September 13, 2021: The regulatory environment drives healthcare. And as IT leaders, we HAVE to understand it. Mari Savickis, Vice President, Public Policy at CHIME joins us today to discuss HIPAA, information blocking, price transparency, AI, machine learning and interoperability. The Biden Administration announces ambitious initiatives to bolster the nation’s cybersecurity. Tech giants Amazon, Microsoft, Google, IBM, and Apple have pledged a combined $30-plus-billion cybersecurity investment. Plus all you need to know about the HIPAA proposed rule and telehealth’s battle over state lines.
Newsday – DC Update, Telehealth Boundaries and Future of Healthcare
Episode 443: Transcript – September 13, 2021
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
[00:00:00] Bill Russell: Today on This Week in Health IT.
[00:00:01] Mari Savickis: If you find yourself in a situation where you’re having a cybersecurity incident and you’re having trouble getting in contact with the right federal officials, you can always contact us and we will help you navigate that.
[00:00:14] Bill Russell: It’s news day. My name is Bill Russell. I’m a former CIO for a 16 hospital system and creator of This Week in health IT. A channel dedicated to keeping health IT staff current and engaged.[00:00:30]
[00:00:30] Special thanks to Sirius Healthcare, Health Lyrics and World Wide Technology who are our Newsday show sponsors for investing in our mission to develop the next generation of health IT leaders.
[00:00:39] Your response to Clip Notes has been incredible. And why wouldn’t it be? You helped create it. Clip Notes is an email we send out 24 hours after each episode airs and it has a summary of what we talked about, bullet points of the key moments in the show and it has one to four video clips. So you can just click on those and watch different segments that our team pulls out that we think really captures the essence of the [00:01:00] conversation. It’s simple to sign up. You just go to this weekhealth.com. Click on subscribe. It’s a great way for you to stay current. It’s a great way for your team to stay current and a great foundation for you and your team to have conversations. So go ahead and get signed up.
[00:01:14] Today we are joined by Mari Savickis, VP of Public Policy at CHIME, and I’m excited to have this conversation. It’s an opportunity to talk about policy without really delving too far into the politics of it. Mari, welcome back to the show.
[00:01:29] Mari Savickis: Well thanks [00:01:30] Bill for having me. Happy to be here.
[00:01:32] Bill Russell: Yeah. I’m reminded that you’re like in some rural location, cause there’s always a delay from when I ask you a question until you respond.
[00:01:39] Mari Savickis: Middle of nowhere, Virginia.
[00:01:42] Bill Russell: Middle of nowhere. So you’re not back in the office yet. So The Hill in DC is still not functioning the way it was prior to COVID.
[00:01:51] Mari Savickis: No, it’s not functioning the same way at all. In fact, I was, I was in a city a few weeks ago at our bricks and mortar office and [00:02:00] I just saw, again, it seemed like maybe things were trending in the right direction, maybe like I’d say July and then in August it started to peter off again, at least where we were our offices off of The Hill. And yeah, it’s not normal, not normal.
[00:02:13] I mean, August is also a recess period. There was very little activity going on.
[00:02:19] Bill Russell: I’ll tell you, I was looking at the numbers, the COVID numbers and DCs in the top two in terms of spread and the surge that’s currently going on across the country. So the [00:02:30] top two in terms of combatting it and a part of that is people aren’t there. I mean, the policies are good in the state of DC. In fact, I attend a church that’s in DC, but I do it online and they’re still social distance masking and doing a bunch of that stuff for those public settings. So DC is pretty much living by the standards that they’re trying to drive across the country.
[00:02:56] Mari Savickis: Yeah. I mean, I didn’t realize it was like, you’re saying it’s a number two in terms of like a [00:03:00] hotspot?
[00:03:01] Bill Russell: Oh no number two in the other direction. Number two in terms of safe.
[00:03:05] Mari Savickis: I was like, yeah. I’m surprised to hear that. Yeah. Gotcha. Gotcha.
[00:03:08] Bill Russell: Yeah. I remember that struck me that DC was one of the best areas in terms of combatting the spread of the virus at this point.
[00:03:17] All right. First of all, we’re going to do your brief. If people haven’t signed up for this, your team sends out a briefing.
[00:03:22] Mari Savickis: It’s every Monday. All of our members get it. And our foundation firms. And if you’re a friend of CHIME they can also receive it. So [00:03:30] anyone who wants to be added to, it’s pretty much like a pulse check of Washington and all things like health IT and technology. You can subscribe [email protected] We can add you.
[00:03:40] Bill Russell: All right.
[00:03:40] Mari Savickis: If you’re a friend of Bill you’re a friend of mine.
[00:03:42] Bill Russell: I’m already a CHIME member so I get this and it’s actually really good. So it helps me to keep my pulse on the things that are happening in DC. And as we know the regulatory environment is something that really drives healthcare. So we have to, as IT leaders, we have to understand it.
[00:03:57] And then you are our voice [00:04:00] into it. So to speak back to some of the regulations that are coming. So we’re going to talk about two things specifically from your letter. The first we’ll talk about the cybersecurity meeting that went on between this administration and some of the private sector companies. Cybersecurity, major initiative. May was the executive order. July 28th the president issued a national security memorandum. And so there’s a lot going on with regard to this. So let me give you a couple of highlights and then we can [00:04:30] discuss a little bit.
[00:04:30] So the Biden administration announced that NIST National Institute for Standards and Technology will collaborate with industry and other partners to develop a new framework to improve security and integrity of the technology supply chain.That’s number one. Biden administration announced formal expansion of the industrial control systems cybersecurity initiative to a second major sector which is a natural gas pipelines.
[00:04:56] So it was first the electrical grid. Now they’re moving to natural gas. And then you [00:05:00] have the private companies with their announcements, apple announced they will establish a new program to drive continuous security improvement throughout its technology supply chain. And it’s basics right.
[00:05:11] They’re going to drive mass adoption of multifactor authentication, security training, vulnerability remediation, event logging and incident response amongst their supply chain. Google announced that we’ll invest 10 billion over the next five years to expand zero trust. They’re going to help secure the software supply chains and enhance open [00:05:30] source security.
[00:05:30] They’re also going to train up to a hundred thousand Americans with their digital skills certificate program that they launched. IBM’s going to train 150,000 cybersecurity professionals, and they’re going to do that in partnership with historically black colleges. Microsoft announced they’re going to invest 20 billion over the next five years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions.
[00:05:54] So then Amazon also had an announcement here. They’re going to make available to public [00:06:00] at no charge, the security awareness training it offers to its employees. And then there’s things that go on there. Talk to me about the cybersecurity initiatives that we see coming out of this administration and how they’re going to impact or how they’re being received by health systems across the country?
[00:06:17] Mari Savickis: Yeah if anyone who is listening is a reader of our debrief you may notice that one of the quotes to be included from the President from earlier this summer was that they’re treating the new war is actually not going to necessarily be fought on [00:06:30] the physical battlefield. It’s going to be being fought in the cyberspace, which probably comes as no surprise to anyone who follows cyber security. But you know you do need to treat it as a threat to national security. And so there’s a ton of interest in this and as you noted, it’s, there’s a 100 day sprint on energy now, or they’re going to move on to gas. And we’d like to see them move on to healthcare. That hasn’t happened yet.
[00:06:52] So many of the initiatives that you’ve announced or discussed are actually there’s funding for broad cybersecurity across [00:07:00] the entire country. So 16 critical infrastructures where one of them, again I have some figures here, I pulled for you on like I think CISA got 650 million at the beginning of this year, so that money’s in place.
[00:07:14] And then there’s in the infrastructure package. There’s more money that could potentially be coming. We’re obviously looking, that’s like being deliberated right now. So we’re looking for that. But there’s been a huge infusion of cash into Department of Homeland Security CISA to try and [00:07:30] address some of these challenges.
[00:07:31] These efforts are just getting kicked off like the one you just mentioned, the joint cybersecurity round table that they just had is a public private effort. I think you’re going to see CISA trying to do more with public private partnerships. If you look at their website. It’s cisa.gov/jcdc. I mean industry and CEO’s and CISO’s` will care about this. So we’re going to be digging in and trying to figure out where it is that they’re going to be working with the healthcare sector. We plan on talking to [00:08:00] HHS about this, like where what’s their role.
[00:08:01] So there’s some opportunity here. I think this is just getting started and there’s also potentially going to be another big infusion of cash into the cyber arena via the federal government.
[00:08:12] Bill Russell: You have a lot of Chief Security Officers for health systems that are pretty well connected. They have different groups that they have formed.
[00:08:19] They have different, I want to say bulletin boards, but that says how old I am, but they have different feeds that are coming into them almost to the minute what’s going on in the world. They have some early detection [00:08:30] systems of attacks that are going on and those kinds of things.
[00:08:32] What are some of the things that CHIME has specifically for security professionals that’s helping them to stay ahead of this, to get connected with one another and to really solidify their security position for their health system?
[00:08:48] Mari Savickis: Well, we have so much Bill. I mean, it’s our number one issue in terms of our government affairs shop. This is the number one issue we advocate for on The Hill. So we are constantly looking for the right balance of [00:09:00] incentives versus penalties right. I mean, I think we talked in one of your previous shows about HR 789. That was a bill that was signed into law that are very ended, the last administration and that is going to bring you some relief in the form of shortened audits. You’ll get credit for you using cybersecurity best practices. So things are moving, I think potentially in the right direction but it still is a very punitive culture.
[00:09:23] There’s a lot that’s I think is going to be unfolding in the next year. So number one, we have a ton of [00:09:30] free resources on our website, so I’ll give you all this after the show but if you find yourself in a situation where you’re having a cybersecurity incident and you’re having trouble getting in contact with the right federal officials, you can always contact us and we will help you navigate that. We don’t have to be involved in what the nature of the incident is, but we’ve done that for a few members this year.
[00:09:50] Unfortunately some government agency is not being entirely responsive or they’re having a hard time getting to the right people. We can help facilitate that for you. So that’s one [00:10:00] thing we do for members. The other thing is, as I just mentioned, we advocate for more resources for you. We’re your eyes and ears on the ground in Washington DC everyday cause you have a real job to do and you don’t have time to necessarily you know go fight all the fires of insanity in Washington and advocate what you need. So that’s what we also do. We have cheat sheets. We’re tracking all the funding issues that are going on right now.
[00:10:21] Where’s the money going? What’s CISA doing? CISA is blowing out their org chart right now. We’re going to try to figure out where is this money going? How can healthcare be at the [00:10:30] forefront of this? So we’ll be positioning our sector to be the forefront. And then last but not least, I’m not self-serving at all but our health sector right? So if you’re not a member of the health sector and you’ve no idea what this is, it’s free. We are super involved. Meaning CHIME and AS are very, very involved in this. And we have members who lead up some of the work groups. For example, 405D’s. Super unsexy name Bill. Oh my gosh. If you haven’t heard about 405D in cybersecurity best Google it now. Because this will be what you’ll be [00:11:00] able to get credit for. So these are cyber practices developed in conjunction with the federal government, not mandatory. It’s just voluntary use but let me bring something back to you.
[00:11:11] You mentioned that white house round table. Did you notice that there’s a piece in there, there were two attendees that were specifically called out who offer cyber liability insurance, scrolled kind of down to the bottom. You know what one of them said is as a condition of getting cyber liability insurance, we are going to mandate that you meet certain best practices.[00:11:30]
[00:11:30] What would those best practices be? Maybe it’s something that we, maybe we could get them to convince them to say, Hey, this is something we’ve developed in the healthcare sector. It’s developed by CISO’s in conjunction with the federal government right now the use is voluntary.
[00:11:45] That would be amazing. Right. But that little morsel that’s buried in there is very interesting because we’ve been hearing from members that they are getting sledgehammered over costs and that their liability insurance is going up so much so that they have to get a second policy, like a supplemental and [00:12:00] even their first policy wouldn’t even cover what they had last year.
[00:12:03] So we’re collecting, it’s like, I’m a detective, right? I’m like collecting all the information about what’s going on, trying to get ahead of it and trying to position the provider communities interests in healthcare of course.
[00:12:13] Bill Russell: Yeah. So that’s interesting. Resilience, a cyber insurance provider announced it will require policy holders to meet a threshold of cybersecurity best practices as a condition of receiving coverage. And then Coalition again, a provider announced it will make it cybersecurity, risk assessment and continuous monitoring [00:12:30] platform available for free to any organization. So that’s interesting as well. All right. So the next thing we’re going to talk about is the HIPAA rule. There’s been a proposed HIPAA rule that’s out there and there’s two documents I’m looking at.
[00:12:43] One is your cheat sheet which has an awful lot to look at. And then the second document I am looking at is the CHIME response. Okay. So let’s start with summary of key proposals. So on January 21st the last day of the Trump [00:13:00] administration, the US Department of Health and Human Services issued a proposed rule on HIPAA to modify the standards for privacy and individual identifiable health information under the health insurance portability act. All right. So that’s HIPAA. And one of the things you have underlined big letters here, this is a proposed rule. Nothing in this rule is in effect until HHS issues a final rule. All right. So how far along in the process are we. Are we like in the beginning third? Are we closer to the completion?
[00:13:29] Mari Savickis: [00:13:30] You would think that that would be an easy and straightforward question to answer. That is not easy and straightforward and I mean, the comment period closed like a few months ago. We do have someone presenting from OCR next week on the rule. It’s free to anyone Bill. You want to join the webinar, you can listen and hear all about the HIPAA rule.
[00:13:47] So I think we’re still in the early process. Anyone who pays attention well making noise, it takes like years. Like years to get something out the door.
[00:13:56] Bill Russell: But the mistake we make as CIO’s is we say, well this [00:14:00] going to take awhile. And then all of a sudden it comes a final rule. And then we’re like, oh man we’ve got a lot of catching up to do.
[00:14:06] So what you’re doing is making people aware, Hey, it’s out there so that they can plan accordingly. Although some of this might not actually come to fruition or maybe none of this would come to fruition. That’s a potential.
[00:14:18] Mari Savickis: Yeah. I mean, I think what we want to do is if we don’t want to just like, be like up the firewalls here, look at that. Like you have like it’s more like let’s grease the wheels. It’s kind of like I do with my son. I’m like, let me mentally prepare you for what’s coming next. [00:14:30]Right. So you just have to be like, let me just wet your appetite and just be like, here’s what’s happening right now, nothing you have to do to comply but like there’s some more I don’t know sprinkled in there mandatory, you say API APIs things like that. So you want to kind of pay attention. And the other thing too, about this role, which is so fascinating. I find it fascinating. Is there like a Zillion, there are dozens of questions Bill thrown out at the issue of, Hey, what do you think of this? What do you think of that? You’re like this isn’t really a rule. It’s like an [00:15:00] RFI in some ways so it was a lot of like, Hey, what are you think of?
[00:15:03] Bill Russell: All right. So let’s give people a little bit of taste of what’s in this. So it provides patients access to their records within 15 business days, rather than 30. And 15 business days is what that’s at least a 20, 20 days of actual days allows patients to direct their Phi in an EHR to third parties, including other providers, creating a second pathway for patients to obtain their data under the rights of access [00:15:30] authority.
[00:15:30] Requires that covered entities allow every app that want to register with an API to provide access for an individual. Assuming this is practical for the CE and barring any security concerns. Any CE or a business associate that makes a secure standards-based API available cannot deny the app registration because that would be denying individual access. Replaces the exercise of professional judgment standards with a standard based on good faith belief concerning [00:16:00] an individual’s interests. Replaces a provision that let’s CEUs or disclose Phi based on a serious and imminent threat. And then there’s a bunch of others. Changes the fee structure, prohibits unreasonable patient identity verification requirements, and so forth.
[00:16:15] So the response from CHIME is, a lot of it really makes sense. I’ll push back on some of it, and then you can tell me the reasoning, but HIPAA and information blocking. Essentially what you guys are saying. You know what, [00:16:30] bring these two together, not bring them together but make the definitions the same. Define a covered entity the same, define a provider the same, just get these two groups together to make the definitions the same. That would make life easier for us rather than having to figure that out. Is that right?
[00:16:49] Mari Savickis: That’s correct.
[00:16:50] Bill Russell: Okay. The next one individual rights access. So 30 to 15 days. Now when I first read that my initial response is to say, [00:17:00] this is the digital age. Of course we can do this in 15 days, but there is a reason why this isn’t as clean, cut and straightforward as the people looking at healthcare saying, Hey, you guys are Luddites, come on. With APIs you should be able to get that down to one day, but there’s reasons. So what’s the reason that CHIME is pushing back on behalf of our membership?
[00:17:22] Mari Savickis: It’s really about threading the needle. Right? So when you’re dealing with absolutes, like we can’t deal with absolutes in every scenario. If you turn, I [00:17:30] mean, I don’t know anyone’s going to read our, what would I call our manifesto but if you read into the comments a little bit more, you’ll say that we generally agree that in most standard cases, 15 days should be totally reasonable. It’s probably even closer to like maybe even a five. But the problem is arises when you have these outlier situations. And we got a lot of pushback from our children’s hospitals, because there are issues involving, you’re asking for one example custody, it’s a very thorny issue.
[00:17:53] So I’m not in a children’s hospital, but I take at face value that they’ve dealt with this many, many times. [00:18:00] So something like that would be difficult. There could be also a cyber incident. There could be a situation where maybe your EHR goes down for a day or two and some, maybe some like costly days are lost.
[00:18:12] But it’s probably mostly things like, I would say these custody incidences. We, I think if you’re having a major natural disaster, probably OCR would deem that a natural disaster area and waive some stuff. But in the absence that they didn’t, we’re just looking for, you have to either have some sort of exception [00:18:30] or just keep it as it is and know that most people hopefully we’ll be doing it less than 30 days.
[00:18:35] Bill Russell: Yeah. And the exception process is going to be key there. Having worked in healthcare I know that from state to state there’s different exceptions, age limits for children and whatnot.
[00:18:46] So it’s pretty interesting. So addressing forms, access as your next one. We were concerned about the implications proposals involving personal health applications, calling for covered entities to transmit electronic health information to PHAs, which [00:19:00] is personal health applications without requiring those PHAs to include privacy and security controls or sign a BAA.
[00:19:07] So that’s an interesting one too. In that you’re not going to have him sign a BAA. I mean, signing a BAA would require them to sign it with if they’re a national entity, every health system across the country, which would be interesting. But one of the reasons they’re doing this is this sort of free the data [00:19:30] and get the data into the hands of the patient.
[00:19:33] And that would be a significant block I think. And it would almost be inviting them into the bureaucracy of healthcare. I don’t know if you’ve tried to get a contract signed by a health system but we streamlined the process to get it down to 30 to 45 days. And prior to that, it was three to four months to get a contract signed.
[00:19:52] So BAA would just be, would just put a stop to this. So that, that one, I’m not really a fan [00:20:00] of the private privacy and security controls is a problem we absolutely have to address, that’s one of the problems we have to address with these PHAs coming in and requesting the information. What am I missing as I talk about this is there an aspect of this that I’m missing?
[00:20:15] Mari Savickis: So this actually goes back to for your loyal listeners that the term information blocking, right? So, I mean, we fought this battle and we with many other fought it and we lost. We lost it during the last minute operation. And it’s super [00:20:30] disappointing because this is all about there being two parallel, but different universities, you have HIPAA over here and those who have to comply with HIPAA and there are penalties for non-compliance. And then there’s the other app community that is basically the wild west and they are not governed by HIPAA. And so while patients do actually have the right to, and we completely strongly support a patient’s right to have access to their information, we’re all patients Bill. Don’t you want your information when you ask for it? So of course we do. However right that being said, I think as [00:21:00] consumer we’re like the patient turned consumer, you start to look at these privacy terms and conditions in the app. I’m pretty sure that most people have not read them. I have.
[00:21:09] Okay. And, and it’s like scrolling down through, like, what is it 10 pages on your phone of four point font to figure out that they actually are going to send it to their third party, repurpose it, commoditize it. So it’s more about transparency. And that is something that, that battle was lost.
[00:21:27] When we were dealing with the CMS and the ONC [00:21:30] interoperability rules, we’re like, Hey, how about when a patients says requests that there’s some sort of disclaimer that comes up and says, I’m gonna read these. To you. Do you sell identifiable information? Make it plain in English, people who maybe are at a high school level could understand this, or maybe who don’t have English as their first language.
[00:21:47] If yes, is it used only for research? Do you use the data for marketing? What is your documented patient consent process? And do you securely destroy data? Even these may be somewhat nuanced, but we lost this battle. [00:22:00] And so the FTC and ONC and decided not to go down this road. And so until you basically shore up, these requirements would probably is going to take an act of Congress then we’re stuck with a situation. Patients turned consumer is just sending their information off to who knows where. It can even be wildly known apps that, and you don’t know what they’re doing with the data. So it becomes it, becomes an issue. So it’s transparency really. We’re not going to say no, you should go do it. I mean, yes, but you know, it’s kind of like buyer beware.
[00:22:29] Bill Russell: [00:22:30] Yep. Before people get the wrong impression, like, oh, this might change in this administration. Mickey Tripathi spoke at the last CHIME event. And he’s he’s for this. Availability of the information to the public health applications. He’s also for securing it and shoring up the rule, but it’s the reason the battle was lost is not because it was the last administration. The reason it was lost is because it’s bipartisan. It’s the 21st century cures. It’s the everybody’s saying, and you and I are saying the [00:23:00] same thing. We want access to our health record.
[00:23:02] Now that the rules have to set it up in a way that protects us as individuals. We don’t know what we don’t know as individual patients. And that’s what Judy Faulkner was talking about. That’s what CHIME is trying to defend is say, look you need to understand that this could get out in the wild and people could start using this for commerce and for anything.
[00:23:26] Mari Savickis: They do use it and they, they commoditize the data and the data aggregators [00:23:30] get it. And everyone knows now today that data cannot be really anonymized. So what you’re dealing with is a situation of like, if you have GPS location tracking data, just about any piece of data becomes health data.
[00:23:41] I mean, I could spend an entire show talking about this, pull the string Bill, pretty passionate but so we just want some guard rails around this. And the thing is you’re right. The guard rails are not going to magically appear so basically you have to be an informed consumer and figure out where your day is going in a nutshell.
[00:23:57] Bill Russell: So you have three, three more things. You have strengthening of the access, [00:24:00] right to inspect and obtain copies of Phi. Readily available should be designated to mean that the information is available in the patient room during the appointment can be pulled up and reviewed within the time designated for the appointment. It’s interesting cause I, I read that. I don’t want to put that on the doctors. I mean, that would be.
[00:24:18] Mari Savickis: It’s hard. I mean, of course you want, i f say say say I go and get an x-ray today and I might want to just get the x-ray habit portable leave right. That would be so nice. And they could, or show me on the [00:24:30] screen. But sometimes it’s not as easy as just having something right there. And so, I mean, I think we’ve all been in a busy clinical setting. What setting is not busy and clinical, right. Especially these days. You’re going to chase down something like, oh, I’ve got to go to this department or it’s like stuck at the computer, you know what I mean? It’s like, it’s not as easy so I think all we’re saying is if it’s right there and probably defer to the provider or the clinician as to the level of readiness right because the person behind you is the next patient that needs to be seen.
[00:24:58] Right. It’s just, we’re [00:25:00] not as well oiled machine that you can just always, so we’re just saying yeah, if the information’s there, great. If not, you have to get, you know another time.
[00:25:07] Bill Russell: Although we were, we were planning for this back in 2015. All of the new clinic offices, everything that we were setting up had some sort of flat panel on the wall.
[00:25:19] They became so inexpensive. They’re actually cheaper than an iPad at this point, which a lot of people are putting in different hospital rooms and so in every one of those rooms where you’re putting a flat panel that you could [00:25:30] essentially you could broadcast the medical record up or an image up and just have the conversation with the patient.
[00:25:36] But I can understand why this could be a challenge if it’s not already thought through and being in the workflow. So again, I’m glad you’re pushing back on that. And again, it’s just clarity around these things. What are you asking? What are you requiring? Our health system was seven and a half billion and so yeah, we can put flat panels on every wall in the clinic but CHIME represents health systems that are [00:26:00] much smaller than that and are not swimming in cash that they can just do that kind of work. So you have to represent the entire spectrum of health systems.
[00:26:09] Mari Savickis: I think you just mentioned like ambiguity. When the government uses terms, like you have to make information indefinitely availablle, that is the kind of thing that makes a provider’s hair stand up on their neck, like forever. What do you mean? The last 10 years kind of thing, do I have to go into boxes and stuff? So it’s just that level of ambiguity. We have to have like bright lines. We operate better with certainty.[00:26:30]
[00:26:30] Bill Russell: Yeah, I, I remember in the state of California, we had to keep records for 28 years and our EHR had been in place for 13 … 12 years when I got there.
[00:26:40] And I was sort of looking at our storage and how it kept growing and growing and growing. And I’m like we should just factor in that our storage is going to have to grow by this amount every year for the next forever, because we’re going to have to keep this information for at least 28 years. And I don’t even think that was long enough for people.[00:27:00] If you see people at birth. And then you see them again, when they’re 50 years old, I think they expect you to still have their medical record and all the information associated with it. So, yeah retention is always an interesting issue for healthcare professionals.
[00:27:15] All right, let’s go in a different direction. This is an interesting one. So you gave me this article. Telehealth limits. Battle over state lines and licensing threatens patients options. I assume this is [00:27:30] about the state. It is. All right. So this is about the challenge of practicing medicine across state lines and the different state mandates that we have.
[00:27:40] And some states don’t allow you to practice telemedicine. For example, Johns Hopkins Medicine in Baltimore recently scrambled to notify more than a thousand Virginia patients that their telehealth appointments were no longer feasible. Their medical director said. And telemedicine at Johns Hopkins was not an option for them.
[00:27:59] And [00:28:00] Virginia is among the states where the emergency orders are expiring or being rolled back. So what happened is during the the pandemic, we had the emergency order to allow the practice of telemedicine across state lines. And now that’s rolling back to state control in some cases. And so Johns Hopkins which is in Maryland, cannot practice medicine in Virginia.
[00:28:22] So that’s one of the main things this article is talking about. You picked this article. What aspect of this do you want to talk about? [00:28:30]
[00:28:30] Mari Savickis: Well, I mean, at the beginning of the pandemic, there was all that, those analogies, which I really care for about toothpaste going back in tubes. Right. Remember that. Everything’s gonna be great forever. I still have my toothpaste. So it’s, I just wanted to highlight that these issues around telehealth are ongoing and they are not, I don’t think that you’re going to see some big sweeping piece of legislation. I mean, it’s always possible, right but it’s expensive. And we haven’t seen [00:29:00] a number that fixes some of the more systemic issues that like around like the originating site piece that would have to be a change in Congress. And so there are some things that CMS has done and then there’s some things that Congress has done, but there are still outstanding issues.
[00:29:15] CHIME supports the physicians or clinicians ability to be able to be in a different location from where their patient is irrespective of the license. There, the VA does. I know it’s a little bit different. The VA is a closed system, but we believe that that [00:29:30] barrier should be removed, but it’s more to highlight that we still have some challenges that we have retractions of payers going backwards at the state level.
[00:29:37] Like you just mentioned. Like my son gets care in Maryland and I’m in Virginia and it’s like a two hour schlep up there. So it’s not super easy. I think Maryland rolled back some of their telehealth provisions as well. So some states are going backwards even in the, even in the midst of like the Delta variant uptick you still have these retractions going on. So we’re just paying attention to what’s going on with with telemedicine. We’re [00:30:00] going to have another free cheat sheet available on Monday. So I’ll send you the preview Bill, but you know, just trying to keep track of what’s going on. What’s changing, what’s been permanently removed, what’s still an issue.
[00:30:12] One of the good things that we’ve seen is around mental health, right? Mental health is going to be able to, they have the ability to have telehealth in perpetuity with you get your services via telehealth and perpetuity because Congress changed that. So that’s really helpful. That was actually a while ago in the [00:30:30] support act.
[00:30:30] There’s a few things that you just have to keep track of and there’s some proposals in the physician fee schedule. That’s the rule that the government and Medicare sends out saying, Hey doctors, are you going to get paid? It’s proposed. Right. But there’s some changes on there.
[00:30:44] And so it just trying to keep track of some of these things, and it’s not all like a fait accompli. So I think where everyone’s fine right now, the HHS at the beginning of this year sideblock, we’re not going to end the public health emergency for at least 60 days before the end of this calendar [00:31:00] year.
[00:31:00] So we’re not quite 60 days yet but given the Delta variant I don’t know that you’re going to see a termination of the PHA. Right. It just seems very unlikely. And that said, then you’re back to like, well, when it does end, what is Congress going to do? And so conceivably, they could have a situation, they were like, what we call over here in DC, like kick the can down the road.
[00:31:19] We’ll just do a bandaid. We’ll let you do it for like the next six months or whatever they decide next year, but maybe won’t make the wholesale change that would be needed to just allow [00:31:30] these policies to continue in perpetuity.
[00:31:32] Bill Russell: That makes perfect sense. The challenge with this one, the challenge, I think anyone who’s funding, this is going to have, I had Dr. Joseph Kvedar on the show and he’s the Chair of the board of the American Telemedicine Association and I asked him this question specifically of should we break down these barriers and do you support this?
[00:31:52] And he essentially said, he’s in support of the state regulations around telemedicine and them controlling [00:32:00] who can practice medicine in their states. So he’s not for breaking this down. I’m not saying that he speaks uniformly for the ATA, but I’m saying that it’s, it’s interesting that people in key positions are not necessarily advocating the way you think they would and saying, look, it’s time to break down this barrier. And I think if I were a health system, there’s a, I’m trying to think of how I would say [00:32:30] this. There’s a competitive protection in place that the state provides by not allowing people from the state next door to practice telemedicine in our state.
[00:32:41] It means our physicians are going to be employed. They’re going to be the ones delivering care in our state. And I don’t have to worry about that level of competition. If Amazon wants to take Amazon care and bringing it into my state, they’re going to have to stand up some sort of mechanism to have doctors in this state provide care for those patients.
[00:32:59] So there’s a [00:33:00] protection. There’s not consensus across this that it should come down. I’m in the same camp. I’m in the CHIME camp. I’m like, I don’t understand why a doctor in Philadelphia can’t see me in New Jersey. Or a doctor in Maryland can’t see me in Virginia. That makes no sense to me.
[00:33:18] Mari Savickis: Yeah. There’s certain groups that oppose us because they say that your liability or your your ability as a patient to seek recourse if something bad happens in your care is more [00:33:30] limited that way because you’re in two different physical locations. That’s the counter argument to this. I think we just want to see, and that there are, I mean, I’m not an expert in the interstate compact but there’s some licensing agreements that you can enter into where it makes it a little bit less burdensome. I think we just want to see some of these barriers removed and I let other people fight some of these very technical issues on the state front that you’re referencing that involve like the house of medicine. We [00:34:00] just know that that’s one barrier. And I was just, I mean, I guess the reason I pointed this out is that this is still really kind of like a hot mess in terms of we’ve made a lot of progress, but there’s a patchwork of 50 states doing 50 things, the federal government can’t, you don’t have the authority to remove everything they need to remove.
[00:34:17] Like here’s one example. We just commented and I’ll send you, my colleague Andrew wrote the comment letter. We just commented to the federal government on the physician fee schedule, as I just mentioned. And there’s some of [00:34:30] these issues, you can pick them apart in here and like, how do you define home? Okay. For example, the statute may say, give authority for mental health. If you’re receiving services via mental health and at the home you does that mean that you’re also sitting in your car, maybe because home is not a safe place for you. Home isn’t a statute. I mean, I’m getting kind of, I’m wonking out here on you with you Bill but it’s like, how do you define home? Could it be your car? Could it be like your friend’s apartment? I don’t know. I mean, we just, those are the kinds of things that ended up [00:35:00] kind of wrapping us around the axle here, in terms of like, trying to sort through this morass.
[00:35:04] Bill Russell: Yeah. The term home really became fluid in the pandemic. I mean, I had friends I’m like, where are you living today? It’s like, I literally had somebody say to me, we’re in our RV. I’m traveling all over the country. I’m still working every day, but today I’m in this camp ground. Okay.
[00:35:20] Mari Savickis: I don’t know how to handle the snowbird RV situation where you’ve got a home in say Massachusetts and then like
[00:35:27] Bill Russell: I wish it was snowbird RV. It wasn’t snowbird [00:35:30] RV. It was somebody who’s like 38 years old had been going in the office all the time. They have three kids and they’re like, you know what? I can do this job from anywhere. They’re not requiring me to go into the office and this summer I’m going to take my kids. We’re going, we’re going. And they did. And he literally worked from a campground. There’s parts of what’s going on right now in the pandemic I hope never change. And the ability to take three months, travel with your family and still go to work would be one of those things. I [00:36:00] think that would be exceptional. All right, I’m going to close with this. You’ve been great. Thank you.
[00:36:04] Mari Savickis: Speaking of my daughter just came in and like, oh, good things about the pandemic is that I actually can like put my kids on the bus and like hug my daughter. You can’t see her cause she’s like popping in and out. Guest appearance. Okay, bye bye. And now you’ve been Zoom bombed by my daughter.
[00:36:22] Oh, thanks angel. Love you too. So yeah, I get to like be a real person and see my kids in the morning [00:36:30] and it’s really great. And I’ll go hug them. They just got off the bus right after we get done with you.
[00:36:34] Bill Russell: Yeah, that’s fantastic. All right. So last article predicting the future of health care 10 takeaways from HIMSS21. Let’s just go to their 10 things. We can comment on them. Wow.
[00:36:44] Mari Savickis: I forget what they are. So you’re gonna have to remind me. There’s like so many of them.
[00:36:47] Bill Russell: AI and machine learning gains steam. Here’s the funny thing I want to read these and I’m going to try not to be cynical, but when I was a consultant, I did consulting for a fair amount of my [00:37:00] career and we would have this thing that we would do when we were getting ready to put a presentation together and we were getting to the final, we would review it as a team and anytime somebody would, would see something that was so obvious it really shouldn’t be on the slide deck, the people in the audience would essentially just say, no, duh like artificial intelligence and machine learning is gaining steam in healthcare. No of course it is. It’s gaining, it’s gaining [00:37:30]everywhere.
[00:37:30] And I I had a conversation this morning with a head of innovation for one of the health systems and she was telling me that just it’s really getting to be pretty cool, what they can do with the data that’s starting to get cleaned up and artificial intelligence to pinpoint things, to identify things before they actually happen.
[00:37:51] To get ahead of things like we used to have to wait for all the H cap stuff to get in, but now we can almost predict what [00:38:00] our H cap scores are gonna be based on uncertain variables and those kinds of things. We can actually get ahead of this stuff and do things to impact it.
[00:38:08] So AI and machine learning is number one. Telehealth is going to gain steam again. I’m going to say no, duh. Of course it is. Interoperability fervor is toned down, but focus remains. Okay. So that’s an interesting one to me. Do you think the interoperability fervor is tone down at this point? Or do you think it’s still going to maintain its high level of [00:38:30] visibility.?
[00:38:32] Mari Savickis: No, I think it’s because I mean, of current event. I think it was at hand is when ONC and CMS were going to launch their big rules and then everything got pushed back and the pandemic set in. And so it became a little bit of a side show and things and we had to have some delays in there. Right. So it’s, I mean, it’s still happening. I think it’s going to take center stage again too. I mean the president, for example, tonight is addressing the nation. I believe it’s 5:00 PM to talk [00:39:00] about the Delta variant and some of his plans. And then you also have that 17 page plan. I think it was a 17 page document that he put out the other day about how to like address pandemics in the future. I bring this all back to say about interoperability. We’ll probably still have in-state in the salon because we need to have better interoperability and standardization for the public health infrastructure. The same problems we had last year. Oh, shocker bill.
[00:39:21] Guess what? You can’t sell them in a year and they’re still a problem today. Like one example. I know you might be like, oh, I’ve heard this before patient identification. That’s a [00:39:30]problem. Another area too, that I think we’ll continue to see it stay is the transfers of care. We had high tech for hospitals, high tech for doctors, and then nothing for post-acute long-term care and they’re still out there and some of them are savvy, but they need help.
[00:39:46] They need some government assistance to help facilitate these care handoffs because at the end of the day, it’s about the patient. And so the hospitals will probably be the ones that get penalized. We’re, we’re paying attention to this very closely at CHIME. And those are places where I think interoperability [00:40:00] could really, really flourish but we have to we have to put some attention into those areas.
[00:40:04] Bill Russell: Yeah. I agree. I think interoperability will remain strong through the next four years and for a lot of reasons, But all right, so next one health equity will take top to bottom interests. And careful touch with technology. I’m not sure what they mean by that, but I will say this health equity is a topic. I hear CEOs [00:40:30] talking about across the board. And I now see that starting to permeate the entire organization. It used to be something, and again, this might be my cynical side that felt like there was lip service to but not a lot of action towards, and now it feels like it’s starting to permeate policies within the organizations and training within organizations and programs for reaching the underserved in communities.
[00:40:55] So it seems to be that is, that is really taking center stage at this [00:41:00] point, a rising importance of cybersecurity. I think we both agree with that one. Again, I just come back to, if this was on a slide deck and I’m using the polite way of saying no duh consulting. They would say, I would say in the next year, cybersecurity is going to take center stage and they would say, no, duh, of course it’s going to take center stage, it’s because it has over the last six months, of course, it’s going to a health. How healthcare fraud and OIG enforcement are [00:41:30] evolving. That’s interesting. I did read an article on it. There’s a lot of data that they’ve collected now and are looking at all the activity around telehealth and they do intend to increase their enforcement and looking at false claims and whatnot. And that is evolving over the next couple of years. I assume you’re hearing the same thing?
[00:41:53] Mari Savickis: Yeah, we don’t, I mean, we don’t spend a ton of time on the fraud thing, but having sat in a provider state for for like two decades, [00:42:00] I know a fair amount about what they’re doing and CMS uses AI. Speaking of AI, that’s a widely used tool like I’m sure the credit card companies have been using it forever. Well, the government I’d say probably in the past maybe 10 years as it deployed CMS elite engaged the use of those tools in a greater manner to spot where they think that there’s fraud.
[00:42:22] I mean, OIG and CMS, they’ll tell you, like, listen, most providers are and they’re not just providers, but like most [00:42:30] people who bill Medicare are largely individuals and companies, but it’s those who are not who they need to go after and they make everyone else look bad and there’s some very egregious cases of it. And they’re usually widely reported.
[00:42:45] Bill Russell: Yeah. And they closed this out with two others. Mental health as a key post pandemic challenge. And we know that’s the case. We’ve really changed things on people that were already struggling prior to the pandemic and then a fed the FinTech industry speaks up and [00:43:00]breaks out.
[00:43:00] So we’ll have to keep an eye on those things. Mari, we are at the end of our time. I want to thank you for once again, educating me on all the things that are going on in DC and doing it in a way that doesn’t make me feel as dumb as I really am about some of these things. I mean, there’s, there’s so much going on. I appreciate the fact that you know all the acronyms.
[00:43:20] Mari Savickis: Well, I hope to God that people aren’t like, oh, what a snooze fest talking about HIPAA but you can always call me or reach out to me and we can dive into these very mundane but [00:43:30] important issues. So thank you so much for having me Bill.
[00:43:32] What a great discussion. If you know someone that might benefit from our channel, from these kinds of discussions, please forward them a note, perhaps your team, your staff. I know if I were a CIO today, I would have every one of my team members listening to this show. It’s conference level value every week. They can subscribe on our website thisweekhealth.com or they can go wherever you listen to podcasts, Apple, Google, Overcast, which is what I use, Spotify, Stitcher. You name it. We’re out there. They can find [00:44:00] us. Go ahead. Subscribe today. Send a note to someone and have them subscribe as well. We want to thank our channel sponsors who are investing in our mission to develop the next generation of health IT leaders. Those are VMware, Hill-Rom, StarBridge Advisers, Aruba and McAfee. Thanks for listening. That’s all for now.