Patient privacy and patient consent management are important to you, me and our families.  We expect the healthcare industry to treat our clinical information very carefully and respect our preferences for sharing this information.  We expect that when we express our intentions about what information should be shared and with whom, they will be respected.

A few states are now creating laws to help regulate patient privacy and consent.  I believe a broader federal regulatory framework should eventually be put in place, but the states are not waiting.  Let me discuss Minnesota’s laws briefly, as I believe it represents a good first start.

Minnesota regulates who can supply health information exchanges in Minnesota with the concept of licensed Health Information Organizations (HIOs) and Health Data Intermediaries (HDIs).  By law, all licensed healthcare providers will need to eventually connect to either an HIO or HDI to support the exchange of patient information.  In addition to these licensed exchange providers, Minnesota has regulated the setup and operations of “Record Locator Services” (RLS).  An RLS is required to be run by HIOs and optionally by HDIs to allow healthcare providers to locate records.  The RLS is essentially an index of where patient information is stored.  For example, ambulance or emergency room staff should be able to quickly access your electronic records at any time of the day or night from your regular doctor’s electronic systems – to potentially save your life!

In addition to regulating this “index” of patient information, Minnesota law also regulates the ability of patients to opt-in and out of this system.  Here is where it gets a little complicated, but necessarily so.  By Minnesota law, the licensed operators of an RLS can load the system with the index information of patient record locations.  To access this system, however, providers must get written patient consent to look them up in the system, with the practical exception where the patient is not responsive enough to give permission.  In addition, the patient is allowed to opt-out of the system.  This means that they cannot be looked up in the system, and this opt-out option is presented to them (again by law) each time they give consent to search the system.

Some states have an opt-in requirement, in which patients must proactively opt-into a statewide system before they can ever be put into it.  In my opinion, these systems are likely to fail.  Most patients won’t understand these systems enough to review the safe guards and security they provide, so the number of opted-in patients will be so low initially that providers will stop using the systems before they becomes useful.  I believe the Minnesota system strikes the right balance between patient opt-in and opt-out rights.

One outstanding issue is that if each state designs its own approach, it will pose difficulties for patients who travel or move to other states. I live in Minnesota, but what if I need care while vacationing in another state with different laws? I think the answer lies in a national standard for patient consent, eliminating confusion when crossing state lines.

At the federal level, the Department of Health and Human Services (HHS) is working on standards for the secure, encrypted exchange of health information at a national level.  As we’ve discussed before, these new standards are called the “Nationwide Health Information Network”, or NwHIN.  Part of these standards defines a patient preferences exchange service.  This exchange service defines a standard computer file (XML) with an industry standard set of privacy preferences, which together allows the exchange of patient preferences between different systems.  While this is a good, straightforward design, the NwHIN system is so new that I am unaware of this feature being implemented anywhere yet.  However, I do think this is a model that states could adopt to allow standardized exchanges between states.

In summary, states like Minnesota are leading the way in regulating how our precious healthcare information is shared.  At the national level, we have a new set of the standards in NwHIN that could form the basis for the national exchange of patient consent and its management.  This is a critical time for our industry and I am hopeful that the right folks will work together and use information technology to further patient privacy and consent.

Patient privacy breaches are in the spotlight right now with a growing number of breaches being reported.  I’ve even had it happen to me personally!  Why is this happening?  Federal regulations require patient privacy issues to be reported, but additionally, as the healthcare industry moves from paper to electronic records, there are just more systems, patient records, and networks being connected to the Internet that will only increase the opportunity for more breaches.

How do we address this issue? I believe there are three ways to help improve patient privacy: better computer systems; better standards; and better education and training of the healthcare industry.

Better Systems
Architecturally, we want health computer systems that are secure from the inside out.  This starts with keeping patient information safe inside hospitals and clinics where the information originates, and not store this private information in centralized databases.  Although some vendors argue that centralized databases are faster and more useful, I believe this is short-sighted thinking and based on older technologies.  As we’ve learned from Google, we can index information without centralizing it.  In fact, the ApeniMED architecture is a “federated” or shared architecture, where information is kept safe and secure with your providers. When patient information needs to be shared, just the indices where the information is located are needed by hospitals and clinics to request appropriate patient information.

Better Standards
Sharing information across the Internet requires strong national standards to ensure reliable and secure exchanges.  For example, NwHIN (Nationwide Health Information Network) standards use the latest military-grade security, requiring that every message be “digitally signed” and encrypted.  This ensures that no one can read the information while it is in transit, and the signatures ensure each message has not been modified and is from the correct sender. ApeniMED is using the NwHIN standards in many projects, and supports an industry-wide effort to adopt these modern standards to help upgrade patient privacy and security.

Better Education and Training
To address these breaches, many companies are investing in new policies, procedures, and education as required by new standards such as HIPAA, and in new certifications for networks like EHNAC.  Even the best technology used carelessly will not improve patient privacy.  Leaving unencrypted laptops in cars, leaving doors open on your network, and similar bad behavior must be addressed with education, training, and certification programs that are just coming online now.

In conclusion – adoption of new federal standards like NwHIN, updated policies, procedures and new technologies will make companies more secure. From the patients’ perspective, this investment will, over time, increase patient privacy, not make it weaker.

Next month, we’ll discuss how you as a patient can provide patient consent for these exchanges, how patient consent varies from state to state, and how the federal government is planning to help you gain even more control of your health information.

Read our official press release here

Read more about the Minnesota Department of Health and Minnesota’s State-Certified Health Information Exchange Service Providers here

The Community Health Information Collaborative (CHIC) operates HIE-Bridge™, a fully functioning, NwHIN-compliant Health Information Exchange and Minnesota’s State-Certified Health Information Organization (HIO).

Read the full article here: http://www.govhealthit.com/news/qa-nwhin-exchange-partners-take-sharing-health-data?page=0,1

http://www.healthcareitnews.com/video/guam-hie-and-hhs-demo-himss12

ApeniMED will demonstrate patient evacuation to an off-island hospital with integrated clinical data exchange in the event of a natural disaster, through collaboration with the Guam HIE and National Disaster Medical System (NDMS) program of the Office of Preparedness and Emergency Operations under Health and Human Services (HHS).

Experience this cutting-edge demonstration in person at the HIMSS 2012 Interoperability Showcase, ONC/FHA Area, Hall G, Booth #11000.

As part of the Obama administration’s ‘Campaign to Cut Waste,’ the White House has continued to focus on reducing funding lost to fraudulent claims.  What’s more, the administration has been fairly successful so far.  According to a December 13^th 2011 press release from Vice President Biden, the Department of Justice recovered over $2.8 billion in healthcare fraud in 2011 and began prosecutions for more than $1 billion in newly identified fraudulent claims.  The focus on healthcare fraud is no surprise given the government estimate of $90 billion in fraudulent payments of CMS’s funds each year.¹

The record for most criminal healthcare fraud cases prosecuted in a single year was set in 2010, as the President’s administration sought to prove their commitment to tackling fraudulent medical payments from Medicare and Medicaid. Yet, the same fraud prosecutions increased nearly 70% in 2011 to a total of 1,235 new healthcare fraud prosecutions.

The prosecution of healthcare fraud made headline news a number of times throughout 2011, including a major fraud bust in Puerto Rico.  The case in Puerto Rico saw 548 defendants charged with healthcare fraud.  Such a large number of fraud charges, especially in a relatively limited population set, will often prompt the question of how these cases are identified for prosecution.

Many of these fraudulent cases are identified through real-time data tracking.  For example, some programs review claims for unnecessary procedures while other programs search for different anomalies in the data.  Another large set of these fraud cases are identified through ‘referrals’ to the US Attorney.  About 4 out of 10 referrals lead to prosecution, yet all but 6 cases referred in Puerto Rico led to prosecution.

The White House continues to focus energy on fighting fraud & abuse within healthcare, which isn’t very surprising given other administration initiatives.  Funds recovered (or prevented from ever being paid out) help to mitigate challenges with agency budgeting and overall funding constraints.  Plus, the government has recovered $7 in fraudulent payments for every $1 spent on the program so far.  In conclusion, the government will be continuing its efforts to prevent fraudulent payments and recover any misappropriated funds.  In response, providers should appropriate preparation to prove the legitimacy of their claims to CMS.

The Electronic Submission of Medical Documentation (esMD) initiative can help providers reduce administrative stress. esMD can help a provider in a number of ways throughout the auditing process. The primary focus is to help providers in the physical submission of supporting medical evidence requested in an audit notice. This medical evidence is transmitted securely over the internet via the Nationwide Health Information Network (NHIN) to CMS, which is then routed to the appropriate contractor. This electronic exchange reduces hard costs associated with an audit, primarily shipping and handling expenses. However, the big advantage to providers is that electronic submissions mean faster audit resolutions.

Faster audit resolutions have a number of benefits for providers, primarily with cash management. There are a number of examples that illustrate this significant benefit. For example:

1. RAC auditors can audit historical claims. Claims do not need to be recent to be audited. What this means to providers is that there is a good chance the money associated with the claim has already been spent and is long gone. If it is determined that an improper payment was made, the provider must repay that money back to CMS out of existing cash that likely is not allocated for that use. The benefit of a faster resolution can help a provider determine cash needs and provide opportunity to challenge any audits.
2. Electronic submission means that the provider can rest assured their response to the audit actually arrived at the appropriate contractor, and more specifically, to the right people at the contractor. The esMD project sends status notifications to the Health Information Handler (HIH), which can then be relayed to the provider to inform successful delivery. The benefit of this is that providers have 45 days to respond to audit notices. If the audit has not been processed CMS will not discriminate and will consider it fraud, even if the RAC contractor is at fault (requiring a repayment of funds associated with the claim).

These two examples illustrate the benefits of esMD beyond the hard savings of shipping and handling. As CMS puts pressure on providers to adopt esMD, providers must consider the benefits beyond hard savings. The true benefits of esMD are significant.

In our last newsletter, I discussed how the convergence of standardized clinical information coupled with the latest artificial intelligence (AI) software technologies, results in what I like to call “Dr. AI”. This month, I’ll discuss how these intelligent services can create a continuous system of care for patients with home-based care.

A connected “Smart Home” can have a significant impact on patients and their families, especially those with chronic or multiple conditions. Home healthcare devices such as electronic scales, iPhone glucometers, and wireless pacemakers can connect directly to providers’ electronic systems, creating a continuous flow of information for around-the-clock care.

The “Smart Home” will become integral with providers’ expert software systems, to support continuous monitoring of incoming information.  These expert systems will analyze and advise on the massive amounts of information coming from all of the connected homes, allowing physicians to focus on the most difficult issues at hand.  How will this all work?  Smart Home communications between your  home and your providers will be enabled by emerging health information exchange (HIE) services.  HIEs provide standardized communications between providers’ electronic record systems, between provider systems and state and federal service, all while maintaining patient privacy.  Using HIEs to interconnect your home and providers will be a natural evolution of their current business-to-business focus.

These new technologies will be a great convenience to patients. With less need to travel to receive medical care, patients will be able to age comfortably in their own homes while receiving more continuous and comprehensive care from “Dr AI”.