by Dr. Sherri Tenpenny, DO, AOBNMM, ABIHM
In 2011, the Centers for Medicare & Medicaid Services (CMS) began a program to entice doctors and hospitals to incorporate the use of Electronic Health Records or EHR. The carrot? The promise of convenience, coordinated care, fewer medical errors, more efficient office visits, improved access to medical records. Oh yeah, and they were told, “If you want to get paid, you must convert and bill electronically.”
The EHR programs were costly. The setup and implementation fees, which could be $30,000 or more, were required for each physician in a practice. Therefore, the government offered two incentive programs to encourage participation. The Medicare EHR Incentive Program offered to pay up to $44,000 over 5 years to cover the cost to implement a specific type of EHR, one that was certified to store and easily transfer structured data. The Medicaid EHR Incentive Program, offered to pay up to $63,750 over six years. In exchange, providers had to prove they were using the EHRs in a “meaningful way,” now simply referred to as “meaningful use”, or MU.
To date, at least 400,000 providers have adopted EHRs and are “meaningfully using” them. The sheer cost of the mandate, even with the incentives, forced many doctors to leave private practice and become hospital employees. They are now told how to practice medicine by administrators, insurance companies, and the government. Once part of the system, doctors have been forced to comply with EHR use and follow the MU criteria.
The CMS incentive programs came with a stipulation: data must be reported back to CMS. In 2014, providers had to meet the Stage 1 requirements, which included documenting 18 objectives, 13 were required and 5 were could be selected from a menu of 9 criteria. Beginning in 2015, the number of core objectives increased to 20 and physicians are now required to report 9 out of 64 total clinical quality measures (CQMs). Here is a sort list of CQMs reported to the government:
- Childhood Obesity
- Coronary Artery Disease
- Heart Failure
- Ischemic Vascular Disease
- Smoking Cessation
- Vaccination Status
- Adult Obesity
- Breast Cancer
One of the Stage 2 core objectives of “meaningful use” for hospitals and providers included the requirement to electronically send your immunization data to a public health registry or to the immunization information system (IIS data banks). In other words, if the state’s system can accept vaccine records, the data must be sent.
In other words, if the state’s system is able to accept vaccine records, the data must be sent.
EHR Compliance: Another stick
So, what happens if doctors and hospitals do not comply with these reporting requirements? Beginning in 2015, and each subsequent year, Medicare and Medicaid will decrease reimbursement by 1% per year, up to a maximum of 5% per year. That can amount to millions and millions of dollars for not spilling the beans about your health status, including your vaccination record.
The EHR has turned out to be very different than advertised. Big Government, Big Data, and Big Insurance promised convenience, efficiency and coordinated care. What did EHRs really turn out to be? A Big Fat Lie. The truth is, these systems were created to spy on and collect data on patients, and allows the government to handcuff the doctors. EHRs have nothing to do with improving patient care. Your doctors may not have known how bad the government-mandated EHRs were going to be when they enrolled in 2011, but certainly, they know now how bad they really are.
Since the early 1990s, states have been working towards establishing a nationwide electronic repository for vaccine records. Access of records across state lines has been one of the more difficult challenges to overcome. By 2000, 36% of states had laws or rules specifically addressing their state’s vaccine registry. More recently (2011), it was found that 66% of states have laws specifically addressing the use of the vaccine tracking systems in their specific states.
The number of children captured in the national vaccine database has increased steadily, from 63% in 2006 to 86% in 2012, which totaled 19.5 million children under 6 years of age. The number of adults within the tracking system has also increased. By 2012, the last year that statistics have been reported, 24.5%, or 57.8 million adults aged 19 years and older, had their personal vaccine information entered into the system. Two states, Connecticut and Rhode Island have been outliers in data collection with Connecticut only tracking children under 6 and Rhode Island capturing personal information up to age 19, but not adults.
One of the primary goals of Healthy People 2020 is to register the vaccine records of at least 90% of all children under 6 years of age and 80% of all adolescents between 11 and 18 years, who have received two or more teen vaccines. Not surprisingly, the plan for this has been intertwined with the government’s insistence on expanded use of EHRs.
As of 2016, all participating professionals were required to submit the vaccination status of all their patients to either a national public health registry or to the databanks housed at the Immunization Information System (IIS), the state’s vaccine registry. Released in November 2013 through a joint effort between the CDC and the National Center for Immunization and Respiratory Diseases (NCIRD), IIS is a population-based, electronic database that tracks all vaccine doses administered to all persons within a given area. Information retained in the database included the patient’s name and demographics along with the name of each vaccine, administration date, dosage, lot number, etc. Each submission becomes a real-time log of consolidated vaccination data for each person, data that can be accessed by clinical, administrative and/or public health officials, anytime and anywhere. Once the information has been entered, it is a permanent record, kept indefinitely, unless the individual requests that information is removed.
Initially, the tracking system was designed to track children. With the mobility of parents, medical records are often left behind. The developers wanted to be sure that no doses were missed. But as more and more vaccines are added to the schedule, not only for children but also for adolescents and adults, the IIS system has expanded to track vaccination records – and more – of all patients, from cradle to grave.
Expensive and Hackable: How Safe is Your Personal Health Information?
All of this tracking has come at a tremendous cost to taxpayers. In 2009, President Obama signed the Health Information Technology for Economic and Clinical Health Act, also referred to as the HITECH Act. This legislation, part of the 2009 federal government economic Stimulus Package, allocated $27 billion to encourage hospitals and providers to adopt EHRs. Many more billions were set aside for IT and medical professional training. Between May 2011 and September 2016, an additional $24.7 billion has been paid into advancing the EHR Medicare and Medicaid incentive programs. The states have paid matching funds, with combined Medicare and Medicaid payments paid by all 50 states to be $34.9 billion.
What most people are not aware of are the overwhelming number of breaches in security that have occurred. A breach is defined as “an unauthorized access, use or disclosure of protected health information that compromises the security or privacy of the information.” The HITECH Act requires that the Secretary of HHS must notify the media and post a list on the HHS.gov website if the hack has affected 500 or more individuals. The posting is to include the type of breach, the location of the breached information, the names of private practice providers or hospitals where the breach occurred, and the number of persons affected by that particular breach.
Since 2009, more than 1,725 EHRs have been breached that were housed with insurance companies, hospital systems, outpatient clinics, physician offices, and even health centers at universities. The hacks occurred through EHRs, global IT hacking, thumb drive theft and unauthorized access to databases. Combined, the breach of electronic records have affected more than 100 million people. The largest reported breach was in February 2015, when the network server for health insurance carrier, Anthem, which affected the records of more than 78.8 million individuals. Premera and Excellus, affiliates of BlueCross/Blue shield experienced breaches by IT hackers, affecting more than 21 million records.
Knowing all this, how safe to you feel sharing your more personal health concerns with your personal, family doctor? Frightening, isn’t it?
Physicians Opting for Change
Is it any wonder that, according to projections by the Association of American Medical Colleges, the nation anticipates a shortage more than 90,000 physicians by 2020 and 130,000 physicians by 2025? In a recent survey 1,527 physicians, 61 percent would not encourage their children to enter the field of medicine due decreasing reimbursement, the hassles of billing and collection, and the impact a career in medicine has on lifestyle. (And I would add, doctors are leaving due to fear of government retribution and the loss of the doctor-patient relationship.)
I actually saw this coming. In 2002, Tenpenny Integrative Medical Center made the hard decision to opt-out of Medicare and Medicaid participation. A clerical error could trigger a medicare audit, and the penalties for innocent mistakes could be staggering – $10,000 per infraction and up to 10 years in jail. And I knew that, eventually, the government would use EHRs to collect every possible statistic on every single person.
That’s why we still use paper records. We protect your privacy… and we do not administer vaccines.