Tuesday, January 26, 2016

Good doctors are patient-centered regardless of what tools they use.....

Tuesday, September 22, 2015

Nowhere to hide

My wife came back from a physical therapist appointment the other day somewhat disconcerted that the PT had access to her entire medical record, most of which contains absolutely nothing relevant to her need for physical therapy.  The reason for this is that the health system where she gets care is an integrated behemoth offering services across the entire continuum of care, and all of those services are documented in a single ginormous electronic medical record.  

I was reminded of a similar issue that made it's way into the press a few years ago when a patient complained about her psychiatric records being available to other providers who were all part of a larger system and used the same electronic medical record.

There was nothing illegal about my wife's situation, since the PT is part of the same clinical entity as my wife's other providers.  And sharing records across the continuum of care is what the system is supposed to be striving for, isn't it?  Yet, it bugged my wife that the PT had unfettered access to all of her private health information without any clear medical reason for needing all of it.  Did the PT really need to see her problem list?  And all of her lab results?  I suspect that it would be more than just an irritant if she had sensitive information in her record.

To date the public discourse on privacy and interoperability has focused on exchange of records across legal entities, with much less attention given to record-sharing within a legal entity.  This issue is soon going to loom larger in the conversation, though, because consolidation in the provider market is rapidly accelerating, as noted in a recent Wall Street Journal article.  Which means that more and more patients will find themselves in integrated health delivery systems that give them more providers under one corporate roof but less ability to control what parts of their record get shared among those providers.

In a world of fragmented providers, the friction of interoperability has the benefit of protecting privacy; the "minimum necessary" approach of HIPAA, coupled with the limitations of systems to exchange more than just a CCDA snapshot, imposes inherent limits on the breadth, depth, and frequency of information exchange.  Consolidate all of those providers under one roof, however, and everyone pretty much has access to almost everything.  EHR systems do have role-based access, but with limited ability to "tag" and segregate data, and with fluidity of role definitions from one provider to another, most EHR systems have very limited ability to fine-tune which providers can see which information except in the most basic cases (e.g., psychotherapy notes).

As my wife and I discussed her concerns, we started to think about voting with our feet -- selectively seeking care outside of the health care system when we don't want a particular provider to have access to all medical record information.  We're lucky that we live in a medical mecca that is rich with high quality, competitive health care service choices.  Most people aren't so fortunate, however, and may increasingly find that all the work that's being done on "meaningful consent" will be outpaced by market forces.

Saturday, November 23, 2013

What's next for EHRs

On Nov 14, the HIT Policy Committee sent recommendations to the HIT Standards Committee on three key areas for future EHR capability:  query for a patient record, provider directory management, and data portability and migration.  An article on the recommendations can be found here.

These recommendations were the result of many months of deliberation by the Information Exchange Working Group, of which I have the privilege of being Chair.  These three functional capabilities are very important because they address key needs important to health care delivery but that won't be adequately met by the market on its own.

query for a patient record
Meaningful use has approached interoperability in a deliberate and methodical fashion.  Stage 1 focused on adoption of EHRs, and routinizing use of HIE capabilities that already existed in the market (primarily eprescribing and lab results delivery).  Stage 2 took it one step further to move the market to adoption of "push" capabilities among providers and between providers and patients.  The new recommendation on "query" takes the final step to enabling "pull" or "query" functions among providers.  While it will still take many years for the market to create business practices and infrastructure to support seamless inter-connectivity among all providers and patients, the "query" requirement will make EHRs finally fully capable of being the building blocks of that larger interoperability vision.

provider directories
This is mostly a "clean-up" recommendation from Stage 2.  As the HISP market starts to take shape based on the Direct requirements of Stage 2 MU, a clear obstacle to more seamless integration of HISPs is the lack of standards for provider directory transactions -- being able to look up a provider and his/her security credentials from one system to another.  This recommendation will enable one EHR system to discover a provider, their routing address, and their security credentials, and will also enable EHR systems (or standalone provider directories) to respond to such electronic provider directory searches.

data portability and migration
I personally know of someone whose doctor changed EHR systems only to find that the medical records got matched to the wrong patients during the migration.  Imagine the disastrous consequences that could result from such errors!  Current market predictions are that 20-30% of providers will be changing their EHR systems in the next few years, for a variety of reasons.  Data migration -- the ability to transfer data from one EHR to another -- will thus become an increasingly important issue in the market.  As EHR systems and EHR users enhance their ability to apply quality and decision support tools to clinical data, there are important safety and quality risks to having incomplete and/or error-filled data migrations from one system to another.  Data portability refers to the transfer of data from one EHR system to another to support a patient's desire to change physicians, for example.  It is similar in many ways to the data migration need which is why we included this use case in our recommendation.

There is a balance that needs to be struck between the scope and specificity of government regulation, on the one hand, and the strong desire and need for market flexibility and innovation.  We already have examples of where this can go awry.  I believe that these recommendations are judicious in covering only areas that are important to society and that also won't get fixed by the market on its own.

Monday, November 11, 2013

More tales of health care cost and quality

An interesting article in the Wall Street Journal goes through the pros and cons of concierge medicine.  I’ll admit, my view of concierge medicine has been largely negative up until now.  Probably having to do with my being as confused as society is about whether we should treat physicians as if they have a special calling (saint-like) or as if they are business people with special skills (pro athlete-like).  Anyway, this article does convincingly make the case that concierge medicine isn’t just rent-seeking behavior but is actually value-creating in the economist’s sense for some people.  And ironically ObamaCare may have actually shored up the business case for concierge medicine.

The more interesting piece of the article was actually a tangential reference they made to a study from the North Carolina State University.  The study apparently reviewed the expenditures of the patients of a particular concierge practice and found that the longer office visits allowed by the concierge business model led to health improvements which ultimately decreased out-of-pocket payments (presumably through lower utilization of something – office visits?  medications?)!

Now, I realize that there is plenty of literature out there on PCMH savings, but the evidence still seems to be spotty and it’s still unclear from most of the studies whether the savings are net or gross savings, which is important because PCMH requires considerable investment to make the model tick.  And of course there’s the ground-breaking work of the Alternative Quality Contract in Massachusetts, which showed small but significant savings compared with controls, but again, the savings clearly are gross savings, not net of investments by Blue Cross and/or the participating providers.

The intriguing point about the WSJ reference is that the result suggests net value to both patient and provider.  Concierge practices are supposed to improve the quality of care – that’s why people join them.  In terms of who gains what, the common wisdom is that patients benefit through higher quality of care, and providers benefit from higher income.  In this case, both patients and providers seem to have gotten a financial gain -- the patient saved 12% out-of-pocket, and the provider has a profitable business and so is presumably better off than before.  It also seems that not only did quality of care improve, it improved by a lot because it resulted in lower utilization of some type of medical service.  I don’t think the WSJ reporter even had a clue that such a finding would be somewhat of a blockbuster if confirmed.  

I’ve contacted NC State to get a copy of the study – hopefully they’ll respond.

Monday, April 29, 2013

The double-edged sword of losing our privacy

Today's New York Times had a fascinating pair of articles that nicely, but seemingly without the intention of the editors, shows some of the pros and cons of applying data mining to publicly available private information.

"I was discovered by an algorithm", the lead story in the business section, is about a headhunter start-up company that aggregates information from a variety of public sources to identify high-end programming and development talent.  They use this data to supplement the standard information that an employer would receive (eg, degrees, schools, awards, work history, etc) and identify high potential candidates whose talents don't always come through in a typical resume or CV.  The article describes how "big data" techniques allow employers to utilize a richer array of variables to identify and evaluate prospective job candidates, and highlights the case of an individual who received a lucrative programming job but who would otherwise not have even passed a standard recruiting screen due to poor high school performance and lack of a college degree.  Would prospective recruits feel violated by this black-box search and evaluation process conducted without their permission or awareness?  Both the individual and his employer say no.  Score one for lack of privacy being a good thing.

"When your data wanders to places you've never been", buried inside the business section, tells the tale of a woman who gets targeted by pharma direct marketers who have mistakenly identified her as a multiple sclerosis patient based on "big data" searches of publicly available information on the web.  She ends up feeling both violated, and worse, too daunted by the complex chain of data brokers and marketing companies behind the error to do anything about it.  Score one for lack of privacy being a bad thing.

It's interesting that neither of these articles really dealt with the obvious flip sides of each situation.  Information gleaned from outside of a traditional recruiting process can be used to discriminate just as easily as it can be used to create new job opportunities.  And my health and demographic information can just as easily lead me to valuable treatments and support communities as it can to subject me to unwanted marketing and possible discrimination.

A common thread in each of these articles is that neither was a case of collection or use of illicitly gotten data (such as SSN, DOB, etc), rather, the data mining leveraged information that was voluntarily provided by the individuals in question, albeit for other purposes.  Though the information was available in the clear on the internet and was not illegally gotten, the individuals probably thought of it as perhaps not private but at least shielded or too isolated to be useful through random or targeted public searches.  In both cases they were wrong, one pleasantly and the other not so pleasantly.

The "big data" privacy issue is not so much about what a bad actor would do if they could get rare data gems like my SSN or my bank account, it's about the inferential mosaic that could be assembled by good, neutral, and bad actors alike from the many small pebbles of information that I myself have strewn across the web, such as what I say on an affinity user site or a web-based survey or an Amazon review or a Yelp comment (or a public blog).

I'm reminded of the story of an app called "Girls Around Me" that matched location data from Foursquare with profile data from Facebook to pinpoint women in a particular location and automatically stalk their Facebook pages to get pictures, background information, and messaging capability.  Not what either the women or Foursquare or Facebook had intended when they opened up their data and their APIs.

What's scary is not that there are unintended consequences, it's that there are unintended AND unpredictable consequences.  In health care, Latanya Sweeney has launched an interesting project to show how individual health information routinely and legally diffuses through a broad array of companies and websites.  Patients probably know bits and pieces of it, but probably not the scale and scope of it, as shown below.

This chart is most interesting for what it doesn't show, rather than what it shows:  It doesn't include the patient-generated data behind the NYT articles noted above.  As big data advances in scale and scope, it is the information that we voluntarily share -- like on PatientsLikeMe and CureTogether and SmartPatients -- that will eventually get fed into "big data" black-boxes and used in ways both good and bad that we are unable to foresee right now.

Friday, June 29, 2012

iHealthBeat Perspectives piece on over-architected HIEs

Many thanks to everyone for the comments on my iHealthBeat piece on "The Dangers of Too Much Ambition in Health Information Exchange"

Wes Rishel was also kind enough to comment on it on his blog.

Monday, December 19, 2011

Maybe MAeHC can help teach the New York Times a thing or two.....

Today's New York Times has an article on a recent security incident that we experienced at MAeHC.  The reporter, Nicole Perlroth, does a pretty good job of bringing together different pieces of the story.  Even tries to give it some Bourne-like suspense -- I guess I'd allow Matt Damon to play me in the film version (though I would have to insist that he get in better shape first).

No story is perfect though, and this one had its share of limitations:

It didn't cite the blog post or the HISTalk Practice website that inspired the story and that accounted for much of the article's content.  OK, so I'm not a journalist, but this seems like a pretty shaky practice.  The storyline comes from the blog, not from the very short interview that I had with the reporter.  Furthermore, if my blog account had been an article in, say, Health Affairs, they would have cited both the article and the journal.  [Update Note:  I forwarded a link to this post to the New York Times and they have now added a link to my HISTalk blog post in the on-line version of their article.  Thank you NY Times for your responsiveness!]

The article notes that electronic breach reports have increased in recent years and while that is true, a closer look at the numbers reveals that that doesn't necessarily mean that there are more breaches.  There are 2 important subtleties behind this.  First, reporting requirements have increased so people have to report more now than they have in the past.  In addition, electronic systems have generally better ability to detect breaches in the first place.  This is not only due to technologies such as intrusion detection, user-based activity logging, etc etc, but also because physical devices are easier to track and manage than paper systems -- it may be easy to gloss over a few misplaced paper charts, but you can't hide the fact that you lost a laptop.  So, the fact that breach reports are up may just reflect better detection and reporting and not necessarily more breaches.

Second, the article suggests that electronic systems increase the risk of breaches.  As I explained to the reporter, I believe that electronic systems are more secure than paper/fax, but there is a trade-off in the type of risk that they introduce.  I liken this to the difference between auto accidents and plane accidents.  Auto accidents happen very frequently but with fairly contained consequences, whereas plane crashes are rare but can be disastrous.  The latest OCR report to Congress on breaches reports something like 25K small breaches (fewer than 500), a very large fraction of which are paper/fax incidents. 

Finally, I found it a little ironic, that while the NYT article itself is an important step toward educating the public about the real issues surrounding the loss of electronic patient information, it glossed over the steps we've taken to educate the industry – like writing the post that lead the Times to the story in the first place.  I think it was a bit of a missed opportunity to encourage organizations that have similar experiences to follow the path of full disclosure that we did.

Friday, October 15, 2010

Meeting halfway

Those of us focused on health IT are spending a lot of time and energy on bringing the technology to where the patients are. Interoperability is crucial because patients get care in so many different places, and through Regional Extension Centers and other programs we're trying to get EHRs into the hands of small and independent practices at the far reaches of the health care delivery system, again, because that's where the patients are. Something like 80% of practices are small practices, and 90% of outpatient encounters are in those small practices.

I've been wondering recently about whether we're going through a Copernican revolution where the patients come to the IT rather than having us bring the IT to the patients. My own personal experience started my thinking on this. I used to get my care from a small practice primary care physician in Wellesley MA -- great guy, good doctor, gives 110% every day. But he didn't have an EHR (still doesn't) and it was basically my responsibility to get specialist records back to him to make sure that he had the whole picture of my care. I switched to Harvard Vanguard not only because they have an excellent EHR but because they are multi-specialty as well. When I need a specialist I no longer scour all of Boston for the best specialist -- I only look within the Harvard Vanguard system because I want to make sure that my records are kept on the same EHR. What I might be sacrificing on the quality of an individual specialist I'm more than gaining back in having all of my physicians reading from the same page (literally).

Since my Wellesley doctor couldn't solve the interoperability issue, I solved it myself by eliminating it. My wife gets her care at the Brigham, and I've increasingly seen her focus her decision-making in the same way -- she has eliminated the need for interoperability by limiting her choice of specialists to those who are on the Brigham's EHR.

Maybe this is just a family thing. But I started thinking otherwise after I heard a very interesting story yesterday on NPR and Kaiser Health News on consolidation of the health care delivery market, and in particular, the increasing share of outpatient physicians employed by hospitals. As the story reports, almost 20% of physicians work for hospitals today, but 50% of new physicians are taking jobs with hospitals. The looming prospect of Accountable Care Organizations' becoming the operational unit of health care delivery will put increasing pressure on hospitals and physicians to keep patients within their care delivery network. Changes in health plans that limit patient choice will also drive patients to stay in closed networks. All of these trends will increasingly funnel patients into health care delivery networks that also happen to be connected on IT networks.

There could certainly be many bad affects from such consolidation, such as higher oligopolistic prices, less customer choice, the demise of solo practices that are an iconic part of the American fabric, etc etc. But from a health information exchange perspective, it's only to the good if we can get more patients to meet us halfway on the road to interoperability.

Thursday, September 30, 2010

Provider Directories

The Information Exchange Working Group of the Health IT Policy Committee had a public hearing today on the topic of Provider Directories. The FACA Blog has some background on the issues that we covered today. We have a lot of information to process regarding some very complex issues and unfortunately on a very compressed timeline. Some of the major themes that came out of today's hearing are:

  • We've got to get rid of the "yellow pages" and "white pages" analogies to Provider Directories. It's fraught with all of the general flaws of analogies, but more important, as my co-chair David Lansky said, "no one under 30 will know what we're talking about."
  • That said, it is useful to distinguish directories that support machine-to-machine routing from those that have more of a lookup role that might be focused more on use cases involving person-in-the-loop functions. Arien Malec noted that while the latter might initially be used more by humans, there would be interesting applications for machine-to-machine transactions as well, such as identifying providers involved in "post-exchange" continuity of care. Keith Boone suggested that we use the terms "service discovery directory" and "provider discovery directory" to more appropriately describe how technology works today. Abby Sears described the need for provider directory functions, however defined, to be embedded within EHRs to make them useful to end-users.
  • There are many well-developed directories out there already, so whatever we recommend needs to provide help to enable approaches that have barriers to moving forward while at the same time not stifling forward progress for approaches that are moving ahead. JP Little noted that a number of national directories already exist today, with some degree of interoperability. Charles Kennedy noted that there are is a lot of administrative infrastructure in the market already today, but very little clinical, so we should be thinking of ways to leverage the administrative infrastructure to lower the cost of developing and maintaining clinical infrastructure. Syd Thornton offered that though InterMountain Healthcare maintains its own directory of external providers, they would be interested consuming it from a higher-level aggregator that might offer better economies of scale. Robb Chapman described how the CDC leverages medical registration data from the Federation of State Medical Boards for its Physician Registry Project, but Martin Laventure noted that public health directories are not dynamically linked with any outside systems so updating them is difficult. Karen Trudel described that there are no "one-and-done" solutions in the market today, and even large, nationwide directories such as the NPI and PECOS have significant limitations with respect to the clinical exchange transactions being contemplated today.
  • Directories are the means for performing value-generating business functions, they are not the end. Tom Morrison said it most clearly when he stated that "data is a by-product of a business process." Sorin Davis recommended provider accountability for entering and maintaining their data. Anita Sarnoff noted that Axolotl recommended NOT having providers be responsible for maintaining their data and leveraging existing accreditation and credentialing information instead. Linda Syth described that it cost $3M to create the provider registry used by the Wisconsin Medical Society, and about $700K per year to maintain it. Carladenise Edwards recommended mandating the use of specified provider directories to better support their sustainability. Putting all of these together suggests that we need to create or leverage directories that enable services that providers have high interest in consuming so that they themselves will feel the need to assure that their information is timely and complete.
  • If we do nothing else, creating a framework and taxonomy for key concepts would be helpful in and of itself. Greg Debor noted that though we refer to "provider" directories, there are other health care participants (such as public health and health plans) that would be important to future value. Hunt Blair pointed to the need for a common ontology of terms such as "provider", "practice", "entity", etc.
  • As states move to implementation of their HIE Strategic and Operational Plans, there is an urgent need for some type of guidance or coordination to capture any possible synergies across these efforts and to ensure future interoperability. Goerge Oestreich noted that the pressing need for immediate solutions limited how much central orchestration could be expected and suggested that the focus should therefore be on developing standard interfaces and data formats to support a federated architecture which would allow states and private actors to continue with their own development but with some level of alignment. Steve Waldren cautioned against "over-designing" too early to remain flexible to the many changes that technology change and health reform might bring. Jeff Barnett recommended the need for standards to be able to uniquely identify individuals and organizations. While there seemed to be a general consensus that "a federated approach" was preferable to any other, we did not have enough time today to define the parameters of federation in this context and what requirements would be needed to make it feasible.
  • There seemed to be rough consensus that while both were important, the "routing directory" should be a priority. Dan Nigrin noted that they know who they need to send information to, but they often don't know how.
These are just some of the many thoughts that emerged from our hearing today. There are more comments posted on the FACA Blog, and additional comments will be collected through October 4.

Wednesday, September 29, 2010

What's in a name?

So what's in a name? The full quote of course is: "What's in a name. That which we call a rose by any other name would smell as sweet."

On September 28, the Office of the National Coordinator awarded the New Hampshire Regional Extension Center to the Massachusetts eHealth Collaborative. Is it odd that an organization with Massachusetts in our name is running the New Hampshire Regional Extension Center? I suppose so, on the face of it, but the reality is that we provide professional services in many states outside of Massachusetts. For example, we're already doing work with the regional extension centers in New York and Rhode Island, as well as Massachusetts. And we're currently working on a project with New Hampshire stakeholders on their Health Information Exchange Strategic and Operational Plan.

All companies have to be based somewhere, and we happen to based in Massachusetts. Granted, most companies don't have their home state in their name. That is a reflection of our non-profit, collaborative roots. We were founded in 2004 by 34 non-profit Massachusetts-based health care organizations. Our mission then and now is to improve the quality, safety, efficiency, and affordability of care through effective adoption of health information technology. Since our founding we've developed a national reputation for being operationally effective, mission-oriented, and consensus-driven.

We have the name collaborative because we work as partners -- we share what we've learned, and we look to learn more things that we can share. We try to develop deep ties with each new engagement, and we could not have gotten this federal award without the endorsement and backing of the State of New Hampshire -- we're grateful for the confidence they've shown in us.

My father is a family physician and surgeon who has practiced his entire career from his office in Pelham, New Hampshire. We're based in the Massachusetts Medical Society, which reflects our strong affiliation with clinicians -- we have deep ties to the physician community and we make it our business to understand the needs of physician practices.

We feel genuinely privileged to have the opportunity to help the clinicians of New Hampshire achieve their meaningful use objectives, and we look forward to deepening the ties that we already have with health care stakeholders across the Granite State. If you're a priority primary care provider in New Hampshire, we're going to be looking for you!