Practice Fusion Blog

We've Moved!

Practice Fusion — 2009-08-24T09:38:32-07:00

Check out all the latest EHR and Health Information Technology analysis from Practice Fusion at www.EHRBloggers.com. And remember to also add our new blog feed to your reader.

Is my data safe with Practice Fusion?

Practice Fusion — 2009-08-20T13:34:40-07:00

We recently reviewed the question of putting medical data in the Internet “cloud” from the standpoint of safety (guarding against loss of data), and of security (guarding against theft of data). The discussion was a general overview of the issues involved in paper vs. local EHR deployment vs. hosting in the Internet “cloud” – but what about Practice Fusion? How safe if my medical data on that platform?

As noted in the previous posts, medical information (specifically, Protected Health Information, or PHI – which is subject to HIPAA Privacy Rules) in a paper-based environment is the least safe and secure. Local disasters can lead to wholesale, irretrievable loss (like a building fire, hurricane, etc), and individual charts can be lost or looked at inappropriately with relative ease. Office policy is supposed to be in place to address these concerns, but in reality the implementation of this is hit-and-miss across the landscape.

When a practice moves its medical data onto a locally-installed legacy EHR system, there is an improvement in safety and security – not to mention, an improvement in access (charts are always available, never lost, and accessible from in-house as well as remote locations). There are also new vulnerabilities that need to be addressed – is there PHI located on hardware (servers, workstations, backup devices) that could potentially get stolen? Theft of PHI-containing computers is one of the main ways that data-security breaches take place. Is the data on those local servers encrypted? If so, are the encryption keys stored separately, so that theft of a computer with PHI on it does not also include theft of the keys?

And what about electronic intrusion – are there firewalls, access controls and 128-bit encryption-secured connections in place? These kinds of issues may be addressed by a practice hosting its own local EHR server, but generally require an IT support vendor (a new line item of cost to a practice) to set it up. The IT support consultant has been called “the new best friend” of a medical practice, and represents another barrier to a practice moving from paper to an electronic platform.

When a practice makes a decision to move its EHR to a hosted platform (either moving directly there from paper, or by abandoning the use of a local EHR system and moving to “the cloud”), there are better server-end resources available to the practice – as well as new risks (or, at least, perception of risk) – “who are these guys, and can I trust them with my data?” After all, the Internet “cloud” is not inherently secure – yet banking has long used Internet access that we have all become accustomed to over the years. Banking over the Internet has engendered trust by paying very-detailed attention to building secure containers, connections and access to their data. Can this be replicated for Internet-hosted PHI?

Practice Fusion has devoted great resources to security, and building its applications in a way that meets-or-exceeds what is required by the HIPAA Privacy Rules. The servers are hosted in secure commercial facilities with multi-geography locations, and with safeguards against Denial-of-Service attacks. The data is secured behind firewalls, and encrypted (including the databases, uploaded scanned documents, and backups). Access to the data is protected through 3 keys (user ID, practice ID, and password), and are required to be of sufficient strength that they are un-guessable. Many of the technical security practices implemented by banks, as well as requirements specified by specific HIPAA implementation guidance, are part of an ongoing program of security and privacy, and represent a Continual Quality Improvement effort by Practice Fusion. Using Practice Fusion satisfies the principle of data encryption “at rest” and “in transit”, such that the HITECH “safe harbor” that relieves practices from the burden of disclosure to each-and-every patient in the event of a breach is satisfied– PHI data is secured in a manner that renders it unusable, unreadable, and indecipherable to unauthorized intruders. These are levels of security unlikely to be achieved with a locally-installed EHR system.

So, “is my data safe with Practice Fusion?” Not only is your data safe, it is certainly safer than is achievable with paper charts, and even with most locally-installed EHR systems. Practice Fusion remains committed to ongoing vigilance concerning data safety, and hopes to be able to “set the standard” for satisfying the fears about Internet-housed PHI. The banking sector has been able to achieve this (even without HIPAA) – so should we.

Robert Rowley, MD – Chief Medical Officer, Practice Fusion, Inc.

Medical Data in the Internet “cloud” (part 2) – Data security

Practice Fusion — 2009-08-18T10:38:53-07:00

This is the second of a 3-part series, where we dig a little deeper into the questions of medical data in the Internet “cloud.” In the first part, we reviewed issues of data safety – how to guard against loss of data. In this second part, we will review data security – how to guard against data theft. The third part will focus on privacy and ensuring that only the right people can access the right data.

DATA SECURITY

A review of issues around medical records ownership and protection shows that medical records are the property of those who prepare them (medical professionals), and not the property of those about whom they are concerned (patients), although patients generally have a right to review them, demand copies of them and demand their confidentiality. With limited and specific exceptions, consent is required in order to disclose such information to others. So, how does one create a framework of security that protects the confidentiality of such records against unauthorized breach?

In a paper-based charting environment (where most of the medical records reside in this country), securing medical data – so-called Protected Health Information, or PHI – is a manual process. Charts are stored in a chart rack (though sometimes left out on desktops and counters), and are only as secure as the locks on the clinic door – given that they are in plain text (handwritten or typed), a simple local break-in or breach from personnel can result in an unauthorized person (e.g. another patient, the after-hours janitor, etc.) reading the record. HIPAA rules specify that medical practices have a policy around protecting such information, and have in place “vendor agreements” with any third party that might be entrusted with PHI.

HIPAA rules also define encryption steps that must be taken when transmitting PHI electronically, including sending billing and claims information electronically, and faxing information to other offices and pharmacies. Faxing, which is point-to-point and local to that specific connection, is very unlikely to be intercepted (other than through wiretap) and is not encrypted. Email communication, however, which flows across public, shared “information highways,” is not suitable for PHI transmission, as it is not encrypted – in order to communicate PHI this way, a secure connection must be established. Secure web mail sites have been created which allow electronic transmission of PHI in a HIPAA-compliant fashion.

When medical information is moved from paper onto an electronic platform, additional vulnerabilities for security breaches (i.e. theft) need to be identified and addressed. When implementing a local, client/server legacy EHR system, there are issues of securing the source of medical information (the server, which is the e-equivalent of the paper chart rack), as well as electronic transmission of data across computer connections. If any PHI is stored locally onto workstations (which may occur, depending on the EHR system being used), then that workstation needs to have locks on it – password access to restart when timed out, as well as the need to have whatever PHI may be stored on the workstation encrypted too. A more significant risk is when the server is broken into and stolen, or local backup data devices are stolen. Physical theft of hardware containing PHI is an area of risk for local client/server EHRs and should be addressed by a policy and security plan at the local office.

The HITECH Act (part of American Recovery and Reinvestment Act, or ARRA) passed February 17, 2009, specifies that PHI must be protected both “at rest” as well as “in transit” – there are specifications by the National Institute of Standards and Technology (NIST) which cover how PHI must be encrypted in files on a computer. When data is encrypted on the storage devices in this way (which includes EHR databases, as well as scanned images that may also contain PHI, and also backups of these data), then physical theft of these devices is less onerous, since the data is contained in a way that is unusable, unreadable, or indecipherable to unauthorized individuals. If PHI is not encrypted at its source in a way consistent with the NIST specifications, and a breach (a theft) has occurred, then there is a burden on the practitioner to disclose to all affected parties (all the patients) that a data theft of PHI has occurred – some states, such as California, in fact, impose significant penalties for failure to make such disclosures.

Failure to keep the data files encrypted, as well as potential failure to use encrypted, secure connections between computers that pass PHI, make the use of many online tools intended for general “public” documentation not compliant with the standards (e.g. Google docs, or passing word documents from transcriptionists via normal email). If a data breach occurs, then the burden of disclosure is encumbered.

As EHRs start to migrate from local, legacy systems to hosted, web-based systems in the Internet “cloud,” the risk of hardware theft is reduced – most vendors (e.g. Practice Fusion) will use commercial enterprise-level server farms with biometric security at the hosting sites, and with access locks that are beyond what can be achieved by most local practices hosting their own. The local “workstation” is replaced by a web browser, and minimal-or-no PHI is actually stored or cached in the local machine – it is all hosted on the server. If a local computer is used to capture scanned images containing PHI intended for upload to web servers, then once the data is uploaded the original local files should be either encrypted or destroyed.

The use of firewalls in servers keep the internal data contained in a fairly safe environment, shielded from most intrusion. In addition, server-end encryption of the data in compliance with the NIST guidelines noted above keeps the data very safe. In fact, if these methods are implemented then notification to individuals, HHS or the media is not required in the event of a breach (a “safe harbor” provided by NIST-level encryption) – this is an important issue to note, and a physician should make sure that their EHR vendor is in compliance with these. A good review of this issue is discussed here. In addition, Meaningful Use criteria specify that an HHS-certified EHR must conform to these security standards.

As one can see, when health information moves from paper to local electronic systems, and then to hosted “cloud”-based systems, the risk of security breaches is actually reduced, provided that the vendors and systems utilized conform to specified standards. More problematic is the issue of privacy and consent (making sure that only the right people see the information), especially in an era where we see the emergence of shared EHR records, PHR records (stand-alone or linked to EHRs), and variations in local state laws about these matters. This will be the subject of the third segment of this series.

Robert Rowley, MD – Chief Medical Officer, Practice Fusion, Inc.

Small Business Worried about Health Reform

Practice Fusion — 2009-08-14T04:03:00-07:00

Small business owners haven’t been buying tickets for the Big O’s Health Reform Express, and it’s easy to see why.

The nascent House legislation requires all employers with payrolls of $500,000 or more to offer health insurance to workers or face a payroll tax of up to 8%.

That’s a tough nut to swallow since the price of insurance premiums doubled between 2000 and 2008 and according to a study by the Council of Economic Advisors, small businesses pay up to 18% more for the same policy than large companies because of their lack of negotiation clout.

This calculus has resulted in a net drop from 68% to 62% in the number of small companies offering health benefits since 2000. And that, in turn, helps explain why a staggering 16.8 million people who work at companies with 100 employees or less are uninsured.

Speaking on this subject in late July, President Obama asserted "this is unsustainable, it's unacceptable, and it's going to change when I sign health insurance reform into law."

Subsequently, the Big O and White House economist Austan Goolsbee set out to convince small business owners that their health-care cost burden will drop once the Express pulls into the station.

Proposed tax credits for businesses offering health coverage will help, they say. And small businesses can negotiate cheaper policies via an insurance exchange proposed in the House bill.

Then there’s that study by the non-profit research concern, Small Business Majority, which estimates that the Express will save small businesses $855 billion in insurance costs over the next decade.

But a payroll tax bump amid the Great Economic Crisis? That’s a non-starter for David Prescott, the CEO of Talon LPE, a Texas-based consultancy. "I agree that health care is broken and something needs to be done, but you can't put the entire debt load on business right now," he told Business Week.

Glenn Laffel MD, PhD, Sr. VP Clinical Affairs

Medical Data in the Internet “Cloud” (part 1) – Data Safety

Practice Fusion — 2009-08-13T14:12:50-07:00

The question of data security in a “brave new world” of cloud-based Electronic Health Records (EHRs), Personal Health Records, and iPhone and other smartphone apps that could transmit personal health information, has attracted the attention of many. Web-based services – so-called “cloud computing” – are not inherently secure. Such technology is focused more on widespread reach and interconnectedness rather than on making sure that the connections and the data are foolproof. Yet much of our personal information, such as banking information, is housed electronically and accessed through the web – we have become so accustomed to it that we seldom think very much about it. Personal health information, moreover, is protected by law: HIPAA, which is focused around physician and hospital-centered recordkeeping, and now ARRA, which extends HIPAA-like protection to patient-centered Personal Health Records as well.

In a previous blog post, we reviewed (at a high level) the ways in which special attention to security and privacy can create what is needed to house personal health information in a hosted, “cloud”-based setting. In this series of posts, we will dig a little deeper into these questions. This first part addresses the issues of data safety, and protection against loss and “down-time.” The second part will address the question of security between connections (making sure “the pipes don’t leak”). The third part will focus on privacy and ensuring that only the right people can access the right data.

DATA SAFETY

Medical records – a physician’s charts – are critical and central in a physician practice. It is both a medico-legal record that documents the advice given by the physician to the patient, and is also the core work-flow tool that allows the physician to function. These records must be available on-demand, at all times. Given that only 13% of physicians have any kind of electronic recordkeeping, the majority of medical data is housed in paper charts.

With paper charts, what kind of safety is there? Charts are usually housed in chart racks, and also pile up in various locations around the office (e.g. the physician desk). There is little or no backup of these records in case of some mishap – individual charts can be lost, or some disaster (e.g. fire, water damage, weather events and the like) can wipe out such charts wholesale. When this happens, there is little a physician can do other than start over, and piece together previous data where possible, as if everyone was a “new patient” again.

Migration to EHRs has resulted in an improvement in medical record availability and back-up, when compared to paper. Historically, most EHRs have been locally installed, as client/server systems. There is often a data-backup plan, so that the locally-housed database is backed up somewhere – on tape, disk, or secure offsite backup hosting service. When backed up locally (onto tapes or disks), these backups should be housed off-site (in the event of fire) – in reality, however, adherence to such a plan is hit-and-miss (though still better than with paper).

In a client/server EHR scenario, the bigger question is how to avoid server down-time. As stated, medical record access is a critical core business function for a physician practice (and also for a hospital). Hardware redundancy in the server has become routine – such as arrays of mirrored hard drives which avoid crashes if a hard drive fails. But again, given that these steps involve cost on the server-end, such precautions are hit-and-miss across the landscape. Further, what happens when there is a power outage? Is there battery backup of the server, and at least one workstation in the office? Good safety planning would recommend that these steps be done.

Other local issues have to do with viral infestations and system lock-ups or crashes in the local server. Good IT support is needed when such calamities occur, and often are done via outside vendors, as many smaller practices are not able to hire their own IT support staff. The result can be that down-time of the server can last for hours, even days.

Moving the server-end of EHRs off-site, and onto the Internet “cloud,” reduces these kinds of risks significantly, compared to locally-installed client/server systems. When data and server hosting is taken on by a vendor (such as Practice Fusion), commercial enterprise-level server farms can be used. Biometric security within hosting facilities, multi-geography co-location, and mirrored servers with automatic fail-over in case of server crashes, are all technologies that can be leveraged and offered to all users, even the smallest practices – and would be beyond the reach of what smaller practices could afford were they to do it themselves. Down times are rare, and at worst, are short-lived.

The recent reports of “denial of service” attacks on high-visibility web sites is not so much a “hacking” attack that attempts to penetrate a database and steal information – it is an intentionally simultaneous flooding of a web site in order to cause it to freeze up. Vulnerability of hosted EHR systems to these kinds of attacks has been raised by some observers, and should therefore be mentioned in this “data safety” segment (rather than the “data security” segment, next). There are a number of steps vendors can take to protect against such events, and creation of internal security protocols about this type of attack (done vendor-by-vendor) minimizes the risk to physician end-users.

Of course, the more centralized the data becomes, the bigger the target it becomes (“why do you rob banks? – because that’s where the money is!”). Creating good “locks” to secure the data becomes a focus of “cloud”-based vendors. Data security – making sure that data exchange across the Internet is safe, and that data storage is sufficiently fragmented and encrypted to minimize the risk of hacking – is the focus of HIPAA and ARRA regulation, and is the focus of the next installment in this series.

Robert Rowley, MD – Chief Medical Officer, Practice Fusion Inc.

An Open Letter to ONCHIT Chief David Blumenthal

Practice Fusion — 2009-08-12T07:00:00-07:00

In their roles as HIT consultants, bloggers and policy analysts, David Kibbe and Brian Klepper have helped shape the national debate concerning issues of great importance to Practice Fusion. They've pushed forward our collective thinking, for example, about the term, "meaningful use of EHRs," and they've raised legitimate concerns about the role of CCHIT in the EHR certification process.

Now Kibbe and Klepper have raised concerns about another area--the process by which HITECH legislation becomes translated into implementable public policy.

In particular, they have questioned the approach being used by one of ONCHIT's 2 main criteria-setting committees.

After explaining their concerns to us, Kibbe and Klepper asked whether we would sign a petition to ONCHIT Chief David Blumenthal, in which they voiced their concerns. We said yes, as did some rather formidable players in the HIT space.

Here is a copy of their letter, along with a list of the signees:
-----------------------------------------------------------------------------------
Dear Dr. Blumenthal:

We would like to request that the same exemplary openness, transparency, and support for innovation set by the HIT Policy Committee is followed by the HIT Standards Committee. We ask that the HIT Standards Committee support an evidence-based approach and open discourse about health IT standards and ensure again, as has been done so well thus far, that the results support innovators easily adding value to our health care system.

We applaud the work of the HIT Policy Committee to date. Just as it has been in the nation's best interests to re-open the EHR technology certification discussion in light of NIST's expertise and an international Conformity Assessment framework, it is in its interests to re-open the health IT standards discussion in light of recent experiences and market activity with health data exchange here and abroad.

While CCHIT and HITSP have accomplished some good work, both have been overly influenced by the same small group of special interests, and have created at least the appearance of conflicts of interest. Representatives from the legacy vendors, traditional health IT interests, and large health system enterprises have dominated the Health Information Technology Standards Panel (HITSP). A good example is HITSP’s June 2008 reorganization of its technical committees. Seventeen co-directors were announced for these six committees. Of the fourteen non-governmental co-directors, eight were current or recent employees of just three large pre-Internet enterprise vendors; three were from large vertically integrated delivery systems; and two were from large insurers. There were no co-chairs from emergent or potentially disruptive/innovative technology companies, or those with open source experience. No one representing Google, Apple, or Microsoft, for example. There were no practicing physicians and no patient advocates.

We are concerned because we hear from some of the people who are experienced in building successful standards in IT that the legacy standards largely promulgated by HITSP thus far will be a massive impediment to smaller more nimble innovators. It is very important that health IT standards not “lock out” the experience of other industries - e.g., financial services, e-commerce, and online publishing - which have evolved broad and deep Web-based infrastructures and marketplaces in which proprietary software and hardware are no longer prominent. In this case, it is vitally important to include the voices of the innovators in health care IT and data exchange, such as Microsoft and Google, Apple's iPhone, MinuteClinic and SureScripts, and their many partners.

At the very least, an evidence-based approach to health IT standards selection would consist of hearings to systematically review the best practices and lessons from health data exchange, particularly with respect to the uses of XML as a format and language for secure and interoperable transfers of summary health data like those contemplated as requirements under Meaningful Use by EHR technologies. The information distilled from this exercise could be placed alongside HITSP's conceptual constructs and enterprise use-cases. (In some instances, HITSP has recommended untested and unproven "standards" that experts have already questioned in terms of their suitability for real world implementation. Certainly, if ONC is considering translating these into national policy, they should be subject to full review in a public forum, followed by adequate testing.)

An evidence-based approach to standards selection would bring the innovators with actual experience to the discussion. An open forum would allow this testimony to help ONC's staff and the Committee members get a much better idea of what works, and what doesn't. This letter's signers and, we believe, others with deep field experience, would welcome the opportunity to testify and share their knowledge.

We understand ONC's and the Standards Committees' time pressures. On the other hand, an approach that ignores the evidence from the marketplace and practitioners outside health IT's "old guard," is simply a means of hurrying to failure, not marching to success. This is why we believe it is urgent that the discussion regarding health IT standards be re-opened immediately.

Thank you for your consideration.

Respectfully,

David C. Kibbe, MD MBA and Brian Klepper, PhD

Co-signatories:
Steve Adams, CEO, RMDNetworks, Inc.
Richard Benoit, Dossia
Edmund Billings, MD, CMO and EVP, Product Development, Medsphere
Warren Brennan, CEO, SMA Informatics, Richmond
Bill Crounse, M.D. Senior Director, Worldwide Health, Microsoft Corporation
"e-Patient Dave" deBronkart, Patient, Co-Chair, Society for Participatory Medicine
Michael Fleming, MD, FAAFP Chief Medical Officer Amedisys, Inc.
Sarah Greene, Managing Editor, Journal of Participatory Medicine
Alan Greene, MD, co-founder, DrGreene.com and President, Society for Participatory Medicine
Adrian Gropper MD, Chief Science Officer, MedCommons
James Allen Heywood, Chairman and Co-Founder, PatientsLikeMe
Stasia Kahn, MD, Founder, Physicians for Connectivity and General Internist, Fox Prarie Medical Group
Vince Kuraitis, Prinicpal, Better Health Technologies, LLC
Glenn Laffel, MD, PhD, Sr. VP Clinical Affairs Practice Fusion
Randall Oates, MD, President, SOAPware, Inc.
Martin Pellinat, CEO, VisionTree Software, Inc.
Rick Peters MD, President + CEO, Rocket Technology Labs, Inc.
Jane Sarasohn-Kahn, Principal, Think Health, Philadelphia
Tom Schwieterman, MD, Director of Research and Development, Midmark Corporation
Ravi Sharma, CEO, 4Medica
Rahul D. Singal MD, President and CEO, WorldDoc Inc.
Carl Taylor, Director, Center for Strategic Health Innovation
Mary Eleanor Wickersham, Director of Health Policy, GA Governor's Office, Atlanta

cc: Jonathan Perlin, MD, John Halamka, MD, John Glaser, Paul Egerman

PCPs Could use a Break

Practice Fusion — 2009-08-12T06:42:00-07:00

We’ve known for 20 years that US medical school graduates tended to enter disciplines having the highest earning potential. Since then, income disparity between specialists and primary care physicians has widened, and medical student debt has ballooned to an astounding median of $140,000 per graduating senior.

That’s why few were surprised when, last fall, a survey of graduating medical students revealed that only 2% of them planned to become PCPs. But low income was only one reason for their decision. Students were also turned off by what they perceived to be heavy workloads, continuous hassling with insurance companies and inadequate ancillary support.

Now, a study of the PCPs themselves has confirmed those perceptions. After performing a cross-sectional analysis of 422 family practitioners and general internists, Anita Varkey and her colleagues found that time pressure and a chaotic work environment are indeed serious problems on the front lines of health care.

More than half (53%) of the surveyed physicians reported time pressure during office visits, while 48% said their work pace was chaotic and 78% complained about a lack of control over their daily routine.

These factors were associated with low satisfaction, stress, burnout and a desire to leave practice. Fully 27% of the respondents claimed to be burned out and ready to pack it in.

Thankfully, the working conditions did not adversely affect the quality of care, as measured by medication and other errors tracked during a chart review.

The write-up is in the Annals of Internal Medicine.

In commenting on her team’s findings for BurrillReport, Varkey, an assistant professor of medicine at Chicago’s Stritch School of Medicine, said “healthcare reform strategies should consider the role that work environment plays in physician job satisfaction and quality of patient care.”

Glenn Laffel MD, PhD, Sr. VP Clinical Affairs

EHR adoption – still slow, but.. is the time now?

Practice Fusion — 2009-08-11T14:53:13-07:00

The Health Information Technology for Economic and Clinical Health (HITECH) part of the American Recovery and Reinvestment Act (ARRA), signed into law in February 2009, has certainly created a flurry of interest in Electronic Health Record (EHRs). HITECH encourages the adoption of EHRs by offering to reimburse physicians for “meaningful use of certified EHRs” as a supplement to Medicare payments totaling up to $44,000 (paid out over the period from 2011 through 2015).

So, has there been a stampede of physicians rushing to buy EHR systems? No. Why not? Mainly it stems from fear of spending time and money on the “wrong” system. The starting point (the status quo) is a very low level of EHR adoption – according to the landmark study published by the New England Journal of Medicine in 2008, only 4% of physicians report using a fully-functional EHR, and 13% use a basic system. The biggest barrier reported in the study was cost. In addition to cost, poor usability of the EHR products found in the marketplace have made them burdensome, and not worth the effort. The result of these obstacles has been the phenomenon where practices de-install their EHRs once they have used them for a while, despite the incentives to keep them.

A further factor contributing to the “wait and see” attitude seen by physicians currently is the uncertainty about how the federal Health IT process will play out. The Office of the National Coordinator (ONC) for Health IT has commissioned two committees to advise it – the Health IT Policy Committee and the HIT Standards Committee. The Policy Committee has worked out its definition of “meaningful use” after an open process of significant input from multiple stakeholders. The recommendations won’t be official until adopted by CMS (the Centers for Medicare and Medicaid Services) in January 2010. The HIT Standards Committee is still deliberating on the definition of “certified EHR.” It is an arena for continuing debate around linking certification to “meaningful use” and determining the going-forward role of CCHIT (the industry-created legacy certification organization previously designated as the sole source of certification by the government heretofore). The debate over these issues will continue to unfold over the course of the remainder of 2009.

Given these uncertainties, should a physician adopt an EHR now? Or should he/she wait? Practice Fusion represents an emerging technology where the EHR offered is web-based and hosted (therefore eliminating the server-side cost and headaches of a locally-installed system, while maintaining data security and privacy). In addition, Practice Fusion offers its EHR in a way that is free to the physician end-user (subsidized by alternative revenue streams, including ads). Practice Fusion is participating closely in the ongoing discussion on the national stage, in order to ensure that its EHR offering will be “certified” and easy to use in a “meaningful” way. If the risks are removed, getting started with an EHR now makes sense – the sooner that a practice starts to use the electronic tools, and learn how to integrate these tools in ordinary day-to-day workflows, the sooner that the benefits of EHR use can materialize.

Robert Rowley, MD – Chief Medical Officer, Practice Fusion, Inc.

Check That! Feds to Fund Cost Studies After All

Practice Fusion — 2009-08-10T04:02:00-07:00

Just 10 days after AHRQ chief Carolyn Clancy announced there was no way federally-funded comparative effectiveness research funds would be used to study the cost implications of medical innovation, her agency and the NIH released a joint statement saying they’d do just that.

The gratifying about-face came in the form of a report to Congress that was bound to inflame conservative lawmakers who worry such initiatives might eventually support efforts to limit access to health care.

Before the report, it looked like the entire $1.1 billion designated by the Obama Administration through ARRA for comparative effectiveness research would focus solely on outcomes and efficacy studies, not cost-effectiveness.

Of the $1.1 billion, roughly $300 million had been set aside for the Agency for Health Care Research and Quality, with disbursements set to begin this October. AHRQ had previously announced that all the funding would be released in one year, and would be targeted at arthritis, cancer and 12 other common medical conditions.

"This is unprecedented investment in helping clinicians and patients identify what's the best for them in treatment," Clancy told the Wall Street Journal.

For its part, the NIH is set to receive and then release $400 million over a 2-year period for comparative effectiveness research. According to Richard Hodes, director of the NIH's National Institute on Aging, the famed agency has already received 1,800 applications for the hand-out.

Hodes said the NIH will begin releasing the money later this month.

Neither agency has a mandate to establish federal spending policies, but Medicare officials regularly rely on the results of studies funded by them in deciding which treatments to cover.

That said, Nicholas Papas, a spokesperson for HHS—the agency that oversees both AHRQ and NIH—told the Journal that the fine print in ARRA prohibits Medicare from using these research findings to deny coverage to patients.

That’s a loophole bound to cause trouble down the road.

Glenn Laffel, MD, PhD, Sr. VP Clinical Affairs

HITECH Boosts Health IT Stocks

Practice Fusion — 2009-08-07T06:52:00-07:00

After a frightening free-fall in Q4, 2008 most domestic stock indices regained their footing in the first 6 months of this year. The Standard & Poor's 500 index was up a modest 2% for the period, for example.

Health information technology stocks blew past this performance however, as the sector gained 30% on speculation that HITECH funding would soon lead to a bonanza for the sector.

Allscripts-Misys stock was trading at $15.86 at the end of Q2, 2009, up from $9.92 at the beginning of the year. Similarly, Cerner’s stock was trading 38% higher than on January 1.

HITECH, a part of the American Recovery and Reinvestment Act of 2009, mandates that at least $20 billion to be paid-out via Medicare bonus incentives to providers who demonstrate “meaningful use” of certified EHRs beginning in 2011.

Although prospects for the sector continue to look favorable, Christopher McCord, a principal of Healthcare Growth Partners voiced some concern. “Meaningful use still needs to be better understood,” he told Modern Healthcare.

In this regard, ONCHIT’s HIT Policy Committee remains on track to release final definitions for the key concept by this fall.

Also later this year or by Q1 10 the latest, ONCHIT will designate EHR certifying bodies. Currently, CCHIT has a monopoly on EHR certification but no one—including CCHIT itself—expects this to continue.

As for health care providers themselves, they will likely continue to push for implementation delays on certain aspects of the “meaningful use” guidelines, but they’re not going to turn their backs altogether on the $20 billion windfall.

Glenn Laffel MD, PhD, Sr. VP Clinical Affairs