An Open Letter to President-elect Obama and the Congress
Please accept my heartfelt congratulations for recognizing health information technology (IT) as one of the most promising targets for public investment at this crucial moment.
As a (formerly practicing) doctor, I’d diagnose our economy on the verge of a Code Blue, and our healthcare system with a more chronic but equally threatening condition. You’ve recognized how these two illnesses interrelate, with spiraling healthcare costs damaging business competitiveness and job losses threatening healthcare coverage. If I may offer a second opinion, I concur 100% with your decision to apply the chest paddles now, charged with $20 billion of investment.
Now I would like to offer this promise: I and my fellow health IT leaders are passionately committed to ensuring that this treatment not only succeeds, but delivers a substantial positive return far exceeding the amount invested. How can we be so confident? Well, even a 1% improvement in the efficiency of our $2.2 trillion healthcare spend would put us in positive payback territory. But we can do better than that, and here’s why:
Health IT Products are Ready Right Now
I chair a nonprofit organization that tests and certifies health IT products, so I’m very familiar with the state of that industry and the behavior of potential purchasers. In the past three years, we’ve certified over 160 electronic health record (EHR) products for doctors’ offices, hospitals, emergency departments, and more. We rigorously check not just what the software can do, but also for interoperability – the ability to share information with other providers — and the security of the systems as well, all against established standards. Most doctors know they need EHRs and many will respond to an economic push right now. And the industry supplying those EHRs is a competitive, diverse marketplace that will respond to growing demand with increased capital investment and job growth.
We’ve Learned How to Structure Incentives toward the Desired Outcomes
Nobody is advocating a massive, unqualified handout of dollars to doctors. Outright grants may be appropriate for providers in rural and underserved areas, and for safety-net clinics, but in other environments financial incentives should be structured as a series of incremental rewards for progressive achievements. In the private sector, the Bridges to Excellence program sets an excellent example, while the recently launched Medicare EHR Demo provides a public sector prototype. These programs offer initial incentive payments for purchasing appropriate technology – a certified EHR — then a second round of money when successfully implemented. Beyond that, bonuses are paid only as the provider demonstrates improvements in quality or efficiency. Healthcare payment reform and healthcare IT — twins separated at birth – must grow up and mature together to achieve their full potential.
An Investment in Human Capital
Every experienced IT hand knows technology is just a tool, and returns on IT investment require strong leadership and dedicated change management. So some of the stimulus funds should be used to develop the skilled workforce needed. It may be possible to redeploy IT personnel from other industries to lay broadband infrastructure for healthcare, but we’ll also need to boost health IT training programs. And doctors and nurses being asked to change their habits are best motivated by one of their own – a clinician champion. There are plenty of clinicians who have successfully led these projects, and we can’t afford to have their experience locked up within their own organizations — let’s find a way to put them on a health IT inspirational speaking circuit.
Empowering Patients
You’ve also wisely recognized the need to redirect our health efforts toward prevention, helping people make better choices early in life, and eventually reducing the burden of expensive interventions near the end. To do this, we need to empower citizens with health knowledge, allowing them to make better health choices and to become more discriminating healthcare consumers. Personal Health Records (PHRs) will emerge as a platform for this new information flow. The organization I lead is also preparing to certify these PHRs, to ensure they are secure, private, and can exchange information with EHR systems in doctors’ offices and hospitals. Projects in this field are a promising area for government investment.
The Final Frontier: Healthcare Reform
You’ve recognized the need for dramatic improvements in healthcare, but you’ve decided not to attempt a radical rip-and-replace approach. That’s a wise choice. In many towns, hospitals themselves are the major source of jobs; a massive disruption could even shut them down and further weaken the economy.
Fortunately, almost every illness of our current model is amenable to improvement with an assist from better information. With better data on prices charged and quality of care delivered, we can reform payment to reward clinicians for the quality or their work, instead of just for the quantity. With EHRs that easily intercommunicate, we can reward better teamwork among providers to re-integrate care despite our fragmented healthcare business model. And with empowered health consumers and an online connection that extends beyond the occasional visit to the doctor, we can motivate healthy lifestyles and prevention, eventually reversing the growing burden of chronic diseases.
We’re Charged Up: Just Push the Button
Finally, I see that you understand what is needed to revive our economy: an injection of fiscal stimulus, a steady dose of inspirational leadership, and a big response of energy and optimism from the American people. So you will be pleased to hear that the health IT community is charged up with those qualities right now. At our organization, just one of several initiatives in health IT, we’ve seen some two hundred unpaid volunteers serve tirelessly for over three years, and they’re ready to do more.
Paddles: charged. Pathway: clear. Just push the button, and a new vital rhythm in healthcare will begin.
{ 3 comments… read them below or add one }
Dr Leavitt’s letter captures the terrific energy that should properly go with President Obama’s pronouncements.
I would like to add an observation as a practitioner of security in e-health systems. In embracing Personal Health Records, and planning their security and privacy, we need to take special care with Health Identifiers.
The current state of user authentication and Health ID management puts patients accessing their own PHRs at enormous risk. Conventional username-and-password log on leaves users utterly vulnerable to ID theft, phishing and pharming (where users are drawn to what appears to be a legitimate EHR website but which is in fact a criminal enterprise trying to elicit the user’s personal details).
Health IDs (and PHR user account details) need to be treated with the utmost care; they must be safeguarded against unauthorised usage, especially theft and replay. The replay of stolen identity data now is rife in the payments system; at least $5billion of Card Not Present payment fraud happens every year, fueled by a thriving black market in stolen account details. Witness the recent highly organised attacks on Heartland Payment Systems and the TJX department stores, which netted organised criminals tens of millions of ID records.
The lesson for healthcare systems is to pay attention not only to access control mechanisms but also the pedigree of identifiers. How do we know that a given Health ID really pertains to a singular individual? And that it has been provided willfully to a carer or an information system? And how can we be sure without invading the patient’s privacy by having them play “Twenty Questions” every time they want access?
Simple password access to internet banking services is already widely superseded in the finance sector. The health sector needs to go one step better than banking, for the perils are so much greater. In e-health we must adopt uniform two factor and non replayable authentication of users accessing their own EHRs. The US federal government’s authentication guidelines expressly address these issues; NIST SP800-63 “Electronic Authentication Guideline” is very useful. It sets the bar higher than we’re accustomed to in personal internet security, but I think there is no room for error when it comes to PHRs.
If we think that PHRs are crucial to the future of healthcare, then we’re going to have to treat them as part of the national infrastructure, and invest in personal safety measures accordingly.
Stephen Wilson
Lockstep Technologies.
So much progress, such immense promise, such and exciting time ahead for health care and for our country’s citizens’ many windfalls from a more efficient and effective industry. Still, many problems remain among them is making sure that the point of care record is trustworthy according to existing rules, regulations, and standards for medical records and for business records. As that is accomplished we discover the need to adapt old rules and generate new ones specific to assuring data quality in EHRs. Perhaps we should at least make sure EHRs conform to existing rules for electronic records before we implement them everywhere for everyone? These are roadmapped requirements for future CCHIT Certification requirements, but they are not comprehensively present yet, with stepwise improvements mapped out to 2010 and beyond. Today, though, even retaining the original version of an amended record (certainly a very basic authenticity requirement) is not due to become a Certification requirement (for Ambulatory) until this calendar year.
We’re making huge leaps forward, let’s make sure these systems are at least built capable of trustworthiness before we subsidize further acceleration of their implementation. Since we cannot yet assure a trustworthy record today, we gain a huge additional increment in national value by making sure that foundational requirement is met before we push forward to hard, too fast. Before we “wed” ourselves too irreversibly to the EHR vision, let’s contemplate that old saw, “Marry in Haste, Repent at Leisure”.
RDGelzer, MD, MPH, CHCC
Advocates for Documentation Integrity and Compliance
Volunteer-CCHIT Privacy and Compliance WG
Volunteer-HL7 EHR-S Functional Model WG on the Records Management-Evidentiary Support Profile
How long will this take? Former HHS chief Tommy Thompson announce a 10-year plan in 2004, and are we nearly halfway there? I doubt it…
Leave a Comment