Since Monday afternoon, the FEHBlog has been attending (on and off) the Workgroup for Electronic Data Interchange's fall conference in lovely Reston Virginia (near Dulles Airport).
Monday afternoon was a privacy and security summit. The speakers focused on risk assessments. The HIPAA Security Rule requires covered entities and business associates to conduct periodic risk assessments of the organization's electronic protected health information. At a conference earlier this year, the FEHBlog heard a speaker discussing the extension of risk assessment to all forms of PHI. A speaker at Monday's session noted that it's a prudent measure for businesses also to conduct assessments of risk to people and property/money.
Risk assessments involve the following steps code named FARM
1. Frame the risks, e.g., where is my ePHI?, how is it used?, what are the threats?
2. Assess the risks
3. Respond to the risks, and
4. Monitor the risks
These are simply sound internal controls. The FEHBlog also learned that October is Cybersecurity Awareness Month. Here is a link to HIPAA Security Rule Guidance.
Yesterday morning, the FEHBlog listened to talks about interoperability. The basic problem is that when Congress in 2009 made $30 billion available for "free" electronic health records, the manufacturers focused on selling hardware and software that would meet the government's meaningful use requirements. Evidently, interoperability meaning that the electronic health record systems can talk to each other was not a meaningful use requirement. So now it's time to do some backfilling. There was talk of a new interoperability law. Here's a link to a Fierce Health IT article about the main interoperability talk yesterday.
The best talks were today's. The first talk was by the American Medical Association's President-elect Dr. Steven Stack Dr. Stack bemoaned the "incredible morass of statutory and regulatory burdens" imposed on his profession. So the problem is the same on both sides of the fence -- healthcare provider and healthcare payer.
He explained why the AMA wants to kill the ICD-10. He noted that the ICD-9 has 13,000 codes while the ICD-10 has 68,000 codes. He doubts that the explosion of codes will provide better detail on the population health because doctors don't understand all of the detailed coding. (As an anecdote, he noted that death certificate information is not particularly reliable because absent an autopsy the coroner may default to heart disease.) Doctors were not closely involved with creating the coding. He added that Canada's ICD-10 which had more doctor involvement in its development has only 17,000 codes.
The AMA did not ask for the additional one year delay in the ICD-10. That was a Congressional bone thrown to the AMA because Congress punted on Medicare Part B sustainable rate of growth formula reform again. He had hoped (as the FEHBlog did) that HHS would implement the ICD-10 at the beginning of a calendar year not October 1. The AMA hopes that payers will providers a grace period while the providers and payers get used to the ICD-10. He wants the government to do a better job implementing the ICD-11.
He said that the government's meaningful use standards are a barrier to effective electronic health records. Developers are focusing their bandwidth on meaningful use compliance rather than effective user design.
He also expressed a concern that the growing use of credit cards to pay doctors (due to higher enrollee cost sharing) is cutting into physician practice margins. The FEHBlog is not sure what health plans can do about that. A Humana representative asked Dr. Stack what the AMA is doing to encourage doctors to accept electronic fund transactions from payers. Apparently the answer is bumpkus,
The final speaker that the FEHBlog heard today was Dr. Harry Greenspun from the Deloitte Center for Health Solutions. He pointed out that healthcare consumers seek the best service from their health care providers, not the best quality. Consumers need an incentive to use high quality providers. That is where health plans fit in. .