Techies invade HIT market: is their unfamiliarity with healthcare industry obstacle or advantage?

Until recently, healthcare software has been developed by IT professionals grounded in the healthcare industry.  The latest arrivals to HIT development come from a range of non-healthcare industries.  The vendor of one new product currently on the HIT market last developed software related to automobile sales, while another previously developed public relations software that helps customers manage their online image.  Some observers worry that the newcomers’ disconnect from the healthcare arena threatens the success of products they may develop, but others say this freedom from preconceptions may lead to bold and successful innovation.

See Modern Healthcare article at "IT entrepreneurs rush into healthcare, but will human touch be missing?"

CMS issues final EHR meaningful-use rule - with some flexibility

The Centers for Medicare and Medicaid Services issued a final EHR meaningful-use rule last Friday, consistent with the proposal it published in May.  The rule will grant healthcare providers more time and some flexibility in how they meet requirements for the EHR incentive program.  One of the points on which the rule grants more leniency is that the MU third stage deadline for the first wave of adopters will change from January 1, 2016 to January 1, 2017.  Another is that providers who need the time will have an additional year to use 2011 Edition EHR software before they must implement 2014 software.

See Modern Healthcare article at “CMS finalizes EHR meaningful-use rule, adds some flexibility”

Steve Fox moderates panel in Boston on best practices for working with vendors

Steve Fox, Information Technology Practice Chair and Data Protection/Breach Co-Chair at Post & Schell, will speak  as well as moderate a panel discussion on "Dealing with Vendors:  Best Practices for Contracting and 3rd Party Compliance" in early September 2014 at the Privacy and Security Forum in Boston.

Via Health Privacy Forum:

As outsourcing continues to gain steam in the healthcare, security and privacy officers must be more vigilant than ever that cloud vendors and other business associates who handle PHI comply with HIPAA and make privacy and security a high priority.  Your relationship with your vendors begins with a well-negotiated contract, which is vital to protecting your interests and limiting potential liability in the event of a breach, but it’s only half the battle. 

Just because you have a contract in place, doesn’t mean you can be hands off about privacy and security issues.

In this session, Steven J. Fox, a leading healthcare IT attorney, outlines some of the key terms and conditions that make up the contractual foundation that covered entities need when working with HIT vendors and other business associates.  He'll also cover:

* What due diligence should be performed prior to starting contract negotiations?

* How vendors should share information about privacy & security breaches with your organization?

* How often (if at all) should you audit or monitor a vendor’s privacy & security performance?

* How to make sure a vendor returns, destroys, or appropriately safeguards your data at the end of the business relationship?

Fox will also moderate a panel discussion and examine what providers should expect from their vendor partners when it comes to protecting PHI and what vendors can realistically deliver.

Risks of EHRs accessible only via internet: a cloud downside

The cloud, popular because businesses can pay a monthly fee for computer-related services instead of paying for costly in-house hardware and the staff to manage it, has its drawbacks.  One of these became painfully evident for two days in mid-August.  While the fact has received surprisingly little news coverage, the internet experienced intermittent periods of brownout worldwide on Tuesday and Wednesday, August 12 and 13.  This was understandably alarming to healthcare providers who were unable to access patient records during these periods.  Not all EHR cloud storage providers were affected, and those that were, were able to resolve the problem by the end of Wednesday.  For cloud EHR storage vendors that invest in what are known as “system redundancies,” backup systems activated if primary systems become unavailable, business continued as usual during this period.  Smaller healthcare practices in particular, tending to have smaller budgets to spend on their EHR systems, often choose more affordable EHR programs from vendors with less robust system redundancies in place.  According to the Wall Street Journal, global internet traffic has grown too voluminous for the global routing system currently in place.  While engineers are working to upgrade the routing system, progress on this project is not keeping up with demand and periodic brownouts are likely to continue to occur.  Healthcare providers can protect themselves against the effects of future brownouts in various ways including investing in hybrid EHR storage systems, and including uptime guarantee clauses in their vendor contracts.

For more information see:

“Internet Outage Left Doctors Without Records For Hours – Huffington Post – internet – Google News,” News Journal Online (August 19, 2014)

 “Internet Brownout Exposes Risk of Cloud-Based EHRs,” Medscape (August 22, 2014)

“The 512K 'Crisis' Makes Its Mark:  Network Engineers Were Left Scrambling to Keep Web Customers Connected,” Wall Street Journal (August 18, 2014)

Patent trolls: new developments at federal and state level

While the healthcare industry has become well-acquainted with patent trolls, they are not the only industry that has been hit.  According to a Boston University study, American businesses paid $29 billion in 2011 alone to patent trolls in “licensing fees” in order to avoid litigation.  In response to the expanding activities of patent trolls, more formally known as PAEs (patent assertion entities), efforts have been underway at the federal and state levels to develop mechanisms for protecting businesses.  A patent reform bill which passed the House of Representatives 325-91 in December 2013, and had President Obama’s vocal support, was dropped by the Senate Judiciary Committee in May 2014 shortly before it would have come to a vote on the Senate floor.  Observers say a new bill on the subject is unlikely to appear before 2015.

States are coming up with some creative ideas to address PAE activities.  States are suing PAE’s under existing state consumer protection laws, and are also passing new laws directed at the activities of PAEs specifically.  Some of the new laws include fee shifting measures, requiring a PAE to post bond for the legal fees the target of their lawsuit would incur in order to facilitate their payment of their opponent’s legal fees if the PAE’s suit fails.  Bad faith demand letters tend to share common traits including being so vague regarding the recipient's alleged unlawful behavior that the recipient is unable to determine the validity of the accusation which, in the case of PAE demand letters, is patent infringement.  Measures in some of the new state laws address these letters specifically by legislating how demand letters must be written to be legal, and/or requiring PAEs to submit their demand letters to the state for approval before they may send them out. 

Despite the states' energy around this issue, they are hampered in their efforts by a century-old Supreme Court decision.  In 1912 the Supreme Court ruled that for the most part cases pertaining to patent law fall under the jurisdiction of federal courts.  The case currently in the limelight testing how restrictive the 1912 decision will be for the states is Vermont v. MPHJ.  MPHJ asserts that, pursuant to the 1912 Supreme Court decision, the Vermont state court system in which Vermont filed its lawsuit against MPHJ has no jurisdiction.   The question has gone before the federal courts twice so far in this case.  In April 2014, Judge William K. Sessions III of the U.S. District Court for the District of Vermont noted that what the 1912 Supreme Court ruling actually says is that "Federal courts have exclusive jurisdiction of all cases arising under the patent laws, but not of all questions in which a patent may be the subject-matter of the controversy."  According to Judge Sessions, the Vermont case is about bad faith demand letters rather than about patent issues, and therefore, the state court does have jurisdiction.  In August 2014, the U.S. Appellate Court for the Federal Circuit dismissed MPHJ’s appeal, remanding the case back to state court.  According to observers, MPHJ is likely to file another jurisdictional appeal.

See additional information at:

“Patent-troll fight ends in retreat,” Burlington Free Press (July 7, 2014)

"Patent troll case referred back to Vermont courts,” Brattleboro Reformer (August 15, 2014)

"States go after patent trolls - how far can they go?" ABA Landslide Magazine (July/August 2014)

ICD-10 delay reopens door to broader discussion among providers: is ICD-10 even the right way to go?

The postponement of the deadline for healthcare providers to implement ICD-10 (International Statistical Classification of Diseases and Related Health Problems) would seem to help ensure that the transition to the new coding system will unfold successfully.  However, it is also now allowing time for further discussion in the medical community about whether ICD-10 is the right choice at all.  As Meaningful Use Stage 2 requires adoption of the many times more complex SNOMED (Systematized Nomenclature of Medicine), some practitioners suggest that the community should skip ICD-10 altogether.  Pointing out that ICD-10 is already 25 years old, they suggest the industry’s time would be better spent transitioning to SNOMED, completing ICD-11, and then implementing that once finished.  Others suggest that using two separate, parallel coding systems doesn’t make sense and that one or the other should be chosen and implemented.  Of these, some feel the industry should use SNOMED only, claiming that the ICD coding system is geared so specifically toward facilitating reimbursement that it doesn’t support providers in delivering care.

See Modern Healthcare article at “ICD-10: Is it for clinicians or reimbursement?”

Senate committee concerned by EHR interoperability issues

Members of the Senate Appropriations Committee have become concerned that different brands of electronic health records software, paid for with tax dollars, are incompatible with one another thereby preventing healthcare organizations from sharing data.  A recent Rand Corporation report highlighted this issue and noted that some software is engineered to block sharing of data.  The Senate committee is requesting an investigation into the issue, and in the meantime has drafted a bill asking that the ONC “…decertify products that proactively block the sharing of information….”

See Information Week article at “Senate Committee Seeks EHR Interoperability Investigation” and“Draft Departments of Labor, Health and Human Services, and Education, and Related Agencies Appropriation Bill, 2015” (PDF)

Attorney Steve Fox speaks on "Hidden Risks of Cloud Computing" at American Hospital Association conference

Healthcare IT attorney Steve Fox spoke on risks of cloud computing at the AHA's Leadership Summit held in San Diego this year.  According to attorney Fox, the data which the health care industry handles is growing exponentially, a trend driven in large part by  the increasing use of mobile devices. In his talk he explained that health care providers are adopting cloud and mobile technology for their affordability and convenience, but may be unaware of hidden costs in these new options. Fox asserts that cloud computing presents new challenges for health care organizations in terms of securing the applications and data. Issues with vendors may arise over service levels, security of information, ownership of information that is remotely hosted by a third party and use of hosted data by the vendor. In his presentation Fox provided advice on how to avoid some of the more important pitfalls with cloud computing. He said that technology may provide greater efficiencies, but it must be used responsibly and that patient information which passes through the technology must be responsibly handled as well.

Congressional letter requests CMS waive EHR requirements for Medicare labs

Eighty-nine members of the U.S. House of Representatives signed a letter to the Centers for Medicare and Medicaid Services requesting that Medicare laboratories be exempt from EHR requirements.  CMS had already postponed the deadline for laboratory pathologists to comply with the requirements by a year.  The lawmakers, however, assert that EHR systems are unnecessary for diagnostic labs, and are too financially burdensome.  They are asking that the requirement be postponed until at least 2020, if not waived permanently.

See The Hill article at “Lawmakers look to exempt Medicare labs from e-health records”

FDA lags behind in regulating torrent of new mobile health apps

So far the FDA has reviewed a total of approximately one hundred mobile health apps since these apps started becoming available – and yet hundreds of new health apps appear on the market every month.  As reported in our previous blog entries (see April 2014, and September and October 2013), the FDA is regulating health information technology with as light a touch as possible, in line with the FDASIA Health IT Report draft released in April 2014.  This means that for now the FDA regulates only applications that fall under its “medical device software” definition – that is software intended for medical devices, or software that transforms a smartphone into a medical device.  All other health-related software is considered lower risk or no risk and is currently not subject to pre-market regulation.  Industry observers are, however, concerned that the sheer volume of new health apps coming to market is so great that the FDA may not be in a position to monitor much less regulate the new products adequately.  Many apps, currently exempt from pre-market regulation, actually fall into a category between the low risk and higher risk definitions and may not be receiving sufficient oversight, observers worry.  Lawmakers have called for Congress to establish a department within the FDA to focus specifically on mobile applications.


See PBS Newshour article at "FDA regulation can't keep pace with new mobile health apps"