BBI Contributing Writer

DALLAS, Texas – Attention at this year's Healthcare Information and Management Systems Society (HIMSS; Chicago, Illinois) convention turned from the Y2K problem that dominated last year's gathering to the Healthcare Insurance Portability and Accountability Act (HIPAA) compliance worries that emerged at this time around. The shadow of HIPAA compliance hung over this year's meeting, at least for some. Others, weary of such issues, proceeded to offer new products and systems, and concentrate on other topics.

The conference marked a change in direction for the health care information technology market. Previously, the HIMSS meeting has showcased many small, software application companies. This year's gathering was a showcase for Internet-enabled, application service providers (ASPs), offering outsourcing applications and services to health care providers, managed care organizations, and IDNs.

The ASP approach minimizes the amount of hardware and networking technologies required on site, and investment in locally run software, since it uses a simple web browser or Citrix-type front end for all applications, which are run remotely on the service provider's data center. The enterprise data also is stored on the service provider's data center, making the ASP a virtual data repository and processing extension of its client's enterprises. This was the direction, but it was not a comfortable direction for everyone. The new HIPAA rules and proposals increase the penalties for inappropriate disclosure of data, so use of ASPs is not without some risk to the enterprise, particularly the smaller, newcomers. Then there is physical risk. How big is the data center? Is it distributed to more than one physical location with appropriate network switching to handle electrical failures, earthquakes, floods, or other disasters at the data center? These are not questions for companies like IBM (Armonk, New York) or Shared Medical Systems (SMS; Malvern, Pennsylvania), who have been ASPs for years, and have redundancy, backup, and security worked out, but they are reasonable concerns for the new "e.generic software" providers who are offering these services in droves.

The growth of ASPs is astounding. They are displacing end-user point-of-care software applications, providing a spectrum of services spanning the clinical to the business aspects of every possible provider, but mostly focused on physician practices. Indeed, the HIMSS meeting as a whole had a primary focus on physician practices this year.

Other trends emerging at HIMSS included:

The growth of the Internet as an enabling technology for business-to-business and MD-to-consumer "e.Communications." There were many companies who were providing tools or consulting or both to create health care provider portals, and just as many more seeking to attract MDs to their portals. For example, Viador, one of the minority of non-dot.com companies, was offering to accelerate your business to Internet speed, which included connection of the doctor's Sprint PCS-equipped patients to the provider's web-based content.

Security and infrastructure investments, driven by HIPAA compliance needs. Products included the latest crop of biometric ID devices, "certified mail," secure portals, encrypted cellular and provider phone links, and secured firewalls. Several companies were offering benevolent intrusion services to validate security capabilities of provider systems, and consulting services to tighten up any holes that were uncovered. Prices start at around $20,000 and escalate rapidly.

It appears that the money spent on Y2K was nothing compared to that which will be spent in the next five years on HIPAA compliance. Indeed, HIPAA compliance had to be the dominant sub-theme of the conference. There were sessions on it, vendor discussions about it, attendee questions on the sessions and vendor comments, but no hard answers were forthcoming. Nonetheless, there were a few vendors, like Healthcare.com, whose CEO confidently assured listeners that all of its software applications already were HIPAA compliant – never mind that there are as yet no final HIPAA regulations with which to be compliant. Most companies, however, simply were saying that as the regulations materialize, they will be incorporated into their products prior to the deadlines, and existing customer systems will be upgraded.

Free, but not for long

Apparently everything on the Internet is free if you're a doctor who isn't connected and aligned with Healtheon/WebMD (Atlanta, Georgia) or one of its myriad of upstart competitors. Enjoy it while you can, as all of the folks have a plan to begin charging doctors once they are sufficiently hooked on the services being provided. It may be even harder to get the general public involved.

A presentation at HIMSS by Dean Sittig, PhD, of WebMD indicated that from an active group of e-mail enabled consumers, less than 6% had ever had e-mail conversations with their doctors. In considering such communications in the future, about a third were concerned or very concerned that others in the physician's office would screen and therefore see the communications intended for the doctor only. There also are consumer expectations about reply time. More than half (55%) indicated they would expect a reply in less than a day, while another 28% indicated a reply in less than two days would be acceptable. Given doctors' busy schedules, this indicates that unless e-mail correspondence with patients becomes a routine (and billable) component of the physician's daily practice, patients are likely to be disappointed with the responses they will receive. While almost half (47%) indicated they expected to pay nothing for the response, 38% thought a charge between $5 and $10 dollars would be okay. The sensitivity to billing is greater for routine tasks, such as scheduling appointments and requesting prescription refills, which could be screened and handled quickly by other personnel under the doctor's direction.

On the exhibit floor

By far, HIMSS is a software and middleware show, more than a hardware show, and the software applications seen this year spanned the gamut from simplistic to sophisticated. On the simplistic end was the Alaris Medical (San Diego, California) offering of an equipment data inventory and tracking system based on bar-coded strips attached to equipment and manual inventories. Alaris is appealing to a cost-sensitive market in which the more versatile and sophisticated IR tags and IR-sensing network are just too expensive to install and operate.

Middleware information supplier First Data Bank (San Bruno, California) announced that its popular drug interactions database was going on-line as RxWeb. This allows providers to check drug/drug interactions, screen for drug allergies and duplication of therapy, and evaluate drug/food interactions. Educational monographs in English and Spanish also will be provided, and the system will be open to end-users, including the ability to perform phonetic searches. The company was also focusing on developing products for hand-held devices, in both the PalmOS and Windows CE formats.

The vast majority of the software applications were split into one of two groups. There were the software practice or record management systems (and middleware), and the "let me web-enable your legacy systems" portals, application service providers, and systems. No matter who or where a provider is located, there are probably a myriad of vendors who can web-enable your enterprise, at least for business-to-business applications, if not for the full spectrum of payer, patient, provider applications. At the top of this group was the ever-expanding Healtheon/WebMD, but it was not alone. There were plenty of competitors, including financially troubled dr. Koop.com (Austin, Texas) and newcomers like DocISP.com (King of Prussia, Pennsylvania) – to mention just two. Indeed, the companies are even renaming themselves as "dot com" companies. For example, we now have Healthcare.com (Marietta, Georgia), previously HIE, and Certified Mail.com (Springfield, New Jersey). Not to be left out were Asterion.com (Birmingham, Alabama), BioValidity.com (Lansdale, Pennsylvania), and many more.

Certified Mail.com has a slick, fairly robust solution to securing e-mail on any web browser between two users. In its solution, one user loads his or her encryption application and sends e-mail to a secure mail application. It then uses unencrypted e-mail to inform the recipient that they have "certified mail" at the "post office." The recipient signs on and the server uses secure socket layer (SSL) encryption to forward the original message it is holding, all transparently encrypted by SSL to the recipient, and without any action on his or her part. This represents pretty good security at a very reasonable cost that is both painless and transparent to all recipients. It would be an inexpensive and worthwhile first step for physician offices or individuals sending sensitive medical-content e-mail. It puts Certified Mail.com in the ASP segment, and could ensure the company's growth if the idea catches on.

Not every company has yet jumped onto the "dot com" bandwagon. IBM, for one, made it clear that it was not a "dot com" company. And Vitalcom (Tustin, California) denied that it was planning to become Vital.com in the near future, but did indicate it would be announcing, later this year, the fruits of its internal, $6 million project to create a new telemetry technology, able to support all of the data provided by up to 2,000 portable bedside monitors in the new, 608-614 MHz UHF frequency band widely anticipated to be opened up to medical uses by Federal Communications Commission rule changes currently in draft version. At present, sending just 12 leads of ECG information requires about 25 kHz of bandpass per transmitter. Vitalcom CEO Frank Sample and other company officials, said Vitalcom can do all 12-ECG leads, SpO2, NIBP and all the other parameters from several vendors' current portable monitors in 3 kHz of bandpass.

The point-of-care computer-based patient record (CPR) vendors for all provider settings were on hand in force at the HIMSS gathering. On the inpatient side was Clinicomp International (San Diego, California), showing its recently introduced Clintelligent product. EMStat, which has become part of Cyber+Plus Corp. (Austin, Texas), was showing release 8.0 of its emergency room application, which it hoped would restore its leadership over Nine Rivers, now part of A4 Health Systems.

Ipath (Powell, Tennessee) was showing its ORMIS system, which solves the supply, scheduling and management half of the operating room (OR) automation problem. If the company had a patient monitoring partner with a viable CPR charting solution, it would become a powerful alliance. Companies like Datascope (Paramus, New Jersey) or Invivo Research (Orlando, Florida) could certainly benefit from such a partnership, which would provide them with some competitive parity to their larger competitors like Agilent Technologies, which has Surgical Information Systems; Siemens, which partners with Picis; Spacelabs, which has its own OR systems); and Marquette, which partners with Drager. Indeed, the Spacelabs, Picis, and Drager systems do not offer ORMIS capabilities either, so iPath could be a viable partner to these companies as well, should they wish to offer a total automation and management system for the inpatient and outpatient perioperative department.

Several companies, including Surgical Information Systems (SIS; Alpharetta, Georgia) and DeRoyal (Powell, Tennessee), were showing their anesthesiology information systems. SIS is the new HP/Agilent partner in the perioperative setting, and a flood of new literature demonstrated that marketing had been stepped up a big notch as a result of the Agilent marketing agreement. All of the CPR vendors were reporting an increase in negotiations or sales this year, compared to last year, in spite of the fact that this year's IBM-sponsored HIMSS survey (see accompanying story) indicated that making CPR investments was well down on the information technology priority list of things to achieve. The survey also suggested that 11% of hospital beds now had a point-of-care CPR workstation and system – and that is an average. Some areas such as obstetrics already have penetrations of more than 26%, according to the Reality survey data published by Medical Strategic Planning (Lincroft, New Jersey).

On the physician office automation front, vendors like NextGen (formerly Clinitec; Horsham, Pennsylvania); JMJ Technologies (Marietta, Georgia), Berdy Medical Systems (Saddle Brook, New Jerey), Medicalogic (Beaverton, Oregon), and others were showing their wares. One way of differentiating these vendors is by the scope of their applications. Some offer only point-of-care CPR, which is not yet widely implemented. Others offer only practice management and billing solutions, widely implemented in the majority of all of the larger physician practices. Leaders in this segment include IDX (Burlington, Vermont), Medic Computer Systems (Raleigh, North Carolina), Shared Medical Systems (SMS; Malvern, Pennsylvania), Medical Manager (Mountain View, California), Physician Computer Networks (Walpole, Massachusetts), Medicalogic, and others. Finally, there are the interface engine/ office network integration/enabling vendors. Companies that offer all three are hard to find, as this level of one-stop sourcing has not yet occurred, but the movement toward it is occurring rapidly. Vendors who attempt to remain in only one of these segments – at least those without really active and viable alliances with suppliers in the other two segments – are likely to fail and drop off of the physicians' practice vendor radar screens, no matter how good their products are. Doctors are looking for simple, well-integrated, suppliers for their entire problem, and will lean to the ASP model, as it eliminates the need to have sophisticated and expensive, in-house IT employees to maintain on-site systems, configuration, and backup. This could hurt companies like Berdy Medical Systems, whose Smart Clinic is a good product, but provides only a partial solution.

Some of the physician office suppliers are getting this message. Medicalogic is offering Internet Logician, NextGen has integrated practice management, POC CPR and a viable interface engine which automatically picks up information from pulmonary function, ECG and other MD office devices. All of the suppliers seem to have become interested in the smaller (3 to 10) physician practices, and some are appealing to the 210,000 doctors in solo or dual practices – using the ASP approach, building on whatever computers may already be installed in these offices.

Caregiver robots, 'nano-robots'

Ross Perot, former Independent Party presidential candidate, was the HIMSS keynote speaker. In his colorful presentation, Perot cited his friend, Joseph Engleberger, principal of Transitions Research Corp., whom Perot and others refer to as "the father of robotics." Perot said that Engleberger's newest robotic projects would be mobile robots that work in medical assisted living programs as caregivers. They will be available in less than 10 years. Apparently they are being programmed to come into your house, wash dishes, prepare meals, do light housekeeping (nothing was said either way about doing windows), and handle a variety of other tasks. Word was they would cost about $20,000 to $25,000, but could be rented daily as needed.

That was the least futuristic of Perot's predictions. He also spoke about programmed "nano-robots" the size of a few molecules, that will be ingested by humans, and then following their computer programs, make changes at the chemical, cellular level to cure disease. Mainstream companies like Agilent Technologies (Andover, Massachusetts) are lining up to make the genetic "cells" that map the states of individual genes (switched on or off), which will track how effective these new nanobots are in executing their molecular programs.

Next month: More from HIMSS 2000.