12 min read

Get Well, Fast

The bioterrorism threat is forcing health care to lose its aversion to IT
When anthrax was found to have infected four Washington-area postal workers last month, officials at the health group Kaiser Permanente of the Mid-Atlantic States knew they had a potential public-health crisis on their hands. They also knew there was something they could do about it.

By searching electronic patient records by employer or work telephone number, Kaiser Permanente was able to identify hundreds of postal workers who might be at risk of infection and have nurses call them to suggest testing and available treatments. Its doctors examined dozens of workers. Three of the four workers infected with inhalation anthrax from the Brentwood postal facility, two of whom died from the disease, were treated by Kaiser Permanente physicians at Inova Fairfax Hospital. Kaiser Permanente sent its physicians updates twice daily via E-mail and automated phone mail on new guidelines for anthrax treatments.

Kaiser Permanente's use of IT during the Washington anthrax crisis was modeled on a routine patient care practice-using Sybase software and a legacy data warehouse to create and monitor "registries" of patients with chronic health problems. For instance, by searching the records of all diabetic patients, a nurse can call to warn someone who hasn't had an eye exam for a long time, because vision problems often accompany diabetes.

Yet, when Kaiser Permanente officials had to communicate outside their organization during the crisis, they resorted to more traditional methods. When working with the Washington Department of Health, Kaiser Permanente exchanged faxes and phone calls to relay information about patients who were tested for anthrax or prescribed preventive antibiotics. This isn't uncommon. Information-sharing among government health agencies and across health-care organizations still depends mostly on the phone, fax, and mail. That raises concerns about whether the health-care industry has the kind of collaboration tools needed to spot a biological threat quickly enough to contain it.

"This crisis is a wake-up call for the health-care industry to leverage IT for support and integration of care," says Martin Lustick, Kaiser Permanente's VP and associate medical director for operations.

Even Kaiser Permanente's extensive internal use of IT-in a crisis or for routine health-care management-is an exception in the industry, which has historically been slow to adopt new information technology. For every company like Kaiser Permanente that's invested in an IT infrastructure, there are as many cash-strapped hospitals that had to choose between up-to-date medical machinery and a well-networked computer system. Some medical researchers also worry that new patient-privacy laws could get in the way of information-sharing needed to identify the early stages of a biological crisis.

The concern over the health-care industry's readiness to share information started well before the Sept. 11 terrorist attacks and the anthrax deaths. Dr. Tara O'Toole, director of the Center for Biodefense Studies at Johns Hopkins University, warned a congressional committee in July that the U.S. health-care community lacks the information infrastructure to effectively cope with a large-scale biological attack. Most hospitals don't have plans to guide them during a bioterrorism crisis, nor are they prepared to work as part of a communitywide response, such as coordinating the specific abilities of each hospital with others in the area. "Modern hospitals are autonomous organizations that are unused to collaboration with other hospitals or institutions," she says.

O'Toole also warns that front-line health-care workers in hospitals and doctor's offices need better communication links to public health officials who can spot trends of new diseases earlier if they're able to look at patient information from multiple hospitals around a state or county. "Communications and data-sharing linkages that could connect hospitals and HMOs with local and state public health agencies are urgently needed," she says.

The good news is that health-care organizations are experimenting with technology to improve collaboration, and decision-makers are starting to see IT as directly related to patient care, rather than merely an overhead cost. In New Mexico, the state Public Health Department and a half-dozen hospitals are using a shared Web-based database developed by Sandia and Los Alamos national laboratories to report on symptoms of emergency-room patients. The thin-client system requires doctors to enter a patient's demographic data on a networked PC if he or she has one of six crucial symptoms-such as a fever with skin afflictions or altered mental functioning-that could indicate either a naturally occurring infectious disease or a biological attack. Customized software alerts the doctor if there has been an outbreak of similar symptoms in the same geographic area over recent weeks. Public health officials can analyze the same data for trends. In the past year, the data helped public health officials predict when hepatitis A is most likely to break out-and therefore when doctors should be quick to test for the disease. That same process could help identify a bioterrorist attack early. "Without a tool like this, a significant outbreak could go weeks without detection," says Gary Simpson, medical director of infectious diseases at the New Mexico Department of Health. "This brings a systematic approach to diagnosing infectious diseases, quickly, with the help of IT." The current federal budget proposal includes a $1 million grant for Sandia to install the system in 150 hospitals in five more states.

Kaiser Permanente and the New Mexico hospitals show how IT tools needed to contain a bioterrorism threat are the same ones needed to improve everyday medical practice. Busy medical staffs won't enter data faithfully into a system designed only to spot the very unlikely event of a bioterrorism attack, says Simpson. They're more likely to use such a system if it also could help them prevent some of the roughly 20,000 deaths a year related to influenza. "If it's used for bioterrorism only, it's doomed for failure," Simpson says.

The Centers for Disease Control and Prevention has only recently started using the Internet to communicate urgent information to doctors, creating its Health Alert Network this year specifically to communicate with health-care providers in case of a medical emergency. The network was used for the first time on Sept. 11 to communicate information to New York hospitals, such as how dust inhalation around the World Trade Center site should be treated. Now, with anthrax, the network is being used to provide treatment information.

There's a long list of reasons the health-care industry has lagged in IT. For one, the industry places a higher priority on revenue-generating medical equipment when it comes to capital spending-so in a choice between the latest magnetic resonance imaging machine and new computer technology, IT usually loses. Also, health-care organizations have financial incentives to spend on new facilities or medical equipment. Those capital expenditures are federally reimbursed, based on how many Medicare or Medicaid patients receive improved services because of the investment. That equation may soon apply to IT as well. Sen. Charles Schumer, D-N.Y., has introduced a bill to give federal reimbursements and grants to health-care companies that invest in IT to improve patient safety or reduce medical errors.

Internally, the ability of health-care companies to collaborate and share information electronically has been hampered by consolidation and mergers among hospitals, physician practices, and other health providers into large organizations. That's resulted in the use of many disparate hardware and software platforms for patient records, test results, and billing that aren't integrated.

New York Presbyterian Medical Center built a Web interface and an electronic medical dictionary to reconcile incompatible terminology, VP Liss says.
Even medical terminology from one hospital system to another can differ-"blood sodium" in one hospital's lab could be called "plasma" in another lab within the same group, potentially posing trouble for doctors trying to access lab results, says David Liss, VP for government relations and strategic initiatives at New York Presbyterian Medical Center. To solve the problem, New York Presbyterian has built interfaces and an electronic medical dictionary that reconciles such incompatibility issues.

Liss says the bioterrorism threat can help accelerate IT investment since containing diseases depends squarely on organizations' ability to quickly analyze and share information, from spotting trends in symptoms to disseminating guidelines for care of unusual diseases or toxins. "IT is at the heart of fighting bioterrorism," Liss says.

Yet, even when the technology hurdle is cleared, a new law to protect patient privacy may stand in the way of the kind of quick information sharing needed to head off a bioterrorist attack. The Health Insurance Portability and Accountability Act lays out guidelines that give patients much more control over what information doctors and hospitals share about them-but some people worry that these guidelines will restrict valuable information-sharing about public health risks. "Bioterrorism was never taken into account with HIPAA," Liss says. "Putting the brakes on information that gets shared in the middle of a bioterrorist attack doesn't make any sense. We need to make bioterrorism the top priority and deal with privacy next."

On Oct. 23, more than 30 health-care organizations wrote to Health and Human Services Secretary Tommy Thompson asking for urgent changes to HIPAA patient privacy rules. They said the current rules would, among other things, hamper information sharing needed for medical research. The groups most strongly oppose two provisions: requiring patient consent before any information can be shared or disclosed by health-care providers for tasks from care to prescriptions to billing, and restricting patient information from being used in research.

State laws and HIPAA have public-health emergency provisions that can override privacy protections. But without constantly analyzing information coming in from doctors and hospitals, it will be harder to know when a health emergency has begun. "In a bioterrorist crisis, doctors and other health professionals might not have access to all the information that's needed to make an appropriate diagnosis or prescribe appropriate treatments," says Alan Mertz, executive VP at the Healthcare Leadership Council, a Washington coalition of health-care executives.

But HIPAA has its advocates, too. Many patients fear losing the privacy protection of their medical information as it becomes digital and easier to share. Plus, HIPAA might help speed the move to digital information and increase collaboration by creating standard data formats that are used across the health-care industry. Beginning next year under HIPAA, health-care providers can request that insurance companies and other third-party payers send direct electronic payments, rather than paper checks, which take longer and cost more to process. That would give hospitals a big incentive to move to more digital processing. "HIPAA changes the power structure," says Dr. Leonard Arbeit, vice chairman of medicine and faculty practice for SUNY at Stony Brook Hospital. "Insurers had the power. Now providers will have power."

Any push to get more hospitals sharing information digitally would be welcome. O'Toole testified that as of a year ago, many state health officials still lacked access to computers and that many county health departments didn't have access to the Internet. Since last year, Health and Human Services has provided bioterrorism-preparedness grants to state health departments to improve disease surveillance and laboratory analysis. O'Toole backs the program, but says it's making slow progress with its $40 million annual budget.

Physicians at Mount Sinai NYU Health can share information internally via E-mail and intranet sites, CIO Sugarman says.
Stu Sugarman, CIO at Mount Sinai NYU Health in New York, is focused on giving doctors the IT tools they need to collaborate. Several months ago, his organization finished a program to connect all its affiliated physicians so that they can share clinical or other pertinent information internally via E-mail and through intranet-based Web sites. "We have everything in place to disseminate information quickly," he says. Sugarman's IT group faced its own challenges during the New York terrorist attacks-the health-care provider has a hospital near the site of the World Trade Center and lost a data center in the attack. In a crisis like this, there's no shortage of communication with health officials outside the organization, whether it's local departments or a federal agency such as the CDC or the Federal Emergency Management Agency, but Sugarman doesn't dictate what channel doctors should use. "That method of communication is up to the chief medical officer, who decides whether to use E-mail, the phone, whatever is most comfortable," he says.

Kaiser Permanente is finding that its internal IT systems are paying off not just in the initial anthrax crisis, but also in the ongoing related treatment. Through its twice-daily E-mail and phone-mail messages to physicians, it's helped doctors make quick adjustments to care, such as adopting the CDC's recent recommendation to prescribe the antibiotic doxycycline in some cases instead of Cipro. As doctors open an electronic medical record for a patient identified for possible anthrax exposure, the physician is reminded by electronic note to check E-mail or voice mail for the most recent treatment information.

Kaiser Permanente also electronically monitors call-center volumes to triage nurses and links that data to scheduling programs so the right number of doctors and other clinicians can be assigned to facilities anticipating larger numbers of patient visits. Dr. Mark Snyder, an infectious disease physician and Kaiser Permanente's director of research and information management, says they needed that help when the first wave of patients seeking answers about anthrax risks and testing hit. "I've personally never seen an emergency situation anywhere close to this, in terms of the urgent outreach care we needed to provide," he says.

The anthrax case let Kaiser Permanente show what IT systems for information-sharing can do for an organization in crisis. But the situation is also showing that the industry overall needs to improve its IT infrastructure and ability to share information to lessen the impact of any bioterrorist attack. Now that the threat has become so real, health-care leaders seem increasingly eager to accept that prescription.