In this month’s article, Mike Farahbakhshian returns from hiatus to discover the world on fire and everything is crazy. Yet despite this, there’s still work to do. Mike helps you focus by taking you to his happy boring place, C-SPAN committee meetings. From there, he identifies the Federal Health IT trends that will affect you and your companies in 2020 and the coming decade. Suggested drink pairing: Vom Fass Armagnac XO.
Hi Guys, What Did I Miss?
Happy New Year, Meaningless Useketeers! I hope you are well rested from your holiday season. I last wrote in November. Did I miss anything of interest? Let me check through my news backlog.
Let’s not even get into Megxit.
And why is Boris Johnson posing with Elmo and Lord Buckethead? No, no… not getting into it. Have to focus on what’s important. Federal Health IT!
We know already that 2020 looks to be even more breakneck and chaotic than 2019. Somewhere in that firehose of crazy are interesting developments for the world of Health IT. So, let’s light some incense, take some deep breaths and go to our happy place to center ourselves.
This is my happy place. Let the boring wash over you.
There. Focused and clear? Good. Let’s talk about things to expect in the world of Health IT for 2020 and beyond. The stuff that, much like C-SPAN, is boring, but important.
Single Sign-On Platforms, Adaptive Multi-Factor Authentication, and Biometrics
As we move to an increasingly connected world, we want everything at our fingertips and we want it NOW. This applies doubly for Healthcare – for both patients and providers.
On the provider end, there’s a big need for Single Sign-On (SSO) to reduce time wasted logging into multiple disparate systems, including but not limited to:
- Electronic Health Records (EHRs)
- Picture Archiving and Communication Systems (PACS)
- HR/Timecard systems
The United Kingdom’s National Health Service is Spending £40 million (that’s $52 million in Freedom Dollars) to reduce the amount of time providers spend logging into up to 15 systems while tending to a patient. At one hospital alone, this is saving 130 aggregate hours a day. Less time spent tending to overhead means more time spent tending to patients. On this side of the pond, the Federal Health IT community can expect various ancillary systems to be looped into existing SSO architectures, as well as SSO architectures migrated to as-a-service offerings.
On the patient end, more patients want more access via mobile devices. SSO makes sense, and is in fact currently used in the Federal Health IT community, such as for VA and DHA mobile apps. The question is, how do we keep these sign-ons secure?
The conventional wisdom is to use multi-factor authentication. But traditional multi-factor authentication – you know, the kind where you get a one-time text message or email sent to you – is fundamentally broken. Even the developers at Okta say it sucks. Besides the fact that it is annoying, it is useless in the face of man-in-the-middle or trojan attacks. More worrisome, it doesn’t help when a service itself is breached, and it encourages a false sense of security that encourages users to reuse passwords. The bottom line is, multi-factor authentication with a reused password is often less secure than one-factor authentication with complex passwords that you never reuse. And by complex, I don’t mean “fifteen characters, with one number and one special character” that everyone ends up writing down in a post-it note by their computer. I mean a genuine combination of words only you would remember that is too complex for a hacker to guess, as this XKCD comic demonstrates:
BUT, this is the Federal Health IT community, which means we are used to dealing with an abundance of compliance regulation and a dearth of common sense. So multi-factor authentication for patients is here to stay. Yet we also want patient engagement. An engaged patient is one that is not scared off by entering one-time-passwords or switching to an authenticator app. There are a couple of solutions to broken MFA.
The first solution, outlined in the Okta blog I linked to above, is Adaptive Multi-Factor Authentication. Adaptive Multi-Factor Authentication uses contextual clues such as location awareness; changes in login location, time or other behavior; or other patterns to assign a risk score to that login. If the risk is above a certain threshold, impose multi-factor authentication, otherwise, business as usual. The up side is that usability is greatly increased. The downside is that now you are sharing behavioral details and location with a service provider, and trusting that information to be safeguarded and used responsibly. With great power comes great responsibility: are identity providers like Okta ready for it?
Another solution is biometrics: fingerprints, retinal scans, facial recognition. I’m a real fan of AuthX for solutions like this. AuthX handles traditional multi-factor authentication but also handles fingerprint, face, palmprint, key card and push authentications. No, they didn’t pay me to write this – I legitimately think platforms like this are the future of patient engagement.
The key word here is platforms. Many vendors offer one of the above – fingerprints, facial/retinal recognition, PINs, hardware tokens, adaptive multi-factor authentication, etc. – but the ability to have them plug into a common framework will be critical as Federal agencies customize how they want their biometric-enabled multi-factor authentication to work for their organizational needs. I recommend AuthX but maybe you like Okta’s adaptive multi-factor authentication. Maybe you will find yet another platform of choice. In the end, it doesn’t matter so long as you are using a robust platform. Bottom line: in 2020 and beyond, platform-based authentication will be the norm. Build a capability now.
The Move to Accountable Care and Personal Health Records
Part of the emphasis on patient engagement and mobile access is because Healthcare organizations want to be more efficient at doing their job. This means improving outcomes while wasting less money; a noble goal, but right now we’re not there. A recent Washington Post article details the cascade of wasteful, “low-value” tests that occur during routine examinations. The reasons are a perfect storm of a “cover-your-ass” medical culture, a lack of proper risk-based analysis, or a disregard of evidence-based risk-based analytical results, and a “who cares, not my problem” billing culture that results from Fee-for-Service. This can result in waste to the tune of billions of dollars. In addition, overdiagnosis can lead to discomfort, pain, and additional financial hardship for patients – hardly an improved outcome.
The Roaring 20’s 2.0 will be the decade where this comes to a head. With Healthcare reform as a key platform talking point during an election year, everyone is going to want to find ways to improve outcomes while saving money. In the case of the move from Fee-For-Service to Accountable Care, you can squeeze blood from a stone. Expect increased regulatory, and therefore IT changes, for calculating risk and value and ensuring that waste is cut out of the system.
One of the best ways to ensure improved outcomes and saving money is to ensure that patient health is current, complete, and portable. The best way to do this is by enabling Personal Health Records (PHRs) that fill in the gaps. PHRs give insights to care regimen, medicine timing, external factors like supplements and lifestyle factors, and real-time metrics from devices like FitBits. A truly portable, untethered PHR allows diagnoses and inputs from different provider networks to be seen and shared, if desired by the patient, to prevent duplicate or contradictory work.
A good PHR is, ideally, untethered – not tied to a specific Electronic Health Record or portal. It should have fine grained access, allowing patients to choose who they share their health information with and under what circumstances. Ideally it should use FHIR and integrate with health apps and devices such as Apple Health, Samsung Health, FitBit, etc. This can be challenging in a Federal Health IT context because DoD does not allow FitBit or similar devices in Operational Areas. That is to say, No FitBits when you’re deployed!
A good PHR should allow secure messaging and interoperability with any care provider you use – whether it’s a Federal provider such as DHA or VA, purchased/community care, or providers accessed through private insurance. It should allow tracking and trending of health information, ideally with integration into a CarePlan.
Ray needs a PHR to track his lifestyle and interventions so diabetes is not invited to his pizza party. Source: Achewood, 2005-12-09
Three good examples of things to track are:
- Tracking and trending of social determinants of health (SDOH) which will be critical to Accountable Care activities mentioned above.
- Tracking and trending of medication use, with flagging of potential adverse interaction reporting for pharmacovigilance purposes.
- Tracking and trending of immunizations, useful for population health purposes and critical in an era of measles and other preventable disease outbreaks.
Bottom Line: Expect 2020 to be the year of the untethered PHR. Build a capability in PHRs or partner with a good PHR partner. One I highly recommend is Symptomatic.
The Next Steps on Opioids and Vapes
Speaking of using PHR trending for population health and pharmacovigilance, let’s talk about drugs!
Ray needs pharmacovigilance. Source: Achewood, 2011-12-05
On December 17, 2019, the Senate Judiciary Committee held a hearing on the opioid epidemic. White House, DOJ, DEA and HHS (SAMHSA) panelists offered insights on the current opioid epidemic. There are a couple of key takeaways we in the Federal Health IT Community need to keep in mind.
First, There is strong bipartisan pressure to classify fentanyl and fentanyl analogues (like carfentanyl) as a Schedule I drug. Schedule I drugs have “no medical use.” Classifying the fentanyl family sounds intuitively right, but doing so has second order effects:
- Fentanyl does have some legitimate medical uses; for example, due to its speed of effect it is a component of many epidurals.
- Classifying fentanyl as Schedule I means that no research on the drug, including effective remedies, can be done within the U.S. Currently, naloxone is the only approved way to counteract fentanyl, but multiple doses are required.
- Moreover, blocking the entire category of fentanyl analogues may block the development and use other, useful drugs.
That said, expect regulatory changes in some capacity that mean changes to IT registries, research sites, and oversight frameworks. The bottom line for the Federal Health IT Community: Expect opportunities at FDA, SAMHSA, NIH, DEA and more.
Second, the hearing established that most fentanyl is coming from Mexico or China. Border wall discussion aside, China’s classification of fentanyl and fentanyl analogues as controlled substances is a step in the right direction. Here, determining the provenance of opioids is key. Pharmacovigilance and supply chain analytics? That sounds like a recipe for blockchain. Look to see an increased integration of blockchain with pharmaceutical supply chain applications.
Finally, a major concern from the hearing was how DEA determined the quotas for opioid production. Expect more emphasis on collecting addiction metrics and running analytics to feed back into production.
As a result of the opioid crisis, researchers have increased their scrutiny of the causes and mechanisms of pain. Expect a lot of cross-pollination between spinal cord research and opioid/addiction research as a result.
Moving on to other addictive substances, the Trump Administration has finally enacted a limited ban on closed-end flavored vapes, although the limited nature of the ban hasn’t made a lot of fans in the public health community. Most notably, mint and mentholated flavors are still allowed, which disproportionately affects communities of color. There’s a very interesting House hearing on this, but it should be noted this move doesn’t affect the recent cause of vaping-related deaths, which were caused by Vitamin E acetate adulteration of (legal) THC distillate pods.
What this move does do is increase the regulatory paperwork required to make and market e-cigarettes, and that means an increased IT load for registries and workflow management at FDA. From the Motley Fool article linked above:
By May 12, e-cig manufacturers and vape shops that mix their own e-liquids to sell to the public are required to submit to the FDA premarket tobacco product applications (PMTA) demonstrating their product “is appropriate for the protection of the public health,” according to the FDA’s press release.
The FDA’s announcement ominously points out that the agency has not authorized a single electronic nicotine delivery system (ENDS), meaning all devices and e-liquids on the market “are considered illegally marketed and are subject to enforcement, at any time, in the FDA’s discretion.”
Expect FDA to modernize and automate the workflow and approval system for PMTAs. Many of these PMTAs require hundreds of thousands of pages of supporting documentation. The FDA Center for Tobacco Products (CTP) will be quite busy! From an enforcement perspective, expect opportunities with ATF.
Let the Roaring 20’s Begin Again
So there you have it. We are about to enter into a wild and tumultuous decade: one of war and peace, prosperity and poverty, political and philosophical clashes, climate change, and stupid trends like the Tide Pod Challenge. Yet two things will remain constant: We will need Healthcare and technology will march on. Hopefully with these predictions, you’ll be able to turn last decade’s 20/20 hindsight into this decade’s 2020 foresight.
Happy New Year, Useketeers. Let’s get cracking.