First up was Dr. Karen Bell, Chair of the Certification Commission on Health Information Technology.
She had some interesting things to say, and some things that people in the room needed to hear. One of her key points was that it's not enough to have certified technology, you have to be able to use it in order to get the incentive payments. That is pretty clearly stated in the regulations, but she was pushing in a slightly different direction. One of Karen's main themes was that it isn't enough to have a certified suite of modules, but that they all have to work together. For that she was pitching the CCHIT branded certification, because that was one of its differentiators.
She (and CCHIT in general) still has a number of questions about the security critieria (I know John Moehrke has been wrestling with may of the same issues). While CCHIT is working with ONC on getting clarifications, they are still trying to address all the issues around security's role in modular certification.
Karen also talked about how they are working with hospitals seeking certification of in-house developed EHR systems. CCHIT has a 3-step education program that is designed to help hospitals understand the certification process.
She finished her talk on this very important note. Patient care is not just about diagnosis and treatment. It is about caring for patients. It is very clear that Karen is very passionate about what she and CCHIT are doing, and it was a pleasure to hear from her.
One of the interesting follow-up questions which was asked by a healthcare provider was on the topic of certification and FDA involvement. Neither Karen nor I have a crystal ball to see where that is heading, and there doesn't seem to be much coming out of ONC and FDA on this topic. But it was good to see the concerns being raised.
Following Karen's talk was a panel presentation titled "How C-Suite it is". "Buddy" Gillespie led this panel and there were some interesting responses to some of the questions he posed to the panel. On the ROI of meaningful use, one panelist pointed out that Incentive payments aren't ROI, but the process change that the resulting changes have on your business should result in ROI if you do it right. He later points out that the penalties going into effect in 2016 are REAL MONEY, not quite like the incentives.
Another question on the cloud was asked, and one panelist made some daring predictions. In the next five years, he said, we will see heavier use of the cloud and SaaS models and lest creation of hospital data cetners. In 10 years, the model will be very much ASP based and the clincial apps will run in the cloud. Hospitals will focus on their core business models.
Now, HITECH/Meaningful Use isn't the only problem that providers face. ICD-10, 5010, and others are headed their way. What meaningful use does though, according to another panelist, is provide a proving ground for a governance process that can be reused for each of these different implementation projects.
My follow-up question on the cloud discussion had to do with provider readiness to accept the cloud, and the perceived risks. In response to my question, one panelist talked about how their organizational policy with respect to the cloud makes it OK to deal with de-identified data in the cloud, but not personally identifiable, because the perceived risks of accidental disclosure are too great. Another provider pointed out that for many, cloud = internet, and that SaaS may be made available through a secure link (e.g., VPN) rather than just over the web. The value of that was because privacy from a provider or practice perspective was also important. It was important for one hospital to ensure that their SaaS model included a neutral third party because practices were concerned about how access to usage information might now work in their favor.
Some of the issues he addressed were the importance of cross-border communication. Valley Forge where the conference was being held is in the "Delaware Valley", which is a tri-state area within about 30-60 minutes of 3 major cities in three different states (Philadelphia, Trenton, and Wilmington). There is a hospital in PA connected today to one of the New York RHIOs.
Another challenge for PHIX is the need to address the needs of providers who aren't being supported by meaningful use. So, they are providing a portal for LTC and other providers who aren't covered under meaningful use regulations.
PA has a pretty aggressive plan, and expects about 90% of hospitals to be fully connected to the HIE in five years. Their RFP for a HIE provider was issued on April 1, and was recently awarded through the State department of general services to Medicity.
Of course, while tweeting all of this, John Moore at Chilmark Research (@john_chilmark) responded through twitter pointing out that the laws make it difficult. I posed John's point to Phil and he had a great response. We ensure that we follow our State laws when we send the information, and it is up to the receiver to ensure that they follow theirs when making it available on the other end. I thought that was a really good way to handle the situation. I of course tweeted back the response...
Now, with regard to those policies, PA will be an opt-out state with restrictions for exchange of certain kinds of information that is more highly protected (e.g., drug and alcohol abuse treatment). Some of the challenges are with the lawyers: "If you have 20 lawyers in the room you get 27 opinions".
To wrap up the sessions, one of the presenters showed a picture of the World's oldest written medical records dated around 1800 BC. He noted that some providers are not much further along.
I had to find that picture for the HL7 CDA Ambassador presentation. The point to make is that you want a record that can last as long as necessary.