Reflections from HIMSS18

himss-sign-opening-day-712Every year the HIMSS Annual Conference generates a tremendous amount of opportunity, promise, hype and more. While many pronouncements are usually made at the conference, the question always arises what will stick following the conference. From that perspective, a few recurring themes from conversations at the conference stuck out in my mind.

The focus of my trips to HIMSS in 2016 and 2017 was privacy and security, but that changed this year. While I still had a number of privacy and security focused discussions, I also wanted to learn more about what is happening on the value based care front. With that in mind, I met with a number of individuals in the space or others who are considering how to develop tools to assist value based care.

One conversation was with Tom Bizzaro from First Databank. With Tom, the discussion focused more on the health policy side of the equation. Namely, what is or can be done by Congress and/or regulators within the Centers for Medicare and Medicaid Services. That conversation led down the path of determining that not much hope necessarily can be placed in those institutions. Since the beginning of 2017, the pace of pushing into value based care through Medicare has been slowing down.  The BPCI Advanced model may be a glimmer of hope, but any benefit remains to be seen until participants are actually in the program, which will not be for a fair amount of time. In what would become a recurring theme across a number of conversations, the issue of a unique patient identifier came up. The argument runs that without a unique identifier, many questions arise as to the accuracy and reliability of data about an individual. Even in closed systems, such as Kaiser in California, misalignment, and others issues arise with data. If that happens in a closed system, how can the larger healthcare ecosystem be trusted to attach the right data to the right person?

From a policy perspective, the issue is not really a desire for the government to have to develop the patient identifier so much as remove the barriers to doing so. A unique patient identifier has long been contemplated under federal law, but policy blocks any attempt to actually begin or otherwise pursue development. Following that point, Tom then brought up the not too long ago CHIME lead challenge on the unique patient identifier front. Many may remember the seemingly abrupt notification that the challenge was canceled without much detail provided as to why. The announcement becomes even more puzzling in light of Tom’s information that a winner was expected to be announced within 6 or8 weeks from the time the challenge was ended. Why? That is the open question on that front. Looping back to the value based care front, as already suggested, the patient identifier can help validate information, which is needed to establish a full continuum of care.

The unique patient identifier concept also factored into my discussion of value based care with Lidia Fonseca from Quest Quanum. Lidia also identified the need to have reliable data that follows a patient. Quest is in a somewhat different position in this regard from other entities because it interacts with so many patients, providers, and payors. It may be one of a handful of companies with such a diverse array of touchpoints that are always being accessed. Diving more into the value based care realm, Lidia hammered the need to focus on all of the sides that form healthcare (the patient, provider, and payor trifecta) and enable each side to access the information that it wants and/or needs. Examples of such information include transparency around cost for patients, ease of accessing and ordering services for providers by making tools fit seamlessly into workflows, and having claims and service information available and flowing between providers and payors. Combining those elements goes to shifting the focus of the healthcare industry from reacting to events to proactively trying to keep individuals healthy and ostensibly outside the walls of a traditional healthcare provider.

Discussion of shifting the underlying premise of the healthcare industry turned to also rethinking the design and purpose of the new technological tools being used. Lidia suggested that the electronic medical record, a common focal point for complaints, was not designed to support a value based care approach. The functional design of many EMRs was to support the creation of a medico-legal record and/or support billing. While some may disagree with the assertions, there is a fair amount of accuracy in the description. The accuracy is supported by the desire of some major EMR vendors to no longer be called “EMR vendors,” but instead to be thought of as a centralized workflow tool that brings all data points and separate pieces of the healthcare system together. If that end can be achieved, then maybe the technological tools will be in place to meaningfully support and drive value based care.

Coming around to design, Lidia’s description of her preferred role as a change agent struck me. Lidia described her role in many organizations as being the person to shake up operations and redesign old systems. She referenced design thinking, which takes empathy as a first step in creating tools. It is hard to argue with the suggestion to bring empathy into the process of recreating the EMR or even coming up with completely new tools. Regardless of the approach, the basic message was one of needing to embrace change and push to make it happen.

A third conversation that focused on value based care was with Mason Beard from Philips Wellcentive. Mason described a long-standing role in the realm of trying to drive value and meaning from data as well as shifting the manner in which care is delivered. Mason referenced the genesis of those efforts coming from Michigan in the early 2000s as well as the alternative quality contracts of Blue Cross in Massachusetts. Those designs arguably with some of the more recent forerunners of current value based care paradigms. The discussion with Mason focused on the need for creating new frameworks around relationships and not accepting the status quo. Examples of driving this change could include establishing new terms for arrangements between payors and providers and even potentially shifting solely to more direct relationships between employers and providers.

One more conversation bearing on value based care was with Carina Edwards from Imprivata. The conversation actually indirectly turned to value based care, but did loop the themes back around to the need for a patient identifier and seamless workflow between systems. Carina referenced the ability to pre-identify individuals before entering the healthcare system and then to validate their identity once the patient presents. If identity can be verified right from the start, such a scenario naturally fits into a value based care world because it enhances the continuum.

The rundown above focuses only on pre-scheduled meetings. The number of informal and/or impromptu discussions about value based care are too numerous to fully capture. However, the ideas that were the subject of those discussions aligned with the concepts discussed with Tom, Lidia, Mason, and Carina. The system must continue to change and that recognition is there.

The final thought from HIMSS at this point is to offer another means of thanks to Regina Holliday. After much delay on my part, I finally became a member of The Walking Gallery and received my jacket from Regina. The message of my jacket is that as a healthcare lawyer, I want to breakdown barriers that may be constructed by participants in the healthcare industry through a misunderstanding or misapplication of laws and regulations impacting healthcare. Innovation is possible and even encouraged by those laws and regulations. While the path may not be the one considered at first, there is a path and I want to educate others on the means of finding that path and/or serving as a guide.

Coming back to my initial statement, the mood during HIMSS is one of optimism and energy. It is hard to sustain those feelings throughout and across years. However, all must remember that the goal is to create a better system that results in better quality and respects everyone attached to the healthcare system.

Posted in Accountable Care Organization, Business, Health IT, Healthcare, Physicians, Value Based Care | Tagged , , , , , | 1 Comment

Monthly Data Breach Roundup: Hacking and Insiders in the Lead

databreachThe Breach Barometer published monthly through the joint effort of Protenus and provides a fair amount of insight into data breach happenings. As noted in the report, the findings are based upon information obtained through searching records and releases, not just looking at reports filed with the HHS Office for Civil Rights (“OCR”). By expanding beyond just OCR, the findings provide more insight than would otherwise be readily available.

Continuing the trend from last year, January 2018 saw an average of more than a breach per day. January saw a total of 37 breaches. As usual, hacking incidents and insider issues were the leading causes of the breaches.

Just considering the source of the breach does not tell the whole story though. As noted in the Breach Barometer, while January saw 12 insider incidents, those incidents only impacted 6,805 records, at least according to available figures. While the number of records that insiders accessed may not have been all that great, the fact that insiders are still inappropriately accessing information is troubling. One breach took over a year to detect and that individual reviewed a significant amount of personal information. That incident saw 1,309 records accessed over the course of 15 months. While that amounts to roughly 87 records per month, auditing may have been able to detect such activity. More tools are available in the marketplace to automate at least a portion of the review. Given the increasing availability of tools why are more not taking advantage? Can an argument be made that no using such a tool constitutes insufficient security practices? While that argument may not apply today, the story could be different in the very near future. Regardless of the technology that may be available now, organizations should not be ignoring insider risks.

As noted, the second leading cause of January data breaches was hacking.  Hacking accounted for 11 of the incidents and impacted 393,766 records. That total was over 80% of the records impacted in January. The causes of the hacks included phishing, ransomware and malware. Those causes do not present any surprises. Instead, the causes emphasize the fact that healthcare remains under attack and no relief is in sight. The high number of records is also consistent with previous reports since a hacking incident can easily spread across an entire system or eat up large chunks of data.

As with many previous versions of the bReach Barometer, the January report shows a lot of work remains to be done. No organization can feel secure and ongoing efforts are essential. While it is unrealistic to expect that a month will ever be breach-free, more can be done to reduce the frequency to less than a breach per day. Upping security and being aware of requirements are key and failure to do so could lead to the next HIPAA settlement headline.

Posted in Compliance, Health IT, HIPAA | Tagged , , , , , , | 1 Comment

Bringing Value Based Care Into Focus

HIMSS18 SMA Announcement GraphicThe annual exodus of a large chunk of the healthcare industry to the HIMSS Annual Conference and Exhibition will begin in just a couple of weeks. While many familiar topics will receive a lot of attention, in my third year as a Social Media Ambassador I intend to focus on value based care or alternative payment initiatives. The adoption of value based care is arguably beginning to turn a corner as adoption increases and tools become more sophisticated.

A primary question I have is whether value based care truly is turning the corner and will begin to hit the critical mass so often cited as necessary to really drive systemic change. Time will tell in that regard, but there are incremental changes that are noticeable. Accountable care organizations (“ACO”), which ostensibly push providers into risk-sharing arrangements, continue to proliferate. It seems as though the number of participants increases following every application period for organizations to join the various Medicare ACO programs. At the same time, commercial insurance companies are also encouraging formation of ACOs.

Another aspect to value based care is the growing attention to bundled payments for different episodes of care. A bundle is designed to drive coordinated care across a spectrum of providers because the identified episode will receive one payment for the full scope of care. As such, it is essential for acute, post-acute and many other providers to develop effective means of working together to survive within the restricted payment universe. Again, Medicare has been leading the charge on bundled payments, but more commercial insurers are taking up the concept as well.

Another component of value based care is direct contracting by employers. Instead of relying upon deals negotiated by an insurance plan, providers will reach out directly to providers and negotiate a pre-determined fee for a service. When an employee needs that service, the employee taps into the directly negotiated arrangement as opposed to going through the insurance coverage.

Each of the above is a different example of what the healthcare industry is experiencing. Given the change, it was only a matter of time before value based care received serious attention at HIMSS. That time is now. The following are sessions at HIMSS that caught my eye in terms of highlighting value based care issues:

  • Going from Good to Great in a Value Based World: Business of Healthcare Symposium – This is a day long symposium technically on the day before HIMSS really starts. Sessions will walk attendees through all areas of value based care from selecting a model to creating alignment among different providers to navigating regulatory considerations. The symposium will be a good introductory to intermediate level of discussions.
  • Social Determinants of Health in Value-Based Care – Value based care encourages looking beyond the walls of the hospital or provider’s office. That means looking at the whole patient. However, help is needed in making such changes because the system is not used to dealing with the information.
  • Population Health and Data Foster Success in 23 MIPS-ACOS! – As noted above, the number of Medicare ACOs is constantly growing. Success is not guaranteed in the program. Newer ACOs have the benefit of learning from prior organizations. The best ones to learn from are the ACOs that have actually generated shared savings. Harnessing data is especially important, but it is also necessary to know which data to analyze.
  • Breaking Down the Barriers Between Providers and Purchasers of Healthcare – One of the models of value based care mentioned above is direct contracting between providers and employers. Some tips will be presented from actual experience.
  • Interoperability Sets the Foundation for Care Coordination – If value based care is about establishing a continuum of care, then it is necessary for data to flow freely between providers. As such, the ever popular topic of interoperability will play a factor. Some providers have actually achieved effective data sharing. Are these solutions scalable and/or replicable?
  • Managing a Risk Based Population Health Program – Implementing value based care models is not easy. Mistakes can appear without noticing from a lack of experience or lack of examples. Learn from common errors experienced by others.

The above list is only a sampling of the value based care focused sessions that will happen at HIMSS. Check them out and then share what has been learned and drive conversations. True success will require a collective effort.

Posted in Business, Health IT, EHR, EMR, Value Based Care | Tagged , , , , , | Leave a comment