Health IT-related patient safety risks should inspire Congress to create a national patient safety board

The idea’s time has come. The U.S. healthcare system needs a national, independent entity empowered by Congress to oversee health IT patient safety. Now.

In today's world a health IT-related patient safety issue that is identified by a physician practice or hospital is investigated and managed in a nontransparent manner by the individual provider and the EHR vendor.  

Although the issue may be escalated to a local accountable care organization (ACO) or patient safety organization (PSO) that providers are increasingly becoming associated with, neither the issue nor the results of the investigation are reported to a statewide or national oversight entity. The patient safety data is therefore not collected, aggregated and analyzed at a state or national level. Without such oversight we are missing out on the opportunity to identify known avoidable health IT risks to patient safety and failing to disseminate knowledge on how to manage those risks. For example, if an issue is resolved at the physician practice between the physicians and EHR vendor but is not addressed at other practices that use the same EHR, then patients at those other practices remain at risk. 

I have observed EHR vendors tune in to patient safety issues more keenly in the past decade and sometimes make more visible efforts to ensure identified issues are addressed with all customers and not just the ones who report issues. And let's be clear that a majority of EHR-related patient safety risks are related to how an EHR product is being used or implemented by their clients and not due to inherent technical flaws with the vendor's product. Nevertheless, patient safety should be viewed as a shared responsibility between the physicians, their practices or organizations and the health IT vendors. Identifying and managing patient safety risks is done most effectively when all cooperate in a team effort.

In Texas there had been discussions within the Texas Medical Association about establishing a central, statewide EHR patient safety entity to monitor and manage health IT-related patient safety issues. The data would be rolled up from hospitals, physician practices and patient safety organizations across the state for aggregation and analysis. However, it became evident during those discussions that it would be feasible and much more beneficial to establish governance at a national level.

So why does this need to be a new, independent national agency charged by Congress to oversee health IT patient safety? 

Today there are many government agencies and private entities that I believe could and should contribute to patient safety surveillance and improvements, but none have the expertise, assets and time that are necessary to coordinate a national effort. In addition to the complexity involved with collecting and analyzing data from hundreds of institutions and PSOs, there are hundreds of unrelated EHR vendor products being used. There is not yet any available registry of health IT products, many of which are subdivided into multiple versions that sometimes vary widely in their available functionality. As a result, I strongly agree with the observations and recommendations described in an article by Singh, Classen and Sittig (J Patient Saf, Dec 2011; 7(4): 169-174) calling for a national patient safety board that is an independent government agency structured similarly to the National Transportation Safety Board. This entity would be charged by Congress to oversee HIT patient safety and coordinate with other agencies who can contribute to improvement in patient safety such as the Office of the National Coordinator, the Federal Drug Administration, the National Institute of Standards and Technology, the Agency for Healthcare Research and Quality, the Center for Medicare and Medicaid Services, the National Quality Forum, local patient safety organizations, local healthcare organizations who collect patient safety data, other local EHR patient safety reporting entities and industrial (EHR and HIT) trade associations. All of these entities need to function in a cooperative fashion in order to effectively identify and manage health IT-related patient safety risks.

The recent health IT report from the Food and Drug Administration Safety Innovation Act (FDASIA Health IT Report) proposes a framework to improve health IT-related safety risks including a proposed National Patient Safety Center. 

I am concerned, however, that the proposal does not appear to provide this entity with enough authority to get the job done effectively. A national patient safety entity must have the authority to not only monitor activity and provide learning opportunities for vendors and providers, but also to regulate activities, investigate events, ensure issue resolution and require compliance. I do not see enough "teeth" given to the entity proposed by the FDASIA report. 

The primary focus of a national Health IT Patient Safety Center should be on the dedicated surveillance of HIT-related safety risks and to promote learning from identified issues, potential adverse events (“close calls”) and adverse events. But it must also have the authority to effectively manage identified risks and ensure compliance with best practices for health IT patient safety.


It is time for the U.S. to begin implementing health IT smartly

From a national policy perspective, ICD-11 is not found anywhere on the U.S. dial.   Not even a preliminary roadmap to ICD-11 has been proposed.   I believe this to be a serious risk to our nation’s health IT planning efforts, and this risk has been inherent to U.S. health IT planning for decades.   The recent ICD-10 delay magnifies this strategic flaw.   It is time for CMS to take a deep breath, re-evaluate our national strategy, address the unmitigated strategic risks and determine whether any mid-course corrections are needed before deciding on the new ICD-10 implementation date.  It is time for the U.S. to begin implementing health IT smartly.  

What I see right now is the U.S. planning to achieve a short-term tactical goal of getting off antiquated ICD-9 while the rest of the world is focusing on the long-term strategic goal of developing and adopting the new-century ICD-11.   Unless we take action now, we are destined to be in the same predicament in the 2020s when we will be struggling to get off of last century’s ICD-10.   

But the stakes will be much higher in the 2020s.  

Most physicians and hospitals will be using EHRs, health information exchange will be flourishing, SNOMED-CT will be the common vocabulary used by clinicians and big data analysis will be... well, big.  We will be stuck, though, with an ICD-10 taxonomy that was developed before the Internet came into common use.   We will be clamoring for ICD-11 because it was developed in alignment with SNOMED and for other reasons I and others have previously described.  Delays will likely be encountered.  And we will probably be amnesic about how we got into such a predicament.  

To avoid this we need a U.S. roadmap to ICD-11 before deciding when to implement ICD-10.   We need to determine our long-term goals and then align our short-term tactical plans to those goals.   What if ICD-10 is delayed another year?   Would it then be time to leapfrog to ICD-11?    What if the delay is 2 years?   How about 3 years?   Or maybe to meet our long-term goals it is actually time to leapfrog now.   But without establishing long-term goals and developing a proposed roadmap to ICD-11,  we cannot really make an informed decision. 

Yes, we have to get off ICD-9, but not at any and all costs.   I want the U.S. to change health IT planning efforts from one that risks derailment from ostrich-style decisions to one that smartly develops long-term strategic goals and aligns them to tactical plans.  I want us to be a country that leads the world in the use of health IT to improve quality of care and one that smartly plans to optimize health IT use each decade.

.

MM


Ask Not What ICD-10 Can Do For Healthcare, Ask What Healthcare Can Do With SNOMED and ICD-11

ICD-10 is so “last century”.    The United States did not adopt ICD-10 twenty years ago when the standard was first developed.    The current version of ICD-10 that the United States is designated to adopt is based primarily on the international version of ICD-10 that the World Health Organization (WHO) published in 1990.    The international version was drafted by committees that began their work over thirty years ago in 1982 (see 2nd Edition of ICD-10 by WHO).    In other words, our version of ICD-10 is based on work done before use of the rich information space called the Internet became common and before the human genome was mapped.

ICD-11 is “this century”.    According to an article in Healthcare Financing News, Christopher Chute who is one of the leading informatics experts and a Chairman of an ICD-11 Revision Steering Group at the World Health Organization stated:

“ICD-11 will be significantly more sophisticated, both from a computer science perspective and from a medical content and description perspective…. Each rubric in ICD-11 will have a fairly rich information space and metadata around it. It will have an English language definition, it will have logical linkages with attributes to SNOMED, it will have applicable genomic information and underpinnings linked to HUGO, human genome standard representations. ICD-10, as a point of contrast, provides a title, a string, a number, inclusion terms and an index. No definitions. No linkages because it was created before the Internet, let alone the semantic web. No rich information space.”

ICD-x codes are used by non-clinicians for important administrative and financial purposes.    SNOMED-CT, on the other hand, is what physicians will actually use to communicate information about patients in their electronic health records (EHRs).    In fact, physicians must use SNOMED vocabulary in their EHRs, not ICD-x codes, for their problem lists in order to achieve Stage 2 Meaningful Use for incentive payments and to avoid Medicare penalties in the future.    Unlike ICD-10, ICD-11 is based on SNOMED.  And SNOMED includes over 311,000 concepts with unique meanings, making it more granular than ICD-10 or ICD-11.  

One way to think about the relationship is that SNOMED is the input and ICD-x is the output.  SNOMED is used by clinicians to input clinical information into the EHR at a high level of detail.  ICD-10 and ICD-11 aggregate that data into less detailed classifications that are more useful for output purposes such as quality reporting.    They really cannot replace each other.   But we could and should require EHRs to map in the background the SNOMED codes used by physicians into the ICD-x codes used by others.    No need to engage physicians in ICD-x debates or to learn new vocabularies each time WHO does their thing with the U.S. traditionally following way behind.

So what the HIT are we thinking?    Do we really believe that healthcare quality will be significantly improved based on ICD-10 that was developed out of work done over 30 years ago before the Internet was commonly used and before human genome coding was completed?    Or do we believe that we need to adopt ICD-11 for output purposes and to use SNOMED–CT in EHRs for input purposes in order to move the quality needle in the right direction?

I for one believe that we need to get to ICD-11 as soon as possible.     And I believe we should cut the umbilical cord to ICD-10 right now because:

  1. There is currently no information showing that a conversion to ICD-10 is required before ICD-11.
  2. It is intuitively obvious that the costs of going to ICD-11 directly from ICD-9 would be less than incurring the remaining costs of implementing ICD-10 in 2015 (or later) and then implementing ICD-11 sometime thereafter.    And that includes the sunken ICD-10 costs.    If you believe that this is an outrageous assumption, then prove it to be untrue.    Show the comparative costs of both pathways.    But don’t just comment or blog that it’s ridiculous without providing some kind of evidence.     Sometimes it’s wisest to go with intuition.
  3. The ICD-10 implementation has been so painful that it is unlikely the industry will have the stomach to move on to ICD-11 within a decade.    This will result in an excessively long delay to ICD-11 and an excessive period of time using a classification system from the previous century.
  4. There is consensus among leading informatics experts that ICD-11 is superior to ICD-10

 

Matt Murray, MD


AMA's Opposition to Bill on SGR Fix and ICD-10 Delay Is a Winning Ploy

Incidental to the AMA's opposition to the SGR fix bill is that they fail to actively support the one-year delay of ICD-10 that is included in that bill.     Interesting ploy--oppose a bill that you could live with.     If their opposition fails to change minds and the bill is passed, they are not blamed by others for the ICD-10 delay and they are not blamed by us physicians for not trying to fix SGR.     They get a delay in ICD-10 and they begin hard work to fix SGR next time.     On the other hand, there is obviously no luxury of a "next time" for an ICD-10 delay once the implementation starts.

And, by the way, the dream of skipping ICD-10 and moving to ICD-11  sooner momentarily flickered in my head last night.     The cost analysis of the two possible pathways to ICD-11 would still be interesting.     However, I recognize that the sunken costs into the current pathway to ICD-11 (through an ICD-10 implementation) have grown exponentially since I wrote that blog.

ICD-11 could be implemented within 7 years if we are determined to do so.     But once we implement ICD-10 I fear the industry will not be able to stomach an ICD-11 implementation within a decade.     And if the ICD-10 implementation is a debacle, then I believe thinking about ICD-11 will cause such nausea that it will be delayed 15-20 years.   For ICD-11's sake, I hope the one-year delay holds up in order to mitigate the chances of an ICD-10 debacle this year.

                                                                                                      .


AMA Fails To Do Homework on ICD-11 Cost Analysis

The American Medical Association (AMA) failed to complete their homework assignment before concluding in a report that skipping ICD-10 to move directly to ICD-11 is not a feasible option. Just like CMS (see CMS prematurely dismisses the alternative option to forgo ICD-10 and implement ICD-11), the AMA failed to compare the total cost of implementing ICD-10 and then implementing ICD-11 to the total cost of foregoing ICD-10 to implement ICD-11 sooner. To make matters worse, the AMA's report openly states that they only performed a preliminary assessment of the feasibility of moving from ICD-9 directly to ICD-11.   Since when does one draw a final conclusion based on a preliminary assessment?  

Several statements in the report lead me to believe that the AMA prematurely issued this report without performing a comprehensive analysis in order to maintain political relationships with other healthcare stakeholders.    For example, the AMA states that "while many physicians have concerns about the costs and burden of ICD-10, there are many other stakeholders, including 24 government agencies, researchers, large payers, large health system providers, and public health entities, that support the conversion."    OK, let's think about that...the AMA acknowledges that physicians are concerned about the costs, and yet they offer no comparative analysis of the costs. Which relationships have the appearance of being more important to the AMA in this case:  physicians or others?

The AMA states that "stakeholders have already invested millions towards the adoption of ICD-10."   This is certainly true, but I do not see these sunken costs as an obvious reason to eliminate the ICD-11 option. Instead, I see these costs as one of the important variables in a simple equation:

x= total cost of ICD-10 implementation + total cost of ICD-11 (two complete implementations)

y=sunken cost of ICD-10 work + total cost of ICD-11 (one complete implementation + sunken cost of partial implementation)

Is x greater than or less than y?   As a physician I expect my professional organization to actually do the math before writing down an answer.  

And finally, the AMA makes an argument for ICD-10 because "some have speculated" that it could take 20 years to implement ICD-11.   This is really quite embarrassing, as even CMS stated in their  ICD-10 final rule that ICD-11 could be implemented as early as 2020.   In a recent  Health Affairs report informatics experts speculate that an accelerated ICD-11 implementation could occur in 5-7 years, and they are in agreement that we need to transition to ICD-11 sooner than 20 years from now.

I recognize AMA as a strong advocate for physicians, but I give the organization an "F" on this homework assignment.   


EHR Interoperability is a Nervous System

For those familiar with using email applications such as Outlook, Gmail or Apple Mail, it might not seem like it should be very hard to send and receive electronic health information.   But as it turns out, maintaining privacy, security, HIPAA compliance and electronic patient consent is very complex when exchanging electronic health data over the Internet.   It is not easy even for physicians and hospitals using fully functional EHRs.

Virtual Scenario:  Imagine that your patients’ electronic medical records are packaged in individual charged impulses that can propagate along the axons of a national health IT nervous system. This neuronal circuit provides the infrastructure needed to send one of those charged impulses containing the right information on the right patient to the right receiving provider whenever and wherever needed. As physicians know, the charged impulses will propagate along the tubular-shaped axon until they reach the terminal end, which does not directly connect with another axon. Instead, there is a gap or synapse which prevents the impulses from proceeding unless an intermediary event occurs. This constraint prevents chaotic, asynchronous transmissions of impulses that would result in unwanted movements or seizures. So, trusted intermediaries (i.e. neurotransmitters, ions) are needed at the gaps or synapses to enable axons to “talk” with one another in a standard and controlled manner. This allows the charged impulses to proceed in a synchronous manner. The axons, gaps, synapses and intermediaries must work together, or be “interoperable”, so that the charged impulses travel in a secure, coordinated manner all the way to their intended destination.

In this scenario the imaginary national health IT nervous system is analogous to the real-life health IT infrastructure being developed at the national and state levels through National Health Information Network (NHIN) Direct project and the State Health Information Exchange (HIE) Cooperative Program.   The charged impulses represent each patient’s electronic health information.  The axons represent each physician’s cable to the Internet.   The gap or synapse represents the present-day constraints on our ability to send and receive electronic health information to one another.   The trusted intermediaries represent local health information exchanges (local HIEs) and health information service providers (HISPs) that allow each physician’s axon to communicate through the Internet with axons from other physicians and hospitals.  The interoperability needed among all parts of the virtual health IT nervous system is analogous to the interoperability needed among all parts of the real-life health IT infrastructure including EHRs, local HIEs and HISPs.

The Nationwide Health Information Network (NHIN), through the NHIN Direct project, defines standards, services and policies at a national level for health IT interoperability.  At the core of NHIN Direct are trusted intermediaries that physicians can connect to in order to allow electronic health information to traverse the synapses between their axons and those from other physicians and hospitals.   These trusted entities are called health information service providers (HISPs). HISPs are able to authenticate the senders and recipients of electronic health information.   This provides verification regarding who really sent information and who really received it while also maintaining privacy and security while the data passes across the axonal synapses.

The Office of National Coordinator for Health IT (ONC) is making an effort to trickle down NHIN Direct standards and protocols to each state.   Through the State HIE Cooperative Program, ONC grants funds to states who submit plans to build statewide health IT infrastructure to support interoperable health information exchange.   In order to be funded the states must adhere to NHIN Direct standards.

For example, the Texas Health Services Authority (THSA) is using the grant funds to serve as a statewide convening entity that has gained consensus from a broad base of healthcare stakeholders on a three-pronged strategic plan for HIE in Texas:

  1. Local HIE Program— Local HIEs are another type of trusted intermediaries, like HISPs, that physicians can connect to in order to allow electronic health information to pass across the synapse to the axons of other physicians, labs, radiology centers, hospitals or others with electronic health information. Twelve local HIEs were launched in 2011-2012 with partial funding through the THSA’s Local HIE Grant Program. Some are currently operational and actively providing HIE connectivity to physicians and hospitals in their area 
  2. State-level IT infrastructure and services—The goal is to develop statewide infrastructure and services that can be used by local HIEs to help them provide HIE services locally as well as to enable exchange of data from one HIE to another (statewide HIE services); also to support a transparent governance structure and develop policies and strategies that guide maturation of statewide health IT infrastructure
  3. “White Space” initiative—The goal is to make available basic health information exchange services to physicians and hospitals in regions of the state without local HIEs (the “white space”) by creating a marketplace of health information service providers (HISPs); physicians can apply for “vouchers” from THSA to offset the initial costs of connecting with the HISP they select.
Physicians should stay abreast of health IT interoperability efforts like these, especially those in their own communities like the local HIE efforts in Texas.  Physician input and involvement in these initiatives helps ensure health IT is spliced into the healthcare industry's genome in way that promotes high quality care.

Vendors Can Raise EHR Safety, Lower Business Risks Through Patient Safety Organizations

Physicians are disturbed when patient care is put at risk due to a problem caused by their use of an electronic health record (EHR).    Although they will generally tolerate the situation when their reported problem is effectively managed in a transparent manner, there are a number of situations that engender scorn for their vendor.   The most common scorn-generating situation is when they feel that the patient safety issue they reported has not received a high enough priority from their vendor.   These situations should, and often do, resolve when the doctor and vendor communicate a clear understanding of the problem and circumstances.  

But it is another situation that I think is much more frustrating.   A physician’s expectation is that EHR vendors respond to patient safety issues in the same manner physicians respond to adverse medical events.   Physicians engage in peer review activities to not only analyze and resolve a specific adverse event, but also determine a plan that reduces the risk of the adverse event happening again.  The most common peer review activities provide legal protections from discovery which promotes transparency and more effective management of the problem.  Physicians analogously expect EHR vendors to not only fix their problem, but also to transparently fix it for all other physicians using their product.   This puts EHR vendors in a quandary because the legal protections of peer review activities extended to physicians are not extended to EHR vendors.  

Resolving this problem will require assistance from the federal and state governments.    Along those lines the Office of the National Coordinator for Health Information Technology (ONC) published a Health IT Safety Plan on December 21, 2012, and is accepting public comments on it until February 4, 2013.   I believe the most important aspect of this plan is the development and use of patient safety organizations (PSOs) to identify, aggregate, and analyze health IT safety events and hazard reports.    

The aviation industry continually improves passenger safety by engaging pilots in self-reporting of errors and dangerous conditions through an offer of immunity from sanctions.   The federal Patient Safety Act of 2005 provides an analogous environment allowing physicians in the outpatient setting to voluntarily report and share quality and patient safety information to AHRQ-certified PSOs without fear of legal discovery.   Most physicians are familiar with the secure nature of communications when they are involved in hospital quality improvement activities.    The information, documents, discussions and committee reports generated under the hospital’s umbrella of quality programs are held confidential and privileged.   Privileged communications cannot be disclosed and used in medical litigation without consent.   PSOs offer an analogous umbrella of protection for physicians in the ambulatory setting.    Physicians may voluntarily report patient safety issues or quality data from their outpatient practices to a PSO on a privileged and confidential basis.    The PSO can aggregate and analyze information from multiple physicians and healthcare entities to help identify, prioritize and reduce hazards that impede quality care.

The legal protections offered to physicians through PSOs are not currently extended to EHR vendors. They should be, and I will endorse that change in my comments to ONC’s Health IT Safety Plan.   But even without this change there are ways for EHR vendors to safely engage with PSOs today.    Let’s consider one such scenario:

Fictional scenario:  Community physicians and several EHR vendors are associated with the same patient safety organization (PSO). Dr. X is one of the physician members and his EHR vendor, VendorZ, is an analytical contractor with the PSO. After entering a digoxin dose in his EHR’s Medication Reconciliation screen, Dr. X discovered that the dose displays with a misplaced decimal point on the Medication History screen. He reports this dangerous dosing error to his PSO as a patient safety issue. The PSO notifies VendorZ. VendorZ begins working with Dr. X’s office to resolve the issue. Because VendorZ is an analytical contractor with the PSO to which this patient safety issue was reported, the reported problem, analyses, results and recommendations are confidential and privileged. When a solution is identified, there is no legal threat that disincentivizes the PSO or VendorZ to withhold this known problem and solution from other physicians in the PSO who use the same EHR. The PSO notifies all of those physicians who are members of the PSO and proactive work is done to prevent this same problem from harming patients in other practices.

EHR vendors are not inclined to openly discuss EHR problems when there is the threat of litigation against them for doing so, similar to fears physicians have with discussions of their own medical errors.   But this fictional scenario exemplifies one plausible way for EHR vendors and physicians to collaborate on health IT risks today under the protective umbrella of PSOs.

As stewards of safe, quality care physicians should have a basic understanding of PSOs and carefully consider opportunities that arise to engage with a PSO on initiatives to improve outpatient care in their community.   EHR vendors should demonstrate a similar stewardship by helping educate physicians about PSOs and engaging with physicians through PSOs to improve the safety of their EHR products.


Dangerous Precedent Set To Financially Penalize Doctors Who Fail to Influence Patient Behavior

I strongly oppose use of quality measures that incentivize or penalize physicians based on their ability to influence patient actions when those actions are beyond reasonable control of physicians or if there is no evidence linking such actions to improvements in patient outcomes.    That is why I believe there is a dangerous precedent being set in the Stage 2 electronic health record (EHR) incentive payment rule which will penalize physicians if they fail to influence patient behavior in a manner desired by the Centers for Medicare &  Medicaid Services (CMS).    

Two of the 17 Stage 2 core objectives hold physicians accountable for ensuring that their patients use technology at home.   One measure requires at least 5% of unique patients seen during the reporting period to send a secure message to the physician's practice using the electronic messaging function of the EHR.   A second measure requires at least 5% of unique patients seen during the reporting period electronically view, download or transmit their health information.   

In order to qualify for Medicare and/or Medicaid EHR incentive payments and avoid financial penalties, physicians must meet all 17 core measures as well as three from a menu of six additional measures.    Physicians must also report on nine of a total of 64 specific clinical quality measures.  Physicians who fail to do so by 2015 will not only fail to receive annual EHR incentive payments, but also be penalized by CMS through annual payment adjustments. 

In the final rule for the Stage 2 EHR Incentive Program CMS responded to public comments on these two new core objectives. CMS argued that physicians are in a unique position to strongly influence the use of technologies by patients "to improve their own care."    They did acknowledge a potential barrier of limited broadband internet access that could impact some physician practices and patients.   So in the final rule CMS lowered the threshold from 10% to 5% and added an exclusion for practices that are impacted by limited broadband access.   CMS summarized their response with, "We believe that this lower threshold, combined with the broadband exclusion detailed in the response, will allow all EPs (eligible physicians) to meet the measure of this objective."

I can agree with CMS that physicians should leverage the influence we have on patient behaviors as part of the care we provide.   We certainly are in a unique position to help patients become more engaged in and compliant with their healthcare.   I even agree with CMS that the lower thresholds should not be difficult to meet and that it is important for physicians to offer these technologies for patients to use.    

My key point of contention with CMS is with the presumption that use of these specific technologies at home allows patients to "improve their own care".    If use of these technologies were objectively linked to improved patient outcomes, I could understand the value in financially incentivizing physicians to move patients in that direction.   Without such evidence the government's relationship with physicians would be better served through a more tactful approach to promote the use of promising technologies by patients without the strong-armed threat of financial penalties on doctors. 

CMS misses the point on this one.    Precedent should not be set to penalize physicians based on measures of their ability to engineer desired patient behaviors when those behaviors are not objectively linked to improved patient outcomes.   I am not saying that we should not offer these technologies to our patients.    I am saying that we should promote their use and then study how that use impacts the quality of care

 

 


CMS Decision on ICD-10 Spurns Optional Path to ICD-11 Without Comparing Value

 

"The decision to mandate ICD-10 for covered entities has already been made."  

This response in the ICD-10 final rule published last Friday by the Department of Health and Human Services (HHS) bluntly spurns the option of foregoing ICD-10 to implement ICD-11.   HHS predictably argues that the considerable investments already made by healthcare organizations into ICD-10, the years of rulemaking with previous analyses of ICD-10 value/costs and the "uncertainties" over the timeline and value of ICD-11 all justify a decision to eliminate ICD-11 as an option.  

I am disappointed that HHS made no estimates on the comparative value of ICD-10 to ICD-11.   Instead of comparing the total cost of proceeding with ICD-10 and then implementing ICD-11 to the total cost of foregoing ICD-10 to implement ICD-11, HHS candidly explains that "we do not participate in this debate in this rule, except to say that we are convinced of the benefit of ICD-10 to health care delivery in this country."  There clearly was no intent to revisit a previous decision to implement ICD-10, even though there is an opportunity to gather and analyze new information to assure we make an informed decision on the optimal pathway to an inevitable ICD-11 implementation. 

The final rule dismisses the call from several commenters on the proposed rule for an analysis of the total costs of the two pathways to an ICD-11 implementation.   One argument made against such an analysis is that the "the disruption and costs of transitioning to ICD-11 are highly unlikely to be less those of transitioning to ICD-10."  I agree that each individual implementation may have comparable costs, but that does not compare the cost of the two pathways which are: 

  1. Implement ICD-10, then implement ICD-11 (two complete implementations)
  2. Forego ICD-10 to implement ICD-11 (one implementation + sunken ICD-10 investments)

What is the comparable cost of each pathway? A comparison of the cost and benefits could have a significant impact on the decision.  Let's learn from this for next time. 

By the way, there will soon be a next time.  I fear that this decision locks the U.S. into another cycle of the same-- using a diagnosis coding system that rapidly becomes archaic and leads to another decade of desperate efforts into the 2030s to upgrade after the rest of the world has already transitioned to ICD-11.

I also fear that that the burden will be excessive on healthcare organizations in 2014 to implement ICD-10 and meet the 2014 Stage 2 Meaningful Use requirements which were both announced by CMS this week.   This burden will be greatest on the small, individual physician practices are already throttled by meaningful use, 5010, e-prescribing and healthcare reform.  They are struggling to find the time and resources for the ICD-10 effort. Since the EHR Incentive Program has a specified timeline under ARRA, I believe this excessive burden is likely to trigger another delay of ICD-10, at least for small physician practices.  

Will we be left wondering why we didn't just stop investing in ICD-10 back in 2012?


New Texas Privacy Law Increases Physician Liability Including Heftier Enforcement Penalties

As discussed in my post "New Texas Privacy Law Increases Privacy Protections and Physician Cyber Liability Risks", House Bill 300 (HB 300) strengthens protection of patients' electronic health information in Texas beyond HIPAA and becomes effective on September 1, 2012.   In a series of weekly blogs I am writing to illustrate how these stronger patient protections increase physicians' cyber liability.  Consider this case history:

An unencrypted USB drive used to store PHI could not be found in the office.   It contained data on 1,105 patients including names, diagnosis codes and Social Security numbers.   The physician subsequently notified all affected individuals and local media, added technical safeguards of encryption for all PHI stored on mobile devices, added physical safeguards by keeping new portable devices locked in a secure combination safe in doctor’s private office when not in use and added administrative safeguards including annual privacy training of staff. 

For breaches affecting >500 individuals HIPAA requires physicians to notify not only the affected individuals, but also local media outlets and the Department of Health and Human Services (HHS) who then posts breach information on their website.    However, if the PHI was encrypted, then it is not considered to be a violation and no notification is required.    The privacy violation in this case would have been avoided by either encrypting the thumb drive (a technology-based prevention strategy) or by not downloading PHI to a mobile device (an employee training-based prevention strategy).   

HB 300 privacy protections are enforced through penalties, disciplinary actions and audits that are intended to deter breaches.   Several factors are considered when determining the consequences of a breach including the seriousness of violation, compliance history, harm done to individuals and efforts made to correct violations.  Civil penalties may be assessed for each violation up to:

  • $5,000 if committed negligently
  • $25,000 if committed knowingly or intentionally
  • $250,000 if committed intentionally and PHI is used for financial gain
  • $1.5 million if a “pattern of practice” found

Physicians should also consider purchasing cyber liability insurance (or increasing current liability limits) and consulting with their Regional Extension Center, such as the North Texas Regional Extension Center (NTREC), about assistance with security risk analysis and management.

cook children