Tag Archives: HIT

Upcoming HIT Policy & Standards Committees Workgroup Meetings

Thanks to Obama’s transparency policies, most of the ONC committee meetings are open to participation from the public. The links to the right of each workgroup provides audio (listening only) and video. Call 1-877-705-2976 for voice only and the opportunity to talk.

Health IT Ontology

2 weeks ago I solicited help to put together this Health IT Ontology (see Components of HIT…a start). This post is the result of 6 rounds of edits. The new name, I think, better represents the goal of defining all the entities and relationships within the domain of health IT. Click on the image below to see it full size.

Health IT Ontology

Following are the top-level categories:

  • Health Information Technology
    • Clinical Information System
    • Hospital/Clinic Management
    • Consumer-Oriented Technologies
    • Public Health & Biosurveillance
    • Reference
    • Research
    • Regional & System-Level HIS

The initial motivation behind this was to determine where ART-focused EMRs sat in the scope of HIT, but what I expected to be a trivial exercise quickly became a difficult task. Health IT is an extremely complex and expansive domain and every item in this heirarchy could be broken down into even smaller pieces (similar to EMR/EHR). My goal for this diagram was to cover the breadth of health IT more than the depth. It is certainly possible that there are some oversights, in which case I would love to hear from you.

I welcome your thoughts, criticisms, and suggestions on the HIT Onthology. Using social media (esp. Twitter and Aardvark) was so successful this time around that I plan to pursue more online collaborative projects in the future.

Many thanks to everyone who contributed, and a special shout out to Jacob Sattelmair, Janette Heung, blog commenters, Richard Thall and Eddie from Aardvark, and the score of Twitterers who provided very valuable feedback!

Components of HIT…a start

UPDATE: The final output of this project, HIT Ontology, can be found in this blog post: https://singularityblog.wordpress.com/2009/07/20/health-it-ontology/

Health information technology (HIT) is a broad and extremely complex field, and I want to visualize it. I’m going to need your help to do it. But first it needs defining…

HIT could simply be defined as any information technology utilized within the healthcare industry vertical, but that would be too inclusive, because that means a MySQL database is considered HIT because it is sometimes used in a hospital. Brailer & Thompson, former ONC Secretary and former HHS Secretary respectively, define it as “the application of information processing involving both computer hardware and software that deals with the storage, retrieval, sharing, and use of health care information, data, and knowledge for communication and decision making” (Thompson & Braile, 2004). The line between HIT and health informatics is fuzzy and we’ll ignore it for now.

With this definition, I tried to create a hierarchical list of the types of health IT software. I want the list to be comprehensive in breadth and don’t care quite as much about depth (3 or 4 levels should be sufficient). There are dozens of ways to structure this list and probably hundreds of items I missed. This is a work in progress, so please leave a comment and let me know what you would change/add/remove. I’ll keep updating it until everyone feels good about it. After that comes the visualization…

HIT Categorization Hierarchy – Take 5

  • Clinical
    • EMR/EHR
      • Ambulatory
      • Specialty
      • Anti-Retroviral Treatment (ART) Focused (common in areas with high HIV/AIDS & TB prevalence)
    • eRx (CPOE)
    • Clinical Decision Support
    • Digital Imaging & Archiving Systems (e.g. PACS)
    • Medical Devices & Equipment
    • Clinical Document Management
    • “Personalized Medicine”
  • Hospital/Clinic Management
    • Physician Office Management Information System (POMIS)
    • Hospital Management Information System (HMIS)
    • Accounting
    • Patient Billing
    • Claims Processing
    • Human Resource Management
    • OR Scheduling
    • Appointment Scheduling
    • Lab/Pharmacy Management
  • Public Health & Biosurveillance
    • Public Health Reporting
    • Diesease Surveillance Networks (e.g. CDC Biomonitoring and Environmental Public Health Tracking Network)
    • Vital Registry (Birth, Death, & Marraige Records)
  • Consumer-Oriented Technologies
    • Personal Health Devices (e.g. WAN-enabled weight scale, phone-enabled glucose monitor, etc.)
    • Personal Health Applications (i.e. exercise & weight tracking)
    • Patient Portals
    • Personal Health Records (PHR)
    • Health-centered Social Networks (Patients Like Me, 23andme, etc.)
  • Medical References
    • Drug references (for docs and patients)
    • Medical references (like WebMD, also for docs and patients)
  • Research
    • Genomics
    • Medical data warehousing
    • Clinical Trial Recruitment, Management, etc.
  • Regional & Systems Level Health Information Systems
    • Vitals Registration
    • Health Information Exchange (HIE)
    • National Health Information Network (NHIN)

A special thanks to the Twitterers that have already helped me on this: @chadosgood, @oneofthefreds, @ChristineKraft, @ePatientDave, @MedC2, and my good friend Jake. And a shout out to Sam Adam’s HIT Primer on his blog, IT (R)EVOLUTION, that helped get me started.

A few other helpful sources:

HIT/Privacy Timeline from Stimulus Bill

From Dr. John Halamka, CIO of CareGroup Health System in Boston, MA (original post here: The Timeline for ARRA Privacy Provisions), a bookmarked PDF-version of the American Recovery & Reinvestment Act that highlights sections relevant to HIT & privacy: http://ecommons.med.harvard.edu/ec_res/nt/A3B4A28D-987B-4271-B003-5A877B4F4E38/arrabookmarks.pdf

The rough timeline is below:

Upon enactment (February 16, 2009)

  • Application of new tiered civil penalties based on the nature of HIPAA violations, up to $50,000 per violation and an annual maximum of $1.5 million (Section 13410)
  • Enforcement by State Attorney Generals for offenses occurring post enactment (Section 13410e)

Within 45 days of enactment (April 3, 2009)

  • Appointment of HIT Policy Committee members (Section 3002b)

Within 60 days of enactment (April 18, 2009)

  • HHS Secretary will issue guidance on methodologies and technologies that render information unreadable (Section 13402)

Within 180 ays of enactment (August 16, 2009)

  • HHS and the Federal Trade Commission will promulgate interim final regulations on notification of breaches. The FTC rules will apply to breach notification by PHRs that are not covered by HIPAA or Business Associate agreements (Section 13402, 13407)

By December 31, 2009

  • HHS must adopt through rulemaking the initial prioritized set of standards which should include the accounting for disclosures (Section 3002b)

Due within one year post enactment (February 17, 2010)

  • The Secretary will appoint a Chief Privacy Officer (Section 3001)
  • The Office of Civil Rights and HHS will launch an education initiative to improve public transparency on the use of health information (Section 13403)
  • The Government Accountability Office will report on best practices for disclosures for treatment and use of electronic informed consent (Section 13424)
  • HHS will report on and provide guidance on de-identification (section 13424c)
  • Covered entities must enter into Business Associate Agreements with PHRs, HIEs, and other services that handle projected health information (Section 13405e)
  • HHS will issue rules on opting out of fundraising solicitations (Section 13406)
  • HHS will report on guidance on the effective technical safeguards for carrying out the HIPAA security rule (Section 13401c)
  • HHS and the Federal Trade Commission will report on privacy and security requirements for PHR vendors and applications

One year post enactment (February 17, 2010)

  • HHS and the Office of Civil Rights clarify application of criminal penalties for non-covered entities (Section 13409)
  • HHS to issue rules on which entities are required to be business associates (Section 13401)
  • Right to restrict disclosures to health plans for services paid for out of pocket (Section 13405a)
  • HHS Secretary required to conduct periodic audits of entities covered by HIPAA (Section 13411)
  • Right of electronic access of records by patients takes effect (Section 13405e)

Within 18 months of enactment (August 17, 2010)

  • HHS guidance on minimum necessary data (Section 13405c)
  • Regulations regarding sale of data prohibition which take effect 6 months post promulgation (Section 13405a)

By 2011

  • Initial deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired after January 1, 2009 (Section 13405c)

24 months post enactment (February 17, 2011)

  • Clarification of ability to pursue civil penalties when criminal penalties are not pursued (Section 13405)

By 2012

  • Regulations for methodology for distributing penalties or settlement money to harmed individuals (Section 13410)

By 2013

  • Extended deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired after January 1, 2009 (Section 13405c)

By 2014

  • GAO will report on the impact of ARRA (Section 13424)
  • Initial deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired before January 1, 2009 (Section 13405c)

By 2016

  • Extended deadline for complying with new accounting and disclosure rules for information kept in EHRs acquired before January 1, 2009 (Section 13405c)

US Behind in HIT Spending – Stimulus Insufficient

Despite the fact that the US spends nearly twice as much on healthcare as any other country, the US is as much as 12 years behind other OECD countries in health information technology investment. See the Commonwealth Fund’s entry on Health Care Spending and Use of Information Technology in OECD Countries.


The American Recovery & Reinvestment Act of 2009–the Stimulus Package–apportions $19 billion for investment into the HIT infrastructure in the US. As much as $3 billion goes to the Office of the National Coordinator (which will now be codified) and other standards creating bodies. The remaining amount will be given to providers primarily through increased Medicare reimbursement. If divided evenly, each hospital would receive approximately $11 million. A substantial sum, but hardly close to the $200 million over 3 years required in a typical implementation at a 300+ bed hospital. Only 10% of hospitals currently have full electronic health records. Another 20-30% are in planning or implementation stages. The stimulus may encourage more providers to enter the planning stages and will help along those already in the process during difficult economic times. But $11 million for the remaining 60-70% is entirely insufficient.

Evidence shows that the only providers that stand to get a return on investment in HIT are large network providers with geographically distributed practices, such as Kaiser or the VA. This makes sense, as the administrative cost of sharing information is high. The early adopters (the 10%) consist of these large networks and a few providers with well-funded, forward-thinking CIOs. The 20-30% currently planning hope to break even at best and justify the investment by improved patient care (especially through CPOE). The rest are mostly too small to realize significant cost savings and will likely need much more than $11 million to break even.

Congress approves $19 billion for health IT

Excerpt by Andrew Noyes, Congress Daily from NextGov.com

Deal Leaves Money, Language On Health IT Mostly Intact

The compromise stimulus deal leaves much of each chamber’s proposed funding for health information technology intact, according to an overview circulated by House Speaker Pelosi Wednesday and a preliminary summary of the compromise that was subject to change. The final package provides $19 billion to encourage nationwide adoption of electronic medical records, with $17 billion for Medicare and Medicaid incentives for federally qualified health centers, rural health clinics, children’s hospitals, and others. The Senate version, which won approval Tuesday after members stripped out $100 billion, included $16 billion for Medicare and Medicaid incentives, about $2 billion less than the House plan that passed last month. The Senate also imposed a $1.5 billion cap on incentive payments to “critical access hospitals,” while the House included no such language. Conferees reportedly accounted for those facilities, but it is unclear whether the cap remained.

The negotiated stimulus would provide temporary bonuses of as much as $64,000 for physicians and up to $11 million for hospitals that adopt e-health records, the summary document stated. Medicare penalties for noncompliance would also be phased in starting in 2014. The package would also codify the HHS Office of the National Coordinator for Health IT and establish a transparent process for developing standards for e-health records by 2010. An immediate $2 billion would be available to HHS for health IT infrastructure, training, telemedicine, and other grants. The Senate had previously asked for $3 billion, while the House wanted just over $2 billion.

The package would also expand federal privacy and security protections for health IT, such as requiring that an individual be notified if there is an unauthorized disclosure or use of their health information and requiring a patient’s permission to use their personal records for marketing purposes. Details had not emerged by presstime about whether complaints by the privacy community had been addressed. Some watchdogs pressed conferees to take specific steps to close what they argued were marketing loopholes left open in the House and Senate versions as well as make changes to breach notification language. Several sources said they believed a House provision mandating healthcare operations rules from HHS had been dropped entirely. Providers complained the regulations could have required either prior patient consent or the use of de-identified data before information could be exchanged.