Dear Parent Who Refuses to Immunize Your Children: Are Going to Refuse the COVID-19 Vaccine?

Dear parent who refuses to immunize your children:

None of us are immune to the COVID-19 virus, so it is rapidly spreading through our communities causing unimaginable changes to our lives.  This infectious disease is directly impacting your family.  Neither you nor your children nor their grandparents are immune.  Although your children are not in the age group considered at higher risk for severe illness, their grandma and grandpa are.  So if your children get a fever or cough this week, be sure to keep them away from your parents.  Also, since you are not immune, you can catch COVID-19 from your kids.  When you get infected, you may not feel any symptoms for 2-14 days, but during that time you are infectious and can spread it to other people, like your parents.  So if your children have a fever and cough, you should stay away from your parents for at least 14 days AFTER your children get well.  Your parents at much higher risk of death from COVID-19 as compared to the flu, so please protect them.  And take care to protect yourself, as your risk of dying from COVID-19 death is higher than for your children.  And even though your children have a very low risk of dying from COVID-19, it is not a zero chance.

You can clearly see how devastating this infectious disease is impacting your family and our society. When is it going to stop?

When a child or parent recovers from COVID-19, they will likely have at least temporary immunity to it.  Once 50-80% of us have been infected and gain that immunity, the virus will have difficulty finding a human host to infect.  This is called “herd immunity”.  Herd immunity will result in the death of the COVID-19 epidemic.  It is possible that it will re-emerge later if herd immunity drops down too far.  At this time we don’t know for how long we will individually remain immune to COVID-19 after recovering from it.

But when a vaccine becomes available, we will be able to artificially induce immunity in our children, ourselves and our parents. And if boosters are needed to prevent herd immunity from dropping, we will be able to get booster shots.

One thing for sure is that you don’t ever want to live like this ever again.

But the truth is that this is actually NOT unimaginable. This was once polio. This was once measles. This was once whooping cough. This was once rubella. Haemophilus meningitis. Meningococcal meningitis. Diphtheria. Tetanus. Pneumococcus.

Currently our society is protected against these infectious diseases because we can artificially induce immunity through childhood vaccines. But your children are not protected against them.  And if enough parents refuse to immunize their children, the herd immunity in our society will fall below the level needed to prevent the next infectious disease epidemic.  The next epidemic could be polio, measles or pertussis.  Children and adults can die from diseases we can prevent through vaccinations, in some cases with higher death rates than COVID-19.

So when a COVID-19 vaccine becomes available, are you going to refuse to immunize your children?  And are you going to continue to refuse to immunize your children against the other infectious diseases that used to cause epidemics and kill people?  If so, just know that your fears are placing your parents and other children at risk of dying from a preventable disease.

Autonomic Angst Conjured By The Word-Which-Must-Not-Be-Spoken to Physicians

If while speaking to a group of physicians you use the word “provider” before you come to your important point, you will never get your point across.  In fact, you may not even get another sentence in, such is the autonomic angst conjured by the word-which-must-not-be-spoken

Most physicians resent being called the word-which-must-not-be-spoken, and some are instantly enraged by it.  Protect your valuables should you let it slip out of your mouth.  It is felt by physicians to be demeaning and disrespectful.  There are many reasons given for this, but I think the root cause is that the word-which-must-not-be-spoken is intertwined with bureaucratic red tape that has increasingly constrained the practice of medicine, especially over the past decade.  For example, the CMS Meaningful Use, PQRS and MIPS payment programs are all written for “eligible providers”.   Literally thousands of pages of rules, regulations and policies that impact the day-to-day activities of those who are said to be a word-which-must-not-be-spoken.   

Who wouldn’t resent such a word?

This happened because the word-which-must-not-be-spoken was adopted by policy writers for the rules and regulations associated with Medicare and Medicaid, as well for private insurance payors, to lump together all of the clinicians they pay for providing health care services to their clients.  To make it easier to write such regulations and policies, a single word was chosen to describe all the people that this word intentionally lumps together--physicians (M.D.s and D.O.s), nurse practitioners, physician assistants, podiatrists, chiropractors, dentists, anesthesiology assistants, audiologists, certified nurse-midwives, certified registered nurse anesthetists, clinical nurse specialists, clinical social workers, occupational/physical therapists, psychologists, registered dieticians and speech language pathologists to name a few. 

It sounds reasonable to lump all those people in with one word when writing policy rather than writing the whole list every time, doesn’t it?  But the word-which-must-not-be-spoken has unfortunately spilled out of regulatory-speak into common vernacular.  Personally, I can verify that after reading a 400-page CMS rule where the word-which-must-not-be-spoken is used over a thousand times,  it gets imprinted on the brain and difficult to avoid using for several weeks afterward.  So now PCPs are not primary care physicians anymore, but instead are called primary care words-which-must-not-be-spoken

So, one may ask, why did the policy writers not call us clinicians instead?  That would be more palatable. 

Well, the issue is that CMS and private payors also pay “entities” such as acute care hospitals, long-term health care facilities, physician practices and other clinical facilities and practices.  All of these entities are also considered to be “providers”, but they are not clinicians. 

Since entities do not have independent thoughts or feelings, they are not offended by the word-which-must-not-be-spoken, so you can call them providers without fear for your valuables.  In my opinion, it would have been better for policy writers to differentiate clinicians (people providers) from entities (facility providers), but that boat left the dock more than a decade ago.

I admit to being rankled for many years by the word-which-must-not-be-spoken, but I've gotten over it.  If one ignores the connotation of the word due to its overuse in bureaucratic red tape, it is really not such a bad word.   In fact, look it up in the dictionary, and you will see it is actually a word one should be proud to be called. 

Although I understand the autonomic angst conjured by the word-which-must-not-to-be-spoken, as it has been thoroughly butchered by government policy writers, at the end of the day call me a "provider of quality healthcare" and I'll go home happy.

Or just call me "Matt".

Matt Murray, M.D.

Provider of Quality Healthcare


Does use of a Scribe in the Emergency Department Increase Productivity and Improve Patient Flow... Yes, But...

Does use of a scribe to document in an electronic health record (EHR) increase an ER physician’s productivity?  Do scribes improve ED physician’s satisfaction with their profession?  Do scribes help improve ED patient flow? Well, overall yes, scribes improve productivity, but not necessarily for all ED physicians.

I am a pediatric ER physician and my pediatric emergency department (ED) has a scribe program.  Use of scribes was "free" until 3 years ago when our organization decided to stop paying for scribes.  A compromise was made, though, with ED physicians--we could individually decide to continue using scribes, but would have to pay half the cost.  All but 2 of 28 ER physicians decided to continue using scribes.  The cost is essentially covered by seeing a couple additional patients each shift.  Clearly the majority of us feel scribes improve wRVU production by more than that.  And since ED physician productivity is one of the main factors within the ED patient flow diagram, increased productivity correlates with fewer bottlenecks and overall improved ED patient flow. One colleague told me he sees a 20% decrease in productivity when he does not use a scribe, but the degree of impact varies from physician to physician in our group.  Part of the increased productivity has to do with tasks a scribe can do other than EHR scribing, like fetching this or that.  And in some cases, it looks like scribes help physicians cherry-pick lucrative patient cases---don't get me started on that one (I finally figured out why I never got to see the known appy patients that got transferred in).

All of our most highly productive ER physicians use scribes.  In addition to being naturally gifted "fast" physicians, they spend less time on documentation during their shift.  Most of their notes are in draft form at the end of the day.  Some will spend 45-60+ minutes editing and signing notes after their last patient, but most will go home and complete the notes 1-2 days later.  I think scribes are particularly valuable to those faster-types of physicians, both for productivity and for physician satisfaction.  Scribes allow them to maintain a fast pace with less work to do after their shift to complete charts.  

I am one of the two exceptions who chose not to pay for a scribe.  Both of us take a methodical approach to seeing patients, hence neither of us are in the high productivity range, but neither of us saw our productivity drop.  In fact, I eventually found that I could see more patients without a scribe.  Most of my notes are completed and signed when the patient is discharged, and typically the rest of my notes are completed within 30 minutes after seeing my last patient.   My method of working requires me to spend a lot more time documenting during my shift as compared to "fast" physicians, unless its crazy busy when documentation simply has to go out the window for the sake of getting patients seen and properly cared for. 

Why would some physicians like myself be faster without a scribe?  This would be a great subject to study.  In my individual case I feel it has to do with how my mind processes information and my method of working.    

First, I am 59 years-old, and the framework for my thought processing in previous decades was built around formulating a plan as I wrote out my ED note on paper.  When EHR and scribes came along, I found it difficult to process information and formulate a plan while verbalizing information to a scribe, so I ended up using a small notepad to write brief notes to help me "think" as I spoke to the scribe. I apparently need to see the words to help me plan. With voice recognition I can see my words going onto the screen, similar to when I saw them going on paper, and I thus find myself better able to process information and formulate a plan simultaneously.  Second, although I'm older and not as efficient using a keyboard as my younger colleagues, I'm tech savvy.  After eliminating use of scribes I found ways to leverage voice recognition and certain personalization tools in our Epic EHR.  Using our voice-recognition tool I created HPIs, MDMs, critical care templates and discharge instructions with built-in [macros].  I also created voice commands to dictate frequently used smartphrases that can be built in Epic.  Whenever I found my hands leaving the mouse and dictation device to reach for the keyboard, I would make note of that and later on think about ways to eliminate the need for a keyboard in that particular situation using voice recognition or personalization tools within the Epic EHR.  For frequent point-and-click actions (i.e. Save, Enter, Order, Open My Note....) I programmed buttons on the dictation device which significantly reduced mouse clicks.  Thus, I now spend most of my day with one hand on the dictation device and the other on the mouse, and happily see more patients without a scribe.

So in our group nearly all of the ED physicians subjectively feel scribes improve their productivity and, as a result, improve ED patient flow.  Even when the organization reduced reimbursement for the scribe service to 50%, nearly all chose to pay for their scribe service.  At least one ED physician sees a 20% decrease in productivity without a scribe, but the degree of impact varies from physician to physician..  And finally, the two ED physicians who decided not to pay for a scribe were able to maintain, or even increase, their productivity.    

Prayers and Praise from an ER Physician for the Spiritual Marrow of Hurricane Harvey Victims

I am more than 400 miles from the Texas Gulf Coast, and I am a different person today.
I rarely write about my professional experiences as a pediatric emergency physician in Digitized Medicine.  After all, this blog "belongs" to my other passion which is to promote the maturation and use of health IT to improve the quality of healthcare.  But I had an extraordinary experience in the emergency room yesterday that connected the dots between personal face-to-face care and use of health IT to improve care.  It was extraordinary in how it led me on a personal journey to seek a better understanding, or perhaps acceptance, of human suffering under God's benevolent watch. 
In the ER I cared for a young boy whose family from Port Arthur, Texas, currently "resides" in a Fort Worth public shelter as a Hurricane Harvey flood victim.   In order to get medical record information on this displaced patient, I called the Greater Houston HealthConnect (GHH) which is a regional health information exchange (HIE) that remotely stores electronic health information for over 4 million patients from the Houston/Beaumont region in southeast Texas.  For patients in the Corpus Christi area the HASA HIE similarly stores patient information.   The HIE help desk representative took my name/phone number and told me I would receive a call-back in a few minutes from an HIE representative who was physically working at a Houston flood shelter.  Less than 5 minutes later I received that call.  It was as noisy in her background as it was in my ER.  The HIE rep asked me for the patient's demographic information, then found him in their database within one minute.  There was information from several hospital visits recorded that we together browsed through for a couple of minutes.  She would describe the types of online information available while I provided direction on what to skip and what to drill down into.  Although available data on this patient was sparse, our findings gave evidence to my initial diagnostic impression and reduced the risk of chasing unlikely etiologies of the patient's condition.  Considering the circumstances, I found the experience efficient and valuable.  
So if you are a physician seeing a displaced Hurricane Harvey victim, you may find HIE services useful for accessing additional medical record information:
  • For patients from the Houston/Beaumont/Port Arthur region, call 832-564-2599 (GHH)
  • For patients from the Corpus Christi area, call 210-918-1361 (HASA)
  • More information is available on the Texas Medical Association website


Those are the facts of the story along with some practical advice.  But on a personal level I am a different person today.  

Before entering the room I reviewed nursing notes which informed me that this young boy and his mother had been sent from Fort Worth's emergency shelter.   I took a moment to mentally prepare myself and entered the room.  Since nature had physically displaced this mother from her home, family and friends, I felt sure I would see and feel the emotional strain that such isolation must yield.  Despite this preparation my heart pierced and spine shivered as soon as I looked into mother's eyes.  They were deep and disturbingly languid.   But I was honestly not prepared for a different feeling--one that was difficult and seemed to come from within my own being--that slugged me in the gut as we sat face-to-face.  I did not understand in that moment exactly what I was feeling.   I had a job to do and just got busy serving this family to the best of my ability.
I understand through training and experience that physicians should remain aware of the potential transference of emotions from patient to physician.  So after my ER shift I took some time at home to quietly discern what it was that struck me so harshly.  I recognized that I had indeed felt the transference of emotional fear from homelessness and loneliness due to isolation.  But I gradually came to realize the most disturbing emotion--the one that sucker-punched me--actually originated from within myself.  It was my own personal thoughts and feelings about this mother's worldly disempowerment that pierced my heart and shook my spine as we sat and spoke.     
However, while in the room I also sensed something else in the fabric of this young mother's framework that served as a basis of survival, even if just by a thread.  Afterall, she had made it to an unfamiliar hospital with her ill son from a flooded home more than 430 miles away.  I was sure she must have some physical and mental attributes that served as sources of some strength, but I felt something much deeper.  As I later reflected on this, I came to firmly believe that this young mother's core framework of strength must be built around her spiritual marrow.   A marrow encased in bone that nature cannot break.  A marrow with everlasting spiritual empowerment.  A marrow undisturbed, and even strengthened, by worldly strife.  
With these thoughts in mind I turned to the book of Psalms.  I found a chapter that spoke to me about the spiritual marrow of righteous people who nevertheless are afflicted with suffering:   
Psalm 34:19-21

The LORD is close to the brokenhearted, saves those whose spirit is crushed.  Many are the troubles of the righteous, but the LORD delivers him from them all.  He watches over all his bones; not one of them shall be broken.

I give praise to God's gift of spiritual marrow.   I pray for all victims of natural disaster.   Love and blessings to each of them.  

Although the behavior of one EHR vendor was wrong, more serious problems are inflicted by government-run EHR certification criteria

This week eClinicalWorks resolved a lawsuit by agreeing to pay $155 million for falsely claiming it met Meaningful Use (MU) EHR certification criteria.   Although the alleged behavior of eClinicalWorks was wrong, we have much more serious problems inflicted by the government-run EHR certification criteria.  

The business of EHR vendors is to gain clients and earn profits.  Developing innovative tools that help physicians care for patients should be the primary focus of their business.  Instead, vendors are held hostage to government-run certification criteria that are constantly changing and sometimes ambiguous.  While I do not condone the apparent behavior of eClinicalWorks, I am much more concerned about the  certification processes that led to this situation.   

The certification process evolved out of the 2009 HITECH Act that promoted the use of EHR technologies by offering incentive payments to hospitals and physicians who successfully adopted and used EHRs.   This resulted in an unprecedented rush of business for EHR vendors.  While EHR vendors began ramping up resources to meet the demands of the sales cycle and EHR implementations, they were also hit with government-imposed EHR certification criteria--criteria that are still changing frequently and sometimes are ambiguous.  This exponential increase in EHR client demands along with rapidly changing certification criteria crushed EHR vendor resource availability.  This constraint on resources forced them to focus on developing and testing EHR products to meet the specific certification criteria required by the government.  In my opinion, the unintended consequence of overwhelmed EHR vendors is that they then did not have available resources to focus more on:

  1. Improving usability
  2. Identifying and managing patient safety risks inherent to EHR use
  3. Developing innovative tools and functions that actually improve how physicians care for patients 

As a result, EHRs were developed to meet MU EHR certification criteria, but failed to improve poor usability.  EHR products could meet certification criteria, yet fail to adequately address patient safety risks associated with implementation and use.  And the constraint on EHR vendor resource availability remains an impediment to the development of innovative tools and functionalities that EHR vendors really should be focusing on today.

Physicians do benefit from EHR certification by reducing risk during the EHR selection process.  That is why the Certification Commission for Health Information Technology (CCHIT) was created in 2006 as an independent, not-for-profit group.  CCHIT certification was based on a consensus of stakeholders who determined core functionalities that a basic EHR should provide.  I participated in that effort, albeit in a brief, very small way (providing some input on pediatric core criteria).  I recall we were careful to avoid requirements that could hinder EHR product innovation.  CCHIT ceased operations in 2014 after the government created the MU EHR Certification program.  

CCHIT certification was much less prescriptive than what the government imposes today.  Less prescriptive EHR certification was, in retrospect, the right approach to take.  And we did it without government involvement.  Government works at its own hindered pace, and that pace is much slower than what an unencumbered EHR market could accomplish.  I think the government needs to get out of the EHR certification business.   But whether government remains involved or not, the EHR certification process needs to learn from CCHIT and rely more heavily on building consensus of physician stakeholders.  We will do what is best for our patients.    

So, this week one vendor was called out by the government for false claims regarding EHR certification.  But that one vendor is really not the problem.  The real problem is that the development of all EHR products has been, and still is, impeded by the government's EHR certification program.  

Matt Murray, MD

cook children's health care system..

Here we go again, forcing physicians to use technology that is not yet mature

Here we go again, forcing physicians to use technology that is not yet mature.  Texas House Bill 2743, if adopted, would require physicians in Texas to use electronic prescribing (e-prescribing) for controlled substances.   

While I agree with the goal (physician adoption of e-prescribing for controlled substances), the proposed tactic imposes requirements on the wrong stakeholder.  If e-prescribing tools and associated work flows were intuitive, effective, seamless and safe, then there would be no need to require physicians to use e-prescribing.  Physicians naturally gravitate toward technologies that are easy-to-use, safe and effective or time-saving.  I don't see many physicians writing checks now that debit cards are easy to use nearly everywhere we go.  The adoption of robotic surgery and MRI scans come to mind as well.

So to reach the desired goal, should not the state representatives instead require e-prescribing vendors to bring mature, useful products to the market?   Should we not require NCPDP, the organization that develops standards for script transmissions, to more rapidly develop standards needed to close gaps in current functionality and usefulness?  

My ER patients rarely prefer a written paper prescription.  But sometimes the patient wants a paper Rx because they just came from out-of-town, or they want to shop around for a 24-hour pharmacy in the middle of the night, or for other occasional, sometimes unusual reasons.  One of my patients preferred a written prescription because she liked how prescription paper smelled.  You might successfully guess the category of medication she received.  

It is rarely in the best interest of  my patients for me to write a prescription rather than to e-prescribe one.  Unless my e-prescribing system is down, or my patient tells me they prefer a paper prescription.  Or if I'm prescribing a narcotic, because my EHR vendor has not yet enabled my e-prescribing system to do so.  In my case it will take a major upgrade to get that done.  And I have not yet gone to a Federally-approved credential service provider (CSP) or certification authority (CA) to be "identity-proofed" so that I can obtain a two-factor authentication credential or digital certificate which is required to use e-prescribing for controlled substances.  I'll go through that hassle when my vendor enables the controlled substance e-prescribing tool.  And that upgrade will cost my organization a lot to implement.  

In the doctor's real world e-prescribing tools are not easy-to-use, intuitive or hassle-free.  Instead they are cumbersome and remain prone to some easily-preventable medication errors. In the real world of the pharmacist, it is not efficient to manually transcribe  into their own system the e-prescription information I sent.  They might have to use two screens to accomplish that task, or they might print my e-prescription and then transcribe it into their system.  That printer is likely to be in the far corner of the room.

 So in the real world Texas House Bill 2743 makes little sense.  I urge our state representatives to focus their tactics on the real problem--immature e-prescribing tools and processes.   Stop imposing unnecessary risks on physicians and patient care.  

Matt Murray, M.D.                                                                                                                                                                 cook childrens 

AMA Throws Support Behind Development of a National Health IT Safety Center

It is remarkable to sit down one night to write a policy proposal, then 6 weeks later see it become new national policy at the American Medical Association (AMA), even if it does get watered down a little bit in the process.   That's what happened when, as Chairman of the Texas Medical Association's  (TMA) ad hoc Health IT Committee, I wrote a resolution in support of a National Health IT Safety Center--I did so after observing discussions at our April 28th meeting in Dallas, TX, being dominated by concerns of electronic health record risks to patient safety that physicians encounter daily in their practices.  Today the AMA House of Delegates approved that proposal as new AMA policy.  As a result, the AMA will work with the Office of the National Coordinator of Health IT to move forward the concepts of a National Health IT Safety Center.    

This proposal was successful through assistance from TMA staff, input from a smart, reputable committee and a little bit of luck getting around corners.    And, of course, the proposal is completely based on previous work done by those involved in EHR risk management research and policy development.  Some of those people are referenced in the policy proposal's citations.  Here is the accepted resolution with the amendments:




Madam Speaker, your Reference Committee recommends that Resolution 240 be adopted by addition and deletion to read as follows:   

RESOLVED, That our American Medical Association support the Office of the National Coordinator for Health IT (ONC) efforts to implement a Health IT Safety Center urge Congress to create a National Health IT Safety Center that can implement an effective EHR safety program designed to reduceminimize EHR-related patient safety risks through collection, aggregation and analysis of data reported from EHR-related adverse patient safety events and misses (New HOD Policy).  


Madam Speaker, your Reference Committee recommends that Resolution 240 be adopted as amended.

HOD ACTION: Resolution 240 adopted as amended.

Resolution 240 asks that our American Medical Association urge Congress to create a National Health IT Safety Center that can implement an effective EHR safety program designed to reduce EHR-related patient safety risks through collection, aggregation and analysis of data reported from EHR-related adverse patient safety events and near misses. (New HOD Policy) Your Reference Committee heard supportive testimony for Resolution 240. However, testimony noted that the Office of the National Coordinator for Health Information Technology (ONC) was already working to establish a Health IT Safety Center with similar functions. To avoid duplicating efforts, an amendment was offered to support the ongoing activities of this safety work. Your Reference Committee agrees with the goal of this Resolution and the importance of ensuring the safety of new technology. We agree that our efforts should build off of existing progress in this area. Therefore, your Reference Committee recommends that Resolution 240 be adopted as amended.

Matt Murray, M.D 

Matt Murray, MD

Cook Children's 

Increasingly hazardous healthcare environment should urge Congress to create a National Health IT Safety Center

Discharge instructions for a child’s insulin dose were correctly entered into the electronic health record (EHR), but when the mother received the printed instructions there was a decimal point error resulting in a 10-times dosing error.  This error was fortunately noticed by the bedside nurse and corrected manually.  I reported this near-miss to the EHR vendor and they corrected the technical problem.  However, when I asked vendor representatives whether or not this problem was being corrected with other physician clients across the country, they informed  me that no other client had reported such a problem. 

This is analogous to a situation where an airbag explodes and sends shrapnel into your face.  You might ask the automaker whether this is a problem with their other vehicles.  They might tell you that they are not aware of others having the same problem.  However, in the transportation industry they are required to report safety incidents and near-misses.  These reports are collected, aggregated and analyzed by the National Transportation Safety Board (NTSB).  If NTSB notices a trend in airbag-induced shrapnel injuries, they will initiate an investigation.  When NTSB discovers a problem with a specific airbag that is used across multiple types of automobiles, not just the type you purchased in your own state, then they are authorized by Congress to make safety recommendations to help ensure the risk is appropriately managed across the industry.

This insulin dosing incident is one of many health IT-related patient safety risks I have encountered and resolved in collaboration with an EHR vendor.  When my experience is extrapolated to the experiences of all physicians and EHR vendors, the scope of health IT-related patient safety risks can be seen as immense.  But unlike the safety of interstate commerce produced by the auto industry that is overseen by the NTSB, the safety of interstate commerce produced by EHR vendors has no cohesive oversight mechanism.  

The lack of oversight for health IT-related patient safety incidents and near-misses creates a hazardous patient care environment that I believe is urgent for Congress to address. The threat is increasing because the Meaningful Use Program (MU) has led to an exponential increase in the use of EHRs and other technology.   As a result, physicians are assuming a higher level of risk and accountability for computer programs, networks and infrastructures that are increasingly used as tools to generate patient care actions and facilitate medical decisions.  Although health IT-related patient safety risks would best managed through a shared accountability between physicians and EHR vendors, the vendors are not currently held accountable for patient safety.  Furthermore, the aggressive MU timelines have required EHR vendors to make rapid changes to EHRs without sufficient time to align changes with efficient physician workflows or to improve the flow of data between systems.  As a result, EHRs are increasingly plagued by poor usability problems and  lack of interoperability between EHR systems--both of which are patient safety risks that physicians commonly encounter.

So it is time to urge Congress to create a National Health IT Safety Center that can implement an effective EHR safety program designed to reduce EHR-related patient safety risks.  Within this concept EHR vendors could be required to report patient safety incidents and near-misses to the Health IT Safety Center similar to how transportation safety incidents must be reported to the National Transportation Safety Board.   The Health IT Safety Center could collect, aggregate and analyze reported data.   It could have power to investigate incidents involving patient harm and require EHR vendors to make appropriate changes.  It could monitor near-misses to identify trends and risks.  It could coordinate with other agencies to develop and broadly disseminate educational information and tools that mitigate identified patient safety risks related to technology use.  

I also envision that this resolution would lead to an entity that has the authority and influence to drive improvements in EHR usability and


interoperability, which are the two most significant impediments to effective and meaningful use of electronic medical records.   




Improved Physician Practice Preparedness To Recover from EMR Downtime and Other Technology Risks is Needed

It should not take 3 weeks to restore an EMR system.  

I was not surprised when one of my colleagues told me his EMR unexpectedly "went down", as there are many threats to hardware and software--wind, fire, water, construction equipment, human error and cyber crimes to name a few.  It was the rest of his story that was so disheartening.  As he recalled the struggles that his group endured for three weeks, his facial expression contorted into what I can best describe as that of "helpless resignation".   The complexities of technology had held him and his group hostage for three weeks.   At the time of our initial discussion he was still in the "grieving" stage, so I felt it to be too early to engage in a healthy discussion about IT risk management.   He needed to vent.   I needed to listen.  

And this story exemplifies what drives me to spend time collaborating with the Texas Medical Association (TMA) and others to raise physician awareness about the safe use of EMRs.   I do not have data, but my gut tells me that the majority of physician practices underestimate how vulnerable they are to EMR threats, especially small physician practices who lack internal IT expertise.  Perhaps the recent rise in ransomware attacks will actually be beneficial.  A ransomware attack on a physician office in South Texas earlier this year has led the TMA to increase communications to physicians about the threat of ransomware and other cyber attacks.    

Until recently the focus of preventive strategies against cyber attacks has been to ensure that the privacy and confidentiality of electronic medical records (EMRs) are maintained.   HIPAA stuff.   And this is understandable since privacy breaches are expensive for a practice to manage, and such breaches have the potential to financially hurt patients if their data is used maliciously.  But ransomware attacks are different because they make a physician's EMR unusable until a ransom is paid (or the EMR is otherwise restored).  Unlike privacy breaches, ransomware attacks are disruptive to the daily operations of the practice.  It is a disruption that impairs the ability to take care of patients who are in the office as well as those who call the office.  At the end of the day the physician is left struggling to take care of patients who are sick without access to information that is really needed.  This is a "new normal" that should brightly illuminate the need for improved disaster recovery preparedness and IT risk management for physician practices.    

There are ways to reduce the threat of ransomware attacks and other health IT risks.  A thorough security risk analysis can identify weaknesses that could be targeted by cyber criminals.  Steps can then be taken to reduce the chances of being victimized.  Establishing a habit of continually identifying and managing these technical risks will further reduce the chances of an EMR shutdown.  

But one of the major obstacles is that physicians generally do not have the knowledge, expertise and time to do this themselves.  Another obstacle is that security risk analyses tools are designed primarily for large healthcare systems and do not translate well onto a small physician practice.  That is why the TMA's ad hoc Health IT Committee is currently collaborating with a vendor, a state agency and one small physician practice to hone down a security risk planning tool into something that would be feasible and effective for small physician practices to adopt.  For now physicians have to rely on consultants or train/hire IT staff to identify and manage technology security risks.

Nevertheless, no system can be 100% "downtime-proofed".  So even if a physician practice adopts best practices for security risk management, they must be prepared for a disaster to strike at any time.  After a disaster strikes, maintaining the ability to effectively care for patients must be the first priority.  I have coined the term, "clinical continuity planning", to characterize this planning.  I base the term on a similar commonly used term, "business continuity planning", which is the plan businesses develop to maintain daily operations during technology downtimes and disasters.  A physician office certainly is a business and should have a business continuity plan to maintain economic viability during disasters.  But the life-and-death nature of patient care is so unique that I believe a clinical continuity plan should be developed by each practice and be considered as the first priority in disaster planning.  Business continuity is integrated with clinical continuity and is also vital to the physician practice, but it should be considered as a lower priority.  In the real world this means that when weaknesses in security and downtime planning are identified, clinical continuity weaknesses should be addressed before business continuity weaknesses are addressed.  
The most effective protection against a ransomware attack and other types of "downtime" is to have a complete back up of EMR data and an ability to quickly restore the EMR system.  If the practice can do that, they may not have to pay a ransom, and the impact on patient care can be minimized if the back up and restore tools/processes are effective.  
With the rise of ransomware attacks I believe the primary focus of health IT risk management for physician practices should be to ensure an acceptable degree of clinical continuity can be maintained during EMR downtimes.  Secondarily, the practice should understand the tools and processes that are in place to back up and restore the EMR in the event of a disaster.  And to make sure they get tested.    The first time a physician discovers that it will take 3 weeks to restore their EMR should not be after a real disaster strikes.   
mattmurraycook children's

Cultural Change at CMS is Needed to Mend Adversarial Relationship With Physicians

CMS has issued a request for information (RFI) and invited comments on the implementation of the Merit-Based Incentive Payment System (MIPS) as introduced in the MACRA legislation that repealed SGR last April.   The legislated "composite performance score" upon which "adjustments" to physician payments will be made under MIPS consists of four categories:  Quality, Resource Use, Clinical Practice Improvement Activities and Meaningful Use of CEHRT.   Comments are being sought on many topics, including certification of EHRs, technology standards, accountability for data integrity, management of "virtual groups"  and, yes, Meaningful Use (MU).

I have three overarching comments:

1.  Adversarial relationship with physicians:  Right now government programs such as MU and PQRS are generally viewed by physicians as requirements only, not as elements of best practices that lead to quality care.  I think it is vital to change this adversarial perception.  This will involve a cultural change at CMS.  Perhaps the most important tactical change to pursue is moving away from rewarding/penalizing the achievement of specific targets, and moving toward innovative programs that reward practices for making incremental improvements in quality care.

2.   Inhibition of Innovation:  Physicians support technology innovations developing in the consumer marketplace that have the potential to improve quality of care and lower healthcare costs.   While government regulations have the potential to catalyze innovations in the consumer marketplace, they also have the potential to inhibit innovation.    Regulations that strive for high-level outcomes are generally more likely to catalyze innovation, while regulations that impose specific limits or require specific actions, mechanisms and processes are more likely to inhibit inhibition.   I believe the Meaningful Use regulations have inhibited innovation--EHR vendors have been scrambling to meet specific requirements imposed by the regulations with no evidence that these requirements would result in higher quality of care or lower costs.    To change this, we need CMS to mindfully develop government regulations that maintain a high-level focus on the achievement of quality care outcomes while avoiding the development of limitations or specific requirements, methods and processes that discourage innovation. 

3.    Fair and ethical use of quality metrics for reimbursement:   The AMA has published guidelines on the Fair and Ethical Use of Quality Metrics.    The guidelines advocate for rewarding physician practices that make incremental improvements in quality care rather than rewarding/penalizing the achievement of specific levels of performance.   Although my opposition to the use of quality metrics to impose financial penalties is aligned with these guidelines, I concede that it is difficult for a value-based model of reimbursement to completely avoid penalties.    My alternative suggestion is for CMS to incorporate tiered levels of "performance achievement" instead of the "all-or-none" requirements put in place for the MU program.  Tiered levels of achievement, with lower levels of achievement designed to avoid certain penalties and higher levels designed to provide additional rewards, will help avoid the "drop-out" rate that the MU program has experienced after Stage 1 as the levels of expected performance were increased.  Many physicians just gave up.  Even though they could achieve all but one of the requirements, that one requirement eliminated the possibility of receiving any credit.  

I  would be interested in hearing your thoughts on the implementation of MIPS by CMS.