Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Healthcare Consent and its Discontents (Part 2 of 3)

Posted on May 17, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

The previous section of this article laid out what is wrong with informed consent today. We’ll continue now to look at possible remedies.

Could we benefit from more opportunities for consent?

Donna Gitter said that the Common Rule governing research might be updated to cover de-identified data as well as personally identifiable information. The impact of this on research, of course, would be incalculable. But it might lead to more participation in research, because 72% of patients say they would like to be asked for permission before their data is shared even in de-identified form. Many researchers, such as conference speaker Liza Dawson, would rather give researchers the right to share de-identified data without consent, but put protections in place.

To link multiple data sets, according to speaker Barbara Evans, we need an iron-clad method of ensuring that the data for a single individual is accurately linked. This requirement butts up against the American reluctance to assign a single ID to a patient. The reluctance is well-founded, because tracking individuals throughout their lives can lead to all kinds of seamy abuses.

One solution would be to give each individual control over a repository where all of her data would go. That solution implies that the individual would also control each release of the data. A lot of data sets could easily vanish from the world of research, as individuals die and successors lose interest in their data. We must also remember that public health requires the collection of certain types of data even if consent is not given.

Another popular reform envisioned by health care technologists, mentioned by Evans, is a market for health information. This scenario is part of a larger movement known as Vendor Relationship Management, which I covered several years ago. There is no doubt that individuals generate thousands of dollars worth of information, in health care records and elsewhere. Speaker Margaret Foster Riley claimed that the data collected from your loyalty card by the grocer is worth more than the money you spend there.

So researchers could offer incentives to share information instead of informed consent. Individuals would probably hire brokers to check that the requested uses conform to the individuals’ ethics, and that the price offered is fair.

Giving individuals control and haggling over data makes it harder, unfortunately, for researchers to assemble useful databases. First of all, modern statistical techniques (which fish for correlations) need huge data sets. Even more troubling is that partial data sets are likely to be skewed demographically. Perhaps only people who need some extra cash will contribute their data. Or perhaps only highly-educated people. Someone can get left out.

These problems exist even today, because our clinical trials and insurance records are skewed by income, race, age, and gender. Theoretically, it could get even worse if we eliminate the waiver that lets researchers release de-identified data without patient consent. Disparities in data sets and research were heavily covered at the Petrie-Flom conference, as I discuss in a companion article.

Privacy, discrimination, and other legal regimes

Several speakers pointed out that informed consent loses much of its significance when multiple data sets can be combined. The mosaic effect adds another layer of uncertainty about what will happen to data and what people are consenting to when they release it.

Nicolas Terry pointed out that American law tends to address privacy on a sector-by-sector basis, having one law for health records, another for student records, and so forth. He seemed to indicate that the European data protection regime, which is comprehensive, would be more appropriate nowadays where the boundary between health data and other forms of data is getting blurred. Sharona Hoffman said that employers and insurers can judge applicants’ health on the basis of such unexpected data sources as purchases at bicycle stores, voting records (healthy people have more energy to get involved in politics), and credit scores.

Mobile apps notoriously bring new leaks to personal data. Mobile operating systems fastidiously divide up access rights and require apps to request these rights during installation, but most of us just click Accept for everything, including things the apps have no right to need, such as our contacts and calendar. After all, there’s no way to deny an app one specific access right while still installing it.

And lots of these apps abuse their access to data. So we remain in a contradictory situation where certain types of data (such as data entered by doctors into records) are strongly protected, and other types that are at least as sensitive lack minimal protections. Although the app developers are free to collect and sell our information, they often promise to aggregate and de-identify it, putting them at the same level as traditional researchers. But no one requires the app developers to be complete and accurate.

To make employers and insurers pause before seeking out personal information, Hoffman suggested requiring that data brokers, and those who purchase their data, to publish the rules and techniques they employ to make use of the data. She pointed to the precedent of medical tests for employment and insurance coverage, where such disclosure is necessary. But I’m sure this proposal would be fought so heavily, by those who currently carry out their data spelunking under cover of darkness, that we’d never get it into law unless some overwhelming scandal prompted extreme action. Adrian Gropper called for regulations requiring transparency in every use of health data, and for the use of open source algorithms.

Several speakers pointed out that privacy laws, which tend to cover the distribution of data, can be supplemented by laws regarding the use of data, such as anti-discrimination and consumer protection laws. For instance, Hoffman suggested extending the Americans with Disabilities Act to cover people with heightened risk of suffering from a disability in the future. The Genetic Information Nondiscrimination Act (GINA) of 2008 offers a precedent. Universal health insurance coverage won’t solve the problem, Hoffman said, because businesses may still fear the lost work time and need for workplace accommodations that spring from health problems.

Many researchers are not sure whether their use of big data–such as “data exhaust” generated by people in everyday activities–would be permitted under the Common Rule. In a particularly wonky presentation (even for this conference) Laura Odwazny suggested that the Common Rule could permit the use of data exhaust because the risks it presents are no greater than “daily life risks,” which are the keystone for applying the Common Rule.

The final section of this article will look toward emerging risks that we are just beginning to understand.

Healthcare Consent and its Discontents (Part 1 of 3)

Posted on May 16, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Not only is informed consent a joke flippantly perpetrated on patients; I expect that it has inspired numerous other institutions to shield themselves from the legal consequences of misbehavior by offering similar click-through “terms of service.” We now have a society where powerful forces can wring from the rest of us the few rights we have with a click. So it’s great to see informed consent reconsidered from the ground up at the annual conference of the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School.

Petrie-Flom annual 2016 conference

Petrie-Flom annual 2016 conference

By no means did the speakers and audience at this conference agree on what should be done to fix informed consent (only that it needs fixing). The question of informed consent opens up a rich dialog about the goals of medical research, the relationship between researchers and patients, and what doctors have a right to do. It also raises questions for developers and users of electronic health records, such as:

  • Is it ethical to save all available data on a person?

  • If consent practices get more complex, how are the person’s wishes represented in the record?

  • If preferences for the data released get more complex, can we segment and isolate different types of data?

  • Can we find and notify patients of research results that might affect them, if they choose to be notified?

  • Can we make patient matching and identification more robust?

  • Can we make anonymization more robust?

A few of these topics came up at the conference. The rest of this article summarizes the legal and ethical topics discussed there.

The end of an era: IRBs under attack

The annoying and opaque informed consent forms we all have to sign go back to the 1970s and the creation of Institutional Review Boards (IRBs). Before that lay the wild-west era of patient relationships documented in Rebecca Skloot’s famous Immortal Life of Henrietta Lacks.

IRBs were launched in a very different age, based on assumptions that are already being frayed and will probably no longer hold at all a few years from now:

  • Assumption: Research and treatment are two different activities. Challenge: Now they are being combined in many institutions, and the ideal of a “learning heath system” will make them inextricable.

  • Assumption: Each research project takes place within the walls of a single institution, governed by its IRB. Challenge: Modern research increasingly involves multiple institutions with different governance, as I have reported before.

  • Assumption: A research project is a time-limited activity, lasting generally only about a year. Challenge: Modern research can be longitudinal and combine data sets that go back decades.

  • Assumption: The purpose for which data is collected can be specified by the research project. Challenge: Big data generally runs off of data collected for other purposes, and often has unclear goals.

  • Assumption: Inclusion criteria for each project are narrow. Challenge: Big data ranges over widely different sets of people, often included arbitrarily in data sets.

  • Assumption: Rules are based on phenotypal data: diagnoses, behavior, etc. Challenge: Genetics introduces a whole new set of risks and requirements, including the “right not to know” if testing turns up an individual’s predisposition to disease.

  • Assumption: The risks of research are limited to the individuals who participate. Challenge: As we shall see, big data affects groups as well as individuals.

  • Assumption: Properly de-identified data has an acceptably low risk of being re-identified. Challenge: Privacy researchers are increasingly discovering new risks from combining multiple data sources, a trend called the “mosaic effect.” I will dissect the immediacy of this risk later in the article.

Now that we have a cornucopia of problems, let’s look at possible ways forward.

Chinese menu consent

In the Internet age, many hope, we can provide individuals with a wider range of ethical decisions than the binary, thumbs-up-thumbs-down choice thrust before them by an informed consent form.

What if you could let your specimens or test results be used only for cancer research, or stipulate that they not be used for stem cell research, or even ask for your contributions to be withdrawn from experiments that could lead to discrimination on the basis of race? The appeal of such fine-grained consent springs from our growing realization that (as in the Henrietta Lacks case) our specimens and data may travel far. What if a future government decides to genetically erase certain racial or gender traits? Eugenics is not a theoretical risk; it has been pursued before, and not just by Nazis.

As Catherine M. Hammack said, we cannot anticipate future uses for medical research–especially in the fast-evolving area of genetics, whose possibilities alternate between exciting and terrifying–so a lot of individuals would like to draw their own lines in the sand.

I don’t personally believe we could implement such personalized ethical statements. It’s a problem of ontology. Someone has to list all the potential restrictions individuals may want to impose–and the list has to be updated globally at all research sites when someone adds a new restriction. Then we need to explain the list and how to use it to patients signing up for research. Researchers must finally be trained in the ontology so they can gauge whether a particular use meets the requirements laid down by the patient, possibly decades earlier. This is not a technological problem and isn’t amenable to a technological solution.

More options for consent and control over data will appear in the next part of this article.

Physician Transparency List

Posted on May 13, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

One of the most progressive thinkers in healthcare social media is Ed Bennett. He’s most famous for the Hospital Social Media list that Ed started back in 2009. That list was an eye opener for many hospitals that were debating how and if they should take part in social media. That list is still alive and is owned and managed by The Mayo Clinic Center for Social Media.

Ed Bennett recently announced a new list that looks at healthcare organizations who are publishing patient comments and ratings for their physicians. He currently has 29 healthcare organizations on the list, but I agree that this will likely grow similar to how his hospital social media list grew from 150 hospitals to 1500. If you’re organization is publishing your physician’s ratings and patients comments on your website, you can reach out to Ed and get your organization on the list as well.

Physician Profiles with Physician Ratings and Patient Comments List

I also find it interesting that Ed is listing the “implementation vendors” that do survey and web integration services. Here’s who he has listed so far:

Nice work Ed, putting this together. It’s always interesting how something like a list can move people to change. I have a feeling we’ll have a move towards more physician transparency happening across the industry thanks to Ed’s latest list. Nice work Ed!

Ditching Your EHR Just Isn’t Practical Regardless of Practice Model

Posted on May 12, 2016 I Written By

The following is a guest blog post by Tom Giannulli, MS, MD and CMO at Kareo.
Tom Giannulli - Kareo EHR
A recent piece by Anne Zieger on EMR & EHR opened up the discussion regarding whether or not direct primary care (DPC) physicians can or should ditch their electronic health record (EHR). And, this isn’t the first time the topic has surfaced. Other blogs have suggested that since EHRs are really just a means to gather documentation for insurance claims, DPC doctors don’t need them. Further, they offer other arguments against EHRs—like poor workflow and patient experience—however, the focus was really around insurance.

Yet, this is not a reason in and of itself for why DPC physicians should give up their EHRs. One role of an EHR is to improve documentation and coding to ensure physicians get paid. This is a good thing for DPC physicians, as well as traditional practices. The majority of DPC physicians use more than one payment model within their practice, meaning many also bill insurance for at least some patients.

A study conducted in 2015 showed that only 28% of physicians who used a DPC, concierge or other membership model in their practice had their entire patient panel on that model. The rest used it for some, but not all, patients. In fact, the largest group—37%—had 25% or less of their patients on a membership payment model. That said, insurance billing continues to be a challenge that those practices must navigate. An EHR can help them get paid correctly. It can also help them report for quality initiatives, like Meaningful Use and PQRS, prepare for the newly proposed MACRA ruling, and allow them to bill for chronic care management (CCM) services, while also improving patient experience and outcomes.

Independent practices understand that as we move forward in healthcare, a single payment model won’t do the trick. They need to be nimble and open to many options from fee-for-service to DPC to Virtual ACOs and other value-based reimbursement programs. The agile medical practices will be the ones that thrive in the long term. They are looking both at reimbursement models and industry changes, as well as increasing patient demands, such as increased connectivity, price transparency and improved patient access.

Using the EHR, Regardless of Practice Model

This is why even for those DPC practices that do go all in and don’t bill insurance, an EHR is essential. Many DPC practices offer largely primary care services with a focus on prevention and wellness. The right EHR can enable not only visit documentation but preventive care alerts and quick access to patient education. With a truly mobile EHR, physicians can engage patients face-to-face and share information in real time.

With the addition of integrated patient engagement features, such as telemedicine, self-care instructions and videos, tracking of wearable devices, and secure messaging through a portal, patients and their caregivers can stay in sync with their providers. This is an added level of convenience that DPC practices should support. Moreover, patient engagement components can be a critical part of managing wellness when studies show that most patients forget what their physician said after they leave the office. Keeping patients well means keeping the lines of communication open and a portal can play an important role.

Not only have patients expressed that they are more loyal to a physician who offers a portal (for the reasons stated above), but they have also said they like features like electronic prescribing. In fact, over 75% of patients have said they prefer an EHR to paper charts. Beyond the desire of patients, many states are beginning to mandate not just standard ePrescribing but also electronic prescribing for controlled substances. DPC physicians will not be exempt from rules like these.

There’s no other option but the EHR

It’s true that you can piece together just the technology features you want for your practice by combining several systems. However, the blog post referenced above seemed to suggest you could use an alternate system to an EHR. If you pick and choose features here and there, wouldn’t that mean more work entering data into a bunch of disparate systems? Or, logging into several different platforms translating to added time and less secure environments. One for ePrescribing, one for scheduling and reminders, one for the patient portal and maybe another one for patient collections?

There are cloud-based EHRs today that can offer most, if not all, of this in a single platform. One platform means one patient database, one login, and one easy-to-access system for all employees. And for DPC practices with small staff, no duplicate data entry or tedious jumping from system to system. In addition, a single end-to-end system that can support all the needs of a practice also means the practice can be positioned for flexibility. For example, if a DPC practice decides to accept insurance again or try another payment model, you’ll have the solutions you need without making significant changes to your workflow.

EHRs may not be perfect, but they are improving in their ability to meet increasing consumer demands and changing government regulation. Moving forward, more progressive EHR platforms will continue to offer add-on partners or native capabilities to solve consumer-centric needs. As the types of practice models change and evolve, the need for a core EHR should remain a constant, while additional features will vary. Thus, the flexibility and configurability of the EHR platform is critical to enabling long term success.

Full Disclosure: Kareo is an advertiser on this site.

The Evolution of Communication in Healthcare

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The following is a guest blog post by Erik Kangas, Founder of LuxSci.

Thanks to technological breakthroughs, communication in healthcare has evolved by leaps and bounds from the old days of paper filing systems, faxes, and phone calls. Although those methods are still widely used, there are faster ways to keep patients in touch with their medical practitioners, doctors, and nurses. Yet with a multitude of benefits come new risks: data breaches, unencrypted messages, and willful neglect that could bring about serious penalties from HIPAA. In order to fully take advantage of all that technology has to offer, the healthcare industry needs to know proper usage policies and to enforce adherence to HIPAA regulations. We might not be in the age of pagers anymore, but that just means that more precautions practitioners need to embrace the newly evolving world of healthcare communication.

Let’s take a look at how these methods of communication have changed over the years and what it all means for the security of ePHI.

Pagers
Anyone involved in the healthcare sector has surely encountered a pager at some point in time. Healthcare is one of the last industries to use this aging technology, but messaging systems that are easier and faster to respond are slowly replacing them. With so many smartphones and devices that can instantly let you know whether there’s an emergency, there’s less reason to carry around a separate bulky pager.

An article at HealthITSecurity has this to say about pagers: “Communicating internally via pagers could still have some benefits, but there are now secure messaging capabilities that can assist with routine health issues, address patient questions or concerns, help monitor patient conditions, while also ensuring that patients can properly manage their own conditions.” In other words, with technology that’s so much quicker and more efficient, it might be worth finally letting go of the beeper in your pocket and switching to something that can do everything a pager can and more.

Pagers may not be as efficient as current tech, but certain organizations still believe they serve a purpose, especially critical messaging.

Email
Email has become increasingly important in healthcare, increasing the scope of everyone’s efforts toward protecting patient privacy. Explained in this whitepaper about HIPAA and email, this security applies not only to personal information, but all Protected Health Information (PHI) –including a patient’s administrative, financial, and clinical information. Any health information related to an identifiable individual that is transmitted or maintained via email, or another medium, falls under HIPAA’s definition of PHI. That’s a huge amount of information that needs safeguarding if you want to continue using email to transmit healthcare data.

Ensuring that data remains encrypted on laptops, desktop computers, and all other devices is key to staying HIPAA compliant. While encryption can be costly to implement, it’s worth it to keep patients’ PHI (and other data) secure – and without it, an organization risks paying monumentally more in fines, in the case of a data security breach.

Given that data breaches frequently and increasingly occur in the healthcare sector, organizations need to ensure the continued safety of their patients’ data for both financial and personal reasons.

It’s also a wise idea to sign up with a security company that can handle the HIPAA compliancy of your inbound and outbound emails, as well as the security of your network as a whole. However, it’s still up to you to train your staff, review your HIPAA security policies, and keep a copy of the HIPAA Business Association Agreement that you signed with the security company.

Text Messages
Texting is pervasive as a method of healthcare communication, including using text messages to confirm appointments or deliver lab results to anxious patients. There are also plenty of texts exchanged between doctors and nurses in hospital environments, with many messages containing some form of patient information. All these transmissions fall under HIPAA regulations, and it’s very easy to unintentionally text patient data that could be intercepted, sent unencrypted, or stored in an external location like the cloud.

Sending health information via text is a clear HIPAA violation – even with seemingly harmless messages, like appointment reminders. The only case in which texting health information may not violate HIPAA is when the text is sent to a patient who has preemptively signed the proper consent form. Without patient consent and proper documentation, an organization can be fined up to $50,000 per text message, if the messages are found to be in violation of HIPAA’s rules. That’s a massive penalty for any organization.

As with email, it’s important to make sure that you encrypt and decrypt text messages properly, whether through common carriers, specialized apps for decryption, or customized programs that allow users to send and receive HIPAA-compliant messages without the worry of breaking regulation. You can send text messages securely, but it requires training and a financial cost to ensure the information stays safe and only the intended recipient reads it.

The Future of Compliant Messaging
“It’s not enough to decide it’s time to ‘jump on the bandwagon’ or secure messaging,” says HealthITSecurity. “Healthcare organizations need to realize that this communication is part of an evolutionary process, and it’s necessary to implement a system that can easily integrate with the facilities’ current capabilities.” Organizations need to recognize they can’t do compliance in various messaging systems piecemeal or from one staff member to another, they need to make it a blanket effort that ensures everyone is onboard. And while it may create a more convenient system, the legal ramifications of any slipups can more than outweigh the cost of encryption programs or specialized apps.

As long as there are security protocols in place, we’ll continue to see a growing role for secure messaging technology in healthcare.

Communication in healthcare was and is always about making services easier and more convenient for both medical staff and patients alike. With the constantly evolving nature of technology, more organizations can expand their services and share information faster than ever before. As long as HIPAA regulations and cybersecurity are in place, the healthcare sector ought to continually evaluate what new high-tech solutions work for them—and what old traditions could still have a place.

Health Data Virtual Reality Demo

Posted on May 11, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Ever since I saw the latest demo of virtual reality at CES, I’ve become a big fan. I think there’s so much potential opportunity to take a look at things from a different angle. I think we’ve barely begun to rethink what it means for us. I’m not sure we’ll have one in every household the way we do our cell phones, but then again Google Cardboard is pretty cheap and inexpensive to share.

Mass appeal or not, we’re going to see useful implementations of virtual reality in healthcare. Of that I’m sure. With that in mind, I’m always interested by companies that are experimenting with the technology in healthcare. In this case, here’s a short demo from Mana Health.

I have a feeling we’re going to look back at this basic implementation even a few years from now and laugh at its simplicity. Although, that was the case with every tech revolution. Have you ever looked back at Windows 3.1 or various websites on the Waybackmachine when the internet first began?

Obviously this demo illustrates that we’re still in the very early days of virtual reality. Although, it’s fun to get the mind to start thinking about a new interface.

ZibdyHealth Adapts to Sub-Optimal Data Exchange Standards for a Personal Health Record

Posted on May 10, 2016 I Written By

Andy Oram is an editor at O'Reilly Media, a highly respected book publisher and technology information provider. An employee of the company since 1992, Andy currently specializes in open source, software engineering, and health IT, but his editorial output has ranged from a legal guide covering intellectual property to a graphic novel about teenage hackers. His articles have appeared often on EMR & EHR and other blogs in the health IT space. Andy also writes often for O'Reilly's Radar site (http://oreilly.com/) and other publications on policy issues related to the Internet and on trends affecting technical innovation and its effects on society. Print publications where his work has appeared include The Economist, Communications of the ACM, Copyright World, the Journal of Information Technology & Politics, Vanguardia Dossier, and Internet Law and Business. Conferences where he has presented talks include O'Reilly's Open Source Convention, FISL (Brazil), FOSDEM, and DebConf.

Reformers in the health care field, quite properly, emphasize new payment models and culture changes to drive improvements in outcomes. But we can’t ignore the barriers that current technology puts in the way of well-meaning reformers. This article discusses one of the many companies offering a patient health record (PHR) and the ways they’ve adapted to a very flawed model for data storage and exchange.

I had the honor to be contacted by Dr. Hirdey Bhathal, CEO/Founder of ZibdyHealth. Like many companies angling to develop a market for PHRs, ZibdyHealth offers a wide range of services to patients. Unlike, say, Google Health (of blessed memory) or Microsoft HealthVault, ZibdyHealth doesn’t just aspire to store your data, but to offer additional services that make it intensely valuable to you. Charts and visualizations. for instance, will let you see your progress with laboratory and device data over time. They call this a “Smart HIE.” I’ll look a bit at what they offer, and then at the broken model for data exchange that they had to overcome in the health care industry.

The ZibdyHealth application

Setting up an account with ZibdyHealth is as easy as joining Facebook. Once you’re there, you can create health information manually. The company is working with fitness device makers to allow automatic uploads of device data, which can then be saved as a standard Continuity of Care Document (CCD) and offered to doctors.

You can also upload information from your physician via their health care portal–with a degree of ease or difficulty depending on your provider–and share it with other clinicians or family members (Figure 1). You have fine-grained control over which medications, diagnoses, and other information to share, a form of control called segmentation in health care.

Figure 1. Zibdy discharge summary displayed on mobile device

Figure 1. Summary of visit in Zibdy

Dr. Bhathal would like his application to serve whole families and teams, not just individuals. Whether you are caring for your infant or your aging grandmother, they want their platform to meet your needs. In fact, they are planning to deploy their application in some developing nations as an electronic medical record for rural settings, where one healthcare provider will be able to manage the health data for an entire village.

Currently, ZibdyHealth allows speciality clinics to share information with the patient’s regular doctor, helps identify interactions between drugs provided by different doctors, and allows parents to share their children’s health information with schools. This consolidation and quick sharing of medical information will work well with minute clinics or virtual MD visits.

ZibdyHealth is HIPAA-compliant, and support highly secure 256-bit AES encryption for data exchange. Like health care providers, they may share data with partners for operational purposes, but they promise never to sell your data–unlike many popular patient networks. Although they sometimes aggregate anonymized data, they do so to offer you better services, not to sell it on the market or to sell you other services themselves.

In some ways, ZibdyHealth is like a health information exchange (HIE), and as we shall see, they face some of the same problems. But current HIEs connect only health care providers, and are generally limited to large health care systems with ample resources. PHR applications such as ZibdyHealth aim to connect physicians and patients with others, such as family members, therapists, nursing homes, assisted care facilities, and independent living facilities. In addition, most HIEs only work within small states or regions, whereas ZibdyHealth is global. They plan to follow a business model where they provide the application for free to individuals, without advertisements, but charge enterprises who choose the application in order to reach and serve their patients.

Tackling the data dilemma

We’d see a lot more services like ZibdyHealth (and they’d be more popular with patients, providers, and payers) if data exchange worked like it does in the travel industry or other savvy market sectors. Interoperability will enable the “HIE of one” I introduced in an earlier article. In the meantime, ZibdyHealth has carried out a Herculean effort to do the best they can in today’s health exchange setting.

What do they use to get data from patient portals and clinicians’ EHRs? In a phrase, every recourse possible.

  • Many organizations now offer portals that allow patients to download their records in CCD format. ZibdyHealth works with a number of prominent institutions to make uploading easy (Figure 2). Or course, the solution is always a contingent one, because the provider still owns your data. After your next visit, you have to download it again. ZibdyHealth is working on automating this updating process so that providers can feed this information to the patient routinely and, by uploading the discharge CCD as part of a patient’s discharge process, ensure an easy and accurate transition of care.

  • Figure 2. List of electronic records uploaded to Zibdy through their CCD output

    Figure 2. List of uploaded CCDs

  • If providers aren’t on ZibdyHealth’s list of partners, but still offer a CCD, you can download it yourself using whatever mechanism your provider offers, then upload it to ZibdyHealth. ZibdyHealth has invested an enormous amount to parse the various fields of different EHRs and figure out where information is, because the CCD is a very imperfect standard and EHRs differ greatly. I tried the download/upload technique with my own primary care provider and found that ZibdyHealth handled it gracefully.

  • ZibdyHealth also supports Blue Button, the widely adopted XML format that originated at the VA as a text file.

I see ZibdyHealth as one of the early explorers who have to hew a path through the forest to reach their goal. As more individuals come to appreciate the benefits of such services, roads will be paved. Each patient who demands that their doctor make it easy to connect with an application like ZibdyHealth will bring closer the day when we won’t have to contort ourselves to share data.

Pharma’s EHR Opportunity – We Need to Be Involved

Posted on May 9, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I recently came across a great article talking about marketers need to decode the EHR for Pharma. It’s been really interesting to see the evolution on pharma’s relationship with EHR software. No doubt they’ve all always seen a tremendous opportunity, but they’ve all treaded lightly because of the possible undue influence on a provider.

The article did make an interesting comparison between how pharma approaches EHR and how they approached social media in the past:

Their pervasiveness has raised eyebrows throughout pharma. What’s happening with EHR “reminds me of the early days of being in the digital center of excellence [DCOE],” Flaiz recalled. “Social was exploding. It belonged to corporate comms, brands, PR — there wasn’t anyone who didn’t think they owned it.”

The same thing is happening now with EHR, but with a different cast of characters: trade, pricing, medical affairs, R&D, marketing, and the DCOE — all want a piece, she said.

I also love that the article frankly states that agencies will focus on placing banners and messaging and that marketers will need to focus on a much deeper approach to marketing pharma in an EHR. In fact they outline the other EHR Opportunities for pharma that pharma marketing professionals should consider: clinical decision support, integration with the hub and patient-assistance programs, patient engagement and education, and scraping it for other information of value.

I’m sure that many readers of this don’t like this discussion at all. No doubt many feel like pharma shouldn’t have any relationship with an EHR vendor. That’s naive since pharma already has relationships with many EHR vendors. It’s a mistake for us to put a blind eye to this topic.

Yes, we need to proactive in talking about how EHR vendors should work with pharma and how they should not work with pharma. If we’re not involved in the conversation, we’ll miss out on the opportunity to shape the discussion.

Plus, not all pharma interaction with EHRs is bad. It can be a really good thing as long as what’s being done is transparent. Plus, the reality is that pharma is going to have an influence on doctors. Why not have that work done in an EHR where you can know what influence pharma is having on the doctor? Pharma and EHR vendors will work together. The question is how much we’re going to know about their involvement.

Making Health Data Patient-Friendly

Posted on May 6, 2016 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Most of the efforts designed to make healthcare processes more transparent hope to make patients better shoppers. The assumption is that better-informed patients make better decisions, and that ultimately, if enough patients have the right data they’ll take steps which improve outcomes and lower the cost of care. And while the evidence for this assumption is sparse, the information may increase patient engagement in their care — and hopefully, their overall health.

That’s all well and good, but I believe too little attention has been paid to another dimension of transparency. To wit, I’d argue that it’s more than time to present patients with clinical data on a real- or near-real-time basis. Yes, shopping for the right doctor is good, but isn’t it even more important for patients to see what results he or she actually gets in their particular medical case?

Patients rarely get a well-developed look at their clinical data. Patient portals may offer access to test and imaging results from today through 10 years ago — my health system does — but offer no tools to put this data in context. If a patient wants to take a good look at their health history, and particularly, how test results correlate with their behavior, they’ll have to map the data out themselves. And that’s never going to work for your average patient.

Of course, there are obstacles to making this happen:

  • Physicians aren’t thrilled with the idea of giving patients broad healthcare data access. In fact, more than one doctor I’ve seen wouldn’t let me see test results until he or she had “approved” them.
  • Even if you set out to create some kind of clinical data dashboard, doing so isn’t trivial, at least if you want to see patients actually use it. Significant user testing would be a must to make this approach a success.
  • To my knowledge, no EMR vendor currently supports a patient dashboard or any other tools to help patients navigate their own data. So to create such an offering, providers would need to wait until their vendor produces such a tool or undertake a custom development project.

To some extent, the healthcare IT industry is already headed in this direction. For example, I’ve encountered mobile apps that attempt to provide some context for the data which they collect. But virtually all healthcare apps focus on just a few key indicators, such as, say calorie intake, exercise or medication compliance. For a patient to get a broad look at their health via app, they would have to bring together several sets of data, which simply isn’t practical.

Instead, why not give patients a broad look at their health status as seen through the rich data contained in an EMR? The final result could include not only data points, but also annotations from doctors as to the significance of trends and access to educational materials in context. That way, the patient could observe, say, the link between blood pressure levels, exercise, weight and med compliance, read comments from both their cardiologist and PCP on what has been working, and jump to research and education on cardiovascular health.

Ultimately, I’d argue, the chief obstacle to creating such an offering isn’t technical. Rather, it’s a cultural issue. Understandably, clinicians are concerned about the disruption such approaches might pose to their routine, as well as their ability to manage cases.

But if we are to make patients healthier, putting the right tools in their hands is absolutely necessary. And hey, after paying so much for EMRs, why not get more value for your money?

P.S. After writing this I discovered a description of a “digital health advisor” which parallels much of what I’m proposing. It’s worth a read!

Halamka Ponders The Need to Leave Medicine If We Continue Our Current Trajectory

Posted on May 5, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The famous Dr. John Halamka, Hospital CIO, Doctor, Former member of the HIT Policy committee, blogger at Life as a Healthcare CIO, recently read the 962 page MACRA NPRM and he wrote up a detailed look at the IT elements of MACRA. The post is worth a read if you’re interested in MACRA. Especially if you don’t want to spend the 20 hours reading it that he spent.

MACRA aside, he ends his post with this bombshell of a comment:

As a practicing clinician for 30 years, I can honestly say that it’s time to leave the profession if we stay on the current trajectory.

A doctor in the comments shared a similar view to Dr. Halamka:

Wow, I feel exactly the same as you do. As a front line ortho provider in a small group. I think now I get the message. CMS and ONC wants us out of private practice, either retire, or join as a salaried doc or hospital employee. That is the only justification for this 1000 page nightmare.

We’ve written a lot about physician burnout and many doctors distaste of all this government regulation, but having someone like John Halamka comment like this is quite telling. What’s scary for me is that I don’t see much light at the end of the MACRA tunnel from a physician perspective. Do you?