This morning I am in Baton Rouge, at the Louisiana Hospital Association conference center, sharing my perspectives on ACOs and the broad range of innovation in health care delivery and financing being ushered in under the Affordable Care Act.
Meaningful Use Stage 2 regulations were released in March by CMS and ONC. Over the past month or so, I've been working with other members of the Society for Participatory Medicine (thank you, all) to prepare comments on these regulations from the patient perspective. Last Friday, we filed two comment letters on the proposed regulations. One letter to the ONC on Meaningful Use Stage 2, and one letter to CMS on Meaningful Use Stage 2. Each letter opens like this:
The Society for Participatory Medicine applauds the work done to date in focusing on patient engagement in the proposed Stage 2 Meaningful Use regulations and the proposed Health IT Standards regulations. It is our hope that the final requirements will be even stronger and more focused in this regard than the current drafts. As set forth in greater detail in the attached letter, we have a number of comments that we believe will improve the regulations and their use as a lever to improve patient experience, patient engagement, patient care and, ultimately, patient outcomes. We would like to highlight two in particular:
We favor improving the likelihood that patients will access their data by allowing for some automation of the process of accessing and downloading patient data, using existing technologies that protect patient privacy and security.
We also favor immediate patient access to information in the patient’s electronic health record – unless the patient has elected otherwise.
The overarching principle with respect to patient access to electronic health record data running through the entire meaningful use regulation and the health IT standards regulation should be:
“Nothing about me without me.”
The Society for Participatory Medicine has individual and institutional members nationwide and has a governing board comprised of both clinicians and patients. It was founded to study and promote participatory medicine, which we define as being centered on networked patients shifting from being mere passengers to responsible drivers of their health, and providers who encourage and value them as full partners. For further background on the Society and its activities, we invite you to see the Society’s website (http://participatorymedicine.org), its online journal, The Journal of Participatory Medicine (http://jopm.org) and its blog, e-patients.net.
I invite you to read the Society for Participatory Medicine press release, Participatory Medicine Society Urges Quick Patient Access to Medical Information, outlining the Society's stance on the issue, and the recent posts on the Society's blog, e-patients.net, explicating the SPM Meaningful Use Stage 2 comment letters a little further, and putting them in context -- in particular, juxtaposing them against the American Hospital Association comments calling for a 30-day delay in patient access to information once it's in their EHRs. (The proposed rule calls for up to 36-hour and 4-business-day delays, depending on context, and the SPM comments call for immediate access.) Technologically literate commentators, including Fred Trotter, take issue with the AHA's view that 30 days are needed to respond to a request for an EHR. (Fred's post says a lot more -- check it out.)
Finally, take a few moments to consider Regina Holliday's comments on the proposed rules, filed in the form of a slideshow featuring her paintings:
Setting aside for a moment the mangling of the English language in this quote (see the full article on HCAHPS and P4P), we can probably agree that financial incentives are often a reasonable way to evoke desired behavior change.
At the moment, we're talking about providing care in a way that evokes favorable responses by patients on the HCAHPS questionnaires. Hospitals that have been attentive to patient satisfaction matters -- as measured by HCAHPS -- will be the winners; others, the losers, in the Medicare zero-sum-game of value-based hospital reimbursement.
We love, love, love metrics. We think that if we dole out financial rewards based on metrics, then health care will be improved. So we've developed about 1,000 quality measures (see National Quality Forum (NQF) measure list), and we ask providers to track performance on too many of them, on the theory that you cannot manage what you do not measure -- an aphorism with truth to it, but folks, we have run amok with measures.
Since we don't track all 1,000 all at once, we end up focusing on the dozen or so metrics in front of us at any given time, and other things fall off the table.
While the HealthBlawger is generally loath to republish press releases, the source for the presser reproduced below is, well, the HealthBlawger himself. With such impeccable provenance, we need make no further apologies ....
HealthCare SocialMedia Review - A New Blog Carnival - To Launch In April
David Harlow (aka HealthBlawg), health care lawyer, HWC advisory panel member and the other co-founder of HCSMR, continued:
The #hcsm tweetchat moderated by Dana Lewis and the community built by Lee Aase through the Mayo Clinic Center for Social Media are two examples of the many ways in which those of us who are involved in health care social media are able to interact, share best practices and new developments, and learn from each other. By adding a blog carnival to the mix, we hope to increase the sharing of long-form thoughts on the opportunities and challenges associated with health care social media.
Justice noted, “All are welcome to submit blog posts for consideration to each edition’s host. HCSM will be posted every other week -- alternating weeks with Health Wonk Review. And for the uninitiated: a blog carnival is an anthology, an on-line journal club for bloggers, hosted by a different blogger each time.”
Details on hosting, submission guidelines, Justice and Harlow bios and more are available on the HCSMR home page.
Health care social media is of consequence in its own right, but also as a tool to implement or leverage other initiatives, across the spectrum of health care innovation today, including participatory medicine, accountable care organizations, mHealth and others. We look forward to your participation in the HealthCare SocialMedia Review blog carnival as contributors, hosts and engaged readers/commenters. See you April 4, at the inaugural edition, on HealthWorks Collective.
In part, it's the same old sloppy story: unencrypted laptop loaded with PHI stolen out of a rental car ... sheesh, when will they ever learn? (See: Privacy and Security: Joke or No Joke?) Cleaner policies and procedures, and internal enforcement, would have made this a non-event, not reportable, off the front pages, and out of court. Instead, the buisiness associate and the covered entity have gotten plenty of negative publicity, which will include a trip to the Wall of Shame. Perhaps the advent of the HIPAA audits by government contractor KPMG, together with unpredictable actions of state attorneys general will motivate business associates and covered entites to get with the program.
2. The Minnesota AG is also going after the business associate on the unfair and deceptive business practices front -- for failing to disclose to patients the way in which they use their data (they make one set of disclosures to patients, another to Wall Street). See full complaint against Accretive Health (PDF).
As I've been saying for a while, we're going to see more aggressive HIPAA enforcement from beyond the Beltway; this case is an exemplar of just one manifestation of the phenomenon. Another is the growth of private lawsuits bootstrapped on violations of HIPAA or related state laws (this, despite HIPAA's clear statement that it does not provide for third-party lawsuits).
In addition to the HIPAA issues, there's the predictive modeling and consumer transparency side of the case: Accretive, a management consultant to a hospital system, was being paid based on a percentage of cost savings, and was using PHI in its predictive model of patient-specific health care costs. The complaint alleges that this use was not made clear to the patients, though I don't beleive the allegation was made that such use would be improper if appropriate disclosures were made.
Should more explicit disclosures about the uses of health data be made even if not required by federal or state law? I sometimes counsel clients to be more proactive than may be strictly necessary in this department, in order to be sensisitve to the "man on the street" perception of privacy rights -- even in situations where the law does not require that certain data be handled as protected health information subject to HIPAA. The benefit is broader than compliance and risk mitigation; it signals a sensitivity to a hot-button issue that may improve customer relations and improve risk management.
I was interviewed for an article on AIS Health that came out last week. The title of this article -- on health care social media and regulatory and legal issues that health care providers may face in using these tools -- struck me as being tinged with hysteria (hence the selection of the artwork accompanying this post):
There are clearly things to be concerned about when embarking upon the implementation of social media tactics in the service of broader strategies and organizational goals. Decisions about goals must be made. Terms and conditions for staff, on the one hand, and patients, families and caregivers, on the other, need to be clear and comprehensive. And expectations regarding employee use of social media, whether as an "official" voice of the organization, or as a person known to be associated with the institution and therefore acting as a brand ambassador whenever on line or in real life, need to be carefully developed and communicated.
Overall, careful planning will improve the chances that a health care provider will be able to effectively leverage the reach of social media for its message without running afoul of legal and regulatory land mines.
The HITECH Act called for stepped-up HIPAA privacy and security and breach notification rule enforcement with respect to covered entities and business associates, to be accomplished by spot-check audits. This month, the first 20 of a planned 150 audit subjects will be getting notices from the U.S. Department of Health and Human Services Office of Civil Rights' contractor, KPMG, saying that their numbers are up. These early test cases will be a proving ground for the auditors and the audit process, as much as for the covered entities to be audited (no business associates in the first 20, or even in the whole batch of 150, apparently). The first round of 20 audits -- and a review of the audit protocols -- is slated to take about five months. Up to 130 other audits will follow, in the final eight months of this pilot. Each audit is supposed to take about 30 business days, and will include on-site interviews and investigations. Document requests are to be turned around in ten days, and KPMG will give 30-90 days advance notice of site visits. In theory, audits may bring to light issues that do not surface in the course of complaint investigations, and are expected to yield OCR guidance and highlighting of best practices.
Will this audit program change behavior of covered entities and business associates?
In general, the regulated community seems to get a free pass for about a year after a new regulatory schema is rolled out, before real enforcement kicks in. It's been longer that for HIPAA (well, most of HIPAA, anyway), and there have been enforcement actions initiated by the federales (and by state attorneys general under the HITECH Act). Many of these enforcement actions -- largely initiated by complaints filed by the public -- have generated more heat than light. (Consider the Harvard teaching hospital and its paper records left on the subway, or T; consider the judgment-proof, bankrupt incompetence of a company that couldn't, or wouldn't, provide requested information to patients, led by someone who perhaps whould not have been allowed to hold such a position. Is either a relevant example that will cow an otherwise recalcitrant covered entity or business associate into compliance?) The "Wall of Shame" reports of significant data breaches, as a whole, do not seem to have motivated behavior change -- behavior change like encrypting a laptop or portable hard drive containing protected health information, for example, which encryption would mean its loss would not have to be reported on the Wall of Shame. In sum, since the reputational and operational dislocations caused by reportable breaches to date have not yielded a significant change in behavior by covered entities and business associates, generally, it is unclear whether a small-scale -- or even a large-scale -- audit program will yield meaningful increases in HIPAA compliance. Living through a reportable data breach, and fixing privacy and security policies and their implementation after the fact, is probably at least as painful as going through an OCR audit, yet many covered entities have yet to adopt and implement data encryption and other policies and procedures that would eliminate the possibility of that happening to them.
Here's hoping we don't have to wait until after December 2012 to get some guidance and best practices from the auditors based on their work. Will we see an army of HIPAA auditors in 2013? And when will OCR start auditing business associates?
The $64,000 question is: Will all this have an impact on the privacy and security of protected health information (PHI)?
I am skeptical, at best. ONC is rolling out an educational message to let individuals know more about privacy and security and that, together with hiring bands of auditors, may build towards having some effect. But we need to consider the range of data whose release would be considered a data breach, and perhaps revisit the general approach. It may be that the default setting for some information should be public, or that some easy sharing options should be built in. Consider the "green button" and "rainbow button" initiatives (riffing on the VA's Blue Button). Rolling out these initiatives could have the effect of lessening the amount of data that must be kept 100% private and secure, and could have some beneficial effects, as well. Finally, consider the radical proposal to reverse the presumption of privacy entirely.
While we are not yet in a utopian society where release of health information will have no negative effects on an individual (think: employment, insurance, to name two key domains where this is an issue), perhaps we could devote more resources to reaching that ideal, and fewer to the ultimately futile attempt to assure 100% compliance with the privacy and security requirements applicable to an ever-increasing universe of PHI -- because not only is the volume of data out there ever-increasing, but information that may be considered de-identified (and therefore beyond the reach of the regs) today, may become easily re-identifiable tomorrow as more and more data, from diverse sources, is shared on line.
Meanwhile, metaphorically speaking, be sure the doors and windows are locked before KPMG and OCR come knocking.
So, now that these final regulations are out, and the mythical characteristics of the ACO will soon be dispelled (see under: unicorn), I propose a new animal kingdom metaphor for discussion of Accountable Care Organizations:
The Camel's Nose is in the Tent.
The definition of a camel, as those of you who tuned into my ACO webinar already know, is a horse designed by a committee. And, given the nature of the legislative and rulemaking processes, that's exactly what we have before us - a camel.
The clincher, though, is the way in which the final regulations have been engineered.
CMS would have ACOs, by virtue of participating in the MSSP, diffuse all the ACO goodness of care management, quality and cost control, etc., into the broader Medicare population. This conclusion is inescapable. CMS is focused on the question of how to do more with less, and the ACO conceptual framework, if not the details, will permeate many arenas across the health care lansdscape.
ACO assignment is still retrospective (even if there is a nod to prospective assignment, that nod is provisional, and reconciliation must be done after the close of the contract year). Since an ACO never knows for sure which patients' experience will form the basis of its gainsharing or risksharing, it must behave as if each Medicare benefiicary who receives care form its providers will ultimately be attributed to the ACO.
In addition, the slimmed-down set of 33 ACO quality measures focus in part on "better care for individuals" (through CAHPS scores for patient/caregiver experience, also care coordination/patient safety measures, too), and in part on "better health for populations" (vaccinations, screenings, diabetes management).
These are just two examples of the ways in which CMS is leveraging its MSSP authority to engineer provider focus on improving population health.
Another "proof text," if you will, is the fact that at most, CMS anticipates that no more than two million Medicare beneficiaries will be seen by no more than 270 ACOs in the initial three to four years of the program. (Compare those figures to the roughly 47 million Medicare beneficiaries and 6000 hospitals, and you will quickly get the sense that the MSSP / ACO is a test probe, not a wholesale shift.) Even if the maximum anticipated ACOs are established and beneficiaries are served, projected savings to Medicare will top out at less than $1 billion over four years. In a $2.5 trillion a year health care economy, this is bupkes (a technical term).
So, the idea of the ACOs under the MSSP is the camel's nose in the tent -- the forerunner, the disruptive innovation that is intended to set the rest of the system off-kilter until it reaches a new status quo on the other side of the Triple Aim.
Given the emphasis on a wholesale departure from fee-for-service payment (even if it's done through workarounds thanks to the inertial forces of the "assets in place" of existing law and the systems built up around it), which will reverberate throughout Medicare and the rest of the health care system, it is critically important for health care providers to begin now -- if they have not already begun -- to take a broader view of the patient encounter, to get a firm grasp of their own costs and the costs of their partners, and to start thinking about the power of collaboration. Physicians, hospitals and all other sorts of health care providers need to think about episodes of care, bundled payments, care management, cost control and the path forward to a win-win-win for patients, providers and payors in a blown-up-and-put-back-together high-performing health care system.
Today, CMS released the final ACO regs, after many months and after reviewing something north of 1300 comments filed. For now, I wanted to share the CMS presser and links. Analysis and discussion to follow.... For background, the draft regs, and commentary on ACOs over the past few months, please see all HealthBlawg posts on Accountable Care Organizations.
Reproduced below is today's CMS presser with links to today's government publications -- including regulations and fact sheets -- on Accountable Care Organizations (aka Medicare Shared Savings Program) and the Advance Payment Model for physician-owned and rural providers who need assistance with start-up costs associated with ACO / MSSP participation. You should read CMS Administrator Don Berwick's perspective on the ACO final regulations, too.
The helping hand extended by the federales through the Advance Payment Model is encouraging to me, because -- as I've written before -- I believe that having physicians lead in this arena is of critical importance in order to achieve the Triple Aim and to effectively bring costs down in an era of constrained resources.
I hope you can join me for the webinar. If you have any specific questions you'd like me to address in the webinar or otherwise, please note them as comments to this post on HealthBlawg and/or in the course of registering for the webinar.
For Immediate Release:
Thursday, October 20, 2011
CMS Office of Public Affairs 202-690-6145
HHS ANNOUNCES NEW INCENTIVES FOR PROVIDERS TO WORK TOGETHER THROUGH ACCOUNTABLE CARE ORGANIZATIONS WHEN CARING FOR PEOPLE WITH MEDICARE
New tools help doctors and other health care providers improve quality of care
People with Medicare will be able to benefit from a new program designed to encourage primary care doctors, specialists, hospitals, and other health care providers to coordinate their care under a final regulation issued today by the Department of Health and Human Services (HHS). Created by the Affordable Care Act, these final rules on Accountable Care Organizations add to the menu of options for providers looking to better coordinate care for patients and will make it easier for providers to deliver high quality care and use health care dollars more wisely.
The initiatives announced today are just two of several efforts made possible by the Affordable Care Act to help bring better health, better care and lower costs not just to Medicare beneficiaries, but to all Americans. For example, the Bundled Payments for Care Improvement Initiative and Comprehensive Primary Care Initiative offer alternatives to coordinate and improve health care.
“Today we have taken another step to improve health care for people with Medicare,” said HHS Secretary Kathleen Sebelius. “We are excited to give doctors, hospitals and other providers the flexibility and support they need to work together and focus on making sure patients get the care they need.”
“This model of delivering care may not be right for everyone, but it provides new incentives for doctors, hospitals, and other health care providers to work together in new ways,” said Secretary Sebelius.
The two initiatives launched today – the Medicare Shared Savings Program and the Advance Payment model – will help providers form Accountable Care Organizations and reflect the significant input provided by stakeholders as well as lessons learned by innovators in care coordination in the private sector.
The Medicare Shared Savings Program will provide incentives for participating health care providers who agree to work together and become accountable for coordinating care for patients. Providers who band together through this model and who meet certain quality standards based upon, among other measures, patient outcomes and care coordination among the provider team, may share in savings they achieve for the Medicare program. The higher the quality of care providers deliver, the more shared savings the providers may keep.
The Advance Payment model will provide additional support to physician-owned and rural providers participating in the Medicare Shared Savings Program who also would benefit from additional start-up resources to build the necessary infrastructure, such as new staff or information technology systems. The advanced payments would be recovered from any future shared savings achieved by the Accountable Care Organization.
“As a physician I understand the complexities of caring for a patient who may have multiple providers,” said Donald M. Berwick, M.D., administrator of the Centers for Medicare & Medicaid Services (CMS). “This opportunity to coordinate care among providers could greatly improve the quality of care Medicare beneficiaries receive.”
Both the Medicare Shared Savings Program and Advance Payment model create incentives for health care providers to work together to treat an individual patient across care settings – including doctors’ offices, hospitals, and long-term care facilities.
Unlike a managed care plan, Medicare beneficiaries will not be locked into a restricted panel of providers. Rather, a determination of whether an Accountable Care Organization was responsible for coordinating care for a beneficiary will be based on whether that person received most of their primary care services from the organization.
“We listened very carefully to the more than 1,300 comments we received on the proposed rule released this spring, and this final rule includes a number of improvements suggested by those comments that will strengthen the program,” Dr. Berwick said. “For example, the final rule will increase the incentives and streamline the Shared Savings Program, extending the benefits of the new program to a broader range of beneficiaries.”
Other changes from the proposed rule include making the one-sided model truly one-sided, expanding participation to Rural Health Clinics and Federally Qualified Health Centers and organizations where specialists provide primary care, and providing a flexible starting date in 2012. Federal savings from this initiative could be up to $940 million over four years.
To aid organizations interested in becoming Accountable Care Organizations, CMS offers a number of learning opportunities for providers, including the third Accelerated Development Learning Session on November 17-18 in Baltimore. This free session will offer providers the opportunity to learn more about this option for providing care. For more information, visit https://acoregister.rti.org/.
People with Medicare have received information about what an Accountable Care Organization could mean for them in the annual issue of “Medicare & You” and if their current health care provider is participating in an Accountable Care Organization, they will receive additional information from their provider.
The joint CMS and Department of Health and Human Services Office of Inspector General (OIG) Interim Final Rule with Comment Period addressing waivers of certain fraud and abuse laws in connection with the Shared Savings Program is posted at: www.ofr.gov/inspection.aspx.
The Internal Revenue Service (IRS) Fact Sheet, Tax-Exempt Organizations Participating in the Medicare Shared Savings Program through Accountable Care (FS-2001-11), will be posted at: http://www.irs.gov .
(2) Health 2.0 in San Francisco, where I will be moderating a Health Law 2.0 panel discussion on managing online reviews of health care providers and services:
Legal Concerns with Provider and Product Ratings, Rankings and Reviews
Moderated by: David Harlow, The Harlow Group LLC
Many Health 2.0 based companies either directly or indirectly provide information on providers, products or services. Companies or consumers often post candid reviews. An expert panel will discuss the legal implications of offering information on providers. They also will give some examples of problematic information and tips on how to avoid defamation claims and other legal actions.
Karl Olson, Ram, Olson, Cereghino & Kopczynski
David Johnson, Crowell Moring
Mitch Rothschild, CEO, Vitals
I hope to see some of you out there -- in the heartland and on the left coast. Feel free to tweet me - @healthblawg.