In the June print issue Robert James Campbell writes on applying lean thinking techniques to healthcare. The process improvement technique can be used to identify and eliminate waste in any activity. Campbell, an assistant professor at East Carolina University in Greenville, NC, teaches the lean thinking technique to health services and health information students. Here he shares one project in which students reengineer a patient transfer process using lean thinking.

* * *

As healthcare expenses continue to erode household, government, and provider budgets, the industry needs better methods to reduce the cost of care. One tool that can increase efficiency and value is a change management technique called lean thinking.

Lean thinking is based on the Toyota Production Model and is built upon five steps to identify and eliminate waste: value, value stream, flow, pull, and perfection. The ultimate goal of lean thinking as applied to healthcare is to provide services and products that add value to the patient by improving care in the most efficient manner possible. (more…)

The June cover article examines the field of information therapy: getting patients the information they need to better manage their health. The other features report on whether stimulus funds will pay off in health information consumers can use and the lean thinking philosophy for those organizations looking to more effectively manage their resources and staff in this tight economy. (more…)

ONC published a draft description of the health IT extension program in today’s Federal Register, requesting comments within two weeks—by June 11.

The extension program is called for under the HITECH Act in ARRA, the American Recovery and Reinvestment Act. It authorizes creation of a National Health Information Technology Research Center and affiliated regional extension centers to assist providers in selecting and implementing certified electronic health records.

The program also will assist providers in becoming “meaningful users” of the systems, a prerequisite to receiving bonus Medicare and Medicaid payments under a separate ARRA provision.

The extension program is to give preference to providers serving uninsured, underinsured, underserved, and special-needs populations. (more…)

The Department of Health and Human Services released its program plan for enacting the health IT incentives provisions called for in ARRA. By the end of 2009, HHS will have drafted necessary program policies and published them for public comment. These policies will include a definition of “meaningful use.”

HHS will also use this year to plan necessary support for the program, including a national outreach program.

In 2010 HHS plans to conduct outreach to eligible professionals, develop the final program rules, and create systems to monitor and evaluate the payments.

Medicare incentive payments to hospitals will begin no sooner than October 2010; payments to eligible professionals will begin no sooner than January 2011. Medicaid incentives to professionals and hospitals both will also begin no sooner than January 2011.

The American Recovery and Reinvestment Act provides $17 billion in Medicare bonus payments for eligible individuals and hospitals that adopt certified electronic health record systems. The Medicare payments run until 2016. The Medicaid payments extend until 2021.

In 2015 a series of Medicare payment reductions will begin for eligible professionals and hospitals that are not meaningful EHR users.

May is a busy month for the health IT provisions in ARRA, the American Recovery and Reinvestment Act (or “stimulus bill”). Federal groups scrambled to meet a number of deadlines last week.

The Health IT Policy Committee met May 11, just several days after its full membership was announced. ONC head David Blumenthal wanted the group to meet before the Health IT Standards Committee held its first meeting at the end of that week, per its deadline. ARRA intends the policy group to set direction and the standards group to identify the technology standards that support it.

The policy committee formed three work groups: meaningful use, certification and adoption (which will include work force and infrastructure issues), and information exchange. The group intentionally did not form a privacy and security group, intending instead that privacy and security issues permeate the other topics.

The creation of the policy committee makes the future of the National eHealth Collaborative uncertain. NeHC, the successor to the health IT advisory body the American Health Information Community, had just a few meetings under its belt when ARRA was signed into law. (more…)

On Friday the California Department of Public Health announced an administrative penalty of $250,000 against Kaiser Permanente Bellflower Hospital for failing to prevent unauthorized access to octuplet mom Nadya Suleman’s medical records. According to CDPH, 21 employees and two physicians improperly viewed Suleman’s medical records.

The penalty is the first under California’s strict new privacy laws, which went into effect January 1. The $250,000 fine was the maximum allowed.

Kaiser first reported the breach back in April, when it disciplined and fired employees for accessing Suleman’s records. The CDPH investigation announced Friday involved the facility only. Under a separate law, the state may seek prosecution against the individuals themselves.

If you ever wonder what progress the Office for Civil Rights is making as it works its way through HIPAA privacy rule complaints, the numbers are easy to find. Each month OCR reports top-line results of the HIPAA cases it has received and resolved.

OCR has logged approximately 43,700 complaints since the privacy rule went into effect April 14, 2003. It has resolved 86 percent of them, and as of April 30 it had nearly 6,000 cases still on its to-do list.

OCR enforces the HIPAA privacy rule only. Enforcement of the security rule falls to the Centers for Medicare and Medicaid Services. Violations of either rule that involve possible criminal violations are referred to the Department of Justice. Through April 30 of this year, OCR had referred 456 cases to the DOJ and 306 cases to CMS. (more…)

New Health and Human Services secretary Kathleen Sebelius was on Capitol Hill yesterday with two new reports from the Agency for Healthcare Research and Quality in hand. Both had discouraging news about the quality of healthcare Americans received in 2008.

In particular, Sebelius singled out unequal care. AHRQ’s “2008 National Healthcare Disparities Report,” she told the House Ways and Means Committee, “highlights that severe and pervasive disparities continue to persist in this county. Minority patients still receive disproportionately poor care compared to their Caucasian neighbor.”

Solving healthcare disparities is complicated by a lack of comprehensive data about its prevalence.

Last month in the Journal, Jennifer Hornung Garvin and coauthors wrote, “At the heart of … efforts to develop effective strategies to address healthcare disparities is the need for accurate and complete data. However, data describing racial, ethnic, language, cultural, and socioeconomic characteristics are frequently inaccurate, incomplete, and lacking in detail in the healthcare setting. Sometimes they are not collected at all.”

Addressing healthcare disparities, the authors stress, “requires that providers capture better data about race, ethnicity, and socioeconomic status, an effort complicated by the sensitive nature of the data and the challenges of categorizing them appropriately.” They point to several data sets that providers can adopt to improve their collection of this so-called equity data in support of efforts to create equal care for all.

See “Data Collection and Reporting for Healthcare Disparities” in the April 2008 issue.

Healthcare organizations must ensure that their sanctions policies for internal privacy and security breaches are consistent, fair, and objective for all staff members. Organizations that fail to do so send a confusing message to staff, compromise their privacy and security programs, and lose public trust.

The May practice brief “Sanction Guidelines for Privacy and Security Breaches” offers recommendations for the internal application of sanctions related to information privacy and security breaches for healthcare organizations that manage or service protected health information or individually identifiable health information.

The brief includes a sample sanctions determination document that organizations can customize for their investigations and trending. Each incident requires appropriate investigation along with managerial discretion to declare a misdeed.

“No two healthcare organizations will approach sanctioning and enforcement for privacy and security breaches in exactly the same way,” the authors write. “Each healthcare organization needs to show a demonstrated, consistent ability to deal with privacy and security issues in its own way to ensure consumer trust. Inherent to privacy and security professional roles is a firm leadership commitment to consistent policy and enforcement and sanction application for noncompliance.”

One day before the Red Flags Rule were to take effect, the Federal Trade Commission announced a three-month delay. Organizations that would have woken up out of compliance today now have until August 1 to comply.

The rule requires “creditors” and financial institutions to develop and implement written identity theft prevention programs. (For more on the rule, see articles in “Privacy & Security.”)

The FTC also announced that it would release a compliance template for entities that have a low risk of identity theft, such as businesses that know their customers personally.

Continued confusion over the terms of the provision resulted in the delay. ”Given the ongoing debate about whether Congress wrote this provision too broadly, delaying enforcement of the Red Flags Rule will allow industries and associations to share guidance with their members, provide low-risk entities an opportunity to use the template in developing their programs, and give Congress time to consider the issue further,” FTC Chairman Jon Leibowitz said in the statement.

This is the second delay for the Red Flags rule. The original deadline was November 2008.