2008-03-13 00:00:00

TrustRex for online, free doctor + patient communications

A reader recently wrote me:

Have been reading your blog off and on for a while. I recently came across a site called www.trustrex.com when researching another issue. Apparently allows patients to register online with any doctor that is registered with the site. After that, patients can apparently communicate securely with the doctor after logging in. Thought it might be something worth checking out. The online registration alone is great for anyone whose had to fill out that paperwork while sick or with kids running around.

I haven’t had a chance to review it yet, but it does look promising. Anything that increases collaboration and communications among patients and providers gets my nod for sure.

There are still all kinds of worries about who owns the data, what happens to the messages if the company goes out of business, whether the communications are private and using whose privacy policy but these sorts of experiments and worth doing.

Filed under: — @ 2008-03-13 00:00:00
2008-03-13 00:00:00

WhoIsSick.org collaboratively collects symptoms and locations

Ed from WhoIsSick.org wrote me about his new site:

It is Web 2.0/User generated content meets Healthcare through a very simple Google Maps interface. Given the relatively slower adoption of internet and “web 2.0′ technology by much of the healthcare industry (aside from Revolution Health and a few select others), we set out to create a simple, user-friendly, and valuable website for the average consumer.

I thought you may want to check out some of the new features we added to the site. In the past we have received press from some notable websites and I just thought some of your readers may be interested in knowing about a site like ours. We’re hoping to ramp up traffic so that the site can be more useful to more people especially for the remaining of the 2008 flu season.

I love these kinds of simple but useful sites — their uses don’t fit an exact description but through collaborative communications between patients, care providers, and hopefully governments in the future we can experiment and learn alot about what I like to call “collaborative healthcare”.

Filed under: — @ 2008-03-13 00:00:00
2008-03-13 00:00:00

Guest Article: IT Security and Record Management in Healthcare

Many of my readers have been asking about security, privacy, and HIPAA these days. I thought I would reach out an expert — Dr. Zachary Peterson. Zachary is a Senior Security Analyst at Independent Security Evaluators a computer security consulting firm in Baltimore, MD. Dr. Peterson earned his Ph.D. in Computer Science at The Johns Hopkins University, where his dissertation was on new technologies to meet regulatory compliant storage system. He also has a Masters in Security Informatics and a Masters in Computer Science. Independent Security Evaluators, started by Johns Hopkins Professor, Dr. Avi Rubin, is a small team of security experts that specialize in evaluating, designing and building secure systems. ISE’s client list includes MasterCard, Verdasys, WebEx, and PGP — they know what they’re doing.

ISE is expanding its services to include developing and implementing the correct policy and technology solutions required to meet regulatory compliance.

Here’s Zachary’s posting:

With the introduction of computers to the health care system, paper medical records have given way to their electronic counterparts, allowing information to be easily accessed, shared and modified. Systems for managing electronic records are now commonplace in all major and health care related institutions. They increase productivity, disappear geographic boundaries, and improve quality of service. It is not all good news, however.

The same features of electronic records that make them beneficial can also be used for malicious purposes. Duplicate records can be made instantaneously and clandestinely, threatening privacy. The loss of 26.5 million veteran medical records by the VA is a notable example. Electronic records are also extremely malleable, leaving open the possibility of forgery and falsification — a physician involved in a malpractice suit may wish to alter the record.

Indeed, the importance of securing and authenticating electronic records transcends health care, and has led legislators to create an ever increasing body of electronic record management legislation. There now exists many federal, state and local pieces of legislation that govern the management of electronic records, requiring corporations and government agencies alike to rethink their current electronic record systems. This is particularly true for health care entities with the passage of the Health Insurance Portability and Accountability Act (HIPAA).

As we all know, HIPPA requires "covered entities," which include hospitals, insurance companies, billing agencies, and even individual physicians, to provide privacy and security guarantees for a patient’s electronic records. Despite the lack of specificity in the legislation, computer system vendors have quickly identified the large market opportunity for "HIPAA compliant storage". Many of these products, however, fail to meet the requirements of HIPAA, mostly adding policy enhancements to existing storage platforms. There is a growing consensus among computer security experts, such as those at Independent Security Evaluators, that health care entities should understand the true requirements mandated by HIPAA and adopt appropriate technologies to ensure compliance.

The Law

The Health Insurance Portability and Accountability Act, enacted in 1996, was intended to improve the efficiency and effectiveness of the health care system by making individual’s medical information easily transfered between insurers. As part of the Act, legislators addressed the privacy and security implications of sharing sensitive patient data. HIPAA includes two provisions, the Privacy Rule and the Security Rule, that require covered entities to address the security and privacy of "protected health information" (PHI).

The HIPAA Standards for Privacy of Individually Identifiable Health Information, or Privacy Rule, addresses the use and disclosure ofPHI. One of the key components of the Privacy Rule requires covered entities to implement, access control and error correction</ i> procedures, allowing an individual to manage how their personal information will be used, including limiting the marketing of their PHI.

The HIPAA Security Rule acts as a complement to the Privacy Rule, requiring a covered entity to ensure the confidentiality, integrity and availability of all electronic PHI that is created, received, maintained or transmitted by a covered entity. The entity must protect against reasonable threats and hazards, as well as protect against any reasonably anticipated misuse or unauthorized disclosure.

The Technology

The requirements set out by HIPAA are broad, complex and very often, ambiguous. To worsen matters, the penalties for failure to comply may be steep. Fortunately, the requirements fall into three broad categories. In general, HIPAA requires electronic records to be available, private and confidential, and authentic.

  • Available means that all records must be accessible in real-time — accessing tape archives from a distant warehouse is unacceptable. This may require an organization to manage their own on-site storage system, and furthermore, retain a staff who knows how to manage it.
  • Private and confidential means data is accessed with fine-grain controls and that data are protected from unauthorized disclosure and use — both in transit between provides and at rest on an entity’s system. Most existing compliance systems achieve this by providing only a policy-based interface, but can make no guarantees should data become lost or stolen. Systems must provide privacy and confidentiality through encrypted storage and data transmission. By correctly using encryption, systems may meet both the explicit encryption requirement of the HIPAA Security Rule and the access control requirements of the HIPAA Privacy Rule. Further, encryption can be used to permanently delete data, for example, when a patient requests a redaction under the HIPAA Privacy Rule.
  • Lastly, systems must also employ authentication, meaning data are accurate and modifications are impossible to dispute. The HIPAA Security Rule requires a verification of the "accuracy" and "integrity" of electronic records. While encryption provides privacy from unauthorized intrusion and disclosure, it alone cannot guarantee the accuracy or integrity of the data. Without authentication, there is no way to verify that the result of a decryption is the same as original, unencrypted data. Authentication can also provide a way to bind an individual to their data modifications, making repudiation impossible.

Requirements must be met with cryptographically strong technologies, providing irrefutable evidence of compliance with regulations. Understanding and properly implementing the required technology to meet HIPAA compliance is a difficult and continually evolving process.

Entity compliance will be eventually be defined by the best practices of peer entities, an entity’s intent, and ultimately, decided by the courts. We assert that adopting the best security technologies, as understood by the computer security community, is a first step in the right direction. While it may be possible to achieve compliance without these technologies, systems that implement availability, privacy and confidentiality, and authenticity allow an organization to make a strong statement of compliance and able to provide irrefutable evidence of the same. In the future, were these technologies to become widely deployed as best practices, it may no longer be possible to be compliant without them.

Filed under: — @ 2008-03-13 00:00:00
2008-03-13 00:00:00

Insurer finds EMRs won’t pay off for its doctors

AMNews reports:

The Massachusetts Blues believes that the return on physicians’ investment doesn’t warrant buying the technology as part of its bonus programs.

One health plan has come to a conclusion that many physicians already have reached: The financial benefits of office-based electronic medical records systems are not worth the cost to doctors.

Relying on information from past studies, including an American Medical Association estimate that doctors see only 11 cents of every dollar saved through the use of information technology, BlueCross BlueShield of Massachusetts recently announced that it has decided not to require physicians to install an EMR to participate in its bonus program.

Read the rest…

Yikes. More bad news for EMRs. As I speak to physicians, especially ambulatory care and small office ones, EMRs more and more have a reputation for harming, rather than helping, practices. EMRs remain quite useful in acute care settings but reports like the above seem keep hammering the lack of value of large EMRs in small practices. I wonder what is going to turn around this bad news.

Filed under: — @ 2008-03-13 00:00:00
2008-03-10 00:00:00

Medical Homes for Diabetes Raise Compliance, Reduce Disease-related Costs

Early results from two groundbreaking pilots validate the benefits of the patient-centered medical home model for patients with diabetes:

First, a unique data exchange between the largest insurer in New Jersey and an 850-physician organization resulted in the creation of a member-specific profile for each diabetes patient accessible at the point of care. Partners in Care (PIC) Medical Director Dr. James Barr said the one-year pilot that joined the disease management efforts of Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) with those of PIC physicians dramatically improved compliance levels and clinical outcomes for patients with diabetes — from 43 percent to 91 percent for the key HbA1c blood test. The program focused on New Jersey State Health Benefits Program members with diabetes. Dr. Barr said participating practices spent approximately 15 to 30 additional minutes per month with each patient in the pilot. This could be time spent with the provider or a staff member, he explained. The payor-provider collaboration has been so successful that Horizon BCBSNJ plans to extend the model to other chronic illnesses. The patient-centered medical home model makes the personal physicial responsible for all the patient’s healthcare needs for all stages of life — and arranging this care with other qualified professionals.

A second pilot for Medicaid patients in North Carolina saved the state $231 million in healthcare costs in 2005 and 2006. Roberta Burgess, nurse case manager for Community Care Plan of Eastern North Carolina through Heritage Hospital in Tarboro, N.C., said that provider toolkits and patient diabetes action plans developed for the program were key communication vehicles in the diabetes medical home project. She also said that case managers were effective liaisons between provider and patient, suppporting patients with information and sometimes even transportation. As a result, patients were better educated about care and self-management and better prepared for their doctors’ appointments. The program was one of seven winners in Harvard University’s 2007 Innovations in American Government Awards.

Filed under: — @ 2008-03-10 00:00:00
2008-03-05 00:00:00

MRSA Detection and Prevention News

We recently surveyed healthcare organizations on their reactions to MRSA outbreaks. We invite you to comment here on your strategies, as well as review two new advances this week in the detection and prevention of Methicillin-resistant Staphylococcus aureus (MRSA):

In The New York Times, Andrew Pollack spotlights a California company that has developed a rapid genetic test to detect MRSA:

Patients might not particularly like the new admission procedure at a growing number of hospitals: having what looks like an elongated Q-Tip stuck up their noses. But it smells great to Cepheid. Cepheid, a biotechnology company in Silicon Valley, sells a rapid genetic test to detect MRSA, an antibiotic-resistant ???superbug??? that has received considerable media coverage and kills more Americans than AIDS.

And healthcare workers in Canada are receiving electronic reminders to disinfect before touching patients, according to CBC News:

Researchers at the Toronto Rehabilitation Institute have developed a hand hygiene device. It consists of a sensor worn around the neck, infrared lights above the patient’s bed, and an alcohol gel dispenser attached to the waistband.

A healthcare worker wears the sensor and a beep is triggered when the person approaches a patient’s bed, reminding them to use the sanitizing gel. If the healthcare worker has already done so, the beep will not sound.

The system also records the time of entry and exit from each patient area and the number of times hands are disinfected. This data can be downloaded into a computer so individual staff members can check their overall hand hygiene and compare it anonymously against their peers.

Filed under: — @ 2008-03-05 00:00:00
2008-03-04 00:00:00

Americans Have Trouble Paying for Drugs or Skip Prescriptions Due to Cost

A new poll, the third in a series conducted jointly by USA Today and public opinion researchers at the Kaiser Family Foundation and the Harvard School of Public Health, finds Americans greatly value prescription drugs‘ potential benefits for their families, but most believe they cost too much money and many struggle to pay for needed medicines.

  • Four in 10 Americans (and half of those regularly taking at least one medication) report experiencing at least one of three cost-related concerns in their family: 16 percent say it is a “serious” problem to pay for prescription drugs; 29 percent say they have not filled a prescription in the past two years because of the cost; and 23 percent say they have cut pills in half or skipped doses in order to make a medication last longer. People are most likely to report one of these three issues if they lack drug coverage (52 percent), if they have low incomes (54 percent) or if they take four or more drugs regularly (59 percent).
  • Nearly eight in 10 Americans say that the cost of prescription drugs is unreasonable, and seven in 10 say pharmaceutical companies are too concerned about making profits and not concerned enough about helping people. Nearly two-thirds (64 percent) of the public say that there is not enough government regulation to limit the price of drugs. Nearly six in 10 say insurers should only pay for new drugs if they are proven to be not just safe but also more effective than existing ones.

Filed under: — @ 2008-03-04 00:00:00
2008-03-04 00:00:00

Many Patients Can Reach LDL Cholesterol Goal Through Dietary Changes Alone

Patients worried about their cholesterol may want to visit a registered dietitian (RD) to get some sound advice about how to shape up eating habits, according to a new national study led by University of Michigan Health System researchers. The new results, published in the February issue of the Journal of the American Dietetic Association, are based on data from 377 patients with high cholesterol who were counseled by 52 RDs at 24 sites in 11 states.

  • In the group of 175 patients who started the study with triglycerides less than 400 milligrams per deciliter of blood (mg/dL), and who had their cholesterol measured before they changed or added medication, 44.6 percent either reduced their levels of ???bad??? cholesterol by at least 15 percent, or reached their cholesterol goal.
  • A significant number of patients reduced the fat in their diets to less than 30 percent of calories, as recommended for heart health. Many participants also lost weight and/or increased the number of days each week on which they exercised for 30 minutes or more.

Filed under: — @ 2008-03-04 00:00:00
2008-03-02 00:00:00

Interesting video on paperless healthcare

Robert Pierce, a Healthcare IT Guy reader and fellow healthcare technologist, recently sent me the following note:

I attended a breakfast at HIMSS put on by Allscripts at which Newt Gingrich spoke.  Before Newt came to the mike they aired a video that’s pretty interesting I think; makes the point with precision and power even though it’s a vendor product (understated).

Though I was slightly offended as a health professional by the over-the-top focus on medical errors, it’s worth viewing as a reminder of why we need to get paper out of medicine.


I checked out the video and it was generally well done– it brought to light the issue of paper in healthcare. I agree with Bob that it went a bit over the top with the issue of medical errors (like "if you buy AllScripts you can somehow eliminate medical errors") but it did make the point how bad paper is to the healthcare industry.

Thanks for the link, Bob. I always appreciate my readers chiming in.

Filed under: — @ 2008-03-02 00:00:00
2008-03-02 00:00:00

Guest Article: Dr. Olson asks if we’re looking at healthcare IT to solve the right clinical problems

A physician friend of mine, Dr. Richard Olson ("Rich") of Gainesville, GA, and I often discuss healthcare IT issues over e-mail. He is a thoughtful, caring surgeon in private practice who has been involved in health IT issues for decades (as a consumer of them and on multiple selection committees for products at various hospitals). He definitely knows his stuff. Recently Rich sent me a note wondering about whether or not the years of healthcare IT that has been applied was in the best manner to help patient outcomes and improve clinical care. I thought it was a great question and since I’m not bright enough to answer it alone I thought I’d open it up to the rest of the readers of this blog to see what they thought. Please drop comments here to let Rich know what you think.

Here’s the complete text of the question Dr. Olson posed:

On Amazon.com recently I was pitched a book titled "CHI Remixed" about computer human interaction (CHI). I began to wonder whether the traditional informatics field has blinders on and is trying to automate too much of the textual work. Based on the effort I spend as a clinician each day, the patient/physician-provider communication process is what I need help with.

If the computer helped me translate the layman’s language into ‘medicalese’, not jargon, but description based on physiologic understanding, and vice versa to the patient, we would be ON to something. Traditional informatics looks to start AFTER all that face time with the patient, then ask me to click or type in data to populate the database, enter orders, and to what end? So that a machine structures all decisions, and my choices can supervised by an automated process?

If the academic discipline of CHI (see for example, http://www.hcii.cmu.edu/Research/projects.html) were to begin with the patient/physician relationship, and not the traditional textual medical record as its starting point, I wonder what direction the field would take. I think we would see more image-based communication (words just don’t convey understanding of many processes as well as pictures, diagrams, or video). Furthermore, the time pressure of the office appointment could be reduced, if a patient, if educated well enough, could take time for independent or family study of "what the doctor said" and logged on the Personal Health Record and went from there to online or other resources, before coming back for discussion, or other online interaction.

Data entry for analysis could be a role performed by a new class of technical worker, a glorified transcriptionist, who can work with the digital voice record, and fill in the blanks for the information system for all purposes: billing, performance improvement, public health, and subsequent clinical care. Doctors could spend their valuable time doing what we do best, in one on one time with patients and family, in an emotionally highly charged environment, inherently not very structured and unique to each individual patient (for most of us.) I pity the doc cranking the same old crank day after day - the cataract guy for example.

The standard practice of medicine also is rather isolated for the physician, with an appeal for help or consultation kind of a big deal. Without so much infatuation with artificial intelligence, we might focus instead on having records available for review by a trusted mentor. This would provide a much needed opportunity to enhance quality of care using the EHR and technology to facilitate good old regular human cognition. Pathologists routinely send out tough cases for consultation, but never do our radiologists, or internists, or surgeons for that matter. We now have information and communication systems to do so, but no reimbursement allowance to fund that at this time.

My basic question is, did we start at the right place? If our starting point was the medical record, and not the patient-physician relationship, have we picked the best path to apply technology to improve clinical care?

Filed under: — @ 2008-03-02 00:00:00
Next Page »