9/24/2007

Vol. IV, No. 34

Health Information Technology Team Report
Brought to you by Thomas Jefferson University’s Department of Health Policy

HHS Report: Health IT, Genetic Medicine To Personalize Care

HHS Secretary Mike Leavitt on 9/19 released a report on development of more personalized health
care and the role that health IT will play. “Personalized Health Care: Opportunities, Pathways,
Resources” offers a long-term plan for more customized treatment through the use of genetic
information and health IT. Personalized health care “will be founded upon vast amounts of
information that will be readily accessible at clinics and hospital bedsides… [its full potential] cannot
be realized unless electronic systems, clinical databases and knowledge repositories employ
interoperable standards … Patients will have the opportunity to become more health literate and take
more responsibility for their own health care.” (Government Health IT, 9/19; iHealthBeat, 9/20)
CMS Awards $4B Contract To Modernize Medicare, Medicaid
CMS has selected 16 contractors for a $4 billion Enterprise System Development contract to acquire
IT over the next 10 years as the agency modernizes Medicare and Medicaid services to reduce costs
and enhance quality. ESD is the agency’s new approach to acquiring, delivering, and managing IT.
Under the new contract, the firms will provide planning, business requirements, design, development,
testing, and maintenance. The ESD Service Model covers systems development and integration,
system and application engineering, and technical support to improve the automated systems and
HHS’' applications. CMS hopes the development of its Enterprise Data Centers and a Common
Enterprise Infrastructure will provide a general approach to system and software development, and a
contracting vehicle that provides these services. (Government Health IT, 9/18; iHealthBeat, 9/19)
EHR Systems Remain at Risk for Security Breaches, Study Finds
EHRs remain vulnerable to security risks despite advances in certification, according to a study by
the eHealth Vulnerability Reporting Program. Researchers surveyed 850 providers and tested 7
EHRs, including 5 certified by CCHIT. The study benchmarked health data security practices against
other industries and found: product certifications do not address vulnerability reporting but help
evaluate functionality, inter-operability, and security capabilities; EHR vulnerabilities can be
identified using standard tools and techniques; and EHR vendors do not adequately disclose
vulnerabilities to customers, preventing organizations from appropriately managing risks or adopting
controls. (eHVRP press release, 9/17; Healthcare IT News, 9/17; iHealthBeat, 9/18)
Quality of Information on Hospital Comparison Web Sites Questioned
Hospital comparison Web sites often provide consumers with conflicting, incomplete, and outdated
data, according to a study conducted by Michael Leonardi et al. at the Geffen School of Medicine at
UCLA and published 9/17 in the Archives of Surgery. The study examined 6 Web sites provided by
CMS, Joint Commission, Leapfrog Group, and 3 unnamed organizations that operate proprietary sites
and found “suboptimal measures of quality and inconsistent results” for hospitals rated for 3 common
procedures: laparoscopic gall bladder removal, hernia repair, and colon removal; none of the Web
sites had real-time data, most data were a year old, and some Web sites provided conflicting data,
e.g., one hospital was rated best for colon removal by 2 sites but worst by a third site. “For
accessibility and data transparency, the government and [not-for-profit] Web sites were best… For
appropriate-ness, the proprietary Web sites were best.” (Modern Healthcare, 9/17; iHealthBeat, 9/18)

Any questions regarding this newsletter can be directed to

Albert Crawford at albert.crawford@jefferson.edu.