As the Obama administration prepares to send Chrysler into bankruptcy court, with General Motors possibly to follow, the automakers' current and future retirees could see their pensions and healthcare funds slashed by tens of billions of dollars. GM owes $20 billion to its union retiree health fund, and Chrysler owes $10 billion to its fund.
In a bankruptcy, at least a portion of those company debts could be extinguished, leaving the retiree health funds with significant shortfalls.
The Johns Hopkins Health System Corporation announced hat it will acquire Suburban Hospital in Bethesda, MD, to convert the Montgomery County hospital into a Hopkins subsidiary. The new relationship will give the $4.5 billion Hopkins system a greater presence in the Washington, DC, region and closer proximity to the National Institutes of Health and its millions of dollars in research funding. Suburban's patients and medical personnel will have easier access to Hopkins personnel and facilities.
Tevi Troy, deputy secretary of the Department of Health and Human Services from 2007-2009, provides his thoughts on what he says are common health IT myths in this article for the Washington Post. Troy questions whether the $20 billion for EHRs in the stimulus package is worth the risk.
For a long time, ventilator associated pneumonia (VAP) had been viewed as an unavoidable evil, particularly in intensive care units (ICU).
The healthcare-associated infection (HAI) was a common occurrence among patients who had been on mechanical ventilation on an endotracheal or tracheostomy tube for more than 48 hours. As with many HAIs, however, the healthcare world's view on preventability has changed. Lee Memorial Health System, a Ft. Myers, FL-based health system, targeted VAP as an HAI the organization would wipe out completely.
And the health system has succeeded, going 24 months without a case.
There were a number of reasons why Lee Memorial chose VAPs as a target for zero—part of the Association for Professionals in Infection Control and Epidemiology's (APIC) Targeting Zero campaign. First and foremost, VAPs occurring in the ICU have the highest rate of fatality of any HAI, says Stephen Streed, MS, CIC, system director of epidemiology and infection prevention with Lee Memorial. Streed is a board member with APIC.
Studies show that "14% of patients who has had VAP has had a fatal outcome," he says. "That is too much."
In the past, says Marilyn Kole, MD, medical director of system intensive care services at Gulf Coast Medical Center, part of the Lee Memorial Health System, common parlance said that if a patient was in the ICU, there was a 30% chance the patient would contract VAP.
Medical professionals "talked about them being expected," says Kole.
The historical statistics on VAP are particularly frightening: it was considered a 5% cumulative chance of contracting a VAP, meaning after 10 days in the ICU, there was a 50% chance the patient would come down with a VAP.
Matter of perspective
One reason for the hospital's success has been a dual-level approach to looking at VAPs. On one side of the coin they have the intensivist perspective—the individual patient, the individual case. But they now also incorporate an epidemiology angle to their perspective, looking at groupings, recurrences, and trends.
"The difference is looking at patients one at a time versus groups, the way an epidemiologist would look," says Streed. "An intensivist will look at the patients one at a time."
The facility now reviews each case, but also looks at long-term trends to try to evaluate if they're headed in the right direction.
Ownership
This improvement process has increased awareness among staff and also built a sense of pride—particularly following the organization's extended success in combating VAP.
"They take it very personally now," says Streed. "They have ownership. If a VAP case were to occur, everyone would be distressed. Were one to happen now, we'd do an almost root-cause analysis level exploration of the individual and the case."
This ownership has taken root in everyone, not just clinical staff. And everyone is paying attention.
"That was an evolution," says Kole. "Now you get an infection and everyone wants to know what's going on, they want to know which patient it is."
Thanks to HHS, we now know what "unsecured protected health information" means. So where do we go from here?
If you're leading an organization that handles protected health information (PHI), you may be asking that question today.
As HealthLeaders Media reported Tuesday, HHS issued a proposal for security breach notification in a 20-page report that defines acceptable conditions for covered entities and business associates to encrypt or destroy their private patient data to secure PHI and prevent a breach.
The guidance includes the technologies and methods specified by the secretary of HHS that render PHI "unusable, unreadable, or indecipherable to unauthorized individuals."
In other words, if the data does not include these methods and technologies, it could be considered "unsecured PHI."
Time to go out and buy the latest encryption software, right? Not quite.
With its draft guidance, HHS really did no more than point to the NIST standards of data encryption, endorsed by the government regulators long before the release of the draft guidance last week, says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR.
To that end, see if your organization is already in compliance and using government-approved and offered encryption methods for information flowing out of your network.
Further, covered entities and business associates are not required to follow the guidance. HHS says in the guidance it merely creates a "safe harbor" and protects covered entities and business associates from notification requirements when a security breach occurs.
After a public comment period, which ends May 21, the final guidance will be released by August 17, according to the ARRA.
And there will be comments, says Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, of Rebecca Herold & Associates, LLC, of Des Moines, IA.
"I think there are going to be changes as far as the way to secure PHI," Herold says. "They provided basically two methods (encryption and destruction), which are both important and good. But I think there may need to be additional methods that go beyond those two."
Here's what else you can take away from the HHS draft guidance:
Consider destruction as well as encryption. "It is important to render disposed PHI, in all forms, irreversibly destroyed as well," Herold says. "The statement, ‘Note that the technologies and methodologies referenced … are intended to be exhaustive and not merely illustrative' is interesting; this makes it important for all information security and privacy folks who see gaps with these methods to submit feedback and comments during this review period."
Covered entities and their business associates must understand that these requirements apply not only to electronic PHI, but also to PHI in other forms, such as paper.
Look for further specifications of encryption. As Apgar points out, HHS did not specify the level of encryption to make data secure. "As an example, if data is encrypted using 128 bit encryption, it is not necessarily ‘unsecured' given 128 bit encryption has been broken."
Consult with your IT specialists. Several of the documents recommended by HHS are "very technical in their contents describing various aspects of information systems to include their architecture and on how data are stored, organized, and transferred within an information system," says Frank Ruelas, MBA, the creator of www.hipaabootcamp.com who is based out of Scottsdale, AZ.
What are the legal implications of the guidance? If the guidance were to be final today, how would covered entities and business associates be legally bound? After all, no one is forced to follow it; HHS merely calls it the "functional equivalent of a safe harbor"–which reminds John R. Christiansen, of Seattle's Christiansen IT Law, of the European Union data protection or anti-kickback safe harbors. "The most important implication of this is that following the guidance should protect against civil penalty actions by HHS, which published the guidance and therefore is bound by it," he says. "The fact that it is not 100% binding on the courts probably shouldn't matter."
So where do you go from here? Backward to look at your encryption methods. And forward to consider commenting on the HHS draft guidance.
Michael Steele, Republican National Committee chairman, asked President Barack Obama to withdraw Kathleen Sebelius' nomination as health secretary unless she answers more questions on abortion. Steele said Sebelius has not been forthcoming about her ties to a Kansas abortion doctor, George Tiller. The White House declined to comment and a spokesman for the Senate majority leader, Harry Reid, dismissed Steele's complaints.