Farzad Mostashari, MD, National Coordinator for Health Information Technology, took time from his whirlwind schedule on July 19 to speak with Richard Pizzi, editorial director of MedTech Media, which publishes PhysBizTech. Their wide-ranging conversation included ways in which the federal government is helping physician practices safeguard patient date. The full interview transcript follows.
Q. Do you believe that new healthcare delivery models, along with new models for reimbursement, are inevitable in U.S. healthcare?
A. I do. These models, like ACOs, are good for patients. But in order for them to be good for providers’ bottom lines, the providers are going to have to learn how to do some things differently. Those include, for instance, population health management. I recently attended the 200th anniversary of the Massachusetts General Hospital’s internal medicine program. Mass General was just named the top hospital in the country in the U.S. News rankings. At the event, the hospital’s president said that the institution’s number one priority was population health management.
This is Mass General – they name their price in fee-for-service because they have so much clout as part of Partners Healthcare system in Boston. But nevertheless they are leading the way in figuring out how to work within new care delivery models.
There is a lot of uncertainty right now among providers, particularly regarding the regulations and quality measures that will be part of new care delivery models. Providers don’t know exactly what Medicare, state Medicaid programs or private payers are going to do. In that uncertainty, some providers feel paralyzed. My message to them is that the meaningful use of health IT is going to be the foundation of their ability to deliver better and safer care, and to thrive in these new care delivery models.
Q. How do you feel about the development of the national healthcare IT infrastructure in advance of changes to the delivery system?
A. I am pretty pleased with the uptake that we’ve had among hospitals. It’s quite encouraging. It’s not just the incentive payments or the penalties to come. I do think providers see health IT adoption as foundational.
Q. The meaningful use stage 1 rule was published two years ago this month. Are we where you thought we’d be at this point?
A. We were a little slower than I had hoped, in terms of the vendor upgrades rolling out. About a year ago I was worried whether we were going to see availability of products for docs and hospitals to move forward. But since then the progress has been quite good. Numbers tell the story – attestations, registrations. My main concern now isn’t whether people go for meaningful use, but how deeply do they incorporate the functionality into their workflows. Do they embrace the intent, the spirit of the rule, rather than simply doing the minimum to qualify for the payments? That’s what we need to work on now. There are examples of those who have really made the effort. Some hospitals have used IT tools successfully to engage patients. There is so much value to be achieved – don’t simply see the meaningful use of IT as a requirement to be achieved. If you treat meaningful use as "make work," you won’t get much out of it.
Q. At the recent Government Health IT conference, former Vermont Gov. Jim Douglas said that he no longer intended to use HIE [health information exchange] as a noun, but as a verb only. What is your reaction to that perspective?
A. I love that. For too long we had thought that to get health information exchange we had to set up health information exchanges. The reality is there are so many different models of people exchanging information to suit their level of need, the clinical use case, the trust relationships and the business arrangements that they have.
We had a Town Hall meeting at the White House a few weeks ago, and the first issue raised was health information exchange. I turned it over to the crowd and asked them what was happening. One person stood and talked about health information exchange using a state utility model, and said it worked great. Someone else explained how they were using a regional health information exchange, not statewide. Another person said their hospital had a utility that does peer-to-peer with no central mechanism whatsoever.
We realized that we need an “all of the above” strategy to meet all the needs that people have for information exchange. But we must use common building blocks and standards. People want different means of exchanging health information, but they don’t want to reinvent the wheel when it comes to the standards. That’s where the certification criteria and standards that were put forward for MU stage 2 are going to be game changers. For the first time, we’re going to have a single terminology for diagnoses, laboratory results, patient care summaries and universal transport mechanisms. Those are all things we’ve proposed in the final rule. We have a lot of comments and don’t have a final rule yet, but standards are a main goal for stage 2.
Q. What are your thoughts about the status of the industry in regard to patient data security?
A. Patients trust their healthcare providers to keep their information confidential and secure. It’s one of the fundamental obligations providers have to their patients. We all need to do more to reward that trust. All too often, where we do see breaches, they are errors of carelessness or convenience. The technology is there; it’s not expensive. Everyone should encrypt patient data, and patient data should never persist on remote devices. We need to redouble our efforts.
Another area of vulnerability is the small practices. I’m hearing from hospitals that they are taking control of their security, but small physician practices really do need help in understanding what the requirements are in terms of the HIPAA security rule. We have released some material aimed directly at that market. Our regional extension centers are working with 40,000 primary care providers, and a central issue is mitigating security risks. Vendors can also do more to make security easy. We proposed in stage 2 that encryption on portable media be the default setting for electronic health records. And needless to say, the Office for Civil Rights will do their piece, which is enforcement. We’ve seen seven-figure penalties levied against organizations that have failed to protect privacy adequately.
Q. Will the 2012 election have an impact one way or another on the forward motion of the healthcare IT industry?
A. No one has a crystal ball, but I haven’t seen an indication that health IT has lost any of it’s bipartisan appeal. Health IT is viewed as nonpolitical, as a foundation for better healthcare.