Regulatory requirements have gone from high priority to the only priority for healthcare IT.

David F Carr, Editor, InformationWeek Government/Healthcare

May 19, 2014

14 Min Read

Read the new issue of InformationWeek Healthcare.

Healthcare has always been a highly regulated industry, but in the last few years requirements for implementing and documenting digital healthcare systems have been piling up so fast that IT organizations have little time for anything else -- including making sure the systems they already have in place are being used effectively. The InformationWeek Healthcare IT Priorities Survey of 322 technology pros at healthcare providers shows "meeting regulatory requirements" is the No. 1 initiative on participants' minds. Most of the other items at the top of the list, such as implementing or upgrading electronic health records (EHR) systems, are also largely driven by federal government requirements.

 "The priorities we're trying to deal with right now are those being mandated," says Randy McCleese, CIO of St. Claire Regional Medical Center. "We can't do anything else. We have put everything else on the back burner except for those things that absolutely have to be done."

Against the crushing wave of requirements, what's most neglected by IT organizations is optimizing how healthcare providers use all the technology they've bought of late -- "and we've been provided with a lot of functionality in the last three to four years," says McCleese, who's also chairman of CHIME, the College of Healthcare Information Management Executives. "We've put all this technology in place quickly to meet the requirements, but we have not had a chance to make sure it's working effectively."

Figure 2:

On a scale of 1 to 5, with 5 a top priority, survey participants give regulatory requirements a mean rating of 4.5, and 65% rate it a top priority. Managing electronic medical records systems gets a mean rating of 4.2 and is a top priority for 53% of health IT pros.

The EHR vendors most frequently used, Epic and Cerner, appear to be cementing their market dominance. Thirty-seven percent of providers cite Epic as the EHR their organizations are implementing or planning to implement, up from 27% last year. Cerner is the choice of 22%, up from 16% last year. Yet the percentage of participants saying their EHR strategy is to rely on a "comprehensive system from a single vendor" is down slightly to 56%, compared with 62% last year.

The federal government encouraged EHR adoption with incentive payments, funded as part of President Obama's stimulus plan approved in 2010, as well as the threat of reduced Medicare reimbursement for organizations that fail to digitize. Incentives are tied to standards measuring "Meaningful Use" of EHRs, and that Meaningful Use program has progressed from requiring initial adoption of EHR in Stage 1 to a more ambitious set of requirements in Stage 2. Stage 2 went into effect this year, requiring capabilities to exchange electronic records with other institutions and to make records available to patients online. About nine of 10 providers say they're very or somewhat confident they'll hit the Stage 2 end-of-2014 deadline.

The Meaningful Use program also encourages the use of health information exchange technology, starting with the ability to exchange Direct Protocol messages, a type of secure email that can include structured attachments such as medical documentation to ensure continuity of care. However, grander plans to build state and regional HIE data hubs have stalled

Next Page

in many places. About a quarter of survey respondents (24%) say their organizations aren't participating or planning to participate in any HIE. Among those snubbing this approach, 49% see "no business or medical need for it" and 24% say they're "waiting for vendors to solve interoperability issues first."

Meaningful Use and other federal programs, as well as the accreditation programs governing healthcare organizations, all come with a constellation of metrics that providers must gather and report.

Figure 3:

Does the overall direction of the regulatory push make sense?

"I will give you a flat-out, unqualified 'yes,' " McCleese says. "Had it not been for Meaningful Use, we probably would still be struggling to find the funding to do electronic medical records. For the patient's sake, safety's sake, we have to get there."

This is a case of "be careful what you ask for, you might get it," McCleese says. After years of lobbying for the government to instigate change, "all of a sudden, we got it all at once. We really need 10 to 15 years, in my mind, to really absorb this. What we're being given is five years. Still, this is pushing us in the direction of where we, as an industry and for the patients, where we need to be."

John Halamka, CIO of Beth Israel Deaconess Medical Center and a well-known physician/technologist who has advocated for the digitization of healthcare data, calls Stage 1 "a tide that caused all boats to float. What's not to like?" However, Stage 2 has shifted the focus to "more prescriptive regulation" that has reshaped the workflow of healthcare and required EHR vendors to put many of their software improvement plans on hold in favor of meeting government dictates.

"You run the risk of being overly prescriptive," Halamka says. Confirming that "compliance takes more of my day than ever before," he hopes to see regulators shift to a greater emphasis on "what you must achieve and not necessarily how you must achieve it." That would create room for the best of both worlds, including "compliance and innovation at the same time."

Figure 6:

While regulation of healthcare IT is hardly new, the burden has gotten worse in the last five years, says Larry Helms, CIO at Valley-Wide Health Systems, a network of physician practices in Colorado. "Our focus and our strategy have been sidetracked. We're distracted from the actual work we're trying to do, which is give the best patient care to our patients."

In addition to putting energy into Meaningful Use requirements, Valley-Wide is participating in the patient centered medical home (PCMH) program, which tries to improve quality and lower the cost of healthcare by emphasizing primary care and better coordination of care across providers. PCMH is another program promoted by the federal government, with incentives

Next Page

aligned to meeting quality metrics defined by the Agency for Healthcare Research and Quality. The goals of such programs are good, but when providers are compelled to meet specified metrics, sometimes that's all they do -- like making sure a care plan is printed out for every patient, rather than focusing on whether the care plan is actually helpful.

Specialist healthcare practices can also find it awkward to meet requirements written with hospitals and primary care physicians in mind. Rachael Britt-McGraw, CIO at Tennessee Orthopaedic Alliance, which provides orthopedic surgery services in Nashville and central Tennessee, says there are also differences in the role digital records play in specialty practices and more general care, so that at times meeting the requirements feels like a contortion. "I don't think you can measure them all with the same yardstick," she says. 

The federal government did cut healthcare organizations some slack on one requirement, when Congress passed a law delaying by a year the implementation of the ICD-10 standard for diagnosis and billing codes, pushing it back from the Oct. 1, 2014, deadline. Yet the reprieve didn't come until six months before the planned implementation date. "Everybody bought software, did a lot of training -- and then it was, 'Oh, by the way, don't do it,' " says CHIME president and CEO Russell Branzell, a former hospital CIO.

Figure 5:

Room To Innovate
Leading CIOs we spoke with believe their concerns are being heard by the relevant federal regulators in the Centers for Medicare and Medicaid Services (known as CMS) and the Office of the National Coordinator for Healthcare IT. For Meaningful Use Stage 3 and related programs, they hope the emphasis will shift to requiring organizations to demonstrate the meaningful impact they can have on healthcare outcomes with the use of technology, while leaving more room for variation and innovation. They hope to see IT specifications more narrowly focused on areas where standardization is essential.

McCleese says regulators are agreeing with the need to make the EHR push "more meaningful to patients" and have indicated that they will consider slowing down the imposition of new requirements as part of that -- although they haven't committed to exactly what that will mean.

Halamka says it is "pretty much impossible" for a doctor to collect dozens of quality metrics while providing great care and avoiding malpractice in the context of a standard 12-minute appointment. As a technologist, he is trying to address that problem with social collaboration technologies that would engage nurses and support personnel in doing more of that work and presenting it for the doctor's review. Then again, Halamka has made a habit of creating his own software and solving problems his own way in a manner that few other organizations can. Beth Israel Deaconess uses EHR software of its own design, for example, including novel features such as integration with Google Glass, which the hospital is testing for use in providing emergency room doctors with information.

"I'm not suggesting that scales," Halamka concedes, acknowledging that his organization's proximity to Harvard and MIT keeps it supplied with the talent needed to innovate with homegrown software. If he went shopping for a commercial EHR with Google Glass support, though, he wouldn't get very far. "I build things because they don't exist and buy things when they are mature and stable," he says, and even for his organization the equation is

Next Page

starting to change. For example, he is reconsidering whether it makes sense to maintain EHR software for affiliated medical practices when there are credible cloud software products from vendors such as Athenahealth on the market.

The availability of cloud services will force CIOs in healthcare organizations of all sizes to rethink their role. "IT is no longer just a provider of services. It is an enabler of services, many of which may be cloud hosted," Halamka says.

Healthcare IT leaders are cloud skeptics, however. Almost half don't use cloud -- 30% have no plans to, and 19% don't use cloud today but plan to in the future. About one-fourth use only a private cloud architecture inside their own datacenters. That leaves just over one-fourth who use public cloud in any way. While cloud certainly presents regulatory challenges, industries such as finance and pharma that face their own regulatory hurdles are more aggressively testing the cloud.

Meanwhile, Halamka hopes more vendors will build support for the social and wearable technology features his EHR employs into their commercial products. Beth Israel Deaconess has 10 emergency room doctors sharing four pairs of Google Glass wearable computers in conjunction with formal usability and outcomes studies to determine whether they're effective. Early results are encouraging, suggesting that the use of a heads-up, hands-free display has alerted doctors to important information from the EHR, such as drug interaction dangers, that they might not otherwise have seen in time to make a difference.

Figure 7:

Stealing Resources
As CIO at a prestigious Boston hospital system, Halamka manages to carve out time to innovate where many of the others we spoke with are just trying to keep pace with everything they are required to do.

Consider security and privacy, which are high priorities both for regulatory requirements and because of the damage to an institution's reputation that a breach can cause. We asked survey participants to rate their most significant security challenges on a scale of 1 to 5, with 5 very significant. They gave a mean rating of 3.9 to both "ensuring that patient data is secure and privacy requirements are adhered to" and "protecting against data breaches, hacking."

Halamka suggests his health IT peers should acknowledge that healthcare hasn't achieved the same level of IT security as other industries, such as finance, and that they should get external reviews of their systems by experts who have worked in other industries. He recently brought in a team of Deloitte consultants, including several from outside healthcare, "to benchmark us, not against the hospital across town" but against the Department of Defense. The assessment team came back with a list of 14 recommendations for improvement.

As CIO of a midsize Kentucky hospital, McCleese cites security as a high priority and one he wishes to he could devote more time and attention to. His budget has money for a security assessment by an outside expert. "But when it comes to remediation of things that assessment might uncover, there's no money in the budget for me to make that happen," he says.

He will have to make it happen anyway, of course, but will have to do so by stealing resources from some other area. "That's what we're doing now to meet some of the Meaningful Use things. We've pulled people out of clinical areas to work on the implementation, and those people have

Next Page

not been replaced as hands-on care providers," McCleese says. While nurses aren't doing the actual IT work, they're often drafted into helping define clinical workflows and train fellow clinicians. 

Making Healthcare Accountable
When McCleese rattled off the list of regulatory mandates he is responding to, he included participation in a program to become an accountable care organization. Strictly speaking, becoming an ACO isn't a mandate, although it is a business model the federal government is supporting as part of a Medicare reform initiative aimed at trying to pay more for outcomes -- healthier people -- than for procedures. ACOs are designed to lower costs and improve efficiency and quality by moving from a pay-per-procedure reimbursement model to one where the incentive is to improve the average health of a population of patients by conducting more proactive care. Rather than forming its own ACO, St. Claire is participating in the Good Hope ACO organized by Bon Secours Good Helpcare.

"This is about learning how do we proactively manage patients, which really is where healthcare is going," McCleese says.

Figure 4:

Of the participants in our survey, 35% say their hospital or practice is planning to qualify as an ACO, up from 27% last year.

Halamka, who can boast of running one of the few profitable ACOs, says ACO success requires great doctors and nurses and great IT. The IT portion consists of "care management based on aggregation of data about you, so we can promote continuous wellness rather than treat periodic sickness," he says. The payoff from that data analysis is when clinicians can spot gaps in care and keep someone out of the hospital or emergency room -- thus, creating an entirely new incentive for IT than in the old fee-for-service world. "Why would you build a repository to minimize care in a fee-for-service world?" asks Halamka.

However, when it comes to the kind of technology that must ACOs rely on, providers are in the early stages. Consider chronic disease management -- a key to ACOs, since patients with chronic problems such as diabetes and heart disease drive so much cost. Only 20% of providers have a system in place for chronic disease management, and another 23% expect to within a year or less. Further out on the cutting edge, just 10% have predictive clinical data analysis, and another 24% expect to within a year. But nearly half (46%) have no plans or are just evaluating it.

Branzell of CHIME says the healthcare system is "tiptoeing around the edges" of value-based care, with most healthcare organizations feeling squeezed by public and private payments and still trying to maximize reimbursement under the current model. Those hoping the current wave of healthcare reform will subside are going to be disappointed, he predicts, since the US can't afford to keep spending what it has on healthcare. There must be change that goes beyond payment reform to focus on helping people stay well. "At some point, you have to solve the real problem," he says.

Priorities dictated by federal regulation are forcing plenty of change in health IT. The question now is whether it can be channeled into truly meaningful change.

Read the new issue of InformationWeek Healthcare

About the Author(s)

David F Carr

Editor, InformationWeek Government/Healthcare

David F. Carr oversees InformationWeek's coverage of government and healthcare IT. He previously led coverage of social business and education technologies and continues to contribute in those areas. He is the editor of Social Collaboration for Dummies (Wiley, Oct. 2013) and was the social business track chair for UBM's E2 conference in 2012 and 2013. He is a frequent speaker and panel moderator at industry events. David is a former Technology Editor of Baseline Magazine and Internet World magazine and has freelanced for publications including CIO Magazine, CIO Insight, and Defense Systems. He has also worked as a web consultant and is the author of several WordPress plugins, including Facebook Tab Manager and RSVPMaker. David works from a home office in Coral Springs, Florida. Contact him at [email protected]and follow him at @davidfcarr.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights