Monday, March 19, 2007

"Free" EHRs: A Faustian bargain on patient privacy?

One of the biggest barriers to wider adoption of electronic health records (EHRs) is affordability. Regardless of whether you "rent" (ie, pay a monthly fee for access to a web-based product) or "buy" (ie, purchase a license to put the software on your own computer), the first-year costs for a respectable system are $15K-$25K per clinician. It was inevitable, therefore, that some "free" products would enter the market. As it turns out, there's no such thing as a free lunch.

First came a non-commercial alternative, VistA-Office, which the government has already paid for. VistA-Office is the office-based version of the VistA system that has been so successfully deployed in the US Department of Veterans' Administration, and it can be downloaded without charge from a non-profit, government-sanctioned vendor called WorldVistA. Of course, there's more to the cost of an EHR than just the software, so though the license is free, a potential user would still have to pay for hardware, implementation, training, support, and maintenance. Nevertheless, it's always great, and economically efficient, when the government is able to create commercial spin-offs from work it's already funded.

If VistA-Office can be thought of as a non-commercial approach to "free" EHRs, Practice Fusion, a San-Francisco-based startup is its hyper-commercial opposite. Launched last August, the company's original plan was to offer their EHR without charge in return for access to the deidentified clinical data generated by users, which the company would sell to pharma companies, insurers, and researchers. If that isn't controversial enough, the company announced last Friday that they'll be partnering with Google's advertising arm, AdSense, to put context-sensitive ads on the EHR in real-time. As described in the San Francisco Chronicle: "When a doctor using the service calls up a patient's health record, AdSense will recognize certain keywords -- such as "diabetes" -- and ads related to that condition will appear on the page."

I assume that all of this is HIPAA-compliant, though it would take some convincing that no places or dates of service are being compromised when ads are being delivered to a physician's EHR in real-time based on what they type into the system. And we haven't event talked about state laws yet.

Regardless of whether it's legal, this approach does pose issues for physician-patient trust. For example, does a physician really know what they're getting into? The slippery slope has already been demonstrated. In August, the story was:
The “completely hosted, community-based model” EHR will be subsidized on the back end by selling de-identified data to insurance groups, clinical researchers and pharmaceutical companies, said CEO Ryan Howard.
Now, seven months later, it's clear that selling data isn't going to generate enough revenue.

Practice Fusion's deal with Google is what makes a free medical records system possible. Google's AdSense program will generate ads that will be displayed as the records system is used.
What's next if that doesn't work? If I'm already using the product, do I get a say in how it's expanded? If I don't like that, is my only option to leave, with all of the switching costs that that would entail?

Practice Fusion claims that health insurers will be eager to get into this action as well. Insurers have a hard enough time trying to keep patients on their formularies. How much harder will that be when drug ads are being inserted into the physicians' thought process at the point-of-care?

Purely on a user-interaction level, I'm not sure how many physicians will like having ads on their screen (actually, I am sure but I don't have any data to back me up). It's already a challenge to figure out how to present meaningful medical information on a screen without overloading the user. Dynamic ads won't help that.

Finally, but most important, how will patients feel about this? The first time a patient sees a Paxil ad pop up on his physician's screen, the questions will start flying. And the physician will be in the awkward position of saying that those ads don't affect his/her decision-making, that the company generating those ads is Google, but not to worry, through the magic of technology, Google has no access to private medical records (and the physician will be crossing his/her fingers hoping that that's true).

Practice Fusion's CEO says that "he does not expect data-sharing will be a concern to physicians who accept the free EHR." If that's true, it's only because they haven't asked their patients yet.

Tuesday, March 13, 2007

Farewell, Santa Barbara

For those who don't follow this stuff, last week marked the official demise of the Santa Barbara County Care Data Exchange (their website is already down -- there's some background here). The Santa Barbara project was a pioneering effort launched by (among others) David Brailer, the first and former head of the Office of the National Coordinator for Health IT.

The project struggled for many years with a variety of issues, but never did go live. After 8 years and over $10 million, the project leaders finally called it quits. A report in Government Health IT cites legal and technical costs associated with privacy protection as the final straw (see Privacy, funding doubts shutter Calif. RHIO). In a presentation given to the eHI Connecting Communities coalition (subscription only), one of the project's leaders emphasized that technology was not the issue, and that lack of a detailed and viable business plan undermined the project's long-term prospects.

I think there will be many lessons and cautionary tales coming out of this pioneering effort -- they'll probably dribble out over time. Sad to say but this could be the first of many "RHIOs" that throw in the towel for lack of a real business model.

Saturday, March 10, 2007

Employers take the pledge

Secretary Leavitt on Thursday extracted a "pledge" from some large employers in Minnesota to push for better access to health care information for their employees. The article (Employers take on a new health challenge) reported this as follows:
Executives from 3M, Wells Fargo, Target Corp., Carlson Cos. and other Minnesota companies met with Leavitt and then signed a pledge to seek better health care information for their employees. The companies employ 3 million workers, Leavitt said, which will make them an influential force when demanding cost and quality information from health insurers and their networks of hospitals and doctors.
I'm assuming that the "pledge" is very general and doesn't specify what it means to "seek better health care information." I do think it's great to create a sense of urgency among employers and patients about the need for better health information, and this type of "pledge" seems like a great use of the Secretary's bully pulpit.

I don't know whether these employers are going to think of this pledge as mere paper, or as something that they're actually going to put some energy behind. If they do act, I hope they focus on investing in their own health care supply chains -- by thinking of creative ways to facilitate EHR adoption and local health information exchanges in their own communities, for example -- rather than on splashy but empty electronic edifices like personal health records (PHRs). Employers will get way more for their dollar by investing directly in improvement of health care delivery through greater health IT penetration, which will then make available the type of information that will ultimately make PHRs worthwhile.

I hope that these employers take their pledge to the Secretary seriously and use it as a way to coalesce around meaningful, collaborative initiatives, as they've done in Indiana (please see: Congratulations Indianapolis). It's becoming clear (to me, at least) that effective, widespread implementation and use of health IT won't happen until employers start to manage health care delivery as a supply chain issue.

Thursday, March 08, 2007

How much would you pay for another year of life?

Lee Gomes has an article in Wednesday's Wall Street Journal about medical technology ("A Technology Writer Confronts Wizardry In Today's Hospitals" -- subscription required). After being admitted to a hospital for 10 days with pneumonia, Gomes marvels at the latest imaging and lab technology, but notes that the bill for his 10-day stay was $125,000 (not including physicians' fees). And then, he concludes:
...I doubt that I would have declined any of the high-tech wonders I was offered. Who would? And that attitude is a main cause of our soaring health care costs. The decisions that are in our best interest as individual patients, in the aggregate, help push things into crisis. We can't afford the remarkable system we've been smart enough to build.
Study after study has concluded that development and rapid introduction of advanced technologies are the main driver of health care cost growth in the US. Consumers don't face the price of such technology introductions because of insurance, but given the stakes involved, who among us wouldn't want our insurance company to pay any amount more to reduce our risk of dying by even 1 percentage point? The question is, as Gomes implies, how do we reconcile our individual desires to spend anything to increase the odds of saving our own lives, with the real affordability issues that it raises?

Economists have approached this question by sneaking up on people. Rather than asking directly, "how much should Harvard Pilgrim pay to save your life?", they look at how people evaluate risk every day, and then calculate what this implies about how much they "value" their lives. Or put another way, how much they would be willing to pay for this if they could make the assessment in a rational state of mind clear of the medical crisis that they're facing at the time, and they had to pay on their own?

For example, airbags are known to save lives, and there was a time when you would pay extra to have airbags installed in your car. Question is, how much were people willing to pay for airbags that would reduce their risk of serious injury by some known percent? Once you know that, you can make a guess as to how much value they're placing on their own lives.

Sounds dodgy, I know, but it turns out that researchers who've done this across a number of categories have found surprising consistency in peoples' valuations. David Cutler, an economist at Harvard, has done a lot of work in this area. He surveyed a number of studies and found that most value an additional year of life between $75,000 and $150,000.

So, back to the Gomes article. Is $125,000 too much to pay? Looking at his picture in the paper, I'm guessing that he's in his 40's, with many happy years ahead of him. Given the nature of his pneumonia (he was in the hospital for 10 days!), this technology probably reduced his risk of dying or having serious complications by a substantial amount compared to what he would have faced, say, 50 years ago.

Do the math and the conclusion seems obvious: Gomes got a bargain......

Wednesday, March 07, 2007

Question: Do you know where your credit card info is? Answer: Literally, everywhere.

Those of us in health care IT are obsessed with security, and rightly so -- we're dealing with some of the most personal information imaginable, and none of this works if it doesn't engender the trust of patients and physicians alike. So, I guess I'm more attuned to security policies and technologies than any normal person ought to be.

With that in mind, I was intrigued by the story that the restaurant chain Ruby Tuesday is moving to an "ultra-secure credit card processing system". (Maybe it's just me, but their adding the word "ultra" here doesn't make me feel better -- reminds me of Animal House, when Dean Wormer puts Delta House on "double secret probation"). As described by the company's hometown newspaper, The Daily News Journal, the system "leaves no credit card information at the restaurant and is instead sent to the bank in encrypted form."

I'll bet that most people would be surprised to learn that they weren't already doing this. You kept my credit card information? But you already got your money -- who gave you permission to keep it beyond that. You're going to start using encrypted communication? You mean, you don't do that now???

A USA Today story on the same topic reports that some restaurants like Hooters and Legal Seafoods are now looking at using mobile credit card systems that allow the credit card transactions to happen at your table. (Many possibile jokes here -- I'm not going there.) I was in Europe last summer with my family and I noticed that every restaurant we went to in Spain and France had such devices. I don't know why the US is so far behind.

The story also reports that Massachusetts (my home state) is considering a law that would penalize companies for credit card data breaches. That's interesting, because Massachusetts is one of a minority of states that doesn't have a breach notification law today (please see: Massachusetts among 16 states that don't have breach notification laws).

I've written before about my personal experiences at Marshall's and Home Depot where I learned how much info they keep (please see: Identity theft and digital records). Think of all of the loosely protected mini-repositories of credit card info out there -- basically every store you go to -- and how much of that information is flying through the ether without basic encryption protections. Patients and physicians should take comfort knowing that modern health IT systems and processes aim higher than that.

Tuesday, March 06, 2007

Are PHRs the chicken or the egg?

Interesting shifts in the focus of national HIT spending.

Federal attention (and presumably resources) has turned from EHRs and HIEs to personal health records (PHRs). The following report refers to comments by Dr. Robert Kolodner, President Bush's head of health IT:

Kolodner said that most Americans will have EHRs by 2014, and personal health records will drive that effort. Progress will increase in pace as a tipping point toward healthcare IT adoption is reached, Kolodner said.

You can see the whole report here: ONC fields tough questions Town Hall meeting.

ONC plans on backing these words with resources. The next round of federal contracts for health information networks are due out in April, and according to Kolodner, the next projects will be required to "empower patients to manage their own data." Speaking further, Kolodner said:
They have to enable the patient to identify how they wish to view their own information, to choose how the trust to share data, to control access to data by others, and for how long.... Individuals will also be able to correct errors in their health information. The actual correction process will at first be manual, but in the future it will hopefully be automated.
You can see the whole report here: Majority of market now adopting value-driven healthcare, Leavitt says.

This is somewhat of a shift in priorities from the original vision laid out by Kolodner's predecessor, David Brailer. The original Framework for Strategic Action created in 2004 had PHRs as the third goal, behind EHRs and HIEs.

I've written before about my belief that PHRs can't be the driver of HIT. EHR penetration is so low at present, and hospital systems are so hard to connect to, that there isn't enough electronic data available yet to make PHRs interesting to consumers (please see You can't get blood (or data) out of a stone and Hi, I'm from Wal-Mart and I'm here to help....).

Further, by framing this goal as having "most Americans" rather than "most physicians" on an EHR by 2014, ONC is going after the highest hanging fruit. According to the National Ambulatory Care Survey, 90% of outpatient visits happen in small practices, yet, according to the CDC, penetration of "good" EHRs is only around 9% generally, and much much lower in small practices.

I hope I'm proven wrong, because the point is to get it done in any way that works. Maybe we can get consumers to pound the table for PHRs. And maybe that pounding will get physicians to feel the urgency to get EHRs in order to meet their patients' demands for data to populate these PHRs. And maybe substantial federal dollars focused in this way can create a market.

With all due respect to Dr. Kolodner and his tremendous efforts and vision, I think it will be an enormous challenge to have most Americans on an EHR by 2014 even if we funded EHRs directly. Getting to that goal indirectly through demand generated by PHRs will be even more challenging.

Sunday, March 04, 2007

Lessons from Scotts Miracle-Gro

Sunday morning's Weekend Edition show on National Public Radio had a story about a former employee of Scotts Miracle-Gro who is suing the company after it fired him for being a smoker. Scott's policies are also the cover story of last week's issue of Business Week ("Get Healthy -- Or Else").

If this doesn't convince us that we need to get employers out from between people and their health insurance, I don't know what will. If we expect employers to bear a large share of the burden of health insurance costs and administration, we can't complain too much when they try to pull (grasp?) at more levers to control those costs. (Indeed, part of the argument for keeping the current system is that employers are "smart buyers.")

The problem is, they reach a point where they can't squeeze out any more efficiencies through furthering tinkering with benefit design and supply chain management. Inevitably, they have to start trying to influence demand for healthcare, and they can't do that without plunging deeper and deeper into the private lives of their employees.

Employers are starting to realize that they've "hit the wall." Sometimes this manifests itself in hare-brained schemes, like Wal-Mart's Dossia PHR project. It's now escalated to the point where they too want out of the health benefits business entirely, and they're willing to ally with their adversaries to do it (witness the joint proposal from Wal-Mart and the largest union in the country to do away with the current health care system by 2012 -- "Better Health Care Together").

We've heard many times about how US-nameplate automakers spend more on healthcare than they do on steel. The cost argument doesn't bother me that much, frankly, because even if we moved away from an employer-based model, the costs would flow back to them in some way anyway. If we provided it through the government, as many other industrialized countries do, corporate taxes would undoubtedly go up to pay for a share of this. Taxes on individuals would go up as well, which would reduce disposable income, thereby reducing demand for cars, and ultimately cutting revenues to the automakers.

There is obviously inefficiency in forcing every company to become expert in optimal benefit design, but in a reasonably efficient market economy like the US, the "general equilibrium" result would be that corporations would for the most part end up close to where they are now economically. At the end of the day health care has to get paid for, and those costs can't get shifted away "cost-free".

So, while employers couch the need for change in terms of cost, I don't think that's why we should change the system. It's not the cost to businesses that is the most pernicious aspect of our employer-based healthcare financing system, it's the cost to all of us of having businesses become social engineers. If you don't think this is real, think about this: Scotts requires its employees to "pee in a cup" to test for nicotine. Urine tests to check compliance, not with the law, but with company policies.

The attorney for the former Scotts employee says that the company shouldn't be permitted to fire smokers, because of the slippery slope effect -- first it's smokers, then it's obese people, drinkers, motorcycle riders, and mountain-climbers. His solution is to disallow employers from doing this.

He's right, of course, that these lines are hard to draw. But companies need to have some levers to control costs. They could, for example, do other things short of firing smokers -- deny them access to health insurance benefits, for example, or make them pay the difference between a non-smoker's premium and a premium that accounts for their greater actuarial risk.

I'm all for compelling people to pay the extra cost of risks brought about by their voluntary behavior; it's economically efficient and fair. The real point though is that regardless of whether your employer's policy is to fire you or just charge you more, they still have to make a judgement about whether you belong in the high-risk category in the first place. And the more such risk-adjusted refinements they try to pursue, the more they need to know about the intimate details of your life outside of work.

In this way, employer-based insurance virtually forces companies to encroach on their employees' privacy. That, more than anything else, is why we should get rid of it.

Saturday, March 03, 2007

Another "Mission Accomplished"?

President Bush on his weekly radio address last weekend declared that "America has the best health care system in the world...".

This week's Healthcare IT News has the following headline:

Majority of market now adopting value-driven healthcare, Leavitt says

Secretary Leavitt said that "we are close to achieving interoperable standards and a system-wide transformation," according to the article.

'Nuff said..........

Friday, March 02, 2007

Congratulations Indianapolis! (And I'm NOT referring to the Colts)

The Indianapolis Star last week had a story about the launching of a quality reporting system by the Indiana Health Information Exchange (IHIE). This is a truly exciting development, not only for Indiana but also for the many fledgling health information exchanges around the country.

The national health information exchange movement is at a fragile point at present, as the over 200 "RHIOs" across the country struggle with the question of how they'll sustain themselves once their grant money runs out. IHIE offers a shining example (arguably the shining example) of how a health information exchange can offer innovative programs that deliver value on business terms, transform health care delivery, and (hopefully) improve the quality and cost-effectiveness of health care over time. In short, they're starting to realize the vision.

The program itself is called Quality Health First of Indiana, and it builds on the community-wide results delivery service that IHIE already runs, and the Indiana Network for Patient Care created years ago by the now legendary Regenstrief Institute. The program will merge data from insurance claims with laboratory results from the IHIE system to create benchmarking reports to track physician performance. It will also generate alerts and reminders for physicians to improve tracking and follow-up of patients with chronic conditions -- this will give physicians better tools to monitor and improve themselves on the indicators that they're being measured on.

What's really unique and powerful about this program is the coalition of stakeholders that are backing it. In particular, the Employers' Forum of Indiana played a central and lead role in bringing purchasers and the health plans together with providers to agree on a set of measures that would be considered by all to be meaningful and actionable. IHIE had the platform to bring together the data, which made data collection and report delivery affordable and minimally invasive to the physicians. The health plans are funding the operations. They're paying IHIE to pull together, process, and deliver the reports. They're also paying physicians to participate at the outset ("pay to play"), and will then provide incentive payments for quality improvements over time ("pay to perform").

Another innovation is that they're bringing together claims data (from Medicare as well as local plans) and merging that with real clinical information drawn from the health exchange. That gives physicians a more complete picture of themselves than they're able to put together on their own.

In Massachusetts, we've done well on the claims and reporting side, but less well on the clinical integration side. We have the benefit of a groundbreaking program in its own right, namely, the Massachusetts Health Quality Partners. It's more far-reaching than the Indiana program in that it's statewide, the data is publicly reported, and it also brings in patient perspectives. MHQP isn't an HIE, though, so they don't have the clinical data and the resulting alerts/reminders capability that IHIE has brought to bear. The purchasers and insurers are also not nearly as engaged in the conversation in Massachusetts as they have been in Indiana.

The hardest part of achieving the health information exchange vision is lining up the economics. Insurers and purchasers (and patients) stand to benefit the most, but they have in most cases treated this as a problem that physicians need to solve themselves. IHIE and the Employers' Forum of Indiana together have cracked two nuts: they've gotten employers and insurers to invest in their supply chains by putting together a reimbursement package that allows everyone to realize value, and they've integrated claims data across payers, and clinical data across providers, and married the two in a way that no one else has yet accomplished.

So, if it's not already apparent, I'm impressed. Congratulations to Marc Overhage of IHIE and Dave Kelleher of the Employers' Forum! We're inspired by your vision, applaud your successes, and looking forward to learning more.

Thursday, March 01, 2007

Maybe health care's not so different after all......

The following is an outline of a recent Wall Street Journal article:

Costs are rising, and a large purchaser is putting pressure on its providers to invest in technology to reduce costs and make data collection easier. The providers complain that while they’re being forced to make the investment, the purchasers are going to reap the benefit. Further, providers argue that the new technology hasn’t simplified their offices, but on the contrary, has created more complicated workflows. Consumers are concerned that their privacy will be compromised by this system that makes their personal data electronic.

Sounds like another tired tale of the barriers to adoption of electronic health records, doesn't it? Well, it isn't.

The title of the article is “Wal-Mart’s Radio-Tracked Inventory Hits Static” (subscription required for the full article). It's not about health care at all, in fact, but the parallels with the ongoing discussion of barriers to adoption of EHRs seemed striking to me.

Some excerpts from the article are below (I learned from Paul Levy’s blog not to copy the entire article):

Wal-Mart Stores Inc.'s next leap forward in ultra-efficient distribution is showing signs of fizzling....

A pioneer in low-cost practices widely copied by competitors, Wal-Mart has pushed its suppliers to use exotic radio-activated tags to chop labor and inventory costs anew. But tests using the tags aren't showing any savings, and suppliers forced to invest in the relatively expensive technology are grumbling....

Wal-Mart is pushing the RFID technology on the idea it will increase efficiency and eventually save everyone money -- manufacturers as well as Wal-Mart. Yet as Wal-Mart searches for an answer to its rising costs, suppliers are saying RFID isn't it....

The current generation of RFID tags cost about 15 cents apiece while bar codes cost a fraction of a cent. Beyond the tags, suppliers have had to bear the cost of buying hardware -- readers, transponders, antennas -- and computer software to track and analyze the data.... On top of that, suppliers say that instead of saving labor, RFID tagging actually takes more: While bar codes are printed on cases at the factory, because most manufacturers have yet to adopt RFID, those tags have to be put on by hand at the warehouse....

More problems have come into play in recent years, including...consumer concerns that once the tags are on each item on a store's shelves -- from tubes of toothpaste to personal computers -- that they could be used to track individual buyers....

Wal-Mart wants to get the value of this technology, and they want to do it fast. I suspect that they will eventually just invest in their supply chain by splitting the cost of the RFID investments with the suppliers. Happens all the time in every industry: "Require" your suppliers to do it themselves, but if they don't do it fast enough, or well enough, or it threatens to put them out of business, roll up your sleeves and partner with them to make the joint investments that benefit everyone.

For some reason, most health insurers and purchasers (and even Wal-Mart) aren't applying this same logic to their health care delivery supply chains. That isn't as much a market failure as it is a failure of imagination.....