April 28,2009 Vicki Y. Estrin Vanderbilt Regional Informatics [email protected] Funding: AHRQ Contract 290-04-0006; State of Tennessee; Vanderbilt

April 28,2009

Vicki Y. EstrinVanderbilt Regional Informatics

[email protected]

Funding: AHRQ Contract 290-04-0006; State of Tennessee; Vanderbilt University. This presentation has not been approved by the Agency for Healthcare Research and

Quality © Vanderbilt Center for Better Health 2009

mailto:[email protected]

In 2004, Tennessee’s Medicaid program (TennCare) was creating a financial burden for the state. Governor Bredesen in February 2004 recognized that health IT (HIT) was one approach that must be considered for reducing costs and improving quality.

There were a number of initiatives started in 2004 (one started in 2003)

While there was a “burning platform” with TennCare, the Governor recognized the need for HIT for all of Tennessee’s citizens

The state identified the need to invest in infrastructure: technical and personnel◦ Established broadband network that reaches all 95 counties ◦ Established the eHealth Department and named Antoine Agassi

as the first director. Melissa Hargiss is the current director of eHealth

HIE activity continues to expand at the regional level. One additional challenge for Tennessee and its exchanges - Tennessee borders 8 states

In addition to the local/regional exchanges, the state has also supported a state-wide effort with an organization called Shared Health. Shared Health is a for-profit subsidiary of BCBST and is primarily focused on the TennCare population

How it all began…

• The Governor asked health care leaders in Memphis to embark on a 6 month planning process to understand the benefits of HIT and HIE. This effort began in August 2004. The MidSouth eHealth Alliance was born from this planning effort.

• The state received funding to be an AHRQ State and Regional Demonstration (SRD) project. The proposal was to start in Memphis and extract lessons learned that would benefit the rest of the state. State provided additional funds

• Total funding for five years:– $7.2 million from the state– $4.8 million from AHRQ

• Collectively the Memphis health care leaders agreed that sharing patient information to improve the quality of care (and hopefully reduce costs) was NOT an area of competition.

• The Board had its first official meeting on February 23, 2005. – Initial Participants included all of the health systems, largest specialty clinic (400+ providers),

two safety net clinics and one Medicaid MCO

The MidSouth eHealth Alliance is a 501(c)3 organization that serves citizens in the Greater Memphis area (three counties in SW Tennessee and citizens in MS and AR)◦ Approximately 1.2 million citizens◦ 25% of the Shelby County citizens are at or below the poverty line◦ 20% of patients are from bordering states

On May 23, 2009 we will celebrate our third anniversary as a functioning exchange

Participants include (* founding organization) Baptist Memorial Health Care* (5 facilitates one in MS) Christ Community Health Services* (FQHC – 5 clinics) Memphis Children’s Clinic (6 ambulatory care clinics) Memphis Health Center (4 primary care clinics) Methodist Healthcare* (7 facilities include LeBonheur Children’s Medical Center) The Regional Medical Center* St. Francis Hospital* and St. Francis Bartlett* (owned by Tenet Healthcare) St. Jude Children’s Research Hospital* Shelby County/Health Loop Clinics* (10 primary care clinics) UT Medical Group* (400+ providers) Amerigroup TLC* (TennCare MCO)

Stopped participating 10/31/2008 Data submitted till that date is still available to users

Operational in 14 emergency departments in three counties plus one facility in Southaven, MS

Hospitalist in 4 of the health systems have access to the system

14 safety net providers access the system daily for patient care

Total # of users in clinical settings: 380+ Total # of encounters: 4.7 million

◦ Receive 140,000 encounters/month Total # of patients with data: 1,284,000 Total # of patients with clinical data: 1,018,000 Monthly ICD-9 admission codes: 34,000 Monthly labs: 2,400,000

◦ Monthly microbiology reports: 26,000◦ About 80,000 lab results per day

Monthly chest x-ray reports: 35,000

The Memphis Bioworks Foundation

The Memphis Business Coalition

Universities◦ Tennessee Tech ◦ University of Memphis◦ University of Tennessee

(Memphis)◦ Vanderbilt University

State Collaborations◦ State of Tennessee◦ Tennessee Hospital Association◦ Tennessee HIMA◦ Tennessee HIMSS◦ Hospital Alliance of Tennessee

National Collaborators◦ Other AHRQ funded state and

regional demonstration projects Indiana Colorado Delaware Rhode Island Utah

◦ eHealth Initiative◦ Markle Foundation◦ Robert Wood Johnson

Foundation◦ AHIMA◦ HIMSS◦ Agency for Healthcare Research

and Quality (AHRQ) HIT National Resource Center

Policy should drive technology whenever possible The technology is a means to an end – it is not the primary

focus Standards are important but DON’T let them be the barrier to

moving forward; the standards will evolve Patient data is NOT something to compete over Where the data resides is less important than clear

understanding of who is responsible for the data integrity Start small and simple; build to bigger and better Clinicians are hungry for data and frustrated with current

approaches to getting it You MUST have the hard conversations – if everyone is

agreeing without dialogue you are in trouble Accept that this is will be considered “one more thing” on a

long list of priorities for participating providers◦ Be willing to adjust project plans to accommodate multiple priorities

from multiple organizations Keep the “I” low in ROI

Governance◦ Building a solid coalition/governance structure that enables

building consensus between organizations with a strong history of competition

Technology◦ Lack of data standards, data integrity, matching patient/records

Privacy and Security◦ What is required in terms of policy and legal documents to share

patient data for clinical purposes Sustainable Business Model

◦ Define the value and identify future funding/revenue to sustain the operations

Consumer Involvement◦ Identify the customers and consumers – what are their needs

and what will they expect from this type of system

“It is political science, not computer science”

For what purpose(s) would the data be used? What was the role of HIPAA? Who would have access to the MidSouth eHealth Alliance

data? What data will be shared and what data will not be

shared? Would we allow a patient to not share their data? Would we tell or notify the patient about the data

sharing? Will the patient consent for data sharing? What would we audit and track? What policies must be in place for all to feel comfortable

with sharing data? Who will write the policies? Who will enforce the policies?

They may not be considered “Best” by your community

There are guard rails that must be considered in all conversations:◦ What do HIPAA and other federal laws and regulations

say?◦ What do your state laws and regulations say?

And then there are areas that are critical to moving forward◦ How do organizations in your community interpret and

put into operation laws and regulations?◦ How does data exchange happen today in a paper or

electronic world?◦ What rights (if any) should a patient have beyond what

the law allows?

All Participants were included Representation included:

◦ HIM professionals◦ Privacy officers◦ Security officers◦ CIOs◦ In-house counsel◦ Clinicians

Anyone who wanted to participate could even if they were not a Participant Organization

Meetings were 2 – 4 hours in length and facilitated to encourage a “healthy approach” to conflict◦ Conflict is good◦ If you don’t have any conflict you have bigger troubles

than you realize!

We talked with our peers and colleagues throughout the state and around the country◦ Held a 2 day statewide meeting at the Vanderbilt Center for

Better Health to facilitate the dialogue in December 2005◦ Held a 2 day nationwide meeting at the Vanderbilt Center

for Better Health to facilitate the dialogue in September 2006

We restricted the use for treatment and diagnosis in the Emergency Department setting◦ This gave us a concrete “it” ◦ The work group drafted a “Granting Access” document that

defined all the areas of agreement. This was a working document and created focus for the work we had to do

◦ We developed scenarios given our setting. Our scenarios became more real because we could discuss how this system would fit practically into the workflow

© Vanderbilt Center for Better Health 2009

We educated ourselves on HIPAA◦ Focused on how we transfer this data now under HIPAA and defined how the HIE

would impact the interpretation◦ Acknowledged that if we have problems now with HIPAA compliance – the HIE will

not fix the problems◦ We tried to reconcile all the consent processes in the community but quickly

decided to focus on the Notification process instead (TN does not require patient consent for treatment) We ultimately did impact the consent process at the individual participant level;

however it was more effective to approach this issue through notification◦ There are many areas where the interpretation does NOT impact the HIE – we only

focus on the areas related to the HIE. In other words we do not have agreement on the interpretation of all that is in HIPAA

We identified where HIPAA was not enough◦ The work group felt strongly that the issue of Patients’ Rights could not be bound

by HIPAA Examples:

For the purpose of treatment does the patient need to be notified their data is going to be shared?

For the purpose of treatment does the patient have the right to not participate?


We look at other law regarding specific data types◦ If in doubt, we keep it out◦ Have found conflicts in how specific data types are “handled” according

to state law (or there is conflict in the interpretation of the law)◦ Worked with in-house counsels and HIM directors to understand how

they deal with conflicts in the law today – this process has worked well We identified where differences between organizations were

NOT ok and where there needed to be community standard◦ Example: All Participants in the MidSouth eHealth Alliance must notify

patients their data will be shared – this is a community standard We identified where differences are ok

◦ Example: How a patient is notified is up to the Participating Organization. It is documented so all Participants are aware of how it is being done.

We developed a one page FACT sheet that is per policy to be used by all organizations for patient education about the MidSouth eHealth Alliance◦ It was developed with the help of an adult literacy class◦ How is it used is up to the Participant


Security was addressed separately from Privacy◦ Much about security is wrapped in technology◦ Fear of identity theft must be acknowledged and addressed both in

policy and technology Audit logs were deemed to be critical to success in monitoring

both security and privacy issues◦ The audit process of an HIE is different than for an organization◦ The appropriateness of a look up is difficult if not impossible for an HIE

to judge through the audit logs The HIE knows records not patients

◦ The MidSouth eHealth Alliance Participants were adamant that they retain the relationship with the patient so all requests for audits will be through a Participant who per policy will coordinate the request with the MidSouth eHealth Alliance and other Participants

◦ From Day 1 we have taken a “big brother” approach◦ We have caught “offenders” through the audit logs – none were a HIPAA

violation but most were a violation of the MidSouth eHealth Alliance policies


Our approach to the data sharing agreements was to start with the Connecting for Health Model Contract language and then begin an education process with the goal of spending as little as possible on attorney fees.

The time spent discussing and debating the privacy, confidentiality, and security issues were an invaluable part of the process. No one was excluded from the dialogue.

P&S work group

identified a leader and interested members

agreed to meet to walk through

the model contract

Total of 8 people participated in this work representing 6 organizations.

Group met several times for 2+ hours

each time

Distributed the start of a MSeHA framework based upon the model to larger group

and had a meeting to

review questions and concerns

Distributed a redline

document for each

organization to review and give feedback

Review was done by 30+ people

representing all the organizations that are considered to

be in the MSeHA – several sought

advice from their own counsel

Attorney was engaged to represent

MSeHA – he reviewed all the feedback and created

the “final” draft” for

organizations to review

All Participants signed the agreement

on May 10th.

Received Model

Contract Draft

version and distributed

to P&S work group

September October - NovemberJanuary - February March May

This process created an priceless asset for the organization: TRUST


The MidSouth eHealth Alliance has a relationship with Participants

The Participants/Providers have a relationship with the patient

Data ownership is maintained by the publisher It is irrelevant where data is stored The publisher is responsible for the data quality and integrity

Use limitations must be defined and understood Any Participant with the appropriate notice can “leave with

their data” All Participants have a voice in setting the policy

The MSeHA Board represents the collective healthcare community The Operations Committee (a committee of the Board) represents

the Participants All new Participants are vetted and recommended by the Operations

Committee All policy is vetted and recommended by the Operations Committee


21

Participants in the MidSouth eHealth Alliance -

Allow the use of the data for purpose of diagnosis, treatment and coordination of care in the provider setting

Apply for membership and sign a data sharing agreement

Determine what data will be shared (or not shared) and disclose this to all Participants

Are responsible for authorizing users Coordinate and respond to a patient’s

request for information about who has viewed their health care data within the Participant’s setting and through the MidSouth eHealth Alliance

Patients - Are notified through the Notice of Privacy

Practices or an acceptable alternative that their data will be shared through the MidSouth eHealth Alliance

Have the right not to share their data ◦ It is assumed a patient will share until

the patient requests otherwise

What is the MidSouth eHealth Alliance? Certain health care providers in the Memphis area share health information through the MidSouth eHealth Alliance (the Alliance). The Alliance is a community wide information system that helps health care providers in the treatment of patients. Providers are doctors, nurses, healthcare workers, hospitals, and clinics. Which organizations in the MidSouth eHealth Alliance share information? The following organizations now participate in the MidSouth eHealth Alliance:

Baptist Memorial Hospital – Collierville Baptist Memorial Hospital for Women Baptist Memorial Hospital – Memphis Baptist Memorial Hospital - Tipton Christ Community Health Services Memphis Managed Care/TLC Methodist Healthcare including LeBonheur

Children’s Medical Center Saint Francis Hospital - Memphis Saint Francis Hospital - Bartlett St. J ude Children’s Research Hospital The Med Health Loop Clinics UT Medical Group, Inc.

Why is health information shared? Health care providers can make better choices about a patient’s care and treatment when they have as much information as possible about that patient’s health from lab tests, medical history, medicines, and other reports. The Alliance permits providers to review medical information in a system that is faster than contacting a patient’s other providers one by one. The Alliance only shares information about a patient’s medical condition with health care providers currently involved in that patient’s care. Is shared health information kept private and confidential? Yes. The Alliance obeys all applicable federal and state laws about privacy of medical information. The Alliance will not share health information with anyone not involved in the care of a patient or related to operations of the Alliance. Every organization and provider that shares or uses information from the Alliance must obey strict rules for security and privacy. What are your rights? As a patient, you have the right to not share your health information in the Alliance. This is called “Opting Out.” However, if you choose to opt out, health care providers may not have access to health information that may be important and useful in making choices about your medical care. If you have questions regarding your privacy rights, please refer to the Notice of Privacy Practices provided to you by your health care provider. If you need another copy of that Notice, please ask your provider to give you one. This Fact Sheet is intended for educational purposes only. Operations of the Alliance and the content of this Fact Sheet may be changed by the Alliance from time to time without notice. Who do I contact for more information? Every organization in the Alliance has a person who is responsible for privacy. When you have a question, ask for the Privacy Officer. He or she will be able to answer your questions or find someone who can help you.


Delivering a means by which traditional unaligned organizations can present personal health information as if it were all coming from care delivery site

Vision for Connecting the Community

Integration Platform

Hospital AmbulatoryClinic SNF

Urgent CareClinic

Hospital

Physician OfficeAffiliated Lab

AggregationCommunicationWork Flow

Each Participant has control of their own data

DataVault

DataVault

DataVault

DataVault

DataVault

DataVault

DataVault

ElectronicPatientRecord

20+ data feeds in varying formats are submitted real time or batch (all hospital data and some ambulatory data is real time; batch is every 24 hours)◦ HL7 v 2.1 – 2.3◦ XML code◦ Flat files◦ Multiple lab systems with differing specs

Look for opportunities to use what already exists◦ If a site already has an interface written – we use the same interface

Don’t make money a barrier – keep the costs low◦ Estimated cost is $35,000 per health system for the first year (in sweat

equity)◦ Costs/efforts decrease significantly in the following years

Don’t let perfection be the enemy of moving forward Think evolution not revolution

All data represented from IP, OP, and ED encounters◦ Patient identification/demographics◦ Lab results◦ Encounter data: date of service, physician and reason for

visit◦ Allergies (test)◦ Dictated Reports

Imaging studies Cardiology studies Discharge summaries Operative reports Emergency room summaries History and Physicals

◦ Diagnostic Codes◦ Some medication history (TennCare Claims)◦ And we continue to build and add data...


Multiple sites in one view

Normalized labs across sites

Requires systems thinking

Benefits being realized today◦ Reduced ED LOS◦ Avoidance of duplicate tests (e.g. CT scans, MRIs, labs)◦ Workflow efficiency ◦ Reduced need for 23 hour observation

Other Targeted Benefits◦ Increased medical home referrals◦ Increased quality of care and patient satisfaction◦ Information exchange for public health purposes

Bio-surveillance Public health reporting

◦ Basis for supporting pay for performance using clinical information

Broader Benefits of HIE◦ Better care for patients through a community wide view of the

patients’ care over time across organizations◦ Possible disaster recovery solution

2207 unique individuals seen in the Regional Medical Center’s ED in August 2008◦ 239 (11%) received follow up

care at the Health Loop clinics◦ 447 (20%) received care at

Christ Community clinics ◦ Peak visits occurred between 3

weeks and 6 weeks post ED visit Approach allows near real

time tracking of all registration events across participants in the exchange independent of payer or site of care

Cost to participants has been less than $50,000 per hospital over the past 4 year (time and effort)

Overall annual operating cost including technology is under $3 million◦ For a population of 1 million that is $3 per person

per year

What can appear remarkably simple is very complex◦ Incentives are misaligned (e.g. for a commercially insured

patient not doing a test is a loss to the provider)◦ Even on “simple” issues like eligibility and ePrescribing,

complexity can cripple opportunities for innovation◦ Health plans are pursuing multiple opportunities and

approaches to Pay for Performance American Recovery and Reinvestment Act (a.k.a.

Stimulus Bill) ◦ Many areas are still to be defined◦ Opportunity for funding for health information exchange, HIT

adoption and HIT Regional Exchange Centers◦ What is known, states and regions need to have their “act

together” If we are honest nothing about the American healthcare

system is currently sustainable…but the horse is out of the barn and change is happening.

Focus on quantifying the benefits Understand to whom the benefits are

accrued In the context of its own strategic goals,

identify grant funds to support efforts ◦ This is looked at as “seed funding” and requires a

plan for what happens after the grant ends Working with the state and across the state

to support the state’s broader goals for HIT and HIE


Documents

April 28,2009 Vicki Y. Estrin Vanderbilt Regional Informatics [email protected] Funding: AHRQ Contract 290-04-0006; State of Tennessee; Vanderbilt