BBI Contributing Editor

NEW ORLEANS, Louisiana – Each year's Healthcare Information and Management Systems Society (HIMSS; Chicago, Illinois) meeting of late has had one or two main focal points. At the 2001 conference, held last month at the Ernest N. Morial Convention Center, the primary points to ponder were the Health Insurance Portability and Accountability Act (HIPAA) and application service provider- enabled applications.

The number of vendors grew by 6% this year to 670 in all, including 170 companies exhibiting at the conference for the first time. Total exhibit space was 38% larger than last year in Dallas, Texas. They came with great expectations, mostly because 2000 was such a terrible year for so many of them. The exhibit floor was fairly crowded during the times we visited it, suggesting there was renewed interest in available solutions. Several vendors said that their level of negotiations had increased. This was encouraging, since 2000 was such a bust.

Data from Sheldon Dorenfest Associates (Chicago, Illinois) underscored the issue. Dorenfest indicated that the total health care IT market had revenues of $19 billion in 2000, a modest 2.7% increase over 1999's figure of $18.5 billion and the smallest increase in actual revenue dollars since 1993. Dorenfest forecast growth of 5.2% in 2001, accelerating to 9% in 2002.

According to Ron Johnson, speaking at a Klas Enterprises (Draper, Utah) presentation, only four of 20 health care information vendors surveyed by that firm had a better year in 2000 than in 1999; just three of nine point-of-care, computerized patient record companies topped 1999 revenues last year; and a mere three of 22 laboratory information systems companies posted better year-to-year results.

Given this climate, many companies are looking for recovery in 2001 to revitalize corporate prospects for the future. If these hopes are disappointed, there could be massive consolidation across all segments of health care IT. Should this occur, mid-sized companies may be in the best position to capitalize on it. Companies like Cerner (Kansas City, Missouri) were able to ship products (both new orders and backlog) to end up with growth in both revenues and profits during 2000, when larger firms were having more difficulty.

There has been no lack of consolidation activity. GE Medical Systems (Waukesha, Wisconsin), after very significant reorganization internally, acquired point-of-care charting company SEC (Ann Arbor, Michigan). SEC offers point-of-care systems for the physicians' office and an anesthesia information system offering. Previously, GE Medical had an alliance with Drager (Telford, Pennsylvania) and usually shows their ventilators interfaced in its booth. However, Drager and its anesthesia information system were nowhere to be seen at this year's HIMSS show, either in the GE Medical booth or in a booth of its own. The new SEC application, the best POC charting interface we saw at HIMSS, has become the prototype of all POC systems GE Medical is offering. The QMI POC systems for neonatal care and obstetrical care are also being recast onto the new SEC framework, which leaves us unsure where this leaves GE's relationship with Datex-Ohmeda (Tewksbury, Massachusetts).

Most innovative new product

Many medical systems are never widely implemented because of one factor: they are difficult to use. Realizing this, Microsoft (Redmond, Washington) has made the user interface to medical systems running on its Windows platforms more user-friendly. The first fruit of the effort was its Physician Digital Dashboard (PDD), announced at HIMSS. This product is a "front end" to Windows that makes it easier for health care workers to navigate medical applications. The PDD was developed to allow caregivers to assemble information sources by using a collection of web parts in a synchronized, intuitive manner. The dashboard of a car displays information particular to the automobile – the speedometer, the odometer, engine temperature, the level of fuel. In the case of the Physician Digital Dashboard, the patient is the car, the entity reflected in the information displayed.

Here is a sample physicians' office scenario: A patient e-mails the doctor to explain his or her symptoms and request an appointment. By simply placing the cursor on the e-mail message from the patient, the doctor can instantly access the patient's entire medical history. The electronic medical records are in perfect order. They can be arranged and sorted chronologically, by the type of visit, or by dozens of other criteria. Paper clips never fall out of these records, and the files don't sit on shelves waiting to be processed by an insurance company, pharmacist or specialist to whom the patient is referred. The information is there, and it is instantly accessible to everyone throughout the process who is authorized to see it.

The PDD is not limited to the physician's office setting alone. It is even more valuable in the hospital setting, giving doctors, nurses and clinicians access to consolidated personal, team, hospital, patient and external information with single-click access to analytical and collaborative tools. The PDD provides caregivers with data gleaned from several sources, in a logical, consolidated view. It allows doctors to build a unique environment tailored exactly to what they want to see. The PDD takes advantage of Microsoft's Internet vision – computing any place, any time and on any device. It is a web-enabled approach that allows the patient to initiate his or her medical care encounters. Clifford Goldsmith, MD, who worked on the development of the tool, practiced for nine years as a pulmonologist before entering the technology industry. He says he noticed a drive for greater efficiency in the health care industry. "To provide a reliable, efficient and cost-effective mechanism of communication among different applications was very difficult, but Microsoft has a huge base of products, services and customers within the health care space," he says. "Our ability to network all the resources makes it much more cost-effective to provide the connectivity that's needed."

The PDD employs four key elements. First, it provides a connection to the active patient task list. Patients appear and disappear from this list automatically, based on criteria set in each care location. In a hospital, they would appear when admitted in an emergency room, or as a result of getting an abnormal result to a blood test. Physicians can subscribe to special medical search engines to monitor their patient's data, based on region, a patient identification number or a specific hospital or other care setting. The data integrates according to the criteria chosen.

Secondly, Microsoft has built PDD on existing standards. It is fully compliant with the Health Level Seven (HL7) CCOW standard. CCOW, in essence, synchronizes all computer systems that contain patient records to the same patient, facilitating the browsing across these applications or merging data from these computers into a consolidated view for the health care provider. It coordinates the context of a patient's medical information across multiple computers. "CCOW-compliant web parts are able to coordinate with any other CCOW-compliant web parts or health care applications – even though they don't know anything about each other," Goldsmith says. "E-mail from two years ago discussing weight loss or a blood test result that showed high cholesterol is automatically selected for the physician when he pulls up the record of a specific patient."

The third key is to coordinate patient data into one integrated view. It can also coordinate various patient schedules into one integrated view. "It's something physicians have been requesting for years," Goldstein says. "Physicians often maintain a personal calendar, a clinical calendar, one for the hospital that may include meetings with the ethics or research committees, and yet another for taking medical students on rounds. All require separate management. With the PDD, this can be seen in a single view. Since it is CCOW-compliant, it simultaneously coordinates the appointment with other information, like lab results or a picture of the patient so that I know who they are when they walk into my office."

The fourth key element is that the PDD is Internet-enabled. "It is an enabling technology for the day when the web will be used by patients to maintain their own personal records," Goldsmith says. "Benefits of this capability include allowing patients to contribute to their own medical records by entering data, for example, on weight loss or gain or dizziness." Since that data is a web "event," under certain conditions it would automatically trigger the physician's dashboard. It would also allow for devices, such as pacemakers, to be monitored and programmed remotely and automatically, or for a patient's glucose level to be closely monitored and, if necessary, adjusted. "We're moving toward the day when physicians can catch problems and respond to them proactively before the patient is even aware that anything's wrong," Goldsmith says.

The PDD is one of the most creative and extensive uses of CCOW technology, developed initially by Sentillion (Andover, Massachusetts), and now part of the HL7 standard, that we have seen. It also marks the growth of CCOW out of the intranet medical application space and into the Internet medical application space. This enhancement of what initially was conceived by Sentillion as a "departmental" solution is significant. Sentillion calls it Vergence. It has been used to extend CCOW technology to medical e-mail applications. When a physician reviews an e-mail message concerning a patient, Vergence automatically coordinates the rest of the Physician Digital Dashboard, as well as other applications on the desktop, so they display any other information the doctor has access to about that same patient.

Of the multitude of products introduced at HIMSS, the Physician Digital Dashboard was certainly one of the most unique and interesting advances we saw. It may well become a significant next step to the integration and coordination of information that is required to make the computer-based patient record a reality, rather than simply a vision of the future.

HIPAA: JAWZ has what you need to know

While there were many presentations about HIPAA, the meat was on the exhibit floor with companies available to help evaluate and implement HIPAA. A key component of HIPAA is protection of medical data. The only company we found which had published a well-conceived, self-help HIPAA framework for hospitals was JAWZ (Newmarket, New Hampshire). This company also was available for benevolent hacking to test enterprise security, and then will assist hospitals in plugging up security holes their hacks uncover. Of course, IBM (Armonk, New York) and other large firms also offer such consulting services. But we haven't seen anything like the HIPAA "Do It Yourself" manual that JAWZ published (for around $10,000) from these other companies. Where one begins is documenting what a health care enterprise has and how it currently is set up. Ecora (Portsmouth, New Hampshire) is offering software products that can help. Ecora's software documents server set-ups and is being used by the Care Group, a New England health care organization with seven hospitals, 13,000 employees and 2,000 medical staff.

For health care IT and other vendors not clear on what HIPAA really entails, the American Health Information Management Association (AHIMA) provided an audio seminar, "HIPAA: The Final Privacy Rule," designed to assist health care organizations in understanding the HIPAA regulations, their effects, and how they will alter the way business is conducted. The audio seminar was presented by Mary Brandt and Elaine Zacharakis, experts on the subject. Those attending received a comprehensive overview of HIPAA. AHIMA also released its sample position description for the HIPAA-mandated privacy officer position. The position description is intended to serve as a template for organizations in development of a privacy officer position.

Several vendors were offering security infrastructure components that could be part of an overall HIPAA compliance program. Cylink (Santa Clara, California) was showing an e-business security solution for health care providers, insurance companies, equipment manufacturers and others managing patient records. Products it showed included: NetHawk, a virtual private network (VPN), NetAuthority, a public key infrastructure (PKI) component, and MiniKey, a next-generation security token that plugs into a computer's USB port.

eTrue (Southborough, Massachusetts) was another new HIMSS exhibitor. It was showing its biometric authentication service that is outsourced over the Internet. This product, developed with the National Aeronautics and Space Administration, allows users to access secure data on network servers from home. This product is ideal for doctors or others who require remote access from multiple locations off the health care enterprise campus. eTrue uses multiple biometrics, such as face and fingerprint verification, to provide 100% user authentication. Unlike passwords, unregistered users will think twice before trying to log on, since they will have their biometric identities recorded, which can then be used as evidence to prosecute them. This approach simplifies authentification for valid users by eliminating the need for PINs, passwords, cards, keys or tokens which users often lose or forget, and which become targets for hackers to discover and steal. The technology is a real solution available today. It received the Frost & Sullivan 2000 Market Engineering Award, which recognizes innovation in U.S. business offerings. The award positioned eTrue as a pioneer of managed biometric authentication solutions. Like many other products on the HIMSS exhibit floor, eTrue's service is easily installed, with no capital outlay needed, making it the lowest total-cost-of-ownership for biometric authentication. eTrue also provides, at no additional charge, video cameras and finger readers to customers. The security and reliability of biometric transactions and storage is assured through a hosted implementation that includes secure socket layer Internet communication, encrypted transactions and secure, redundant servers with automatic fail-over and multi-layered firewalls, maintained by eTrue and its hosting partner, Exodus Communications.

eTrue was one of many firms offering security solutions. F-Secure (San Jose, California) and Sprint Enterprise Network Services (Houston, Texas) jointly announced a comprehensive solution to protect all links in the virtual corporate network: clients, servers and gateways, with full installation and management capabilities from one central location. It offers integrated anti-virus, file encryption and distributed firewall solutions that can be remotely installed and centrally managed.

CareScience (San Francisco, California) reported the launch of its peer-to-peer (P2P) technology – the Care Data Exchange that allows health care organizations to share patient information across locations and provides secure, real-time access to prescriptions, test results, patient information and other clinical data on demand over the Internet. CareScience has filed a U.S. patent application to protect the Care Data Exchange technology. Peer-to-peer architectures are being used in music and other industries to share information that resides on the computers and servers of authorized users.

The Care Data Exchange improves the flow of health care information, eliminates central databases and provides a low-cost approach to information sharing by using a plug-and-play technology that interfaces with existing health care information systems, allowing it to be better applied either within or across the health care enterprise. Hospitals and health systems, independent physician groups, clinics and outpatient facilities, labs and ancillary care providers, public health agencies, health plans, employers and pharmacies all can share clinical data over the secure Care Data Exchange P2P network. By using the Internet and state-of-the-art authentication and encryption, the Care Data Exchange can locate, organize and display patient records so that physicians have a complete view of the treatments their patients are receiving.

Patient and provider ID smart card solutions were shown at HIMSS, including ActivCard (Fremont, California) solutions. ActivCard protects this sensitive information, and is now used by the Department of Defense, using smart card-based ID badges throughout the DoD, much like the old "dog tags." These cards contain microprocessors and sufficient memory for public and private key encryption certificates. Card costs start at about $25 for cards with 8K of memory and increase in cost as the amount of memory increases.

HIPAA e-suites/interface engines

Most health care enterprises are interconnected combinations of legacy or computer "islands." The interconnection point is often an interface engine (IE) product. These products also are affected by HIPAA security and privacy requirements and are morphing quickly into HIPAA interface engines. One well-known IE provider, Data Junction (Austin, Texas), reported the release of its new HIPAA Junction product. It was a joint project with Axiom Systems (Atlanta, Georgia), creating a specialized version of Data Junction that performs bi-directional transformation between hundreds of data formats and HIPAA-compliant EDI/XML transactions.

See Beyond (St. Petersburg, Florida), the futuristic new name of a company most people know as STC and Datagate, was showing its HIPAAdized interface engine, eGate, and other eSuite products at HIMSS. These are upgraded applications that are more HIPAA-aware. See Beyond has been selected by several development partners, including Sunquest (Tucson, Arizona). And it has expanded beyond just interface engines to offer a variety of middleware, integration technology, including a patient master index, a clinical repository interconnected to its traditional interface engine technology.

Application service providers mushroom

Another major thrust of HIMSS was the movement to the application service provider model. Vendors have increasingly realized that hospitals and physician practices don't want to manage any more hardware and software systems than they have to to accomplish their business and clinical computing objectives. The less complex and expensive the onsite components, the more appealing to health care providers. This has led to the rapid growth of ASP models of delivering health care information functionality. This approach also avoids up-front capital requirements, and provides functionality on either a per-transaction or per-subscription basis that comes out of cash flow, rather than capital funds budgets.

As a result, some of the traditional outsourcers of health care information technology services, like Siemens Medical Solutions (Malvern, Pennsylvania), the former Shared Medical Systems, have become some of the largest ASPs. However, many smaller suppliers also have rushed into this space, supplying hundreds of niche applications, especially to physicians who access them from laptop or hand-held PDA platforms. Prescription ordering and lab test review seem to be the first two and most rapidly expanding spaces, with dozens of providers offering solutions. Most of these companies were at HIMSS. These companies all depend on wireless network infrastructure, using either WAP Cellular or some form of wireless ISM band networking to connect to the Internet, where the functionality they require is hosted by some third party. All of these systems are making the claim that they will save time and help reduce medication errors. Many of these PDA-based applications use the popular 3Com (Santa Clara, California) Palm Pilot; however, an increasing number use the newer, more powerful Windows CE-based Compaq (Houston, Texas) Ipaq hand-held – possibly because it offers more speed, more memory, a more robust operating system and a better color display. Even vendors that originally developed on the Palm platform were either showing or talking about the same applications on newer Windows CE-based devices.

One new player was Autros Healthcare Solutions (Toronto, Ontario), which showed a new medication management system for physician order entry and electronic charting. It was designed to work with either inpatient and outpatient pharmacy systems.

We looked briefly at Alteer (Irvine, California) and its workflow management solutions for physician offices and medical groups. The company's sales have increased more than 400% in the past 12 months. To expand its distribution, Alteer has signed value-added reseller agreements with several regional health care technology firms that will market, install and support Alteer products on a national basis. It also is receiving some press from Microsoft as an example of an effective workflow management system for physician offices. Alteer offers a central, server-based workflow management system that provides clinical, administrative and financial functions and a physician PDA to combine those functions.

But the leader in workflow-oriented CPR solutions for physician offices has to be JMJ Technologies (Marietta, Georgia), which also was at HIMSS. JMJ has customized its core workflow-oriented products to the needs of specific types of physician practices, achieving both the benefits of a workflow-optimized process with the efficiency of a solution customized to the needs of specific types of practices.

With so many ASPs offering products, the key is either a compelling application (of which we saw none) or a well-oiled distribution organization that can bring these solutions effectively to the health care provider. There were some of these, but not too many. This leaves many small vendors without a viable means of distributing their products and thus vulnerable to underperforming in the vast health care IT space. These will be among the missing vendors at HIMSS 2002 in Atlanta.