The Patient Protection and Affordable Care Act (PPACA) and the American Recovery and Reinvestment Act (ARRA) have and will continue to have some of the most significant impact on how this nation will care for patients as well as store and access data on those patients. As just a part of the latter Act, HIPAA HITECH addresses security and privacy of data while the PPACA expands public and private health care initiatives.
Some of the new initiatives include the Transitions of Care movement, the Accountable Care Organization, as well as the Patient-Centered Medical Home Model. In future issues, we will deal more with these alterations and potential impacts to the health delivery system. Know that PPACA and ARRA are designed to fundamentally expand access to health care for all US residents. They are meant to look at new ways to deliver safe, quality, and economically affordable care.
In doing so Congress has stated the new delivery models will require rapid engineering of the health care delivery system to consistently provide high quality care at an overall lower cost.
The new delivery systems essentially require ready access of information across the care continuum to empower individuals to use and manage their own care. PPACA identifies one way of “improving health and health care for all Americans is through the use of information and technology.” But, in order to expand use of the information from one care provider to the other requires ready access, and ready access requires the ability to protect individual rights.
At a time when rapid sharing of data is essential for improved quality health care, the government learned the confidence in the protection of health data was low. The Federal Health Information Technology Strategic Plan 2011-2015 was established to “Inspire consumer confidence and trust in health IT.”
The Federal Health IT Vision and Mission
Vision: “A health system that uses information to empower individuals and to improve the health of the population.”
Mission: “To improve health and health care for all Americans through the use of information and technology.”
To do so, the Office of the National Coordinator for Health Information Technology (ONC) published the plan, opened it for public comment, and finalized the Plan in October, 2011 after incorporating over 200 public comments.
Privacy and Security were key concerns. Though individuals rely on HIPAA to assist in guarding how data is transmitted, maintained, and received, the HITECH regulations provide more control of that data by Covered Entities as well as Business Associates. There are stronger provisions for sanctions and significantly higher fines. In addition, the Office of Health and Human Services has commissioned a “principal-level, inter-division workgroup to develop an updated approach to privacy and security policies.” That workgroup will make recommendations to the HIT policy Committee as well as to the HIT Standards Committee.
The Federal Health IT Principles support the government in its desire to “put individuals and their interests first” (Overview Federal Health IT Strategic Plan 2011, p2).
Goal 1: Achieve Adoption and Information Exchange through Meaningful Use of Health IT
The new Federal Health Information Technology Strategic Plan (FHITSP) will be a living document that will be responsive not only to those committees, but also to the public, and other organizations, including Congress. The ONC, responsible for the Plan, already has proposed an extension of Meaningful Use, Stage 1, by a year (to 2014), to allow time to incentivize more providers in the use of Electronic Health Records (EHRs). Giving another year would allow providers and vendors more time to develop functionality for the EHR. CMS has requested more improvement of data portability.
One goal of improved data accessibility is to, per Congress, “engage patients and families in their health care.” To accomplish this goal, patients are to have an electronic copy of their health information; test results, medications, problem lists, procedures, and instructions, upon request. Providers are to be able to easily exchange data, including information that may have been patient-authored. When the patient is transferred from one setting to another, a patient transfer summary of care should be available for each transition of care or referral. You will see the use of the word discharge begin to fade away. The belief is the patient is not discharged, merely transitioned to the more appropriate level of care; thus a transition summary, not a discharge summary will be written.
Meaningful Use- Stage 1 Objectives include protection of health information created and /or maintained by the Electronic Health Record technology through the “implementation of appropriate technical capabilities.”
Meaningful Use- Stage 1 Measures include conducting a security risk analysis and implementation of updates as necessary with identified security deficiencies identified as part of the risk management process. (45 CFR 164.308 (a)(1).
The belief is that to ensure mass acceptance, privacy and security must be the solid foundation. Patients, families, and providers must feel confident that laws, regulations, and procedures are in place to keep health information safe and they must be able to access care from one level to the next.
Goal II: Improve Care, Improve Population Health, and Reduce Health Care Costs through the Use of Health IT
Exploring the use of new health care delivery models is being encouraged. From Care Transition programs to Accountable Care Organizations, CMS is seeking new ways to treat populations. The year 2012 brings in the CMS regulations regarding ACOs:
On October 20, 2011 the US Department of Health and Human Services released the final rule implementing the ACO Shared Savings Program and the complementary regulations and guidance from CMS/OIG as well as the DOJ/FTC. It should be noted that the final rules are materially different from the proposed rules of March, 2010.
ACOs were created by the Affordable Care Act (ACA) signed into law March 2010. The dual purpose of this network provider model is to reduce the increasing cost of healthcare and to include incentives to create this new way of providing care for individuals. Coupled with the ACO rules, CMS had unveiled the Shared Savings Program (SSP), a program created by Congress to allow the ACOs to share in the savings and potentially share the costs of care to Medicare beneficiaries.
The final regulations were released. The proposed rules did not stimulate the interest expected. CMS has since changed the final rule to focus on the themes of flexibility, accountability, and innovation. It also provides clear guidance aimed at encouraging the development of the ACO participation in the Shared Savings Program. The purpose of ACOs is to realize savings and quality care through the coordination of services among the various providers, including hospitals, individual physicians, group practices, hospitals, home health agencies, and community health centers, or any combination of the above. Applications for the implementation of ACOs are currently being accepted through January 1, 2012, and the first ACOs will begin April, 2012.
The three goals of the ACOs stressed under the Shared Savings program will be to promote: 1) effective, patient-centered care for individuals; 2) preventive oriented and education oriented care for specific populations; and 3) cost savings (and profit) for the ACOs and CMS in general as well as decreasing waste in the system.
To be eligible to participate in the Shared Savings Program, ACOs must be accountable for at least 5000 beneficiaries a year for each of the three years of the agreement. To be eligible to share the savings, ACOs will be required to report on four quality measure domains.
It is apparent that this new healthcare model will be very patient-centered, not only addressing the medical needs of its participants, but also the social, nutritional and community needs as well. The cost sharing for the ACOs is determined by not-yet established benchmarks for 33 quality measures (QMs) broken down into the four domains:
- Care Coordination/Patient Safety (6 measures)
- Preventive Health (8 measures)
- At-Risk Populations/Frail Elderly Health (12 measures)
- Patient/Caregiver Quality Standards (7 measures).
The QMs include population focused areas that are approached in a patient-centered manner. These indicators include timeliness of physician appointments, effective communication, tobacco use, diabetes and other comorbidity control, as well as preventive screenings. Depending on the success of the outcome-driven education and approach to the care as well as patient ratings and surveys, specific provider scores could garner up to 60% of the savings realized by the organization. It is anticipated that the new system will save over $960 million over the next three years for the Medicare program, per CMS.
This new form of healthcare organization will utilize technology to link providers. “An ACO will be rewarded for providing better care and investing in the health and lives of patients,” said Donald M. Berwick, M.D., CMS Administrator. “ACOs are not just a new way to pay for care but a new model for the organization and delivery of care.”
Goal III: Inspire Confidence and Trust in Health IT and
Goal IV: Empower Individuals with Health IT to Improve their Health and the Health Care System
Regulations are Stronger because Risks are Higher. Recent breach statistics show the cause of consumer concern. On 5/19/11, 1 million people were impacted by the theft of 517 unencrypted hard drives from servers at BCBS Tennessee Call Center. (www.healthcareinformationsecurity.com)
On 9/9/11 Microsoft Cloud Evaporates Leaving 365 Million Users without access for hours. (http://techcrunch.com)
The Federal list of major health information breaches since September 2009 includes 345 incidents affecting 18.5 million people as of 10/24/11. Breaches affecting 500 or more individuals 9/09- 8/11 included 328 breach incidents affecting 11, 819, 283 individual records.
In a 2010 survey, the Office of Health Information Management saw that 74% of providers surveyed offer patient access to the website or portal through the use of a unique log-in identifier. Believe it or not, 17% of those surveyed had no controls in place and were in violation of several regulations.
In the HIPAA final Security Rule (2006) personnel must be responsible for security, sharing of data safely must be provided in an electronic format, and there must be a patient identity validation.
Per the Federal HIT committees, the only secured data is data that has been destroyed or encrypted. Your IT provider should have Patient Privacy and Security Safeguards in place. Those will include an Assessment of Risk, IT Policies and Procedures with ongoing evaluations, Data Integrity Lifecycle Management, Audits, Storage and Data Retention Safeguards, with Disaster Recovery and data replication capability.
Goal V: Achieve Rapid Learning and Technological Advancement
Usability of EHR:
The ONC is looking at ways to improve the ability of providers to be more responsive to user need and improve data portability. CMS is monitoring the Medicare and Medicaid EHR incentive programs. Expect to see another collective ONC, Office of Civil Rights (responsible for HIPAA), and CMS national campaign to increase consumer awareness in the areas of:
- A National Transition to Electronic Health IT
- The Benefits of Managing Health IT Tools to Improve Health Care Management
- The Fact that this Move to EHIT Helps Keep the Consumer Empowered
- Health Information Privacy and Security
The campaign slogan chosen is to be “Putting the I in Health IT” which will encourage patients, families, and providers to share how IT can and has improved health care.
For more information and to read the Federal Health IT Strategic Plan visit http://healthit.hhs.gov/StrategicPlan