side. ■
Becomea Care
Futurist
www.HIMSSFutureCare.com
futureCARE
PRESENTED BY
CONTRIBUTEINNOVATECOLLABORATE
SUPPORTED BY
Sarah Pletcher, MD
TRENDS www.HealthcareITNews.com | Healthcare IT News | June 201632
Tips for detecting ransomware and other malware before it cripples your network CISOs and security analysts from top-tier firms offer highly effective advice and tactics for rooting out and getting rid of malicious codeBILL SIWICKI, Managing Editor
BEFORE THE prevalence of mobile phones and caller ID, there was an urban legend about a babysitter receiving frightening calls. Long
story short: When an operator runs a trace, the babysitter is told to her horror, “The calls are coming from inside the house!”
Such is the case with cybersecurity today. Threats are not just coming from without, they also are coming from within. Cybercriminals might be trying to crack through a healthcare organization’s outer defenses, or, they may already be inside an organization’s network. Either way, the horror they can wreak upon a healthcare organization is considerable, includ-ing not just holding data hostage but bringing patient care to a standstill.
Consequently, healthcare executives must know how to detect malware in order to pre-vent the heinous software from executing and doing damage.
“There is a measure of security effectiveness called ‘dwell time,’ which refers to the length of time a piece of malware or a hacker is in an organization before the organization detects them,” said Peter Firstbrook, a research vice president at Gartner who specializes in security. “When you look at the incident investigation reports from major firms like Verizon and Man-diant, dwell time can be measured in hundreds of days, and this is because many organizations do not have effective detection capabilities. If an organization’s protections do not alert staff, they assume they are safe. You should always assume the opposite.”
THE FIRST STEPSTo successfully detect malware, healthcare CIOs, CISOs and other executives must create a strategy, a plan of attack – or in the case of malware, counterattack.
“There are various components that comprise a detection program: network-level detection, end-point detection, content security detection, malware analysis, appliances for detection and employee education,” said Jeff Pollard, a princi-pal analyst at Forrester Research Inc. who spe-cializes in advanced threats, forensics and inci-dent response. “Executives begin the process of going to the security and IT teams, which decide
on the technologies, the processes and the people that will bring a security strategy to life, and then investments are made appropriately.”
One important part of an effective detec-tion strategy, Pollard added, is the underlying assumption that an organization’s protection layer has failed.
“When you are focusing on detection of mal-ware, you in part are building a strategy that can find malware when all your prevention controls have failed – and that should play a big part if you are relying on similar technologies to detect and to prevent,” he said. “You have to make sure if your technologies fail in prevention that you are not also relying on the very same technolo-gies for detection because they may not be able to do that.”
John Fowler, deputy information security officer at Henry Ford Health System, said that when healthcare executives are formulating malware detection strategies, they need to channel ancient Chinese general and military strategist Sun Tzu, who famously said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
“You have to understand the threat landscape from an external and internal perspective,” Fowler said. “If you understand the threats and your inside information, that greatly assists you with detection.”
STRATEGY TIPSA good place to start when creating and effect-ing a malware detection strategy is to inventory all hardware and software within a healthcare organization, Chuck Kesler, chief information security officer at Duke Health, recommended.
“You need to know what is out there, who’s on it, where it’s at,” he said. “If you do detect something malicious, you need to be able to track it down and get it off the network. Not knowing what you have can really slow you down, as opposed to having that crucial infor-mation readily at hand. That dictates how you go about detecting as well as how quickly you can respond to an incident.”
Kesler added another detection tip: Never run a flat network, in other words, a network that is built in only one segment.
“Have multiple zones in your network, where you group like systems together so you can apply certain rules internally that say a par-ticular system will only be functioning in this zone and should not be talking with systems in other zones,” he said. “You don’t just allow any communication, you define what legitimate communications are and block things that don’t fit those rules.”
Another tip for detection strategy may seem like an obvious one, but in practice (pun intend-ed), it is not.
“One thing we unfortunately see is organi-zations not even following security best prac-
tices, and that gets them in trouble,” said Kevin Haley, director, Symantec Security Response, at Symantec Corp. “The basics. For example, you should never allow executables to come through your mail gateways as attachments. That’s a best practice. You should be detecting and stopping executables like screen-savers, which are very popular. In research we’ve seen 10 percent of organizations allowing screen-savers in. You’re just asking to be infected.”
DETECTION TECHNOLOGIES There are a variety of security technologies that healthcare organizations can use to detect malware at a time when defenses need to be stronger than ever.
“Organizations need good intrusion detec-tion software and intrusion prevention soft-ware, which are very good at detecting indi-cators of malware and compromises and can generate alerts to staff – and with the prevention systems, take action on alerts,” Duke Health’s Kesler said. “Sometimes IDS and IPS systems are bundled in with next-generation firewalls. These IDS systems incorporate behavioral char-acteristics as opposed to just straight signatures and as a result are very good at finding those needles in the haystack.”
Kesler added security incident and event monitor systems go hand in hand with IDS and IPS systems. “SIEM systems collect all of the log information from systems within a network in one place and apply algorithms to the information to pop out those needles in the haystack,” he said.
Robert Pierce, chief information security officer at Carolinas HealthCare System, recom-mended installing security appliances that can help detect malicious communications from
malware on a network.“We have put up several security appliances
at the Internet gateway to study egress traffic, to be aware of what exactly is trying to ‘call home,’” Pierce said. “Tools such as FireEye can detect traffic as it is trying to leave your network. The tools have databases of known command-and-control malware servers, large lists of known attackers. The tools block traf-fic heading for these servers and correlate that information back to a machine so you can figure out what is going on.”
And CIOs and CISOs can play in the sandbox, a newer way of detecting malware.
“Automated malware analysis appliances, also known as sandboxes, are technologies that sit either inline or out of band,” Forrester’s Pollard said. “An organization can carve off traffic from a network and send it to the sandbox, which detonates files in a virtual environment that resembles an OS so an organization can detect the kinds of changes a file would make to a sys-tem and discover if, in fact, the file is malicious.”
When it comes to detection and general secu-rity technologies, the latest acronym to hit the scene is EDR, which stands for end-point detec-tion and remediation. The two biggest names in the EDR market today are Carbon Black and Tanium, said Firstbrook of Gartner.
“The end-point is your last line of defense – while network security is great, end-points need to be self-defending, in part because many often go out of the network, like laptops, and that might be where infection takes place,” Firstbrook explained. “Anti-virus traditionally has been the defensive technology here, but we have trained anti-virus vendors to be quiet. They used to ask users or administrators if they want to do a cer-
Robert Pierce, chief information security officer at Carolinas HealthCare System
CYBERSECURITY
TRENDSJune 2016 | Healthcare IT News | www.HealthcareITNews.com 33
tain function, but people started saying you’re bothering me with all these alerts, just do your job. So that’s what the anti-virus vendors did.”
Firstbrook explained this led to anti-virus software – which remains important – containing many security controls that are not deterministic.
“EDR systems are verbose and use much more fuzzy technology for detecting malicious things,” he said. “They do not always produce 100 percent accurate results, but they give an organization a strong and helpful indicator. For instance, an EDR might say that it’s 75 percent certain this is a severe threat, and thus the organization should put a human on it and focus on this stuff that matters.”
EDR systems are newer, and only the most advanced organi-zations with well-staffed secu-rity operations centers have so far invested in the technology, Firstbrook said. EDR systems cost between $20-40 per end-point per year, he added.
THE HUMAN FACTOR In the arena of information security, people can be the biggest problem – and the biggest defense asset.
“When it comes to defenses for detecting security threats, the big one, the one where you get the most bang for your buck, is training end users – they are your front line of defense,” said David Finn, health IT officer at Symantec Corp. “In healthcare, we spend a lot of time teaching employees how to wash their hands, but we do not teach them how to recognize a spear-phishing attack.”
Pierce of Carolinas HealthCare System wholeheartedly agrees that while people can be the source of security problems, they also are the best assets in fighting security threats.
“Vendors ask me what keeps you up at night – 45,000 employees keep me up at night,” Pierce said. “They each are making dozens of security decisions on a daily basis. Are they logging out? Are they remembering not to use their administra-tive accounts for common activities? We get 70,000 e-mails a day from the outside. That’s 70,000 times an employee can make a right or wrong choice.”
So to help train employees how best to negotiate the sometimes hos-tile e-mail terrain, Carolinas stamps every incoming e-mail with a mes-sage atop that cautions employees it is an external e-mail. Also as part of its employee training, every quar-ter Carolinas conducts a fake e-mail phishing campaign purposefully designed to trick employees into clicking on a link within an e-mail. If an employee clicks on what would under other circumstances be a
malicious link, a message pops up informing them of their poor choice, and information security staff are informed so they can follow up.
“Not too long ago, a good employee, who knew not to click on things, received a social engineering phone call that said they were helping to support our copier company and they understood we were having problems with our copiers,” Pierce said. “Well who isn’t having problems with their copiers? So this caller said they would follow up with an e-mail and there will be instructions in it. And this great employee clicked on it. So there was
some clean-up to do after that. These attackers are getting very intelligent.”
In the first quarter of 2016, Duke Health con-ducted more than 100 information security train-ing events on a variety of cybersecurity topics.
“It is time-intensive to do this, but that per-sonal touch really helps,” said Kesler of Duke Health. “We also use every communications vehicle available – electronic newsletters, e-mail blasts, training modules in learning management systems, screen savers with security reminders – and keep the message simple. And we make it easy for anyone to contact us, via a simple e-mail address, security@. And we let everyone know we would rather them over-commu-nicate rather than miss something because someone thought some-thing was not a big deal.”
When it comes to cybersecurity training, CISOs and other experts strongly agree on a big point – once or twice a year is not enough.
“Doing something twice a year is not going to make someone an expert,” Forrester’s Pollard said. “Most busi-nesses are battling this intersection of ‘Go fast and improve the experience and collaborate better’ and ‘Don’t click on things you don’t know.’ Security teams have to understand doing training twice a year does not make someone an expert and they must be real sensitive to that.”
Security executives must keep training cur-rent because of the speed of change in the threat landscape and the number of mutations that come out in a given year, said Finn of Symantec.
“When a new threat shows up, there needs to be immediate training,” Finn said. “Most of the
healthcare executives I’ve spoken with recently have reported an uptick in ransomware attacks, but I never heard any of them talk about training their end users. And that is what it will take. You can only change technologies so quickly, so at some point you have to get the users involved to become the front line of defense.”
Many organizations have given up on users, saying users are untrainable, said Haley of Symantec. “But while you can fool some of the people some of the time, if you give those people high-quality awareness training, you cannot fool
all of the people all of the time. That is a critical piece organiza-tions have been missing.”
THE BIG THREE In the end, healthcare CIOs, CISOs and other executives responsible for detecting the seemingly endless barrage of malware among the legitimate incoming traffic and among the legitimate content already within a network point to the tried-and-
true triumvirate of policy, process and technol-ogy – in that order.
“Your policy sets the stage for the organiza-tion for acceptable use and unacceptable use, it defines what the organization finds valuable from a data perspective, it gives the IT and end users that scope in which they can operate effectively,” Henry Ford’s Fowler said. “Then process, you develop process that supports that, technologi-cally and administratively. And last, technology, if I do not have policy and process nailed down, how do I know what technology to implement and how to implement it correctly?” n
Jeff Pollard John Fowler
THE LATEST IN INTEROPERABILITY, HIE, AND CONNECTED CARE
How can you make health data and HIE a public good? The answer to this and other questions challenging providers are at HIEWatch.com
The news, perspectives and resources you need. www.HIEWatch.com
Sponsored by
NEW PRODUCTS www.HealthcareITNews.com | Healthcare IT News | June 201634
NEW PRODUCTSFUJIFILM SonoSite launches new ‘smart’ ultrasound systemBOTHELL, WA – FUJIFILM SonoSite, Inc. released its new mountable ultrasound system, SonoSite SII with CE Mark and 510(k) clearance. The portable tool was developed for use with regional anesthesia, vascular access and trauma applications, while the user-friendly, touchscreen inter-face adapts to the provider’s needs. Son-oSite SII has an embedded dual transducer connector, which makes it easier to switch between transducers with two simple taps on the interface and ensures the right tool is readily accessible.
New research management platform from ProofPilotNEW YORK – ProofPilot launched its secure next-generation online platform to facili-tate design and management of full-scale research studies and randomized controlled trials - without the need for developers, designers or IT services. Researchers using the tool can design studies, utilize findings at a quicker rate and the platform can run on autopilot. Information is gathered from hun-dreds of validated measures, electronic health records and connected health devices. It can also recruit, engage and manage participants, who can browse research studies, contribute to research and earn rewards for participation.
New transplant-focused care management platformNEW YORK – Fitango Health announced the release of FitangoTx, a transplant-focused care management platform for patients. The tool allows transplant coordinators to closely monitor a patient’s adherence to protocols, through interactive care coordination with patient engagement and population health management, while providing direct commu-nication between the patient and provider. Patients can report care plan adherence on a daily basis, while the provider can moni-tor vitals and receive alerts when patients fail to meet parameters. FitangoTx also includes social support groups for additional support from external care members and custom care plans for medication, vital measurements and home care.
Nihon Kohden unveils new bedside monitorIRVINE, CA – Precision medical product and service provider Nihon Kohden released its bedside monitor, Life Scope G9. The tool is designed to provide comprehensive param-eter observation, while letting providers tailor the monitor to each patient. Life Scope can be used for tracking and overseeing parameters based on common metrics and shared proto-cols inputted by the provider. The tool can also be used in conjunction with Nihon Kohden’s BSM-1700 transport monitor to record data during transport.
New patient flow optimization platform from ProModelALLENTOWN, PA – ProModel, a provider of predictive analytic decision support tools, unveiled its new patient flow optimization platform. FutureFlow Rx can predict patient
flow trends, while capturing additional revenue by decreasing the length of stay, predicting the number of staff needed and improving the quality of patient care. The tool incorpo-rates descriptive, diagnostic, predictive and prescriptive analytics, in addition to “discrete event stimulation technology” to provide pre-dictive insights to clinical management staff. Officials say providers can use the tool to make the best decisions regarding payments, discharges, placements and transfers.
Sonitor releases patient wandering,
access monitoring toolSTAMFORD, CT – Sonitor Technologies, Inc., an indoor positioning technology provider, launched SenseAlert, a discrete and flex-ible tool to assist healthcare providers with patient wandering and unauthorized access to sensitive areas. An addition to the com-pany’s RTLS portfolio for Sonitor Sense open integration platform, the tool features ultrasound and LF that creates on-demand zone coverage and accurate chokepoints at hospital exits and entrances. SenseAlert helps providers locate patients who may have wandered off or individuals entering unauthorized areas by pinpointing their exact location.
LifeMap Solutions launches service for health app developmentSAN JOSE, CA – LifeMap Solutions, co-develop-er of ResearchKit-enabled app Asthma Health, launched a service to develop custom smart-phone apps and research studies. The compa-ny offers users its insights on medical science, consumer behavior, app analytics and design, and then adds the unique user data to create a care app, new research or a scientific study. The team at LifeMap works with its partners
to integrate the specific design needs into the secure platform, facilitates approval from the Institutional Review Board and builds, launches and publishes the app.
Montrium unveils new interactive intelligence dashboardMONTREAL – Clinical trial technology specialist and electronic content management software provider, Montrium, revealed its interactive intelligence dashboard. eTMF Navigator is integrated into eTMF Connect, the company’s clinical trial documentation platform. The tool leverages all clinical trial data from the provider and provides a real-time multi-dimensional view of trial master files. Users can man-age ongoing studies through the platform by updating artifacts, sites or countries. eTMF Navigator also helps streamline audits and inspections with a dedicated inspector view.
3M introduces intelligent asthma inhalerST. PAUL, MN – 3M Drug Delivery Systems unveiled the 3M Intelligent Control Inhaler, a fully-integrated, intuitive device able to deliv-er accurate doses of medication to patients, while displaying on-screen instructions. The inhaler’s technology controls the flow rate to reduce user error and improve consis-tent drug delivery, while the “patient-proof” design ensures the patient can properly use the inhaler. It also utilizes a data management platform, which records device usage, moni-tors the patient prolife and gives the patient and provider feedback. The dose is registered with the app once the patient correctly inhales the medication.
PLATINUM
Nimble Storage www.nimblestorage.com
GOLD
Agile Defense, Inc www.agile-defense.com
AiRISTA Flow airista.com
Medstreaming www.medstreaming.com
TelMedIQ www.telmediq.com
WELCOME NEW CORPORATE MEMBERS
Not a Corporate Member? Join Today!
www.himss.org/membership/corporate
SHOWCASE YOUR FEATURED EDITORIAL
SHOW ANDTELL.
Extend your editorial coverage and leverage third-party endorsements with high quality marketing products. Contact us today to learn how we can help you promote your success with marketing products like:
800-290-5460 I [email protected] I http://reprints.ygsgroup.com/m/himssmedia
Reprints and ePrints
Framed Awards
Desktop Awards
Permission Licensing
Published in partnership with
THE NEWS SOURCE FOR HEALTHCARE INFORMATION TECHNOLOGY n MAY 2016 www.HealthcareITNews.comHIMSS Media / Vol. 13 No. 05
BENCHMARKS: Privacy and security. It’s easier than ever for cyber crooks to gain access to hospital networks. Ransomware is rampant. Providers are improving their security posture, but often by learning the hard way. PAGE 30
See our ad on page 40
Athena cover teaser.indd 1
3/23/16 12:16 PM
21st Century docThe role of the chief clinical informatics officer comes into focus, emphasizing unique skill sets.PAGE 18
Smart moneyWith quality and value the new normal, revenue cycle is becoming an ‘end-to-end’ system.PAGE 24
Hackers have it in for healthcareHERE ARE 5 THINGS YOU NEED TO KNOW TO KEEP THEM OUTPAGE 4
35June 2016 | Healthcare IT News | www.HealthcareITNews.com JOBSPOT
Healthcare IT News creates a ‘room of one’s own’ for women in health ITGender disparities may not be as wide in healthcare as they once were, but they persistBERNIE MONEGAIN, Editor-at-Large
THE RESULTS of a 2015 HIMSS survey of 20,000 women in health IT on workplace, job satisfaction, recog-nition and opportunities to move
up – coupled with another on salaries for women in this field compared with com-pensation for men – spoke clearly to HIMSS Executive Vice President Carla Smith.
Both surveys revealed pressing needs for resources and community for women in health IT.
Men, on average, earned $126,262, compared with $100,762 for women in the HIMSS Compensation Survey of 1,900 healthcare professionals that included CEOs and CIOs.
Moreover, women landing their first executive positions make just 63 percent of what men make in their first executive role.
“I firmly believe sunlight is the great disinfectant: It’s a great way to start conversations and help people be more informed,” Smith said at a HIMSS16 session where she presented the findings of the compensation survey.
She saw the disparity, but also recognized the opportunity to do something about it – to change the status quo.
Not one to procrastinate, Smith gathered
together a roundtable of some of the most powerful women in the industry. They met at HIMSS16 to better define the situation, build a community and create an awards program, all to provide women support, recognition, concrete solutions, share ideas, offer resources and content.
Content is where Healthcare IT News comes in. In April we launched a dedicated section of our website, HealthcareITNews.com/WomeninHIT
– “a room of one’s own,” so to speak – exclusively focused on news, career advice, profiles, success stories and recognition of women in health IT and the issues that are most pressing to us.
We’ve also launched a Women in Health IT newsletter, which will be emailed the fourth Tuesday of each month.
Virginia Woolf’s slender masterpiece “A Room of One’s Own,” which explores themes related to women writers and
female fictional characters, was published in 1929, at a time when male authors domi-nated the literary world even more than they do today.
It’s much the same in the realm of health-care IT. The disparities may not be as wide as they once were, but they persist. As we see it, closing those gaps and achieving parity – both in opportunity and compensation – will elevate the entire healthcare IT industry. n
Where healthcare leaders go to explore exclusive resources, blogs and case studies full of in-depth analysis and insights into the changes in accountable care.
ContinuumofCareNews.com
Continuum of Care NewsPRESENT&
NEWS UPDATESANALYSISINSIGHTS
At HIMSS16, HIMSS Executive Vice President Carla Smith gathered together a roundtable of some of the most powerful women in the health IT industry. They met to build a community meant to provide women support, share ideas and offer resources.
PEOPLE www.HealthcareITNews.com | Healthcare IT News | June 201636
ON THE MOVEThe U.S. Government Accountability Office announced the appointment of three new members to the Health IT Policy Com-mittee: Jamie Ferguson will fill the position representing payers; Carolyn Petersen will fill the position of an advocate for patients and consumers; Karen van Caulil, who will fill the position rep-resenting employers. Scott Filion joined patient engagement plat-form provider, GetWellNetwork, as the company’s first president. Stanford Health Care appointed David Entwistle president and CEO, effective July 2016. He will succeed Mariann Byerwalter, who served as interim president and CEO since January. FICO, a software analytics company appointed Claus Moldt as chief
information officer. He most recently served as CEO at mPath. Faye Stech, prod-uct manager for Falcon Physician, was named vice-chair of the Clinician Experience Workgroup by the HIMSS Electronic Health Record Association. Kristine M. Hanscom was named senior vice president and CFO of Tufts Medical Center. She held the title of interim CFO since last November and was the institution’s vice president of finance since 2008. Medfusion, a patient experience management plat-form provider, named John Juzaitis as chief revenue officer and Michelle Murray vice president of marketing. Darren Ghanayem joined WellCare Health Plans as senior vice president and chief information officer. He most recently served as vice president of business transformation at Anthem. John P. Driscoll, CEO, board member of Care Centrix, Inc. and John Glaser, senior vice presi-dent, Population Health, Cerner Corporation were appointed to the board of directors
at Press Ganey Holdings, Inc. Driscoll also joined Press Ganey’s Audit Committee. New Jersey-based University Hospital appointed John Kastanis president and CEO. Kastanis was the former CEO of Temple University Hospital. Orange Business Services, a telecom operator and IT services provider, named Elie Lobel as CEO of its new subsidiary Orange Healthcare. Robert W.K Webb was appointed senior vice president and chief human resources officer of Tenet Healthcare Corporation. Community Health Systems in Franklin, Tennessee promoted Tim L. Hingtgen to executive vice president of operations and John W. McClellan as president of division IV operations. Adam Landman, MD was promoted to
chief information officer of Brigham and Woman’s Healthcare, from its chief medical information officer, Health Information Innovation and Integration. Landman replaced Cedric Priebe, MD who stepped down in September.
The GO-TO PLACE for digital health news, analysis, and innovation for the global digital health community.
Visit mobihealthnews.comJoin our community of innovators shaping the future of digital health.
UP-TO-THE-MINUTE COVERAGE of
emerging technologies
IN-DEPTH ANALYSIS for providers, payers, pharma companies, and investors
IMPORTANT TRENDS put into
context
Greenway Health founder stepped down, named Scott Zimmerman CEO
Tee Green, co-founder and former CEO of Greenway Health handed down the chief executive role to Scott Zimmer-man. Green will continue full-time as executive chairman, according to the company, including a focus on inno-vation as the company is working to transform itself from an electronic health record and practice management ven-dor into a population health and revenue
cycle specialist. Zimmerman most currently served as president of Televox, a provider of patient engagement communications tools. He also worked at Boston Scientific, GE Healthcare and Merck dur-ing his career. Zimmerman’s appointment marks the second C-level announcement in recent months. In December 2015, Greenway named Robert Ellis as its new chief financial officer.
AMA’s Kathleen Blake appointed co-chair of HIT Policy CommitteeNational Coordinator Karen DeSalvo, MD, is stepping away from the co-chair role on the ONC Health IT Policy Committee. Kathleen Blake, MD, vice president of performance improvement at the American Medical Association, will replace DeSalvo. The announcement was made at the joint meeting of the
Health IT Policy and Standards Committees. Blake will serve alongside DeSalvo’s current co-chair, Paul Tang, MD, chief innovation and technology officer at the Palo Alto Medical Foundation. Tang is also the head of ONC’s meaningful use workgroup.
Tee Green
Kathleen Blake, MD
John Juzaitis
Darren Ghanayem
Michelle Murray
STAY CURRENT IN HEALTH IT WITH THE LEARNING CENTEROur Center is more than a platform – It’s a community of healthcare IT professionals.
Learning Made Easier.
Experience the rich platform of HIMSS conferences, webinars, virtual events, and online courses, and gain valuable knowledge to help you navigate in a rapidly changing healthcare market. By taking our courses, you can get health IT disciplines and advance your career.
TAP INTO THE POWER OF THE INDUSTRY’S MOST COMPREHENSIVE HEALTH IT LEARNING CENTER
HIMSSLEARN.ORG
NEWSMAKER www.HealthcareITNews.com | Healthcare IT News | June 201638
MIKE MILIARD, Editor
UNIVERSITY OF Mississippi Medical Center’s John Showalter, MD, has led some serious gains at the $1.6 billion health system – not least a
four-fold ROI on its substantial investments in data analytics.
In building its Center for Informatics and Analytics an relentlessly reinventing itself as a knowledge-driven health system UMMC has made some significant strides with regard to patient safety and cost savings. Part of that transformation included Showalter’s title change, from chief medical information officer to chief health information officer.
While not every hospital may be as analytical-ly-advanced, many the lessons learned there can be applicable even to smaller hospitals looking to make the most of their data projects, says Showalter – who tells Healthcare IT News that robust data governance, a well-considered strat-egy and leadership engagement are essential to gaining value from any analytics initiatives.
Q. What is a chief health information offi-cer, from your vantage point? How does it differ from a CMIO?A. The chief health information officer position here is really much more focused on analytics and driving institutional return on investment from our clinical IT. When I was the CMIO I was much more focused on adoption and usabil-ity for the clinicians.
Q. When did that shift happen for you?A. I guess we’re going on almost two years of CHIO. We went through a large Epic implemen-tation and got it stabilized and then achieved HIMSS Analytics Level 6. Capitalizing on that, we felt comfortable moving a lot of the adoption workflow activities back to the other physician informaticists we had. We needed to really tack-le the return on investment side – the quality improvement, the revenue optimization – and really bring predictive and descriptive analytics to the table to get that done.
Q. While we’re on the topic of definitions: What is a “learning health system”?A. For me, a learning health system is about having the ability to generate a clinical evidence
base, looking internally to see what your oppor-tunities for improvement are and what you’re doing well – as opposed to looking externally toward evidence-based medicine.
Now, that doesn’t mean evidence-based medicine doesn’t play a role, but the learning health system is about having the ability to do continual quality and process improvement.
Q. And the terms “associative data lake” and “Honest Broker” – what do those mean?A. The associative data lake is much more about keeping data in its natural state and putting it together when we need it. We don’t do a lot of transformation of data into standardized data in a typical data warehouse model. We’re using much more of a logical data warehouse model that combines some internal data lake structure with external Hadoop high processing comput-ing, machine learning – and combining those together. So we do a combination of outsourc-ing and homegrown analytics that really focus on use cases as opposed to comprehensive data management.
The honest broker concept is that if you’re going to have your data in a more natural state you have to have group that can go access all the data and pull it together when you need it. That level of access brings a lot of privacy and security concerns. Our honest broker team has access to pretty much every data set in the entire institution. So they are a group that is specially trained in security and privacy and has respon-sibility for ensuring compliance with all data releases and all data aggregations. It’s a highly audited, highly monitored group of about five people that ave the responsibility to pull all of our data together – but in response they have access to all of it without having to pull it into a single environment and do security around it.
Q. So an elite squad that’s called upon for certain projects – talk about some of what you’ve been able to accomplish this way.A. We’ve focused a good bit on improving our documentation and looking at opportunities to do that, which required us to look into multiple systems to see whether physicians are answer-ing queries, to see whether we’re at benchmarks with our (case mix index) and to go into our
billing and coding systems to identify additional opportunities to turn those into data visualiza-tions that allowed us to work directly with our physicians and then pull up our CMI for several million dollars in return.
We worked on a similar strategy with data visualization and physician engagement around using the problem lists more robustly and get-ting ready for ICD-10.
More recently, we’ve integrated predictive analytics into our treatment of pressure ulcers and are about to go live with descriptive analyt-ics approach around treating those ulcers. That’s projected to be between a $500,000 and $1 mil-lion savings to the institution.
We’ve put together a quality analytics suite as well as in the next few weeks should be finish-ing our capacity management analytics suite and our perioperative analytics.
Q. How do you pick or prioritize these specific initiatives?A. It comes from two directions. The first is we have a a five year strategic plan with top tier priorities, and those are the ones we’re build-ing our analytics suites around, where there will be a whole set of scorecards and discovery applications for each of our top five priorities.
We also do do ad hoc requests that get pri-oritized by our senior leadership in conjunction with those strategic plans. Every request goes to a senior director or above that scores it from one to 10 and tells us whether or not we should do it.Q. Any surprises along the way?A. The ease to do this – the technology – has taken leaps and bounds over the past couple years. The tools to do data visualization and predictive analytics have really jumped ahead to where I thought they would be at this point.
But probably, not necessarily surprising, is the hunger for this as they begin to see what we can do just multiplies. We have way more requests than we could ever handle. And we need to pace this out to get really good data governance and know what everybody’s talking about in every applications.
We’ve had a lot of success in keeping execu-tives on pace and handling their demands, but I’ve been surprised by how deep the desire for the data goes – beyond the strategic imperatives. The frontline nurses’ desire for this is really pick-ing up, and four or five years ago it really wasn’t something that was a focus or something they talk about.
Q. What are some strategies for build-ing a good team, and a good analytics driven culture?A. The primary thing is to recruit a team that works well together, has a good work ethic and is very mission-driven. My team completely real-izes that their work reaches the bedside, and reaches the patient, and that changes how they do their jobs. I would also suggest you recruit a team that’s interested in learning, because the technology we have in three years is not going to be the same as the technology we have today.
Learn more at the HIMSS and Healthcare IT News Big Data and Healthcare Analytics Forum, June 14-15 in San Francisco.
Q&A: University of Mississippi Medical Center’s John Showalter, MDChief health information officer describes the path to becoming a ‘learning health system’
athenahealth .........................................40
athenahealth Continuum of Care .........35
BrightHouse Networks ...........................9
GCX ......................................................11
HIMSS ConCert ....................................21
HIMSS Innovation Center.....................23
HIMSS Learning Center .......................37
HIMSS Media Big Data Event ..............39
HIMSS Media MobiHealth Event .........27
HIMSS New Members ..........................14
IBM Future Care ...................................31
InterSystems ..........................................2
InterSystems HIE Watch ......................33
Mazik ....................................................15
Ohio Jobs .............................................13
Optum ....................................................7
PC Connection .....................................19
PC Connection - we-solve-it ................29
Relay Health .........................................25
Reprints ................................................14
Women in Health IT ..............................32
AD INDEX HEALTHCARE IT NEWS (ISSN 1547-3139) is published
monthly by HIMSS Media, P.O. Box 2016, Skokie, Illinois,
60676-2016. Phone: 207-791-8700; FAX: 207-791-8794.
Periodicals postage paid at Portland, ME and additional
mailing offices. Qualified subscribers receive HEALTHCARE
IT NEWS free of charge. Non-qualified subscribers in the
U.S. are charged $72/year. Canadian subscriptions $96/year.
Foreign subscriptions $150/year, includes airmail delivery.
Single copy, $8. POSTMASTER: Please send address
changes to HIMSS Media, P.O. Box 2016, Skokie, Illinois,
60676-2016. ©2016 by HIMSS Media. All rights reserved.
No part of this publication may be reproduced or
transmitted in any form or by any means, electronic or
mechanical, including photocopy, recording or any
information storage and retrieval system, without
permission in writing from the publisher.
“The CHIO position is focused on analytics and driving institutional return on investment from our clinical IT.”John Showalter, MD
bit.ly/BD16SF
Healthcare is undergoing a massive transformation.
Reimbursement is shrinking, providers are being asked to shoulder more risk, and patients are more involved in their care than ever. The ability to use analytics to transform data into actionable information will play a big role in who survives this transformation.
Join us for two highly targeted days of healthcare-focused insights and success stories and discover how to get ahead of the curve in the transition to value-based care.
FROM BIG DATA TO SMARTER CARE:
WHAT, WHY & HOW *Discount applies to new registrations only
USE CODE
HITN200FOR $200 OFF!*
JUNE 14-15, 2016 • SAN FRANCISCO, CA
TOPICS INCLUDEPopulation Health
Analytics Strategy
Data Governance
Predictive Analytics
Calculating ROI
Standardizing Care
NETWORK-ENABLED EHR, REVENUE CYCLE MANAGEMENT, CARE COORDINATION, AND POPULATION HEALTH SERVICES
MANAGING RISK WITH PATIENTS: SMART
SHARING YOUR
RISK WITH US:POPULATION HEALTHIER