Dr. James Whitfill
Health IT Viewpoints
April 23, 2015
by Lauren Dubinsky, Senior Reporter
When it comes to health information technology, health care organizations have a lot on their plates. The industry is moving from fee-for-service to value-based care and these organizations are challenged to keep up with the flood of new initiatives. The deadline has been pushed off several times but by October, health care providers must transition from ICD-9 codes to ICD-10 codes. Most providers have now met Stage 1 Meaningful Use requirements and are working tirelessly to meet Stage 2.
Population health management and data security are also at the forefront. Providers must monitor high-risk populations to provide better care and avoid readmissions, and at the same time protect all of that valuable medical data.
HealthCare Business News had the opportunity to discuss these challenges with hospital chief information officers and industry experts. Those professionals also offered advice about ways to succeed in this new health care environment. Additionally, they provided some insight into the game changing technology coming down the pike.
HCBN: ICD-10 deadlines continue to be postponed. What challenges are standing in the way of hospitals transitioning to the new codes and what advice would you give to them?
Dr. James Whitfill of Southwest Diagnostic Imaging, LTD and SIIM board member: While the ICD-10 transition is a huge and complex one, I think many hospitals are as ready as they are going to get, prior to the transition. The last delay was pretty disruptive because it was like planning for a space shuttle launch with all of the years of preparation and then just as the engines were supposed to fire, we called off the launch. There are going to be unknown effects from the transition, but delaying the transition is hurting us now more than just getting it done.
Pamela Jodock, senior director of health business solutions at HIMSS: It is true that repeated changes to the ICD-10 effective date have led some stakeholders to delay implementation activities. However, a number of industry surveys and recent testimony received by the U.S. House of Representatives’ Energy and Commerce Subcommittee on Health hearing titled, “Examining ICD-10 Implementation,” suggests that the majority of affected organizations are well on their way to being prepared.
Those organizations that are just beginning their preparations will have a lot to do in a short period of time. The good news is that there is no shortage of free resources available to assist them in their efforts.
There are a number of tools available on the HIMSS ICD-10 Playbook, including a self-assessment tool that helps providers assess their financial exposure to ICD-10, a budget modeling tool that helps them plan and budget the critical activities necessary to prepare for the transition and an overview of the activities they should be focused on in the time they have remaining.
The CMS Road-to-10 is another great resource. Those further along in their preparations should be taking advantage of the next few months to participate in end-to-end testing with both CMS and their commercial carriers, and thinking about how they will operationalize ICD-10 after the deadline has passed.
HCBN: What have you done or what are you doing to prepare for the transition to ICD-10? Edward Babakanian, chief information officer at the University of California, San Diego Health System: We put together a plan, not only for the technical work, but also for training of our workforce, which certainly includes physicians as well as medical coders. The plan included electronic online education for physicians, coders and the rest of the organization. We’ve been working hard to be prepared and are ready. Our technical component is done and we have put together training material for physicians, and have task forces comprising physicians, nurses and RT folks.
Dr. Allison Suttle, chief medical information officer at Sanford Health: We have been preparing for ICD-10 for a while now. Within our EMR, we have been utilizing the diagnosis and problem list calculator to generate both ICD-9 and ICD-10 codes. This has allowed our coders to begin the dual coding process and begin testing with payors, at the same time familiarizing our providers with the new level of detail needed in ICD-10. We are doing a phased approach to training providers with frequent feedback during the dual coding process.
HCBN: What progress have you made with population health management? Steve Hess, chief information officer of University of Colorado Health: UCHealth has created the structure and process to begin managing populations, and we have integrated those structures with the integrated EHR across University of Colorado Health. Our initial focus is on chronic condition cohorts like diabetes, COPD, and CHF. We have also begun the journey of creating a “big data” analytics engine to enable a personalized or precision medicine approach. This will not only assist in identifying the cohorts needed for true population health management, but it will also allow us to connect the research and learning to individual patient care plans in the EHR.
Dr. Jonathan Leviss, senior vice president and medical director of AMC Health: With reports from our payors, especially Neighborhood Health Plan of RI (Medicaid managed care), we identify high-utilizers and assign nurse care managers to each. We have been able to reduce utilization with some of the dual-diagnosis patients (psychiatric/substance abuse) in collaboration with other statewide efforts. Reports from our EHR also enable us to highlight groups of patients and teams of providers that need extra attention to key quality indicators (screening tests, clinical targets, etc.).
Allison Suttle: We have developed many tools in our EMR for population health and have created a medical home structure in our primary care clinics. Our panel manager nurses are utilizing our registries on patient populations, finding gaps in care and reaching out to at-risk patients with bulk messaging or lab ordering. Care teams are sending questionnaires to patients through our patient portal to close care gaps and increase patient engagement.
HCBN: What was your biggest hurdle when meeting Stage 2 meaningful use requirements?
Kumar Chatani, executive vice president and chief information officer of Mount Sinai Health System: One of our biggest hurdles was managing through vendor delays in delivering 2014 certified systems to support our Stage 2 meaningful use requirements, given the aggressive time frame in which to implement systems and put supporting operational workflows in place. Another hurdle was related to information exchange due to the varying capabilities and readiness of providers in the community to exchange health information.
Steve Hess: University of Colorado Health has successfully attested to Meaningful Use Stage 2 for both eligible hospital and provider. The biggest hurdles were on the transitions of care requirement on the hospital side and patient reminders on the provider side. Both of these requirements are not completely under the hospital and provider control and require greater visibility and process changes. We were successful on both aspects, but it wasn’t trivial to exceed the threshold requirements.
HCBN: How are hospitals doing with Stage 2 MU requirements?
Rod Piechowski, senior director of health information systems at HIMSS. Last fall, it looked like the numbers weren’t as good as they wanted them to be. But the numbers that came out in January showed that 77 percent of eligible hospitals have attested to Stage 2, and 13 percent of eligible physicians have attested.
The numbers are definitely up. You can never say that all hospitals and all physicians will attest, but it looks like the numbers are better. They are also making some changes this year that should make it a lot easier to attest to Stage 2. They are going to realign the hospital reporting periods to the calendar year so it’s not according to the federal fiscal year anymore.
They are also shortening the EHR reporting period for 2015 to 90 days to make it easier for people to select a more likely time throughout the year when they can effectively make the changes they need to in a safe way, so that they can meet the requirements. One of the things that really can help meet the requirements is to think about this in terms of change management. Instead of chasing just meaningful use requirements, it helps to look at this in a large context of organizational change.
It gives you a bigger picture, and if you start to see meaningful use as a component of much larger changes that are occurring over a longer period of time, it can make it a lot easier to figure out how to actually work it into your strategies and tactics for the coming years.
James Whitfill: The meaningful use challenges around stage 2 are really intense. MU has done one thing incredibly well — the level of EMR adoption has skyrocketed in the U.S. in the last six years. However, MU has had one terrible unforeseen effect — the amount of vendor work going in to meet the MU requirements has crowded out all other development around usability and safety. This is nearing a crisis level and I have never seen so many medical societies unified in their voice on a topic as I am seeing around MU and patient safety.
HCBN: With all of these data security breaches cropping up recently, what are you doing to prevent that happening at your hospital?
Sue Schade, chief information officer at the University of Michigan Hospitals and Health Centers: I recently engaged an independent security expert to do an assessment knowing we needed to strengthen our overall IT security program. We have a set of recommendations that we are now working through.
No surprises — like many organizations, strengthening our ability to deal with remote attacks, including phishing and malware, ensuring all devices are encrypted, developing a stronger security culture, increasing awareness of security threats amongst our workforce, and having adequate staffing to support the IT security function.
Edward Babakanian: We have many layers of security from preventative firewalls to protecting systems through encryption. Information that is critical to patient care is accessed only by people who are authorized to use it. We also have systems in place that detect abnormal conditions and we have people who immediately look at that. If there is a probe coming into our environment, we can very quickly shut that down electronically to make sure that unauthorized people can’t get in.
In addition to that, we utilize advanced ‘break the glass’ technology. If an authorized care provider accesses a patient’s record but that individual is not part of the care team for that patient, the system will ask for documentation of the reason for needing to access that information. All such access instances are logged and monitored.
HCBN: What advice would you give to a hospital on how to avoid a data breach?
James Whitfill: The question about preventing a data security breach is one that can fill a week-long seminar and still not cover the topic adequately. Every major industry has been unable to protect against these breaches and the value of stolen health care identity information is increasing on the dark web. When Target, Anthem, and the U.S. government are unable to prevent these kinds of breaches, I think the warning flags are rising that we need a paradigm shift in how we approach this issue because even the best traditional approaches are failing. There is no silver bullet, but the future of our ability to manage data as a society is at risk here.
Lisa Gallagher, vice president of technology solutions at HIMSS:
With regard to security, the focus for hospitals, as well as the industry as a whole, needs to move from a compliance regime to a focus on cybersecurity. This means full, ongoing, and in-depth risk assessment.
I stress ongoing.
So, organizations need to get to the next level of sophistication and expertise in their analysis — monitoring available threat and vulnerability information, sharing information with their peers in a meaningful way, focusing on utilizing detection tools and full forensic analysis. This includes completing the risk analysis cycle, if you will, by doing post analysis on any breach or even suspicious network activity, and using post analysis to understand the threat actors and their motivations.
This will take a concerted and focused effort in the industry and also a partnership with government agencies and departments to utilize their resources, such as threat data, and their law enforcement assets. This really is a call to action for a whole new paradigm.
HCBN: Have you deployed any bring your own device (BYOD) strategies at your hospital to maintain patient privacy and avoid potential data breaches?
Edward Babakanian: My strategy is to saturate the organization with all the technology that is needed so physicians and nurses do not feel like they have to resort to using their own devices. We give them tablets, iPhones and everything else they need to carry out their business.
We have physicians who go to conferences who still need to be on the job so we have designed our systems so that clinical information does not get transferred over to the person who is using their own device. It is an image of it that shows up on the screen that doesn’t get stored there.
HCBN: What BYOD strategies should hospitals deploy?
Lisa Gallagher: First and foremost, hospitals need to make a policy decision as to the ability of employees to connect their devices to the hospital network. If this is allowed, there needs to be a policy in place that clearly states the rules and parameters, and the employee should sign an agreement as a condition of connection. Hospitals should be aware of and/or specify the mobile apps that employees are using for job related functions and monitor the related threats and vulnerabilities. This is an ongoing activity and employee compliance is the key.
HCBN: Are there any game-changers in technology or the way we harness data being discussed today?
Sue Schade: Watching technology evolve and determining how we can leverage it within health care is one of the fun parts of this job. I expect the focus on analytics to grow — we are in the process of developing an overall enterprise analytics roadmap that supports our tri-partite mission of research, education and clinical care. New technologies that support patient engagement and make their experience easier and more convenient will continue to evolve. Our patients expect to see more of what they are used to as consumers of other products and services.
Jonathan Leviss: At my health center, anything that makes it easier for providers to care for patients more efficiently such as HER workflows for primary care and chronic disease management (order sets, collaboration across team members for shared documentation) and virtual collaboration tools. Even simple ones like virtual visits in the EHR to collaborate between providers, nurses, medical assistants and administration staff, enable better and more efficient care even when members of the team are virtual.
Kumar Chatani: A major game-changer in health care technology is to enhance and personalize the patient experience. We are piloting several eHealth applications and telemedicine applications for various clinical departments to improve the patient experience. Another major game-changer is the NY State DSRIP program (Delivery System Reform Incentive Program). This is a major program that will help us coordinate care in the community across 200 partners.
Edward Babakanian: As much as possible, health care should be more preventative and if you help people monitor their health, then they can make healthy choices. Wearable technology enables monitoring of health status indicators such as blood pressure, temperature, glucose level, blood oxygen saturation, and so forth. We think that remote monitoring of patient populations who may be at higher risk levels can reduce the number of admissions or adverse effects. We are excited about the opportunity to further leverage new technology to improve quality, outcomes, patient safety and improved efficiency.
Population health management and data security are also at the forefront. Providers must monitor high-risk populations to provide better care and avoid readmissions, and at the same time protect all of that valuable medical data.
HealthCare Business News had the opportunity to discuss these challenges with hospital chief information officers and industry experts. Those professionals also offered advice about ways to succeed in this new health care environment. Additionally, they provided some insight into the game changing technology coming down the pike.
HCBN: ICD-10 deadlines continue to be postponed. What challenges are standing in the way of hospitals transitioning to the new codes and what advice would you give to them?
Dr. James Whitfill of Southwest Diagnostic Imaging, LTD and SIIM board member: While the ICD-10 transition is a huge and complex one, I think many hospitals are as ready as they are going to get, prior to the transition. The last delay was pretty disruptive because it was like planning for a space shuttle launch with all of the years of preparation and then just as the engines were supposed to fire, we called off the launch. There are going to be unknown effects from the transition, but delaying the transition is hurting us now more than just getting it done.
Pamela Jodock
Pamela Jodock, senior director of health business solutions at HIMSS: It is true that repeated changes to the ICD-10 effective date have led some stakeholders to delay implementation activities. However, a number of industry surveys and recent testimony received by the U.S. House of Representatives’ Energy and Commerce Subcommittee on Health hearing titled, “Examining ICD-10 Implementation,” suggests that the majority of affected organizations are well on their way to being prepared.
Those organizations that are just beginning their preparations will have a lot to do in a short period of time. The good news is that there is no shortage of free resources available to assist them in their efforts.
There are a number of tools available on the HIMSS ICD-10 Playbook, including a self-assessment tool that helps providers assess their financial exposure to ICD-10, a budget modeling tool that helps them plan and budget the critical activities necessary to prepare for the transition and an overview of the activities they should be focused on in the time they have remaining.
The CMS Road-to-10 is another great resource. Those further along in their preparations should be taking advantage of the next few months to participate in end-to-end testing with both CMS and their commercial carriers, and thinking about how they will operationalize ICD-10 after the deadline has passed.
Edward Babakanian
HCBN: What have you done or what are you doing to prepare for the transition to ICD-10? Edward Babakanian, chief information officer at the University of California, San Diego Health System: We put together a plan, not only for the technical work, but also for training of our workforce, which certainly includes physicians as well as medical coders. The plan included electronic online education for physicians, coders and the rest of the organization. We’ve been working hard to be prepared and are ready. Our technical component is done and we have put together training material for physicians, and have task forces comprising physicians, nurses and RT folks.
Dr. Allison Suttle
Dr. Allison Suttle, chief medical information officer at Sanford Health: We have been preparing for ICD-10 for a while now. Within our EMR, we have been utilizing the diagnosis and problem list calculator to generate both ICD-9 and ICD-10 codes. This has allowed our coders to begin the dual coding process and begin testing with payors, at the same time familiarizing our providers with the new level of detail needed in ICD-10. We are doing a phased approach to training providers with frequent feedback during the dual coding process.
Steve Hess
HCBN: What progress have you made with population health management? Steve Hess, chief information officer of University of Colorado Health: UCHealth has created the structure and process to begin managing populations, and we have integrated those structures with the integrated EHR across University of Colorado Health. Our initial focus is on chronic condition cohorts like diabetes, COPD, and CHF. We have also begun the journey of creating a “big data” analytics engine to enable a personalized or precision medicine approach. This will not only assist in identifying the cohorts needed for true population health management, but it will also allow us to connect the research and learning to individual patient care plans in the EHR.
Dr. Jonathan Leviss
Dr. Jonathan Leviss, senior vice president and medical director of AMC Health: With reports from our payors, especially Neighborhood Health Plan of RI (Medicaid managed care), we identify high-utilizers and assign nurse care managers to each. We have been able to reduce utilization with some of the dual-diagnosis patients (psychiatric/substance abuse) in collaboration with other statewide efforts. Reports from our EHR also enable us to highlight groups of patients and teams of providers that need extra attention to key quality indicators (screening tests, clinical targets, etc.).
Allison Suttle: We have developed many tools in our EMR for population health and have created a medical home structure in our primary care clinics. Our panel manager nurses are utilizing our registries on patient populations, finding gaps in care and reaching out to at-risk patients with bulk messaging or lab ordering. Care teams are sending questionnaires to patients through our patient portal to close care gaps and increase patient engagement.
HCBN: What was your biggest hurdle when meeting Stage 2 meaningful use requirements?
Kumar Chatani
Kumar Chatani, executive vice president and chief information officer of Mount Sinai Health System: One of our biggest hurdles was managing through vendor delays in delivering 2014 certified systems to support our Stage 2 meaningful use requirements, given the aggressive time frame in which to implement systems and put supporting operational workflows in place. Another hurdle was related to information exchange due to the varying capabilities and readiness of providers in the community to exchange health information.
Steve Hess: University of Colorado Health has successfully attested to Meaningful Use Stage 2 for both eligible hospital and provider. The biggest hurdles were on the transitions of care requirement on the hospital side and patient reminders on the provider side. Both of these requirements are not completely under the hospital and provider control and require greater visibility and process changes. We were successful on both aspects, but it wasn’t trivial to exceed the threshold requirements.
HCBN: How are hospitals doing with Stage 2 MU requirements?
Rod Piechowski
Rod Piechowski, senior director of health information systems at HIMSS. Last fall, it looked like the numbers weren’t as good as they wanted them to be. But the numbers that came out in January showed that 77 percent of eligible hospitals have attested to Stage 2, and 13 percent of eligible physicians have attested.
The numbers are definitely up. You can never say that all hospitals and all physicians will attest, but it looks like the numbers are better. They are also making some changes this year that should make it a lot easier to attest to Stage 2. They are going to realign the hospital reporting periods to the calendar year so it’s not according to the federal fiscal year anymore.
They are also shortening the EHR reporting period for 2015 to 90 days to make it easier for people to select a more likely time throughout the year when they can effectively make the changes they need to in a safe way, so that they can meet the requirements. One of the things that really can help meet the requirements is to think about this in terms of change management. Instead of chasing just meaningful use requirements, it helps to look at this in a large context of organizational change.
It gives you a bigger picture, and if you start to see meaningful use as a component of much larger changes that are occurring over a longer period of time, it can make it a lot easier to figure out how to actually work it into your strategies and tactics for the coming years.
James Whitfill: The meaningful use challenges around stage 2 are really intense. MU has done one thing incredibly well — the level of EMR adoption has skyrocketed in the U.S. in the last six years. However, MU has had one terrible unforeseen effect — the amount of vendor work going in to meet the MU requirements has crowded out all other development around usability and safety. This is nearing a crisis level and I have never seen so many medical societies unified in their voice on a topic as I am seeing around MU and patient safety.
HCBN: With all of these data security breaches cropping up recently, what are you doing to prevent that happening at your hospital?
Sue Schade
Sue Schade, chief information officer at the University of Michigan Hospitals and Health Centers: I recently engaged an independent security expert to do an assessment knowing we needed to strengthen our overall IT security program. We have a set of recommendations that we are now working through.
No surprises — like many organizations, strengthening our ability to deal with remote attacks, including phishing and malware, ensuring all devices are encrypted, developing a stronger security culture, increasing awareness of security threats amongst our workforce, and having adequate staffing to support the IT security function.
Edward Babakanian: We have many layers of security from preventative firewalls to protecting systems through encryption. Information that is critical to patient care is accessed only by people who are authorized to use it. We also have systems in place that detect abnormal conditions and we have people who immediately look at that. If there is a probe coming into our environment, we can very quickly shut that down electronically to make sure that unauthorized people can’t get in.
In addition to that, we utilize advanced ‘break the glass’ technology. If an authorized care provider accesses a patient’s record but that individual is not part of the care team for that patient, the system will ask for documentation of the reason for needing to access that information. All such access instances are logged and monitored.
HCBN: What advice would you give to a hospital on how to avoid a data breach?
James Whitfill: The question about preventing a data security breach is one that can fill a week-long seminar and still not cover the topic adequately. Every major industry has been unable to protect against these breaches and the value of stolen health care identity information is increasing on the dark web. When Target, Anthem, and the U.S. government are unable to prevent these kinds of breaches, I think the warning flags are rising that we need a paradigm shift in how we approach this issue because even the best traditional approaches are failing. There is no silver bullet, but the future of our ability to manage data as a society is at risk here.
Lisa Gallagher, vice president of technology solutions at HIMSS:
With regard to security, the focus for hospitals, as well as the industry as a whole, needs to move from a compliance regime to a focus on cybersecurity. This means full, ongoing, and in-depth risk assessment.
I stress ongoing.
So, organizations need to get to the next level of sophistication and expertise in their analysis — monitoring available threat and vulnerability information, sharing information with their peers in a meaningful way, focusing on utilizing detection tools and full forensic analysis. This includes completing the risk analysis cycle, if you will, by doing post analysis on any breach or even suspicious network activity, and using post analysis to understand the threat actors and their motivations.
This will take a concerted and focused effort in the industry and also a partnership with government agencies and departments to utilize their resources, such as threat data, and their law enforcement assets. This really is a call to action for a whole new paradigm.
HCBN: Have you deployed any bring your own device (BYOD) strategies at your hospital to maintain patient privacy and avoid potential data breaches?
Edward Babakanian: My strategy is to saturate the organization with all the technology that is needed so physicians and nurses do not feel like they have to resort to using their own devices. We give them tablets, iPhones and everything else they need to carry out their business.
We have physicians who go to conferences who still need to be on the job so we have designed our systems so that clinical information does not get transferred over to the person who is using their own device. It is an image of it that shows up on the screen that doesn’t get stored there.
HCBN: What BYOD strategies should hospitals deploy?
Lisa Gallagher
Lisa Gallagher: First and foremost, hospitals need to make a policy decision as to the ability of employees to connect their devices to the hospital network. If this is allowed, there needs to be a policy in place that clearly states the rules and parameters, and the employee should sign an agreement as a condition of connection. Hospitals should be aware of and/or specify the mobile apps that employees are using for job related functions and monitor the related threats and vulnerabilities. This is an ongoing activity and employee compliance is the key.
HCBN: Are there any game-changers in technology or the way we harness data being discussed today?
Sue Schade: Watching technology evolve and determining how we can leverage it within health care is one of the fun parts of this job. I expect the focus on analytics to grow — we are in the process of developing an overall enterprise analytics roadmap that supports our tri-partite mission of research, education and clinical care. New technologies that support patient engagement and make their experience easier and more convenient will continue to evolve. Our patients expect to see more of what they are used to as consumers of other products and services.
Jonathan Leviss: At my health center, anything that makes it easier for providers to care for patients more efficiently such as HER workflows for primary care and chronic disease management (order sets, collaboration across team members for shared documentation) and virtual collaboration tools. Even simple ones like virtual visits in the EHR to collaborate between providers, nurses, medical assistants and administration staff, enable better and more efficient care even when members of the team are virtual.
Kumar Chatani: A major game-changer in health care technology is to enhance and personalize the patient experience. We are piloting several eHealth applications and telemedicine applications for various clinical departments to improve the patient experience. Another major game-changer is the NY State DSRIP program (Delivery System Reform Incentive Program). This is a major program that will help us coordinate care in the community across 200 partners.
Edward Babakanian: As much as possible, health care should be more preventative and if you help people monitor their health, then they can make healthy choices. Wearable technology enables monitoring of health status indicators such as blood pressure, temperature, glucose level, blood oxygen saturation, and so forth. We think that remote monitoring of patient populations who may be at higher risk levels can reduce the number of admissions or adverse effects. We are excited about the opportunity to further leverage new technology to improve quality, outcomes, patient safety and improved efficiency.