HCFA’s Memo Poses Many Questions
A HCFA BULLETIN ISSUED LAST FALL REMINDING Medicare HMOs to avoid using the Internet to transmit Medicare beneficiary data has raised questions among healthcare executives--and few, if any, are getting answers.
The directive stated that in light of provisions set forth under the Privacy Act, HCFA information systems security officers determined that acceptable encryption mechanisms are not yet available for Internet use to insure an acceptable level of privacy. Therefore, the memo continued, "activities using the Internet or an unsecured internal network where the plan provides individual information must cease immediately."
The CIO of one Dallas-based HMO, who asked not to be identified, claims to have received a copy of the Region II (NY office) memo via e-mail from another source. After passing it around the office, it raised quite a high level of concern among the health plan’s executives. Looking for answers, the CIO ran into a brick wall at the memo’s source. "I’ve queried HCFA personally and can’t get an answer." The CIO wanted to find out exactly what kind of Internet activity is permissible, and what the implications are for those who do not comply. "We haven’t put anything on the Internet yet, but we have been seriously looking at that technology to complement our claims processing and IT structure," the CIO says. "We are just kind of proceeding now, hoping [the directive] will go away."
A former HCFA insider, who logged 18 years with the agency and is now vice president for government programs and relations for an HMO in the Northeast, says she wanted to know why this "national policy" came from the regional offices. She, too, had only seen the memo from the New York office, and was concerned to learn that a number of HMO executives within her organization and nationwide claimed not to have seen the memo. After researching the issue for two months without a response from HCFA’s regional or national office, she gave up.
HCFA spokesperson Jennifer Douglas of the New York office maintains that there is no mystery surrounding the memo. It was issued from the regional offices, she explains, and it is "a national [HCFA] policy that information covered by the Privacy Act cannot be sent via the Internet." Furthermore, the policy is not new, just a restatement of a policy that was enacted a few years ago. Then why the difficulty getting answers to questions? A full policy directive should "be coming out very soon" from the national office, explains Douglas, but until then, it is "typically inappropriate for an agency to comment on policy when it is in draft form."
Douglas said she could not comment on the sanctions that could be imposed on non-compliant HMOs, but reiterated that "there is a ban in effect on using the Internet for Medicare-related activities." Craig Schneider, a spokesperson for the Boston regional office of HCFA also stated that to the best of his knowledge, all regional offices sent their Medicare HMOs a version of the memo early last fall and added that his office had fielded "no significant number of complaints" regarding the bulletin.
Pamela Vaupel Shuckman is a healthcare technology writer in Springfield, Va.
Davies Honors Two Organizations, One Vendor
KAISER PERMANENTE NORTHWEST in Portland, Ore., and Northwestern Memorial Hospital in Chicago were recently honored by the Computer-based Patient Record Institute (CPRI) for implementing successful CPRs. However, this year’s Nicholas E. Davies Award for Excellence has a peculiar twist.
For the first time, both Davies award winners implemented a CPR from the same vendor: Epic Systems in Madison, Wis. The 1998 Davies recipients are somewhat removed from many previous winners, including the Department of Veterans Affairs, Kaiser Permanente of Ohio in Cleveland and Regenstreif Institute for Health Care/Indiana University Medical Center in Indianapolis who won the award for their in-house developed CPRs.
Pure happenstance, Ned Simpson, CIO at St. Joseph Mercy Health Network in Ann Arbor, Mich. says of the coincidental selection. The award does not necessarily acknowledge a CPR’s technology, but rather the impact a CPR system has on the way healthcare is delivered, he says. "We identify if the organization has accomplished what they set out to accomplish." According to Simpson, who also is chair of the Davies recognition program organizing commitee, Davies panelists were impressed with both organizations’ relative ease and efficiency installing the CPRs.
Northwestern Memorial Hospital
Northwestern’s CPR began as a research project partially funded by the National Library of Medicine in February 1996, to identify information tools ambulatory care physicians need to make their jobs more efficient. Studies conducted by a group of clinicians revealed that most of their colleagues were not computer proficient, and only a handful even had computers in their homes.
With information about care processes and current physician access to clinical data, Northwestern began a deliberate procedure of implementing a CPR at two ambulatory care sites. The first task was simply putting a workstation on the clinicians’ desks. "We wanted to take them through the cultural process of getting to know a computer as an information and communication tool," says Paul Tang, medical director of information systems at Northwestern Memorial Hospital.
One year, hours of extensive training and pop quizzes, and a dress rehearsal later, Northwestern introduced the EpicCare CPR to about half of the physicians at each site. "The go-live was actually boring," Tang says. "Our time spent in training really paid off."
And physician response to the CPR has been positive, Tang says. Several physicians even purchased their own computers to access the system from home by way of Northwestern Memorial’s intranet. Right now, the EpicCare client resides on their home PCs, but Northwestern plans to replace the client application with browsers that access patient records through the Web.
Northwestern also jointly constructed a rules-based decision support system with Epic based on demographic information, problem lists, medication lists and encounter diagnoses. The data is being used for disease and wellness management programs.
Kaiser Permanente Northwest
Kaiser Permanente Northwest also implemented EpicCare as its CPR, beginning in mid-1995 and completing the 31-site rollout at the end of 1997. About 700 of the 2,100 users are clinicians. "We asked users how they liked the system," says Homer Chin, Kaiser’s assistant regional medical director for clinical information systems. "Eighty-nine percent said they would rather stick to the system than go back to using paper." Clinicians use the CPR for documenting encounters, coding diagnoses and procedures and ordering laboratory results and prescriptions online.
"In terms of information systems, we are on the leading edge," Chin says. "As an integrated delivery system, we have a significant advantage in terms of our ability to pool and assimilate data on all our members." Other organizations tend to have considerable problems integrating data because they are getting lab results, for example, from three or four different sites, he says. "We only have one lab system, one pharmacy system and one transcription system."
Thirty-five of 140 information systems personnel support Kaiser’s CPR which is integrated with a home grown results reporting system. Developed in 1993, the reporting system contains laboratory, radiology and pharmacy records dating back to 1991. Kaiser also is running a decision support system for health maintenance and disease management.
The Davies panel, comprised of 18 healthcare industry professionals, evaluates various papers from organizations that have implemented CPRs, and selects a handful for site visits conducted by panel representatives. Criteria for the Davies award are a CPR system that has integrated data from multiple sources, decision support features, and is the primary source of patient care information for caregivers.
Northwestern Memorial and Kaiser Permanente Northwest will discuss and demonstrate the CPRs at the Davies Symposium during CPRI’s annual meeting, July 9-10, in Washington, D.C. Contact Janice Kennedy at (301) 657-5918 for more information on the symposium.
Pittsburgh Organization Fined $17 Million
THE OFFICE OF THE INSPECTOR GENERAL (OIG) of the Department of Health and Human Services (HHS) finally reached a settlement in late March regarding the improper billing of the State of Pennsylvania Medicare and Medicaid plans. The $17 million settlement targets 18 clinical practice plans affiliated with the University of Pittsburgh School of Medicine. The improper billings were discovered in an audit conducted by the OIG’s Physicians at Teaching Hospitals project, one of several HHS initiatives to combat fraud, misuse and abuse of public health dollars.
The audit revealed that physicians billed for services rendered by residents, and in other cases, services were not supported by sufficient documentation for reimbursement. Reimbursement for attending physicians is covered under Medicare Part B, but according to OIG press officer Judy Holtz, residents and interns cannot be reimbursed for services through Medicare Part B unless the services are delivered with the "physical presence of the attending physicians as personal and direct supervision." Holtz says these regulations have been in effect since 1969.
Of the total settlement figure, the university will pay $14 million to Medicare and $3 million to the Pennsylvania Medicaid program. The 18 adjunctive clinical plans responsible for repayment and settlement deny any liability or wrongdoing. In a statement to the press, the medical center says that the regulations used by the Health Care Financing Administration (HCFA) have been "historically ambiguous and unclear" and that the audit, which was commissioned and paid for by the University of Pittsburgh, "dealt with discrepancies in billing procedures; handling of paperwork was in question, not care of patients." To address misinterpretations over procedures, HCFA revised its standards in 1996. However, the settlement covers billings by the University retroactive to 1991.
While speculation continues as to the origin of these improprieties, spokespersons from both the medical center and OIG agree that the need to maximize communications through better data entry, workflow management and integrated information systems cannot be overemphasized as key elements to reduce the potential for error.
Barbara Hesselgrave is a healthcare writer in Lurav, Va.
Using the Internet to Improve Customer Service
THERE ARE UNLIMITED APPLICATIONS OF INTERNET technology. Some are too far ahead of the market; others, like online enrollment, are right on target. Today’s challenge for healthcare organizations is to apply thoughtful business development processes to use Internet technology so that it produces cost and quality improvements.
Three years ago, Aetna--now Aetna U.S. Healthcare--deployed its consumer-oriented Web service (www.aetnaushc.com), premiering DocFind, an online service that helps members find healthcare providers based on a zipcode and specialty. The service also included online membership, employer and provider services. Now members can access value-added healthcare information through an alliance with Johns Hopkins Medical Center, change their primary care physicians or other enrollment information, and search for a doctor that meets their specific criteria.
Last August, Aetna U.S. Healthcare introduced a pilot of its newest online product, EZenroll. With EZenroll, administrators at Aetna U.S. Healthcare sought to address three essential issues: easy enrollment for members, compliance with disparate state regulations and promotion of accurate and complete enrollment form submission. As national and regional managed care organizations know, enrollment forms are highly regulated on a state by state basis. To begin the online enrollment process at Aetna U.S. Healthcare, a member enters his or her address, including the state. EZenroll automatically displays the correct enrollment form based on the member’s address. Barring errors in entering the correct address, state compliance is automatic.
Administrators designed the form to be self-monitoring. If any information is incomplete or inaccurate, EZenroll will not transmit the form. Instead, the system indicates which areas are incomplete or inaccurate and directs the member to complete or correct these areas before accepting the form. Once submitted, EZenroll scrubs the data and automatically creates ID cards and other membership material and prepares them for mailing to the member.
EZenroll became available to all members in October 1997. Robert Kelly, manager of Web solutions for Aetna U.S. Healthcare, reports that as of January 31, 20 employer groups were using EZenroll for new hires and open enrollment, 2,500 enrollments had been processed by EZenroll and 35 employers had signed up for the service.
Aetna U.S. Healthcare hosts its Web service on a UNIX-Sun computer platform. It uses Web Objects software to create the EZenroll forms and database. Currently, EZenroll is only available for new hires and open enrollments. In this year’s third quarter, it will be available for all member services, including add, change and disenrollment information.
"Aetna U.S. Healthcare has positioned itself as a leader in the use of the Internet," Kelly says. "We continue to develop new products, not for the sake of developing new products, but to serve our customers better." Aetna U.S. Healthcare’s long-term plan is to deploy three new Internet releases each year, depending on the information customers are requesting.
Check These Out
OTHER MANAGED CARE PLANS offering online member services applications:
JHITA Gets Two New Members
THE JOINT HEALTHCARE INFORMATION TECHNOLOGY Alliance (JHITA) has added two organizations, American Health Information Management Association (AHIMA) and American Medical Informatics Association (AMIA), bringing its total membership to five. "With the addition of these new members, we believe JHITA becomes an even more significant force in the healthcare industry," says JHITA chair Galen Briggs, Jr., vice president and CIO at St. Jude Children’s Research Hospital in Memphis, Tenn.
The addition of AHIMA, in particular, gives the alliance important leverage on Capitol Hill as an advocacy group for healthcare information technology. Both AHIMA and JHITA will benefit from the additional representation on legislative and regulatory issues, particularly health information security and confidentiality, which is currently receiving close attention due to mandates put forth in the Health Insurance Portability and Accountability Act of 1996.
Formed in 1997 by the Healthcare Information and Management Systems Society (HIMSS), College of Healthcare Information Management Executives (CHIME) and Center for Healthcare Information Management (CHIM), JHITA was designed to unite leading healthcare information technology associations for joint education, research and advocacy efforts.
New Group Targets Top CIOs
ARE YOU CONSIDERED ONE OF THE TOP HEALTHcare CIOs in the nation? If so, you’ve probably been invited to join 39 of your peers in the Odin Group, Nashville, Tenn.--an organization designed to unite senior IT executives from high profile healthcare organizations.
"The needs of the top CIOs are not being met," says Dan Nutkis, chair of the Odin Group. Accordingly, Nutkis, the former head of Ernst & Young’s push technology Internet venture Connectedhealth.net, formed the Odin Group to provide a networking and resource forum tailored specifically to what Nutkis calls the "brightest minds in healthcare IT."
Unlike other professional healthcare IT organizations such as CHIME, CHIM or HIMSS, the Odin Group targets top IT executives from only the leading provider, payor, pharmaceutical and supplier organizations. "These CIOs have more complex needs," Nutkis says. "Their jobs are more strategic in nature." The group will be limited to 40 executives, each paying $25,000 annually in dues.
Members of the Odin Group are being solicited by invitations from the eight-person governing board, which includes Noel Brown Williams, senior vice president and CIO of Columbia/HCA Healthcare Corp., Nashville, Tenn.; John Parker, Jr., senior vice president, information resources, SmithKline Beecham, Philadelphia; Timothy Sullivan, senior vice president and CIO, Kaiser Permanente, Oakland, Calif.; and Cecilia Claudio, senior vice president and CIO, Anthem, Inc., Indianapolis. As of press time, 32 individuals had committed to membership.
The Odin Group will maintain a handful of researchers to compile statistics and information related to IT issues--much like other research firms. But instead of publishing what researchers have uncovered, statistics, reports and case studies will be available exclusively to members. Only select bits of information will ever reach the public. Members will have access to an electronic listserv to continually share ideas. The group will meet formally three times per year for "knowledge collaboratives."
Topics selected for discussion will be some of the most current issues facing top healthcare IT executives, Nutkis says, such as policies, logistics and personnel management. Other discussions will relate to emerging technologies such as electronic commerce and knowledge bases. Twelve vendors will be included in the Odin Group as advisors to determine member’s needs and attempt to incorporate solutions into their products.
Sharing Information is Goal of Public Health Officials
PUBLIC HEALTH SHARES INFORMATION CHALLENGES with the private sector, namely issues relating to privacy, confidentiality and standardization. But although they often compete on the same field, public health and managed care have very different philosophies--and the problems between the two are heating up, warns Patrick O’Carroll, special assistant to the director of the public health practice office of the Centers for Disease Control and Prevention (CDC) at the University of Washington, Seattle. "Where public health subscribes to the hippie philosophy of ’information wants to be free,’ the private sector says, ’No!’"
Although the federal government uses the Internet as a delivery channel for policy and strategy, information availability at the state and local levels is a complete hodgepodge, reports Clifford Lynch, executive director of the Coalition for Networked Information in Washington, D.C. But with pennies per dollar expended on public health, building an infrastructure and training a workforce is an uphill battle.
Thus, the Centers for Disease Control and Prevention’s Information Network for Public Health Officials (INPHO) has been charged with developing communication links and public health networking applications. The ultimate goal for INPHO is to integrate information between the public and private healthcare sectors.
To address these information sharing issues, public health, health policy and informatics leaders met for the first time in New York City in March for a conference entitled "Accessing Useful Information: Challenges in Health Policy and Public Health," cosponsored by the New York Academy of Medicine and National Library of Medicine.
At the conference O’Carroll presented a progress report on the INPHO study, and with assessments only half completed, he shared his astonishment that the INPHO study is being looked to as a model. "We were feeling our way and couldn’t believe that this was the state of the art."
Strategic partnerships to increase public health awareness began early in 1997 with the CDC and National Library of Medicine, and projects have been expanded for 1998. A major government agency goal is to link every local health department to the Internet by the year 2000.