What I learned at the HIMSS Conference about developments in Health IT for the rest of 2012

Like many of you, I made the annual pilgrimage to the HIMSS Conference last month; here’s what I learned while I was in Vegas and my takeaways for the rest of the year.

Major developments in Health IT for the rest of 2012

It was discussed a lot in the educational sessions and vendors didn’t talk about it much, but the new realities of complex business models (like PCMH and ACOs) mean that standardization of clinical workflows won’t really be possible for a while. The open secret is that most EHRs are not up to the task of handling the complexities of new business models, though. I believe the big shift to cloud computing and mHealth will mean that smaller and more nimble “apps” (both web based and mobile) will start to shoulder more of the burdens that are being thrown in by new business models. When you add more services (like smaller cloud apps and mHealth apps) more and more orchestration across services and apps is necessary (not larger apps).  The common wisdom is that there will be fewer EHRs as consolidation occurs but that’s not going to happen – interfacing, interoperability, and real service based platforms will be created that can handle the next level of more sophisticated requirements. We’ll move from basic record keeping and document management to more refined patient management, patient engagement, social electronic health records, and collaboration-driven software. The older vendors will start to hear the collaboration siren songs and jump on board pretty quickly.

How the role of EHRs will change

The best EMRs will be those that become the central “dashboard” around the most complex healthcare workflows and begin to really become “coordinators” amongst multiple systems instead of a monolithic application. Clinicians really need to understand that their EHRs need to be their patients’ social health record and relationship management system and not just their chart management system. The role of the EMR must and will change to being the patient-centric collaboration and engagement driver and will just happen to store documents, charts, and MU records as a byproduct. When retrospective documentation becomes a byproduct of more collaborative care systems then we all win.

Developments in coordinated care

I’m not sold on coordinated care technologies “writ large” – the problem is that the government and vendors are making it sound as if this is the first time care has been coordinated. In reality, care has always been (at least minimally) coordinated in the physical realm – e.g. referrals have been used to coordinate care for decades. The level of technology coordination and the amount of measurements that have always been tough to define, implement, and secure continue to remain just as difficult. The good news is that we’re all in agreement that we need to coordinate care; the bad news is that we don’t really know what that means but we’re seeing vendors say they have systems that support it (which means they’re either misleading customers or they don’t know what they’re talking about). Care coordination is about clinical integration as opposed to record sharing and we have a long way to go to really implement seamless coordination even though we have the basic technologies available to do so now (the basic technologies are social media, e-mail, and the web, not EHRs).

Security challenges need more thought and attention

The privacy rules are getting tighter and tighter but the relationships between care providers are expanding farther and deeper. For example, now all IT vendors that used to be just contractors are in some respects HIPAA business associates – there are tons of implications for vendors that they’ve not started to grasp yet. Also, think about PCMH and ACOs – they create new business relationships and care models that create significant headaches for security professionals. The healthcare world, while it’s getting more complicated, wants to get more secure at the time and it’s not reasonable to think you can make business models more complex and at the same time have more security – something’s going to give.

Don’t think HIPAA means security

At HIMSS people kept tying security and HIPAA – as I reminded my readers last year, HIPAA is not really a security standard – it’s a compliance framework and provides general guidance. I continue to recommend that organizations expand their focus from HIPAA when constructing their healthcare security policy, and model their documents off of NIST (National Institute of Standards and Technology) and other resources. NIST actually provides measures, security controls, risk frameworks, and standards that can be followed. If you follow general NIST guidelines and have really secure systems based on NIST suggestions then meeting HIPAA regulations are a piece of cake.

Biggest HIT-related and healthcare changes that physicians should prepare for

HIPAA 5010, ICD-10, and MU Phase 1/2 will keep everyone busy; start to worry about converting all your vendors into HIPAA business associates and become experts at data integration and connecting multiple software systems. Forget your focus on vertical (e.g. EHR) applications and start to focus on best of breed, smaller apps, and integrating multiple apps.

Role of payers in setting technology solution standards

The role of payers in setting technology standards is growing and will be significant and consequential – in fact, without the payers driving the train nothing will really happen. Now that Medicare has taken the lead, the big payers will be right behind. The beneficiaries of ACOs are likely to first be payers, not just patients. I’ll be writing more about this in the future.

Now that we’ve had a month to think about it, what is your follow up advice from the HIMSS’12 Conference? Drop me a note below.

Newsletter Sign Up

13 thoughts on “What I learned at the HIMSS Conference about developments in Health IT for the rest of 2012

  1. While in general I agree with your view that coordinated apps may well be were healthcare goes, there are several factors that may prevent that. And yes, there are core technologies in the web, e-mail, and social media for coordinating healthcare.

    But both of those hit a wall called HIPAA and security.  E-mail, social media, and the web are NOT compliant with HIPPA, nor are they particularly secure. More to the point, none of them is perceived as being at all secure or compliant. The perception will be the greater hurdle in my view than the reality. And the reality is bad enough.

    The idea of coordinating apps will hit the same walls, again for perception more than reality. The problem, especially in the eyes of IT departments (and some Hospital IT departments are understandable paranoid), is that the whole system’s security will be only as good as the weakest of the apps. One opening, or bug, in one app could open the whole system. But how to prove that when a hole does open? Now they are looking at multiple apps, probably  from multiple vendors, and a major finger pointing battle to determine who is at fault, and therefore liable. It is much easier to look at one vendor, and yes, one larger application. Easier to test, easier to ensure security.

    That’s the security side, and yes, the HIPAA compliance issues can run into similar issues. But in addition, any problems that arise, and let’s face it, there will be bugs, will require dealing with all of those independent vendors determine which of the apps is in fact at fault and needs to be fixed. This will create a huge drain on physicians, as their staff is now caught between multiple vendors each blaming the others, when all they want will be for the software to WORK. One vendor, one large application, will be FAR FAR easier for them to deal with.

    At least, that will be the perception. Because of the interactions, a collection of coordinating apps will need to be completely retested every time a new app is added to the whole.

    The ideas sound great from a technical viewpoint, and there is definite appeal to them for those who understand technology. But there are also a great many concerns. More likely, the major vendors will add some modularity to their systems, but will continue to produce the large, singular, applications. They are easier to budget, easier to maintain.

    Finally, to have any chance for a working collection of apps, there needs to be clear standards in place. Standards for communication between them. Standards for data formats for information passed between them. Unfortunately, having been part of such standards efforts in the past, we are looking at years of work and ending up with standards that will almost certainly have huge gaps in them, gaps caused by making large portions of them as “optional”. Take a good look at the communication standards that were created for computer based training systems.

    We may get to this point, but that will not be this year, nor next year. 5-10 years, maybe.

    1. Hi Larry – terrific comments. Your points are right and there’s a ton of work to be done in security and non-IT areas before any of this technology is ready to be integrated in the “real world” 🙂

    1. Hi there.

      I’m in Europe this week without easy access to email so my inbox is getting pretty full; if you don’t get a timely response to your message by Tuesday April 24th don’t hesitate to send me a reminder.
      I’m in a timezone that’s 5 hours ahead of Eastern Daylight Time.


      Shahid N. Shah

  2. www.travelrnplus.com


    I am glad you are taking this subject on, Healthcare I.T. is becoming more and more mainstream and needs to be a focal point of the overall development of our healthcare system. That being said, what are your thoughts on how to connect with those skilled individuals looking for a career in Healthcare I.T.  It is a sort of a personal mission of mine. 

  3. Without proper training and education of employees, most of the features healthcare apps have will become surplus. 
    Also one of the problems that could appear are privacy issues and how they are kept and who has the right to access them

Add Comment