Ketogenic diet: A diet devised as a treatment for
severe seizure disorders that
do not respond to conventional medication. The ketogenic diet is comprised
almost entirely of fats and protein. All portion must be
precisely weighed and timed. Because this diet can cause
the buildup of ketone bodies in the
blood, it is highly
risky and should only be tried under close medical
supervision.
Improvements in the delivery of health care often stem from costly medical and technological advances, but in maternity care the evidence makes a strong argument that less is more. We can intervene less and spend less money in labor and delivery care while improving the quality of care for women and their babies. Why then is there so much unnecessary intervention and why is it so persistent?
In 1985, the World Health Organization (WHO) declared there was no scientific justification for cesarean births in more than 10-15 percent of pregnancies. And the evidence continues to support that there is no improvement in mortality for mothers or infants with rates exceeding 10 percent to 19 percent depending on the study.
Even though the medical literature suggests that lower rates of cesarean delivery are better for women and children, the actual rates in the United States remain persistently high. In 2014, the Center for Disease Control (CDC) reported that 32.2 percent of U.S. births were cesareans. Even among “low risk” first time mothers (full term singleton pregnancy without breech presentation), more than one in four babies is delivered by cesarean. And large variation among hospitals suggests room for improvement.
But there is evidence that strong economic incentives to reduce unwarranted intervention can work in maternity care.
Over the past several years, application of financial and other pressures has led to relatively quick reductions in the number of early elective deliveries (EEDs). Cesarean or induced vaginal deliveries before 39 weeks without a medical indication are particularly pernicious because they are performed only for the convenience of the mother, doctor, or hospital staff, and are associated with significant risk of poorer medical outcomes for mothers and babies.
In South Carolina, under the leadership of the Birth Outcomes Initiative (SCBOI), they were able to combine the work of the State Medicaid program (DHHS) along with SC's largest payer, Blue Cross Blue Shield of South Carolina, to implement quality improvement efforts along with a nonpayment policy for non-medically necessary EEDs. The quality improvement effort included establishing a list of The American Collegeof Obstetricians and Gynecologists' approved indications for early delivery, utilizing two modifiers on the claims forms, tracking rates of EEDs by hospital, and providing each hospital with baseline and quarterly updates. Combining the quality improvement efforts with a nonpayment policy for EEDs, which applies to the hospital and the physician, has enabled SCBOI to reduce the EED rate among South Carolina's 44 birthing hospitals by 72 percent between the first quarter of 2011 when the Birth Outcomes Initiative was launched, and the third quarter of 2015 (from 9.62 percent to 2.70 percent). Also, 75 percent of the hospitals now boast a 0 percent rate of non-medically necessary EEDs, based on data received from the South Carolina Department of Health and Human Services. (Updated information on this and other SCBOI programs will be available in October at scdhhs.gov under SCHealthviz).
Similar trends can be seen across the country. The rate of EEDs has been declining overall - from 17 percent nationally in 2010 to 2.8 percent in 2016. However, there is still work to be done as experts agree this number should be zero and the work on EEDs hasn't had much if any impact on the overall rate of cesarean delivery.
Even in the face of compelling evidence, many commercial health insurance plans have resisted realigning their payment structures in any bold way. When they have changed their approach to payment, most have added quality measures on maternity care into a larger set of measures that they use in broad pay-for-performance programs. Many have focused their efforts on educating expectant mothers and their doctors on the benefits of full-term, spontaneous vaginal births and the dangers of medically un-indicated cesarean deliveries. But these education efforts have not had substantial impact on clinical practice.
Reducing the overall number of cesareans will be more challenging than eliminating early elective deliveries, as determining when a cesarean is “necessary” is much less straightforward. Nevertheless, payment design has done little to encourage more judicious use of many interventions. Services that are associated with higher rates of spontaneous vaginal birth and less intervention, such as doula care and delivery in free-standing birth centers, are often not covered by insurance. Despite abundant evidence that care by Certified Nurse Midwives (CNMs) is associated with less intervention and equal or better outcomes, many insurers will not contract with midwives and, of those that do, many pay them at a lower rate for the same care.
In the case of hospitals, those that bring down their cesarean rates are actually penalized financially for doing so: hospitals are paid 50 percent more when delivery occurs by cesarean rather than vaginally. Recent evidence suggests that this differential payment may prevent decreases in cesarean rates: when a single delivery rate was paid regardless of birth route, cesarean rates decreased by an average of 20 percent (from 27.2-32.6 percent to 19.5-27.2 percent) among the three participating hospitals.
We don't know for sure what provider payment or benefit design strategies will support good outcomes while reducing the level of unnecessary and potentially harmful interventions, but there are many worth trying, including:
In the world of medicine, sometimes the most persistent habits don't change quickly, even with data-driven arguments. Nearly 170 years ago, Dr. Ignaz Semmelweis proved that washing hands was a sure-fire way for doctors to prevent maternal and infant mortality during childbirth. Still, even today fewer than half of medical providers wash their hands as often as they should. Without strong incentives from payers, could it be another century before the overuse of cesareans catches up with what medical science puts forth today as an acceptable norm?
Letters of recommendation (LORs) are a common part of the job application. Employers rely on them to help choose new hires. Many physicians have written reference letters for their peers and trainees. It is important to appreciate that LOR is a legal instrument that holds not only the applicant accountable but also the writer. It is a signed document that is retained in the employee's files and its origin can be traced.
I will describe the case of a physician group which was successfully sued for writing an inaccurate reference letter for a former colleague. Litigation involving inaccurate and misleading references in the broader employment arena will be discussed to highlight the nature of liability in LORs.
Background
An anesthesiology group was successfully sued for providing misleading information about a former colleague in a reference letter. Two separate cases reached the Fifth Circuit Court of Appeals involving the group. In neither case was the verdict of the Appellate court in favor of the group.
Kaldec Medical Center v. Lakeview Anesthesia Associates
The case revolved around an anesthesiologist with a drug problem. He worked at Lakeview Anesthesia Associates (LAA). LAA served Lakeview Medical Hospital (LM). LM conducted an internal investigation after staff became suspicious of the anesthesiologist's drug abuse.
LM discussed the findings with LAA. The anesthesiologist failed to improve, despite a warning. On one occasion, the anesthesiologist did not answer his pager on call and was in an impaired state in the call room. LAA dismissed the anesthesiologist for cause stating “you have reported to work in an impaired physical, mental, and emotional state. Your impaired condition has prevented you from properly performing your duties and puts our patients at significant risk . . . .”
LM and LAA did not report the anesthesiologist to any disciplinary agency such as the state board of medical examiners or the National Practitioner's Data Bank. LM locked away the files concerning his investigation. The LAA partners recorded only that the anesthesiologist was “no longer employed by [the group].”
The anesthesiologist applied for a locum tenens in another state. The new hospital, Kaldec Medical Center (KMC), requested references for credentialing. LAA submitted letters with effusive praise such as “excellent” clinician and “asset to any anesthesia service”. LM furnished a letter, indifferent in tone, stating only the dates he was on active medical staff. Neither LAA nor the LM disclosed his drug abuse.
The anesthesiologist was credentialed at KMC. Soon suspicion about substance abuse emerged. On one occasion a patient had to be revived with Narcan after he gave excess morphine during a surgery.
In the relevant suit, he was anesthetizing a 31-year-old mother for a tubal ligation. She had agreed to tubal ligation following an uneventful delivery of her third child. During the procedure, the patient had a cardiopulmonary arrest. The anesthesiologist failed to note the arrest. The patient suffered anoxic brain injury leading to a permanent vegetative state. The anesthesiologist confessed to abusing Demerol and entered a drug rehabilitation program. The patient's family sued the anesthesiologist and KMC. They settled out of court.
KMC and its insurer filed against LAA and LM. KMC sought damages for failing to disclose the anesthesiologist's drug use in the reference letters. Since the lawsuit crossed state boundaries it was taken up by the Federal District Court in Louisiana.
KMC claimed that it was misled by the LAA/LM into hiring the anesthesiologist, the defendants had a duty to inform truthfully and they breached that duty through omission and misrepresentation, and reasonably relying on inaccurate information led to KMC's damages.
The court agreed and found the defendants proportionately liable for the damages, and divided the damages ($8.5 million) as such: LAA 25%; LM 25%; KMC 17%; anesthesiologist 33%.
The case was appealed in the Federal Fifth Circuit Court. The circuit court reaffirmed most of the district court's decision. The court reasoned that there may have been an ethical obligation but no fiduciary or contractual duty to disclose information about the physician's past negligent behavior. The court admitted that no court in or outside of the state had ever imposed this duty on an employer.
However, and this is a crucial point, the court stated that in an absence of duty when an employer volunteers to disclose information about an employee, it assumes a duty to disclose accurately. In other words, writing the letter was a choice that LAA and LM made, and by doing so had assumed a duty not to misrepresent.
The court found affirmative and negligent misrepresentations in the letters from LAA. The court remarked that their letters were “false on their face and misleading”. Regarding the issue of legal cause, the court found that any negligence by a new employer does not absolve the former negligent parties, namely the LAA and LM, from liability.
The court noted that since the anesthesiologist had used narcotics while on duty, it was foreseeable to LM and partners that he could do so again. By omitting his drug abuse in their communication with KMC the defendants should have foreseen that the employer may “miss the warning signs” of the anesthesiologist's behavior which was dangerous to patients. The federal circuit court upheld the federal district court's ruling on KMC, LAA and the anesthesiologist.
The Federal Fifth Circuit Court absolved LM from liability. The court concluded that LM's letter was a contrast to the letters from LAA, which commented on his performance. LM had revealed nothing about the anesthesiologist's performance or character, good or bad, and was not misleading. The court cleared LM and readjusted the liability between KMC, partners at LAA and the anesthesiologist.
Preau v. St. Paul Fire & Marine Insurance Company.
In a related case, the Federal Fifth Circuit Court ruled that a physician's professional insurance was not responsible for liability arising from letters of recommendation. One of the LAA partners filed a suit against his insurer in the federal district court for refusing to cover the damages. The partner argued that the insurance should cover him against bodily injuries incurred by the patient who had died in KMC. The insurer refused, citing that commercial general liability policies protecting a physician from direct bodily injury do not cover third party claims resulting from misrepresentations from reference letters.
The district court sided with the partner. The Federal Fifth Circuit Court disagreed and overturned the district court's verdict. The circuit court stated that the financial claim against the partner was not for the deceased patient's bodily injuries but for the breach of duty to be truthful in references that it owed to KMC. The LAA partner had to pay the damages out of his pocket.
Duty to disclose accurately versus duty to disclose
Liability from inaccurate reference letters is not new and several state and federal court cases have examined it before.
In Cohen v. Wales, Moore v. St. Joseph Nursing Home, Inc., Richland School District v. Mabton School District, and Johnson v. United Parcel Service, courts have maintained that there is no duty to disclose someone's character or performance in the absence of a special relationship between the parties. However, there is a duty to not to misrepresent if one elects to write, as seen in Randi v. Muroc Joint Unified School District, Gutzan v. Altair Airlines, Davis v. Board of County Commissioners of Dona Ana County, Govea v. City of Norcross, and Singer v. Beach Trading Co. Additionally, as seen in Nationwide Mut. Ins. Co. v. Lake Caroline, Inc., commercial general liability policies may not cover damages as the result of intentional falsification.
In Cohen, a teacher's former employer was not liable for failing to disclose past charges of sexual misconducts, leading to hiring at a new school where the teacher abused another student. In absolving the former employer from liability, the court remarked that “[the] mere recommendation of a person for potential employment is not a proper basis for asserting a claim of negligence where another party is responsible for the actual hiring.”
Similarly, in Moore, the representative of a murdered security guard who was killed by a co-worker sued the assailant's previous employer for not disclosing his drug and alcohol abuse and history of violence. The former employer was open that it provided no information other than the dates of employment. The Michigan Court of Appeals agreed and ruled that the employer had no duty to disclose or warn the new employer of an employee's dangerous tendencies.
In Richland, a school district fired its employee, a custodian, after learning that the employee was forced to resign from his previous job in return for dismissal of three counts of child abuse. The school district then sued the previous employer for not disclosing the charges in the recommendation letter. The school district argued that the employer violated a duty to disclose, especially for a job where children were involved. The case went into appeals. The Washington Court of Appeals sided with the former employer and ruled that there was no duty to disclose so long as the letter did not comment about the employee's character.
In Johnson, the Kentucky Court of Appeals ruled that a duty to disclose a person's performance or character does not exist. In Johnson, the estate of a deceased employee who was killed by a co-worker brought suit against the assailant's former employer for failure to disclose his aggressive behavior.
Misrepresentations can hold an employer to liability, as ruled by the California Supreme Court in 1997 in Randi. In Randi, an employer failed to disclose the vice principal's alleged sexual misconduct, mentioning only the positive aspects of the vice principal's tenure. He was hired at a new school where he allegedly molested a female student. The previous employer was found negligent.
In Gutzan, the Federal Third Circuit Court of Appeals held that false statements could hold the writer liable. In Gutzan, an employment agency falsely mitigated a candidate's criminal record.
Specifically it said that the candidate's assertion that an accusation of sexual misconduct was a false accusation was verified, when there was no verification. Because of the reassurance, Altair Airlines hired him, where he sexually assaulted a colleague. The agency was found liable for misrepresentation.
In Davis, a jail wrote positively about a guard even though he had sexually assaulted female prisoners. The guard was hired at a hospital where he sexually abused a patient. The New Mexico Court of Appeals ruled that in choosing to write, the writer had a duty to not misrepresent.
In Govea, a police officer voluntarily resigned after an internal investigation found negligent behavior on duty. The officer had left a loaded firearm in an unattended motor vehicle. In return for voluntary resignation, the employer agreed to not disclose his negligence. In a new job, the officer gave a minor his gun to play with and the minor shot and killed himself. When the officer's past events came to light, the new employer sued his previous employer for failure to disclose his carelessness. The case was decided by Georgia Circuit Court of Appeals, which ruled that by failing to disclose accurately the employer was liable.
In Singer, the employer submitted incorrect information about an employee's job title. Specifically, the employer said that she had worked as a customer service representative, instead of her actual role of a manager, as she had written on her resume. Because of the discrepancy the new employer dismissed her. The employee sued the former employer for defamation and the New Jersey Supreme Court held that providing false information to an employer in a reference letter held the former employer liable for damages that resulted from reasonably relying on the information.
In Nationwide, the Fifth Circuit upheld that an organization covered for bodily injury and property damage was not covered for “injury arising out of oral or written publication of material, if done by or at the discretion of the insured with knowledge of its falsity.” The case involved an organization that was covered by Nationwide's Commercial General Liability Coverage. The organization had a contract dispute. When sued, the organization sought protection under the insurance. Nationwide refused on the grounds that liability from making intentionally false statements, the basis of the contract dispute, is not protected by insurance, an argument that the circuit court upheld upon appeal.
The cases underscore four points: (1) one is not required to write about someone's character or performance, (2) if one elects to write, they have a duty not to misrepresent competence or character that could affect performance, (3) failing in that duty could hold one personally responsible for damages, and (4) damages due to misrepresentation may not be covered by general liability policies.
Implication for Physicians
How should physicians write a letter of recommendation in lieu of its legal significance? The answer will vary between individuals and organizations; and many have developed their own rules and guidelines. There are three questions to ask: what is a legal instrument? When is there a duty to disclose in the legal instrument? And what constitutes as breach of that duty?
A legal instrument is a formally- executed written document that can be attributed to its author, which records and expresses a legally enforceable act, process, or contractual duty, obligation, or right and therefore evidences that act, process or agreement. Courts have maintained that LORs are legal instruments, opening its authors to liability for misrepresentation.
The duty to disclose is complicated. A mandated duty to disclose exists only in “special circumstances such as a fiduciary or confidential relationship between the parties, which, under the circumstances, justifies the imposition of the duty.” The courts have not imposed a duty on individuals to write LOR. By ruling that LORs are legal instruments, the courts have imposed a duty that the letter's content be truthful.
What constitutes a breach of duty? Under Louisiana law, the elements for intentional misrepresentation are: (1) misrepresentation of a material fact, (2) made with intention to deceive, and (3) causing justifiable reliance with resultant injury. The elements for negligent misrepresentation are: (1) existence of a duty to supply correct information, (2) breach of that duty by omission or affirmative misrepresentation, and (3) breach causing damages to plaintiff based on reasonable reliance on the misrepresentation. Additionally, where there is silence, misrepresentation arises when there is a mandated duty to disclose the information.
In summary, while writing the LOR is not a duty, if a person chooses to write, he or she must not misrepresent.
Conclusion
The case is extreme. The reference letter was opposite the character of the anesthesiologist. The partners of LAA praised a colleague they had fired for abusing anesthetic medication. The disconnection between the LOR and reality was wilful. The lessons are taut and reinforce the adage “if you do not have something positive to write about a person do not agree to write the LOR”.
Reference letters may become bland and contain non-exculpatory statements which offer no information about a physician's competence, work ethic or citizenry. This is fine if physicians also wrote letters which were full of praise, and if there was a correlation between the blandness of a letter and incompetence of the physician. New hiring departments could read between the lines and the value of a letter of reference to discern would be retained. Silence may serve as a red flag. The author who is reluctant to disclose in writing could discuss a physician's competence over the phone.
The most salient part of this case is that the liability was covered by neither the physician's professional nor umbrella insurance policy. The extrapolation to minor transgressions of competence and professionalism should be resisted, though. There is a distinction between crime and gross professional misconduct in a physician (essential facts) and sub-optimal work ethic, undesirable temperament or citizenry (unpleasant facts). The key is not to misrepresent. Writers of letters of recommendations should follow the Golden Rule: write in the letter what they expect to read were they the employer.
Varon Sethi, MD is a radiologist at Penn.
Burkholderia cepacia: (B. cepacia, for short.) A group of bacteria found in soil and water that are often resistant to common antibiotics. B. cepacia poses little medical risk to healthy people. However, people who have certain health problems such as a weakened immune systems or chronic lung disease, particularly cystic fibrosis (CF), are more susceptible to infection with it. Transmission of B. cepacia has been reported from contaminated solutions and medical devices as well as contaminated over-the-counter nasal spray and contaminated mouthwash. B. cepacia can also be spread to susceptible persons by person-to-person contact, contact with contaminated surfaces, and exposure to B. cepacia in the environment. Careful attention to infection control procedures like hand hygiene can help reduce the risk of transmission of this organism. Decisions on the treatment of infections with B. cepacia are best made on a case-by-case basis. Usually it can be treated with drugs called Trimethoprim-sulfamethoxazole or Meropenem.
In the world of fine wine, it is well known that some types of wine grapes grow only in very specific climates and ecologies. The concept borrowed from the French is “terroir” (ter-WAHR). Terroir explains why the finest champagne grapes grow only in a small district in northeastern France, characterized by rolling hills and a chalky limestone subsoil that provides a steady level of moisture and imparts a mineral note to the wine's flavor.
Health policy advocates have sought for generations to propagate promising forms of health care organization across the country. Yet one finds repeatedly that some forms of organization that prosper in one part of the country fail to thrive in others. Is it possible that the concept of terroir also applies in health care?
Kaiser Permanente's health plans would be a great example. Kaiser has been a darling of health policy advocates such as Alain Enthoven, Paul Ellwood, and others because of its integrated structure, global risk, and salaried employment model of physician practice. Yet, despite repeated federal interventions, beginning with the Health Maintenance Organization Act of 1973, Kaiser only recently exceeded 10 million in enrollment for the first time in its 71 year history. Moreover, 82 percent of that enrollment is in two states-Oregon and California-where Kaiser originated. The percentage of Kaiser's enrollment that derives from its origin states is basically unchanged in a decade.
What was the “terroir” that enabled Kaiser to flourish in these states? Kaiser's growth rested on a combination of the prevalence of large scale multispecialty group practice, a tradition of prepayment for health services (as opposed to indemnity insurance), and large unionized employers tied to trade, ship building, and defense contracting after World War II. As the unionized sector of employment was displaced by growth in other economic sectors, Kaiser's substantial presence in large Pacific Coast markets (San Francisco, Sacramento, Portland, Los Angeles, and San Diego) lowered the cost of additional enrollment.
Kaiser has presences in other markets like Denver, Hawaii, and the District of Columbia that have grown modestly. But it never achieved West Coast levels of dominance in these markets, and ambitious attempts during the 1990s to become a “national” health insurer ended in costly failure.
Kaiser's dominance in Pacific Coast markets encouraged the growth of another innovation - the risk-bearing Independent Practice Association (IPA). In order to defend their franchises against Kaiser's steady growth, state medical societies in the 1970s encouraged their members to form rival IPA networks that preserved solo practice.
Private practicing physicians using these IPAs and insurgent payers like PacifiCare and HealthNet formed broad regional alliances during the 1980s. IPAs like Hill Physicians, Brown and Toland, and Monarch accepted delegated risk from these health plans through capitated contracts. These IPAs also developed management services organizations that supported small practices and facilitated billing and documentation for these managed care contracts, enabling them to compete for business with the vast Kaiser groups. Delegating risk to physician organized care systems helped some health insurers to keep pace with Kaiser's growth, at least for a time. Absent the Kaiser threat, it is highly unlikely that these IPAs would have attracted enough physicians willing to support them.
One of the most successful of these risk-bearing physician enterprises, HealthCare Partners (HCP), spawned its own salaried multi-specialty group practice and grew to the point where it was acquired by DaVita in 2011 for $4.4 billion. Yet even with a very successful business model, HealthCare Partners has failed to thrive outside the Los Angeles basin. In Albuquerque, Las Vegas, Philadelphia, and Florida, HealthCare Partners has struggled to achieve either market influence or profitability. Visions of scaling up the HCP model to a national brand have thus far eluded DaVita, disappointing the company's shareholders and challenging its management. DaVita is fighting a terroir problem.
Another example of a terroir effect can be found in provider-sponsored health insurance. There have been multiple waves of provider-sponsored health plan development since the early 1970s, characterized by a high failure rate. Adverse selection (e.g., enrolling a disproportionate number of their own patients, or people who are expected to become patients), a lack of capital, a failure to achieve a critical mass of enrollment, and in-house conflicts with hospital and physician subsidiaries have been the the main autopsy findings.
However, formidable provider-sponsored health plans survived the withering market entry process, including Presbyterian in Albuquerque, Select Health for InterMountain in Utah, Geisinger in Pennsylvania, Optima for Sentara in Virginia, and Priority Health for Spectrum in Western Michigan. Many of these plans and their dominant provider systems developed in more rural areas with limited health plan choices. Humana and PacifiCare were the only provider sponsored plans to reach public markets, but only after they were corporately separated from their sponsoring hospitals.
Nationally, about 15 million people were enrolled in provider-sponsored health insurance plans in 2015, two-thirds in managed Medicaid and Medicare Advantage segments. That translates into a total market penetration of about 5 percent of the total covered population (public and private), and about 3 percent of the commercial market.
Yet in Wisconsin, provider-sponsored health insurers today account for nearly 40 percent of the covered population. The very same conditions that fostered Kaiser's growth played a role in Wisconsin - a long history of multi-specialty practice, plus a collectivist political tradition that inhibited protectionism on the part of solo practitioners, and a strong union-driven health benefits climate plus the factor of a significant rural population with limited health plan options.
Other candidates for terroir-type explanations of striking regional variation: the wide prevalence of industrial-scale Medicare fraud in certain sunbelt communities like southern California and south Florida, the inability of the investor-owned hospital sector to achieve a significant presence in the Midwest or Northeast, the incapacity of hospital managements and physician communities to work collaboratively in wide swathes of the sunbelt, the limited success of the accountable care organization (ACO) phenomenon in the Midwest or Far West, and the limited development of economic clusters in the life sciences such as are found in Cambridge, Massachusetts, Silicon Valley, and San Diego.
In our experience, there seems to be almost nothing except Medicare that is truly national about our health system. Fort Lauderdale, Florida, Hastings, Nebraska, and Seattle, Washington are actually in different countries culturally and politically. Those significant cultural and political differences have economic and historical roots, and uniquely color the traditions of medical practice and health care organization that prevail in those communities.
The existence of marked regional differences in health system organization and financing is not news to the health services research community. Starting in the 1990s, Paul Ginsburg and colleagues at the Center for Studying Health System Change documented the markedly different development paths taken by health care players in 12 urban markets.
For the past 40 years, American health policy has been dominated by economists. Their economic models presume universality in how physicians respond to incentives. These models captivate politicians and their handlers, and seem to come in waves, like memes in fashion or popular culture. Yet, over and over again, mechanistic, marginalist economic explanations of how incentives shape physician behavior play out unevenly in different regions of the country, and have resulted in a lengthening string of policy disappointments.
A failure to understand and respect the role that local culture and market conditions for health system innovation profoundly limits the effectiveness of “single bullet” policy solutions. After a while, veteran policy observers find ourselves saying (as we did with the ACO) “Wouldn't it be great if, before mounting our trusty steeds and charging up the same box canyon, people would simply ask, 'What happened the last three times we tried to do this?' Why did innovations fail in some parts of the country and succeed in others? The checkered record of the CMS Innovation Center might be attributed in part to a failure to understand and respect the effects of terroir on health system innovation.
Perhaps a healthy respect for non-economic factors in health system behavior-often rooted in local and regional circumstances and in institutional culture-might be a corrective for those who see sweeping “national” solutions to complex problems. To paraphrase the famous line from the movie Cool Hand Luke “What we have here is failure to replicate.” Absent a respect for local and non-economic factors, we will continue the wasteful practice of sowing our policy seeds on barren ground.
Authors would like to acknowledge the assistance of Lauren Crowther of Navigant Healthcare in research for this article.
In the world of fine wine, it is well known that some types of wine grapes grow only in very specific climates and ecologies. The concept borrowed from the French is “terroir” (ter-WAHR). Terroir explains why the finest champagne grapes grow only in a small district in northeastern France, characterized by rolling hills and a chalky limestone subsoil that provides a steady level of moisture and imparts a mineral note to the wine's flavor.
Health policy advocates have sought for generations to propagate promising forms of health care organization across the country. Yet one finds repeatedly that some forms of organization that prosper in one part of the country fail to thrive in others. Is it possible that the concept of terroir also applies in health care?
The Case Of Kaiser Permanente
Kaiser Permanente's health plans would be a great example. Kaiser has been a darling of health policy advocates such as Alain Enthoven, Paul Ellwood, and others because of its integrated structure, global risk, and salaried employment model of physician practice. Yet, despite repeated federal interventions, beginning with the Health Maintenance Organization Act of 1973, Kaiser only recently exceeded 10 million in enrollment for the first time in its 71 year history. Moreover, 82 percent of that enrollment is in two states-Oregon and California-where Kaiser originated. The percentage of Kaiser's enrollment that derives from its origin states is basically unchanged in a decade.
What was the “terroir” that enabled Kaiser to flourish in these states? Kaiser's growth rested on a combination of the prevalence of large scale multispecialty group practice, a tradition of prepayment for health services (as opposed to indemnity insurance), and large unionized employers tied to trade, ship building, and defense contracting after World War II. As the unionized sector of employment was displaced by growth in other economic sectors, Kaiser's substantial presence in large Pacific Coast markets (San Francisco, Sacramento, Portland, Los Angeles, and San Diego) lowered the cost of additional enrollment.
Kaiser has presences in other markets like Denver, Hawaii, and the District of Columbia that have grown modestly. But it never achieved West Coast levels of dominance in these markets, and ambitious attempts during the 1990s to become a “national” health insurer ended in costly failure.
Independent Practice Associations
Kaiser's dominance in Pacific Coast markets encouraged the growth of another innovation - the risk-bearing Independent Practice Association (IPA). In order to defend their franchises against Kaiser's steady growth, state medical societies in the 1970s encouraged their members to form rival IPA networks that preserved solo practice.
Private practicing physicians using these IPAs and insurgent payers like PacifiCare and HealthNet formed broad regional alliances during the 1980s. IPAs like Hill Physicians, Brown and Toland, and Monarch accepted delegated risk from these health plans through capitated contracts. These IPAs also developed management services organizations that supported small practices and facilitated billing and documentation for these managed care contracts, enabling them to compete for business with the vast Kaiser groups. Delegating risk to physician organized care systems helped some health insurers to keep pace with Kaiser's growth, at least for a time. Absent the Kaiser threat, it is highly unlikely that these IPAs would have attracted enough physicians willing to support them.
One of the most successful of these risk-bearing physician enterprises, HealthCare Partners (HCP), spawned its own salaried multi-specialty group practice and grew to the point where it was acquired by DaVita in 2011 for $4.4 billion. Yet even with a very successful business model, HealthCare Partners has failed to thrive outside the Los Angeles basin. In Albuquerque, Las Vegas, Philadelphia, and Florida, HealthCare Partners has struggled to achieve either market influence or profitability. Visions of scaling up the HCP model to a national brand have thus far eluded DaVita, disappointing the company's shareholders and challenging its management. DaVita is fighting a terroir problem.
Provider-Sponsored Health Insurance
Another example of a terroir effect can be found in provider-sponsored health insurance. There have been multiple waves of provider-sponsored health plan development since the early 1970s, characterized by a high failure rate. Adverse selection (e.g., enrolling a disproportionate number of their own patients, or people who are expected to become patients), a lack of capital, a failure to achieve a critical mass of enrollment, and in-house conflicts with hospital and physician subsidiaries have been the the main autopsy findings.
However, formidable provider-sponsored health plans survived the withering market entry process, including Presbyterian in Albuquerque, Select Health for InterMountain in Utah, Geisinger in Pennsylvania, Optima for Sentara in Virginia, and Priority Health for Spectrum in Western Michigan. Many of these plans and their dominant provider systems developed in more rural areas with limited health plan choices. Humana and PacifiCare were the only provider sponsored plans to reach public markets, but only after they were corporately separated from their sponsoring hospitals.
Nationally, about 15 million people were enrolled in provider-sponsored health insurance plans in 2015, two-thirds in managed Medicaid and Medicare Advantage segments. That translates into a total market penetration of about 5 percent of the total covered population (public and private), and about 3 percent of the commercial market.
Yet in Wisconsin, provider-sponsored health insurers today account for nearly 40 percent of the covered population. The very same conditions that fostered Kaiser's growth played a role in Wisconsin - a long history of multi-specialty practice, plus a collectivist political tradition that inhibited protectionism on the part of solo practitioners, and a strong union-driven health benefits climate plus the factor of a significant rural population with limited health plan options.
Very Little About The Health System Is Actually National
Other candidates for terroir-type explanations of striking regional variation: the wide prevalence of industrial-scale Medicare fraud in certain sunbelt communities like southern California and south Florida, the inability of the investor-owned hospital sector to achieve a significant presence in the Midwest or Northeast, the incapacity of hospital managements and physician communities to work collaboratively in wide swathes of the sunbelt, the limited success of the accountable care organization (ACO) phenomenon in the Midwest or Far West, and the limited development of economic clusters in the life sciences such as are found in Cambridge, Massachusetts, Silicon Valley, and San Diego.
In our experience, there seems to be almost nothing except Medicare that is truly national about our health system. Fort Lauderdale, Florida, Hastings, Nebraska, and Seattle, Washington are actually in different countries culturally and politically. Those significant cultural and political differences have economic and historical roots, and uniquely color the traditions of medical practice and health care organization that prevail in those communities.
The existence of marked regional differences in health system organization and financing is not news to the health services research community. Starting in the 1990s, Paul Ginsburg and colleagues at the Center for Studying Health System Change documented the markedly different development paths taken by health care players in 12 urban markets.
Looking Beyond Economic Factors In Health System Change
For the past 40 years, American health policy has been dominated by economists. Their economic models presume universality in how physicians respond to incentives. These models captivate politicians and their handlers, and seem to come in waves, like memes in fashion or popular culture. Yet, over and over again, mechanistic, marginalist economic explanations of how incentives shape physician behavior play out unevenly in different regions of the country, and have resulted in a lengthening string of policy disappointments.
A failure to understand and respect the role that local culture and market conditions for health system innovation profoundly limits the effectiveness of “single bullet” policy solutions. After a while, veteran policy observers find ourselves saying (as we did with the ACO) “Wouldn't it be great if, before mounting our trusty steeds and charging up the same box canyon, people would simply ask, 'What happened the last three times we tried to do this?' Why did innovations fail in some parts of the country and succeed in others? The checkered record of the CMS Innovation Center might be attributed in part to a failure to understand and respect the effects of terroir on health system innovation.
Perhaps a healthy respect for non-economic factors in health system behavior-often rooted in local and regional circumstances and in institutional culture-might be a corrective for those who see sweeping “national” solutions to complex problems. To paraphrase the famous line from the movie Cool Hand Luke “What we have here is failure to replicate.” Absent a respect for local and non-economic factors, we will continue the wasteful practice of sowing our policy seeds on barren ground.
Authors' Note
Jeff Goldsmith is National Advisor to Navigant Healthcare. Lawton Burns is James Woo Kim professor at Wharton. Authors would like to acknowledge the assistance of Lauren Crowther of Navigant Healthcare in research for this article.
Ulna: The larger of the two long bones within the forearm. (The smaller one is the radius.) The ulna is on the same side of the arm as the little finger.
Meniscus injury: Injuries to the crescent-shaped cartilage pads between the two joints formed by the femur (the thigh bone) and the tibia (the shin bone). The meniscus acts as a smooth surface for the joint to move on.
The two menisci are easily injured by the force of rotating the knee while bearing weight. A partial or total tear of a meniscus may occur when a person quickly twists or rotates the upper leg while the foot stays still (for example, when dribbling a basketball around an opponent or turning to hit a tennis ball). If the tear is tiny, the meniscus stays connected to the front and back of the knee; if the tear is large, the meniscus may be left hanging by a thread of cartilage. The seriousness of a tear depends on its location and extent.
On September 27, the Centers for Medicare and Medicaid Services announced a new campaign to enroll young adults in the health insurance marketplaces. The announcement was released as part of the White House Millennial Outreach and Enrollment Summit.
Young adults have seen the sharpest drop in uninsured rates since the enactment of the Affordable Care Act (ACA) in 2010, yet millions remain uninsured. Nine out of 10 marketplace-eligible young adults without health insurance have incomes that would make them eligible for tax credits, thus they should find marketplace coverage affordable. As young adults tend to be healthy and use little medical care, enrolling them in the marketplaces is an essential step toward stabilizing the marketplace risk pools. Thus, CMS and other federal agencies and private partners are undertaking a major outreach effort to enroll young adults in marketplace coverage for 2017.
This effort has several components. First, the outreach effort will use online platforms that cater to young adults. Specifically, it intends to use Twitch, a gamer social video platform and community. According to the press release, this effort will feature:
HealthCare.gov pre-roll before videos, a homepage takeover, and ongoing efforts with streamers on Twitch to amplify our message throughout Open Enrollment.
For those of you who, like me, cannot fully grasp the intricacies of this statement, it's worth noting that 10 million daily active users, many of them 18-36 year olds, currently spend 106 minutes per-day, per-person on Twitch.
CMS intends to improve its functionality on mobile devices, which one-in-five millennials use exclusively for internet access. It will offer an end-to-end mobile shopping experience, including the ability to comparison shop on a phone or tablet with intuitive navigation and a streamlined interface to compare plans.
CMS is also launching a coordinated social media outreach campaign to young adults under the umbrella #HealthyAdulting. CMS is partnering with nearly two dozen youth, ethnic, medical, disability, women's, and religious groups to conduct outreach campaigns using digital platforms used by young adults, including Facebook, Twitter, and Tumblr to encourage young people to enroll in marketplace coverage. Partnering organizations will host Twitter, Facebook, and Tumblr events potentially reaching hundreds of thousands of their young adult followers.
Finally, CMS is targeting individuals whose coverage will soon end and those who were not covered last year. They are collaborating with the Department of Defense to reach out to service members who are transitioning out of military health coverage. Likewise, they are also working with state Medicaid and CHIP programs to contact individuals losing Medicaid or CHIP coverage (about half of whom are aged 18-34) to encourage them to enroll in marketplace coverage. As announced earlier, the Internal Revenue Service is also contacting individuals who paid the shared responsibility fee or claimed an exemption for 2015 to encourage them to enroll in marketplace coverage. About 45 percent of taxpayers who paid the fee or claimed an exemption in 2015 were under age 35.
On September 26, CMS notified Hawai'i that its application for a 1332 waiver was complete. Section 1332 of the ACA allows HHS (and the IRS) to waive or modify certain ACA requirements to encourage state innovation as long as proposed state programs meet the coverage and affordability goals of the ACA.
Hawai'i asks that it be excused from operating a Small Business Health Options (SHOP) marketplace program and that small group health plans in the state not be required to offer a silver level plan. Hawai'i's Prepaid Health Care Act has long required small businesses to offer even more generous health plans, thus these provisions are unnecessary.
HHS now has 180 days to approve or disapprove Hawai'i's proposal. It is requesting public comments by October 26, 2016.
Media Cube - free TV, free movies, free sports from Media Cube on Vimeo.
Bee sting: An area of skin affected by piercing from the stinger of a bee. A bee sting can trigger an allergic reaction, including life-threatening anaphylactic shock. Avoidance and prompt treatment are essential for those who are allergic to bee stings. Self-injectible adrenaline can be carried by persons known to be allergic when in risk areas. Hikers should wear long pants and shirts in risk areas. If a person is attacked, he or she should run for shelter, covering the face to prevent airway stings. Treatment depends on the severity of symptoms. Stingers should be removed promptly, and the area should be cleansed with soap and water. Ice packs, pain medications, and anti-itching medications can be helpful in treating local reactions. Victims with more serious symptoms can require intravenous fluids, oxygen, cortisone medicine, or epinephrine, as well as medications to open the breathing passages. In selected cases, allergy injection therapy is highly effective for prevention. For those who are not allergic, stings are a minor nuisance unless they occur in multiples.
Section 2794 of the Affordable Care Act requires the Department of Health and Human Services (HHS), in conjunction with the states, to review “unreasonable increases in premiums for health insurance coverage.” Section 2794 further provides that:
The process established under paragraph (1) shall require health insurance issuers to submit to the Secretary and the relevant State a justification for an unreasonable premium increase prior to the implementation of the increase. Such issuers shall prominently post such information on their Internet websites….
Under implementing regulations, premium increases are reviewed for unreasonableness by states determined by the Centers for Medicare and Medicaid Services (CMS) to have “effective rate review programs,” or by CMS itself in states that do not have such programs. Currently CMS reviews the reasonableness of rates in only five states as the rest have been determined to have effective rate review.
Implementing regulations provide that rate increases exceeding 10 percent (or an HHS approved state-specific threshold) are subject to review by CMS or by states. Rate increases have been reviewed at the product level until this year, but for policy years beginning as of January 1, 2017, rate increases are being reviewed by at the plan level. Premium increases in excess of 10 percent are not per se unreasonable, but may be considered to be unreasonable if they are determined by CMS or a state after further review to be excessive, unjustified, or unfairly discriminatory.
If rates are determined to be unreasonable by a state, the state may have the authority to disapprove them. If the state lacks this authority, however, or if CMS determines a premium increase to be unreasonable in states where it does review, the insurer may nonetheless implement the increase. The insurer must, however, submit to CMS or the state a “final justification” of the unreasonable rate increase. It must prominently post on its website publicly available documentation it submitted in support of its rate filing, the final state or CMS determination of unreasonableness with the supporting explanation provided by CMS or the state, and the insurer's final justification for implementing the rate increase. This information must continue to be available for three years.
On September 26, 2016, CMS released a guidance further clarifying the “prominent display” requirement and the required content of the final justification. A justification is “prominently posted” if it can be viewed on the insurer's public website through a clearly identifiable link or tab from the home page without requiring an individual to create or access an account or enter a policy number. An individual must be able to easily determine which rate filing applies to a specific product in a particular market and year.
The final justification cannot simply restate the rationale in the initial rate filing. It must include a thorough explanation and analysis of the insurer's decision to implement the unreasonable rate increase and must respond to the concerns raised by CMS or the reviewing state.
It is not clear why CMS is offering this further guidance a half decade into the rate review program, but given the reportedly high level of premium increases for 2017, further clarification was presumably judged necessary.
As we move to transform the health care system into one that delivers more coordinated care across various clinicians and providers, it is important that data is available to providers and patients when and where they need it. To achieve this goal of ensuring the flow of health data and, ultimately, better care, the country has invested in the technology and infrastructure to connect patients' clinical experiences.
That is why CMS and ONC are working together to make sure this investment stays on the right track. We are simplifying regulations, taking steps to require open technology, and have released a Health IT Playbook to help clinicians assess their needs and navigate the electronic health record (EHR) market. In addition, today we are releasing an EHR contracting guide – EHR Contracts Untangled: Selecting Wisely, Negotiating Terms, and Understanding the Fine Print – that will help clinicians and hospitals make sure that contract terms do not inhibit the utility of their EHR technologies. Quite simply, our health care system cannot realize the promise of EHRs if information cannot flow across practices – and to and from patients – easily and in a cost-efficient manner.
The growing maturity of the health information technology market presents health care providers with new, varied, complex, and often confusing choices about EHR systems. From the small practice manager exploring new cloud-based EHR products and services, to the CIO contemplating a major EHR procurement, making the right choice for a practice – and advancing interoperability – hinges on having reliable, easy-to-understand information. But we have heard from providers in the field, professional associations, and other observers that such information can be hard to find. Moreover, EHR contracts can be confusing and may result in data blocking and other practices that limit opportunities to use EHRs to deliver safer and more efficient care.
We have discussed data blocking in the past – the practice of knowingly and unreasonably interfering with the exchange or use of electronic health information. One way that blocking occurs and prevents data from moving to follow the needs of the patient doesn't involve the technology itself, but the business practices that can prevent interoperability. This subtle form of data blocking can occur through language and terms found in contracts for EHRs and other health information technologies.
The new EHR contracting guide is a key resource that will help providers address data blocking and other challenges as they continue to adopt and leverage health IT to improve the way they deliver care. In today's EHR marketplace, many vendors use “standard form” contracts when offering their products and services. Providers all too often agree to these contracts – which are prepared from the vendor's perspective – without fully understanding the “fine print” or without negotiating rights and obligations that can ensure that the technology will meet their needs and expectations.
The new guide will equip providers (and their advisors) to ask the right questions when selecting an EHR and better communicate their requirements to potential vendors, all while managing the expectations of both vendors and providers and providing a framework for negotiating reasonable contract terms that reflect best practice contracting principles. The recommendations found in the guide also promote connectivity and protect against data being blocked – such as by unanticipated connection fees, restrictions on data exchange, or contract terms that prevent users from reporting and sharing information about the performance of their EHRs. The guide offers specific strategies to help providers as they plan for the purchase of an EHR system and negotiate key terms with their EHR vendors. In short, this guide helps hospitals and doctors cut through the clutter, and assists them in implementing a new EHR system in a way that supports their workflow and their patients.
Some topic area highlights from the guide include:
A carefully negotiated EHR contract that incorporates the approaches recommended in the guide will help maximize a health care provider's opportunity to avoid problems when implementing and using their EHR, and will help create a more informed and balanced relationship between the health care provider and their EHR vendor. We also hope the guide will help health care providers and their health IT vendors negotiate contracts that allow the technology to connect the clinical experience among all providers and settings in a way that supports both practices and patients.
The guide, along with the Health IT Playbook, not only helps to support the interoperable flow of health information, but the Administration's efforts to foster a cost efficient health care system. Ensuring patient data is available to clinicians – and patients – when and where it is needed can improve coordination among providers, prevent duplicative appointments or diagnostic tests, and decrease costs to patients and the overall health care system.
Andy Slavitt is Acting Administrator for the Centers for Medicare and Medicaid. Vindell Washington is National Coordinator for Health IT.
Hand, foot, and mouth disease: A common illness of infants and children under 10 years old characterized by fever, sores in the mouth, and a rash with blisters due to infection most commonly with coxsackievirus A16 or less often enterovirus 71 or another enterovirus.
The disease begins with a mild fever, poor appetite, malaise ("feeling sick"), and frequently a sore throat. One or 2 days after the fever begins, sores develop in the mouth. They begin as small red spots that blister and then often become ulcers. They are usually located on the tongue, gums, and inside of the cheeks. The skin rash develops over 1 to 2 days with flat or raised red spots, some with blisters. The rash does not itch, and it is usually located on the palms of the hands and soles of the feet. It may also appear on the buttocks. One may have only the rash or the mouth ulcers.
Hand, foot, and mouth disease caused by coxsackievirus A16 infection is a mild disease and children usually recover with no medical treatment in 7 to 10 days. Rarely, this illness may be associated with "aseptic" or viral meningitis, in which the person has fever, headache, stiff neck, or back pain, and may need to be hospitalized for a few days.
Another cause of hand, foot, and mouth disease, enterovirus 71 may also cause viral meningitis and, rarely, more serious diseases, such as encephalitis, or a poliomyelitis-like paralysis. Enterovirus 71 encephalitis may be fatal.
Hand, foot, and mouth disease is moderately contagious. Infection is spread from person to person by direct contact with nose and throat discharges or the stool of infected persons. A person is most contagious during the first week of the illness. The incubation period (from infection to onset of symptoms) is 3 to 7 days. Everyone is susceptible to infection. Infection results in immunity to the specific virus, but a second episode may occur following infection with a different member of the enterovirus group.
Individual cases and outbreaks of occur worldwide, more frequently in summer and early autumn. No specific treatment is available. Symptomatic treatment is given to provide relief from fever, aches, or pain from the mouth ulcers. Preventive measures include frequent handwashing, especially after diaper changes; disinfection of contaminated surfaces by household cleaners (such as diluted bleach solution made by mixing 1 capful of household bleach containing chlorine with 1 gallon water), and washing soiled articles of clothing. Children are often excluded from child care programs, schools, or other group settings during the first few days of the illness. These measures may reduce the spread of infection, but they will not completely interrupt it.
More about Health 2.0 Rasu Shrestha, CIO at the University of Pittsburg Medical Center, will be joining me on stage this afternoon in our Provider Symposium (on his birthday) and again on Tuesday, September 27th for our Information Blocking, APIs & App Stores: The State of Play in Data Access session. Below is the interview I had with him a couple of weeks ago about how a huge medical center like UPMC deals with the innovation side of the house. Not too late to sign up and come to Health 2.0 and come hear what else Rasu has to say!
Proteomics: The study of the proteome, the complete set of proteins expressed by an organism, tissue, or cell. It includes the study of changes in protein expression patterns as related to diseases and environmental conditions.
My old friend and former boss Ian Morrison will be giving the keynote at Health 2.0's 10th Annual Fall Conference on the afternoon of Tuesday, September 27th. Ian was President of Institute for the Future in the 1990s, founded the Strategic Health Perspectives service, and is in more health care board rooms and conference halls than almost anyone. At Health 2.0, Ian will share his latest insights into the future of health care. Did we tell you he's the pre-eminent jokester on the health care speaking circuit? Well he is! You can still Register and come hear what else Ian has to say! But here's a taster - Matthew Holt
Hypoplasia: Underdevelopment or incomplete development of a tissue or an organ. For example, hypoplasia of the enamel of the teeth indicates that the enamel coating is thinner than normal or missing in some but not all areas. Hypoplasia is less drastic than aplasia, where there is no development of a tissue or an organ at all.
Two mistakes: One of the biggest mistakes organizations make is failing to understand the threat; organizations typically are uninformed about the sophistication and resources of attackers, on one hand, and so underestimate their opponents, while on the other, they assume their systems are much less vulnerable than they actually are.
Hackers' Skills and Patience: Hackers possess a spectrum of skill levels and levels of willingness to invest resources into creating successful attacks. Attacker expertise ranges from that of computing beginners to highly experienced, and even to gifted professional engineers and scientists. Hackers may possess skills to compromise network protocols, application software, system software, hardware, hardware components, the enterprise's authorized staff, and any combination of the above. Depending on the perceived value of the system and its data, hackers' interest in investing in attacks can range from casual to well-funded long-term engineering efforts that achieve payoff only after months of patiently probing the system and then creating and installing custom software explicitly designed to exploit unique system features. Today's criminal enterprises have been observed to invest up to a few million dollars and even tens of years of professional engineering time (years of person-days) and equipment spread over months or even years to compromise a single device.
All systems harbor vulnerabilities, and so it is only a matter of patience, experimentation, and engineering effort to discover these vulnerabilities. Once discovered, hackers can then craft exploits that take advantage of the found defects. As a consequence, modern attacks by professionals tend to take place in surreptitious stages over days, weeks, or months, whereby the attacker gathers the information needed to gain the desired level of access in the next stage of the attack. The other side of this process is that those in charge of protecting the systems can (must) diligently monitor the systems to detect and then respond to these kinds of attacks before the hackers' ultimate end is obtained.
Our People and the System as a Whole: Another lesson from conventional computing is we frequently fail to understand that the personnel who operate and use the system are an important aspect of the system's defenses. This is because security is a global system property emergent from how all the components have been integrated together. In other words, it's foolhardy to think of security as just protecting each of the parts. Instead, we must seek to protect the entire system/network, where all of the parts are interrelated and interacting. Vulnerabilities exist in the entirety of the system in addition to individually. More, we are always making trade-offs against all the system's other global emergent properties, such as functionality, performance, energy usage, and usability. Since the security achieved is the result of trade-offs, whatever technical mitigation is missing must be made up by how the system is operated, i.e., by the personnel operating and using the system. Consequently, in most systems, most unmitigated vulnerabilities are defended by users conforming to social norms. But by definition hackers do not so conform. Hence it is important for the operating staff and user communities to understand and commit to the organization's policies and to be sufficiently informed to watch for and report discrepancies between the system's expected and real behavior. This means that it is implausible to expect personnel to do their part simply by being told to do so. Except for a few employees directly focused on cybersecurity, a user's first perceived job is her/his job, not the protection of the system.
Equally essential, organizations must develop security policies that make sense. Asking employees to log in to a system with elaborate codes, badges, biometrics, et cetera 200 or 300 times a day just generates circumventions-not because of laxness or laziness, but because they are just trying to do their jobs and fulfill the mission of the organization. Nurses and physicians who must go through elaborate authentication processes (log-ons) with frequently changing passwords for six separate devices and hundreds of times each day will find passwords attached to each device with yellow stickies, and will develop methods for keeping the machine available at all times. Organizations have an obligation to consider the real-world consequences of cybersecurity rules, and adjust them as circumstances are modified. If it takes a new employee a month to get a password when she/he changes positions or units, someone will find a way to allow that employee to work and/or will see the cybersecurity staff as insensitive or worse. Similarly, security procedures should follow logical rules: a computer in a triple-locked operating room may not need the same level of manual log-in authentication as one in a hallway, although it may need better defenses against hackers from the Internet. And putting a lower fat cookie recipe behind an organization's extensive firewall both invites vulnerabilities as, for example, when an employee wants to share the recipe with his aunt or wife by providing a password. Perhaps worse, it corrodes the users'/employees' sense of responsibility and faith in the computer security team. Users and operators therefore require training and dialogue about the system and its policies to successfully also focus on security. And this training must be refreshed and made understandable as the system evolves when new subsystems are brought on-line.
With that background, we now focus on healthcare data and systems:
Healthcare data are especially difficult to protect: There are several notable challenges electronic health records present:
First today's medical infrastructure has been adapted from conventional computing, and was not been designed with the needs of health care expressly in mind. Hence the current generation of micro-processor-based health care equipment is usually better suited to office-like and traditional data processing workflows than to clinical environments. As noted, this is especially clear in the use of passwords as an access control mechanism. Using equipment only partially adapted from a work-flow alien to the clinical setting thus leaves gaps that system users have to cover with their own behavior, and each such gap creates potential attack points. Evolving the system's workflow model away from the office and toward the realities of clinical practice is a major design challenge with significant opportunities to improve cybersecurity.
A second challenge is that many of today's medical devices were first designed and built as stand-alone devices, not as networked components integrated into a larger system. As such, they lack the very basic functionality needed for their new role. This is analogous to when conventional computing was extended from terminals attached to time-sharing systems to networks of workstations and PCs in the early 1980s. Integrating legacy medical devices into the new networked architectures requires a large amount of new software just to provide the missing functionality. This integration process itself creates novel security problems that never existed for the stand-alone design. As an example, a stand-alone insulin pump assumes a single or at most a small number of login accounts for operators. In contrast, when networked, practically any clinician on a patient's care team may need to log into the device, and so the authentication system needs to be re-worked from scratch to integrate into the facility's network-wide authentication framework.
Thus the third challenge requires stand-alone medical devices to be re-architected and re-manufactured with networking and distributed computation in mind. Then they must be redeployed into the more modern electronic healthcare environments. Experiences with conventional computing systems suggest that the current system of legacy devices jury-rigged into a larger network is unlikely to withstand prolonged attacks by today's professional criminal attackers.
A fourth and perhaps most significant challenge is that health care has evolved into specialties split across many disciplines and even organizational boundaries. A patient may have several health records which must travel across all of these several system boundaries to satisfy all of the clinical, scientific, and business objectives involved in that patient's care and billing. As a practical matter this means that the security and privacy of an EHR is governed by the least common denominator needs of all the groups and organizations requiring access. Different organizations and groups are subject to different opportunities, incentives, and constraints, many of which contradict with one another. Thus, finding compromises that both protect the patient and enable the broad range of specialists requiring EHR access is a daunting conceptual and real life problem. This lack of uniformity in health record handling presents opportunities for attackers to exploit. Somehow the system must be better rationalized to reduce the opportunities for exploits.
A fifth challenge is that healthcare data-especially electronic health records-are worth ten to thirty times more on the black market than are credit card numbers. A cyber-thief can buy purloined credit card numbers for anywhere from about $2.50 to $10 a number (assuming one is buying in bulk). In contrast EHR data are worth up to $65.00 each. Why this difference? A credit card can be used once or a few times and then it is stopped. But a healthcare record: 1. Has your credit card number anyway in addition to your social security number; 2. Can be used for blackmail; and 3. Most important-is the gift that keeps on giving if used by an unscrupulous medical provider. Thus, a physician, or PT, or pharmacy, or oxygen supply company can bill Medicare or an insurance company for millions of dollars. And the unscrupulous vendor or provider will know exactly the kind of services, procedures or supplies appropriate for each patient. The fraud is aided by incomprehensible (and intentionally opaque?) medical billing processes and the reality that a lot of sick people are not carefully examining the Byzantine paperwork that accompanies any medical event.
A sixth challenge is created by the increasing ability of patients to directly input data into their personal health records (PHRs) and even into their EHRs. These data can be self-reports (e.g., what I ate, how I felt) or these data can come from devices, such as fit-bits, cell phones, other apps, and medical devices (e.g., heart monitors, pacemakers, insulin pumps), scales, blood pressure measurements). There are literally millions of medical apps out there. Thus, the most obvious issue is the trustworthiness of the data; Should the data be accepted into the PHR or EHR without review? Is the clinician obliged to review it? Or to accept it?
What of diary-type entries, reflecting weight loss desires, foods not eaten, sexual activities, child care worries?
What are the legal implications of this process? Need clinicians act upon something that might be suspicious but it probably not consequential? How is it even possible to expect clinicians to find the important needles in the massive haystacks of data that could inundate their practices?
A seventh challenge is the vulnerability to data in cell phones and other personal devices, be they medical (e.g., pacemakers, insulin pumps) or possibly related to health (e.g., exercise machine records, pedometers). As noted earlier, these devices were often not designed with cybersecurity as essential. In particular, today's hackers have the skills and expertise to discover any of these devices from the Internet, reserve engineer their software, create malware explicitly for these devices, and then install their malicious code on the targeted devices; they do all of this remotely across the Internet. Creating devices more resistant to these threats is therefore a major opportunity.
An eighth and related challenge is the safety of the data in transit from devices to one's EHR or PHR. Cell phones operate in “open space.” Many other devices rely on cell phones or on Wi-Fi of uncertain security. (The first author of this article discovered the WEP flaws in July 2000 and subsequently served as the architect for WPA2 when he worked at Intel, work instrumental to his promotion to the role of chief cryptographer).
A different, and ninth, challenge is the motivation of both patients and the health care system's personnel to cheat. Many wellness programs and other health insurance programs reward activities that are thought to enhance health. Thus, more walking steps per day, routine exercise, smoking cessation, or weight loss are rewarded with money or reductions in insurance premiums. Similarly, some programs punish employees on the basis of these data with higher premiums and public exposure. Of course, humans are very smart and we therefore enjoy reports of fitness trackers attached to ceiling fans, dog collars, and even electric drills. Smokers will substitute the urine of others for their own; people will carry weights and wear heavy shoes when being weighed for the baseline measurements.
The tenth challenge is the lack of data standards for healthcare data. Thus one system lists your blood pressure as 120/80, another as “diastolic of 80 and systolic of 120” (in alphabetical order), another system as “labile,” or as “not compliant with medications,” and yet another system records your blood pressure as “stable.” Even if the software sends the information from one system to another, the clinician seeking to treat you may never see the other information with words jumbled into the data fields (computers don't handle ambiguity very well) and if the data do come to her, she can't effectively use information called “labile” or “stable.” She needs the numbers. This data standard chaos affects security because healthcare systems are then obliged to develop workarounds to lack of data standard by transferring the information to subprograms (APIs) that help send the information across systems. But introducing additional software that often do not encrypted the data just creates additional vulnerabilities.
An eleventh challenge is that local groups of hospitals and clinician practices often create HIEs (Health Information Exchanges) that allow doctors and hospitals to access data from other participating institutions and practices. The value of these HIEs is compromised by the reality that they seldom have full participation of all local healthcare organizations. Thus searching for a patient often produces no information. Also, the fact that they are local means they will miss patients who have recently moved to an area or are just passing through. Last, lack of a unique patient IDs in the USA means they often don't help differentiate medical information on Robert Smith, Robert J Smith, Smith RJ, Smith R, RSmith, RJSmith, etc, etc. This means that one must examine the records of often hundreds of patients in hope of finding the one you need; further exposing more patient data to many eyes.
In conclusion: Healthcare IT promises-and often delivers–faster, better, and more comprehensive medical care. But underlying those promises is the assumption that patient data in the IT systems are secure; and that the safety of the software used to collect, analyze, present and transfer that information is not easily compromised. As we have sought to explain, there are good reasons to doubt the data security of many medical data systems.
We are not suggesting that medical authorities or their IT staffs are cavalier about these dangers. They are aware, concerned, and are actively seeking to protect that information. However, the vulnerabilities we've noted are profoundly complex and often shifting. The number of separate systems, the age of some of those systems and the dangers of combining devices and data sources presents challenges that are severe, and constant. Worse, they are always emergent because software, hardware, consultants, patient populations, clinicians, and business relationships are seldom static. Equally disconcerting is the system vulnerably is dependent on workers at healthcare facilities and related organizations who are the targets of increasingly sophisticated hackers. Hackers send spear fishing messages that incorporate friends' and bosses' names and topics of great urgency including employees' children's names and their teachers' names.
Data in mobile devices and in transit represent yet another set of vulnerabilities. We seek the convenience of constant cyber connectedness, but seldom consider how that connectedness provides the bad guys constant access to data and systems. Protecting our information may mean very different ways of keeping and sending data. One man's emoticon for home is another's entrance to his bank account.
Medical informatics has developed over the past five decades, building incrementally, expanding its purview, promises, and prestige. It will soon know more about us than we do via its access to our genetics and precision medicine's algorithms. The security of our data is therefore even more essential even though the protection of our information is too frequently a slapdash patchwork of good intentions, private interests, some caring security engineers, and often limited resources devoted to security. As we write this, Yahoo, announced the hacking of half a billion passwords and personal information. It's probable that Yahoo's security systems are more robust than most peoples' cell phones or their medical providers' databases.
Jesse Walker received his Ph.D. in mathematics from the University of Texas at Austin in 1980. He taught at Iowa State University form 1980 to 1982 and then moved to industry, where he focused first on networking and then on cryptography and computer security. After recently retiring from Intel he joined the EECS research faculty at Oregon State University and is a visiting scholar in mathematics at Reed College.
Ross Koppel, PhD, FACMI has been at the University of Pennsylvania for 25 year, where he teaches sociology, is a Senior Fellow at LDI Wharton, and is PI on several projects involving healthcare IT and cybersecurity. He is also professor of biomedical informatics at the University at Buffalo (SUNY).
