There’s a fundamental change underway in the healthcare system, which is shifting away from a traditional fee-for-service model toward a more accountable, patient-centered model of care.

Accountable care organizations (ACO) are popping up across the country with what’s being referred to as a Triple Aim: better care for individuals, better health for populations, and lower per capita costs.

In a recent Online Tech Tuesdays at Two webinar session, attorneys Tatiana Melnik and Carrie Nixon extensively defined and discussed the ACO model (what is it, why we are moving in that direction, where the patient fits into the model, and some early success stories), the role technology plays in its emergence, and ways to minimize and mitigate legal risks in the framework.

Melnik specializes in IT legal issues with a specific emphasis on HIPAA, HITECH, and the world of healthcare and cloud computing. Nixon is president of Accountable Care Law & Policy and a founding member of Healthcare Solutions Connection, a network of expert consultants providing solutions for the healthcare industry.

“We’re moving to the ACO model because really, the current system is unsustainable,” said Melnik “Baby Boomers are aging and are straining a system that is already having a difficult time managing and sustaining a patient population.”

Titled PHI in the ACO – Risk Management, Mitigation and Data Collection Issues, the hour-long webinar covered multiple must-know topics for healthcare and health IT personnel – whether they’re already part of an ACO, plan to be part of an ACO, or are simply interested in the movement. (You can find the video replay and presentation slides here.)

Of course, technology plays an integral role in ACOs. So much that Melnik and Nixon weren’t able to cover all aspects in one session and have agreed to return for a second.

PHI in the ACO – A Focus on Data: Analytics, Collection, Risks and Contracting Considerations will be held at 2 p.m. ET on Tuesday, June 17. (Register here.)

That session will focus on an ACO’s need for a strong information technology framework to collect, analyze and report data. This includes the ability to combat fraud and using technology to engage patients and meet reporting requirements. The co-hosts will also cover legal risks – including data breaches and other privacy violations – and contracting considerations with IT and software vendors.

Melnik and Nixon did dive into several technology issues in their first session. Some highlights:

“Data collection and analytics are really the keys to success in the ACO environment,” Melnik said. “This is because quality metrics must be collected and reported to (Centers for Medicare and Medicaid Services) and must also be shared among the ACO participants so that they can provide better care to the beneficiaries.”

Nixon said one of her key messages during the session was to “underscore the importance of data, data, data. Have your data collection mechanisms in place, and look at your data. Look at your data. Analyze your data. Think about what it means. Think about ways that you can improve.”

However, all the record-keeping requirements of an ACO are extensive – records must be kept for a minimum of 10 years, plus six more if there’s a termination, dispute or allegation of fraud against an ACO. Melnik noted that keeping information for 16 years or longer requires a heavy investment for data storage and data retrieval costs.

Paraphrasing Melnik: Data sharing and collection requires an advanced IT infrastructure, which means ACOs have to understand how the IT environment works and how the data migrates through the system. At the same time, people and processes must be in place so data is understood. Analytics are useless nobody in the system can explain what the numbers mean and how to improve on the information that you’re getting.

Nixon mentioned an ACO that hired three employees who deal strictly with data.

“How many ACOs are considering that they have to do that? Or, are they thinking, ‘We’ll figure that out when we get to that point’?” Melnik said. “That’s really problematic, because that can impact the long-term success of your project. You need to have those considerations in place at the forefront and really account for those costs at the beginning.”

The co-hosts also discussed the need for interoperability, considering the integration of personal health records, mobile devices and other technology with electronic health records (EHR). When a large number of providers with their own EHR systems merge and want to use personal health records (to meet Meaningful Use standards) and mobile device integration (to improve patient engagement), technology issues expand exponentially.

Melnik noted the Federal Trade Commission is involved in assessing whether some software vendors are improperly exerting control on competition when it comes to interoperability. She suggested reviewing materials from the FTC’s Examining Healthcare Competition workshop held in March.

Melnik also discussed how the need for data breach insurance (and the amount of data breach insurance) must be carefully evaluated when forming an ACO. “Consider the recently released report from the Ponemon Institute finding that the cost to remediate a breach in the healthcare space is $359 per record, compared to a $201 dollar industry average,” Nixon said. “If you have 50,000 records involved in a breach, that’s $17.9 million. How many organizations have those kinds of funds to pay out that amount?”


Tatiana Melnik is an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance. Melnik regularly writes and speaks on IT legal issues, including HIPAA/HITECH, cloud computing, mobile device policies, telemedicine, and data breach reporting requirements, is a Managing Editor of the Nanotechnology Law and Business Journal, and a former council member of the Michigan Bar Information Technology Law Council.

Melnik holds a JD from the University of Michigan Law School, a BS in Information Systems and a BBA in International Business, both from the University of North Florida.

Carrie Nixon is the CEO of Nixon Law Group and President of Accountable Care Law & Policy. She is a founding member of Healthcare Solutions Connection, a network of expert consultants providing integrated service solutions for the healthcare industry. As a longtime attorney for a variety of clients in the assisted living and long-term care industry, Nixon has on-the-ground experience with the unique challenges facing those who serve our aging population. She has successfully defended these clients against malpractice claims and deficiency citations, helping them to navigate the ever-changing regulatory and risk management landscape.

Nixon holds a JD from the University of Virginia Law School.


Related:

HIPAA Compliant Hosting white paper

Removing the ‘Cryptic’ from ‘Encryption’ – HIPAA and the Meaning of Secure PHI