It would be hard to dispute that the health IT industry is in the thick of an exciting journey that will transform the U.S. healthcare system. As we shift from a fee-for-service-based payment system to one that rewards value-based care, plenty of initiatives are on healthcare organizations’ plates, such as meaningful use, ICD-10, value-based purchasing, bundled payments, data privacy regulations, and accountable care organizations (ACOs).
These programs, efforts, and mandates all are part of the voyage to the “new” healthcare, one that began a few decades ago but was reinforced with President Obama’s Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, which authorized tens of billions of dollars in federal subsidies to doctors and hospitals for the meaningful use of electronic health records (EHRs).
This whirl of activity at the federal level—paralleled by insurers’ efforts to support medical homes and ACOs—has motivated many provider organizations to actively prepare for the reimbursement changes that loom ahead. The new healthcare system is still taking shape, but it will clearly involve increased financial and clinical accountability. As such, a plethora of legislation and policy issues are now present—and will continue to emerge—for patient care organizations of all sizes. For this feature, Healthcare Informatics Associate Editor Rajiv Leventhal spoke with various health IT policy experts and leaders to get a gauge on how medical professionals are dealing with the snowball effect of federal mandates that are hitting the industry.
RAMPING UP SECURITY
In healthcare, access to data and information is so strongly demanded by patients, providers, payers and employees, that it is fast becoming a major area of data security risk. Unfortunately, unlike in many other industries, in healthcare, IT security has historically often fallen short as a top C-suite-level concern.
But according to Jeff Smith, senior director of federal affairs for the Ann Arbor, Mich.-based College of Healthcare Information Management Executives (CHIME), that is beginning to change. In February, the Commerce Department’s National Institute of Standards and Technology (NIST) released a final version of a voluntary framework for reducing cybersecurity risks to critical infrastructure, which includes the healthcare sector. Smith says that CIOs should understand how the framework aligns with or distracts from their current strategy.
CHIME’s president and CEO, Russell P. Branzell, adds that while the framework came out as voluntary, it will eventually become a standard by which patient care organizations will be judged. But Branzell says, “If we had to comply today as an industry, it would be pretty daunting for most of the organizations that we represent.” In trying to compare healthcare with banking and manufacturing, for example, “We’re simply not there yet,” he says.
Meanwhile, in Congress, while there are a few pieces of legislation being entertained in the House of Representatives and the Senate, Smith says he doesn’t anticipate anything getting signed in the near term. “But it’s indicative of where congressional eyes are looking. As far as healthcare, I think you will see more activity at the agency level, such as the Department of Homeland Security and the Department of Health and Human Services (HHS). I would expect that you will see more collaboration,” he says. Smith adds that with privacy and security policy, much of that does fall in privy of statehouses. “You have HIPAA [the Health Insurance Portability and Accountability Act] of course, but many states go deeper and wider than what HIPAA requires. It would make sense for state legislatures to think about how they would want to handle this.”
However, Smith explains that this will create a patchwork, like what we see right now in the industry. Taking patient consent as example, it’s easier to share information in some states compared to others, he says. “What’s important is that the awareness factor is definitely there, and I don’t see that retreating in the near future. People I talk to are cognizant of the fact that if the industry doesn’t step up and self regulate, they will have to deal with the government. That’s not necessarily the best option because of all of the complexities that come into play whenever you’re running a federal program and trying to manage data locally,” he says. “As you stand up and start digitizing healthcare, you have to be very cognizant of the fact that there are bad actors out there, so you to figure out what the proper role is for the government.”
Branzell himself is pushing for more consistency from different federal agencies. “The more assistance we get from the federal government, the more the industry as an aggregate whole can assist, and the better off we will be,” he says. “What’s concerning is that we may get this guidance from a few different places. You have the Office of Inspector General (OIG), the Office of the National Coordinator for Health Information Technology (ONC), and what you end up with are things that conflict with each other. We would love to see consistencies across all these agencies and legislation. That may be unrealistic given past trends, but if there was ever a time when healthcare needed more consistency out of the government, it would be now.”
Russell P. Branzell
In rural Morehead, Ky., the 159-bed St. Claire Regional Medical Center is included in the Good Help ACO group along with five Bon Secours local healthcare systems across the U.S. St. Claire’s CIO, Randy McCleese, says that in the ACO, his organization’s security requirements are different than Bon Secours’ requirements. “As an industry, we don’t know everything we need to know in order to put the standardized processes and procedures in place. We still have a ways to go,” he says.
McCleese feels that the laws and regulations are there, but how to respond in a cost-effective, patient-friendly, and user-friendly manner still needs to be figured out. “From an IT standpoint, I have a guy that says he can lock everything down. I say yes you can, but can the caregivers get to the data they need in order to take care of the patients? Physicians already are complaining when they think it takes them longer than it should to go through secure login processes when they boot up their computers. All the things we have done from a security standpoint, we still don’t want to hinder anyone or stand in the way,” he says.
MU HELP: TOO LITTLE, TOO LATE?
In May, the Centers for Medicare & Medicaid Services (CMS) and ONC proposed a rule that states that providers can use the 2011 Edition of Certified EHR Technology (CEHRT) or a combination of the 2011 and 2014 Editions of CEHRT for the EHR reporting period in 2014 for the Medicare and Medicaid EHR Incentive Programs. In 2015, the rule proposes that hospitals and professionals would be required to report using 2014 Edition CEHRT.
Soon after, various industry associations—including CHIME—were outspoken following the release of the proposed rule, feeling that if the government acted quickly to finalize the rule, it would provide the flexibility needed for provider organizations. However, to date, CMS and ONC have provided no such final rule, which has seemed to disappoint and irk many in the industry.
According to Smith, CHIME has had conversations with CMS and ONC concerning this issue for the better part of a year, and the feeling was that talks were really getting somewhere. However, Smith says that over the course of many months, the belief was that the federal agencies obviously did not believe the advocacy groups when it came to the challenges that people were facing. “When they put this out in May, it was a validation of what we were saying, but at the same time, it doesn’t give organizations—especially hospitals—a chance to react,” Smith says. “Many will take advantage of the new flexibility, but others are hesitant to change course, and some more do not feel like it pertains to them because of the way the rule is written.”
McCleese wonders if the federal agencies that are looking at the rule and making changes even understand what it takes to get a system in place. In addition to being St. Claire Regional CIO, McCleese is also CHIME’s board chairman, and has sat in on meetings with the agencies. “The questions we have been asked tell me that they don’t comprehend the magnitude and complexity of the system upgrades and changes that have to go on,” he says.
For McCleese’s medical center, going back to do an attestation with Stage 1 rules is not in the cards because they have already upgraded to the Stage 1 2014 and Stage 2 required software, he says. “We would have to go back and change the system, and we can’t do that. We have to move forward. That leads me to believe they don’t comprehend what we’re going through. I appreciate the effort, but it just wasn’t done in enough time,” he says.
As such, at St. Claire Regional, meaningful use has become an incredible burden because of the way the organization is divided, says McCleese. The medical center had to do meaningful use as three different groups, with the hospital being one, family medicine another, and specialty medicine a third. Keeping up with all that can be a nightmare, he says, because St. Claire Regional first started with family medicine in the days before the Stage 2 rules came out, which meant it had to qualify each one of those physicians as individuals rather than as a clinic. “We’re now at the point where we’re trying to keep track of them as individual physicians, and they have moved into Stage 2. Our hospital has done Stage 1, Year 1, and is now in the process of Stage 1, Year 2, 2014 requirements. For our specialty clinics, we have applied for a hardship exception [but have not yet heard back]. So as you can see from a regulatory standpoint, meaningful use has been an unbelievable burden,” McCleese says.
Branzell adds that since the very first portion of Stage 1 was a huge success, the federal government thought they could continue to ride that wave of success. That wasn’t the case, as a lot of people didn’t put in for Stage 2, and many were still trying to optimize Stage 1, so when Stage 2 came around, it wasn’t what people thought it should be, which was an easy add on to Stage 1, says Branzell. “Now, there is recognition of how difficult this all really is,” he says. “It sounds simplistic to say ‘I’m going to put in a patient portal.’ Sure, I can get software going in a month, but getting a community to change its behavior, change the culture, and enable people to want to have it is not something that happens in a month.”
PURSUING ACO INITIATIVES
With continued government support of ACOs and considerable growth in the number of organizations becoming ACOs, the prospect of such organizations becoming a dominant model in care delivery seems very real. About four million Medicare beneficiaries are now in an ACO, and, combined with the private sector, some 600 provider groups have already signed up, according to industry estimates.
While the opportunity to surge ahead into an ACO is more enticing now than perhaps ever before, plenty of hurdles remain. In the Good Help ACO group, the main challenge is being able to provide the data that is being required, says St. Claire’s McCleese. “We’re a very small part of that ACO that is being driven by Bon Secours—a much larger organization. But our reason for getting into that was to learn,” he says. “And we are learning. We’re starting to understand the complexities and learning things we should be doing, such as coaching and counseling for patients. We’re also seeing when patients are moving along to other providers. It is having the correct effect for us that we intended.” McCleese adds that while it’s a tremendous amount of work, most of that burden is on front end, and once the systems, processes, and procedures are set up, he thinks it will be easier to maintain it moving forward.
According to Branzell, the model of ACOs still has a fundamental flaw, and that’s the lack of individual responsibility. “To hold organizations accountable for the wellness of people, their improved health, and the cost constraints without any individual responsibility—which is how most ACOs are set up—is a flaw,” he says. “How can you hold a primary care provider responsible for someone keeping their weight under control when that person has no incentive and/or penalty to do that? I don’t know how that works. So there is still misalignment there,” Branzell says. The other part, he adds, is the challenge of getting physicians to transition to a risk-based model when many are still operating in a fee-for-service model. Often, a small portion of their work is in the ACO, and that almost works against the operation of the office/hospital, Branzell notes.
Still, everyone understands that ACO participation is going to become the standard, says Anita Samarth, CEO and co-founder of the Washington D.C.-based consulting firm Clinovations Government Solutions. Now, the industry is moving beyond the Pioneer ACO community, but communicating payment and reimbursement models to ambulatory practices is still to be determined. “Everyone knows they need to participate, yet no one knows what it will look like,” Samarth says. “You don’t want to be left out, but you have no clue what it will mean to the bottom line. Yes, the provider community is definitely thinking a lot more about it today, but if your technology isn’t really built to support you, that is a problem. It’s just not as clear and straightforward as when providers used to sign up with their payers and get their reimbursement rates and fee schedule. That model doesn’t exist in ACOs today,” she says.
A HEAVILY-BURDENED FUTURE
As the transition to ICD-10 continues to get pushed back—either by federal agencies or Congress—it becomes increasingly difficult to operate a healthcare business. It seems as if this mandate has become a symbol for how the industry is currently feeling—lots of waiting and more confusion from multi-million dollar institutions that have a whole host of things to be concerned about, while often pleading for more direction.
It’s an unprecedented time in healthcare right now, and CIOs are feeling the heat. Statistics say that a CIO’s responsibilities have increased, in terms of both scope and complexity, by 25 percent to 50 percent since the passage of HITECH. One such CIO, McCleese, says he isn’t seeing any easing in the near future. “We have been [going] all out for three years getting everything in place, and now folks are getting tired. They’re saying they don’t want to do all of this anymore, that it’s getting to be way too much,” he says. “We recently had a 60-year old surgeon who said, ‘Frankly, I don’t want to do this, I’m going to retire.’ We anticipated him with us for six or seven more years. It’s a loss, and the question is, Are we pushing people like that out of the business?”
McCleese adds that regardless of age or experience, those physicians who see the big picture will be the ones who are likely to buy in, but those who can’t see it won’t buy in. He tells the story of a surgeon from a few years ago who was looking at software and talking about how you can see what happened to the patient as they moved through the transition of care. The surgeon said, “I don’t care what happens to him in primary care. I’m only interested in taking care of him when he is my patient in surgery.” Clearly, some providers are still not seeing the full continuum of care affecting what they do in any specific point in time for their patient, McCleese says. “From an executive standpoint, we need to keep providing education, because doctors need to understand that what they do has an effect on the entire continuum of care for that patient.”
Not only are providers facing simultaneous challenges when it comes to federal mandates, but nothing is really aligned properly, adds Samarth. There are different reporting needs for people in different years of meaningful use, different reporting for different ACOs, different reporting for different payers, reporting for your state and local public health departments, and you have national reporting and reporting for specific registries. “That’s just off the top of my head,” Samarth says. “There is no single measurement protocol to conform to. Are we seeing fewer measures? No, we’re adding, not subtracting.” And too many times, says Samarth, organizations are entirely dependent on one person to provide the expertise. “If that person were to leave the organization, who knows what would happen?”
When Branzell was asked if the burden will get any easier in the years to come, he was no more optimistic than Samarth or McCleese. “I would love to give you a hopeful answer, but the reality is that this is the new status quo. You will be in some form of implementation/change transition for probably a decade or decades to come,” he says. “People are working on three or four initiatives with competing resources that overlap, so it’s not realistic to expect downtime in any foreseeable future.”
The key to providers being providers is getting them involved on the front end in a different way within their organizations, Branzell continues. Goals and objectives need to be connected to improve the organization—whether that’s physician workflow, quality and safety, patient outcomes, or financial, define it on the front end and engage not just providers, but nurses, pharmacists, therapists, etc., he says. “That way, we can see a benefit from the money and effort we are all putting in. But connectivity and transparency are the keys. I would much rather have providers as my allies on the front end then try to convince them that what someone put in on the back end is good for them.”