Government & Policy
HHS Secretary Burwell launches nationwide challenge for a simpler medical bill that patients can un…
Geisinger, University of Utah Health and other leading health systems to test winning designs in the contest called A Bill You Can Understand, sponsored by AARP.
The Health and Human Services chief said that HHS is working to eliminate data blocking, enable interoperability, and protect patient data as it moves around the healthcare system.
The Office for Civil Rights said that many HIPAA-covered entities do not believe business associates will notify them in the event of a data breach but since providers are on the hook anyway they must be ready should that happen.
Centers for Medicare and Medicaid Services chief Andy Slavitt asks hospital executives for 'meaningful engagement' with the proposed new MACRA policy, and hints they should follow Washington rule-making closely in the near future.
With the healthcare industry suddenly accounting for nearly 25 percent of all data breaches, a new study from The Brookings Institution suggests some new cybersecurity strategies are needed.
Niam Yaraghi, a Brookings fellow, conducted in-depth interviews with 22 healthcare organizations – providers, payers and business associates – that had each experienced at least one data breach.
He found some things in common across them, and some differences. But his biggest takeaway was that guidance and enforcement from the federal government isn't doing enough to keep patient data safe, and that a more concerted private-sector strategy is needed to help ensure security best practices.
In his report, "Hackers, phishers, and disappearing thumb drives: Lessons learned from major healthcare data breaches," Yaraghi offered a series of suggestions for both the HHS Office of Civil Rights and those working in the healthcare trenches.
"Consider a simple office visit," he said. "In addition to the physician who sees the patient, it may involve an independent entity that facilitates the scheduling of the visit, an electronic medical records vendor that provides software and cloud storage for saving the doctor’s notes, a health information exchange platform that shares this data with other physicians, another party that creates the bill, the insurance company that pays for it, and sometimes a collecting agency that manages the patient’s late payments."
That scale and complexity has left healthcare "uniquely vulnerable to privacy breaches."
A host of other factors, from the value of detailed patient medical records – containing both medical and financial data – to hospitals' historic ill-preparedness, has led to healthcare earning the dubious distinction of being hackers' new favorite target.
[Also: Status report: OCR's effort to guide HIPAA compliance in mobile health]
"Government incentives led healthcare organizations to adopt electronic health records without being ready to adequately invest in security technologies," said Yaraghi. "Privacy breaches used to have little to no effect on the revenue stream of healthcare organizations, and thus, they did not have strong economic incentives to invest in digital security and patient privacy."
That's all changed now, of course: 23 percent of all data breaches happen in the healthcare industry, according to Brookings. Over the past six years, health records of more than 155 million Americans have potentially been exposed in whopping 1,500 separate breaches – the per-record cost of which is $363, the highest of all industries.
The government isn't always helpful when it comes to addressing this all too vexing problem, the Brookings report argues.
While HIPAA "is clear about the requirement to protect health data," for instance, "it does not specify how to do so and is open to interpretation," Yaraghi said. "HIPAA is also outdated and falls short of addressing modern cybersecurity challenges."
After a breach happens, meanwhile, OCR initiates audits. "While one does not expect the organizations that were audited to have a positive view about OCR, most of them mentioned that the process is very punitive and contributes to organizations’ reluctance to share the details of breaches with peers," he added. "Furthermore, audits usually take more than two years and organizations incur significant legal fees during the process."
As a potential way forward, Yaraghi offered some pointed suggestions to both the healthcare industry and the government.
First and most obvious, health organizations must prioritize patient privacy.
"In many of the interviewed organizations, privacy breaches could have been prevented had the organization spent enough on security technologies or diligently implemented and followed privacy policies," he said. "Healthcare organizations now have access to both the knowledge and technology that is required to ensure the privacy of their patients, and thus should use these resources to their fullest potential."
He emphasized the acute need for better communication: "Information sharing about security technologies, privacy policies, and breach incidents should take place among healthcare organizations and also between healthcare organizations and federal agencies," Yaraghi said.
And he touted the value of cyber insurance – not just as a protective mechanism for individual organizations, but as lever to help drive improvements in security practices industry-wide.
Such an insurance market could "fundamentally improve how patient privacy is viewed and managed in the healthcare sector," he said. "To underwrite the privacy risk of healthcare organizations, cyber insurance companies will be willing and able to conduct timely and efficient audits and proactively manage their clients’ privacy protection efforts. Healthcare organizations will also have a direct economic incentive to reduce their cyber insurance premiums by addressing their security weaknesses and preventing privacy breaches."
Sign up for the Healthcare IT News Privacy & Security Update newsletter.
Meanwhile, Yaraghi had two key recommendations to the Office for Civil Rights.
First, it should better communicate the details of breach incident audits, he said.
"After a breach happens, OCR conducts a thorough investigation to identify its causes. Through these audits, OCR also ensures that the victim organization has put corrective and preventive policies in place to avoid future incidents. Although the lessons learned from each breach can prevent other similar incidents, OCR does not share the details of its investigations. OCR should provide detailed reports on how each breach happened, and how other healthcare organizations can avoid similar occurrences."
Also, the government should get more specific about HIPAA – ideally establishing a "universal HIPAA certification system," said Yaraghi.
"OCR should prevent more than it punishes," he said. "Although the audits that happen after a breach effectively reduce the chances of second incidents, they cannot prevent privacy breaches in the first place. Random audits that take place before a breach occurs will be helpful in preventing one. These random audits are currently conducted very rarely. OCR should accredit certification agencies that can conduct preventive audits in accordance with OCR standards and certify the compliant organizations."
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
Like Healthcare IT News on Facebook and LinkedIn
Optum teams with Medecision, TriZetto to add population health capabilities to Medicaid Management …
Optum has partnered with Medecision and TriZetto to deliver a new platform for Medicaid Management Information Systems that brings features specifically for population health management.
Called Optum Medicaid Management Services (OMMS), the new platform is available via a software-as-a-service (SaaS) and business process-as-a-service (BPaaS) model that incorporates Aerial, Medecision’s population health management tools, and TriZetto’s broad Medicaid claims and administrative platform named Facets.
The Optum solution provides states with business services, such as Medicaid fee-for-service claims processing, care provider enrollment, call center activities and operations reporting; analytics and data warehousing services that can use data to help states identify needs across their population, focus resources accordingly to improve outcomes, and measure the performance of care providers, health plans and new state-managed programs to improve care; and health services such as wellness and care management programs to improve the health of Medicaid fee-for-service recipients.
The companies said states that purchase services instead of setting systems requirements can benefit with shortened IT implementation period with less cost and reduced risk; more choices from proven commercial solutions; improved administrative operations; and access to new technologies and cloud-based approaches that help agencies operate more flexibly.
Optum estimates that its SaaS approach could cut by as much as half the timeframe for new MMIS implementations, thereby significantly reducing the time and cost of implementation, and containing operational costs in both the short and long term.
Traditionally, MMIS systems – which process Medicaid fee-for-service claims and managed care encounters, and provide reporting on the program – are formally certified by the Centers for Medicare and Medicaid Services. Such certification enables states to access enhanced matching federal funds at the rate of 90 percent for design, development and implementation, and 75 percent for operational expenses.
The companies said that in conjunction with the launch of OMMS Optum has received certification from CMS as a Quality Improvement Organization (QIO)” entity, a designation that enables it to perform quality improvement initiatives, and review cases and analyze patterns of care related to quality measures and medical necessity. The QIO-like designation allows states to receive 75 percent federal matching funds when Optum performs these services.
“The Optum solution is analogous to states purchasing the electricity they need rather than building the entire power plant,” Optum executive vice president Steve Larsen said in a statement. “Our state Medicaid clients have told us that traditional MMIS program administration approaches – now more than three decades old – needed upgrading to reflect the fast-paced environment and their broadened responsibilities under the Affordable Care Act.”
Twitter: @HealthITNews
Like Healthcare IT News on Facebook and LinkedIn
When Republican presidential hopeful Donald Trump accused his presumptive Democrat opponent, Hillary Clinton, of playing the 'woman's card' in the race to the White House, it backfired.
Clinton was the first to respond, unleashing many other retorts from both women and men – and an extra $2.4 million in campaign fundraising.
"If fighting for women's health care and paid family leave and equal pay is playing the woman card, then deal me in!" Clinton shot back.
One of our favorite commentaries came from Kirsty Styles, writing on thenextweb.com: Styles writes about a deck of cards in production now by a creative sister and brother team which is celebrating famous women, such as Harriet Tubman, Susan B. Anthony, Mary Cassatt and Beyonce. Clinton is the ace in this deck, which is due on the market in July.
While enamored of the idea, in her column Styles points out that the Woman Card deck doesn’t reference any female tech innovators who've made America great.
[See also: HIMSS compensation survey: Big salary gap between men, women healthcare pros.]
Styles suggests three to get the creators of the card deck fired up for tech: Pioneering computer programmer Grace Hopper, Radia ‘don’t call me the Mother of the Internet’ Perlman and women in tech champion Anita Borg.
Hmm, maybe someone should create a Women in Health IT card deck.
Or maybe it’s enough with the cards already.
New York Times columnist Nicholas Kristof writes in his April 30 column, "Trump Plays the Man's Card," that Trump is missing point.
"This is the card that in the United States earns women just 92 cents to a male worker’s dollar, less than one-fifth of the seats in Congress, a bare 19 percent of corporate board seats, an assault every nine seconds — and free catcalls and condescension! Frankly, I’ll stick with my MasterCard," Kristof writes.
That 92 percent earnings figure stands in contrast with the findings published in a HIMSS compensation survey released this past January.
The HIMSS survey reveals that men, on average, earned $126,262, compared to $100,762 for women in the survey of 1,900 healthcare professionals that includes CEOs, CIOs, IT project managers, sales professionals and those with clinical titles such as CMIO and Clinical Systems Analyst. It means that women in health IT make about 80 percent of what men earn in the same positions.
Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com
The federal government paid bonuses to 231 hospitals with subpar quality because their patients tend to be less expensive for Medicare, new research shows.
The bonuses are small, generally a fraction of a percent of their Medicare payments. Nonetheless, rewarding hospitals of mediocre quality was hardly the stated goal when the Affordable Care Act created financial incentives to encourage better medical care from hospitals, doctors and other health care providers.
A study published Monday in the journal Health Affairs looked at the more than $1 billion in payments made last year in the Hospital Value-Based Purchasing program, which raises or lowers Medicare payments to hospitals based on the government’s assessment of their quality. Medicare primarily uses death and infection rates and patient surveys to judge hospitals, but it also evaluates how much each hospitals’ patients cost, both in treatment and recovery.
The 231 hospitals the study identified had below average scores on quality measures but were awarded the bonuses because caring for their patients during their stays and in the 30 days following their discharge cost Medicare less than what it cost at half of hospitals evaluated in the program.
The Centers for Medicare & Medicaid Services, or CMS, began measuring cost in October 2014 to encourage hospitals to provide care in the most efficient way possible. In the period examined in the study — the federal fiscal year that ended in September 2015 — spending counted for 20 percent of a hospital’s score in determining whether a hospital would get a bonus, penalty or regular payment.
Under this formula, hospitals with Medicare spending below the median hospital were able to qualify for bonuses even though their quality measures were below the median, the study found. Patients at those 231 hospitals cost Medicare on average nearly $16,000, about $2,300 less than the average spending for the patients at other hospitals that received bonuses, according to the study’s lead author, Anup Das, a medical and health policy student at the University of Michigan.
The average bonus for those lower quality hospitals was an 0.18 percent increase in Medicare payments for each patient stay during that fiscal year. Most of the 1,700 hospitals that received a bonus that year had higher than average quality ratings, and their patients in some cases were more costly to Medicare.
[See also: 15 quality chiefs at best hospitals.]
“High-quality low-spending hospitals received the greatest financial benefit from the program,” the study said. “In this respect, CMS achieved its goal with the new spending measure. However, some low-quality hospitals received bonuses because of their low spending.”
In a statement, CMS said it would consider revising the program for future years so that hospitals scoring below the national median for quality would not receive a bonus. The statement also noted that this year, three-fourths of hospitals’ scores were based on quality measures. “We believe that there needs to be a balanced consideration between quality and cost, which is reflected in our scoring methodology,” the statement said.
The study found the lower-quality hospitals that received bonuses in the last fiscal year had higher death rates for heart attacks, heart failure and pneumonia than half of the nation’s other hospitals evaluated in the program. These hospitals were also less likely to follow recommended procedures for care, like choosing the right antibiotic for patients or performing an angioplasty on a heart attack patient within 90 minutes of their arrival at the hospital.
[See also: 1,700 hospitals win Medicare quality bonuses, but will never collect.]
The 231 lower-quality hospitals with bonuses also received less enthusiastic ratings from patients about how well doctors and nurses communicated, responded to issues and managed pain, the study found. The study did not name the 231 hospitals.
“It’s a small decrease in quality, but the differences are significant,” Das said in an interview.
Other new federal quality payment programs created by the health law, such as accountable care organizations, deny bonuses to doctors or hospitals with substandard quality of care, no matter how efficiently they operate. The study suggested the government add a similar limitation to the Value-Based Purchasing program.
The study did not look at the current federal fiscal year, which runs through this September. This year, Medicare gave bonuses to 1,705 hospitals, averaging 0.51 percent, and reduced payments to 1,375 hospitals by an average of 0.34 percent, according to a Kaiser Health News analysis. Along with spending, Medicare’s other criteria are: death and infection rates; how faithfully a hospital followed basic clinical guidelines; and how patients rated their experiences in surveys.
Spending counts for a fourth of each hospitals’ scores, more than last year, and is scheduled to continue to do so for the next two years. The study’s lead author, Das, said in the interview that a preliminary analysis found some lower-quality hospitals again received bonuses.
As physicians study the Merit-based Incentive Payment System and Advanced Alternative Payment Models outlined in the newly proposed MACRA rule, the Centers for Medicare and Medicaid Services has released its finalized Quality Measure Development Plan in support of the new payment structure.
Only 30 percent of respondents to a recent poll want the Affordable Care Act repealed, as Republican contenders Donald Trump and Ted Cruz are promising. Another 30 percent support expanding the law, which Democrats Bernie Sanders and Hillary Clinton have said they will do.