• Breaking news as we were getting to launch this post: Accountable Care Organization Regulations Released! Here’s an earlier explanation from NPR and a fact sheet from the government. Check out this explanatory piece from CMS chief Donald Berwick, MD, MPP. Stay tuned for details about our ACO webinar.
• There was also the ONC release of a draft federal health information technology strategic plan for 2011 to 2015. According to Dr. David Blumenthal’s ONC blog, “This new era creates opportunities to transform the health care system by improving the flow of information through health IT. Meaningful use [of an EHR] is currently aimed at widespread adoption and information exchange, and ultimately at improving health care outcomes.” There are several comments on the ONC blog already. And for the quick check, blogger, CIO and ER doctor extraordinaire John Halamka says “Overall the Federal Strategic plan is a winner – it melds Meaningful Use, Certification, Health Information Exchange, PCAST, and the Institute of Medicine work on creating a learning healthcare system.”  The public comment period on the draft plan is open until April 22.
• A quick (related) headline: CMS has paid out $37.6m in EHR incentives so far.
• Attestation for the Meaningful Use of an EHR under the Medicare incentive program begins on April 18^th. What does that mean? Here’s how CMS explains in its preview: “During Attestation, eligible professionals, eligible hospitals, and critical access hospitals report numerator, denominator, and exclusion results (if applicable) for the meaningful use objectives and attest that they have successfully met the requirements of the program.” If that makes no sense and you are in an eligible medical practice, it’s time to find a service-based vendor that can help get you to Meaningful Use.
• It may be a small state known more for its mountains, maple syrup and cows but there were two EHR stories out of the Green Mountain state this week that show how efforts there are building toward a national health information exchange. Vermont Public Radio reports that the Rutland Regional Medical Center just went live on an EHR, allowing the emergency room to ditch its erasable whiteboard for electrons. And the Times Argus news ties the go-live in Rutland into the effort by VITL to create viable health information exchange.
• Those who spend a lot of time in social media marketing on behalf of their employer or on their own behalf, will know about the Mashable website. It was particularly gratifying to see an article there this week on how the cloud is safe for data, which some have expressed concerns about. The CTO author writes, “Think about it: Data is lost when an organization loses control over it, including how it’s stored, how it’s transmitted, and what end users do with it. Clouds, and the virtualization technologies on which they run, give you back that control, from data center to delivery to endpoint.” And data security (in our cloud-based model) is something our general counsel has been writing about lately in this blog.
• If you are in the Boston area on April 7, our Chief Operating Officer Ed Park will be speaking at MIT on “athenahealth’s own hack on the health care industry” for the improvement of health care. Presenting together with Zen Chu, Entrepreneur in Residence at MIT, the two “will lay out a visual landscape for the health care industry” and the opportunities make improvements.
• Finally, a list of people we all might like to know a little better–the top 25 health care chief information officers. Take notes.

Data breaches involving celebrities like Britney Spears or Maria Shriver tend to grab the headlines, especially when they lead to indictments for selling the information to media outlets. Those high-profile breaches represent the most visible aspects of data privacy concerns but there are several other wide-ranging and important issues to consider.

While not nearly as likely to garner attention as the stolen medical history of a pop star, a federal advisory committee to the ONC, known as the “Tiger Team,” has adopted the principle of provider accountability for privacy and has made useful recommendations on Fair Information Practices. The committee is also considering whether patients should have more granular control over how and when their health information is disclosed and used. The ONC should consider that if these recommendations are enabled, they could impair consumer goals of availability and access without a lot of payoff on privacy.  Patient access to, and input on, their health records is an important privacy and security objective but it can be accomplished without restricting the development of national health information exchange.

Despite the shortcomings of some providers, granular patient control over the movement of health information is not the answer.  It overburdens patients and takes the focus off of the more critical patient concerns of availability and access.  Under many consumer-directed health care programs, patients are expected to become independent actuaries analyzing their ongoing health care needs and payment patterns. Now we would expect them to be technology and privacy experts directing the flow of their health information.

For example, what if an ATM asked whether you want your information on Cirrus to go to a server across the country before the information is transmitted back to your bank, and it gave you the option to refuse, requiring that Cirrus adopt an alternative workflow? Cirrus would not have been able to build the network giving you access to your money from ATMs around the country.

Relying on consumers to make such nuanced decisions about topics on which most have little knowledge has been expertly analyzed by Cass Sunstein and Richard Thaler in their book on choices and influence, “Nudge: Improving Decisions About Health, Wealth and Happiness.”

Professional health care experts should ensure that health information exchange is done in a privacy-protective and secure manner. Policy should empower doctors and caregivers who control health information exchange to enable responsible decisions on behalf of patients and to help educate them. Patients, on the other hand, should be given clear, easy-to-use methods to access, review, and correct their health records, and to communicate with their caregivers about their health records. Caregivers and patients must also be given the tools to accomplish this with clear, privacy-protective federal standards that fully preempt state law. The patchwork of requirements in the 50 states that often conflict with federal standards obscures the fundamentals for provider accountability.

Nationally-applicable policies not vulnerable to state override are needed to affirmatively protect privacy. Doctors and others in the health care supply chain need to understand them and administer them evenly across national networks.  Opt-out should be provided to patients, but only in a manner that does not inhibit the development and effective operation of a national health information network. Patients deserve to have availability and privacy. They shouldn’t be forced to choose between them.

• If you haven’t seen it already, you really should check out and play around with our new Revenue Calculator. This is a really helpful and engaging tool for figuring out how to optimize both revenue and savings in your practice. We developed it to help explain our cloud-based medical billing, EHR and patient communication services model and how it delivers ROI to our clients.
• Several blogs this past week made note of the one year anniversary of the passage of health care reform, more formally known as the Affordable Care Act. From Physicians Practice, to NPR, to the Wall Street Journal, perceptions of the ACA and health care in general run the gamut but confusion and skepticism remain the overriding themes. (And while it doesn’t specifically address the ACA, this piece in The Health Care Blog does a good job of dissecting health care in America.) Mix in the debate over EHRs and Meaningful Use and it’s a potent stew. What do you think of health care reform a year later? Send in a comment to the blog and let’s get a discussion going.
• Speaking of the ACA, Paul Krugman, columnist for the New York Times, has this reaction to recent criticism of the reforms. The original piece tells the story of a journey through the health care system. One of our bloggers, Dr. Allen Gee, a Wyoming-based neurologist, shared his tale of trying to get his daughter into surgery and ended up getting quite a few comments from readers and colleagues who empathized. The Krugman piece ends up making a point about Americans’ inclination to go overseas in a revealing map (and one that begs for a red/blue overlay!)
• athenahealth has made it a priority to tackle Meaningful Use on behalf of our clients. We’ve set up a specific client website laden with resources, we’re running a pilot program to learn from doing, we coach clients for free, and we’re on top of every nuance and change as MU evolves. In that light, we’re always curious about what other vendors are up to. Some good reading here, especially when you scroll down to the post about a 241-page EHR Meaningful Use User Manual with some surprises on p. 45…
• In case you follow us on Twitter, you might recognize some names on this list of doctors who blog. It’s a good time for this collection of MD bloggers because there are mixed feelings out there among doctors about the use of social media, even if society has fully embraced it.
• As we move closer and closer to being a paperless society there’s a decent chance you have not been to a post office recently. In which case you may have forgotten that the FBI still has a Top Ten Most Wanted list. You may recognize a few faces there, unfortunately. It turns out that the Department of Health and Human Services has a list of its own. HHS has 170 health care fraud fugitives on their radar, but these are the top 10 most wanted. Know ‘em?

Back in 2005, Hurricane Katrina smashed into the Gulf Coast community of Waveland, Mississippi. Among the many losses were the community’s medical files. The storm instantly wiped out more than 10,000 of Waveland Medical Center’s patient medical records.

“For the past year, we have had to rely on our memories and notecards to keep track of patient care while treating patients outside or in a tent, battling against power outages, and working without heat in the cold and without air conditioning in the summer,” said Roberta Chilimiagras, M.D., WMC’s owner, in the days after the storm.

Patients fleeing the Gulf Coast area often sought treatment elsewhere. In Houston, Melinda Amedee presented at the MD Anderson Cancer Center, saying that she had been scheduled to have a tumor removed from her kidney at a New Orleans hospital. As Time magazine reported, her case posed a serious challenge to the doctors in Houston, who had no medical records and no way of contacting her Louisiana kidney specialist.

This example – extreme as it is – highlights a critical, and often overlooked, component of the privacy and security of patient information. Health information security can be thought of as a three-legged stool—Confidentiality, Integrity, and Availability. It’s widely accepted that health information must be kept confidential. But what good is all that information if doctors and their patients can’t get to it at the critical moments? I’d argue that on a day-to-day basis, patient access to, and input on, what is in their health records is an aspect of privacy and security that deserves greater attention.

When it comes to enabling availability security, cloud-based EHR services offer some distinct advantages, including:

• On-demand availability 24 hours a day from any location (brief maintenance breaks excepted)
• Ability to back up data at another secure location that is geographically separate from the primary location
• Ability to apply a uniform, high level of security, privacy controls and resources across medical practices, large and small, across multiple practice geographies. While some large, security-focused health systems might attain a high level of consistency in security across multiple entities and geographies using a client-server model, few will manage to maintain that consistency over time.
• An integrated database platform makes data available across multiple service lines without the availability and data integrity risk inherent in cobbling together multiple information platforms.

Availability is often highly restricted in paper-based information and in the client-server software world. For entities stuck with paper, there is very limited access for those who can physically get to the records, which can get lost and misplaced. There’s also little ability to audit who has obtained access to, or altered, a record. These problems persist in many client-server software systems where patient information is siloed and walled off.

This is not to suggest that a cloud-based electronic health record system leads to an information security Nirvana.  Clinicians in the market for an EHR should do their full diligence.

The best systems—whether on a cloud (private or public), or client-server platform – observe basic information security practices. Any health care organization needs to balance relative performance on availability with the other two legs of the security stool.  Better availability of records in the aftermath of Katrina could have helped many in Waveland and other Gulf Coast communities. And it can make a difference in the day-to-day as well through improved care coordination and outcomes.

• Last fall, Dell surveyed 150 hospital executives and 309 patients in hospitals about health IT.  Several useful findings are shared in this article from HealthcareIT News. Of all the questions, the greatest majority response was the 85% of hospital executives who are concerned about affording the investment that can be required for implementation and use of health IT, like EHR. From the patient perspective, concerns over information security persist and nearly one third of patients use online resources to educate themselves about health matters.
• You may have heard of cloud computing by now and that athenahealth is in the cloud, so to speak. But unlike a technology company that enables businesses to run more efficiently in the cloud, we provide “cloud-based services” for practice management, EHR and patient communication to medical groups. It’s the right answer for solo doctors on up to hospitals, for too many reasons to describe here. Now with recent consumer-directed efforts like these Microsoft TV spots, the cloud is gaining a higher public profile. The competition among businesses in the cloud gained the attention of Bloomberg Businessweek, which dedicated its March 3 cover story to it. A standout line, “One other thing about the cloud: It’s turbulent. It’s getting to be war up there.” But perhaps closer to home, HealthcareIT News reports on the cloud from the hospital CIO perspective.
• The Centers for Disease Control offered a preliminary estimate that more than half of office-based doctors in the U.S. were using an EHR either fully or partially in 2010. That is up from 18 percent on an EHR ten years ago.
• Thanks to The New York Times for covering Patient Centered Medical Home, or PCMH, even if it reports that some practices get off to a roaring start only to get bogged down with “change fatigue.” The story, which is based on a study from Health Affairs, is worth a read. It points to the need for an evolution toward what are described as medical “neighborhoods” where providers can easily “collaborate and share information about their patients.”  Neighborhood, community, sounds familiar either way. There was also this: Taking on electronic prescribing, patient portals and other technological advancements “proved more difficult than originally envisioned because the health information technology currently marketed to primary care practices resembles a jumble of jigsaw pieces rather than components of an integrated and interoperable system.” Suffice to say we are all about making sure providers have an “integrated and interoperable system” at their fingertips. One of our clients in western Massachusetts had a much more positive experience with PCMH. Here’s a video about their success. Lastly on PCMH, several physician organizations recently put out some new PCMH guidelines.
• If you don’t already, you might want to bookmark this health-related blog. Lately, it featured pieces on marijuana, sex and lefties. What more could you ask for?
• Now for two videos featuring our CEO, Jonathan Bush. First, he joined a forum hosted by The Economist for a talk with Colin Harrison, director of corporate strategy at IBM and Amir Peleg, founder and CEO of TaKaDu, entitled “It’s a smart world: Are smart systems really worth the cost?” And second, yes it’s finally out—the much-anticipated performance on stage at the HISsies awards in Orlando at HIMSS! The good stuff kicks off after 11:20.