Debate, breach, future planning

Where to start this week? From a Senate hearing on medical innovation, Meaningful Use and interoperability to several developments on the privacy and security front, it’s been another busy week in the world of health IT.

MU program “should have been a really good idea,” said Chair Lamar Alexander (R-Tenn.) of the Senate Health, Education, Labor and Pensions Committee during a hearing about the program and ongoing problems with interoperability.

Despite the billions spent on MU, the program has failed to "improve care, improve coordination and reduce costs," he said.

The hearing included testimony from several individuals, including Epic's Director of Interoperability Peter DeVault. When asked why Epic has not joined the CommonWell Health Alliance, DeVault said the group is expensive, requires the signing of a non-disclosure agreement which suggests that CommonWell intends to sell patient data downstream.

Cerner issued a statement in response to DeVault's criticism of CommonWell: "Today's rhetoric is a slap in the face to many parties working to advance interoperability. It was discouraging to hear more potshots and false statements when it's clear there is real work to be done. We're committed to CommonWell as a practical, market-led way to achieve meaningful interoperability."

Athenahealth CEO Jonathan Bush later tweeted the following: Judy, Judy, Judy. Can't afford 1.4M? Puh-leese! @athenahealth will for you. Join @CommonWell and lets connect.

There’s no way this “feud” is over.

Meanwhile, Premera Blue Cross, a health plan based in Mountlake Terrace, Wash., was the target of a cyberattack of its IT systems, impacting 11 million.

Premera discovered the attack on Jan. 29, and investigations indicate the initial cyberattack occurred on May 5, 2014. While the "investigation has not determined that any data was removed from our systems," compromised information includes member names, birth dates, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, back account information, claims information and clinical information, according to information on Premera's website.

Despite the number of data breaches in healthcare, a survey found that about half of all patients are concerned about security breaches involving their personal health information, yet only about 1 in 10 “always” read their doctor’s security policy.

Forty-five percent of patients are “very” or “moderately” concerned about a security breach involving their health information and54 percent of the respondents said they would be “very” or “moderately likely” to change providers as a result of a breach involving their personal health information.

About 1 in 5 respondents also said that security and privacy concerns will lead them to withhold health information to their providers.

I also spoke with Lisa Gallagher, HIMSS vice president of technology solutions, this week about healthcare privacy and security. The recent Anthem breach did not surprise her. “We need a lot of support on the threat data side of things. You can’t fight something you don’t know about, but there is no one consolidated place to find actionable threat information. We have bills in Congress and the president’s executive order but we are really recognizing that one thing we can do is focus on resources and infrastructure for gathering, consolidating and making available actionable threat data specific to the sector.”

HIMSS15 next month will feature a new area called the “HIMSS Cybersecurity Command Center” which will consolidate information and resources around the topic and offer security challenges.

There's never a dull moment in health IT!

Beth Walsh

Clinical Innovation + Technology editor