Saving Money with High Deductible Insurance: Drugs and Imaging

Images.duckduckgo.comI have a high deductible healthcare plan and found out I needed an MRI earlier this year for a ski injury. Using the Regence Blue Cross / Shield tool, the $1,011 from IHC looked OK. That's where I got the MRI.

Not a good choice. Yesterday I discovered New Choice Health. They found a local imaging center for $411. That's $600 out of pocket I lost. (Ok Copay is another option for research). 

An X-ray, CT scan or MRI all yield the same result regardless of where you get them.  And they hand you a DVD that you can give to your doctor. 

Drug prescriptions are another place where you can save.  Consumer Reports found a price difference of up to 10x for the identical drug in the same region (spoiler alert: Costco was the cheapest and you don't have to be a member to use them).  GoodRX does a great job of comparing prices in your neighborhood. 

In many cases paying cash for drugs will be less than your insurance co-pay. And if you have an HSA insurance plan, you can use your HSA credit card to pay for them!

It's your money.  Take a minute to do some research and you can save hundreds of dollars a year.


Business Case for FHIR and Argonaut: Patient Directed Post Acute Care

FHIR's purpose is an ambitious effort that defined healthcare standards and API's to accelerate ArgonautProject_logodevelopment of useful web-like applications from Electronic Health Records (EHR).  Project Argonaut is a private sector based initiative to build useful applications to drive adoption.

Applications for whom?  The current applications are heavily internal EHR focused among multiple institutions and EHR vendors.  

Although the industry talks about "patient centric" medicine, in reality that has as much relevance as "natural" has to foods you buy at the supermarket. Outside of a beauty contest called "patient satisfaction" there is not much in the field focusing on the patient's point of view.

And therein lies the killer app that can drive widespread adoption. Build an app that patients demand.

And it's not personal health records (remember Google Health?)  Instead it needs to solve an immediate problem for a large number of people. I suggest an app  that over 1 million new patients every year have a need for 3-6 months. That happens to be the number and recovery period for total hip and knee replacements (not partial, or repairs) in the United States.  

There are evidence based protocols and procedures for optimal outcomes from surgery to full recovery over a multitude of care settings.

But who is coordinating this effort over the entire lifespan?  Is it:

  • The insurance company (or Medicare)?
  • Primary care physician?
  • Rehab center?
  • Physical therapist?

All of those answers are incorrect.

In  healthcare the presiding belief is that care manager is on the provider side of the house. In reality it is the patient or in many cases the patient's advocate. The patient advocate role could be the patient, significant other or a family member. Things get very complicated when the advocate is caring for Mom who lives three states away.

This is reality.

300px-ArgonautDeviceWe need to build a post acute care platform with a FHIR component.  But it goes beyond health records.  This is the place that the patient advocate can coordinate, collect, manage and distribute information needed for the patient's full recovery (the use cases are numerous blog posts in themselves).  Everything from medication reconciliation, getting DICOM images to the therapist, through hiring Task Rabbit to take Mom to the grocery store or find a plumber to fix the leaking faucet.

By moving the focus to the patient, several authentication and state issues can be avoided. Firstly, patients have access to their records regardless of the state involved.  As for authentication, the patient has a key ring of OAuth tokens where their identity is confirmed by each medical provider or other entity.  (it's signing into a new service using Google in reverse, where the patient is Google).

Create an application like this and FHIR will take off - Because the patient advocate will demand it.


Big Data + Analytics = A Very Large Junkyard

Have a problem, Big Data will solve it.  The problem still is in data architecture and appropriate analytics.   And most importantly, understanding the business reason for this Big Data (solve a problem, discover new insights, etc.)

Today's tools are cheap and powerful.  For instance you can download the open source edition of Pentaho to your desktop.  It will connect to numerous data sources including Hadoop.   You now have a very large haystack to find a needle.

It's like have the world's largest junkyard and you want to buy a used 2001 Ford Focus with a broken water pump.  You can design a data architecture that links to all the junkyards in three states, NAPA Junkyardfor new pumps and car dealers.  You then develop the analytics to determine where to buy the water pump.  And you find one 2 states over that can pull and ship you just what you need.   

Problem solved, right?

What you missed was the fact that the water pump was very scarce.  Why is that?  Perhaps that model year had massive water pump failures.  By investigating further you may have seen that model year had above average repairs and perhaps buying it in the first place was not a good idea.

Wrong needle, right haystack.  And that takes planning with insight.  

Designing for Privacy & Security : All your base are belong to us

Last week I had a lively discussion with an education expert talking about privacy and security.  This resulted after interpretations of FERPA resulted in universities selling student directories / email addresses to spammers third party marketing organizations. (just because they can, doesn't mean they should).

Then we moved on to the topic of security.   I always start with the assumption that all systems will be compromised, either externally or internally.   That is reality.  But it can be managed.  Starting with that premise, how do you design or improve your system?

First you need to compartmentalize your system to the smallest discrete pieces.  So if one compartment is compromised, none of the others will be.  Cloud systems tend to be monolithic silos.  Break into one part and everything else is exposed.   At my last company we built a separate virtual instance for each customer.  That way if one customer was compromised, it had zero effect on anyone else.

We also segregated the data (we were dealing with patient health records).  But we needed subsets of that data aggregated to do analytics.  Pulling the data is very bad, because that creates a single point of weakness.  Instead, each instance pushed the summary data to the aggregation database. 

Next you need audit.  Record everything.  And make sure that the system administration role is completely seperate from the auditing role.

Finally you need remediation.  What are the protocols to observe when any part of the system is compromised?  

  • Isolate it
  • Fix it
  • Notify those effected
  • Identify the root cause
  • Change to eliminate the root cause

This goes beyond system design into understanding how your customer / users need to interact with the system.  Do all new users really need to default to administrator role?

It is our job to take security and privacy seriously and engage our users to make sure they have what they need without making their lives more difficult (give me two-factor authentication to my cell phone over complicated passwords any day).

update:  I showed this blog post to a college student and they thought I had typos in my title.  To complete your education on video game nostalgia, read this.

Living in the HealthCare IT Bubble

Reality is a harsh mistress.  With the advances in Electronic Health Records, patient portals and records transport ala Direct X.509, my peers and I see a very bright future for healthcare in the U.S. and talk about all the great things we have accomplished.

Then a friend gets sick and enters the U.S. medical system and the bubble bursts.  The following happened over the last two weeks.   They have an issue and go to the ER of an Atlanta hospital.  Afterwards they are sent to their primary care physician and get a blood workup.  And sent for a CT scan at the imaging center.   The physician, hospital and imaging center are part of the same healthcare delivery system and all have the same EHR from a company in Tampa Florida.

First I contacted the medical records department at the hospital to get the CCD for the ER visit through their patient portal.  After being directed to four different people, they had no idea what a patient portal was.

The blood panel came back from the lab and since the physician had no patient portal, they sent a fax of the results.  The physician got the CT scan and was concerned (if you guessed the imaging center didn't have a patient portal, you would be correct).

My friend was sent to a surgeon on a referral.  During his examination he prescribed a simple medical procedure to correct what he saw.  He too was part of the network, but never got the CT scan or physicians report and we did not have copies.  Fortunately it was brought to his attention before he left, he ordered a rush on the reports and he scheduled surgery.

In the hospital the mishaps continued.  During prep for surgery the anesthesiologist went over the check list and stated the patient weighed 110 kilograms.  She was corrected and told 110 pounds.  The surgical nurse said not to worry, it happens all the time with the EHR but they always catch it in the operating room.

After the surgery and a few days on the med-surgical ward, the physician specifically prescribed a non-opiate pain medication.  Well, the pharmacy couldn't deliver it in 6 hours so she was given an opiate and had a severe reaction to it. 

6 hours later she was given the correct drug, to be repeated in 6 hours.  3 hours later the nurse came in to deliver the next dose.  She hadn't looked carefully at the chart.  When questioned, she said it was no big deal because the system would have caught it.

In discussions with the physicians and staff, it turns out they do have an patient portal.  It just doesn't work.

And this is one of the best hospital systems in Atlanta.  I'm sure they collect their MU1 and MU2 payments.  And the CEO makes over $1.5M a year.

added: Overall, the staff and the physicians are excellent.  Poor UX design, implementation and training resulted in these issues, and that's on us.  Depending on a system to catch your medication errors is like waiting to change the oil in your car when the check engine light comes on.  And that's a training issue all the way up to the CEO!

We have a lot of work to do.


Changing the Language of Healthcare from Cost to Outcomes and Productivity

The US healthcare system has been warped by reimbursements for care.  In Sharin's piece "The End of Hospital Cost Shifting", he talks about the impact on hospitals of the Medicare cutting reimbursements to hospitals based on work done by Austin Frakt

  • Cost shifting: Increasing the prices it charges commercially-insured individuals to compensate for reduced Medicare reimbursement.
  • Cost cutting.  Reduce cost for all patients to ensure average profitability across the entire Medicare/commercial payer mix.
  • Reduce profit margins.  Reduced Medicare reimbursement could simply eat away at hospital profits.

And he notes that cost cutting is the most likely result and that would impact patient outcomes:

Wu and Shen (2011) found that hospitals that faced large payment cuts from the 1997 Balanced Budget Act cut operating costs and staff and experienced increased mortality rates of heart attack patients relative to those seen at hospitals that faced smaller cuts.  They calculated that a 1 percent cut in payment results in a 0.4 percent increase in heart attack mortality rates.

And he concludes:

Such a trade-off calls to mind what Mark Pauly expressed in a 2011 paper in Health Affairs, “Perhaps a little less quality for a lot less money might be acceptable to consumers and taxpayers, as we work to keep medical spending from siphoning off funds required for other needs” (Pauly 2011). Whether it is acceptable or not, it may be what consumers and taxpayers get.

Let me break it down: Lower quality = worse patient outcomes = increased mortality = more people die.   And that's o.k. because it costs less.

And that's where the vocabulary is just wrong.  Nowhere does he focus on productivity improvement, resource utilization and the impact on outcomes.  They just don't think like that.  But every other industry does, except healthcare.  

I don't accept that more people dying in hospitals or post acute care is an acceptable tradeoff for lowering costs and I hope you don't either.

It's time to retire CPT® in health care

CPT (Current Procedural Terminology) is a medical billing coding system created by the American Medical Association (AMA) with the sole purpose of charging insurance companies for health care services and putting royalty money in the AMA's pocket.  Cpt-2014-professional-pIt's an artifact of the pay for service reimbursement system that has caused the US to spend the most on healthcare while delivering mediocre patient results.

If a CPT code does not exist for a service, chances are your physician won't do it.  Wonder why adverse drug reactions are under reported?  There is no CPT code for that. 

There is absolutely no relationship between good CPT coding and good patient care.  And there is no relationship between CTP code reimbursement rates and what those services actually costs a provider.  (Just ask the CEO of any hospital how much it costs them to perform a hip replacement.)

Sad but true.

The insurance companies are basically a cost plus business, so they focus on reducing the price paid per CPT.  The American Medical Association makes a from licensing the codes, so they have no incentive to change it.

Hopefully new "pay for performance" mandates in PPACA will shift the power to patient care quality / results from this very broken system.  And the AMA will have to find other ways to make money. 

CPT® is registered trademark of the American Medical Association.

Saving Healthcare in the US: Focus on Efficiency, Efficacy and Motivation

I won't bore you with the statistics on how the US spends more and gets less than any other industrial nation in the world and consumed about 17.9 percent of GDP last year.  Instead I want to focus on the goal of colleagues of mine who are serious about shaving 1% of GDP in healthcare.

How to do this?

First off, you need to measure precisely how much you actually spend on each patient.  Then you need to examine how much utilization of resources you actually are using for patient care (not how much you bill).  Focus on maximazing work flow and resource utilization and you now improve efficiency and save money.

But that does not mean you are doing the right thing by the patient.  Next you need to measure efficacy to see if you are getting the best results for what you did.  By doing so we found in occuptational health that patient outcomes improved while physician visits decreased by 40%.

While this is all well and good, it doesn't matter if no one uses it.  So you need to have the proper motivation.  Many times this means a cultural change in the organization.  For example we had a case where an organization could save $8M a year by employing these methods.  The medical director killed the project becauses he did not want his patient outcomes measured.

Efficiency, efficacy and motivation, when implemented, will change the landscape of healthcare.

HealthIT 2.0: Time for the Hospitalist?

Imagine taking care of 15 patients a day.  And you've never met them before.  And coordinating care among three shifts of nurses, labs and specialists.  That is the plight of the hospitalist. 

HealthIT 1.0 has failed them.  Patient histories from multiple sites of care?  Disparate PAC systems, care coordination?  Medication reconciliation?  There are bits and pieces but no system does it all.

Instead the 1.0 vendors try to bolt on new functionality to very old legacy systems.  Epic is based on MUMPS that was developed in 1967.  And they are the leaders.

The next generation 2.0 vendors will disrupt the establishment by focusing exclusively on the physician / care providers and the patient.  And we're seeing examples of this from outfits like Doximity, Practice Fusion, Hello Health and Image32

It will get better.


Patient Portals and the Identity Crisis

Meaningful use stage II is requiring a certain percentage of patients to be able to view their patient health information.  At HIMSS in New Orleans there was a lot of conversation about this.  And many vendors talking about their solutions.  InteliChart is a good example of these portals.  What happens if a patient goes to different doctors?  Different portals.  And most of the security is username + password.  Not much 2-factor authentication in place. 

Then layer in the requirements for the Health Information Exchanges.  Each patient needs to be perfectly matched to every EMR where their records reside.  Name + date of birth does not work so well if you are John Smith or Maria Garcia.  And who has access to these records?  And how does the patient know?  Again, many vendors have their unique solutions requiring everyone to sign up for their particular system.

These systems are being built bass-ackwards.  Here's a novel concept: Have the patients in control of their own identities and they decide when and where other people (or their surrogate like their primary care physician)  can access their information.  And the patient knows everytime who accessed what information and for what purpose. 

Universal identity cards will work as well as a social security number.  They won't.  Instead, patient supply their own credentials and each entity verifies if they indeed trust that that patient is who they say they are.  Can this be done programmaticly?  Yes and it's not that hard.

Look at project VRM:

Create a personal private cloud for each patient.  Then create an oAuth service that each provider entity and HIE can connect.  The trick here is that all authentication and access flows through the individual patient's personal cloud.  Use a certificate authority to create irrefutable credentials and use for 2 factor authentication (added bonus - public /private key encryption)

Time to build it.