News
More than 30 healthcare provider organizations have banded together to urge the Centers for Medicare and Medicaid Services to adopt a 90-day reporting period for meaningful use measures in 2016, rather than full-year reporting as CMS has proposed.
Providers proved successful when they rallied for 90-day reporting for 2015.
[Also: Meaningful use will still be part of MIPS reimbursement]
In a March 15 letter to CMS Acting Administrator Andy Slavitt, the groups said the changes CMS made in the Modified Stage 2 final rule for 2015 provided welcomed relief to the provider community.
As they see it, full-year reporting in 2016 would demand complex system changes: "For many providers, these system changes will impact their ability to comply with the full-year reporting period," they wrote.
CHIME, which represents more than 1,800 healthcare chief information officers, is leading the call for 90-day reporting.
[Also: Healthcare industry cheers meaningful use modifications]
"Healthcare providers are firmly committed to using information technology to transform the delivery system," CHIME Board Chair Marc Probst, CIO at Intermountain Healthcare, and CHIME President and CEO Russell Branzell, said in a joint statement. "Changes made to the meaningful use program last year provided welcomed relief from burdensome regulatory requirements.”
"Providers now are awaiting further changes to the program spurred by the Medicare Access and CHIP Reauthorization Act of 2015. However, the current regulatory scheme still calls for a 365-day reporting period. Until the final MACRA rules are issued, providers will be greatly challenged to meet the reporting requirements,” they said.
[Like Healthcare IT News on Facebook]
"Maintaining 365-day reporting period also will force providers to pull resources away from using health IT to innovate care processes and workflows. Additionally, it will limit the amount of time providers and vendors could spend on improving interoperability and information exchange."
Organizations supporting the change are:
American Academy of Dermatology Association
American Academy of Family Physicians
American Academy of Neurology
American Academy of Ophthalmology
American Association of Clinical Endocrinologists
American Association of Neurological Surgeons
American Association of Orthopaedic Surgeons
American College of Cardiology
American College of Mohs Surgery
American College of Physicians
American College of Rheumatology
American College of Surgeons
American Gastroenterological Association
American Society for Dermatologic Surgery
American Society for Gastrointestinal Endoscopy
American Society of Nuclear Cardiology
American Society of Plastic Surgeons
American Urological Association
America’s Essential Hospitals
Association of Medical Directors of Information Systems
Cardiology Advocacy Alliance
Coalition of State Rheumatology Organizations
College of Healthcare Information Management Executives
Congress of Neurological Surgeons
Federation of American Hospitals
Heart Rhythm Society
Infectious Diseases Society of America
Medical Group Management Association
National Association of Spine Specialists
National Rural Health Association
Oncology Nursing Society
Premier healthcare alliance
Society for Cardiovascular Angiography and Interventions
United Surgical Partners International
Twitter: @Bernie_HITN
Organized criminals scoped their sights on healthcare somewhere around 2012 and found that stealing patient data enabled them to monetize that information in a number of ways. Since then tactics have grown increasingly sophisticated and attackers are launching more attempts now than ever.
Perhaps coincidentally that’s also when the stream of lost unencrypted hardware began slowing down, said Kurt Long, CEO of application security specialist FairWarning.
“That’s not to say that laptops don’t still get lost, but the peak years for that were 2008-2012,” Long determined. “I don’t know that lost laptops were all that damaging. It could be in the bottom of the Hudson River. We don’t know where that data went.”
But since healthcare organizations have to publicly disclose those incidents, whether the information was actually exposed to criminals or not, the industry swallowed a steady diet of headlines about data breaches.
The era of targeted attacks, however, appears to be significantly more threatening — and it’s already upon us.
Healthcare organizations, in fact, have been hit by one hack per month during the last year, according to a Ponemon Institute study. Ponemon questioned 535 IT security professionals working at public, private and government healthcare organizations and found that the most common threat is attackers exploiting existing software vulnerabilities that are more than three months old. Newer vulnerabilities and spearphishing -- sending targets an email aiming to get them to click on an executable or other malicious code -- ranked second and third, respectively.
[Also: Hollywood Presbyterian pays $17,000 to regain control over systems]
From the criminal’s perspective the beauty of these attacks is that they are relatively low-risk with a big potential to make plenty of money by using elegantly simple tactics, said Secure Ideas CEO Kevin Johnson.
“As much as I’d like to say it’s cool and magic, it’s really not. It’s basic IT cleanliness,” Johnson explained. “And IT cleanliness is not ingrained in healthcare.”
That fact paved the way for the years FairWarning’s Long described as an era in which organized crime squarely targeted healthcare, circa 2012-2015. By combing through public documents like court reports and reading indictments as well as interviewing Treasury Department officials, Long and colleagues showed that criminals are stealing patient records to commit medical ID theft but also to defraud the Internal Revenue Service by filing fake returns with the stolen information.
While those practices are not likely to vanish anytime soon, Long said the industry is already entering a new phase.
[Like Healthcare IT News on Facebook]
“The next wave is hacktivists and foreign nationals that want to expose some wrong they think needs to be righted as well as international crime syndicates with financial motivations,” Long said.
Long explained that typically the criminals seeking money are in Russia and eastern Europe, while the Chinese are after our state secrets or looking to blackmail U.S. ambassadors — and the hacktivists location is something we don’t even know because they could be anywhere.
Regardless of who perpetrates the attack, though, what’s on the line is trust.
“It’s the ultimate high stakes game because at some point if the trust breaks down between patients and clinicians such that people are afraid to share health information and withhold it instead because they don’t trust providers, that’s only going to escalate,” Long said. “This is a battle we have to win.”
Twitter: @SullyHIT
Texas Republican Sen. Ted Cruz promised during a nighttime speech in his home state that he would kill the Affordable Care Act, “abolish” the Internal Revenue Service, stop amnesty and rebuild the military.
Shortly after Florida Sen. Marco Rubio effectively lost his home state and bowed out of the race, Cruz’s overarching theme was that “beginning tomorrow morning” the battle is between Cruz and Trump.
[Also: Trump releases broad outline of health reforms to replace Obamacare]
“When I’m President we will repeal every word of Obamacare,” Cruz said. “We will make Washington less relevant.”
Cruz continued that his top three priorities as President would be jobs, freedom and security.
The job creation issue spans many industries and Cruz was not particular to just healthcare, of course. Cruz pointed to the specific freedoms as religious beliefs and protecting citizens’ Second Amendment rights to own firearms. And when it comes to security he cited former Republican President Ronald Reagan and how he bolstered the military to win the Cold War as a model for how we would, if elected, take on ISIS.
Cruz also promised to reform the Internal Revenue Service by instituting a flat tax, ending amnesty and welfare benefits for people living in America illegally, and getting the government “off the backs” of small business owners across the country.
[Like Healthcare IT News on Facebook]
“We’ll fire regulators,” Cruz explained. “Less government is more freedom.”
Although Ohio Rep. Governor John Kasich is still running, Cruz is calling it a two-candidate race at this point.
What with Trump’s 621 delegates versus Cruz’s 396 and primary elections in winner-take-all states such as California, Delaware, Maryland, New Jersey, Pennsylvania and Wisconsin still to come, it’s still too soon to say that either Cruz or Trump is precluded from winning the nomination ahead of the Republican National Convention come July 18-21, 2016.
Twitter: @SullyHIT
While mobile apps are new enough on the care delivery scene that many providers have only begun dabbling, consumers are sending a strong message that forward-thinking hospital executives can translate into an opportunity for improving population health management programs.
Northwestern University's Feinberg School of Medicine is conducting clinical trials that use mobile health apps to do much more than just communicate with patients — the software teaches mental health patients cognitive behavioral therapy, or CBT, techniques designed to improve population health and reduce mental healthcare costs.
This story is part of a reporting package on the rise of population in health in healthcare IT management. Stories include our analysis of health system strategies, an overview of the work done by Essentia Health and a look at how mobile apps are supporting initiatives.
Designed by Northwestern's Center for Behavioral Intervention Technologies, the ThinkFeelDo website (a responsive design site built to render effectively on any device) and the IntelliCare suite of mobile apps (available in the Google Play store for Android devices, with Apple iOS apps in the works) break up the various CBT techniques into separate modules to make learning the techniques and applying them in situations an easier task.
The modules include text, animation and video. Caregiver coaches, on the other end of the mobile site and apps, review patient progress and can intervene during lessons to help patients with any challenges or issues and to provide encouragement.
"Costs can be saved by giving depressed patients these kinds of tools, decreasing overall health care utilization for an individual," said Kenneth R. Weingardt, scientific director at the Center for Behavioral Intervention Technologies. Weingardt also is a licensed psychologist.
"We are now saving more money because the cost of the app is much lower than the cost of face-to-face. For some folks who are fairly well-functioning and can go it alone, these types of technology may provide them with what they need so they do not have a long depressive episode that impacts their health and costs a health plan money."
ThinkFeelDo and IntelliCare are still in clinical trials at Northwestern, though CBITs is in discussions with Kaiser about deploying IntelliCare through its patient portal.
"Mobile interventions have much farther reach than individual providers can have," Weingardt said. "They can reach many more people beyond those we can see in our clinic. And a health system that adopts these kinds of tools can improve their bandwidth and their ability to address these problems beyond the capacity of their workforce.”
[Like Healthcare IT News on Facebook]
In the Northwestern’s clinical trials, Weingardt added, that means giving participants tools to get symptoms under control and making it less likely they will come back with complaints.
Providers such as Northwestern and other simply cannot ignore the trend toward mobile tools any longer, said population health management vendor Enli Health Intelligence chief medical officer Joseph Siemienczuk, MD.
"We have to follow the communication preferences of the community and and it is clear that their communication preferences have moved to mobile technology,” Siemienczuk said. "As we pursue effectiveness, moving patient engagement activities to mobile technology is an imperative."
Twitter: @SiwickiHealthIT
As 67 percent of healthcare organizations have population health management programs in place, experts say information technology is key in making them work.
First-mover health systems are already using telehealth services to successfully manage patient populations and lower healthcare costs.
Take Essentia Health, for instance.
The 16-hospital and 68-clinic system uses an Epic EHR and telehealth technology from Medtronic to focus on improving the health of congestive heart failure patients and enhancing the care surrounding this chronic health problem.
This story is part of a reporting package on the rise of population in health in healthcare IT management. Stories include our analysis of health system strategies, an overview of the work done by Essentia Health and a look at how mobile apps are supporting initiatives.
Whereas 25 percent of congestive heart failure patients in the U.S. are readmitted to the hospital within 30 days, according the Agency for Healthcare Research and Quality, Essentia said that less than 2 percent of those participating in its telehealth program return in that same timeframe.
Indeed, telemedicine technologies at Essentia and other tech-savvy hospitals can help fill in care gaps, monitor at-risk patients and extend services to patients who might not otherwise receive them.
Essentia, for its part, started the telemedicine work in 1998 and then instituted a formal population health management program several years ago.
Today, of the 2,500 patients in Essentia's congestive heart failure program, about 300 who meet certain clinical criteria have been given tele-scales. The electronic scales digitally report via landline or cellular phone service a patient’s weight every day as well as how that person responds to questions the scale literally asks aloud. Tele-scales cost between $70-$110 per month to lease. Physician assistants and registered nurses, in turn, can deliver telehealth care under the guidance of cardiologists.
"Weighing every day helps you identify the real problems," said Denise Buxbaum, heart failure program manager at Essentia Health. "When these patients actually come into the hospital, most of the times they outspend their diagnosis-related group, anyway. Now we have contracts, we are an accountable care organization. BCBS of Minnesota did one study and with this technology we saved them $1.25 million."
Buxbaum said the combination of regular monitoring and the patient education that comes with it lead to improved patient health and, as a result, lower costs.
"Patients need to understand the consequences of their lifestyle choices, and by showing them – when they see it with their own eyes – they are more likely to make a better choice the next time when they learn from ongoing education," she said. "With telemedicine, we are catching things early before patients have to visit an emergency room."
[Like Healthcare IT News on Facebook]
Additionally, Essentia Health built an interface between the telemedicine system and its EHR so patient data that congestive heart failure nurses see can be readily available to all members of a care team.
"Our EHR allows caregivers to review the patient medical record to see what other care coordinators or providers have done when caring for our patients," Buxbaum explained. "This allows for a more seamless, higher level of quality care when we all know what the rest of the health care team is doing."
Twitter: @SiwickiHealthIT
The I-STOP legislation, first passed in 2012, aims to combat controlled substance abuse. A provision set to take effect at the end of this month requires doctors to prescribe almost everything electronically.
A recent report from the Department of Health and Human Services Office of the Inspector General claims that HHS could do better when it comes to protecting federal information.
The gaps range from monitoring to security training and contingency planning.
"Exploitation of these weaknesses could result in unauthorized access to, and disclosure of, sensitive information and disruption of critical operations for HHS," according to Ernst & Young, which conducted the independent audit for the OIG. "As a result, we believe the weaknesses could potentially compromise the confidentiality, integrity, and availability of HHS' sensitive information and information systems."
[Also: OIG identifies big HHS security shortfalls.]
Assistant Inspector General for Audit Services Thomas M. Salmon detailed the findings in a March 2016 report by identifying the 10 areas the auditors found lacking. HHS responded to each finding, concurring with some, taking issue with others:
Continuous Monitoring Management. HHS has formalized its Information Security Continuous Monitoring program through development of ISCM policies, procedures, and strategies. However, HHS has not implemented a Department-wide fully-implemented continuous monitoring program which includes continuously monitoring, updating and finalizing policies and procedures indicating how OPDIVs (operational divisions) address, implement strategies and report on DHS metrics. This includes vulnerability management, software assurance, information management, patch management, license management, event management, malware detection, asset management, and network management.
Configuration Management. Some OPDIVs did not consistently review and remediate or address the risk presented by vulnerabilities discovered in configuration baseline compliance and vulnerability scans performed through Security Content Automation Protocol tools.
Identity and Access Management. Some OPDIVs did not consistently implement account management procedures for shared accounts, new personnel, transferred personnel and terminated personnel.
Incident Response and Reporting. Oversight processes had not been implemented by HHS to enforce incident response and reporting procedures at the OPDIVs.
Risk Management. HHS did not implement procedures to oversee that system inventories are complete, accurate and effectively managed, including reconciling to the OPDIV-managed system inventory tools.
Security Training. Some OPDIVs did not monitor the completion of role-based training for significant security responsibilities and other security training for personnel using IT systems.
Plan of Action and Milestones. Plan of Action & Milestones were not consistently documented and tracked by the OPDIVs and HHS.
[Like Healthcare IT News on Facebook]
Remote Access Management. Some OPDIVs had not developed formal and finalized remote access policies and procedures.
Contingency Planning. Some OPDIVs did not complete required contingency planning documentation, including Business Impact Analysis, Continuity of Operation Plans, and Information System Contingency Plans.
Contractor Systems. Some OPDIVs did not have an effective contractor oversight protocols.
Twitter: @HealthITNews
A new report based on customer scores found that the two companies outperformed other EHR-dependent and EHR-independent vendors.
The technology pioneer offered his thoughts on funding new projects and keeping up with change at his HIMSS16 keynote earlier this month. Here are seven takeaways.