ACOs - Progressive HIEs, or Clinical Integration Déjà vu?

During my (long) flight back from the Southwest yesterday, an article in the Wall Street Journal caught my eye.  It was entitled "Embracing Incentives for Efficient Health Care" and prompted me to think about similarities between the recent HIE movement and the clinical integration movement in the 1990s. 

The article states that hospitals and doctors around the country are beginning to create new entities that aim to provide more efficient health care.  For instance, Tucson Medical Center in Arizona is forming a company that the hospital will own jointly with local physicians’ practices, which, in turn, will aim to sign contracts with insurers and Medicare to earn financial rewards if it reduces health care spending. This type of entity is referred to as an “accountable care organization” or “ACO” – a concept created by the Patient Protection and Affordable Care Act (PPACA) of 2010 – and they are indeed taking hold everywhere, including in New Jersey.

The WSJ article points out that Medicare’s traditional payment structure inherently incentivizes providers to order more tests and services because reimbursement is tied to volume. By comparison, under the PPACA the government intends to reward ACOs that can demonstrate reductions in Medicare costs across a group of patients, which should be achieved by the ACO-participants coordinating care and utilizing other methods (e.g., technology; patient care coordinators) to manage care for a certain patient group. Through future regulations, the Centers for Medicare & Medicaid Services (CMS) must implement the ACO option no later than the following new year (January 1, 2012).

However, the article also notes concerns are being raised that larger hospital-doctor coalitions could use their market clout to negotiate higher fees from private payors.  Karen Ignagni, chief executive of America’s Health Insurance Plans, an insurance trade group, is quoted in the Wall Street Journal article as stating "If ACOs are a recipe for more consolidation and price increases, that will take us in the wrong direction . . ."  But, CMS Deputy Administrator, Jonathan Blum's response is that CMS "wants the program to create incentives, both clinical incentives and payment incentives, that encourage providers to provide better and more low-cost care" and that his agency (CMS) is "working to ensure that [its] payment rules don’t produce unintended consequences for private payors.” 

To some extent, ACOs invoke a bit of déjà vu . . . 

In the 1990s, clinical integration was all the rage, as hospitals worked to acquire physician practices and create multi-entity systems.  However, even when clinical integration was successful, financial integration remained a formidable obstacle, and in most cases independent doctors were not able to integrate financially because health insurance plans were not willing to contract with independent doctors in this way.  Moreover, “messenger models”, global capitation and percent of premiums did not prove to be particularly effective solutions, as evidenced by the collapse of several health care systems attempting to create such integrated delivery networks. 

So, some may ask whether ACOs are destined to a similar eventual demise?  While some pilot ACO initiatives have produced mixed results, others, including ones in New Jersey, show promise of cost-savings and improved health care delivery, at least for certain patient populations.  In addition, with the feds pressing HIEs to operate with transparency and accountability, as well as engage in quality reporting using standardized measures, and to adopt new certified technologies supporting integration (e.g., the interoperability requirement), there will likely be more trust and "a common interest" among providers and, so ACOs may be better poised for success today than in the past.  

Even so, providers looking to form an HIE with future ACO-potential must ask and answer many vital questions with this prospective goal in mind, including, among other things: What corporate form should the HIE take?  What will be the governance and oversight structure? How will/can patients' data be used and disclosed through the ACO in compliance with federal and state privacy laws? In addition, once the PPACA rules are released, the HIE must be able to adapt to meet ACO-specific regulatory requirements.  Finally, and perhaps most importantly, an HIE or ACO that is looking to negotiate fees with potential payors must proceed with caution. Any network of otherwise competitive providers that are not adequately integrated to pass muster under the FTC's approved approaches may be engaging in collusive bargaining under the FTC's rules.  To review the FTC's advisory opinions where health care providers were found adequately integrated for purposes of antitrust analysis, visit the FTC's website for health care advisory opinions

For a select copy of 3 FTC's advisory opinions regarding integration of providers, click "Read More" below.  I also recommend reading an interesting interview with former CMS administrator, Mark McClellan, during which he answers the following questions:

  • What are some of the factors critical to successfully implementing an ACO?
  • How does the ACO model fit in context with other major reforms, like bundled payment, global and episode-based payment reforms, and the medical home model?
  • Long-term, which form of payment will work most effectively with the ACO model— shared fee-for-service savings, partial capitation, or some other form of global payment?
  • Are provider organizations "ready" to function as an ACO in areas such as governance, physician relationships, coordination, health information technology (HIT), and performance measurement?
  • ACOs have been discussed mostly in terms of hospitals and physicians. Does the ACO model hold promise for other combinations of health care providers?

Continue Reading

Drug Database Firms Have Much to be Thankful for this Past Thanksgiving as Second Circuit says "Good-Bye" to Vermont's Drug Marketing Restrictions

On November 23, 2010, the Court of Appeals for the Second Circuit issued its ruling that Vermont’s drug-marketing restrictions were unconstitutional. The law banned the use, sale or transmission of prescriber-identifiable data for prescription drug marketing or promotional purposes without first obtaining the prescriber’s consent. Several data mining companies had brought the suit alleging that the statute impermissibly infringed upon their freedom of speech.  

As the Court of Appeals noted, data mining companies typically collect aggregate data to determine prescribing patterns and sell the information to pharmaceutical companies which, allegedly without this information, would be prevented from more effective marketing efforts, directing important information to prescribers, tracking disease prevention, and conducting clinical trial programs and post-marketing surveillance programs.  Researchers and insurance companies also use the data generated by data-mining companies, as do state law enforcement and other state agencies, and federal agencies such as the FDA, CDC and DEA.

Noting that the First Amendment protects “even dry information, devoid of advocacy, political relevance, or artistic expression,” the Court of Appeals found the Vermont statute was clearly aimed towards influencing “the supply of information,” central to First Amendment concerns, and that it restricted the data mining companies’ commercial speech.  The Court held that the statute failed to satisfy the intermediate scrutiny test because it did not assert a substantial state interest that was “directly advanced” by the statute nor was it “narrowly tailored” to achieve that interest. 

In doing so, the Court of Appeals rejected the substantial state interests alleged by Vermont - that the restrictions protected the public health and the privacy of prescribers and prescribing information (medical privacy) and the state’s interest in containing health care costs in the private and public sectors.  The Court noted that data-mining and the use of the data generated from such activities was still permitted in other contexts and found the state’s concerns for medical privacy too “speculative” under the circumstances to qualify as a substantial state interest.  Although the Court did agree that Vermont had a substantial interest in lowering health care costs and protecting public health, it found that the statute did not advance these interests in a ”direct and material way.”  The Court also found that the statute was not narrowly tailored and that Vermont had more direct and less restrictive methods available that it failed to utilize that would better serve its asserted interests.

The Vermont decision could have paramount implications for HIEs.  Secondary uses of de-identified information are often touted as a potential solution to the elusive long-term financial sustainability issue faced by all HIEs. The fact that the Second Circuit struck down as "unconstitutional" a state law enacting restrictions on data mining will most certainly give database firms and HIE stakeholders confidence that similar uses of information in other contexts could be similarly protected under the First Amendment.

The text of the court’s full decision may be found at   

The Spirit of Holiday Giving, er, Penalties...

The California Department of Public Health (CDPH) will be collecting a whopping $667,000 in administrative fines and penalties from six hospitals charged with privacy violations.  The CDPH imposed penalties ranging from $5,000 to $250,000 on the hospitals under new privacy and confidentiality regulations enacted in 2008 aimed at cracking down on widespread patient privacy violations.  Under the new legislation, penalties may be assessed for violations up to $25,00 per patient whose information was accessed, used or disclosed improperly and up to $17,500 for subsequent violations. 

By far the most astounding of violations was Kern Medical Center which was hit with a $250,000 penalty after the theft of laboratory reports from storage lockers used for distribution of the reports.  A staff member had placed daily laboratory reports in storage lockers that were no longer on the premises of the hospital but outside and accessible to the general public.  He was aware that the locks were not functioning and that the locker door was broken, a condition that the storage locker had been in for several months.  Although the Privacy Officer alleged that keeping the reports in the outside lockers was not a hospital permitted practice, it appeared to have been occurring for some time.  Another hospital was assessed a $225,000 penalty for failing to prevent unauthorized access and use of patient information by a hospital employee who had memorized the information while purging older hospital records in order to help other individuals open fake Verizon accounts.

The imposition of these fines and penalties impress even out-of-state hospitals with the importance of securing both paper and electronic health information.  From safeguarding computer printouts such as laboratory reports to preventing unauthorized access to or uses of electronic health information, hospitals must be vigilant and proactive in safeguarding patient information.  Not only must hospitals monitor access to and uses of patient information, but they must also continue to educate and re-educate staff on confidentiality and security policies, conduct periodic audits and physical security sweeps, and strictly enforce all policies by imposing sanctions where appropriate.

The full CDPH press release may be found at

Just When You Think the Breach is Over, the Lawsuit Comes

On November 16th, a class of plaintiffs sued AvMed for a massive breach that resulted in their personal information being put at risk.  In December of 2009, unencrypted laptop computers were stolen from an AvMed facility in Gainesville, Fla.  AvMed initially believed information on about 208,000 members was at risk, but by June 2009 it became apparent that the information of over 1.22 million members was at risk.  Information contained on the laptops included a mixture of name, address, date of birth, Social Security number, phone number, and diagnosis, procedure and prescription information. The attorneys representing the class of plaintiffs maintain that had AvMed taken time to encrypt their laptops, this simple step would have obviated any harm done by the theft.  

Like other breaches under HITECH involving PHI of 500 or more individuals, the AvMed breach is posted on HHS's Web site. However, although the federal government has enforcement jurisdiction over HITECH, there is still no private right that would allow one to sue under HITECH for breaches (although in the future individual may be eligible to collect a percentage of any Civil Monetary Penalties collected and resulting from violation of HIPAA and/or HITECh that result in "harm" to such individual). 

Attorneys attempting to sue for damages resulting from a breach are often hard-pressed to keep their complaint from being tossed, unless they can demonstrate the plaintiff suffered actual harm caused by the breach. However, the attorneys representing the class of plaintiffs in the AvMedcase are commercial litigators, and so it will be interesting to see if they come up with more unique causes of action under consumer protection or other laws, and how this will be tested in court.  Stay tuned...

Another Kind of HIE -- Health Insurance Exchanges & Recent NPRM

The Affordable Care Act (ACA), enacted in March 2010, requires states to establish Health Insurance Exchanges through which individuals and small businesses can purchase affordable insurance. Under the ACA, a state can set up its own exchange, or elect to allow the federal government administer an exchange in their state. States are also allowed to create two exchanges: one for the individual, and and one for the small business insurance market. A state is also allowed to collaborate with its neighboring states to develop regional exchanges. For a good bullet summary of what the ACA requires, the Commonwealth Fund has a posted a Power Point worth checking out.  These "HIEs" must begin operation by January 1, 2014. 

On October 22, a briefing took place that included Joel Ario, Deputy Director of the HHS Office of Consumer Information and Insurance Oversight (OCIIO), who addressed the current status of the states and their initiatives to develop HealthInsurance Exchanges, and to work together with OCIIO to produce state guidelines.  During the briefing, Mr. Ario gave an overview of what states like Massachusetts, Utah and Oregon are already doing to implement the ACA, and mentioned that the federal government is offering states Health Insurance Exchange planning grants of up to $1 million.  A transcript and other interesting materials from the October 22 briefing are posted on Alliance for Health Reform's website.

The OCIIO is currently working with the DHHS to issue regulations and implement many of the provisions of the ACA that address private health insurance. On October 29th DHSS announced in a News Release the availability of competitive funding opportunities for States to design and implement the Information Technology (IT) infrastructure needed to operate Health Insurance Exchanges.  On November 3rd, HHS's Notice of Proposed Rulemaking was published in the Federal Register and proposes that Medicaid eligibility systems will potentially be eligible for an enhanced federal matching rate of 90 percent for design and development of new systems and a 75 percent federal matching rate for maintenance and operations. HHS points out on its website that States must meet a set of performance standards and conditions, including seamless coordination with the exchanges, in order for their Medicaid technology investments to qualify for the enhanced match.

For more information on Health Insurance Exchanges, what they are and how they fit into the big HIE puzzle, visit HHS's website for HIE IT Systems and OCIIO's website.  To review some of the more detailed requirements for HIEs under the ACA, Continue Reading below...

Continue Reading

OPM May Delay Launch of Massive Fed Health Database

In response to mounting privacy concerns, the federal Office of Personnel Management (OPM) may delay the proposed November 15th launch date of its Health Claims Data Warehouse. In early October, the OPM’s notice in the Federal Register announced that the “Warehouse” would be built to streamline operations of the Federal Employee Health Benefit Program, the National Pre-Existing Condition Insurance Program, and the Multi-State Option Plan- three programs that were included in this year’s Health Reform legislation. The OPM said that the “Warehouse” would collect, manage, and analyze health services data through direct data feeds from each program. The electronic records compiled would include individuals’ personal information such as Social Security Number, date of birth, and employment, as well as information about their healthcare coverage, procedures, and diagnoses. In its announcement, the OPM also noted that it would share this information for law enforcement purposes, judicial and administrative proceedings, and third-party health research and analysis.

In response to the OPM’s announcement, 16 organizations, including The Center for Democracy and Technology (CDT) and the ACLU, released a letter to the OPM citing concerns about the lack of available details about the new database. In particular, the letter pressed the OPM for details about the database’s security and privacy controls, and urged the OPM not to establish the “Warehouse” until the public had a fair chance to review its plans. In response, the OPM has promised to release further details after reviewing public comments, which can be submitted to the OPM up until November 15th. Whether this will delay the launch of the “Warehouse” has not yet been confirmed. However, when the OPM does release their plans, it will be important to ask if such a large government database is necessary, and if it violates the public’s privacy expectations.

This post was prepared with assistance from Melody Hsiou. Melody holds a Master from Public Health from Columbia University, and anticipates completing her Juris Doctorate with a Health Law Concentration from Seton Hall Law School in 2013.

NCVHS Defines What Sensitive Info HIEs Should Sequester

Prepared by Krystyna Nowik, Esq.

The National Committee on Vital and Health Statistics (NCVHS) released an advisory letter to the Department of Health and Human Services (HHS) on November 10 addressing recommendations for the management of sensitive information in the HIE context.  NCVHS, which is the statutory public advisory body for HHS, explored and identified categories of sensitive health information requiring new technologies and methods for segmenting and protecting such information in electronic health records.  The advisory letter, which coordinates with Health IT Policy Committee recommendations and requirements, addresses preliminary categories of sensitive information, including:

  • The new HITECH cash payments (“payment in full” and “out-of-pocket” restriction);
  • Genetic information;
  • Psychotherapy notes;
  • Substance abuse treatment records;
  • HIV information;
  • Sexually transmitted disease information;
  • Sexuality and reproductive health information;
  • Certain health information for minors, where protected by state law;
  • Mental health information; and
  • Certain circumstances where the entire medical record may be deemed sensitive (e.g., domestic violence, victims of violent crime).

In addition, the NCVHS advisory letter includes five core recommendations for HHS.  Among these are identifying and publishing best practices for managing categories of sensitive information, and investing in research for enhancing health information exchange and electronic health record capabilities and in pilot tests and projects for assessing feasibility, effects, efficacy and the costs and benefits of such capabilities. 

The NCVHS recommendations will serve as a platform for HHS to conduct research, develop technologies and implement pilot tests and projects with an eye towards understanding the feasibility, technical standards, effects on patient care, and the costs and benefits of managing sensitive information.  As NCVHS stated in the advisory letter,

[o]ur nation is committed to deploying interoperable health record to improve patient health, health care, and public health.  Patient trust is critical to patient participation in this deployment, and, therefore, we must invest in technologies that will promote this trust.

ACLU Lawsuit Continues . . . Want Detailed Regulations Surrounding HIE Privacy

The Rhode Island chapter of the American Civil Liberties Union (ACLU) suit against the Rhode Island Department of Health (RI-DOH) remains in litigation, awaiting completion of discovery. The ACLU alleges that the state’s proposed rules for implementing the state health information exchange (HIE) failed to address certain provisions of the Rhode Island Health Information Exchange Act of 2008 that require protections for patient confidentiality, security and informed consent processes. Instead of adopting formal rules, the RI-DOH instead adopted internal policies, which the ACLU claims was both an unlawful bypass of the Administrative Procedures Act and in violation of the RI-DOH’s obligations under the HIE statute. In addition, the ACLU claims that it was not provided with a written response detailing the reasons why the RI-DOH rejected ACLU’s proffered recommendations.

The ACLU seeks to have the policies declared unenforceable and for the court to order RI-DOH to adopt formal rules addressing the statutory provisions that the ACLU alleges the RI-DOH responded to inadequately. Although the ACLU and its attorney, Frederic Marzilli, recognize the importance of HIEs and why the state approached implementation of the HIE with written policies instead of regulations, such as to better deal with the development and operation of such a new and groundbreaking mechanism, the ACLU’s position remains that the regulatory process must be followed. It argues that the critical privacy issues raised by HIEs require detailed rules as to how the state HIE system will work and protect patient confidentiality, security and informed consent. The State has continued to deny the allegations and is expected to file a motion to dismiss the case.  It remains uncertain whether ACLU will remain in court to fight another day.

For more information regarding the ACLU's specific comments on the Rhode Island's proposed rules, click on "Continue Reading" below

This post was prepared with assistance from Krystyna H. Nowik, Esq.

Continue Reading