January 26,2015


My first exposure to Mobisante and their disruptive diagnostic ultrasound system was the mHealth Summit in November of 2010. At that time, the consumerization of medical devices had been gaining traction, mostly in the physician office market. Consumerization offers medical device manufacturers advantages in lower design costs, shorter time-to-market, lower product costs, increased usability and lower training costs.

I recently got Sailesh Chutani, co-founder and CEO of Mobisante, on the phone and we discussed their product strategy — a software based diagnostic ultrasound that runs on a variety of consumer electronics platforms.

Your product is clearly a diagnostic ultrasound medical device, but one can’t help but notice the rather unique design and choice of components. What were the factors driving the eventual design and appearance of your diagnostic ultrasound?

For us, in terms of where we started, our goal was to make ultrasound imaging universally accessible; to democratize it. Currently, there are three very significant barriers to broader adoption of ultrasound imaging:  cost, complexity and the difficulty of integration with workflows.

Traditional ultrasounds are the way they are because historically the only way to get the high performance and image quality you need was to do custom hardware, custom everything. This is by necessity very expensive. Then, in 2007, Qualcomm came up with Snapdragon chip sets. Now, for the first time, you had enough computing power in a smartphone to do the processing required for real time ultrasound imaging. So, we were looking at all of that and thinking, “Okay, so what are some the cost drivers?” Doing custom hardware is a pretty major driver of costs. If we could now use commodity electronics as building blocks for these devices, our costs would be dramatically lower.

The second big barrier was that a lot of the complexity you see in traditional devices comes from designs that are kind of one-off designs. And these devices are also designed for highly trained sonographers or experts. Those devices have dozens of knobs and controls. Sometimes weeks of training is required to just learn how to master a conventional ultrasound system. We questioned whether all of that complexity was necessary. Certainly, this complexity is an impediment if you’re going to make the diagnostic functionality more broadly accessible, especially to non-experts. As consumers, all of us are getting trained on the interaction paradigm of smartphones and tablets, so why not just make using ultrasound look like any other application you’d download? Stick to the interaction paradigm that the whole community has been trained on, and leverage that. So now, it takes someone five minutes now to learn to operate the device versus taking three weeks of class.

Breaking the third barrier entailed leveraging the connectivity that comes for free in all of these smart phones and tablets. So, we leverage those connectivity capabilities to offer functionality beyond image capture, but also managing and organizing these images through the diagnostic life cycle. We offer cloud-based image management and then eventually we’ll offer over-read services and analytics. These capabilities simplify integration of our devices into clinical workflows.

Those are the three key insights and drivers we had for our product, and I think you can clearly see them emerge out of the design and the actual product today. We are leveraging commodity smartphones, tablets and other off-the-shelf hardware, focusing on designing a simplified user interface that piggybacks off the training we all have in gestures and touch. The third piece is connectivity and increasing the value of the solution by not just capturing images at the device but also providing image management and access to other complementary services.

It seems that you intended to create a disruptive medical device from the get go? ?

That’s an accurate statement. [chuckle]

Our driver was really, how do you increase access. And maybe I can step back and ask, “Why does this even matter?” If you look at the broader issue, and this is really a global issue, the big question is, “How do you increase access to healthcare and do it in an affordable manner?“

There are two main drivers that determine the cost of healthcare. One is where are you delivering care? Are you delivering care in places like hospitals, in clinics, or in people’s own homes? And the other is who’s delivering that care? Is it highly trained MDs or nurses, nurse practitioners, or community workers or maybe patients themselves?

So, if you can move care closer to the patients, whether it’s a clinic out in the community or their own home, and you can move more of the care delivery to mid-level professionals and eventually patients themselves – if you can move along those two dimensions, that’s where you start to break the cost curve.

The problem is, in order to do that, you need a different kind of medical device or toolbox. Less skilled users need diagnostic and procedural guidance that you don’t have today. Today’s medical toolbox, the diagnostic toolbox included, is designed to be operated in a hospital environment by highly trained professionals. So, in some sense, that’s the problem we wanted to solve, and we picked ultrasound imaging as the tool to focus on first because it has very broad applicability.

Point of care imaging can take the guesswork out of medicine, right? So, you don’t have to palpate or poke to try and figure out what’s happening inside someone’s body – you can image and see what’s happening. That is the driver for what we’re doing. And yes, we also wanted to explore, how do you have a business model that would be difficult for incumbents to copy, and an approach, which as the newcomer, we could pioneer and build into a very strong position in the market?

Your product design has allowed you to carve out a segment of the market that really didn’t exist before.

That is correct. That is correct because, ultimately, if you think about who do we compete with? We compete with non-consumption (pdf), to use Clayton Christensen’s term, right? We are really making ultrasound imaging available to people who either didn’t have access before, had inconvenient access, or couldn’t afford it. Right? So, for them, they’re not looking for the dozens of features of a $100,000 device. They’re looking for something basic that allows them to do triage, quick looks. Essentially, answer yes/no questions.

So, while your disruptive product design significantly reduced the purchase price and per unit revenue for your product compared to traditional ultrasound systems, it sounds like it’s also created new business opportunities and new revenue opportunities?

Absolutely. An example would be, in addition to the imaging device, offering people image management in the cloud.  Besides automating the diagnostic workflow, clinics and hospital systems can essentially start to use that to do quality control on the images being acquired. They can use it to do training. Radiologists can start to offer 24X7 over-read services for ultrasounds, which exists in CT and MRI, but is not as prevalent in ultrasound.

So, yes, you’re absolutely right, you got the new opportunities to provide better care and create new revenue opportunities for us. But, there’s one point I want to highlight. Traditionally, devices have been sold in a fee-for-service reimbursement world. Manufacturers sell big-ticket medical devices justified by the fees health care providers can charge for using the device to do procedures. In this scenario, capital equipment costs are less important than the provider’s revenue potential from procedure fees. Providers have an incentive to do as many procedures as possible because they’re receiving a fee for providing that service. Now with the change in the health care system, the Affordable Care Act, I think people are starting to look at costs, clinical effectiveness and overall value – this creates a very different kind of business environment where you’re looking at tools asking the questions, “Does it help you provide better care? Does it help you provide cheaper care?”

I think that’s the big opportunity for innovation in point-of-care devices because they essentially allow you to do much more effective triage very early to see who needs the more expensive modality or not. For example, you’re at your community clinic in a rural area, complaining of abdominal pain. Today, if they don’t have imaging, they’re referring you to a hospital due to the serious conditions your symptoms might indicate. You want to rule out a whole class of things. If they have a device like ours, they can do it right away, and then for a number of cases, they will be able to have confidence. “Yeah, you don’t need that extra level of screening or diagnosis. You’re fine. You can go home. You just have gas or you ate something that didn’t agree with you.” Early on, in the health care delivery process, it’s possible to really reduce the number of unneeded procedures and screenings that have been the norm, with these point-of-care devices.

Up to this point, we’ve talked mostly about market facing factors that have both driven your design and are a consequence of your design approach. What factors or what kind of impacts were there internally in your company as a consequence of taking this pretty radical approach to medical devices? And I’m thinking things like new core competencies, regulatory impacts, purchasing components, all those kinds of issues.

Oh, it’s huge. It starts with what kind of team do you put in place, right? We needed folks, not only from the medical device community, but people who knew how to operate in this environment where some of the building blocks are off the shelf. The next consideration had to do with what we were going to be building on a platform that would evolve very rapidly. We had to learn to architect our product’s stack, so that it can cope with the rapid change that occurs with consumer electronics without requiring extensive redesign. And then tied to that was “Well, how do we approach our regulatory strategy?” If every time something minor changes, we have to get a new 510(k), you’d go out of business pretty quickly.


Categories: All , MedTech and Devices
European CommissionDigital personalised models, tools and standards with application for some specific clinical targets are currently available. There is however a need for greater integration of patient information, for example of multi-scale and multi-level physiological models with current and historical patient specific data and population specific data, to generate new clinical information for patient management.
Studying the brain activity of blind people, scientists at the Hebrew University of Jerusalem are challenging the standard view of how the human brain specializes to perform different kinds of tasks, and shedding new light on how our brains can adapt to the rapid cultural and technological changes of the 21st Century.
Here are a few I have come across the last week or so.Note: Each link is followed by a title and a few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.General CommentThe holidays are about the end and things will start to return to normal next week. Soon after that Parliament will come back and the bun-fight can resart.Interesting that Mr Turnbull is pushing for a ‘single digital identity’ for Australians - I wonder just exactly he means by that - thinking IHI etc. Time will tell I guess. Clearly Microsoft's Window 10 is going to have some considerable impact when it appears later in the year. -----http://www.smh.com.au/federal-politics/political-news/tony-abbott-promotes-malcolm-turnbull-to-take-charge-of-egovernment-20150123-12wstp.htmlTony Abbott promotes Malcolm Turnbull to take charge of e-governmentDate January 23, 2015 - 3:29PM James MassolaPolitical...

This is the initial part of the post - read more by clicking on the title of the article. David.
Categories: MedTech and Devices , All

January 25,2015


Kathy Beitz, 29, is legally blind - she lost her vision as a child and, for a long time, adapted to living in a world she couldn't see (Kathy has Stargardt disease, a condition that causes macular degeneration). Technology called eSight glasses allowed Kathy to see her son on the day he was born. The glasses cost $15,000 and work by capturing real-time video and enhancing it.

Categories: All , News and Views


As part of the Masters Program in Health Informatics, I produced videos on The Role of Informatics for Accountable Care Organizations. Links are below. I will be updating this post with videos each week.



Key Learning Objectives are:

  • To discuss the establishment of ACO Models of care and legislation that created them.
  • We will also learn about the philosophy, eligibility and characteristics of Accountable Care Organizations and the various models of care.
  • We will talk about managing health of ACO patients and the latest evidence and national distribution of ACOs
  • We will talk about best practices for managing care and tools to analyze gaps in patient care as well as the challenges faced by ACOs
  • Health Informatics and the tools that can be used to monitor performance standards, produce reports of quality metrics and the process for analyzing large amounts of data will also be reviewed.
  • Of course large amounts of data to analyze require tools and technology so we will speak about the types of tools used.
  • In addition, you will hear about interviews conducted with ACO Executives across the country covering their background, how they coordinate care and the technologies they use.
  • Finally you will gain insights and perspectives about the future of ACOs from these executives.

#1 Accountable Care Organizations 

#2 ACO Health Management

#3 Informatics, Big Data and Accountable Care Organizations 

#4 Informatics and Technology for ACOs

#5 Informatics and Big Data

#6 Interviews with ACO Executives

#7 Current and Future ACO Technology Needs


Categories: MedTech and Devices , All
This appeared a few days ago:Health advocates call on Federal Government to utilise technology to fight mental illness saying digital services are 'vastly underused' By Lexi Metherell January 21, 2015, 4:00 pmMental health advocates are urging the Federal Government to make better use of technology-based mental health services, saying they are cheap, effective, but vastly underused.The Federal Government is considering reforms to the sector and is soon expected to deliver its response to the National Mental Health Commission's review of programs and services.Mental health professionals have called for e-mental health services to be made a core part of the system.The Black Dog Institute estimates that while e-mental health services could benefit 600,000 Australians, just 30,000 use them.E-mental health programs include services delivered through digital mechanisms - such as phones and computers - which allow users to prevent, treat and recover from mental illness.E-mental health...

This is the initial part of the post - read more by clicking on the title of the article. David.
Categories: MedTech and Devices , All

January 24,2015

Here are the results of the poll.Following The Back-down On Medicare Rebate Cuts, With A Promise Of Consultation, Do You Expect More Consultation On The PCEHR And E-Health This Year?For Sure 3% (2) Probably 6% (4) Neutral 3% (2) Probably Not 32% (21) No Way 53% (35) I Have No Idea 3% (2) Total votes: 66 A pretty clear response with large majority believing that it is unlikely E-Health consultation will be stepped up any time soon. Good to see a clear outcome with a lot of responses over the time of the holidays. Again, many, many thanks to all those that voted! David.

This is the initial part of the post - read more by clicking on the title of the article. David.
Categories: MedTech and Devices , All
Here are a few I have come across last week. Note: Each link is followed by a title and few paragraphs. For the full article click on the link above title of the article. Note also that full access to some links may require site registration or subscription payment.-----www.fiercehealthit.com/story/iom-framework-further-data-sharing-clinical-trials/2015-01-16IOM framework to further data-sharing for clinical trialsJanuary 16, 2015 | By Susan D. HallA multi-stakeholder effort is necessary to create the culture, infrastructure and policies needed to further responsible data-sharing for clinical trials, an Institute of Medicine report finds.Clinical trials generate vast amounts of data, but much of that information is never published or made available to other researchers. At the same time, protecting the privacy of study participants remains a pressing concern, according to the report.The authors of the report say that sharing data is in the public interest, and offer a framework for...

This is the initial part of the post - read more by clicking on the title of the article. David.
Categories: MedTech and Devices , All

January 23,2015


Today I had the amazing opportunity to volunteer at my kids school. They make it a big deal for dad’s to volunteer at the school and my kids absolutely adore having their dad at school with them. We have a tradition that I go and spend the day at school with my kids on their birthdays. It’s pretty awesome and I might have even shed a tear or two. (Side Note: Check out my new Daddy Blog for cute pics of my kids)

However, that’s not the point of this post. It turns out today was testing day for a bunch of my kids (I have 3 in elementary school). What was amazing is that all of the test were administered on a computer. Yes, even my 5 year old kindergartner was taking his test on the computer. In fact the teacher told me, “It’s kind of hard because they don’t even really know how to type.”

Whether this is a good idea or not, is a topic for an education blog. However, I’ve written before about the next generation of digital natives and the impact they’ll have on healthcare and EHR. If we look a little further out, my 5 year old won’t even be able to comprehend the idea of a paper chart. It will be so ridiculous to him.

I’m still processing what this will mean to healthcare IT and to society in general. As I think back on the thousands of blog posts I’ve written about adopting EHR, I can think of many that will sound ridiculous even 5-10 years from now. That has me very excited. Not that my content is no longer useful (unless you enjoy Health IT history). I’m excited that a whole sea change is going to happen in how we want technology applied to healthcare.

No doubt, it’s not without some risk. I’ve heard many argue that the next generation doesn’t care about privacy. Personally I’ve seen quite the opposite. The next generation has a very sophisticated approach to privacy. They know when and where to share something based on who and what they want to see it. It’s the older generation that has a problem knowing exactly where something should be shared and where it shouldn’t. That’s not to say that some young kids don’t make mistakes. They do, but most are quite aware of where something is being shared. It’s why so many kids use snapchat.

What do you think of the coming generations of technology savvy people? What benefits will they bring? What challenges will we face? Are you excited, scared, nervous?


I have some big news to share with you this Friday afternoon. I have accepted an offer to become digital editor of Clinical Innovation+ Technology, a publication you may be familiar with. I’ll be responsible for the daily e-mail newsletter, among other things. It’s my first full-time job since the end of 2003.

Clinical Innovation + Technology is published by TriMed Media Group of Providence, R.I., which also publishes Health Imaging + IT, Cardiovascular Business, Healthcare Technology Management, Health CXO and the recently revived CMIO. (I freelanced for the first few issues of the original incarnation of CMIO, which later became Clinical Innovation & Technology.) This is a telecommuting job, so I will remain in Chicago.

Of course, this means I will have to give up most of my freelance work, in part because I won’t have the time and also because I don’t want to be in direct competition with my new employer. At least in the short term, I do intend to keep up this blog, since it never really was my primary outlet or source of income anyway, Lately, I haven’t been posting more than 2-3 times a month anyway, so you may not even notice much of a difference. Once I figure out my routine at the new job, I’ll decide on whether or not to continue this site.

I don’t know all the details yet on what kinds of things I’ll be focusing on, so please do not start inundating me with pitches. The last time I did multiple newsletters a week, I got burned out in no small part due to the volume of e-mail I received. Do note that “clinical” is the first name of the publication, and that TriMed has other titles devoted to the business side of things. That should be a clue as to what I’ll be interested in. As far as I know, there is no change to the staff of the print magazine.


A recent article in Modern Healthcare featured an interview with Dr. Delos "Toby" Cosgrove who is the CEO of the Cleveland Clinic (see: Cleveland Clinic CEO talks strategy, expansion and standardization). There are a number of very interesting points in this article but one jumped out at me so I will start with it. The exchange is listed below:

MH: Cleveland Clinic is unique in that you've actually grown inpatient volume. What do you attribute that to, and is it sustainable?

Cosgrove: About 80% of our patients come from about a six-county area, about 19% come from the rest of the U.S. and about 1% from overseas. One of our major strategies has been hospital transfers. We have about 20,000 hospital transfers on an annual basis, and people are coming to us for tertiary, quaternary care, and about a quarter of our beds are intensive-care beds. That's one of the things that has sustained us. And we've had substantial growth in our outpatient visits. 

A note in Lab Soft News from 2013 made reference to the Cleveland Clinic as a "super-regional" hospital, a term coined by Atul Gawande (see: Cleveland Clinic Launches Consulting Relationship with ProMedica System in Toledo). I must admit that the term seemed appropriate to me at the time but I wasn't sure of the exact definition. When searching for the term super-regional hospital, I came across this article: New Laws and Rising Costs Create a Surge of Supersizing Hospitals. However, this is about hospitals merging to achieve greater size ("supersizing" hospitals). In the case of the Clinic, I have the sense that it has becoming a super-regional by getting better and not necessarily by getting bigger. 

The patient admission numbers provided by Cosgove help me to begin to better understand the term super-regional, at least in the case of Cleveland Clinic. Eighty per cent of patient admission are from the adjoining six-county area and 19% from the rest of the country with 1% from overseas. An additional important number is that 20,000 admissions are transfers for tertiary and quaternary care. About a quarter of the Cleveland Clinic beds are intensive care. So, in this case, better as I use the term in the paragraph above, means the ability of Cleveland Clinic to manage complex patients and satisfy the referring hospitals and physicians. Because the hospital has only a lesser interest in primary and secondary care, the referring hospitals will not fear that referred patients will be poached and thus not return to their home hospitals.

So the idea that hospitals' inpatient populations will inevitably shrink in the future may not apply to large academic centers and super-regional facilities like Cleveland Clinic and Mayo Clinic (see: Falling Inpatient Revenues at Many Hospitals Is Sign of Healthcare’s Transition to New Models of Integrated Clinical Care...) These facilities, however, need to continue to promote transfers and referrals and many of these transferred patients will occupy intensive care beds.

The Modern Healthcare interview of Cosgove also makes mention of a new "knowledge transfer agreement" between the Cleveland Clinic and Community Health Systems, a for-profit hospital system that owns, operates, or leases 206 hospitals in 29 states with approximately 31,100 licensed beds. Such an arrangement would probably be unthinkable for, say, a prestigious academic medical center. On the other hand, CHS may be a productive source of referrals and transfers for Cleveland Clinic in the future.

mHealth Summit Europe11 - 12 May 2015, Riga, Latvia.
What does Europe need to go truly digital when it comes to healthcare? How can we ensure interoperability of mHealth solutions with Electronic Health Records (EHRs) for Continuity of Care purposes? These are just some of the questions that the mHealth community in Europe has needed answers to for a long time.
CarestreamCarestream scientist Dr Samuel Richard will present a scientific paper documenting the impact of advanced imaging technologies on lung nodule conspicuity at the 2015 European Congress of Radiology (ECR).
This appeared a little while ago.Little To Show For $26 Billion Health IT InvestmentBy Christine KernThe electronic sharing of information (health information exchange) plays a critical role in improving the cost, quality, and patient experience of healthcare. However, there is very little electronic information sharing among clinicians, hospitals, and other providers despite more than $24 billion in incentive payments to hospitals and eligible professionals who "meaningfully use" electronic health records, and another $2 billion spent on interoperability standards and EHR certification over the past five years.This according to a health policy brief written by Janet Marchibroda, director of the Health Innovation Initiative at the Bipartisan Policy Center published by Health Affairs and supported by the Robert Wood Johnson Foundation.Marchibroda explains, “While considerable investments in health IT have been made, advancement of interoperability and electronic information sharing...

This is the initial part of the post - read more by clicking on the title of the article. David.
Categories: MedTech and Devices , All

January 22,2015

So yesterday was a big day here at Microsoft. Like many of you, I was glued to my computer screen while our business and product leaders updated the world on Windows 10 , Windows Phone, Xbox, and more. We learned that Cortana will be taking up residence...(read more)
Source: HealthBlog

I’ve been involved in building many life-critical and mission-critical products over the last 25 years and have found that, finally, cybersecurity is getting the kind of attention it deserves. We’re slowly and steadily moving from “HIPAA Compliance” silliness into a more mature and disciplined professional focus on risk management, continuous risk monitoring, and actual security tasks concentrating on real technical vulnerabilities and proper training of users (instead of just “security theater”). I believe that security, like quality, is an emergent property of the system and its interaction with users and not something you can buy and bolt on. I’m both excited and pleased to see a number of healthcare focused cybersecurity experts, like Kamal Govindaswamy from RisknCompliance Consulting Group, preaching similar proactive and holistic guidance around compliance and security. I asked Kamal a simple question – if cybersecurity is an emergent property of a system, who should be held responsible/accountable for it? Here’s what Kamal said, and it’s sage advice worth following:

Information Security in general has historically been seen as something that the organization’s CISO (or equivalent) is responsible for. In reality, the Information Security department often doesn’t have the resources or the ability (regardless of resources) to be the owners or be ultimately “accountable” or “responsible” for information security. In almost all cases, the CISO can and must be the advisor to business and technology leaders or management in the organization. He could also operate/manage/oversee certain behind-the-scenes security specific technologies.

If your CISO doesn’t “own” Information Security in your organization, who should?

At the end of the day, everyone has a role to play in Information Security. However, I think the HealthIT managers and leaders in particular are critical to making security programs effective in healthcare organizations today.

Let me explain…

Of all the problems we have with security these days,  I think the biggest stumbling block often has to do with not having an accurate inventory of the data we need to protect and defining ownership and accountability for protection. This problem is certainly not unique to Healthcare. No amount of technology investments or sophistication can solve this problem as it is a people and process problem more than anything else.

Healthcare is unfortunately in a unenviable position in this regard. Before the Meaningful Use program that has led to rapid adoption of EHRs over the last five years, many healthcare organizations didn’t necessarily have standard methods or technologies for collecting, processing or storing data. As a result, you will often see PHI or other sensitive information in all kinds of places that no one knows about any longer, let alone “own” them –  Network file shares,  emails, a legacy application or database that is no longer used  etc. The fact that HealthIT in general has been overstretched over the last five years with implementation of EHRs or other programs hasn’t helped matters either.

In my opinion and experience, the average Healthcare organization is nowhere close to solving the crux of the problem with security programs – which is to ensure ownership, accountability and real effectiveness or efficiencies.

Most of us in the security profession have long talked about the critical need for the “business” to take ownership among business and technology leaders. For the most part however, I think this remains a elusive goal for many organizations. This is a serious problem because we can’t hope to have effective security programs or efficiencies without ownership and accountability.

So, how do we solve this problem in Healthcare? I think the answer lies in HealthIT leadership taking point on both ownership and accountability.

HealthIT personnel plan, design and build systems that collect/migrate/process/store data, interact with clinical or business leadership and stakeholders to formulate strategies, gather requirements, set expectations and are ultimately responsible for delivering them. Who better than HealthIT leaders and managers to be the owners and be accountable for safeguarding the data? Right?

So, let’s stop saying that we need “the business” to take ownership. Instead, I think it makes much more pragmatic sense to focus on assigning ownership and accountability on the HealthIT leadership.

I present below a few sample mechanics of how we could do this:

  1. Independence of the CISO. For a start, Healthcare CIOs or leaders should insist on independence for the CISO (or equivalent) in their organizations. Even if the CISO or security director or manager happens to be reporting to the CIO (as it still happens in many organizations), I think it is absolutely critical that you reorganize to make the role one of an advisor and support role and not an IT function itself. The CISO and his may also have their own operational responsibilities, such as management of certain security technologies or operations,  performing risk assessments, monitoring risk mitigation or remediation programs,  assisting with regulatory compliance and so on. Regardless, they must be an independent function with a strong backing or support from the CIO.
  1. IT (Data) Asset Discovery, Classification and Management. To start with, all IT assets (hardware and software) that collect, receive,  process,  store or transmit data (CRPST) need to be identified,  regardless of whether these assets are owned/leased/subscribed or where they are hosted. Every physical or virtual asset (network device, server, storage, application, database etc.) must have one assigned owner at a manager/director/VP level who is ultimately accountable for security of the information CRPSTed by the asset. As the owner may choose or need to delegate responsibilities (see #3 below)  the asset meta-data should also include information regarding personnel that have delegated responsibilities. If you are a smaller organization,  you may have one person being the owner that is “accountable” as well as “responsible” .
  1. Directives to HealthIT executives and managers. It is important that Healthcare CIOs send a clear message of sponsorship and accountability to their executives and managers regarding their “ownership” related to security.  The asset owners (see #2 above) may in turn delegate “responsibilities” to other personnel (not below a manager) in her department. For example, the VP or Director of IT Infrastructure may delegate responsibilities to Manager of Servers and Manager of networks. Similarly, the VP/Director of Applications may delegate responsibilities to the Database Manager and Manager of Applications and so on. Regardless of the delegation, the VP or Director retains the “ownership” and “accountability” for security of information CRPSTed by the asset.
  1. Bolted-in Security. The HealthIT strategy and architecture teams need to work in close collaboration with the CISO’s team. It is critical that security is an important planning and design consideration and not something of an afterthought. It is much more cost effective to plan, design and implement secure systems from the start (hence bolted-in) than trying to look for a patch-work of controls after the systems are already in place.
  1. Need for HealthIT managers with “responsibilities” to be proactive. Let me explain this with a few examples of the Server Manager’s role in #3 above.
    • The Server Manager must at all times know the highest classification of the data stored on his servers so he is sure he has appropriate controls for safeguarding the data as required by the organization’s Information Security Policy and standards. If a file server is not “authorized” to contain PHI or PII on its shares, he should perhaps reach out to the CISO with a request for periodic scans of his servers to detect any “sensitive” data that users may have put on their file shares, for example.
    • If a file server is authorized to store PHI for use by the billing department for example, the Server manager must work with the billing department manager to have her periodically review the access that people have to the billing file shares. If your organization’s Identity and Access Management (IAM)  solution or program has capabilities for automating these periodic access reviews,  the Server Manager must work with the CISO (or whoever runs the IAM program)  to operationalize these access reviews as part of your Business-As-Usual (BAU)  activities. The key point here is that it is the Server Manager’s responsibility (and not the Billing Manager or the CISO’s) to ensure that the Billing Manager performs the access reviews in compliance with the organization’s policies or standards for access reviews of PHI repositories.
    • The Server Manager must all times be aware of who all have administrative access to these servers, so he must look for ways to get alerts for every change that happens to the privileged or administrator access to the servers. If your organization has a Log Management or a Security Information Event Management(SIEM)  solution,  the Server Manager should reach out to the CISO or his designate so the SIEM solution can collects those events from your servers and send email alerts for any specific administrator or similar privilege changes to the Server Manager. While we are on SIEM, the Server Manager should also work with the CISO and the Billing Manager so the Billing Manager gets an email alert every time there is a change to the access privileges on the file shares containing PHI or PII used by the billing department.
    • If one of the servers happens to be a database server, the Server Manager may be responsible for the operating system level safeguards while the Database Manager may have the responsibility for the database “asset”.  She will in turn need to work with the CISO and the relevant business managers for automation of access reviews, monitoring of potential high risk privilege changes in the database etc.


I hope these examples from Kamal illustrate how HealthIT can have an effective ownership and accountability for security.

Drop us some comments if you agree but especially if you don’t.


In a recent blog, the opinions of the JASON Report Part II with regards to CDA were analyzed. The review of CDA was lukewarm at best. However, the report did spend a significant amount of time talking about future possibilities. The main focus of the future possibilities was HL7 FHIR.

FHIR was discussed extensively in the report because JASON thought it lends itself well to the health IT vision which was stated as:

Focus on the health of individuals rather than the care of individuals.

Key to this vision is the establishment of a robust health data infrastructure that could also be used to enable a Learning Health System. But one major impediment that remains is the critical need for open APIs for EHR connectivity and to stimulate entrepreneurial ideas. One solution to this impediment is seen as the FHIR standard, which JASON sees as a “significant improvement over CDA.”

The JASON report describes CDA as a container for information. The problem with the container is that it is hard to sort out all the data in the container into usable chunks. FHIR solves this by organizing the data into smaller usable chunks called resources. These resources standardize the exchange of information as modular components.

Resources contain basic pieces of information and can be extended to fulfill specialized requirements. Resources can also be bundled together to satisfy the same messaging and document workflows that the health IT industry uses today. In a previous post, I detailed the interoperability paradigms of FHIR, including REST, messaging, documents, and services.  Examples of resources include Patient, Medication, and CarePlan to name a few. Like CDA, each resource has a human readable element as well as coded entries.

Because these resources are simple in structure and clearly defined, they are viewed as something that is easy to parse and extract the data. Not to mention, it is always possible to extract the human readable portion. The resources, which can be encoded in XML or JSON (not to be confused with JASON – the organization writing the report), are lightweight and easily adaptable to web applications which is something that has not existed in health IT to this point.

According to the report, of even greater importance than the lightweight and clearly defined resources is the ability to support representation state transfer (REST). There are several design features listed in the report which give evidence to REST being such a good choice:

  • Separation of concerns about the storage of data and the interface to the data
  • The communication is essentially stateless between requests
  • Load balancing can easily be employed on the server side
  • Client caching can be enabled for efficiency
  • Servers can send code to clients to extend functionality
  • Applications present a uniform interface, with four guiding principles:
    • Resources are identified via URLs
    • Clients, with permission, can modify the resources on the server
    • Messages are self-descriptive
    • Transitions of the data are performed using hyperlinks

With REST in place as a paradigm for interoperability, along with the simple modular structure of resources, JASON believes that FHIR sets the stage for a major shift in the way healthcare data is exchanged, and make data more readily available when and where it is needed to support the future vision of healthcare.

Categories: News and Views , All

The following is a guest blog post by Mark Fulford, Partner in LBMC’s Security & Risk Services practice group.
Mark Fulford
Myths abound when it comes to data security and compliance. This is not surprising—HIPAA covers a lot of ground and many organizations are left to decide on their own how to best implement a compliant data security solution. A critical first step in putting a compliant data security solution in place is separating fact from fiction.  Here are four common misassumptions you’ll want to be aware of:

Myth #1: If we’ve never had a data security incident before, we must be doing OK on compliance with the HIPAA Security Rule.

It’s easy to fall into this trap. Not having had an incident is a good start, but HIPAA requires you to take a more proactive stance. Too often, no one is dedicated to monitoring electronic protected health information (ePHI) as prescribed by HIPAA. Data must be monitored—that is, someone must be actively reviewing data records and security logs to be on the lookout for suspicious activity.

Your current IT framework most likely includes a firewall and antivirus/antimalware software, and all systems have event logs. These tools collect data that too often go unchecked. Simply assigning someone to review the data you already have will greatly improve your compliance with HIPAA monitoring requirements, and more importantly, you may discover events and incidents that require your attention.

Going beyond your technology infrastructure, your facility security, hardcopy processing, workstation locations, portable media, mobile device usage and business associate agreements all need to be assessed to make sure they are compliant with HIPAA privacy and security regulations. And don’t forget about your employees. HIPAA dictates that your staff is trained (with regularly scheduled reminders) on how to handle PHI appropriately.

Myth #2: Implementing a HIPAA security compliance solution will involve a big technology spend.

This is not necessarily the case.  An organization’s investment in data security solutions can vary, widely depending on its size, budget and the nature of its transactions. The Office for Civil Rights (OCR) takes these variables into account—certainly, a private practice will have fewer resources to divert to security compliance than a major corporation. As long as you’ve justified each decision you’ve made about your own approach to compliance with each of the standards, the OCR will take your position into account if you are audited.

Most likely, you already have a number of appropriate technical security tools in place necessary to meet compliance. The added expense will more likely be associated with administering your data security compliance strategy.

Myth #3: We’ve read the HIPAA guidelines and we’ve put a compliance strategy in place. We must be OK on compliance.

Perhaps your organization is following the letter of the law. Policies and procedures are in place, and your staff is well-trained on how to handle patient data appropriately. By all appearances, you are making a good faith effort to be compliant.

But a large part of HIPAA compliance addresses how the confidentiality, integrity, and availability of ePHI is monitored in the IT department. If no one on the team has been assigned to monitor transactions and flag anomalies, all of your hard work at the front of the office could be for naught.

While a ‘check the box’ approach to HIPAA compliance might help if you get audited, unless it includes the ongoing monitoring of your system, your patient data may actually be exposed.

Myth #4: The OCR won’t waste their time auditing the ‘little guys.’ After all, doesn’t the agency have bigger fish to fry?

This is simply not true. Healthcare organizations of all sizes are eligible for an audit. Consider this cautionary tale: as a result of a reported incident, a dermatologist in Massachusetts was slapped with a $150,000 fine when an employee’s thumb drive was stolen from a car.

Fines for non-compliance can be steep, regardless of an organization’s size. If you haven’t done so already, now might be a good time to conduct a risk assessment and make appropriate adjustments. The OCR won’t grant you concessions just because you’re small, but they will take into consideration a good faith effort to comply.

Data Security and HIPAA Compliance: Make No Assumptions

As a provider, you are probably aware that the audits are starting soon, but perhaps you aren’t quite sure what that means for you. Arm yourself with facts. Consult with outside sources if necessary, but be aware that the OCR is setting the bar higher for healthcare organizations of all sizes. You might want to consider doing this, too. Your business—and your patients—are counting on it.

About Mark Fulford
Mark Fulford is a Partner in LBMC’s Security & Risk Services practice group.  He has over 20 years of experience in information systems management, IT auditing, and security.  Marks focuses on risk assessments and information systems auditing engagements including SOC reporting in the healthcare sector.  He is a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP).   LBMC is a top 50 Accounting & Consulting firm based in Brentwood, Tennessee.

Imagine having a personal robot prepare your breakfast every morning. Now, imagine that this robot didn't need any help figuring out how to make the perfect omelet, because it learned all the necessary steps by watching videos on YouTube. It might sound like science fiction, but a team at the University of Maryland has just made a significant breakthrough that will bring this scenario one step closer to reality.

January 21,2015


The idea that continuous ambulatory blood pressure monitoring is preferable to a single measurement in a doctor's office should come as no surprise. A recent study brought this issue into sharp focus (see: Why doctors are excited about mobile blood pressure monitoring). Below is an excerpt from it:

In the first decade of this century, deaths attributed to high blood pressure have increased nearly 40 percent – roughly one in three adults in the US now suffer from the condition....An obvious place to start [to control the disease]: make sure that blood pressure monitoring, and thus diagnosis, is accurate, but a large new study ...is calling into question whether we’re going about it the best way possible...[A recent] review ...found that “ambulatory” monitors worn during a person’s daily routine were as much as 40 percent more accurate predicting heart attacks, strokes, and heart disease than single checks taken at the doc’s....[T]here is quite simply more data being gathered when a cuff worn around one’s arm checks blood pressure at regular intervals throughout a day. But this kind of mobile monitoring also helps catch two types of people who are easily misdiagnosed – those with “white coat” syndrome (see: White coat hypertension), who get nervous in doctor’s offices and experience artificially high blood pressure at precisely the time of monitoring (a condition that may affect as many as 30 percent of people thought to be hypertensive), and those who react oppositely, with lower readings either because they take their meds before going to the doctor’s or because they experience more stress in their home environment....

[Ambulatory monitoring] is going to refine the initial screen performed in a doctor’s office, and give you more accurate results,” said Margaret Piper...,lead author of the review. If Piper’s task force recommendation to switch to ambulatory monitoring becomes final, health insurers would have to pay for it because preventive procedures that are approved by the task force must be covered under the Affordable Care Act....Unfortunately, the ambulatory monitoring recommendation comes at a tricky time – when there are more home monitoring apps than ever, but they appear to be inferior to the ones used in doctor’s offices.....Piper stressed that the ambulatory devices her task force is recommending are not the same – they still involve wearing an arm cuff as opposed to simply pressing one’s finger on a smartphone screen – while the newest ones can now wirelessly connect to smartphones to easily track the readings. They also take readings at regular intervals, as opposed to whenever a user thinks of it.

The good news is that ambulatory blood pressure monitors are more accurate in predicting heart attacks, strokes, and heart disease than single reading taken with a blood pressure cuff in a doctor's office. The latter can be falsely high or falsely low. The bad news is that the various standard blood pressure apps running on smart phones are inaccurate; they are also not designed to take readings at regular intervals. You can buy a blood pressure device with a cuff at a drug store but such a device also suffers from the fact that the recording is not continuous. The solution to this dilemma, as stated above, are inflatable cuff devices worn continuously that transmit wirelessly to cell phones and take readings at predetermined intervals. 


CES 2015 is now in the headlights. One person I talked to said they thought that the event was missing some of the excitement of previous years. I disagreed with him. I thought it was more exciting than previous years. Although, my excitement comes from the entrepreneurs and the Digital Health space. If you look at the larger CES floor with the massive million dollar booths, it was lacking some luster. Of course, with the size of CES, it’s easy to understand why two people could have very different experiences.

If you’re interested about what else I found at CES, I sat down with Dr. Nick van Terheyden, CMIO at Nuance, to talk about our experiences at CES 2015 and some of the takeaways from what we saw. I think you’ll enjoy this CES 2015 video chat below:


This is part II of my interview with Proteus Duxbury, CTO of the Colorado Health Insurance Marketplace, Connect for Health Colorado . I also encourage  you to read Part I.

As Colorado runs its own exchange, and has had what most consider a successful rollout, we’ll discuss what is next and how the exchange works to improve the long-term health of the people of Colorado. In this chat we discuss choice architectures and how to build an exchange that is really, truly consumer-centric – a great vision for health in any state, and I’m glad to see it emerging here in Colorado.

LK: Have you looked into behavioral economics and what are called choice architectures like what they describe in Nudge? Nudge has a pretty long section on creating a framework for effective decisions based on the goals of the user.

PD: Absolutely. Our marketplace solution is a good traditional transactional system, but it’s not been designed as a true engagement platform, utilizing choice/behavioral best practices, so we’ll likely need to append our architecture with some niche solutions. These could come from the startup community and non-traditional sources of innovation in the local community, and that’s very exciting.

LK: You and I have talked the opportunity for the exchange to be more of a platform, presumably with APIs that would allow outside developers to come in and build new solutions and applications using data supplied via the API combined with other outside sources. What can you share with us about that?

PD: We are implementing an API into various parts of our marketplace, hopefully in the next year or so.

Digital engagement is very important to us. We are going to move forward with a hackathon so that we can engage the local digital health community to bring innovative new ideas that could be leveraged in the long term to create an engaging, transparent experience. As CTO however, there is a balance between being innovative and having an enterprise scalable architecture. Anything that we put into production has to be robust, it has to scale well. We have recently engaged with a startup, CodeBaby, who are based here in Colorado Springs. They helped us go live today with Kyla our avatar who helps people navigate our website. For now this is limited, but we hope to integrate this further into our key, core portal marketplace screens and into our streamlined eligibility application.

LK: That’s great to see, and I can’t wait to see what comes next. I think that this kind of opportunity will be very exciting for entrepreneurs because health care is something that literally everyone has a stake, and it’s great to have these kinds of opportunities in Colorado to get more people involved in improving it, with code.

PD: Denver is a really exciting place to be in the development of new health technologies and new innovations given the work that Mike Biselli is doing (creating Stride, an emerging digital health campus with some big soon-to-be-named digital health tenants) to establish Denver as a hub.

LK: Yes, the Prime Health Collaborative and Stride and Health 2.0 Denver do seem to have started something special in the community here. It seems like a great fit because people do come here to be active, and the active, consumer-centricity has started to show with the startups that have formed here. It’s a great confluence of forces around digital health and consumer-focused solutions.

So let’s talk a little about what makes this environment unique and how we’re going to sustain it. Connect for Health Colorado is a non-profit that will need to be self-sustaining. What are the opportunities for extending the business model?

PD: We do need to be self-sustaining in January of 2015 and we do have a plan to do so based on a broad market assessment and our carrier-fee billing for plans that we offer on the marketplace.  In the future however there may also be opportunities for monetizing our (anonymized) information assets and our technologies thereby funneling additional resources back into the exchange to support our ongoing vision and mission. Perhaps to other, newer exchanges.

LK: What improvements are you going looking to roll out in the near future?

PD: In addition to what we’ve already discussed, a key focus area for us will be the utilization of user preferences to identify the important decision-making criteria for individuals.

We’re also putting in an out-of-pocket calculator so people can understand what kind of plan they should choose given their predicted healthcare expenditures for the year.

We do have a provider search tool, so people can see which providers are in-network for individual plans. However there are opportunities to make these searches broader and more inclusive, with real-time information on which providers are taking new patients and the exact services they are providing. For example so someone could find a child ABA (Applied Behavioral Analysis) provider in Denver that also has current openings within their practice. That’s just not possible using the provider search tools in use.

We have recently gone live with a formulary tool to help people find out which medications are covered by individual plans. In the future I would like to see the development of richer decision-support tools around formulary, linking in efficacy and safety information for particular drugs, given the genetic pre-disposition of the individual. Quality ratings for plans, carriers and providers are also areas that exchanges are looking to move into in the future. Amazon-like consumer-driven payer/provider ratings. The ACA has driven a number of initiatives to introduce more transparency in the marketplace. We’ve discussed a little about the All Payer Claims Database, or APCD, here in Colorado, which was driven by the ACA. Transparency and quality metrics is an area (CMS) will be providing guidance on in 2016. The establishment of the health insurance exchanges themselves is, in and of itself, a broad move toward applying more transparency to the marketplace by creating a common benefit package for qualified health plans. So, it’s easier for the consumer to compare plans like they are comparing apples to apples. CMS and ACA are playing a large role in helping to make the healthcare marketplace more transparent.

LK: Despite the hype to the contrary, it really is a free-market approach, and for the free market to work, you need transparency. If we want to fix health care, we need to make all of it more transparent and that creates a lot of opportunity for health IT that can facilitate that transparency.

PD: Reflecting on the success of PatientsLikeMe, that builds communities of patients to share information. There’s no reason we couldn’t explore providing similar communities for people in Colorado.

LK: So more of building a community and helping people connect with others in the state? That sounds great.

PD: In parallel the development of storefronts for the provision of direct to provider services including Telehealth and concierge medicine seem like a natural future evolution for exchanges.

LK: Seems like there are a lot of niches that could be provided and make this more of a communications system between patients, providers, payers and between many different stakeholders in the system, as well as a face to the health care system in Colorado.

One other thing I wanted to ask about is, have you received any interesting demographic trends about who is signing up for insurance on the exchange?

PD: Some interesting facts from our last open enrollment period (2013-14) was that 38% were in 0-34 age range. 35% were in the 35-54 age range. More than 73% of our consumers were under 55. Only about 26% were in the 55-64 age range. The other surprising thing was that 40% of those who enrolled received no financial assistance (tax credits or cost sharing reductions) indicating that people are choosing us as a trusted place to shop for their insurance.

LK: I see a lot of entrepreneurs have been getting their insurance through the exchange, so we’ll look forward to seeing how having this kind of access has improved the labor market, as people no longer need to be tied to a traditional job to qualify for affordable insurance.

PD: And, of course, the other big benefit is that people with pre-existing conditions can no longer be discriminated against, and a lot of people have come to us for that reason.

LK: Well thanks for the interview and all the great work that you’ve done. We are fortunate to live in a pretty progressive state in terms of health care and have some really great people working to improve things in Colorado.

Read Part 1 of this Q&A.

Categories: News and Views , All

January 20,2015


In a previous post, I discussed the well-established reference lab business model used by both Quest and LabCorp (see: Quest Diagnostics and Lab Corp Business Models Becoming Obsolete). In this note, I listed five different perspectives from which this model was in danger of becoming obsolete. For example, their key customers are private physician offices and such medical practices are disappearing in the face of expansion of integrated delivery networks as well as other factors (see: Health-care law driving doctors away from small practices, toward hospital employment). Moreover, younger physicians are predisposed to work in IDNs for a salary rather than enter private practice. In response, Quest is making a valiant effort to catch the wave of current trends with a new program called Blueprint for Wellness. Here's a description of the program from the Quest home page:

Through Blueprint for Wellness, Quest Diagnostics, the world’s leader in diagnostic testing, information and services, comes to you and your company with a program that all your employees can access across the country. We provide biometric wellness screenings and unique services to empower measurable health improvement, improved productivity and lower healthcare costs for employees. Blueprint for Wellness concentrates on three distinct areas along the wellness continuum: Measure, Map, Modify.

As I understand it, the company is now starting to repurpose some of its patient service centers (PSCs) to "wellness centers" to perform "biometric screenings." This change will be in partnership with employers who offer, with strong financial incentives, wellness programs to their employees and will send them to such wellness centers for counseling and monitoring.

While I applaud this new effort that reinforces my previous conclusion that the current Quest business model may be losing relevance, reshaping itself partly as a wellness company is going to be a long and hard pull. Here are some of the challenges that come to mind about this new program:

  • Most patients will continue to view their physician office as the logical location for the delivery of wellness services, although this is often wishful thinking on their part. In second place as logical wellness centers will be the walk-in clinics in retail drug chains like CVS and Walgreens that have a very significant lead on Quest for these services. The will also enjoy better brand awareness.
  • Quest currently is a one-trick-pony, performing lab tests on specimens drawn at PSCs and then transported to centralized, highly automated clinical labs. Part of its expertise is the logistics involved in these operations. Walgreens seem to be a step ahead of Quest regarding lab testing with its partnership with Theranos using micro-samples and multiplex testing at announced lower prices (see: Finally, Some Important New Details about the Theranos Business Model). This Theranos model could be converted, in time, to point-of-care (POC) testing in the retail drug store settings.
  • Lab testing does not sit at the epicenter of wellness practices for conditions like diabetes, obesity, lung/cardiovascular disease, and fitness. Correcting these problems is frequently all about patient motivation, dietary changes, and avoidance of cigarettes and alcohol. By and large, PCPs themselves are receiving poor marks for weight reduction in favor of established programs like Weight Watchers. Entry into the "wellness arena" is not going to be easy for a national reference lab company.

In summary, I consider this effort by Quest too little to late. However, it's a huge company (market cap $10B), much admired by investors because of predictable earnings, and embedded in the growing healthcare industry. They may be able to make "Blueprint for Wellness" work but I believe that the program won't be successful given the company's core business and expertise.


I had the opportunity to chat with Proteus Duxbury, the CTO of our Connect for Health Colorado (the Colorado health insurance marketplace) just after the start of open enrollment this year (a very busy time for CTOs of state health insurance exchanges). We are headed for a very exciting time here in Colorado. A lot of innovation will be headed our way around health, wealth and wellness in Colorado, and a central part of that is the Colorado health insurance marketplace. We are fortunate to have some great minds working to come up with new solutions and applying appropriate technologies to payment reform and populations health.

LK: Proteus, tell us a little bit about your background and how you came to be CTO of Connect for Health Colorado.

PD: I was a consultant for an international management consulting firm PA Consulting, operating across a broad spectrum of areas including IT strategy, program management, and enterprise architecture. Primarily for healthcare clients. Over that time, I worked for large payer, provider and life science organizations so had the opportunity to gain a holistic view across the industry of some of the important health care emerging trends and how they can be supported by new technology.

LK: It sounds like you have a good background then to see, and potentially bring together, a lot of different data types into this more holistic view and create a pretty different perspective of the health care industry.

PD: Yes, for example, I’ve helped small regional hospitals implement EHR, and worked with the largest pharmaceutical company in the world to integrate a new clinical/real-world data hub. So I’ve been exposed across the entire end-to-end spectrum.

LK: And you were also at Catholic Health Initiatives (CHI), headquartered here in Denver.

PD: I was director of IT for their virtual health services group, owning all technology for a division within CHI, which was promoting the use of telehealth, telepharmacy and telepsychiatry to provide care remotely, in rural areas, and developing new ways to engage consumers in actively managing their health. To help keep them out of the ER and reduce readmissions. That gave me an in-depth appreciation of consumer health care needs. I started this new role here at Connect for Health Colorado in January where I am heading up all technology initiatives. I’m responsible for providing a stable and robust platform for people to enroll and engage with us, reduce technology spend for our sustainability goals and protect the security or our data and technology assets.

LK: It strikes me that you have a really great background then in consumer-focused care, do you see your role with the Colorado Exchange as an extension of that? Certainly it’s a consumer-focused site, but how do you see this extending further into the healthcare value chain and providing better value care, better outcomes at lower cost?

PD: I think the health care provider has a central role of ownership around the introduction of new digital platforms for engagement. But I’m beginning to think that with the introduction of the health insurance exchanges, Connect for Health Colorado is starting to have a bigger role in developing relationships with a large set of consumers that have not had health insurance before or those who need extra help in navigating this complex market. These are quite often high-risk populations and consumers that we can really help to shepherd through the complex health care decisions they have to make on a daily basis. That includes selecting the right plan, helping to manage their health care and ensuring they are not surprised with unplanned high co-pays and deductibles. So, yes, I think it’s a natural progression for an entity like the exchange to be a trusted healthcare partner and be more involved in digital engagement.

LK: So let’s talk a bit about establishing that trust. Colorado has been ranked as one of the top rollouts of the state exchanges. All-in-all, things went pretty smoothly here and now you’ve just gone into open enrollment. What’s the secret to the success here?

PD: It’s a lot of things really: leadership, a solid technology product, and a hard-working set of partners. The exchange really had an excellent leader in (former Connect for Health Colorado CEO) Patty Fontneau. She and her management team were empowered to be agile and make decisions quickly. They were really successful in creating a vision and uniting a small team of highly-focused experts to get this deployed very quickly. Also, very early on there was a decision made to invest in a packaged solution called hCentive that turned out to be a very robust platform that we were able to implement in just 15 months. We also had a great partner in CGI who were very flexible in meeting our needs and working as a collaborative partner, pulling out all the stops to deliver at 110% in order for us to go live on time.

LK: And how many different plans are available on the exchange right now, I recall it’s over 100.

PD: Yes, there are 176 plans available right now.

LK: Through how many different insurers?

PD: 15

LK: So that’s a lot of complexity, integrating with a wide variety of information sources. Did those come prepackaged at all or how did that all come together?

PD: That’s the work that CGI did, they took the hCentive platform and used middleware to integrate it with our best of breed systems including CRM, financial management, noticing and external partners, like OIT, Healthcare policy and the division of insurance. None of this was 100% prepackaged and it took great collaboration with CGI to build out this architecture.

LK: Let’s talk about CRM as a basis for this kind of platform, do you see this kind of CRM becoming the basis for a communication management system between people and their care?

PD: We use a packaged Oracle CRM system that’s in the cloud and it’s pretty rich, but it’s very transactional. In order to really outreach and engage with consumers, particularly with Millennial consumers, who will comprise more than 50% of the market in the next 10 years, we need to look to innovative digital tools that we won’t get from a traditional CRM solution. For example the new mobile app tool that Deloitte has built for HCPF. It’s not just for displaying static information, but is exposing key interactive functionality from their benefits management system and makes it available in a really intuitive way. As an initial step, we’ll want to look at providing that kind of access.

LK: So it really will be more like a platform for innovation and outreach?

PD: Yes.

LK: You and I are participated in a panel recently on “Transparent Consumer Markets in Health Care” at the Colorado Capital Conference. Of course, that’s one of the driver’s for exchanges, to promote transparency, but long term, how do you see the role of the exchange in making healthcare more transparent and help people plan and make better decisions around health care?

PD: As an exchange, transparency is built into our mission and vision statement. Part of our mission is to increase affordability and choice. Our core purpose is to help people be healthier and secure, including financial security.

Transparency for us is critical and needed if you’re going to have true engagement because our consumers often make suboptimal choices when selecting plans. People tend to take shortcuts, or they’ll assume the one at the top of the list is the right one or assume the Gold one is the right one for them. We have a need to educate users very quickly and help them make trade-offs. Choice and information overload does happen very quickly, in about 10 seconds in newly-introduced choice dimensions. We need to provide transparent information about plans, carriers and the providers that are within those plans and cost and quality.

The cost dimension is critical because what a lot of newly-insured people don’t understand, and even what people who have had insurance their whole lives don’t always understand is all of the hidden costs. We know that these hidden costs are increasing dramatically. I referenced the Deloitte study of $672 billion dollars in hidden costs that are in the market. So, as much transparency as we can provide to help people make good decisions, it enables them to make the right health decisions, and financially they’ll be better off if they select the right plan, that has the right balance between out of pocket costs, deductibles, and premiums. And they can only make those decisions effectively if they have the right information on what it’s really going to cost them. That’s why we’re looking to partners like The Center for Improving Health Value, or CIVHC, and the all-payer claims database here in Colorado.

The next challenge will be how we implement the quality information and provider, carrier and plan consumer ratings to provide something that is not overly complex. The more transparency and tools you provide, the quickly it can become complex visually and people can get overloaded, so we need to find the best way to do that, but also provide as much information as possible.

And one final point, we’re doing this because the insurance marketplace is definitely changing with the prevalence of HSAs coming with high deductibles, and companies moving from defined benefit to defined contribution. More than ever before, consumers are having to make their own healthcare benefit decisions, and so what we do is going to affect not just their health, but their finances as well. Those are two core parts of our mission, and I think we’re in a good place to help people navigate those decisions because we are motivated only by our mission. We’re not financially motivated. I think that’s unique and powerful in addition to our unique focus on people who live in Colorado.


Stay tuned for Part II of my Interview with with Proteus Duxbury, CTO of the Colorado Health Insurance Exchange, Connect for Health Colorado.

Categories: News and Views , All

This post is part of Iron Mountain’s Healthcare Information Governance: Big Picture Predictions and Perspectives Series which looks at the key trends impacting Healthcare Information Governance. Be sure to check out all the entries in this series.

Healthcare information governance (IG) has been important ever since doctors started tracking their patients in paper charts. However, over the past few years, adoption of EHR and other healthcare IT systems has exploded and provided a myriad of new opportunities and challenges associated with governance of a healthcare organization’s information.

Three of the most important health information governance challenges are:
1. Defining the legal health record
2. Ensuring quality health data
3. Managing a part-paper, part-electronic record

Defining the Legal Health Record
In the paper chart world, defining the legal health record was much easier. As we’ve shifted to an electronic world, the volume of data that’s stored in these electronic systems is so much greater. This has created a major need to define what your organization considers the legal health record.

The reality is that each organization now has to define its own legal health record based on CMS and accreditation guidelines, but also based on the specifics of their operation (state laws, EHR options, number of health IT systems, etc). The legal health record will only be a subset of the data that’s being stored by an EHR or other IT system and you’ll need to involve a wide group of people from your organization to define the legal health record.

Doing so is going to become increasingly important. Without a clearly defined legal health record, you’re going to produce an inconsistent release of information. This can lead to major liability issues in court cases where you produce inconsistent records, but it’s also important to be consistent when releasing health information to other doctors or even auditors.

One challenge we face in this regard is ensuring that EHR vendors provide a consistent and usable data output. A lot of thought has been put into how data is inputted into the EHR, but not nearly as much effort has been put into the way an EHR outputs that data. This is a major health information governance challenge that needs to be addressed. Similarly, most EHR vendors haven’t put much thought and effort into data retention either. Retention policies are an important part of defining your legal health record, but your policy is subject to the capabilities of the EHR.

Working with your EHR and other healthcare IT vendors to ensure they can produce a consistent legal health record is one strategic imperative that every healthcare organization should have on their list.

Ensuring Quality Health Data
The future of healthcare is very much going to be data driven. Payments to ACO organizations are going to depend on data. The quality of care you provide using Clinical Decision Support (CDS) systems is going to rely on the quality of data being used. Organizations are going to have new liability concerns that revolve around their organization’s data quality. Real time data interoperability is going to become a reality and everyone’s going to see everyone else’s data without a middleman first checking and verifying the quality of the data before it’s sent.

A great health information governance program led by a clinical documentation improvement (CDI) program is going to be a key first step for every organization. Quality data doesn’t happen over night, but requires a concerted effort over time. Organization need to start now if they want to be successful in the coming data driven healthcare world.

Managing a Part-Paper Part-Electronic Record
The health information world is becoming infinitely more complex. Not only do you have new electronic systems that store massive amounts of data, but we’re still required to maintain legacy systems and those old paper charts. Each of these requires time and attention to manage properly.

While we’d all love to just turn off legacy systems and dispose of old paper charts, data retention laws often mean that both of these will be part of every healthcare organization for many years to come. Unfortunately, most health IT project plans don’t account for ongoing management of these old but important data sources. This inattention often results in increased costs and risks associated with these legacy systems and paper charts.

It should be strategically important for every organization to have a sound governance plan for both legacy IT systems and paper charts. Ignorance is not bliss when one of these information sources is breached because your organization had “forgotten” about them.

The future of reimbursement, costs, quality of care, and liability in healthcare are all going to be linked to an organization’s data. Making sure your data governance house is in order is going to be a major component in the success or failure of your organization. A good place to start is defining the legal health record, ensuring quality health data, and managing a part-paper part-electronic record.

Join our Twitter Chat: “Healthcare IG Predictions & Perspectives”

On January 28th at 12:00 pm Eastern, @IronMtnHealth is hosting a Twitter chat using #InfoTalk to further the dialog. If you have been involved in governance-related projects, we’d love to have you join. What IG initiatives have shown success for you? How have you overcome any obstacles? What do you see as the future of IG? Keep the conversation going during our “Healthcare IG Predictions & Perspectives” #InfoTalk at 12pm Eastern on January 28th.

January 19,2015


As many of you know, I’ve long been an advocate for the specialty specific EHR. There are just tremendous advantages in having an EHR that’s focused only on your specialty. Then, you don’t get things like child growth charts cluttering your EHR when you don’t see any children. Or taken the other way, you have child growth charts that are designed specifically for a pediatrician. This can be applied across pretty much every industry.

The reason that many organizations don’t go with a specialty specific EHR is usually because they’re a large multi specialty organization. These organizations don’t want to have 30 different EHR vendors that they have to support. Therefore, in their RFP they basically exclude specialty specific EHR vendors from their EHR selection process.

I understand from an IT support perspective and EHR implementation perspective how having 30 different EHR implementation would be a major challenge. However, it’s also a challenge to try and get one EHR vendor to work for 30+ specialties as well. Plus, the long term consequence is physician and other EHR user dissatisfaction using an EHR that wasn’t designed for their specialty. The real decision these organizations are making is whether they want to put the burden on the IT staff (ie. supporting multiple EHRs) or whether they want to put the burden on the doctors (ie. using an EHR that doesn’t meet their needs). In large organizations, it seems that they’re making the decision to put the burden on the doctors as opposed to the IT staff. Although, I don’t think many organizations realize that this is the choice they’re making.

Specialty EHR vendor, gMed, recenlty put out a whitepaper which does an analysis and a kind of case study on the differences between a integrated GI practice and a non-integrated GI practice. In this case, they’re talking about an EHR that’s integrated with an ambulatory surgery center and one that’s not. That’s a big deal for a specialty like GI. You can download the free whitepaper to get all the juicy details and differences between an integrated GI practice and one that’s not.

I’ve been seeing more and more doctors starting to talk about their displeasure with their EHR. I think much of that displeasure comes thanks to meaningful use and reimbursement requirements, but I also think that many are suffering under an EHR that really doesn’t understand their specialty. From my experience those EHR vendors that claim to support every specialty, that usually consists of one support rep for that specialty and a few months programming sprint to try and provide something special for that specialty. That’s very different than a whole team of developers and every customer support person at the company devoted to a specialty.

I’m not saying that an EHR can’t do more than one specialty, but doing 5 somewhat related specialties is still very different than trying to do the 40+ medical specialties with one interface. One challenge with the best of breed approach is that there are some specialties which don’t have an EHR that’s focused just on them. In that case, you may have to use the every specialty EHR.

What’s clear to me is that most large multi specialty organizations are choosing the all-in-one EHR systems in their offices. I wonder if force feeding an EHR into a specialty where it doesn’t fit is going to eventually lead to a physician revolt back to specialty specific EHRs. Physician dissatisfaction, liability issues, and improved interoperability could make the best of breed approach much more attractive to even the large organizations. Even if it means they back into a best of breed approach after trying the one-size-fits all approach to EHR.

I’ll be interested to watch this dynamic playing out. Plus, you have the specialty doctors coming together in mega groups in order to combat against this as well. What do you think is going to happen with specialty EHR? Should organizations be doing a best of breed approach or the one-size-fits all EHR? What are the consequences (good and bad) of either direction?

Full Disclosure: gMed is an advertiser on this site.

The following story is absolutely true. Only the names of the people involved and the name of the academic medical center have  been changed to protect the not-so-innocent. Over the years, I’ve written a number posts about the maddening and frustrating...(read more)
Source: HealthBlog

Xifin will host a free webinar entitled Leveraging Cloud-Based Technologies to Grow Your Laboratory Business this Thursday, January 22, 2015, from 10:00 a.m. to 11:00 a.m. PST. Laboratories of all types are turning to cloud computing to minimize time and the resources dedicated to managing and maintaining complex hardware and software environments. Standardizing on cloud-based technologies is a strategic decision. In this webinar, Fritz Gartner, CEO of Applied Diagnostics, will discuss how to standardize a laboratory with cloud-based solutions to improve operational efficiencies and position your organization to seamlessly address the challenges of emerging IT.

Here are the learning objectives for the webinar:

  • Understand the benefits and trade-offs of cloud-based solutions
  • Get insight on how to choose the right cloud vendor
  • Learn how Applied Diagnostics is using these solutions to transform data into knowledge
  • Identify opportunities for your own organization

To register, simply navigate to the Xifin web site. At the top of the page, there is a pull-down menu lableled News, Go to Events>Webinar and click on Leveraging Cloud-Based Technologies to Grow Your Laboratory Business. You will see the webinar registration panel on the right of the screen. 

I have always been a strong advocate for the use of cloud technologies in support of lab IT. (see, for example: New IT Model for Cancer Genomics; Diagnostic Cloud Nodes). This will be your chance to learning more about the topic from an industry leader.

January 17,2015


Editor’s Note: The following article is a Guest Column from Charles Webster, MD, a health IT workflow expert and advocate for process-aware technologies in healthcare, including workflow management systems, Business Process Management, and dynamic and adaptive case management. You can contact Dr. Webster on Twitter @wareflo or through his blog at ChuckWebster.com. To learn more about submitting a Guest Column, Click Here.

Anyone who has wrestled with how to sell a health IT product has wrestled with features and functions versus benefits: what a product is and does versus what important problem it solves and how that will make someone feel. I’ll argue that workflow is the bridge from features to benefits. This bridge is missing in much health IT marketing today. With a modicum of self-study, any health IT marketing professional can use workflow to find clients, understand their products, and tell a vivid and credible story about how they will help health IT consumers prosper.

Back when I took my three-credit undergraduate marketing course, I learned about the original Four Ps of the marketing mix: Product, Price, Promotion, and Place. The Four Ps are now over a half-century old. Since then we’ve had the seven Ps (then eight), the Four Cs (consumer, cost, communication, and convenience), seven Cs, and, finally, four new Ps! (People, Processes, Performance, and Profit.) I could go on about interesting connections among these marketing frameworks (Processes!) and workflow, but I won’t (in this piece!).

Regarding workflow, I took courses about it during an MS in Industrial Engineering. I’ve looked a hundreds of definitions since. This is the short definition I’ve settled on: Workflow is a series of tasks, consuming resources, achieving goals. In marketing terms, you can think of goals as benefits, resources as prices or costs, and the series of tasks as what the product does. All purposeful human activity involves workflow.

So, how is workflow a bridge from features to benefits? Achieving a consumer goal is a benefit. Using a product requires a series of user-product interactions (steps, tasks, activities). Resources consumed? They start being consumed the moment a consumer realizes they have a problem to solve. They continue to be consumed after a product is acquired. And they only stop when a product is finally retired or discarded.

Workflows exist within workflows within workflows, all the way up to, and including, the workflows of life itself. Workflow extends all the way down to the micro-workflow of a series of button clicks.

Let’s imagine that a product has three salient features: A, B, and C. For example: HIPAA-compliant user authorization, ability to look up patient info, and direct staff to do something. A, B, and C are steps in a workflow. They accomplish a goal, the goal of the workflow, goal D. But goal D can be a step in a higher-level workflow, such as Help My Patient. And that workflow is embedded in an even higher-level workflow, such as, What I Do Every Day At Work. And that workflow is part of a life flow, How I Live My Life. Think I’m being silly? I’m not. Understanding how a product (the first P in the original four Ps) fits into lives of users is perhaps the single most important strategic insight a health IT marketing professional can impart.

How can you, a health IT marketing professional, use workflow to find, understand, and help health IT vendors and customers?

“Workflow” is becoming a bigger and bigger meme within the health IT industry. What makes the workflow meme so interesting and so strategic, is that workflow, in a sense, glues together all the other memes. Take SMAC, for social, mobile, analytics and cloud, for example. If you are going to create the next great health IT SMAC-based product, in what order does the user do what, at what cost to achieve what benefit? Workflow!

Furthermore, those tens of thousands of health IT products out there? No one product does everything, so products need to be combined into usable (wait for it) workflow. The biggest pain points within products (usability) and between products (interoperability) all critically involve workflow.

Before every HIMSS conference, I search over a thousand conference exhibitor websites for “workflow.” I tweet links to the most interesting content on the HIMSS conference hashtag. Last year over eight hundred of my tweets on the #HIMSS14 hashtag contained the words “workflow” or “workflows”. By the way, I’m delighted to be a HIMSS Social Media Ambassador again!

Early on, honestly, I had trouble finding much of interest about workflow on exhibitor websites. However, starting at HIMSS12, it really started to take off: four percent of websites, eight percent, and last year, sixteen percent. I’m only part way though the websites of exhibitors for this year’s HIMSS15, but I can already see this trend continuing (though I don’t know if it can actually double yet again).

So, “workflow” is in the air, in hallway conversations, in tweets, marketing, technical documentation, user forums, etc. Search in Google and Twitter for “workflow” and X, where X is a subject you already know. If you are already an ICD-10 expert, become an ICD-10 workflow expert. If you’re already a patient experience and engagement expert, become a patient experience and engagement workflow expert. You can pivot from workflow to any health information management area, and you can pivot from any health information management area to workflow. Doing so deepens your understanding and adds tools to your portfolio.

Network about your workflow interest, through contact pages, emails, listservs, blog comments, LinkedIn, and Twitter. Once you’ve started a conversation, ask for details. Ask about workflows. What happens first? And then what happens? And then what happens. What if something slips between the cracks? Do you have any workflow diagrams? Videos? Do you mind if I draw a workflow diagram and run it past you to make sure I understand how you do what you do? Use Visio, PowerPoint, draw on a napkin and snap a photo. You’ll be surprised by the degree you’re forced to prove to yourself that you really understand a product. And your interlocutor will be impressed (or pestered, you still gotta sell your value relative to the cost of their time).

Now that you understand a health IT product workflow, you have a detailed roadmap between low-level product features and higher-level user goals. If you need more context, bump up a level and understand how that workflow relates to even higher-level workflow and goals. If you need more nitty-gritty, drill down to screenshot-by-screenshot micro-workflow.

If above sounds like a lot of work, it is. It’s worth it. First of all, you’ll prove that you really understand the nuts and bolts of a product and how it fits into a user’s world. Second, you’ve got some great content. Workflow diagrams, simplified, annotated, and made aesthetically attractive are great for blog posts, white papers, presentations, and so on. The health IT market is a collection of complicated and intricate micro markets. The biggest, most costly, and (to the point) beneficial differences between health IT products are differences in workflow. Any means to more deeply understand, represent and communicate these differences is all the good: the consumer’s, the vendor’s, and yours.

Everyone is an expert on their own workflow. If you can vividly and credibly show me, an expert on my workflow, that your product fits perfectly into my workflow, I’m impressed. This is what I mean by the title of this column. Marketing Workflow Is An Incredible Opportunity To Differentiate Health IT Products, And You!

Workflow: It’s not just for industrial engineers anymore!

Categories: News and Views , All

Follow Us: