Friday, November 28, 2008

Engage with Grace

Written by Alexandra Drane &

We make choices throughout our lives -- where we want to live, what types of activities will fill our days, with whom we spend our time.

These choices are often a balance between our desires and our means, but at the end of the day, they are decisions made with intent. But when it comes to how we want to be treated at the end our lives, often we don't express our intent or tell our loved ones about it.


This has real consequences. 73% of Americans would prefer to die at home, but up to 50% die in hospital. More than 80% of Californians say their loved ones "know exactly" or have a "good idea" of what their wishes would be if they were in a persistent coma, but only 50% say they've talked to them about their preferences.But our end of life experiences are about a lot more than statistics. They're about all of us.

So the first thing we need to do is start talking. Engage With Grace: The One Slide Project was designed with one simple goal: to help get the conversation about end of life experience started. The idea is simple: Create a tool to help get people talking. One Slide, with just five questions on it. Five questions designed to help get us talking with each other, with our loved ones, about our preferences.

And we're asking people to share this One Slide - wherever and whenever they a presentation, at dinner, at their book club. Just One Slide, just five questions. Lets start a global discussion that, until now, most of us haven't had.Here is what we are asking you: Download The One Slide and share it at any opportunity - with colleagues, family, friends. Think of the slide as currency and donate just two minutes whenever you can. Commit to being able to answer these five questions about end of life experience for yourself, and for your loved ones. Then commit to helping others do the same. Get this conversation started.

Let's start a viral movement driven by the change we as individuals can effect...and the incredibly positive impact we could have collectively. Help ensure that all of us - and the people we care for - can end our lives in the same purposeful way we live them. Just One Slide, just one goal. Think of the enormous difference we can make together.

To learn more please go to

Sunday, November 23, 2008

Economic Crisis: Impact on Hospitals

The American Hospital Association has released its study of the economic crisis which shows an alarming deterioration in the financial condition of the nation's hospitals. As a consequence, 39% of hospitals are considering reductions in Information Technology capital investments and 45% are considering reductions in Clinical Technology.

The full report documents that patients are less likely to access hospitals for care and less likely to be able to pay for services.

Hospitals are having a much harder time paying their debt and have less access to capital. 33% of hospitals are reporting increased interest expense for variable rate bonds, with interest rates in the most recent quarter up 15% over the same time last year.

More than half of hospitals surveyed reported that they are also considering reductions in administrative costs and staff as other financial pressures bear down. Hospitals' total margins are down significantly in the third quarter 2007 from positive 6.1% to negative 1.6%.

The margin pressures include:
  • Non-operating revenue is down significantly due to investment losses which are causing 31% of hospitals to increase funding in their pension plans.
  • 38% of hospitals are reporting a moderate or significant decline in admissions and 31% are seeing a moderate or significant decline in elective procedures.
  • Unemployment is increasing. Each 1% increase in national unemployment takes 2.5 million people off of employer health plans coverage.
  • Uncompensated care is rising by 8% compared to the same quarter last year.
  • Medicaid expenditures are increasing with increasing enrollment, but so too is the state Medicaid funding gap as the states confront their own budget deficits.
  • Hospital payment shortfalls for Medicare and Medicaid are increasing

Friday, November 21, 2008

The Lighter Side of NCVHS

So who says that the complex and important work of the National Committee on Vital and Health Statistics (NCVHS) can’t also be light-hearted?

The following are transcript excerpts from the NCVHS full committee meeting on September 16-17, 2008. The award for the best one-liner goes to Larry Green, University of Colorado.

MR. REYNOLDS: … I would ask that if you have any conflicts of interest related to any issues coming before us today would you please so publicly indicate during your introduction. I have no conflicts.

** A number of other participants introduce themselves having no conflicts. **

MS. MCCALL: Carol McCall. I am with Humana, member of the committee, no known conflicts.

MR. HOUSTON: No known conflicts, you sound like an attorney. John Houston, University of Pittsburg, and member of the committee, no known conflicts either.


DR. MIDDLETON: I think we are allowed three newbie questions right?

MR. REYNOLDS: No, you are not new anymore Blackford. If you go back and read the early minutes of today's meeting you are no longer new.

MS. TRUDEL: … Both of those standards underwent significant revision as a result of the first round of pilots and we are very much hoping that both or at least one of them will be in a place where we can move forward.

MR. REYNOLDS: Let me just volunteer a comment: Hot dog that is great!


DR. TANG: The other piece is data. … Data might be the third dimension to this matrix and I think it will relate very tightly to the data stewardship presentation … How does NCVHS with it's policy focus and data middle name fit into this matrix? …

MR. REYNOLDS: Did all of you notice that since Paul's part of the committee that he is now given the committee a middle name? I am not sure we have adopted that yet, but we have noted that the comment was made.


MR. WALLEN: … you've beaten the PHR and the EHR to death, and so I won't go into any of that.

MR. BLAIR: But you noticed they're not dead yet.


DR. GREEN: I'd like to ask a two-part question. One is in this area, the personal health record, what's going on in mental health? Secondly, with your example, when you are sequestering information that say relates to mental health, depression, you don't know you're depressed, the way you use SNOMED to search the record for this, could you say a little bit more about how you actually managed to succeed in sequestering the fact that this person has depression given that that word might appear in a lot of places?

DR. CARR: Can you speak up, Larry?

MS. GREENBERG: Could you speak up a bit?

DR. GREEN: I could, but I'm finished.


DR. FRANCIS: … it's actually possible to identify some categories of sensitive information, and do it in a quite fine-grained way which I think is nifty. …

MS. GREENBERG: “Nifty” is in fact the correct technical term.


DR. CARR: … the next one is data integrity. I know that's a word that Bill always struggles with, but it's really a statistical concept not an ethical one.


DR. STEINDEL: … we need the one-page picture, and we ought to look at it that way.

MS. MCCALL: I'm in just ecstatic agreement.


** The meeting continues the next morning with another round of introductions. Everyone says “no conflicts”, until: **

MR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member of the Committee, and no conflicts, no known conflicts.

MS. MCCALL: In his subconscious there are many. Carol McCall, Humana, member of the Committee, no conflicts.

Saturday, November 15, 2008

Value of Personal Health Records

The Center for Information Technology Leadership (CITL) has estimated that Personal Health Records (PHR) can deliver savings of $21 billion annually.


CITL's full report evaluated four different PHR architectures: 1) Provider-tethered, 2) Payer-tethered, 3) Third party and 4) Interoperable.

Tethered architectures refer to providers or payers providing the data integration to the PHR. The Third Party architecture refers to manual aggregation of health information but without the ability to integrate back to the clinical and administrative systems "in their native formats". In the Interoperable architecture, patient information flows into the PHR using standards based health information exchange from sources throughout the region and from there can be machine interpreted by the clinical and administrative systems.


The Provider-tethered architecture provides a limited view of the patient, compared to an interoperable regional approach. This architecture also requires a very large number of implementations to support 80% PHR adoption:
  • Provider - 26,000
  • Payer - 706
  • Third Party - 3
  • Interoperable - 428
The number of implementations is a major factor driving the total national installation costs.


The CITL value chain model is used to estimate the value of the PHR functions including:

1. Information Sharing
1a. Complete Test results
1b. Complete Medication lists

2. Information Self-management
2a. Congestive Heart Failure Management
2b. Smoking Cessation Management

3. Information Exchange 3a. Appointment Scheduling
3b. Medication Renewals
3c. Pre-Encounter Questionnaire
3d. e-Visits

Four of these functions contribute 95% of the value: Sharing of complete test results ($7.9); Congestive heart failure management ($6.3), e-Visits ($4.8), and Medication renewals ($1.1).

The annual steady state net value for the Interoperable architecture comes in tops at $19 billion, followed by Third-Party and Payer-tethered at $11 billion with Provider-tethered trailing at a whopping negative $29 billion.

News Analysis

So what are the strategic implications for Healthcare Organizations (HCO's)?
  • HCO's won't be able to carry this on their shoulders - - the costs are prohibitive.
  • HCO's will need to ensure that their clinical and administrative systems can interoperate using national standards and can participate in regional health information exchange initiatives.
  • HCO's should look to collaborate and invest in PHR's that are building towards an interoperable standards-based technology platform and are able to connect with multiple providers in the region.
  • HCO's will need to develop strategies which distinguish between the 1) Personal Health Record (patient-centered) and 2) the portals which connect the HCO to the patient/consumer (HCO-centered).
The strategic implications align well with a recent presentation to AHIC of PHR adoption which favored a Utility Service Model.

Many thanks to Blackford Middleton and CITL for permission to reproduce excerpts from the report.

Tuesday, November 11, 2008

"Fruitful Marriage of Mob Behavior and Medicine": Google Flu Trends

The New York Times called it the "fruitful marriage of mob behavior and medicine." Google announced today that "certain search terms are good indicators of flu activity. Flu Trends uses aggregated search data to estimate flu activity in your state up to two weeks faster than traditional systems."

So searches for flu and other like search terms, based on analysis over hundreds of billions of de-identified searches, may be a good indictor of flu outbreak - -with results 1 to 2 weeks faster than trailing indicators based on reporting to the Centers for Disease Control and Prevention (CDC). The graph below charts the correlation between Flu Trends and CDC data.

What's the flu activity in your state? Check out the Flu Trends map.

An early version of an upcoming article in Nature Magazine reports that "because the relative frequency of certain queries is highly correlated with the percentage of physician visits in which a patient presents with influenza-like symptoms, we can accurately estimate the current level of influenza activity in each region of the United States, with a reporting lag of about one day. This approach may make it possible to utilize search queries for influenza surveillance in areas with a large population of web search users."

In their press release, Google forsees a breakthrough in proactive management of disease outbreaks. "For epidemiologists, this is an exciting development, because early detection of a disease outbreak can reduce the number of people affected. If a new strain of influenza virus emerges under certain conditions, a pandemic could emerge and cause millions of deaths (as happened, for example, in 1918). Our up-to-date influenza estimates may enable public health officials and health professionals to better respond to seasonal epidemics and — though we hope never to find out — pandemics. We shared our preliminary results with the Epidemiology and Prevention Branch of the Influenza Division at CDC throughout the 2007-2008 flu season, and together we saw that our search-based flu estimates had a consistently strong correlation with real CDC surveillance data."

Sunday, November 2, 2008

ePHI at high risk

On October 27, the Office of the Inspector General (OIG) released their report on HIPAA Security and Electronic Protected Health Information (ePHI) compliance. The findings include:
  • Security audits in 7 hospitals nationwide show numerous, significant vulnerabilities in the administrative, technical and physical safeguard provisions of the HIPAA Security Rule.
  • These vulnerabilities place the confidentiality and integrity of ePHI at high risk.
  • As a result, CMS has executed a contract to conduct compliance reviews.
So the HIPAA security auditors are coming and the chances are that most healthcare organizations are not ready. What will these audits cover?

CMS's office of e-Health Standards and Services has published the Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews. The audits will review policies, procedures and other evidence related to:
  • Prevention, detection, containment, and correction of security violations
  • Employee background checks and confidentiality agreements
  • Establishing user access for new and existing employees
  • List of authentication methods used to identify users authorized to access EPHI
  • List of individuals and contractors with access to EPHI to include copies pertinent business associate agreements
  • List of software used to manage and control access to the Internet
  • Detecting, reporting, and responding to security incidents (if not in the security plan)
  • Physical security
  • Encryption and decryption of EPHI
  • Mechanisms to ensure integrity of data during transmission - including portable media transmission (i.e. laptops, cell phones, blackberries, thumb drives)
  • Monitoring systems use - authorized and unauthorized
  • Use of wireless networks
  • Granting, approving, and monitoring systems access (for example, by level, role, and job function)
  • Sanctions for workforce members in violation of policies and procedures governing EPHI access or use
  • Termination of systems access
  • Session termination policies and procedures for inactive computer systems
  • Policies and procedures for emergency access to electronic information systems
  • Password management policies and procedures
  • Secure workstation use (documentation of specific guidelines for each class of workstation (i.e., on site, laptop, and home system usage)
  • Disposal of media and devices containing EPHI
The auditors will also be looking for documents related to:
  • Entity-wide Security Plan
  • Risk Analysis (most recent)
  • Risk Management Plan (addressing risks identified in the Risk Analysis)
  • Security violation monitoring reports
  • Vulnerability scanning plans and Results from most recent vulnerability scan
  • Network penetration testing policy and procedure and results from most recent network penetration test
  • List of all user accounts with access to systems which store, transmit, or access EPHI (for active and terminated employees)
  • Configuration standards to include patch management for systems which store, transmit, or access EPHI (including workstations)
  • Encryption or equivalent measures implemented on systems that store, transmit, or access EPHI
  • Organization chart to include staff members responsible for general HIPAA compliance to include the protection of EPHI
  • Examples of training courses or communications delivered to staff members to ensure awareness and understanding of EPHI policies and procedures (security awareness training)
  • Policies and procedures governing the use of virus protection software
  • Data backup procedures
  • Disaster recovery plan
  • Disaster recovery test plans and results
  • Analysis of information systems, applications, and data groups according to their criticality and sensitivity
  • Inventory of all information systems to include network diagrams listing hardware and software used to store, transmit or maintain EPHI
  • List of all Primary Domain Controllers (PDC) and servers
  • Inventory log recording the owner and movement media and devices that contain EPHI