THE QUEST FOR JOHN DOE P. 22 WILL PHRS BE TRUSTED? P. 28 EMRS WITHOUT TEARS P. 31 GOVERNMENT HEALTH IT Letters from health IT innovators on how to build a health care system that saves health and wealth PAGE 12 PUBLIC/PRIVATE HEALTH CARE CONVERGENCE FEBRUARY 2009 • VOLUME 4 NUMBER 1 ‘Dear Mr. President’
36
Embed
GOVERNMENT HEALTHIT - pdf.101com.compdf.101com.com/GHITMag/2009/GHT_902DG.pdf · THE QUEST FOR JOHN DOE P. 22 WILL PHRS BE TRUSTED? P. 28 EMRS WITHOUT TEARS P. 31 HEALTHITGOVERNMENT
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
THE QUEST FOR JOHN DOEP. 22
WILL PHRS BETRUSTED?P. 28
EMRS WITHOUTTEARSP. 31
GOVERNMENT
HEALTHIT
Letters from healthIT innovators onhow to build a
health care systemthat saves health
and wealth PAGE 12
PUBLIC/PRIVATE HEALTH CARE CONVERGENCE FEBRUARY 2009 • VOLUME 4 NUMBER 1
6NewsWeb roundup; Hospital on a chip;Naval maneuvers; Wiki expandsAIDS.gov reach; Australia’s newhealth IT chief is on the hot seat
28 The feds and PHR privacyThe outcome of the government’sPHR trials will have profound effects on public trust of the newtechnology
31 EMRs without tearsRemotely hosted EMR systemsattract doctors who don’t want the expense and headaches of in-house solutions
34 MeasuresEmployment impact of health IT stimulus
Contents
‘Dear Mr. President’Letters from health IT innovators
on how to build a health care
system that saves health and
wealth
12The search for John DoeScientists and policy-makers
seek ways to maintain patient
anonymity and tap the data
treasure trove of personal
medical records
22
22
10 11 28
C O V E R I L L U S T R A T I O N / K I M B E R LY C O N W A Y 12
TOC 03 1/16/09 5:56 PM Page 3
4 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
In this issue, we invited 21 leaders
from the health care industry to
write letters to the new president, of-
fering their best advice on how to
use information technology to
achieve his vision of a smart and eco-
nomical health care system.
We chose the writers using two
criteria: they have persistently called
for practical management reforms,
and they understand the govern-
ment’s role in creating a financial en-
vironment in which innova-
tion can thrive.
The result is a set of
some familiar ideas and
some new ones that, alto-
gether, provides a simple
road map to health reform.
For example, the writers
share an urgent belief that
the federal government must create
more powerful incentives — and
more painful disincentives — for
providers to integrate electronic
health care systems into their
practices.
In the words of one writer, “First,
recognize that the government is the
health care market,” he wrote, point-
ing out that the government ac-
counts for 60 percent of all health
spending.
“The government needs to be a
smarter buyer and a smarter investor
if the health care market is going to
act more like a market” the letter’s
author wrote. All indications are that
the incoming administration takes
that idea seriously.
I want to recommend another arti-
cle in this issue that I consider a must-
read for anyone interested in heath IT
reform. In “The Search for John Doe,”
senior editor Nancy Ferris dives into
the issue of whether organizations
can truly scrub electronic health
records of personal identifiers so that
the health care research community
can use the records. Scientists and
policy-makers are working
furiously to come up with
solutions to this problem,
which is a hurdle to health
IT adoption.
Speaking of change, I
want to note the announce-
ment that Government
Health IT was recently ac-
quired by the Healthcare Information
and Management Systems Society.
HIMSS acquired Government Health IT
magazine, its Web site and the Health
IT Summit conference from the 1105
Government Information Group.
The purchase will bring HIMSS’ con-
siderable educational resources in the
health IT community to bear in the
magazine. The result will be a richer
mix of stories, analysis and reporting
to help cover what will be a year of
enormous and fascinating change in
health IT.
Paul McCloskey
Editor-in-Chief
Government Health IT
Change — and then some
Editor’s Letter
Government Health IT (ISSN 1559-2553) is published bimonthly by the Healthcare Information and Management Systems Society
(HIMSS), 230 East Ohio Street, Suite 500, Chicago, IL 60611-3270. Periodicals postage paid at Chatsworth, CA 91311-9998, and at
additional mailing offices. Complimentary subscriptions are sent to qualifying subscribers. Annual print subscription rates for non-
qualifying subscribers are: U.S. $100 (U.S. funds); Canada/Mexico $125; outside North America (airmail) $165. Annual digital sub-
scription rates for non-qualifying subscribers are: U.S. $75 (U.S. funds); Canada/Mexico $75; outside North America $99. Subscrip-tion inquiries, back issue requests, and address changes: Mail to Government Health IT, P.O. Box 2167, Skokie, IL 60076-9285,
e-mail [email protected], or call (866) 293-3194 for U.S. & Canada; (847) 763-9560 for International; fax (847) 763-9564.
POSTMASTER: Send address changes to Government Health IT, P.O. Box 1267, Skokie, IL 60076-9285. Canada Publications Mail
Agreement No. 40612608. Return Undeliverable Canadian Addresses to Circulation Dept. or Bleuchip International, P.O. Box 25542,
London, ON N6C 6B2.
Paul McCloskey
WWW.GOVHEALTHIT.COM
VOLUME 4, NO. 1
EDITOR-IN-CHIEF / Paul McCloskey
VICE PRESIDENT, COMMUNICATIONS / Fran Perveiler
SENIOR EDITOR / Nancy Ferris
SENIOR EDITOR / Matt Schlossberg
CONTRIBUTING WRITERS / Peter Buxbaum, Heather B. Hayes,Brad Howarth, John Moore
John H. Daniels, FACHE, CPHIMS, CHPS, FHIMSSDavid FinnC. Martin Harris, MD, MBA, FHIMSSJoy G. Keeler, MBA, FHIMSSHolly D. Miller, MD, MBA, FHIMSSCarol R. Selvey, MHSA, FHIMSSJay Srini, FHIMSSJonathan M. Teich, MD, PhD, FHIMSSCharlene S. Underwood, MBA, FHIMSS
HIMSS ADVISORY BOARD MEMBERS
Mike McGill, PhDHoward A. Burde, EsquireA. John Blair, III, MDSunny Sanyal
CONTACT USEmail: Editor-in-Chief Paul McCloskey can be reached [email protected]. GHIT and HIMSS staff members canbe reached by using the naming convention of first initialfollowed by last name @himss.org. So John Smith would [email protected].
Healthcare Information and Management Systems Society230 East Ohio Street, Suite 500Chicago, IL 60611-3270Phone: (312) 664-4467Fax: (312) 664-6143
Washington, D.C. OfficeHIMSS4300 Wilson Blvd., Suite 250Arlington, VA 22203-4168Phone: (703) 562-8800Fax: (703) 562-8801
Ann Arbor OfficeHIMSS3800 Packard Road, Suite 150Ann Arbor, MI 48108Phone: (734) 477-0850Fax: (734) 973-6996
Subscription inquiries, back issue requests, and address changes:Mail to Government Health IT, P.O. Box 2167, Skokie, IL 60076-9285,e-mail [email protected], or call (866) 293-3194 for U.S. & Cana-da; (847) 763-9560 for International; fax (847) 763-9564.
HEALTHITG O V E R N M E N T
GHIT 04 1/16/09 5:59 PM Page 4
What would healthcare delivery look like if yourpersonal health information were fluid-accessibleat any time and any point in your care? Imaginea future where your critical health information is
readily available to your clinician during your visit, thenflows to the other members of your care team after eachvisit, and you can access and update your own informationwhenever and wherever you want.
Health information and communications technology(health IT) have tremendous potential to makethe healthcare delivery system more consumer-centered. IT makes healthinformation portable so it can followpatients from setting to setting andprovider to provider. IT makes it possiblefor informed and collaborative decisions tobe made in real time at the point of care.But health IT alone will not dramaticallyimprove care and reduce costs. Even whenhealth records are electronic, information isnot automatically shared outside of the organizational or network firewalls, or acrossorganizational boundaries and there is no guarantee that information, once received, will be utilized.
A recent study by Booz Allen Hamilton, a leading strategy and consulting firm, explored the ways healthinformation and communications technology can accelerateprogress toward a truly patient-centered healthcare system.Most proposals promoting the use of health IT aim atincreasing investment in EHRs and, to a lesser extent, e-prescribing. While these technologies are often necessary,they are not sufficient to drive the type of change in healthcare delivery that is required to realize the qualityimprovements and cost savings desired.
A shift is needed away from a “big bang” or “magic bullet” strategy that articulates EHR adoption as the endgoal. A more effective strategy is to drive delivery systemchange through an incremental focus on widespread healthinformation exchange and patient-centered outcomes.Pharmacy, lab, and medical imaging data were the recom-mended focus for the near future since they are largely electronic and have big potential to improve outcomes.
The study concluded that consumers, clinicians, andproviders all will derive greater benefits when electronic
health information flows faster and more freely, or becomesmore “liquid.” Those changes are not about the technologyitself, but about the organizational, cultural, and legal structures that need to be transformed to support a trulypatient-centered healthcare system.
There are two basic accelerators that can help us achievethis goal: intensify the focus on information flow and communication; and take bold steps toward a patient-cen-tered healthcare system. These steps might include granting
patients consistent, secure, and timelyaccess to their personal health information,or better defining how health information isto be received, used, enhanced or processed,and passed along to others.
Growing evidence indicates that liquidhealth information can accelerate improvements in healthcare access, quality, safety, efficiency, convenience, and outcomes. It can open the door to innovation and provide a foundation for a new standard of patient-centered care in which healthcare teams who are comfortable and proficient in the use of
information and communications tools interact with thepatients through videoconferencing, e-mails, mobile phone,web portals, and other means.
Our national health IT strategy can build on the currentinfrastructure and successes to bring full interoperability.By focusing on information flow and the needs of patients,we have the opportunity to accelerate progress toward thegoal of a consumer-centered system of care.
About Booz Allen HamiltonBooz Allen Hamilton, a strategy and technology consultingfirm, works with all major agencies of the U.S. federal government with health-related missions. Booz Allen is arecognized leader in informatics and data analytics, publichealth, healthcare quality, interoperability, food safety,coordinated care and service to wounded warriors, andhealth preparedness. The report, “Toward Liquid HealthInformation: Realization of Better, More Efficient CareFrom the Free Flow of Information,” is available atwww.boozallen.com/health.
Vendor Sponsored
Picture a Future with Liquid Health InformationVision
Vision
For more information, please visit.www.boozallen.com/health
Authors: Margo Edmunds and Kristine Martin Anderson
Congress might commit to spending$20 billion on health information tech-nology over the next few years.
That figure is in the economic recov-ery bill the House drafted and the Ap-propriations Committee released Jan.15. Committee action on the bill wasexpected soon after.
“It’s exciting that our time hascome,” said Rep. TimMurphy (R-Pa.), alongtime advocate ofhealth IT.
The bill wouldappropriate $2 bil-lion for the Office ofthe National Coordi-nator for Health ITin the Health andHuman Services De-partment “and $20billion overall forhealth informationtechnology to pre-vent medical mis-takes, provide bettercare to patients andintroduce cost-saving efficiencies,” ac-cording to the committee report accom-panying the draft.
There were reports at press time thatat least some of the remaining $18 bil-lion would be spent on health IT grantsto states because the national coordi-nator’s office is too small to managesuch a large program, some expertssaid.
Although the House is responsiblefor originating spending measures, theSenate is said to be drafting its own lan-guage for the health IT portion of thebill.
At two Capitol Hill meetings onhealth IT, one theme that emerged wasthe need to give doctors incentives forgoing beyond acquiring electronichealth record systems and other forms
of health IT to actually using them.“Linking the implementation of
[health IT] to health system reforms isessential,” Dr. Jack Cochran, executivedirector of the Permanente Federation,told a Senate committee. “To promoteappropriate and clinically effective usesof [health IT] over the mere acquisi-tion of technology, the secretary of
HHS should developa n d i m p l e m e n tmeasures for [healthIT] connectivity anddata exchange, aswell as measures forEHR-based qualityreporting.”
At the same Sen-ate hearing, JanetCorrigan, presidentand chief executiveofficer of the Nation-al Quality Forum,said health IT “in-vestments and incen-tives should be tiedto the effective use of
[health IT] to improve patient safety,outcomes and experience of care” ratherthan linking them to simply having thetechnology.
Sen. Barbara Mikulski (D-Md.), whopresided over the hearing, expressedconcern that health IT could be “anoth-er technology boondoggle” like past ITfailures in the federal government. “Wecan’t afford to go there again,” she said.
At a meeting sponsored by the In-stitute for e-Health Policy and others,Claudia Williams, director of healthpolicy and public affairs at the MarkleFoundation, said, “Health IT shouldachieve measurable health and deliv-ery system improvements.… Health ITon its own will not result in desiredoutcomes.”
— Nancy Ferris
GE
TT
Y IM
AG
ES
6 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
News
The National Association of State MedicaidDirectors is asking federal officials to bringMedicaid reporting in line with the datastandards the government has endorsed forhealth information technology.
In a letter to Kerry Weems, acting admin-istrator of the Centers for Medicare andMedicaid Services, association members saidthey are required to file data on nursinghomes and Medicaid recipients that uses“vocabularies and standards which do notconform with current industry standards.”
The letter pointed to the Medicaid Sta-tistical Information System and the NursingHome Quality Initiative’s Minimum DataSet as being out of sync with PresidentGeorge W. Bush’s 2006 executive order thatdirected federal agencies to meet recognizedinteroperability standards when they devel-op or acquire new health IT systems.
“At a time when states and CMS are look-ing for ways to save taxpayer dollars, the re-sources currently being used to develop andimplement systems that do not meet theseinteroperability standards would be betterspent on upgrading the systems to meet rec-ognized industry protocol,” the letter states.“While we understand and support data ex-changes, we believe that diverting resourcesfrom the long-term goal of standardized in-teroperability in order to update nonstan-dard interfaces is counterproductive.”
The letter proposes that CMS work withstate agencies to establish data definitionsand formats that follow industry standards.
Ann Clemency Kohler, the association’sdirector, said CMS had announced plans toupgrade its systems last November. But inthe meantime, states are being forced to cre-ate new interfaces to make their data sys-tems comply with CMS’ unique standardsand vocabularies.
— Nancy Ferris
State Medicaiddirectors objectto nonstandarddata formats
Sen. Barbara Mikulski (D-Md.)
House tees up $20B health ITinvestment for feds and states
News_6-7 1/16/09 5:22 PM Page 6
BO
TT
OM
/GE
TT
Y I
MA
GE
S
7G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Medicare launched its personal healthrecords pilot program last month in Utahand Arizona.
The program allows patients coveredby fee-for-service Medicare plans to havetheir claims data downloaded to PHRs of-fered by one of four participating vendors.HHS officials hope 5,000 people will signup for the service during the one-year pi-lot program.
At a press conference announcing thelaunch last month, Scott Barlow, chief ex-ecutive officer of Central Utah Clinic, de-scribed how he began to experience backspasms during a trip with his family to afootball game in California. Because hehad had back spasms before, he knewthat a strong painkiller and other medi-
cines would remedy the problem.But the emergency physicians who
treated him were reluctant to prescribethe painkiller without testing to ensurethat he really needed the powerful drug.They insisted on giving him a battery oftests, including an expensive MRI, before
prescribing the drugs he had suggested.“It was $6,000 of wasted care,” Barlow
said — and he missed the football game.If he had had a PHR with his previousMRI images and other health carerecords, much of that waste could havebeen avoided, he said.
HHS’ Centers for Medicare and Med-icaid Services and contractor NoridianAdministrative Services will advertise theprogram in the two states, and all fee-for-service Medicare beneficiaries there willreceive letters from HHS Secretary MikeLeavitt urging them to take part.
If the program proves successful, itcould be extended past the one-year termor expanded to other areas.
— Nancy Ferris
Medicare test of PHRs gets under way
Scott Barlow
DOD launching mobile telehealth in AfricaThe Defense Department is working on anumber of projects in its new Africa Com-mand area that depend on cellular tech-nologies to transmit health informationto and from medical trouble spots.
In one project, DOD is developing a wayto send periodic text messages to Tanzania’smilitary. The project, which will launch thisyear,“targets HIV knowledge and attitudesamong military personnel in remote areas,”said Col. Ron Poropatich, deputy directorof the Army’s Telemedicine and AdvancedTechnology Research Center.
Another telehealth project on thedrawing board seeks to provide medicaltraining to members of Liberia’s militaryand allow them to consult with hospitalpersonnel in the capital of Monrovia. Mil-itary forces in that country do not employdoctors or nurses, Poropatich said.
Mobile phones will play a key role inthose projects because of their relativelyhigh use among the population of Africa.
“There are now 70 million cell phoneson the African continent, 10 times the num-ber there were in 1999,” said Poropatich at
a recent symposium in Washington, D.C.“Fourteen percent of the population hasmobile phones, more than have fixed lines.”
By contrast, only 3 percent of Africanshave access to the Internet, he added.
Poropatich expects mobile phone-based telehealth applications to includeclinical consultations, education, research,biosurveillance, health surveys and dis-ease management.
He said he believes text messaging willplay an important role in the command’stelehealth efforts because texting is cheap-er and more reliable than voice commu-nications in Africa.
“We need applications that make useof the cell phones they already have, thatrequire minimal training and that tacklelow-hanging fruit,” Poropatich said.
The command’s missions include med-ical support operations, capacity buildingand disaster relief, said Col. SchuylerGeller, a command surgeon based inStuttgart, Germany.
— Peter BuxbaumSouth Africa
News_6-7 1/16/09 5:23 PM Page 7
B Y P E T E R B U X B A U M
In the near future, U.S. warfighters mightbe wearing devices that automatically de-tect injuries and begin treatment well be-fore they are evacuated to a field hospital.
Last fall, the Office of Naval Researchawarded a $1.6 million grant to a team ofresearchers at the University of California,San Diego, and Clarkson Univer-sity to develop such a device, calleda field hospital on a chip.
The goal is to create an auto-mated system that would contin-uously monitor a warfighter’ssweat, tears and blood for bio-markers that signal common bat-tlefield injuries, such as trauma,shock, brain injury and fatigue.Once the system detects a medicalproblem, it would automaticallyadminister medication.
“The long-term goal is to de-velop and test autonomous devicesthat detect and respond to battle-field trauma or insult,” said LindaChrisey, a program officer at theOffice of Naval Research’s Biolog-ical and Biomedical Division.“Thesupporting research objectives are to iden-tify and improve detection of robust bio-markers for battlefield injuries and stres-sors and to develop interfaces between thesensors and device-control systems that in-crease the reliability of the diagnosis.”
Led by nano-engineering professorJoseph Wang, engineers at UC San Diegowill build a minimally invasive system thatmonitors multiple biomarkers simultane-ously and processes that information to di-agnose conditions.
“Since the majority of battlefield deathsoccur within the first 30 minutes after in-
jury, rapid diagnosis and treatment are cru-cial for enhancing the survival rate of in-jured soldiers,” Wang said.
He helped develop the first noninvasivesystem for treating diabetes by monitoringglucose levels in patients’ sweat. However,that type of system is not advanced enoughto function as a field hospital on a chip.
“Today’s insulin and glucose manage-
ment systems don’t include smart sensorscapable of performing complex logic op-erations,” Wang said. “We are working ona system that will be different. It will mon-itor biomarkers and make decisions aboutthe type of injury a person has sustainedand then begin treating that person accordingly.”
The project will build on Evgeny Katz’sresearch into enzyme logic systems. Katz, aprofessor in Clarkson University’s Depart-ment of Chemistry and Biomolecular Sci-ence and a member of Wang’s researchteam, has shown that enzymes can be used
to measure biomarkers and perform thelogic necessary to make limited diagnoses.
One of the team’s challenges and the ex-pected focus of the first two years of re-search will be integrating enzyme logic withsensing devices people can wear. Researcherswill work on developing electrodes with en-zymes that serve as sensors and perform thelogic necessary to convert biomarkers suchas lactate, oxygen, norepinephrine and glu-cose into data that would trigger the releaseof appropriate medication.
“We just want the ones and zeros,”Wangsaid.“The pattern of ones and zeros will re-veal the type of injury and automaticallytrigger the proper treatment. This is bio-computing in action.”
For example, if an injuredwarfighter goes into shock, en-zymes on the electrode would senserising levels of lactate, glucose andnorepinephrine. Those, in turn,would cause changes in the con-centrations of biochemicals gener-ated by the enzymes and promptthe built-in logic structure to out-put a digital signal that indicatesthe patient is going into shock. Thatsignal would trigger a predeter-mined treatment response.
The researchers expect to havea working prototype of the prod-uct in four years.“We are just at thebeginning of this project,” Wangsaid. “During the first two years,our primary focus will be on thesensor systems. Integrating enzyme
logic onto electrodes that can read biomark-er inputs from the body will be one of ourfirst major challenges.”
“Achieving the goal of the program is es-timated to take nearly a decade,” Chriseysaid.
Developing an effective interface be-tween complex physiological processes andwearable devices could have a broader im-pact, Wang said. If the researchers are suc-cessful, they could pave the way for “au-tonomous, individual, on-demand medicalcare, which is the goal of the new field ofpersonalized medicine,” he added. ■
DE
FE
NS
E D
EP
AR
TM
EN
T
8 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
Hospital on a chipResearchers are working on a device to monitor
warfighters and administer medication on the battlefield
News
A project funded by the Office of Naval Research seeks to
speed delivery of medication to injured or ill service
members by monitoring and analyzing certain vital signs.
News_8-9 1/16/09 5:39 PM Page 8
B Y P E T E R B U X B A U M
The Navy doesn’t have a chief medical in-formation officer, but the man who actsin that capacity thinks it should. “We al-ready have CMIOs at the regional level,”said Dr. Bob Marshall, director of clinicalinformatics at the Navy’s Bureau of Med-icine and Surgery. “We need a central po-sition to coordinate regional activities andto have an official representative to tri-service initiatives.”
To a certain extent, Marshall’s quest issymbolic: He already performs most of thefunctions of a CMIO.“I am the primary li-aison among medical staff, [informationtechnology] and the senior leadership,” hesaid. “My office assesses changes to infor-mation systems and performs performanceassessments on inpatient and outpatientsystems. I also interface with the MilitaryHealth System and serve on tri-serviceboards.”
But he wants the Navy to catch up tothe other military services. The Army ap-pointed Lt. Col. Hon Pak as its CMIO,while the Air Force recently created a sim-ilar position and is about to fill it.
And, he believes, matching the otherservices in matters of health informationpolicy would help the Navy compete forresources.
“A central CMIO would be the primarychampion for the clinical needs of the Navyas a whole and the regions, without micro-managing the regions,” Marshall said.“Thisincludes providing adequate resources,training and reference materials to clini-cians, improving their workflows and alsoadvocating for a decent quality of life.”
In terms of health IT, the Navy is incritical need of wireless systems, Marshallsaid. One of his priorities is to install wire-
less local-area networks at all Navy med-ical facilities.
“In the Navy, we have installed onlythree wireless LANs,” he said. “The Armyhas almost completely rolled them out. Wewant to make major progress on that frontin 2009.”
That progress would enable Navyproviders “to have theability to use tablet com-puters as they movethrough clinical care,” headded.
Marshall said he alsowants to see progress onthe latest version ofAHLTA, the military’selectronic health recordsystem. He is aware ofcomplaints about thesystem but said he viewsits capabilities as a netgain for military healthproviders.
“AHLTA is too slow,”he said.“Most people arepretty happy with it eventhough they don’t like theslowness. The function-ality is reasonably good.A patient can be evacuat-ed from Iraq to Italy, andthey can see his entiremedical record in Italy.”
AHLTA has also nearly eliminated theneed for paper.“The value of being able tosee a patient’s entire medical record is notto be underestimated,” Marshall said. “Weused to have to access paper charts around50 percent of the time. Now, unless AHLTAis down — which is highly unusual — themedical record is in our face 100 percentof the time.”
Still, he said AHLTA is “not where itneeds to be. We need to move to a thinclient and to upgrade the ability to add un-structured text.”
Marshall said he has high hopes for theupcoming version of the system, which hasbeen available to some installations on alimited basis.“The latest version is movingin the right direction,” Marshall said.“Thepeople who have been using it have beenhappy with it.”
He said he would like to see AHLTA dofor medical records what picture archivingand communications systems have donefor radiology. AHLTA “would include theentire inpatient and outpatient medical
record, case manage-ment functionality, andcomputerized order en-try,” he said.“It would beinteroperable with Vet-erans [Affairs Depart-ment] and civilian elec-tronic health records,and it would be availablein theater.”
In-theater availabili-ty is still a problem forAHLTA, even on Navyships, because of thecontinued constraints oncommunications band-width. “AHLTA Theateris configured to operatein a disconnected envi-ronment,” Marshall said.“It is arranged so that theClinical Data Reposito-ry is updated every 24hours or whenever satel-lite communications be-come available. But on a
ship, nothing is more important than thecombat control center. The captain isn’t go-ing to let that go down so that the CDR canbe populated.”
Still, Marshall said he dreams of the daywhen in-theater medical care could beavailable globally in real time.“That wouldbe a great thing to have,” he said. “Thatwould be a killer app.” ■
9G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
“A central CMIOwould be the
primary champion for
the clinical needsof the Navy as a whole…without micromanaging
the regions.”
BOB MARSHALL , NAVY BUREAU
OF MEDIC INE AND SURGERY
Naval maneuversNavy’s clinical health IT boss envisions the day when
in-theater medical care will be available in real time
News_8-9 1/16/09 5:40 PM Page 9
B Y H E AT H E R B . H AY E S
A wiki is often described as a Web site withan edit button. But despite benefits thatinclude speed and ease of use, the tech-nology suffers from an identity crisis. Toomany people confuse it with Wikipedia,the popular Web-based encyclopedia thatallows anyone to contribute to any of 12million topics — and counting.
“If you start talking about using wikioutside the domain of Wikipedia, peo-ple’s eyes gloss over,” said Miguel Gomez,director of AIDS.gov, a Web portal forfederal resources on HIV/AIDS hosted bythe Health and Human Services Depart-ment’s Office of HIV/AIDS Policy. “Thename is not helpful at all.”
The AIDS.gov Web site, launched inearly 2008, is trying to help its users over-come any confusion they might haveabout wikis or other social media. Thesite features a weekly blog that educatesthe HIV/AIDS community on the latest
social media technologies and how theycan use those tools in their public healthwork. The tools include text messaging,virtual worlds, podcasts, social networks,and photo- and video-sharing sites.
The AIDS.gov wiki is already a popularsubject on the blog. Readers can click onlinks that provide basic information on thetool’s benefits and potential uses or view avideo tutorial with step-by-step instruc-tions on participating in a wiki. Gomez saidthe public health community can use thetechnology to collaborate with other groupson AIDS-related tasks, maintain global con-tact and resource lists, and develop calen-dars of World AIDS Day events.
Gomez said he knows the wiki is easyto use and beneficial because he and theblog’s seven far-flung contributors — in-cluding participants at HHS’ Centers forDisease Control and Prevention, Officeof Minority Health and Office onWomen’s Health — rely on the tool tocreate their weekly posts. They decided to
move to the wiki after trying to write thefirst few articles using Microsoft Wordand e-mail to collaborate.
“It wasn’t very efficient,” said Jennie An-derson, AIDS.gov’s communications direc-tor.“So we decided it would be a lot easierif we had one document where everyonecould put their changes into a single place,and with a wiki, changes are always madeto the latest version because only one per-son can go into the wiki at a time.”
By relying on the wiki, the AIDS.govteam improved accuracy, transparency andcredibility. “For senior government offi-cials who wanted to sort of monitor whatwe were doing, it eliminated the need towrite up and forward a memo,” Gomezsaid. “We can just direct them to the wiki,and they can see our progression and thehistory of contributions and edits.”
The wiki also added security to the col-laboration process. Because it requires asecure log-in, the AIDS.gov blog team cancontrol who is allowed to read and makechanges to documents. By contrast, send-ing a Word document via e-mail is fraughtwith opportunities for unauthorized usersto copy or read it, Anderson said.
Although it doesn’t endorse productsamong the many good wiki options thatare available, the AIDS.gov blog team willsometimes suggest that more skepticalusers consider a product called PBwiki,which the team used to create theAIDS.gov blog.
Gomez said it’s not because PBwiki hasmore functionality than other products;rather, its memorable moniker and slo-gan — “It’s as easy as making a peanutbutter sandwich” — grab the attention ofusers and help them overcome their aver-sion to trying the technology.
“When we’ve gotten people to startwith PBwiki, they get stuck on the cutename and away from the whole topic of‘what the heck’s a wiki?’” Gomez said. “Ithas actually secured some buy-in.” ■
AID
S.G
OV
10 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
Wiki expands AIDS.gov reachHHS office taps the social media tool to collaborate
with public health organizations
News
“If you start talking about
using wikioutside thedomain ofWikipedia,
people’s eyesgloss over.”
MIGUEL GOMEZ ,
A IDS .GOV
News_10-11 1/16/09 5:47 PM Page 10
B Y B R A D H O WA RT H
Peter Fleming is either an optimist or amasochist. As the recently appointed chiefexecutive of Australia’s National E-HealthTransition Authority (NEHTA), he leads anorganization that has been widely criticizedfor its lack of progress in developing a uni-fied electronic health record framework forthe country.
But Fleming might have stepped intothe job at just the right time. NEHTA re-cently received a commitment from Aus-tralia’s federal and state governments to al-locate $218 million in Australian dollars(about $150 million in U.S. dollars) to fundthe agency through June 2012.
“We now have guaranteed funding forthree years, which ensures we can continueto develop the essential infrastructure proj-ects necessary to support an individual elec-tronic health record in the future,” he said.“This is a strong endorsement of e-healthas an essential component of health reform.”
His appointment followed a lengthysearch after the departure of previous chiefIan Reinecke in early 2008. NEHTA’s chiefinformation officer and chief finance offi-cer also left the agency last year.
Fleming joined NEHTA last Septemberand has a background in delivering largeinformation technology projects in the re-tail, financial services, telecommunicationsand health sectors. He said he has a stronggrasp of the issues of process engineering,training and change management that ac-company NEHTA’s task.
His most recent job was with the Aus-tralian health and diagnostic company Sym-bion Health (formerly Mayne Group),
where he said he became aware of the idio-syncrasies of using technology in the healthcare sector.
“Within Mayne, I got a very good un-derstanding of how important relation-ships are in the health in-dustry,” Fleming said.“It’s not a simple indus-try, and people are pas-sionate about it. Youdon’t join the health in-dustry unless you arepassionate and want tomake a difference.”
In creating a nationalhealth IT network, “wewill make a difference topatient care, we will em-power the consumer andthe patient, and we willremove a lot of duplica-tion from the system,” hesaid. “There are very fewjobs where someone withan IT background canmake a big difference.”
Health care groups, including the HealthInformatics Society of Australia, have crit-icized NEHTA’s slow progress in develop-ing and deploying health IT standards andsystems. Fleming said he believes much ofthe criticism overlooks the backgroundwork that has been done to put standardsin place.
“Most of that is under the covers, andwe haven’t done that good a job of gettingthe visibility out there,” Fleming said.“This[funding] gives us a really wonderful start,so what I bring to this is an absolute focuson making a difference.”
With the funding situation now clari-fied, Fleming said the agency’s focus willshift to defining the stages of delivery forNEHTA projects, with an emphasis on de-livering benefits quickly. “There is a focusnow of getting some deliverables on thetable, and that is the message I am gettingfrom clinicians and the board,” Flemingsaid.“More importantly, the government is
extraordinarily serious”about health IT.
His goals includecontinuing to act on rec-ommendations made bythe Boston ConsultingGroup, such as improv-ing accountability andtransparency within theorganization. Flemingsaid he believes it is alsoimportant for NEHTAto be aware of the healthIT initiatives occurringin the private sector, sothe agency can encour-age the right develop-ment and stop duplica-tive efforts.
“One of the keys forus is bringing all those
groups together and sharing what’s goingon,” Fleming said.“I don’t think in any jobthat you can make everyone happy. How-ever, all of our stakeholders are focused onthe benefits of e-health and the need to im-plement it. Within that, there are clearly dif-ferent perspectives on how to go about it.And one of our jobs is to clearly bring thosegroups together. We won’t have all the an-swers, but as we work through with the keystakeholders on our board, the clinicians,the vendors, the consumer advocates andso on, I have no doubt that we will come upwith an appropriate consultation.” ■A
ND
RE
W L
LO
YD
11G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
“The government is extraordinarily
serious” abouthealth IT.
PETER FLEMING, AUSTRAL IA’S
NAT IONAL E -HEALTH
TRANS IT ION AUTHORITY
Australia’s new health ITchief is on the hot seatPeter Fleming vows to reduce duplication and empower
patients while building a national health IT system
News_10-11 1/16/09 5:48 PM Page 11
‘Dear Mr.President’
Letters from 21health information
technology leadersto the new
president portray a road map for
building an electronic health
care system that rewards productivity,
retains knowledgeand supports
effectiveness of care.
Feature 1_pp12-15 1/16/09 6:00 PM Page 12
ILL
US
TR
AT
ION
/KIM
BE
RL
Y C
ON
WA
Y
13G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Reward physicians for using health ITYou enter office during a time
of unprecedented growth and
opportunity in the field of
health care information tech-
nology. Health care is an issue
that goes beyond party affilia-
tions and affects every citizen,
and as you begin your term as
president, we urge you to con-
tinue building on the momen-
tum this industry has gained in
the past decade.
Investing in health IT, such
as the adoption and advance-
ment of electronic health
records, will help bring about
an interoperable health care
system, which studies have
shown can save upwards of
$150 billion to $300 billion an-
nually to numerous stakehold-
ers, including the federal gov-
ernment and, thus, taxpayers.
Furthermore, EHR adop-
tion improves the quality of
care that physicians and other
caregivers are able to provide.
In times of disaster and crisis,
properly constructed EHR net-
works enable health care pro-
fessionals to access a patient’s
medical records at a moment’s
notice, whereby they can
quickly and effectively admin-
ister the proper care.
The benefits of widespread
EHR adoption are hard to ig-
nore. Yet many physicians re-
main reluctant to use these
solutions to their fullest po-
tential. A key step in advanc-
ing the adoption of EHRs is
the creation and support of
legislation and regulations
that provide monetary incen-
tives to physicians who suc-
cessfully deploy health IT sys-
tems at the point of care. EHR
adoption furthers the ability
for physicians to perform
more accurate and wide-
spread clinical research that
can unlock new medicines and
treatments that benefit the
greater good, from treating
common illnesses to curing
chronic diseases.
We urge you to continue
supporting legislation and reg-
ulations that advance health
care information technology.
Justin Barnes
Vice President of Marketing
and Government Affairs,
Greenway Medical
Technologies
Jump-start state HIEsMr. President, give us light!
It’s not hard to imagine all
the physician’s offices, all the
labs and pharmacies and hos-
pitals and nursing homes
across the country finally con-
nected — strung together in a
living, pulsing network to ex-
change information. Even the
most rudimentary version of
this would save lives, reduce
errors, cut down on waste and
save money.
But like America in the
1930s, when Franklin Roo-
sevelt established the Ten-
nessee Valley Authority to
bring electricity to one of the
poorest regions of the nation,
we need leadership and galva-
nizing legislation to light up all
the nodes on this urgently
needed network.
Only a few vital pieces of
enabling legislation will bring
this network to life. First and
most important, we need to
jump-start the development of
state-based health informa-
tion exchange (HIE) organiza-
tions. The federal government
can do this by making an ini-
tial investment of capital allo-
cated to each of the states.
The states would be author-
ized to distribute the funds to
not-for-profit, public/private
partnerships responsible for
developing HIE capabilities
within the state — either a
single operating HIE for the
entire state or an umbrella or-
ganization linking regional
and local exchanges.
This initiative needs some
accompanying support, such as
definitions of acceptable priva-
cy and confidentiality protec-
tions and tax-exempt financing
allowed for the relatively short-
lived assets of information
technology investments. But
for states that have established
early prototypes of HIEs or are
close to bringing up opera-
tions, this will ensure rapid de-
velopment and full deploy-
ment. For other states, it will
provide assurance that [an] HIE
is not only possible but in-
evitable. It is time to light up
all the nodes across the country
with the digital equivalent of
electricity utilities.
Dr. Molly Coye
Chief Executive Officer,
Health Technology Center
Train more health informaticiansYou have proposed spending
$50 billion on health informa-
tion technology to improve
health care. To achieve that
laudable objective, this invest-
ment must include more than
funding for electronic health
records implementation and
clinical data exchange.
Many more health care
professionals, especially bio-
medical and health informati-
cians with strong health IT
knowledge and skills, are
needed. These individuals will
serve in hospitals and physi-
cian’s offices to educate oth-
ers, integrate patients elec-
tronically into their own
health care and records, devel-
op systems for the future,
streamline clinical processes,
and harvest medical knowl-
edge buried in the growing
volume of clinical data.
In addition, much more re-
search is needed to determine
how best to design, imple-
ment, and use health IT to
strengthen clinical decision
support, knowledge manage-
ment, data security, and public
and population health [while]
advancing the frontiers of
’ Justin Barnes Dr. Molly Coye Dr. Don Detmer
Feature 1_pp12-15 1/16/09 6:04 PM Page 13
14 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
translational bioinformatics. In
short, informatics education
and research are essential.
In 2008, Rep. David Wu
(D-Ore.) introduced legislation
that provided support to the
National Science Foundation
for informatics training. The
bill, which passed the House
but not the Senate, must be
revived in the new Congress
with additional monies made
available for the National
Library of Medicine, the Cen-
ters for Disease Control and
Prevention, and the Agency
for Healthcare Research and
Quality.
[Allocating] $500 million
for each of the first four years
would greatly enhance the
likelihood of achieving our
goal of using health IT to im-
prove the health of individual
citizens and populations
through improved safety,
quality and satisfaction while
reducing costs.
Dr. Don Detmer
Chief Executive Officer,
American Medical
Informatics Association
Set health information standards One area where we have
broad agreement in health
care reform is on the need to
improve care, reduce medical
errors and cut costs by pro-
moting widespread use of
cutting-edge health informa-
tion technology.
We must speed the imple-
mentation of a system that
will improve health care value
by allowing doctors across the
country to have all the infor-
mation they need to deter-
mine the best courses of
treatment, cut down on ad-
ministrative costs and elimi-
nate repetitive testing. The
technology is already available
— we need to apply it. But
first, we need to set uniform
standards to bring health care
into the 21st century.
Doctors who use health IT
are very satisfied with the im-
provement in the quality of
care they can provide for their
patients. However, most doc-
tors are waiting for Congress
to establish uniform standards
before they take advantage of
the many benefits of health
IT.
Simply throwing around
taxpayer dollars as an invest-
ment in health IT is not a solu-
tion. We need to establish
consensus standards so that
doctors don’t have to worry
that the IT investment they
make today will be obsolete
tomorrow. Purchasing the
wrong software could be like
investing in compact discs the
day before iTunes launched.
Uniform standards will en-
courage doctors to invest in
health IT and drive innovation
in the health IT sector.
Sen. Mike Enzi (R-Wyo.)
U.S. Senate
Build Version 1.0 first Don’t automate until you
achieve a consensus on what
our health care system — as a
real system — should look like.
If you merely automate our
current ineffective and com-
plex system, you may make it
harder to effect real change.
As Chicago’s Richard Daley in-
famously misspoke in 1968,
“The police are not here to
create disorder; they are here
to preserve disorder.” Do not
pay for systems that preserve
disorder.
There are steps that can be
taken now. Build on Tennessee
Gov. Phil Bredesen’s admoni-
tion to build Version 1.0 first.
Focus on areas where technol-
ogy can reduce complexity.
These include providing a se-
cure medication history for
every American in every care
setting [and] providing federal
Medicaid funds for health IT
only for those systems that can
ensure availability of informa-
tion across systems through
health information exchange.
Charge America’s computer
scientists to rethink health IT
as an informatics effort aimed
at more effective knowledge
management. Teach those
who maintain computer sys-
tems to understand medical
technology and privacy. Work
with banks and other knowl-
edgeable groups to address
identity management and
data security.
Remember that the archi-
tect Louis Sullivan said, “Form
ever follows function.” If you
foster the creation of a func-
tional, effective, equitable
health care system, good in-
formatics will follow.
Dr. Mark Frisse
Professor of
Biomedical Informatics,
Vanderbilt University
Engage government in standards-makingThe U.S. health care system
has always been under signifi-
cant strain, with skyrocketing
costs, expanding ranks of
uninsured individuals, and lag-
ging quality and safety meas-
ures plaguing the system. Al-
though incremental
improvements have been
made in some areas, the cur-
rent economic environment
will force decision-makers to
rethink our approach.
Recently, the Healthcare In-
formation and Management
Systems Society released rec-
ommendations for the new
administration and the 111th
Congress. Two are particularly
critical, especially for the gov-
ernment IT space. First is the
call for $25 billion in incen-
tives for the adoption of elec-
tronic medical records. Nearly
every significant type of
health care reform requires
availability of clinical data by
electronic means.
The other is the recommen-
dation for Congress to further
Sen. Mike Enzi Dr. Mark Frisse Dr. Harry Greenspun
Feature 1_pp12-15 1/16/09 6:05 PM Page 14
15G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
the significant gains made
through public/private collab-
oration on standards and in-
teroperability. Unless the fed-
eral government remains
actively engaged, issues of pri-
vacy, security and standards
harmonization will overwhelm
what progress has been made
to date.
Dr. Harry Greenspun
Chief Medical Officer,
Perot Systems
Ask payers to finance CPOE in hospitalsHealth care costs per capita in
the United States are the high-
est in the world, yet we lag in
leading quality indicators and
universal access to health care.
Depending on how you de-
fine electronic health records,
physicians and hospitals in the
United States have between
2 percent and 20 percent
adoption of those systems,
compared to more than 80
percent in the United King-
dom, Scandinavia and Canada.
Lack of alignment of incen-
tives for technology adoption
is a major issue. He who in-
vests in technology is not nec-
essarily he who benefits. I rec-
ommend a three-point plan
for your administration.■ Provide incentives through
Medicare/Medicaid for the
adoption and use of EHRs. Tar-
get those incentives so that
cost savings are shared with
clinicians.
■ Encourage insurers to provide
incentives for hospitals to
adopt computerized physician
order entry. The technology,
which lets physicians communi-
cate treatment instructions
electronically, is the most im-
portant tool hospitals can in-
troduce to improve their safety,
quality and efficiency of care.■ Continue to provide federal
funding for technology and
policies that encourage inter-
operability among health care
providers.
If we coordinate the care of
all Americans and ensure that
every person has a lifetime
electronic record, we will enjoy
safer care at a reasonable price.
Dr. John Halamka
Chief Information Officer,
Harvard Medical School
Provide incentives for medical homesIf there is one action that can
ensure that our health care
system’s balance is restored, it
[would be] to provide finan-
cial incentives for patient-cen-
tered medical homes to flour-
ish as places where care is
coordinated and continuity is
established for every patient
who wants one.
Financial incentives are re-
quired because the health in-
formation technology neces-
sary to connect medical homes
with other participants in the
health team — such as special-
ist physicians, pharmacies, hos-
pitals and the patients them-
selves — is costly to purchase
and maintain. Without that IT-
enabled connectivity, informa-
tion will remain isolated and
fragmented, and the opportu-
nities for improving quality
and reducing unnecessary
costs will be much more diffi-
cult to achieve.
Family physicians have
proven their willingness to
adopt health IT to enhance
patient care. What we need
now from the Obama adminis-
tration are the payment re-
forms that will promote coor-
dination and continuity of
care at the primary care level
and make it possible to trans-
form our system and achieve
new levels of health quality
and cost-effectiveness for
every American citizen.
Dr. Douglas E. Henley
Executive Vice President,
American Academy of Family
Physicians
Increase Medicare incentives for e-prescribingEach year, nearly 1.5 million
people are injured and 7,000
killed due to drug errors.
E-prescribing can prevent
these tragedies and, in doing
so, save U.S. health care $27
billion per year. But, ironically,
the biggest barrier to realizing
the savings is cost.
The Centers for Medicare
and Medicaid Services have
taken a first step, offering a 2
percent e-prescribing incentive
starting in 2009. But as the
largest purchaser of health
care, the federal government
must do more.
I urge you to leverage fed-
eral health IT investments to
revise Medicare reimburse-
ments to reward improvements
in quality through health IT uti-
lization. That will help improve
the return on investment for
physician adoption. Insurers ad-
ministering Medicare Part D
(prescription drug) payments
should also be encouraged to
offer e-prescribing programs
that help eliminate the physi-
cian cost burden.
For Medicare and Medic-
aid, e-prescribing can gener-
ate $3 billion per year in sav-
ings. And insurers that do
offer such programs should be
allowed to classify e-prescrip-
tion transaction fees as a med-
ical — not administrative —
expense [because] the benefits
of e-prescribing are directly
tied to better medical care.
These investments will help
dramatically reduce costs, save
lives and create a feasible path
to nationwide e-prescribing
adoption. With your support,
2009 can be the year when
health IT makes more effi-
cient, cost-effective care a
reality.
Kevin Hutchinson
Chief Executive Officer,
Prematics
Dr. John Halamka Dr. Douglas E. Henley Kevin Hutchinson
The Public Sector Practice of PricewaterhouseCoopers is a fast growing, focused organization at work providing business advisory services to the Federal Government in enterprise risk management, process improvement, project and portfolio management, financial management, and cyber security.
As a trusted advisor we are engaged in some of the Federal Government’s most difficult challenges.
The Public Sector Practice is at work on project management, business and financial planning for the Department of Defense, advising on data security, threat and vulnerability management for
The Department of Homeland Security, and consulting on human capital and succession issues for the Internal Revenue Service.
Over the next few months, in the pages of this magazine, we’ll discuss the range of our capabilities and demonstrate through case history and example the work that we are doing for the Federal Government.
Right here, in Washington, D.C. And wherever else in the world we’re needed.
Visit www.pwc.com/publicsector to learn more about the Public Sector Practice and the work we do.
18 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
Streamline insurance enrollment systemsOne in four people who lack
health coverage in the United
States are eligible for publicly
financed insurance programs
but are not enrolled.
In considering the expan-
sion of Medicaid, the State
Children’s Health Insurance
Program (SCHIP) or any new
program, use of the same In-
ternet tools your campaign
successfully deployed to mobi-
lize millions of Americans
should be required to make it
easier for working families to
access and retain health care
coverage.
The current system of cate-
gorical programs — each with
its own application forms, eligi-
bility rules, document require-
ments and physical locations —
makes applying in person a
timely and confusing maze for
most families. It’s also costly
and inefficient.
And although a few states
have made progress, most lack
a unified enrollment approach,
which makes it impossible to
determine the full range of
services a family might be eligi-
ble to receive. The lack of more
integrated systems also pre-
cludes families from taking ad-
vantage of existing flexibilities
in federal law that permit
agencies to use information
provided by a family to main-
tain eligibility for one program
— for example, Food Stamps —
to also renew the family’s Med-
icaid coverage automatically.
Technology on its own will
not bring reform. Yet today in
California, more than 30 per-
cent of SCHIP applications are
submitted electronically. That
experience and similar efforts
in a few other states indicate
that by making enrollment
publicly accessible over the In-
ternet, greater numbers of eli-
gible but currently uninsured
families might find it easier to
enroll.
Sam Karp
Vice President of Programs,
California HealthCare
Foundation
Maintain the health IT czarI suggest that your single most
important task is creating a
sound health information man-
agement and technology infra-
structure as a central element
to accomplishing comprehen-
sive health care system reform
that expands coverage, raises
quality and controls costs.
There are several objectives
involved in this goal. The most
significant of these include
maintaining an Office of the
National Coordinator for
Health Information Technology
as a sort of health information
management and technology
czar. This person would serve
to coordinate the govern-
ment’s strategies and engage-
ment with the private sector,
supporting consumer-managed
personal health records, pro-
moting health information ex-
changes and expanding Ameri-
ca’s health information
workforce.
In recent years, we have
seen substantial gains made to-
ward establishing a nationwide
network for health informa-
tion management. Continuing
this public/private collabora-
tion can only further progress
already made. As you have
pointed out on several occa-
sions, there is an emergent
need for additional skilled elec-
tronic health record and health
information network profes-
sionals that must be resolved
quickly in order to accelerate
and maintain the successful
adoption, implementation and
effective use of health informa-
tion management technology
systems that improve care.
Linda L. Kloss
Chief Executive Officer,
American Health Information
Management Association
Build on established trust and leadership Health information technolo-
gy can’t solve all our health
care challenges, but I believe
it’s the critical first step in solv-
ing any of them. The currency
of a 21st century health sys-
tem will be health information
— delivered instantly and se-
curely to individuals and their
care providers and accumulat-
ed and analyzed for constant
improvement and research.
In the past four years, the
federal government stepped
forward to lead a broad-based
public/private movement ad-
vancing health IT. Although the
funds allocated were modest,
the industry responded with a
nonpartisan outpouring of vol-
unteer support that amplified
the effects. I lead an organiza-
tion that has been part of that
initiative. Along with comple-
mentary efforts, together we
have developed mechanisms to
build consensus on health IT
priorities, harmonize standards,
certify health IT products and
services for compliance with
those priorities and standards,
and begin organizing an elec-
tronic network connecting pa-
tients, doctors and hospitals.
So my advice is simple: The
change we need is one of scale
and dedication, not a disorient-
ing change of direction. As you
develop policies for a public in-
vestment in health IT, we invite
you to build on the momen-
tum, trust and leadership that
has already been painstakingly
established. I know my fellow
health IT leaders join me in
pledging our wholehearted
support to your inspiring lead-
ership, and we look forward to
great achievements in improv-
ing the health of our nation.
Dr. Mark Leavitt
Chairman,
Certification Commission
for Healthcare IT
Sam Karp Linda L. Kloss Dr. Mark Leavitt
Feature 1_pp18-19 1/16/09 6:11 PM Page 18
Hold White Househealth IT summitThe Healthcare Information
and Management Systems So-
ciety and its members stand
ready to help you and the
111th Congress bring health
care into the 21st century. Here
are our recommendations to
help accomplish that goal. ■ The administration and Con-
gress should invest a minimum
of $25 billion to provide in-
centives for electronic medical
record adoption to those who
contract with Medicare and
Medicaid. ■ Congress should ensure that
any funding appropriated for
the purchase or upgrade of
health information technolo-
gy products by federally fund-
ed health programs be allo-
cated only for the use of
health IT products that apply
interoperability specifications
approved by the Healthcare IT
Standards Panel and are certi-
fied by the Certification Com-
mission for Healthcare IT.■ The Health and Human Serv-
ices Department should ex-
pand and make permanent
the current Stark exemptions
and anti-kickback safe harbors
for EMRs to cover additional
health care software and re-
lated devices. ■ Congress should codify a
federal-level health IT coordi-
nating body [and] a senior-
level administration official to
oversee health IT and HITSP,
which will ensure continuity
of the significant gains that
have been accomplished in
the past several years. ■ Within the first 90 days of
the administration, you
should hold a White House
summit on health care reform
through IT to develop consen-
sus and propose solutions to
critical national health IT is-
sues within the context of the
larger economic issues facing
our nation.
Steve Lieber
Chief Executive Officer,
Healthcare Information and
Management Systems Society
Make a public/private road mapThe U.S. health care system
has great challenges, includ-
ing those related to quality,
safety, efficiency and access,
and we applaud your leader-
ship and recognition that
health information technolo-
gy plays a critical role in
health care reform.
A secure electronic health
information infrastructure will
not only transform care deliv-
ery but also enable us to more
effectively measure and im-
prove quality, better manage
chronic conditions, monitor
safety and public health
threats, and help us better un-
derstand which treatments
work best for specific diseases
and conditions.
We are excited about your
commitment to substantial
federal investment in health
IT. Such an investment —
which should cover not only
those who adopt health IT
and deliver higher-quality
health care but also health in-
formation exchange across or-
ganizations — will fast-
forward the development of
a higher-quality, safer, more
effective health care system
for all Americans. Collabora-
tion across the public and pri-
vate sectors — involving every
stakeholder, both nationally
and locally — to develop a
shared road map for accom-
plishing these goals is also a
necessary element for success.
Janet M. Marchibroda
Chief Executive Officer,
eHealth Initiative
Create a flexible privacy framework You’ve pledged to spend bil-
lions building a health infor-
mation technology network
that will become the back-
bone of a reformed health
care system. But there’s an-
other critical element to the
success of this network that
can’t be bought, no matter
how much money is put on
the table: trust. Patients won’t
allow their health information
to be part of this system un-
less they trust [that] it will be
protected.
How do you make that
happen? Use existing authori-
ty — and work with Congress
to fill gaps in the law — to es-
tablish a comprehensive, flex-
ible privacy and security
framework that sets clear
rules for access, use and dis-
closure of personal health in-
formation by all entities en-
gaged in e-health.
That includes strengthen-
ing the [Health Insurance
Portability and Accountability
Act] Privacy Rule for electronic
records kept and exchanged
by traditional health system
entities and backing it up
with vigorous enforcement. It
also means working with Con-
gress to ensure that all enti-
ties that handle personal
health information are re-
quired to comply with a base-
line of privacy protections.
Approach privacy as a goal
that requires consistent effort
as our revitalized health care
system continues to evolve.
Privacy is not a one-shot deal
or a single set of rules that
will sufficiently protect infor-
mation in each and every con-
text. Building trust requires
ongoing dialogue about the
right set of rules and techno-
logical solutions to meet the
information-sharing chal-
lenges raised by the new
e-health environment. Let’s
get the conversation started.
Deven McGraw
Director of the Health
Privacy Project,
Center for Democracy
and Technology
19G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Steve Lieber Janet M. Marchibroda Deven McGraw
Feature 1_pp18-19 1/16/09 6:13 PM Page 19
Don’t boil the oceanWhat one thing could you do
that will have the most im-
pact on improving the value
of health care in the United
States? Don’t boil the ocean,
as recent federal approaches
have done. Rather, keep it
simple and focus on what we
can get done in today’s cur-
rent technological environ-
ment. Devise a plan and strat-
egy with reachable steps
that can be measured and
provide meaningful results to
patients.
One way to do that is to
provide a medication list to
every provider for every pa-
tient for every encounter. This
information, for the most
part, is already available
through national prescription
networks. Linking those
sources together can give the
provider a comprehensive
snapshot of past and current
medications, along with med-
ication allergies, potential
drug/drug and drug/disease
interactions, and other poten-
tial drug safety issues.
Adverse drug events result
in more than 770,000 injuries
and deaths each year. The
cost to treat those patients
could reach more than $5 bil-
lion annually, which doesn’t
include lost wages and pro-
ductivity or additional health
care costs that result from
these events.
Providing access to timely
and relevant prescription
medication information is a
simple, effective and measur-
able effort to improve the
value of health care in the
United States while positively
impacting the safety and
quality of care patients
receive.
Dr. Marc Overhage
Chief Executive Officer,
Indiana Health Information
Exchange
Build privacy firewallsProtect jobs. This is the first
action you and your adminis-
tration can take to truly im-
prove health care and the
overall quality of life for
Americans.
Information is powerful. It
can be used for good or ill.
The potential benefits of
health IT are immense. But
we will never achieve them if
patients do not control access
to personal health informa-
tion and we fail to build a
firewall between employers
and employees’ private health
information. It should be an
enforceable wall that is pro-
tected by meaningful penal-
ties for abuse. Protect em-
ployees and their families,
and you will stimulate and
maintain trust in a health IT
system.
The last place any Ameri-
can wants to be is in the un-
employable or uninsurable
lines. Unfortunately, the two
are often connected. Our sen-
sitive health data should nev-
er be used to put us in either
category. There are far too
many people in these lines al-
ready. In order to reap the
many potential benefits of
health IT, treat this endeavor
no different than the goals
professed in your transition
to the presidency: ensuring
transparency [and] accounta-
bility and protecting workers
and their families.
Dr. Deborah Peel
Founder,
Patient Privacy Rights
Focus on a nationwide solutionOur dysfunctional health care
system costs too much and re-
turns too little. As much as
one-third of our health care
spending does nothing to im-
prove our health.
To help fix that, we need a
nationwide health informa-
tion technology system, which
has the potential to improve
both quality and efficiency.
You have correctly said we
need health IT to provide a
short-term stimulus and lay
the groundwork for long-
term economic growth. Help-
ing doctors and hospitals pur-
chase health IT will provide
an immediate, valuable in-
vestment that our economy
needs.
To do health IT right, the
new administration needs
to focus on three things.
First, we need financing
and incentives to make sure
doctors, hospitals, and other
providers buy and use health
IT.
Second, we need national
interoperability standards so
records can be accessed wher-
ever they’re needed to pro-
vide optimal care. That will
also help us analyze care
that’s provided to weed out
waste and promote best
practices.
Third, we need clear priva-
cy and security rules that are
strictly enforced. Consumers
must be able to trust that
their sensitive personal health
information will be safe in an
electronic world.
This isn’t easy, and it isn’t
cheap. But it will cost more in
the long run — in both mon-
ey and lives lost — if we don’t
act.
John Rother
Executive Vice President
for Policy and Strategy,
AARP
Build institute for health care effectivenessBlue Cross and Blue Shield
supports creation of an inde-
pendent institute to develop
credible clinical information
on the comparative effective-
ness of new and existing med-
ical procedures, drugs, devices
and biologics.
20 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
Dr. Marc Overhage Dr. Deborah Peel John Rother
Feature 1_pp20-21 1/16/09 6:14 PM Page 20
The new institute should
be independent, nonprofit
and governed by a board rep-
resenting diverse interests, in-
cluding public and private
payers, providers, consumers,
and other industry stakehold-
ers — and protected from
outside pressures so it can
truly be a credible source for
evidence-based information.
It should support a broad
range of research to evaluate
the clinical effectiveness of
different procedures, drugs,
devices and biologics — and
clinical trials.
The institute should work
collaboratively with clinicians
and medical societies — maxi-
mizing research dollars by en-
couraging collaboration and
efficiencies across all institu-
tions, and disseminating
reports and comparative
information widely among
providers and other
stakeholders in easy-to-use
formats.
Medical societies would
need to take this research
into account when develop-
ing practice guidelines, and e-
prescribing and electronic
health records should incor-
porate agreed-upon guide-
lines into provider clinical de-
cision support systems.
Blue Cross and Blue Shield
stands ready to work with
you and the new Congress to
make the institute a reality to
improve the quality and value
of our health care system
while expanding access to all
our citizens.
Scott P. Serota
Chief Executive Officer,
Blue Cross and Blue
Shield Association
Wire the safety netWe realize that the current
health care situation in the
U.S. has to be addressed im-
mediately across all facets —
cost, quality, access and pre-
vention. Technology is crucial
for this transformation, which
can be architected through
the choice of right processes,
methodology and appropriate
workflow.
The medical home concept
or other similar models will be
successful in ensuring that the
right coordination of care is
provided through our primary
care physicians only when
health care information tech-
nologies are implemented ap-
propriately. Incentives will be
required that reverse the per-
verse economics that exist to-
day that rewards payers, em-
ployers and patients instead of
physicians.
The increased prevalence
of chronic disease and an ex-
panding aging population
that benefits from advances in
modern medical technology
are placing an increasing bur-
den on our limited clinical re-
sources. To immediately ad-
dress this issue, we need to
ensure we leverage the wide
range of telemedicine and
telehealth capabilities, so that
we can ensure all our citizens
can have the same quality of
care regardless of whether
they live in rural areas or ur-
ban areas. Additionally, high-
quality care in many cases can
be provided at the patient’s
home, [offering] convenience
for the patient while reducing
the overall cost.
Finally, we must ensure
these technology solutions are
made available to our safety-
net providers to ensure no one
is left without adequate
health care. Reimbursement
for telehealth and telemedi-
cine initiatives will be the key
to ensure broad adoption.
Jay Srini
Chief Innovation Officer,
Insurance Services Division,
University of Pittsburgh
Medical Center
Make the governmenta smarter buyerHealth care today is a cottage
industry that fragments patient
care into a thousand pieces but
doesn’t put them back togeth-
er again. As a result, we have
the best doctors and hospitals
in the world, but we pay more
for less quality than any of our
industrialized peers. We need
to turn the health care sector
into a health care system. What
should we do?
First, recognize that the
government is the health care
market. Sixty percent of all
health spending comes from
the government, but that’s
only part of the story because
[the government] influences
the market in so many other
ways, such as policy-maker,
regulator, insurer, provider,
purchaser, standard-setter and
infrastructure-builder. The gov-
ernment needs to be a smarter
buyer and a smarter investor if
the health care market is go-
ing to act more like a market.
Second, orchestrate these
roles to make basic health in-
formation sharing a standard
of care. Require all hospitals
and specialists and primary
care physicians to provide
patient-specific post-visit re-
ports to one another, and re-
quire all providers to routinely
report standardized quality
and public health data to gov-
ernment-sanctioned data-col-
lection entities. We have a lot
of data in health care delivery,
but we have little information
and even less knowledge.
Third, invest in health infor-
mation technology to turn this
data into knowledge. Hold us
accountable by making fund-
ing contingent on the ability
to demonstrate that we’ve
used technology to make pa-
tients’ lives better.
Micky Tripathi
Chief Executive Officer,
Massachusetts eHealth
Collaborative
21G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Scott P. Serota Jay Srini Micky Tripathi
Feature 1_pp20-21 1/16/09 6:15 PM Page 21
“Every time somebody comes up with stronger protection, somebody else comes up with a better re-identification method.”
BRADLEY MAL IN ,
VANDERB ILT UN IVERS ITY ’S SCHOOL OF MEDIC INE
Feature 2 1/16/09 6:14 PM Page 22
23G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
A new era for medicalprivacy dawned in 1997, when a comput-er scientist named Latanya Sweeneyshowed she could identify then-Gov.William Weld of Massachusetts on a listof patients discharged from a hospital,even though the data had been strippedof identifiers such as names, addressesand Social Security numbers.
Using a publicly available list of regis-tered voters, Sweeney zeroed in on Weld’sZIP code in Cambridge, Mass., andmatched dates of birth and genders ontwo lists downloaded from the Internet.Weld emerged as the only match.
Sweeney said 87 percent of Americanscould be similarly identified in a dataseteven if it reveals only their birth dates,genders and ZIP codes. Lawmakers tookher comments into account when theycrafted the Health Insurance Portabilityand Accountability Act’s Privacy Rule,which took effect in 2003, nearly sevenyears after Congress passed HIPAA.
Today, medical data is increasingly be-ing stripped of identifying information
and sold to the highest bidders. Howev-er, a growing number of mathematics andcomputer science experts are saying thatsuch de-identified datasets lend them-selves to re-identification with today’s ad-vanced data-mining techniques.
Sweeney told a workgroup of the Na-tional Committee on Vital and HealthStatistics in 2007 that the chances of re-identifying someone through data thatcomplies with HIPAA’s requirements forde-identification are 0.04 percent.
“Actually, that doesn’t feel that bad,”said Dr. Kevin Vigilante, a physician andprincipal at consulting firm Booz AllenHamilton. In other words, he believed thatrisk of re-identification was acceptable.
“Unless you’re one of those people”whose medical records are identified,Sweeney said.
In the years since Sweeney pluckedWeld’s record out of cyberspace, the tech-niques that can be used for re-identifica-tion have gotten more powerful, saidBradley Malin, assistant professor of bio-medical informatics at Vanderbilt Univer-
sity’s School of Medicine. “It’s a little bitof a cat-and-mouse game,” Malin said.“Every time somebody comes up withstronger protection, somebody else comesup with a better re-identification method.”
“Things are changing very fast,” agreedCynthia Dwork, a principal researcher atMicrosoft Research.
Seeking scientific solutions That rate of change is a key reason whybiomedical researchers are chafing underthe constraints of the HIPAA Privacy Rulesix years after it took effect. In an era inwhich an increasing number of medicalrecords exist in digital form, ready to beanalyzed for insight into health issues andthe practice of medicine, it can be diffi-cult for researchers to get their hands onthat data.
In a survey of epidemiologists report-ed in the Journal of the American Med-ical Association, two-thirds said theHIPAA Privacy Rule had made researchsubstantially more difficult and added tothe costs and uncertainty of their proj-A
LA
N P
OIZ
NE
R/W
PN
Scientists and policy-makers seek ways to maintain patient anonymity and tap the data treasure
trove of personal medical records
B Y N A N C Y F E R R I S
The searchforJohnDoe
Feature 2 1/16/09 6:16 PM Page 23
ects. Only one-quarter said the rule hadincreased privacy and the assurance ofconfidentiality for patients.
Meanwhile, databases of clinical andgenomic information are increasinglyhosted on the Internet for researchers toshare. “Developers haveintegrated privacyshields in today’s data-bases, but these arenaïve and ad hoc firstattempts with no prov-able and little (or no)real-world privacy pro-tection,” Sweeney wrotein a description of a re-search project she isleading at Carnegie Mel-lon University.
Malin, Sweeney,Dwork and others aretrying to devise tech-niques that will allowresearchers to use datathat has identifying in-formation while pro-tecting the privacy ofthe individuals whoserecords are being used.
Malin, who is under-taking a project with re-searchers at prominenthealth care centers,wants to determinewhich features of individuals’ medicalrecords can be identifying and what canbe done to reduce privacy risks whilemaking the data readily available to researchers.
“If you de-identify information, youhave to ask what is still existing withinthat information that could still be ex-ploited by people,” Malin said in an inter-view. “De-identification has a focus onthe explicit identifiers — the names, thephone numbers, the Social Security num-bers — and the residual information isstill there because we don’t know how itcould be exploited.”
Based on his work, 18 data elementsthat are typically eliminated for HIPAA-
compliant de-identification might remainin the record, while other elements couldbe further suppressed.
For example, one of Malin’s students,Allison Beck McCoy, recently showed thatlaboratory test results such as blood sug-
ar values could belinked to individuals inde-identified records.McCoy used a de-iden-tified dataset availableto researchers at theNational Institutes ofHealth and matched itwith de-identified labdata from a DNA data-bank at Vanderbilt.
Malin described hiswork as “trying to givesome indication ofwhat the risks are in thereal world as opposedto just the worst-casescenario.”
Robots and sensitive dataSweeney is working ona project that, amongother things, seeks todevelop what she de-scribed as “a new re-search paradigm inwhich software agents
— not humans — access sensitive data.”Those agents, which might be thought ofas virtual robots, would dive into a data-base and return with results to a scientist’squery, such as how many patients with Xcharacteristic have Y disease.
At Microsoft Research, Dwork and hercolleagues are pursuing a different line ofinquiry. They are trying to use mathemat-ical techniques to modify data so that anyindividual’s inclusion in or exclusion froma dataset does not affect the likelihood ofhis or her identity being revealed. In addi-tion, the results of queries would be onlyslightly affected, so a researcher could trustthe results.
“Our approach will completely rule out
linkage attacks,” such as Sweeney’s detec-tion of Weld, Dwork said.
The work includes defining privacy andsecurity in mathematical terms. “Our no-tion of privacy is called differential priva-cy,” Dwork said. “We look at the ratio ofthe probabilities for any given answer,” thenintroduce tiny, random inputs to reducethe likelihood that an individual can besingled out.
The downside is that answers to thesame query would vary somewhat, shesaid. But at the same time, exact answersare risky when a researcher asks a questionsuch as, “How many people in this data-base are named Cynthia and are HIV-pos-itive?” The technique works best with largedatasets, but the amount of distortiongrows with each query, so “there is a limiton what you can safely extract from thesystem,” Dwork said.
Another approach involves encryptingthe identifying data on records in severalrepositories, then matching the encryptedrecords to create longitudinal patientrecords that can be used in research. ScottSchumacher, senior vice president andchief scientist at Initiate Systems, said atleast one company offers a software prod-uct for accomplishing that task.“But thereare not very many people doing this,” headded.
Policy prescriptionsBesides those and other research efforts,many people are looking at potential pol-icy remedies for the re-identificationproblem.
One of the most common suggestionsis extending the reach of the HIPAA Pri-vacy Rule, which now applies only tohealth care providers, health plans andcompanies that process health care claims— categories that are collectively knownas covered entities.
Some have proposed applying the ruleto every individual and organization inpossession of personal health information.That would not necessarily stop peoplefrom re-identifying data, but it would lim-it their uses of it once they did so.
24 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
“Some of themost commonquestions I get
are from entitiesthat aren’t even
covered byHIPAA who
want to knowhow HIPAA
affects them.”
FRED CATE ,
IND IANA UNIVERS ITY
The search for John Doe
Feature 2 1/16/09 6:16 PM Page 24
25G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Malin has a relatively simple sugges-tion: States should raise the prices of thevoter registration databases they sell andconsider removing some of the identify-ing data.
Residents of some states are more vul-nerable to re-identification because dataabout them is more readily available, hesaid. For example, in Tennessee, the voterlist costs about $2,000 and includes dateof birth, gender and ZIP code for eachname. In other states’ lists, only the vot-er’s year of birth appears.
What’s more, Malin said, the voter listfor Wisconsin costs $12,000, while NorthCarolina’s list is free. Clearly, someone try-ing to match those lists with other datawould be more likely to start with theNorth Carolina list.
Officials at the Coalition for PatientPrivacy, which comprises more than two-
dozen organizations, said they are seekinglegislation to ensure that health “informa-tion disclosed for one purpose may not beused for another purpose before informedconsent has been obtained.” The effectcould be to make sales of health data andunauthorized re-identification illegal.
Another proposed policy would requirethose who hold health data to account forall disclosures of patient information. Thatmeans a patient could request a reportshowing who had received copies of hisor her records. Technically, patients alreadyhave that right under HIPAA, but it’s notclear that the provision applies to the du-plication and sharing of databases.
Many privacy concerns center on howinsurance companies and employersmight use health data to discriminateagainst people who seem likely to incurhigher health costs. For that reason, Fred
Cate, a law professor at Indiana Universi-ty and director of its Center for AppliedCybersecurity Research, said he advocatestougher enforcement of laws that prohib-it discrimination on the basis of disabili-ties or genetic makeup.
Cate also said the complexity of theHIPAA rule and other relevant laws andregulations can confuse those responsiblefor implementing them, creating a climateof fear about medical privacy. “Hospitalssay, ‘No, we can’t provide you that data,’even when under the law they probablycould,” he said.“Because the law’s so com-plex, they are hesitant” to make any dataavailable.
“Some of the most common questionsI get are from entities that aren’t even cov-ered by HIPAA who want to know howHIPAA affects them,” Cate said. Simplify-ing the laws could alleviate researchers’
Under the Health Insurance Portabil-ity and Accountability Act’s PrivacyRule, biomedical researchers havefive ways to obtain medical records,although they say none is ideal.
1. Obtain patient authoriza-tion. Not only is this approach po-tentially time-consuming, but if re-searchers want to review recordscompiled over a period of years,they will have trouble contactingsome patients because they willhave died or moved away. Other pa-tients will decline to participate inthe study, and the result will be askewed sample, as research at theMayo Clinic has shown.
2. Use de-identified data. Underthe Privacy Rule’s so-called safe-harbor provision, researchers canuse records that have been strippedof 18 kinds of identifying informa-tion, including the last two digits ofZIP codes or entire ZIP codes insparsely populated areas, Social Se-
curity numbers, and dates related tomedical care. However, it can be dif-ficult to learn much from recordsthat contain so little informationabout patients.
3. Ask for a limited dataset. Thedata will have more identifying in-formation than data that has beende-identified, but it won’t haveenough detail for many researchers’needs. Furthermore, researchersmust enter into an agreement withthe source of the records specifyinghow they will use them and agree-ing not to re-identify them.
4. Obtain the approval of theresearch or privacy board at theinstitution where the researchproject will take place. Such boardsare composed of volunteers, usuallyfaculty members, who review re-search plans. They can determinethat access to protected health datais required for a project and that theappropriate safeguards will be in
place. At some institutions, theprocess runs smoothly, but at others,it causes delays and can be a highhurdle for researchers.
5. Use statistical methods tode-identify records instead of re-moving the 18 identifiers speci-fied in the Privacy Rule. For the re-sulting dataset, the rule states that“a person with appropriate knowl-edge of and experience with gener-ally accepted statistical and scientificprinciples and methods for render-ing information not individuallyidentifiable” must certify that thereis a very small risk of the records be-ing re-identified.
Although experts say the methodis not often used, it provides an op-portunity for de-identifying datawithout re-writing the Privacy Rule.On the other hand, privacy advo-cates decry the lack of specificityabout statistical experts’ qualifica-tions and the lack of provisions forreviewing their decisions.
— Nancy Ferris
5 ways researchers can get medical records
Feature 2 1/16/09 6:17 PM Page 25
and patients’ privacy concerns, he added.Cate also suggested that different lev-
els of protection might be warranted fordifferent kinds of data, depending on theimpact of disclosing the information. Forexample, one’s HIV status should be tight-ly held, while one’s daily blood pressurereadings are less consequential, he said.
Is there really a problem?Patient Privacy Rights, the organizationled by Dr. Deborah Peel, has been partic-ularly concerned about the sale of healthdata, even when it is de-identified.
Such sales are common these days, andthe data’s use in marketing is one of thethings that troubles privacy advocates likePeel.
No reporting is required for healthdata sales, and there are no laws or regu-lations limiting the uses of de-identifieddata, so nobody really knows what buy-ers are doing with it.
When data is de-identified, “there areabsolutely no strings attached to that,”said Deven McGraw, director of theHealth Privacy Project at the Center forDemocracy and Technology.
“Unless the recipient of the data is it-self a covered entity, the chain of account-ability is completely lost,” she said. “Therecertainly aren’t any federal parametersaround the use of de-identified data, sothere’s a huge market for it. It’s of mini-mal privacy risk if in fact it can’t be re-identified, but certainly some of the moresophisticated statisticians out there” haveconcerns.
Malin described the legal environmentas “a little bit of cowboy country.” Hewouldn’t speculate on how much re-iden-tification is taking place, but, he said, “Ifthe data’s available and the data can bedownloaded or collected and pinpoint-ed…with relative ease, then you will seecompanies or individuals do this just be-cause it can be done. And it will be valu-able because people will buy it.”
On the other hand, he cautionedagainst assuming the worst. “I’m not try-ing to say that people are going to go off
and nefariously try to identify individu-als or health insurance corporations aregoing to try to find out what diseaseseverybody has,” he said. “It’s just that therisk exists,…and we have to control theinformation accordingly.”
Besides the uncertainty about howmuch data mining andre-identification are oc-curring, another barri-er to policy-making isthe difficulty of under-standing the issues.
Although scientistscan quantify things suchas the risk of re-identi-fication, how serious isa 0.04 percent chance ofre-identification?
And although re-search organizationslobby for access to dataso they can study dis-eases and advance thepractice of medicine,privacy advocates makea forceful case in Con-gress for their positions.Finding the right bal-ance isn’t easy.
“I sympathize withthe lawmakers in thatthe privacy argument isvery, very clear and very[persuasive] to them,and sometimes the [re-search] use argument isn’t so [persuasive],”Schumacher said. “I think we can do abetter job of explaining and calculatingthe risks.”
No privacy absolutes“After five years, given the increase in pub-lic databases that are available out there,is that [HIPAA] safe-harbor method stilla reliable one?” McGraw asked.
“I think it’s a little unknown. Some-thing that’s static, that specifies certaincategories of data, is by nature going tobecome outdated as more and more in-
formation becomes more publicly avail-able,” she added.
“This is an area that requires furtherstudy,” said Dixie Baker, chairwoman ofthe Privacy and Security Advocacy TaskForce at the Healthcare Information andManagement Systems Society.
The task force hascalled for the Healthand Human ServicesDepartment, which is-sued the Privacy Rule,to continually reviewthe standard for de-identifying data.
“I don’t think it’s re-alistic to assume thatthat standard will beadequate forever andever,” said Baker, who isa senior vice presidentat Science ApplicationsInternational Corp. “Itdoes need to be re-ex-amined. There are veryfew absolutes when itcomes to personal pri-vacy. It’s a fact of lifethat there will be trade-offs. It’s always a risk-management question.”
“The current situa-tion doesn’t seem to meto satisfy either the pri-vacy side or the re-search side,” Schumach-er said.
Despite researchers’frustration with the HIPAA rule, it’s intheir interest to work with HHS to main-tain privacy protections, Malin said.
“I think it would only take one famouscase in order to lose the public trust inthese types of research endeavors,” headded.
Those issues have been around forsome time, but it’s possible that a resolu-tion is in sight. Health care reform is onthe horizon, Cate said, and “there is noway they’re going to do it without con-fronting these privacy issues.” ■
26 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
The U.S. government is the largest pro-vider and payer of health care services inthe world. So how it approaches obstaclesto providing personal health record sys-tems to the public is likely to have a bigimpact on whether the new technologygets widely adopted in this country.
PHRs promise to give patients un-precedented control over who has accessto their health records and what thoserecords contain. The information cancome from a variety of sources, includinghealth facilities, health plans, independ-ent service providers such as health databanks, or information technology firmssuch as Google or Microsoft.
Given the many delivery options andthe complex handoffs involved in linkingconsumers and physicians to health recordrepositories, experts say PHR privacy andsecurity must be nearly foolproof before
the public will accept the new technology.“I think a foundation of trust is ab-
solutely essential for people to start usingPHRs,” said Dr. Jody Pettit, strategic leaderof the Certification Commission forHealthcare IT’s PHR work group. “Thattrust includes really good privacy policiesand really strong security protections.”
To help spur adoption, CCHIT is de-veloping a certification program for PHRs,which is set to launch this summer. Al-though security criteria fall within thescope of the effort, the organization won’tconduct some identity management testsuntil the 2010 certification cycle.
Among the most important techniquesfor verifying people’s identities are iden-tification proofing and authentication.
ID proofing creates a foundation oftrust from which an organization can is-sue credentials for authenticating a per-son’s right to access a system — in thiscase, a PHR. A user name/password com-
bination is the most common example;more stringent credentials include secu-rity tokens and biometrics such as finger-prints or vein scans.
But there is no standard approach forgovernment agencies seeking to establishID management processes for PHRs.“There has not been a universally accept-ed standard in this area,” Pettit said. “Inthe areas that are new like PHR, wherestandards may not be complete, it makesour job more challenging.”
Medicare approachesThe novelty of PHRs means they do notfit neatly into existing privacy frameworks.For example, the Health Insurance Porta-bility and Accountability Act (HIPAA) in-cludes language that relates to PHRs butonly those offered by certain providers andhealth plans. Therefore, HIPAA rules donot apply to independent providers suchas Microsoft or Google.
Officials at the Centers for Medicareand Medicaid Services have experiencedthat dichotomy firsthand as they preparedto conduct PHR tests for Medicare recip-
28 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
The outcome of the government’s PHR trials will have
profound effects on public trust of the new technology
PERSONAL HEALTH RECORDS
The feds and PHR privacy
For Microsoft’s HealthVault, con-sumers can open an account andcreate a personal health recordwith the same Windows Live IDthey use for other Microsoft onlineservices, such as Hotmail, or theycan create a distinct Windows LiveID for HealthVault.
Users can also sign in withOpenID accounts, which offer second-factor authenticationthrough the use of physical tokenssuch as USB keys. In addition,Microsoft is adding support for In-
formation Cards in HealthVault. PHRAnywhere, a payer-based
PHR, uses smart cards in its authen-tication process. Members receivethe cards when they sign up withan insurance company or employerthat offers PHRAnywhere. When amember registers on the portal forthe first time, PHRAnywhere elec-tronically verifies user-entereddata, such as smart card number,insurance card number and date ofbirth, against information providedby the insurance company or em-
ployer. Members are then issued auser name and password, whichthey use for subsequent log-ins.
Some companies use biometrictools to secure PHRs. Fujitsu Com-puter Products of America’s Palm-Secure technology is being used toprotect electronic medical recordsbut has not yet been directly inte-grated into a PHR system.
PalmSecure captures an imageof the vein pattern of a person’spalm. Software takes the imageand creates a template that is digi-tized and encrypted.
— John Moore
Authentication paths
Policy 1/16/09 5:57 PM Page 28
ients in South Carolina, Arizona and Utah.CMS is in charge of the South Caroli-
na program, so it falls under HIPAA andthe Federal Information Security Man-agement Act. In contrast, participants inthe Arizona/Utah test can sign up withone of four commercial vendors: GoogleHealth, HealthTrio, NoMoreClipboard orPassportMD.
The companies are not covered enti-ties under HIPAA and “operate in a spacewhere there are no standards that apply,”said Elizabeth Holland, a health insurancespecialist at CMS.
Against that backdrop, governmentagencies are taking steps to move PHRsforward. Although CMS cannot requirevendors to adhere to the terms of HIPAA,the firms participating in the Arizona/Utah program, which is expected to getunder way early this year, have signed adata-use agreement, Holland said.
The agreement calls for vendors to es-tablish appropriate administrative, tech-nical and physical safeguards to preventunauthorized use of and access to records.The data that will populate Medicare re-cipients’ PHRs will come from CMS con-tractor Noridian Administrative Services.
The agreement also specifies Office ofManagement and Budget Circular A-130as a guideline for IT security. A-130 re-quires government information systemsto have security plans, provide securitytraining to users and adhere to federal in-formation security laws.
In addition, Holland said, vendorsmust agree to certain controls describedin the National Institute of Standards andTechnology’s Special Publication 800-53.That document’s user identification andauthentication policy calls for “the use ofpasswords, tokens, biometrics or, in thecase of multifactor authentication, somecombination” of those tools.
How vendors meet those requirementsmight vary slightly, Holland said. CMS hasleft it to vendors to decide details such aswhether they will assign user names or al-low participants to select their own, shesaid.
Once a participant signs up with aPHR vendor, he or she will be passed backto CMS. The agency will ask for five piecesof information: Medicare number, lastname, gender, date of birth and ZIP code.Once CMS validates that information, itwill release the person’shealth data to the PHRof his or her choosing.
Military solutionsThe Veterans Affairs De-partment offers PHR-like services through itsMy HealtheVet Web por-tal. The site offers healtheducation and benefitinformation withoutregistration. However, anupgraded account letsveterans store elementsof their health records inMy HealtheVet’s eVAultfeature.
Thus far, the dataavailable for eVAult islimited to a combina-tion of self-enteredmedication data anddata from VA’s electron-ic health record system.More health informa-tion will be made avail-able in an upcoming release of MyHealtheVet, said Theresa Hancock, theprogram’s director.
In-person ID proofing has been therule for obtaining an eVAult account. Vet-erans typically went to a VA medical cen-ter for a face-to-face validation. In June2008, VA’s Health Information Manage-ment Group approved a policy that letshome health care nurses, legal guardiansor individuals with power of attorney han-dle the validation task. VA also providesin-person ID proofing at veterans events,such as American Legion conferences.
Once the ID proofing is complete, theveteran is issued a log-on credential con-sisting of a user name and password.However, VA officials are exploring other
authentication mechanisms to augmentexisting approaches. For example, voicebiometrics would provide greater assur-ance of veteran authentication than sim-ply a user name and password, said John“Mike” Davis, a security architect at VA’s
Office of Informationand Technology.
“We have establisheda mechanism that workswhere we are today andgives us a bridge to thefuture,” he said. “Wewant veterans to gothrough this only once.”
Officials hope to fur-ther simplify ID proof-ing by taking advantageof the Defense Depart-ment’s high-assuranceprocess, Davis said. Thatstep would free VA andveterans from duplica-tive proofing.
For its part, DOD re-cently launched its Mi-Care prototype PHR.Microsoft’s HealthVaultand Google Health serveas the repositories forthe program’s patient-controlled health infor-mation. DOD officials
say they will use the Markle Foundation’sConnecting for Health guidelines to pro-tect health information. That four-step au-thentication framework uses ID proofing,tokens or identifiers, ongoing monitoring,and ongoing auditing and enforcement.
Whatever approaches agencies take,PHR acceptance will ultimately dependon the trust of health information pro-viders and consumers.
“I think the element that needs to bediscussed and understood about identitymanagement is that the PHR industry isgoing to be required to have a high levelof assurance that [users are] who theypresent [themselves] to be,” said LoryWood, co-chairwoman of CCHIT’s PHRwork group. ■
29G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Be the first to see 200+ companies launch or display new products and services
Visit the Interoperability Showcase where the latest technology takes on real-world scenarios
Take home “solutions-to-go” at Product Pavilion Sessions – featuring case study success stories
Experience hands-on demonstrations and talk live with vendors – asking them your toughest questions
Expand your Knowledge Where the Learning Never StopsChoose from 300+ education sessions to gain actionable knowledge on the latest healthcare IT topics.
Dennis QuaidAward-winning actor and directorPresident, The Quaid FoundationPatient Safety & Healthcare Reform
Jerry M. Linenger, MD, MSSM, MPH, PhDCaptain, Medical Corps, USN (Ret.)NASA Astronaut, Space Analyst for NBC News“The Sky is Not the Limit: My 132 Days off the Planet”
George C. HalvorsonChairman and CEO, Kaiser Foundation Health Plan and Hospitals EHR, Quality & Healthcare Reform
Alan GreenspanEconomist, Former Chairman, Board of Governors of the Federal ReserveHealthcare, Politics & the Economy
Take Home Practical Solutions from the Exhibition
Healthcare Reform is high on President-elect Barack Obama’s agenda. Attend HIMSS09 to learn how the new Administration’s $20+ billion healthcare reform effort will directly impact you and the industry!
B Y J O H N M O O R E
Physicians who have so far resisted the urgeto buy an electronic medical record systemoften cite costs, the management attentionthey would divert and doubts about theirefficacy. But now momentum is building foran approach to using EMRs that takes someof the risk out of the equation.
An increasing number of health infor-mation technology firms are offering EMRsas a hosted service, making it easier for smalland independent physicians’ practices toadopt the technology, according to somewho have taken that route.
With a hosted or software-as-a-service(SaaS) model, a third-party firm runs andmaintains EMR software for the customer.Experts say the approach lowers upfrontcosts and reduces the complexity of fieldinga system. It could also inspire greater accept-ance among physicians in smaller practices,where health IT is taking longer to catch on.
“SaaS is essential if you are going to un-
lock the low end of the market,” said MarcHolland, a research director at IDC’s HealthIndustry Insights. “The [adoption] rateamong solo and less-than-three-doctor prac-tices is really pretty dismal.”
In an October 2008 report, the Health-care Information and Management SystemsSociety pegged the EMR adoption rateamong small practices at 24 percent.A studypublished in the New England Journal ofMedicine in June found that practices ofmore than 50 physicians were four timesmore likely to have a fully functional EMRthan practices of three or fewer physicians.
Now that hosted EMR systems are an op-tion, small practices “are finally going to takethe plunge,” Holland said.
Public health organizations are also ex-ploring hosted solutions. For example, NewMexico’s Department of Health chose sucha system for its 49 public health offices.
Hosted market evolvesA number of firms that historically focused
on client/server EMRs now also offer SaaSas an option. Allscripts, eClinicalWorks andMcKesson are among the companies thatoffer both approaches.
Girish Kumar Navani, president of eClin-icalWorks, said he believes vendors that of-fer hosted EMRs will fare better this yearthan those that carry only client/server prod-ucts. The hosted model is easier and less ex-pensive for health care providers to adopt,which makes it especially appealing duringthe current economic downturn.
“You don’t have to buy a server, so cost-wise, it becomes more attractive,” he said.
With SaaS, customers typically paymonthly hosting charges and licensing feesfor using the software. Licensing fees forclient/server EMRs can run into the tens ofthousands of dollars, while monthly sub-scription fees for a SaaS-based EMR are gen-erally a couple hundred dollars per provider.
LifeSpan, a health care system in RhodeIsland that uses eClinicalWorks’hosted EMRand practice management solution, offersthe EMR service to members of its Physi-cians Professional Services Organization.
“The [hosted] approach has been ex-tremely beneficial in getting smaller prac-
31G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
Remotely hosted EMR systems attract doctors who don’t
want the expense and headaches of in-house solutions
SOFTWARE AS A SERVICE
EMRs without tears
Buying electronic medical records asa service reduces upfront costs, but isit a better deal in the long run?
Under the software-as-a-service(SaaS) model, customers typically paya monthly subscription fee that cov-ers software licensing and hostingservices. As an example, a five-physician practice that contractswith a vendor for a hosted service ata cost of $400 a month per providerwould pay $24,000 in a 12-monthperiod — a tally that might not dif-
fer that much from the upfront costfor a client/server EMR.
But total-cost-of-ownership com-parisons yield different results de-pending on the type of software in-volved and its useful life, said JeffreyKaplan, managing director of con-sulting firm Thinkstrategies.
SaaS should cost about the sameas annual maintenance fees for on-premise software, Kaplan added. Butthere’s a twist. “While some peopleequate SaaS to leasing rather than
buying a car and, therefore, [con-clude it’s] not economical over time,the reality is that unlike leasing a car,SaaS is continuously gaining valuerather than depreciating,” he said.
That’s because the serviceprovider constantly refines and en-hances the software, which alsosaves the customer from having tomake additional hardware or staffinvestments to support or upgradethe application, he said.
— John Moore
Are hosted EMRs really cheaper?
Technology 1/16/09 6:00 PM Page 31
tices to adopt the EMR system,”said Bill Flo-rio, director of information services at Life-Span’s physician organization. “The mainadvantage is that there is a dramatically re-duced start-up cost [because] the only hard-ware needed in the offices is the client PCs.”
At least one hosted EMR vendor offersits product for free. Practice Fusion doesn’tcharge for licensing, hosting, implementa-tion or training. Instead, the company gen-erates revenue from banner ads and the saleof anonymized patient and doctor data.
Ryan Howard, chief executive officer ofPractice Fusion, said his company also of-fers a fee-based, ad-free product, but mostdoctors choose the free version.
The rigors of managing an in-housetechnology deployment represent a barrierto EMR acceptance. But the SaaS approachaddresses those issues by offloading tech-nology oversight to the software vendor orapplication service provider (ASP).
Bob Mayer, chief information officer atthe New Mexico Department of Health, saidthe agency chose a hosted EMR system fromAllscripts because of the complexity of EMRapplications and skills required to managethe technology. “We weren’t confident wecould support it ourselves,” Mayer said.
Holland said the Web-based nature ofhosted solutions means that health organi-zations only need to focus on client devicesand Internet connectivity.“There’s no serv-er to worry about,” he said. “You just haveto keep the workstation up and the routerand Internet connection running.”
The SaaS approach also shields cus-tomers from the need to maintain and up-date software. Vendors handle those tasks,and subscription fees cover the costs.
New Mexico’s arrangement with All-scripts lets the health department lock inEMR software costs for the four-year termof the contract and build them into its budg-et, Mayer said. Otherwise, obtaining extrafunds to pay for software upgrades can provedifficult for state agencies, he said.
Data ownership The hosted approach has a few drawbacks.For example, its reliance on the Internet
means an EMR system’s performance is onlyas good as the available bandwidth and thereliability of the Internet service provider.
Glen Tullman, CEO of Allscripts, saidmedical records are time-sensitive and doc-tors have concerns about a hosted EMR’sability to deliver instan-taneous updates. How-ever, improvements inbandwidth and ASP of-ferings have helped al-lay those concerns, Tull-man said.
However, some ar-eas still lack adequateinfrastructure. “Somerural communitiesdon’t have reliablebroadband connectiv-ity,” said Jonah Froh-lich, senior programofficer at the Califor-nia HealthCare Foun-dation, adding thatsmall practices in someurban areas can alsoencounter bandwidth difficulties.
Lack of control is another issue, withmany clients citing concerns about datasecurity. For example, LifeSpan soughtgreater control over its hosting arrangement
with eClinicalWorks. As a result, the EMRapplication resides at eClinicalWorks’ datacenter, but LifeSpan owns the server thatgives it access to the software.
Florio said hardware ownership provides“an additional layer of security to our envi-
ronment” by ensuring thatonly LifeSpan-affiliatedphysician datasets run onits server. By contrast, mul-tiple customers typicallyshare hardware in a SaaSvendor’s data center.
Server ownership alsolets LifeSpan manage scal-ability on its own terms. Ifperformance lags, the or-ganization can add morehardware instead of askinga vendor for more capaci-ty, Florio said.
Ultimately, SaaS firmsbelieve customers will bewilling to work around thehosted model’s negatives toreduce upfront costs and
outsource technology management.Tullman said smaller practices are con-
cluding that they “want to practice medi-cine [and] want someone else to handle thetechnology.” ■
32 F E B R U A R Y 2 0 0 9 | G O V E R N M E N T H E A L T H I T
“We weren’tconfident we
could support itourselves.”
BOB MAYER , NEW MEXICO
DEPARTMENT OF HEALTH
Independent practice associationsare among the health care pro-viders embracing the hosted ap-proach to electronic medicalrecords.
Taconic IPA, which operates inNew York’s Hudson Valley region,is affiliated with MedAllies, a com-pany that hosts EMR systems.MedAllies is about 18 months intodeployments of NextGen Health-care Information Systems and
eClinicalWorks solutions for theIPA’s physicians.
Dr. A. John Blair III, presidentand chief executive officer ofTaconic IPA and chairman and CEOof MedAllies, said installing an EMRsystem can prove to be beyond theability and expertise of some IPAs.
So far, MedAllies supports 100doctors on NextGen and 150 oneClinicalWorks, he added.
— John Moore
Independent practices alsoeye EMRs as a service
SOFTWARE AS A SERVICE
Technology 1/16/09 6:01 PM Page 32
33G O V E R N M E N T H E A L T H I T | F E B R U A R Y 2 0 0 9
The New Toughbook® H1. Fully-sealed for easy sanitization, the new Panasonic Toughbook H1 combines the legendary Toughbook ruggedness people expect with a lightweight, thoughtful design to produce the ultimate mobile clinical assistant. It has hot-swappable twin batteries for longer battery life, runs a full Windows® OS and can operate as both a touchscreen and a tablet PC. What’s more, the Toughbook H1has multiple fully integrated features, like a camera, barcode scanner and fi ngerprint reader. The new Panasonic Toughbook H1, a disease’s worst enemy.
panasonic.com/toughbook/healthcare 1.888.762.2097
PAN1173_HC_GovHIT_Feb.v1.indd 1 12/31/08 9:57:29 AM