Steve Anderson is seeing green at MedicareResources.org this week for his compilation of health wonkery. Read this week’s Money Changes Everything edition here.

By Peggy Salvatore

This is the eighth entry in a series of blogs for ePharma Summit 2016 to explore ways the pharmaceutical industry can maximize the promise of digital health.

A report put out by the California Health Care Foundation  last week chronicled the promise of digital health holding the key to holding down costs for low-income patients with chronic conditions. After all, it is the poor, those with poor literacy and health literacy, who are often the ones with the highest rate of chronic disease – and the highest cost – to the healthcare system.

Who pays? For patients who fit this description, it is often the states and federal government who end up footing the bill for medications, emergency department care (because they sometimes don’t have a home at all, let alone a medical home) and inpatient stays. The study states:

Some 90 million Americans have multiple chronic conditions (MCCs), with the prevalence of MCCs highest among people with the lowest incomes. Each additional chronic disease increases a person’s risk of adverse drug events, higher out-of-pocket expenses, impaired functional status, hospitalization, and mortality. Two-thirds of health spending is associated with patients managing MCCs. (p.3)

A series of pilot programs have shown that even the poorest of the poor in unstable living situations often have a cell phone or even a smart phone, and Internet access at a computer. With just those tools, a few low-cost, high-touch digital outreach programs have moved the needle with medication compliance, attending appointments and maintaining health regimens recommended by their providers.

Here are a few highlights from this February 2016 CHCF study which surveyed global healthcare leaders:

• Digital solutions use texting, customize language and communication style to the audience, uses portals, kiosks, video, telephone and cable, combines medical and social services, leverages a trusted human and collects data passively.
• One-half of low-income adults own a smartphone and 84% own a cell phone. Customized text messaging bolstered appointment adherence by 40% and medication adherence by 12%. One successful test program has been expanded to Medicaid care management programs in New York.
• Text4baby is a program in both English and Spanish that messages labor signs and symptoms, birth-defect prevention, prenatal care, urgent alerts, developmental milestones, immunizations, nutrition, safety and more. It also connects users to Medicaid and the CHIP program.
• Meducation targets community health centers and translates medication and discharge instructions into 18 languages as well as provides visual instructions.
• Kaiser Permanente implemented KP HealthConnect by mining retrospective data in the EHR and using HEDIS data sets to use electronic messaging to bolster outcomes for black patients managing diabetes and heart disease.
• In a North Philadelphia grocery store in a low-income area of the city, one kiosk with behavioral health information encourages people to get “a check-up from the neck up”.

Some programs leverage relationships with faith-based initiatives, federally qualified health centers and university programs. The promise of digital health to help, diagnose, treat and manage diseases and common conditions (like pregnancy!) are only limited to our imagination.

With the desire to serve those who cannot afford and do not have regular access to healthcare, and the limitations of state and federal budgets to do so, digital health solutions can bridge the gap between poor health outcomes and managing high-risk populations.

Last Friday, widely used websites like PayPal, Netflix and Twitter were unavailable due to a distributed denial of service (DDOS) attack . Hackers got into those systems through technical holes in hundreds of thousands of personal wifi-enabled devices like baby monitors and personal devices to bring down a website host, Dyn. For people in healthcare who are concerned about security, it brought a system vulnerability into sharp relief.

I am not a computer expert (disclaimer), but as I understand it, many of the consumer and even medical personal devices that we use to monitor our health and deliver data to the electronic patient record are pre-set with default passwords. Users don’t usually reset them to a private password so most of these IoT devices remain set with the factory default. Apparently, any hacker can guess the default passwords, hijack the devices and get them to log into a web host system like Dyn all at once which overloads the system with requests and causes it to fail.

Vulnerabilities to Healthcare Organizations and Individual Patients

These kinds of vulnerabilities pose risks to individual patients and healthcare systems.

Healthcare organizations have already sustained several debilitating attacks that have occurred in this way. In 2014, Boston Children’s Hospital was offline for several days after a DDOS attack by the group Anonymous that was protesting its treatment of a patient; other hospitals have sustained similar attacks. Computer experts say there are measures that hospitals and health systems can institute to prevent such attacks. This article broadly describes some of those precautions.

Concerns regarding the safety of individual patient devices such as heart monitors and insulin pumps fall into two broad categories 1) diverting data thus compromising patient privacy and 2) resetting dosing parameters thus endangering patient lives. The FDA, which regulates medical devices, is interested in the issue and has studied it, but so far has decided not to regulate the IoT of medical devices for several reasons. It is technically difficult to do, technology and security advance more quickly than threats, and the threat to individual patient health and safety is more theoretical than actual. A hacker could hack into an individual patient’s medical device to reset it, but that is very unlikely. It doesn’t mean that patients with consumer or medical devices cannot or should not take steps to protect themselves. Patients can reset default passwords. This article from TechTarget describes the pros and cons of patient access to device passwords in more detail.

Due Diligence

The attack last week wasn’t a state-sponsored attack from Russia as originally postulated, but came from non-state-sponsored vulnerabilities out of China . No matter where it came from, last week’s incident reminds everyone, including those in healthcare, that a damaging hack attack is not that hard to do. In fact, attacks like this occur all the time, all over the globe. For a little fun – or for a wake-up call – check out this website where you can watch cyberattacks in real time. There is usually a lot of activity into and out of the U.S., Russia and China.

The challenge for IT specialists in health care is to make sure these attacks aren’t perpetrated on your patients or your organization. This article from Modern Healthcare  describes Athenahealth and Allscripts outages that occurred during the DDOS attack last week. A Medical Group Management Association health information expert reminded individual physicians’ offices that their data, too, can be taken offline during an attack and he recommends backup plans that involve having a technician on speed dial.

An article out of the 2014 Black Hat hackers conference  explains that all attacks –even those not directly targeted at healthcare – should be of concern to health IT professionals.

All hacks and cyberattacks can expose your patients and organizations. The Dyn DDOS attack is a reminder to do your due diligence.

Technology is moving much faster than the snail’s pace of government and regulation. It is an exciting time to be – not just in healthcare – but to be alive.

I’ve been hanging around the virtual water cooler in healthcare for two decades, and now the promise of technology as it affects and improves our lives is beginning to come to fruition. With that, here is a roundup and just a few developments and their significance to the future of healthcare from a medical, business and financial perspective.

Med-Tech: At the head of the futurist pack is Dr. Peter Diamandis, known for oh-so-many things including a founder of the X-PRIZE, Singularity University and the Human Longevity Institute. In his May 19 Abundance Insider, he looks  at a bionic hand developed in the UK “capable of grasping objects without the wearer’s focused thoughts.  The researchers created a convolutional neural network training the hand and its algorithm on the images of over 500 objects in various orientation and lighting conditions with four programmed grasps that you might use to pick up things.”  Go to the link to see the video. Under that entry, you can read the next story about an 18-year-old Mexican student who designed a bra that detects breast cancer.

Health Biz-Tech: The business of healthcare is all about how we pay for medical services and the structure of the business model. Our current system is focused on an insurance-based payment model. Already, insurance companies are toying with issuing insurance policies in real time based on your current medical history that involves instantaneous analysis of your condition, the company’s risk and what it will cost you to be covered by them. This could blow all the regulations out of the water. It could also call into question the current model of trying to cover everyone with insurance and could instigate a movement to have us begin to look at a different business model completely, especially in light of the kind of Med-Tech advances in the pipeline that will completely alter our outcomes and lifespan.

Health Fin-Tech: How and why certain goods and services get paid keep many an insurance agent, claims administrator and government regulator up at night., not to mention the security people who need to lock down our data to maintain patient privacy. The blockchain has the promise of changing the financial world, and healthcare payments and security will be part of this revolution. I am attending a Meetup of blockchain people in my area this Saturday and I’ll report back at some point.

They say those in a movement need to either lead, follow or get out of the way.

At some point in the history of the evolution of healthcare, government was in a position to lead. In the past few years, it has been in the unfortunate position of having to follow as technical advances outpaced the ability of government to legislate and regulate at the pace of change. Now it is time for government to get out of the way. At some point, we’ll need to regulate for safety and security reasons. But this is not that time.

By Terry McGinn and Peggy Salvatore

We’ve been getting quite a bit of interest and feedback regarding our series on standard operating procedures, so we’ll continue writing about this topic this week.

After all, inherent in the word “expert” is the idea that something is done correctly. Correct procedures and best practices need to be captured and passed on. Sometimes, though, it seems the only people who care if the SOPs are followed are the experts who wrote them.

Truth is, everyone needs to care. Accountability right down to the last man or woman is absolutely the key essential ingredient in ensuring regulatory compliance.

Train for Accountability

Employees who are tasked with executing the many small, incremental steps are responsible only for their piece of the process. Sometimes in the laser-focus on one task, people may lose sight of the bigger picture. That bigger picture – a safe product going out the door – needs to be reinforced occasionally. Training usually steps in here for both reinforcement and correction. When that fails, the regulatory authorities will notice. Companies get slapped with government warnings and fines at a higher rate than the average person may realize. But if you are in a regulated industry, you know how often you are out of compliance.

Think about dialing the failure point back to its origin. The failure point is when the SOP is not correctly written, understood and applied.

Only then does the employee fail to perform to specifications.

Only then will training have to step in for often very expensive correction.

Only that will happen when an audit reveals you are out of compliance with your SOPs, and the Corrective and Preventative Actions (CAPAs) applied at that point of failure. That doesn’t need to happen.

In a perfect world, it should look like this:

If your current plant is not operating flawlessly as above, identify your points of failure:

1. How many people are asked to retrain personnel after a deviation or equipment issue?
2. How many SOPs do you have? Are they overwhelming or conflicting?
3. Are they easy to understand and do they follow a logical, stepwise process?
4. After a deviation, is the SOP reviewed?
5. Are people observing the CAPAs?

And, the big question…

Do your employees feel responsible and accountable for performing their jobs according to the SOPs in place?

Employees feel empowered when they are able to follow well-written SOPs, and when they are acknowledged for contributing to a well-run organization. Points of failure cannot be business as usual. Organizations that accept points of failure as the status quo have a company culture that unintentionally encourages non-compliance.

Maybe that is worth repeating:

Organizations that accept points of failure as the status quo have a company culture that unintentionally encourages non-compliance.

And the road to audit hell is paved with regulatory non-compliance.

The Solution

Dial back your points of process failure to the source.

Ask yourself:

• Are my SOPs well written?
• Do my employees feel a sense of responsibility for performing to specifications?

If your answer to either of those questions is, “No” or “I don’t know”, give us a call.

We would be happy to speak with you.

Unlike some problems in the universe, the problem of poorly-written and executed SOPs can be solved. Let’s do it.

Terry McGinn has worked in regulated industry for many years and has experience in written procedures that will help pass scrutiny of a regulatory authority inspection. To have a conversation, write to us at workingwithsmes@gmail.com to set up an appointment.  

Photo by Drew Hays on Unsplash

By Peggy Salvatore and Terry McGinn

Each company in a regulated industry is required to follow written procedures.  The written procedure describes how steps or tasks are to be followed to achieve the desired outcome or result.  Having these steps identified permits the distant or precise way to achieve the end of your process or practice. 

Knowing the critical nature of having written procedures, your standard operating procedures and best practices need to follow a few procedures of their own so you can replicate what you do across your organization.  In other words, your standard operating procedures need to be transparent and streamlined.

One of the many purposes of the SOP or best practice process is to ensure that the process flow can meet expectations. Done well, your standard process or procedure should result in a quality product or achieve the desired result every time.

Knowledgeable and trained  personnel must have the SOP available to follow because no matter how many years’ experience they may have, even experts get stuck for a variety of factors. In fact, some experts know their jobs so well that they think they can skip or modify steps, take shortcuts, or do it from memory. This is a red flag!

The SOP should be written in a logical process flow that will allow someone looking for the cause of a failure later can pinpoint where a difficulty arose. Reviewing the SOP with someone internally or externally who is checking or auditing your procedure should allow them to identify what and where things  went wrong.

When you have a point of failure, an examination of the SOP should indicate gaps or problems that can include one or more of a host of issues including materials, equipment, environment and much more. Often, a failure can point to the source of your complications by reading the SOP against practice.

A well-written procedure or best practice document will:

1. Be written to describe the flow clearly to anyone trained on it
2. Include every essential step without including extraneous steps or materials that can and should be accessed elsewhere
3. Always be followed by everyone from the new hire to the veteran employee using the current SOP

Expect you will have changes to your SOPs on occasion. Expect you will need to review your documents periodically according to your SOP. And expect that when you have a clean, clear, streamlined SOP process that your errors should be few and easily identifiable.

To summarize, standard operating procedures and best practices need to follow procedures of their own so you can replicate what you do across your organization.  In other words, they need to be transparent. If they are the opposite of transparent – opaque – they are hard to follow and may result  in errors.

If you would like to talk to us about your SOP process, give us a call for a no-obligation preliminary review of your procedures.

Terry McGinn has worked in regulated industry for many years and has experience in written procedures that will help pass scrutiny of a regulatory authority inspection. To have a conversation about writing your standard operating procedures, write to us at workingwithsmes@gmail.com to set up an appointment.  

Photo by Drew Hays on Unsplash

Last week was the most important annual convention for health information technology, HIMSS 2018. The Health Information Management Systems Society (HIMSS) provides a forum for thought leaders and a venue for innovative products.

The 2018 U.S. HIMSS Leadership and Workforce Survey provides some insights about the state of health IT today and where its efforts will be focused for the next 12 months. With input from 369 hospital/health system and vendor respondents, the survey revealed that privacy and security, process improvement and workflow as well as data analytics and business intelligence to inform clinical decision-making remain top of mind.

For a glimpse of the 2018 priorities of the HIMSS respondents, this chart shows the Top 10 concerns of hospital leaders and the correlating priorities of the vendors who serve them. While there tends to be agreement about the top 10 issues facing health IT today, vendors and their customers do not always have alignment about their relative importance.

TOP 10 HEALTH IT PRIORITIES FOR HOSPITALS AND VENDOR CORRELATION (click to enlarge)

A Saturation Point

One of the most telling discrepancies between hospital and vendor respondents was the fact that hospitals overwhelmingly either anticipated stagnation or reduction in hiring in 2018 while vendors are still showing aggressive hiring practices. Vendors may be responding to last year’s demand and this survey indicates a need for them to adjust their projections to align with their customers.

CURRENT WORKFORCE VACANCY (click to enlarge)

This trend may show a saturation point for hospitals regarding how much more change and expense they are currently willing to incur to play the expanding health information technology game to the level that the government, innovators and vendors would like to push them.

Willingness is only part of the equation. The next generation of health information products in development will move information and technology to further integration and greater utility for patients, providers and payers. This trend is a juggernaut that will take both hospital and vendors with it in the next few years. Guaranteed.

by Peggy Salvatore and Terry McGinn

This article is cross-posted at www.workingwithsmes.com

Sometimes expert knowledge isn’t really knowledge at all. In fact, if your data sounds too good to be true, it just might be.  Sadly, for reasons of human sloth, greed or carelessness, sometimes the experts who supply your data are giving you bad information – and they know it.

In Finding Your SMEs, we discuss times when you may be dealing with conflicting expertise or when you may be asked to ignore some information and favor other information in your documentation to please a stakeholder. In those cases, you aren’t dealing in bad data. Rather, you are dealing with differences of opinion.

That’s an honest debate of the relevant facts.

Falsifying data to purposefully mislead someone is different than simple disagreement among experts.

When you are dealing with falsified data, there are no facts. There is no honest debate. There is only an intent to deceive. In regulated industries that depend on quality data to remain in legal compliance, falsified data can have many bad outcomes including products that are substandard, dangerous or deadly. Your best defense is to know your regulations and how to work with them because, remember, you can be guilty simply by omissions.

Remember Volkswagen? What About Your Drugs?

In 2015, the U.S. Environmental Protection Agency discovered that many VW cars were outfitted with software programmed to falsify data during emissions testing showing the cars met carbon dioxide emission standards. The brand suffered substantial damage and the company was exposed to up to $18 billion in fines when it was discovered the cars actually emitted up to 40 times the allowable amount. This attempt to defraud the public resulted in massive car recalls and a loss of company credibility along with profits.

Money lost. Reputation lost. Environment damaged.

In biopharmaceuticals, clinical trial data is the stuff upon which the Food and Drug Administration makes decisions about the safety and efficacy of pharmaceutical products. Does data get falsified there, too? Unfortunately, yes!

A 2001 study showed that falsification of scientific data used in FDA evaluations of experimental drugs was not uncommon, and it ranged from falsifying the identities of clinical trial subjects and their physical exam results to creating duplicate records to achieve the desired number of trial subjects.

It still happens today.

Just a few weeks ago, a Kyoto University research group headed by Nobel laureate Shinya Yamanaka was found guilty of fabricating all six main data figures in a study published in Stem Cell Reports. The study claimed it had modelled the blood-brain barrier in vitro using pluripotent stem (iPS) cells. Yamanaka, who won the 2012 Nobel Prize in physiology or medicine for discovering iPS cells, reportedly was going to donate his salary to the university as a mea culpa but the damage to his reputation will live beyond his paycheck.

Bad data can hurt – or even kill- patients and it exposes the biopharma research companies who rely on quality data to potentially billions of dollars in fines and, at the end of the day, the delay or loss of up to a billion dollars in research and development for a product that can’t be supported by strong, reliable data sets.

Is Your Data Subject to Tampering?

One of the ways to ensure that your data is valid is to have strong processes in place for data collection and auditing. Long before an FDA or compliance inspector finds a problem with your product or process, you can lock down your documentation with well-written and faithfully executed standard operating procedures.

By taking some strong action today, you can implement steps to avoid harm to your brand reputation, delayed or denied product approval, heavy fines, jail time and, of course, harm to patients.

If you would like to discuss your process for developing and implementing standard operating procedures, write to us at workingwithsmes@gmail.com and schedule a no-obligation appointment for a review of your organization’s data integrity vulnerabilities.

Terry McGinn has worked in regulated industry for many years and has experience in written procedures that will help pass scrutiny of a regulatory authority inspection.

This article is cross-posted at www.workingwithsmes.com.

In aviation, safety is always the primary concern. In fact, aviation’s safety record is so stellar that it is considered a model for healthcare. That is quite a testament.

However, a retired pilot friend recently bemoaned that the emphasis on FAA rules and regulations has overtaken concern about safety, and aviation is not better for the change.

“Now we’re only concerned about compliance. We have a cast of thousands as support staff. When I started flying in 1964, Part 91 federal regulations were about 30 pages. You could memorize it. Today, it is hundreds, if not thousands, of pages and nobody can possibly know everything that is in there. We are less safe today than we were 50 years ago,” he complained.

Making and keeping track of all those regulations costs aviation a lot of money. It requires a boatload of federal regulators to oversee them, and costs private carriers a bundle of money to hire people to monitor every jot and tittle of the laws. One misstep, and they can shut you down. And, he concludes, neither the passengers nor the airline employees benefit from this over-regulation.

Will Healthcare Follow Aviation Again?

Just about everyone in healthcare knows about the vaunted aviation checklist, and how it has become standard procedure in many operating rooms today. Books are written and consultants make good livings just teaching the checklist approach to safety. The checklist is a great tool. Healthcare is better for following aviation down that path.

But is healthcare going to benefit by following the FAA down the road to over-regulation? We can trip on our path toward safety by using regulations as stumbling blocks instead of using some common sense rules to pave a smooth road to improved quality and performance.

So Many Rules They Can’t Be Followed

Just yesterday, I was observing a training class that I wrote for a major pharmaceutical company that shall remain nameless, but one that we all know and love. We were training hourly line employees on procedures that affect product safety. To a person, they had one complaint: standard operating procedures were becoming downright cumbersome and made it very difficult to follow, let alone implement, them.

One veteran employee said when an incident occurs, someone writes another procedure and adds it to the book of procedures. Nothing else in the book is deleted or changed, and so it is becoming nearly impossible to follow. In fact, the employee complained that SOPs are written in response to each incident, meaning that many new SOPs only relate to one isolated incident each. The SOPs are losing their meaning and rationale. It is just a jumble of unrelated knee jerk reactions to specific incidents.

The employee concluded the company was creating more problems than it was solving by having a procedure manual that could not be followed. There are now so many rules to follow, the rules can no longer be followed, the employee complained.

Is All of Healthcare Headed Toward Unwieldy SOPs?

With the passage of the Accountable Care Act, known colloquially as ObamaCare, many believe that we are headed down a path of over-regulation. Where common sense and good medical practice once dominated the industry, healthcare practitioners (formerly called nurses and doctors) are overwhelmed with rules regarding how they practice, to which the actual art and science of medicine is taking a backseat.

At a recent visit accompanying a friend to a physician’s appointment at a hospital center, we observed that we were two of only four people sitting in a new waiting room with 25 chairs, two large receptionist desks – one that seated four and another with 12 stations – and a physician accompanied by a nurse and a receptionist carrying around a brochure rack deciding where to place it. Let me say that again. A highly skilled specialist was carrying around a brochure rack with his nurse and receptionist trying to find a place for it.

In this brand-spanking-new facility where our doctor’s office had been moved since our last visit (from a very modern, extremely functional office building now sitting vacant in the parking lot), we also observed not one – but two – printers behind the one receptionist desk and a wall of file drawers. We filled out our medical information on a clipboard, which we have done for each of his visits for the last three years to have it inserted into his manila file folder.

Sigh.

The Trend Is…

By personal experience as well as professional observation, the trend is toward more regulation, more staff to assure compliance with the rules, and an ongoing steady stream of physical and electronic paperwork to track patients.

Instead of continuing to ramp up our regulatory oversight into the stratosphere, perhaps it is time to – if I can paraphrase my retired pilot friend – throttle back and re-evaluate what we are really trying to accomplish.

Photo by NeONBRAND on Unsplash

By Peggy Salvatore, MBA

About 8 years ago, I started Health System Ed as an educational portal about the value of health information technology. It started with a blog called “Imagine” that described the dream of having all relevant patient information, all the time, in real time, to make good decisions about the patient in front of you based on best practices that had been determined by measuring what treatments worked in which patients.

Lately, as I write about genomics and sensored medical devices, it is clear that we are oh-so-close to the dream. In 2010, I didn’t have a clue how long it would take to achieve lift-off. Today, all the pieces are in place for people (masquerading as patients to the healthcare system) to know what is going on inside their bodies even before they manifest illness sometimes.

• Scientists and researchers can peer inside the genetic code to see what has gone awry, and they can snip, delete and replace poor genetic codes.
• Doctors can measure results by getting information about the patient in real time – whether it is a glucose reading to track the efficacy of your medication dosage, a heart rate monitor looking for signs of trouble, or a sensored knee brace telling your orthopedic surgeon whether you are doing your rehabilitative exercises
• Patients can know how they are doing and adjust their behaviors
• Payers know what works, what to pay for, and when to implement resource utilization strategies to encourage best practices

The electronic patient record systems are mostly in place now to capture information. They may need to be tweaked, upgraded, or replaced with the next generation of software, but the infrastructure is in place today. Next, we will build the analytics to turn data into usable information.

One of the most beneficial aspects of capturing patient data – everywhere, all the time – is that ultimately people will get the most effective treatment first which will drive down costs to the system and extend the healthy human life span. When we know what works in whom, it is a much shorter trip from disease to health.

It is nothing but exciting. We aren’t there yet. But we can see “there” from here.

Peggy is an author and writer who specializes in healthcare.