Published in the Nov. 28, 2011, Raleigh News & Observer and Charlotte Observer
By Whitney L.J. Howell
Solar power has always been considered an environmentally friendly energy source. Duke University research could make the strategy not only green but also cost-efficient.
Atop Duke’s Pratt School of Engineering, assistant professor Nico Hotz is constructing a test-model hybrid solar cell to capture sunlight and use it to heat a water-methanol combination. The system creates hydrogen that can be stored and used to power fuel cells later.
“With a hybrid system in the summer, we can turn 28.5 percent of the energy produced into something else – that’s 10 percent more than with a conventional system,” Hotz said.
He’s testing whether his system can work at a large scale.
“In the winter, the increase is the same: 15 percent versus 5 percent. It’s a more efficient system.”
Hotz compared the hybrid to three existing systems: one that directly converts sunlight to electricity and splits water into hydrogen and oxygen, one that stores converted sunlight in different types of batteries, and one that is simpler, though similar, to Hotz’s. The hybrid is the least expensive, he said, with installation costs totaling $7,900. Conventional installations can cost as much as $40,000.
The hybrid mimics conventional solar cells by collecting sunlight. It is different, however, because it runs a water-methanol mixture through vacuum-sealed copper tubes coated with aluminum and aluminum oxide. This structure allows the water to heat up to at least 200 degrees Celsius (392 Fahrenheit). The heat is necessary to produce hydrogen. Hotz said standard solar cells reach only 60 to 70 degrees Celsius (140-158 Fahrenheit).
At the appropriate temperature, Hotz’s team infuses small amounts of catalyst to kick off hydrogen production.
“This reaction produces hydrogen efficiently,” Hotz said. “It can be used immediately or stored in a tank to be used later, perhaps by homeowners who want it in the winter months to supplement their other energy sources.”
However, according to Clemson University engineering professor Rajendra Singh, a commercial application of Hotz’s research is unlikely.
“This is great basic research, but it won’t change the world.” Singh said. “There’s not a single system in existence that can economically produce hydrogen.”
To read the story on the Raleigh News & Observer site: http://www.newsobserver.com/2011/11/28/1675178/can-solar-power-be-made-cost-efficient.html
To read the story on the Charlotte Observer site: http://www.charlotteobserver.com/2011/11/28/2809554/can-solar-power-be-cost-efficient.html#storylink=misearch
Published in the Nov. 22, 2011, Billian’s HealthDATA/PorterResearch Hub e-newsletter
By Whitney L.J. Howell
The consolidation of healthcare isn’t a new concept – but doing it well and in ways that strengthen the industry is. Forging partnerships is now a hot trend across all types of healthcare organizations.
The 1990s were rife with disastrous attempts by hospitals to purchase medical groups. For the last three years, however, mergers and acquisitions (M&A) among healthcare entities have grown steadily. And, in today’s atmosphere of coordinated care and accountable care organizations (ACO), pooling resources could help providers meet the needs of a burgeoning patient population, especially with regard to financing new healthcare IT systems.
Whether it’s a partnership between health systems, a hospital and physician group, vendors, or payers, the majority of industry experts agree building these ties strengthens the healthcare system. Expanded clinical resources, updated health information technology, and streamlined payer structures all serve to improve the quality of care.
“We’re seeing a move toward the mega-health system as the one-stop-shop for all care needs,” says Mark Reiboldt, vice president of financial services for The Coker Group. “All segments of healthcare are affected by the same drivers. They’re pursuing integration to enhance their resources and value.”
The Rise of the Deal
Initial 2011 reports indicated M&A levels lagged behind 2010. However, a recent issue of The Health Care M&A Monthly, a newsletter produced by business intelligence publisher Irving Levin Associates, identified a late-blooming uptick in this year’s deals that surpasses 2010 numbers. Currently, 132 hospitals have finalized $6.9 billion in deals. The median value of each consolidation also spiked, rocketing from $12.9 million in 2009 to $35 million in 2011, says Reiboldt, who’s company provides financial advisory strategies and solutions to healthcare organizations.
“Three or four years ago, most of the deals we saw were distressed. Healthcare groups of all sorts were entering into deals just to survive,” he says. “We’re no longer seeing partnerships occur for pennies on the dollar.”
According to Dow Jones reports, medical device companies experienced some of the most substantial growth this year. A 15-percent rise in deal activity to 68 mergers brought $857 million into this sector and placed it above biopharmaceuticals (which garnered $715 million in 78 deals) for the first time since 1998. Medical information technology companies also fared well, finalizing 24 deals for $207 million.
Still, the M&A wave hasn’t yet reached its apex, and Reiboldt says he anticipates greater consolidation in 2012 and 2013 for two main reasons. As more buyers venture into the market and view healthcare as a sound investment, market deal values will continue to climb. Also, the Centers for Medicare & Medicaid Services (CMS) begins accepting ACO applications in January. By giving physicians and hospitals joint responsibility for patient care, the ACO model pushes clinical environments to link, fostering a larger, more diversified patient base.
Offering Patients More
If healthcare reform survives its legal challenges, the industry faces a simultaneous influx of more than 30 million people, and many hospitals and health systems are scrambling to gather the necessary resources to meet future clinical needs. In many cases, this means fusing with a nearby facility, such as the October merger of Olympic Medical Center in Port Angeles, Wash., and Swedish Medical Center in Seattle.
Under the 20-year agreement between the facilities, Olympic patients will have access to Swedish specialists, including endocrinologists, cardiologists, neurologists and sleep medicine experts, at the 80-bed Olympic site. Patients can elect to receive care on the Swedish campus if Olympic doesn’t offer a service. However, there is no mandate that they do so. Overall, this move gives Olympic’s patients greater access to quality care and controls the facility’s expenditures.
Olympic retains its independent, community-owned status. But, according to Olympic’s CEO, Eric Lewis, the complexity of healthcare reform regulations prompted his hospital to pursue the merger.
“If a hospital as small and rural as Olympic Medical tries to go on its own, it’s going to have significant financial problems,” Lewis says. “We now have a large, prominent and well-respected partner that will work with us to ensure our community is properly cared for.”
For Olympic, access to Swedish’s existing electronic health record (EHR) technology – an EPIC system – was crucial. According the Lewis, Olympic was too small to buy an expensive EHR system on its own, and connecting with Swedish helped Olympic fulfill a critical healthcare reform requirement. The facility also joined Swedish and other large Seattle-area healthcare systems in a large buying group to have greater negotiating power with vendors and payers.
Clinical and economic advantages aren’t limited only to hospital-hospital mergers. In many instances, hospitals gain much by acquiring physician-owned medical groups, Reiboldt says. The same acquisitions occurred 20 years ago with hospitals providing the entire purchase price upfront. Ultimately, those partnerships failed, but the purchase process is different now.
“This time, the partnership is true. Hospitals are willing to take all the risk, but the bulk of the value of the deal comes with the future performance of the physician group,” he says. “These deals don’t provide large sums up front. Instead, the deals are structured to pay out over three to five years.”
A hospital purchase of a surgical group is among the most beneficial pairings because it provides a smooth transition for patients. Rather than refer a patient outside the system to another facility, providers can easily recommend a partnering surgeon and, in many cases, facilitate scheduling the appointment.
Hartford Healthcare created this type of patient environment in October when it acquired Connecticut Surgical Group, a practice with more than 40 physicians in 12 locations. The institution, now known as Hartford Specialists, has 68 doctors and offers tertiary care, as well as colorectal, thoracic, podiatry, urology, and general surgery services.
Similar to the Olympic-Swedish merger, the Hartford deal expands services and brings all associated physicians under the umbrella of a single EHR. The partnership is also significant, says Hartford Hospital CEO Jeffrey Flaks, because it increases the organization’s footprint in the marketplace.
Vendor and Payer Consolidation
As with provider mergers, healthcare reform is also the impetus behind vendor and payer joint ventures. The drive for greater cost savings across the industry is pushing companies together as they attempt to strengthen their expenditure control services.
Based on Porter Research data, M&As among vendors and payers swelled by 50 percent in 2010. The trend is still moving toward increased consolidation, says Vik Torpunuri, CEO of CentraMed, and vendors must combine their strengths and resources to help providers meet healthcare reform requirements and standards. CentraMed emerged from the merger of software-vendor Analytix on Demand (AOD), of which Torpunuri was founder and CEO, and business intelligence-vendor Integrated Revenue Management Inc. (IRM).
“Hospitals must integrate technology into their systems in order to survive, but many are 10 to 20 years behind the times,” Torpunuri says. “Vendors that combine software expertise with the knowledge to help providers manage their clinical and financial data relieve a huge burden for facilities.”
In this case, AOD fused its capabilities with those from IRM to create a system to connect a patient’s clinical information across his or her travels in the healthcare system – from doctor to hospital to lab to skilled nursing facility, Torpunuri says.
Vendors aren’t the only organizations acquiring other vendors, however. Payers are also being aggressive in bringing vendors into the fold. The competition is intense, and the goal is to increase market share and bolster the number of enrolled beneficiaries, Reiboldt says.
For example, the 2010 acquisition of Axolotl, a health information exchange (HIE) vendor, by Ingenix, an EHR and revenue cycle management entity owned by benefits company UnitedHealthcare, opened the door for greater information flow beyond internal hospital users. Using Axolotl’s technology, Ingenix (now known as OptumInsight™) has been able to help healthcare clients – even those competing with UnitedHealthcare – share patient data in more secure, expedient ways.
At the time of the merger, Ingenix CEO Andy Slavitt said the partnership would ultimately serve providers and patients to strengthen the healthcare system.
“HIEs are bringing us closer to the point where all the healthcare professionals patients select to oversee their care can connect to share information and optimize outcomes,” he said. “We will work with Axolotl to continue to meet the needs of the multiple HIE stakeholders and to expand its technologies that serve healthcare communities.”
Finding a Successful Partnership
While a partnership between two healthcare entities can be beneficial, that doesn’t mean all mergers will work. There are certain characteristics company leaders and hospital administrators should look for the find the right fit, Reiboldt says.
Potential partners should both be willing to assume some risk in the deal and compromise. But the most important aspect of a mutually beneficial deal, he says, is that each side respects the role of the other organization.”I always tell clients to observe whether the CEO or the administrators are truly embracing the partnership,” he says. “It has to be something that’s completely engrained into culture of the deal or it won’t be sustainable.”
To read the article in its original post: http://www.porterresearch.com/Resource_Center/Blog_News/Industry_News/2011/November/Healthcarexs_Consolidation_Continues.html
Published in the Children’s Mercy Hospitals & Clinics-Kansas City website
By Whitney L.J. Howell
For the past decade, Children’s Mercy Hospital and Clinics’ Jignesh Dalal, MD, has worked to perfect a widely used therapy that reduces bone marrow rejection, making it safe for children.
Within the past year, supported by a $120,000 grant from the Midwest Cancer Alliance, Dr. Dalal and his colleagues have designed photopheresis for pediatric patients for treatment of graft-versus-host disease. To date, they have completed this therapy in many patients, demonstrating photopheresis can be tolerated in children.
“We’ve shown we can successfully do this in children,” says Dr. Dalal, Chief of Bone Marrow Transplantation Section. “Taking blood out of a child’s body can be dangerous. But we’ve done it and alleviated the difficult side effects that come with a bone marrow transplant.”
After mixing a bowl of blood with psoralen, they expose cells to ultraviolet light, killing reactive lymphocytes. Then, they infuse the blood back in to help generate tolerance. The machine designed for children uses a smaller bowl and circuit size, decreasing the time blood is outside the body.
After the procedure, Dr. Dalal and his colleagues monitor patients very closely. For two months post-transplant, they check in with patients twice a week. The frequency falls to twice every 15 days for the following six months.
During this time, our research team monitors B-cells and T-cells at two-month, four-month and six-month intervals. Doing so helps them determine how the body generates tolerance and which immune system cells play the biggest roles in the process. If the cells are imbalanced, putting a child at risk for graft-versus-host disease, the team attempts to push them back into equilibrium.
So far, Dr. Dalal says, the results have been very encouraging.
Of the nine patients currently enrolled in the study, five have completed the photopheresis therapy. According to Dr. Dalal, between 50% and 60% of patients experience positive benefits, including increased energy, skin loosening, decreased eye and mouth dryness, and an overall improved quality of life.
“We’re seeing the positive effect of the photopheresis appear between four to six weeks after transplant, and the peak benefit comes at around four to six months,” Dr. Dalal says. “From what we’ve seen, that positive effect remains.”
Understanding how cells generate tolerance has broader-reaching implications. With this knowledge our team could ultimately reduce rejection rates for solid organ transplants or improve treatments for lupus and scleroderma.
The result of our team’s work is a significant step forward. Successful photopheresis eliminates the need for immune-suppressive drugs, making children less vulnerable to viral, fungal or bacterial infections that can attack their comprised immune systems.
In addition, the team is currently analyzing data for its next challenge – understanding the chemotherapy drug cyclophosphamide.
“This drug isn’t well understood. Currently, we give all patients the same dosage,” Dr. Dalal says. “At Children’s Mercy Hospital, we’re investigating whether genes play a role in how the body metabolizes it and if different doses produce different side effects and desirable effects.”
This continued research strengthens Children’s Mercy’s existing reputation as a world-class pediatric cancer facility bringing cutting-edge therapies to patients.
To read the original story post: http://www.childrensmercy.org/redefine/oncology/article/bonemarrow/
Published on the Nov. 15, 2011, DiagnosticImaging.com website
By Whitney L.J. Howell
Mammography versus magnetic resonance imaging (MRI) has been a long-standing debate among industry leaders. The general consensus today, however, is while both tests effectively detect breast cancer and can work hand-in-hand, mammography is still indispensable.
According to the American Cancer Society, each year brings 1.3 million new breast cancer diagnoses, and catching these incidents early is critical to saving lives. While mammography has sliced the associated death rate by 30 percent since 1990, 465,000 women still die each year.
But breast imaging isn’t about choosing one scan over another, said Mitchell Schnall, MD, a Hospital of the University of Pennsylvania radiologist. Instead, you should focus on using both techniques correctly to identify cancers earlier when they’re smaller and potentially more treatable.
“We shouldn’t talk about MRI or mammography — they’re different modalities with different roles,” Schnall said. “Mammography is for general patient screening, and we use MRI to screen our high-risk patients. Their roles are complementary. The discussion should never be which one do we do.”
And the screenings aren’t interchangeable, experts said.
“Mammography is the backbone of how we diagnose breast cancer,” said David Dershaw, MD, a radiologist with Memorial Sloan-Kettering Cancer Center. “There are situations where MRI can add information we can’t get from mammography, but it can’t be a replacement.”
To read the remainder of the article (and the pros and cons of MRI and mammography): http://www.diagnosticimaging.com/womens-imaging/content/article/113619/1991558
Published on the Nov. 3, 2011, Diagnostic Imaging website
By Whitney L.J. Howell
Bringing your low-dose CT protocols down even further doesn’t have to mean tossing out your old scanners and buying pricey new ones. According to one San Diego-based imaging center, you can trim radiation doses to almost nothing and still get high-quality scans appropriate for diagnosis.
The key is pairing iterative reconstruction (IR) with other methods that tailor low-dose protocols based on patient weight, said Jon M. Robins, MD, co-chief executive officer for Imaging Healthcare Specialists (IHS). IR technology wipes noise from CT scans, leaving behind an image with clear resolution. Using both strategies together means Robins wasn’t forced to purchase new scanning equipment.
“Our center made a commitment a few years back to offer the lowest dose CT scans we could. We have older scanners in my office – 4-slice, 8-slice, and so on – and I didn’t want to spend the $90,000 to $100,000 on technology with low-dose characteristics built in,” said Robins, who is also IHS’s heart imaging medical director. “IR has allowed us to extend our low-dose efforts to head and neck scans, pelvis, colonoscopy, sinus, and others.”
IHS purchased its IR technology – generic iterative retrospective reconstruction (GIRR) – from a third-party vendor in Israel. According to Robins, it interfaces with older scanners, enabling the machines to produce ultra low-dose images with clarity equal to scans from more modern technologies.
To read the remainder of the article: http://www.diagnosticimaging.com/low-dose/content/article/113619/1983914
Published in the Fall 2011 UNC Medical Bulletin (The Medical Foundation of North Carolina)
Electronic health records and information security in the age of the hacker
By Whitney L.J. Howell
To this day, no one knows when or how the crime actually happened. The thief didn’t take any property and didn’t steal any money outright. But he did visit 83 different hospitals under the name of his victim and never paid the bills.
Now, collection agencies for the hospitals are calling, and they don’t care that the imposter racked up the charges or that the man they’re calling (not a UNC patient) is really a victim of medical identity theft.
“This client is now combatting 83 collections cases in various states for thousands of dollars because someone stole his name, Social Security number, and address,” says Pam Dixon, founder and executive director of the World Privacy Forum, a nonprofit, public interest group focused on privacy research, analysis, and consumer education. “Now, he has fraudulent medical files in these places and because the information is identical in all cases, he hasn’t been able to get on top of the problem.”
According to Dixon, medical identity theft is the fastest growing type of identity theft nationwide with reported incidents rising between 3 percent and 7 percent annually for the past decade. Many health care experts point to both the existence of electronic health records (EHRs) and the ability to move them around digitally, also known as a health information exchanges (HIE), as contributors to the crime’s rise.
North Carolina is not currently among the biggest adopters of EHRs, but state officials are set to enact several HIEs within the next few years. Those systems will make it easier and faster for physicians to share patient data long distance. However, they will also boost the opportunity for medical identity theft and HIPAA-protected patient information to be accidentally exposed or intentionally breached.
With the federal mandate to switch all patient records to electronic files by 2015 looming in the distance, it’s up to each provider or facility to put protective measures in place that appropriately balance patient privacy with a physician’s need to access medical information.
The current health of EHRs
The national nonprofit group Privacy Rights Clearinghouse reported 592 breaches of private patient information nationwide in 2010 – more than double that of 2009. Some exposures were the result of stolen laptops, and some resulted from outside persons illegally accessing medical files. The biggest threat, though, has been the disgruntled employee who breaches patient confidentiality from inside the system.
In an attempt to prevent the privacy breaks, the federal government passed the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH). The law calls on health care providers and facilities to demonstrate they’re using EHRs in a meaningful way by Oct. 1, 2012. It also allocates, along with the American Recovery and Reinvestment Act, more than $27 billion to encourage early adoption. In fact, under Medicare and Medicaid, providers who show they’ve met the requirements are eligible for $40,000 to $65,000 in incentives through 2017.
“In an effort to protect patients and patient rights, the government is trying to nudge institutions and vendors to tighten security and access to patient records,” says Michael Greenley, PhD, director of the RAND Center for Corporate Ethics and Governance. “There’s significant concern about this topic, and encouraging health care to make these changes is the right thing to do.”
Within 10 years, the Congressional Budget Office predicts that 90 percent of providers and 70 percent of hospitals will meet the standards for EHR meaningful use.
But the law doesn’t just affect providers. Patients now have enhanced rights around their medical information. At any point, a patient may request an audit trail of when and by whom their medical histories were accessed. And, if an institution is infiltrated, it must alert patients that their records have been compromised. But, because those types of requests would add a significant clerical burden to doctor’s offices, both the American Health Information Management Association and the Medical Group Management Association are now asking the U.S. Department of Health and Human Services to repeal that part of the law.
The impact of EHR privacy on an MD
For a physician, healing and positive outcomes aren’t the only clinical priorities. Properly documenting a patient’s health history is paramount, and EHRs make it easier to write notes, record prescriptions, and include information about past conditions and procedures.
But while instant electronic access to patient history can make it easier to create, coordinate, or improve a plan of care, some doctors are leery of relying on a digital database for such sensitive data.
These fears are understandable, but EHRs didn’t introduce privacy risks to health care, says Michael Barr, MD, vice president of practice advocacy and improvement at the American College of Physicians (ACP).
“I certainly appreciate the concerns about record breaches and the concern over exposure of information. People are very nervous about external parties accessing their information with malicious intent,” Barr says. “But this risk isn’t new to health care. Paper records can be lost, dropped, and thumbed through. A fax can be picked up by the wrong person.”
However, the possibility that someone could sneak a remote peek at a patient’s private data does make additional protection measures necessary, he says. Most importantly, physicians or clinics should have a health information technology (HIT) expert on staff to update and maintain the EHR hardware and software so they can effectively shield patient information. This person must be part of the office team to ensure the EHR is implemented in a useful and consistent way.
Although transferring patient records to an EHR can be both time consuming and worrisome, Barr recommends that physicians – especially those in more rural locations – take the plunge as soon as possible to ensure they comply with federal regulations.
“From a policy perspective, adopting an electronic health record earlier rather than later will give physicians and their offices time to learn the system,” he says, noting that practices must choose an EHR that has been certified by the Office of the National Coordinator, the chief federal entity charged with promoting HIT adoption. “Early implementation also provides time to create a workflow that helps doctors and protects patients.”
The pros and cons of EHRs
When EHRs first came on stage, many medical professionals viewed them as the silver bullet answer to all office conundrums. The belief was the new record system would streamline patient records and allow physicians to cut staff in order to save money. This initial impression hasn’t exactly proven true.
The systems do provide a faster, more efficient way to collate and organize personal health care details, but the technology isn’t always intuitive, says Harry Rhodes, director of practice leadership at the American Health Information Management Association (AHIMA). He agreed with the ACP’s Barr: the biggest challenge is maintaining in-house expertise to successfully use EHRs.
“We often see people purchasing and using an EHR for the first time with the intent of cutting staff and lowering administration costs,” Rhodes says. “The systems can eliminate the need for a file clerk, but the practices that reduce staff are often the ones victimized by security breaches because they have no one on staff to update the system and execute security patches.”
A correctly managed EHR does allow a practice to quickly and simply designate who can access a patient file and how. If an employee leaves a clinic or switches jobs away from one involved with direct patient care, a few clicks of a button eliminates his or her ability to see inside health records. Rhodes recommended the human resources department send IT administrators a bi-weekly employment update to keep access to the EHR system current.
Frequent EHR password changes can safeguard files in the meantime. Periodically creating a new alpha-numeric password for authorized employees can prevent recently dismissed or departed employees from illegally breaching records.
With the advent and prolific use of smartphone and wireless technology, however, the best thing a doctor, practice, or hospital can do to protect health records is to train staff so they know what they can and cannot do.
“It’s commonplace these days for employees to take work home on thumb drives or download files onto their laptops, but thieves can easily take advantage of weaker security on those devices,” Rhodes said. “Doctors and hospitals must take the time to train staff on which platforms are appropriate for EHRs. Knowing what not to do is a big tool in keeping records safe.”
How Carolina protects patient information
It’s a little known fact that UNC Hospitals was among the first health systems to implement a comprehensive EHR. It built its 20-year-old system from the ground up and recently partnered with Seimens to manufacture the system on a large scale. UNC’s EHR platform will appear on the market under the Seimens brand in three years.
The heart of UNC’s EHR is housed offsite in a room to which only six people have access. The security around the router room is extensive, including 24-hours-a-day monitoring and an alarm. In an added step, the University has a complete duplicate of all patient records in a secondary location inside the hospital on campus. According to Robert Berger, MD, UNC’s chief medical information officer, the secondary location will take over immediately if the primary location becomes nonfunctional.
Each of these physical safeguards exists to support UNC’s mission of protecting patient privacy. They are only part of what the University does to protect patient data, however.
“We’re as safe as a bank,” says Berger, who is a practicing physician involved with creating UNC’s EHR. “Our biggest danger is a disgruntled employee who knows the system, has access, and logs into the database inappropriately.”
To protect against that internal danger, as well as external ones, UNC established a set of electronic safeguards. As with most secure systems, providers can only access the EHR through a secure portal. Inside the hospital firewall, the system is accessible from most computer terminals with the proper user name and alpha-numeric password. If a physician needs to access a record off-site, he or she can enter the system through a secure website.
“This site is highly encrypted,” Berger says. “We’ve never had anyone break the encryption, and if they did, we have measures in place to intercept their attempt. Any information would come over the screen to them as nonsense.”
Entering the wrong password three times will also shut a user out of the system. After the third incorrect entry, the account in question is immediately deactivated as a safety precaution. Log-in session are also automatically shut down if users are inactive in the system for 30 minutes.
Just because an employee has clearance to access the EHR system doesn’t mean he or she can open all patient records. Based on who the employee is – and who the patient is – Berger says the system can pinpoint an internal breach, identify the perpetrator and cut off his or her EHR access.
The protections around the EHR system are equally as effective when combatting outside attacks. Sniffer and scanner software constantly troll through the EHR, looking for evidence of external assaults. So far, these methods have been effective.
“We have hundreds of attempts from outside hackers to break into our system every day,” Berger says. “In the 20 years that we’ve had our electronic health record system in place, none has ever been successful.”
The hospital is taking its safety measures a step further with a pilot test of a new patient portal that will allow patients to receive e-mail messages and test results from doctors. The new portal will be opt-in, and each time a doctor adds information to the file, patients will receive an e-mail, directing them to a secure, UNC-controlled site. After entering an alpha-numeric password, patients will be able to access their records and any messages from the doctor. The patient portal will be widely implemented by the end of this year.
A new e-prescribing system will also change how doctors prescribe medications, including narcotics, as well as keep a patient’s drug information safer. The password-protected system requires providers to both swipe their identification badges through a reader and enter a password that changes every 30 seconds. They can retrieve the password from a fob carried in their pocket. The dual authentication works to curb fraud and any unauthorized access to a patient’s medication files, Berger says.
While protecting patient information in clinical settings is of the utmost concern, UNC also has a system in place to shelter patient information used in research studies. Known as the Carolina Data Warehouse-Health, the system, launched in 2008, works more like a repository for de-identified information than a clinical EHR. The North Carolina Translational and Clinical Sciences Institute (NC TraCS), established in 2006, is its gatekeeper and is the only door through which physician-researchers can access the warehouse and all the patient data it holds.
“The Warehouse is UNC’s cutting edge, safe harbor of where all data used in research can go,” says Brent Lamm, NC TraCS IT manager. “It provides a secure workspace in a virtual environment for researchers.”
Investigators can log into the system with their ONYEN, search through files, and analyze rich data sets to use in retrospective studies. They cannot, however, download, e-mail, or otherwise excise the data from the Warehouse. This way, TraCS can be confident that no patient-related information falls into unapproved hands, Lamm says.
The physical equipment behind the Warehouse, which was constructed through a partnership with IBM, is housed in offsite alongside the EHR system for the hospital and is protected behind the same set of security measures. Additionally, the School of Medicine recently upgraded its firewall, making protection for more computers and devices possible.
For investigators who have never worked with NC TraCS, the Institute provides experts who can walk them through the research, ethical, and Institutional Review Board rules they must follow both for their studies to succeed and to keep patient information safe. Seminars and workshops, such as training about HIPAA, are also available to teach faculty the proper way to use collected data.
“We have an operations committee and an oversight committee,” says Donald Spencer, MD, family medicine professor and Warehouse leader. “They ensure research studies are designed and executed properly.”
In addition to keeping research data secure, the Warehouse reduces the amount of time researchers spend analyzing data, lowering the time span that patient data is displayed on the screen. Before its existence, investigators would evaluate characteristics from hundreds of patient files, spending between 15 minutes to 30 minutes on each one. The Warehouse technology can perform the same functions in only two to three hours.
In mid-2009, a data breach was detected on the Carolina Mammography Registry (CMR) database (a self-contained server not connected to the clinical EHR or the Data Warehouse) housed at UNC, potentially exposing data on 180,000 breast cancer research participants. Although there was no evidence of data theft, UNC quickly shut the server down and removed all of the data, and letters were sent to all of the patients informing them of the breach. The event prompted a review of, and several subsequent changes to, the CMR’s information security measures. Now, all research data at CMR are safer than ever.
The security measures in place in both the hospital and in University-side research allow physicians and investigators to conduct their work without the constant worry they will accidentally breach a patient’s confidentiality. However, it’s the public’s perception of these measures that matter most.
“It’s most important that the community knows UNC has established an ultra-secure system that protects electronic health records and other information that patients provide,” said Dennis Schmidt, the director of the School of Medicine’s Office of Information Systems. “People want to know that when they see a doctor or when they volunteer to be a study subject that their privacy will be respected and protected. Security is our No. 1 priority at UNC.”