A lack of sufficient security policies and procedures has placed NJ Medicaid participant's sensitive information in jeopardy. The state has failed to adequately monitor access to key personal information in the Medicaid Management Information System (MMIS) which could expose participants to fraud, abuse and misuse.

In a series of three recent audits by the NJ Office of State Legislature, the Department of Health Service's Medicaid program was harshly criticized for inadequate information security planning, auditing, management, edit controls and monitoring capabilities. The most recent audit, released April 24, 2008 indicated that the Department fails to properly monitor access to Medicaid participant's information such as social security, tax identification numbers and birth dates in the MMIS. The MMIS supports the $9 billion program by processing claims for more than one million participants. Previous audits found that individuals earning as much as $295,000 were enrolled in the program which targets low-income populations. Other findings included questionable medical equipment purchases. Recommendations for improvement included an enhanced audit trail, such as a department log to access information.

The legislative reprimand comes as the state is gearing up for a re-bid of the MMIS and will likely have a major impact on the scope of work and system requirements. In particular, emphasis will likely be placed on audit trail capabilities and security measures. The incumbent contract with Unisys is scheduled to expire August 23, 2008. Further information on the MMIS re-bid project from INPUT can be found here.

States need direction on how to obtain and use IT dollars to innovate and develop health IT within their Medicaid programs. According to Rick Friedman, the money is out there but "the real challenge is to find it."

During Government Health IT's recent eSeminar "Medicaid's Health IT Makeover", Rick Friedman, Director of the Division of State Systems within Centers of Medicare and Medicaid Services (CMS), spoke on how they are working to incorporate new health IT systems and practices into Medicaid's business systems. Just to provide some context, total Medicaid spending in 2007 was over $300 billion dollars of which 11 percent was spent on administrative overhead costs. Friedman reported that Medicaid IT spending across the country totals around $1.5 to $2 billion a year. This is less than one percent of the total Medicaid spending. The chief IT investment is the states' claims processing systems, called the Medicaid Management Information System (MMIS).

The ultimate goal, according to Friedman, is to transform Medicaid's outlook from one characterized by departmental silos to one based on interoperability and health care outcomes. The future vision is that medical information will follow the consumer, which is very difficult to do with today's claims processing system because of the way they were originally built. The states customized their own systems for processing capabilities, but now the current models do not easily share information with their own sister agencies or with other states.

Enter the Medicaid Information Technology Architecture (MITA), a web-based, patient centric, interoperable system framework that is based on industry IT standards. Friedman compared MITA to claims processing as "what we've had in the past on steroids". But he was also quick to point out that MITA is based on state input, not the Feds trying to figure it out and push it down to the states. Friedman said their objective it to make sure to adopt data and industry standards, and try to build things that can be reused as components in other places. Friedman likened MITA to a Tinkertoy set; the classic construction toy that comes with spools, rods and connectors. He described the Tinkertoy framework as one in which the pieces are built by certain standards but you can take two boxes, mix up the pieces and build something to meet your unique needs. Someone else could take the remaining pieces and build something completely different. Each built something that met their individual needs but used standard pieces to make it work. Finally, if we want to combine the two separate creations, we can still use additional Tinkertoy pieces to connect it.

So where are they in terms of developing the new architecture? Friedman said the business architecture is largely completed, the technical architecture is about third of the way done, and they are getting started on the information architecture. Freidman suspects it will take longer than the next administration for this IT transformation to take place, anywhere from five to ten years. Funding concerns are evident from the multiple questions raised by the audience about whether we can expect to see another round of Medicaid Transformation Grants (depends on Congress) or if the Federal 90/10 technology matches or the 75/25 administrative funding apply to acquiring EHRs in state facilities that treat Medicaid patients (it does not). Friedman said the mission should be to sustain the Medicaid transformation projects once the grant funds dry up and to use the MMIS dollars where appropriate to support efforts toward MITA and e-health. He affirmed that "there is a way to do this. You gotta have some faith, but there is some money and ways to pull this off. The real challenge is to find it."

Experts have considered various approaches to implementing a public health insurance program to ensure fair competition and quality of care. Many questions remain unanswered, in particular, would a public insurance plan be administered by state governments or by the federal government?

In recent years, there has been increasing buzz around the idea of a publically-sponsored health plan; shifting the traditional notion that health care is a privilege to health care is a right. Kaiser Family Foundation aired a topical webcast entitled, A Public Plan Option under Health Reform, featuring three experts discussing various approaches and implications of a publically-sponsored health plan. In particular, Jacob Hacker, Ph.D., and Stuart Butler, Ph.D., specifically debated whether the federal government or state governments should be charged with the task.

Stuart Butler indicated a preference for state level implementation, pilot testing and experimentation. He noted that there is not enough evidence of information to implement a national system, but that he wouldn't rule out moving towards one in the future. In contrast, Jacob Hacker indicated he favors a national framework; since this is a national problem it should be addressed on a national level with appropriate regional variations and regulations. Mr. Hacker does not believe that states would effectively administer a public insurance program due to special restrictions, regulations and budget deficits. Further, he noted the potential for major variations in state programs which could be problematic and potentially drive people to move to a state with a better program.

All three panelists highlighted the importance of fair competition and advocated three plans operating simultaneously--private insurance, a public program and employer-sponsored. Further, Medicare was exemplified for its efficiencies and low administrative costs. While the experts mentioned a potential expansion of the program they did emphasize that a publically-sponsored health plan would be a separate entity.

States and localities are responding to public demands for web-accessible health care safety, quality, and pricing data which empowers citizens to become better informed and make appropriate health care decisions.

Just as states are supporting greater transparency investments as an approach to better government, likewise they are providing the means for consumers to become better educated on their health care spending. People want greater certainty in the quality and value of their health care experiences and states are responding by providing them with the tools to do so. Just this week Houston announced the launch of an online website to provide consumers with information about their health insurance options. Maybe sites like this will demonstrate that people have choices and they don't have to resort to alternatives such as getting hitched for health care?

Like Texas, similar transparency efforts are taking shape across the nation. There are laws in thirty states regarding the disclosure or reporting of health care fees. Here are just a few examples of initiatives:

• Florida, a front runner in health care transparency, has been successful in their website which provides comparisons of hospitals, health plans, prescription drugs, and more.
• Wisconsin's Governor used his State of the State Address to unveil plans to create a simple web-site and a 1-800 number to make it easier for families to understand their health care options.
• Legislation has been introduced in Louisiana for the administration to create a state-run site to allow consumers to compare the cost and quality of their health care facilities.
• Georgia is investing their Medicaid Transformation Grant funds into building a statewide health information transparency web site. Further supporting their goals, two weeks ago Georgia's Commissioner for the Department of Community Health appointed a Director to their newly created Office of Health Information Technology and Transparency (HITT).

Transparency will challenge the market to offer competitive prices and quality services. Presenting people with options is very powerful but just because the data becomes available who's to say that people will actually use it in a meaningful way? Education will be a big factor in consumer engagement. Aside from necessary transparency policies and funding, states and localities will need to sponsor and support outreach initiatives and promote access to the newly available health care information.

Today Congress passed a bill -- by remarkably bipartisan 414-1 and 95-0 margins -- that will likely boost national efforts to create Electronic Health Records. The bill prohibits the use of genetic information by health insurers or employers to determine rates or eligibility for coverage, benefits or employment related matters. Depending on the strength of the ultimate protections and remedies, this prohibition on genetic discrimination should alleviate to some extent individual privacy concerns, which were one of the main challenges to widespread adoption of Electronic Health Records.

In 2004, President Bush issued an Executive Order that established a Health Technology Agenda, with one goal being that all Americans should have electronic health records by 2014. This agenda calls for the creation of a National Health Information Network (NHIN), which now falls under the auspices of HHS's Office of the National Coordinator for Health Information Technology.

In a recent report, INPUT forecasted that the Health IT Market will grow to $4.5 B in 2013 from $3.2 B in 2008, a growth rate of 7.1%. This legislation is likely fuel to that growth.

Even though Colorado is one of 23 states that are projecting revenue shortfalls in 2009, Governor Ritter's signs a budget bill that raises state spending by 6% and adds 1,334 new employees to the state payroll. Building Blocks for Health Care Reform gets funded as do several other technology projects.

Yesterday Governor Bill Ritter signed the fiscal 2009 budget into law. It increases general fund spending by 6%, or $431 million, and adds 1,334 new state employees. Meanwhile, legislative economists predict a decrease in revenues of $693 million over the next 5 years.

Several lawmakers seemed unhappy with the process this year, which included much partisan bickering, but little change. Rep. Cory Gardner (R-Yuma) said, "I think it's time we upgrade the budget process, Colorado Budget 2.0." The Joint Budget Committee spend months putting the budget together but the House and Senate have only two weeks to debate and pass the budget bill. Gardner suggested moving to a biennial budget cycle.

So what's in it for technology vendors?

• Department of Corrections -- $54,369 to enable the Parole Board to convert its paper-intensive decision process to electronic documents which can be security signed and transmitted.
• Office of the Governor -- $349,353 to acquire components and software to mitigate critical network security risks through centrally managed firewalls, intrusion detection systems and antivirus protection.
• Department of Health Care Policy and Financing -- $5.5 million to begin the process of centralized eligibility determinations that will streamline the Medicaid and CHP+ application process.
• Department of Public Health and Environment -- $654,000 to operate and enhance the Colorado Immunization Information System (CIIS).
• Department of State -- $749,846 for information security related activities, $900,000 for administering voting systems certification and $520,000 to replace the department's outdated accounting system to better process applications received electronically
• Department of Personnel and Administration -- $7.9 million for the Digital Trunked Radio System so that counties on the Western Slope can obtain needed software and system upgrades.
• Department of Public Safety -- $1.2 million for the new Alamosa Troop Office Regional Communications Center. Part of this capital expanse will be used to relocate and update the existing radio infrastructure.
• Department of Revenue -- $7.8 million for the Colorado Integrated Tax Architecture (CITA), which replaces the current tax system with a single, integrated system.

Also included in the budget was $25 million for the governor's Building Blocks for Health Care Reform package, which includes several technology initiatives including centralized eligibility determination for Medical and CHP+, the state's Children's Health Insurance Program (CHIP) and the web-based Report Card on Health Insurance Companies.

Still to be enacted is the the Colorado IT Consolidation Plan, which is SB 155.

The pressures of being short-staffed are likely drivers for government agencies electing to have an external entity with expertise and sensitivity to specific project requirements provide an initial advertisement via a Request for Information (RFI). What are the upsides and downsides of anonymity?

Some state and local agencies seeking to remain anonymous during the informal RFI period due to time constraints are using other outlets. An upside of anonymity for government entities during the RFI process is that external consultants can field and filter questions and inquiries from the vendor community. This can also prevent biases prior to the release of a formal solicitation on a publicly accessible government procurement website. Subsequently after external assistance, the government entity can compile the information gathered to develop an RFP and then release that formal bid on a public government procurement website. An upside for the vendor community is that while the government entity has not placed the RFI on their website, there still has been an effort to better understand vendor solutions prior to releasing a detached RFP. Further, stereotypes and business practices often develop in certain regions, states and localities and this is a method of preventing these potential downfalls from creeping into proposed solutions.

The downside of opting for anonymity during the RFI process for the government community is there is a potential disconnect between the project plans and the proposed solutions. The lack of communication establishes a certain distance between the two primary stakeholders, government and vendors; when really these two groups should be working towards fostering a strong relationship. The downside of anonymity for vendors is that there is an inability to tailor initial responses to the needs of current systems, system-interfacing requirements and so forth. This leads to intensified efforts during the RFP phase to tweak proposals and provide regionally-sensitive solutions in a historically short turn-around time. Further, most vendors are unable to respond to all RFPs so therefore must pick and choose projects and tend to select regions in which there is already a strong presence, relationship and expertise. Anonymity would therefore impede this typical selection process in the initial phase.

One example of an external entity assisting and advertising RFIs for government entities is the Public Health Foundation Enterprise (PHFE). Currently on the PHFE website there are three RFIs posted: a Public Health/Clinical Case Management Information System, an Environmental Health Information System and a Fiscal/Accounting Services Information System. INPUT confirmed that if RFPs are released as a result of these RFIs the government entities would make themselves known and release the RFP on a publicly accessible government procurement website, as well as PHFE listing the RFP.

The state will adopt new rules and procedures to protect personal identifying information so as to eliminate any more state-sponsored privacy violations. Vendors can look forward to more consistent and standardized language in contracts clarifying how personal information is to be protected.

It has taken one too many security breaches for states to see the dangers in using Social Security numbers as IDs. We've seen 36 states introduce over a hundred pieces of Identity Theft Legislation in 2008 and half of the states passed legislation in 2007 to protect Social Security numbers from disclosure. Though Wisconsin was not amongst those states, Governor Jim Doyle has issued a directive to the Department of Administration (DOA) to eliminate the state government's use of Social Security numbers (except where required by law). This comes in response to a review of the state's procedures in protecting personal information after multiple state security breaches including the Department of Health and Family Service and the Department of Revenue. Following its mishap earlier this year and as part of its MMIS upgrade, the Department of Health and Family Service broke away from its 30-year practice of using Social Security numbers as part of its identity system.

The DOA will work with state agencies to replace Social Security numbers with random identifier numbers and designate a privacy officer within each agency. Doyle also called for annual risk assessments and further state employee education and training to make sure they understand their responsibility in protecting the data.

This week was also the deadline for the University of Wisconsin to deactivate its older identification cards that were attached to user's Social Security numbers in response to a disclosure last November.

As the health information technology (IT) market experiences rapid growth, so must the professional workforce supporting these projects. Currently an estimated 40,000 more professionals will be necessary to fill the widening gap. This growth spurt will likely be occurring within federal, state and local government agencies as well as the vendor community.

A study by William Hersh, MD and Adam Wright, PhD entitled, "Characterizing the Health Information Technology Workforce: Analysis from the HIMSS Analytics™ Database", indicates the demand for a skilled IT workforce to support the health care industry's paper-to-electronic transformation is increasing. Health IT experts are necessary to design, develop and implement innovative user-friendly, patient-centric systems. Further, as ehealth projects and initiatives get underway and more precisely define system capabilities and functionalities there will be on-going upgrades, enhancements and maintenance.

Oregon Representative David Wu has authored a bill, H.R. 1467, aimed at addressing the need to ensure more health IT professionals. The 10,000 Trained by 2010 Act would provide funds for health IT education. The bill has been passed by the House and is awaiting considering in the Senate.

As California's prison system experiences continual growth and severe overcrowding, its Health Care becomes even more difficult to operate successfully; Information Technology will need to be utilized in order to provide inmates with reasonable Health Care in both an efficient and effective manner.

The Problem......

Right now, the 33 California State Prisons house a combined total of 170,000 inmates which is double the amount that the prisons were built to hold. As a result of this overcrowding, one inmate dies every six to seven days as a result of 'disgraceful' medical care. In fact, four years ago at San Quentin, an inmate was prescribed two drugs to treat kidney problems. However, those drugs only made the kidney problems worse and the inmate eventually perished because of the error.

How is a problem of this magnitude fixed or at least acceptably controlled? Medical care of California inmates has even been ruled in violation of the Eighth Amendment which cites cruel and unusual punishment. Naturally, the construction of new facilities should be provided within the next five years. However, will that serve as the solution to a problem of this magnitude?

The Solution......

California has a new prison IT plan. Clark Kelso, the project lead, advises that this will be a 'ground up' effort as they strive for creating a healthcare system that meets constitutional standards and can eventually be maintained by the state. Even though IT will not be the 'only' answer to this problem; with time, it will ultimately serve as the saving grace. The first step towards the solution is to standardize the business process within the state prison Health Care system. New technology will then be deployed in all of the state's facilities but will be overseen by a third party and eventually returned to the state's control.

What Does This Mean?

Vendors will be called upon to provide their services for valuable opportunities in the Health Care and Justice/Public Safety verticals. Other states will eventually experience similar problems as prison overcrowding continues to be a looming trend. It would be smart to look to other states' corrections systems and be able to provide a proactive solution.

Be sure to read the complete articles: Can Technology Fix California Prison Health Care? and California's New Prison IT Plan