I'm pleased to announce that HealthBlawg has been named to the ABA Journal Blawg 100. I appreciate the recognition, and the nominations from you, dear readers, that put this blawg on the list. I do not envy the editors who had to make the tough decisions -- there are many more than 100 deserving blawgs out there.
Since I began blogging over three years ago, I have been fortunate enough to get to know many bloggers -- including some of the other honorees -- both IRL (in real life) and virtually (via blogging and, more recently, via Twitter). It has been an incredibly enriching experience; thank you, all.
The next phase of the Blawg 100 involves the general public, not just the ABA Journal's editorial staff. Public voting will determine the ranking of blawgs within several editorial categories; HealthBlawg is in the "Practice Specific" category.
I would greatly appreciate your vote, not just in recognition of this blawg, but in recognition of health care law and policy as a significant practice area -- one that has not been represented in the ABA Journal Blawg 100 to date. Please take a few moments to register on the ABA Journal website, and then vote for HealthBlawg. Voting is open through the end of December. Even though the ABA Journal is based in Chicago, I will refrain from exhorting you to vote early and often.
As
patients, as family members, as friends, as health care providers, we
have all faced end-of-life issues at one time or another, and we will
face them again. And again.
This weekend, the "Engage With
Grace" message is being broadcast virally, through a "blog rally," at a
time when many people are with family and friends over the long
weekend. The point is: we all need to have the potentially
uncomfortable conversation with people close to us about what kind of
treatment we would want, and they would want, if incapable of making or
communicating health care decisions. (Check out coverage of last year's blog rally in the Boston Globe.)
End-of-life
decision-making has long been an issue of great personal and
professional interest to me, and I am proud to have played a role in
having out-of-hospital DNR orders recognized in Massachusetts by EMS providers, as an example.
Download your copies of the Massachusetts health care proxy form or other states' proxy or living will forms
-- and add specific instructions about nutrition, hydration, and
anything else that is important to you so that everything is crystal
clear. My mom kept a stack of living will forms in the dining room
when I was growing up, and was not shy about raising the issue with
dinner guests and offering to witness their directives. Having the
conversation is a starting point; we all need to follow through and
make sure that our loved ones' wishes are documented, placed in medical
records, discussed with physicians and other caregivers, and honored.
When I have
the opportunity to speak to groups of lawyers or health care providers,
I often ask for a show of hands: how many of you have health care
proxies? The percentage seems to have increased over time, but it is
still not where it needs to be. If
groups that should be above average in this respect are not all raising
their hands, then we clearly have a lot to do in terms of educating the
general public about the need to have the sometimes difficult
conversation with friends and family members. That's what the Engage
With Grace project is all about. And with that, I turn over this post
to Engage With Grace:
* * *
Last Thanksgiving weekend, many of us bloggers participated in the first documented “blog rally” to promote Engage With Grace – a movement aimed at having all of us understand and communicate our end-of-life wishes.
It was a great success, with over 100 bloggers in the healthcare space and beyond participating and spreading the word. Plus, it was timed to coincide with a weekend when most of us are with the very people with whom we should be having these tough conversations – our closest friends and family.
Our original mission – to get more and more people talking about their end of life wishes – hasn’t changed. But it’s been quite a year – so we thought this holiday, we’d try something different.
A bit of levity.
At the heart of Engage With Grace are five questions designed to get the conversation started. We’ve included them at the end of this post. They’re not easy questions, but they are important.
To help ease us into these tough questions, and in the spirit of the season, we thought we’d start with five parallel questions that ARE pretty easy to answer:
Silly? Maybe. But it underscores how having a template like this – just five questions in plain, simple language – can deflate some of the complexity, formality and even misnomers that have sometimes surrounded the end-of-life discussion.
So with that, we’ve included the five questions from Engage With Grace below. Think about them, document them, share them.
Over the past year there’s been a lot of discussion around end of life. And we’ve been fortunate to hear a lot of the more uplifting stories, as folks have used these five questions to initiate the conversation.
One man shared how surprised he was to learn that his wife’s preferences were not what he expected. Befitting this holiday, The One Slide now stands sentry on their fridge.
Wishing you and yours a holiday that’s fulfilling in all the right ways.
Today's HIPAA and Your Social Media Strategy webinar, which I presented together with Jamie Verkamp of (e)Merge, was a success. We had a good turnout, interesting questions and engaging discussion. Here is a version of the slide deck I used today, complete with links to other useful resources here atHealthBlawgand elsewhere on the web.
Jamie and I will be repeating this webinar in two weeks, on December 2 , at 1:00 p.m. Eastern, 12:00 Central. If you missed it the first time around, or would like to recommend it to a colleague, you can register here.
If you have any questions or comments on the subject, we'd like to hear from you.
Today's Boston Globe reports on a feature of the Massachusetts universal health care law that may be replicated at the national level: MassHealth -- the Massachusetts Medicaid program -- has been covering the costs for smoking cessation counseling and medications for eligible enrollees.
Using the data available, researchers were able to associate the roll-out of these services with a significant drop in smoking rates -- a drop not seen among the small percentage of Bay Staters who remain uninsured.
Not only that, but there are cost savings involved. Fewer health care services are required by nonsmokers -- notably, less asthma and heart attack related services.
Thanks to aggressive promotion of the services through a variety of channels, 40% of eligible smokers enrolled, as opposed to the 5-10% that the program anticipated.
The success of this program had previously been announced by the Commonwealth in June.
Bottom line from the Globe:
Although the study being released today does not assess whether the stop-smoking campaign reduced health care costs overall, the findings led some advocates to call on the state to make all health plans - public and private - provide cessation programs with low co-pays and deductibles.
As health reform is further debated at the national level, we need to focus on the investments that may be made in the nation's health that will yield monetary as well as quality returns, and this initiative is certainly one that is worthy of closer examination.
HIMMS Analytics surveyed about 250 hospital and business associate representatives, and came up with some figures to back up what we all knew in our hearts: Most hospitals are gearing up for compliance with the HITECH Act / Son of HIPAA data security and breach notification requirements, but many experience data breaches -- about half of hospitals surveyed in the past year -- and business associates lag behind hospital in awareness and preparedness for compliance with new business associate requirements.
Anyone who needs to be convinced that attention must be paid to this issue need only check out the cautionary tale of the Virginia prescription record security breach or any of the many breaches detailed here or here.
The survey provides a handful of key take-away points:
Risk assessments are common practice but alone do not mitigate breach risks.
Large hospitals experience the most data breaches and are at the greatest risk for future incidents.
Business associates are generally unprepared to meet the new data breach related obligations brought on by the HITECH Act.
Health care organizations are prepared to sanction business associates that don’t comply with the regulations outlined in the HITECH Act.
Inter-departmental disconnects between IT and Compliance on data breach policies and procedures leave hospitals at risk.
Bottom line: most health care provider organizations and most business associates (vendor organizations) have a great deal of work to do, not only in terms of conducting a through review of policies and procedures so as to come up with a gap analysis, but also in terms of implementing policies and procedures to fill the gaps identified, and to conduct appropriate trainings at all levels of the organization, including clear delineation of lines of communication regarding data security matters.
The Harlow Group network stands ready to assist provider and vendor organizations in preparing themselves for full compliance with the new HIPAA requirements promulgated in the HITECH Act and its regulations.
Yesterday I had the pleasure of sharing the podium -- at least virtually -- at the Oklahoma Hospital Association's annual meeting with two leaders in the health care social media sphere, Ed Bennett of the University of Maryland Medical System and Lee Aase of the Mayo Clinic, for a program on health care social media presented by the Public Relations and Marketing Society of the OHA. Our host, Brenda Finkle, and others, livetweeted the session. Here for your perusal are our presentations.
Health care providers: If your patient records aren't already stored digitally, they are
likely to be digitized soon. There is a tremendous push by the federal
government -- as well as by some private payors and self-insured
employers -- to get all health care providers wired in the near future, in
order to better coordinate patient care, improve outcomes, and "bend
the cost curve" all at the same time. There are some financial
incentives in play to achieving "meaningful use"
of "certified" EHR systems; those terms are to be defined in federal
regulations later this year, but the outlines of those definitions are
already pretty clear.
Once all that patient data -- or as it is known in HIPAA-speak,
protected health information (PHI) -- is stored electronically, it becomes
exposed to potential data breaches. In late September, two sets of
federal regulations took effect that address the way in which PHI
should be maintained, and the steps that should be taken to prevent a
data breach and to notify the government and affected individuals in
the event there is a data breach. Compliance with these rules -- issued
under authority of the HITECH Act by the US Department of Health and Human Services (HHS) with respect to health care providers, and by the Federal Trade Commission
(FTC) with respect to EHR vendors and other similar third
parties -- requires affected practices and businesses to assess and update
their data privacy and security policies and procedures, as well as
train all affected staff accordingly.
The exposure in case of violation is significant, both in terms of
fines and penalties and in terms of bad publicity-certain data breaches
require notice to potentially affected individuals via the general
media in addition to notices required to be fled with the regulators.
The new rules -- I call them Son of HIPAA -- are layered on top of existing
HIPAA privacy and security rules, the FTC's Red Flags Rule
regarding identity theft protections to be put in place by any
"creditor" (which includes health care providers not paid in full at the
time of service -- though the effective date of Red Flags Rule is now delayed yet again), and state privacy rules. While HHS and FTC took some
pains to harmonize the new rules so that patients will not be bombarded
with multiple data breach notifications about the same incident, for
example, the other applicable rules out there have not been harmonized.
The key concept in the new breach notification rules is that
encryption of patient data will eliminate the need to notify patients
and the federal regulators in case of an inappropriate release of data.
Such a release, if the data is encrypted (i.e., unusable, unreadable, or
indecipherable), is not considered a breach. Encryption is not
required, though, and each affected entity must engage in a
cost-benefit analysis before deciding whether to encrypt all affected
data.
Another important aspect of the rule is the concept of harm-the
regulators decided that not every data breach should trigger all of the
notice requirements, just breaches that "pose a significant risk of
financial, reputational, or other harm to the individual." For example,
if an employee of a health care provider accesses a patient record
inappropriately, but immediately realizes his or her mistake, and exits
the record quickly and does not retain any PHI, that is not a
reportable data breach.
Finally, "business associates" under HIPAA are now required to
implement policies and procedures to maintain privacy and security of
PHI, parallel to those that have been required of "covered entities"
under HIPAA since the beginning. All business associate agreements and
notice of privacy practices (NPPs) will have to be updated to account
for the new requirements before February. Health care providers that
wish to distinguish themselves should consider revising their NPPs to
highlight the ease with which they will make copies of records
available to patients. This is a bone of contention for many patients,
and ensuring that patients' rights to their records are easily exercised could be a way to build goodwill among patients and potential patients.
This is an extremely brief introduction to a very
involved set of regulations. My hope is that you now have a sense of
how important it is to be sure that your operations are fully compliant
with the regulatory requirements before full enforcement and random
field audits begin in February 2010.
More and more physicians are exploring the use of social media in their practices, and the Massachusetts Medical Law report ran a piece on Social Networking 101 for Physicians recently, quoting Kevin Pho of KevinMD, Jim Tobin of Ignite Health (regards to Fabio aka @skypen!) and me, among others. As I posted recently, I will be giving a free webinar on the subject of regulatory issues around social media in health care on November 18, together with Jamie Verkamp of (e)Merge, who will speak to other aspects of planning a social media presence. In addition to working with Jamie, whose agency focuses on physician practices, I am also working with agencies focused on hospital social media planning. If this piques your interest, please register for the social media webinar and/or get in touch to discuss strategies for your organization and the regulatory hurdles you need to be aware of in the planning process. FYI, my slides will be posted after the webinar.
Physicians, practice managers and other health care providers and managers considering a foray into social media, you are invited to join The Harlow Group and (e)Merge for a webinar discussing this timely and important topic. Here is the (e)Merge announcement:
Health care has taken notice of social media as a way to connect and interact with patients. With the escalating use by physicians, medical professionals, hospitals and clinics, concerns are growing as to how HIPAA regulations affect your online presence. Join Jamie Verkamp of (e)Merge as we sort out the confusion with leading health care attorney David Harlow, Principal of The Harlow Group. We'll answer your questions and share valuable tips on how your practice can develop an effective social media and online strategy, while remaining compliant with HIPAA and other applicable rules.
Join us for a complimentary webinar sponsored by (e)Merge and The Harlow Group on Wednesday, November 18th at 1pm Eastern. Please feel free to share this invitation with others who you think may benefit from this webinar.
Please feel free to forward questions for Jamie or me in advance of the webinar so that we may be able to address them in our presentations. We look forward to being with you virtually on the 18th.
This morning I received a tweet exhorting me to learn about Low Dose Naltrexone (LDN) for autoimmune diseases. (Naltrexone, by the way, is approved by the FDA only to treat alcoholism.) Within a few clicks, I found claims that LDN would be a good drug to take for dozens of conditions: everything from neuroblastoma to HIV to celiac disease, and learned of a network of tweeps promoting LDN.
The above tweet linked to a blog promoting LDN which is part of the Health Central community.
All this got me thinking about a bunch of issues; for instance:
Does the promotion of off-label uses by a member blog comply with the HON Code, which has been adopted by Health Central?
Since folks are already using social media to promote off-label uses of prescription medications, what are, and what should be, the obligations of pharma companies to address the information put out by such folks?
Well, marketing of drugs for off-label uses is supposed to follow certain FDA rules -- not very restrictive, and essentially self-policed, since the rules just say that only medical journal articles on off-label uses may be shared with docs. Of course, some drug reps cross the line, and one pharma company -- Allergan, the maker of Botox -- is seeking to have even these limits lifted as unconstitutional limits on free speech. These rules apply to the pharma companies' reps, not independent bloggers, of course, but the HON Code (which ought to apply, given the Health Central endorsement of the blog in question) ought to impose some relevant standards. Consider Principle 5 - Justification of claims:
All information about the benefits or performance of any treatment (medical and/or surgical), commercial product or service are considered as claims. All claims have to be backed up with scientific evidence (medical journals, reports or others).
Pharma's concern about content created by others but posted on a pharma company web site or blog or other social media site should perhaps be extended to a concern about content posted by others on other sites. Both may be found just as easily, given the plethora of web search and alert tools now available. I am not suggesting that pharma companies be called upon to monitor the entire internet; rather, perhaps the time has come to create firmer rules about promotion of off-label uses of prescription drugs, to be enforced by state and federal authorities.
Without waiting for the public hearing to be completed and rules to be written (which could take a year), many pharma companies have already established a social media presence. While the manner in which they use the medium is a topic for another day, we should expect at least some of them to become more actively engaged in social media in the future.
