Key to these rules, which lay the foundation for a post-Meaningful Use incentive-driven Health IT ecosystem, is the use of APIs - for the uninitiated, "application programming interfaces" - or simplified connectors that allow for easier transfer of data.
The Meaningful Use requirements have themselves been simplified -- whittled down to eight high-level requirements, expressed as program goals or objectives:
Anthem experienced a major data breach last week, and reportedly some records (Social Security Numbers and other identifying information, but not health data) of up to 80 million members and employees were obtained by hackers.
There is much to be said (and much has already been said) about the need for privacy and security and protections in the case of Anthem, just as "helpful hints" have been provided after the fact to victims of all significant data breaches. My reaction, when reading about the unencrypted SSNs that were accessed in this attack, was: Why in the world are we using social security numbers as ID numbers? It doesn't have to be this way.
I am pleased to be moderating the weekly #HITsm tweetchat this Friday, February 6, 2015 -- Beyond Meaningful Use: What’s next for ONC … and the rest of us. Join us at 12 noon Eastern Time.
Welcome to Health Wonk Review, the bi-weekly blog carnival featuring the latest and greatest blogging by a staggeringly wonkish agglomeration of health care policy nerds. The last edition of Health Wonk Review was hosted at Wing of Zock. The story behind the name of that blog seems (to this health wonk, at least) oddly relevant to this edition's theme, given the recent news that the construction costs of the new presidential palace in Turkey seem to have doubled ... again.
Well, our frame this week is the other turkey, the turkey that will lull many of us into a stupor late next week, and the health care policy decisions (and decisionmakers) that sometimes make us wish we were in more of a stupor ... so as to lessen the pain. Top of mind in that department this week is #GruberGate:
Linda Sanches, Senior Advisor, Health Information Privacy, at OCR, DHHS, spoke with Tom Sullivan (@GovHITeditor) at the HIMSS Media #HITprivacy and security conference in Boston today (September 9, 2014) about OCR HIPAA compliance audits. See the Storify after the jump.
The Heartbleed web security exploit was first publicized several weeks ago. In the time since then, numerous web-based services have let their users know (some more clearly than others) whether and how their data security was compromised by this OpenSSL flaw that has been open for about two years. This is one flaw, one exploit, but on a scale of 1 to 10, it has registered as an 11 on our collective consciousness. Fred Trotter notes in the MIT Technology Review that other similarly worrisome exploits do not get our attention in the same way, and that more health data leaks are likely in our future. He also cites others' observations that many health IT vendors are not currently equipped to respond effectively to such exploits in a timely manner.
A Perspectives piece I wrote was published this week by iHealthBeat - Unlocking the Power of Health Data. In it I argue for patient-controlled sharing of rich data, as opposed to HIPAA-regulated stripping of identifiers in order to eliminate the risk to patient privacy as data is shared for research and other purposes. Googler Larry Page and Josh Stevens of Keas have argued recently in favor of broader uses of health data, but the issue of HIPAA keeps coming up in those conversations. Most connected patients seem comfortable with the idea of sharing health data, and as more of us get connected, this sentiment is only likely to spread.
As I wrote at iHealthBeat:
I have discussed the patient donation of data before, and the first objection I heard was from a data scientist who worried that the volume of patient records collected in this manner would be too small to yield any meaningful insights. While this may be true at first, I believe that over time patients will come to prefer to set their own limits on data sharing rather than be stuck with the one-size-fits-none approach available under HIPAA. In addition, the data made available through these repositories will be more valuable than that available as de-identified data for research precisely because there are more identifiers attached.
Are we ready for a new paradigm in data sharing and big data analysis?
Welcome to Health Wonk Review's In Like a Lion edition, wherein we consider the big questions of the moment.
It seems clear that March is coming in like a lion in most parts of the country. That much is not up for debate.
Our always incisive health wonks have raised numerous important questions over the past fortnight and have attempted to answer them, for their own satisfaction and yours, gentle reader. As they say, reasonable minds may differ -- and you'll see a range of opinions on some of the issues of the day.
So let's take a walk on the wild side and see if we can come up with some answers. Questions on the table include the following:
What's new in the world of Obamacare implementation, HITECH Act implementation, and our 50 laboratories, the states?
Is there a law of physics that can limit the fiction quotient in Obamacare press coverage?
What's the best way for the U.S. to pay for health care expenses?
What's the connection between Irish-American heritage and the Massachusetts gubernatorial race?
Why does February only have 28 days (usually)?
Why promote teamwork and collaboration?
Is there deep meaning in synchronicity, or is Roy Poses just messing with me?
The Sustainable Growth Rate mechanism creating a zero-sum game for Medicare Part B reimbursement rates (dropping rates as volume picks up) has long been unsustainable, and so Congress has been messing around with short-term SGR fix legislation for years now. Every six to twelve months we've been hearing about the impending 20% or 30% Medicare pay cut about to hit physicians' pocketbooks, and the likely exit of physicians from the rolls of participating providers. However, the stars are now aligned in such a way that real progress seems likely: multiple powerful Congressional committees have signed off on a deal to replace the SGR rule with something more workable: A unified approach to financial incentives to physicians and other medical professionals who are Medicare participating providers intended to promote quality and enrollment in alternative payment arrangements.
CIO.com covered the presentation I gave at Strata Rx on the idea of patient-controlled donation of data for purposes of data analysis. Putting control in the hands of patients avoids some potential HIPAA issues and may make for richer data sets.
Healthcare IT News ran a cover story in its November issue on the use of Open Notes at Beth Israel Deaconess Medical Center. See further discussion of the piece and links to more information on Open Notes at e-patients.net. I was interviewed on the issue of patients' rights to access their own medical records.