Archive for August 2009
Hospitals and medical centers now have even more reason to be concerned about privacy and security as new rulings released last week go into effect. Healthcare CIO’s need to heighten the attention they place on the protection of sensitive patient information as it pertains to access, storage and transmission. This will need to be done in conjunction with their new focus on “meaningful use” which includes, CPOE and EMR upgrades and installations, clinical documentation, quality measures and interoperability.
On Wednesday August 19th, the Department of Health and Human Services (HHS) issued their “interim final” ruling that requires healthcare providers and health plans to alert individuals of unauthorized access to their unsecured electronic protected health information (PHI). This came just two days after a Federal Trade Commission (FTC) rule was released which outlined similar requirements for personal health record (PHR) vendors, related PHR entities and third-party service providers.
Both of these interim rulings have been mandated by the very stringent privacy and security requirements outlined in the American Recovery and Reinvestment Act of 2009 (ARRA) for Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities and business associates and certain non-HIPAA-covered entities. Try saying that fast five times!
The HHS and FTC worked collaborated to make sure that the rules were in sync and written in such a way that they complimented one another. All entities that are covered by either of these rulings have within 60 days to notify any individuals whose information was accessed without the proper authorization. If a large breach occurred, that falls within the PHI rules, and 500 or more people involved, then those entities must alert the press and media and then either HHS or FTC, depending on which of the rulings they are subject to. If the size of the breach involved less than 500 people, those entities must record and log of the incident and then contact and submit the breach findings to either HHS or FTC at the end of the year. These “interim final” regulations will be in effective for 30 days after publication in the Federal Register on August 24th.
The HHS “interim final” regulations are available at http://www.federalregister.gov/OFRUpload/OFRData/2009-20169_PI.pdf.
The FTC “interim final” regulations are online at http://www.ftc.gov/os/2009/08/R911002hbn.pdf.
As part of the federal American Recovery and Reinvestment Act (ARRA), state and local governments have gratefully received stimulus money, which economists and lawmakers hope will breath some life into the economy. Budget officials, however, are anxious about the impending October 10th date, which is the first quarterly mandated deadline from the the U.S. Office of Management and Budget (OMB). On that date, stimulus fund recipients must upload their detailed financial spending information in a specific format to a website called FederalReporting.gov,
CIO’s around the country are concerned about the challenges of reporting for stimulus spending. Agencies will be required to upload financial spending data in the form of an Excel spreadsheet, CSV, or Extensible Markup Language (XML). These OMB requirements put the burden directly on state and local governments to process, format, prepare and transmit large amounts of financial information. Many CIO’s say that their existing computer systems simply have not been adapted to handle these requirements. They are now faced with a choice that they need to make: a) customize their computer systems and applications to try and meet the requirement or b) purchase a software solution that has been designed to track and report stimulus spending.
President Barack Obama’s administration and the OMB instituted these very stringent reporting requirements to provide transparency as well as spending accountability. This is certainly a worthy and worthwhile goal but it can be an enormous undertaken for CIO’s and their IT teams. They only have a small window of time to modify and enhance their applications to meet the requirements. The problem also becomes exponentially more complex, when you start factoring in that state and local governments have many different agencies, who are using many different systems to capture and track their financial information.
There is some good news, CIO’s have some third-party options they can consider. Microsoft Stimulus360, for example, is a solution that works with the existing Microsoft applications that most government agencies are using today including: Microsoft Office, Microsoft Dynamics ERP, Windows Server, SharePoint and Microsoft SQL Server. The only real additional cost is the product licensing fee.
Acumen Solutions’ START program, on the other hand, takes a completely different approach. The solution is built on top of Salesforce.com platform. This completely hosted option can reduce equipment and software purchase costs. START offers an advantages when the government agencies are not connected on the same area network. As a “cloud” based solution, anyone with an Internet connection and a browser, can easily access the application 24/7. Acumen Solutions’ START regularly receives updates from OMB, so that state and local governments can just focus on populating the system with their data.
Both of these solutions are viable options for CIO’s to consider. They offer all the necessary reporting and data transmission requirements for OMB, and present a compelling alternative to building, managing and maintaining their own in-house developed applications for ARRA.
I can’t tell you how many people have been telling me that Netbooks are not going to last. They explain that they are only a fad and that “real” people won’t tolerate the slow performance, lack of memory, physical storage and small keyboards. They continue by saying that the only reason their popular in the first place, is because their cheap, and in this economy that is the only thing that really matters.
Well then, don’t tell this to all the people that I’ve been seeing lately with their Netbooks in hand. In fact, I’ve been surprised at the numbers of NetBooks that have been coming out at recent seminars, conferences and events. Not to mention, all those Netbooks people are working on in the various coffee houses and cafe’s I visit here in New England. These people, are those “real” people mentioned earlier. I’m talking about business professionals, entrepreneurs, marketing people, event planners, designers and your everyday emailing / die-hard Twitter users.
When I observe these folks, I notice that they really appreciate their Netbooks small size, weight and convenience. As I work away on my Lenovo laptop, I can’t help glancing over and feeling just a bit jealous that I don’t have my own Netbook. To the contrary of what I had been told, these people all seem quite happy with their Netbook, they are being productive, and are not missing a beat.
In a lot of ways, it reminds me about the introduction of the iPhone, which I am the proud user of. My business colleagues told me that “real” people would only use a Blackberry, never these niche toys called iPhones. Well, we all know where that went now don’t we? I love my iPhone, it has changed my life. I use it constantly and it has made me much more productive. However, it’s really not suited to type in a lot of notes and documents. This is when I need to pull out my bulky laptop to do the job. I’ve often thought of how great it would be if I could just expand my iPhone, just for a little while, so I could jot down some thoughts and information. But maybe, just maybe, a Netbook might be the perfect solution for this.
The newer Netbooks are coming with more options, memory, storage and speed. They are managing to do this while keeping the costs down. This is only going to help fuel their further adoption by both consumers and businesses. Microsoft is even concerned about the growing competition from Linux as an alternative OS of choice on Netbooks – http://3.ly/JVI. We also have to remember that Netbooks are really geared towards Cloud Computing, which is becoming increasingly more popular by the month. This all adds up to staying power.
I am quite confident that Netbooks are here to stay. I know that it’s just a matter of time when I, and maybe even yourself, have one of these fine units in hand.
Healthcare CIO’s are all facing the new reality of HITECH. They are evaluating their current EMR’s and existing systems interoperability to determine what will be required to receive the HITECH incentives. They are going to be asked to demonstrate “meaningful use” (once it’s defined). CIO’s are starting their assessments and due diligence.
What is the sense of urgency? The HITECH plan calls for “meaningful use” to be defined by the end of this year. From a Healthcare perspective that means tomorrow. Hospitals and physician practices who demonstrate meaningful use will qualify for some of the billions in incentives coming from the government. The issue is that Healthcare CIO’s cannot wait for the “black and white” definition of meaningful use. They must start now if they hope to achieve the goal.
What Healthcare CIO’s do know today is that the definition of meaningful use is going to breakdown into four main categories. This includes CPOE (computerized physician order entry), clinical documentation, quality reporting and system interoperability. Healthcare CIO’s need to assess their current and planned system implementations to determine the best approach and/or combination to achieve this. They also need to factor in security, privacy and HIPAA compliance.
All this must be accomplished during these trying economic times. Plus, once the fuse is lit, resourcing these projects nationally will become a big challenge. The best thing Healthcare CIO’s can do is to be as proactive as possible and get their strategies, plans and projects in place. This is your classic “carrot or stick” approach to get the CIO’s and their C-Level peers to take action. This after all, is not only an IT initiative, but a directive for the entire organization, where every C-Level must be involved and held accountable.
The budget and execution of the HITECH initiative will transcend the entire organization. The key to accomplishing HITECH compliance will be all about measures. The measure of quality, system interoperability and patient outcomes will be the true test of compliance. This coupled with the necessary security, privacy and HIPPA compliance standards, makes it a complex initiative at all levels.
Healthcare CIO’s certainly have many challenges ahead. The best advice I can give them is to get started and be as proactive as possible. They are not alone. This will be challenge for every hospital and physician practice in the country. Some will be successful and some will not. It’s time to get started to better their odds.
RHIOs across the country have approached things very differentlly with their own standards, measures, goals and stakeholders. RHIOs can make for an interesting case study as there is a lot of good insights, perspectives and information that can be gained by their efforts. The reality, however, is that many RHIOs continue to struggle. They are knee deep in the politics of it all, have inadequate funding, and competing agenda’s from everyone involved.
What we need to do is to take a holistic view of the work RHIOs have done. We can capture best practices, constructive approaches and opportunities that can be universally shared. This due diligence could lead to us instituting a true national healthcare interoperability definition & standard for all RHIOs to adhere to. This would be the foundation of a simplified national health network exchange that all organizations and system vendors could embrace. From a technology perspective this would be very similar to the traditional EDI and ODBC models. All vendors know, understand, and enable these standards in their products.
I hate to say it but for RHIOs to be ultimately successful, they will need to collaborate & work together, and they are going to need a similar “carrot & stick” of the HITECH initiative. Obviously the incentives and penalties would be different but the same motivation and persuasion tactics would be achieved. The reality is HITECH is already going to surface these issues in a big way. True interoperability will only be achieved through system standards. I am not critical of RHIOs, you can certainly understand how they got to where they are. A tremendous amount of thought and good work has been done. Some RHIOs are much more successful than others. However, a true national standard and health network exchange is going to be required before the goal can be ulitmately be achieved.
For those of you who have followed me for awhile you know that I am bullish on SasS (Software as a Service) for non-critical enterprise applications. This would include Sales, HR, Payroll and Project Management type applications. I am a big fan of QuickBase from Intuit as their product allows for the rapid web development of both departmental and enterprise apps. QuickBase is a powerful, flexible and user friendly web application development environment. There is elegance in simplicity!
I personally have developed numerous QuickBase applications that are used throughout our organization today. To say that QuickBase does it all would not be the truth. I like to say that the product core product offers 80% percent of what you need. However, it’s the 20% that it’s missing that has prevented me from further adopting the product as a strategic solution for Vitalize. As a passionate user of QuickBase, I have communicated with Brad Smith, Intuit’s CEO, and I have visited the QuickBase office in Waltham MA. The QuickBase team even came to visit me in our Reading MA office. I provided them with a feature fit/gap road map to enhance their product.
Intuit has made some small enhancements to the core QuickBase product but the 20% gap still fundamentally remains. To their credit, QuickBase has been working on a business strategy to extend their product features through tools like Adobe Flex. This is coupled with a development partner program to encourage developers to write, promote and sell QuickBase applications. I am not critical of this as a strategy, but as a QuickBase customer and fan, I would like Intuit to also focus on enhancing their core product offering. My development team and I would welcome the enhanced features and functionality that could and would make QuickBase an truly amazing SAAS Solution.
I will remain an advocate of QuickBase and I do recommend it as complimentary solution to every companies application development environment. I just know QuickBase could be so much more than what it already is. Intuit will either advance their product or a competitor will step in and offer it in their own solution.
I started my career doing software development. I programmed for a living and lead business software development for many years. As a result, I am quite familiar with development environments, frameworks and tools. So when I found Quickbase I was a bit skeptical. However, once I started using the product I was impressed with it’s capabilities. I would say that I really pushed the product to it’s limits and was quite happy with the result. However, I did encounter it’s limitations. The QuickBase team called me an advanced user, someone who has exploited the full dimension of their product. They have been very receptive to my recommendations but I’ve yet to see a major release that address the 20% gap.
I know they are working on QuickBase regularly, and I wouldn’t be surprised to see a new version released sometime soon. I highly recommend QuickBase for any company. It comes with numerous applications that you can use immediately and learn from. I simply want to continue to encourage and council Intuit to make QuickBase even better. It has so much more potential and opportunity as mature and proven SssS solution.
With HITECH efforts being planned in hospitals across the nation, Healthcare CIO’s need to reevaluate system integration strategies. The challenge historically has been one of evolution where different vendor interface engines have been introduced over time. Each time a new system, application or module got introduced into the environment it often came with a preferred vendors engine for integration purposes. As long as it talked HL7 and could parse, transmit and interpret records it was generally deemed acceptable to not delay the project.
This model, however, has created hospital IT environments and staff that have to support, manage and upgrade these different vendor products. Now add in the HITECH mandate of system interoperability and the CIO is left with a more complex environment than desired. Healthcare CIO’s need to move to a “less is more” approach to integration by moving towards a single vendor product as a best practice. This will pay huge dividends for them in the future by allowing them to be agile & responsive to interoperability needs coming their way.