U.S. healthcare providers hesitant about "offshoring" EHRs to India

Posted on November 3, 2010 by Steve Fox and Vadim Schick

Will American healthcare providers, like major companies in other sectors of the economy, outsource their electronic medical records systems and maintenance offshore, especially to an established tech industry in India? According to the Wall Street Journal, Indian technology vendors face a significant amount of skepticism regarding outsourcing health IT to India. 

While major tech companies routinely utilize data centers, service desk and other products and services in India, healthcare providers are not used to such outsourcing arrangements.  Indian IT companies like HCL, InfoSys, and Wipro are trying to tap into the booming health IT market in the United States. However, they face a number of important challenges, including concerns over privacy, security and integrity of protected data, breadth of experience in the industry,and ease of implementation of such systems.  One prominent CIO described this challenge succinctly in the Journal:

Designing and installing new medical systems 'is hard to do off site, let alone offshore,' says Darren Dworkin, chief information officer of Cedars-Sinai Medical Center in Los Angeles. Cedars-Sinai is close to finishing a four-year, $100-million project to install an electronic medical-records system. Mr. Dworkin says that 80% to 90% of the work isn't the sort of commodity coding that is easily outsourced, instead requiring an intimate knowledge of the hospital's terminology and how its doctors and nurses work.

You can read the full article by clicking here.

"Qualms Arise Over Outsourcing Of Electronic Medical Records," Wall Street Journal (November 2, 2010).

 

Tags: , , , , , , , , , ,

eWeek: Top 10 Reasons to avoid EHRs stored in a "cloud"

Posted on August 19, 2010 by Steve Fox and Vadim Schick

eWeek provides a great reminder of the dangers of signing up for an electronic health records system stored in a "cloud."  Such ASP/SaaS EHR models are attractive to many practices because they offer consistent (though not always lower) monthly fees and require no equipment purchases or installations.  However, as eWeek appropriately summarized, choosing an ASP provider should raise quite a few concerns, including:

  • Access: who has access to your information (including your patients' protected health information)? How safe is it? Perhaps even more importantly, do you have access to your own information? Each ASP contract must deal with access issues, and clearly state that the provider will always have the right to access its own information stored on remotely hosted servers. Similarly, vendors should warrant that only the necessary personnel will access provider's records, and only in accordance with the scope of the agreement between the parties.
     
  • Storage and disposal: Where is the data actually stored, and what regional or international laws may apply to such information? Also, what happens if the provider ceases to exist? eWeek reminds us that in 2001, "GE Healthcare bought health records provider Encounter EHR and eventually ended up shutting it down - giving records holders 30 days' notice to reclaim their data or lose it. This caused a great number of problems." While such instances are rare, what if the vendor storing your records is acquired by another company? Once again, your contracts should clearly deal with these issues, especially by providing that in the event the vendor is sold or goes out of business, provider has the right to terminate the agreement and the vendor must immediately return all of provider's data in its possession in the format specified by the provider.
     
  • Cost: Does choosing ASP/SaaS model save money? According to eWeek, not necessarily: "Allscripts' MyWay service costs $700 per month per health care provider. GE Healthcare's new Centricity Advance service will cost doctors from $300 to $800 a month. Most client-server software packages are much less expensive."

As mentioned above, all of these issues, and the others identified in the eWeek summary, should be subject ton contract negotiations between the parties.  Frequently, ASP vendors use click-wrap license terms and non-negotiable contracts.  Healthcare providers should resist the pressure to simply sign such standard forms because failure to negotiate these agreements will expose your organization to very substantial risks with respect to, inter alia, control of and access to data, and privacy and security of the stored PHI.

"Data Storage: Storing Health Records in the Cloud: 10 Reasons Why It's a Bad Idea," eWeek.com (August 17, 2010).
Tags: , , , , , , , , , , , , , ,

NIST Publishes Approved Testing Procedures for EHRs

Posted on August 19, 2010 by Steve Fox and Vadim Schick

Via NIST:

In efforts to help the nation's health care industry make the transition to the digital age in an effective and meaningful fashion, the National Institute of Standards and Technology (NIST) has published a set of approved procedures for testing information technology systems that work with electronic health records (EHRs). Released in draft form earlier this year (see "NIST, Partners Develop Testing Infrastructure for Health IT Systems," NIST Tech Beat for March 16, 2010, at http://www.nist.gov/itl/hit_031610.cfm), the approved and finalized testing procedures are now available for use.

Under a certification program established by the U.S. Department of Health and Human Services Office of the National Coordinator (HHS/ONC), testing organizations authorized by HHS/ONC can use the tools to evaluate EHR software and systems that vendors would like to sell to doctor's offices, hospitals and other health care providers. Starting next year, the federal government will provide extra Medicare and Medicaid payments to health care providers that implement EHR systems certified to meet ONC requirements that conform to technical standards and are put to "meaningful use," performing specifically defined functions.

These ONC-approved test procedures help ensure that electronic health records function properly and work interchangeably across systems developed by different vendors. The set of 45 approved test procedures evaluate components of electronic health records such as their encryption, how they plot and display growth charts, and how they control access so that only authorized users can access their information.

The development of these tools was mandated by the American Recovery and Reinvestment Act (ARRA) in order to support a health IT infrastructure.

Notice of the approved test procedures appears in the August 9, 2010, Federal Register. For more information, see http://healthcare.nist.gov/use_testing/finalized_requirements.html and http://healthit.hhs.gov/certification
 

Tags: , , , , , , , , , , ,

In the news: medical ID theft on the rise; CHIME comments on meaningful; and more

Posted on March 24, 2010 by Steve Fox and Vadim Schick
  • Javelin Strategy & Research survey found over 275,000 cases of medical identity theft in 2009, with an average price tag greater than $12,000 per incident.  This is twice as many cases as in 2008.  Keeping health information safe is going to be of paramount importance in the next decade, especially considering the steep rise in use of electronic health records. According to Computerworld.com (citing a study by IDC, a research firm), "about a quarter of all Americans -- 77 million people -- already have an EHR, up from 14% from in 2009." By 2015, experts believe the number will reach up to 60%, partially due to the transformation of the health IT industry by the HITECH Act.
  • In its comments to CMS regarding the meaningful use NPRM, College of Healthcare Information Management Executives (CHIME) insisted that the present "all or nothing" approach to achieving meaningful use is going to prevent significant numbers of eligible providers from receiving any incentive payments under the HITECH Act.  According to American Medical News:

Among CHIME's suggestions: a gradual implementation process that would allow physicians to qualify for incentives by achieving 25% of meaningful use objectives by 2011, 50% by 2013, 75% by 2015, and 100% by 2017.

'Without an approach that rewards progress or provides sufficient time, organizations with limited resources will likely have little chance of qualifying for payments, thus widening the 'digital divide' in the country,' CHIME wrote.

  • U.S. Senate passed a bill which, if approved by the House and signed by the President, would limit the definition of "hospital-based" eligible professionals to just those practicing in an inpatient or emergency room hospital setting.  If passed, this change would make the Medicare and Medicaid EHR incentive payments available to a far wider range of eligible professionals.
  • CCHIT may be getting some competition from the Drummond Group, which announced plans to become an ONC-authorized certifying body of EHR technology (ONC-ATCB).

"U.S. Senate backs expanded physician eligibility for MU," HealthImaging.com (March 11, 2010).

"Drummond Group in EHR testing for the 'long term'," Healthcare IT News (March 12, 2010).

"Patient Billed for Liposuction as Medical Theft Rises," Bloomberg.com (March 23, 2010).

"As health data goes digital, security risks grow," Computerworld.com (March 22, 2010).

"EMR meaningful use rules warrant gradual approach," American Medical News (March 17, 2010).
Tags: , , , , , , , , , , , , , , ,

Thursday: Free Webinar on "Meaningful Use"

Posted on February 22, 2010 by Vadim Schick

On Thursday, February 25, 2010 from 1:00PM to 2:00PM (EST), Steve Fox and yours truly will host a free webinar, the first in a series, which will focus on the critical definition of "meaningful use" of "certified EHR technology," as described in proposed regulations released and published by CMS pursuant to the HITECH Act on January 13, 2009.  We will discuss:

  • Key policy goals and objectives behind meaningful use
  • Measures required to achieve meaningful use
  • Structure of incentive payments under Medicare and Medicaid
  • Eligibility requirements for professionals and hospitals

You may view each of these presentations at your desk. There is no charge or limit to the number of people who may listen to each presentation on the same line. Click here to register. After registering, you will receive log-in information by e-mail.

Our next webinar, to be held on Thursday March 18, 2010, from 1:00 to 2:00 PM, will focus on how to negotiate software and EHR licensing agreements and other transactional issues with respect to dealing with health IT vendors.

For more information, please contact me at vschick@postschell.com or 202-661-6945.

 

Tags: , , , , , , , , , , , , , , , , ,

In the news: EHR incentives; the rising threat of medical identity theft

Posted on November 30, 2009 by Steve Fox and Vadim Schick

  • In a letter to Dr. Blumenthal, the Medical Group Management Association (MGMA) urged the ONC to define "meaningful use" in a practical and achievable way.  Otherwise, many providers could fail to qualify for the HITECH Act's incentives.  The MGMA is recommending, inter alia, instituting a pilot test prior to the start of the program and before each new phase of the program; including only criteria for meaningful use that have widespread industry use or have been tested; permitting physicians to test their reporting systems prior to their “go-live” date; permitting flexibility in achieving meaningful use and avoiding a “pass/fail” approach; developing a simple process for physicians to attest that they have achieved meaningful use; simplifying the data-reporting process and ensuring that the government is ready to accept the data; closely monitoring the industry to ensure that the program logistics operate appropriately; and ensuring government oversight of the vendor community for its ability to produce high-quality and reasonably priced software.

  • A former Johns Hopkins hospital employee, Michelle Johnson, was sentenced to 18 months in prison and ordered to pay $200,000 in restitution for stealing patient information.  According to the Associated Press, Ms. Johnson, formerly a patient services coordinator, "provided a conspirator with names, Social Security numbers and other identifying information of more than 100 current and former patients of Johns Hopkins. That information was used to apply for credit. Johnson kept some of the fraudulently ordered merchandise for herself, including a computer monitor, a cordless phone, and clothes for herself and her children."

 

  • The Wall Street Journal reported on the rise in medical identity theft and that the situation is "expected to worsen."   Most of medical identity theft cases are committed by those who pay medical workers for patient data, exactly what Michelle Johnson was caught doing at Johns Hopkins.  According to the Journal and the World Privacy Forum report it cited, the adoption of electronic medical records may contribute to the problem by making such information more easily available. Data indicates that states with a high population of retirees experienced the most significant increases in medical identity theft, including California, Texas, New York, Arizona, and Florida.

"Patient ID Theft Rises," Wall Street Journal (November 30, 2009).

"MGMA concerned about success of EHR incentive program," Healthcare IT News (November 23, 2009).

"Woman Sentenced for Stealing Patients' Info," Associated Press (November 20, 2009).

 

 
Tags: , , , , , , , , , , ,

Timely advice: Begin preparations for "meaningful use" now

Posted on November 12, 2009 by Steve Fox and Vadim Schick

Our collaborator and friend James Oakes, a Principal at Health Care Information Consultants, LLC in Baltimore, Md., authored a wise and timely call for action for healthcare providers hoping to capitalize on the incentive payments for meaningful use of certified EHR technology included in the HITECH Act. 

The article, appearing in BNA's Health IT Law & Industry Report, argues that even though the HHS has yet to produce final regulations defining such key HITECH Act terms as "meaningful use" and "certified EHR technology," healthcare providers should not wait any longer to begin planning for the transition from paper to digital records, or the likely required updates to existing EHR systems:

Given the uncertainty surrounding these issues, a number of providers have elected to delay any action towards selecting and implementing an electronic health record (EHR) for their institution until answers are made available, reasoning that they want to know as much as possible before committing to a direction. However, providers who take this path may put themselves at risk for forfeiting eligibility for ARRA funds at all, given the time to execute and implement systems.

 

Oakes suggests several initial steps to EHR implementation:

  1. Gain a high-level understanding of the basic provisions of ARRA and the HITECH Act.
  2. Develop a realistic plan for your institution based on your assessment of the level of automation that is right for your circumstances, environment, and budget.
  3. Discuss the implementation, transition and any relevant software changes with your current health IT vendor.  Considering the huge increase in demand in HIT services, it is important to secure your vendor's support and involvement early on, so that your organization does not end up at the end of the line.
  4. Know the health IT market because your organization will benefit from having the most customized solution (as opposed to, e.g.,  the most expensive or feature-rich), at the right price.

"Get started!" urges Oakes:

Going through all of these steps will not be accomplished overnight. Indeed, past experience suggests that if a hospital has not started these steps already, it will take from 24 months to 48 months for a mid-sized hospital to transition from planning to live operation, including full use of clinical capabilities. Given that ARRA incentives start phasing down in FY 2013 for physicians (2014 for hospitals), it is not beyond the realm of possibility that an institution that waits too long to start could find itself shut out of maximum incentive payments.

You can find the full article, courtesy of BNA's Health IT Law and Industry Report, here.
Tags: , , , , , , , , , , , ,

New York Times interviews David Blumenthal

Posted on October 21, 2009 by Steve Fox and Vadim Schick

David Pogue, a reporter for the New York Times, posted the transcript of his interview with Dr. David Blumenthal, National Coordinator for Health IT. Mr. Pogue interviewed Dr. Blumenthal for a CBS news report on digitization of healthcare in America (the video is available after the jump).

Here are some highlights from the interview:

On current state of health IT in the US:

We found that about 17 percent of physicians in 2008 had adopted an electronic health record, and about ten percent of hospitals. <...> The rest is paper. It's basically the same system that physicians have used since Hippocrates, which is writing on some piece of paper.

On reimbursement penalties for those failing to achieve meaningful use by 2015:

From 2011 to 2015, there is a bonus. The Congress has put $45 billion on the table to ease physicians and hospitals into this new world of computerized medicine.After 2015, if you have not adopted, and you see Medicare or Medicaid patients, you may experience a penalty. 2015 is six years off. Six years is plenty of time for physicians to get themselves organized to put a record in place and avoid those penalties.

 

On cost of EMRs:

On average, the cost is between $40,000 and $50,000, of which about a third is the software and the hardware, about a third is the cost of getting it set up in the office, and about a third is maintaining it. Much of the expense is related to the cost of implementing and the cost of maintaining it over time.

On privacy and security:

Privacy and security are foundational to a modern health information system. You cannot get the computer into this business without assuring people that their information, their personal information, will be safe.

So we are looking at the best possible technical solutions, technical protections, to privacy and security. We want to make sure that we have looked at every opportunity for encryption, every security device that the best minds can think of, to make information safer. We've got it in other parts of the industry, but we don't have it for healthcare. So I think that's a very important agenda item for us.

<...>

There are two kinds of anxieties. One is that their data may be used for purposes that they haven't authorized it. So if they haven't authorized their personal data to be used for research, they don't want it for that purpose. And the way the law gets around that problem is by saying that information should be de-identified; that is, it should be abstracted from the record in a way that can never be traced back to that individual.

And then that information can be used for research on drug safety, or research on the value of particular treatments, or anything els that may be useful to human health.

There's another kind of fear, and that is the fear of the breach or break-in, or hacking. And there have been some examples of that.

That's where better encryption and better barriers to hacking are critical. And, you know, we have a new cybersecurity initiative that President Obama has put in process. It's well known that the security of information is a national need for defense purposes. It's also, I think, a very important need for this domestic policy purpose. So we want to work with that security initiative to know that we've taken advantage of everything that the federal government and the computer industry knows about how to keep records secure.

Finally, the big picture:

Well, it's a big challenge, it's an exciting challenge, and a historic challenge. There's nothing that's worth doing that's easy to do in life, and this is one of those.

But I really think that history is on the side of this activity. To be a 21st-century physician, to be a 21st-century hospital, we can't record data the same way the Greeks did in 500 B.C. We've gotta move to use the computer to support our work. And that's what we're trying to do.

There'll be bumps on the road. We're not gonna be perfect. We'll make mistakes. But I think the wind is at our back in terms of the historical trends. And we'll get there, sooner or later.

"Computerized Health Records," New York Times (October 15, 2009).

"Charting a New Course," CBS News (September 13, 2009).

 


Watch CBS News Videos Online
Tags: , , , , , , , , , , , , , , , , ,

PWC Survey Findings May Support North Shore's EMR Gamble

Posted on October 5, 2009 by Steve Fox and Vadim Schick

The New York Times reported last week that the North Shore-Long Island Jewish Health System (North Shore) will offer its 7,000 affiliated (though not employed by North Shore) physicians subsidies for implementing electronic health records.  Interestingly, this subsidy does not include or prevent such physicians from qualifying for the approximately $44,000 in Medicare incentive payments under ARRA. 

North Shore plans to subsidize 50% of the total cost of the EMR system (which uses Dell hardware and Allscripts software) for practices "who simply install electronic health records that can communicate between the doctor's office, labs and hospitals."  However, the health system will subsidize 85% of the total cost of the EMR -- a figure driven, no doubt, by the exceptions to the Stark and Anti-Kickback laws -- for physicians willing to share some of their patient data. 

North Shore is counting on the availability of shared data to reduce the cost of care through reduction of unnecessary tests and medical mistakes.  A recent PriceWaterhouseCoopers (PWC) survey may support North Shore's reasoning.  The survey found broad agreement among healthcare executives with respect to secondary uses of EMR patient data.  Among other findings (discussed after the jump), the PWC survey found that 42% of organizations already using some form of secondary data use achieved cost savings, 29% increased their revenue, and 59% saw improvements in quality of care.

The Times implied that with this move, North Shore may be seeking a competitive advantage as well:

Digital links, analysts say, can also tighten the bonds between doctors and the hospital groups that subsidize the computerized records. In most local markets, independent physicians typically have admitting privileges at more than one nearby hospital, and so hospitals compete for doctors as well as patients.

There are, of course, risks associated with the North Shore program, including significant delays or even failure to realize significant savings from the EMR adoptions, or the uncertainty about the privacy and security measures for sharing patient data among affiliated providers.

However, both the North Shore program and the PWC survey findings suggest that the often reluctant physicians are beginning to accept the inevitability of the widespread use of electronic health records, and are trying to capitalize on the many benefits of EMR systems, including potential for improving the quality of care and reducing costs.

According to the Healthcare IT News, the PWC survey found that the "data that could be mined from a health system can improve patient care, predict public health trends and reduce healthcare costs," though "a lack of standards, privacy concerns and technology limitations are holding back progress."  In particular:

  • Nine in 10 healthcare executives believe that the secondary use of health information will significantly improve the quality of patient care and offers the promise of even greater benefits in the future.
  • Nearly two thirds (65 percent) of health organizations say they expect their secondary data use to increase significantly within the next two years.
  • Among organizations already using some form of secondary data, 59 percent have seen quality improvements, 42 percent have achieved cost savings, 36 percent have seen patient/member satisfaction improve and 29 percent have increased revenue.
  • Providers who are not using secondary data say the number one reason is lack of EHR implementation, not because they are opposed to the concept. Health plans are farthest behind in their secondary use of data despite their vast repository of comprehensive claims information from physicians, hospitals, pharmacies and dentists.
  • Ninety percent of pharmaceutical companies have limited or no access to health information contained in electronic health records.
  • Most health organizations that use secondary data do so for their own quality monitoring and reporting and for identifying areas that need quality improvement.

"E-Records Get a Big Endorsement," The New York Times (September 28, 2009).

"Survey: Secondary use of electronic health data will improve care, cut costs," Healthcare IT News (October 1, 2009).
Tags: , , , , , , , , , , ,

Health IT Market Heats Up

Posted on September 30, 2009 by Steve Fox and Vadim Schick

The last few weeks saw a tremendous amount of activity in the health IT market.  Dell and Xerox were among the companies trying to capitalize on opportunities created by the ARRA incentives and certain market trends, including high demand for HIT products due to the ongoing digitization of the industry and, more generally, the expanding healthcare needs of an aging population in the United States.

Dell is quickly establishing itself as a major player in health IT.  In April 2009, Dell aligned itself with Wal-Mart and eClinical Works to supply hardware for Wal-Mart's new EHR system.  Last month, Dell rolled out its own EHR system aimed at physicians affiliated with hospital practices, with Tufts Medical Center and Memorial Hermann Health Care System among the early adopters. 

Even more significantly, on September 21, 2009, Dell announced its plans to acquire the health IT vendor Perot Systems Corp. for $3.9 billion.  Perot is a major player in the healthcare industry:  about half of Perot's $2.8 billion in annual revenue comes from the healthcare market; and as much as half of the hospitals that outsource their IT are Perot clients.   Perot runs over 3,000 healthcare applications for its clients, though the company does not have a preferred provider arrangement with a specific application vendor.

A mere week following Dell's announcement, Xerox's CEO Ursula M. Burns revealed her company's "game-changer" plan to buy Affiliated Computer Services (ACS) for $6.4 billion.  According to IT World:

ACS may be in a good position to get even more business in the next few years as the federal government starts spending billions of dollars to help health care providers create electronic medical records systems. ACS said that health care projects account for about $1 billion of its $6.5 billion in revenue for the year ended June 30.

While Dell and Xerox acquisitions grabbed most of the spotlight this week, other Wall Street giants, like Wal-Mart Stores, Inc., Intel and Google, havemade significant inroads into the health  IT market.  Healthcare consultants Frost & Sullivan, as cited in Healthcare IT News, see an expanding market which will benefit new players.

Companies with a fresh, outside perspective will be invaluable to improving healthcare delivery and producing the next generation of medical technology <...> The enormous demand for new technology and solutions to address both the clinical needs of patients and the systemic problems of healthcare delivery will create opportunities for companies with the foresight to identify and capitalize on opportunities.

However, Frost & Sullivan also cautions companies against jumping into this industry without considering potential downsides, including the incredibly complex regulatory framework governing U.S. healthcare.

Joseph Conn, "Dell's HIT Power Play," Modern Healthcare (September 28, 2009).

"Dell to Buy Perot Systems for About $3.9 Billion," The New York Times (September 21, 2009).

"Major corporations looking for stake in healthcare, medical technology market," Healthcare IT News (October 1, 2009).

"Doc, you're getting a Dell (EMR)," Healthcare IT News (September 10, 2009).

"Xerox Buys Affiliated, Fueling Shift to Services," The New York Times (September 28, 2009).

"With ACS, Xerox will gain a firm growing quickly offshore," IT World (September 28, 2009).

 
Tags: , , , , , , , , , , , , , , , , , , ,