ICD-10 and Beyond - What Are the Key Drivers for Healthcare BI in mid-2015?

There are some consistent themes arising among our US healthcare customers. A common one is that BI platform managers and administrators in the healthcare industry are becoming more proactive in order to resolve numerous pressing issues.

There are regulatory issues (HIPAA, HITECH) and ICD-10 adoption issues There are issues with BI/EHR integration and with change management. And, of course, there is the ever-present issue of resource constraints.

One of our larger healthcare customers recently said they have managed to complete ICD-10 testing and adoption well before the October 2015 deadline, but I wonder, how is the rest of the industry doing? What is the current state of ICD-10 readiness?

In a 2014 survey on ICD-10 readiness by the American Health Information Management Association (AHIMA):

65% of respondents indicated that they could begin end-to-end testing prior to the fourth quarter of 2015, when compliance is set to begin. Of these, a majority (63%) will be ready to conduct testing in 2014, while the rest will wait until 2015.  Ten percent of all respondents currently have no plans to conduct end-to-end testing, and 17 percent don’t know when their organization will be ready for testing.

In general, the larger the healthcare organization, the more likely it is to be prepared, and to have end-to-end testing either already completed or in their plans prior to the adoption deadline. And the smaller the healthcare organization, the more likely it is to have resource constraints and knowledge limitations:

Organizations with no plans to conduct end-to-end testing often cited a lack of knowledge as the reason to forego testing (36%). Nearly half (45%) of these organizations are clinics/physician practices, possibly indicating a knowledge gap around ICD-10 implementation and testing for those organizations with fewer resources. By contrast, only two of the acute care hospitals responding to the survey had no plans for end-to-end testing.

The pyramids of Egypt are testament to what can be accomplished with a nearly unlimited supply of cheap or free labor, and larger healthcare organizations have been able to apply the necessary resources and the necessary knowledge to meet the deadline, but what about the rest of us? How can smaller healthcare organizations make the transition to ICD-10 comfortably?

When you don't have the resources, working smarter is the only practical alternative, and working smarter requires both a deeper knowledge of your deployment than is commonly available, as well as the ability to streamline and automate many of your BI workflows.

Lamont Parraway of LifeBridge Health joins us this afternoon (July 23, 2015, at 2 pm ET) for a webinar to discuss some of the biggest challenges he faces in managing the LifeBridge Health SAP BusinessObjects deployment. Attend the webinar to find out how he uses automation and deep system introspection to manage change, meet reporting needs, and reduce the load on IT resources.

View the recorded webinar...

(Note: if you register but are unable to attend, we will send you a link to a recording of the webinar, which you can then enjoy and share at your leisure.)

Healthcare GRC and Social Engineering

There is some debate over whether or not the CHS, Anthem and Premera data breaches were the result of "sophisticated" attacks. The jury is still out, but cautious journalists are using quotation marks to indicate that this explanation is not universally accepted. Regardless of the sophistication of these attacks, attacks they certainly are, and healthcare organizations should be prepared for the onslaught to continue, because healthcare data breaches are so lucrative. They have to assume they are being targeted by criminal hackers for fun and profit.

Maybe former Intel CEO Andrew S. Grove's book title got it right: only the paranoid survive. Perhaps healthcare organizations could learn from their corporate antitheses, the tobacco companies, who have many enemies, but are protected by a culture of hardened security.

There is certainly room for technological solutions to help manage risk, but we must recognize that the most frequent cause of data breaches is human behavior. (According to a Verizon data breach report, about 76% of network intrusions involve weak credentials -- bad passwords.) The biggest risk to the security of your data is your people. No amount of monitoring using sophisticating technology can protect your data from bad decisions by people on your network.

Let's not forget the subtitle of Grove's book: How to Exploit the Crisis Points that Challenge Every Company and Career. The threat to data is also an opportunity to establish a culture of data governance. In such a culture, the value of data is recognized, and human behavior is shaped by this recognition.

Human behavior is a critical factor, because social engineering is how malware and other created vulnerabilities find their way into your network. It is essential that your systems have malware protection, but it is equally important that your people know what not to click.

A strong governance, risk management and compliance (GRC) culture fights social engineering with social engineering.

If healthcare organizations can learn to fend off the cyber attackers, they will be in a better position to fend off the lawyers bearing class action law suits.

Webinar Alert: Healthcare & BI Platform Management

When: Thursday, Sept. 18, 2014 - 10 am, 4 pm EDT

Register for the webinar

BI in the Healthcare sector is growing rapidly in response to US healthcare reform, and healthcare organizations are looking for proactive ways to manage and administer the BI platform in the face of increasing volume, complexity and compliance considerations.

Join us for a discussion of the major challenges facing SAP BusinessObjects BI platform managers and administrators in the healthcare industry. This webinar will examine ways to increase your BI platform management agility to help you:

• Master complexity in data sources and information consumer requirements
• Manage compliance through greater system visibility and high-volume administration
• Maintain credibility through reliable, secure, accurate and timely delivery of information

Please join us as we explore techniques and best practices for SAP BusinessObjects platform management in healthcare.

Register for the webinar

Healthcare Regulatory Compliance and APOS Storage Center

If you are a provider or payer in US Healthcare, your world has become radically more regulated over the past decade or so, thanks to several pieces of legislation, including:

• Privacy Act of 1974
• Health Insurance Portability and Accountability Act (HIPAA)
• Statements on Standards for Attestation Engagements (SSAE 16)
• Financial Modernization (Gramm-Leach Bliley) Act of 1999 (GLBA)
• USA PATRIOT Act of 2001 (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism)
• SOX, the U.S. Public Company Accounting Reform and Investor Protection (Sarbanes-Oxley) Act of 2002

It's a complex landscape. In no other industry is data such an important asset, and yet such a potential liability. The regulatory burden and responsibility continues to grow for both providers and payers. As a BI platform manager in the healthcare industry, you need to be proactive about data governance.

APOS Storage Center can complement your SAP BusinessObjects system and help you with regulatory compliance through the following features:

• Rules-based backup, archive, versioning, and selective restore
• Offline and online archiving
• Extract and export
• Versioning, purging retrieving Web Intelligence reports
• System performance improvements

Being proactive about data governance means not waiting until you have a problem to have a solution in place. APOS Storage Center resolves SAP BusinessObjects document instance archive, backup and restore issues before they become security and regulatory compliance problems.

Healthcare Outcomes and Business Analytics

In 2001, the Institute of Medicine (IOM), an arm of the US National Academy of Sciences, released a report detailing the many failings of health care provision in the US, and laying out a plan to fix health care. The plan was to become more proactive and less reactive in engaging patients and families to manage their healthcare, improving the overall health of the population, improving the safety and reliability of the healthcare system, coordinating patient care amongst multiple agencies, delivering palliative services, eliminating abuse, maximizing access, and improving the healthcare system's information infrastructure.

In fact, the focus on healthcare IT at the IOM goes back even further. In 1991, they published "The Computer-Based Patient Record: An Essential Technology for Healthcare"(revised 1997), a report heralding computerized patient records as the best hope for higher quality of care.

In the Fall 2010 issue of the Journal of Healthcare Information Management (a publication of the Healthcare Information and Management Systems Society ‑ membership required), Judy Murphy writes about the progress that has been made in healthcare since the IOM's push for better healthcare IT began over twenty years ago:

Robert Wachter, author of two books on patient safety and editor of the federal government's two leading safety Web sites, gives efforts an overall grade of B-, a slight improvement from his grade of C+ when he performed a similar analysis five years ago. Wachter says that overall, the past decade has seen progress in hospitals' responses to accreditation requirements, regulation and error reporting, but health IT has lagged behind, with research in the area slowly advancing and remaining underfunded.

As Judy Murphy notes, progress has been at best mediocre:

Unfortunately, the attractive claims linking health IT and quality outcomes rest on scant empirical data. Several studies and system reviews published in 2009 and 2010 have demonstrated some evidence for cost and quality benefits of computerization at a few institutions, but with little evidence of broader application.

And it seems that the long-term strategic objectives of this initiative have been obscured by the shorter-term tactical objectives:

The modest quality advantages associated with computerization are difficult to interpret, and are clouded by the fact that the quality indicators used today often reflect care process metrics rather than patient care outcomes. In other words, we are measuring how many patients receive smoking cessation counseling or prescriptions for beta blockers; we are not measuring how many patients quit smoking or what their reinfarction rates are.

The bright spot in all of this is the use of clinical decision support tools:

...it also seems clear that implementing and adopting health IT is not enough. The evidence points out that, unless you specifically use systems with clinical decision support tools and paired with practice changes, you are unlikely to improve quality and patient safety and unlikely to achieve overall reductions in health costs.

Before computerization of healthcare records, we said that healthcare was data-rich, but information-poor. Post computerization, it seems healthcare IT is information-rich, but analysis-poor. In other words, we have the information we need to make a difference, but haven't yet applied the appropriate analytics tools and mindset to the larger strategic objectives.

Clearly, budget is a large part of the problem, but in the age of doing-more-with-less, asking for a larger budget is probably a non-starter. So business analytics managers in healthcare need to look at ways to liberate resources from repetitive administrative tasks so they can spend more time adding value to outcomes via better decision support capabilities. You can't focus effectively on the larger issues if you spend all your time resolving the smaller ones.