Better Health: Smart Health Commentary Better Health (TM): smart health commentary

Latest Posts

Physician Fired For Facebook Faux Pas

In recent years many health care providers and managers have told me, time and again, that the health care world is accustomed to managing confidential patient information, and therefore doesn’t need much in the way of social media training and policy development.  This week brings news that should make those folks sit up and take notice.  A physician in Rhode Island, who was fired for a Facebook faux pas, has now been fined by the state medical board as well.  The physician posted a little too much information on Facebook — information about a patient that, combined with other publicly available information, allowed third parties to identify the patient.  The details of the story are available here and here.

The key takeaway from this story — and the Johnny-come-lately approach to health care social media taken by the Rhode Island hospital in question and the Boston teaching hospital that the Boston Globe turned to for comment — is that prevention is the best medicine. Read more »

*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*

In Brief: New Accountable Care Organization (ACO) Regulations

ACO regulations and related federal issuances hit the street last Thursday, after several months of waiting — from CMS, OIG, FTC, DOJ and IRS.  They cover the waterfront, ranging from the central regulation defining the structure and workings of the ACO, to  limited Stark self-referral ban and anti-kickback statute waivers in the fraud and abuse arena, to new frameworks for antitrust analysis, to rules governing joint ventures involving taxable and tax-exempt organizations.

I had the opportunity to discuss the regs the day after they were issued on a special edition of the Blog Talk Radio show, ACO Watch, hosted by Gregg Masters (@2healthguru).  Gregg’s guests included Mark Browne (@consultdoc), Vince Kuraitis (@VinceKuraitis), Jaan Sidorov (@DisMgtCareBlog) and yours truly (@healthblawg).  We are geographically diverse, and bring a variety of perspectives to the table.  I invite you have a listen — we enjoyed the opportunity to discuss the rules, we all learned from each other, and we hope you enjoy the conversation as well.  (It runs about 90 minutes.)

Update 4/5/2011: For a collection of ACO analyses curated by Anita Samarth see: http://bit.ly/ACO-Analyses.

Here are a few points to consider as part of a first look at the ACO rules:

1.    The rules were worth the wait.  There are a lot of moving parts to coordinate, and the multi-agency effort really came together.  The CMS rule also retains a fair amount of flexibility.  Some requirements are very specific, but others much less so.  (For one example of specific guidelines, take a look at the eight-part definition of patient-centeredness; an  organization must satisfy all eight in order to be an ACO.  Other requirements have no detail at all, and CMS will look to applicants to explain how they meet the requirements, without giving any hints.)

2.    This is the Frankenstein regulation:  A Medicare beneficiary must sit on the board of the ACO, CMS must approve all marketing materials before they are used ….  These requirements may be traced back to origins in CMS demonstration project and Medicare Advantage policies, respectively, and illustrate the way in which CMS took a short statute and really put some meat on the bones.  Some may balk at the weight of the requirements limiting the options of an ACO.

3.    CMS has bootstrapped a law aimed at ACOs serving at least 5,000 Medicare beneficiaries each into a system of rules that effectively requires that commercial business be handled in an ACO-like manner.  This, among other infrastructure requirements (e.g., 50% of ACO docs must be meaningful users of EHRs), leads to the conclusion that there will be relatively few ACOs, at least initially.  CMS estimates 75-150 nationwide.  There are, of course, many unanswered questions about what a commercial ACO would look like.  One model I am familiar with — here in the People’s Republic of Massachusetts — is the AQC, or Alternative Quality Contract offered by Blue Cross Blue Shield of Massachusetts to providers enrolled in its HMO Blue product.  One question is whether a slightly different financial model could apply to the commercial side of the house.  One model worth a close look is Jeff Goldsmith’s proposed ACO model, which would treat primary care, emergency and diagnostic care, and episodes of specialty care in three distinct ways.

In brief, Goldsmith recommends risk-adjusted capitation payments for primary care, fee-for-service payments for emergency care and diagnostic physician visits, and bundled severity-adjusted payments for episodes of specialty care.  Primary care would be provided through a patient-centered medical home model, which would likely have a collateral effect of reducing the total volume of emergency care and diagnostic physician visits.  Specialty care would be provided through “specialty care marts,” ideally more than one per specialty per market to maintain a little healthy competition.

A quick explanation of this approach to an intensivist over the weekend elicited a favorable response.

4.    Also in the bootstrapping department, CMS has shifted the ACO from a “shared savings” approach to having ACOs share risk as well as the upside.  Of course, this makes a lot of sense; a number of commentators, including the HealthBlawger, had lamented the fact that risk sharing was left out of the statute.  CMS has used its general waiver and demo authority under the ACA to move the ACO into risk sharing.  The ACO may choose: share risk from day one, and enjoy a potentially higher percentage of the upside, or defer the risk sharing to year three.

5.    The retrospective nature of patient attribution and savings calculations mean that each ACO must treat every Medicare fee-for-service patient as if he or she is “theirs.”  Patients have the right to decide whether they want their data shared with an ACO; if enough patients are spooked by health care data privacy and security issues, fewer and fewer will authorize the sharing from CMS to the ACO, and the ACO will have to drive by feel — or base its management of Medicare beneficiaries on its management of its general patient population.

6.    Organizations that dominate their local markets may be the most successful as ACOs, but they may face the most involved antitrust review at the hands of the FTC/DOJ.

7.    Scoring on 65 quality metrics in 5 domains will help determine the amount of any shared savings to be paid to an ACO.  One domain, patient experience of care, links up nicely with the patient-centeredness threshhold requirement noted above.  (For private sector attention to patient experience, see what the Leapfrog Group is doing in this domain, using some of the same measures.)  While some may bristle at the number of metrics, it is worth noting that these metrics are all drawn from existing sets of measures.

8.    All in all, the regulations represent the first stage of realizing the ACO vision expressed by Don Berwick last fall: there is a field open to experimentation (albeit a field likely limited to large networks of significant means that can underwrite the up-front infrastructure costs), and the ACO rules sketched out in the statute and further delineated in the regulations will enable CMS to incentivize the provider community to help achieve the triple aim of better care for individuals, better health for populations and reduced per-capita costs.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*

Rules to Ensure a HIPAA-Compliant Social Media Strategy

Health care social media continues to be a hot-button issue for hospitals and other provider types around the country.  Health care provider organizations considering taking a first step into social media often articulate concerns about regulatory and legal barriers to the use of social media in health care.  As regular readers of HealthBlawg know, I believe that an ounce of prevention is worth a pound of cure — in the health care social media arena as elsewhere.  Careful planning up front will help you avoid the potential liabilities and pitfalls you may otherwise face in implementing a health care social media program.  I invite you to take a look at this quick compendium of rules to live by, which I compiled with Dan Hinmon of Hive Strategies, and follow the link on the last page of the embedded presentation to download an expanded version. Read more »

*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*

Walgreens Sued For Selling Patient Data

Walgreens is being sued by customers who are not happy that their prescription information – even though it has been de-identified – is being sold by Walgreens to data-mining companies.

The data privacy and security concerns surrounding the transfer of de-identified data are significant.  To “de-identify” what is otherwise protected health information under HIPAA, some outfits will simply strip data of 18 types of identifiers listed in federal regulations.  However, the relevant regulation (45 CFR 164.514(b)(2)(ii)) also provides that this only works if “the covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.” Thus, the problem with this approach is that, these days, nobody can disclaim knowledge of the fact that information de-identified by removing this cookbook list of 18 identifiers may be re-identified by cross-matching data with other publicly-available data sources. There are a number of reported instances of this sort of thing happening. The bottom line is that our collective technical prowess has outstripped the regulatory safe harbor.

Is this the basis of the lawsuit brought against Walgreens?  An objection to trafficking in health information that should remain private?  No.  The plaintiff group of customers is suing to share in the profits realized by Walgreens from trading in the de-identified data. Read more »

*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*

Medical Record Hacking: Can HIPAA Solve The Problem?

HealthNet either lost, or had stolen from it, computer hard drives with PHI of 1.9 million subscribers that had been in a California facility.  This latest HealthNet data security breach, which may have included names, Social Security numbers, addresses, health information and financial information comes a little over a year after a widely-reported data security breach by HealthNet in Connecticut which resulted in the first state Attorney General action under the HIPAA amendments contained in the HITECH Act. HealthNet is notifying affected individuals and is offering two years of no-cost credit monitoring and fraud resolution services, and credit restoration and identify theft insurance as needed.

It’s both surprising and unsurprising that this has happened again to HealthNet.  In these cases, and in recent cases in Massachusetts (Mass General Hospital HIPAA settlement) and Maryland (Cignet HIPAA violations and CMPs), we have seen examples, collectively, of individual sloppiness, of ineffective corporate policies and procedures, and possibly of gross neglect/fraud/incompetence.  The question arises: Is HIPAA the right instrument to address all three sorts of problems?  Since it seems that it is not having an effect on any of them, I would suggest that the answer is no. Read more »

*This blog post was originally published at HealthBlawg :: David Harlow's Health Care Law Blog*

Latest Interviews

IDEA Labs: Medical Students Take The Lead In Healthcare Innovation

It’s no secret that doctors are disappointed with the way that the U.S. healthcare system is evolving. Most feel helpless about improving their work conditions or solving technical problems in patient care. Fortunately one young medical student was undeterred by the mountain of disappointment carried by his senior clinician mentors…

Read more »

How To Be A Successful Patient: Young Doctors Offer Some Advice

I am proud to be a part of the American Resident Project an initiative that promotes the writing of medical students residents and new physicians as they explore ideas for transforming American health care delivery. I recently had the opportunity to interview three of the writing fellows about how to…

Read more »

See all interviews »

Latest Cartoon

See all cartoons »

Latest Book Reviews

Book Review: Is Empathy Learned By Faking It Till It’s Real?

I m often asked to do book reviews on my blog and I rarely agree to them. This is because it takes me a long time to read a book and then if I don t enjoy it I figure the author would rather me remain silent than publish my…

Read more »

The Spirit Of The Place: Samuel Shem’s New Book May Depress You

When I was in medical school I read Samuel Shem s House Of God as a right of passage. At the time I found it to be a cynical yet eerily accurate portrayal of the underbelly of academic medicine. I gained comfort from its gallows humor and it made me…

Read more »

Eat To Save Your Life: Another Half-True Diet Book

I am hesitant to review diet books because they are so often a tangled mess of fact and fiction. Teasing out their truth from falsehood is about as exhausting as delousing a long-haired elementary school student. However after being approached by the authors’ PR agency with the promise of a…

Read more »

See all book reviews »

Commented - Most Popular Articles