the (new) current and future healthcare it paradigm for ... · steven s. lazarus, phd, cpehr,...
TRANSCRIPT
STEVEN S. LAZARUS, PHD, CPEHR, CPHIE, CPHIT, CPORA, FHIMSS
PRESIDENT, BOUNDARY INFORMATION GROUPCO-FOUNDER, HEATH IT CERTIFICATION, LLC
OCTOBER 11, 2012
The (New) Current and Future Healthcare IT Paradigm for Staying Connected: The Cheese
has Moved – Finding your Cheese
Business process consultant focusing on electronic health records, and electronic transactions between organizationsFormer positions with MGMA, University of Denver, Dartmouth CollegeActive leader in the Workgroup for Electronic Data Interchange (WEDI)Speaker and author (two books on HIPAA Security and one on electronic health records)Recipient of Vision and Leadership Award as WEDI Chairman, WEDI Corporate Leadership Award, and WEDI Distinguished Service AwardsConsultant to CAQH CORE ProjectHIPAA Expert WitnessConsultant to three successful EHNAC applicants
-- Strategic IT business process planning
-- ROI/Benefits realization-- Project management and
oversight-- Workflow redesign-- Education and training-- Vendor selection and
enhanced use of vendor products
-- Facilitate collaborations among organizations to share/exchange health care information
-- EHR and HIE training and facilitation
-- Medical Banking -- EHNAC Support
Strategies for workflow, productivity, quality and patient satisfaction improvement through health care information
Steven S. Lazarus, Boundary Information Group
2
Who Moved my Cheese?, Revisited
Best seller, “Who Moved my Cheese”, 1998*Changes in the mazeSniff out early changesScurry goes into actionHem denies and resists change (often out of fear)Ham learns to adjust when he sees changing leads to something betterWe all need to find our way in the maze and succeed in changing times (Steven S. Lazarus, 2012)
* “Who Moved my Cheese”, Spencer Johnson, Putnam, 1998
3
Agenda
1. A history lesson to understand where we have been and the business need
2. The business case for interoperable and reliable security and operational infrastructure rules for all provider external communication
3. The infrastructure operating rules under ACA Section 1104
-- Connectivity
-- Interoperability
4. The challenges and how to overcome them
5. Are we there yet, and if we are not, how do we get there?
4
5
1. A History Lesson To Understand Where We
Have Been And The Business Need
1.1 The 1990’s – Security Interoperability Demonstrations
Demonstrations deducted under grant funding in Minnesota, North Carolina and UtahConclusions from the pilots and the general environment of the mid-1990’s
Anticipated changes in security technologyAnticipated potential of the InternetPKI considered a useful approach, but significant questions about its scalability
HIPAA legislation became law in 1996, including security provisionsSecurity technology agreement barriers persist
6
1.2 2005, a Breakthrough Year
April 20, 2005, HIPAA security rule compliance requiredSecurity rule includes requirements for transmission security including encryption and integrity controls
August 29, 2005, Hurricane Katrina hits LouisianaHealth care providers are challenged with this disaster recoveryMarkel Foundation and others lead effort to access prescription drug records for evacuated patients during the disaster
Heightened interest in providing electronic access to patient records resulting from Katrina
7
1.3 2006 to 2012, a Few Steps Forward
CAQH CORE operating rules initially adopted voluntarily in 2006
CAQH CORE infrastructure operating rules mandated under ACA (2010) , by January 1, 2013Increased ONC, Medicare and SSA activity associated with electronically transmitting patient records for specific purposes
8
2. The Business Case for Security and Operational Infrastructure Rules for
Provider Communication
9
The Business Case for Security, Interoperable Connectivity
Providers need a single technical approach to secure connectivity
One technical methodology for both administrative and clinical
Providers need a standard approach for security One or two factor authenticationEncryption specificationsInteroperable connectivity
10
The Business Case for Security, Interoperable Connectivity
Authentication of the provider organization and the individualReliable – identify receipt (e.g., acknowledgement)Real-time required in many cases
EligibilityPatient records to the ER for patient treatment
Batch may be an option in some casesRemittance advice (one business day, maximum)Disability medical records to social security or worker’s comp
11
The Business Case for Security, Interoperable Connectivity
Providers need an affordable approachReasonable technology cost and maintenanceMinimal human user resources required to maintain and understandIdentifier and passwords
One set of identifiers and passwords for all secure communicationsAcceptable frequency of password changes
12
13
3. The Infrastructure Operating Rules Under
ACA Section 1104
Moving Beyond the Standard Administrative Transactions
Section 1104 of Affordable Care Act (ACA) provides the authority for CMS to require the use of operating rules to further administrative simplificationThe business case for connectivity is best served by as common an approach as practical for communicating administrative and clinical information
Lower cost to the provider to one common technical infrastructurePredictable interoperability with one set of rules for clinical and administrativeAbility to migrate rapidly for new real-time for administrative and clinical connectivityCommon security requirements where practical to lower cost and reduce complexity and difficulty to comprehend and implement
14
Operating Rules Definition
Operating rules (O.R.s), as defined in the Affordable Care Act of 2010, are:
“The necessary business rules and guidelines for the electronic exchange of information that are not defined by a standard or its implementation specifications as adopted for purposes of [the HIPAA, Administrative Simplification, Transactions and Code Sets]”
In health care, the Council on Affordable Quality Healthcare (CAQH) formed the Committee on Operating Rules for Information Exchange(CORE) in 2005, leading to voluntary adoption of certain operating rules . CAQH CORE has also been working with ONC and others to incorporate CAQH CORE operating rules, including connectivity into Meaningful Use and other ONC programs as appropriate.
15
The HIPAA Standards and Operating Rules Players
CAQH CORE developed operating rules for voluntary use and rules that have been adopted under ACA
Eligibility and claim status have a compliance deadline of January 1, 2013*Electronic Funds Transfer (EFT) and Electronic Remittance Advice (ERA) have a compliance deadline of January 1, 2014*More operating rules are likely in 2012-2014 with adoption compliance deadlines as directed in ACA
*As required in ACA, regulations to implement these operating rules have been published by CMS
16
Operating Rules Enhance Standards’ Interoperability
Data content and data definitionsCompanion GuidesAcknowledgement standardsSecuritySystems availabilityResponse time: batch and real-timeSupport interoperability
17
Operating Rules Infrastructure
ConnectivitySOAP+WSDL or HTTP+MIME MultipartDigital certificates for authenticationAligned with ONC-adopted infrastructure for NwHINError reporting requirements using AAA Error Code
Response timeReal-time, 20 seconds or lessBatch: receipt by 9:00 pm ET requires response by 7:00 am ET, next business day
System availabilityMinimum 86% availability per calendar week
18
4. The Challenges and How to Overcome Them
HITECH Changes to HIPAA Enforcement
HITECH significantly increased civil monetary penalties for all violations of HIPAA (TCS, Privacy, Security) effective Feb. 18, 2009:
20
HITECH Changes to HIPAA Enforcement
Interim Final Rule Oct. 30, 2009, effective Nov. 30, 2009Clarifies person can be in violation of HIPAARequires civil monetary penalty (CMP) for noncompliance due to willful neglect
Note that HIPAA risk also includes criminal penalties; enforcement by state Attorneys General, and frequently entails private lawsuits
21
Health Plan Certification Penalty Fees
Health plans must certify to compliance with the following transactions and O.R.s or be subject to penalty fees of $1 per covered life per day until complete certification (fees accrue interest if late; double for misrepresentation; include additional administrative fees for collections; and increase annually by the annual percentage increase in totalnational health care expenditures not to exceed $20 [or $40 for misrepresentation]) by Apr. 1, 2014 and annually thereafter.
Reporting is required by:
22
• December 31, 2013 for: • December 31, 2015 for:• Eligibility (270/271) • Claims (837)• Claim Status (276/277) • Enrollment (834)• Electronic funds transfer • Premium payment (820)• Remittance advice (835) • Referral/authorization (278)
We Have “Sticks” and Security Interoperability for Admin, but we Need “Carrots” and Federal/Private Leadership
1. ONC issued an RFI in May, 2012 for comment on a possible approach for rule making to spell out “conditions” of trusted exchange, but on September 7, 2012, ONC announced abandonment of this approach
2. Standards-based exchange is required in Stage 2 of Meaningful Use
3. ONC is relying on the marketplace to solve the problem or at least provide a lot more specificity to the consensus solution.
23
Transition of the Nationwide Health Information Network (NwHIN) Exchange to eHealth Exchange
ONC is pleased to announce the successful transition of the Nationwide Health Information Network (NwHIN) Exchange to eHealth Exchange, a public-private partnership that represents ONC’s commitment to support health information exchange innovation in the private sector. The eHealth Exchange is composed of federal agencies and private partners that have implemented nationwide health information network standards and services and executed the Data Use and Reciprocal Support Agreement (DURSA), a legal agreement, in order to securely exchange electronic health information. 10/1/12
24
Questions for Discussion
Should the federal government or anyone else continue to fund the state level HIE approach until this issue is resolved Or, should the federal government and the private sector invest in a consensus building process based on available technology, cost and operational options to resolve this issue and bring it to closure within the next 12 months?
The track record without government leadership is not good. There is a 17 year history of pilots and demonstrations attempting to address this issue.
Or, is there a low cost, easy to use approach for providers that can exist in an environment where there are no rules of the road?Or, do we need a “central switch/clearinghouse” liked those used in financial services to move electronic payments and those used in retail pharmacy to move e-prescriptions, “one road with rules versus many roads with rules for the road”?
25
How to Learn More About the Operating Rules
Federal Register, July 11, 2011 for eligibility and claim status operating rules, January 1, 2012 for EFT and ERA standard, and August 10, 2012 for EFT and ERA operating rulesFree webinars and copies of the operating rules from CAQH CORE (www.caqh.org) see CORE operating rulesMGMA (www.mgma.com) Certified Professional in Operating Rules Administration (www.healthitcertification.com)
26
27
5. Are we there yet, and if we are not, how do we get there?
How will you find your cheese?28
Discussion
Contact Slide
Steven S. Lazarus, PhD, CPEHR, CPHIE, CPHIT, CPORA, FHIMSSPresident, Boundary Information Groupwww.boundary.netCo-Founder, Health IT Certification, [email protected](303) 488-9911 (office), (303) 809-9337 (cell)
29