You are browsing the archive for Medical Technology.

Is $9B Cerner deal good for DoD?

July 30, 2015 in Medical Technology

It might seem like a bit of Monday morning quarterbacking, but industry insiders are weighing in on the $9B contract the Department of Defense signed with EHR giant Cerner, and some are suggesting the government could have finessed a better play. 

Indeed, the announcement comes at the same time that Congress and the Administration are heavily invested in finding the answer to the question: How is it that most of the systems in use today still don’t talk to each other after $30 billion being invested?

“At the front end, it strikes me as unfortunate and puzzling that we’re about to put another $10B – conservatively – into one of the very systems responsible for the supposedly unacceptable status quo,” Dan Haley, vice president, government and regulatory affairs at cloud-based health IT company athenahealth, told Healthcare IT News on Wednesday, hours before DoD announced its selection.

[Related: EHR go-live gone wrong.]

To Haley, that reaction was not particular to Cerner, Epic or Allscripts, the three contenders left in the running for the 10-year government contract. Regardless of the vendor, he said, it calls to mind the old insanity saw about repeatedly doing the same thing and expecting different results.

“The finalists are all very good, very credible purveyors of data software systems that aren’t very good at exchanging information outside of their platforms,” he added. “Not because they don’t want to be, but because they’re not built for that. They’re pre-Internet platforms. They were literally created to share information within the confines of a closed network. And now they’re jerry-rigged to share information outside themselves.”

That, he says, is an expensive proposition and Haley has some influential company to bolster his position.

Back in February the Center for New American Security released a report that urged DoD to choose an open-source EHR system that would be “extensible, flexible and easy to safely modify and upgrade as technology improves and interoperability demands evolve.”

“DoD is about to procure another major electronic (health records) system that may not be able to stay current with – or even lead – the state-of-the-art, or work well with parallel systems in the public or private sector,” the authors wrote. “We are concerned that a process that chooses a single commercial ‘winner’, closed and proprietary, will inevitably lead to vendor lock and health data isolation.”

The authors of the report urged DoD to show some leadership.

“We believe that, like in so many other aspects of our society, DoD could play a leadership role,” they wrote. “It could catalyze expectations, model behavior, and deliver measurable outcomes far outside its five walls. Nowhere is this more true, more necessary, and more far-reaching than the modernization of healthcare services.”

Retired Army Gen. H. Hugh Shelton, Stephen L. Ondra and Peter L. Levin wrote the report.

Shelton, a former chairman of the Joint Chiefs of Staff, and is now the chairman of RedHat Software. Ondra is a former senior advisor for health information in the White House Office of Science and Technology Policy, and is today senior vice president and chief medical officer of Health Care Service Corporation. Levin is a former CTO at the Department of Veterans Affairs, and currently the co-founder and chief executive officer of Amida Technology Solution.

The DoD’s request for proposals precluded a bid from athenahealth or similar cloud-based companies, Haley said. The so-called “gating criteria” made that clear by “using the term ‘best of suite solution,’ which our contracting people told us was code for single platform, which means static software.”

He also noted that a team led by PwC that included Google and open-source software company Medsphere was knocked out of the competition after the first round of review.

“How is it that in 2015 anyone thinks it’s rational to contemplate a 10-year implementation of a piece of software?” he asked. “Think about the rate at which this kind of technology evolves. The proposition that it will be obsolete before it’s fully implemented is not a guess. It’s a certainty.”

Related articles: 

Ready for the next generation of EHRs?

DoD EHR modernization set to rock marketplace

Is DoD EHR modernization destined to fail?

One out, three bids left for DoD EHR

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/9b-cerner-deal-good-dod

Bookmark and Share

The good, the bad and the ugly: social media’s response to DoD Cerner EHR win

July 30, 2015 in Medical Technology

Is this story relevant to you?

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/good-bad-ugly-social-medias-response-dod-cerner-ehr-win

Bookmark and Share

Cerner data sharing may have been difference-maker

July 30, 2015 in Medical Technology

As it happens, it appears that the smallish contract awarded to Cerner to replace the Military Health System’s anatomic pathology lab technology earlier this month was a hint, after all.

Just weeks later, the Kansas City-based behemoth landed the big prize (although, at an initial value of $4.4 billion, not quite as big as the $11 billion many were first expecting). So what was it that gave Cerner the edge over longtime rival Epic system? A perceived commitment to interoperabilty is almost certainly a big reason.

Fair or not, Cerner’s reputation in recent years has been one of increasing embrace of openness – at least more open than Epic, which felt compelled this past year to hire a lobbyist to help counter the narrative that it doesn’t play well with others.

Whatever the initial motivations for Cerner’s founding membership in the CommonWell Health Alliance, for instance, its close work with Allscripts, athenahealth and other vendors makes it hard to argue that it isn’t at least trying to enable the freer cross-platform data sharing so essential to better care coordination and population health.?

For another example, the company “is a major participant in the DirectTrust network that links over 40,000 health care organizations and nearly a million individual private sector health care professionals via Direct exchange,” said David Kibbe, MD, President and CEO of DirectTrust, in a statement supplied to Healthcare IT News. “Cerner has been a very strong proponent of open, standards-based approaches to EHR interoperability.”

[Related: Is DoD EHR modernization doomed to failure and obsolescence?]

“Cerner’s demonstration of wide-ranging provider interoperability on multiple, different platforms were the huge differentiator over Epic’s garden-walled methodology to system user data sharing,” said Doug Brown, managing partner of Black Book, in another emailed statement on the DoD’s decision.

“The message on progressive provider connectivity should also serve as the strategic government directional to the entire EHR sector,” he added. “That closed off systems is objectionable for the greater goal of improving national patient quality and access to records anywhere.”

In an interview with Healthcare IT News earlier this year, officials from Leidos, the government contractor that will be now working alongside Cerner for the next decade-plus, said commitment to data liquidity would have to be a key capability of the eventual contract winner.?

A key component of the Pentagon’s RFP was that the system protect DoD from any eventual “data lock” or “vendor lock” in the years ahead, said Jerry Hogge, deputy group president of Leidos’ Health Solutions.

“This is a 10-year program,” he added. “So one of the very few amendments that the government made along the way was to have the vendors demonstrate how their solution would accommodate removing a module or integrating a new one, or adding a new modular capability.”

The hope, of course, is that the sheer size of this project – 9.5 million beneficiaries in the DoD system – means it can only have an impact on the rest of the healthcare ecosystem.

The initiative’s vast, worldwide scope means “there will be information technology requirements that bleed over into the commercial side of the industry,” Leidos Chief Medical Officer Carl Buising, MD, told Healthcare IT News. “I think what we will see is an advance in the overall information sharing capability and an advance in interoperability.”

Assistant Secretary of Defense for Health Affairs Jonathan Woodson, MD, more or less confirmed that that will be the case in a recent interview with CNBC. The Defense Healthcare Management System Modernization “allows us to pivot toward the future – but also forces others to pivot toward the future,” he said.

“We’ve got to force the private sector to be able to exchange information in a very efficient way, in a very timely way, so we can get better outcomes for those beneficiaries,” said Woodson.

Related articles: 

DoD EHR modernization set to rock marketplace

EHR go-live gone wrong

One out, three bids left for DoD EHR

 

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/cerner-data-sharing-may-have-been-difference-maker

Bookmark and Share

When a cyber attack hits: Who’s in charge?

July 30, 2015 in Medical Technology

The dangers of data breach make for great headlines: data held for ransom, financial fraud, and medical identity theft, to name a few. But despite the many risks of data breach, from a business standpoint, the most immediate threat in most security incidents is failure to comply with regulatory requirements. The vast majority of security incidents don’t turn into data breaches, and not all breaches result in theft or other damages. But failure to report or meet other regulatory requirements can result in stiff penalties regardless. Therefore, incident response processes should be organized not only to address data security but also how best to determine whether an incident is a notifiable breach.

It takes a combination of specialties to handle a data security incident in a way that fully protects the organization. Assessing whether a data breach has occurred or not requires both data security and compliance expertise. Unfortunately, in most businesses, the information security, privacy, compliance and other organizations don’t work together fluidly to respond to an incident, leaving the organization vulnerable on the compliance front. A highly effective organization will define parallel paths for incident response very early in the discovery process. This not only enables accurate assessment of the incident from both the information security, compliance, and risk standpoints, it also positions each functional team to provide effective response and risk management throughout the entire lifecycle of the incident, whether or not it is determined to be a breach.

There are some immediate actions that privacy and IT/information security can take together to close the compliance gap. Since the IT/information security team is, by definition, the first responder to a data security event, the first step is to change their policies and operating procedures so that every incident is assessed not only from the security side but also from the compliance viewpoint. There should be:

  • A policy to notify the privacy/compliance team as soon as an event is suspected to be an incident, so they can begin a parallel evaluation into the pertinent compliance requirements.
  • A procedure for promptly and visibly notifying the compliance team and other potential stakeholders. (There must be no risk of a notification getting lost in someone’s email inbox).
  • A vehicle for documenting and handing off all of the information needed for the compliance evaluation: What data was touched, how much, whose, etc.? (This will also save time in the compliance process if notification turns out to be necessary.)

Catamaran, a company that provides pharmacy benefits management services to healthcare organizations, functions as both a HIPAA covered entity and as a business associate. When Catamaran implemented incident management software and trained its staff in risk-based incident response, the number of reported incidents went up because the software automates the process of evaluating incidents against the whole matrix of current state and federal regulations. Catamaran discusses its approach in a recent webinar, Bringing Incident Response Breach Management Out of the Dark Ages.

The focus on thriller-worthy cyber-security threats can distract from the day-to-day, yet critical needs of compliance and risk management. It can also divert funding and organizational clout from foundational privacy and security hygiene, and many organizations are beginning to integrate privacy/compliance and information security to ensure better collaboration and a focus on more than just technology. Security blogger Matt Kelly recently compared this more integrated approach to preparing for a heart attack: “You can go through life equipped with tools to reduce that risk, such as a defibrillator, and it will indeed help when the time comes. Or you can improve your process of being healthy: eating right and exercising. Neither one of those procedures will assure that you never have a heart attack—but they will help you immensely in staying alive should a heart attack come to pass.”

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/blog/when-cyber-attack-hits-whos-charge

Bookmark and Share

MedSphere, ProSphere partner on VA work

July 29, 2015 in Medical Technology

Medsphere, an open source electronic health record company whose technology is based on the U.S. Department of Veterans Affairs’ VistA EHR, is partnering with contractor ProSphere Tek to work on a new VA project.

The work calls for developing  File Manager – known as FileMan – version 23. VA VistA’s core data management utility, enables the operation of VistA applications and modules, all working with integrated data.

Medsphere will focus specifically on enhancing FileMan to develop VistA’s fundamental data architecture and internal data management.

“We appreciate the trust both ProSphere and VA have shown in Medsphere’s VistA experience and expertise, especially with regard to FileMan,” said Medsphere President and CEO Irv Lichtenwald. “Medsphere has significantly enhanced FileMan for use outside the VA, and we contributed that version of FileMan to the Open Source Electronic Health Record Alliance, making it available to non-federal hospitals who want to affordably improve care.”

[See also: Medsphere makes big merger move.]

The VA has made clear that upgrades to FileMan are only one project in a much broader multi-year VistA modernization effort. Over time, VistA will be upgraded and made interoperable with the EHR system soon to be selected by the Department of Defense. (Medsphere was initially one of the vendors vying for that $11 billion DoD contract, in partnership with PwC, but was dropped from the running earlier this year.)

Interoperability and system improvements are intended to enable seamless medical records transfer as American military personnel move from the Military Health System to the Veterans Health Administration.
 
Medsphere is also currently working with Hewlett-Packard to test and remediate FileMan enhancements developed at the regional level in VA’s Veterans Integrated Service Networks That version, FileMan v22.2e, will soon be moved from class 3 to class 1 enterprise software as a result of the project and will be implemented as the core of VistA in all VA hospitals and clinics until FileMan 23 is completed and fully implemented.

[See also: BT bets on Medsphere’s ‘open’ EHR.]

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/medsphere-prosphere-partner-va-work

Bookmark and Share

DoD awards Cerner, Leidos, Accenture EHR contract

July 29, 2015 in Medical Technology

The US Department of Defense handed down the largest and most-anticipated electronic health record system contract in history late Wednesday.

And the winner is (drumroll, please) … Cerner, Leidos and Accenture. The contract’s initial piece, valued at $4.3 billion, calls for the team to provide “an electronic health record off-the-shelf solution, integration activities and deployment across the Military Health System,” a DoD spokesperson told Healthcare IT News

DoD’s choice, in the end, came down to three teams: Epic Systems and IBM; Cerner, Leidos and Accenture; and Allscripts aligned with Computer Sciences Corp. and Hewlett-Packard.

“Market share was not a consideration,” said DoD Under Secretary for Acquisition, Technology and Logistics Frank Kendall. “We wanted minimum modifications.”

Being able to select a commercial-off-the-shelf software package and customize it as little as possible for a project this massive is the reason that DoD has given all along for not opting to use the U.S. Department of Veterans Affairs’ proprietary and open source VistA EHR.

“A commercial product gives us the opportunity to take advantage of private sector innovation,” said Assistant Secretary of Defense for Health Affairs Jonathan Woodson, MD. He added that during the process of choosing a vendor, DoD officials visited with many health systems to learn how they transition from proprietary to commercial EHR systems. 

[Related: DoD EHR modernization set to rock marketplace.]

Part of DoD’s requirement, in fact, was that the EHR interoperate with private sector systems, since somewhere between 60 percent and 70 percent of care takes place outside the DoD.

“This is crucially important,” said Woodson. “What we’re doing today will help advance the public preparedness. The private sector is becoming more prepared, but we’ll accelerate that work.”

The biggest surprise?

No, it’s not the vendor who won. Rather, it’s the adjusted overall price tag for the massive modernization project. Indeed, the figure is down nearly 20 percent.

“We feel comfortable that we made a good source selection,” Kendall explained. “Costs are coming in lower than our estimates.”

Widely reported DoD projections had put the overall price at $11 billion for an 18-year lifecycle.

“We think it will be below $9 billion” over the long haul, Kendall added. “Competition has worked for us.”

Woodson pointed to sunsetting existing systems as a major factor in lowering those costs. Indeed, Military Health System CIO David Bowen said in 2013 that “legacy systems are eating us alive in terms of support and maintenance,” and consuming approximately 95 percent of the IT budget. 

Whether the competition that drove prices downward will also translate to a shorter implementation time remains to be seen, but Kendall said DoD intends to first deploy the software at eight sites in the Pacific Northwest by end of calendar year 2016 – and the current plan is to have it installed at approximately 1,000 sites by 2022, though Kendall said once the contract is awarded they “hope we can go much quicker than that.”

He cautioned, though, that the rollout will be event-driven, and that the DoD won’t take unnecessary risks to meet a preset schedule.

“Today is just the beginning, now the hard part is going to start,” said Chris Miller, program executive officer, DoD Healthcare Management Systems Modernization and Integrated Electronic Health Records. “Our focus now is shifting to testing. You’re going to see an incredible test regime, digging deep into security, workflow, comprehensively testing the product to make sure it’s ready to go before we deploy it.”

Related articles: 

Is DoD EHR modernization destined to fail?

EHR go-live gone wrong

One out, three bids left for DoD EHR

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/dod-names-ehr-contract-winner

Bookmark and Share

4 takeaways from Ponemon’s 2015 healthcare security report

July 29, 2015 in Medical Technology

Ponemon’s recently published 2015 Study on Privacy Data Security of Healthcare Data makes one point crystal clear: healthcare organizations must do more to protect sensitive patient information from the wide variety of data breach threats.

A shockingly high 91 percent of respondents reported falling victim to at least one data breach in the last two years. The majority of respondents had suffered 11 or more incidents. Healthcare IT teams understand that these percentages are unacceptable, but until now have largely failed to effectively mitigate data breach threats.

Healthcare organizations could view Ponemon’s report as a document that paints IT security in their industry as a failure. I have a slightly different view. This report is one of the most useful resources for helping healthcare organizations start taking the necessary steps to defend themselves more capably against data breaches. With this in mind, here are four takeaways from this report that each and every healthcare organization should consider:

Pay attention to security trends and plan accordingly
Healthcare IT leadership needs to keep a pragmatic, data-driven view of the types of attacks they’re facing, and allocate their IT security budgets accordingly.

Looking at the last five years of Ponemon’s healthcare report, the only category of attacks that has consistently risen is “criminal attack,” which is now the number one cause of data breaches.  In 2014, criminal attacks were the number one root cause of data breaches cited by 45 percent of respondents. Other data breach root causes, including lost devices, employee negligence, and system glitches, have remained relatively consistent over the past five years.

Interestingly, when asked what they believed to be the largest security threat, 70 percent of respondents chose employee negligence, which is not at all in line with reality. Criminal attacks are the number one cause of data loss. If healthcare organizations are ever going to get in front of the relentless assault upon their critical, protected health information, a shift in the focus of priorities has to take place.

Implement strong processes and procedures
While over half of the respondents stated they had good IT policies and procedures in place, this percentage should be much closer to 100 than it is currently. With a vast array of regulatory and compliance issues to deal with, as well as the impending threat of criminals trying to steal data, healthcare organizations need to put the appropriate policies and procedures in place for all areas of their security program.

It’s also important to note that some healthcare organizations are placing too much faith in the ability of policies and procedures to prevent data loss. 58 percent of organizations stated that their policies and procedures alone can prevent or quickly detect breaches. This line of thinking is dangerous for the industry.

Make the most out of technology and automation
Strong policies and procedures are fundamental to any good security program, but they cannot be the only line of defense to stop data breaches from happening. Healthcare organizations must marry policies and procedures with technical controls that allow business to continue with minimal hindrance, while still providing the necessary levels of protection.

Only one-third of respondents stated they had sufficient resources to prevent or quickly detect a data breach, and just barely half had the on-staff technical expertise to identify and resolve data breaches. With limited resources available, healthcare organizations need to focus on leveraging technology specifically designed to enforce controls and defensive measures, especially automation tools that can be integrated into systems and processes. Well-implemented technological controls can bolster the effectiveness of the human and financial resources within an organization to better get ahead of attacks.

Build security from the inside out
As part of this effort to mitigate the effectiveness of criminal attacks, healthcare organizations must build IT security from the inside out. Often, healthcare organizations try to harden the perimeter to protect hackers from entering their systems. But as more healthcare organizations utilize cloud-based services, expand their health provider networks over larger physical areas and leverage technologies to allow for more of their employees to work remotely, the perimeter has all but disappeared.

It is far more effective for IT teams to build layers of security closest to the items that require protection. If the loss of laptops is of great concern, encrypting hard drives that contain sensitive information will be more effective than adding new controls to VPN access. If preventing unauthorized access to databases and servers containing sensitive health information is the goal, IT teams should put security and auditing measures in place around privileged account credentials instead of attempting to build more firewall perimeters, which these accounts will likely have access to anyway.

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/blog/4-takeaways-ponemons-2015-healthcare-security-report

Bookmark and Share

Can the Health IT Safety Center succeed?

July 28, 2015 in Medical Technology

When ONC released its Health IT Safety Center Roadmap earlier this month, it touted the envisioned center as way to create a “culture of safety.”

Writing in Health Affairs, two experts offer some tips to help it meet that “monumental, sociotechnical challenge.”

ONC wants to use the safety center as a convener for stakeholders from across healthcare to accomplish two interrelated goals: “using health IT to make care safer, and continuously improving the safety of health IT.”

[See also: ONC unveils patient safety roadmap]

That will take work, and lasting commitment from a broad array of different players, according to Dean Sittig, professor of biomedical informatics at The University of Texas Health Science Center at Houston, and Hardeep Singh, research scientist at Baylor College of Medicine.

On the Health Affairs blog, Sittig and Singh call the roadmap “an important step for both policy and practice in an area where researchers like us are just beginning to understand the boundaries and definition of health IT-related patient safety.”

They also offer their thoughts on the challenges that must be addressed if the Health IT Safety Center is to be brought to fruition – and truly brought to bear on technology-enabled quality improvement.

As the public-private organization gathers folks from the different facets of health IT to help develop a “learning health system” (in one of ONC’s favorite turns of phrases) where continuous improvement of patient safety is the goal, the diverse participants would work to spotlight ways to address IT-related adverse events, aim toward better evidence-based practices and information sharing and promote education for clinicians’ safe use of healthcare technology.

But as Sittig and Singh point out, that’s easier said than done.

“Why hasn’t all of this been done by now? The answer lies in the complexity of health IT use,” they write. “In addition, research to understand unintended consequences of health IT has emerged mostly in the last decade. As recognized in the roadmap, a comprehensive, sociotechnical approach is essential; this must include technical factors, as well as nontechnical factors such as people, workflow and organizational issues.”

[See also: EXTREME essentials for interoperability]

Several years ago, the two researchers published a study titled “A New Socio-technical Model for Studying Health Information Technology in Complex Adaptive Healthcare Systems.” They’ve also done extensive research on how electronic health records can help deliver on patient safety. Through that research, they offer a three-part framework for defining safety as it relates to technology. It involves:

  • Activities to mitigate risks that are unique and specific to technology (e.g., safety issues related to unavailable or malfunctioning hardware or software);
  • Issues created by the failure to use technology appropriately or by misuse of technology (e.g., hazards created by nuisance alerts in the EHR), and
  • Use of technology to monitor health care processes and outcomes and identify potential safety issues before they can harm patients (e.g., the use of EHR-based algorithms to identify patients at risk for medication errors or care delays).

Addressing all three of those is a tall order, they write; the safety center, even as a “trusted space where stakeholders [can] convene to review evidence and jointly develop solutions” (in ONC’s words), will face challenges – especially when it comes to improving identification and sharing of health IT-related safety events.

“Our research shows that identifying EHR-related patient safety issues or delineating the role technology plays in a safety event is difficult,” write Sittig and Singh. “For example, when clinicians overlook abnormal test results in EHRs, nearly all eight sociotechnical dimensions” – as defined in their earlier report – “can be involved.”

So, while the proposed center wouldn’t conduct investigations into adverse events, they write, “we believe EHR-enabled healthcare organizations should themselves create multi-disciplinary EHR safety teams to investigate safety events with potential ‘health IT involvement.’” Such teams could work with patient safety organizations during investigations “and be integrated with an organization’s risk management infrastructure” they suggest.

That proposal is just one of many Sittig and Singh have to offer. Read their full post here.

In the meantime, they write, “safe and effective implementation and use of health IT within a complex adaptive health care system is a monumental, sociotechnical challenge. The proposed Safety Center is a step forward, but it will require strong and sustained support from a multitude of stakeholders, including vendors, researchers, and policymakers. A great deal is at stake here. In the absence of any other central oversight, the Safety Center will need to lead the way in making health IT safer and better, so we can improve the health and health care of our patients.”

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/can-health-it-safety-center-succeed

Bookmark and Share

Why Medicare Advantage is more potent than meaningful use for driving reform

July 28, 2015 in Medical Technology

Earlier this year, the Centers for Medicare and Medicaid Services (CMS) announced increased 2016 rates to Medicare Advantage (MA) – changes that will continue to strengthen this growing industry program. Some are saying that this change is a result of the lobbying efforts of payers. But what if CMS was actually kinder to MA because the model has proven to work so well?

Popular across the healthcare ecosystem, the MA program caters to consumers, primary care doctors and payers, while delivering superior results for today’s society as opposed to a fee-for service program. Specifically with MA, consumers often get the benefits of high-end Medicare Supplement for zero premium, primary care doctors have the opportunity to increase their income significantly in a good Medicare Advantage risk-sharing contract, while payers have the chance to reap substantial profits or surplus for managing chronically ill populations.

In my view, MA is the only national program that engages payers, providers and consumers to support all three elements of the Triple Aim. It does so by means of a consistent set of value-based economic incentives and closed-loop information flows that reduce cost, increase quality and improve the patient experience. 

How are payers and providers able to be so successful in MA? First, payers must ensure that quality care is delivered through their network. To do so, they have to offer contracts to providers that reward the proactive management of the chronically ill. Successful payers also share significant population health information and support functions with providers who can’t afford their own population health infrastructure. Finally, payer success must be renewed each year by meeting the challenging set of Star Rating metrics that ratchet up each season to advance the clinical quality agenda.

In addition to meeting metrics, payers must also deliver a superior consumer experience, and that’s where consumer feedback comes in. Consumers are interviewed directly without the involvement of payers or providers through the Consumer Assessment of Healthcare Providers and Systems (CAHPS) survey process. This annual survey requires that payers and providers communicate well with members and engage them in real conversations. Bad feedback on support impacts both CAHPS and Star ratings.

As a result of payers’ successes in MA contracts, providers can also reap these benefits financially and through the job satisfaction that comes from the ability to spend more time with patients – which is the very reason they became doctors in the first place. Moreover, on a national level, the tasks required of providers in MA programs are increasingly central to the new U.S. healthcare model: prospective health status assessments, care planning, coordination of care and honest end-of-life dialogue.

Despite these many benefits, MA does have its critics. Some are ideologically opposed to private insurers being part of Medicare and others are concerned that insurers can game the system, for example, by inflating Hierarchical Condition Category codes illegally. Although this concern is valid, CMS has every regulation, incentive and resource needed to strongly enforce the law.

Given this criticism, Meaningful Use (MU) has often been portrayed as a tool for driving reform, especially given its vast funding by the HITECH Act and emergence of hundreds of electronic health record vendors over the last few years. Compared to MA, however, MU lacks the structural mechanisms necessary to drive reform. First, MU success depends on HITECH funding and its power declines as HITECH expires. More importantly, since MU’s power does not derive from the inherent economics of accountable care, it fails to motivate both payers and consumers who both play a role in sustainable reform.

According to Farzad Mostashari, MD, former national coordinator at ONC and currently the founder of Aledade, consumer demand is the key to driving reform and interoperability. In our view, hospital-based delivery systems do not have a deep history of consumer engagement and proactive health, while EHR vendors have little motivation or experience connecting directly with consumers. Therefore, both hospital-based delivery systems and EHR vendors targeted by MU are not equipped to influence consumer behavior. On the other hand, MA payers have the budget and the motivation to market directly to consumers while also influencing their behaviors.

For example, when it comes to the electronic delivery of discharge information to patients, MU attempts to impose, on both hospital systems and EHR vendors, a percentage of patients for whom such delivery is enabled. However, most hospitals report zero consumer demand and are excluded from the requirement as a result. If this goal was in place for MA Star Ratings criteria, payers would put the goal into their provider contracts, pay for the technology to deliver it and market the benefits to MA members and their caregivers.

With CMS’ improvement of the MA program incrementally across the Clinton, Bush and Obama administrations, MA has become the most powerful instrument we can use to drive national healthcare reform. The program reflects the true economic underpinnings of the Triple Aim, and through its Star Rating system, provides an engine to enable the entire industry to become the “learning system” that ONC’s Interoperability Roadmap has envisioned. All the players in the healthcare ecosystem – payers, clinicians, vendors as well as academic, clinical and policy leaders – need to leverage the power of MA as a reform tool that is sharp, proven, sustainable and continuously improving. This is the future.

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/blog/why-medicare-advantage-more-potent-meaningful-use-driving-reform

Bookmark and Share

NIST releases first-ever mobile device security guidelines

July 28, 2015 in Medical Technology

If you’ve been looking for any set of official guidelines for mobile device security or best practices on keeping medical data safe, there’s finally some serious movement on that front – a standards handbook with reams of valuable insight on the topic.

The National Institute of Standards and Technology, the federal agency charged with developing tech standards, has unveiled its long-awaited mobile security guide, specifically written for safeguarding medical data.

The handbook – see below – currently in draft form is awaiting public comment. It offers healthcare organizations insight on how to bolster mHealth cybersecurity via open-source or commercial tools.

Securing Electronic Records on Mobile Devices, NIST officials point out, provides health IT professionals with “detailed architecture so that they can copy or recreate with different but similar technologies, the security characteristics of the guide.” The guide also outlines NIST standards, best practices and other regulations to adhere to, such as HIPAA.

Among the myriad reasons for compiling such a guide, NIST officials point to a 2012 HHS roundtable on mobile devices, where participants underscored that “many healthcare providers are using mobile devices in healthcare delivery before they have appropriate privacy and security protections in place.”

In fact, 90 percent of healthcare providers are currently utilizing mobile devices within their organizations.

“We know from working with them that healthcare organizations want to protect their clients’ personal information and themselves from the high costs associated with breaches,” said Donna Dodson, director of NIST’s National Cybersecurity Center of Excellence, in a statement. “This guide can be an important tool among the many they use to reduce risk.”

Included in the 82-page how-to guide, there’s Bind DNS and DNSE installation and hardening tips step-by-step instructions and requirements, etc. There’s Access Point advice, IPTables firewall how-tos. The guide also details back system best practices, configuration management specifications – including Puppet, production Web server, etc. It underlines intrusion detection systems, certification authority, host and mobile devices security, MDM enrollment and has an entire section on governance, risk and compliance.

NIST officials describe the new guidelines as including a “virtual environment that simulates interaction among mobile devices and an electronic health record system supported by the IT infrastructure of a medical organization.”

In addition to the how-to handbook, the new NIST guidelines include a 16-page manual on relevant mobile device standards and controls mapping, specifically written for the healthcare industry. For each related technology, for instance, say key management, there’s a corresponding table of applicable standards and links to the standards.

The final piece of the guidelines delineates risk assessment and outcomes, based on the business workflow of a typical EHR user. 

Be the first to like.
VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Article source: http://www.healthcareitnews.com/news/nist-releases-first-ever-mobile-device-security-guidelines

Bookmark and Share