Kimberly Leonard stories from The Center for Public Integrity

Lethal injection drug access could put executions on hold

2012-07-11T16:23:49-04:00

A federal judge’s decision to block imports of a drug used in executions will leave states to rely more on a substitute drug that could itself be getting scarce — developments that raise questions about both how these drugs are regulated and whether states will have the drugs they need to continue capital punishment by lethal injection.

Over the past three decades, lethal injection has become the primary method of execution in the United States because it is widely viewed as the most humane alternative. Thirty-five states and the federal government use this method and more than 1,100 inmates have been put to death by lethal injection.

State justice or corrections departments have conducted these executions by administering the anesthetic sodium thiopental in a lethal dosage on its own, or as part of a three-step “cocktail” in which sodium thiopental is followed by pancuronium bromide, a paralytic agent, then potassium chloride, which stops the heart and causes death.

But in late March, a federal judge blocked importation of sodium thiopental, ruling that the Food and Drug Administration (FDA) ignored the law by allowing it to be imported into the country without following regulatory protocol. The drugs were slated for executions, a purpose unapproved by the agency — and unlikely to ever be approved by the agency. Sodium thiopental is only available from overseas, because its U.S. manufacturer, Hospira Inc., stopped making it 2011, as a result of controversies over its use in executions.

Search for an alternative

The logical alternative to sodium thiopental is pentobarbital, an anesthetic that causes people to lose consciousness, sensation and memory. Since 2010, 12 state justice departments have used pentobarbital, a drug veterinarians also administer to euthanize animals, to execute 47 inmates, usually as part of a three-drug cocktail, according to the Death Penalty Information Center, a nonprofit organization that publishes annual reports on capital punishment.

With sodium thiopental now nearly impossible to access, pentobarbital is likely to become even more critical for those who want to carry out executions in the near future, Richard Dieter, executive director for the Death Penalty Information Center, told iWatch News. If the restrictions become effective, correctional departments may have to choose another drug or form of execution altogether, he said.

But pentobarbital could eventually become scarce. Most state justice departments say that for security reasons they cannot specify how much of the drug they have stored, but pentobarbital’s manufacturers for human uses have in recent months acted on a number of fronts to prevent its use for executions.

Lundbeck Inc., a Danish pharmaceutical company that manufactured the drug until late last year, sent letters last August to governors and correctional departments in 16 states — Alabama, Arizona, Florida, Georgia, Idaho, Louisiana, Mississippi, Montana, Nebraska, Ohio, Oklahoma, Oregon, South Carolina, Tennessee, Texas and Virginia — saying it did not want its drug used for executions.

When that request was ignored, the company switched from using several distributors last June to using a drop ship program, selling its product directly to health care facilities through a single distributor, Cardinal Health. In addition, every medical facility that received the drugs had to sign a document saying the product would not be used for executions or resold for that purpose.

“We stated very clearly that we’re in the business of improving peoples lives and using it for capital punishment is against what we do,” Matt Flesch, spokesman for Lundbeck, told iWatch News.

Finally last December Lundbeck sold its pentobarbital rights to Illinois-based Akorn Inc., which signed an agreement promising it would not sell the drug for the purpose of executions.

Stockpiled

For the moment, though, pentobarbital is still available. States bought supplies of the drug before distribution limitations were enacted, Flesch said, though some states may soon run out, or the drug could expire. Like most pharmaceuticals, pentobarbital has an expiration date of about 18 months.

Dale Baich, assistant federal public defender in the state of Arizona, said his state and other obtained pentobarbital some time ago. “In Arizona, the state was ordering it in 2010, along with sodium thiopental,” he said. “Other states stockpiled it.”

A spokesman for the Department of Criminal Justice in Texas, the state responsible for the highest number of executions in the country, would not specify how much pentobarbital the state had left, though he did confirm in an email to iWatch News that there was enough to carry out the seven executions it has scheduled for 2012. In Georgia, a spokeswoman also confirmed in writing that the state had “an adequate supply of all pharmaceuticals necessary to carry out lethal injections.”

But the efforts to limit the supply for executions may be having some effect. Oklahoma only has enough pentobarbital to execute three more people, said Jerry Massie, public information officer at the state’s Department of Corrections. Two inmates were executed earlier this year, and the state had purchased enough pentobarbital for five executions. Two more executions have been scheduled for 2012, and the state has more than 60 inmates on death row.

Obstacles

The use of pentobarbital is facing other challenges, as well. In several cases, judges have put executions on hold until questions about the drug can be answered. Alabama was supposed to put Thomas Douglas Arthur to death by lethal injection last week, but shortly before the scheduled execution date, a federal appeals court put his execution on hold for the fifth time over the course of his 29 years in prison, because of concerns about pentobarbital.

His attorney, Suhana Han, argued it might not knock her client out all the way. This could make the subsequent injections extremely painful, she argued, falling under the definition of “cruel and unusual punishment,” prohibited by the Eighth Amendment.

Megan McCracken, Eighth Amendment resource counsel at the University of California-Berkeley School of Law, is worried that states have simply switched to using pentobarbital in executions without much study or oversight. “There really hasn't been a thorough look at the use of this drug in a three-drug execution protocol,” she said, “where the prisoner is paralyzed, and cardiac arrest is induced, shortly after administration of the pentobarbital.”

Texas started using pentobarbital last year, and did not consult a physician in the process. The decision was made by officials within the correctional department, a department spokesman told iWatch News.

In Ohio and Washington state, the three-step execution cocktail has been scrapped altogether in favor of a single, lethal dosage of pentobarbital.

Mike Rushford, president and CEO at the Criminal Justice Legal Foundation, which supports the death penalty, is encouraging states to use this approach. The important thing is not whether states use pentobarbital or sodium thiopental, he said, but to simplify the process so the arguments against lethal injections fall away.

Regulatory limbo

Just who has the authority to decide whether pentobarbital can or should be used in executions is more than a little murky. Tightly monitoring the use of any drug is nearly impossible. The safety and efficacy of all drugs has to be approved by the FDA, but once pharmaceuticals are approved for any purpose, it is up to physicians to determine to whom and for what reasons they will prescribe them, said Ed Elder, director at Lenor Zeeh Pharmaceutical Experiment Station at the University of Wisconsin-Madison.

The FDA-approved uses for pentobarbital include short-term treatment for insomnia and seizure control for patients with epilepsy. It is not FDA approved to alleviate Reye’s syndrome, a disease of the brain and liver, though some physicians have prescribed it for that purpose.

It is also not FDA-approved for use in executions or for the use of anesthesia, but it’s not clear the FDA believes that’s its business. A spokeswoman declined to comment on the FDA’s role in overseeing pentobarbital for the use of executions, but spoke generally of the agency’s practices. “FDA has authority to take both administrative and judicial actions to protect the public from dangerous and illegal products, to punish persons and companies who violate the law, and to deter violations,” she said.

Elder said drugs for the use of executions may fall outside their oversight definition, and in the past the FDA has publicly taken that stance. “The use of drugs for an indication that doesn’t involve making people well is contrary to what the FDA is trying to do with approving drugs,” he said.

In 2008, the Supreme Court upheld the constitutionality of the three-drug protocol that Kentucky used for lethal injections. The state was using the former drug, sodium thiopental, as its anesthetic. The high court hasn’t said anything about pentobarbital, but several federal courts and the Florida Supreme Court have signed off on it.

Rushford from the Criminal Justice Legal Foundation sees the concerns raised about legal injections as merely the latest effort by groups whose mission is to thwart the death penalty. “These are claims by people who wouldn’t want to execute any murderer under any circumstances by any means,” he said.

VIDEO: Four commonly asked questions about patient medical information

2011-12-30T21:36:30-05:00

The Center for Public integrity interviewed Harley Geiger, policy counsel for the Center for Democracy & Technology (CDT), about why patients should request a copy of their health records from their doctor.

The questions are based off a guide CDT issued on its website. It discusses the rights patients have to their health information and how they can correct errors that might appear in their record. It also details how they can protect their medical information.

VIDEO: Changing behavior for health IT funding

2011-12-26T11:36:02-05:00

Providers of mental health and substance abuse treatment were frozen out of a $27 billion federal fund for conversion of medical records from paper to electronic form. That doesn’t make sense to them — or to their clients. So now they’re fighting for a piece of the pie on Capitol Hill.

A Center video takes a look at the controversy — on the front lines and in the corridors of power.

Panel recommends new agency to investigate safety of health information technology

2011-11-08T13:56:08-05:00

Health information technology has been touted as crucial to better health care, but a new report says an entirely new agency is needed to investigate this largely unregulated sector, which can also injure or kill patients if it’s not operating properly. In pushing for a new entity, the respected Institute of Medicine, an independent research and advisory organization, is explicitly advising that the Food and Drug Administration (FDA) not be tasked with the job at this time — a recommendation that is bound to be controversial.

The eagerly anticipated report, titled “Health IT and Patient Safety: Building Safer Systems for Better Care,” will be publicly released Thursday. A copy was obtained by iWatch News. The study details nine other recommendations for how to ensure patient safety when doctors and other health care providers use health information technology, or health IT. The findings from the report were presented October 28 to the Department of Health and Human Services (HHS) and its agencies.

The question of who should regulate these devices comes at a time when the federal government is pushing the use of health IT through a $27 billion dollar portion of President Barack Obama’s 2009 economic stimulus. The initiative includes programs that award financial incentives for providers who use electronic health records and an additional $550 million in grants to states for creating exchanges that allow the sharing of clinical data.

But the push is occurring so far without any agency really ‘watch dogging’ the safety of health IT — the software, hardware and systems that record and manage patients’ health information. These expensive devices by and large have not gone through any regulatory checks for safety in the way that food, drugs and other medical technology must; most of that oversight is handled by the FDA. But at the moment, no one is required to report instances of harm caused by health information devices and no government agency currently monitors their safety.

“With all of that money, marketing and public outreach, most simply affirm the value of health IT as an article of faith, rather than investigate it via careful evaluation,” said Ross Koppel, adjunct professor of sociology at the University of Pennsylvania and its School of Medicine, and investigator for RAND Corporation. He is listed as one of the reviewers of the report.

Though a variety of studies have concluded that the use of health IT may improve patient safety, mistakes made in the systems or difficulty using the technology can lead to serious injury or death, according to the report. An allergy might be omitted from a computer record, for example, or an incorrect medication dosage might be recorded. In Rhode Island, a Lifespan computer glitch caused about 2,000 patients to receive the wrong types of medications. In another instance in March 2009, an unattended patient suffered multiple seizures for hours after a computer failed to alert doctors the patient was moved from the intensive care into their ward.

As reports of patient harm began to emerge, the federal Office of the National Coordinator (ONC) for health IT asked the Institute of Medicine (IOM) a year ago to establish a Committee on Patient Safety and Health Information Technology to make recommendations to the government about how to maximize health IT safety.

In its report, the IOM committee says the FDA would likely restrict market innovation in health IT, which could also jeopardize patient safety. Stringent regulations “can negatively impact the development of new technology by limiting implementation choices and restricting manufacturers’ flexibility to address complex issues,” the report says. The FDA currently receives voluntary reports of health IT-related incidents, but has no resources or protocols through which to take action; the agency has long fought a losing battle with health IT vendors over trying to monitor the technology.

The report also notes the agency does not have the investigative capabilities, funding or manpower to regulate devices such as electronic health records, personal health records or health information exchanges.

FDA representatives said the agency would not respond to the report because the Department of Health and Human Services was taking the lead on the issue. The Institute of Medicine also declined to comment because the report has not yet been made public. ONC, which is part of HHS, did not respond to repeated requests for comment.

To adequately oversee health IT safety, the committee recommends that the secretary of health and human services create and fund a new independent watchdog agency, along the lines of the National Transportation Safety Board. Like NTSB, the new agency would conduct investigations and make recommendations for all stakeholders, including the secretary of the health and human services, vendors and health care organizations. Vendors of the technology would be required to report adverse events, while reporting would be voluntary for clinicians. Like NTSB, though, the new agency would also have no enforcement power.

The panel also recommends that the HHS secretary publically report on the progress of health IT safety each year, beginning in 2012. If the secretary determines at any time that adequate safety progress has not been made, only then should the FDA take the regulatory lead and be given the resources to do so, the report recommends, adding that the agency should be developing a framework now to be prepared.

Creating a new independent agency would, of course, require resources; the current budget for NTSB is set at $559 million over the 2010 to 2014 period. In the current climate of fiscal restraint, convincing Congress to appropriate that sort of cash for a new government body might be a tall order.

Michael Ettlinger, vice president for economic policy at the Center for American Progress, a left-leaning research organization, said he couldn’t see that happening before the next election. “If the administration is for it then the Republicans are going to be against it,” he said.

But he does think it could happen if there is a compelling case for it, he said. “Having another agency doesn’t mean it’s going to cost a lot more if there is a reason that relates to efficiency,” he said. The biggest obstacles, he said, might be those who favor less government regulation.

Dr. Robert Wears, a professor in the department of emergency medicine at the University of Florida in Jacksonville, expressed support for the idea of a new, independent agency, though he said he thought it should have enforcement power. “FDA is nominally the logical place,” he said, “but their procedures are so convoluted and slow that I don’t think they would be suited to do it.”

Republican Sen. Chuck Grassley of Iowa, senior member of the Senate Finance Committee, said the new report “adds more to the list of unresolved questions, including which government agency, if any, should regulate health care information technology.” Grassley, who wrote HHS and health IT vendors two years ago asking what was being done to ensure the safety of the devices, said “the approach seemed to be, write checks first, solve the problems later, instead of the other way around.”

The Institute of Medicine committee does have one dissenter. Dr. Richard Cook from the University of Chicago feels the FDA is indeed the proper agency to oversee health IT safety. Cook writes that health IT is considered a “Class III medical device,” that is to say, a device that performs integral medical functions, which the FDA already has the jurisdiction to regulate.

The committee ruled out other agencies — including the Office of the National Coordinator, the Centers for Medicare & Medicaid Services and the Agency for Healthcare Research and Quality — as possible contenders for the position.

In its report, the IOM panel also recommended that more studies be conducted to quantify health IT-related deaths, serious injuries or unsafe conditions so that the safety concerns can be properly addressed. “You can only improve what you measure,” says the report.

Other recommendations in the report: establishing and enforcing criteria for the safety of electronic health records, funding a new Health IT Safety Council to set standards for safety, and requiring all health IT vendors to publicly register and list their products with the Office of the National Coordinator.

As states build exchanges, questions linger about interoperability

2011-11-03T09:27:18-04:00

As 56 U.S. states, territories and the District of Columbia inch toward a 2015 deadline for creating “exchanges” allowing health providers to share electronic medical records, those on the front lines of the effort are expressing concern about whether these systems will be able to talk to their counterparts in other regions.

A 2009 mandate from the feds actually requires states to build systems that can communicate with each other, but officials involved say questions about interoperability have largely been put on the back burner while each state or territory struggles to establish an exchange appropriate for its residents.

President Barack Obama’s 2009 economic stimulus bill provided $548 million in grants to help states establish or expand exchanges. Rather than mandate a one-size-fits-all approach, states were permitted to design their own structure, subject to the approval of the Office of the National Coordinator (ONC) for Health Information Technology.

As a result, a wide array of models are being used. Some states are building centralized state databases to house all patients’ health information. Some are building transmission systems to allow providers to securely send records to each other. And some are relying on multiple regional exchanges, tied together but operating individually.

The overall idea is to increase efficiency. By allowing providers to share information, doctors will easily be able to learn about their patients’ medical histories and exchange information.

While an iWatch News canvass of state and territorial exchanges showed virtually unanimous optimism that systems will be operating by the late 2014 or early 2015 deadlines required by grant contracts, this will only guarantee that records can be exchanged within the same state or territory.

But there’s far less optimism regarding information exchanges across jurisdictional borders. A patient living in Arlington, Va., for example, is likely to see providers in his or her Northern Virginia neighborhood, in the District of Columbia, and in the Washington suburbs in Maryland. If the exchanges for these three jurisdictions cannot communicate, the patient’s information will not catch up. The benefits of health information exchanges would therefore be lost for patients who live near state borders, who seek medical treatment while traveling, or who change their residency.

In tourism-driven Nevada, state health information technology coordinator Lynn O’Mara is concerned about ensuring interoperability. “A lot of patients who hold residency outside of the state try to access care when they are visiting,” she said.

Some state leaders have begun informally strategizing with neighboring state exchanges. New York officials, for instance, said they are talking with their New Jersey counterparts to facilitate interstate health information exchange. Ohio, which has contracted with the technology firm Medicity to build its platform, is talking to other states using the same software.

Though Puerto Rico has no bordering neighbors, it too is focusing on interoperability. Dr. José Piovanetti, the territory’s health information technology coordinator, said his agency has “already begun high-level talks with states that have a large population of Puerto Ricans” and states that send large numbers of travelers to the island, such as Florida, New York, Connecticut, Massachusetts and Texas.

Some states are further along in the setup process than others, adding another complication to collaboration. Delaware, for example, was the first state to begin establishing a model for its exchange. Dr. Jan Lee, executive director of the state’s effort, said they are starting to look across their borders. “If Maryland or Pennsylvania were ready, we would love to exchange data with them. So far, they are not.”

Other states have not yet begun to focus on interstate communications. Edward Dolly, deputy commissioner for West Virginia’s state health information technology office, said his state will “focus on interoperability with surrounding states in year two” of their efforts.

Julia Adler-Milstein, assistant professor at the University of Michigan and leading expert on health information exchanges, said a national exchange is technically possible. But federal law did not define what an ideal system should look like, in part to provide state coordinators with more flexibility so they could more easily claim more progress, she said.

A National Exchange

Dori Henry, director of communications for Maryland’s Department of Health and Mental Hygiene, noted that under rules established by the federal grant program, each state that participates must be able to connect to a Nationwide Health Information Network under development. “The national network is not yet in place and will likely not be available for states to connect to for at least another year,” she said. The requirement was spelled out in the office of the national coordinator’s 2009 funding opportunity announcement.

But the national network is already in its embryonic stage. The South Carolina Health Information Exchange, for example, is one of 20 participants already securely exchanging information in the nationwide network — ONC says it expects about 35 entities to be part of the national exchange by the end of 2011.

But much work remains to get all 56 states and territories linked into this system. Parmeeth Atwal, an ONC spokesman, describes the effort as “a challenge of a breadth and scale never attempted in any other nation.” He says the agency has collaborated with the health care community to create “a common standard enabling the electronic movement of health information,” by establishing a “simple, secure, scalable, standards-based transportation mechanism” that gives participants the ability to send encrypted health information directly to known, trusted recipients over the Web even if they are not part of the same exchange. More than 40 states are using this as part of the implementation approach, according to Atwal.

But not all observers are as confident as ONC.

Adler-Milstein of the University of Michigan says the mechanism Atwal references will be akin to secure email and will fall short of the seamless interoperability of a true national exchange, which would give the most benefit. This is “a good interim step,” she says, but there is a risk that providers get used to that and then not move beyond it.

Pam Matthews, senior director of regional affairs at the Healthcare Information and Management Systems Society (HIMSS), a nonprofit that promotes understanding and use of health information technology, said addressing this component of exchange will include significant issues — not just in technology, but other aspects of privacy, security and policy.

Stimulus funds will build state health exchanges but might not sustain them

2011-11-08T15:33:40-05:00

Federal stimulus funds are paying to build or expand systems enabling health care providers within each state to share patient information, but state officials are concerned about how to keep paying for the programs once the federal money runs out, an iWatch News survey reveals.

And with states adopting a wide variety of different software for electronic health record exchange, officials are also worrying about how to get those different systems to talk to each other across state lines (see sidebar).

The creation of these exchanges within all U.S. states and territories is part of a much larger push for use of electronic records in health care. Most of the attention has been focused on $27 billion worth of Medicare and Medicaid incentive payments that are going out to doctors, hospitals and clinics for switching their patients’ information from print to digital; providers must also demonstrate they have followed government guidelines in using the technology in a “meaningful” way. But a less-noticed provision of the same 2009 stimulus legislation made $548 million worth of grants available to the states to set up information exchanges that would allow health care providers to send, receive and share patient information within a state.

The federal government started distributing the State Health Information Exchange Cooperative Agreement Program grant money in March 2010 after approving each state’s proposal. But the funding will be handed out in increments until late 2014 or early 2015.

The purpose of the exchanges

Ideally, the exchanges would allow providers within a given state to track their patients’ medications, allergies, medical history, tests administered at other facilities, and surgeries by other physicians — therefore improving health care overall and lowering the risk of error or duplication.

Rather than establish one national exchange or mandate for any one particular approach, the federal Office of the National Coordinator (ONC) for Health Information Technology asked each state and territory to propose a plan for a state exchange that would meet its needs.

Pam Matthews, senior director of regional affairs at the Healthcare Information and Management Systems Society (HIMSS), a nonprofit that promotes understanding and use of health information technology, said there wasn’t a “best model” or approach that could apply to all state exchanges. “Each state is unique and their [exchanges] will mirror their unique state characteristics, needs and requirements,” she said.

First steps

While most states are establishing these exchanges from scratch, about half a dozen had exchanges in place before the stimulus announcement. Those were built with a mixture of state and private funding.

An iWatch News survey of state health information exchanges suggests that states in the nascent stages are using the vast majority of available federal dollars to cover the considerable costs of envisioning, designing and implementing the program. Huge percentages of the funds are going to software vendors to pay for the technology infrastructure, meaning states will have to find other revenue sources for long-term sustainability. Fifty-one U.S. states and territories responded to questions about the progress their agencies or nonprofit entities have made toward meeting the benchmarks in their proposals to ONC; representatives from the District of Columbia, Mississippi, Northern Mariana Islands, New Jersey and Oklahoma did not respond to repeated requests for comment.

The answers revealed that some are further along than others, but all who did respond expect to have a working exchange by the end of 2014 or beginning of 2015.

Ohio, which did not have an exchange in place before the program began, has used the funding to hire Medicity, a Utah-based technology firm, to build its platform. “Our biggest need has been financial, and ONC is supplying that for us,” said Dan Paoletti, CEO of the Ohio Health Information Partnership, the non-profit designated by the state to coordinate the effort. “Were it not for invaluable funding from the federal government, we could not have accomplished what we’re doing today,” he said. Ohio received a grant of nearly $15 million from ONC for its exchange.

Maine began creating its system in 2006 and used a combination of foundation and state funding. “All of this was made possible by voluntary funding stream,” said Jim Leonard, director of the office of the state coordinator for health information technology in Maine. The federal funds allowed the state to get more health care providers signed on and allowed them to upgrade to more sustainable technology. “If the stimulus funds hadn’t come along, it’s unlikely that the project would have continued,” Leonard added.

Finding more money

While state agencies were virtually unanimous in expressing appreciation for the federal support from ONC — not only in cash but also in training and guidance — several coordinators of health information exchanges are worried about where the cash will come from to keep the exchanges running over the long haul. Though the states were required to submit long-term sustainability plans to ONC in their proposals, many questions remain unanswered.

Julia Adler-Milstein, assistant professor at the school of information and the school of public health at the University of Michigan, has conducted formal evaluations of 27 different states for ONC as a subcontractor for a University of Chicago-based research group. “The message coming out of every state is that they haven’t figured out the sustainability piece,” she said.

“They have to charge somebody something,” said John Derr, a consultant at Golden Living LLC and member of the Standards Committee for health information technology, which makes recommendations to ONC. “The problem is that I don’t know whether all the states are working to see what the best model is … I think probably they need more guidance on which models work and which models don’t.”

States expect little additional federal support in this era of tightened Washington spending. Sheldon Wolf, health information technology director for North Dakota, said the federal dollars would be enough to “get the process started, but not for continuing operations.” Wolf declined to estimate how much those continuing operations would cost annually, noting that it would all depend on the number of participants.

Rather than rely on cash-strapped state governments to make up the gap, many exchanges are looking to subscription and per-transaction fees from providers as future revenue sources. Oregon officials, for example, say they hope to sustain a state health information exchange service through provider subscriptions, though they haven’t set any pricing models yet. Ohio’s Paoletti said his state plans to charge “reasonable fees for services that will bring value to participants.”

Nebraska’s Lt. Gov. Rick Sheehy, who heads the Cornhusker State’s health information technology efforts, said a subscription to the state’s exchange would not cost physicians “much more than what they would pay per year to have cable in.”

But conveying the value of these systems to stakeholders is another issue. Jan Lee, executive director of Delaware Health Information Network, said, “We’re struggling to get insurers to pony up and be a financially contributing member [of the exchange].” With Delaware one of the states furthest along in establishing its exchange — 90 percent of residents have their clinical data in the system — Lee wonders how a successful business model will be possible elsewhere. Under the non-profit Delaware group’s business plan, insurers would be asked to pay about 75 cents per member, per month. But, Lee says, health plans have been reluctant to sign on because there has not been much industry-wide data documenting savings. “Everyone believes intuitively this ought to save money,” she notes, but that is not enough in an industry “driven by actuarial information.”

Financial participation has been an easier sell to Delaware hospitals and labs, however, who pay 25 cents per transaction, as long as they have eliminated paper reports. Those who have, she says, enjoy a “clear, unmistakable cost savings,” compared to the $1.25 to $1.80 per transaction average cost for paper delivery.

Adler-Milstein said communicating the value of exchanges to providers was one of the biggest obstacles for states. Health care providers will need to understand how they can benefit from the exchanges before they will be willing to pay for them, she said.

“We’re not really clear who health information exchanges are creating value for,” she said. “Lots think it’s the patients, but at the end of the day I think we haven’t convinced anyone that health information exchanges are creating value for anyone.”

That skepticism was evident in an interview with Dr. Jane Orient, executive director of the Association of American Physicians and Surgeons, a group that has been critical of the president’s health care reform and of federal health information technology spending. The group encourages its members to eschew participation in health information exchanges — with or without user fees. She said she thinks the exchanges open too many opportunities for privacy and security violations. “If physicians care about [patient] confidentiality then they shouldn’t participate,” she said.

Even the American College of Physicians, a trade group that supports the exchanges, refused to endorse a pay-for-use model, remaining neutral on the question of who should pay. Spokesman David Kinsman said his group “has no policy other than that it supports development of exchanges,” though he acknowledged that without ongoing government funding, sustainability will be a challenge.

Gene Ransom III, CEO of MedChi, the Maryland State Medical Society, said long-term payment plans have to be addressed because ultimately they could lead to privacy issues. He fears that if states do not find a way to sustain the exchanges once the federal dollars run out, they might have an incentive to make use of the data in a way that could compromise patient privacy — like sell it, he said.

MedChi specifically pushed for legislation, enacted earlier this year, to prevent this possible scenario in the state.

“If you’re a state with a tight budget and this hasn’t been a priority, and you have a health information exchange that was set up using federal dollars,” he said, “doesn’t that put pressure for them to deal with the most valuable thing they have, like data?”

Parmeeth Atwal, ONC spokesman, said the agency is helping states with the issues of interoperability and has developed standards for the exchange of health information. He says the agency is working to help states “fill gaps in a strategic way” to “encourage and sustain health information sharing.”

Atwal describes the federal grants as a “one-time investment” aimed at providing “a critical impetus” to facilitate state health information exchange.

Adler-Milstein said the government was on the right track in pushing doctors and hospitals to begin using electronic health records. She thinks, however, that getting providers invested in the program is ultimately what will make it successful. “We can build a great health information exchange,” she said, “but if providers aren’t using it then it’s going to be useless.”

But Ransom from MedChi would like to see more federal investment in health information exchange systems. “It’s the classic situation that government should be involved with,” he said. “When the federal government sets up a system where there is strong encouragement for this, then they should take the responsibility to do it.”

Adler-Milstein predicted that by the end of the program there would be significantly more exchanges but many would likely be within pockets of the country — such as local health information exchanges.

“Some states are going to be a success and some are going to be failures,” she said. “For the states that don’t succeed it will be seen as a nice experiment and what they build will not continue to operate.”

Health information technology: Keep it simple

2011-11-07T17:29:46-05:00

Making electronic record-keeping systems easier for health providers to use can help prevent dangerous or even fatal mistakes, says the draft of a project by the National Institute of Standards and Technology (NIST).

The draft, titled “Technical Evaluation, Testing and Validation of the Usability of Electronic Health Records,” is available for informal public comment until Nov. 10, 2011. It provides guidance from NIST, a technical research agency within the Department of Commence, for testing electronic health record-keeping systems to make sure they are understandable for health care practitioners. The draft was released last month.

One of the aims of simplifying the devices is to avoid potentially dangerous medical errors, says the report. At the moment, though, there is no government agency specifically directed to regulate or enforce the safety of the devices being sold to medical offices.

“We didn’t specify in the report who should use the guidelines,” said Svetlana Lowry, NIST’s project leader on usability for health information technology. “This is for anybody who would like to apply the structure — government agencies, industries, academia — anyone involved in the development of electronic health records.”

A variety of studies have concluded that the use of health information technology may improve health care outcomes and improve patient safety, but the electronic systems can also facilitate problems. An allergy might be omitted from a computer record, for example, or the name of a medication might be entered into the wrong portion of the patient record because the system is daunting to practitioners. Health care providers might also be confused about how to access the information they need.

User error can decrease when the systems are easier to use, the report says, but guidelines must be established to ensure that the devices are tested by both those who use them and by experts.

Making the systems simpler to operate can increase efficiency, reduce user frustration, lower costs and cause fewer workflow disruptions, says the draft.

“We wanted to provide a methodology for the world of health information technology,” Lowry said.

Millions in federal dollars have already been pumped into the offices of doctors, hospitals and clinics under a Recovery Act provision encouraging the widespread use of electronic health records. The government will begin deducting Medicare payments from providers if they do not go digital by 2015.

However, the money isn’t flowing as quickly as predicted.

That may in part be attributable to the perplexing nature of the technology, the report says. Health care providers have been deterred from going digital, other researchers have said, because the systems are too difficult to understand and operate; the way the technology is laid out may not be representative of what physicians do every day, or it could slow down users and frustrate them.

Health information technology: Incentives may not always serve intended purpose

2011-10-13T10:37:20-04:00

About half of the first batch of federal dollars meant to encourage doctors and hospitals to switch to electronic records went to providers who were converts to the technology long before the stimulus program was announced, an iWatch News analysis suggests.

The analysis could raise questions about whether the government will be able to meet its goal of widespread adoption of health information technology. While these early numbers are hardly conclusive, they suggest that a large swath of payments intended to be an incentive for new adoption of electronic health records are merely rewarding health providers for minor adjustments to systems they have had in place for years.

Proponents of the program are undeterred, arguing that it is on track and has established important industry standards. Opponents question the efficiency of the payments, though, and some have even called for Congressional repeal. All of this comes at a time when the president is pushing a new stimulus bill, the “Super Committee” is attempting to rein in federal spending, and the United Kingdom is abandoning much of its own health information technology project.

The first installment

About 320 doctors and hospitals were included in the first batch to receive incentive payments through Medicare — payments that totaled $75 million. Those payments began during the two weeks following the launch of the program April 18 by the Centers for Medicare & Medicaid Services (CMS). The details of the initial batch were released by the agency at the end of May.

The payments represent the first installment on a $27 billion incentive program designed to compensate health care providers for both adopting often-expensive computerized medical recordkeeping systems and proving that they have used them to improve patient care.

To be eligible for the first round of payments, health care providers must attest to having adopted 23 out of 25 “meaningful use” benchmarks, a checklist the government developed to ensure providers are recording and keeping track of their patient’s health information in a standardized way. Among the examples: recording smoking status, maintaining a list of allergies to medications, documenting demographics and providing patients with an electronic copy of their health information. Providers must also have technology that is able to collect, analyze and report the measures, engage patients and transfer information to other providers. For many, this will mean installing a complex and expensive software update.

The incentive program, to be administered through both Medicare and Medicaid, is part of President Barack Obama’s 2009 economic stimulus, the $787 billion American Recovery and Reinvestment Act. The incentive provision is known as the Health Information Technology for Economic and Clinical Health (HITECH) Act. The idea behind it is that creation of a computerized health record for every American will cut health care costs in the long run. A CMS spokesman said the agency has distributed nearly $400 million in both Medicare and Medicaid payments, and that by the end of the summer, that figure might well exceed half a billion dollars. The government hasn’t required medical providers to adopt electronic health records — but will penalize them if they do not, by deducting 1 percent to 5 percent of their Medicare payments from 2015 to 2019.

iWatch News attempted through phone and email to interview all providers who had received the money; 62, or about a third, of the 188 distinct practices (some with multiple doctors who received money) and hospital chains on the list chose to respond. Health providers were asked for the brand of the technology they installed, when they installed it, whether they would recommend it to other providers and whether they have had any problems with it.

Of those who responded to the questions, almost half of the providers had installed the technology in the years before the stimulus program was announced — some dating as far back as the 1990s.

Early Adopters

Those who already had electronic recordkeeping systems were still able to take advantage of the HITECH Act incentives by upgrading their existing software and demonstrating to the government that the improved system was meeting those “meaningful use” standards in improving patient care.

Dr. George Miller, a surgeon who practices in Grenada, Miss., said his decision to adopt electronic health records had nothing to do with the stimulus — in fact, he has been using the technology for a decade. His company made upgrades to the software after the HITECH Act. “When we achieved ‘meaningful use,’ I figured I might as well get reimbursed,” he said.

The same was true for Dr. Jeffrey Willig, an ophthalmologist in Syosset, N.Y., who said doctors should take advantage of the government’s generosity. “If you’re going to do it anyway, then why not do it and have someone else pay for it?” he said.

Dr. Rafi Kevorkian, an internist in St. Louis, Mo., said he began using electronic health records in November 2009 and didn’t find out about the incentive program until he got going. Though electronic health record-keeping systems have saved him a lot of time and keep him on top of health maintenance, he said he thought filling out the “meaningful use” forms was “a pain” that he would be dealing with for the next four years through the different stages of the program. He also noted it was costly to have IT personnel help.

Dr. Luis Calo, who has a family practice in Harlingen, Texas, told a different sort of story. When he started his new practice in late 2009, Calo said, the HITECH money spurred him to invest in electronic recordkeeping software. He selected his system specifically to make sure it would allow “meaningful use” and used the $18,000 incentive payment toward the startup costs. Moving forward, he hopes to use the next rounds of Medicare payments toward monthly fees, upgrade costs, and, if necessary, hardware expansion.

Providers will have other chances to meet the “meaningful use” requirements and receive incentive payments. Medicare payments that have gone out this year are only part of the first phase of three for “meaningful use,” the second of which may be delayed a year (until 2014). The three stages will give providers three separate opportunities to cash in on the stimulus to help defray the hefty costs associated with going digital. Systems can cost as much as $45,000 per physician, with annual operating, licensing and maintenance costs ranging from $3,000 to $9,000, according to a 2008 report from the Congressional Budget Office. Participants have through the end of 2013 to participate in the first stage, but the maximum they can recoup will decrease each year. Until the end of 2014, an eligible professional who qualifies for the different benchmarks can receive a maximum of $44,000 from the government; hospitals can received a maximum of $2 million.

Should Early Adopters Qualify?

So, if one aim of the payments is to encourage adoption of health information technology adoption, why give them to providers who already have electronic recordkeeping systems in place?

Some lawmakers believe it’s important not to penalize early adopters of the technology. Rep. Anna Eshoo, D-Calif., introduced a bill in 2007 that provided much of the basis for what eventually went into the HITECH legislation. According to her office, “The idea was to eventually get everyone using health information technology, but to use it together.”

“Promoting the adoption of health information technology will yield great improvements to patient safety, efficiency and costs from preventable medical errors,” Eshoo said.

“We’re making progress and I look forward to seeing total adoption across our country.”

Dr. Lyle Berkowitz, an internist and medical informatics expert, said he is unconcerned about whether the payments go to new or old adopters.

“In fact many of the ultimate ones who get the ‘full’ ‘meaningful use’ dollars will be getting rewarded for ‘doing the right thing’ before there were even rewards to do so … which is actually not a bad message to send,” he said.

“Even for those of us using [electronic medical records] for many years, ‘meaningful use’ is not a slam dunk — it requires a lot of work and updating of technology and workflows … but it’s easier for us than starting from zero.”

Brian Bruen, lead research scientist and lecturer at George Washington University’s Department of Health Policy, said he thought it was too early to draw conclusions about the findings in the analysis. Many providers, he said, are taking a “wait-and-see approach.”

But he said there are benefits to paying early adopters because the legislation requires providers to improve their level of capability to allow for more streamlined, integrated, cost-effective care. “We’re not paying for nothing,” he said.

Others disagreed. A spokesman for Sen. Tom Coburn, R-Okla., an obstetrician, said that “if providers have been paid for systems they already had in place, that seems to be an inexcusable waste of taxpayer dollars. It makes no sense for HHS to pay physicians for systems they already have.” Coburn criticized the HITECH Act in his July “Back in Black” deficit reduction plan and proposed ending federal subsidies for health information technology. Coburn noted that according to the nonpartisan Congressional Budget Office, “the use of health information technology was already projected to be widespread by the end of the decade — even without the adoption of the HITECH Act.”

Pete Sepp, a spokesman for the National Taxpayers Union, said he thought the stimulus program was designed more for speed than effectiveness — “get the money out the door and hope that the eligibility requirements would work out.”

“Elected officials who want to appear to be ‘doing something’ about a problem create a program that involves a good PR boost without necessarily providing an equally valuable result for the investment of tax dollars,” he said.

One fear, expressed by Brock Slabach of the National Rural Health Association, is that smaller health providers will struggle to meet the complicated and expensive demands of the HITECH Act.

“If the public policy agenda was to move providers that couldn’t afford or didn’t have the resources … I think the jury is still out,” he said. “ I think we’ll find the ones that were far along will be further along and the ones who didn’t are going to go nowhere.”

And the rules, some doctors say, are confusing. One recipient, Dr. Mark Viner — a psychiatrist who practices in Sparks, Nev. — said he opted to return the initial payment after realizing that his private practice may not have treated enough Medicare patients to qualify.

Despite the issues raised by both the iWatch News findings and various critics, the CMS spokesman made clear the agency is pleased with the program thus far. “The most important point,” he said, “is that these incentive payments represent an investment in improving health care through the widely acknowledged benefits of electronic health records.”

Improving Patient Care

Of the health care providers who have switched to electronic health records, the majority of those who spoke to iWatch News were positive about the systems. Several said the technology has tremendously helped their practice by speeding up transactions, decreasing the amount of time patients spend in the waiting room, and helping patient progress.

Andy Wilson, a spokesman for Texas Health Resources, said electronic health records have reduced the provider’s medical errors and reduced costs as well.

And Dr. Michael Mignoli, an internist in Lone Tree, Colo., raved about his system. “It provides me the opportunity to deliver high quality care,” he said. Mignoli first started using electronic recordkeeping in 1995 and said he could not “give a higher recommendation” to his current software.

But for many, the transition hasn’t been easy.

Dr. Mark Johnson, a podiatrist who practices in West Plains, Mo., and who participated in the Medicare incentive program, said getting used to the software was time-consuming.

“I've got a lot of colleagues who aren't doing ‘meaningful use’ at all,” he said. “For solo doctors, it's a burden. It puts a lot of stress on staff, assistants and the receptionist.”

This view was echoed by Dr. Alfredo Gonzalez, a Glenview, Ill.-based cardiologist. He called the government regulations “absurd in many ways” because they force him to spend “more time writing data that is irrelevant to patient care and less time taking care of patients.”

Dr. David Kibbe, a physician and senior adviser for the American Academy of Family Physicians said that even the best-managed, most-organized practices are going to face some loss of productivity. Health care providers who are starting from scratch know that beginning to adopt computerized health records already carries its own set of problems, with or without the “meaningful use” criteria.

Podiatrists have their foot in the door

2011-10-12T13:10:09-04:00

A disproportionate number of those receiving the first batch of incentive payments to install electronic health records are podiatrists, an iWatch News analysis suggests.

Of the 188 different practices and chains that received the first batch of payments in May, 23 were podiatry practices, or about 12 percent — even though podiatrists make up only about 1.5 percent of Medicare physicians and practitioners.

Those numbers are no accident, according to Dr. James Christina, himself a doctor of podiatric medicine and director of scientific affairs for the American Podiatric Medical Association (APMA), the national trade association for podiatrists.

The APMA, Christina noted, has made a “very directed effort” to educate its members about both health information technology generally and how to meet requirements that providers demonstrate “meaningful use” of health IT in order to receive the incentive payments. “These efforts have included webinars, online resources on our website, live lecture presentations at regional and national meetings, and regular e-news type communications.”

Indeed, were it not for the APMA’s efforts, podiatrists might not even have been made eligible under the program. Several types of medical providers — including many behavioral health providers, rural health centers and home-care practitioners — were left out of the HITECH incentive payments. Thanks in part to lobbying by APMA — the group reported spending at least $45,000 to ensure “HIT Incentives for non-MD/DO physicians” and other issues in the first quarter of 2009 — podiatrists were ultimately included among the ranks of the eligible. The APMA has been “very active commenting on proposed rules from CMS, participating in the development and implementation of quality measures, and making sure through the legislative process that podiatrists were included as eligible providers,” Christina said.

In May, the Centers for Medicare & Medicaid Services (CMS) released a list of the first 320 recipients of “meaningful use” incentive payments under Medicare. At least 25 of those were doctors of podiatric medicine, nearly 8 percent. Several payments went to multiple doctors in the same practices and multiple hospitals in the same system. Of the 188 different practices and hospital chains receiving payments, 23 were podiatry practices, or about 12 percent. Joe Kuchler, a CMS spokesman, told iWatch News that podiatrists make up about 15,500 of the roughly 1,022,900 Medicare participating and non-participating physicians and practitioners — only about 1.5 percent.

iWatch News attempted to reach all 25 providers to ask them about the software they are using. Seven practices responded. Of those seven, three said they are using TRAKnet PM – DPM Edition by BioMedix (electronic medical recordkeeping software specifically tailored to podiatrists) and two were using software by MedLink.

Five of the seven indicated that they had installed the system in the time since enactment of the HITECH act in 2009. While part of the legislation’s intent is to provide incentives to encourage new providers to adopt electronic medical recordkeeping, it also allows for incentive payments to those who already had systems in place prior to the bill’s passage. About half of the 55 non-podiatrist providers and facilities who responded to iWatch News inquiries were receiving repayment for software they had already installed prior to the HITECH Act.

For Dr. Laura Pickard, a podiatrist who practices in Chicago, the Medicare incentive payments were “definitely the factor” that caused her to switch from print to electronic health records. She installed the technology in mid-November 2010, she said, and collected patient data for 90 days, as is required in HITECH, to show she was practicing “meaningful use” and should qualify for the stimulus payments.

She was among those who received the first round of payments, and says that although she is still adapting to the technology — causing her patients to have longer waits — her practice has benefitted overall. “I am more acutely aware of all of their health issues [and] medications,” she told iWatch News. “For diabetics I can keep a closer eye on them to help better manage their diabetes and potential complications.”

Some in the medical community are not thrilled to see the podiatrists reaping benefits of HITECH that are not available to some other practitioners. Behavioral health providers, a group not eligible to receive incentive payments for health information technology, say the inclusion of podiatrists reveals the program’s unfairness of excluding all “non-acute providers.” The behavioral health designation includes clinical psychologists, clinical social workers, psychiatric hospitals, substance abuse treatment centers, mental health treatment centers.

During the fast-moving stimulus negotiations, behavioral health advocates focused their lobbying efforts on privacy issues, only to discover once the stimulus was released they were excluded from being eligible to receive incentive payments.

“Had we been given the opportunity, I think we could have said that our patients are as acute and bring as severe medical problems as podiatry patients,” said Al Guida, a lobbyist for behavioral health interests. “A psychiatric crisis is life threatening. I’m not aware of any podiatric conditions that will lead to your demise.”

Dr. David Kibbe, a physician and senior adviser for the American Academy of Family Physicians, said the organization of workflows by podiatrists has always impressed him. “It may well be that the single greatest reason for such high adoption is that podiatrists have their act together,” he said.

He also noted that podiatrists might have an easier time meeting “meaningful use” objectives because they have limitations on the types of procedures they do. For example, “meaningful use” has different lists doctors must fill out for vaccinations, prenatal care and blood pressure.

“The reason could be that podiatrists don’t do a lot of things that are in the objectives, and therefore they can exempt themselves from having to fulfill some of the requirements,” he said.

Not so, says Christina of the APMA. “All eligible providers have the option to report zeros or exclusions where applicable,” he noted. “I do not think being able to report zeros on some quality measures makes qualifying for ‘meaningful use’ any easier.”

State attorneys general not leaping to embrace HIPAA enforcement

Connecticut,United States — 2011-09-20T16:38:07-04:00

Only two state attorneys general have pursued the authority Congress gave them two years ago to prosecute privacy and security breaches of health information — despite training from federal agencies and a consensus among privacy groups that enforcement needs to improve.

The authority to initiate such cases had previously belonged only to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), which was directed to protect private patient information by the 1996 Health Insurance Portability and Accountability Act (HIPAA). The expansion of jurisdiction to state attorneys general was awarded in concert with a $27 billion stimulus program initiated in 2009 to reward health care providers for switching from print to computerized health records.

The idea behind permitting attorneys general to sue under HIPAA was to give the regulation some teeth. The consensus among privacy and legal experts is that HIPAA enforcement has historically never held much weight among federal prosecutors. State attorneys general can now bring civil privacy cases to federal district court and can seek injunctive relief, statutory damages and attorneys fees. Congress believed that increasing the number of regulators by fifty-fold might improve provider compliance and reassure the public that health information would stay safe in the digital sphere. Since then, though, only former Connecticut Attorney General Richard Blumenthal and Vermont Attorney General William Sorrell have used the new power.

Experts blame a variety of factors for the apparent disinterest — the newness of the law, state budget constraints, conflicting priorities, even high rates of HIPAA compliance by health care providers. They also believe state attorneys general may have chosen to prosecute such cases under state privacy and security laws rather than the federal HIPAA law.

HIPAA history

HIPAA’s aim is to give patients control of their own health information and protect their privacy by specifically limiting the ways doctors, hospitals, health plans, pharmacies and other health providers can use patients’ personally identifiable medical information. HIPAA also sets guidelines for the security of that information.

The 2009 amendment to the HIPAA law was enacted within the Health Information Technology for Economic and Clinical Health (HITECH) Act — part of President Barack Obama’s $787 billion economic stimulus plan — which rewards doctors, hospitals and clinics for switching to digitized medical records.

Lawmakers reasoned that without updated HIPAA rules and oversight, people’s private information could fall victim to hackers or groups interested in tracking medical decisions for financial gain — behaviors that were less of a concern when health records were produced only on paper.

The new rules say health providers must within 60 days notify individual patients, the government and the media if the security of their health systems has been breached as part of a case in which 500 or more people have been victimized. The rules also say that “business associates” who work with health care providers, such as outside billers and health care consultants, are also subject to HIPAA.

Neither business associates nor health care providers are allowed to sell protected health information.

State attorneys general now have the authority to bring civil actions on behalf of state residents in cases where they are threatened or adversely affected by these violations. After receiving a complaint from a resident and conducting an investigation, an AG can sue in federal district court to obtain monetary damages on behalf of state residents or to enjoin further violations of HIPAA. The damages are limited to $25,000 in a calendar year, at up to $100 per violation.

States are supposed to notify the HHS secretary before bringing such a suit, since a pending l suit by federal agencies would bar any state action.

No climb in enforcement

The expansion of authority to state attorneys general in part reflected a general disappointment among privacy groups in federal performance regarding HIPAA violations.

“There has been a perception for a while now in the industry that there hasn’t been very aggressive enforcement,” said Lisa Gallagher, senior director of privacy and security at the Healthcare Information and Management Systems Society (HIMSS), a nonprofit that promotes understanding and use of health information technology.

“That was the message that Congress received, so that’s why they put the provisions in there.”

Pam Dixon, executive director at the World Privacy Forum, said HHS “has a woeful track record on bringing robust administrative enforcement actions.”

Leon Rodriguez, OCR director, said before HITECH the agency was limited in its ability to impose civil monetary penalties. The amendment increased the penalties from a maximum of $25,000 to a tiered range between $100 and $50,000 for each violation, with a maximum of $1.5 million, if the action is pursued by federal agencies.

“Since HITECH, HHS’ Office of Civil Rights sent a clear message that it is serious about enforcement of HIPAA’s Privacy Rule,” he said.

Over the course of 2009 and 2010, the HHS Office for Civil Rights received more than 16,000 complaints of security and privacy violations. The office determined that about 7,500 of those warranted an OCR inquiry. In almost all of those cases, OCR pushed for and obtained voluntary compliance from the provider or contractor through some sort of corrective action. Over 2009 and 2010, OCR referred 35 cases to the Justice Department for criminal investigation.

Jeffrey Drummond, an attorney who represents hospitals and other health care providers for the Texas firm Jackson Walker LLP, said he thinks the medical community is generally cautious about maintaining confidentiality and privacy, and that many complaints filed to OCR do not fall under HIPAA. “Is it a lack of regulatory teeth — or a lack of problems that need to be regulated?” he said.

Deven McGraw, director of the Health Privacy Project at the Center for Democracy and Technology, a nonprofit civil liberties group, said the provider organizations she works with care about being compliant with the law, but noted HIPAA rules are complicated.

She said it was a mistake to assert with confidence that everyone is compliant with the law. “It is best to say that most want to and do their best, but some people will be careless,” she said.

HIPAA and the States

One of the reasons for the lack of HIPAA enforcement on the AGs’ side is that states may choose to go through their own consumer protection statutes and privacy laws.

Broad statistics on pursuit of such cases under state law are hard to come by. But there are some examples. Indiana Attorney General Greg Zoeller, for instance, recouped $100,000 this July from insurance provider Wellpoint Inc., after it violated state law by failing to report in a reasonable amount of time that a data breach of its system had exposed the information of more than 32,000 residents.

But only two attorneys general have taken action using the new federal authority provided them.

Connecticut was the first. Then-Attorney General Blumenthal, who is the brother of former federal health information technology chief David Blumenthal, sued insurance provider Health Net Inc. last year for waiting six months to provide notification of a missing disk drive that contained unencrypted protected health information, social security numbers and bank accounts for nearly half a million Connecticut enrollees.

Connecticut officials said HHS worked with them diligently on the case, and that Health Net agreed to pay $250,000 in civil penalties.

That particular security breach affected 1.5 million people nationwide. Vermont Attorney General William Sorrell also went after Health Net for the same violation, which exposed information of 525 enrollees there. The company settled with Vermont this January for $55,000 and is submitting to data-security audits. It must also file security reports with the state during the next two years.

Both states used state laws and HIPAA to make their cases, but Vermont’s case also included a consumer fraud angle, said Assistant Attorney General Sarah London, because Health Net made misleading statements to consumers regarding their risk of harm.

A spokesman for Health Net wrote told iWatch News in an email that the company cooperated fully with the attorneys general in Connecticut and Vermont to bring the matters to resolution.

HHS declined to comment on the modest state use thus far of the HIPAA enforcement authority, saying it could not speak for the individual attorneys general. But experts say resource constraints are the main problem; states are reeling from billions of dollars in budget and staff cuts brought on by the recession. The federal government does not assist state attorneys general financially in taking on HIPAA cases.

An aide to Democratic Rep. Henry Waxman from California, who authored the HITECH amendment, said states may have restrictive budgets that are now hindering their ability to prosecute, and added that over time “we hope that this provision will help enforce privacy laws.”

McGraw of the Center for Democracy and Technology also noted that states may be hesitant to move on such cases because of the limited monetary damages that could be recouped for HIPAA violations. “In a time of tight state budgets, are you going to devote your resources for such a low threshold, or are you going to use your resources to catch bigger fish?” she asked.

Even so, some legal authorities expressed surprised at the low number of prosecutions because of the potential for HIPAA cases to garner media attention for elected officials.

Michael Kline, an attorney at Fox Rothschild LLP in New Jersey who blogs about HIPAA, said attorneys general would likely be recognized for going after what he called “big bad faceless insurance companies.”

The general strategy appears to have had some political impact for Blumenthal, who was elected to the U.S. Senate shortly after the HIPAA case was resolved in Connecticut.

“Attorneys general are elected, and they like to be re-elected,” Drummond said, adding that HIPAA cases could allow them to be perceived “as champions of the downtrodden helping the common man.”

OCR held four two-day seminars across the country this year to help inform state attorneys general about their enforcement rights. Rodriguez from OCR said his office would continue providing them with computer-based training and technical assistance.

The National Association of Attorneys General has not offered training or seminars on the power afforded to its members, nor does it keep track of the cases. Leading privacy and consumer groups, including the Center for Democracy and Technology, World Privacy Forum and Privacy Rights Clearinghouse, also have not reached out to state attorneys general to make them aware of the provisions, though officials from each organization said they thought enforcement numbers should be higher.

“We should be seeing much more enforcement from state attorneys general,” said Dixon from World Privacy Forum. “Given the continuing lackluster administrative enforcement of HIPAA, states will need to take the lead on this. When and if the states do this, we may see a greatly improved enforcement landscape overall.”

McGraw agreed. “I’d like to see more enforcement and I’d like to see more guidance,” she said.

Connecticut Attorney General George Jepsen, who succeeded Blumenthal, told iWatch News that privacy issues will mushroom as more health care data is available through the Internet.

“A year ago I would not have put privacy in the top five issues I would be facing as attorney general,” he said, “but it has certainly worked out that way.

“Scarcely a month goes by with out some sort of privacy breach.”

The state is currently investigating another case that could fall under HIPAA, in which an employee from Midstate Medical Center lost an external hard drive containing the information of more than 90,000 people.

Communities at risk from oil refineries that use toxic chemical

2012-01-05T11:54:47-05:00

Despite decades-old warnings about the potential for mass casualties, 50 refineries across the nation still rely on a toxic chemcial known as hydrofluoric acid, or HF. At least 16 million Americans, many of them unaware of the threat, live in the potential path of HF if it were to be released in an accident or a terrorist attack, according to refinery owners' worst case scenario reports.

Known for its ability to race long distances in a cloud, HF is extremely toxic. It causes lung congestion, inflammation and severe burns of the skin and digestive tract. It attacks the eyes and bones. Experiments in 1986 detected the acid at potentially deadly levels almost two miles from the point of release.