Wednesday, June 6, 2012

Healthcare Talent Management: Seeking Unicorns Using Broken Software Not Very Good for Patients - or Stockholders

In the May 30, 2012 WSJ article "Software Raises Bar for Hiring" by David Wessel, the Wall Street Journal's economics editor (subtitled "Software Screening Rejects Job Seekers" in the web page header), and in a followup June 4, 2012 NPR piece "Employers: Qualified Workers Aren't in Jobs Pool" where Wessel is interviewed by Renee Montagne, an issue noted in past years here at HC Renewal is discussed.

The issue is poorly done and/or misapplied e-Recruiting software actually causing employers to be blinded to needed talent, and skilled members of the workforce laid off in the Great Recession to remain unemployed.

From the NPR interview (emphases mine):

... WESSEL: Well, there are basically two views about unemployment today. One is that the biggest problem is there just isn't enough demand out there, not enough spending so employers are reluctant to hire readily. And if that's right, then there are things the government might do to stimulate demand - either Congress, or the president or the Federal Reserve.

The other view is the biggest problem is, as you suggest, this mismatch between the skills that employers need and the ones that available workers have. And if this view is right, and the fiscal and monetary policy can't do much. So people on the second camp seize on these very loud complaints from employers that they just can't find the workers they need. And the real question is how can that be?

MONTAGNE: Well, offer us an answer or two.

WESSEL: Well, I talked to a business school professor at the University of Pennsylvania, Peter Cappelli, and he suggested a number of possibilities. One is that with so many unemployed workers, employers may simply be too picky. They're looking for the perfect worker. They won't settle for the merely capable. One person in the business calls this looking for a unicorn. A second possibility is they're just not willing to pay enough. A third is that they've lost interest in training and they're insisting on experienced workers, so they're turning away a whole lot of people who could do the job but just don't have experience. And then, in what I find most provocative possibility, they've become over reliant on the software that's used to screen applicants.

MONTAGNE: Now software, that's an interesting idea.

WESSEL: Right. A whole lot of people who have applied for jobs lately, know that the initial application often is done online. That's because software takes the employers criteria, which is often extraordinarily precise, and then screens the application. There's one company that Mr. Cappelli writes about in the new book that says he had 25,000 applicants for a standard engineering position, only the software in the HR department told him nobody was qualified.  [An absurdity on its face - ed.]

In another one, an HR executive, in an experiment, applied for a job in his own company and couldn't get through the software screening. And as you mentioned, I wrote a column about this and I got flooded with people with experiences like this who were just enormously frustrated with the software and how it was preventing them from getting to a human being to get an interview on a job that maybe they could do.


In other words, the combination of employers looking for the "perfect, prefab employee" - a unicorn - is complicated by the fact that employers, or more properly, Personnel Departments (now euphemistically referred to as "Human Resources" departments, a "resource" they cannot properly manage, it seems) are using broken software.  This creates the erroneous appearance of a talent vacuum.

I made quite similar observations at my blog posts of several years ago including at a post of Feb. 2008 "If pharma cannot get its basic IT right, what about the hard stuff?"  and a Sept. 2011 post "Merck to Cut Up to 13,000 (More) Jobs by 2015."  I had noted repeated, bizarre solicitations for positions that were way-off base (such as for "Application Services Associate" in the Feb. 2008 post, and for "SAP Security Analyst--Merck & Co.,Inc.-INF003774" as mentioned here) by the automated e-Recruiting systems of a number of pharmas and healthcare organizations to whom I had submitted an electronic CV.

At the latter post I observed:

... I thought the problems with bizarre eRecruiting solicitations that I wrote about in my Feb. 2008 post "If pharma cannot get its basic IT right, what about the hard stuff?" were over.

However, just yesterday I received an automated solicitation from this company regarding something related to import/export, an apparent profound mismatch to my background. It makes me wonder if the people with a sufficient understanding of computational linguistics who could fix the parser in the eRecruiting system were all laid off.

As I mentioned in the earlier post, mismatched outbounds probably correspond to internal blindness to inbounds (i.e., in properly parsing resumes). I wrote:
Could a poorly-tuned or malfunctioning eRecruiting parser, which probably works in both directions (i.e., alerts not just outside candidates but also people internal to Merck of incoming resumes it identifies as "interesting") adversely affect the "apparently available" talent pool across many disciplines?

I still get entirely inappropriate solicitations from time to time, such as for marketing or low-level IT support roles, from this company -- where I was once high-mid management and use their exact term for that role, "Director", terms such as "Medical Informatics", "Electronic Medical Records" and others directly in my CV -- and others.

e-Recruiting systems could function poorly for a number of reasons, including but not limited to:

  • Incompetence
  • Deliberate sabotage, making it seem talent is exceptionally hard to find, to increase the job security of HR personnel who are themselves being downsized due, in part, to automation;
  • Deliberate sabotage to facilitate more hiring of lower-paid employees such as non-citizens found through other means.
Any of these scenarios, of course, is not good for stockholders and the unemployed.

Finally, I actually tried to alert the head of HR of one company, Merck, to this problem.  In the aforementioned Feb. 2008 post I reproduced the email and further commented:

... I wrote to the VP of HR and an HR associate, both of whom I knew, in Dec 2006:


Sent: Monday, December 18, 2006 10:45 AM
To: Levine, Howard
Cc: Lewis, Drew B
Subject: Merck eRecruiting system malfunction

Dear Howard,

I maintain a resume on Merck's eRecruiting site. I rarely get alerts, but recently I received the automated alert below for " Multi-Channel Management Campaign Manager" as below.

It is a profound mismatch to any keyword or context in my background (I am an MD & information science specialist, formerly Director Published Information Resources & The Merck Index.)

The eRecruiting system is apparently broken. It is likely others are getting similarly mismatched results. Suggest repair.

I was thanked for my email, and instructions received on how to turn off auto-notification by their job site. This was something I already knew how to do, and obviously was not a helpful or meaningful suggestion vis-a-vis "doing business."

Nothing more was received, and considering I continue to get frivolous solicitations regularly, apparently nothing much was done.


I had also observed:

  • Is this how state-of-the-art biomedical companies might be expected to manage their recruitment?

A response telling me to de-activate automated alerts from a company's clearly broken e-Recruiting system was not exactly what I considered in the best interests of shareholders.

Finally, in an ironic twist, hunting for unicorns with broken e-Recruiting software might prevent companies from finding the computational linguistics and other talent needed to fix these very systems.

-- SS

Healthcare Talent Management: Seeking Unicorns Using Broken Software Not Very Good for Patients - or Stockholders

In the May 30, 2012 WSJ article "Software Raises Bar for Hiring" by David Wessel, the Wall Street Journal's economics editor (subtitled "Software Screening Rejects Job Seekers" in the web page header), and in a followup June 4, 2012 NPR piece "Employers: Qualified Workers Aren't in Jobs Pool" where Wessel is interviewed by Renee Montagne, an issue noted in past years here at HC Renewal is discussed.

The issue is poorly done and/or misapplied e-Recruiting software actually causing employers to be blinded to needed talent, and skilled members of the workforce laid off in the Great Recession to remain unemployed.

From the NPR interview (emphases mine):

... WESSEL: Well, there are basically two views about unemployment today. One is that the biggest problem is there just isn't enough demand out there, not enough spending so employers are reluctant to hire readily. And if that's right, then there are things the government might do to stimulate demand - either Congress, or the president or the Federal Reserve.

The other view is the biggest problem is, as you suggest, this mismatch between the skills that employers need and the ones that available workers have. And if this view is right, and the fiscal and monetary policy can't do much. So people on the second camp seize on these very loud complaints from employers that they just can't find the workers they need. And the real question is how can that be?

MONTAGNE: Well, offer us an answer or two.

WESSEL: Well, I talked to a business school professor at the University of Pennsylvania, Peter Cappelli, and he suggested a number of possibilities. One is that with so many unemployed workers, employers may simply be too picky. They're looking for the perfect worker. They won't settle for the merely capable. One person in the business calls this looking for a unicorn. A second possibility is they're just not willing to pay enough. A third is that they've lost interest in training and they're insisting on experienced workers, so they're turning away a whole lot of people who could do the job but just don't have experience. And then, in what I find most provocative possibility, they've become over reliant on the software that's used to screen applicants.

MONTAGNE: Now software, that's an interesting idea.

WESSEL: Right. A whole lot of people who have applied for jobs lately, know that the initial application often is done online. That's because software takes the employers criteria, which is often extraordinarily precise, and then screens the application. There's one company that Mr. Cappelli writes about in the new book that says he had 25,000 applicants for a standard engineering position, only the software in the HR department told him nobody was qualified.  [An absurdity on its face - ed.]

In another one, an HR executive, in an experiment, applied for a job in his own company and couldn't get through the software screening. And as you mentioned, I wrote a column about this and I got flooded with people with experiences like this who were just enormously frustrated with the software and how it was preventing them from getting to a human being to get an interview on a job that maybe they could do.


In other words, the combination of employers looking for the "perfect, prefab employee" - a unicorn - is complicated by the fact that employers, or more properly, Personnel Departments (now euphemistically referred to as "Human Resources" departments, a "resource" they cannot properly manage, it seems) are using broken software.  This creates the erroneous appearance of a talent vacuum.

I made quite similar observations at my blog posts of several years ago including at a post of Feb. 2008 "If pharma cannot get its basic IT right, what about the hard stuff?"  and a Sept. 2011 post "Merck to Cut Up to 13,000 (More) Jobs by 2015."  I had noted repeated, bizarre solicitations for positions that were way-off base (such as for "Application Services Associate" in the Feb. 2008 post, and for "SAP Security Analyst--Merck & Co.,Inc.-INF003774" as mentioned here) by the automated e-Recruiting systems of a number of pharmas and healthcare organizations to whom I had submitted an electronic CV.

At the latter post I observed:

... I thought the problems with bizarre eRecruiting solicitations that I wrote about in my Feb. 2008 post "If pharma cannot get its basic IT right, what about the hard stuff?" were over.

However, just yesterday I received an automated solicitation from this company regarding something related to import/export, an apparent profound mismatch to my background. It makes me wonder if the people with a sufficient understanding of computational linguistics who could fix the parser in the eRecruiting system were all laid off.

As I mentioned in the earlier post, mismatched outbounds probably correspond to internal blindness to inbounds (i.e., in properly parsing resumes). I wrote:
Could a poorly-tuned or malfunctioning eRecruiting parser, which probably works in both directions (i.e., alerts not just outside candidates but also people internal to Merck of incoming resumes it identifies as "interesting") adversely affect the "apparently available" talent pool across many disciplines?

I still get entirely inappropriate solicitations from time to time, such as for marketing or low-level IT support roles, from this company -- where I was once high-mid management and use their exact term for that role, "Director", terms such as "Medical Informatics", "Electronic Medical Records" and others directly in my CV -- and others.

e-Recruiting systems could function poorly for a number of reasons, including but not limited to:

  • Incompetence
  • Deliberate sabotage, making it seem talent is exceptionally hard to find, to increase the job security of HR personnel who are themselves being downsized due, in part, to automation;
  • Deliberate sabotage to facilitate more hiring of lower-paid employees such as non-citizens found through other means.
Any of these scenarios, of course, is not good for stockholders and the unemployed.

Finally, I actually tried to alert the head of HR of one company, Merck, to this problem.  In the aforementioned Feb. 2008 post I reproduced the email and further commented:

... I wrote to the VP of HR and an HR associate, both of whom I knew, in Dec 2006:


Sent: Monday, December 18, 2006 10:45 AM
To: Levine, Howard
Cc: Lewis, Drew B
Subject: Merck eRecruiting system malfunction

Dear Howard,

I maintain a resume on Merck's eRecruiting site. I rarely get alerts, but recently I received the automated alert below for " Multi-Channel Management Campaign Manager" as below.

It is a profound mismatch to any keyword or context in my background (I am an MD & information science specialist, formerly Director Published Information Resources & The Merck Index.)

The eRecruiting system is apparently broken. It is likely others are getting similarly mismatched results. Suggest repair.

I was thanked for my email, and instructions received on how to turn off auto-notification by their job site. This was something I already knew how to do, and obviously was not a helpful or meaningful suggestion vis-a-vis "doing business."

Nothing more was received, and considering I continue to get frivolous solicitations regularly, apparently nothing much was done.


I had also observed:

  • Is this how state-of-the-art biomedical companies might be expected to manage their recruitment?

A response telling me to de-activate automated alerts from a company's clearly broken e-Recruiting system was not exactly what I considered in the best interests of shareholders.

Finally, in an ironic twist, hunting for unicorns with broken e-Recruiting software might prevent companies from finding the computational linguistics and other talent needed to fix these very systems.

-- SS

University of Miami Lays Off 800, Cuts Research Funding, Builds New Presidential Mansion

Despite the trillions of dollars flowing through the US health care systems, prominent not-for-profit health care organizations seem to be complaining more often that the money going to them is not enough. 

The Lay-Offs and Research Cutbacks

Recently, for example, the University of Miami announced that its medical center would have to tighten its belt.  In April, according to the Miami Herald,
University of Miami President Donna Shalala announced Tuesday that the medical school will take 'difficult and painful but necessary steps' next month to reduce costs, including staff cuts.In a letter to employees, she called the cuts 'significant' but provided no details about how many employees might be laid off.

'The process will take place in stages, and affected employees will be notified during the month of May,' Shalala wrote. 'Reductions will not impact clinical care or our patients and will primarily focus on unfunded research and administrative areas.'

Shalala said the cuts were necessary because of 'unprecedented factors' including the global downturn of 2008, decreased funding for research and clinical care, plus cutbacks in payments from Jackson Health System. The Jackson reductions 'have had a profound effect on our finances,' she wrote.

Placing the blame for the medical school's financial problems on Jackson Health System, the local safety-net health system, did not sit well with that organization's leadership. In another Miami Herald story, its chairman stated that the real problem might be:
'investments that they have made that may or may not have panned out,' including the purchase in 2007 of Cedars Medical Center, across the street from Jackson Memorial, for a price that several experts say was far too high.

In fact, we discussed here allegations that the University of Miami Medical School's purchase of a facility that was renamed the University of Miami Hospital adjacent to Jackson was meant to take insured patients from that already struggling facility.

Nonetheless, the Medical School proceeded with its cuts, which resulted in 800 layoffs (see Miami Herald story here.) The next Miami Herald story suggested that the cuts would disproportionately impact worthy researchers, for example,
When Nobel Laureate Andrew Schally arrived in South Florida six years ago, he was greeted with great fanfare and named a distinguished professor of pathology at the University of Miami medical school. Now he says his work is one of the many casualties of the school’s budget slashing.

Schally says UM told him several weeks ago that his annual funding of $150,000 for research would end May 31, part of widespread cuts in the medical school that could eliminate up to 800 jobs this month and trigger major reductions in research.

'I was shocked... We developed so many drugs for the university,' Schally says. 'They are killing the goose that laid the golden egg.'
The President's New House
The headline of another Miami Herald story last week suggested that things had gotten so bad that the cuts were even going to affect top university leadership's lifestyle:
UM president’s house sells for $9 million

We had posted about University of Miami President Donna Shalala's lavish university funded living conditions a while ago. Now it seems she would be giving up
'tropical ambiance,' 4.6 acres of lush gardens, and a prestigious Gables Estates address.

This "rare piece of Florida history" also had
a guest room created specifically to host the Dalai Lama during His Holiness’ visits to South Florida.

So can we conclude that the University is really tightening its belt when its President is forced to move out of such a lush environment? Not really.

In fact, Ms Shalala may be moving to even more plush surroundings, courtesy the university's supposedly challenged budget:
The 32-acre Pinecrest development, built on land donated to the university by UM law grad-turned-philanthropist Frank Smathers Jr., exclusively houses UM faculty. Shalala will now join their ranks as both boss and neighbor.

Decades ago, the grounds were home to Smathers’ Arabian horses and world-renowned mango collection. The UM-built homes are clustered in the center one-third of the acreage 'to safeguard the botanical integrity of the estate,' according to the university’s website. The remaining land is dominated by lush plants and fruit groves, and is maintained by Fairchild Tropical Botanical Gardens.

In particular,
It’s a very bold house,” Taylor said of Shalala’s new digs. “It’s a dominant house in the neighborhood.”

Taylor said the all-white exterior of the new home is a noticeable contrast to the more-earthy tones of other houses nearby. The university is calling it the 'Ibis House' after UM’s beloved (and also all-white) mascot.

Shalala’s new home will sit on a quarter-acre of land — dramatically less property than she enjoyed before. On the plus side, Shalala, just as in her old home, will enjoy about 9,000 or so square feet of interior space, and an in-home elevator connecting the first and second floors.

The new home is also situated in a unique gated community that offers a community clubhouse, tennis courts and pool, and meticulously landscaped gardens.

Was anyone really expecting that Ms Shalala would have to find her own housing, like the 99 percent have to?

Summary
So here we have another example of how the notion of CEO exceptionalism has filtered down from large for-profit corporations to even non-profit, ostensibly mission-oriented health care institutions. Leaders of health care organizations are now deemed to be so important, at least in the eyes of their hired public relations staff, that they must be given every luxury. Perhaps if housed in any space smaller than 9000 feet, Ms Shalala would be so confined as not be able to think great thoughts anymore, like how many layoffs would be needed to sufficiently cut costs. Worse, maybe without such free housing, she would just decide that the institution would not be showing enough gratitude, and so her amazingly brilliant leadership would have to seek new pastures.

Maybe, on the other hand, Ms Shalala's new house is just another demonstration how health care has become dominated by leadership whose own compensation and privilege seems to come before the mission., and sees no problem in asking for "difficult and painful" cuts from those who do the real work on the ground while building itself new mansions.

So as usual, it is time to say that true health care reform would foster leadership  that upholds the core values of health care, and focuses on and are accountable for the mission, not on secondary responsibilities that conflict with these values and their mission, and not on self-enrichment. Leaders ought to be rewarded reasonably, but not lavishly, for doing what ultimately improves patient care, or when applicable, good education and good research.

University of Miami Lays Off 800, Cuts Research Funding, Builds New Presidential Mansion

Despite the trillions of dollars flowing through the US health care systems, prominent not-for-profit health care organizations seem to be complaining more often that the money going to them is not enough. 

The Lay-Offs and Research Cutbacks

Recently, for example, the University of Miami announced that its medical center would have to tighten its belt.  In April, according to the Miami Herald,
University of Miami President Donna Shalala announced Tuesday that the medical school will take 'difficult and painful but necessary steps' next month to reduce costs, including staff cuts.In a letter to employees, she called the cuts 'significant' but provided no details about how many employees might be laid off.

'The process will take place in stages, and affected employees will be notified during the month of May,' Shalala wrote. 'Reductions will not impact clinical care or our patients and will primarily focus on unfunded research and administrative areas.'

Shalala said the cuts were necessary because of 'unprecedented factors' including the global downturn of 2008, decreased funding for research and clinical care, plus cutbacks in payments from Jackson Health System. The Jackson reductions 'have had a profound effect on our finances,' she wrote.

Placing the blame for the medical school's financial problems on Jackson Health System, the local safety-net health system, did not sit well with that organization's leadership. In another Miami Herald story, its chairman stated that the real problem might be:
'investments that they have made that may or may not have panned out,' including the purchase in 2007 of Cedars Medical Center, across the street from Jackson Memorial, for a price that several experts say was far too high.

In fact, we discussed here allegations that the University of Miami Medical School's purchase of a facility that was renamed the University of Miami Hospital adjacent to Jackson was meant to take insured patients from that already struggling facility.

Nonetheless, the Medical School proceeded with its cuts, which resulted in 800 layoffs (see Miami Herald story here.) The next Miami Herald story suggested that the cuts would disproportionately impact worthy researchers, for example,
When Nobel Laureate Andrew Schally arrived in South Florida six years ago, he was greeted with great fanfare and named a distinguished professor of pathology at the University of Miami medical school. Now he says his work is one of the many casualties of the school’s budget slashing.

Schally says UM told him several weeks ago that his annual funding of $150,000 for research would end May 31, part of widespread cuts in the medical school that could eliminate up to 800 jobs this month and trigger major reductions in research.

'I was shocked... We developed so many drugs for the university,' Schally says. 'They are killing the goose that laid the golden egg.'
The President's New House
The headline of another Miami Herald story last week suggested that things had gotten so bad that the cuts were even going to affect top university leadership's lifestyle:
UM president’s house sells for $9 million

We had posted about University of Miami President Donna Shalala's lavish university funded living conditions a while ago. Now it seems she would be giving up
'tropical ambiance,' 4.6 acres of lush gardens, and a prestigious Gables Estates address.

This "rare piece of Florida history" also had
a guest room created specifically to host the Dalai Lama during His Holiness’ visits to South Florida.

So can we conclude that the University is really tightening its belt when its President is forced to move out of such a lush environment? Not really.

In fact, Ms Shalala may be moving to even more plush surroundings, courtesy the university's supposedly challenged budget:
The 32-acre Pinecrest development, built on land donated to the university by UM law grad-turned-philanthropist Frank Smathers Jr., exclusively houses UM faculty. Shalala will now join their ranks as both boss and neighbor.

Decades ago, the grounds were home to Smathers’ Arabian horses and world-renowned mango collection. The UM-built homes are clustered in the center one-third of the acreage 'to safeguard the botanical integrity of the estate,' according to the university’s website. The remaining land is dominated by lush plants and fruit groves, and is maintained by Fairchild Tropical Botanical Gardens.

In particular,
It’s a very bold house,” Taylor said of Shalala’s new digs. “It’s a dominant house in the neighborhood.”

Taylor said the all-white exterior of the new home is a noticeable contrast to the more-earthy tones of other houses nearby. The university is calling it the 'Ibis House' after UM’s beloved (and also all-white) mascot.

Shalala’s new home will sit on a quarter-acre of land — dramatically less property than she enjoyed before. On the plus side, Shalala, just as in her old home, will enjoy about 9,000 or so square feet of interior space, and an in-home elevator connecting the first and second floors.

The new home is also situated in a unique gated community that offers a community clubhouse, tennis courts and pool, and meticulously landscaped gardens.

Was anyone really expecting that Ms Shalala would have to find her own housing, like the 99 percent have to?

Summary
So here we have another example of how the notion of CEO exceptionalism has filtered down from large for-profit corporations to even non-profit, ostensibly mission-oriented health care institutions. Leaders of health care organizations are now deemed to be so important, at least in the eyes of their hired public relations staff, that they must be given every luxury. Perhaps if housed in any space smaller than 9000 feet, Ms Shalala would be so confined as not be able to think great thoughts anymore, like how many layoffs would be needed to sufficiently cut costs. Worse, maybe without such free housing, she would just decide that the institution would not be showing enough gratitude, and so her amazingly brilliant leadership would have to seek new pastures.

Maybe, on the other hand, Ms Shalala's new house is just another demonstration how health care has become dominated by leadership whose own compensation and privilege seems to come before the mission., and sees no problem in asking for "difficult and painful" cuts from those who do the real work on the ground while building itself new mansions.

So as usual, it is time to say that true health care reform would foster leadership  that upholds the core values of health care, and focuses on and are accountable for the mission, not on secondary responsibilities that conflict with these values and their mission, and not on self-enrichment. Leaders ought to be rewarded reasonably, but not lavishly, for doing what ultimately improves patient care, or when applicable, good education and good research.

Tuesday, June 5, 2012

Cart Before the Horse, Part 3: AHRQ's "Health IT Hazard Manager"

In a July 2010 post "Meaningful Use Final Rule: Have the Administration and ONC Put the Cart Before the Horse on Health IT?" and an Oct . 2010 post "Cart before the horse, again: IOM to study HIT patient safety for ONC; should HITECH be repealed?" I wrote about the postmodern "ready, fire, aim" approach to health IT:

In the first post, I wrote:

... These "usability" problems require long term solutions. There are no quick fix, plug and play solutions. Years of research are needed, and years of system migrations as well for existing installations.

Yet we now have an HHS Final Rule on "meaningful use" regarding experimental, unregulated medical devices the industry itself admits have major usability problems, along with a growing body of literature on the risks entailed.
For crying out loud, talk about putting the cart before the horse...

Something's very wrong here...

However, this situation is anything but humorous.

How more "cart before the horse" can government get?

In the second post, I wrote:

... So, in the midst of a National Program for Health IT in the United States (NPfIT in the U.S.), with tens of billions of dollars earmarked for health IT already (money we don't really have, but it can be printed quickly, or borrowed from China) the IOM is going to study health IT safety, prevention of health IT-related errors, etc. ... only now?

Here we go yet again.

The problem with the AHRQ (Agency for Healthcare Research and Quality, a division of HHS) announcement below of a webinar about a new tool for identifying, categorizing, and resolving health IT hazards, as I have written before, is putting the "cart before the horse" and throwing medical ethics to the wind.

If we've just developed a tool "for identifying, categorizing, and resolving health IT hazards", the magnitude of which others such as IOM admit are unknown to our detriment (e.g., Health IT and Patient Safety: Building Safer Systems for Better Care, pg. S-2), then health IT is, it follows, an experimental technology.

If it is an experimental technology, AHRQ and others in HHS should probably be raising the issue of a slow down or moratorium on widespread rollout under HITECH until risk management and remediation is better understood.  At the very least they should be calling for patient informed consent that a device that will largely regulate their care is experimental, that a competency "gap" exists among healthcare practitioners within the "health IT environment" (meaning patients are at risk), and that patients should be offered the opportunity for informed consent with opt-out provisions.  The principals should not just announcing a webinar:

Sent: Tuesday, June 05, 2012 12:23 PM
To: OHITQUSERS@LIST.NIH.GOV
Subject: Register Now! AHRQ Health IT Webinar "Purpose and Demonstration of the Health IT Hazard Manager and Next Steps" June 11, 2:30 PM ET

Agency for Healthcare Research and Quality

Purpose and Demonstration of the Health IT Hazard Manager and Next Steps

June 11, 2012 — 2:30-4 p.m., EST

The Agency for Healthcare Research and Quality (AHRQ) has identified a gap in a health care/public health practitioner’s competency within the health IT environment. This webinar is designed to increase practitioners’ competencies in several areas: improving health care decision making; supporting patient-centered care; and enhancing the quality and safety of medication management by improving the ability to identify, categorize, and resolve health IT hazards.

The Webinar will explore the Health IT Hazard Manager—a tool for identifying, categorizing, and resolving health IT hazards. When implemented, the tool allows health care organizations and software vendors alike to learn about potential hazards and work to resolve them, including the use of data to communicate potential and actual adverse effects. The session will discuss how the Health IT Hazard Manager was tested and refined as well as strategies and implications for deploying it. The target audience includes AHRQ grantees/researchers; health care providers, including physicians and nurses; consumers/patients; and health care policymakers.

... Webinar learning objectives include:

1. Describe the rationale for developing the Health IT Hazard Manager and how it evolved through alpha and beta testing.
2. Explain the process for identifying and categorizing health IT-related hazards.
3. Demonstrate how the Health IT Hazard Manager would be used [i.e., it's not yet in use, despite mandates for HIT rollout with penalties for non-adopters - ed.] within and across care delivery organizations and health IT software vendors.
4. Discuss policy and process implications for deploying the Health IT Hazard Manager via different organizations (i.e., AHRQ; Office of the National Coordinator for Health IT; Patient Safety Organization(s); Accrediting bodies; IT entities).

In effect, HHS seems to be saying "we're working on the HIT risk problem, but roll it out anyway; if you get harmed or killed, tough luck."  This seems a form of negligence.

Have we thrown out all we know about medical research and human subjects protections in face of the magical powers and profits of computers in medicine?

-- SS

Cart Before the Horse, Part 3: AHRQ's "Health IT Hazard Manager"

In a July 2010 post "Meaningful Use Final Rule: Have the Administration and ONC Put the Cart Before the Horse on Health IT?" and an Oct . 2010 post "Cart before the horse, again: IOM to study HIT patient safety for ONC; should HITECH be repealed?" I wrote about the postmodern "ready, fire, aim" approach to health IT:

In the first post, I wrote:

... These "usability" problems require long term solutions. There are no quick fix, plug and play solutions. Years of research are needed, and years of system migrations as well for existing installations.

Yet we now have an HHS Final Rule on "meaningful use" regarding experimental, unregulated medical devices the industry itself admits have major usability problems, along with a growing body of literature on the risks entailed.
For crying out loud, talk about putting the cart before the horse...

Something's very wrong here...

However, this situation is anything but humorous.

How more "cart before the horse" can government get?

In the second post, I wrote:

... So, in the midst of a National Program for Health IT in the United States (NPfIT in the U.S.), with tens of billions of dollars earmarked for health IT already (money we don't really have, but it can be printed quickly, or borrowed from China) the IOM is going to study health IT safety, prevention of health IT-related errors, etc. ... only now?

Here we go yet again.

The problem with the AHRQ (Agency for Healthcare Research and Quality, a division of HHS) announcement below of a webinar about a new tool for identifying, categorizing, and resolving health IT hazards, as I have written before, is putting the "cart before the horse" and throwing medical ethics to the wind.

If we've just developed a tool "for identifying, categorizing, and resolving health IT hazards", the magnitude of which others such as IOM admit are unknown to our detriment (e.g., Health IT and Patient Safety: Building Safer Systems for Better Care, pg. S-2), then health IT is, it follows, an experimental technology.

If it is an experimental technology, AHRQ and others in HHS should probably be raising the issue of a slow down or moratorium on widespread rollout under HITECH until risk management and remediation is better understood.  At the very least they should be calling for patient informed consent that a device that will largely regulate their care is experimental, that a competency "gap" exists among healthcare practitioners within the "health IT environment" (meaning patients are at risk), and that patients should be offered the opportunity for informed consent with opt-out provisions.  The principals should not just announcing a webinar:

Sent: Tuesday, June 05, 2012 12:23 PM
To: OHITQUSERS@LIST.NIH.GOV
Subject: Register Now! AHRQ Health IT Webinar "Purpose and Demonstration of the Health IT Hazard Manager and Next Steps" June 11, 2:30 PM ET

Agency for Healthcare Research and Quality

Purpose and Demonstration of the Health IT Hazard Manager and Next Steps

June 11, 2012 — 2:30-4 p.m., EST

The Agency for Healthcare Research and Quality (AHRQ) has identified a gap in a health care/public health practitioner’s competency within the health IT environment. This webinar is designed to increase practitioners’ competencies in several areas: improving health care decision making; supporting patient-centered care; and enhancing the quality and safety of medication management by improving the ability to identify, categorize, and resolve health IT hazards.

The Webinar will explore the Health IT Hazard Manager—a tool for identifying, categorizing, and resolving health IT hazards. When implemented, the tool allows health care organizations and software vendors alike to learn about potential hazards and work to resolve them, including the use of data to communicate potential and actual adverse effects. The session will discuss how the Health IT Hazard Manager was tested and refined as well as strategies and implications for deploying it. The target audience includes AHRQ grantees/researchers; health care providers, including physicians and nurses; consumers/patients; and health care policymakers.

... Webinar learning objectives include:

1. Describe the rationale for developing the Health IT Hazard Manager and how it evolved through alpha and beta testing.
2. Explain the process for identifying and categorizing health IT-related hazards.
3. Demonstrate how the Health IT Hazard Manager would be used [i.e., it's not yet in use, despite mandates for HIT rollout with penalties for non-adopters - ed.] within and across care delivery organizations and health IT software vendors.
4. Discuss policy and process implications for deploying the Health IT Hazard Manager via different organizations (i.e., AHRQ; Office of the National Coordinator for Health IT; Patient Safety Organization(s); Accrediting bodies; IT entities).

In effect, HHS seems to be saying "we're working on the HIT risk problem, but roll it out anyway; if you get harmed or killed, tough luck."  This seems a form of negligence.

Have we thrown out all we know about medical research and human subjects protections in face of the magical powers and profits of computers in medicine?

-- SS

More Electronic Medical Record Breaches: You Could Not Do This With Paper

I have written repeatedly on the dangers posed by poorly managed health IT regarding information breaches.  See "2011 Closes on a Note of Electronic Medical Record Privacy Breach Shame" and other posts at this query link:   http://hcrenewal.blogspot.com/search/label/medical%20record%20confidentiality

Now this, from Kaiser Health News and The Washington Post:

As Patients' Records Go Digital, Theft And Hacking Problems Grow 
Jun 03, 2012

As more doctors and hospitals go digital with medical records, the size and frequency of data breaches are alarming privacy advocates and public health officials.

Keeping records secure is a challenge that doctors, public health officials and federal regulators are just beginning to grasp. And, as two recent incidents at Howard University Hospital show, inadequate data security can affect huge numbers of people.  

With paper, you'd need a stream of trucks to accomplish this magnitude of theft:

On May 14, federal prosecutors charged one of the hospital's medical technicians with violating the Health Insurance Portability and Accountability Act, or HIPAA. Prosecutors say that over a 17-month period Laurie Napper used her position at the hospital to gain access to patients' names, addresses and Medicare numbers in order to sell their information. A plea hearing has been set for June 12; Napper's attorney declined comment.

Just a few weeks earlier, the hospital notified more than 34,000 patients that their medical data had been compromised. A contractor working with the hospital had downloaded the patients' files onto a personal laptop, which was stolen from the contractor's car. The data on the laptop was password-protected but unencrypted, which means anyone who guessed the password could have accessed the patient files without a randomly generated key. According to a hospital press release, those files included names, addresses, and Social Security numbers -- and, in a few cases, "diagnosis-related information."

I add that they could also probably have booted the laptop from alternate media, and/or removed the hard drive and inserted into another computer, to access the contents.

Ronald J. Harris, Howard University's top spokesman, said in an e-mail that the two incidents are unrelated, but declined to answer further questions. In its press release about the stolen laptop, the hospital said it will set new requirements for all laptops used by contractors and those issued to hospital personnel to help protect data.

Still it could have been worse. Much worse.

Just days after Howard University contacted its patients about the stolen laptop, the Utah Department of Health announced that hackers based in Eastern Europe had broken into one of its servers and stolen personal medical information for almost 800,000 people -- more than one of every four residents of the state.

How many trucks (and Stargate SG-1 style invisibility cloaks) would it take to inconspicuously steal 800,000 paper charts, I ask?

And last November, TRICARE, which handles health insurance for the military, announced that a trove of its backup computer tapes had been stolen from one of its contractors in Virginia. The tapes contained names, Social Security numbers, home addresses and, in some cases, clinical notes and lab test results for nearly 5 million patients, making it the largest medical data breach since the Department of Health and Human Services began tracking incidents two and a half years ago.

Five million charts in a country of 300 million people...

As recently as five years ago, it's possible no one outside Howard University would have known about the incidents there. But, new reporting rules adopted as part of the 2009 stimulus act insure the public knows far more about medical data breaches than in the past. When a breach occurs that affects 500 or more patients, health care providers now must notify not only HHS, but also the media.

Meaning there were breaches the public does not know about.

Deven McGraw, director of the health privacy project at the Center for Democracy & Technology, a Washington-based Internet advocacy group, said the number of incidents is growing with the increased use of digital health records. The health care industry, she added, has been slow to respond.

A problem is not enough "motivation."

"Many financial companies have used encryption for years and they probably wonder what the heck is going on with the health care industry," McGraw said. "It's much cheaper to deploy safeguards than to suffer a breach."

I offer a one word answer:  complacency.

Now for the "spin control":

This growing problem puts HHS in a tough spot. It is pushing hospitals and doctors to adopt electronic health records, but it's also responsible for punishing health care providers who fail to properly secure their patients' records.

"Mistakes happen, incidents happen, corners get cut from time to time," said Susan McAndrew, deputy director for health information policy at HHS's Office of Civil Rights. "That's where we come in."

"From time to time" is a rather modest description of the millions of breaches mentioned in just this posting.

 But as I've written before, don't worry, your records are safe.

Just don't tell the doctor about that "incident" at that seedy club the other night, and find some other excuse to get the antibiotics you need, and that information will be safe, too.

-- SS

More Electronic Medical Record Breaches: You Could Not Do This With Paper

I have written repeatedly on the dangers posed by poorly managed health IT regarding information breaches.  See "2011 Closes on a Note of Electronic Medical Record Privacy Breach Shame" and other posts at this query link:   http://hcrenewal.blogspot.com/search/label/medical%20record%20confidentiality

Now this, from Kaiser Health News and The Washington Post:

As Patients' Records Go Digital, Theft And Hacking Problems Grow 
Jun 03, 2012

As more doctors and hospitals go digital with medical records, the size and frequency of data breaches are alarming privacy advocates and public health officials.

Keeping records secure is a challenge that doctors, public health officials and federal regulatorr are just beginning to grasp. And, as two recent incidents at Howard University Hospital show, inadequate data security can affect huge numbers of people.  

With paper, you'd need a stream of trucks to accomplish this magnitude of theft:

On May 14, federal prosecutors charged one of the hospital's medical technicians with violating the Health Insurance Portability and Accountability Act, or HIPAA. Prosecutors say that over a 17-month period Laurie Napper used her position at the hospital to gain access to patients' names, addresses and Medicare numbers in order to sell their information. A plea hearing has been set for June 12; Napper's attorney declined comment.

Just a few weeks earlier, the hospital notified more than 34,000 patients that their medical data had been compromised. A contractor working with the hospital had downloaded the patients' files onto a personal laptop, which was stolen from the contractor's car. The data on the laptop was password-protected but unencrypted, which means anyone who guessed the password could have accessed the patient files without a randomly generated key. According to a hospital press release, those files included names, addresses, and Social Security numbers -- and, in a few cases, "diagnosis-related information."

I add that they could also probably have booted the laptop from alternate media, and/or removed the hard drive and inserted into another computer, to access the contents.

Ronald J. Harris, Howard University's top spokesman, said in an e-mail that the two incidents are unrelated, but declined to answer further questions. In its press release about the stolen laptop, the hospital said it will set new requirements for all laptops used by contractors and those issued to hospital personnel to help protect data.

Still it could have been worse. Much worse.

Just days after Howard University contacted its patients about the stolen laptop, the Utah Department of Health announced that hackers based in Eastern Europe had broken into one of its servers and stolen personal medical information for almost 800,000 people -- more than one of every four residents of the state.

How many trucks (and Stargate SG-1 style invisibility cloaks) would it take to inconspicuously steal 800,000 paper charts, I ask?

And last November, TRICARE, which handles health insurance for the military, announced that a trove of its backup computer tapes had been stolen from one of its contractors in Virginia. The tapes contained names, Social Security numbers, home addresses and, in some cases, clinical notes and lab test results for nearly 5 million patients, making it the largest medical data breach since the Department of Health and Human Services began tracking incidents two and a half years ago.

Five million charts in a country of 300 million people...

As recently as five years ago, it's possible no one outside Howard University would have known about the incidents there. But, new reporting rules adopted as part of the 2009 stimulus act insure the public knows far more about medical data breaches than in the past. When a breach occurs that affects 500 or more patients, health care providers now must notify not only HHS, but also the media.

Meaning there were breaches the public does not know about.

Deven McGraw, director of the health privacy project at the Center for Democracy & Technology, a Washington-based Internet advocacy group, said the number of incidents is growing with the increased use of digital health records. The health care industry, she added, has been slow to respond.

A problem is not enough "motivation."

"Many financial companies have used encryption for years and they probably wonder what the heck is going on with the health care industry," McGraw said. "It's much cheaper to deploy safeguards than to suffer a breach."

I offer a one word answer:  complacency.

Now for the "spin control":

This growing problem puts HHS in a tough spot. It is pushing hospitals and doctors to adopt electronic health records, but it's also responsible for punishing health care providers who fail to properly secure their patients' records.

"Mistakes happen, incidents happen, corners get cut from time to time," said Susan McAndrew, deputy director for health information policy at HHS's Office of Civil Rights. "That's where we come in."

"From time to time" is a rather modest description of the millions of breaches mentioned in just this posting.

 But as I've written before, don't worry, your records are safe.

Just don't tell the doctor about that "incident" at that seedy club the other night, and find some other excuse to get the antibiotics you need, and that information will be safe, too.

-- SS

Sunday, June 3, 2012

WSJ "There's a Medical App for That—Or Not" - Misinformation on Health IT Safety Regulation?

There's a health IT meme that just won't die (patients may, but not the meme).

It's the meme that health IT "certification" is a certification of safety.

I expressed concern about the term "certification" being misunderstood even before the meme formally appeared, when the term was adopted by HHS with regard to evaluation of health IT for adherence to the "meaningful use" pre-flight features checklist.  See my mid-2009 post "CCHIT Has Company" where I observed:

HIT "certification." ... is a term I put in quotes since it really is "features qualification" at this point, not certification such as a physician receives after passing Specialty Boards.

The "features qualification" is an assurance that the EHR functions in way that could enable an eligible provider or eligible hospital to meet the Center for Medicare & Medicaid Services' (CMS) requirements of "Meaningful Use."  No rigorous safety testing in any meaningful sense is done, and no testing under real-world conditions is done at all.

I've seen the meme in various publications and venues.  I've even seen it in legal documents in medical malpractice cases where EHR's were involved, as an attempted defense.

Now the WSJ has fallen for the health IT Certification meme.

An article "There's a Medical App for That—Or Not" was published on May 29, 2012.  Its theme is special regulatory accommodation for health IT in the form of opposition to FDA regulation of devices such as "portable health records and programs that let doctors and patients keep track of data on iPads."

In the article, this assertion about health IT "certification" is made:

... The FDA's approach to health-information technology risks snuffing out activity at a critical frontier of health care. Poor, slow regulation would encourage programmers to move on, leaving health care to roil away for yet another generation, fragmented, disconnected and choking on paperwork.

The process already exists for safeguarding the public for computers in health care. It's not FDA premarket review but the health information technology certification program, established under President George W. Bush and still working fine under the Obama Health and Human Services Department. The government sets the standards and an independent nonprofit [ATCB, i.e., ONC Authorized Testing and Certification Bodies - ed.] ensures that apps meet those standards. It's a regulatory process as nimble as the breakout industry it's meant to monitor. That is where and how these apps should be regulated.

It's a wonderful meme.  Unfortunately, it's wrong.  Dead wrong.

Certification by an ATCB does not "safeguard the public."   Two ONC Authorized Testing and Certification Bodies (ATCB's) admitted this in email, as in my Feb. 2012 post "Hospitals and Doctors Use Health IT at Their Own Risk - Even if Certified".  I had asked them, point-blank:

"Is EHR certification by an ATCB a certification of EHR safety, effectiveness, and a legal indemnification, i.e., certifying freedom from liability for EHR use of clinical users or organizations? Or does it signify less than that?"

I received two replies from major ONC ATCB's indicating that "certification" is merely assurance that HIT meets a minimal set of "meaningful use" guidelines, not that it's been vetted for safety.  For instance:

From: Joani Hughes (Drummond Group)
Sent: Monday, March 05, 2012 1:06 PM
To: Scot Silverstein
Subject: RE: EHR certification question

Per our testing team:

It is less than that. It does not address indemnification although a certification could be used as a conditional part of some other form of indemnification function, such as a waiver or TOA, but that is ultimately out of the scope of the certification itself. Certification in this sense is an assurance that the EHR functions in way that could enable an eligible provider or eligible hospital to meet the CMS requirements of Meaningful Use Stage 1. Or to restate it more directly, CMS is expecting eligible providers or eligible hospitals to use their EHR in “meaningful way” quantified by various quantitative measure metrics and eligible providers or eligible hospitals can only be assured they can do this if they obtain a certified EHR technology.

Please let me know if you have any questions.

Thank you,
Joani.

Joani Hughes
Client Services Coordinator
Drummond Group Inc.

The other ATCB, ICSA Labs, stated that:

... Certification by an ATCB signifies that the product or system tested has the capabilities to meet specific criteria published by NIST and approved by the Office of the National Coordinator. In this case the criteria are designed to support providers and hospitals achieve "Meaningful Use." A subset of the criteria deal with the security and patient privacy capabilities of the system.

Here is a list of the specific criteria involved in our testing:
http://healthcare.nist.gov/use_testing/effective_requirements.html

In a nutshell, ONC-ATCB Certification deals with testing the capabilities of a system, some of them relate to patient safety, privacy and security functions (audit logging, encryption, emergency access, etc.).

What was suggested in the email below (freedom from liability for users of the system, etc.) would be out of scope for ONC-ATCB testing based on the given criteria. [I.e., certification criteria - ed.] I hope that helps to answer your question.

I had noted that:

... My question was certainly answered [by the ATCB responses]. ONC certification is not a safety validation, such as in a document from NASA on aerospace software safety certification, "Certification Processes for Safety-Critical and Mission-Critical Aerospace Software" (PDF) which specifies at pg. 6-7:
In order to meet most regulatory guidelines, developers must build a safety case as a means of documenting the safety justification of a system. The safety case is a record of all safety activities associated with a system throughout its life. Items contained in a safety case include the following:

• Description of the system/software
• Evidence of competence of personnel involved in development of safety-critical software and any
safety activity
• Specification of safety requirements
• Results of hazard and risk analysis
• Details of risk reduction techniques employed
• Results of design analysis showing that the system design meets all required safety targets
Verification and validation strategy
• Results of all verification and validation activities
• Records of safety reviews
• Records of any incidents which occur throughout the life of the system
• Records of all changes to the system and justification of its continued safety

A CCHIT ATCB juror, a physician informatics specialist, has also done a guest post in Jan. 2012 on HC Renewal about the certification process, reproducing his testimony to HHS on the issue.  That post is "Interesting HIT Testimony to HHS Standards Committee, Jan. 11, 2011, by Dr. Monteith."  Dr. Monteith testified (emphases mine):

... I’m “pro-HIT.” For all intents and purposes, I haven’t handwritten a prescription since 1999.

That said and with all due respect to the capable people who have worked hard to try to improve health care through HIT, here’s my frank message:

ONC’s strategy has put the cart before the horse. HIT is not ready for widespread implementation. 

... ONC has promoted HIT as if there are clear evidence-based products and processes supporting widespread HIT implementation.

But what’s clear is that we are experimenting…with lives, privacy and careers.

... I have documented scores of error types with our certified EHR, and literally hundreds of EHR-generated errors, including bonsistently incorrect diagnoses, ambiguous eRxs, etc.

As a CCHIT Juror, I’ve seen an inadequate process. Don’t get me wrong, the problem is not CCHIT. The problem stems from MU.

EHRs are being certified even though they take 20 minutes to do a simple task that should take about 20 seconds to do in the field.  [Which can contribute to mistakes and "use error" - ed.] Certification is an “open book” test. How can so many do so poorly?

For example, our EHR is certified, even though it cannot generate eRxs from within the EHR, as required by MU.

To CCHIT’s credit, our EHR vendor did not pass certification. Sadly, our vendor went to another certification body, and now they’re certified.

MU does not address many important issues. Usability has received little more than lip-service. What about safety problems and reporting safety problems? What about computer generated alerts, almost all of which are known to be ignored or overridden (usually for good reason)?
 
The concept of “unintended consequences” comes to mind.

All that said, the problem really isn’t MU and its gross shortcomings, it is ONC trying to do the impossible:

ONC is trying to artificially force a cure for cancer, basically trying to promote one into being, when in fact we need to let one evolve through an evidence-based, disciplined process of scientific discovery and the marketplace.

Needless to say, as was learned at great cost in past decades, a "disciplined process" in medicine includes meaningful safety regulation by objective outside experts.

Further, the certifiers have no authority to do important things such as forcibly remove dangerous software from the market.  An example is the forced Class 1 recall of a defective system as I wrote about in my Dec. 2011 post "FDA Recalls Draeger Health IT Device Because This Product May Cause Serious Adverse Health Consequences, Including Death".   Class 1 recalls are the most serious type of recall and involve situations in which there is a reasonable probability that use of these products will cause serious adverse health consequences or death.

In that situation, the producer had been simply advising users (in critical care environments, no less) to "work around the defects" that could indicate incorrect recommended dosage values of critical meds, including a drug dosage up to ten times the indicated dosage, as well as corrupt critical cardiovascular monitoring data.  As I observed:

... I find a software company advising clinicians to make sure to "work around" blatant IT defects in "acute care environments" the height of arrogance and contempt for patient safety.

Without formal regulatory authority to take actions such as this FDA recall, "safeguarding the public" is a meaningless platitude.

It's also likely the ATCB's, which are private businesses, would not want the responsibility of "safeguarding the public."  That responsibility would open them up to litigation when patient injuries or death were caused, or were contributed to, by "certified" health IT.

I have in the past also noted that the use of the term "certification" might have been deliberate, to mislead potential buyers exactly into thinking that "certification" is akin to a UL certification of an electrical appliance for safety, or an FAA approval of a new aircraft's flight-worthiness.

The WSJ needs to clarify and/or retract its statement, as the statement is misinformation.

At my Feb. 2012 post "Health IT Ddulites and Disregard for the Rights of Others" I observed:

Ddulites [HIT hyper-enthusiasts - ed.] ... ignore the downsides (patient harms) of health IT.

This is despite being already aware of, or informed of patient harms, even by reputable sources such as FDA (Internal FDA memo on H-IT risks), The Joint Commission (Sentinel Events Alert on health IT), the NHS (Examples of potential harm presented by health software - Annex A starting at p. 38), and the ECRI Institute (Top ten healthcare technology risks), to name just a few.

In fact, the hyper-enthusiastic health IT technophiles will go out of their way to incorrectly dismiss risk management-valuable case reports as "anecdotes" not worthy of consideration (see "Anecdotes and medicine" essay at this link).

They will also make unsubstantiated, often hysterical-sounding claims that health IT systems are necessary to, or simply will "transform" (into what, exactly, is usually left a mystery) or even "revolutionize" medicine (whatever that means).

Health IT is a potentially dangerous technology.   It requires meaningful regulation to "safeguard the public."  How many incidents like this and this will it take before that is understood by the hyper-enthusiasts?

I've emailed the ATCB's that had responded to my aforementioned query for clarification on the WSJ assertion about their role, being that the statement is in contradiction to their earlier replies to me.  I also advised them of the potential liability issues.

However, if it turns out to be true that the ONC-ATCB's do intend themselves as the ultimate watchdog and assurer of public safety related to EHR's, that needs to be known by the public and their representatives.

-- SS

Friday, June 1, 2012

Dartmouth's Governance and Wall Street

While the money spent on health care in the US continues to increase, care becomes less accessible and its quality becomes more dubious.  Most public health care discourse seems at a loss to explain how we can keep spending more to get less.

Of many possible explanations, one that has become more credible is continuing erosion of health care stewardship.  The boards of trustees of health care organizations, those charged with their stewardship, seem increasingly preoccupied with self-interest rather than the health care mission.  As more information about how such boards currently operate sneaks into public view, the problems appear more serious and salient.

New information about the governance of Dartmouth College, an issue we have followed since 2007, is illustrative.

The Case So Far

The problems at Dartmouth were notable because in many ways its governance was superior to that of many US higher educational and health care institutions.  At the time we first stumbled on these problems, Dartmouth was unusual in that nearly half of its board of trustees were elected by alumni, rather than being self-appointed.  That made its governance both more representative  and more accountable. 

In 2007, however, a dispute was ongoing about the extent that the institution's board of trustees ought to represent the alumni at large, or instead, ought to be a self-elected body not clearly accountable to anyone else.  The unelected, or "charter" board members were pushing to increases their numbers.  In 2007, what really got our attention was the stated rationale for this push towards less representative and accountable governance. Mr Charles Haldeman, then the chairman of the board of trustees, announced a smaller proportion of elected trustees would ensure that the board "has the broad range of backgrounds, skills, expertise, and fundraising capabilities needed," and that the board members would possess "even more diverse backgrounds."  However, despite his appeal to diversity, Mr Haldeman seemed most intent on reducing "divisiveness," especially dissent that challenged his own authority.  At the time, we thought his argument for more diversity to reduce dissent and increase his own authority seemed Orwellian.

Yet when we examined the backgrounds of the self-appointed trustees, we found that they exhibited little diversity. Furthermore, rather than resembling followers of Ingsoc, they resembled more the group that the radical left traditionally reviled.  Remarkably, three-quarters (6/8) were leaders of the finance sector, of what is popularly called "Wall Street." In 2007, they seemed not very diverse, but why the majority should be in the financial sector, and what implications that had, was then obscure.

After the fall of Lehman Brothers and the onset of the global financial collapse/ great recession, the implications of this Wall Street majority on the board of an institution of higher education became more troubling.  Since 2008, growing concerns about the extent that finance is driven by a "greed is good" culture increasingly suggest that domination of university, medical school, or hospital boards by leaders in the finance sector may increasingly divorce boards from the missions which they are supposed to uphold.

Yet in 2008, the unelected "charter" members of the Dartmouth board succeeded in increasing their numbers, and hence their proportion of total board seats.  The new board was no more diverse.  Of its 13 charter members, 9 were from finance, and one more was the CEO of a corporation with a major finance subsidiary.  (Look here.)  By 2009, the charter board members had succeeded in ousting a dissident alumni-elected member, labeling him a member of a "radical cabal," and rewriting a board loyalty oath apparently to discourage further dissent.  (Look here.)

All this spoke to the increasing power of the culture of finance among members of the board.  Perhaps, though, there were reasons that the financial majority on the board wanted to suppress dissent other than to make themselves more comfortable with their own dominant culture,  In 2010, as the global financial crisis continued, "Educational Endowments and the Financial Crisis: Social Costs and Systemic Risks in the Shadow Banking System," published by the Center for Social Philanthropy, Tellus Institute, focused on how prominent educational institutions, including Dartmouth College, came to invest much of their endowments in risky, illiquid "alternative" investments, the sort provided by the "shadow banking system."  (See this post.)  The report noted extensive conflicts of interest on the Dartmouth board involving trustees who were also leaders of finance.  Their firms, it turned out, were managing a substantial fraction of the money in the college's endowment.  Half of the charter trustees were also being paid to manage the finances of the institution for whose stewardship they were responsible. 

Trustees of non-profit organizations are supposed to exhibit a duty of loyalty, that is, they "must give undivided allegiance when making decisions affecting the organization."  (For a summary of their duties, look here.)   In 2010, I noted, "letting a board member's firm manage millions of dollars worth of the institution's endowment portfolio seems an obvious violation of the duty of loyalty."  So, "these sorts of conflicts of interest may be another 'missing link' explaining why the leadership and governance of health care organizations has gone so far astray."  I then posited, "as disclosure continues, maybe enough outrage will ensue so that improved leadership and governance will become possible.

The Friends of Eleazar Wheelock Charge Corruption

Now there seems to be more outrage.  Last month, the dissident Dartblog broke the story of a letter sent in February, 2012 to the New Hampshire Attorney General by an anonymous group called the "Friends of Eleazar Wheelock."  (Wheelock was the founder of the college.)  To the the letter was appended a report that included an even more extensive list of conflicts of interest affecting Dartmouth trustees, the college's Finance Committee and Investment Committees, and their friends and relatives. 

The letter also added
The mismanagement extends beyond the investments and endowment. 1) Over a period of seven years The College engaged Lehman Brothers in six 'interest rate swaps' totaling $550 million dollars. The current value of these 'swaps' is now in excess of two hundred million dollars. That is what Dartmouth owes on these bets. These losses are not reported in the College’s financial statements. 2) The College’s 'cash' was invested in six hedge funds. Up to 40% of it was lost. Again, this was not reported. This comprises grant money for research, advances to faculty, and other working capital which should have been invested in the safest of money market instruments. 3) over 50% of the endowment is invested with Trustees, Investment Committee members, or their friends.
The report summary stated,
The pattern that the Dartmouth trustees and members of the Endowment/Investment committee have engaged in for decades is clear. That pattern is that a donor/investment manager’s pledge to support Dartmouth is reciprocated with an investment of ever increasing proportions in the donor’s firm, lending the credibility of an Ivy League institution to the firm. The investment returns are of little import; most of these alum/donor/investment manager returns are average to poor.

It rhetorically asked how the college came into
the grip of a club of investment manager alums who have invested almost six hundred million dollars in their very own funds and directed over one billion dollars to their friends? And who have taken almost one hundred million dollars in fees to manage the endowment, often with poor results culminating in the twenty three per cent loss in 2008 and the worst performance of all the Ivies in 2011?

The letter charged that there has been a
quiet takeover of this great College by a cabal of external, wealthy alumni/ae of the college. They have mortgaged the College’s future through borrowing heavily in the tax exempt marketplace under NH HEFA (Health and Education Facilities Authority). They have simultaneously directed the College’s three billion dollar endowment to themselves, their firms, and their friends. They have furthered their own self-interest at the expense of the College and the Upper Valley. They have abused the non-profit status of Dartmouth College. They have enriched themselves through managing and directing Dartmouth’s three billion dollar endowment. In all cases they have taken gargantuan fund management fees through 'Private Equity', 'Venture Capital', and 'Hedge Funds' investments which they, themselves, manage and are the owners of.
Summary

A post on the American Thinker blog noted that the letter alleged "corruption." It is impossible to tell whether these expanded allegations will result in any charges, much less convictions. The state Attorney General is currently looking into this (see Reuters). Certainly, the allegations are at least of ethical corruption as it is defined by Transparency International, "abuse of entrusted power for private gain."

The revelations since 2007 (and I could argue beginning with my finding that the majority of the supposedly "diverse" charter trustees were leaders of finance) first raised questions whether Dartmouth governance's was attentive to the mission, then, whether it was conflicted, and now, whether it is corrupt.

That these questions can be credibly raised about one of our most prestigious institutions of higher education and health care demonstrates the depth of our health care crisis. It also demonstrates how the health care crisis seems inextricably linked to the financial crisis, and to a fundamental crisis about our society and its commitment to democracy and fairness.

A fair and thorough enquiry about the mess at Dartmouth, resulting in clear actions to uphold the institution's mission and ethics, and, if applicable, the law, would start us down the path of true health care reform.

However, if this just gets swept under the rug, we will not have reached the bottom of our descent.

ADDENDUM (2 June, 2012) - Note that Dartmouth's most recent President, Jim Yong Kim, who was appointed by and served under the Trustees in question above, is now President of the World Bank (see this LA Times article.)

See also comments in the University Diaries blog.

Upcoming Keynote Presentation to Health Informatics Society of Australia: Health IT Must First Do No Harm

Pulse+IT Magazine (http://www.pulseitmagazine.com.au/) is Australasia's first, and they claim only, eHealth and Health IT periodical.

In a May 30, 2012 article entitled "Patient and safety advocates a highlight at HIC2012" at this link, writer Kate McDonald describes my upcoming panel participation and Keynote Presentation at the annual Health Informatics Conference (HIC) of the Health Informatics Society of Australia (HISA) in Sydney.

The focus of the HIC2012 meeting is "Building a Healthcare Future through Trusted Information."

Ms. McDonald had called me from Down Under to discuss my upcoming talk.  She writes:

 ... Also on the panel [one of the conference's annual Q&A panels - ed.] will be NEHTA CEO Peter Fleming, HISA board director and well-known consultant David Rowlands, and Scot Silverstein, an adjunct professor of health informatics at Drexel University in the US.

Dr Silverstein also has a personal story to tell that brings home the importance of what exactly is 'trusted' information. A qualified medical doctor and medical informatics researcher, Dr Silverstein is a strong advocate for safety in health IT systems, having been personally involved in what he believes was a case of medical misadventure caused by an electronic health record that resulted in harm to a close relative.

He will also deliver a keynote speech on the topic of improving health IT systems as a first step towards evidence-based medicine and better clinical outcomes.

Dr Silverstein told Pulse+IT that there is a “syndrome of over-confidence” in computer output that he finds puzzling.

“In other fields people, when they start getting incorrect bills or they keep coming and they can't stop them, it is always blamed on a computer system,” he said. “And yet in medicine, it seems to have evolved a culture around computing that machines in healthcare must deterministically create improvement and are purely beneficent and can't be capable of creating harm.

“It is a strange philosophy because in the same breath, people say healthcare information technology is capable of great benefit, that is a very powerful technology and when it is done well, it is. [As I've written before, "doing HIT well" is a challenge of 'wicked' complexity - ed.]  But anything that is a potential source for great good can also have a downside. There seems to be a cognitive gap in connecting computing in healthcare to its possible risk.”

She summarizes the views expressed in our phone conversation well.  My theme will be that health IT and the information it generates cannot be trusted until the technology itself is trustworthy, and earns our trust, through better engineering and implementation practices.

Ironically, I was invited to 2011's meeting.  I would have attended, but was tending to the injuries of my relative caused by the aforementioned medical misadventure. That relative is no longer with us and is hopefully resting in peace.

HISA was kind enough to re-invite me for 2012, for which I am grateful.

I will also be spending some time with several Medical Informatics professors in Australian universities, which should provide an excellent opportunity for sharing of views.


Sydney, Australia

I look forward to being in Sydney, never having been physically present in Australia, although being a ham radio operator, my single sideband (voice) and Morse code shortwave signals have been there on many occasions over the years.  This is a mere ~ 10,000-mile path.  No Internet or phone lines needed!  (I hope I get the opportunity to operate an Amateur radio station from "Down Under.")

More here after my presentation.

-- SS