Introduction
If the adoption of electronic medical records takes off in hospitals and ambulatory clinician's offices as the Obama administration hopes, there will be a huge demand for workers trained in the health care information technology field. Dr. Blumenthal, the National Coordinator for Health IT estimated in October that over 50,000 new jobs would be created. The task of educating all of these people, especially on the tight time schedule planned, will be enormous. The scope of new positions will include technicians, project management staff, consultants, engineers, trainers, and high-level administrators, among others.
Types of training needed
A broad spectrum of training programs will be required. Some technicians, analysts, and implementation specialists might be trained at community colleges in programs lasting as little as six months. Most positions will require at least a two year associate degree to provide students with adequate background and skills in health care and information technology to perform effectively in the workplace. More complex training at the bachelor's or graduate degree level will be needed for the mid- and high-level jobs. Schools will certainly be seeking students with prior experience in health care-related fields.
There will also be a tremendous need to train clinicians to effectively use electronic health records (EHRs.) About half of the graduates from clinical training programs in the last 10 years have had some exposure to electronic medical records. With the low adoption rate of EMRs/EHRs by practicing clinicians, very few of these providers have had experience using electronic records. The types of skills needed range from the simple manual skills of typing and keyboard use to more using more complicated applications such as templates for documentation, setting alerts at an appropriate level to balance clinician efficiency with patient safety considerations, and use of data mining to promote improved clinical care and population health. Clinician contribution to development of local systems is essential to successful implementation. Tasks include development of order sets, customization of clinical decision support systems, working effectively in groups, communication skills, conflict resolution, and general leadership. A number of clinicians will need to participate in executive information technology positions in hospitals and larger group practices.
Two types of training in my opinion have been under-utilized by many training programs. These are mentoring programs and apprenticeships. Graduating students often have few personal contacts in their future field of employment. This can make it difficult to find a satisfying job when recruiting is often word-of-mouth. Mentoring offers the opportunity for one to benefit from the wisdom and advice about professional development from experienced professionals who serve in an encouraging role. Apprenticeships offer a practical method of acquiring useful experience outside the classroom that can be listed on a résumé and that may be of benefit to the student when it comes time to search for a job.
Existing Programs
A large number of programs across the country offer training in health information technology. A search of the Internet will yield a variety of choices. Most of the shorter programs seem to be geared to coding and medical records management. Certificate programs for the study of medical informatics, electronic medical records, and health information exchanges are available. Many of these are designed around employed professionals and are offered online, after work or determined by a self-paced schedule. There are programs at the baccalaureate and masters degree level covering topics of general medical informatics, bioinformatics, and nursing informatics. A few programs offer graduate degrees at the PhD level in fields such as bioinformatics and genomics.
More and more programs are making the shift to online training. I recently noticed that my alma mater (Northwestern University School of Continuing Studies) will close its on-campus masters program in medical informatics shortly and will only offer the degree in the online format in the future. An internet search did not locate a significant number of programs comparable to those that the Department of Health and Human Services (HHS) is trying to develop through its grant programs discussed below.
HHS Funded Initiatives
Curriculum development: HHS will provide grants totaling $10 million to five institutions of higher learning to develop curricula for training in six job roles with twenty areas of expertise. The deliverables will used to provide a framework for dissemination to the community programs discussed below. (These programs were review in a prior post on December 14, 2009.)
Community college training programs: An additional $70 million will be awarded early next year to consortia of community colleges (five geographic areas and approximately 70 educational institutions) to provide support for the development of training programs in health information technology. Students will be expected to have prior experience in the health care industry. Training is expected to last no longer than six months. Many of the graduates are expected to provide support to the Federal Extension Centers that are targeted to begin operating across the country early next year.
Program for four year colleges: Last week, Dr. Blumenthal announced a $38 million grant program to be made available to four year colleges to develop more robust programs for job roles requiring longer and more specialized training. These training programs are to be rapidly planned and implemented.
Program Certification: I think that it will be essential for one or several well recognized certification organizations to develop certification pathways for health IT education programs. Students and employers will want to know that credentials are not being created in diploma mills. The schools should publish information about the certification status of their programs in a prominent location of their Web sites (homepage) so that there is transparency about this issue.
If programs are to be certified, perhaps students should be as well. This past week HHS announced a grant program to develop a series of competency tests to examine those who graduate from the non-degree programs that are to be developed next year. I think this is the beginning of a trend to test and certify those who design, build, and test critical clinical and administrative systems in the health care realm. It should be extended to the higher levels of training.
Challenges
Curriculum development. Training programs cannot achieve effectiveness without meaningful curricula. The curricula for training in health IT need to meet the diverse needs of students ranging from short term development in specialized areas to graduate degree education. Much of the workforce training needed immediately must address the short term goal of encouraging widespread adoption of electronic health records by clinicians, especially in small practices. For the long term, programs must focus on providing increased support for EHR usability, clinical decision support, and increased efficiency and safety for patients through the use of health IT in the U.S. health care system.
Teaching staff training and recruitment: One of the areas that federal grant programs have not addressed is training the trainers. Faculty development usually takes years to accomplish. There are powerful financial disincentives for skilled workers to enter the teaching ranks, especially considering today's weak economy. Development of online programs will require faculty members who are familiar with or can be trained rapidly to adapt to the technology that the online format requires. Programs will find it difficult to ramp up their health IT training without concerted efforts to develop the critical faculty needed on the front lines to teach and administer.
Funding new programs in a distressed economy. Students are finding it difficult to locate the financial resources to meet the demands of steadily rising tuition, book and supply costs, and other fees. Schools at all levels of the educational establishment have had their public funding and private endowments cut in the difficult economy of the last two years. Grant programs are a partial solution but they come with the limitation that funding is accorded on a limited time schedule, the reporting requirements can be onerous, and there are no guarantees that the grants will be renewed when their term expires.
Risks
Unknown adoption rates. Historically, the adoption of EHRs has been slow at both the provider and hospital level. The influence of ARRA on adoption rates is yet to be determined. For this reason, it is difficult to accurately predict the actual workforce training need.
Rapidly changing technology. Health IT technology is rapidly evolving. This is another factor that makes it difficult to predict training needs. Moreover, it adds a measure of uncertainty to curriculum development. The goal of providing students with skills they will need in the workforce is difficult to fulfill when there are so many unanswered questions. Also, there is a real risk that the newly trained students will not be available in the workforce in time for the early adopters of EHRs who need their services most. The maximum ARRA incentives are only available to those who are meaningful users of EHRs by 2011 and 2012.
Unknowns of the economy. The economy has already been mentioned as a confounding force in predicting manpower needs for health IT. If the economy rebounds, then the funds needed to complete the transition from paper to electronic medical records may become more readily available. If the economy continues to founder, then predictions of the future needs for the health IT workforce may prove to be over optimistic.
Sunday, December 27, 2009
Monday, December 14, 2009
HIT Workforce Training
At the AHIMA meeting in San Francisco in early October, Dr. David Blumenthal, the national coordinator for health IT, announced government estimates that 50,000 new jobs would need to be created to support adoption of electronic medical records in the US. This was followed late last month when the Department of Health and Human Services announced $80 million in grants to train the health IT workforce.
The grant funds would be distributed in two pools. Institutions of higher learning with established health IT training programs will receive grants totaling $10 million for up to five Curriculum Development Centers to help create curricula designed for rapid training of students, using a standardized format. The assignment for grant applicants is to develop education programs in a collaborative fashion in which students with some previous background in health care will receive their health IT training over a six month span. The curriculum framework addresses 20 subject areas of expertise needed to perform health IT jobs. Grants are to be awarded in March 2010.
The second pool of funds consisting of $60 million will be distributed to about 70 community colleges in 5 national regions to establish the programs and perform the actual training. These training programs must ramp up rapidly to meet the two-year grant requirements. Training for six different roles is to be offered. These roles are:
Practice workflow and information management redesign specialists
Clinician/practitioner consultants
Implementation support specialists
Implementation managers
Technical/software support staff
Trainers
Trainees completing the programs are expected to have the skills necessary to support the Regional Extension Centers that are scheduled to kickoff early next year (first round grant winners should be announced in mid-January 2010. The HHS goal is to provide training to 10,500 students annually.
Analysis: HHS certainly has lofty goals. It would be great if ARRA helps create 51,000 new jobs in the Health IT arena. There are a lot of unknowns though. First, it will take several years to find out how much ARRA clinician incentives stimulate the adoption of EMRs/EHRs. So the actual demand for new trainees is not known. Second, it takes a lot of time and effort to get an education program started and running from scratch. I'm not sure the rapid development plans are adequately funded to meet the published requirements. Third, there is the issue of recruitment. Trained, experienced faculty will not simply materialize. There is a long lead time for faculty development and recruitment. Likewise, recruitment programs will need to be developed to attract qualified students. Furthermore, I question whether a six month training program will provide students with the necessary skills to meet the actual demands of the health IT industry. Just touching on all twenty of the required subject areas is going to take considerable time. Fourth, will an adequate supply of graduates from these programs be available in time to staff the Regional Extension Centers or other employers in time to help those clinicians interested in garnering the maximum ARRA incentives that will only be available on a very tight timeline? Finally, the recession has had a dramatically negative effect on budgets for higher education and associated student fees. The financial barriers will be difficult to overcome, even with the federal grant funds.
Look for future posts in which I will discuss training of the health IT workforce in more detail.
The grant funds would be distributed in two pools. Institutions of higher learning with established health IT training programs will receive grants totaling $10 million for up to five Curriculum Development Centers to help create curricula designed for rapid training of students, using a standardized format. The assignment for grant applicants is to develop education programs in a collaborative fashion in which students with some previous background in health care will receive their health IT training over a six month span. The curriculum framework addresses 20 subject areas of expertise needed to perform health IT jobs. Grants are to be awarded in March 2010.
The second pool of funds consisting of $60 million will be distributed to about 70 community colleges in 5 national regions to establish the programs and perform the actual training. These training programs must ramp up rapidly to meet the two-year grant requirements. Training for six different roles is to be offered. These roles are:
Practice workflow and information management redesign specialists
Clinician/practitioner consultants
Implementation support specialists
Implementation managers
Technical/software support staff
Trainers
Trainees completing the programs are expected to have the skills necessary to support the Regional Extension Centers that are scheduled to kickoff early next year (first round grant winners should be announced in mid-January 2010. The HHS goal is to provide training to 10,500 students annually.
Analysis: HHS certainly has lofty goals. It would be great if ARRA helps create 51,000 new jobs in the Health IT arena. There are a lot of unknowns though. First, it will take several years to find out how much ARRA clinician incentives stimulate the adoption of EMRs/EHRs. So the actual demand for new trainees is not known. Second, it takes a lot of time and effort to get an education program started and running from scratch. I'm not sure the rapid development plans are adequately funded to meet the published requirements. Third, there is the issue of recruitment. Trained, experienced faculty will not simply materialize. There is a long lead time for faculty development and recruitment. Likewise, recruitment programs will need to be developed to attract qualified students. Furthermore, I question whether a six month training program will provide students with the necessary skills to meet the actual demands of the health IT industry. Just touching on all twenty of the required subject areas is going to take considerable time. Fourth, will an adequate supply of graduates from these programs be available in time to staff the Regional Extension Centers or other employers in time to help those clinicians interested in garnering the maximum ARRA incentives that will only be available on a very tight timeline? Finally, the recession has had a dramatically negative effect on budgets for higher education and associated student fees. The financial barriers will be difficult to overcome, even with the federal grant funds.
Look for future posts in which I will discuss training of the health IT workforce in more detail.
Wednesday, December 2, 2009
Future Role for HITSP?
There have been a lot of changes in government-led health information technology (HIT) initiatives since the Obama administration came to power in January. Much of the federal activity in HIT originates with the Office of the National Coordinator for Health IT (ONC.) Some of the changes have been discussed here previously, especially as they relate to EMR/EHR certification. There is another potential change on the horizon that I want to explore now.
The Healthcare Information Technology Standards Panel (HITSP) go its start in 2005 under a federal contract from ONC. HITSP is a public-private partnership with representation from a broad range of vendors, government bodies, and other organizations that contribute hundreds of volunteers to the standards harmonization process. The contract is due to expire at the end of January 2010, next month. Surprisingly, the federal government has not made public any plans it might have to extend the contract or substitute another organization to provide HITSP's services.
The standards harmonization process needed to enable interoperability of electronic medical records and health information exchange is not complete. In fact, the task is likely to be an ever-evolving one as standards development organizations (SDO's) continue to revise and formulate new health care related standards. HITSP advised ONC on standards to be selected for meaningful use for 2011, 2013, and 2015. These standards are still in flux. The government position on standards should become clearer by the end of December when an Interim Final Rule release by ONC is expected.
Unless government action is taken immediately, much of the effort invested in the creation of HITSP will be sacrificed. The organization was not designed to be self-sustaining. It was not easy to develop the governance structure, hire the full-time staff, and enlist the hundreds of volunteers that constitute the organization. The amount of effort that goes into developing a group like HITSP should not be underestimated. The government stands to loose the benefit of accumulated knowledge and experience of HITSP participants. It will not be easy to retrieve all the actors if they are lost during any significant hiatus in HITSP activities. As it stands today, HITSP will essentially shutter its doors on January 31, 2010.
Some may suggest that an alternative already is extant to replace HITSP. The HIT Standards Panel, a FACA committee, has been advising ONC on standards issues since it was established under the American Recovery and Reinvestment Act. Although there are dedicated experts on the panel, they are not capable of performing the work HITSP has been doing. I think it would be a real shame if HITSP is allowed to founder. It will also be a setback for the Obama administration's effort to encourage wide-spread adoption of interoperable electronic medical records for all Americans.
The Healthcare Information Technology Standards Panel (HITSP) go its start in 2005 under a federal contract from ONC. HITSP is a public-private partnership with representation from a broad range of vendors, government bodies, and other organizations that contribute hundreds of volunteers to the standards harmonization process. The contract is due to expire at the end of January 2010, next month. Surprisingly, the federal government has not made public any plans it might have to extend the contract or substitute another organization to provide HITSP's services.
The standards harmonization process needed to enable interoperability of electronic medical records and health information exchange is not complete. In fact, the task is likely to be an ever-evolving one as standards development organizations (SDO's) continue to revise and formulate new health care related standards. HITSP advised ONC on standards to be selected for meaningful use for 2011, 2013, and 2015. These standards are still in flux. The government position on standards should become clearer by the end of December when an Interim Final Rule release by ONC is expected.
Unless government action is taken immediately, much of the effort invested in the creation of HITSP will be sacrificed. The organization was not designed to be self-sustaining. It was not easy to develop the governance structure, hire the full-time staff, and enlist the hundreds of volunteers that constitute the organization. The amount of effort that goes into developing a group like HITSP should not be underestimated. The government stands to loose the benefit of accumulated knowledge and experience of HITSP participants. It will not be easy to retrieve all the actors if they are lost during any significant hiatus in HITSP activities. As it stands today, HITSP will essentially shutter its doors on January 31, 2010.
Some may suggest that an alternative already is extant to replace HITSP. The HIT Standards Panel, a FACA committee, has been advising ONC on standards issues since it was established under the American Recovery and Reinvestment Act. Although there are dedicated experts on the panel, they are not capable of performing the work HITSP has been doing. I think it would be a real shame if HITSP is allowed to founder. It will also be a setback for the Obama administration's effort to encourage wide-spread adoption of interoperable electronic medical records for all Americans.
Sunday, November 22, 2009
EMR Usability
The HIMSS EMR Usability Task Force thoroughly reviewed this topic and published an excellent review of usability this past June. I highly recommend the article to anyone with interest in this area. I will not discuss the concepts involved with the same degree of detail that they did. This post is merely meant to be an introduction.
EMR usability is a subject that is being discussed ever more frequently. One reason is that the lack of usability has been a major barrier preventing more widespread adoption of EMRs by clinicians. Usability affects the amount of effort needed to implement EMRs, clinician satisfaction, practice efficiency, and patient safety. I have selected a few usability issues to discuss here.
Ease of Learning. Medical professionals do not have spare time to devote to learning complicated software packages. The design of EMR software should be intuitive to minimize the amount of time needed to train clinicians adequately so they can perform their day-to-day medical record activities. The pages presented to the user should be consistent in appearance as one navigates through different sections. Software that behaves like other programs the user has experience with is also easier to learn. One should not have to refer to a user's manual or online help to accomplish common functions and activities.
Patient Safety. EMRs should be designed so that they are safe to use. New types of errors caused either by the software itself or by operator mistakes that could harm patients must be avoided. Actually, the goal is that patients should be safer when electronic records are used than when traditional record keeping on paper is utilized.
Human Factors Engineering. This is the scientific study of how humans interact with technology and how the experience can be optimized for the user. Objective techniques are used to evaluate the human-machine interaction. Benchmarks are established first and then a rational approach is used to improve software and hardware through use of validated metrics. Best practices are promulgated to help improve the entire industry. Users and designers should work in collaboration. Many have the sense that this has not been done very often with health IT. Some of the topic headings that follow are subtopics of human factors engineering.
Speed. Clinicians want technology that improves productivity, not something that slows them down. Many clinicians who received their training using paper-based medical records have developed workflows that are hard to adapt to the electronic environment. Many factors affect speed that may include: network infrastructure design, number of users on the network, use of wireless devices, software that require navigation through multiple pages to reach the desired site, and the need to enter data by typing on a keyboard.
User Interface.
Color: Designers need to be very careful with the use of color. A percentage of the population is colorblind so they might not recognize the information the use of color was meant to convey. Also, although there may be some general agreement about the significance of specific colors, some users may hold alternate understanding about the meaning of colors. The significance of colors is linked strongly with cultural background. When color is used there should also be another method used to convey significance (e.g. bolding, caps, underlining, etc.)
Font: Generally, sans serif fonts are considered easier to read on a computer monitor than fonts with serifs. The user should have the means to adjust font size to compensate for reduced visual acuity. This has important implications for older users, user distance from the screen, and smaller screens.
Navigation: Whenever possible, all relevant information to the activity being performed should be presented on one screen. Users should not be expected to recall information from one screen when they must work on another. All effort should be made to minimize the number of mouse clicks needed to do work. Shifting between the mouse and keyboard slows users down. Many clinicians do not like to scroll. Finally, it should be easy to undo a mistake. "Hover-over" features can enhance to user experience when deeper drilling into data is desired. This feature must not be overdone because that can also be frustrating.
Presenting expected data: The best software designs have baked-in logic and algorithms that anticipate the needs of clinicians. For example, lab results of commonly associated tasks are automatically presented to the user without prompting.
In the future, I expect that vendors will devote more resources to human factors engineering in their products. I also think that we can reasonably expect that usability will be an area that is tested objectively as new criteria are developed for EMR certification. Improving usability of EMR software should aid the effort to expand EMR adoption by clinicians and hospitals in the US.
The HIMSS EMR Usability Task Force thoroughly reviewed this topic and published an excellent review of usability this past June. I highly recommend the article to anyone with interest in this area. I will not discuss the concepts involved with the same degree of detail that they did. This post is merely meant to be an introduction.
EMR usability is a subject that is being discussed ever more frequently. One reason is that the lack of usability has been a major barrier preventing more widespread adoption of EMRs by clinicians. Usability affects the amount of effort needed to implement EMRs, clinician satisfaction, practice efficiency, and patient safety. I have selected a few usability issues to discuss here.
Ease of Learning. Medical professionals do not have spare time to devote to learning complicated software packages. The design of EMR software should be intuitive to minimize the amount of time needed to train clinicians adequately so they can perform their day-to-day medical record activities. The pages presented to the user should be consistent in appearance as one navigates through different sections. Software that behaves like other programs the user has experience with is also easier to learn. One should not have to refer to a user's manual or online help to accomplish common functions and activities.
Patient Safety. EMRs should be designed so that they are safe to use. New types of errors caused either by the software itself or by operator mistakes that could harm patients must be avoided. Actually, the goal is that patients should be safer when electronic records are used than when traditional record keeping on paper is utilized.
Human Factors Engineering. This is the scientific study of how humans interact with technology and how the experience can be optimized for the user. Objective techniques are used to evaluate the human-machine interaction. Benchmarks are established first and then a rational approach is used to improve software and hardware through use of validated metrics. Best practices are promulgated to help improve the entire industry. Users and designers should work in collaboration. Many have the sense that this has not been done very often with health IT. Some of the topic headings that follow are subtopics of human factors engineering.
Speed. Clinicians want technology that improves productivity, not something that slows them down. Many clinicians who received their training using paper-based medical records have developed workflows that are hard to adapt to the electronic environment. Many factors affect speed that may include: network infrastructure design, number of users on the network, use of wireless devices, software that require navigation through multiple pages to reach the desired site, and the need to enter data by typing on a keyboard.
User Interface.
Color: Designers need to be very careful with the use of color. A percentage of the population is colorblind so they might not recognize the information the use of color was meant to convey. Also, although there may be some general agreement about the significance of specific colors, some users may hold alternate understanding about the meaning of colors. The significance of colors is linked strongly with cultural background. When color is used there should also be another method used to convey significance (e.g. bolding, caps, underlining, etc.)
Font: Generally, sans serif fonts are considered easier to read on a computer monitor than fonts with serifs. The user should have the means to adjust font size to compensate for reduced visual acuity. This has important implications for older users, user distance from the screen, and smaller screens.
Navigation: Whenever possible, all relevant information to the activity being performed should be presented on one screen. Users should not be expected to recall information from one screen when they must work on another. All effort should be made to minimize the number of mouse clicks needed to do work. Shifting between the mouse and keyboard slows users down. Many clinicians do not like to scroll. Finally, it should be easy to undo a mistake. "Hover-over" features can enhance to user experience when deeper drilling into data is desired. This feature must not be overdone because that can also be frustrating.
Presenting expected data: The best software designs have baked-in logic and algorithms that anticipate the needs of clinicians. For example, lab results of commonly associated tasks are automatically presented to the user without prompting.
In the future, I expect that vendors will devote more resources to human factors engineering in their products. I also think that we can reasonably expect that usability will be an area that is tested objectively as new criteria are developed for EMR certification. Improving usability of EMR software should aid the effort to expand EMR adoption by clinicians and hospitals in the US.
Wednesday, November 18, 2009
Online Graduate Degrees
My Experience
I have often been asked what it was like obtaining my masters degree in medical informatics on-, line through Northwestern University. I have prepared a PowerPoint presentation that summarizes my experiences. I have reformatted the presentation for this post. I thought this might help others considering applying for an online degree program.
I was in the third group of students accepted into the online program at Northwestern University. The on campus program had been running for quite some time. I am sure the program will evolve as it becomes more mature. I think they got most of it right the first time around though.
My Distance Learning Experience
Masters of Medical Informatics at Northwestern University
School of Continuing Studies
What is Distance Learning?
•Virtual Educational Institution
–No brick and mortar centerpiece
–Timing of classes
•Synchronous
•Asynchronous
–Rarely meet or see classmates/instructors
–Work with others across multiple time zones
–Most students have a "real" job
Comparison to University
•Similarities
–Homework
–Tests
–Grades
–Library resources
–Lectures
•Differences
–Attend class online
–Emphasis on collaborative projects
–Difficulty establishing relationships
•To the school
•To instructors
•To classmates
Benefits
•Work full-time or care for family and still go to school
•Attend a school that you otherwise might not have access to
•Often employers pay part or all of fees
•Don't have to dress to go to class
Masters in Medical Informatics
Curriculum at Northwestern University-
11 classes required
•Prerequisites-for those with a clinical background
–Networking and Telecommunications
–Data bases
•Core classes for everyone
–Technical
•Interoperability
•Decision support
•Statistics
•Introduction to medical informatics7
Curriculum cont.
–Business aspects
•Technology evaluation, acquisition, contracting
•Hospital operations
–Other
•Leadership, organizational behavior, influence techniques
•Legal issues, social issues, ethics
•Capstone class
What else could have been covered?
•Project management
•Data warehouse techniques
•Influencing government policy
•Government and private grants process
Course Instructors
•Selected regular full-time Northwestern University faculty members
•Other faculty-subject matter experts
•Guest lecturers
Curriculum at Northwestern Univ.
Synchronous sessions
•1 ½to 2 hours a week
–PowerPoint lectures by instructor
–Class discussion
–Student presentations
–Guest lecturers
–Live class polls
Asynchronous Interactions
•Assignments
•Class resources
–Recorded class sessions
–Reprints
–Library access-often to full text articles
•Discussion board
–Directed
–Spontaneous
Additional Teaching Aids
•Pre-recorded WebEx instructional sessions
•Required and optional class textbooks
•Video demonstrations
•Harvard Business School cases
Group Projects
•Collaborative effort required in almost every class
•Group dynamics
•Collaboration technologies
•Deliverables
–Group Paper
–PowerPoint Presentation
•Group grading
•Peer evaluations
Time Commitment
•Class-1 ½to 2 hours a week
•Homework/Reading-10 to 20 hours a week
•Group meetings-1 to 2 hours weekly
•Classes were on quarter basis ≈11 weeks in duration year round
•Breaks between quarters were 2 to 4 weeks
Student Performance Evaluation
•Grading-A, B, C, etc.
–Homework
–Group projects
–Presentations/Papers
–Proctored exams
•Midterm
•Final
–Peer evaluations
Technology Challenges
•Synchronous sessions
–WebEx
–Adobe Connect Pro
•Collaboration
–Group meetings
–Managing group documents
•Dropbox
•Googlegroups
•Multiple software programs needed for various classes
–Drawing-Visio
–Data base management
•Oracle/SQL
•Access
–Decision support-TreeAge
–Web page design
–Reference management-EndNote
–Outlining-Mindmapper
–Statistical package
Value provided by the Program
•Broad exposure to field of study
•Self-directed learning opportunities
•Contacts
•Challenge of group collaboration
•Valuable credential, especially for one with little practical experience in the field
•Time for reflection
•Portfolio of work
Curriculum Challenges
•Adequate subject matter coverage
•Who develops
–Program directors
–Instructors
•Certification of program
Final Thoughts
•You get out of the program what you put in
•Not for everyone
•Expensive if you pay your own way
•Requires commitment, self-discipline, patience, hard work
My Experience
I have often been asked what it was like obtaining my masters degree in medical informatics on-, line through Northwestern University. I have prepared a PowerPoint presentation that summarizes my experiences. I have reformatted the presentation for this post. I thought this might help others considering applying for an online degree program.
I was in the third group of students accepted into the online program at Northwestern University. The on campus program had been running for quite some time. I am sure the program will evolve as it becomes more mature. I think they got most of it right the first time around though.
My Distance Learning Experience
Masters of Medical Informatics at Northwestern University
School of Continuing Studies
What is Distance Learning?
•Virtual Educational Institution
–No brick and mortar centerpiece
–Timing of classes
•Synchronous
•Asynchronous
–Rarely meet or see classmates/instructors
–Work with others across multiple time zones
–Most students have a "real" job
Comparison to University
•Similarities
–Homework
–Tests
–Grades
–Library resources
–Lectures
•Differences
–Attend class online
–Emphasis on collaborative projects
–Difficulty establishing relationships
•To the school
•To instructors
•To classmates
Benefits
•Work full-time or care for family and still go to school
•Attend a school that you otherwise might not have access to
•Often employers pay part or all of fees
•Don't have to dress to go to class
Masters in Medical Informatics
Curriculum at Northwestern University-
11 classes required
•Prerequisites-for those with a clinical background
–Networking and Telecommunications
–Data bases
•Core classes for everyone
–Technical
•Interoperability
•Decision support
•Statistics
•Introduction to medical informatics7
Curriculum cont.
–Business aspects
•Technology evaluation, acquisition, contracting
•Hospital operations
–Other
•Leadership, organizational behavior, influence techniques
•Legal issues, social issues, ethics
•Capstone class
What else could have been covered?
•Project management
•Data warehouse techniques
•Influencing government policy
•Government and private grants process
Course Instructors
•Selected regular full-time Northwestern University faculty members
•Other faculty-subject matter experts
•Guest lecturers
Curriculum at Northwestern Univ.
Synchronous sessions
•1 ½to 2 hours a week
–PowerPoint lectures by instructor
–Class discussion
–Student presentations
–Guest lecturers
–Live class polls
Asynchronous Interactions
•Assignments
•Class resources
–Recorded class sessions
–Reprints
–Library access-often to full text articles
•Discussion board
–Directed
–Spontaneous
Additional Teaching Aids
•Pre-recorded WebEx instructional sessions
•Required and optional class textbooks
•Video demonstrations
•Harvard Business School cases
Group Projects
•Collaborative effort required in almost every class
•Group dynamics
•Collaboration technologies
•Deliverables
–Group Paper
–PowerPoint Presentation
•Group grading
•Peer evaluations
Time Commitment
•Class-1 ½to 2 hours a week
•Homework/Reading-10 to 20 hours a week
•Group meetings-1 to 2 hours weekly
•Classes were on quarter basis ≈11 weeks in duration year round
•Breaks between quarters were 2 to 4 weeks
Student Performance Evaluation
•Grading-A, B, C, etc.
–Homework
–Group projects
–Presentations/Papers
–Proctored exams
•Midterm
•Final
–Peer evaluations
Technology Challenges
•Synchronous sessions
–WebEx
–Adobe Connect Pro
•Collaboration
–Group meetings
–Managing group documents
•Dropbox
•Googlegroups
•Multiple software programs needed for various classes
–Drawing-Visio
–Data base management
•Oracle/SQL
•Access
–Decision support-TreeAge
–Web page design
–Reference management-EndNote
–Outlining-Mindmapper
–Statistical package
Value provided by the Program
•Broad exposure to field of study
•Self-directed learning opportunities
•Contacts
•Challenge of group collaboration
•Valuable credential, especially for one with little practical experience in the field
•Time for reflection
•Portfolio of work
Curriculum Challenges
•Adequate subject matter coverage
•Who develops
–Program directors
–Instructors
•Certification of program
Final Thoughts
•You get out of the program what you put in
•Not for everyone
•Expensive if you pay your own way
•Requires commitment, self-discipline, patience, hard work
Tuesday, November 17, 2009
EMR Certification Revisited
The Office of the National Coordinator for Health IT (ONC) continues its work on a Notice of Proposed Rule Making (NPRM) on EMR certification that is expected to be released by the end of next month. Numerous stakeholders are anxiously awaiting this information. The process for EMR certification was set on a course for a major revision after publication of the February 2009 ARRA legislation. The Certification Commission for Health Information Technology (CCHIT) was the only government recognized certification agency prior to ARRA. Since July, comments from the National Coordinator, David Blumenthal, and his staff indicate there will probably be more than one federally recognized certification body in the future. This is an extremely important topic because use of a certified EMR will be one of the major requirements for Meaningful Use that will enable providers to qualify for incentives for EMR adoption and use after 2011.
Coming in the middle of the uncertainty about certification, the Chairman of CCHIT, Dr. Mark Leavitt, announced his retirement effective March 2010. One can ponder the reasons for this timing. There have been six years of demanding work in previously unexplored territory. Dr. Leavitt should be proud of his accomplishments. The success of CCHIT is reflected in the approximately 85% of EMR systems that have voluntarily certified, without a government mandate. I wish him well in his future pursuits. Perhaps he has achieved most or all of his personal goals that were established during the initiation of CCHIT. But I think there may be other reasons.
Government plans will axe at least fifty percent of CCHIT's mission and work output. Previously, CCHIT as an organization had two arms. Over 200 volunteers organized in a number of workgroups have developed the criteria for EMR certification and they have developed test scripts for testing EMR systems to ensure the criteria are met. The Department of Health and Human Services and the National Institute of Standards and Technology will take over these duties in the future. The second arm has consisted of jurors, representing a cross section of organizations, who perform the actual testing. No overlap of membership in the two arms is allowed to avoid conflicts of interest. It now appears that the ONC will encourage competition for the roles compliance testing and certification of EMRs. These decisions challenge both arms of the CCHIT purpose. The government's stance must have been especially disappointing for the Chairman of CCHIT who has worked tirelessly for the past six years.
There are those who have challenged the approximately 30% vendor representation on CCHIT workgroups. The vendors represent a wide cross section of the vendor community. Their representatives provide invaluable insight about the capabilities and experience from the vendor perspective. This does not constitute vendor bias. In fact, it probably has just the opposite effect because work group members must function in a collaborative environment. We should ask: will the ONC will have the resources to match the intellectual output of the 200 plus volunteer CCHIT work group members when it develops the future certification criteria and test scripts? Furthermore, there should be concern among vendors and purchasers of EMR systems about how consistency will be guaranteed when multiple organizations are involved in certifying systems. Finally, recognize that it took CCHIT a few years to develop the organization and to recruit participants for its certification effort. Although the rules have not yet been published, there can be little doubt that the mandates for Meaningful Use will require that any new certification organizations be operational and ready to test no later than mid-2010 for the 2011 criteria. To say the least, this will be a very challenging timeline.
For another viewpoint, see: http://geekdoctor.blogspot.com/2009/11/certification-verses-meaningful-use.html
The Office of the National Coordinator for Health IT (ONC) continues its work on a Notice of Proposed Rule Making (NPRM) on EMR certification that is expected to be released by the end of next month. Numerous stakeholders are anxiously awaiting this information. The process for EMR certification was set on a course for a major revision after publication of the February 2009 ARRA legislation. The Certification Commission for Health Information Technology (CCHIT) was the only government recognized certification agency prior to ARRA. Since July, comments from the National Coordinator, David Blumenthal, and his staff indicate there will probably be more than one federally recognized certification body in the future. This is an extremely important topic because use of a certified EMR will be one of the major requirements for Meaningful Use that will enable providers to qualify for incentives for EMR adoption and use after 2011.
Coming in the middle of the uncertainty about certification, the Chairman of CCHIT, Dr. Mark Leavitt, announced his retirement effective March 2010. One can ponder the reasons for this timing. There have been six years of demanding work in previously unexplored territory. Dr. Leavitt should be proud of his accomplishments. The success of CCHIT is reflected in the approximately 85% of EMR systems that have voluntarily certified, without a government mandate. I wish him well in his future pursuits. Perhaps he has achieved most or all of his personal goals that were established during the initiation of CCHIT. But I think there may be other reasons.
Government plans will axe at least fifty percent of CCHIT's mission and work output. Previously, CCHIT as an organization had two arms. Over 200 volunteers organized in a number of workgroups have developed the criteria for EMR certification and they have developed test scripts for testing EMR systems to ensure the criteria are met. The Department of Health and Human Services and the National Institute of Standards and Technology will take over these duties in the future. The second arm has consisted of jurors, representing a cross section of organizations, who perform the actual testing. No overlap of membership in the two arms is allowed to avoid conflicts of interest. It now appears that the ONC will encourage competition for the roles compliance testing and certification of EMRs. These decisions challenge both arms of the CCHIT purpose. The government's stance must have been especially disappointing for the Chairman of CCHIT who has worked tirelessly for the past six years.
There are those who have challenged the approximately 30% vendor representation on CCHIT workgroups. The vendors represent a wide cross section of the vendor community. Their representatives provide invaluable insight about the capabilities and experience from the vendor perspective. This does not constitute vendor bias. In fact, it probably has just the opposite effect because work group members must function in a collaborative environment. We should ask: will the ONC will have the resources to match the intellectual output of the 200 plus volunteer CCHIT work group members when it develops the future certification criteria and test scripts? Furthermore, there should be concern among vendors and purchasers of EMR systems about how consistency will be guaranteed when multiple organizations are involved in certifying systems. Finally, recognize that it took CCHIT a few years to develop the organization and to recruit participants for its certification effort. Although the rules have not yet been published, there can be little doubt that the mandates for Meaningful Use will require that any new certification organizations be operational and ready to test no later than mid-2010 for the 2011 criteria. To say the least, this will be a very challenging timeline.
For another viewpoint, see: http://geekdoctor.blogspot.com/2009/11/certification-verses-meaningful-use.html
Monday, November 2, 2009
Consumer Preferences
The Office of the National Coordinator for Health Information Technology released a draft document for public comment on October 5th (Draft Consumer Preferences Requirements Document.) Some of the concepts brought up by that document are the subject of this post. The HITSP Consumer Preferences Tiger Team spent a considerable amount of time reviewing the document and formulating comments earlier this month. I'm sure a lot more will be said in the future. Expect the issue of Consumer Preferences to be addressed by both the HIT Policy and HIT Standards Committees. Eventually, multiple stakeholders must contribute to a strategic framework to address this topic from the health IT perspective.
The first thing to recognize is that the implementation of consumer preferences will involve policy issues as well as technological capabilities. Conflicting federal, state, and local rules and regulations cloud the related policy considerations. Trying to harmonize these disparate approaches can be a real headache. Also, under HIPAA state laws take precedence over federal regulations, if they are stricter. With sharing of health information projected to occur across multiple state boundaries in the near future, lawmakers may need to consider instituting overarching federal rules. The reason is that when policies differ significantly from one jurisdiction to another it is impossible to assure consumers that their preferences will be honored. This significantly erodes consumer trust. We all recognize that trust is essential to the stewardship of confidential personal health information. The policy challenge here will involve assertion of at least a minimal set of policies that will ensure enforcement of consumer choices from one jurisdiction to another. The technical challenge will be the need to tag discrete data elements within declared consumer preferences and ensure that the linkage remains intact as data flows between the various systems that may access that data. Mechanisms will need to be developed to reconcile different versions of a consumer's preferences so that only the most up-to-date are utilized.
A dictionary of data elements will also be needed with standard terms or at least enough information to allow mapping of data types/content between organizations. It is amazing how many terms can be used to classify consumer preferences. For example, there are various shades of meaning between the common words-consent, informed consent, authorization, preference, directive, consent for information release, etc.
There are other issues to resolve. Among those that might be included are: authentication of users, authorization for information access based on location of user, user role, context of information use, timing of information access, and more. There will be different rules for clinician access, administrative uses, health care operations, and secondary uses including research, quality reporting, and possible commercial uses of information by third parties. The latter is an especially sensitive issue for consumers. A closely related area is the sequestration of information in health records. Consumers want to control the release of their personal health information concerning sensitive issues such as alcohol abuse, HIV/AIDS status, mental health conditions, physical abuse, health issues of minors, sexually transmitted disease information, genetic history, and more. They want control to preserve privacy and prevent discriminatory practices that may occur despite legislation forbidding discrimination concerning a variety of health conditions. Clinicians are concerned that vital information may be hidden from them that could adversely affect patient care and increase the risk of medical liability claims. Health insurers are concerned that health conditions could be concealed by applicants that would adversely affect their underwriting process. Finally, some sensitive conditions have a number of associated data elements that could make it difficult to manage privacy directives. An allergy or drug could easily be an indicator for a sensitive diagnosis/condition for example.
The final topic I want to address in this post is the difficulty of acquiring consumer preferences. No standard format is currently utilized. The more discrete the choices offered, the longer it takes to record these choices. How will preferences that conflict be reconciled? Health care organizations have an obligation to educate consumers about their available preferences. This can be a time-consuming process that could tax the health care delivery resources of a practice or organization. Is it fair to place the responsibility for all this education on providers? The Agency for Health Care Research and Quality (AHRQ) has a toolkit to help clinical researchers with these tasks. The site has valuable information for all involved in the area of informed consent. The technology to collect consumer preferences is not mature. Additional standards need to be developed and rigorously tested. How granular should consumer preferences be? How do we apply the opt-in vs. the opt-out approach? We know there is a large disparity between choices made with one approach compared to the other. This is rapidly evolving area in health information technology. There are many vocal, concerned stakeholders. It will be interesting to be involved in future developments in this area.
The Office of the National Coordinator for Health Information Technology released a draft document for public comment on October 5th (Draft Consumer Preferences Requirements Document.) Some of the concepts brought up by that document are the subject of this post. The HITSP Consumer Preferences Tiger Team spent a considerable amount of time reviewing the document and formulating comments earlier this month. I'm sure a lot more will be said in the future. Expect the issue of Consumer Preferences to be addressed by both the HIT Policy and HIT Standards Committees. Eventually, multiple stakeholders must contribute to a strategic framework to address this topic from the health IT perspective.
The first thing to recognize is that the implementation of consumer preferences will involve policy issues as well as technological capabilities. Conflicting federal, state, and local rules and regulations cloud the related policy considerations. Trying to harmonize these disparate approaches can be a real headache. Also, under HIPAA state laws take precedence over federal regulations, if they are stricter. With sharing of health information projected to occur across multiple state boundaries in the near future, lawmakers may need to consider instituting overarching federal rules. The reason is that when policies differ significantly from one jurisdiction to another it is impossible to assure consumers that their preferences will be honored. This significantly erodes consumer trust. We all recognize that trust is essential to the stewardship of confidential personal health information. The policy challenge here will involve assertion of at least a minimal set of policies that will ensure enforcement of consumer choices from one jurisdiction to another. The technical challenge will be the need to tag discrete data elements within declared consumer preferences and ensure that the linkage remains intact as data flows between the various systems that may access that data. Mechanisms will need to be developed to reconcile different versions of a consumer's preferences so that only the most up-to-date are utilized.
A dictionary of data elements will also be needed with standard terms or at least enough information to allow mapping of data types/content between organizations. It is amazing how many terms can be used to classify consumer preferences. For example, there are various shades of meaning between the common words-consent, informed consent, authorization, preference, directive, consent for information release, etc.
There are other issues to resolve. Among those that might be included are: authentication of users, authorization for information access based on location of user, user role, context of information use, timing of information access, and more. There will be different rules for clinician access, administrative uses, health care operations, and secondary uses including research, quality reporting, and possible commercial uses of information by third parties. The latter is an especially sensitive issue for consumers. A closely related area is the sequestration of information in health records. Consumers want to control the release of their personal health information concerning sensitive issues such as alcohol abuse, HIV/AIDS status, mental health conditions, physical abuse, health issues of minors, sexually transmitted disease information, genetic history, and more. They want control to preserve privacy and prevent discriminatory practices that may occur despite legislation forbidding discrimination concerning a variety of health conditions. Clinicians are concerned that vital information may be hidden from them that could adversely affect patient care and increase the risk of medical liability claims. Health insurers are concerned that health conditions could be concealed by applicants that would adversely affect their underwriting process. Finally, some sensitive conditions have a number of associated data elements that could make it difficult to manage privacy directives. An allergy or drug could easily be an indicator for a sensitive diagnosis/condition for example.
The final topic I want to address in this post is the difficulty of acquiring consumer preferences. No standard format is currently utilized. The more discrete the choices offered, the longer it takes to record these choices. How will preferences that conflict be reconciled? Health care organizations have an obligation to educate consumers about their available preferences. This can be a time-consuming process that could tax the health care delivery resources of a practice or organization. Is it fair to place the responsibility for all this education on providers? The Agency for Health Care Research and Quality (AHRQ) has a toolkit to help clinical researchers with these tasks. The site has valuable information for all involved in the area of informed consent. The technology to collect consumer preferences is not mature. Additional standards need to be developed and rigorously tested. How granular should consumer preferences be? How do we apply the opt-in vs. the opt-out approach? We know there is a large disparity between choices made with one approach compared to the other. This is rapidly evolving area in health information technology. There are many vocal, concerned stakeholders. It will be interesting to be involved in future developments in this area.
Monday, October 26, 2009
Breach Notification for Protected Health Information. Part 2.
This is a continuation of the previous post. Included is a summary and commentary concerning the recent announcement of an Interim Final Rule (IFR) on health information breach notification by the Secretary of Health and Human Services (HHS). Those participating in the field of medical informatics should become familiar with this IFR. As a reminder, unsecured protected health information can include information in any form or medium, including electronic, paper, or oral. An important element of the Act applies to possible conflicts between federal and state privacy and breach reporting laws. In general, the effect of the new HIPAA regulations provides that HIPAA administrative simplification provisions generally preempt conflicting State law.
There is a three-step process to determining if breach notification is required. The first step is to determine whether a use or disclosure of protected health information violates the HIPAA Privacy Rule. If a violation of the Privacy Rule has occurred then the next step is to determine whether the violation compromises the security or privacy of the protected health information.
The compromise of protected health information must pose a significant risk of financial, reputational, or other harm to the individual. This means that covered entities (CEs) and business associates (BAs) will need to perform a risk assessment to determine if there is a significant risk of harm to the individual as a result of the impermissible use or disclosure. This risk assessment should be based on known facts. The risk assessment must be documented and retained against the possibility of an Office of Civil Rights investigation. Risk assessments should consider to whom the information was disclosed and who used it. Other considerations include the type and amount of protected health information involved in the disclosure. If the type of information disclosed does not pose a significant risk of financial, reputational, or other harm, then the violation does not constitute a breach under the Rule. It should be noted that limited data sets are considered protected health information under the Act unless identifiers such as birth date and zip code are removed. This decision was made by policy makers because of the risk of re-identification when only the 16 identifiers listed in the HIPAA Privacy Rule for limited data sets are removed.
The final step is to determine if the breach falls under one of the three exceptions to the definition of breach: 1) Unintentional acquisition, access, or use of protected health information by an employee or individual acting under the authority of a covered or business associate, 2) inadvertent disclosure of protected health information from one person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate, and 3) unauthorized disclosures in which an unauthorized person to whom protected health information is disclosed would not reasonably have been able to retain the information. Notification is not required if one of these exceptions apply.
A breach is considered discovered when the incident becomes known, not when the CE or BA concludes the risk analysis and decides on the basis of the facts that a breach has occurred. The Act states that a breach shall be treated as discovered by a covered entity as of the first day the breach is known to the covered entity or by exercising reasonable diligence would have been known to the covered entity. Reasonable diligence means the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances. This means that it is important for CEs and BAs to implement systems for discovery of breaches. This should include workforce training about the importance of timely reporting of privacy and security incidents and the consequences of failing to do so.
A CE may take a reasonable time to investigate the circumstances surrounding the breach in order to collect and develop the information required to be included in the notice of a data breach to individuals. The IFR states that a CE shall send the required notification without unreasonable delay and, in no case later than 60 calendar days after the date the breach was discovered. The Act specifies five elements that must be included in the breach notice: 1) a brief description of what happened, including the date of the breach and the date of the discovery of the breach, 2) a description of the types of unsecured protected health information that that were involved in the breach, 3) steps individuals should take to protect themselves from potential harem resulting from the breach, 4) a brief description of what the CE involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches, and 5) contact procedures for individuals to ask question or learn additional information, which must include a toll-free telephone number, an e-mail address, Web site, or postal address. The notice should not contain any unsecured protected health information itself. The written notice will be sent by first-class mail to the last known address of the individual.
If there is out-of-date contact information for 10 or more individuals, then the CE must provide substitute notice through either a conspicuous posting for a period of 90 days on the home page of its Web site or conspicuous notice in major print or broadcast media in geographic areas where the individuals affected by the breach likely reside. As described above, these substitute notifications must be provided in a manner that is reasonably calculated to reach the affected individuals. In addition, the CE must have a toll-free phone number, active for 90 days, where an individual can learn whether the their unsecured protected health information may be included in the breach and include the number in the notice.
For breaches involving less than 500 individuals, a CE must maintain a log or other documentation to be submitted annually to the Secretary of HHS for breaches that occurred during the preceding calendar year. For breaches involving more than 500 individuals, the Secretary must be notified immediately. The instructions for notification will be posted on the HHS Web site. Furthermore, if the unsecured protected health information of more than 500 residents of a state or jurisdiction is breached then notice must be provided to prominent media outlets serving that area. This media notice requirement is different from the substitute media notice mentioned above. The notification of the media must be carried out within the same timeframe required for the notice to individuals. In other words, media outlets must be notified without unreasonable delay, but in no case later than sixty calendar days following discovery of a breach.
Finally, the Act requires a business associate of a covered entity that accesses, maintains, retains, modifies, records, destroys, or otherwise holds, uses, or discloses unsecured protected health information to notify the covered entity when it discovers a breach of such information. The CE then must provide the notices to individuals and the media as outlined above. A business associate that maintains the protected health information of multiple covered entities need notify only the covered entity(s) to which the breached information relates.
This is a continuation of the previous post. Included is a summary and commentary concerning the recent announcement of an Interim Final Rule (IFR) on health information breach notification by the Secretary of Health and Human Services (HHS). Those participating in the field of medical informatics should become familiar with this IFR. As a reminder, unsecured protected health information can include information in any form or medium, including electronic, paper, or oral. An important element of the Act applies to possible conflicts between federal and state privacy and breach reporting laws. In general, the effect of the new HIPAA regulations provides that HIPAA administrative simplification provisions generally preempt conflicting State law.
There is a three-step process to determining if breach notification is required. The first step is to determine whether a use or disclosure of protected health information violates the HIPAA Privacy Rule. If a violation of the Privacy Rule has occurred then the next step is to determine whether the violation compromises the security or privacy of the protected health information.
The compromise of protected health information must pose a significant risk of financial, reputational, or other harm to the individual. This means that covered entities (CEs) and business associates (BAs) will need to perform a risk assessment to determine if there is a significant risk of harm to the individual as a result of the impermissible use or disclosure. This risk assessment should be based on known facts. The risk assessment must be documented and retained against the possibility of an Office of Civil Rights investigation. Risk assessments should consider to whom the information was disclosed and who used it. Other considerations include the type and amount of protected health information involved in the disclosure. If the type of information disclosed does not pose a significant risk of financial, reputational, or other harm, then the violation does not constitute a breach under the Rule. It should be noted that limited data sets are considered protected health information under the Act unless identifiers such as birth date and zip code are removed. This decision was made by policy makers because of the risk of re-identification when only the 16 identifiers listed in the HIPAA Privacy Rule for limited data sets are removed.
The final step is to determine if the breach falls under one of the three exceptions to the definition of breach: 1) Unintentional acquisition, access, or use of protected health information by an employee or individual acting under the authority of a covered or business associate, 2) inadvertent disclosure of protected health information from one person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate, and 3) unauthorized disclosures in which an unauthorized person to whom protected health information is disclosed would not reasonably have been able to retain the information. Notification is not required if one of these exceptions apply.
A breach is considered discovered when the incident becomes known, not when the CE or BA concludes the risk analysis and decides on the basis of the facts that a breach has occurred. The Act states that a breach shall be treated as discovered by a covered entity as of the first day the breach is known to the covered entity or by exercising reasonable diligence would have been known to the covered entity. Reasonable diligence means the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances. This means that it is important for CEs and BAs to implement systems for discovery of breaches. This should include workforce training about the importance of timely reporting of privacy and security incidents and the consequences of failing to do so.
A CE may take a reasonable time to investigate the circumstances surrounding the breach in order to collect and develop the information required to be included in the notice of a data breach to individuals. The IFR states that a CE shall send the required notification without unreasonable delay and, in no case later than 60 calendar days after the date the breach was discovered. The Act specifies five elements that must be included in the breach notice: 1) a brief description of what happened, including the date of the breach and the date of the discovery of the breach, 2) a description of the types of unsecured protected health information that that were involved in the breach, 3) steps individuals should take to protect themselves from potential harem resulting from the breach, 4) a brief description of what the CE involved is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches, and 5) contact procedures for individuals to ask question or learn additional information, which must include a toll-free telephone number, an e-mail address, Web site, or postal address. The notice should not contain any unsecured protected health information itself. The written notice will be sent by first-class mail to the last known address of the individual.
If there is out-of-date contact information for 10 or more individuals, then the CE must provide substitute notice through either a conspicuous posting for a period of 90 days on the home page of its Web site or conspicuous notice in major print or broadcast media in geographic areas where the individuals affected by the breach likely reside. As described above, these substitute notifications must be provided in a manner that is reasonably calculated to reach the affected individuals. In addition, the CE must have a toll-free phone number, active for 90 days, where an individual can learn whether the their unsecured protected health information may be included in the breach and include the number in the notice.
For breaches involving less than 500 individuals, a CE must maintain a log or other documentation to be submitted annually to the Secretary of HHS for breaches that occurred during the preceding calendar year. For breaches involving more than 500 individuals, the Secretary must be notified immediately. The instructions for notification will be posted on the HHS Web site. Furthermore, if the unsecured protected health information of more than 500 residents of a state or jurisdiction is breached then notice must be provided to prominent media outlets serving that area. This media notice requirement is different from the substitute media notice mentioned above. The notification of the media must be carried out within the same timeframe required for the notice to individuals. In other words, media outlets must be notified without unreasonable delay, but in no case later than sixty calendar days following discovery of a breach.
Finally, the Act requires a business associate of a covered entity that accesses, maintains, retains, modifies, records, destroys, or otherwise holds, uses, or discloses unsecured protected health information to notify the covered entity when it discovers a breach of such information. The CE then must provide the notices to individuals and the media as outlined above. A business associate that maintains the protected health information of multiple covered entities need notify only the covered entity(s) to which the breached information relates.
Thursday, October 15, 2009
Medical Information Breach Notification
The American Recovery and Reinvestment Act (ARRA) of February 2009 contained sections that outlined new requirements for breach notification. The Protection of the Privacy and Security of protected health information was outlined in HIPAA in 1996. ARRA imposes new requirements for Covered Entities, Business Associates, and certain other organizations such as personal health record vendors to report breach events to consumers and the Secretary of Health and Human Services. Virtually everyone who handles, maintains, or forwards protected health information will need to be very familiar with the new breach notification law. The Department of Health and Human Services published an Interim Final Rule (IFR) with request for comments August 24, 2009 in the Federal Register. The next few posts of this blog will address the key sections of the newly released regulations.
The breach notification provisions apply to "HIPAA covered entities and their business associates that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured protected health information." The Office of Civil Rights will be responsible for enforcing the regulations except for portions that apply to Personal Health Records (PHRs, see below.)The definitions of the terms used here conform to those provided in the original HIPAA regulations. The key words here are "covered entities," "business associates," and "unsecured protected health information." After a breach of unsecured protected health information has been discovered by a covered entity, notice must be provided to all affected individuals and to the Secretary of Health and Human Services (HHS.) If a data breach occurs at a business associate of a covered entity, then the business associate must notify the covered entity. Furthermore, the Secretary of HHS must post a list of covered entities that experience breaches of unsecured protected health information involving more than 500 individuals on an HHS Web site. Similar breach notification requirements will be imposed by the Federal Trade Commission (FTC) on vendors of PHRs and their third party service providers. This is an important additional protection to consumers that was not provided by the original version of HIPAA.
The definition of an information breach as defined by the regulations is critical. A breach is "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information." Several exceptions are called out by the regulations such as instances where the information is retrieved before it can be viewed and unintentional acquisition of information that has no potential harmful effect and appropriate mitigation actions are implemented.
The IFR defines unsecured protected health information as "protected health information that is not secured through the use of a technology or methodology specified by the Secretary, in guidance, that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals." The guidance was published in the Federal Register on April 27, 2009 (74 FR 19006). This is an important notice that must be considered hand-in-hand with the IFR. It lists encryption and destruction as the two technologies and methodologies approved by the Secretary. Covered entities and business associates that implement encryption or destruction with respect to protected health information are not required to report a breach, if one occurs, because the information will not be considered "unsecured." This section will certainly have a major impact on how information is managed by health care organizations, providers, and insurance plans. The Act introduces strong incentives for investment in data security improvements to minimize the possibility of reportable data breaches. Consider how an organization would choose to mitigate the risk of the most common cause of data breaches- a lost or stolen laptop computer.
The IFR does not modify the HIPAA Security Rule. For example, it does not mandate encryption of protected health information. However if a data breach occurs, and even if an organization is in compliance with the Security Rule, if an encryption algorithm that is not specified in the guidance was not used to safeguard protected health information, then the breach notification requirement would apply. To ensure that encryption keys are not breached, the guidance advises covered entities and business associates to keep encryption keys on a separate device from that used to encrypt or decrypt data. Also, access controls do not meet the statutory requirement of rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals. For paper-based health information redaction is not an acceptable method to secure protected health information either. Only destructive methods fulfill the standards mentioned in the guidance. See for further information on these topics:
Data at rest encryption: NIST Special Publication 800-111
Data in motion encryption: NIST Special Publication 800-52, 800-77, 800-113, and others which are Federal Information Processing Standards (FIPS) 140-2 validated
Destruction of electronic media: NIST Special Publication 800-88
The publications are easily accessible on the Web.
Coming up next: How to detect data breaches. What to do when a breach occurs.
The American Recovery and Reinvestment Act (ARRA) of February 2009 contained sections that outlined new requirements for breach notification. The Protection of the Privacy and Security of protected health information was outlined in HIPAA in 1996. ARRA imposes new requirements for Covered Entities, Business Associates, and certain other organizations such as personal health record vendors to report breach events to consumers and the Secretary of Health and Human Services. Virtually everyone who handles, maintains, or forwards protected health information will need to be very familiar with the new breach notification law. The Department of Health and Human Services published an Interim Final Rule (IFR) with request for comments August 24, 2009 in the Federal Register. The next few posts of this blog will address the key sections of the newly released regulations.
The breach notification provisions apply to "HIPAA covered entities and their business associates that access, maintain, retain, modify, record, store, destroy, or otherwise hold, use, or disclose unsecured protected health information." The Office of Civil Rights will be responsible for enforcing the regulations except for portions that apply to Personal Health Records (PHRs, see below.)The definitions of the terms used here conform to those provided in the original HIPAA regulations. The key words here are "covered entities," "business associates," and "unsecured protected health information." After a breach of unsecured protected health information has been discovered by a covered entity, notice must be provided to all affected individuals and to the Secretary of Health and Human Services (HHS.) If a data breach occurs at a business associate of a covered entity, then the business associate must notify the covered entity. Furthermore, the Secretary of HHS must post a list of covered entities that experience breaches of unsecured protected health information involving more than 500 individuals on an HHS Web site. Similar breach notification requirements will be imposed by the Federal Trade Commission (FTC) on vendors of PHRs and their third party service providers. This is an important additional protection to consumers that was not provided by the original version of HIPAA.
The definition of an information breach as defined by the regulations is critical. A breach is "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information." Several exceptions are called out by the regulations such as instances where the information is retrieved before it can be viewed and unintentional acquisition of information that has no potential harmful effect and appropriate mitigation actions are implemented.
The IFR defines unsecured protected health information as "protected health information that is not secured through the use of a technology or methodology specified by the Secretary, in guidance, that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals." The guidance was published in the Federal Register on April 27, 2009 (74 FR 19006). This is an important notice that must be considered hand-in-hand with the IFR. It lists encryption and destruction as the two technologies and methodologies approved by the Secretary. Covered entities and business associates that implement encryption or destruction with respect to protected health information are not required to report a breach, if one occurs, because the information will not be considered "unsecured." This section will certainly have a major impact on how information is managed by health care organizations, providers, and insurance plans. The Act introduces strong incentives for investment in data security improvements to minimize the possibility of reportable data breaches. Consider how an organization would choose to mitigate the risk of the most common cause of data breaches- a lost or stolen laptop computer.
The IFR does not modify the HIPAA Security Rule. For example, it does not mandate encryption of protected health information. However if a data breach occurs, and even if an organization is in compliance with the Security Rule, if an encryption algorithm that is not specified in the guidance was not used to safeguard protected health information, then the breach notification requirement would apply. To ensure that encryption keys are not breached, the guidance advises covered entities and business associates to keep encryption keys on a separate device from that used to encrypt or decrypt data. Also, access controls do not meet the statutory requirement of rendering protected health information unusable, unreadable, or indecipherable to unauthorized individuals. For paper-based health information redaction is not an acceptable method to secure protected health information either. Only destructive methods fulfill the standards mentioned in the guidance. See for further information on these topics:
Data at rest encryption: NIST Special Publication 800-111
Data in motion encryption: NIST Special Publication 800-52, 800-77, 800-113, and others which are Federal Information Processing Standards (FIPS) 140-2 validated
Destruction of electronic media: NIST Special Publication 800-88
The publications are easily accessible on the Web.
Coming up next: How to detect data breaches. What to do when a breach occurs.
Wednesday, September 30, 2009
Quality Reporting
Quality Reporting is one of the key components for Meaningful Use included in the ARRA portion of the economic stimulus package. A requirement for EMRs to report various quality measures is sure to be incorporated in the rule-making regulations now being refined for publication later this year. The standards and technology needed to facilitate interoperable electronic submission and reception of quality reports are evolving. Some are still being developed and tested. Others are relatively immature and have not been widely incorporated into EMRs. Meeting the timelines determined by ARRA will be a challenge for many of the involved stakeholders.
Models for quality reporting are CMS' Core Measures for hospital care and the Physician Quality Reporting Initiative (PQRI) for outpatient services. Quality measurement development organizations are too numerous to mention but include the Joint Commission, National Quality Forum (NQF), National Committee for Quality Assurance (NCQA), and Agency for Healthcare Research and Quality (AHRQ.) There are probably over 600 quality measures that have been developed. There are a number of problems with quality measurement and reporting. There are too many quality measures already. The organizations that develop quality measures rarely coordinate their efforts. Validation of the existing measures has not been extensive, thorough, or scientific in many cases. The number of organizations demanding quality reports is excessive, ever growing, and represents an increasing drain on precious health care resources. The mechanisms for collecting, aggregating, transmitting, and analyzing these reports are poorly defined, lack necessary standards and vocabulary, and, in many cases, the infrastructure for handling electronically do not exist.
The Meaningful Use (MU) regulations for quality reporting will not be published until late this year and early next. Discussions within the two health information technology FACA committees (HIT Policy Committee and HIT Standards Committee) that report to the Office of the National Coordinator for Health Information Technology seem to indicate that the requirements for 2011 will mostly be based on self-attestation, either paper-based or electronic, with entirely electronic reporting by 2015. The quality workgroup of the HIT Standards Committee has recommended 29 preliminary measures. Eventually decisions will need to be made about whether EMRs will be able to collect/calculate all of these measures internally or whether intermediaries will be needed. Also, government agencies tasked with collecting the reports and assessing MU will need to rapidly ramp up their capabilities to manage and promulgate this information electronically. For example, I have heard reports that CMS was not prepared to accept PQRI data from providers when that program was first initiated. Furthermore, transport mechanisms, to include privacy and security, need to be defined. Will the systems support just send/receive transactions or will query/respond transactions also be utilized (these will almost certainly be required.)
On the near horizon: HL7 and IHE have helped develop the QRDA (Quality Reporting Data Architecture) and the Performance Quality Report profile. QRDA provides a framework for reporting patient level quality data across disparate systems. Reports are published in XML to provide human and machine readable. It will be interesting to watch for standard vocabulary development and trial implementations.
Quality Reporting is one of the key components for Meaningful Use included in the ARRA portion of the economic stimulus package. A requirement for EMRs to report various quality measures is sure to be incorporated in the rule-making regulations now being refined for publication later this year. The standards and technology needed to facilitate interoperable electronic submission and reception of quality reports are evolving. Some are still being developed and tested. Others are relatively immature and have not been widely incorporated into EMRs. Meeting the timelines determined by ARRA will be a challenge for many of the involved stakeholders.
Models for quality reporting are CMS' Core Measures for hospital care and the Physician Quality Reporting Initiative (PQRI) for outpatient services. Quality measurement development organizations are too numerous to mention but include the Joint Commission, National Quality Forum (NQF), National Committee for Quality Assurance (NCQA), and Agency for Healthcare Research and Quality (AHRQ.) There are probably over 600 quality measures that have been developed. There are a number of problems with quality measurement and reporting. There are too many quality measures already. The organizations that develop quality measures rarely coordinate their efforts. Validation of the existing measures has not been extensive, thorough, or scientific in many cases. The number of organizations demanding quality reports is excessive, ever growing, and represents an increasing drain on precious health care resources. The mechanisms for collecting, aggregating, transmitting, and analyzing these reports are poorly defined, lack necessary standards and vocabulary, and, in many cases, the infrastructure for handling electronically do not exist.
The Meaningful Use (MU) regulations for quality reporting will not be published until late this year and early next. Discussions within the two health information technology FACA committees (HIT Policy Committee and HIT Standards Committee) that report to the Office of the National Coordinator for Health Information Technology seem to indicate that the requirements for 2011 will mostly be based on self-attestation, either paper-based or electronic, with entirely electronic reporting by 2015. The quality workgroup of the HIT Standards Committee has recommended 29 preliminary measures. Eventually decisions will need to be made about whether EMRs will be able to collect/calculate all of these measures internally or whether intermediaries will be needed. Also, government agencies tasked with collecting the reports and assessing MU will need to rapidly ramp up their capabilities to manage and promulgate this information electronically. For example, I have heard reports that CMS was not prepared to accept PQRI data from providers when that program was first initiated. Furthermore, transport mechanisms, to include privacy and security, need to be defined. Will the systems support just send/receive transactions or will query/respond transactions also be utilized (these will almost certainly be required.)
On the near horizon: HL7 and IHE have helped develop the QRDA (Quality Reporting Data Architecture) and the Performance Quality Report profile. QRDA provides a framework for reporting patient level quality data across disparate systems. Reports are published in XML to provide human and machine readable. It will be interesting to watch for standard vocabulary development and trial implementations.
Monday, September 14, 2009
September 14, 2009
Reconciliation-an unmet challenge
There is little doubt that in the near future, more electronic clinical information will be shared between providers using established standards and various methods of information exchange. The goal is to provide the most accurate, up-to-date information to the clinician, when it is needed. An associated benefit for patients is that they will not have to fill out redundant forms. However, a new problem is about to be created. Multiple sources of information will be available to clinicians. The data will need to be collected, sorted, aggregated, de-duplicated and reformatted to serve as the source of truth for patient care. Clinicians will want this process to be automated, as much as possible. They will not want to have to click through multiple screens and scroll through pages of data. The final report will need to be reviewed with patients to verify accuracy whenever possible.
What types of information will need to be reconciled? As one starts thinking about this question, the list of possible answers seems to grow. Examples include: medications, laboratory reports, CCD documents, and administrative information. Consumer preferences for information release and advanced directives will be areas that it will be especially important to keep up to date. They have been mentioned as priorities by the Office of the National Coordinator for Health IT.
There will be multiple steps in the process. Location(s) where data is stored will need to be identified. Next the data must be imported (via a push or pull transport mechanism) and stored. Then the sorting process will occur that harmonizes all the data that is available. Finally, a report of the most accurate, up-to-date data will be presented to the clinician to review with the patient. Ideally, this would be a one click activity. All the decision rules would need to be incorporated into software to automate the process. (The banking world has developed a similar capability but their data does not have the variety of data elements that is seen in health care.)
In the inpatient setting, this would be used with every transfer of care between providers in the hospital. The transition from inpatient care to ambulatory care is an especially important area when reconciliation of electronic medical records must occur. Finally, in the ambulatory setting, reconciliation will be necessary when patients travel from one provider to another.
A good question is whether a potent, general type of software might be used to process all the different types of data- "the reconciliator" or whether multiple varieties of specialized software will be needed for each type of message/document. I suspect that the latter will need to be the choice. A special case may be the reconciliation of CCD documents. Here, if the software is designed around all the CCD sections, the data types and vocabularies will be standardized so complete CCDs and their summaries might easily be reconciled by one piece of software. It is imperative for EMR vendors and their engineers to address this important emerging EMR capability.
Reconciliation-an unmet challenge
There is little doubt that in the near future, more electronic clinical information will be shared between providers using established standards and various methods of information exchange. The goal is to provide the most accurate, up-to-date information to the clinician, when it is needed. An associated benefit for patients is that they will not have to fill out redundant forms. However, a new problem is about to be created. Multiple sources of information will be available to clinicians. The data will need to be collected, sorted, aggregated, de-duplicated and reformatted to serve as the source of truth for patient care. Clinicians will want this process to be automated, as much as possible. They will not want to have to click through multiple screens and scroll through pages of data. The final report will need to be reviewed with patients to verify accuracy whenever possible.
What types of information will need to be reconciled? As one starts thinking about this question, the list of possible answers seems to grow. Examples include: medications, laboratory reports, CCD documents, and administrative information. Consumer preferences for information release and advanced directives will be areas that it will be especially important to keep up to date. They have been mentioned as priorities by the Office of the National Coordinator for Health IT.
There will be multiple steps in the process. Location(s) where data is stored will need to be identified. Next the data must be imported (via a push or pull transport mechanism) and stored. Then the sorting process will occur that harmonizes all the data that is available. Finally, a report of the most accurate, up-to-date data will be presented to the clinician to review with the patient. Ideally, this would be a one click activity. All the decision rules would need to be incorporated into software to automate the process. (The banking world has developed a similar capability but their data does not have the variety of data elements that is seen in health care.)
In the inpatient setting, this would be used with every transfer of care between providers in the hospital. The transition from inpatient care to ambulatory care is an especially important area when reconciliation of electronic medical records must occur. Finally, in the ambulatory setting, reconciliation will be necessary when patients travel from one provider to another.
A good question is whether a potent, general type of software might be used to process all the different types of data- "the reconciliator" or whether multiple varieties of specialized software will be needed for each type of message/document. I suspect that the latter will need to be the choice. A special case may be the reconciliation of CCD documents. Here, if the software is designed around all the CCD sections, the data types and vocabularies will be standardized so complete CCDs and their summaries might easily be reconciled by one piece of software. It is imperative for EMR vendors and their engineers to address this important emerging EMR capability.
Thursday, September 10, 2009
Online Education
September 10, 2009
Online Learning
I recently graduated from an online graduate degree program offered by Northwestern University. There are several reasons why online programs are growing in popularity. Many working students have an opportunity to obtain advanced training that otherwise would not be available; most classes are held at night, after work. Parents with child-raising responsibilities can attend classes from home while still taking care of the kids. Employers who contribute to an employee's education strengthen their workforce while being able to retain valued workers. Colleges with online programs have the chance to expand their student base. The schools do not need to support the high overhead of bricks and mortar classrooms even while charging regular tuition rates. Faculties often are enriched by instructors with practical experience in their fields, even if they are somewhat less academically oriented. This is an excellent forum to put technology to work for educational outreach and could serve as a model for other types of educational activities needed by universities and corporations to develop the technologically advanced workforce that will be required in coming decades. Finally, there is a lot of latitude to apply innovative ideas to the process of education.
The application process is similar to on campus programs. Some graduate programs do not require completion of the GRE. Mine did not when I applied two years ago although transcripts from previous schools were required. Interest in online education has been strong so schools have their choice of highly qualified candidates. Most programs are accredited, but there are a variety or organizations offering accreditation so prospective students should be careful to evaluate the programs that interest them.
Online classes may be conducted synchronously (real-time) or asynchronously. Many use a combination of the two methods. Synchronous teaching sessions use web-based teleconferencing with or without a telephone bridge for audio. Students need access to a broadband Internet connection. Technical issues arise frequently but they are usually easy to solve. Asynchronous solutions do not require such robust Internet connections but they have functional limitations and restrict interaction of students with each other and with faculty. Most educational programs utilize course management software such as Blackboard© to communicate weekly assignments, supplemental educational material, discussion boards, homework submission, and to post grades. A critical element of almost every class at Northwestern University was a group project. We had to learn to effectively collaborate and be productive in the face of demanding work schedules with students that lived in different time zones that spanned the country.
Online education poses challenges for students. Foremost is a commitment to continued learning and self-discipline to study and work hard. In my program, each class demanded ten to twenty hours of work per week to keep up with homework, class sessions, group projects, tests, and discussion board participation. There were eleven required classes. We operated on the quarter system with just short breaks between quarters. The program I participated in was technology-oriented. Students needed to learn new software packages for many classes. For example, I used MS Word, PowerPoint, Access, Excel, Visio, SQL, SPSS, TreeAge, WebEx, Adobe Connect Pro, EndNote, and Blackboard. Most classes had a final exam that required one to visit a proctored test site. One of the biggest challenges was managing the dynamics of working in groups where the members never met in person, never even saw each other, lived in different time zones, had different clinical or technical expertise and sometimes came to online meetings carrying the burdens of their personal lives, home, and work.
I think online education is the wave of the future in adult education. Many workers change careers during their lifetimes and need retraining. Also, a major way of advancing ones career is to learn new skills. Online education is a realistic way to meet each of these requirements.
Online Learning
I recently graduated from an online graduate degree program offered by Northwestern University. There are several reasons why online programs are growing in popularity. Many working students have an opportunity to obtain advanced training that otherwise would not be available; most classes are held at night, after work. Parents with child-raising responsibilities can attend classes from home while still taking care of the kids. Employers who contribute to an employee's education strengthen their workforce while being able to retain valued workers. Colleges with online programs have the chance to expand their student base. The schools do not need to support the high overhead of bricks and mortar classrooms even while charging regular tuition rates. Faculties often are enriched by instructors with practical experience in their fields, even if they are somewhat less academically oriented. This is an excellent forum to put technology to work for educational outreach and could serve as a model for other types of educational activities needed by universities and corporations to develop the technologically advanced workforce that will be required in coming decades. Finally, there is a lot of latitude to apply innovative ideas to the process of education.
The application process is similar to on campus programs. Some graduate programs do not require completion of the GRE. Mine did not when I applied two years ago although transcripts from previous schools were required. Interest in online education has been strong so schools have their choice of highly qualified candidates. Most programs are accredited, but there are a variety or organizations offering accreditation so prospective students should be careful to evaluate the programs that interest them.
Online classes may be conducted synchronously (real-time) or asynchronously. Many use a combination of the two methods. Synchronous teaching sessions use web-based teleconferencing with or without a telephone bridge for audio. Students need access to a broadband Internet connection. Technical issues arise frequently but they are usually easy to solve. Asynchronous solutions do not require such robust Internet connections but they have functional limitations and restrict interaction of students with each other and with faculty. Most educational programs utilize course management software such as Blackboard© to communicate weekly assignments, supplemental educational material, discussion boards, homework submission, and to post grades. A critical element of almost every class at Northwestern University was a group project. We had to learn to effectively collaborate and be productive in the face of demanding work schedules with students that lived in different time zones that spanned the country.
Online education poses challenges for students. Foremost is a commitment to continued learning and self-discipline to study and work hard. In my program, each class demanded ten to twenty hours of work per week to keep up with homework, class sessions, group projects, tests, and discussion board participation. There were eleven required classes. We operated on the quarter system with just short breaks between quarters. The program I participated in was technology-oriented. Students needed to learn new software packages for many classes. For example, I used MS Word, PowerPoint, Access, Excel, Visio, SQL, SPSS, TreeAge, WebEx, Adobe Connect Pro, EndNote, and Blackboard. Most classes had a final exam that required one to visit a proctored test site. One of the biggest challenges was managing the dynamics of working in groups where the members never met in person, never even saw each other, lived in different time zones, had different clinical or technical expertise and sometimes came to online meetings carrying the burdens of their personal lives, home, and work.
I think online education is the wave of the future in adult education. Many workers change careers during their lifetimes and need retraining. Also, a major way of advancing ones career is to learn new skills. Online education is a realistic way to meet each of these requirements.
Wednesday, August 19, 2009
August 19, 2009
Certification Follow-up
The HIT Policy Committee held its monthly meeting last Friday. Certification of electronic health records systems was again a topic of considerable discussion. There was some push-back on the marginalization of CCHIT that seemed to have been implied at the July meeting.
Here is my summary of the certification discussion: HHS certification of a system means that a user of such a certified system will qualify for ARRA incentives if the other criteria for Meaningful Use are met. The National Institute for Standards and Technology (NIST) is expected to take the lead in accrediting organizations aiming to offer HHS certification. NIST is not expected to certify systems itself but will work with the Office of the National Coordinator (ONC) to develop the process. The committee mentioned that the precise number of certification organizations has not been determined. All that is clear is that there will be one or more organizations involved.
My sense from listening to the discussion is that committee members have come to better appreciate the complexity of certification than was apparent during the July meeting. There was concern that use of multiple certifying bodies might create confusion about the certification process and criteria throughout the health IT industry.
The HIT Policy Committee indicates that it will rely on CCHIT for continuing advice in order to leverage existing certification work whenever possible in its advisory role to the ONC. The committee, however, seems committed to separating the development of criteria for certification from the actual testing process. Presumably this means that the HIT Policy Committee will take the lead in setting the timing and criteria for certification in the future.
Certification Follow-up
The HIT Policy Committee held its monthly meeting last Friday. Certification of electronic health records systems was again a topic of considerable discussion. There was some push-back on the marginalization of CCHIT that seemed to have been implied at the July meeting.
Here is my summary of the certification discussion: HHS certification of a system means that a user of such a certified system will qualify for ARRA incentives if the other criteria for Meaningful Use are met. The National Institute for Standards and Technology (NIST) is expected to take the lead in accrediting organizations aiming to offer HHS certification. NIST is not expected to certify systems itself but will work with the Office of the National Coordinator (ONC) to develop the process. The committee mentioned that the precise number of certification organizations has not been determined. All that is clear is that there will be one or more organizations involved.
My sense from listening to the discussion is that committee members have come to better appreciate the complexity of certification than was apparent during the July meeting. There was concern that use of multiple certifying bodies might create confusion about the certification process and criteria throughout the health IT industry.
The HIT Policy Committee indicates that it will rely on CCHIT for continuing advice in order to leverage existing certification work whenever possible in its advisory role to the ONC. The committee, however, seems committed to separating the development of criteria for certification from the actual testing process. Presumably this means that the HIT Policy Committee will take the lead in setting the timing and criteria for certification in the future.
Tuesday, August 18, 2009
August 18, 2009
Health Information Exchange
I attended a conference recently where health information exchange (HIE) was discussed. One of the presenters asserted that the technological aspects of HIEs are easy problems to solve compared to developing governance that can be agreed upon by all stakeholders. I will discuss these two HIE issues in this session.
Health information exchange is one of the three legs of the stool of essentials necessary for exchange of clinical information among providers who use electronic medical records (EMRs.) The other two legs are EMR adoption by providers and hospitals and utilization of standards. HIEs are a major component of the infrastructure that will enable information exchange in the future. Recall that exchange of information is one of the key requirements of the evolving definition of Meaningful Use under the American Recovery and Reinvestment Act. Many HIE projects have been developed over the last 10-15 years. One of the lessons learned is that the successful development and implementation of HIEs is difficult to achieve. There have been many failures. A standardized approach has not been adopted and communication of lessons learned has been challenging.
A time consuming and difficult step in creation of HIEs has been the development of a governance structure. This requires a collaboration of multiple stakeholders. These participants often have conflicting agendas. It is not unusual for the development of a governance structure to take one to three years. Regional alignment of stakeholders and sharing of common organizational missions may expedite the process.
The governance model results in preparation of a business plan, rules for adoption of a robust privacy and security policy( including consumer information sharing consent policies), data sharing agreements, and selection of technologies to be utilized as well as vendor selection.
Technical issues are not trivial. Security and privacy considerations include developing the means of authorization, authentication, data encryption, and consent management. Many HIEs will need to provide master patient indices, master provider indices, de-identification services, data repositories, data registries, and database management services such as data warehousing.
I think there is a good argument for utilizing a different approach from the traditional HIE. A web-based business could offer all the technical features through careful selection and integration of the products of several current vendors. The governance conundrum could be handled by development of thoughtful policies and procedures for the business. A key element would be carefully crafted data use and sharing agreements (DURSA). Security and privacy provisions must meet or exceed HIPAA requirements. Then the package could be sold as a subscription service-similar to cable TV or cellular phone service. The painful development of governance structures could be circumscribed. The whole process of developing functioning HIEs should be accelerated significantly. Now is the golden period for private enterprise to step in and develop new HIE models. Sharing of information no longer will be optional for providers, labs, x-ray facilities, hospitals and others under provisions of ARRA.
Health Information Exchange
I attended a conference recently where health information exchange (HIE) was discussed. One of the presenters asserted that the technological aspects of HIEs are easy problems to solve compared to developing governance that can be agreed upon by all stakeholders. I will discuss these two HIE issues in this session.
Health information exchange is one of the three legs of the stool of essentials necessary for exchange of clinical information among providers who use electronic medical records (EMRs.) The other two legs are EMR adoption by providers and hospitals and utilization of standards. HIEs are a major component of the infrastructure that will enable information exchange in the future. Recall that exchange of information is one of the key requirements of the evolving definition of Meaningful Use under the American Recovery and Reinvestment Act. Many HIE projects have been developed over the last 10-15 years. One of the lessons learned is that the successful development and implementation of HIEs is difficult to achieve. There have been many failures. A standardized approach has not been adopted and communication of lessons learned has been challenging.
A time consuming and difficult step in creation of HIEs has been the development of a governance structure. This requires a collaboration of multiple stakeholders. These participants often have conflicting agendas. It is not unusual for the development of a governance structure to take one to three years. Regional alignment of stakeholders and sharing of common organizational missions may expedite the process.
The governance model results in preparation of a business plan, rules for adoption of a robust privacy and security policy( including consumer information sharing consent policies), data sharing agreements, and selection of technologies to be utilized as well as vendor selection.
Technical issues are not trivial. Security and privacy considerations include developing the means of authorization, authentication, data encryption, and consent management. Many HIEs will need to provide master patient indices, master provider indices, de-identification services, data repositories, data registries, and database management services such as data warehousing.
I think there is a good argument for utilizing a different approach from the traditional HIE. A web-based business could offer all the technical features through careful selection and integration of the products of several current vendors. The governance conundrum could be handled by development of thoughtful policies and procedures for the business. A key element would be carefully crafted data use and sharing agreements (DURSA). Security and privacy provisions must meet or exceed HIPAA requirements. Then the package could be sold as a subscription service-similar to cable TV or cellular phone service. The painful development of governance structures could be circumscribed. The whole process of developing functioning HIEs should be accelerated significantly. Now is the golden period for private enterprise to step in and develop new HIE models. Sharing of information no longer will be optional for providers, labs, x-ray facilities, hospitals and others under provisions of ARRA.
Wednesday, July 29, 2009
Certification
Certification of electronic health records has been a hot topic in health IT over the last few weeks. The concept of HHS Certification of electronic health record systems was unveiled to the public at the July open meeting of the Health IT Policy Committee (see link below.) The proposed plan is to require HHS Certification of an EMR in order for a user to qualify for incentives under Recovery Act (ARRA) legislation. Certification in the past has only been performed by the Certification Commission for Health Information Technology (CCHIT.) Now it looks like that is about to change. Responsibilities for testing and certification under ARRA were assigned to the National Institute for Standards and Technology (NIST.)
The certification process requires two components. First, a set of requirements must be established. Then electronic health record systems must be tested for compliance with these requirements. CCHIT has listed its requirements in a set of test scripts to which potential buyers and vendors may refer. The scripts are the product of many hours of volunteer committee work. All of the committees have multiple stakeholder representation. The bar to achieve certification has been raised by CCHIT annually. This is outlined in the CCHIT roadmap. A second arm of CCHIT is responsible for the testing of systems. The jurors who perform the evaluations for certification, for the most part, are active clinicians. For further information visit the CCHIT web site: http://www.cchit.org.
An important question is: What is the purpose of certification? There are a number of answers to this question. Certification is often viewed as a seal of approval by industry. For example, within a very short period of time after CCHIT began certification of electronic record systems many of the most well-known vendors applied. Also, many provider professional organizations supported CCHIT certification in their recommendations to members considering purchase of electronic medical record systems (EMRs.) Also, the federal government required certification for certain safe harbor exceptions from the Stark Anti-kickback Law. A reasonable purpose of certification is to provide assurance that the EMRs will deliver a defined level of functionality. This may help a potential purchaser screen vendor systems before a final purchase decision is made.
Under ARRA, certification will assure that the system meets the level of functionality required by the Meaningful Use definition. A clinician will be required to use a certified system in order to qualify for the financial incentives offered by ARRA. It appears that certification criteria will be set by the HIT Policy Committee in the future. Current proposals show progressive enhancement of the requirements during each two year certification cycle. This progressive "raising of the bar" poses significant technical and financial challenges for both vendors and purchasers. Many providers may choose to forego the ARRA incentives for just this reason.
So what organization will perform the actual certification? ARRA is somewhat vague on this issue. Rule making by the Secretary of the Department Health and Human Services, based on advice from the Office of the National Coordinator for Health IT (ONC) and the HIT Policy Committee, will determine the final arrangement. The preeminent role of CCHIT seems to be in jeopardy. It seems the plan is to make certification available through a number of designated entities. We will have to wait to see how this is determined in the final proposed rule that is due out by the end of the year.
NIST will have a more important role than it has had in the past. While NIST is a respected federal agency, I am not aware that it has played a major role evaluating HIT in the past. NIST has helped provided some important tools for software testing and validation though. Certainly, increased funding for its expanded role in health care will be needed. Whether it has the personnel or necessary experience to carry out its assigned role will need to be watched carefully. A visit to the NIST web site will provide a good idea of what had been the focus of NIST activities http://www.nist.gov.
Should all certification programs concentrate on the ARRA certification requirements? There is a real danger that ARRA will distort the certification landscape. For example, ARRA does not provide incentives for most providers of children's health care. Hospital-employed providers are not eligible for incentives. Also, many behavioral health providers and the specially adapted systems they use may not be included. An important gap is the lack of incentives for long term care facilities. Providers must also consider the health record needs of the 40%-70% of their patients for which ARRA does not apply. Therefore, there still may be good reasons for these groups to use certified systems that do not conform to the ARRA requirements.
What is the future role for CCHIT? The decisions by the HIT Policy Committee over the last several weeks certainly set CCHIT on less secure ground. The leadership of CCHIT has responded to the challenges of the ARRA legislation by expanding committee membership and developing new committees. They have outlined new certification pathways that address some of the previous criticism leveled at CCHIT. There is no foundation to the criticism that vendors have a disproportionate influence. Multiple stakeholders are well-represented on CCHIT committees. The criticism that the CCHIT process is biased because it both develops the test criteria and performs the testing itself is not necessarily valid. Test criteria development and testing are two well-segregated processes within CCHIT, supervised and performed by mostly separate staff.
Where are the gaps? Health IT implementations still fail at an alarming rate. In general, they are very expensive and take a long time to complete. Often user support post implementation is not what it should be. Some functions are excessively complex and difficult to use. True interoperability remains elusive and only occurs at a relatively few sites in the U.S. today. Future certification requirements must address the problem of usability and human factors engineering. Even though this will be difficult, it is important to develop objective, testable criteria and promulgate best practices. I think that certification should somehow assess the difficulty of the implementation process, need for training, and need for vendor support post implementation.
(The author has a personal interest in and a commitment to the certification process. He has been selected as a volunteer for the new advanced interoperability committee established by CCHIT this year. He has attended one CCHIT meeting thus far.)
Certification of electronic health records has been a hot topic in health IT over the last few weeks. The concept of HHS Certification of electronic health record systems was unveiled to the public at the July open meeting of the Health IT Policy Committee (see link below.) The proposed plan is to require HHS Certification of an EMR in order for a user to qualify for incentives under Recovery Act (ARRA) legislation. Certification in the past has only been performed by the Certification Commission for Health Information Technology (CCHIT.) Now it looks like that is about to change. Responsibilities for testing and certification under ARRA were assigned to the National Institute for Standards and Technology (NIST.)
The certification process requires two components. First, a set of requirements must be established. Then electronic health record systems must be tested for compliance with these requirements. CCHIT has listed its requirements in a set of test scripts to which potential buyers and vendors may refer. The scripts are the product of many hours of volunteer committee work. All of the committees have multiple stakeholder representation. The bar to achieve certification has been raised by CCHIT annually. This is outlined in the CCHIT roadmap. A second arm of CCHIT is responsible for the testing of systems. The jurors who perform the evaluations for certification, for the most part, are active clinicians. For further information visit the CCHIT web site: http://www.cchit.org.
An important question is: What is the purpose of certification? There are a number of answers to this question. Certification is often viewed as a seal of approval by industry. For example, within a very short period of time after CCHIT began certification of electronic record systems many of the most well-known vendors applied. Also, many provider professional organizations supported CCHIT certification in their recommendations to members considering purchase of electronic medical record systems (EMRs.) Also, the federal government required certification for certain safe harbor exceptions from the Stark Anti-kickback Law. A reasonable purpose of certification is to provide assurance that the EMRs will deliver a defined level of functionality. This may help a potential purchaser screen vendor systems before a final purchase decision is made.
Under ARRA, certification will assure that the system meets the level of functionality required by the Meaningful Use definition. A clinician will be required to use a certified system in order to qualify for the financial incentives offered by ARRA. It appears that certification criteria will be set by the HIT Policy Committee in the future. Current proposals show progressive enhancement of the requirements during each two year certification cycle. This progressive "raising of the bar" poses significant technical and financial challenges for both vendors and purchasers. Many providers may choose to forego the ARRA incentives for just this reason.
So what organization will perform the actual certification? ARRA is somewhat vague on this issue. Rule making by the Secretary of the Department Health and Human Services, based on advice from the Office of the National Coordinator for Health IT (ONC) and the HIT Policy Committee, will determine the final arrangement. The preeminent role of CCHIT seems to be in jeopardy. It seems the plan is to make certification available through a number of designated entities. We will have to wait to see how this is determined in the final proposed rule that is due out by the end of the year.
NIST will have a more important role than it has had in the past. While NIST is a respected federal agency, I am not aware that it has played a major role evaluating HIT in the past. NIST has helped provided some important tools for software testing and validation though. Certainly, increased funding for its expanded role in health care will be needed. Whether it has the personnel or necessary experience to carry out its assigned role will need to be watched carefully. A visit to the NIST web site will provide a good idea of what had been the focus of NIST activities http://www.nist.gov.
Should all certification programs concentrate on the ARRA certification requirements? There is a real danger that ARRA will distort the certification landscape. For example, ARRA does not provide incentives for most providers of children's health care. Hospital-employed providers are not eligible for incentives. Also, many behavioral health providers and the specially adapted systems they use may not be included. An important gap is the lack of incentives for long term care facilities. Providers must also consider the health record needs of the 40%-70% of their patients for which ARRA does not apply. Therefore, there still may be good reasons for these groups to use certified systems that do not conform to the ARRA requirements.
What is the future role for CCHIT? The decisions by the HIT Policy Committee over the last several weeks certainly set CCHIT on less secure ground. The leadership of CCHIT has responded to the challenges of the ARRA legislation by expanding committee membership and developing new committees. They have outlined new certification pathways that address some of the previous criticism leveled at CCHIT. There is no foundation to the criticism that vendors have a disproportionate influence. Multiple stakeholders are well-represented on CCHIT committees. The criticism that the CCHIT process is biased because it both develops the test criteria and performs the testing itself is not necessarily valid. Test criteria development and testing are two well-segregated processes within CCHIT, supervised and performed by mostly separate staff.
Where are the gaps? Health IT implementations still fail at an alarming rate. In general, they are very expensive and take a long time to complete. Often user support post implementation is not what it should be. Some functions are excessively complex and difficult to use. True interoperability remains elusive and only occurs at a relatively few sites in the U.S. today. Future certification requirements must address the problem of usability and human factors engineering. Even though this will be difficult, it is important to develop objective, testable criteria and promulgate best practices. I think that certification should somehow assess the difficulty of the implementation process, need for training, and need for vendor support post implementation.
(The author has a personal interest in and a commitment to the certification process. He has been selected as a volunteer for the new advanced interoperability committee established by CCHIT this year. He has attended one CCHIT meeting thus far.)
Tuesday, July 21, 2009
7/21/09
Meaningful Use (MU) and Incentives to adopt Health IT
The term Meaningful Use has gained special significance as a result of the early 2009 ARRA legislation. A tremendous amount has been written about MU in the last 5 months. The Office of the National Coordinator for Health IT (ONC) and the HIT Policy Committee has been honing in on a final definition that is due to be delivered by the end of the year. This floating definition has stirred considerable concern for organizations involved with health IT in numerous roles. A major challenge for those determining strategic plans will be to decide to what extent to align with MU requirements.
The financial incentives for clinicians under ARRA apply primarily to the treatment of Medicare and Medicaid patients. Overall this may represent up to 40% of medical care in the U.S. Incentive payments are tied to Meaningful Use of electronic medical records (EMRs.) Since ARRA is front-loaded the greatest rewards are only available for those who become meaningful users in a very short period of time. But later, financial penalties kick in. Many knowledgeable health IT professionals, aware of current EMR adoption rates by providers and hospitals in the U.S., standards implementation limitations, infrastructure needs, and other technical requirements, believe that the timelines are unrealistic.
The question is whether ARRA and decisions determined by ONC and the advisory committees will become the backbone for strategic planning by clinicians and their organizations with respect to health IT over the next four to eight years. This is the course that provides the greatest opportunity for financial rewards for adoption of EMRs. However, relatively few providers are positioned to take full advantage of the incentives. Those most likely to be able to take advantage of the incentives are those that have already adopted EMRs. On the other hand, ARRA and MU have the potential to significantly distort the health care ecosystem. Many subsets of patients and providers are not even considered in the legislation (changes to HIPPA under ARRA is another issue that I am not considering here.) Some examples are children, behavioral health patients, and those in long term care facilities. Perhaps an approach that considers ARRA as just one of many components to consider in planning for the future will be best.
My viewpoint is that there is danger that the health IT agenda in the Obama administration will be driven primarily by a few bureaucrats with limited outside input. My sense is that the ONC position under President Bush put much more credence in public-private collaboratives. I think this was a good thing. Many of the organizations established during the past four years run the risk of being marginalized by the current approaches the new administration is taking.
Meaningful Use (MU) and Incentives to adopt Health IT
The term Meaningful Use has gained special significance as a result of the early 2009 ARRA legislation. A tremendous amount has been written about MU in the last 5 months. The Office of the National Coordinator for Health IT (ONC) and the HIT Policy Committee has been honing in on a final definition that is due to be delivered by the end of the year. This floating definition has stirred considerable concern for organizations involved with health IT in numerous roles. A major challenge for those determining strategic plans will be to decide to what extent to align with MU requirements.
The financial incentives for clinicians under ARRA apply primarily to the treatment of Medicare and Medicaid patients. Overall this may represent up to 40% of medical care in the U.S. Incentive payments are tied to Meaningful Use of electronic medical records (EMRs.) Since ARRA is front-loaded the greatest rewards are only available for those who become meaningful users in a very short period of time. But later, financial penalties kick in. Many knowledgeable health IT professionals, aware of current EMR adoption rates by providers and hospitals in the U.S., standards implementation limitations, infrastructure needs, and other technical requirements, believe that the timelines are unrealistic.
The question is whether ARRA and decisions determined by ONC and the advisory committees will become the backbone for strategic planning by clinicians and their organizations with respect to health IT over the next four to eight years. This is the course that provides the greatest opportunity for financial rewards for adoption of EMRs. However, relatively few providers are positioned to take full advantage of the incentives. Those most likely to be able to take advantage of the incentives are those that have already adopted EMRs. On the other hand, ARRA and MU have the potential to significantly distort the health care ecosystem. Many subsets of patients and providers are not even considered in the legislation (changes to HIPPA under ARRA is another issue that I am not considering here.) Some examples are children, behavioral health patients, and those in long term care facilities. Perhaps an approach that considers ARRA as just one of many components to consider in planning for the future will be best.
My viewpoint is that there is danger that the health IT agenda in the Obama administration will be driven primarily by a few bureaucrats with limited outside input. My sense is that the ONC position under President Bush put much more credence in public-private collaboratives. I think this was a good thing. Many of the organizations established during the past four years run the risk of being marginalized by the current approaches the new administration is taking.
Friday, July 17, 2009
Introduction
This is the first issue of my HIT blog. I have personal opinions, points of view, and experiences that may be of interest to others. Up front, I want to make it clear that what I write here only represents my personal opinions. My aim is not to serve as an official spokesperson for any of the organizations with which I participate.
Background
I practiced orthopedic surgery for over 26 years in a wide variety of practice settings, including: private practice, community hospitals, community-based academic medical centers, university level academic training programs, the VA, Kaiser Permanente, and the Indian Health Service. My training for medical school and residency was at the University of California, San Francisco. Years after finishing residency, I took a fellowship in foot and ankle surgery.
My last practice setting was solo practice in a remote urban area, Yuma, Arizona. All the orthopedists in Yuma practiced independently. I became exhausted by the required ED call, not so much because of its frequency, but because of the intensity and severity of the level of trauma I was required to cover. I rarely got any sleep when on call and usually worked all the following day. Uncompensated care, under-compensated care, escalating malpractice premiums and risk, difficulty arranging transfers of care and back-up coverage, decreased physical endurance (I was 57 when I closed my practice) chronic fatigue and the associated lousy life-style were also issues for me. I realize this particular combination of issues commonly confront orthopedists in other communities.
I have had a long interest in technology. I bought one of the early Macs the year they first came on the market. I received telemedicine training through the Arizona Telemedicine Program 12 years ago. I have been looking into using electronic medical records for about 10 years. I bought a LCD projector to use for presenting basic orthopedic lectures with PowerPoint when they were considerably more expensive than they are now. I developed a basic, media-based, orthopedic resident training curriculum for the major subspecialties areas in orthopedics that incorporated concepts of faculty-resident collaboration, up-to-date educational materials created by national/international subject matter experts and an easy-to-administer weekly objective testing program. I adopted a web-based practice management application in my last practice.
My interest in health information technology (HIT) bloomed with my involvement in the vendor selection process we went through at the local hospital in choosing an enterprise electronic medical record system. I was one of the physician champions and had the opportunity to represent the clinician viewpoint at many of the stages of the project. I had a “Eureka” moment and decided to pursue a second career in HIT. I thought it would be a good idea to compensate for my lack of practical knowledge in the field by obtaining an academic credential and training. In what seemed like the blink of an eye, I applied to and was accepted in the distance learning program at Northwestern University. I will describe my experiences as an adult student sometime soon. Suffice to say it was an intense, 20 month, odyssey that I just completed last month.
My special interests in HIT are: HIT policy, interoperability, health information exchange, and privacy/security/infrastructure. My goal is to be involved at the local, state and national level. I am on an IT committee at the local hospital. My state level involvement to date includes committee work with a non-profit organization, Arizona Health-e Connection, and I have worked on vendor selection for an ambulatory EMR in a project sponsored by our state Medicaid agency. National involvement has been with several organizations: IHE, HITSP, HIMSS, and recently, CCHIT. You’ve got to love all the acronyms.
Goal
I hope to communicate to others my passion for HIT. I expect to contribute several posts a week. I want to inform others about some of the innovative developments in health IT that are occurring around us and spur others to contribute in this important effort.
This is the first issue of my HIT blog. I have personal opinions, points of view, and experiences that may be of interest to others. Up front, I want to make it clear that what I write here only represents my personal opinions. My aim is not to serve as an official spokesperson for any of the organizations with which I participate.
Background
I practiced orthopedic surgery for over 26 years in a wide variety of practice settings, including: private practice, community hospitals, community-based academic medical centers, university level academic training programs, the VA, Kaiser Permanente, and the Indian Health Service. My training for medical school and residency was at the University of California, San Francisco. Years after finishing residency, I took a fellowship in foot and ankle surgery.
My last practice setting was solo practice in a remote urban area, Yuma, Arizona. All the orthopedists in Yuma practiced independently. I became exhausted by the required ED call, not so much because of its frequency, but because of the intensity and severity of the level of trauma I was required to cover. I rarely got any sleep when on call and usually worked all the following day. Uncompensated care, under-compensated care, escalating malpractice premiums and risk, difficulty arranging transfers of care and back-up coverage, decreased physical endurance (I was 57 when I closed my practice) chronic fatigue and the associated lousy life-style were also issues for me. I realize this particular combination of issues commonly confront orthopedists in other communities.
I have had a long interest in technology. I bought one of the early Macs the year they first came on the market. I received telemedicine training through the Arizona Telemedicine Program 12 years ago. I have been looking into using electronic medical records for about 10 years. I bought a LCD projector to use for presenting basic orthopedic lectures with PowerPoint when they were considerably more expensive than they are now. I developed a basic, media-based, orthopedic resident training curriculum for the major subspecialties areas in orthopedics that incorporated concepts of faculty-resident collaboration, up-to-date educational materials created by national/international subject matter experts and an easy-to-administer weekly objective testing program. I adopted a web-based practice management application in my last practice.
My interest in health information technology (HIT) bloomed with my involvement in the vendor selection process we went through at the local hospital in choosing an enterprise electronic medical record system. I was one of the physician champions and had the opportunity to represent the clinician viewpoint at many of the stages of the project. I had a “Eureka” moment and decided to pursue a second career in HIT. I thought it would be a good idea to compensate for my lack of practical knowledge in the field by obtaining an academic credential and training. In what seemed like the blink of an eye, I applied to and was accepted in the distance learning program at Northwestern University. I will describe my experiences as an adult student sometime soon. Suffice to say it was an intense, 20 month, odyssey that I just completed last month.
My special interests in HIT are: HIT policy, interoperability, health information exchange, and privacy/security/infrastructure. My goal is to be involved at the local, state and national level. I am on an IT committee at the local hospital. My state level involvement to date includes committee work with a non-profit organization, Arizona Health-e Connection, and I have worked on vendor selection for an ambulatory EMR in a project sponsored by our state Medicaid agency. National involvement has been with several organizations: IHE, HITSP, HIMSS, and recently, CCHIT. You’ve got to love all the acronyms.
Goal
I hope to communicate to others my passion for HIT. I expect to contribute several posts a week. I want to inform others about some of the innovative developments in health IT that are occurring around us and spur others to contribute in this important effort.
Subscribe to:
Posts (Atom)
Posts
