1
©2012 Foley & Lardner LLP • Attorney Advertising • Prior results do not guarantee a similar outcome • Models used are not clients but may be representative of clients • 321 N. Clark Street, Suite 2800, Chicago, IL 60654 • 312.832.4500
1
Emerging Issues in Health Information TechnologyMonday, January 23, 2012
4837-7158-9389.1
2©2012 Foley & Lardner LLP
Speakers:
Robert JarrinSenior Director, Government AffairsQualcomm Inc.
John Halamka, M.D.Chief Information OfficerIsrael Deaconess Medical Center & Harvard Medical School
Chanley HowellPartnerFoley & Lardner LLP
Michael OverlyPartnerFoley & Lardner LLP
2
©2012 Foley & Lardner LLP
John D. Halamka M.D.CIO, Beth Israel Deaconess Medical Center and Harvard Medical
School
Connecting Patients, Providers, and Payers
4©2012 Foley & Lardner LLP
Meaningful Use
Improving quality, safety, efficiency, and reducing health disparities Engage patients and families in their health careImprove care coordinationImprove population and public healthEnsure adequate privacy and security protections for personal health information
3
5©2012 Foley & Lardner LLP
2011
2013
2015
Conceptual Approach to Meaningful Use
6©2012 Foley & Lardner LLP
- -
Berkshire Health SystemNEHEN
SafeHealthMD
MDMD MD
Fallon Clinic UMass Memorial
Statewide HISP
PKI/certificate mgmt Webportal
Provider/entitydirectory
Auditlog
MD MD
MDMD
MD
MD
BIDMCPartners
Direct gateway services
EOHHS NwHIN
MassHealth
DPH
Atrius
The Massachusetts Statewide Health Information Exchange
4
7©2012 Foley & Lardner LLP
- -
Phasing defines Roadmap for Statewide HIE Program
•Create infrastructure to facilitate data aggregation/analysis
•Will support Medicaid CDR and quality measure infrastructure
•Will support vocabulary translation services (lab, RX)
Increasing cost and complexity
Facilitate normalization and aggregation
Enable queries for records
Information Highway•Create infrastructure to enable secure transmission (“directed
exchange”) of clinical information
•Will support exchange among clinicians, public health, and stand-alone registries
•Focus on breadth over depth
Analytics and Population Health
•Create infrastructure for cross-institutional queries for and retrieval of patient records
Search and Retrieve
Phase 2
Phase 3
Phase 1
8©2012 Foley & Lardner LLP
- -
BIDPO Quality Data Center Project
BIDPO/BIDMC engaged MAeHC to provide a quality data warehouse service to:
– Enable automated extraction and aggregation of selected clinical data from member physicians’ eCW and WebOMR EHR systems
– Develop selected clinical quality measures for BIDPO internal benchmarking, case management, and reporting to commercial and government health plans
5
9©2012 Foley & Lardner LLP
BID QDC Enhancements:– Automated extraction of clinical data from live eCW and WebOMR
practices– Calculation and reporting of measures required by health plans,
including BCBSMA (AQC) and CMS (Meaningful Use and PQRS)– Implemented HHS approved HITSP standard C32 Continuity of
Care Document (CCD) as the vehicle for data exchanged(i.e. the payload).
– Using national vocabulary standards– CCDs are transmitted via the NEHEN Clinical Data Exchange– Using Patient Identifiable data – Richer data set (includes payer information)
BIDPO Quality Data Center Project (cont’d)
10©2012 Foley & Lardner LLP
BIDPO Quality Data Center
eCW
WebOMR
BIDPOQDC
NEHEN
NEHEN
Electronic reporting• MU, PQRS, AQC, etc
Data management• Report viewing• Case tracking
Data extraction• Queries• Pre-defined data marts
~ 2500 users
~300 users
Documentation & Extraction
Transport Validation & Analysis
User Access
Management Info System• User information• Utilization analysis• Other
6
11©2012 Foley & Lardner LLP
- -
BIDPO Quality Data Center Measures
Measure sets:– 35 Contract Incentive Measures– 44 NQF Meaningful Use Measures– 24 PQRS Measures– 31 ACO Measures
Substantial overlap in terms of intent between measures developed for BIDPO QDC, those required for the PQRI program, and those required for Meaningful Use.
12©2012 Foley & Lardner LLP
QDC was a qualified registry for the CMS 2010 PQRS program– We submitted PQRI reports on behalf of 319 BIDMC Providers
QDC is a qualified registry for the 2011 CMS PQRS program; we’re authorized to report on 24 selected measures.
QDC is expected to be ONC-ATCB (CCHIT) certified as a modular EHR for Eligible Providers for all 44 MU Stage 1 measures by the end of this month.
BIDPO Quality Data Center Measures (cont’d)
7
13©2012 Foley & Lardner LLP
- -Massachusetts eHealth Collaborative © MAeHC. All rights reserved.
Extract of Provider Measure Scorecard
14©2012 Foley & Lardner LLP
Query Health
Identifying cohorts for clinical trialsAccess to human specimensPopulation health surveillanceObservational studies of genetic variants
8
15©2012 Foley & Lardner LLP
Find Patients
Drag-and-drop query design interface
16©2012 Foley & Lardner LLP
Demographics Plugin
Analysis of a saved patient set using a “plugin”
9
17©2012 Foley & Lardner LLP
Two Patient List Plugin
Compare multiple patient sets
18©2012 Foley & Lardner LLP
Timeline Plugin
An example of visualization of patient data
10
19©2012 Foley & Lardner LLP
SHRINE Prototype
20©2012 Foley & Lardner LLP
Mobile Devices - BYOD
Under a pound12 hour battery lifeDisinfectableCan be dropped from 5 feet on to carpet without significant damageSmall enough to fit in a coat pocket but large enough for order entry
11
21©2012 Foley & Lardner LLP
The Ideal Device for Nurses
Vital sign captureInputs/outputsMedication workflowLab workflowNurse call workflow
22©2012 Foley & Lardner LLP
Challenges
Security- The Angry Birds Problem- Web content filtering- Cost- Network Access Control- Private verses Public networksProcurement and lifecycle managementEnterprise ManagementNative Applications versus WebThe Consumer IT evolution problem
12
23©2012 Foley & Lardner LLP
Compromise via Home Computer
Drop Server 200.63.44.172
Finding Type Corporate Credentials
Description An authorized user accessed one of the organization's resources, BIDMC Portal, from an infected machine (a screenshot is attached). The Trojan horse captured the credentials.
URL https://portal.bidmc.org/login.aspx?item=/default&user=extranet\Anonymous&site=website&url=/default.aspx
IP Address 24.63.18.108
Timestamp Wed, 17 Aug 2011 01:06:01 GMT
Rawtext
"1856";"TOSHIBA-PC_775A658D6522DF69";"-- default --";"33556489";"https://portal.bidmc.org/login.aspx?item=/default&user=extranetAnonymous&site=website&url=/default.aspx";"";"1313543161";"188203365";"-14400";"#6;#0;?#29; #0;";"1033";"C:Program Files (x86)Internet Exploreriexplore.exe";"Toshiba-PCToshiba";"12";"https://portal.bidmc.org/login.aspx?item=/default&user=extranetAnonymous&site=website&url=/default.aspxReferer: https://portal.bidmc.org/login.aspx?item=/default&user=extranetAnonymous&site=website&url=/default.aspxUser input: lxxxxxaKxxxxx3POST data: __EVENTVALIDATION=/wEWBALh8vWcAgKvpuq2CALyveCRDwL jNCfD1D ONbAiUFgkw75ofRC13PVI8NZusername=sxxxxxapassword=Kxxxxx13LoginButton.x=0LoginButton.y=0";"24.63.18.108";"US";"1313543148"
24©2012 Foley & Lardner LLP
Counter Measures
Tighten Internet access to and from the datacenter
Explicit closings of outbound ports o 5,866 ports with fewer then 20 connects
o 12 ports with more then 1000 connects
o 20% of outbound connections are on port 445
Add Perimeter protection at data center Proxy all public facing web servicesDeploy active WAF protection rules
Enhanced Log collection and correlation
Introduction of comprehensive vulnerability scans
13
25©2012 Foley & Lardner LLP
Questions?
John D. Halamka [email protected]
http://geekdoctor.blogspot.com
26©2012 Foley & Lardner LLP
Robert JarrinSenior Director, Government Affairs
Qualcomm Incorporated
Federal Policy and Regulatory Developments Affecting Wireless Health
14
27©2012 Foley & Lardner LLP
27
Federal Agencies
Federal Communications Commission (FCC)
Centers for Medicare and Medicaid Services (CMS)
Office of the National Coordinator (ONC)
Food and Drug Administration (FDA)
National Institutes of Health (NIH)
28©2012 Foley & Lardner LLP
Wireless Area Networks
Licensed spectrum used on an exclusive basis by license holders granted by the FCC. Today most WAN (3G/4G) connections are licensed. Licensees are protected from interference caused by other parties.Unlicensed spectrum best supports short-range connections (BAN/PAN/WLAN) that can be controlled by the user. Unlicensed users may not interfere with licensed users and must accept interference from all other sources.
WAN
PAN
WLAN
BAN
Generalized depiction for illustrative purposes only – Source: JARRIN
15
29©2012 Foley & Lardner LLP
29
FCC
National Broadband Plan Recommendations:– Create appropriate incentives for e-care utilization– Modernize regulation to enable health IT adoption– Unlock the value of data– Ensure sufficient connectivity for health care
delivery locations
FCC/CMS MoU (June 2010)
FCC/FDA MoU (July 2010)
30©2012 Foley & Lardner LLP
30
FCC - New Rules
Expanded MedRadio spectrum at 401-406 MHz for communications with implanted and body-worn medical devices
Established ultra-low power Medical Micropower Networks at 413-457 MHz
16
31©2012 Foley & Lardner LLP
31
FCC – Proposals
Medical Body Area Networks (“MBANs”) proposal for 2360-2390 MHz band sharing with aeronautical communications - pending
Proposal to expand experimental licensing and wireless test beds - pending
Hospital experimental waiver– Hocking Valley Community Hospital, Ohio – Experimental
Waiver to deploy a community-wide wireless network over TV whitespaces
32©2012 Foley & Lardner LLP
32
Reimbursement for “Medicare telehealth services” still lacking– Performed at distant site by doctor/nurse– Live (real-time) voice and video– Specific site of care stipulated by CMS– Beneficiary lives in HPSA or not in MSA– Specific types of “Eligible Medical Services”– No store and forward unless federal
telemedicine demo program in AK or HI.
For Medicare telehealth payment policy and claims processing instructions, See Pub. 100-02, chapter 15, sections 270 through 270.5.1 and Pub. 100-04, chapter 12, sections 190 through 190.7.
CMS - Reimbursement
17
33©2012 Foley & Lardner LLP
33
CMS Innovation Center– Accountable Care Organizations– Bundled Payments for Care Improvement– Comprehensive Primary Care Initiative– Federally Qualified Health Center (FQHC)– Health Care Innovation Challenge– Innovation Advisors Program– Partnership for Patients– State Demonstrations to Integrate Care for Dual
Eligible Individuals
CMS - CMMI
34©2012 Foley & Lardner LLP
34
PPACA Section 2703– Health Homes for Medicaid Enrollees with
Chronic Conditions
PPACA Section 3024– Independence at Home Demonstration
HIT Incentive Payments– Certified EHR’s – Certified EHR Modules
CMS - PPACA
18
35©2012 Foley & Lardner LLP
35
ONC
Adoption and “Meaningful Use” of EHR’s – Medicare and Medicaid EHR incentive payments
Meaningful Use Stage 2 – Under Review w/OMB– “Stage 3” criteria - “Engage Patients & Families”
Offer electronic self-management tools to patients with high priority health conditionsOffer capability to upload patient-generated data into EHR’s and clinician workflow
Federal Health IT Strategic Plan 2011-2015
36©2012 Foley & Lardner LLP
36
FDA
Home-Use Medical Device Initiative
Draft Radio Frequency Wireless Technology Guidance
Medical Device Innovation Initiative
Medical Device Data Systems (MDDS)
19
37©2012 Foley & Lardner LLP
37
FDA (cont’d)
Draft Mobile Medical Applications Guidance Document– September 2011 Workshop
FDA 2011 Plan of Action for 510(k)
IOM Report 510(k) Public Comment
Draft Guidance on Evaluating Substantial Equivalence in 510(k)
–
38©2012 Foley & Lardner LLP
38
NIH
mHealth Working Group
mHealth Workshop “Reducing Barriers to Mobile Technology Usage in Behavioral and Social Sciences Research”
Wireless Medical Technologies Working Group
FNIH annual mHealth Summit
2011 OBSSR mHealth Summer Institute
20
39©2012 Foley & Lardner LLP
39
Inter-Agency Efforts
mHealth Wireless Medical Technologies Working Group – NIH (NBIB)
mHealth Collaborative - HRSA/ONC
Federal Working Group on Telehealth -FEDTEL
Text4health Task Force –HHS
40©2012 Foley & Lardner LLP
40
Questions?
Robert Jarrin, Esq.Senior Director, Government Affairs
Qualcomm Incorporated
E-mail: [email protected]
LinkedIn http://www.linkedin.com/pub/robert-jarrin/7/188/59
21
41©2012 Foley & Lardner LLP
Questions?
Robert Jarrin - [email protected]
42©2012 Foley & Lardner LLP
Bring Your Own Device (BYOD)
Chanley Howell, Partner, Foley & Lardner
Michael Overly, Partner, Foley & Lardner
22
43©2012 Foley & Lardner LLP
Bring Your Own Device (BYOD)
Enabling mobile workers24/7 work environmentCompetitive advantageWorkplace “perk”– Workers more comfortable and productive
COST SAVINGS
44©2012 Foley & Lardner LLP
BYOD Here to Stay
Forrester: 48% of information workers buy smartphones without even considering what their company supports.Forrester: 50% of information workers are splitting their time between the office and home or another location, underscoring the need for mobile devices.
23
45©2012 Foley & Lardner LLP
BYOD Here to Stay (Cont.)
Forrester: 50% of information workers are splitting their time between the office and home or another location, underscoring the need for mobile devices.ISACA: two-thirds of employees ages 18 to 34 have personal devices they use for work purposesMarketWatch: Eighty-seven percent of companies say they have employees that use personal tech devices for work.
46©2012 Foley & Lardner LLP
BYOD Seven Key Risks
Mixing business and personal dataInformation securitySoftware licensing issuesDiscovery/Border searches and seizuresRepetitive stress and other workplace injuriesShared use of devices with non-employeesEmployee disposal of deviceSeven Key Risks
24
47©2012 Foley & Lardner LLP
BYOD Policy
Make your business caseDeveloping an approach– Anything goes– Approved devices only– Stipend– Ownership
Involve all stakeholders in developing a policy
48©2012 Foley & Lardner LLP
BYOD Policy (Cont.)
Integration with existing company policiesWrite an understandable policy– Most common failure
Participation in the program is a privilege, not a right.Presentation to employees
25
49©2012 Foley & Lardner LLP
Mobile Apps - Overview
Apps for consumers/patients Apps for medical personnelApplication development– Seldom a “green field” development– Many offshore, particularly European,
developers– Need for rapid development, scaled governing
contracts
50©2012 Foley & Lardner LLP
Mobile Apps – Third Party Apps
Multiple third party apps are generally needed (e.g., QR code readers, virtual reality applications, etc.).Licenses frequently presented as non-negotiable or very poorly written.
26
51©2012 Foley & Lardner LLP
Mobile Apps – Liability / EULAs
Addressing unique requirements of most popular mobile platformsAvoiding separate EULAs for each operating systemLimiting risk and protecting intellectual property
52©2012 Foley & Lardner LLP
Mobile Apps – Regulatory Issues
Collection of PHIThe Office of Civil Rights has reported that 116 data breaches of 500 records or more were the direct result of the loss or theft of a mobile device and led to the exposure of the personal health information of 1.9 million patients
27
53©2012 Foley & Lardner LLP
Mobile Apps – Other Legal / Regulatory Issues
Inadvertent rendition of medical adviceTraditional healthcare provider liability Security issuesFDA guidance / potential regulation
54©2012 Foley & Lardner LLP
Questions?
Chanley Howell – [email protected] Overly – [email protected]