Is HITECH Working? #4: While most attention has been focused on demand side incentives (will doctors and hospitals buy EHRs?), the supply (vendor) side of HIT is already transforming.

by Vince Kuraitis JD, MBA and David C. Kibbe MD, MBA

Most of the press coverage and attention to HITECH has been to the “buy” side of the market:  The central question here has been: “Will doctors and hospitals buy and use EHR technology?”

Meanwhile — and much more quietly — the sell (vendor) side of the EHR market is already dramatically different than it was a year ago. We observe change occurring at at least three levels:

  1. HITECH as Policy Change
  2. HITECH as Mindset Change
  3. HITECH as Technology/Business Model Change

We’re Building a REALLY BIG Health Internet!


How big a network will the Health Internet (aka National Health Information Network) be?

My BOTE (back-of-the-envelope) calculation is that this network could consist of about 301 million nodes.  Here’s my math (pls. clarify or amplify):

  • 300 million individuals in U.S.
  • 700 K doctors
  • 5 K hospitals
  • 295 K — other B2B healthcare entities

Very rough…but I hope you get the point.

So let’s put into perspective press releases from Google or Microsoft announcing that they have developed new “partnerships” (i.e.nodes in the network) for Google Health or Microsoft HealthVault. As an example, today Google announced partnerships with APWU Health Plan and Harvard Pilgrim Health Plan.

Table of contents for the series--Healthcare Crosses the Chasm to the Network Economy

  1. Intro to a New Series
  2. What’s a Network Industry? Is Healthcare One?
  3. We’re Building a REALLY BIG Health Internet!

What’s a Network Industry? Is Healthcare One?


This post is a foundational overview of characteristics of network industries.  Much of the terminology will deserve deeper discussion, but we have to start somewhere.

In his book The Economics of Network Industries, Professor Oz Shy lists four characteristics of network industries.

The main characteristics of these markets which distinguish them from the market for grain, dairy products, apples, and treasury bonds are:

  1. Complementarity, compatibility and standards
  2. Consumption externalities [network effects]
  3. Switching costs and lock-in
  4. Significant economies of scale in production

In this essay, I’ll quote from Dr. Shy in explaining each of these characteristics.  I’ll also offer a few thoughts as to how these characteristics apply to healthcare. More specifically, I’ll discuss physician adoption of EHRs (electronic health records) and patient adoption of PHRSs (personal health record systems).  

Why a PHRS instead of a plain old PHR?  Think of a PHRS as a PHR data repository platform bundled with multiple high-value applications. For a more detailed explanation, read here.   

Let’s look at the characteristics of network industries one at a time.

Table of contents for the series--Healthcare Crosses the Chasm to the Network Economy

  1. Intro to a New Series
  2. What’s a Network Industry? Is Healthcare One?
  3. We’re Building a REALLY BIG Health Internet!

“Meaningful Use” Criteria as a Unifying Force

by Vince Kuraitis, Steve Adams, and David C. Kibbe MD, MBA

Over the past several years, many diverse initiatives have arisen offering partial solutions to systemic problems in the U.S. health care non-system. 

We see Meaningful Use Criteria recommended by the HIT Policy Committee as a unifying force for these previously disparate initiatives. These initiatives have included:

  • Patient Centered Medical Homes (PCMHs)
  • Regional Health Information Organizations (RHIOs)/Health Information Exchanges (HIEs)
  • Payer Disease/Care Management Programs
  • Personal Health Record Platforms — Google Health, Microsoft HealthVault, Dossia, health banks, more to come
  • State/Regional Chronic Care Programs (e.g., Colorado, Pennsylvania, Improving Performance in Practice)
  • Accountable Care Organizations — the newest model being proposed as part of national reform efforts


While there are some commonalities and overlap, to-date these initiatives have mostly arisen in isolation and are highly fragmented — they’re all over the map. Here’s a graphic representation of the fragmentation that exists today:




The HIT Policy Committee recently recommended highly detailed Meaningful Use criteria for certified EHRs.  Doctors and hospitals who hope to receive HITECH Act stimulus funds will have to demonstrate that they are meeting these criteria; the criteria are not yet finalized.

The Committee website describes the central role of the Meaningful Use criteria:

The focus on meaningful use is a recognition that better health care does not come solely from the adoption of technology itself, but through the exchange and use of health information to best inform clinical decisions at the point of care.

The HIT Policy Committee also is recognizing that there are multiple routes to achieving Meaningful Use beyond the traditional EMR 1.0, e.g., modular Clinical Groupware software.

While some might view the Meaningful Use criteria as limited to the world of health IT — something happening “over there” — we see much more going on. We believe the Meaningful Use criteria are becoming a powerful unifying force across the health system, with potential to converge previously disparate initiatives.  Here’s our conceptual representation:

Microsoft HealthVault is a Serious Business Strategy. Will Google Health Become More than a Hobby?

Google Health…please stick around….but please also get your stuff together.

Over the past few days, several of my respected colleagues have written excellent blog posts essentially asking “Does Google Health have life?”

I share their observations and sentiments.  I see Microsoft HealthVault as a serious business strategy while Google Health is more like a hobby (one of probably hundreds at Google).

Are there reasons Google should stick around healthcare? Absolutely!  Off the top of my head, I can think of five:

  1. Google brings unique competencies to health care information seeking.
  2. Google Health is doing a good job on a shoestring budget.
  3. Healthcare is ripe for disruptive innovation.
  4. Microsoft needs competition.
  5. Microsoft HealthVault and Google Health are more complementary than competitive.

Let’s take these one at a time.

Adieu, LifeCOMM

“Qualcomm pulls the plug on LifeComm”  announced Brian Dolan of mobihealthnews recently. 

As demonstrated by e-CareManagement blog readership, there has been a lot of interest in LifeCOMM.  My first blog post on LifeCOMM in 2007 has been single the most commented on post and the second most widely read blog post.

It’s taken me a while to sift through my thoughts and feelings about saying “Goodbye” to LifeCOMM. At first I was deeply disappointed, but after further reflection think that LifeCOMM wasn’t the right type of platform for today’s consumer mobile health market.


My first reaction was one of disappointment.

Time for EHRs to Become Plug-and-Play

by David C. Kibbe MD, MBA

The remarkable report, “Initial Lessons From the First National Demonstration Project on Practice Transformation to a Patient-Centered Medical Home,” published in the May/June issue of Annals of Family Medicine, the Nutting Report, makes this point about the state of primary care IT offerings:

Technology needed in a PCMH is not “plug and play.” The hodge-podge of information technology marketed to primary care practices resembles more a pile of jigsaw pieces than components of an integrated and interoperable system.

Surprise!  Well, actually, no surprise.  We all recognize that health IT implementation in family practices, even under the best conditions and with the best of planning, is difficult and can be an ongoing challenge.   

What is surprising to us, however, is that Dr. Nutting and co-authors make this comment in their recommendations section:

…[I]t is possible and sometimes preferable to implement e-prescribing, local hospital system connections, evidence at the point of care, disease registries, and interactive patient Web portals without an EMR.

Privacy Law Showdown? Legal and Policy Analysis.

#2 in a series — Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

by Deven McGraw JD, MPH, Center for Democracy & Technology


There has been considerable discussion lately about whether or not the stimulus legislation (ARRA) extends HIPAA coverage to commercial vendors of personal health records (PHRs) any time they contract with entities already covered by HIPAA like hospitals, health plans or physicians groups.  (For those of you who don’t know, HIPAA is the Health Insurance Portability and Accountability Act of 1996.  The HIPAA privacy and security regulations form our national health privacy and security rules.)

The provision in question (Section 13408) states that “each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record” is required to enter into a business associate agreement with the covered entity.   Under ARRA, business associates must comply with key provisions of the HIPAA privacy and security regulations. 

In this post, I argue that PHR vendors should be covered under HIPAA only under certain circumstances.  PHRs should be governed by a comprehensive framework of privacy and security protections, but HIPAA would provide inadequate privacy protection for people using these tools (at least as the HIPAA rules are currently structured).  As a result, I argue that this provision in ARRA should not be read to require the automatic application of HIPAA to PHR vendors any time they contract with covered entities to offer a PHR.   Instead, I suggest that HIPAA should cover a PHR vendor’s activities when the nature of the relationship between the vendor and the covered entity (hospital, health plan, physician office) primarily concerns the vendor performing a service for the covered entity. 

However, where the contractual relationship is primarily about improving the value of the PHR to the consumer, HIPAA should not apply.  (I know, not an easy line to draw – but I do suggest some factors that should influence the decision.) 

Finally, I urge the prompt adoption of separate, targeted privacy provisions to protect consumers using PHRs so that the choice is not HIPAA or limited protections under other federal laws. 

Why Not HIPAA – Isn’t it Better Than Nothing?

Table of contents for the series--Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

  1. Privacy Law Showdown? Setting the Stage
  2. Privacy Law Showdown? Legal and Policy Analysis.

Privacy Law Showdown? Setting the Stage

Today’s post is the first in a series entitled:

Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

We’ll explore how recent changes in privacy provisions of  ARRA/HITECH Federal stimulus legislation affect personal health information (PHI) platform companies (e.g., HealthVault, Google Health,  Dossia) and personal health record (PHR) companies.

Health IT expert and journalist Neil Versel described the issue in the April 7 issue of BNET Healthcare:

Although Google and Microsoft have gotten plenty of attention for their Web-based personal health records, both companies have long maintained that they’re not bound by the privacy protections of a 1996 federal law known as HIPAA. And despite a recent HIPAA change — one intended to extend its privacy provisions to services like Google Health and Microsoft’s HealthVault — both companies still insist they’re not bound by the law.

…“Our understanding is that HITECH, which is the jargon for [the health IT] part of the legislation, did not change the definition for a covered entity or a business associate, so our service is offered directly to the consumer,” Google Health Product Manager Roni Zeiger told Modern Healthcare last month. “[O]ur understanding is that we are neither a covered entity nor a business associate,” he continued. “We’re providing a service directly to the consumer or a patient.”

Microsoft offered a similar assessment at the annual Healthcare Information and Management Systems Society conference in Chicago. “We’re still outside [of HIPAA],” said David Cerino, general manager of Microsoft’s Health Solutions Group.

Not everybody agrees with Microsoft and Google. Versel commented in his own blog:

Excuse me? I’ve been struck since Day 1 with the arrogance Google seems to be exhibiting with its entry into healthcare …  it seems to me Zeiger is intimating that the law doesn’t apply to Google.

In the BNET article, Versel also quotes David Brailer, the first head of the Office of the National Coordinator for Health Information Technology at HHS:

Table of contents for the series--Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs

  1. Privacy Law Showdown? Setting the Stage
  2. Privacy Law Showdown? Legal and Policy Analysis.

EHR 2.0: Thinking Outside the Cat Box

Zencat One of the potential dangers of limiting $17 B HITECH federal stimulus funds to electronic health records (EHRs) is the risk of locking-in outdated technologies. Let’s consider what this might mean.

If you think of today’s EHR technology as EHR 1.0, what might EHR 2.0 look like? This post presents a number of innovative ways to conceptualize EHR 2.0:

  • EHR as Platform + Applications
  • EHR as Clinical Groupware
  • EHR Integrated with PHR
  • EHR as Software-as-a-Service (SaaS)
  • EHR as a “Publish-Discover” Search Engine
  • EHR + Disease Management Services = Care Coordination
  • DRT-Enabled EHR

My point here is not to provide an exhausting listing of what’s possible, but simply to get you to begin to think about what’s outside the existing EHR box. These concepts are not mutually exclusive and you’ll see there’s overlap.

Let’s look at each of these innovative approaches.