Thursday, October 24, 2013

Lessons Learned from the Health Insurance Exchange Launch


CIOs face many pressures - increase scope, reduce timelines, trim budgets.     After nearly 20 years as a CIO, I've learned a great deal about project success factors.

When faced with go live pressures, I tell my staff the following:

"If you go live months late when you're ready, no one will ever remember.

If you go live on time, when you're not ready, no one will ever forget."

I have hundreds of live clinical applications.    Does anyone remember their go live date?  Nope.

Were there delays in go live dates?  Many.

With even the best people, best planning, and appropriate budgets, large, complex projects encounter issues imposed by external factors (new regulations, competing unplanned events, requirements changes) that cannot be predicated during initial project scheduling.

It helps no one - the users, the business owners, or the IT department to slavishly adhere to a deadline when the project is not ready to go live.

I work on federal advisory committees in the Obama administration and truly believe in the goals of many administration programs - Meaningful Use, HIPAA Omnibus rule, and Affordable Care Act.

However, we've seen that in the interest of accelerating change, deadlines have been imposed that do not allow for sufficient testing, piloting and cultural change.  The result is that haste makes waste.

As I've written in my blog many times, ICD-10 will become a crisis for the Obama administration.   Payers and providers will not be ready by October 1, 2014.   Documentation systems and clinician billing process changes will not be mature enough to support a successful go live.   More time is needed.    My experience with IT crises is that you can survive one at a time, but a succession of problems creates a pattern that users and oversight bodies will no longer tolerate.   I hope the premature go live of the Health Insurance Exchange results in a review of ICD-10 go live dates.

Meaningful Use Stage 2 attestation criteria are good.   The certification scripts need very significant revision.   How did this happen?   They were created in a rush to adhere to an artificial deadline, not reviewed by the federal advisory committees, and not piloted tested/revised.     New regulation is needed fix them and that will take time.   Again, the lessons of the Health Insurance Exchange should cause us to extend Meaningful Use Stage 2 deadlines by a year, deferring future stages of Meaningful Use until we have consolidated our gains and understood our successes/failures with current stages.

The Office of Civil Rights is an important watchdog of patient privacy.   We all believe respecting patient privacy is one of our most sacred responsibilities.   However, at times government auditors have enforced policy for which the technology and infrastructure of the country was not ready.    Yesterday I received an email from Harvard Medical School noting that the laptop encryption software installed a few years ago was deemed too error prone and too hard to support so it would be retired.   Luckily in 2013, encryption is natively supported in current releases of Mac OSX, iOS, Android, and Windows.   The industry is ready to support robust device encryption now.    However, enforcement/breach penalties related to encryption on mobile devices started years ago when products were as stable as the Health Insurance Exchange.   We should have aligned enforcement with product maturity in the marketplace.   Similarly the HIPAA Omnibus Rule contains provisions like the self-pay redaction requirement that no hospital has figured out how to support.  However, enforcement is starting now.

Do we a see a pattern here?   Policies are good.   Policymakers are well meaning.  Timelines are set in such a way that none of these activities - Health Insurance Exchange, ICD-10, Meaningful Use Stage 2, or HIPAA Omnibus Rule have enough time for testing, piloting, and cultural change.

As I've written about previous in my post the Toad and the Snake, I'm not yet at that time in my life when I resist change or innovation.   I'm simply an IT leader and physician in the trenches who knows that 9 women cannot create a baby in a month.   There is a minimum gestation period for IT projects and our policymakers should learn from the lessons of the Health Insurance Exchange and re-calibrate the timelines shown in the graphic above so that everyone is successful.

6 comments:

Anonymous said...

Where can I provide my email address to receive email updates of new posts?
Thank you.

Anonymous said...

I saw the governor of Kentucky on TV yesterday extolling the fact that their state run system for enrolling people into the affordable insurance program was running seamlessly...and I believe there are other similar state run programs with the same success. Why not take one of these systems and template them into the federal system? Or is there a chance they would not "scale?"

JohnnyM said...

Amen, Brother.

Pushing out electronic systems before they are ready only results in missed expectations and serves to further the belief that computers make things worse, and harder, not better.

We have made progress towards implementing electronic systems in healthcare, in no small part due to the push from CMS, but it seems clear that we are headed for a disaster, with too much, too soon! Once we have destroyed the confidence of the healthcare community by pushing out immature systems, there is no taking that back.

Anonymous said...

Given both your background and role on federal advisory committees I'm curious what your opinion is on the cost of the web site which reportedly sits at just under $300 million today but obviously will be going up. Frankly I can appreciate the load and systems integration issues they are wrestling with, but I am stunned at the cost which almost seems a small footnote to the story.

Anonymous said...

Anyone offer a reference or link to the mentioned "self-pay redaction requirement" in HIPAA? As a medical tourist to Mass. and a privacy advocate, I'm curious to know what I missed.

John Halamka said...

I added an American Bar Association link that explains the self pay redaction provision.