LISTA and ADE partnership will work to facilitate digital advocacy, digital literacy,
job creation and economic development in regards to digital empowerment initiatives
Today, Latinos in Information Science and Technology Association (LISTA), the nation’s leading organization of Latino technology professionals and the Alliance for Digital Equality (ADE), a nonprofit organization that provides broadband solutions and broadband related services to underserved and un-served communities, are excited to announce a partnership to facilitate digital empowerment initiatives.
The strategic alliance of ADE and LISTA combines the collective skills, knowledge and experience of two diverse technology-based organizations, enabling them to work together to facilitate digital advocacy, digital literacy, job creation and economic development in regards to digital empowerment initiatives. In particular, the MSI Wireless Technology Act, the Workforce Investment Act, the American Recovery & Reinvestment Act (ARRA), among others.
“We are forming this partnership right now because this is a pivotal time in the race to close the digital divide. Access to affordable high-speed Internet and broadband technology is a stepping stone to the opportunities of economic prosperity,” said Julius H. Hollis, Chairman of ADE. “As we focus on turning our economy around, we must make sure that those Americans currently in un-served and underserved communities are not left behind and further marginalized in this economy.”
“Both LISTA and ADE have worked hard individually to provide and enhance digital empowerment opportunities for communities of color, now as LISTA joins ADE’s Board of Directors we will combine our unique strengths and expand our reach,” said Jose Marquez, President and CEO of Latinos in Information Sciences and Technology Association. “This will strengthen our ability to make a difference. I am very excited to work with the ADE leadership team to further these important goals.”
Together, ADE and LISTA will pursue initiatives in order to increase Latino and African American employment opportunities within American based information sciences, telecommunication, and technology industries. The partners will target project opportunities that make technology applications available to communities of color for educational purposes, for job training and development, and to enable fuller participation in the learning, civic engagement and cultural opportunities afforded jointly or separately by ADE-LISTA utilizing online technologies.
“As part of the LISTA/ADE Partnership, we will conduct a series of surveys of African Americans and Latinos in the tech sector to measure which tech companies are leading the way in corporate responsibility relative to their Latino and African American inclusion in higher management within their company. While Latinos have made strides there are areas in the tech industry we still have little to no representation, boards, upper management and key decision making positions are still scarce at some of the most successful tech companies, we can’t ignore Latinos in high tech anymore, it is just bad business,” said Marquez.
###
About Latinos in Information Science and Technology Association (LISTA) (www.a-lista.org)
Latinos in Information Science and Technology Association (LISTA) promotes the utilization of the technology sectors for the empowerment of the Latino community. We are an organization that is committed to bringing various elements of Technology under one central hub to facilitate our partners, members and the community with the leverage and education they need to succeed in a highly advanced technologically driven society. LISTA Mission is to educate, motivate and encourage the use of technology in the Latino community and empowering them to bridge the digital divide.
About The Alliance for Digital Equality
The Alliance for Digital Equality (ADE), headquartered in Atlanta, GA, is a national, non-profit consumer advocacy organization that serves to facilitate and ensure equal access to technology in underserved and un-served communities. The Alliance also serves as a bridge between policymakers and minority individuals in order to help the public understand how legislative and regulatory policies regarding new technologies can impact and empower their daily lives. For more information on The Alliance for Digital Equality, please visit www.alliancefordigitalequality.org
Latin America continues to drag behind the rest of the world when it comes to information technology, a brake on the region’s competitiveness. But Internet access is expected to explode there this decade. Leading that charge is California-based Cisco Systems, the fast-growing world leader in IT infrastructure with more than $35 billion in sales and 65,000 employees.
Cisco has been on a buying spree the past two years, bolstering its digital resources in high-speed optical networking, IP-based mobile infrastructure, data center automation and video communications, including its purchase of Pure Digital Technologies, creator of the best-selling Flip video cameras, and Tandberg’s TelePresence video-conferencing system.
The company is turning its attention to the region by forming new partnerships that will boost the level of IT skills in many Latin American countries. The demand for Latin American professionals with Internet skills is forecast to greatly outpace supply, so Cisco is seeking to help Latin America meet that need through technology for cheaper basic communication, education through distance learning and government support systems. Joint initiatives between the Cisco Networking Academy and the governments in Brazil, Mexico and Colombia have created opportunities for 150,000 Academy students. Other countries such as Costa Rica and Chile are also becoming involved with these public-private partnerships.
“I have never in my professional life seen this level of commitment to IT education in this region,” says Jaime Valles, Cisco’s vice president for Latin America. Born in Spain, Valles, 44, has spent 20 years living in Mexico, where he worked for Sun Micro Systems before moving to Miami for Cisco. Valles sat down with PODER to discuss the company’s plans.
[JAIME VALLES] Cisco has a capacity to really improve a country’s competitiveness, the quality of life for citizens in the region. We are convinced that by utilizing technology and specifically broadband, a country can see GDP growth while offering key services to citizens [in areas] such as safety, health, and education and other public services. When you have technology it makes your key players more relevant to the marketplace and governments today realize that. Education is critical for Latin America’s success and technology is a key player in that
Cisco’s message and our mission is appealing to governments in Latin America because we are offering them a better and more competitive way to provide public services.
[PODER HISPANIC] How has Cisco worked itself into this position where it can offer this level of services?
[JV] We have partnerships with the key service providers in each country, with government institutions and a large network of partners that allows us to offer best technology.
[PH] And what’s the main area now of your business? What’s the big growth area for Cisco?
[JV] Right now what we are seeing in the market is a unique moment. I don’t want to get too technical but it’s convergence of the traditional communications world with the traditional computing world, in a model that is offered as a service to the consumer. In computing you have the Cloud concept where you turn on the computer and you have all of the data centers and all of the processing power somewhere providing you a service. The same thing is going to happen in communications. Forget if it’s your normal fixed line telephone or your cell, you as a user will receive a service whatever way you like to receive it.
Cisco is well-positioned because of the investments that Cisco has made in three or four key areas. One is our traditional communications networking that gets you access anywhere. Second is the data center that offers the computing power to process and offer you the services. Third is the collaboration, because at the end what happens is it allows people to interact. We convert them into a single solution so the customer receives the service. That is why our message today is so strong in the marketplace, be- cause we can put everything together, we have the right partner- ships and offer you, as an individual consumer, the service that you require.
[PH] How big is digital divide between the U.S. and Latin America? How are you able to help the region catch up?
[JV] Latin America today has a unique opportunity because what’s happening is there is a lot of focus on the region, and economically it’s a solid region. Latin America doesn’t have the deficit issues that you are seeing in other regions. So the governments right now have financial capabilities to invest in infrastructure, and the governments realize that the infrastructure has to be put in place. The other key is that Internet penetration is so low. In other regions we are talking about 50 percent to 60 percent penetration. In Latin America we are at high single digit penetration. So we have a lot of opportunity to grow. Just to give you a data point, the World Bank estimates that for every 10 points of broadband penetration your GDP growth accelerates 1.3 points.
So what happens is you have the technology available, you realize the importance, you have the opportunity to leapfrog so you can go to the latest Internet-based technology in order to offer that connectivity, including mobile and fixed. You have governments that are realizing the importance of that, so they can address the key issues they have to address including competition, regulation, investment etc. And then you have a company like Cisco that offers you a fully integrated solution with the partners and with financing.
[PH] So if you had to rank the countries in Latin America, which would you put at the top in terms of understanding that message and pursuing it for the betterment of their citizens, and who would you put at the bottom?
[JV] It’s hard to answer that question because every country is doing something. Chile has been always a leader in terms of broadband penetration. Brazil has just announced a national broadband plan, and Mexico and Colombia have their own infrastructure plans. So it’s hard to say that any government is better or worse. What we are doing is saying why don’t we help each of them in whatever they require in order to be more successful, because what happens is every country needs something different. In some places it’s education, in some places it’s financing, and in some places it’s access to the technology and the right partnerships.
So, we build a plan for the country. In Mexico, we talked about manufacturing and location. John Chambers, our chairman, went to Mexico two years ago and confirmed a huge $5 billion investment over five years. We have pilot programs in about 40 schools right now in Mexico to improve educational access, graduation rates and teaching standards. We really plan for the country. We ask, ‘What can we do to make this country better?’ And we put forth the people and the resources to make it better.
[PH] What kind of roadblocks do you see in Latin America in terms of resistance to technology? Cuba is obvious. What about Venezuela, which is a fairly well-connected country?
[JV] We don’t get into politics at all. What we do is we realize the importance of technology, independent of any ideology. You know, in Venezuela, we do very good business with Cantv… We believe that Cantv is a great partner for Cisco in order to offer services to the marketplace. So, we have a large team in Venezuela. And we continue investing in Venezuela.
Our vision is to best partner for governments and companies to increase Latin American growth and improve the quality of the citizens. It does not say the country has to be this ideology or the other one. And we have been very good at that and not making [distinctions] at all because we believe you have opportunities everywhere. The market today really represents a huge opportunity. Here are two numbers that I can share because this is a public disclosure we have made. In the last quarter Internet penetration in Brazil grew [year to year] 80 percent, and Mexico 63 percent.
So, you have solid growth and solid opportunities all across the region. What we are convinced is that the growth in the region by leveraging technology could be key in order to make the region more successful. Internet traffic in Latin America will grow 51 percent compounded over the next four or five years. It is the fastest growing traffic region in the world. And Cisco is the leading company in Internet technologies. We have a strong presence obviously, and a huge opportunity to grow.
In a press release distributed Tuesday the Alliance for Digital Equality (ADE) called on the organization Free Press to explain the true motives behind a disturbing 40-page guide detailing a strategy to manipulate poor, rural, Southern African Americans and women in an attempt to advance their own political agenda. As reported in The Hill, Free Press recently commissioned the study Net Neutrality For the Win: How Entertainment and the Science of Influence Can Save Your Internet which includes messages, research data, and strategies for convincing “targets” that the future of the Internet is in jeopardy in order to gain support for Net Neutrality policies.
The forty-page guide, produced by the Harmony Institute, identifies poor, rural African Americans and women as “persuadable” and thus the primary targets for Net Neutrality messaging. Instead of having an honest debate, Free Press has reverted to unacceptable tactics to promote their way of thinking at any cost.
“The cynical and demeaning manipulation and stereotyping of poor, rural, minorities and women to advance a political agenda is inexcusable,” said ADE Chairman Julius H. Hollis. “Free Press needs to immediately explain their actions and intentions.”
The Alliance for Digital Equality (ADE) is a non-profit consumer advocacy organization that serves to facilitate and ensure equal access to technology in underserved and un-served communities. The Alliance also serves as a bridge between policymakers and minority individuals in order to help the public understand how legislative and regulatory policies regarding new technologies can impact and empower their daily lives. For more information on The Alliance for Digital Equality, please visit www.alliancefordigitalequality.org.
New York, NY, June 14th, 2010 – Latinos in Information Sciences and Technology Association’s President and CEO, Jose A. Marquez-Leon proudly announced today that Federal Communications Commission Chairman Julius Genachowski will deliver remarks on the National Broadband Plan at LISTA’s upcoming 3rd Annual National Tech-Latino 2030 Legislative Forum on Capitol Hill, Washington, DC at 6:00 pm – 8:30pm on Tuesday June 22nd 2010.
“It is a great honor to have Chairman Genachowski address our members at our 3rd Annual National Tech-Latino 2030 Legislative Forum,” said Tony Jimenez LISTA National Board of Directors Chairman. “Chairman Genachowski has been an advocate for the Latino community and understands the critical role broadband plays in developing businesses and improving the economy for all Americans.”
“We are extremely pleased to have Chairman Genachowski address our members at our 3rd Annual National Tech-Latino Legislative Forum,” said Jose A. Marquez Leon. “Chairman Genachowski recognizes the role of the nation’s Latino technology sector and how broadband will help the Latino community continue to develop businesses and our positive impact on the economy of the United States. He understands that closing the digital divide once and for all will give all Americans the chance to achieve the American Dream of financial independence and economic empowerment.”
“Having Chairman Genachowski participate in LISTA’s Tech-Latino Legislative Forum is a testament to the recognized impact Latinos will have in our nation’s high-tech future,” said Danny Vargas. He added, “We sincerely appreciate the Chairman’s interest and dedication to ensuring that the FCC continues to engage all segments of American society and encourages Latinos to take a leading role in not only telecommunications but all aspects of innovation.”
The 3rd Annual National Tech-Latino Legislative Forum will provide Latino IT professionals an opportunity to dialogue with members of Congress about key concerns in the industries of Science, Technology Math and Engineering. It will also provide LISTA an opportunity to continue to raise awareness of the digital divide and how to bridge it, develop ideas on how to stimulate the growth of technology business, and be a catalyst of change in the high-technology and science sectors.
Event Information
3rd Annual National Tech-Latino Legislative Forum is generously sponsored by MicroTech, Capitol Wire PR. Uber Operations, Broadband for America, NTIA, ADE, State Farm, Aetna and Comcast
Date: Tuesday, June 22 2010
Time: 6pm – 9 pm
Opening Reception Venue:
Rayburn House Office Building,
Room B-338, Basement, Washington, DC 20515
To Attend Please Visit: www.techlatino2030.org
About Chairman Genachowski
Julius Genachowski was nominated by President Barack Obama as Chairman of the Federal Communications Commission on March 3, 2009, and sworn into office on June 29, 2009.
Chairman Genachowski has two decades of experience in public service and the private sector. Prior to his appointment, he spent more than 10 years working in the technology industry as an executive and entrepreneur. He co-founded LaunchBox Digital and Rock Creek Ventures, where he served as Managing Director, and he was a Special Advisor at General Atlantic. In these capacities, he worked to start, accelerate, and invest in early- and mid-stage technology and other companies. From 1997-2005, he was a senior executive at IAC/InterActiveCorp, a Fortune 500 company, where his positions included Chief of Business Operations and General Counsel.
Genachowski’s public service spanned broadly across government. His confirmation as FCC Chairman returns him to the agency where, from 1994 until 1997, he served as Chief Counsel to FCC Chairman Reed Hundt, and, before that, as Special Counsel to then-FCC General Counsel (later Chairman) William Kennard. Previously, he was a law clerk at the U.S. Supreme Court for Justice David Souter and Justice William J. Brennan, Jr. , and at the U.S. Court of Appeals for the D.C. Circuit for Chief Judge Abner Mikva. Genachowski also worked in Congress for then-U.S. Representative (now Senator) Charles E. Schumer (D-N.Y.), and on the staff of the House select committee investigating the Iran-Contra Affair.
Genachowski has been active at the intersection of social responsibility and the marketplace. He was part of the founding group of New Resource Bank, which specializes in serving the needs of green entrepreneurs and sustainable businesses, and has served on the Advisory Board of Environmental Entrepreneurs (E2). He also served as a board member of Common Sense Media, a leading non-partisan, non-profit organization seeking to improve the media lives of children and families.
Genachowski received a J.D from Harvard Law School (magna cum laude), where he was co-Notes Editor of the Harvard Law Review. He received a B.A. from Columbia College (magna cum laude), where he was Editor of Columbia Spectator’s Broadway Magazine, re-established Columbia’s oldest newspaper (Acta Columbiana), and was a writer and researcher for Fred Friendly. He was also a certified Emergency Medical Technician who served on the Columbia Area Volunteer Ambulance, and taught cardiopulmonary resuscitation (CPR).
About Latinos in Information Sciences and Technology Association (LISTA)
LISTA (www.a-lista.org) promotes the utilization of the technology sectors for the empowerment of the Latino community. We are an organization that is committed to bringing various elements of Technology under one central hub to facilitate our partners, members and the community with the leverage and education they need to succeed in a highly advanced technologically driven society.
The American Recovery and Reinvestment Act of 2009, commonly known as the stimulus law, has a host of tight deadlines for its myriad health information technology subsidy and IT network development initiatives.
Nearly all of them are timed to help fulfill the ambitious goal set by former President George W. Bush in 2004 and adopted by President Barack Obama last year to make electronic health records available to most Americans by 2014.
Not surprisingly, a federally funded health IT workforce training effort is both part of the overall program and caught up in its mad rush.
“We are moving fast,” said Patricia Dombrowski, director of the Life Science Informatics Center at Bellevue (Wash.) College, which is leading a consortium of community colleges that applied for and won $3.4 million in workforce training grants funded by the stimulus law—covering career paths from information management to IT hardware installation.
Preparations at the college are moving so fast, “We were talking about using roller skates this morning, but we raised our hands,” Dombrowski said. “We knew the time line, so I really feel confident moving forward.”
Last month, HHS’ Office of the National Coordinator for Health Information Technology awarded $112 million of stimulus funds to dozens of universities and community colleges such as Bellevue for various IT workforce training and advanced-education programs ranging from six-month certificates through post-graduate degrees.
The faculties and administrators at those schools will be preparing feverishly for the fall semester and the first influx of what they hope will be thousands of new health IT students and job seekers.
Feeling the need
Boosting employment nationwide was a major goal of the stimulus law, and there is little doubt, according to the government and industry leaders, that tens of thousands of new jobs will be needed if the federal effort to push provider adoption of EHRs is to be successful.
Under the stimulus law, both physicians and hospitals seeking subsidy payments for their IT purchases must use certified EHRs in a meaningful manner. Last December, the ONC and CMS issued rules for certification and meaningful use. In response to thousands of subsequent public comments, both rules are likely to be modified sometime this spring.
The National Center for Health Statistics, part of the Centers for Disease Control and Prevention, estimates there are 308,900 office-based physicians who are not federal employees, who are not working for a hospital’s ambulatory-care program, and who are not radiologists, anesthesiologists or pathologists.
Almost half of these doctors are either in solo practice or work in partnership with just one other physician. According to the latest NCHS data available—the 2009 estimates from its National Ambulatory Medical Care Survey—only 21% of these office-based physicians have a “basic” EHR.
By NCHS definition, a basic system has rudimentary capabilities, including the ability to create patient problem lists and clinical notes and do electronic prescribing. Although it’s not part of the definition, a basic system most likely lacks sufficient functionality to be certified under ONC rules and thus be considered to be an EHR system worthy of reimbursement under the multibillion-dollar stimulus technology subsidy program that is dominating the health IT landscape.
Just 6% of all office-based physicians use what the NCHS defines as a “fully functional” EHR. Such a system might have enough bells and whistles—such as automatic warnings of drug interactions and out-of-range test levels—that a physician using one might reasonably expect to qualify for federal EHR subsidy payments under the stimulus law, based on current drafts of ONC and CMS rules.
But even these advanced EHR systems are likely to require vendor upgrades to meet proposed ONC certification criteria, while many clinicians will still be expected to change their workflows and reporting requirements to fully qualify for EHR subsidy payments under proposed CMS meaningful-use standards.
On average, hospitals are a bit higher up the IT adoption curve than physician offices, but most hospitals are still a long way from where they’ll need to be to achieve meaningful use under the proposed CMS criteria.
Computerized physician order entry is an advanced EHR function in hospitals. According to the CMS proposed rule, to qualify for federal EHR subsidy payments under the Medicare portion of the stimulus law, hospitals must run 10% of their orders through a CPOE system for a 90-day period sometime during the first year of the program, which starts this fall.
Jason Hess, general manager of clinical research at KLAS Enterprises, Orem, Utah, a health IT market research firm, said its latest survey data, validated between October 2009 and February 2010, show only about 16% of hospitals have CPOE systems up and running.
“And if you look at those that are doing 50% of their orders or more through CPOE, it’s 11.3%,” Hess said.
Given the low levels of adoption and use, Hess asked whether it is even “realistic” for the CMS to require that all hospitals have CPOE installed in the first year and “get 10% of orders through CPOE.”
Talk of a looming labor shortage problem is on a lot of IT buyers’ lips, Hess said. Some of the vendors are trying to address the problem by offering remote hosting services for their products, he said, but it remains to be seen whether the software-as-a-service delivery model will catch on fast enough and be used widely enough to make a dent in the workforce shortfall.
Small, rural and community hospitals will feel the stress most severely.
“It’s kind of the Wild West for these folks who say we’ve got to do all the things the big hospitals do,” Hess said.
Help wanted
For starters, thousands of workers will be needed to simply install these EHR systems, configure them to local needs and train clinicians and other healthcare workers in their use. Thousands more will be needed to keep them running and to squeeze the data from them to improve patient safety and quality of care and warrant the multibillion-dollar public investment in them.
Leaders of organizations representing the nation’s office-based physicians and hospitals are concerned their members might not be able do all that will be needed to qualify for EHR subsidies under current ONC and CMS rules, given the gap between their current IT adoption status and the high bar set for them in the December drafts.
On May 3, the American Medical Association, American Hospital Association and Federation of American Hospitals as well as a host of medical specialty societies sent a joint letter to HHS Secretary Kathleen Sebelius, calling for the government to dial back its proposed meaningful-use criteria as well as give them more time to meet its performance targets.
For both physicians and hospitals, time is money. The first “payment year” begins Oct. 1 under the Medicare portion of the EHR subsidy program, through which the bulk of the estimated $14 billion to $27 billion in federal IT reimbursements under the stimulus law is expected to flow.
The healthcare industry has not been caught unawares of an IT labor force shortage, even though the advent of such massive amounts of federal EHR subsidy payments have added a heightened sense of urgency.
Back in 2005, the American Health Information Management Association and American Medical Informatics Association formed a joint committee to try and gin up support for education and training in heath informatics and health information management.
They produced a report, Building the Work Force for Health Information Transformation in 2006. In a case of “be careful what you wish for,” one of that group’s specific recommendations was to seek federal legislation and support for healthcare IT adoption and funding for IT education and training.
The stimulus law, with its buckets of money for EHR subsidies and education was all that, but with tight timelines as a kicker.
What eventually flowed from the AHIMA/AMIA joint effort was a report released in 2008 laying down what the two groups concluded are the core competencies of professionals working with EHRs.
In addition, AMIA is leading an effort to create a board certification program for physicians in medical informatics with the first credentials being awarded in 2013.
AHIMA, meanwhile, supported the design and rollout of the Virtual Lab for EHRs that provides Web-based coursework to more than 125 associate, baccalaureate and post-graduate health information management, or HIM, degree programs.
The latest figures from the Bureau of Labor Statistics pegged the medical records and health IT workforce in 2008 at about 173,000. About two in five HIM/HIT workers were employed by hospitals, with the rest scattered across physician offices, nursing homes, home health services and other outpatient centers.
Despite the current U.S. unemployment rate hovering just under 10%, the highest figures since 1983, job prospects for health IT workers “should be very good, particularly for technicians with strong computer skills” who will be “in particularly high demand,” according to a BLS report. The healthcare industry, it projected, will need another 35,000 of these positions by 2018, a 20% increase.
Dombrowski
Part two of a two-part series
Along with the push to ramp up the use of health information technology in hospitals and doctors’ offices comes the need for a highly skilled labor force to get the job done.
Claire Dixon-Lee is executive director of the Commission on Accreditation for Health Informatics and Information Management Education; the CAHIIM is a division of the American Health Information Management Association that accredits 281 health information management certificate and baccalaureate degree programs at schools across the country. In the past, health information management workers dealt with managing paper records, but their jobs have changed with the times.
Dixon-Lee said that today many AHIMA members are doing the work of IT specialists at their hospitals and physician offices while others can be retrained for these new positions. CAHIIM-accredited programs graduate between 3,000 and 3,500 students a year, of which 600 receive bachelor’s degrees and the rest associate’s degrees, she said.
“Our data show a 95% placement rate, but we aren’t producing them fast enough,” said Dixon-Lee, who cited a 2009 private workforce study commissioned by AHIMA last year projecting the need for anywhere between 12,000 and 50,000 new health information professionals over the next eight years.
Many Modern Healthcare readers who participated in our most recent annual IT survey reported having a tough time recruiting and retaining IT staff. A majority of survey respondents (58%) indicated they’ll need to hire more IT staff in the next 12 months. Meanwhile, 49% of responding executives said they have a hard time hiring or retaining IT workers, most commonly, because of a scarcity of trained personnel, but also because of low wages for IT workers in healthcare compared with other industries.
Officials at the Office of the National Coordinator for Health Information Technology think the demand for workers skilled in health IT will be even greater than the Bureau of Labor Statistics suggests, but perhaps near the upper end of the numbers that Dixon-Lee cited.
“In the aggregate, we have estimated to get to meaningful use by almost all care venues in the country we’re going to need something like 50,000 more trained healthcare workers in these roles than the educational system as it currently exists can produce,” said Charles Friedman, chief scientific officer for the ONC and its point man on ONC-funded educational and workforce development programs. The goal is to have 10,500 new healthcare IT workers trained each year over five years.
“We believe most of the people who can benefit from this program will come into it already possessing part of what they will need to know,” Friedman said. “They will be either IT people who will need to know more about health, or health people who will need to know more about IT. I can’t say what the balance between those two is.”
Friedman said the ONC picked the six “career paths” that the community colleges will train students to take. Those jobs are: clinician/practitioner consultants; implementation managers; implementation support specialists; practice workflow and information management redesign specialists; technical/software support staffers; and trainers.
“We looked at the field as it was evolving, not as it is today, but as we expect it to evolve,” Friedman said. ONC staffers looked at all the activities under the stimulus law and the low EHR adoption rate “and said, OK, what’s going to be necessary to get these practices from paper to electronic, and what roles are needed,” and what is needed to do it properly?
Under the ONC-supported, six-month certificate programs, U.S. community colleges are expected to train 10,500 students a year over five years. For those programs, there will be no certification organization required to look over the shoulder of the 70 community colleges expected to churn out those graduates.
“It’s a bit early to be contemplating that,” Friedman said.
Instead, Friedman said, the ONC has awarded a $6 million grant to Northern Virginia Community College, Annandale, to create and administer a competency examination for graduates of the community college training programs. AHIMA is “very much involved” in the grant, Friedman said.
The individual competency testing program was chosen as an alternative to certification, Friedman said, “to make it very clear this grant award is to assess objectively a certain set of competencies in each examinee who sits for the exam.
“This could evolve in the future into some kind of certification program,” he said.
Community college graduates of the six-month certificate programs won’t be required to sit for the competency exam, “but we hope they will,” Friedman said. Part of the money for the competency testing grant is to underwrite the cost of 20,000 students to sit for the exam for free, he said. “We’re considering this as a pump-priming mechanism to ensure enough sit for the exam to demonstrate its value.”
For the new student certificate holders, “We think it will improve their job prospects. Think of how colleges use the SAT exam to complement a student’s grades to enhance admission. I think in the same way, this exam will be a comparable assessment of a certain set of competencies,” Friedman said.
“For a prospective employer, it will be information above and beyond” the educational program, Friedman said. Data on pass-fail rates from the competency exams could be aggregated and reported back to the community colleges to help them assess their programs, he added.
Back to school
Bill Hersh is a physician and chairman of the medical informatics and clinical epidemiology department at Oregon Health & Science University and a man on the hustle.
The university was a triple winner in the federal workforce grant competition, receiving a total of $5.8 million in funding for three programs—nearly $3.1 million for advanced training to medical professionals in healthcare informatics; more than $1.8 million to develop curricula to be used by community colleges to train healthcare IT workers; and $900,000 to serve as the National Training and Dissemination Center for the curriculum-development program.
Oregon Health & Science has an established, nationally recognized medical informatics program. At any given time, Hersh said, the university may have as many as 200 people enrolled in its postgraduate, 24-credit-hour certificate program and its 52-credit-hour, master’s degree in biomedical informatics program.
About two-thirds of the current enrollment in those programs consists of clinical professionals—with half of that group being physicians—and the remaining third being computer people, Hersh said.
The federal, advanced-education grants will be for scholarships to those programs, Hersh said, with the caveat being that enrollees in the federally funded graduate certificate programs must complete their work in 12 months, whereas in the past, a typical enrollee, who works and goes to school at the same time, often takes longer to complete the same course.
“If they do our graduate certificate program, they have to do it all in a year,” Hersh said, but the trade-off for the rush is, “in essence, people can get a free education.” Tuition for the certificate program is about $12,000. “We have 45 slots per year,” Hersh says. “The people who don’t get funded can still do the program.” It just won’t be subsidized, he added.
Aid recipients under this one-year, advanced educational grant program also must choose from six career paths: clinician/public health leader; health information management and exchange specialist; health information privacy and security specialist; research and development scientist; programmers and software engineers; and health IT subspecialist.
In addition to Oregon Health & Science, eight other universities will share in a total of $32 million in stimulus law funding for university-based, advanced IT education programs. They are: Columbia University; the University of Colorado at Denver’s College of Nursing; Duke University; George Washington University; Indiana University; Johns Hopkins University; the University of Minnesota; and Texas State University, San Marcos.
Along with its graduate-level programs, Oregon Health & Science, as part of its triple-win, will join Columbia, Duke and Johns Hopkins as well as the University of Alabama at Birmingham in sharing ONC grants totaling $10 million to develop curricula to support the six-month, community college IT certificate programs.
The new curricula will cover 20 different content categories, including history of health IT, installation and maintenance of health IT systems, project management, and the use of IT in quality improvement.
“The people who got funded were all experts in informatics who have been doing this kind of instruction,” Hersh said, although none of them has ever developed curricula for community colleges.
To make up for lack of community college experience, each of the contracting universities was obliged to enlist “a suitable number of community college partners,” Hersh said. “In my center, there are four community colleges partners. There are faculty that will work with us as subject-matter experts that will come up with curricula suitable for the community college setting.”
Work on curriculum development by the five universities and their community college partners began almost immediately after the grants were awarded in early April, Hersh said.
The schools have less than four months to complete their curriculum development work before Oregon Health & Science welcomes 400 community college educators to Portland in August for a crash course in the new IT training program outlines.
“It will be a pretty intensive week late that month,” Hersh said. After that, the newly trained faculty will return home and get ready for a hoped-for influx of new IT students. By the end of September, the entire first wave of new IT students is expected to be enrolled.
The participating 70 community colleges will form five consortia, each geographically dispersed, although not every state will have a participating community college. The five consortia will each be led by one community college—Bellevue (Wash.) College; Los Rios Community College, Sacramento, Calif.; Cuyahoga Community College, Cleveland; Pitt Community College, Greenville, N.C., and Tidewater Community College, Norfolk, Va. Grants awarded to these schools could total $70 million over the next two years—$36 million this year and up to $34 million the next.
At Bellevue College, administrators years ago foresaw the looming demand for health IT workers and began developing training programs to meet the industry’s needs. Patricia Dombrowski, director of the school’s life-science informatics center, said the college has graduated about 17 health IT workers a year over the past six years from its 12-month, 30-credit-hour health IT training program.
In 2008, as doldrums beset the Puget Sound IT job market, the college responded by creating a six-month program aimed at providing experienced IT workers from other industries with a background in healthcare IT. The 18-credit-hour program for these IT veterans opened this January with students to spare.
“We could have probably seated 50 or more, but we limited it to 25,” Dombrowski said.
In addition, Bellevue this summer will offer a three-month program for incumbent physician-office practice managers on IT project management and EHR support, she said. “Now we’re ready to scale up” for the HHS-funded training program, Dombrowski said.
Community colleges are not obligated to use the curricula developed by Oregon Health & Science and the other four universities, but all must focus their training programs on the six federally designated career paths. Although no single school is required to offer courses on all six job targets, each consortium must see that all six are covered within their group.
“I doubt we’ll do all six,” Dombrowski said. “We have to see a little more about the curriculum before we make a decision about that.”
Bellevue could get by with just some tweaks to its existing courses and curricula to adapt them to the federal program, Dombrowski said.
“We think we’re spot on and at the very worst, very close, but we have not seen the standard, and we’ve made some suggestions about the ONC accepting the existing curriculum,” she said. If required, “We stand ready to implement the national curricula.”
Bellevue will receive $1 million from the ONC grant to oversee its consortium, which includes seven other community colleges. Each community college, including Bellevue, will receive the same $625,000 in federal grant money to run its training programs and other services. Bellevue’s additional $375,000 will go to administer the consortium.
Beyond providing teachers and course materials, Dombrowski said, Bellevue will offer tutoring and counseling and employment services. The amount of money the ONC is providing “seems adequate to the task,” she added.
Will there be enough time to develop and disseminate the curricula, train educators and be ready for the first day of school by September?
Dombrowski thinks so.
“It’s wonderful in these tough times for people to be able to draw a direct line from training to be put to work,” she said. “The beauty of this is it’s so directly related to people who need work.”
New York, N.Y. – Today Latinos in Information Sciences and Technology Association (LISTA) President and CEO, Jose Marquez-Leon released the following statement in response to the May 24, 2010 letter to the Federal Communications Commission on the importance of broadband adoption and deployment over regulation.
LISTA is pleased to see 74 members of Congress join together and speak with one voice on the importance of broadband technology to transform the communities where we live and work. Broadband technology can revitalize the Hispanic community – providing access to first class schools and job training for high-paying American jobs.
Members of Congress have shown the Federal Communications Commission the importance of broadband – and the importance of focusing on policy goals before implementing net neutrality rules that threaten delay and deter broadband investment. We simply can not afford to keep high-speed Internet out of reach from the communities with schools and businesses that need to be online.
Congress has shown the Commission that there is much work to be done to bring broadband to all of America – I hope they will take the leadership to promote access and adoption with sensible policies that encourage investment, innovation, and collaboration.
JULIUS GENACHOWSKI, chairman of the Federal Communications Commission, cannot win for losing.
Internet service providers (ISPs), including Comcast and AT&T, insist that a light touch is needed when regulating the Internet to guard against innovation-stifling intervention. Some public interest groups and businesses, including Google, argue that the FCC must seriously police the Internet to ensure ISPs do not discriminate against certain technologies. (Disclosure: The Washington Post Co. has interests in broadcast and cable television and businesses that depend on the Internet, all of which could be affected by FCC action or inaction.)
The debate intensified dramatically last month after a D.C. federal appeals court struck down the FCC’s relatively relaxed regulatory approach.
From Mr. Genachowski’s perspective, the ruling left the agency with a distasteful choice: Either abandon efforts to regulate broadband or reclassify the service to subject it to more muscular legal provisions typically reserved for telephone companies and other common carriers. Mr. Genachowski, in an effort at compromise, chose a third way: apply only a few of the common-carrier provisions to parts of broadband delivery.
This approach is also unacceptable. For some eight years, the agency has argued that broadband constitutes an “information service” and that it should be subject only to a light regulatory touch. To reverse course now by classifying broadband as a telecommunications service would require the agency to throw out years of its own data and analysis. While agencies have broad latitude in reevaluating regulatory schemes, reversals should be linked to significant market shifts. The facts do not support such a conclusion, and the FCC should not now try to shoehorn broadband into an existing — but incompatible — regulatory scheme.
What is needed is a fourth way: The agency, industry, consumer groups and other interested parties should work with Congress to craft clear but limited rules tailored to broadband. Advocates of increased oversight worry that the often-protracted legislative process will leave a gaping regulatory void that ISPs will exploit to engage in mischief. This is nonsense. It ignores the ISPs’ need to provide good service to keep their customers, and it does not take into account the healthy oversight provided by those consumers and Internet watchdog groups. The Federal Trade Commission and the Justice Department also have the power to police anticompetitive or fraudulent acts.
At the moment, the FCC appears powerless to follow through with its national broadband plan, which includes the goal of expanding service to minority and poor communities. While we do not agree with much of the plan, there are worthwhile elements, including reporting, monitoring and transparency requirements, that the FCC could not enact without explicit legal authority. This is yet another reason why the agency should make a trek to Capitol Hill.
As new HIT makes ever greater inroads into the nation’s healthcare system, there is bound to be an expanding array of stories that highlight the advantages HIT brings to patients and doctors alike.
But rather than taking too much comfort as favorable evidence piles up, policymakers should regularly wonder what percentage of the population is still not reaping the benefits.
Take this story from San Francisco. For HIT proponents, it just doesn’t get much better. A single mother with a sick child on her hands uses all available hi-tech tools to get the boy’s situation diagnosed so that, much to his chagrin, he can get back to school without missing a single class.
The story goes on to describe how doctors and patients are communicating via videoconferencing, IM, e-mail, Facebook, and Twitter, and the result, particularly for those patients with EHRs, is a system brimming with convenience, new efficiencies and improved care.
But here’s the question that should nag at policymakers no matter how many of these stories they read: What percentage of the population are we not reaching with all our new tools?
On the one hand, there will never be a time for a definitive answer to that question, because HIT will keep evolving and the healthcare system will have to evolve with it. On the other hand, however, policymakers should already be trying to figure out how to measure, at least roughly, who’s using HIT beyond the healthcare providers who are making the up-front investment.
For purposes of comparison, at least when it comes to patient use of HIT, they might want to take a look at how the “digitizing” of the nation’s school systems has changed or not changed the relationship between parents and teachers. With three kids in school and a veteran teacher for a wife, our admittedly unscientific hunch is that HIT runs the risk of being used much like “Edu-IT” is being used. That is, those who are plugged in general are plugged in when it comes to their children’s education. They access their grades on-line, for example, and they communicate regularly with their teachers via e-mail.
But ask a teacher, and you may well hear the lament that the parents who really need to be more engaged in their kids’ education aren’t using the latest technologies to plug in, and the chances are they won’t be any time soon.
So will the same divide develop as HIT becomes more prevalent? Obviously, there’s no way to know for sure. The question, however, should be one of the first things policymakers think of whenever they read another HIT success story.
Atlanta, Ga. – Jose Marquez, president and CEO of the Latinos in Information Sciences and Technology Association (LISTA) was awarded The Phoenix Award by Atlanta’s Mayor Kasim Reed at the kickoff of LISTA’s Tech- Latino Leadership Luncheon 9th Year Anniversary Awards Gala at the Laudermilk Center on April 28th 2010.The Phoenix Award, is Atlanta’s highest mayoral honor.
“Jose Marquez and the work of Latinos in Information Sciences and Technology Association has done in the short history it has in Georgia is to be commended,” Mayor Reed remarked. They have shown commitment to our community. Bringing a fresh energy, of humility and collaboration to our state.”
The LISTA Tech- Latino leadership Luncheon drew over 250 attendees including many state and local government officials, gubernatorial candidates as well as prominent business and community leaders. Hosted by Rick Sanchez of CNN and Lourdes Diaz Senior Director of Sodexo, both provided remarks about the importance of the Hispanic in the state of Georgia and the key role we play as small business employers, particularly during difficult economic times.
“It is was truly heartwarming how Georgia has accepted LISTA into its arms. I am inspired by the people we honored at this luncheon and to receive this award from the Mayor made all the more special,” said Marquez. It was an honor to recognized Johns Creek City Council and Founder Ivan Figueroa, State Representative Tony Sellier, Gwinnett County Alliance Executive Director Leticia Pastrana, and Monica Maldonado, President Interprint Communications with the Campeones de Nuestra Comunidad award. “Through these latino leaders I have seen first-hand, dedication, commitment and sacrifice for the Latino community, I am honored to be part of such a group, who are providing Georgia with leadership to small businesses and our community as a whole.”
“LISTA also would like to thank for the support of our partners Coca Cola, Macy’s Foundation, Best Buy, Microtech, State Farm, Sodexo, Display America, Sodexo, and Comcast who help us do the work we do without you this would not be possible,” added Mariano Maluf, President LISTA Georgia Tech Council.
About Latino in Information Sciences and Technology Association (LISTA)
LISTA ( www.a-lista.org) promotes the utilization of the technology sectors for the empowerment of the Latino community. We are an organization that is committed to bringing various elements of Technology under one central hub to facilitate our partners, members and the community with the leverage and education they need to succeed in a highly advanced technologically driven society. LISTA Mission is to educate, motivate and encourage the use of technology in the Latino community and empowering them to bridge the digital divide. Our Mission is simple to educate motivate and encourage the use of technology in the Latino community for our empowerment.
EVERY ADVANCE IN healthcare information technology presents a new challenge to a patient’s privacy. The recent initiatives promoting electronic health records (EHRs) and personal health records (PHRs) are no exception. While the use of these records could potentially revolutionize the way physicians treat patients and both patients and physicians manage medical data, they will also put unprecedented amounts of personal information at the fingertips of thousands of third parties. An increased number of individuals with access to health information will only increase the likelihood that, whether inadvertently or purposefully, data security will be breached. The federal Health Insurance Portability and Accountability Act (HIPAA), state health information privacy laws, and state security breach laws all aim to protect an individual’s data from various incidents in which personal information may be compromised. However, the mere existence of these laws does not mean that a person’s health data is necessarily safe. Scores of high profile security breaches have occurred over the past several years, including breaches resulting in unauthorized access to massive amounts of private data at pharmaceutical companies, major data brokers such as ChoicePoint, hospitals, and the Veteran’s Administration. In the dawning era of EHRs and PHRs, physicians, hospitals, insurers, claims processing companies, and various information technology entities must be ready to combat threats to electronic health information. The reality is that many are unprepared.
There is a growing tension between the rapid growth in the use of EHRs and PHRs and the tightening regulation of the security of personal information. In order to effectively navigate the emerging technology and opportunities afforded by EHRs and PHRs, entities conducting business involving such records must be equipped to prevent or mitigate any threat to personal data that may occur, as we will discuss in greater detail below.
Electronic health Records and Personal health Records: Overview and Trends
EHRs are typically defined as clinical patient health records in electronic format that are originated, managed and maintained principally by healthcare providers. They may include information about a patient such as medical history, lifestyle, demographics, any prescription medication, test results, and billing information, and in some instances, they are made accessible to patients.
EHRs have many attributes; if used effectively they can reduce medical errors and costs, as well as increase efficiency. Their advantages range from eliminating confusion resulting from a physician’s handwriting to enhanced searchability, making it easier for a provider to assess possible drug interactions or for a consistent pattern of symptoms. Depending on the platform, another advantage EHRs may offer is accessibility. If they can be transmitted outside of a particular entity’s local information system, they have the potential to be shared with providers and other healthcare entities throughout the world.
PHRs are clinical patient health records in an electronic format that are created by patients themselves, but are maintained by an outside vendor such as an HMO member site or an information technology entity such as Microsoft or Google. They are accessed principally by the patient, but in some formats can be accessed by providers and/or insurers depending on what level of access the patient provides to healthcare entities. PHRs have advantages similar to those of EHRs if a patient grants his or her providers full access to records.
Adoption of EHR platforms has been historically slow. In late 2006, approximately 11 percent of hospitals had a fully implemented EHR system, according to a survey conducted by the American Hospital Association.1 In study by the Healthcare Financial Management Association in 2006, hospitals cited lack of national information standards and code sets, lack of funding, concern about physician usage, lack of interoperability and concerns about privacy as obstacles to EHR adoption.2 Less than 30 percent of office- based physicians reported using EHR systems in a recent study by the National Center for Health Statistics, and only 12.4 percent used comprehensive EHR systems.3 However, the use of EHR systems by office-based physicians has increased over 50 percent in the past five years.4 A wave of recent local, state and federally-sponsored initiatives should help to increase the implementation rate of EHRs. New York State and New York City have been particularly active in encouraging expanded use of EHRs by healthcare providers. At the end of February 2008, Mayor Bloomberg announced that New York City was ready to equip 1,000 Medicaid providers with an EHR system by the end of 2008. Already more than 200 primary care doctors in New York City are using EHRs, and the city says it is on track to reach its goal of 1,000 providers serving more than a million patients by the end of the year.5 Furthermore, Mayor Bloomberg is collaborating with a coalition of House Democrats to help achieve the goal of linking 75 percent of the nation’s health care providers through an e-record system within a decade. On the state level, New York Governor David Patterson awarded $105 million in grants in late March 2008 to 19 community based health information technology projects to help build a statewide EHR system.6 Grant recipients include Regional Health Information Organizations (RHIOs) such as the Bronx Regional Health Information Organization and Brooklyn Health Information Exchange, which facilitate the exchange of health information electronically within a specific geographic area.
Last year, a groundbreaking bill was introduced in the Senate by U.S. Senator Kennedy that, if passed into law, would “recommend specific actions to achieve a nationwide interoperable health information technology infrastructure” and “make recommendations concerning standards, implementation specifications, and certification criteria for the electronic exchange of health information for adoption by the federal government.”7 The “Wired for Health Care Quality Act” would also authorize the Department of Health and Human Services (HHS) to award grants to facilitate the “widespread adoption of interoperable health information technology.”8 Essentially, it would serve to boost implementation of EHRs throughout the U.S. using a common platform. At the time of publication, the sponsors of this legislation were hopeful that the legislation would pass by unanimous consent in the coming weeks.
Various private entities are now offering their own versions of PHR platforms. These platforms would allow consumers to manage and access their health records online. It would also give consumers the option of giving providers and insurers access to their records as well. Microsoft (through its website HealthVault), Google and a variety of HMOs are all developing such platforms, with security and privacy controls tailored to the needs of the consumer. Additionally, the Medical Banking Project, a policy group that focuses on the integration of banking technology, infrastructure and credit with healthcare administrative operations, is also conceiving of a private PHR- type platform, which it calls “consumer-directed healthcare (CDH) platforms.” CDH platforms aim to go a step further than the PHR-platforms offered by Microsoft and Google, as they would not only give a consumer control of his or her health records, but also engage the consumer more fully in the financial aspects of his or her healthcare-related activities. A CDH platform would combine information from an individual’s health plan and personal health accounts such as Health Savings Accounts (HSAs) and Flexible Spending Accounts (FSAs). The main objective of a CDH platform would be “to provide a coordinated link between the healthcare and financial services systems to offer the most comprehensive consumer-directed solution.”9 Such a platform would also benefit from enhanced security from the banks that help to administer CDH platforms. Banks would protect health-related information much as they presently protect financial information.
However, despite the recent surge in EHR and PHR initiatives, efforts still remain highly fragmented. The available EHR and PHR frameworks are driven by different philosophies, potentially compete with each other, and appeal to different types of users, therefore creating different standards for privacy and security. The current lack of coordination between these various frameworks may lead to an increased risk of security breaches, as communication between multiple and possibly incompatible platforms could lead to data leaks and subsequent tampering with records by outside parties. The patchwork of state laws as well as the general lack of regulation in this area beg for federal legislation to set a uniform standard that will harmonize these efforts.
Security Breach Laws, HIPAA and Their Application to EhRs and PhRs
Because private PHRs such as those offered by Microsoft are not explicitly regulated under HIPAA, which governs the use and disclosure of an individual’s identifiable health information, health records created by consumers using these services would not be protected by HIPAA’s privacy and security provisions. HIPAA generally applies to “covered entities”, i.e. providers, health plans and clearinghouses, and breaches in the privacy and security of patient records by these entities result in significant penalties.10 However, when an entity such as Microsoft enters into an agreement with a consumer, it is not subject to the obligations of a covered entity; it would not even need to enter into a business associate agreement, which extends HIPAA protections from a covered entity to its business partners. Thus, without the protection of HIPAA, consumers may be left vulnerable and could potentially shift blame in any privacy breach situation to the providers viewing their PHRs (unless comparable state law protections extended to entities like Microsoft). While publicly-sponsored initiatives such as the ones in New York would be more strictly regulated (as they would be most likely subject to HIPAA indirectly through these public entities” activities as business associates of covered entities as well as other state privacy laws), questions remain about just how secure their EHR platforms are.
The Wired for Health Care Quality Act, described above, would have amended HIPAA so that “an operator of a health information electronic database” would essentially become a covered entity.11 This would have resulted in entities that offer PHR platforms such as Microsoft becoming subject to HIPAA and would create a new class of businesses that would be required to adopt more stringent policies and procedures related to the privacy and security of certain health data. However, at the time of publication, an amendment authored by Senator Leahy significantly altering the privacy provisions of the bill had been accepted by Senator Kennedy in order to “ensure the privacy of individual protected health information.”12 Senator Leahy stated in a recent press release that the amendment would prevent “operators of personal health information databases” from giving sensitive health records “to virtually anyone under the [HIPAA] Privacy Rule.”13 This amendment eliminates the requirement that operators of PHR databases would be automatically covered under HIPAA. Rather, it would require that HHS submit to the Senate recommendations for privacy and security protections for PHRs, including whether it is appropriate to apply certain privacy regulations promulgated under HIPAA to PHRs and “the extent to which the implementation of separate privacy and security measures is necessary.”14
Certain covered entities dealing with EHRs and PHRs must also be prepared for heightened scrutiny of their security policies and procedures related to HIPAA. Earlier this year, the Office of E-Health Standards and Services of the Centers for Medicare and Medicaid Services (CMS) distributed a sample Interview and Document Request list for HIPAA Security Onsite Investigations and Compliance Reviews.15 This list indicates that CMS may request that a covered entity which contracts with CMS produce evidence of policies and procedures that address prevention, detection, containment and correction of security violations as well as other technical documents that address security matters.
Regardless of whether an entity operating an EHR or PHR platform is a “covered entity,” all such entities would be subject to state security breach notification laws (currently enacted in 43 states, the District of Columbia and Puerto Rico) which require disclosure to consumers of any breach in their personal data. Under most states’ laws, “personal information” includes only basic identifying information, but under the amended California security breach notification law, breaches in health insurance information and medical information16 are also covered. Therefore, any entity that has clients or patients who reside in California would be subject to these heightened requirements. The Arkansas security breach notification law also has similar requirements regarding medical information. Regardless of which state security law(s) apply to a particular entity, the increased aggregation of data in EHR and PHR platforms as a result of the initiatives described above will leave more personal data vulnerable to security breaches.
An entity that deals with medical data should be prepared to adapt its policies and procedures to the changes in California law. If the entity has a national presence, it is more than likely to have customers or patients from California. Also, because California was the first state to codify a security breach notification law, and most states followed its lead, one could expect that other states will soon follow its example of including “medical information” in the definition of “personal information.”
The challenges in complying with California’s recently enacted amendments are already apparent. Even an advisory group affiliated with the California Office of Privacy Protection, which assists with the implementation and enforcement of the California security breach notification law, has struggled with formulating recommendations as to how best to comply with the new requirement that businesses and state agencies protect against and notify California residents of security breaches in medical information. Prior to being amended, the California breach notification law and related guidance was geared toward breaches affecting financial information. According to Joanne McNabb, Chief of the California Office of Privacy Protection, a breach of medical information is “a different kind of breach in a lot of ways . . . . The risk it poses is not the same” as a financial data breach.17 The advisory group found that there is not an obvious way to “flag” a person’s medical record in the same way a person’s financial records would be flagged in the event of a security breach. Still, the recommendations are likely to include suggestions that breach notices be as specific as possible, stating what types of records were breached. Pam Dixon, a member of the California Office of Privacy Protection advisory group, said that the amended California law “may drive the debate nationally toward a uniform system like the credit bureaus for medical information.”18
Lack of Preparedness and Increased Enforcement
While entities increasingly adopt EHR platforms and promote the use of PHRs, they may not be prepared to assume the security risks associated with these types of data systems. In a 2008 study conducted by Kroll Fraud Solutions/HIMSS Analytics to better understand the status of patient data security at hospitals, the hospitals surveyed reported an average level of preparedness to deal with a security breach of 5.88 on a one to seven ascending scale.19 Yet the same study indicated that only 56 percent of these hospitals had notified patients whose information was compromised as a result of a security breach.20 13 percent of the respondents to the survey reported that their organization had a security breach in the previous 12 months, with a patient’s name and high level patient information, such as diagnosis, most frequently compromised.21 Also, according to the Government Accountability Office (GAO), in 2004–2005, 47 percent of Medicare Advantage contractors, 42 percent of Medicare fee-for-service contractors, and 38 percent of TRICARE contractors reported experiencing a privacy breach.22 While hospitals and health plan contractors may have policies and procedures in place to combat security breaches, the Kroll survey and the GAO report would seem to indicate that the implementation of such policies and procedures is insufficient.
As healthcare institutions lag behind in their preparedness to deal with data security issues, HHS has stepped up its enforcement efforts to counter noncompliance with HIPAA. In 2007, the total number of resolutions of possible Privacy Rule and Security Rule violations totaled 7,176, compared with only 4,761 resolutions in 2004. Of those resolutions, there were 2,199 investigations in 2007, compared to just 1,392 investigations in 2004.23 HHS is clearly responding to the proliferation of data security incidents that occur with increasing frequency as more health records become digitized and thus susceptible to compromise.
The short history of enforcement of security breach notification laws on the state level has been quite robust. Unlike HIPAA, which puts the onus on a covered entity to come up with its own solution to mitigate a violation of the Privacy and Security Rules, security breach laws mandate disclosure to individuals and, in some instances, to law enforcement agencies. Companies found to have violated a notification law may face civil penalties, injunctive relief and attorney’s fees and costs.
Recommendations for Implementation, Prevention and Response
Businesses that retain individuals’ healthcare data, especially those that interface with EHRs and/or PHRs, should revisit their existing policies and procedures to ensure that they are not only compliant with existing federal and state law, but also to anticipate inevitable changes to the privacy and security regulations and increased enforcement activities. As individuals and healthcare providers become more comfortable with putting personal health information in electronic format, they will expect a heightened level of security to accompany this data. Businesses must be vigilant about protecting this data, as a security incident of any magnitude may cause substantial reputational damage. Providers, insurers, and any other businesses that possess personal health information should consider taking the following measures in order to smoothly transition to a work environment incorporating EHRs and PHRs:
First, an entity should determine exactly what types of data it possesses (if it is a covered entity, it should inventory its protected health information). The entity should also assess whether sensitive information is encrypted and the level of accessibility of such data.
Next, an entity should assess its vulnerability to a security breach. It should look across its organization to identify strengths and weaknesses, i.e. not only should an information technology department be prepared to deal with increases in electronic data and potential security threats, but also departments such as human resources, claims processing, and recordkeeping that view and use individuals’ health information.
An entity should review its physical, technical and administrative safeguards. It should make sure that passwords, encryption, physical locks and barriers allow only authorized personnel access to sensitive data and equipment.
After the steps outlined above, an entity should revise its policies and procedures to reflect any new information gained and processes developed through its own assessment. For example, if the entity determines that it is inadequately prepared to respond to a security breach, it should create or revamp any related guidelines and protocols, such as, with respect to an entity handling medical information of California residents, how to notify a California resident of a breach in his or her medical information.
An entity should periodically train new and existing employees to effectively administer electronic data and comply with rules, regulations and policies and procedures. Existing employees should be required to attend “refresher” courses on policies and procedures related to privacy and security matters.
A business should reevaluate its contracts that include provisions regarding healthcare data and assess what types of provisions it could incorporate into its agreements regarding potential security breaches—how it will coordinate with the other party to prevent and/or notify individuals of security breaches.
Specifically with respect to EHRs and PHRs, providers and insurers should assess whether they wish to develop their own systems, contract with an outside vendor, or try to become part of a state or federal program that facilitates the use of electronic records.
If a provider or insurer does not wish to adopt its own EHR system, it should weigh the risks and benefits of encouraging its patients to utilize a PHR web-based system such as Health Vault. The provider or insurer should be comfortable with uploading patient records to an accessible web site and ensure it obtains necessary authorizations from the patient before transferring health records. The provider or insurer should also be aware of the potential for out-of-date, incomplete or inaccurate records from other providers or insurers to be kept on an individual’s PHR account and plan accordingly for associated risks.
Entities involved with all sectors of the healthcare industry information. should start strategizing now about how they can best coordinate their operations in anticipation of either adopting an EHR or PHR platform or merely interacting with consumers or other entities that use EHRs or PHRs now. Understanding how privacy and security laws affect a business in connection with EHRs and PHRs is crucial, as most healthcare operations deal with patient records at some point or another and will inevitably deal with EHRs and PHRs in the future. Preparedness is key. Making sure your business is in full compliance with existing privacy and security laws and anticipating changes to relevant laws are necessary steps to effectively navigate the increasingly regulated environment of digital healthcare information.
Linda A. Malek is a partner at Moses & Singer LLP, chair of the firm’s Healthcare practice group and co-chair of the firm’s Privacy practice group. Jay D. Meisel is an associate in the firm’s Healthcare and Privacy practice groups. Moses & Singer counsels a variety of entities in the healthcare industry and other industry sectors on matters related to privacy and security. For more information on this topic, please contact Linda A. Malek at lmalek@mosessinger.com or 212-554-7814 or Jay D. Meisel at jmeisel@mosessinger.com or 212-554-7823. For further information about Moses & Singer LLP, please visit www.mosessinger.com.
1American Hospital Association. “Continued Progress: Hospital Use of Information Technology” (2007) at 3.
2Health Financial Management Association. “Overcoming Barriers to Electronic Health Record Adoption” (2006) at 2.
16Medical information may include medical history, diagnosis, policy number, subscriber number, and claims and appeals histories.
17Laura Mahoney. Advisory Group Struggles to Pen Guidance On California’s Medical Breach Notice Law. BNA’s Privacy and Security Law Report. Volume 7 Number 18 (2008).
18Id.
192008 HIMSS Analytics Report: Security of Patient Data (Commissioned by Kroll Fraud Solutions), Apr. 2008, 21.
20Id. at 4.
21Id.at 19.
22Government Accountability Office, Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid and TRICARE (GAO-06-676, Sept. 2006).
Moses & Singer LLP ( Disclaimer Viewing this article or contacting Moses & Singer LLP does not create an attorney-client relationship. This article is intended as a general comment on certain recent developments in the law. It does not contain a complete legal analysis or constitute an opinion of Moses & Singer LLP or any member of the firm on the legal issues herein described. This article contains timely information that may eventually be modified or rendered incorrect by future legislative or judicial developments. It is recommended that readers not rely on this general guide in structuring or analyzing individual transactions but that professional advice be sought in connection with any such transaction. Attorney Advertising It is possible that under the laws, rules or regulations of certain jurisdictions, this may be construed as an advertisement or solicitation. )
Today, Latinos in Information Science and Technology Association (LISTA), the nation’s leading organization of Latino technology professionals and the Alliance for Digital Equality (ADE), a nonprofit organization that provides broadband solutions and broadband related services to underserved and un-served communities, are excited to announce a partnership to facilitate digital empowerment initiatives.
