Site moved to, redirecting in 1 second...

« October 2011 | Main | December 2011 »

9 posts from November 2011

November 29, 2011

Let's Talk Health Care

Harvard Pilgrim Health Care is re-launching Let's Talk Health Care, which started life as former CEO Charlie Baker's blog. There's a series of related discussions going on now in the Let's Talk Health Care Linked In group, sponsored by Harvard Pilgrim.  I've been participating (at the request of the group organizer; disclosure: client) and would like to invite you to do the same.

A salient characteristic of the site and of the group is the focus on three broad categories of care and cost: fostering health and wellness, balancing quality and cost, and redefining care coordination -- all of which are informed by a focus on chronic health care issues.

One of the great successes of modern medicine is the conquest of most infectious disease.  (Equitable global distribution of the tools necessary for eradication is another story -- and some of the more compelling chapters of that story are being told these days by The Bill and Melinda Gates Foundation.) One of the great failures of the modern consumer state is the development of the contemporary couch potato, inactive and over-laden with processed foods, e.g., government-subsidized high fructose corn syrup.  Let's Talk Health Care, like most contemporary health-focused web properties and their sponsors, is laser-focused on wellness (well, OK, everyone has an agenda, and Harvard Pilgrim is an insurance company, so the focus spreads from wellness to encompass a broader focus on affordability of care as well). Targeting prevention and management of chronic diseases that sap health from people, productivity from their employers, and cold, hard cash from all of us is critical; employees, employers, and buyers of goods and services are all called upon to pay the piper, so we have a community of interest here.

As an example of the conversations going on in the group, take a current thread that I kicked off, regarding employers partnering with employees around health care and wellness.  I invite you to join in and offer your perspectives -- what works, what doesn't work, what would you do if you were king or queen of the world, etc.  In my humble opinion, a ton of resources are spent on wellness programs in an unscientific manner -- meaning they are not necessarily spent addressing issues that are, or should be, of great concern to the employee population targeted, and they are not necessarily spent on interventions that work, or that work on a long-term basis. For example, the health reform law is throwing additional money in this direction: $200 million in grants will be available to small employers kicking off wellness programs since the law was passed, and the law also provides the opportunity for employers to subsidize health insurance premiums in exchange for wellness program participation (the maximum premium discount has been raised from 20% to 30%).  Unfortunately, observations of some participants in this on-line conversation support my understanding of the situation here -- incentives to participate in wellness programs in the form of cash (or insurance premium discounts) do not seem to motivate folks sufficiently.  

Collectively, we need to get a bigger bang for the buck in this arena -- and to do that, we need to spend our money more wisely.  Some people are focused on figuring out just how to do that, including, for example, BJ Fogg ("Persuasive Technology"), who I was glad to see present at a conference here in Boston a year or so ago, and entrepreneurs behind such online offerings as HealthMonth and StickK (as well as numerous folks behind stealth and beta sites in this space, some of whom I'm working with now) -- which seek to encourage healthy behavior modification in part by keying into the social levers that affect human behavior.

The goal here is to get the conversation going, and to surface ideas that can benefit all of us --employers, employees, payors and providers.  

The days of couch potatoes saying "I'll take a pill for that" are over.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

November 23, 2011

Occupy With Grace

As patients, as family members, as friends, as health care providers, we have all faced end-of-life issues at one time or another, and we will face them again.  And again. 

This weekend, for the fourth year in a row, the "Engage With Grace" message is being broadcast virally, through a "blog rally," at a time when many people are with family and friends over the long weekend.  The point is: we all need to have the potentially uncomfortable conversation with people close to us about what kind of treatment we would want, and they would want, if incapable of making or communicating health care decisions.  

(If you are interested in also exploring other aspects of patient self-determination, then I invite you to check out a few other resources: (1), the blog of the Society for Participatory Medicine, and please consider joining the Society, (2) The Walking Gallery and other work of Regina Holliday, patient activist and artist and (3) my Health 2.0 vlog - brief interviews on the topic of data liberation.) 

End-of-life decision-making has long been an issue of great personal and professional interest to me, and I am proud to have played a role in having out-of-hospital DNR orders recognized in Massachusetts by EMS providers, as an example. 

Download your copies of the Massachusetts health care proxy form or other states' proxy or living will forms -- and add specific instructions about nutrition, hydration, and anything else that is important to you so that everything is crystal clear.  My mom kept a stack of living will forms in the dining room when I was growing up, and was not shy about raising the issue with dinner guests and offering to witness their advance directives.  Having the conversation is a starting point; we all need to follow through and make sure that our loved ones' wishes are documented, placed in medical records, discussed with physicians and other caregivers, and honored. 

When I have the opportunity to speak to groups of lawyers or health care providers, I often ask for a show of hands: how many of you have health care proxies?  The percentage seems to have increased over time, but it is still not where it needs to be.  If groups that should be above average in this respect are not all raising their hands, then we clearly have a lot to do in terms of educating the general public about the need to have the sometimes difficult conversation with friends and family members.  That's what the Engage With Grace project is all about.  And with that, I turn over this post to Engage With Grace:

Occupy With Grace

Once again, this Thanksgiving we are grateful to all the people who keep this mission alive day after day: to ensure that each and every one of us understands, communicates, and has honored their end of life wishes.

Seems almost more fitting than usual this year, the year of making change happen. 2011 gave us the Arab Spring, people on the ground using social media to organize a real political revolution. And now, love it or hate it - it's the Occupy Wall Street movement that's got people talking.

Smart people (like our good friend Susannah Fox) have made the point that unlike those political and economic movements, our mission isn't an issue we need to raise our fists about - it's an issue we have the luxury of being able to hold hands about.

Occupy With Grace Logo


It's a mission that's driven by all the personal stories we've heard of people who've seen their loved ones suffer unnecessarily at the end of their lives.

It's driven by that ripping-off-the-band-aid feeling of relief you get when you've finally broached the subject of end of life wishes with your family, free from the burden of just not knowing what they'd want for themselves, and knowing you could advocate for these wishes if your loved one weren't able to speak up for themselves.

And it's driven by knowing that this is a conversation that needs to happen early, and often. One of the greatest gifts you can give the ones you love is making sure you're all on the same page. In the words of the amazing Atul Gawande, you only die once! Die the way you want. Make sure your loved ones get that same gift. And there is a way to engage in this topic with grace!

Here are the five questions, read them, consider them, answer them (you can securely save your answers at the Engage with Grace site), share your answers with your loved ones. It doesn't matter what your answers are, it just matters that you know them for yourself, and for your loved ones. And they for you.

The One Slide


We all know the power of a group that decides to assemble. In fact, we recently spent an amazing couple days with the members of the Coalition to Transform Advanced Care, or C-TAC, working together to channel so much of the extraordinary work that organizations are already doing to improve the quality of care for our country's sickest and most vulnerable.

Noted journalist Eleanor Clift gave an amazing talk, finding a way to weave humor and joy into her telling of the story she shared in this Health Affairs article. She elegantly sums up (as only she can) the reason that we have this blog rally every year:

For too many physicians, that conversation is hard to have, and families, too, are reluctant to initiate a discussion about what Mom or Dad might want until they're in a crisis, which isn't the best time to make these kinds of decisions. Ideally, that conversation should begin at the kitchen table with family members, rather than in a doctor's office.

It's a conversation you need to have wherever and whenever you can, and the more people you can rope into it, the better! Make this conversation a part of your Thanksgiving weekend, there will be a right moment, you just might not realize how right it was until you begin the conversation.

This is a time to be inspired, informed - to tackle our challenges in real, substantive, and scalable ways. Participating in this blog rally is just one small, yet huge, way that we can each keep that fire burning in our bellies, long after the turkey dinner is gone.

Wishing you and yours a happy and healthy holiday season. Let's Engage with Grace together.

To learn more please go to post was developed by Alexandra Drane and the Engage With Grace team.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

November 21, 2011

Privacy and Security: Joke or No Joke?

The Wall of Shame welcomes Sutter Health. Another computer with unencrypted protected health information on over 4 million patients - gone. Now, those guys are pretty smart, so why don't they encrypt all computers with PHI?  One of life's persistent questions.  I mean, I can accept the fact that a health plan operator like Cignet Health might have issues with getting a grip on HIPAA compliance, but Sutter Health?What were they thinking? Can't happen here?  Encryption is a drag?  It's an easy way to avoid major egg-on-face and to avoid spending significant coin on PR, credit reporting services, and potentially on court judgments -- all in addition to significant administrative fines payable to HHS and state regulators.

So the federales are piloting the HIPAA audit program. I know it's required by the HITECH Act, but who believes that it will motivate behavior change?  Anyone?  Sutter Health was clearly not motivated to seek a safe harbor that would have made the loss of 4 million patient records a non-event.  I know encryption can be a drag, but I'm not a techie. If you are, I invite you to educate me (and the other non-techies out there) on the question of how miserable it really is to have to deal with encrypted data; if you're really a techie, write a program to enable light-touch encryption that doesn't interfere with use of data.

Whether or not encryption is miserable, we should be asking: Why is this data on a barely secured computer (password-protected desktop) in the first place? Shouldn't it be stored on a server that stays in a secure facility, or in a secure private cloud?

Furthermore, as data loss incidents like this keep happening -- even among other industry leaders (see, e.g., Mass General) -- perhaps we need a new framework for thinking about access to health information. If we knew for sure that employment and insurance decisions would not be affected by the availability of otherwise private health record information, perhaps we would be more sanguine about their release. Perhaps government resources would be better spent on beefing up education and enforcement in those arenas (vs. auditing and enforcing compliance with privacy and security standards).

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting

November 19, 2011

TEDxCambridge 2011 Twitter Feed

I'm at TEDxCambridge today.  Should be interesting.  Follow along on Twitter at #TEDxC or right here:

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting

November 16, 2011

David Harlow quoted on HIPAA and Health Care Social Media in AIS Health's Health Business Daily and Report on Patient Privacy; Speaking at HANYS Social Media Conference Today

Reefer madnessI was interviewed for an article on AIS Health that came out last week. The title of this article -- on health care social media and regulatory and legal issues that health care providers may face in using these tools -- struck me as being tinged with hysteria (hence the selection of the artwork accompanying this post):

HIPAA Dangers Lurk on Facebook; Ongoing Policy Revisions Are Advised

Cooler heads should prevail.

There are clearly things to be concerned about when embarking upon the implementation of social media tactics in the service of broader strategies and organizational goals.  Decisions about goals must be made.  Terms and conditions for staff, on the one hand, and patients, families and caregivers, on the other, need to be clear and comprehensive.  And expectations regarding employee use of social media, whether as an "official" voice of the organization, or as a person known to be associated with the institution and therefore acting as a brand ambassador whenever on line or in real life, need to be carefully developed and communicated.

I'm speaking today at the Healthcare Association of New York State (HANYS) social media conference, about these and related issues.  Just this morning, in my hotel-delivered newspaper, there's a front-page story on Facebook and privacy concerns.  These issues are persistent, no matter what platform you are using, or are considering using. As I have said before, at a policy level, your approach needs to be platform-agnostic.

Overall, careful planning will improve the chances that a health care provider will be able to effectively leverage the reach of social media for its message without running afoul of legal and regulatory land mines.

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting

LexisNexis Names HealthBlawg to its Top Blogs of the Year - Insurance Law Community 2011

ILC Top Blogs 2011 Badge-1I am honored to have HealthBlawg named to the LexisNexis Insurance Law Community Top Blogs of the Year for the second time.

Thank you, LexisNexis.

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting

November 09, 2011

OCR HIPAA Audits Finally Kick Off - Do They Matter?

The HITECH Act called for stepped-up HIPAA privacy and security and breach notification rule enforcement with respect to covered entities and business associates, to be accomplished by spot-check audits.  This month, the first 20 of a planned 150 audit subjects will be getting notices from the U.S. Department of Health and Human Services Office of Civil Rights' contractor, KPMG, saying that their numbers are up. These early test cases will be a proving ground for the auditors and the audit process, as much as for the covered entities to be audited (no business associates in the first 20, or even in the whole batch of 150, apparently).  The first round of 20 audits -- and a review of the audit protocols -- is slated to take about five months.  Up to 130 other audits will follow, in the final eight months of this pilot. Each audit is supposed to take about 30 business days, and will include on-site interviews and investigations.  Document requests are to be turned around in ten days, and KPMG will give 30-90 days advance notice of site visits. In theory, audits may bring to light issues that do not surface in the course of complaint investigations, and are expected to yield OCR guidance and highlighting of best practices.

Will this audit program change behavior of covered entities and business associates?

In general, the regulated community seems to get a free pass for about a year after a new regulatory schema is rolled out, before real enforcement kicks in.  It's been longer that for HIPAA (well, most of HIPAA, anyway), and there have been enforcement actions initiated by the federales (and by state attorneys general under the HITECH Act).  Many of these enforcement actions -- largely initiated by complaints filed by the public -- have generated more heat than light.  (Consider the Harvard teaching hospital and its paper records left on the subway, or T; consider the judgment-proof, bankrupt incompetence of a company that couldn't, or wouldn't, provide requested information to patients, led by someone who perhaps whould not have been allowed to hold such a position. Is either a relevant example that will cow an otherwise recalcitrant covered entity or business associate into compliance?) The "Wall of Shame" reports of significant data breaches, as a whole, do not seem to have motivated behavior change -- behavior change like encrypting a laptop or portable hard drive containing protected health information, for example, which encryption would mean its loss would not have to be reported on the Wall of Shame.  In sum, since the reputational and operational dislocations caused by reportable breaches to date have not yielded a significant change in behavior by covered entities and business associates, generally, it is unclear whether a small-scale -- or even a large-scale -- audit program will yield meaningful increases in HIPAA compliance.  Living through a reportable data breach, and fixing privacy and security policies and their implementation after the fact, is probably at least as painful as going through an OCR audit, yet many covered entities have yet to adopt and implement data encryption and other policies and procedures that would eliminate the possibility of that happening to them.

Here's hoping we don't have to wait until after December 2012 to get some guidance and best practices from the auditors based on their work.  Will we see an army of HIPAA auditors in 2013?  And when will OCR start auditing business associates?

The $64,000 question is: Will all this have an impact on the privacy and security of protected health information (PHI)?  

I am skeptical, at best.  ONC is rolling out an educational message to let individuals know more about privacy and security and that, together with hiring bands of auditors, may build towards having some effect.  But we need to consider the range of data whose release would be considered a data breach, and perhaps revisit the general approach.  It may be that the default setting for some information should be public, or that some easy sharing options should be built in.  Consider the "green button" and "rainbow button" initiatives (riffing on the VA's Blue Button).  Rolling out these initiatives could have the effect of lessening the amount of data that must be kept 100% private and secure, and could have some beneficial effects, as well. Finally, consider the radical proposal to reverse the presumption of privacy entirely.

While we are not yet in a utopian society where release of health information will have no negative effects on an individual (think: employment, insurance, to name two key domains where this is an issue), perhaps we could devote more resources to reaching that ideal, and fewer to the ultimately futile attempt to assure 100% compliance with the privacy and security requirements applicable to an ever-increasing universe of PHI -- because not only is the volume of data out there ever-increasing, but information that may be considered de-identified (and therefore beyond the reach of the regs) today, may become easily re-identifiable tomorrow as more and more data, from diverse sources, is shared on line.

Meanwhile, metaphorically speaking, be sure the doors and windows are locked before KPMG and OCR come knocking.

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting

November 08, 2011

Increasing Medicare Eligibility Age and the Law of Unintended Consequences

On my way to the annual two-day blowout health law seminar put on by Massachusetts Continuing Legal Education (MCLE) on Monday -- I was second in the lineup, speaking about post-acute care and some of the innovations in that arena for dual eligibles, among other things -- I heard a fascinating piece on NPR on one of the ideas floating around the supercommittee charged with cutting $1.2 trillion from the federal budget.  The idea: increase the minimum age for Medicare eligibility from 65 to 67, and save a bundle for Medicare in the process.

The problem with this deceptively simple idea (Social Security eligibility is migrating from 65 to 67, too, so it seems to be a sensible idea on its face), is that while it would save the federales about $6 billion, net, in 2014, it would cost purchasers of non-Medicare coverage (employers and individuals) about $8 billion, net.  Why?  The 65 and 66 year olds are the spring chickens of Medicare -- they actually bring Medicare average costs down, because they're healthier than the Medicare population as a whole. However, when compared to the working population, they are the older, sicker cohort, so they would drive costs up if insured in the commercial market.

Monday's post in this space was on the 2012 MPFS (Medicare Physician Fee Schedule) and the continuing Sustainable Growth Rate (SGR) debacle, and it prompted an email from a reader pointing to a predictable but ultimately unsympathetic plea to please not cut THAT program, because it's Important.

They're ALL important, folks.  

The cold, hard truth is that we need to figure out how to do more with less -- in every program, for every worthy cause.  We need to learn how to work collaboratively, tear down the silos, and activate every other cliche in the book.  Collaborative thinking, inspired by changes in the economic drivers -- i.e., reimbursement models -- that have led to more siloed thinking in the past, is hard to do, but actors in the health care economy need to get better at it - and fast.

The Bundled Payment Initiative, ACOs and sons of ACOs, the Medicare-Medicaid Coordination Office, and more innovations coming out of CMS, driven by the ACA, are all encouraging developments, pushing providers in the direction of collaboration, and while we may have to deal with some unintended consequences a long the way, these are some important experiments that must be conducted.  And the people are with Washington on this one: An RWJF/Harvard School of Public Health survey released this week found that most folks want the federales to grow their role in the health care system.  Not what we might have expected, but an encouraging sign that folks understand that the problem before us is a big one, requiring significant resources in working towards solutions.

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting


November 07, 2011

MPFS 2012 -- The 2012 Medicare Physician Fee Schedule is Finalized issued the final MPFS -- the Medicare Physician Fee Schedule for 2012 -- this past week. The key feature of the rule, for many folks, is the Sustainable Growth Rate-(SGR)-mandated 27.4% cut in Medicare professional serivces reimbursements. We now get to watch the drama unfold over the next eight weeks, as the MedPAC proposal to replace the SGR is bandied about, and the machinations of the supercommittee tasked with brokering a budget fix either do or do not get us closer to a reasoned approach to doing more with less.  The MedPAC idea is to drop the RBRVS conversion factor for specialty care payments 5.9% per year for two years, then hold it steady for 8 years, while keeping the primary care conversion factor flat for 10 years.  The net effect: physician payments will "only" double over the next 10 years.  (One clever idea squirreled away in the MedPAC report is that savings in the Medicare Shared Savings Plan (ACO) should be measured against a baseline of what Medicare would have spent on the care absent the changes in the proposed SGR fix -- i.e., a higher baseline, with greater potential savings.  Another 50 clever ideas like this and we'll be talking about saving some real money.)

Well, the SGR will be fixed (or not) by Congress, not CMS.  The rest of the MPFS includes a variety of approaches to getting hands around the question of accuracy of the fee schedule.  For example, per the CMS presser:

  • CMS is expanding its multiple procedure payment reduction policy to the professional interpretation of advance imaging services to recognize the overlapping activities that go into valuing these services.  This policy better recognizes efficiencies that are expected when multiple imaging services are furnished to the same patient, by the same physician or group practice, in the same session on the same day.
  • CMS is adopting criteria for a health risk assessment (HRA) to be used in conjunction with Annual Wellness Visits (AWVs), for which coverage began Jan. 1, 2011 under the Affordable Care Act.  The HRA is intended to support a systematic approach to patient wellness and to provide the basis for a personalized prevention plan. CMS is increasing AWV payment modestly to reflect the additional office staff time required to administer an HRA to the Medicare population.
  • CMS is expanding the list of services that can be furnished through telehealth to include smoking cessation services.  CMS is also changing the criteria for adding services to the telehealth list to focus on the clinical benefit of making the service available through telehealth.  This change will affect services proposed for the telehealth list beginning in CY 2013.
  • The final rule updates or modifies aspects of a number of physician incentive programs including the Physician Quality Reporting System, the ePrescribing Incentive Program and the Electronic Health Records Incentive Program.
  • The final rule also finalizes quality and cost measures that will be used in establishing a new value-based modifier that would adjust physician payments based on whether they are providing higher quality and more efficient care.  The Affordable Care Act requires CMS to begin making payment adjustments to certain physicians and physician groups on Jan. 1, 2015, and to apply the modifier to all physicians by Jan. 1, 2017.  CMS intends to work closely with physicians to ensure that efforts to improve the quality, safety, and efficiency of care do not diminish patient access to care.  The rule also finalizes CY 2013 as the initial performance year for purposes of adjusting payments in CY 2015.
  • The final rule also implements the third year of a 4-year transition to new practice expense relative value units, based on data from the Physician Practice Information Survey that was adopted in the MPFS CY 2010 final rule.

In addition, CMS is expanding the "potentially misvalued code initiative," an effort to ensure Medicare is paying accurately for physician services and more closely managing the payment system.

Finally, after struggling over time with varying requirements for lab test "requisitions" and "orders," which resulted in a CY 2010 requirement for a signed order prior to labs being drawn/done, CMS is backing off of that requirement, in response to comments detailing the ways in which this would reduce patient convenience and have the potential to negatively affect care.

Other issuances out the same day include the 2012 OPPS /ASC rule and the ESRD PPS rule.

David Harlow 
The Harlow Group LLC
Health Care Law and Consulting