June 30, 2012

Population Healthcare Is Health Reform

Michael Christopher
Chief Chigger, CarePrecise Technology

We have heard many people say that the Affordable Care Act is not health reform, but an attempt at health insurance reform. But a broad shift in the focus and delivery of healthcare has begun, shaped in part by the ACA, and poised to bring significant change to American healthcare. At the heart of that change is population-based healthcare.

"With the Supreme Court upholding the ACA, we all now understand that population healthcare is what we're all going to be doing going forward," says Dr. Steven Davidson, senior vice president and chief medical informatics officer for New York's Maimonides Medical Center in a June 28 Modern Healthcare article. What is "population healthcare," what does it have to do with the Affordable Care Act, and what does it mean to industry vendors?

The term refers to "the ability to assess the health needs of a specific population; implement and evaluate interventions to improve the health of that population; and provide care for individual patients in the context of the culture, health status, and health needs of the populations" according to the Association of American Medical Colleges. Population healthcare is a broadening of focus to see beyond the individual patient to the broad context of that patient's health issues, and to understand the issues of the patient's population to better serve both the individual patient and broader communities of patients.

This perspective becomes ever more critical when cost efficiencies are taken seriously into account, as they must be in an "affordable care" paradigm. In a Tufts Managed Care Institute's white paper on population health, we find
"Population-based care involves a new way of seeing the masses of individuals seeking health care. It is a way of looking at patients not just as individuals but as members of groups with shared health care needs. This approach does not detract from individuality but rather adds another dimension, as individuals benefit from the guidelines developed for the populations to which they belong.* Members with a particular disease must be prioritized so that disease management interventions are targeted toward those members most likely to  cost-effectively benefit.**"
The Affordable Care Act package as it now stands places the emphasis on results, rather than on specific means to obtain results. Despite what has been said by opponents, providers are given wide freedom in achieving improved quality and reach of care, and are provided with new resources, such as advanced electronic health records, paid for in part by the taxpayer. Population healthcare is a strategy for deploying these resources and creative latitudes, in a package of practical tactics and achievable objectives, and at scale.

When viewed through the lens of health reform's quality focus, public health data collection and bringing the technologies that enable collection to every point of care, population healthcare is seen as a key - if not the key - strategy for both implementing the provider side of health reform, and rewiring its financial backbone of health insurance.

* Boland P., editor. Redesigning Heath Care
Delivery. Boland Health Care, Berkeley,
1996. pp. 159-163.
** Zeich R. Patient identification as a key to
population health management. New
Medicine. 1998;2:109-116.

June 29, 2012

Now We Know: Time to implement the Affordable Care Act

As the Tennessee Medical Association puts it, there is now a "certain finality" to the Affordable Care Act following the Supreme Court decision upholding the law. A huge win for the Obama administration, the decision yesterday was like kicking a hornet's nest among conservatives. The Christian Medical Association said the decision "sounds an alarm across the country to people with faith-based and pro-life convictions" and called on Congress to repeal the law.

An article in Modern Physician characterizes the response among physicians as "mixed," but the vast majority of our MD, DO, PA and RN contacts have come down strongly in favor of the law, in one case saying "The government did something right... 50 million healthier Americans is going to look pretty good here in a few years."

Whichever political side one is on, it is now clear that work can move forward on implementing the law. The Tennessee Medical Association's statement concluded "Today's decision allows us to make more definitive plans regarding reforms to our healthcare system in Tennessee." The sentiment seems to be fairly widespread through the provider side of the industry.

Some states - among them our own Oklahoma - elected to refuse federal funding ($54 million in Oklahoma's case) to establish health insurance exchanges. The decision, taken on the part of Governor Mary Fallin, appears to have been politically motivated, but Oklahoma is, in fact, developing an exchange, without the federal dollars. An agency head, speaking with an Oklahoma radio station, said "It would have been good to have the money, so we could have a more user friendly and effective system, but we'll have something, anyway."

The justices struck down provisions in the law that would empower the federal government to force states to comply with the planned Medicaid expansion or lose all of their Medicaid funding. Now states will be eligible for basic Medicare funding even if they choose not to accept the additional dollars to provide expanded care. Numerous states have sworn to refuse expanded Medicaid funding, but it remains to be seen whether any will ultimately deny this added coverage for hundreds of thousands of their citizens. The federal dollars are being offered with no required match for three years. Medicaid is often one of the biggest lines in states' budgets, and that share is growing as healthcare costs continue to rise.

June 6, 2012

Medical Data Breaches Unnecessary

The problem of breaches involving healthcare data is getting worse, not better. As more medical information is stored electronically, the risk of unauthorized access grows. But a significant portion of the risk could be reduced to near zero if the primary users of the data - practitioners, healthcare information technology staff and contractors, administrative staff - would take one simple step. One simple and completely free step. Really; it costs nothing, and places nearly zero burden on the user.

We made this same recommendation about six years ago, when reports of stolen laptops first began coming in. But it seems as though no one in the industry has applied our simple fix. In January of 2012, a contractor copied the records of 34,000 patients of Howard University Hospital, containing SSNs, birthdates, and diagnosis-related information, onto a laptop. The data was not encrypted; the laptop, of course, was stolen from the contractor's car. This same scenario has been reported numerous times. Data, laptop, car, repeat.

Last month, federal prosecutors charged a worker at the same hospital with selling hospital data. She's set for a plea hearing on June 12. Clearly, this is a different situation, and would not have been mitigated by encrypting the data, since the worker was entrusted with full access. But you can be sure that Howard University Hospital wishes that the stolen laptop had not preceded this incident. Patients and regulators are rightly outraged.

Simply put, had the data been stored on an encrypted drive partition on those laptops, it would have been safe from prying eyes. How difficult is it to do that? If a free, open source program like TrueCrypt is installed on the computer, it's as easy as typing in a password to open the protected drive, copying the data onto it, and using the data just as though it were on any ordinary drive. After so many minutes of idleness, or when the computer sleeps, hibernates or is shut down, the program can be set to close the protected drive, rendering its contents completely unusable until the password is given again.

Along with encryption, passwords must be strong, which means hard to guess. But they don't have to be hard to remember and type. A good rule is to have 20 or more characters, but a simple phrase can be easy to remember. Stop thinking pass word, and think pass phrase instead. Here's an extremely strong password: Theylike2bheld/theseKitties ("they like to be held, these kitties"). Easy to remember and type, but it has upper and lower case letters, a numeral and a punctuation character, and totals 27 characters in all. That's one strong password. It works in TrueCrypt and virtually all other encryption programs. And it even has kittens!

Some encryption software, including TrueCrypt, offer an additional important feature.  Let's say you are carrying extremely valuable data, being mugged, and are forced to enter your password to start the computer. Let's go so far as to say that the mugger is savvy enough to search the computer for an encrypted file, and finds it. TrueCrypt actually lets you use a different password when you mount the protected drive, which opens a phony data trove on which you've stored some bogus data. Plausible deniability saves you and your data.

There is simply no reason not to require all staff members and contractors to use encryption for all medical and other personal data. Essentially zero ownership cost, and it doesn't slow anybody down. No excuses.

Encryption and strong passwords. Take these two pills and sleep better tonight.

TrueCrypt is a free open source project, available at http://www.truecrypt.org/