Newton-Wellesley Hospital has offered over the next five years to pay Framingham, MA, the full amount the town would lose in property taxes if the hospital gains approval for its plan to develop an outpatient screening and surgical facility. While the offer was enough for the Framingham Planning Board to begin drafting a decision regarding the project, not all of the board's members were satisfied. And in Newton, where the hospital is based, a spokesman for the city said that the change in payments would not alter Newton's approach to the hospital and whether it should provide more revenue to the city.
Democratic Congressional leaders have agreed to pursue a plan that would protect major healthcare legislation from Republican opposition by shielding it from last-minute Senate filibusters. The aggressive approach reflects the big political claim that President Obama is staking on healthcare, and with it his willingness to face Republican wrath in order to guarantee that the Democrats could not be thwarted by minority tactics.
Obama administration officials are looking for ways to increase the supply of physicians to meet the needs of an aging population and millions of uninsured people who would gain coverage under legislation championed by the president. The officials said they were particularly concerned about shortages of primary care providers who are the main source of healthcare for most Americans. One proposal, which would increase Medicare payments to general practitioners, at the expense of high-paid specialists, has touched off a lobbying fight.
As the Obama administration prepares to send Chrysler into bankruptcy court, with General Motors possibly to follow, the automakers' current and future retirees could see their pensions and healthcare funds slashed by tens of billions of dollars. GM owes $20 billion to its union retiree health fund, and Chrysler owes $10 billion to its fund.
In a bankruptcy, at least a portion of those company debts could be extinguished, leaving the retiree health funds with significant shortfalls.
The Johns Hopkins Health System Corporation announced hat it will acquire Suburban Hospital in Bethesda, MD, to convert the Montgomery County hospital into a Hopkins subsidiary. The new relationship will give the $4.5 billion Hopkins system a greater presence in the Washington, DC, region and closer proximity to the National Institutes of Health and its millions of dollars in research funding. Suburban's patients and medical personnel will have easier access to Hopkins personnel and facilities.
Tevi Troy, deputy secretary of the Department of Health and Human Services from 2007-2009, provides his thoughts on what he says are common health IT myths in this article for the Washington Post. Troy questions whether the $20 billion for EHRs in the stimulus package is worth the risk.
For a long time, ventilator associated pneumonia (VAP) had been viewed as an unavoidable evil, particularly in intensive care units (ICU).
The healthcare-associated infection (HAI) was a common occurrence among patients who had been on mechanical ventilation on an endotracheal or tracheostomy tube for more than 48 hours. As with many HAIs, however, the healthcare world's view on preventability has changed. Lee Memorial Health System, a Ft. Myers, FL-based health system, targeted VAP as an HAI the organization would wipe out completely.
And the health system has succeeded, going 24 months without a case.
There were a number of reasons why Lee Memorial chose VAPs as a target for zero—part of the Association for Professionals in Infection Control and Epidemiology's (APIC) Targeting Zero campaign. First and foremost, VAPs occurring in the ICU have the highest rate of fatality of any HAI, says Stephen Streed, MS, CIC, system director of epidemiology and infection prevention with Lee Memorial. Streed is a board member with APIC.
Studies show that "14% of patients who has had VAP has had a fatal outcome," he says. "That is too much."
In the past, says Marilyn Kole, MD, medical director of system intensive care services at Gulf Coast Medical Center, part of the Lee Memorial Health System, common parlance said that if a patient was in the ICU, there was a 30% chance the patient would contract VAP.
Medical professionals "talked about them being expected," says Kole.
The historical statistics on VAP are particularly frightening: it was considered a 5% cumulative chance of contracting a VAP, meaning after 10 days in the ICU, there was a 50% chance the patient would come down with a VAP.
Matter of perspective
One reason for the hospital's success has been a dual-level approach to looking at VAPs. On one side of the coin they have the intensivist perspective—the individual patient, the individual case. But they now also incorporate an epidemiology angle to their perspective, looking at groupings, recurrences, and trends.
"The difference is looking at patients one at a time versus groups, the way an epidemiologist would look," says Streed. "An intensivist will look at the patients one at a time."
The facility now reviews each case, but also looks at long-term trends to try to evaluate if they're headed in the right direction.
Ownership
This improvement process has increased awareness among staff and also built a sense of pride—particularly following the organization's extended success in combating VAP.
"They take it very personally now," says Streed. "They have ownership. If a VAP case were to occur, everyone would be distressed. Were one to happen now, we'd do an almost root-cause analysis level exploration of the individual and the case."
This ownership has taken root in everyone, not just clinical staff. And everyone is paying attention.
"That was an evolution," says Kole. "Now you get an infection and everyone wants to know what's going on, they want to know which patient it is."
Thanks to HHS, we now know what "unsecured protected health information" means. So where do we go from here?
If you're leading an organization that handles protected health information (PHI), you may be asking that question today.
As HealthLeaders Media reported Tuesday, HHS issued a proposal for security breach notification in a 20-page report that defines acceptable conditions for covered entities and business associates to encrypt or destroy their private patient data to secure PHI and prevent a breach.
The guidance includes the technologies and methods specified by the secretary of HHS that render PHI "unusable, unreadable, or indecipherable to unauthorized individuals."
In other words, if the data does not include these methods and technologies, it could be considered "unsecured PHI."
Time to go out and buy the latest encryption software, right? Not quite.
With its draft guidance, HHS really did no more than point to the NIST standards of data encryption, endorsed by the government regulators long before the release of the draft guidance last week, says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR.
To that end, see if your organization is already in compliance and using government-approved and offered encryption methods for information flowing out of your network.
Further, covered entities and business associates are not required to follow the guidance. HHS says in the guidance it merely creates a "safe harbor" and protects covered entities and business associates from notification requirements when a security breach occurs.
After a public comment period, which ends May 21, the final guidance will be released by August 17, according to the ARRA.
And there will be comments, says Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, of Rebecca Herold & Associates, LLC, of Des Moines, IA.
"I think there are going to be changes as far as the way to secure PHI," Herold says. "They provided basically two methods (encryption and destruction), which are both important and good. But I think there may need to be additional methods that go beyond those two."
Here's what else you can take away from the HHS draft guidance:
Consider destruction as well as encryption. "It is important to render disposed PHI, in all forms, irreversibly destroyed as well," Herold says. "The statement, ‘Note that the technologies and methodologies referenced … are intended to be exhaustive and not merely illustrative' is interesting; this makes it important for all information security and privacy folks who see gaps with these methods to submit feedback and comments during this review period."
Covered entities and their business associates must understand that these requirements apply not only to electronic PHI, but also to PHI in other forms, such as paper.
Look for further specifications of encryption. As Apgar points out, HHS did not specify the level of encryption to make data secure. "As an example, if data is encrypted using 128 bit encryption, it is not necessarily ‘unsecured' given 128 bit encryption has been broken."
Consult with your IT specialists. Several of the documents recommended by HHS are "very technical in their contents describing various aspects of information systems to include their architecture and on how data are stored, organized, and transferred within an information system," says Frank Ruelas, MBA, the creator of www.hipaabootcamp.com who is based out of Scottsdale, AZ.
What are the legal implications of the guidance? If the guidance were to be final today, how would covered entities and business associates be legally bound? After all, no one is forced to follow it; HHS merely calls it the "functional equivalent of a safe harbor"–which reminds John R. Christiansen, of Seattle's Christiansen IT Law, of the European Union data protection or anti-kickback safe harbors. "The most important implication of this is that following the guidance should protect against civil penalty actions by HHS, which published the guidance and therefore is bound by it," he says. "The fact that it is not 100% binding on the courts probably shouldn't matter."
So where do you go from here? Backward to look at your encryption methods. And forward to consider commenting on the HHS draft guidance.
Michael Steele, Republican National Committee chairman, asked President Barack Obama to withdraw Kathleen Sebelius' nomination as health secretary unless she answers more questions on abortion. Steele said Sebelius has not been forthcoming about her ties to a Kansas abortion doctor, George Tiller. The White House declined to comment and a spokesman for the Senate majority leader, Harry Reid, dismissed Steele's complaints.
Nobody wants to harm patients, especially the CEO, but according to Rick May, M.D., an orthopedic surgeon consults for HealthGrades, it's likely your hospital has a culture of hiding mistakes. And it's lurking, just waiting to bite you.
According to a recent study by the healthcare ratings organization, a Medicare beneficiary experiences a patient safety event every 1.7 minutes. And the innocuous nature of the word "event" doesn't effectively describe that it's a synonym for mistake?sometimes one that ends a life prematurely. Some 913,215 patient safety events occurred during the scope of the study, which was conducted from 2005-2007. That means approximately 2.3% of the nearly 38 million Medicare hospitalizations resulted in an error.
Rick May, M.D., an orthopedic surgeon who led the study and consults for HealthGrades on patient safety, says often a hospital's senior leadership team has no idea that its hospital may be a poor performer because they haven't cultivated a culture of transparency within the organization related to patient safety.
That's not to say doing so is easy.
"It's not easy for the CEO," May says, adding that sometimes, he or she is ignorant about data that can show how a hospital's individual departments compare in terms of quality with other organizations of similar size.
As part of a recent consulting engagement, May and his staff, met with the entire C-suite and the head cardiologist in a program with more than 20 cardiologists of a large Midwest hospital. Turns out the cardiology program had subscribed to an American College of Cardiology database that captures information on heart outcomes.
"They had been paying to collect this data for five to six years, and it's expensive," May says. "We were talking with them and noted the fact that they have the data, but what are they doing with it?"
"I take care of it," says the head of cardiology.
"I pay for this and he won't show it to us?" the CEO says.
"No," the cardiologist says, "it's my data, and I control it."
Hmmmm.
Over the course of a year, May continued his consulting engagement with this hospital. Near the end of the program, he and the CEO were in a conference room, when someone walked in, handed May an envelope that contained the ACC data summary, admonishing him not to tell where he got it.
He didn't.
May then took several pieces of that information, which, in his words, "wasn't terrible" and put it into his presentation to the cardiologists and senior hospital leaders.
"The point is, they were shocked that they were below average," May says.
The rest of the group hadn't seen the data either, and as a result, hadn't been encouraged to improve their performance in the weak areas. Eventually, they shamed the cardiology head into providing the full data.
"If you're working on improving your processes, you can't not have your nurses or staff in the room, or for that matter, the CEO," May says.
That advice goes for the public too, I might add.
Even nonphysician CEOs should be saying that they will support transparency across the institution and let chips fall where they may. Doing so may hurt your reputation in the short term. Understandably, given the liability that could come from admitting mistakes and the hit to revenue that could come from having that data out in public might be an issue, but it doesn't trump the cost to the hospital from medical mistakes in the long run.
"Recognize that your system is most likely set up to conceal mistakes and internally, you have to be very diligent about pursuing the truth."Your first look at the data may be very misleading," May says.
Understand that you're not only concealing this data from the public, you're concealing it from yourselves as hospital operators.
"For decades, their system has been set up not to report medical mistakes," he says, "so you really have to dig. Do not believe your first pass. You might have to create active monitoring systems to really find out what's going on."
It takes lots of resources to make this happen. But look at it this way, based on the HealthGrades study, about 2% of Medicare patients are experiencing an event. That represents only about 50% of the ones who do have an event, May says, because mistakes are significantly underreported.
These mistakes cost between $7 billion and $9 billion over the three-year period of the study, which translates to $1 million-$2 million per hospital, not to mention the incalculable damage that has been done to patients because of errors.
"Before where patients experienced some of these events, it was a perverse incentive and the hospital made money on them," May says.
But given the ever-expanding list of "never events" that Medicare won't pay for, and the idea of paying for episodes of care, as Medicare and Congress seem interested in doing in future regulation and legislation, "anything that extends length of stay is going right to the hospital's bottom line."
