by Vince Kuraitis JD, MBA and David C. Kibbe MD, MBA
Most of the press coverage and attention to HITECH has been to the “buy” side of the market: The central question here has been: “Will doctors and hospitals buy and use EHR technology?”
Meanwhile — and much more quietly — the sell (vendor) side of the EHR market is already dramatically different than it was a year ago. We observe change occurring at at least three levels:
- HITECH as Policy Change
- HITECH as Mindset Change
- HITECH as Technology/Business Model Change
How big a network will the Health Internet (aka National Health Information Network) be?
My BOTE (back-of-the-envelope) calculation is that this network could consist of about 301 million nodes. Here’s my math (pls. clarify or amplify):
- 300 million individuals in U.S.
- 700 K doctors
- 5 K hospitals
- 295 K — other B2B healthcare entities
Very rough…but I hope you get the point.
So let’s put into perspective press releases from Google or Microsoft announcing that they have developed new “partnerships” (i.e.nodes in the network) for Google Health or Microsoft HealthVault. As an example, today Google announced partnerships with APWU Health Plan and Harvard Pilgrim Health Plan.
By Vince Kuraitis and Steven Waldren MD, MS. Dr Waldren is Director of the Center for Health Information Technology at the American Academy of Family Practice (AAFP).
Two issues have rightfully surfaced front and center in the public’s understanding of HITECH Act implementation:
- ” definition of “Meaningful Use” of EHRs, and
- ” definition of “certification” process for EHRs
…and we applaud the progress of the workgroups and the HIT Policy Committee in addressing these issues constructively.
However…a THIRD issue lurks – “Data harmonization at the expense of data liquidity“, or put another way – “misplaced pursuit of one (and only one) language at the expense of practical communication.”
On August 20, the HIT Standards Committee approved recommendations to bring forward to the HIT Policy Committee meeting later this September.
In this post, we will:
- Summarize aspects of the HIT Standards Committee’s recommendations that are problematic
- Develop an analogy to illustrate how the recommendations will limit innovation and increase barriers to communication. Our analogy:
The Standards Committee recommendations are like mandating that everyone in the U.S. be required to speak Latin by 2013.
Dr. Blumenthal has wisely anticipated that there could be a situation where in his role as national coordinator that he should not follow a Committee’s advice:
“This committee does provide advice to the national coordinator, but it does not make policy,” Blumenthal said, with a noticeable emphasis on “not.” [iHealth Beat; August 18, 2009]
Dr. Blumenthal, this is exactly the situation you have anticipated.
This post is a foundational overview of characteristics of network industries. Much of the terminology will deserve deeper discussion, but we have to start somewhere.
In his book The Economics of Network Industries, Professor Oz Shy lists four characteristics of network industries.
The main characteristics of these markets which distinguish them from the market for grain, dairy products, apples, and treasury bonds are:
- Complementarity, compatibility and standards
- Consumption externalities [network effects]
- Switching costs and lock-in
- Significant economies of scale in production
In this essay, I’ll quote from Dr. Shy in explaining each of these characteristics. I’ll also offer a few thoughts as to how these characteristics apply to healthcare. More specifically, I’ll discuss physician adoption of EHRs (electronic health records) and patient adoption of PHRSs (personal health record systems).
Why a PHRS instead of a plain old PHR? Think of a PHRS as a PHR data repository platform bundled with multiple high-value applications. For a more detailed explanation, read here.
Let’s look at the characteristics of network industries one at a time.
by Vince Kuraitis, Steve Adams, and David C. Kibbe MD, MBA
Over the past several years, many diverse initiatives have arisen offering partial solutions to systemic problems in the U.S. health care non-system.
We see Meaningful Use Criteria recommended by the HIT Policy Committee as a unifying force for these previously disparate initiatives. These initiatives have included:
- Patient Centered Medical Homes (PCMHs)
- Regional Health Information Organizations (RHIOs)/Health Information Exchanges (HIEs)
- Payer Disease/Care Management Programs
- Personal Health Record Platforms — Google Health, Microsoft HealthVault, Dossia, health banks, more to come
- State/Regional Chronic Care Programs (e.g., Colorado, Pennsylvania, Improving Performance in Practice)
- Accountable Care Organizations — the newest model being proposed as part of national reform efforts
While there are some commonalities and overlap, to-date these initiatives have mostly arisen in isolation and are highly fragmented — they’re all over the map. Here’s a graphic representation of the fragmentation that exists today:
The HIT Policy Committee recently recommended highly detailed Meaningful Use criteria for certified EHRs. Doctors and hospitals who hope to receive HITECH Act stimulus funds will have to demonstrate that they are meeting these criteria; the criteria are not yet finalized.
The Committee website describes the central role of the Meaningful Use criteria:
The focus on meaningful use is a recognition that better health care does not come solely from the adoption of technology itself, but through the exchange and use of health information to best inform clinical decisions at the point of care.
The HIT Policy Committee also is recognizing that there are multiple routes to achieving Meaningful Use beyond the traditional EMR 1.0, e.g., modular Clinical Groupware software.
While some might view the Meaningful Use criteria as limited to the world of health IT — something happening “over there” — we see much more going on. We believe the Meaningful Use criteria are becoming a powerful unifying force across the health system, with potential to converge previously disparate initiatives. Here’s our conceptual representation:
Google Health…please stick around….but please also get your stuff together.
Over the past few days, several of my respected colleagues have written excellent blog posts essentially asking “Does Google Health have life?”
I share their observations and sentiments. I see Microsoft HealthVault as a serious business strategy while Google Health is more like a hobby (one of probably hundreds at Google).
Are there reasons Google should stick around healthcare? Absolutely! Off the top of my head, I can think of five:
- Google brings unique competencies to health care information seeking.
- Google Health is doing a good job on a shoestring budget.
- Healthcare is ripe for disruptive innovation.
- Microsoft needs competition.
- Microsoft HealthVault and Google Health are more complementary than competitive.
Let’s take these one at a time.
“Qualcomm pulls the plug on LifeComm” announced Brian Dolan of mobihealthnews recently.
As demonstrated by e-CareManagement blog readership, there has been a lot of interest in LifeCOMM. My first blog post on LifeCOMM in 2007 has been single the most commented on post and the second most widely read blog post.
It’s taken me a while to sift through my thoughts and feelings about saying “Goodbye” to LifeCOMM. At first I was deeply disappointed, but after further reflection think that LifeCOMM wasn’t the right type of platform for today’s consumer mobile health market.
My first reaction was one of disappointment.
by David C. Kibbe MD, MBA
The remarkable report, “Initial Lessons From the First National Demonstration Project on Practice Transformation to a Patient-Centered Medical Home,” published in the May/June issue of Annals of Family Medicine, the Nutting Report, makes this point about the state of primary care IT offerings:
Technology needed in a PCMH is not “plug and play.” The hodge-podge of information technology marketed to primary care practices resembles more a pile of jigsaw pieces than components of an integrated and interoperable system.
Surprise! Well, actually, no surprise. We all recognize that health IT implementation in family practices, even under the best conditions and with the best of planning, is difficult and can be an ongoing challenge.
What is surprising to us, however, is that Dr. Nutting and co-authors make this comment in their recommendations section:
…[I]t is possible and sometimes preferable to implement e-prescribing, local hospital system connections, evidence at the point of care, disease registries, and interactive patient Web portals without an EMR.
#2 in a series — Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs.
by Deven McGraw JD, MPH, Center for Democracy & Technology
There has been considerable discussion lately about whether or not the stimulus legislation (ARRA) extends HIPAA coverage to commercial vendors of personal health records (PHRs) any time they contract with entities already covered by HIPAA like hospitals, health plans or physicians groups. (For those of you who don’t know, HIPAA is the Health Insurance Portability and Accountability Act of 1996. The HIPAA privacy and security regulations form our national health privacy and security rules.)
The provision in question (Section 13408) states that “each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record” is required to enter into a business associate agreement with the covered entity. Under ARRA, business associates must comply with key provisions of the HIPAA privacy and security regulations.
In this post, I argue that PHR vendors should be covered under HIPAA only under certain circumstances. PHRs should be governed by a comprehensive framework of privacy and security protections, but HIPAA would provide inadequate privacy protection for people using these tools (at least as the HIPAA rules are currently structured). As a result, I argue that this provision in ARRA should not be read to require the automatic application of HIPAA to PHR vendors any time they contract with covered entities to offer a PHR. Instead, I suggest that HIPAA should cover a PHR vendor’s activities when the nature of the relationship between the vendor and the covered entity (hospital, health plan, physician office) primarily concerns the vendor performing a service for the covered entity.
However, where the contractual relationship is primarily about improving the value of the PHR to the consumer, HIPAA should not apply. (I know, not an easy line to draw – but I do suggest some factors that should influence the decision.)
Finally, I urge the prompt adoption of separate, targeted privacy provisions to protect consumers using PHRs so that the choice is not HIPAA or limited protections under other federal laws.
Why Not HIPAA – Isn’t it Better Than Nothing?
Table of contents for Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs
- Privacy Law Showdown? Setting the Stage
- Privacy Law Showdown? Legal and Policy Analysis.
Today’s post is the first in a series entitled:
Modifications to HIPAA Privacy Laws: Impact on Microsoft HealthVault, Google Health, and other PHRs.
We’ll explore how recent changes in privacy provisions of ARRA/HITECH Federal stimulus legislation affect personal health information (PHI) platform companies (e.g., HealthVault, Google Health, Dossia) and personal health record (PHR) companies.
Health IT expert and journalist Neil Versel described the issue in the April 7 issue of BNET Healthcare:
Although Google and Microsoft have gotten plenty of attention for their Web-based personal health records, both companies have long maintained that they’re not bound by the privacy protections of a 1996 federal law known as HIPAA. And despite a recent HIPAA change — one intended to extend its privacy provisions to services like Google Health and Microsoft’s HealthVault — both companies still insist they’re not bound by the law.
…“Our understanding is that HITECH, which is the jargon for [the health IT] part of the legislation, did not change the definition for a covered entity or a business associate, so our service is offered directly to the consumer,” Google Health Product Manager Roni Zeiger told Modern Healthcare last month. “[O]ur understanding is that we are neither a covered entity nor a business associate,” he continued. “We’re providing a service directly to the consumer or a patient.”
Microsoft offered a similar assessment at the annual Healthcare Information and Management Systems Society conference in Chicago. “We’re still outside [of HIPAA],” said David Cerino, general manager of Microsoft’s Health Solutions Group.
Not everybody agrees with Microsoft and Google. Versel commented in his own blog:
Excuse me? I’ve been struck since Day 1 with the arrogance Google seems to be exhibiting with its entry into healthcare … it seems to me Zeiger is intimating that the law doesn’t apply to Google.
In the BNET article, Versel also quotes David Brailer, the first head of the Office of the National Coordinator for Health Information Technology at HHS: