25 things to know about the state of health IT

2015 was a banner year for new growth and development in health IT. But along with broadening adoption and increased functionality and usability come legislative hurdles and rising cybersecurity stakes. Where does that leave health IT now that 2016 is almost here?

Here are 25 things to know.

EHR adoption and major market players
1. From 2008 to 2014, EHR adoption in hospitals rose 66.1 percent, resulting in more than 75 percent of all hospitals using at least a basic EHR today. Nearly all of these hospitals, 96.9 percent, report using an ONC-certified EHR. The explosion in adoption rates is in part due to CMS' EHR Incentive Program, which compensates hospitals and health systems for utilizing health IT to improve patient outcomes under the 2009 HITECH Act.

2. In light of the HITECH Act, hospitals have been increasingly dedicating resources to digitally improving outcomes. Many are doing so by building out EHR functionalities. This has created a climate in the new world of healthcare where IT is leveraged to address factors linked to patient outcomes, such as patient engagement. The top electronic patient engagement strategies hospitals reported using in 2014 were providing patient-specific educational resources through EHRs, providing digital copies of discharge instructions and health records, implementing patient portals to make health information viewable and transmittable online, and enabling secure messaging between patients and their physicians.

3. The vast proliferation of EHRs in hospitals has fostered a competitive market for the companies designing them. The top five EHR vendors used by hospitals are MEDITECH, Cerner, Epic, CPSI and McKesson, according to 2015 data from ONC. Cerner and Epic consistently grab headlines for implementations carrying hefty price tags, sometimes crossing the billion dollar threshold. While there is a notable divide between the biggest EHR vendors and the next level of competitors, the barrier to entry into the top tier club seems to be thinning, with many mid-level competitors demonstrating huge growth that shows no signs of slowing anytime soon. Interoperability, cost and usability are some of the factors hospital and health system CIOs and administrators consider before choosing a system.

4. Epic and athenahealth came in neck and neck for interoperability in an October report from KLAS. EHR customers who participated in the report ranked athenahealth as the easiest-to-connect-to vendor and Epic as the most effective vendor to connect to. However, the report noted that the community often perceives Epic as inflexible and shying away from interoperability efforts. Cerner landed the third place position and across the board, the report highlighted a significant disparity between provider perceptions of vendor interoperability and the reality of vendor efforts to exchange information.

5. Some of the perception of Epic as a closed-off company may stem from its lack of participation in the CommonWell Health Alliance. Members of CommonWell, an alliance to create a vendor-neutral data exchange platform, include many other top EHR vendors — Cerner, athenahealth, McKesson, Allscripts and Greenway Health are all founding members of the coalition. In November, Peter DeVault, Epic's vice president and director of interoperability, cited the lack of a national interoperability infrastructure and yet-to-be-defined policies as reasons for the Epic-sized hole in collaborations like CommonWell.

6. Though they may not be widely used yet, there are initiatives underway to flesh out and broadly implement interoperability standards. Health Level Seven International, a nonprofit organization working to create a comprehensive framework for electronic health data exchange, integration and sharing, has developed the Fast Healthcare Interoperability Resources standards. FHIR is currently being tested in healthcare organizations worldwide and uses an open application programming interface, which gives third party vendors access to its code so they may build their products to be compatible. Certain vendors, such as athenahealth, use open APIs in an effort to enable others to build products from the ground up that will interoperate with others in their networks.

7. In October, the ONC released its Final Interoperability Roadmap, a guidance that aims to have the nation's healthcare system fully interoperable by 2024. The guidance is divided into three stages, the first of which runs from 2015-2017. Among its goals, the ONC plans to have standards organizations agree on semantic standards for health information exchange, have more than 50 percent of technology developers provide access to electronic health information through open APIs by 2020, and have patients able to regularly access and contribute to their EHRs by 2020.

8. Although achieving interoperability is dependent on factors beyond mere technological limitations, such as privacy concerns, surveys reflect the fact that patients are looking forward to the day when their providers can share their health data with one another. A September survey from Software Advice found that nearly three-quarters of patients are comfortable with providers sharing their information with one another, and they'd prefer it to be electronically delivered rather than having to deliver it by hand.

Health information exchanges
9. One of the major building blocks currently in place to move healthcare towards seamless interoperability is the health information exchange. HIE refers to both the practice of moving patient data between providers and the establishment of HIEs, which are citywide, statewide or regional networks hospitals and health systems can join to securely exchange data within their communities. HIEs are a way for hospitals to empower one another and stay in the loop about their patients' care across the continuum.

10. In March 2010, as part of the HITECH Act, the ONC awarded funds to 56 states, territories and qualified State Designated Entities as part of the State Health Information Exchange Cooperative Agreement Program. States and state designated HIE entities received nearly $548 million through this program, which funded efforts to rapidly build capacity for exchanging health information across the healthcare system both within and across states. Awardees were responsible for increasing connectivity and enabling patient-centric information flow to improve the quality and efficiency of care. This was followed by another $16.3 million from the ONC's Challenge Grants program in January 2011.

11. While not all hospitals currently exchanging data are members of HIE networks, 78 percent reported exchanging patient information in some format in 2014. Of those same respondents, 48 percent reported that their providers engaged in electronically finding their patients' health information from sources outside of their organization or system, according to the ONC.

mHealth and wearables
12. mHealth usage, including apps and personal devices, is a promising but still early-stage solution for both increasing patient engagement and interoperability. As of September, there were more than 165,000 mHealth applications available to consumers, creating an overwhelming effect for users, according to a report from the IMS Institute for Healthcare Informatics. A lack of guidance from providers and an inability to connect to hospital and health system networks is expected to be overcome in the near future, however. In the same report, app developers reported improving connectivity as a major focus in the near future, enabling patients to upload and receive information from their EHR record or via patient portal. Research suggests that the lack of provider guidance is poised to change as well. Of physician respondents to a MedData Group survey in early 2015, 80 percent reported using mobile devices and apps to view work-related content. The top three reported reasons for doing so were improved quality and continuity of care; time efficiency; and improved communication with patients. Adoption rates are only expected to increase, especially as hospital networks become more amenable to connecting with third party applications and devices. 

13. Research suggests that mHealth is already capable of improving patient outcomes, and will continue to do so as it becomes optimized. A recent study published in the Journal of the American Heart Association found that patients who engage with their physicians electronically via smartphone were more likely to exercise. Other research has found similar positive correlation between medication adherence and other recommended post-discharge protocol and text message or email alerts and reminders.

14. For all of the potential mHealth holds to improve patient engagement and outcomes and streamline the process of staying in touch with providers, they present a serious security weak point for the time being. The National Science Foundation announced a $10 million grant on Dec. 17 to help design security measures to enable more widespread use of mobile devices and wearables. This includes medical devices such as insulin pumps, which can be hacked remotely and manipulated, endangering patients. The NSF-funded research will also focus on securing medical apps commonly used on Apple and Android smartphones and available in their respective app stores. Medical apps are increasingly handling sensitive data both for patients and providers, and many of them currently operate outside of the bounds of HIPAA.

Cybersecurity and data breaches
15. In the past year, concerns over security policies regarding those devices have come to the forefront of the health IT discussion as well. The acronym BYOD — bring your own device — has framed the question of how to bridge patient and physician wishes for device usability while also maintaining secure hospital networks and staying HIPAA-compliant and data breach-free. Both patients and physicians have increasing expectations that when they walk into a healthcare facility their devices will be able to interoperate seamlessly with the hospital network. This can be a nightmare scenario for CIOs, with hundreds or even thousands of devices, each carrying their own respective vulnerabilities, such as malware, creating too many weak points in a network. HHS recently warned against adopting policies that allow BYOD in health systems lacking surefire means of separating private network data private and regulating employee use of devices for work duties, but the reality is that the devices are here to stay.

16. Though none were triggered by BYOD-style network vulnerabilities, the five biggest data breaches of 2015 in total affected more than 108 million individuals. Rates of such breaches are continued to climb, with some estimates suggesting that one in three healthcare records will be compromised in the coming year. Health records contain a broad spectrum of patient data. This makes them ultra-valuable to cybercriminals who are able to sell them on the black market for a much higher cost than a credit card number alone would go for. In a recent cybersecurity disclosure report, the Department of Veterans Affairs revealed it fought off more than 178 million hacking attempts on its systems in November alone. These types of attacks cost hospitals upwards of $6 billion annually, according to some estimates.

17. Oftentimes, data breaches that result from an oversight within the network are more costly for a hospital or health system than a deliberate cyberattack. HIPAA fines for hospitals number in the hundreds of thousands of dollars, if not in the millions. These astronomically expensive errors can result from an employee forgetting to log out of an account that has access to private information, or throwing away paperwork with protected information on it rather than sending it to a shredder. Most recently, Seattle-based University of Washington Medicine agreed to settle a potential HIPAA violation for $750,000 after an employee downloaded an email attachment containing malware. 

18. There is no clear solution the cybersecurity problem, and the fix will likely come from a number of factors working in tandem with one another. One answer will stronger test measures for hospital networks, such as penetrative testing software and practices, which preemptively search for weaknesses in organizations that hackers or cybercriminals could exploit. Another will be working to develop an institutional culture that places an emphasis on cybersecurity accountability, one in which staff at all levels are stakeholders in making sure the risk of a breach is minimized.

Meaningful use
19. A part of the government's EHR Incentive Program, the meaningful use program is broken into three stages, all designed to encourage and enable providers to demonstrate they are utilizing EHRs and other health IT in a way that is meaningful for enabling better patient outcomes. The first stage of the program is focused on data capture and sharing, stage two is focused on advanced clinical processes and stage three emphasizes improved outcomes.

20. The program has come under fire from notable physician and health IT groups, such as the American Medical Association, the College of Healthcare Information Management Executives and the American Hospital Association, for its lack of flexibility and unrealistic standards. A recent letter to Congress from the AMA cited the statistic that although more than 80 percent of physicians report using EHRs, only 12 percent have successfully been able to attest to meaningful use stage two. The AMA's 'Break The Red Tape' initiative appeals to physicians to speak up about their daily struggles with EHRs and meaningful use in hopes of triggering an intervention before the implementation of stage three in 2017.

21. In early October, CMS released the final rules for MU stage 3. Providers have the option to begin attesting to MU stage 3 in 2017, and in 2018 attestation becomes mandatory. Providers will have the option of using 2014 Edition Certified EHR Technology to attest until 2018, when they will be required to use 2015 Edition technology.

22. There might be no aspect of health IT growing quite as quickly as telemedicine, or at least the promise of telemedicine. In 2015, more than 200 laws related to telemedicine were introduced in the U.S., according to a National Conference of State Legislatures report. The same report estimates that in 2018, 3.2 million patients will be using telemedicine visits as opposed to face-to-face visits with primary care providers, compared to just 250,000 in 2013. Although reimbursement policies for telemedicine services still vary widely, 49 states currently have some kind of telemedicine legislation to regulate coverage and best practices.

23. Telemedicine was one of six categories of investments that accounted for all of the $4.3 billion invested in digital health in 2015, along with healthcare consumer engagement; wearables and biosensing; personal health tools and tracking; and payer administration. In 2015, Chicago-based Shriners Children's Hospital and Jacksonville, Fla.-based Nemours Children's Hospital both launched pediatric telemedicine pilot programs; Teladoc facilitated its one-millionth virtual visit; and numerous telemedicine apps, such as AmWell and Doctor On Demand, took off. 

24. The market for healthcare startups grew exponentially in the past two years, and every week more companies secure millions in capital and early-stage funding. Many of these companies, such as Smart Scheduling, which will soon be offered as a built-in component of athenahealth's EHR, stem from partnerships between physicians and entrepreneurs. Nurturing this mix of business sense and healthcare savvy in a new company enables founders to tackle industry-specific problems that they have witnessed firsthand. It also allows them to operate unencumbered by legacy interests. The barrier to entering the start up market is wide in some respects and slim in others. The partnership between a novel idea and the engineering or design minds that think they have a way to solve it is a romantic one, especially when it stands to improve healthcare. As health IT tools rapidly improve, investors who may have once been skeptical about bankrolling healthcare startups due to the complexity of the industry's ailments are beginning to more freely invest in potentially disruptive companies.

25. As a new generation of physicians begins practicing and the clinician base gets younger, they will demand better functionality with their hospital IT networks and devices. As a result, more startups will design solutions that are user-friendly and contribute to meaningful improvements in both the physician and patient experience. This will result in increased interoperability, as well. athenahealth's More Disruption Please program creates a partnership between the vendor and disruptive startups that ultimately benefits both — enabling new companies to share their products with the vast athenahealth network and also making athena's EHR more versatile and functional. Epic's recent announcement of its impending "App Orchard", which will provide third parties and external developers the opportunity to build apps that run on the company's software infrastructure, is an indicator that this trend of collaboration between legacy vendors and young companies will continue to grow in coming years.

More articles on health IT:

Creating a safe space to fail: Inside Henry Ford Health System's Innovation Institute
7 of the most colorful quotes from IT leaders in 2015
Startup Insider: CrossChx

© Copyright ASC COMMUNICATIONS 2016. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months