eWeek: Top 10 Reasons to avoid EHRs stored in a "cloud"

Posted on August 19, 2010 by Steve Fox and Vadim Schick

eWeek provides a great reminder of the dangers of signing up for an electronic health records system stored in a "cloud."  Such ASP/SaaS EHR models are attractive to many practices because they offer consistent (though not always lower) monthly fees and require no equipment purchases or installations.  However, as eWeek appropriately summarized, choosing an ASP provider should raise quite a few concerns, including:

  • Access: who has access to your information (including your patients' protected health information)? How safe is it? Perhaps even more importantly, do you have access to your own information? Each ASP contract must deal with access issues, and clearly state that the provider will always have the right to access its own information stored on remotely hosted servers. Similarly, vendors should warrant that only the necessary personnel will access provider's records, and only in accordance with the scope of the agreement between the parties.
     
  • Storage and disposal: Where is the data actually stored, and what regional or international laws may apply to such information? Also, what happens if the provider ceases to exist? eWeek reminds us that in 2001, "GE Healthcare bought health records provider Encounter EHR and eventually ended up shutting it down - giving records holders 30 days' notice to reclaim their data or lose it. This caused a great number of problems." While such instances are rare, what if the vendor storing your records is acquired by another company? Once again, your contracts should clearly deal with these issues, especially by providing that in the event the vendor is sold or goes out of business, provider has the right to terminate the agreement and the vendor must immediately return all of provider's data in its possession in the format specified by the provider.
     
  • Cost: Does choosing ASP/SaaS model save money? According to eWeek, not necessarily: "Allscripts' MyWay service costs $700 per month per health care provider. GE Healthcare's new Centricity Advance service will cost doctors from $300 to $800 a month. Most client-server software packages are much less expensive."

As mentioned above, all of these issues, and the others identified in the eWeek summary, should be subject ton contract negotiations between the parties.  Frequently, ASP vendors use click-wrap license terms and non-negotiable contracts.  Healthcare providers should resist the pressure to simply sign such standard forms because failure to negotiate these agreements will expose your organization to very substantial risks with respect to, inter alia, control of and access to data, and privacy and security of the stored PHI.

"Data Storage: Storing Health Records in the Cloud: 10 Reasons Why It's a Bad Idea," eWeek.com (August 17, 2010).
Tags: , , , , , , , , , , , , , ,

Thursday: Free Webinar on "Meaningful Use"

Posted on February 22, 2010 by Vadim Schick

On Thursday, February 25, 2010 from 1:00PM to 2:00PM (EST), Steve Fox and yours truly will host a free webinar, the first in a series, which will focus on the critical definition of "meaningful use" of "certified EHR technology," as described in proposed regulations released and published by CMS pursuant to the HITECH Act on January 13, 2009.  We will discuss:

  • Key policy goals and objectives behind meaningful use
  • Measures required to achieve meaningful use
  • Structure of incentive payments under Medicare and Medicaid
  • Eligibility requirements for professionals and hospitals

You may view each of these presentations at your desk. There is no charge or limit to the number of people who may listen to each presentation on the same line. Click here to register. After registering, you will receive log-in information by e-mail.

Our next webinar, to be held on Thursday March 18, 2010, from 1:00 to 2:00 PM, will focus on how to negotiate software and EHR licensing agreements and other transactional issues with respect to dealing with health IT vendors.

For more information, please contact me at vschick@postschell.com or 202-661-6945.

 

Tags: , , , , , , , , , , , , , , , , ,

In the news: EHR incentives; the rising threat of medical identity theft

Posted on November 30, 2009 by Steve Fox and Vadim Schick

  • In a letter to Dr. Blumenthal, the Medical Group Management Association (MGMA) urged the ONC to define "meaningful use" in a practical and achievable way.  Otherwise, many providers could fail to qualify for the HITECH Act's incentives.  The MGMA is recommending, inter alia, instituting a pilot test prior to the start of the program and before each new phase of the program; including only criteria for meaningful use that have widespread industry use or have been tested; permitting physicians to test their reporting systems prior to their “go-live” date; permitting flexibility in achieving meaningful use and avoiding a “pass/fail” approach; developing a simple process for physicians to attest that they have achieved meaningful use; simplifying the data-reporting process and ensuring that the government is ready to accept the data; closely monitoring the industry to ensure that the program logistics operate appropriately; and ensuring government oversight of the vendor community for its ability to produce high-quality and reasonably priced software.

  • A former Johns Hopkins hospital employee, Michelle Johnson, was sentenced to 18 months in prison and ordered to pay $200,000 in restitution for stealing patient information.  According to the Associated Press, Ms. Johnson, formerly a patient services coordinator, "provided a conspirator with names, Social Security numbers and other identifying information of more than 100 current and former patients of Johns Hopkins. That information was used to apply for credit. Johnson kept some of the fraudulently ordered merchandise for herself, including a computer monitor, a cordless phone, and clothes for herself and her children."

 

  • The Wall Street Journal reported on the rise in medical identity theft and that the situation is "expected to worsen."   Most of medical identity theft cases are committed by those who pay medical workers for patient data, exactly what Michelle Johnson was caught doing at Johns Hopkins.  According to the Journal and the World Privacy Forum report it cited, the adoption of electronic medical records may contribute to the problem by making such information more easily available. Data indicates that states with a high population of retirees experienced the most significant increases in medical identity theft, including California, Texas, New York, Arizona, and Florida.

"Patient ID Theft Rises," Wall Street Journal (November 30, 2009).

"MGMA concerned about success of EHR incentive program," Healthcare IT News (November 23, 2009).

"Woman Sentenced for Stealing Patients' Info," Associated Press (November 20, 2009).

 

 
Tags: , , , , , , , , , , ,

Health IT Market Heats Up

Posted on September 30, 2009 by Steve Fox and Vadim Schick

The last few weeks saw a tremendous amount of activity in the health IT market.  Dell and Xerox were among the companies trying to capitalize on opportunities created by the ARRA incentives and certain market trends, including high demand for HIT products due to the ongoing digitization of the industry and, more generally, the expanding healthcare needs of an aging population in the United States.

Dell is quickly establishing itself as a major player in health IT.  In April 2009, Dell aligned itself with Wal-Mart and eClinical Works to supply hardware for Wal-Mart's new EHR system.  Last month, Dell rolled out its own EHR system aimed at physicians affiliated with hospital practices, with Tufts Medical Center and Memorial Hermann Health Care System among the early adopters. 

Even more significantly, on September 21, 2009, Dell announced its plans to acquire the health IT vendor Perot Systems Corp. for $3.9 billion.  Perot is a major player in the healthcare industry:  about half of Perot's $2.8 billion in annual revenue comes from the healthcare market; and as much as half of the hospitals that outsource their IT are Perot clients.   Perot runs over 3,000 healthcare applications for its clients, though the company does not have a preferred provider arrangement with a specific application vendor.

A mere week following Dell's announcement, Xerox's CEO Ursula M. Burns revealed her company's "game-changer" plan to buy Affiliated Computer Services (ACS) for $6.4 billion.  According to IT World:

ACS may be in a good position to get even more business in the next few years as the federal government starts spending billions of dollars to help health care providers create electronic medical records systems. ACS said that health care projects account for about $1 billion of its $6.5 billion in revenue for the year ended June 30.

While Dell and Xerox acquisitions grabbed most of the spotlight this week, other Wall Street giants, like Wal-Mart Stores, Inc., Intel and Google, havemade significant inroads into the health  IT market.  Healthcare consultants Frost & Sullivan, as cited in Healthcare IT News, see an expanding market which will benefit new players.

Companies with a fresh, outside perspective will be invaluable to improving healthcare delivery and producing the next generation of medical technology <...> The enormous demand for new technology and solutions to address both the clinical needs of patients and the systemic problems of healthcare delivery will create opportunities for companies with the foresight to identify and capitalize on opportunities.

However, Frost & Sullivan also cautions companies against jumping into this industry without considering potential downsides, including the incredibly complex regulatory framework governing U.S. healthcare.

Joseph Conn, "Dell's HIT Power Play," Modern Healthcare (September 28, 2009).

"Dell to Buy Perot Systems for About $3.9 Billion," The New York Times (September 21, 2009).

"Major corporations looking for stake in healthcare, medical technology market," Healthcare IT News (October 1, 2009).

"Doc, you're getting a Dell (EMR)," Healthcare IT News (September 10, 2009).

"Xerox Buys Affiliated, Fueling Shift to Services," The New York Times (September 28, 2009).

"With ACS, Xerox will gain a firm growing quickly offshore," IT World (September 28, 2009).

 
Tags: , , , , , , , , , , , , , , , , , , ,